Skip to content

[Code Quality] Replace init() panic with lazy initialization for runtime safety #12739

New issue
New issue
Closed as not planned
Closed as not planned
[Code Quality] Replace init() panic with lazy initialization for runtime safety#12739
Labels
automationcode-qualitycookieIssue Monster Loves Cookies!refactoringruntime-safetytask-mining
@github-actions

Description

@github-actions
github-actions
bot
opened on Jan 30, 2026

Description

Three production init() functions contain panic() calls that will crash the entire gh-aw CLI at startup if embedded JSON data fails to unmarshal. This creates an unrecoverable failure mode where users cannot even run gh aw --help.

Problem

The following files panic during package initialization:

  • pkg/workflow/permissions_validation.go:42-71
  • pkg/workflow/domains.go:101-108
  • pkg/workflow/github_tool_to_toolset.go:20-24

Any corruption in embedded JSON (malformed generation, Go toolchain bug, supply chain attack) causes immediate CLI crash with no recovery path.

Suggested Changes

Replace panic() with lazy initialization using sync.Once:

Before

var toolsetPermissionsMap map[string]GitHubToolsetPermissions

func init() {
    var data GitHubToolsetsData
    if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
        panic(fmt.Sprintf("failed to load GitHub toolsets permissions from JSON: %v", err))
    }
    toolsetPermissionsMap = make(map[string]GitHubToolsetPermissions)
    // ... conversion logic ...
}

After

var (
    toolsetPermissionsMap     map[string]GitHubToolsetPermissions
    toolsetPermissionsMapOnce sync.Once
    toolsetPermissionsMapErr  error
)

func loadToolsetPermissions() error {
    toolsetPermissionsMapOnce.Do(func() {
        var data GitHubToolsetsData
        if err := json.Unmarshal(githubToolsetsPermissionsJSON, &data); err != nil {
            toolsetPermissionsMapErr = fmt.Errorf("failed to load GitHub toolsets permissions from JSON: %w", err)
            return
        }
        toolsetPermissionsMap = make(map[string]GitHubToolsetPermissions)
        // ... conversion logic ...
    })
    return toolsetPermissionsMapErr
}

// Update all callers to check error:
func GetToolsetPermissions(name string) (GitHubToolsetPermissions, error) {
    if err := loadToolsetPermissions(); err != nil {
        return GitHubToolsetPermissions{}, err
    }
    // ... existing logic ...
}

Files Affected

  • pkg/workflow/permissions_validation.go (lines 42-71)
  • pkg/workflow/domains.go (lines 101-108)
  • pkg/workflow/github_tool_to_toolset.go (lines 20-24)
  • All callers of the affected functions (requires error handling updates)

Success Criteria

  • Run existing tests to ensure no regressions
  • Add test case with corrupted JSON to verify error handling
  • Verify CLI still shows --help when JSON is corrupted
  • Update all callers to handle errors gracefully
  • Add telemetry/logging for JSON load failures

Source

Extracted from Sergo Report: Table-Driven Test & Init Function Hygiene Analysis - 2026-01-30

Priority

Critical - Runtime safety issue that causes production crashes. Must complete before any JSON generation changes.

Estimated Effort

Medium (1-2 days) - Requires updating all callers to handle errors

AI generated by Discussion Task Miner - Code Quality Improvement Agent

  • expires on Feb 13, 2026, 1:26 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationcode-qualitycookieIssue Monster Loves Cookies!refactoringruntime-safetytask-mining

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions