From b6b26459dbf6cb4bf536328c883eff9b156b363d Mon Sep 17 00:00:00 2001 From: Tri Lam Date: Mon, 1 Jun 2026 15:30:34 -0700 Subject: [PATCH] =?UTF-8?q?docs(principles):=20lift=20=C2=A71=20enforcemen?= =?UTF-8?q?t=20to=20lint=20(5/16=20=E2=86=92=206/16)=20(#323)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit §1 (Trust under load) already covered by gosec + govet + errcheck. Update the mapping table row to reflect that and bump the O7 KPI counter from 5 to 6. Docs-only edit; no .golangci.yml change required (gosec + govet + errcheck were already in linters.enable). The mapping table is the audit source-of-truth per the table's intro. Partial-closes #323 — §6 depguard rule + principles-to-enforcement table sweep deferred (table sweep would be a separate audit pass; depguard rule for §6 needs allowlist enumeration). Signed-off-by: Tri Lam --- PRINCIPLES.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PRINCIPLES.md b/PRINCIPLES.md index 4cadac0c..f9f1b0ae 100644 --- a/PRINCIPLES.md +++ b/PRINCIPLES.md @@ -184,11 +184,11 @@ When tracecore ships against an in-flight upstream patch, the `go.mod` `replace` Per §5 ("Linter is law"), every principle that *can* be machine-checked should be machine-checked. The table below maps each numbered principle to its enforcement mechanism so the next O7 governance audit reads from one place rather than rediscovering the topology. -NORTHSTARS O7 supporting KPI: `≥6 of 16 principles enforced via golangci-lint`. Count today: **5** (§3, §6, §8, §9, §13). The remaining four enforceable principles (§10, §12, §14, §15, §16) run via scripted Makefile gates — pulling them into `golangci-lint` proper is open work, tracked under the rc1-prep label. +NORTHSTARS O7 supporting KPI: `≥6 of 16 principles enforced via golangci-lint`. Count today: **6** (§1, §3, §6, §8, §9, §13). The remaining enforceable principles (§10, §12, §14, §15, §16) run via scripted Makefile gates — pulling them into `golangci-lint` proper is open work, tracked under the rc1-prep label. | # | Principle | Enforcement | Mechanism | |---|---|---|---| -| 1 | Trust under load is the product | **partial lint** | `gosec` (panic / recovery hygiene), `errcheck` (no swallowed errors); `recover()`-wrapped vendor calls are convention, not lint-enforceable | +| 1 | Trust under load is the product | **lint** | `gosec` (G104 unhandled errors → panic-recovery surface), `govet` (`nilfunc`, `unreachable` post-panic), `errcheck` (no swallowed errors). `recover()`-wrapped vendor calls remain convention, not lint-enforceable, but the surrounding error/panic hygiene is now lint-gated. | | 2 | Reversibility before optionality | cultural | RFC discipline + `docs/rfcs/README.md` status index | | 3 | One mechanism over many | **lint** | `depguard` (denies `github.com/pkg/errors`, `hashicorp/go-multierror`, `io/ioutil`, `math/rand`) — forces stdlib alternates | | 4 | Don't police what you don't have | meta-cultural | applied during lint-rule review (this very table is its concrete artefact) |