refactor: unify types and modernize code and test style across the repo

[appleboy]

• Refactor all authentication and token result types to use unified Result and ValidationResult names, simplifying type naming.
• Switch metrics interface and implementation from MetricsRecorder to Recorder.
• Prefer require over assert for error assertions in tests for stricter test validation.
• Replace most uses of fmt.Sprintf string construction with string concatenation for greater performance and simplicity.
• Use the range n idiom for fixed-count loops in tests instead of classic for i := 0; i < n; i++ style.
• In test files, update usage of assert.Len(x, y)/assert.Equal(len(x), y) to direct assert.Len or assert.Empty.
• Change function signatures and struct fields to use Go 1.18+ any type instead of interface{} where appropriate.
• Standardize code and tests to always use http.Method* constants (e.g., http.MethodGet, http.MethodPost) instead of string literals.
• Simplify and modernize for-loop style and string joining for memory and speed improvements.
• Use strings.FieldsSeq/SplitSeq (or similar) in place of strings.Fields/Split for improved code uniformity.
• Return nil values with explicit comment and //nolint:nilnil where returning nil is intentional and not an

[Copilot]

Pull request overview

This PR performs a repo-wide modernization/refactor pass: unifying several “result” types and the metrics interface naming, and updating code/tests to newer Go idioms and stricter testing assertions.

Changes:

• Rename auth/token result types to Result / ValidationResult and update all call sites.
• Rename metrics interface from MetricsRecorder to Recorder and update constructors/usages.
• Modernize code/test style (Go 1.25 idioms like range n, http.Method*, strings.*Seq, string concat/strings.Builder) and tighten many tests with require.

Reviewed changes

Copilot reviewed 54 out of 54 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
main.go	Switch CLI output to explicit os.Stdout writers.
internal/version/version.go	Print version via os.Stdout; minor var decl cleanup.
internal/token/types.go	Rename token result structs to Result / ValidationResult.
internal/token/local_test.go	Use require for error assertions in token tests.
internal/token/local.go	Update provider APIs to return new token result types.
internal/token/http_api_test.go	Modernize HTTP method constants / string building; adjust assertions.
internal/token/http_api.go	Update HTTP token provider to use new token result types.
internal/store/store_test.go	Use concat + assert.Empty / require in store tests.
internal/store/pagination.go	Simplify prev/next calculation using min/max.
internal/store/audit_filters.go	Use omitzero JSON tags for time.Time filters.
internal/services/user.go	Update auth result type + modernize username string building.
internal/services/token_test.go	Prefer require for error assertions; use assert.Empty.
internal/services/token.go	Update token result types + metrics interface rename + use errors.New for static messages.
internal/services/device_test.go	Prefer require for error assertions.
internal/services/device_security_test.go	Use range n loops; tighten error assertions.
internal/services/device.go	Metrics interface rename (Recorder).
internal/services/client_test.go	Use assert.Len/assert.Empty for collection assertions.
internal/services/authorization_test.go	Add explicit gosec nolint explanation; modernize loops; tighten assertions.
internal/services/authorization.go	Use slices.Contains, FieldsSeq, and nilnil-intent comments.
internal/models/oauth_application_test.go	Use any instead of interface{} in tests.
internal/models/oauth_application.go	any for scanner + strings.Builder join optimization.
internal/models/audit_log.go	Use any map + explicit nilnil intent + gosec nolint explanation.
internal/middleware/ratelimit_test.go	Use range n; prefer require for error assertions.
internal/middleware/ratelimit.go	Use errors.New for static error message.
internal/middleware/auth_test.go	Use http.MethodGet; prefer require for URL parse errors.
internal/middleware/auth.go	Parameter list simplification.
internal/metrics/noop.go	Rename interface references to Recorder.
internal/metrics/metrics.go	Rename interface references to Recorder.
internal/metrics/interface.go	Rename MetricsRecorder to Recorder.
internal/metrics/http.go	Update middleware to accept Recorder.
internal/metrics/cache_test.go	Rename wrapper type/tests to CacheWrapper.
internal/metrics/cache.go	Rename wrapper type + avoid fmt.Sprintf for key building.
internal/handlers/oauth_handler.go	Metrics interface rename + param list simplification.
internal/handlers/client.go	Use SplitSeq + http.MethodPost constants in templates.
internal/handlers/authorization_test.go	Replace boolean length assertions with direct comparisons.
internal/handlers/authorization.go	Use FieldsSeq for scope parsing.
internal/handlers/auth.go	Metrics interface rename + param list simplification.
internal/config/config_test.go	Prefer require for error assertions.
internal/config/config.go	Use SplitSeq in split helper.
internal/cache/cache_test.go	Use range n loops in concurrency test.
internal/bootstrap/services.go	Metrics interface rename (Recorder).
internal/bootstrap/server.go	Use renamed cache wrapper + metrics interface rename.
internal/bootstrap/router.go	Metrics interface rename (Recorder).
internal/bootstrap/redis.go	Add nilnil intent comments for “disabled” returns.
internal/bootstrap/handlers.go	Metrics interface rename (Recorder).
internal/bootstrap/cache.go	Metrics interface rename (Recorder).
internal/bootstrap/bootstrap_test.go	Prefer require for error assertions.
internal/bootstrap/bootstrap.go	Metrics interface rename (Recorder).
internal/auth/types.go	Rename auth result struct to Result.
internal/auth/oauth_provider.go	Use errors.New, strconv, http.MethodGet, and concat for URLs.
internal/auth/local.go	Update to return new auth result type.
internal/auth/http_api_test.go	Simplify HMAC string building; prefer require for error assertions.
internal/auth/http_api.go	Update to return new auth result type.
.golangci.yml	Significant lint/formatter configuration updates (new linters enabled; stricter nolintlint).

Comments suppressed due to low confidence (1)

internal/token/http_api_test.go:68

• Inside the test HTTP handler, assert.NoError is used for JSON decoding. If decoding fails the handler continues and subsequent assertions may report misleading failures; it also conflicts with the PR goal of preferring require for error assertions. Use require.NoError here (and for similar encode/write errors in this file) so the test aborts immediately on unexpected errors.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

gosec is no longer enabled, but nolintlint is enabled with allow-unused: false. The repo still contains many //nolint:gosec directives; with gosec disabled these will become unused and are likely to fail linting. Either re-enable gosec, or remove/update the //nolint:gosec directives across the codebase so nolintlint stays green.