Objective
Split pkg/workflow/strict_mode_validation.go (546 lines — 1.8× the 300-line hard limit) into multiple focused files, each handling a distinct concern.
Context
From discussion #21398 (Repository Quality Improvement Report - Validator File Size Compliance). This file combines four distinct validation concerns: permissions enforcement, network policy, MCP network requirements, tools checking, deprecated fields, and environment secrets validation.
Approach
Step 1: Create pkg/workflow/strict_mode_network_validation.go containing:
validateStrictNetworkvalidateStrictMCPNetworkvalidateStrictTools
Step 2: Create pkg/workflow/strict_mode_env_validation.go containing:
validateEnvSecretsgetEngineBaseEnvVarKeysvalidateEnvSecretsSection
Step 3: Create pkg/workflow/strict_mode_permissions_validation.go containing:
validateStrictPermissionsvalidateStrictDeprecatedFieldsvalidateStrictFirewall
Step 4: Reduce strict_mode_validation.go to contain only the orchestrating function validateStrictMode plus any shared package-level variables/types not suited to the other files.
Step 5: Fix imports in each new file as needed.
Step 6: Run make fmt && make lint && make test-unit — all must pass.
⚠️ Do NOT change any function logic. This is a pure code organization refactor.
Files to Modify
- Reduce:
pkg/workflow/strict_mode_validation.go (keep only orchestrator)
- Create:
pkg/workflow/strict_mode_network_validation.go
- Create:
pkg/workflow/strict_mode_env_validation.go
- Create:
pkg/workflow/strict_mode_permissions_validation.go
Acceptance Criteria
Generated by Plan Command for issue #discussion #21398 · ◷
Objective
Split
pkg/workflow/strict_mode_validation.go(546 lines — 1.8× the 300-line hard limit) into multiple focused files, each handling a distinct concern.Context
From discussion #21398 (Repository Quality Improvement Report - Validator File Size Compliance). This file combines four distinct validation concerns: permissions enforcement, network policy, MCP network requirements, tools checking, deprecated fields, and environment secrets validation.
Approach
Step 1: Create
pkg/workflow/strict_mode_network_validation.gocontaining:validateStrictNetworkvalidateStrictMCPNetworkvalidateStrictToolsStep 2: Create
pkg/workflow/strict_mode_env_validation.gocontaining:validateEnvSecretsgetEngineBaseEnvVarKeysvalidateEnvSecretsSectionStep 3: Create
pkg/workflow/strict_mode_permissions_validation.gocontaining:validateStrictPermissionsvalidateStrictDeprecatedFieldsvalidateStrictFirewallStep 4: Reduce
strict_mode_validation.goto contain only the orchestrating functionvalidateStrictModeplus any shared package-level variables/types not suited to the other files.Step 5: Fix imports in each new file as needed.
Step 6: Run
make fmt && make lint && make test-unit— all must pass.Files to Modify
pkg/workflow/strict_mode_validation.go(keep only orchestrator)pkg/workflow/strict_mode_network_validation.gopkg/workflow/strict_mode_env_validation.gopkg/workflow/strict_mode_permissions_validation.goAcceptance Criteria
strict_mode_permissions_validation.gocontains permissions, deprecated fields, and firewall checksstrict_mode_network_validation.gocontains network, MCP network, and tools checksstrict_mode_env_validation.gocontains environment secrets validationstrict_mode_validation.gois reduced to the orchestrator onlymake test-unitpassesmake fmt && make lintpass