chore(lint): activity pkg doc + 56-package ST1000 sweep

cmd/openctem-admin/cmd/client.go

@@ -1,3 +1,4 @@
+// Package cmd implements the openctem-admin CLI (cobra commands) for tenant ops + maintenance.
 package cmd
 
 import (

internal/app/activity/service.go

@@ -1,3 +1,7 @@
+// Package activity provides the application service that records, queries,
+// and aggregates user-facing activity events (asset created, finding
+// reopened, scan triggered, etc). The service is the orchestration layer
+// over pkg/domain/activity entities + a repository implementation.
 package activity
 
 import (
@@ -113,9 +117,9 @@ type RecordActivityInput struct {
 	ActivityType   string                 `validate:"required"`
 	ActorID        *string                `validate:"omitempty,uuid"`
 	ActorType      string                 `validate:"required"`
-	Changes        map[string]interface{} `validate:"required"`
+	Changes        map[string]any `validate:"required"`
 	Source         string
-	SourceMetadata map[string]interface{}
+	SourceMetadata map[string]any
 }
 
 // MaxChangesSize is the maximum allowed size for the changes JSONB field (15KB).
@@ -216,7 +220,7 @@ func (s *FindingActivityService) RecordBatchAutoResolved(
 			vulnerability.ActivityAutoResolved,
 			nil, // no actor - system action
 			vulnerability.ActorTypeSystem,
-			map[string]interface{}{
+			map[string]any{
 				"reason":  "not_found_in_full_scan",
 				"scanner": toolName,
 				"scan_id": scanID,
@@ -258,7 +262,7 @@ func (s *FindingActivityService) RecordBatchAutoReopened(
 			vulnerability.ActivityAutoReopened,
 			nil, // no actor - system action
 			vulnerability.ActorTypeSystem,
-			map[string]interface{}{
+			map[string]any{
 				"reason": "finding_detected_again",
 			},
 			vulnerability.SourceAuto,
@@ -288,7 +292,7 @@ func (s *FindingActivityService) RecordStatusChange(
 	reason string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"old_status": oldStatus,
 		"new_status": newStatus,
 	}
@@ -315,7 +319,7 @@ func (s *FindingActivityService) RecordSeverityChange(
 	oldSeverity, newSeverity string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"old_severity": oldSeverity,
 		"new_severity": newSeverity,
 	}
@@ -339,7 +343,7 @@ func (s *FindingActivityService) RecordAssignment(
 	assigneeID, assigneeName, assigneeEmail string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"assignee_id":    assigneeID,
 		"assignee_name":  assigneeName,
 		"assignee_email": assigneeEmail,
@@ -364,7 +368,7 @@ func (s *FindingActivityService) RecordUnassignment(
 	previousAssigneeName string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"previous_assignee_name": previousAssigneeName,
 	}
 
@@ -388,7 +392,7 @@ func (s *FindingActivityService) RecordCommentAdded(
 	commentID, content string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"comment_id": commentID,
 	}
 	if content != "" {
@@ -421,7 +425,7 @@ func (s *FindingActivityService) RecordCommentUpdated(
 	commentID string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"comment_id": commentID,
 	}
 
@@ -444,7 +448,7 @@ func (s *FindingActivityService) RecordCommentDeleted(
 	commentID string,
 	source string,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"comment_id": commentID,
 	}
 
@@ -483,9 +487,9 @@ func (s *FindingActivityService) RecordScanDetected(
 	ctx context.Context,
 	tenantID, findingID string,
 	scanID, scanner, scanType string,
-	sourceMetadata map[string]interface{},
+	sourceMetadata map[string]any,
 ) (*vulnerability.FindingActivity, error) {
-	changes := map[string]interface{}{
+	changes := map[string]any{
 		"scan_id":   scanID,
 		"scanner":   scanner,
 		"scan_type": scanType,
@@ -508,15 +512,15 @@ func (s *FindingActivityService) RecordCreated(
 	ctx context.Context,
 	tenantID, findingID string,
 	source string,
-	sourceMetadata map[string]interface{},
+	sourceMetadata map[string]any,
 ) (*vulnerability.FindingActivity, error) {
 	return s.RecordActivity(ctx, RecordActivityInput{
 		TenantID:       tenantID,
 		FindingID:      findingID,
 		ActivityType:   string(vulnerability.ActivityCreated),
 		ActorID:        nil,
 		ActorType:      string(vulnerability.ActorTypeSystem),
-		Changes:        map[string]interface{}{},
+		Changes:        map[string]any{},
 		Source:         source,
 		SourceMetadata: sourceMetadata,
 	})

internal/app/agent/service.go

@@ -1,3 +1,4 @@
+// Package agent implements the application service for the agent bounded context — orchestrates pkg/domain/agent entities and cross-cutting concerns (audit, notifications, RBAC).
 package agent
 
 import (

internal/app/aitriage/service.go

@@ -1,3 +1,4 @@
+// Package aitriage implements the application service for the aitriage bounded context — orchestrates pkg/domain/aitriage entities and cross-cutting concerns (audit, notifications, RBAC).
 package aitriage
 
 import (

internal/app/apikey/service.go

@@ -1,3 +1,4 @@
+// Package apikey implements the application service for the apikey bounded context — orchestrates pkg/domain/apikey entities and cross-cutting concerns (audit, notifications, RBAC).
 package apikey
 
 import (

internal/app/asset/service.go

@@ -1,3 +1,4 @@
+// Package asset implements the application service for the asset bounded context — orchestrates pkg/domain/asset entities and cross-cutting concerns (audit, notifications, RBAC).
 package asset
 
 import (

internal/app/assignment/engine.go

@@ -1,3 +1,4 @@
+// Package assignment implements the application service for the assignment bounded context — orchestrates pkg/domain/assignment entities and cross-cutting concerns (audit, notifications, RBAC).
 package assignment
 
 import (

internal/app/attack/path_scoring.go

@@ -1,3 +1,4 @@
+// Package attack implements the application service for the attack bounded context — orchestrates pkg/domain/attack entities and cross-cutting concerns (audit, notifications, RBAC).
 package attack
 
 import (

internal/app/audit/service.go

@@ -1,3 +1,4 @@
+// Package audit implements the application service for the audit bounded context — orchestrates pkg/domain/audit entities and cross-cutting concerns (audit, notifications, RBAC).
 package audit
 
 import (

internal/app/auth/service.go

@@ -1,3 +1,4 @@
+// Package auth implements the application service for the auth bounded context — orchestrates pkg/domain/auth entities and cross-cutting concerns (audit, notifications, RBAC).
 package auth
 
 import (

internal/app/capability/service.go

@@ -1,3 +1,4 @@
+// Package capability implements the application service for the capability bounded context — orchestrates pkg/domain/capability entities and cross-cutting concerns (audit, notifications, RBAC).
 package capability
 
 import (

internal/app/command/service.go

@@ -1,3 +1,4 @@
+// Package command implements the application service for the command bounded context — orchestrates pkg/domain/command entities and cross-cutting concerns (audit, notifications, RBAC).
 package command
 
 import (

internal/app/compliance/service.go

@@ -1,3 +1,4 @@
+// Package compliance implements the application service for the compliance bounded context — orchestrates pkg/domain/compliance entities and cross-cutting concerns (audit, notifications, RBAC).
 package compliance
 
 import (

internal/app/exposure/service.go

@@ -1,3 +1,4 @@
+// Package exposure implements the application service for the exposure bounded context — orchestrates pkg/domain/exposure entities and cross-cutting concerns (audit, notifications, RBAC).
 package exposure
 
 import (

internal/app/finding/actions.go

@@ -1,3 +1,4 @@
+// Package finding implements the application service for the finding bounded context — orchestrates pkg/domain/finding entities and cross-cutting concerns (audit, notifications, RBAC).
 package finding
 
 import (

internal/app/ingest/priority_gate_test.go

@@ -259,10 +259,6 @@ func TestPriorityGate_FilterProperties_FeatureOffReturnsInputUnchanged(t *testin
 	incoming := map[string]any{"a": 1, "b": 2}
 	allowed, skipped := g.FilterProperties(settings, src, incoming, nil)
 
-	// Same map reference — zero-allocation happy path.
-	if &allowed == &incoming { // can't compare maps by pointer directly
-		// fallthrough; documented invariant is "same map contents"
-	}
 	if len(allowed) != 2 {
 		t.Errorf("expected pass-through of 2 entries, got %d", len(allowed))
 	}

internal/app/integration/service.go

@@ -1,3 +1,4 @@
+// Package integration implements the application service for the integration bounded context — orchestrates pkg/domain/integration entities and cross-cutting concerns (audit, notifications, RBAC).
 package integration
 
 import (

internal/app/jira/rescan_hook.go

@@ -1,3 +1,4 @@
+// Package jira implements the application service for the jira bounded context — orchestrates pkg/domain/jira entities and cross-cutting concerns (audit, notifications, RBAC).
 package jira
 
