Description
Three production init() functions contain panic() calls that will crash the entire gh-aw CLI at startup if embedded JSON data fails to unmarshal. This creates an unrecoverable failure mode where users cannot even run gh aw --help.
Problem
The following files panic during package initialization:
pkg/workflow/permissions_validation.go:42-71
pkg/workflow/domains.go:101-108
pkg/workflow/github_tool_to_toolset.go:20-24
Any corruption in embedded JSON (malformed generation, Go toolchain bug, supply chain attack) causes immediate CLI crash with no recovery path.
Suggested Changes
Replace panic() with lazy initialization using sync.Once:
Before
var toolsetPermissionsMap map[string]GitHubToolsetPermissions
func init() {
var data GitHubToolsetsData
if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
panic(fmt.Sprintf("failed to load GitHub toolsets permissions from JSON: %v", err))
}
toolsetPermissionsMap = make(map[string]GitHubToolsetPermissions)
// ... conversion logic ...
}
After
var (
toolsetPermissionsMap map[string]GitHubToolsetPermissions
toolsetPermissionsMapOnce sync.Once
toolsetPermissionsMapErr error
)
func loadToolsetPermissions() error {
toolsetPermissionsMapOnce.Do(func() {
var data GitHubToolsetsData
if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
toolsetPermissionsMapErr = fmt.Errorf("failed to load GitHub toolsets permissions from JSON: %w", err)
return
}
toolsetPermissionsMap = make(map[string]GitHubToolsetPermissions)
// ... conversion logic ...
})
return toolsetPermissionsMapErr
}
// Update all callers to check error:
func GetToolsetPermissions(name string) (GitHubToolsetPermissions, error) {
if err := loadToolsetPermissions(); err != nil {
return GitHubToolsetPermissions{}, err
}
// ... existing logic ...
}
Files Affected
pkg/workflow/permissions_validation.go (lines 42-71)
pkg/workflow/domains.go (lines 101-108)
pkg/workflow/github_tool_to_toolset.go (lines 20-24)
- All callers of the affected functions (requires error handling updates)
Success Criteria
Source
Extracted from Sergo Report: Table-Driven Test & Init Function Hygiene Analysis - 2026-01-30
Priority
Critical - Runtime safety issue that causes production crashes. Must complete before any JSON generation changes.
Estimated Effort
Medium (1-2 days) - Requires updating all callers to handle errors
AI generated by Discussion Task Miner - Code Quality Improvement Agent
Description
Three production
init()functions containpanic()calls that will crash the entiregh-awCLI at startup if embedded JSON data fails to unmarshal. This creates an unrecoverable failure mode where users cannot even rungh aw --help.Problem
The following files panic during package initialization:
pkg/workflow/permissions_validation.go:42-71pkg/workflow/domains.go:101-108pkg/workflow/github_tool_to_toolset.go:20-24Any corruption in embedded JSON (malformed generation, Go toolchain bug, supply chain attack) causes immediate CLI crash with no recovery path.
Suggested Changes
Replace
panic()with lazy initialization usingsync.Once:Before
After
Files Affected
pkg/workflow/permissions_validation.go(lines 42-71)pkg/workflow/domains.go(lines 101-108)pkg/workflow/github_tool_to_toolset.go(lines 20-24)Success Criteria
--helpwhen JSON is corruptedSource
Extracted from Sergo Report: Table-Driven Test & Init Function Hygiene Analysis - 2026-01-30
Priority
Critical - Runtime safety issue that causes production crashes. Must complete before any JSON generation changes.
Estimated Effort
Medium (1-2 days) - Requires updating all callers to handle errors