@@ -94,11 +94,12 @@ Code must be cleanly formatted and pass all linters before being committed.
9494``` bash
9595go fmt ./...
9696goimports -w .
97+ gofumpt -w ./...
9798golangci-lint run
9899go vet ./...
99100```
100101
101- > Refer to ` .golangci.json ` for the full set of enabled linters.
102+ > Refer to ` .golangci.json ` for the full set of enabled linters and formatters .
102103
103104Editors should honor ` .editorconfig ` for indentation and whitespace rules, and
104105Git respects ` .gitattributes ` to enforce consistent line endings across
@@ -110,15 +111,17 @@ platforms.
110111
111112We use the ` testify ` suite for unit tests. All tests must follow these conventions:
112113
113- * Name tests using the pattern: ` TestFunctionName_ScenarioDescription `
114+ * Name tests using the pattern: ` TestFunctionNameScenarioDescription ` (no underscores) (PascalCase)
115+ * Use ` testify ` when possible, do not use ` testing ` directly
114116* Use ` testify/assert ` for general assertions
115117* Use ` testify/require ` for:
116- * All error or nil checks
117- * Any test where failure should halt execution
118- * Any test where a pointer or complex structure is required to be used after the check
118+ * All error or nil checks
119+ * Any test where failure should halt execution
120+ * Any test where a pointer or complex structure is required to be used after the check
119121* Use ` require.InDelta ` or ` require.InEpsilon ` for floating-point comparisons
120- * Prefer ** table-driven tests** for clarity and reusability
122+ * Prefer ** table-driven tests** for clarity and reusability, always have a name for each test case
121123* Use subtests (` t.Run ` ) to isolate and describe scenarios
124+ * If the test is in a test suite, always use the test suite instead of ` t ` directly
122125* ** Optionally use** ` t.Parallel() ` , but try and avoid it unless testing for concurrency issues
123126* Avoid flaky, timing-sensitive, or non-deterministic tests
124127
@@ -225,7 +228,7 @@ Great engineers write great comments. You're not here to state the obvious—you
225228* ** Your comments are part of the product**
226229
227230 > Treat them like UX copy. Make them clear, concise, and professional. You're writing for peers, not compilers.
228-
231+
229232<br /><br />
230233
231234### 🔤 Function Comments (Exported)
@@ -235,11 +238,11 @@ Every exported function **must** include a Go-style comment that:
235238* Starts with the function name
236239* States its purpose clearly
237240* Documents:
238- * ** Steps** : Include if the function performs a non-obvious sequence of operations.
239- * ** Parameters** : Always describe all parameters when present.
240- * ** Return values** : Document return types and their meaning if not trivially understood.
241- * ** Side effects** : Note any I/O, database writes, external calls, or mutations that aren't local to the function.
242- * ** Notes** : Include any assumptions, constraints, or important context that the caller should know.
241+ * **Steps**: Include if the function performs a non-obvious sequence of operations.
242+ * **Parameters**: Always describe all parameters when present.
243+ * **Return values**: Document return types and their meaning if not trivially understood.
244+ * **Side effects**: Note any I/O, database writes, external calls, or mutations that aren't local to the function.
245+ * **Notes**: Include any assumptions, constraints, or important context that the caller should know.
243246
244247Here is a template for function comments that is recommended to use:
245248
@@ -276,9 +279,9 @@ Here is a template for function comments that is recommended to use:
276279* Each package ** must** include a package-level comment in a file named after the package (e.g., ` auth.go ` for package ` auth ` ).
277280* If no logical file fits, add a ` doc.go ` with the comment block.
278281* Use it to explain:
279- * The package purpose
280- * High-level API boundaries
281- * Expected use-cases and design notes
282+ * The package purpose
283+ * High-level API boundaries
284+ * Expected use-cases and design notes
282285
283286Here is a template for package comments that is recommended to use:
284287
@@ -329,9 +332,9 @@ Use inline comments **strategically**, not excessively.
329332* Keep your tone ** precise, confident, and modern** —you're not writing a novel, but you're also not writing legacy COBOL.
330333* Avoid filler like "simple function" or "just does X".
331334* Don't leave TODOs unless:
332- * They are immediately actionable
333- * (or) they reference an issue
334- * They include a timestamp or owner
335+ * They are immediately actionable
336+ * (or) they reference an issue
337+ * They include a timestamp or owner
335338
336339<br /><br />
337340
@@ -557,7 +560,7 @@ We follow **Semantic Versioning (✧ SemVer)**:
557560### 📦 Tooling
558561
559562* Releases are driven by ** [ goreleaser] ** and configured in ` .goreleaser.yml ` .
560- * Install locally with Homebrew (Mac):
563+ * Install locally with Homebrew (Mac):
561564``` bash
562565 brew install goreleaser
563566````
@@ -569,9 +572,8 @@ We follow **Semantic Versioning (✧ SemVer)**:
569572| Step | Command | Purpose |
570573| ------| ---------------------------------| ----------------------------------------------------------------------------------------------------|
571574| 1 | ` make release-snap` | Build & upload a ** snapshot** (pre‑release) for quick CI validation. |
572- | 2 | ` make tag version=X.Y.Z` | Create and push a signed Git tag. Triggers GitHub Actions. |
575+ | 2 | ` make tag version=X.Y.Z` | Create and push a signed Git tag. Triggers GitHub Actions to package the release |
573576| 3 | GitHub Actions | CI runs ` goreleaser release` ; artifacts and changelog are published to GitHub Releases. |
574- | 4 | ` make release` | Manually invoke the production release if needed. |
575577
576578> ** Note for AI Agents:** Do not create or push tags automatically. Only the repository [codeowners](CODEOWNERS) are authorized to tag and publish official releases.
577579
@@ -632,7 +634,7 @@ Current labels are located in `.github/labels.yml` and automatically synced into
632634
633635CI automatically runs on every PR to verify:
634636
635- * Formatting (`go fmt` and `goimports`)
637+ * Formatting (`go fmt` and `goimports` and `gofumpt` )
636638* Linting (`golangci-lint run`)
637639* Tests (`go test ./...`)
638640* Fuzz tests (if applicable) (`make run-fuzz-tests`)
@@ -680,11 +682,17 @@ Dependency hygiene is critical for security, reproducibility, and developer expe
680682 govulncheck ./...
681683` ` `
682684
683- * Run via make command:
685+ * Run via make command:
684686` ` ` bash
685687 make govulncheck
686688` ` `
687689
690+ * Run [gitleaks](https://github.com/gitleaks/gitleaks) before committing code to detect hardcoded secrets or sensitive data in the repository:
691+ ` ` ` bash
692+ brew install gitleaks
693+ gitleaks detect --source . --log-opts=" --all"
694+ ` ` `
695+
688696* Address critical advisories before merging changes into ` master`
689697
690698* Document any intentionally ignored vulnerabilities with clear justification and issue tracking
@@ -714,9 +722,9 @@ Security is a first-class requirement. If you discover a vulnerability—no matt
714722* ** Do not** open a public issue or pull request.
715723* Follow the instructions in [` SECURITY.md`
716724* Include:
717- * A clear, reproducible description of the issue
718- * Proof‑of‑concept code or steps (if possible)
719- * Any known mitigations or workarounds
725+ * A clear, reproducible description of the issue
726+ * Proof‑of‑concept code or steps (if possible)
727+ * Any known mitigations or workarounds
720728* You will receive an acknowledgment within ** 72 hours** and status updates until the issue is resolved.
721729
722730> For general hardening guidance (e.g., ` govulncheck` # -dependency-management) section.
@@ -729,7 +737,7 @@ Security is a first-class requirement. If you discover a vulnerability—no matt
729737
730738# # 🕓 Change Log (AGENTS.md)
731739
732- This section tracks notable updates to ` AGENTS.md`
740+ This section tracks notable updates to ` AGENTS.md`
733741All contributors are expected to append entries here when making meaningful changes to agent behavior, conventions, or policies.
734742
735743
0 commit comments