Skip to content

blog: flaglint-go field-testing and whole-scan identity resolution#17

Merged
Krishan27 merged 1 commit into
mainfrom
blog/flaglint-go-whole-scan-identity-resolution
Jul 6, 2026
Merged

blog: flaglint-go field-testing and whole-scan identity resolution#17
Krishan27 merged 1 commit into
mainfrom
blog/flaglint-go-whole-scan-identity-resolution

Conversation

@flaglint

@flaglint flaglint commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Summary

Announces flaglint-go and tells the real engineering story rather than just an announcement:

  • Field-tested against real open-source repos (the official launchdarkly-labs/ld-sample-app-go, weaviate/weaviate, CMS-Enterprise/mint-app, e2b-dev/infra) before shipping — found zero recall on every repo with genuine usage, despite zero false positives.
  • What real code actually does differently from synthetic fixtures (3 concrete indirection patterns, one per repo).
  • How whole-scan identity resolution closed the gap without needing go/types.
  • The review-caught false-positive bug (cross-package binding collision) — including it makes this more credible, not less.
  • The honest remaining gaps (e2b-dev/infra still undetected), linking to real tracked issues.

Verification

All example terminal output and code snippets were verified moments before writing, not from memory:

  • Re-cloned and re-ran flaglint-go audit against ld-sample-app-go and weaviate right before finalizing this post — output blocks in the post are byte-for-byte what the binary actually printed just now.
  • weaviate code snippets (LDIntegration, FeatureFlag[T], the StringVariation call) are verbatim from the real source; where I wasn't fully certain of an exact enclosing function signature, I labeled it as illustrative rather than asserting an invented one.

Test plan

  • npm run build — clean, 90 pages (up from 87)
  • Verified in-browser: full post renders end-to-end (author byline, tags, terminal output blocks, code syntax highlighting, links, next-post nav) — no broken formatting

Announces flaglint-go and tells the real engineering story: field-tested
against real open-source repos (the official launchdarkly-labs/ld-sample-app-go,
weaviate, mint-app, e2b-dev/infra) before shipping, found zero recall on
every repo with genuine usage despite zero false positives, then closed the
gap with whole-scan identity resolution — without needing go/types.

Includes the review-caught false-positive bug (cross-package binding
collision) and the honest remaining gaps, not just the wins. All example
output and code snippets verified against the actual binary/real source
moments before publishing, not written from memory.

Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@flaglint, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 27 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d4005071-9b7c-4849-9d1c-425fd8ddca57

📥 Commits

Reviewing files that changed from the base of the PR and between f75e55b and 0252b91.

📒 Files selected for processing (1)
  • src/content/docs/blog/flaglint-go-whole-scan-identity-resolution.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch blog/flaglint-go-whole-scan-identity-resolution

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying flaglint with  Cloudflare Pages  Cloudflare Pages

Latest commit: 0252b91
Status: ✅  Deploy successful!
Preview URL: https://da4599f4.flaglint.pages.dev
Branch Preview URL: https://blog-flaglint-go-whole-scan.flaglint.pages.dev

View logs

@Krishan27 Krishan27 merged commit a3ada29 into main Jul 6, 2026
4 checks passed
@Krishan27 Krishan27 deleted the blog/flaglint-go-whole-scan-identity-resolution branch July 6, 2026 21:36
flaglint pushed a commit that referenced this pull request Jul 8, 2026
…trict-types and baseline counts

Every identity-resolution gap listed as "not resolved yet" on the
flaglint-go Limitations and Supported Scope pages has actually been
closed (verified directly against the flaglint-go issue tracker):
chained factory-call-then-method (#20), method values (#6), interface
satisfaction (#15), block-scoped shadowing (#5), factory returning a
wrapper type (#16), and nested go.mod files (#17). These pages were last
updated right before that work landed.

- limitations.md / supported-scope.md: mark all six as resolved (noting
  which layer resolves each — Phase 1 default vs. opt-in --strict-types),
  add two newer Phase-1 mechanisms these pages never mentioned at all
  (a struct field declared *ld.LDClient with no observed construction,
  and a composite literal directly initializing a package-level var),
  and state plainly that zero identity-resolution gaps are currently
  tracked.
- identity-model.md: add worked examples for both newer Phase-1
  mechanisms above, plus a new "Phase 2 — --strict-types" section
  (interface satisfaction, transitive factory wrapping, cross-function
  method-value forwarding) that didn't exist on this page at all before.
- index.md: same corrections to the "what flaglint-go does/doesn't do"
  summary — it previously named method values and interface satisfaction
  as open gaps.
- cli/{scan,audit,validate}.md: --strict-types wasn't documented as a
  flag anywhere on the site despite being available on all three
  commands since it shipped; added to each page's options table.
  audit.md's baseline JSON example was also missing the "schemaVersion"
  and "counts" fields flaglint-go now emits; validate.md's Baseline Mode
  section gains a note on what "counts" actually catches (a brand-new
  duplicate of an already-baselined call, not just a brand-new
  fingerprint).

Verified: `npm run build` completes cleanly (90 pages), spot-checked the
rendered Limitations page's output directly.

Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants