tenseleyflow/shithub / fa6f995

Browse files

gofumpt sweep — formatter now runs in CI

Authored by espadonne
SHA
fa6f9955b97d49b87f516b4667b7c97a70f75843
Parents
09760ad
Tree
f32bc5c

70 changed files

StatusFile+-
M cmd/shithubd/hook.go 14 15
M cmd/shithubd/ssh.go 4 2
M internal/auth/audit/audit.go 42 42
M internal/auth/policy/adapters.go 0 1
M internal/auth/policy/policy_test.go 3 4
M internal/auth/reserved.go 2 2
M internal/checks/checks.go 9 9
M internal/checks/checks_test.go 4 4
M internal/checks/create.go 3 3
M internal/checks/required_eval.go 4 4
M internal/checks/suite_rollup_test.go 4 4
M internal/git/protocol/ssh_dispatch_test.go 2 1
M internal/issues/notif_emit.go 2 1
M internal/issues/references.go 4 4
M internal/issues/references_test.go 0 1
M internal/markdown/extensions/emoji.go 90 90
M internal/markdown/extensions/extensions.go 23 23
M internal/markdown/markdown_test.go 2 2
M internal/notif/email.go 2 1
M internal/notif/emit.go 2 2
M internal/notif/fanout_test.go 5 4
M internal/notif/notif.go 7 7
M internal/notif/routing.go 4 4
M internal/orgs/create.go 9 9
M internal/orgs/hard_delete.go 2 1
M internal/orgs/invitations.go 7 7
M internal/pulls/merge.go 0 1
M internal/pulls/pulls.go 7 7
M internal/pulls/review/request.go 2 1
M internal/pulls/review/review_test.go 9 9
M internal/pulls/review/submit.go 3 3
M internal/repos/diff/parse/parse.go 4 4
M internal/repos/diff/render/render.go 4 2
M internal/repos/diff/source/source.go 6 3
M internal/repos/fork/fork.go 13 13
M internal/repos/git/branchops.go 2 1
M internal/repos/git/logops.go 10 9
M internal/repos/git/mergeops.go 10 5
M internal/repos/git/plumbing.go 2 1
M internal/repos/lifecycle/hard_delete.go 0 1
M internal/repos/lifecycle/transfer.go 14 14
M internal/repos/protection/protection.go 4 5
M internal/search/query_parse.go 2 2
M internal/search/search_test.go 4 2
M internal/social/social.go 2 2
M internal/web/handlers/api/checks.go 4 4
M internal/web/handlers/api/stars.go 0 1
M internal/web/handlers/auth/auth_test.go 2 1
M internal/web/handlers/auth/avatar.go 2 1
M internal/web/handlers/auth/danger_test.go 2 1
M internal/web/handlers/auth/tokens_test.go 2 1
M internal/web/handlers/orgs/orgs.go 9 9
M internal/web/handlers/orgs/teams.go 7 4
M internal/web/handlers/repo/branches.go 19 19
M internal/web/handlers/repo/code.go 8 8
M internal/web/handlers/repo/fork.go 2 2
M internal/web/handlers/repo/issues.go 2 1
M internal/web/handlers/repo/lifecycle.go 3 3
M internal/web/handlers/repo/pulls.go 9 8
M internal/web/handlers/repo/repo.go 3 3
M internal/web/handlers/repo/settings_branches.go 21 21
M internal/web/handlers/repo/webhooks.go 1 1
M internal/webhook/deliver.go 0 1
M internal/webhook/fanout.go 13 13
M internal/webhook/jobs.go 3 3
M internal/webhook/manage.go 4 4
M internal/webhook/ssrf_test.go 4 4
M internal/worker/jobs/push_process.go 1 2
M internal/worker/jobs/repo_index_reconcile.go 2 1
M internal/worker/pool.go 2 1
cmd/shithubd/hook.gomodified
@@ -146,13 +146,13 @@ type hookCtx struct {
146146
 	pool   *pgxpool.Pool
147147
 	logger *slog.Logger
148148
149
-	userID     int64
150
-	username   string
151
-	repoID     int64
152
-	repoFull   string
153
-	protocol   string
154
-	remoteIP   string
155
-	requestID  string
149
+	userID    int64
150
+	username  string
151
+	repoID    int64
152
+	repoFull  string
153
+	protocol  string
154
+	remoteIP  string
155
+	requestID string
156156
 }
157157
158158
 func loadHookCtx(ctx context.Context) (*hookCtx, error) {
@@ -297,13 +297,13 @@ func postReceiveEnqueue(ctx context.Context, h *hookCtx, refs []refUpdate) error
297297
 	}
298298
 	for _, r := range refs {
299299
 		event, err := wq.InsertPushEvent(ctx, tx, workerdb.InsertPushEventParams{
300
-			RepoID:        h.repoID,
301
-			BeforeSha:     r.before,
302
-			AfterSha:      r.after,
303
-			Ref:           r.ref,
304
-			Protocol:      protocol,
305
-			PusherUserID:  pgtype.Int8{Int64: h.userID, Valid: h.userID != 0},
306
-			RequestID:     pgtype.Text{String: h.requestID, Valid: h.requestID != ""},
300
+			RepoID:       h.repoID,
301
+			BeforeSha:    r.before,
302
+			AfterSha:     r.after,
303
+			Ref:          r.ref,
304
+			Protocol:     protocol,
305
+			PusherUserID: pgtype.Int8{Int64: h.userID, Valid: h.userID != 0},
306
+			RequestID:    pgtype.Text{String: h.requestID, Valid: h.requestID != ""},
307307
 		})
308308
 		if err != nil {
309309
 			return fmt.Errorf("insert push_event: %w", err)
@@ -381,4 +381,3 @@ func init() {
381381
 	rootCmd.AddCommand(hookCmd)
382382
 	rootCmd.AddCommand(hooksParentCmd)
383383
 }
384
-
cmd/shithubd/ssh.gomodified
@@ -156,7 +156,8 @@ var sshShellCmd = &cobra.Command{
156156
 		if dispatchErr != nil {
157157
 			pool.Close()
158158
 			_, _ = fmt.Fprintln(cmd.ErrOrStderr(), protocol.FriendlyMessageFor(dispatchErr, ""))
159
-			logger.WarnContext(ctx, "ssh-shell: denied",
159
+			logger.WarnContext(
160
+				ctx, "ssh-shell: denied",
160161
 				"user_id", userID,
161162
 				"original", original,
162163
 				"remote_ip", remoteIP,
@@ -164,7 +165,8 @@ var sshShellCmd = &cobra.Command{
164165
 			)
165166
 			return dispatchErr
166167
 		}
167
-		logger.InfoContext(ctx, "ssh-shell: dispatch",
168
+		logger.InfoContext(
169
+			ctx, "ssh-shell: dispatch",
168170
 			"user_id", userID,
169171
 			"op", string(parsed.Service),
170172
 			"owner", parsed.Owner,
internal/auth/audit/audit.gomodified
@@ -29,48 +29,48 @@ type DBTX = usersdb.DBTX
2929
 type Action string
3030
3131
 const (
32
-	Action2FAEnabled           Action = "2fa_enabled"
33
-	Action2FADisabled          Action = "2fa_disabled"
34
-	ActionRecoveryCodesIssued  Action = "recovery_codes_issued"
35
-	ActionRecoveryCodeUsed     Action = "recovery_code_used"
36
-	ActionRecoveryRegenerated  Action = "recovery_codes_regenerated"
37
-	ActionAdminCleared2FA      Action = "admin_cleared_2fa"
38
-	ActionPasswordChanged      Action = "password_changed"
39
-	ActionPasswordReset        Action = "password_reset_consumed"
40
-	ActionLoginSucceeded       Action = "login_succeeded"
41
-	ActionLoginFailedThrottled Action = "login_failed_throttled"
42
-	ActionAccountSuspended     Action = "account_suspended"
43
-	ActionSSHKeyAdded          Action = "ssh_key_added"
44
-	ActionSSHKeyDeleted        Action = "ssh_key_deleted"
45
-	ActionPATCreated           Action = "pat_created"
46
-	ActionPATRevoked           Action = "pat_revoked"
47
-	ActionUsernameChanged      Action = "username_changed"
48
-	ActionAccountDeleted       Action = "account_deleted"
49
-	ActionAccountRestored      Action = "account_restored"
50
-	ActionRepoCreated            Action = "repo_created"
51
-	ActionRepoRenamed            Action = "repo_renamed"
52
-	ActionRepoArchived           Action = "repo_archived"
53
-	ActionRepoUnarchived         Action = "repo_unarchived"
54
-	ActionRepoVisibilityChanged  Action = "repo_visibility_changed"
55
-	ActionRepoSoftDeleted        Action = "repo_soft_deleted"
56
-	ActionRepoRestored           Action = "repo_restored"
57
-	ActionRepoHardDeleted        Action = "repo_hard_deleted"
58
-	ActionRepoTransferRequested  Action = "repo_transfer_requested"
59
-	ActionRepoTransferAccepted   Action = "repo_transfer_accepted"
60
-	ActionRepoTransferDeclined   Action = "repo_transfer_declined"
61
-	ActionRepoTransferCanceled   Action = "repo_transfer_canceled"
62
-	ActionRepoTransferExpired    Action = "repo_transfer_expired"
63
-	ActionIssueStateChanged      Action = "issue_state_changed"
64
-	ActionIssueLockChanged       Action = "issue_lock_changed"
65
-	ActionIssueCommentCreated    Action = "issue_comment_created"
66
-	ActionPullStateChanged       Action = "pull_state_changed"
67
-	ActionPullMerged             Action = "pull_merged"
68
-	ActionStarCreated            Action = "star_created"
69
-	ActionStarDeleted            Action = "star_deleted"
70
-	ActionWatchSet               Action = "watch_set"
71
-	ActionWatchUnset             Action = "watch_unset"
72
-	ActionRepoForked             Action = "repo_forked"
73
-	ActionRepoForkSynced         Action = "repo_fork_synced"
32
+	Action2FAEnabled            Action = "2fa_enabled"
33
+	Action2FADisabled           Action = "2fa_disabled"
34
+	ActionRecoveryCodesIssued   Action = "recovery_codes_issued"
35
+	ActionRecoveryCodeUsed      Action = "recovery_code_used"
36
+	ActionRecoveryRegenerated   Action = "recovery_codes_regenerated"
37
+	ActionAdminCleared2FA       Action = "admin_cleared_2fa"
38
+	ActionPasswordChanged       Action = "password_changed"
39
+	ActionPasswordReset         Action = "password_reset_consumed"
40
+	ActionLoginSucceeded        Action = "login_succeeded"
41
+	ActionLoginFailedThrottled  Action = "login_failed_throttled"
42
+	ActionAccountSuspended      Action = "account_suspended"
43
+	ActionSSHKeyAdded           Action = "ssh_key_added"
44
+	ActionSSHKeyDeleted         Action = "ssh_key_deleted"
45
+	ActionPATCreated            Action = "pat_created"
46
+	ActionPATRevoked            Action = "pat_revoked"
47
+	ActionUsernameChanged       Action = "username_changed"
48
+	ActionAccountDeleted        Action = "account_deleted"
49
+	ActionAccountRestored       Action = "account_restored"
50
+	ActionRepoCreated           Action = "repo_created"
51
+	ActionRepoRenamed           Action = "repo_renamed"
52
+	ActionRepoArchived          Action = "repo_archived"
53
+	ActionRepoUnarchived        Action = "repo_unarchived"
54
+	ActionRepoVisibilityChanged Action = "repo_visibility_changed"
55
+	ActionRepoSoftDeleted       Action = "repo_soft_deleted"
56
+	ActionRepoRestored          Action = "repo_restored"
57
+	ActionRepoHardDeleted       Action = "repo_hard_deleted"
58
+	ActionRepoTransferRequested Action = "repo_transfer_requested"
59
+	ActionRepoTransferAccepted  Action = "repo_transfer_accepted"
60
+	ActionRepoTransferDeclined  Action = "repo_transfer_declined"
61
+	ActionRepoTransferCanceled  Action = "repo_transfer_canceled"
62
+	ActionRepoTransferExpired   Action = "repo_transfer_expired"
63
+	ActionIssueStateChanged     Action = "issue_state_changed"
64
+	ActionIssueLockChanged      Action = "issue_lock_changed"
65
+	ActionIssueCommentCreated   Action = "issue_comment_created"
66
+	ActionPullStateChanged      Action = "pull_state_changed"
67
+	ActionPullMerged            Action = "pull_merged"
68
+	ActionStarCreated           Action = "star_created"
69
+	ActionStarDeleted           Action = "star_deleted"
70
+	ActionWatchSet              Action = "watch_set"
71
+	ActionWatchUnset            Action = "watch_unset"
72
+	ActionRepoForked            Action = "repo_forked"
73
+	ActionRepoForkSynced        Action = "repo_fork_synced"
7474
 )
7575
7676
 // Target is a typed target-type constant.
internal/auth/policy/adapters.gomodified
@@ -25,4 +25,3 @@ func NewRepoRefFromRepo(r reposdb.Repo) RepoRef {
2525
 	}
2626
 	return ref
2727
 }
28
-
internal/auth/policy/policy_test.gomodified
@@ -56,9 +56,9 @@ func (k repoKind) String() string {
5656
 }
5757
5858
 const (
59
-	ownerID  int64 = 100
60
-	otherID  int64 = 200
61
-	repoIDV  int64 = 1000
59
+	ownerID int64 = 100
60
+	otherID int64 = 200
61
+	repoIDV int64 = 1000
6262
 )
6363
6464
 func makeActor(k actorKind) policy.Actor {
@@ -321,7 +321,6 @@ func TestCacheInvalidate(t *testing.T) {
321321
 	}
322322
 }
323323
324
-
325324
 // TestPermissionsDoc_CoversEveryAction guards against drift between
326325
 // the policy package and docs/internal/permissions.md. The doc's
327326
 // "Action → minimum role" table must mention every Action constant
internal/auth/reserved.gomodified
@@ -83,9 +83,9 @@ var reservedNames = map[string]struct{}{
8383
 	"shithubd":      {},
8484
 	"shithubbot":    {},
8585
 	// S29 — notification subscribe/unsubscribe per thread.
86
-	"threads":       {},
86
+	"threads": {},
8787
 	// S30 — invitation accept/decline.
88
-	"invitations":   {},
88
+	"invitations": {},
8989
 }
9090
9191
 // IsReserved reports whether name is on the reserved list. The check is
internal/checks/checks.gomodified
@@ -42,16 +42,16 @@ const (
4242
4343
 // Errors surfaced to API + handlers.
4444
 var (
45
-	ErrEmptyName              = errors.New("checks: name is required")
46
-	ErrNameTooLong            = errors.New("checks: name too long (max 200)")
47
-	ErrInvalidStatus          = errors.New("checks: status must be queued, in_progress, completed, or pending")
48
-	ErrInvalidConclusion      = errors.New("checks: invalid conclusion")
45
+	ErrEmptyName                = errors.New("checks: name is required")
46
+	ErrNameTooLong              = errors.New("checks: name too long (max 200)")
47
+	ErrInvalidStatus            = errors.New("checks: status must be queued, in_progress, completed, or pending")
48
+	ErrInvalidConclusion        = errors.New("checks: invalid conclusion")
4949
 	ErrCompletedNeedsConclusion = errors.New("checks: completed status requires conclusion")
50
-	ErrOutputTextTooLarge     = errors.New("checks: output.text exceeds 256 KiB cap")
51
-	ErrOutputSummaryTooLarge  = errors.New("checks: output.summary exceeds 64 KiB cap")
52
-	ErrShortHeadSHA           = errors.New("checks: head_sha must be at least 7 hex chars")
53
-	ErrCheckRunNotFound       = errors.New("checks: run not found")
54
-	ErrSuiteNotFound          = errors.New("checks: suite not found")
50
+	ErrOutputTextTooLarge       = errors.New("checks: output.text exceeds 256 KiB cap")
51
+	ErrOutputSummaryTooLarge    = errors.New("checks: output.summary exceeds 64 KiB cap")
52
+	ErrShortHeadSHA             = errors.New("checks: head_sha must be at least 7 hex chars")
53
+	ErrCheckRunNotFound         = errors.New("checks: run not found")
54
+	ErrSuiteNotFound            = errors.New("checks: suite not found")
5555
 )
5656
5757
 // validStatus / validConclusion mirror the Postgres enums.
internal/checks/checks_test.gomodified
@@ -261,10 +261,10 @@ func TestUpdate_TimestampsRoundTrip(t *testing.T) {
261261
 		RepoID: f.repoID, HeadSHA: strings.Repeat("a", 40), Name: "lint",
262262
 	})
263263
 	if _, err := checks.Update(ctx, f.deps, checks.UpdateParams{
264
-		RunID:          run.ID,
265
-		HasStatus:      true, Status: "completed",
266
-		HasConclusion:  true, Conclusion: "success",
267
-		HasStartedAt:   true, StartedAt: when,
264
+		RunID:     run.ID,
265
+		HasStatus: true, Status: "completed",
266
+		HasConclusion: true, Conclusion: "success",
267
+		HasStartedAt: true, StartedAt: when,
268268
 		HasCompletedAt: true, CompletedAt: when.Add(30 * time.Second),
269269
 	}); err != nil {
270270
 		t.Fatalf("Update: %v", err)
internal/checks/create.gomodified
@@ -75,9 +75,9 @@ func Create(ctx context.Context, deps Deps, p CreateParams) (checksdb.CheckRun,
7575
 	}()
7676
7777
 	suite, err := q.GetOrCreateCheckSuite(ctx, tx, checksdb.GetOrCreateCheckSuiteParams{
78
-		RepoID:   p.RepoID,
79
-		HeadSha:  p.HeadSHA,
80
-		AppSlug:  p.AppSlug,
78
+		RepoID:  p.RepoID,
79
+		HeadSha: p.HeadSHA,
80
+		AppSlug: p.AppSlug,
8181
 	})
8282
 	if err != nil {
8383
 		return checksdb.CheckRun{}, fmt.Errorf("suite: %w", err)
internal/checks/required_eval.gomodified
@@ -15,15 +15,15 @@ import (
1515
1616
 // GateInputs is the small struct the merge gate cares about.
1717
 type GateInputs struct {
18
-	RepoID         int64
19
-	HeadSHA        string
20
-	RequiredNames  []string // from branch_protection_rules.status_checks_required
18
+	RepoID        int64
19
+	HeadSHA       string
20
+	RequiredNames []string // from branch_protection_rules.status_checks_required
2121
 }
2222
2323
 // GateResult mirrors the spec's blocked-with-reason vocabulary.
2424
 type GateResult struct {
2525
 	Satisfied bool
26
-	Reason    string  // "" when Satisfied; otherwise human-readable cause
26
+	Reason    string // "" when Satisfied; otherwise human-readable cause
2727
 	// Missing is the subset of RequiredNames that haven't yet succeeded
2828
 	// or returned neutral on HeadSHA. Populated for UI tooltips.
2929
 	Missing []string
internal/checks/suite_rollup_test.gomodified
@@ -23,10 +23,10 @@ func run(status string, conclusion string) checksdb.CheckRun {
2323
 func TestDeriveSuiteRollup(t *testing.T) {
2424
 	t.Parallel()
2525
 	cases := []struct {
26
-		name        string
27
-		runs        []checksdb.CheckRun
28
-		wantStatus  string
29
-		wantConcl   string
26
+		name       string
27
+		runs       []checksdb.CheckRun
28
+		wantStatus string
29
+		wantConcl  string
3030
 	}{
3131
 		{
3232
 			"empty → queued",
internal/git/protocol/ssh_dispatch_test.gomodified
@@ -174,7 +174,8 @@ func TestDispatch_PushToArchivedIsArchived(t *testing.T) {
174174
 func TestDispatch_SuspendedUserSuspended(t *testing.T) {
175175
 	t.Parallel()
176176
 	env := setupDispatch(t)
177
-	if _, err := env.pool.Exec(context.Background(),
177
+	if _, err := env.pool.Exec(
178
+		context.Background(),
178179
 		"UPDATE users SET suspended_at = now(), suspended_reason = 'test' WHERE id = $1",
179180
 		env.alice,
180181
 	); err != nil {
internal/issues/notif_emit.gomodified
@@ -105,7 +105,8 @@ func emitAssignmentEventTx(
105105
 // which is the safe default for the public-feed flag on the event row.
106106
 func repoVisibilityPublic(ctx context.Context, db pgxRow, repoID int64) (bool, error) {
107107
 	var vis string
108
-	err := db.QueryRow(ctx,
108
+	err := db.QueryRow(
109
+		ctx,
109110
 		`SELECT visibility::text FROM repos WHERE id = $1`,
110111
 		repoID,
111112
 	).Scan(&vis)
internal/issues/references.gomodified
@@ -19,8 +19,8 @@ import (
1919
2020
 // Two patterns:
2121
 //
22
-//   #N            — same-repo reference. Captured digits.
23
-//   owner/repo#N  — cross-repo reference. Captured owner, repo, digits.
22
+//	#N            — same-repo reference. Captured digits.
23
+//	owner/repo#N  — cross-repo reference. Captured owner, repo, digits.
2424
 //
2525
 // Word-boundary on the leading side so we don't grab "abc#1". The N is
2626
 // limited to 1–9 leading digit + arbitrary digits, capped at 9 total to
@@ -105,7 +105,8 @@ func insertReferencesFromBody(
105105
 			pKind string
106106
 			pID   int64
107107
 		)
108
-		err = tx.QueryRow(ctx,
108
+		err = tx.QueryRow(
109
+			ctx,
109110
 			`SELECT kind::text, id FROM principals WHERE slug = $1`,
110111
 			strings.ToLower(owner),
111112
 		).Scan(&pKind, &pID)
@@ -173,4 +174,3 @@ func insertReferencesFromBody(
173174
174175
 	return nil
175176
 }
176
-
internal/issues/references_test.gomodified
@@ -67,4 +67,3 @@ func TestCrossRepoRefRegex(t *testing.T) {
6767
 		t.Errorf("got %v, want %v", got, want)
6868
 	}
6969
 }
70
-
internal/markdown/extensions/emoji.gomodified
@@ -11,95 +11,95 @@ package extensions
1111
 // the rendered output.
1212
 var emojiMap = map[string]string{
1313
 	// Common reactions
14
-	"+1":              "👍",
15
-	"-1":              "👎",
16
-	"thumbsup":        "👍",
17
-	"thumbsdown":      "👎",
18
-	"smile":           "😄",
19
-	"laughing":        "😆",
20
-	"joy":             "😂",
21
-	"heart":           "❤️",
22
-	"heart_eyes":      "😍",
23
-	"tada":            "🎉",
24
-	"rocket":          "🚀",
25
-	"fire":            "🔥",
26
-	"sparkles":        "✨",
27
-	"eyes":            "👀",
28
-	"thinking":        "🤔",
29
-	"thinking_face":   "🤔",
30
-	"wave":            "👋",
31
-	"clap":            "👏",
32
-	"pray":            "🙏",
33
-	"100":             "💯",
34
-	"check":           "✅",
35
-	"x":               "❌",
36
-	"warning":         "⚠️",
37
-	"bug":             "🐛",
38
-	"sparkle":         "✨",
39
-	"star":            "⭐",
40
-	"hammer":          "🔨",
41
-	"wrench":          "🔧",
42
-	"package":         "📦",
43
-	"books":           "📚",
44
-	"book":            "📖",
45
-	"memo":            "📝",
46
-	"pencil":          "✏️",
47
-	"shipit":          "🚢",
48
-	"ship":            "🚢",
49
-	"lock":            "🔒",
50
-	"unlock":          "🔓",
51
-	"key":             "🔑",
52
-	"link":            "🔗",
53
-	"speech_balloon":  "💬",
54
-	"thought_balloon": "💭",
55
-	"computer":        "💻",
56
-	"keyboard":        "⌨️",
57
-	"floppy_disk":     "💾",
58
-	"cd":              "💿",
59
-	"dvd":             "📀",
60
-	"clipboard":       "📋",
61
-	"chart":           "📈",
62
-	"bar_chart":       "📊",
63
-	"calendar":        "📅",
64
-	"date":            "📆",
65
-	"hourglass":       "⌛",
66
-	"alarm_clock":     "⏰",
67
-	"clock1":          "🕐",
68
-	"bell":            "🔔",
69
-	"no_bell":         "🔕",
70
-	"loudspeaker":     "📢",
71
-	"mega":            "📣",
72
-	"mailbox":         "📫",
73
-	"envelope":        "✉️",
74
-	"postbox":         "📮",
75
-	"package_2":       "📮",
76
-	"mag":             "🔍",
77
-	"telescope":       "🔭",
78
-	"microscope":      "🔬",
79
-	"hammer_and_wrench": "🛠️",
80
-	"gear":              "⚙️",
81
-	"toolbox":           "🧰",
82
-	"nut_and_bolt":      "🔩",
83
-	"satellite":         "📡",
84
-	"globe":             "🌍",
85
-	"earth_americas":    "🌎",
86
-	"earth_asia":        "🌏",
87
-	"new":               "🆕",
88
-	"free":              "🆓",
89
-	"abc":               "🔤",
90
-	"abcd":              "🔡",
91
-	"capital_abcd":      "🔠",
92
-	"information_source": "ℹ️",
93
-	"interrobang":        "⁉️",
94
-	"question":           "❓",
95
-	"grey_question":      "❔",
96
-	"exclamation":        "❗",
97
-	"grey_exclamation":   "❕",
98
-	"o":                  "⭕",
99
-	"x_circle":           "❌",
100
-	"white_check_mark":   "✅",
101
-	"ballot_box_with_check": "☑️",
102
-	"heavy_check_mark":      "✔️",
14
+	"+1":                     "👍",
15
+	"-1":                     "👎",
16
+	"thumbsup":               "👍",
17
+	"thumbsdown":             "👎",
18
+	"smile":                  "😄",
19
+	"laughing":               "😆",
20
+	"joy":                    "😂",
21
+	"heart":                  "❤️",
22
+	"heart_eyes":             "😍",
23
+	"tada":                   "🎉",
24
+	"rocket":                 "🚀",
25
+	"fire":                   "🔥",
26
+	"sparkles":               "✨",
27
+	"eyes":                   "👀",
28
+	"thinking":               "🤔",
29
+	"thinking_face":          "🤔",
30
+	"wave":                   "👋",
31
+	"clap":                   "👏",
32
+	"pray":                   "🙏",
33
+	"100":                    "💯",
34
+	"check":                  "✅",
35
+	"x":                      "❌",
36
+	"warning":                "⚠️",
37
+	"bug":                    "🐛",
38
+	"sparkle":                "✨",
39
+	"star":                   "⭐",
40
+	"hammer":                 "🔨",
41
+	"wrench":                 "🔧",
42
+	"package":                "📦",
43
+	"books":                  "📚",
44
+	"book":                   "📖",
45
+	"memo":                   "📝",
46
+	"pencil":                 "✏️",
47
+	"shipit":                 "🚢",
48
+	"ship":                   "🚢",
49
+	"lock":                   "🔒",
50
+	"unlock":                 "🔓",
51
+	"key":                    "🔑",
52
+	"link":                   "🔗",
53
+	"speech_balloon":         "💬",
54
+	"thought_balloon":        "💭",
55
+	"computer":               "💻",
56
+	"keyboard":               "⌨️",
57
+	"floppy_disk":            "💾",
58
+	"cd":                     "💿",
59
+	"dvd":                    "📀",
60
+	"clipboard":              "📋",
61
+	"chart":                  "📈",
62
+	"bar_chart":              "📊",
63
+	"calendar":               "📅",
64
+	"date":                   "📆",
65
+	"hourglass":              "⌛",
66
+	"alarm_clock":            "⏰",
67
+	"clock1":                 "🕐",
68
+	"bell":                   "🔔",
69
+	"no_bell":                "🔕",
70
+	"loudspeaker":            "📢",
71
+	"mega":                   "📣",
72
+	"mailbox":                "📫",
73
+	"envelope":               "✉️",
74
+	"postbox":                "📮",
75
+	"package_2":              "📮",
76
+	"mag":                    "🔍",
77
+	"telescope":              "🔭",
78
+	"microscope":             "🔬",
79
+	"hammer_and_wrench":      "🛠️",
80
+	"gear":                   "⚙️",
81
+	"toolbox":                "🧰",
82
+	"nut_and_bolt":           "🔩",
83
+	"satellite":              "📡",
84
+	"globe":                  "🌍",
85
+	"earth_americas":         "🌎",
86
+	"earth_asia":             "🌏",
87
+	"new":                    "🆕",
88
+	"free":                   "🆓",
89
+	"abc":                    "🔤",
90
+	"abcd":                   "🔡",
91
+	"capital_abcd":           "🔠",
92
+	"information_source":     "ℹ️",
93
+	"interrobang":            "⁉️",
94
+	"question":               "❓",
95
+	"grey_question":          "❔",
96
+	"exclamation":            "❗",
97
+	"grey_exclamation":       "❕",
98
+	"o":                      "⭕",
99
+	"x_circle":               "❌",
100
+	"white_check_mark":       "✅",
101
+	"ballot_box_with_check":  "☑️",
102
+	"heavy_check_mark":       "✔️",
103103
 	"heavy_multiplication_x": "✖️",
104104
 	"heavy_plus_sign":        "➕",
105105
 	"heavy_minus_sign":       "➖",
@@ -115,7 +115,7 @@ var emojiMap = map[string]string{
115115
 	"gem":                    "💎",
116116
 	"art":                    "🎨",
117117
 	"musical_note":           "🎵",
118
-	"musical_score":           "🎼",
118
+	"musical_score":          "🎼",
119119
 	"sound":                  "🔊",
120120
 	"mute":                   "🔇",
121121
 	"video_camera":           "📹",
internal/markdown/extensions/extensions.gomodified
@@ -101,22 +101,23 @@ type Mention struct {
101101
 //	#14               user mention: username
102102
 //	#16               commit prefix
103103
 //	#18               emoji name
104
-var reCombined = regexp.MustCompile(`` +
105
-	// cross-repo: alice/proj#3 — left boundary required so we don't
106
-	// chew into a preceding word.
107
-	`(?:^|[^\w/])([A-Za-z0-9][A-Za-z0-9._-]*)/([A-Za-z0-9][A-Za-z0-9._-]*)#([0-9]{1,9})\b` +
108
-	// or same-repo: #3
109
-	`|(?:^|[^\w/])#([0-9]{1,9})\b` +
110
-	// or team mention: @org/team — comes BEFORE @user so the
111
-	// trailing `/team` doesn't get split off as text. Slug shape
112
-	// matches users.username + teams.slug.
113
-	`|(?:^|[^\w])@([a-z0-9](?:[a-z0-9-]{0,37}[a-z0-9])?)/([a-z0-9](?:[a-z0-9._-]{0,48}[a-z0-9])?)\b` +
114
-	// or user mention: @alice
115
-	`|(?:^|[^\w])@([A-Za-z0-9][A-Za-z0-9_-]{0,38})\b` +
116
-	// or commit SHA: 7–40 lowercase hex
117
-	`|(?:^|[^\w/])([0-9a-f]{7,40})\b` +
118
-	// or emoji shortcode: :smile:
119
-	`|:([a-z0-9_+\-]+):`,
104
+var reCombined = regexp.MustCompile(
105
+	`` +
106
+		// cross-repo: alice/proj#3 — left boundary required so we don't
107
+		// chew into a preceding word.
108
+		`(?:^|[^\w/])([A-Za-z0-9][A-Za-z0-9._-]*)/([A-Za-z0-9][A-Za-z0-9._-]*)#([0-9]{1,9})\b` +
109
+		// or same-repo: #3
110
+		`|(?:^|[^\w/])#([0-9]{1,9})\b` +
111
+		// or team mention: @org/team — comes BEFORE @user so the
112
+		// trailing `/team` doesn't get split off as text. Slug shape
113
+		// matches users.username + teams.slug.
114
+		`|(?:^|[^\w])@([a-z0-9](?:[a-z0-9-]{0,37}[a-z0-9])?)/([a-z0-9](?:[a-z0-9._-]{0,48}[a-z0-9])?)\b` +
115
+		// or user mention: @alice
116
+		`|(?:^|[^\w])@([A-Za-z0-9][A-Za-z0-9_-]{0,38})\b` +
117
+		// or commit SHA: 7–40 lowercase hex
118
+		`|(?:^|[^\w/])([0-9a-f]{7,40})\b` +
119
+		// or emoji shortcode: :smile:
120
+		`|:([a-z0-9_+\-]+):`,
120121
 )
121122
122123
 // Extension is a goldmark.Extender that registers the AST transformer.
@@ -181,12 +182,12 @@ func (t *transformer) replaceText(txt *ast.Text, source []byte) {
181182
 		// content starts (excluding the regex-consumed boundary
182183
 		// char, if any).
183184
 		var (
184
-			isCrossRepo  = m[2] >= 0
185
-			isSameRepo   = m[8] >= 0
186
-			isTeamMen    = m[10] >= 0
187
-			isMention    = m[14] >= 0
188
-			isCommit     = m[16] >= 0
189
-			isEmoji      = m[18] >= 0
185
+			isCrossRepo = m[2] >= 0
186
+			isSameRepo  = m[8] >= 0
187
+			isTeamMen   = m[10] >= 0
188
+			isMention   = m[14] >= 0
189
+			isCommit    = m[16] >= 0
190
+			isEmoji     = m[18] >= 0
190191
 		)
191192
 		var contentStart int
192193
 		switch {
@@ -379,4 +380,3 @@ func (t *transformer) appendCommitLink(parent, before ast.Node, shaPrefix string
379380
 	}
380381
 	return true
381382
 }
382
-
internal/markdown/markdown_test.gomodified
@@ -123,8 +123,8 @@ func TestRender_HostileInputs(t *testing.T) {
123123
 func TestRender_AllowsSafeHTML(t *testing.T) {
124124
 	t.Parallel()
125125
 	cases := []struct {
126
-		name      string
127
-		src       string
126
+		name        string
127
+		src         string
128128
 		mustContain []string
129129
 	}{
130130
 		{
internal/notif/email.gomodified
@@ -106,7 +106,8 @@ func sendNotificationEmail(
106106
 // participating threads master toggle, default on").
107107
 func emailPrefOn(ctx context.Context, pool *pgxpool.Pool, userID int64, key string) (bool, error) {
108108
 	var raw json.RawMessage
109
-	err := pool.QueryRow(ctx,
109
+	err := pool.QueryRow(
110
+		ctx,
110111
 		`SELECT value FROM user_notification_prefs WHERE user_id = $1 AND key = $2`,
111112
 		userID, key,
112113
 	).Scan(&raw)
internal/notif/emit.gomodified
@@ -28,8 +28,8 @@ type Event struct {
2828
 	RepoID      int64  // 0 → user-scoped event (NULL).
2929
 	SourceKind  string // "issue", "pull", "repo", "user", …
3030
 	SourceID    int64
31
-	Public      bool     // matches repo visibility (caller decides).
32
-	Mentions    []int64  // resolved user-ids to fan out @-mentions to.
31
+	Public      bool    // matches repo visibility (caller decides).
32
+	Mentions    []int64 // resolved user-ids to fan out @-mentions to.
3333
 	Extra       map[string]any
3434
 }
3535
internal/notif/fanout_test.gomodified
@@ -39,6 +39,7 @@ func (c *captureSender) Send(_ context.Context, m email.Message) error {
3939
 	c.messages = append(c.messages, m)
4040
 	return nil
4141
 }
42
+
4243
 func (c *captureSender) count() int {
4344
 	c.mu.Lock()
4445
 	defer c.mu.Unlock()
@@ -312,10 +313,10 @@ func TestFanout_VisibilityRecheck_PrivateRepo(t *testing.T) {
312313
 func TestUnsubscribe_HMACRoundtrip(t *testing.T) {
313314
 	key := []byte("test-key-32-bytes-aaaaaaaaaaaaaa")
314315
 	const (
315
-		uid  = int64(123)
316
-		tk   = "issue"
317
-		tid  = int64(45)
318
-		bad  = "issues"
316
+		uid   = int64(123)
317
+		tk    = "issue"
318
+		tid   = int64(45)
319
+		bad   = "issues"
319320
 		other = int64(46)
320321
 	)
321322
 	// Build by parsing the URL the same path the email-side uses.
internal/notif/notif.gomodified
@@ -55,9 +55,9 @@ type Deps struct {
5555
5656
 // Errors surfaced by the orchestrator.
5757
 var (
58
-	ErrNotFound        = errors.New("notif: notification not found")
59
-	ErrUnauthorized    = errors.New("notif: not your notification")
60
-	ErrUnsubscribeBad  = errors.New("notif: invalid unsubscribe token")
58
+	ErrNotFound       = errors.New("notif: notification not found")
59
+	ErrUnauthorized   = errors.New("notif: not your notification")
60
+	ErrUnsubscribeBad = errors.New("notif: invalid unsubscribe token")
6161
 )
6262
6363
 // FanoutBatch is the per-tick cap on how many domain_events the
@@ -70,8 +70,8 @@ const FanoutBatch = 200
7070
 // 10 minutes (the spec's day-1 lean). Per-recipient absolute cap
7171
 // is 100 emails per hour.
7272
 const (
73
-	StormPerThreadCap   = 1
74
-	StormPerThreadMins  = 10
75
-	StormAbsoluteCap    = 100
76
-	StormAbsoluteMins   = 60
73
+	StormPerThreadCap  = 1
74
+	StormPerThreadMins = 10
75
+	StormAbsoluteCap   = 100
76
+	StormAbsoluteMins  = 60
7777
 )
internal/notif/routing.gomodified
@@ -13,10 +13,10 @@ const (
1313
 	ReasonMention         Reason = "mention"
1414
 	ReasonAssignment      Reason = "assignment"
1515
 	ReasonReviewRequested Reason = "review_requested"
16
-	ReasonAuthor          Reason = "author"          // you opened the thread
17
-	ReasonCommenter       Reason = "commenter"       // you commented earlier
18
-	ReasonSubscribed      Reason = "subscribed"      // explicit thread sub
19
-	ReasonWatching        Reason = "watching"        // repo-level watch
16
+	ReasonAuthor          Reason = "author"     // you opened the thread
17
+	ReasonCommenter       Reason = "commenter"  // you commented earlier
18
+	ReasonSubscribed      Reason = "subscribed" // explicit thread sub
19
+	ReasonWatching        Reason = "watching"   // repo-level watch
2020
 	ReasonRepoAdminAction Reason = "repo_admin_action"
2121
 )
2222
internal/orgs/create.gomodified
@@ -17,11 +17,11 @@ import (
1717
1818
 // CreateParams describes a create-org request.
1919
 type CreateParams struct {
20
-	Slug             string
21
-	DisplayName      string
22
-	Description      string
23
-	BillingEmail     string
24
-	CreatedByUserID  int64
20
+	Slug            string
21
+	DisplayName     string
22
+	Description     string
23
+	BillingEmail    string
24
+	CreatedByUserID int64
2525
 }
2626
2727
 // slugRE mirrors the username pattern (lowercase letters, digits,
@@ -86,10 +86,10 @@ func Create(ctx context.Context, deps Deps, p CreateParams) (orgsdb.Org, error)
8686
 	}
8787
8888
 	if err := q.AddOrgMember(ctx, tx, orgsdb.AddOrgMemberParams{
89
-		OrgID:            row.ID,
90
-		UserID:           p.CreatedByUserID,
91
-		Role:             orgsdb.OrgRoleOwner,
92
-		InvitedByUserID:  pgtype.Int8{Valid: false},
89
+		OrgID:           row.ID,
90
+		UserID:          p.CreatedByUserID,
91
+		Role:            orgsdb.OrgRoleOwner,
92
+		InvitedByUserID: pgtype.Int8{Valid: false},
9393
 	}); err != nil {
9494
 		return orgsdb.Org{}, fmt.Errorf("seed owner: %w", err)
9595
 	}
internal/orgs/hard_delete.gomodified
@@ -84,7 +84,8 @@ func Restore(ctx context.Context, deps Deps, orgID, actorUserID int64) error {
8484
 	// soft-delete). Refuse to restore if so — the operator can rename
8585
 	// the conflicting principal and retry.
8686
 	var taken bool
87
-	if err := deps.Pool.QueryRow(ctx,
87
+	if err := deps.Pool.QueryRow(
88
+		ctx,
8889
 		`SELECT EXISTS(SELECT 1 FROM principals WHERE slug = $1)`,
8990
 		row.Slug,
9091
 	).Scan(&taken); err != nil {
internal/orgs/invitations.gomodified
@@ -102,13 +102,13 @@ func Invite(ctx context.Context, deps Deps, p InviteParams) (InviteResult, error
102102
 		return InviteResult{}, fmt.Errorf("invite token: %w", err)
103103
 	}
104104
 	row, err := q.CreateOrgInvitation(ctx, deps.Pool, orgsdb.CreateOrgInvitationParams{
105
-		OrgID:            p.OrgID,
106
-		InvitedByUserID:  pgtype.Int8{Int64: p.InvitedByUserID, Valid: true},
107
-		TargetUserID:     targetUserID,
108
-		TargetEmail:      emailToCitext(targetEmail),
109
-		Role:             role,
110
-		TokenHash:        tokHash,
111
-		ExpiresAt:        pgtype.Timestamptz{Time: time.Now().Add(7 * 24 * time.Hour), Valid: true},
105
+		OrgID:           p.OrgID,
106
+		InvitedByUserID: pgtype.Int8{Int64: p.InvitedByUserID, Valid: true},
107
+		TargetUserID:    targetUserID,
108
+		TargetEmail:     emailToCitext(targetEmail),
109
+		Role:            role,
110
+		TokenHash:       tokHash,
111
+		ExpiresAt:       pgtype.Timestamptz{Time: time.Now().Add(7 * 24 * time.Hour), Valid: true},
112112
 	})
113113
 	if err != nil {
114114
 		return InviteResult{}, fmt.Errorf("create invitation: %w", err)
internal/pulls/merge.gomodified
@@ -296,4 +296,3 @@ func fetchCommitsForLinkScan(ctx context.Context, db pullsdb.DBTX, prID int64) [
296296
 	}
297297
 	return out
298298
 }
299
-
internal/pulls/pulls.gomodified
@@ -124,13 +124,13 @@ func Create(ctx context.Context, deps Deps, p CreateParams) (CreateResult, error
124124
 	}
125125
126126
 	prRow, err := pullsdb.New().CreatePullRequest(ctx, deps.Pool, pullsdb.CreatePullRequestParams{
127
-		IssueID:     issueRow.ID,
128
-		BaseRef:     base,
129
-		HeadRef:     head,
130
-		HeadRepoID:  p.RepoID,
131
-		BaseOid:     baseOID,
132
-		HeadOid:     headOID,
133
-		Draft:       p.Draft,
127
+		IssueID:    issueRow.ID,
128
+		BaseRef:    base,
129
+		HeadRef:    head,
130
+		HeadRepoID: p.RepoID,
131
+		BaseOid:    baseOID,
132
+		HeadOid:    headOID,
133
+		Draft:      p.Draft,
134134
 	})
135135
 	if err != nil {
136136
 		return CreateResult{}, fmt.Errorf("create pull_request: %w", err)
internal/pulls/review/request.gomodified
@@ -61,7 +61,8 @@ func Request(ctx context.Context, deps Deps, p RequestParams) (pullsdb.PrReviewR
6161
 	issue, ierr := issuesdb.New().GetIssueByID(ctx, deps.Pool, p.PRIssueID)
6262
 	if ierr == nil {
6363
 		var public bool
64
-		_ = deps.Pool.QueryRow(ctx,
64
+		_ = deps.Pool.QueryRow(
65
+			ctx,
6566
 			`SELECT visibility = 'public' FROM repos WHERE id = $1`,
6667
 			issue.RepoID,
6768
 		).Scan(&public)
internal/pulls/review/review_test.gomodified
@@ -34,14 +34,14 @@ func gitCmd(args ...string) *exec.Cmd {
3434
 }
3535
3636
 type fx struct {
37
-	pool        *pgxpool.Pool
38
-	pullsDeps   pulls.Deps
39
-	reviewDeps  review.Deps
40
-	authorID    int64
41
-	reviewerID  int64
42
-	otherID     int64
43
-	repoID      int64
44
-	gitDir      string
37
+	pool       *pgxpool.Pool
38
+	pullsDeps  pulls.Deps
39
+	reviewDeps review.Deps
40
+	authorID   int64
41
+	reviewerID int64
42
+	otherID    int64
43
+	repoID     int64
44
+	gitDir     string
4545
 }
4646
4747
 func setup(t *testing.T) fx {
@@ -96,7 +96,7 @@ func setup(t *testing.T) fx {
9696
9797
 	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
9898
 	return fx{
99
-		pool: pool,
99
+		pool:       pool,
100100
 		pullsDeps:  pulls.Deps{Pool: pool, Logger: logger},
101101
 		reviewDeps: review.Deps{Pool: pool, Logger: logger},
102102
 		authorID:   author.ID,
internal/pulls/review/submit.gomodified
@@ -119,8 +119,8 @@ func Dismiss(ctx context.Context, deps Deps, actorUserID, reviewID int64, reason
119119
 		return err
120120
 	}
121121
 	return q.DismissPRReview(ctx, deps.Pool, pullsdb.DismissPRReviewParams{
122
-		ID:                 reviewID,
123
-		DismissedByUserID:  pgtype.Int8{Int64: actorUserID, Valid: actorUserID != 0},
124
-		DismissalReason:    strings.TrimSpace(reason),
122
+		ID:                reviewID,
123
+		DismissedByUserID: pgtype.Int8{Int64: actorUserID, Valid: actorUserID != 0},
124
+		DismissalReason:   strings.TrimSpace(reason),
125125
 	})
126126
 }
internal/repos/diff/parse/parse.gomodified
@@ -68,10 +68,10 @@ const (
6868
6969
 // Line is one rendered row in a hunk.
7070
 type Line struct {
71
-	Kind        LineKind
72
-	OldLineNo   int    // 0 when the line is a pure addition
73
-	NewLineNo   int    // 0 when the line is a pure deletion
74
-	Content     string // without the leading +/-/space marker, no trailing newline
71
+	Kind      LineKind
72
+	OldLineNo int    // 0 when the line is a pure addition
73
+	NewLineNo int    // 0 when the line is a pure deletion
74
+	Content   string // without the leading +/-/space marker, no trailing newline
7575
 }
7676
7777
 // Parse consumes a unified diff stream into the typed shape. The
internal/repos/diff/render/render.gomodified
@@ -184,7 +184,8 @@ func renderHunksUnified(f *parse.File, opts Options) string {
184184
 		for _, l := range h.Lines {
185185
 			old, neu := lineNoCells(l)
186186
 			content := highlightOrEscape(f.NewPath, l.Content, opts)
187
-			fmt.Fprintf(&buf,
187
+			fmt.Fprintf(
188
+				&buf,
188189
 				`<tr class="%s"><td class="shithub-diff-lineno">%s</td><td class="shithub-diff-lineno">%s</td><td class="shithub-diff-content"><pre>%s%s</pre></td></tr>`,
189190
 				lineClass(l.Kind), old, neu, lineMarker(l.Kind), content,
190191
 			)
@@ -221,7 +222,8 @@ func renderHunksSplit(f *parse.File, opts Options) string {
221222
 				rightNo = numStr(p.right.NewLineNo)
222223
 				rightContent = lineMarker(p.right.Kind) + highlightOrEscape(f.NewPath, p.right.Content, opts)
223224
 			}
224
-			fmt.Fprintf(&buf,
225
+			fmt.Fprintf(
226
+				&buf,
225227
 				`<tr><td class="shithub-diff-lineno %s">%s</td><td class="shithub-diff-content %s"><pre>%s</pre></td><td class="shithub-diff-lineno %s">%s</td><td class="shithub-diff-content %s"><pre>%s</pre></td></tr>`,
226228
 				leftClass, leftNo, leftClass, leftContent,
227229
 				rightClass, rightNo, rightClass, rightContent,
internal/repos/diff/source/source.gomodified
@@ -37,7 +37,8 @@ type Options struct {
3737
 // root commit (no parent) we diff against the empty tree by using
3838
 // `git diff-tree -p -r --root`.
3939
 func FromCommit(ctx context.Context, gitDir, sha string, opts Options) ([]byte, error) {
40
-	args := []string{"-C", gitDir,
40
+	args := []string{
41
+		"-C", gitDir,
4142
 		"diff-tree", "-p", "-r", "--root",
4243
 		"--no-color", "--no-ext-diff",
4344
 		"--full-index",
@@ -54,7 +55,8 @@ func FromCommit(ctx context.Context, gitDir, sha string, opts Options) ([]byte,
5455
 // FromRange returns the two-dot diff base..head. Use for "show me
5556
 // every change between these two refs", regardless of merge graph.
5657
 func FromRange(ctx context.Context, gitDir, base, head string, opts Options) ([]byte, error) {
57
-	args := []string{"-C", gitDir,
58
+	args := []string{
59
+		"-C", gitDir,
5860
 		"diff", "--patch",
5961
 		"--no-color", "--no-ext-diff",
6062
 		"--full-index",
@@ -72,7 +74,8 @@ func FromRange(ctx context.Context, gitDir, base, head string, opts Options) ([]
7274
 // `git diff $(git merge-base base head)..head`. Used by PR / compare
7375
 // pages — shows only what `head` adds over the common ancestor.
7476
 func FromMergeBase(ctx context.Context, gitDir, base, head string, opts Options) ([]byte, error) {
75
-	args := []string{"-C", gitDir,
77
+	args := []string{
78
+		"-C", gitDir,
7679
 		"diff", "--patch",
7780
 		"--no-color", "--no-ext-diff",
7881
 		"--full-index",
internal/repos/fork/fork.gomodified
@@ -30,17 +30,17 @@ type Deps struct {
3030
3131
 // Errors surfaced to handlers.
3232
 var (
33
-	ErrNotLoggedIn          = errors.New("fork: login required")
34
-	ErrSourceNotFound       = errors.New("fork: source repo not found")
35
-	ErrSourceNotVisible     = errors.New("fork: source repo not visible to actor")
36
-	ErrTargetNameTaken      = errors.New("fork: target name already exists for owner")
37
-	ErrVisibilityFloor      = errors.New("fork: target visibility cannot exceed source visibility")
38
-	ErrSelfForkSameName     = errors.New("fork: forking into the same owner requires a different name")
39
-	ErrSourceArchived       = errors.New("fork: source repo is archived")
40
-	ErrSourceDeleted        = errors.New("fork: source repo is deleted")
41
-	ErrSyncDiverged         = errors.New("fork: fork has diverged from upstream; sync via your client")
42
-	ErrSyncUpToDate         = errors.New("fork: already up to date")
43
-	ErrSyncDefaultsMissing  = errors.New("fork: source or fork default branch is empty")
44
-	ErrSyncRefRaced         = errors.New("fork: ref changed concurrently; retry")
45
-	ErrForkNotInitialized   = errors.New("fork: fork is still being prepared")
33
+	ErrNotLoggedIn         = errors.New("fork: login required")
34
+	ErrSourceNotFound      = errors.New("fork: source repo not found")
35
+	ErrSourceNotVisible    = errors.New("fork: source repo not visible to actor")
36
+	ErrTargetNameTaken     = errors.New("fork: target name already exists for owner")
37
+	ErrVisibilityFloor     = errors.New("fork: target visibility cannot exceed source visibility")
38
+	ErrSelfForkSameName    = errors.New("fork: forking into the same owner requires a different name")
39
+	ErrSourceArchived      = errors.New("fork: source repo is archived")
40
+	ErrSourceDeleted       = errors.New("fork: source repo is deleted")
41
+	ErrSyncDiverged        = errors.New("fork: fork has diverged from upstream; sync via your client")
42
+	ErrSyncUpToDate        = errors.New("fork: already up to date")
43
+	ErrSyncDefaultsMissing = errors.New("fork: source or fork default branch is empty")
44
+	ErrSyncRefRaced        = errors.New("fork: ref changed concurrently; retry")
45
+	ErrForkNotInitialized  = errors.New("fork: fork is still being prepared")
4646
 )
internal/repos/git/branchops.gomodified
@@ -50,7 +50,8 @@ func CommitsBetween(ctx context.Context, gitDir, base, head string, max int) ([]
5050
 	const sep = "\x1f"
5151
 	const recordEnd = "\x1e"
5252
 	format := strings.Join([]string{"%H", "%h", "%an", "%ae", "%at", "%s"}, sep) + sep + "%b" + recordEnd
53
-	cmd := exec.CommandContext(ctx, "git", "-C", gitDir,
53
+	cmd := exec.CommandContext(
54
+		ctx, "git", "-C", gitDir,
5455
 		"log",
5556
 		"--max-count="+strconv.Itoa(max),
5657
 		"--format="+format,
internal/repos/git/logops.gomodified
@@ -17,8 +17,8 @@ import (
1717
 // arrive via `git log --format=...`; the per-file stats live on
1818
 // CommitDetail.
1919
 type Commit struct {
20
-	OID         string    // full 40-char SHA
21
-	ShortOID    string    // git's --abbrev result, typically 7 chars
20
+	OID         string // full 40-char SHA
21
+	ShortOID    string // git's --abbrev result, typically 7 chars
2222
 	AuthorName  string
2323
 	AuthorEmail string
2424
 	AuthorWhen  time.Time
@@ -57,7 +57,8 @@ func Log(ctx context.Context, gitDir string, o LogOptions) ([]Commit, error) {
5757
 	// don't confuse SplitN.
5858
 	format := strings.Join([]string{"%H", "%h", "%an", "%ae", "%at", "%s"}, sep) + sep + "%b" + recordEnd
5959
60
-	args := []string{"-C", gitDir, "log",
60
+	args := []string{
61
+		"-C", gitDir, "log",
6162
 		"--max-count=" + strconv.Itoa(o.MaxCount),
6263
 		"--skip=" + strconv.Itoa(o.Skip),
6364
 		"--format=" + format,
@@ -134,12 +135,12 @@ type CommitDetail struct {
134135
 // Status is git's letter code: A added, M modified, D deleted, R renamed,
135136
 // C copied, T type-changed.
136137
 type FileChange struct {
137
-	Status   string
138
-	Path     string
139
-	OldPath  string // populated for R/C
140
-	Insert   int
141
-	Delete   int
142
-	Binary   bool
138
+	Status  string
139
+	Path    string
140
+	OldPath string // populated for R/C
141
+	Insert  int
142
+	Delete  int
143
+	Binary  bool
143144
 }
144145
145146
 // GetCommit returns the full detail for one SHA. Two commands: one for
internal/repos/git/mergeops.gomodified
@@ -90,7 +90,8 @@ func CommitsBetweenDetail(ctx context.Context, gitDir, baseOID, headOID string,
9090
 		"%cn", "%ce", "%ct",
9191
 		"%s",
9292
 	}, sep) + sep + "%b" + recordEnd
93
-	cmd := exec.CommandContext(ctx, "git", "-C", gitDir,
93
+	cmd := exec.CommandContext(
94
+		ctx, "git", "-C", gitDir,
9495
 		"log", "--reverse",
9596
 		"--max-count="+strconv.Itoa(max),
9697
 		"--format="+format,
@@ -147,7 +148,8 @@ func parseCommitDetail(out []byte) []CommitDetail {
147148
 // changes from merge-base to head). Status is git's letter code,
148149
 // renames carry the old path as the second column.
149150
 func FilesChangedBetween(ctx context.Context, gitDir, baseOID, headOID string) ([]PRFileChange, error) {
150
-	cmd := exec.CommandContext(ctx, "git", "-C", gitDir,
151
+	cmd := exec.CommandContext(
152
+		ctx, "git", "-C", gitDir,
151153
 		"diff", "--name-status", "-M", "-C",
152154
 		baseOID+"..."+headOID,
153155
 	)
@@ -159,7 +161,8 @@ func FilesChangedBetween(ctx context.Context, gitDir, baseOID, headOID string) (
159161
 		}
160162
 		return nil, wrapExecErr(err)
161163
 	}
162
-	cmd = exec.CommandContext(ctx, "git", "-C", gitDir,
164
+	cmd = exec.CommandContext(
165
+		ctx, "git", "-C", gitDir,
163166
 		"diff", "--numstat", "-M", "-C",
164167
 		baseOID+"..."+headOID,
165168
 	)
@@ -291,14 +294,16 @@ func PerformMerge(ctx context.Context, opts MergeOptions) (MergeResult, error) {
291294
292295
 	// Identity for the merge commit. `--no-edit` + a baked subject
293296
 	// keeps the merge non-interactive.
294
-	envBase := append(os.Environ(),
297
+	envBase := append(
298
+		os.Environ(),
295299
 		"GIT_AUTHOR_NAME="+opts.AuthorName,
296300
 		"GIT_AUTHOR_EMAIL="+opts.AuthorEmail,
297301
 		"GIT_COMMITTER_NAME="+opts.CommitterName,
298302
 		"GIT_COMMITTER_EMAIL="+opts.CommitterEmail,
299303
 	)
300304
 	if !opts.When.IsZero() {
301
-		envBase = append(envBase,
305
+		envBase = append(
306
+			envBase,
302307
 			"GIT_AUTHOR_DATE="+opts.When.Format(time.RFC3339),
303308
 			"GIT_COMMITTER_DATE="+opts.When.Format(time.RFC3339),
304309
 		)
internal/repos/git/plumbing.gomodified
@@ -150,7 +150,8 @@ func (ic InitialCommit) commitTree(ctx context.Context, tree string) (string, er
150150
 	//nolint:gosec // G204: tree is git's stdout (40-char OID); gitDir validated.
151151
 	cmd := exec.CommandContext(ctx, "git", "-C", ic.GitDir, "commit-tree", tree, "-m", ic.Message)
152152
 	stamp := ic.When.Format(time.RFC3339)
153
-	cmd.Env = append(os.Environ(),
153
+	cmd.Env = append(
154
+		os.Environ(),
154155
 		"GIT_AUTHOR_NAME="+ic.AuthorName,
155156
 		"GIT_AUTHOR_EMAIL="+ic.AuthorEmail,
156157
 		"GIT_AUTHOR_DATE="+stamp,
internal/repos/lifecycle/hard_delete.gomodified
@@ -118,4 +118,3 @@ func HardDelete(ctx context.Context, deps Deps, actorUserID, repoID int64) error
118118
 	}
119119
 	return nil
120120
 }
121
-
internal/repos/lifecycle/transfer.gomodified
@@ -19,11 +19,11 @@ import (
1919
2020
 // TransferRequestParams describes a new transfer offer.
2121
 type TransferRequestParams struct {
22
-	ActorUserID    int64
23
-	RepoID         int64
24
-	FromUserID     int64
22
+	ActorUserID     int64
23
+	RepoID          int64
24
+	FromUserID      int64
2525
 	ToPrincipalKind string // "user" — "org" arrives in S31
26
-	ToPrincipalID  int64
26
+	ToPrincipalID   int64
2727
 }
2828
2929
 // RequestTransfer creates a pending transfer with a 7-day TTL. Returns
@@ -39,12 +39,12 @@ func RequestTransfer(ctx context.Context, deps Deps, p TransferRequestParams) (i
3939
4040
 	rq := reposdb.New()
4141
 	row, err := rq.InsertTransferRequest(ctx, deps.Pool, reposdb.InsertTransferRequestParams{
42
-		RepoID:           p.RepoID,
43
-		FromUserID:       p.FromUserID,
44
-		ToPrincipalKind:  reposdb.TransferPrincipalKind(p.ToPrincipalKind),
45
-		ToPrincipalID:    p.ToPrincipalID,
46
-		CreatedBy:        p.ActorUserID,
47
-		ExpiresAt:        pgtype.Timestamptz{Time: deps.now().Add(transferTTL), Valid: true},
42
+		RepoID:          p.RepoID,
43
+		FromUserID:      p.FromUserID,
44
+		ToPrincipalKind: reposdb.TransferPrincipalKind(p.ToPrincipalKind),
45
+		ToPrincipalID:   p.ToPrincipalID,
46
+		CreatedBy:       p.ActorUserID,
47
+		ExpiresAt:       pgtype.Timestamptz{Time: deps.now().Add(transferTTL), Valid: true},
4848
 	})
4949
 	if err != nil {
5050
 		return 0, fmt.Errorf("insert transfer: %w", err)
@@ -122,10 +122,10 @@ func AcceptTransfer(ctx context.Context, deps Deps, actorUserID, transferID int6
122122
 	// Update owner. We keep the same name; if it collides on the
123123
 	// recipient, the unique index trips and the tx rolls back.
124124
 	if err := rq.TransferRepoOwner(ctx, tx, reposdb.TransferRepoOwnerParams{
125
-		ID:           repo.ID,
126
-		Name:         repo.Name,
127
-		OwnerUserID:  pgtype.Int8{Int64: actorUserID, Valid: true},
128
-		OwnerOrgID:   pgtype.Int8{Valid: false},
125
+		ID:          repo.ID,
126
+		Name:        repo.Name,
127
+		OwnerUserID: pgtype.Int8{Int64: actorUserID, Valid: true},
128
+		OwnerOrgID:  pgtype.Int8{Valid: false},
129129
 	}); err != nil {
130130
 		var pgErr *pgconn.PgError
131131
 		if errAs(err, &pgErr) && pgErr.Code == "23505" {
internal/repos/protection/protection.gomodified
@@ -26,10 +26,10 @@ import (
2626
 // the rule set. Allow=true means the push proceeds; Allow=false
2727
 // surfaces the reason+rule pattern back to the user via stderr.
2828
 type Decision struct {
29
-	Allow      bool
30
-	Reason     string
31
-	RuleID     int64
32
-	Pattern    string
29
+	Allow   bool
30
+	Reason  string
31
+	RuleID  int64
32
+	Pattern string
3333
 }
3434
3535
 // Update is one ref update from the pre-receive hook's stdin.
@@ -178,4 +178,3 @@ func FriendlyMessage(d Decision) string {
178178
 	}
179179
 	return fmt.Sprintf("shithub: %s (rule pattern %q).", d.Reason, d.Pattern)
180180
 }
181
-
internal/search/query_parse.gomodified
@@ -14,8 +14,8 @@ import "strings"
1414
 // to take effect (a bare `repo:foo` without slash is treated as
1515
 // free text).
1616
 type ParsedQuery struct {
17
-	Text         string  // free-text query (what tsvector matches against)
18
-	Phrase       string  // when a quoted phrase was supplied; empty when not
17
+	Text         string // free-text query (what tsvector matches against)
18
+	Phrase       string // when a quoted phrase was supplied; empty when not
1919
 	RepoFilter   *RepoFilter
2020
 	StateFilter  string // "open" | "closed" | ""
2121
 	AuthorFilter string // username or empty
internal/search/search_test.gomodified
@@ -36,8 +36,10 @@ func TestParseQuery(t *testing.T) {
3636
 		{"", search.ParsedQuery{}},
3737
 		{"hello world", search.ParsedQuery{Text: "hello world"}},
3838
 		{`"quoted phrase"`, search.ParsedQuery{Phrase: "quoted phrase"}},
39
-		{"repo:alice/demo bug", search.ParsedQuery{Text: "bug",
40
-			RepoFilter: &search.RepoFilter{Owner: "alice", Name: "demo"}}},
39
+		{"repo:alice/demo bug", search.ParsedQuery{
40
+			Text:       "bug",
41
+			RepoFilter: &search.RepoFilter{Owner: "alice", Name: "demo"},
42
+		}},
4143
 		{"repo:noslash bug", search.ParsedQuery{Text: "repo:noslash bug"}},
4244
 		{"is:open broken", search.ParsedQuery{Text: "broken", StateFilter: "open"}},
4345
 		{"state:closed bug", search.ParsedQuery{Text: "bug", StateFilter: "closed"}},
internal/social/social.gomodified
@@ -32,7 +32,7 @@ type Deps struct {
3232
3333
 // Errors surfaced to handlers.
3434
 var (
35
-	ErrNotLoggedIn      = errors.New("social: login required")
35
+	ErrNotLoggedIn       = errors.New("social: login required")
3636
 	ErrInvalidWatchLevel = errors.New("social: watch level must be all, participating, or ignore")
37
-	ErrStarRateLimit    = errors.New("social: star/unstar rate limit exceeded")
37
+	ErrStarRateLimit     = errors.New("social: star/unstar rate limit exceeded")
3838
 )
internal/web/handlers/api/checks.gomodified
@@ -289,10 +289,10 @@ func presentRun(r checksdb.CheckRun) map[string]any {
289289
290290
 func presentSuite(s checksdb.CheckSuite) map[string]any {
291291
 	out := map[string]any{
292
-		"id":        s.ID,
293
-		"head_sha":  s.HeadSha,
294
-		"app_slug":  s.AppSlug,
295
-		"status":    string(s.Status),
292
+		"id":       s.ID,
293
+		"head_sha": s.HeadSha,
294
+		"app_slug": s.AppSlug,
295
+		"status":   string(s.Status),
296296
 	}
297297
 	if s.Conclusion.Valid {
298298
 		out["conclusion"] = string(s.Conclusion.CheckConclusion)
internal/web/handlers/api/stars.gomodified
@@ -141,4 +141,3 @@ func pgTextString(t pgtype.Text) any {
141141
 	}
142142
 	return t.String
143143
 }
144
-
internal/web/handlers/auth/auth_test.gomodified
@@ -149,7 +149,8 @@ func newTestServerWithPool(t *testing.T, requireVerify bool) (*httptest.Server,
149149
 			epoch       int32
150150
 			suspendedAt sql.NullTime
151151
 		)
152
-		err = u.QueryRow(ctx,
152
+		err = u.QueryRow(
153
+			ctx,
153154
 			"SELECT username, session_epoch, suspended_at FROM users WHERE id = $1", id,
154155
 		).Scan(&name, &epoch, &suspendedAt)
155156
 		return middleware.UserLookupResult{
internal/web/handlers/auth/avatar.gomodified
@@ -68,7 +68,8 @@ func (h *Handlers) settingsAvatarUpload(w http.ResponseWriter, r *http.Request)
6868
 		if v.Size == variants[0].Size {
6969
 			key = largestKey
7070
 		}
71
-		if _, err := h.d.ObjectStore.Put(r.Context(), key,
71
+		if _, err := h.d.ObjectStore.Put(
72
+			r.Context(), key,
7273
 			bytes.NewReader(v.Data),
7374
 			storage.PutOpts{ContentType: "image/png", ContentLength: int64(len(v.Data))},
7475
 		); err != nil {
internal/web/handlers/auth/danger_test.gomodified
@@ -133,7 +133,8 @@ func TestDanger_PostGracePermanent(t *testing.T) {
133133
 	// be treated as nonexistent. Uses the SAME pool the test server is
134134
 	// reading from — a fresh dbtest.NewTestDB call would clone a brand
135135
 	// new database.
136
-	if _, err := pool.Exec(context.Background(),
136
+	if _, err := pool.Exec(
137
+		context.Background(),
137138
 		"UPDATE users SET deleted_at = $1 WHERE username = 'dangb'",
138139
 		time.Now().Add(-30*24*time.Hour),
139140
 	); err != nil {
internal/web/handlers/auth/tokens_test.gomodified
@@ -84,7 +84,8 @@ func newTokenServer(t *testing.T) (srv *httptest.Server, cli *client, captor *ca
8484
 			epoch       int32
8585
 			suspendedAt sql.NullTime
8686
 		)
87
-		err = c.QueryRow(ctx,
87
+		err = c.QueryRow(
88
+			ctx,
8889
 			"SELECT username, session_epoch, suspended_at FROM users WHERE id = $1", id,
8990
 		).Scan(&name, &epoch, &suspendedAt)
9091
 		return middleware.UserLookupResult{
internal/web/handlers/orgs/orgs.gomodified
@@ -2,15 +2,15 @@
22
33
 // Package orgs wires the S30 organization web surface:
44
 //
5
-//   GET  /organizations/new            create form
6
-//   POST /organizations                create submit
7
-//   GET  /{org}/people                 members + pending invites + invite form
8
-//   POST /{org}/people/invite          invite by username or email
9
-//   POST /{org}/people/{user}/role     change role
10
-//   POST /{org}/people/{user}/remove   remove member
11
-//   GET  /invitations/{token}          accept/decline view
12
-//   POST /invitations/{token}/accept   accept
13
-//   POST /invitations/{token}/decline  decline
5
+//	GET  /organizations/new            create form
6
+//	POST /organizations                create submit
7
+//	GET  /{org}/people                 members + pending invites + invite form
8
+//	POST /{org}/people/invite          invite by username or email
9
+//	POST /{org}/people/{user}/role     change role
10
+//	POST /{org}/people/{user}/remove   remove member
11
+//	GET  /invitations/{token}          accept/decline view
12
+//	POST /invitations/{token}/accept   accept
13
+//	POST /invitations/{token}/decline  decline
1414
 //
1515
 // Profile rendering for /{org} is dispatched from the existing
1616
 // /{username} catch-all in internal/web/handlers/profile via the
internal/web/handlers/orgs/teams.gomodified
@@ -222,7 +222,8 @@ func (h *Handlers) requireOrgOwner(w http.ResponseWriter, r *http.Request, orgID
222222
223223
 func (h *Handlers) userIDByUsername(r *http.Request, username string) (int64, bool) {
224224
 	var id int64
225
-	err := h.d.Pool.QueryRow(r.Context(),
225
+	err := h.d.Pool.QueryRow(
226
+		r.Context(),
226227
 		`SELECT id FROM users WHERE username = $1 AND deleted_at IS NULL`,
227228
 		username,
228229
 	).Scan(&id)
@@ -255,7 +256,8 @@ func (h *Handlers) canSeeTeam(r *http.Request, team orgsdb.Team, viewer middlewa
255256
 		return false
256257
 	}
257258
 	var member bool
258
-	_ = h.d.Pool.QueryRow(r.Context(),
259
+	_ = h.d.Pool.QueryRow(
260
+		r.Context(),
259261
 		`SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)`,
260262
 		team.ID, viewer.ID,
261263
 	).Scan(&member)
@@ -282,7 +284,8 @@ func (h *Handlers) filterSecretTeams(r *http.Request, all []orgsdb.Team, orgID i
282284
 			continue
283285
 		}
284286
 		var member bool
285
-		err := h.d.Pool.QueryRow(r.Context(),
287
+		err := h.d.Pool.QueryRow(
288
+			r.Context(),
286289
 			`SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)`,
287290
 			t.ID, viewer.ID,
288291
 		).Scan(&member)
@@ -304,4 +307,4 @@ var _ = pgx.ErrNoRows
304307
305308
 // errTeamNotFound is reserved for the future; surfaced via
306309
 // orgs.ErrTeamNotFound when needed.
307
-var _ = errors.New
310
+var _ = errors.New
internal/web/handlers/repo/branches.gomodified
@@ -146,12 +146,12 @@ func (h *Handlers) tagsList(w http.ResponseWriter, r *http.Request) {
146146
 	refs, _ := repogit.ListRefs(r.Context(), gitDir)
147147
148148
 	type tagRow struct {
149
-		Name        string
150
-		OID         string
151
-		ShortOID    string
152
-		Subject     string
153
-		AuthorName  string
154
-		AuthorWhen  time.Time
149
+		Name       string
150
+		OID        string
151
+		ShortOID   string
152
+		Subject    string
153
+		AuthorName string
154
+		AuthorWhen time.Time
155155
 	}
156156
 	rows := make([]tagRow, 0, len(refs.Tags))
157157
 	for _, t := range refs.Tags {
@@ -235,20 +235,20 @@ func (h *Handlers) compareView(w http.ResponseWriter, r *http.Request) {
235235
236236
 	refs, _ := repogit.ListRefs(r.Context(), gitDir)
237237
 	h.d.Render.RenderPage(w, r, "repo/compare", map[string]any{
238
-		"Title":     "Compare · " + row.Name,
239
-		"CSRFToken": middleware.CSRFTokenForRequest(r),
240
-		"Owner":     owner.Username,
241
-		"Repo":      row,
242
-		"Base":      base,
243
-		"Head":      head,
244
-		"Ahead":     ahead,
245
-		"Behind":    behind,
246
-		"Commits":   commits,
247
-		"DiffHTML":  diffHTML,
248
-		"NotFound":  notFound,
238
+		"Title":      "Compare · " + row.Name,
239
+		"CSRFToken":  middleware.CSRFTokenForRequest(r),
240
+		"Owner":      owner.Username,
241
+		"Repo":       row,
242
+		"Base":       base,
243
+		"Head":       head,
244
+		"Ahead":      ahead,
245
+		"Behind":     behind,
246
+		"Commits":    commits,
247
+		"DiffHTML":   diffHTML,
248
+		"NotFound":   notFound,
249249
 		"CommitsErr": cerr != nil,
250
-		"Branches":  refs.Branches,
251
-		"Tags":      refs.Tags,
250
+		"Branches":   refs.Branches,
251
+		"Tags":       refs.Tags,
252252
 	})
253253
 }
254254
internal/web/handlers/repo/code.gomodified
@@ -15,10 +15,10 @@ import (
1515
 	"github.com/jackc/pgx/v5/pgtype"
1616
1717
 	"github.com/tenseleyFlow/shithub/internal/auth/policy"
18
+	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
1819
 	"github.com/tenseleyFlow/shithub/internal/repos/finder"
1920
 	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"
2021
 	"github.com/tenseleyFlow/shithub/internal/repos/highlight"
21
-	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
2222
 	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
2323
 	"github.com/tenseleyFlow/shithub/internal/web/middleware"
2424
 )
@@ -44,13 +44,13 @@ func (h *Handlers) MountCode(r chi.Router) {
4444
 // derive once at the top. Owner+repo come from chi; ref+path come from
4545
 // the wildcard, resolved against the repo's ref list.
4646
 type codeContext struct {
47
-	owner    string
48
-	row      reposdb.Repo
49
-	gitDir   string
50
-	refs     repogit.RefListing
51
-	allRefs  []string
52
-	ref      string // matched ref name (or 40-hex sha)
53
-	subpath  string // path inside the ref, no leading slash
47
+	owner   string
48
+	row     reposdb.Repo
49
+	gitDir  string
50
+	refs    repogit.RefListing
51
+	allRefs []string
52
+	ref     string // matched ref name (or 40-hex sha)
53
+	subpath string // path inside the ref, no leading slash
5454
 }
5555
5656
 // loadCodeContext does the resolve dance for tree/blob/raw/find. On
internal/web/handlers/repo/fork.gomodified
@@ -86,7 +86,8 @@ func (h *Handlers) repoFork(w http.ResponseWriter, r *http.Request) {
8686
 	}
8787
 	// Enqueue the on-disk clone. The fork row exists with
8888
 	// init_status='init_pending' so the URL resolves immediately.
89
-	if _, err := worker.Enqueue(r.Context(), h.d.Pool, worker.KindRepoForkClone,
89
+	if _, err := worker.Enqueue(
90
+		r.Context(), h.d.Pool, worker.KindRepoForkClone,
9091
 		map[string]any{"source_repo_id": res.Source.ID, "fork_repo_id": res.Fork.ID},
9192
 		worker.EnqueueOptions{},
9293
 	); err != nil {
@@ -250,4 +251,3 @@ func (h *Handlers) handleForkError(w http.ResponseWriter, r *http.Request, err e
250251
 		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
251252
 	}
252253
 }
253
-
internal/web/handlers/repo/issues.gomodified
@@ -205,7 +205,8 @@ func (h *Handlers) issueCreate(w http.ResponseWriter, r *http.Request) {
205205
 	// thread events to them. Non-destructive — no-op if the user
206206
 	// already has an explicit preference.
207207
 	_ = social.AutoWatchOnInvolvement(r.Context(), h.socialDeps(), viewer.ID, row.ID)
208
-	http.Redirect(w, r,
208
+	http.Redirect(
209
+		w, r,
209210
 		"/"+owner.Username+"/"+row.Name+"/issues/"+strconv.FormatInt(created.Number, 10),
210211
 		http.StatusSeeOther,
211212
 	)
internal/web/handlers/repo/lifecycle.gomodified
@@ -15,8 +15,8 @@ import (
1515
 	"github.com/tenseleyFlow/shithub/internal/orgs"
1616
 	"github.com/tenseleyFlow/shithub/internal/repos/lifecycle"
1717
 	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
18
-	"github.com/tenseleyFlow/shithub/internal/web/middleware"
1918
 	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
19
+	"github.com/tenseleyFlow/shithub/internal/web/middleware"
2020
 )
2121
2222
 // MountLifecycle registers the repo settings danger-zone routes plus
@@ -72,8 +72,8 @@ func (h *Handlers) loadRepoAndAuthorize(w http.ResponseWriter, r *http.Request,
7272
 		return reposdb.Repo{}, usersdb.User{}, false
7373
 	}
7474
 	var (
75
-		row    reposdb.Repo
76
-		owner  usersdb.User
75
+		row   reposdb.Repo
76
+		owner usersdb.User
7777
 	)
7878
 	switch principal.Kind {
7979
 	case orgs.PrincipalUser:
internal/web/handlers/repo/pulls.gomodified
@@ -18,10 +18,10 @@ import (
1818
 	checksdb "github.com/tenseleyFlow/shithub/internal/checks/sqlc"
1919
 	"github.com/tenseleyFlow/shithub/internal/issues"
2020
 	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
21
+	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
2122
 	"github.com/tenseleyFlow/shithub/internal/pulls"
2223
 	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
2324
 	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"
24
-	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
2525
 	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
2626
 	"github.com/tenseleyFlow/shithub/internal/social"
2727
 	"github.com/tenseleyFlow/shithub/internal/web/middleware"
@@ -193,7 +193,8 @@ func (h *Handlers) pullCreate(w http.ResponseWriter, r *http.Request) {
193193
 		h.d.Logger.WarnContext(r.Context(), "pulls: enqueue mergeability", "error", err)
194194
 	}
195195
 	_ = worker.Notify(r.Context(), h.d.Pool)
196
-	http.Redirect(w, r,
196
+	http.Redirect(
197
+		w, r,
197198
 		"/"+owner.Username+"/"+row.Name+"/pulls/"+strconv.FormatInt(res.Issue.Number, 10),
198199
 		http.StatusSeeOther,
199200
 	)
@@ -421,9 +422,9 @@ func (h *Handlers) pullFiles(w http.ResponseWriter, r *http.Request) {
421422
 		threadsByFile[f.Path] = out
422423
 	}
423424
 	h.renderPullPage(w, r, "files", map[string]any{
424
-		"Files":          files,
425
-		"DiffHTML":       diffHTML,
426
-		"ThreadsByFile":  threadsByFile,
425
+		"Files":         files,
426
+		"DiffHTML":      diffHTML,
427
+		"ThreadsByFile": threadsByFile,
427428
 	})
428429
 }
429430
@@ -440,9 +441,9 @@ func (h *Handlers) pullChecks(w http.ResponseWriter, r *http.Request) {
440441
 		return
441442
 	}
442443
 	type runRow struct {
443
-		R              checksdb.CheckRun
444
-		SummaryHTML    template.HTML
445
-		AppSlug        string
444
+		R           checksdb.CheckRun
445
+		SummaryHTML template.HTML
446
+		AppSlug     string
446447
 	}
447448
 	type suiteGroup struct {
448449
 		Suite checksdb.CheckSuite
internal/web/handlers/repo/repo.gomodified
@@ -10,9 +10,8 @@ import (
1010
 	"errors"
1111
 	"log/slog"
1212
 	"net/http"
13
-	"strings"
14
-
1513
 	"strconv"
14
+	"strings"
1615
1716
 	"github.com/go-chi/chi/v5"
1817
 	"github.com/jackc/pgx/v5"
@@ -23,8 +22,8 @@ import (
2322
 	"github.com/tenseleyFlow/shithub/internal/auth/policy"
2423
 	"github.com/tenseleyFlow/shithub/internal/auth/secretbox"
2524
 	"github.com/tenseleyFlow/shithub/internal/auth/throttle"
26
-	"github.com/tenseleyFlow/shithub/internal/infra/storage"
2725
 	checksdb "github.com/tenseleyFlow/shithub/internal/checks/sqlc"
26
+	"github.com/tenseleyFlow/shithub/internal/infra/storage"
2827
 	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
2928
 	"github.com/tenseleyFlow/shithub/internal/orgs"
3029
 	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
@@ -54,6 +53,7 @@ type CloneURLs struct {
5453
 func (h *Handlers) cloneHTTPS(owner, name string) string {
5554
 	return h.d.CloneURLs.BaseURL + "/" + owner + "/" + name + ".git"
5655
 }
56
+
5757
 func (h *Handlers) cloneSSH(owner, name string) string {
5858
 	return h.d.CloneURLs.SSHHost + ":" + owner + "/" + name + ".git"
5959
 }
internal/web/handlers/repo/settings_branches.gomodified
@@ -100,13 +100,13 @@ func (h *Handlers) settingsBranchesUpsert(w http.ResponseWriter, r *http.Request
100100
 	if idStr == "" {
101101
 		// Create.
102102
 		newID, err := h.rq.UpsertBranchProtectionRule(r.Context(), h.d.Pool, reposdb.UpsertBranchProtectionRuleParams{
103
-			RepoID:                row.ID,
104
-			Pattern:               pattern,
105
-			PreventForcePush:      preventForcePush,
106
-			PreventDeletion:       preventDeletion,
107
-			RequirePrForPush:      requirePR,
108
-			AllowedPusherUserIds:  allowed,
109
-			CreatedByUserID:       pgtype.Int8{Int64: viewer.ID, Valid: viewer.ID != 0},
103
+			RepoID:               row.ID,
104
+			Pattern:              pattern,
105
+			PreventForcePush:     preventForcePush,
106
+			PreventDeletion:      preventDeletion,
107
+			RequirePrForPush:     requirePR,
108
+			AllowedPusherUserIds: allowed,
109
+			CreatedByUserID:      pgtype.Int8{Int64: viewer.ID, Valid: viewer.ID != 0},
110110
 		})
111111
 		if err != nil {
112112
 			h.d.Logger.WarnContext(r.Context(), "branch-protection: insert", "error", err)
@@ -114,17 +114,17 @@ func (h *Handlers) settingsBranchesUpsert(w http.ResponseWriter, r *http.Request
114114
 			return
115115
 		}
116116
 		if err := h.rq.UpdateBranchProtectionReviewSettings(r.Context(), h.d.Pool, reposdb.UpdateBranchProtectionReviewSettingsParams{
117
-			ID:                          newID,
118
-			RequiredReviewCount:         int32(requiredReviews),
119
-			DismissStaleReviewsOnPush:   dismissStale,
120
-			RequireCodeOwnerReview:      false,
117
+			ID:                        newID,
118
+			RequiredReviewCount:       int32(requiredReviews),
119
+			DismissStaleReviewsOnPush: dismissStale,
120
+			RequireCodeOwnerReview:    false,
121121
 		}); err != nil {
122122
 			h.d.Logger.WarnContext(r.Context(), "branch-protection: review settings", "error", err)
123123
 		}
124124
 		if err := h.rq.UpdateBranchProtectionCheckSettings(r.Context(), h.d.Pool, reposdb.UpdateBranchProtectionCheckSettingsParams{
125
-			ID:                              newID,
126
-			StatusChecksRequired:            requiredChecks,
127
-			DismissStaleStatusChecksOnPush:  dismissStaleChecks,
125
+			ID:                             newID,
126
+			StatusChecksRequired:           requiredChecks,
127
+			DismissStaleStatusChecksOnPush: dismissStaleChecks,
128128
 		}); err != nil {
129129
 			h.d.Logger.WarnContext(r.Context(), "branch-protection: check settings", "error", err)
130130
 		}
@@ -156,17 +156,17 @@ func (h *Handlers) settingsBranchesUpsert(w http.ResponseWriter, r *http.Request
156156
 			return
157157
 		}
158158
 		if err := h.rq.UpdateBranchProtectionReviewSettings(r.Context(), h.d.Pool, reposdb.UpdateBranchProtectionReviewSettingsParams{
159
-			ID:                          id,
160
-			RequiredReviewCount:         int32(requiredReviews),
161
-			DismissStaleReviewsOnPush:   dismissStale,
162
-			RequireCodeOwnerReview:      false,
159
+			ID:                        id,
160
+			RequiredReviewCount:       int32(requiredReviews),
161
+			DismissStaleReviewsOnPush: dismissStale,
162
+			RequireCodeOwnerReview:    false,
163163
 		}); err != nil {
164164
 			h.d.Logger.WarnContext(r.Context(), "branch-protection: review settings", "error", err)
165165
 		}
166166
 		if err := h.rq.UpdateBranchProtectionCheckSettings(r.Context(), h.d.Pool, reposdb.UpdateBranchProtectionCheckSettingsParams{
167
-			ID:                              id,
168
-			StatusChecksRequired:            requiredChecks,
169
-			DismissStaleStatusChecksOnPush:  dismissStaleChecks,
167
+			ID:                             id,
168
+			StatusChecksRequired:           requiredChecks,
169
+			DismissStaleStatusChecksOnPush: dismissStaleChecks,
170170
 		}); err != nil {
171171
 			h.d.Logger.WarnContext(r.Context(), "branch-protection: check settings", "error", err)
172172
 		}
internal/web/handlers/repo/webhooks.gomodified
@@ -13,9 +13,9 @@ import (
1313
1414
 	"github.com/tenseleyFlow/shithub/internal/auth/audit"
1515
 	"github.com/tenseleyFlow/shithub/internal/auth/policy"
16
+	"github.com/tenseleyFlow/shithub/internal/web/middleware"
1617
 	"github.com/tenseleyFlow/shithub/internal/webhook"
1718
 	webhookdb "github.com/tenseleyFlow/shithub/internal/webhook/sqlc"
18
-	"github.com/tenseleyFlow/shithub/internal/web/middleware"
1919
 )
2020
2121
 // MountWebhooks registers the per-repo webhook CRUD + delivery views.
internal/webhook/deliver.gomodified
@@ -374,4 +374,3 @@ func Redeliver(ctx context.Context, deps FanoutDeps, originalID int64) (int64, e
374374
 	}
375375
 	return row.ID, nil
376376
 }
377
-
internal/webhook/fanout.gomodified
@@ -17,8 +17,8 @@ import (
1717
 	"github.com/jackc/pgx/v5/pgtype"
1818
 	"github.com/jackc/pgx/v5/pgxpool"
1919
20
-	"github.com/tenseleyFlow/shithub/internal/worker"
2120
 	webhookdb "github.com/tenseleyFlow/shithub/internal/webhook/sqlc"
21
+	"github.com/tenseleyFlow/shithub/internal/worker"
2222
 )
2323
2424
 // FanoutConsumer is the consumer name in domain_events_processed.
@@ -130,18 +130,18 @@ func dispatchEvent(ctx context.Context, deps FanoutDeps, q *webhookdb.Queries, e
130130
 		}
131131
 		idem := idempotencyKey(w.ID, ev.ID, body)
132132
 		row, err := q.CreateDelivery(ctx, deps.Pool, webhookdb.CreateDeliveryParams{
133
-			WebhookID:       w.ID,
134
-			EventKind:       ev.Kind,
135
-			EventID:         pgtype.Int8{Int64: ev.ID, Valid: true},
136
-			Payload:         body,
137
-			RequestHeaders:  headersJSON,
138
-			RequestBody:     body,
139
-			Attempt:         1,
140
-			MaxAttempts:     8,
141
-			NextRetryAt:     pgtype.Timestamptz{Time: time.Now(), Valid: true},
142
-			Status:          webhookdb.WebhookDeliveryStatusPending,
143
-			IdempotencyKey:  idem,
144
-			RedeliverOf:     pgtype.Int8{Valid: false},
133
+			WebhookID:      w.ID,
134
+			EventKind:      ev.Kind,
135
+			EventID:        pgtype.Int8{Int64: ev.ID, Valid: true},
136
+			Payload:        body,
137
+			RequestHeaders: headersJSON,
138
+			RequestBody:    body,
139
+			Attempt:        1,
140
+			MaxAttempts:    8,
141
+			NextRetryAt:    pgtype.Timestamptz{Time: time.Now(), Valid: true},
142
+			Status:         webhookdb.WebhookDeliveryStatusPending,
143
+			IdempotencyKey: idem,
144
+			RedeliverOf:    pgtype.Int8{Valid: false},
145145
 		})
146146
 		if err != nil {
147147
 			return fmt.Errorf("create delivery: %w", err)
internal/webhook/jobs.gomodified
@@ -13,9 +13,9 @@ import (
1313
1414
 // Job kinds shipped by S33. Registered by cmd/shithubd/worker.go.
1515
 const (
16
-	KindWebhookFanout    worker.Kind = "webhook:fanout"
17
-	KindWebhookDeliver   worker.Kind = "webhook:deliver"
18
-	KindWebhookPurgeOld  worker.Kind = "webhook:purge_old"
16
+	KindWebhookFanout   worker.Kind = "webhook:fanout"
17
+	KindWebhookDeliver  worker.Kind = "webhook:deliver"
18
+	KindWebhookPurgeOld worker.Kind = "webhook:purge_old"
1919
 )
2020
2121
 // deliverPayload is the schema for a `webhook:deliver` job. The
internal/webhook/manage.gomodified
@@ -39,10 +39,10 @@ type CreateParams struct {
3939
 // CreateErrors surfaces user-friendly validation failures so handlers
4040
 // can render them in-page.
4141
 var (
42
-	ErrBadURL          = errors.New("webhook: URL must be http or https with a host")
43
-	ErrBadContentType  = errors.New("webhook: content_type must be json or form")
44
-	ErrBadOwnerKind    = errors.New("webhook: owner_kind must be repo or org")
45
-	ErrBadEvent        = errors.New("webhook: event names must be 1–64 lowercase chars")
42
+	ErrBadURL         = errors.New("webhook: URL must be http or https with a host")
43
+	ErrBadContentType = errors.New("webhook: content_type must be json or form")
44
+	ErrBadOwnerKind   = errors.New("webhook: owner_kind must be repo or org")
45
+	ErrBadEvent       = errors.New("webhook: event names must be 1–64 lowercase chars")
4646
 )
4747
4848
 // Create persists a new webhook + emits a synthetic ping delivery so
internal/webhook/ssrf_test.gomodified
@@ -53,14 +53,14 @@ func TestIsForbiddenIPClassifiesCorrectly(t *testing.T) {
5353
 		"10.0.0.1", "10.255.255.255",
5454
 		"172.16.0.1", "172.31.255.255",
5555
 		"192.168.0.1",
56
-		"100.64.0.1",       // CGNAT
56
+		"100.64.0.1",      // CGNAT
5757
 		"169.254.169.254", // AWS metadata service
5858
 		"0.0.0.0",
5959
 		"255.255.255.255",
6060
 		"::1",
61
-		"fe80::1",        // link-local
62
-		"fd00::1",        // ULA
63
-		"fc00::1",        // ULA
61
+		"fe80::1", // link-local
62
+		"fd00::1", // ULA
63
+		"fc00::1", // ULA
6464
 	}
6565
 	for _, addr := range forbidden {
6666
 		ip := net.ParseIP(addr)
internal/worker/jobs/push_process.gomodified
@@ -10,6 +10,7 @@ import (
1010
 	"errors"
1111
 	"fmt"
1212
 	"log/slog"
13
+	"path/filepath"
1314
 	"strings"
1415
1516
 	"github.com/jackc/pgx/v5"
@@ -22,8 +23,6 @@ import (
2223
 	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
2324
 	"github.com/tenseleyFlow/shithub/internal/worker"
2425
 	workerdb "github.com/tenseleyFlow/shithub/internal/worker/sqlc"
25
-
26
-	"path/filepath"
2726
 )
2827
2928
 // PushProcessDeps wires the data this handler needs.
internal/worker/jobs/repo_index_reconcile.gomodified
@@ -42,7 +42,8 @@ func RepoIndexReconcile(deps IndexReconcileDeps) worker.Handler {
4242
 			return err
4343
 		}
4444
 		for _, r := range repos {
45
-			if _, err := worker.Enqueue(ctx, deps.Pool, worker.KindRepoIndexCode,
45
+			if _, err := worker.Enqueue(
46
+				ctx, deps.Pool, worker.KindRepoIndexCode,
4647
 				map[string]any{"repo_id": r.ID},
4748
 				worker.EnqueueOptions{},
4849
 			); err != nil {
internal/worker/pool.gomodified
@@ -257,7 +257,8 @@ func (p *Pool) runOne(ctx context.Context, kind Kind, logger *slog.Logger) (bool
257257
 	cancel()
258258
 	metrics.WorkerJobDurationSeconds.WithLabelValues(job.Kind).Observe(time.Since(start).Seconds())
259259
260
-	logger.InfoContext(ctx, "worker: dispatched",
260
+	logger.InfoContext(
261
+		ctx, "worker: dispatched",
261262
 		"job_id", job.ID,
262263
 		"kind", job.Kind,
263264
 		"attempt", job.Attempts,