Skip to content

[Code Quality] Replace init() panic with lazy initialization for runtime safety #12873

New issue
New issue
Open
Open
[Code Quality] Replace init() panic with lazy initialization for runtime safety#12873
Labels
automationcode-qualitycookieIssue Monster Loves Cookies!refactoringtask-mining
@github-actions

Description

@github-actions
github-actions
bot
opened on Jan 31, 2026

Description

Three production init() functions contain panic() calls that execute if embedded JSON data fails to unmarshal. These will crash the entire gh-aw CLI during package initialization, before main() even runs, with no recovery path for users.

This is a critical runtime safety issue discovered in the Sergo Report #12711.

Problem

When embedded JSON data fails to load (due to corruption, generation bugs, or supply chain attacks), the CLI crashes immediately at startup. Users cannot recover, cannot run gh aw --help, and receive no actionable error messages.

Files Affected

  • pkg/workflow/permissions_validation.go:42-71 - GitHub toolset permissions
  • pkg/workflow/domains.go:101-108 - Ecosystem domains
  • pkg/workflow/github_tool_to_toolset.go:20-24 - Tool-to-toolset mapping

Current Pattern (Problematic)

// pkg/workflow/permissions_validation.go:42
func init() {
    var data GitHubToolsetsData
    if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
        panic(fmt.Sprintf("failed to load GitHub toolsets permissions from JSON: %v", err))
    }
    // ... initialization logic
}

Suggested Solution

Replace panic-on-error with lazy initialization using sync.Once:

var (
    toolsetPermissionsMap     map[string]GitHubToolsetPermissions
    toolsetPermissionsMapOnce sync.Once
    toolsetPermissionsMapErr  error
)

func loadToolsetPermissions() error {
    toolsetPermissionsMapOnce.Do(func() {
        var data GitHubToolsetsData
        if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
            toolsetPermissionsMapErr = fmt.Errorf("failed to load GitHub toolsets permissions from JSON: %w", err)
            return
        }
        toolsetPermissionsMap = make(map[string]GitHubToolsetPermissions)
        // ... conversion logic
    })
    return toolsetPermissionsMapErr
}

// Update all callers to check error:
func GetToolsetPermissions(name string) (GitHubToolsetPermissions, error) {
    if err := loadToolsetPermissions(); err != nil {
        return GitHubToolsetPermissions{}, err
    }
    // ... existing logic
}

Success Criteria

  • All 3 init() functions replaced with lazy initialization pattern
  • All callers updated to handle errors gracefully
  • CLI shows --help even when JSON is corrupted
  • New tests verify error handling with corrupted JSON
  • Existing tests pass without regressions
  • Error messages are actionable for users

Priority

Critical - Affects CLI stability and user experience. Prevents unrecoverable crashes.

Source

Extracted from Sergo Report: Table-Driven Test & Init Function Hygiene Analysis #12711

AI generated by Discussion Task Miner - Code Quality Improvement Agent

  • expires on Feb 14, 2026, 5:19 AM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationcode-qualitycookieIssue Monster Loves Cookies!refactoringtask-mining

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions