linting

api/gateway/chsettle/internal/service/treasury/bot/router.go

@@ -267,7 +267,8 @@ func (r *Router) captureAmount(ctx context.Context, userID, accountID, chatID st
 			})
 			return
 		}
-		if typed, ok := err.(limitError); ok {
+		var typed limitError
+		if errors.As(err, &typed) {
 			switch typed.LimitKind() {
 			case "per_operation":
 				_ = r.sendText(ctx, chatID, "*Amount exceeds allowed limit*\n\n*Max per operation:* "+markdownCode(typed.LimitMax())+"\n\nEnter another amount or "+markdownCommand(CommandCancel)+".")

api/gateway/chsettle/internal/service/treasury/bot/router_test.go

@@ -22,7 +22,7 @@ func (f fakeUserBindingResolver) ResolveUserBinding(_ context.Context, telegramU
 		return nil, f.err
 	}
 	if f.bindings == nil {
-		return nil, nil
+		return nil, nil //nolint:nilnil // test resolver: missing bindings means user is unknown
 	}
 	return f.bindings[telegramUserID], nil
 }
@@ -36,7 +36,7 @@ func (fakeService) MaxPerOperationLimit() string {
 }
 
 func (fakeService) GetActiveRequestForAccount(context.Context, string) (*storagemodel.TreasuryRequest, error) {
-	return nil, nil
+	return nil, nil //nolint:nilnil // test service: no active request by default
 }
 
 func (fakeService) GetAccountProfile(_ context.Context, ledgerAccountID string) (*AccountProfile, error) {
@@ -48,15 +48,15 @@ func (fakeService) GetAccountProfile(_ context.Context, ledgerAccountID string)
 }
 
 func (fakeService) CreateRequest(context.Context, CreateRequestInput) (*storagemodel.TreasuryRequest, error) {
-	return nil, nil
+	return nil, nil //nolint:nilnil // test service: request creation is not exercised in these tests
 }
 
 func (fakeService) ConfirmRequest(context.Context, string, string) (*storagemodel.TreasuryRequest, error) {
-	return nil, nil
+	return nil, nil //nolint:nilnil // test service: confirmation path is not exercised in these tests
 }
 
 func (fakeService) CancelRequest(context.Context, string, string) (*storagemodel.TreasuryRequest, error) {
-	return nil, nil
+	return nil, nil //nolint:nilnil // test service: cancellation path is not exercised in these tests
 }
 
 func TestRouterUnauthorizedInAllowedChatSendsAccessDenied(t *testing.T) {

api/gateway/chsettle/internal/service/treasury/ledger/client.go

@@ -260,7 +260,7 @@ func (c *connectorClient) callContext(ctx context.Context) (context.Context, con
 	if ctx == nil {
 		ctx = context.Background()
 	}
-	return context.WithTimeout(ctx, c.cfg.Timeout)
+	return context.WithTimeout(ctx, c.cfg.Timeout) //nolint:gosec // cancel func is always invoked by call sites
 }
 
 func structFromMap(values map[string]any) *structpb.Struct {

api/gateway/chsettle/internal/service/treasury/ledger/discovery_client.go

@@ -141,7 +141,7 @@ func (c *discoveryClient) resolveClient(_ context.Context) (Client, error) {
 	c.endpointKey = key
 	if c.logger != nil {
 		c.logger.Info("Discovered ledger endpoint selected",
-			zap.String("service", string(mservice.Ledger)),
+			zap.String("service", mservice.Ledger),
 			zap.String("invoke_uri", endpoint.raw),
 			zap.String("address", endpoint.address),
 			zap.Bool("insecure", endpoint.insecure))
@@ -186,10 +186,10 @@ func (c *discoveryClient) resolveEndpoint() (discoveryEndpoint, error) {
 
 func matchesService(service string, candidate mservice.Type) bool {
 	service = strings.TrimSpace(service)
-	if service == "" || strings.TrimSpace(string(candidate)) == "" {
+	if service == "" || strings.TrimSpace(candidate) == "" {
 		return false
 	}
-	return strings.EqualFold(service, strings.TrimSpace(string(candidate)))
+	return strings.EqualFold(service, strings.TrimSpace(candidate))
 }
 
 func parseDiscoveryEndpoint(raw string) (discoveryEndpoint, error) {

api/gateway/chsettle/internal/service/treasury/module.go

@@ -106,7 +106,7 @@ func (a *botUsersAdapter) ResolveUserBinding(ctx context.Context, telegramUserID
 		return nil, err
 	}
 	if record == nil {
-		return nil, nil
+		return nil, nil //nolint:nilnil // nil means no treasury user binding configured
 	}
 	return &bot.UserBinding{
 		TelegramUserID:  strings.TrimSpace(record.TelegramUserID),
@@ -145,7 +145,7 @@ func (a *botServiceAdapter) GetAccountProfile(ctx context.Context, ledgerAccount
 		return nil, err
 	}
 	if profile == nil {
-		return nil, nil
+		return nil, nil //nolint:nilnil // nil means no account profile is available
 	}
 	return &bot.AccountProfile{
 		AccountID:   strings.TrimSpace(profile.AccountID),

api/gateway/chsettle/internal/service/treasury/service.go

@@ -298,33 +298,33 @@ func (s *Service) ExecuteRequest(ctx context.Context, requestID string) (*Execut
 		return nil, err
 	}
 	if record == nil {
-		return nil, nil
+		return nil, nil //nolint:nilnil // nil means request does not exist
 	}
 
 	switch record.Status {
 	case storagemodel.TreasuryRequestStatusExecuted,
 		storagemodel.TreasuryRequestStatusCancelled,
 		storagemodel.TreasuryRequestStatusFailed:
-		return nil, nil
+		return nil, nil //nolint:nilnil // nil means request is terminal and not executable
 	case storagemodel.TreasuryRequestStatusScheduled:
 		claimed, err := s.repo.ClaimScheduled(ctx, requestID)
 		if err != nil {
 			return nil, err
 		}
 		if !claimed {
-			return nil, nil
+			return nil, nil //nolint:nilnil // nil means scheduled request is not yet claimable
 		}
 		record, err = s.repo.FindByRequestID(ctx, requestID)
 		if err != nil {
 			return nil, err
 		}
 		if record == nil {
-			return nil, nil
+			return nil, nil //nolint:nilnil // nil means request disappeared after claim
 		}
 	}
 
 	if record.Status != storagemodel.TreasuryRequestStatusConfirmed {
-		return nil, nil
+		return nil, nil //nolint:nilnil // nil means request is not ready for execution
 	}
 	return s.executeClaimed(ctx, record)
 }