 import (

internal/app/module/service.go

@@ -1,3 +1,4 @@
+// Package module implements the application service for the module bounded context — orchestrates pkg/domain/module entities and cross-cutting concerns (audit, notifications, RBAC).
 package module
 
 import (

internal/app/outbox/service.go

@@ -1,3 +1,4 @@
+// Package outbox implements the application service for the outbox bounded context — orchestrates pkg/domain/outbox entities and cross-cutting concerns (audit, notifications, RBAC).
 package outbox
 
 import (

internal/app/scan/service.go

@@ -1,3 +1,4 @@
+// Package scan implements the application service for the scan bounded context — orchestrates pkg/domain/scan entities and cross-cutting concerns (audit, notifications, RBAC).
 package scan
 
 import (

internal/app/scope/service.go

@@ -1,3 +1,4 @@
+// Package scope implements the application service for the scope bounded context — orchestrates pkg/domain/scope entities and cross-cutting concerns (audit, notifications, RBAC).
 package scope
 
 import (

internal/app/template/scan_adapter.go

@@ -1,3 +1,4 @@
+// Package template implements the application service for the template bounded context — orchestrates pkg/domain/template entities and cross-cutting concerns (audit, notifications, RBAC).
 package template
 
 import (

internal/app/template/validator.go

@@ -1,4 +1,4 @@
-// Package validators provides template validation for different scanner types.
+// Package template provides template validation for different scanner types.
 package template
 
 import (

internal/app/tenant/service.go

@@ -1,3 +1,4 @@
+// Package tenant implements the application service for the tenant bounded context — orchestrates pkg/domain/tenant entities and cross-cutting concerns (audit, notifications, RBAC).
 package tenant
 
 import (

internal/app/threat/actor_service.go

@@ -1,3 +1,4 @@
+// Package threat implements the application service for the threat bounded context — orchestrates pkg/domain/threat entities and cross-cutting concerns (audit, notifications, RBAC).
 package threat
 
 import (

internal/app/tool/service.go

@@ -1,3 +1,4 @@
+// Package tool implements the application service for the tool bounded context — orchestrates pkg/domain/tool entities and cross-cutting concerns (audit, notifications, RBAC).
 package tool
 
 import (

internal/app/workflow/service.go

@@ -1,3 +1,4 @@
+// Package workflow implements the application service for the workflow bounded context — orchestrates pkg/domain/workflow entities and cross-cutting concerns (audit, notifications, RBAC).
 package workflow
 
 import (

internal/infra/http/chi_router.go

@@ -1,3 +1,4 @@
+// Package http hosts the HTTP server scaffolding (router, options, lifecycle).
 package http
 
 import (

internal/infra/postgres/access_control_repository.go

@@ -1,3 +1,4 @@
+// Package postgres provides PostgreSQL repository implementations for the domain interfaces in pkg/domain/.
 package postgres
 
 import (

internal/metrics/metrics.go

@@ -1,3 +1,4 @@
+// Package metrics
 package metrics
 
 import (

pkg/domain/accesscontrol/entity.go

@@ -1,3 +1,4 @@
+// Package accesscontrol provides public types and helpers reusable across the codebase.
 package accesscontrol
 
 import (

pkg/domain/apikey/entity.go

@@ -1,3 +1,4 @@
+// Package apikey provides public types and helpers reusable across the codebase.
 package apikey
 
 import (

pkg/domain/asset/category.go

@@ -1,3 +1,4 @@
+// Package asset provides public types and helpers reusable across the codebase.
 package asset
 
 // Category groups asset types for UI organization and filtering.

pkg/domain/assetgroup/entity.go

@@ -1,4 +1,4 @@
-// Package asset_group provides domain models for asset group management.
+// Package assetgroup provides domain models for asset group management.
 // Asset groups organize assets for CTEM (Continuous Threat Exposure Management) scoping.
 package assetgroup
 

pkg/domain/assettype/entity.go

@@ -1,3 +1,4 @@
+// Package assettype provides public types and helpers reusable across the codebase.
 package assettype
 
 import (

pkg/domain/attackerprofile/entity.go

@@ -1,3 +1,4 @@
+// Package attackerprofile provides public types and helpers reusable across the codebase.
 package attackerprofile
 
 import (

pkg/domain/audit/entity.go

@@ -1,3 +1,4 @@
+// Package audit provides public types and helpers reusable across the codebase.
 package audit
 
 import (

pkg/domain/branch/branch_type_rules.go

@@ -1,3 +1,4 @@
+// Package branch provides public types and helpers reusable across the codebase.
 package branch
 
 import (

pkg/domain/compensatingcontrol/entity.go

@@ -1,3 +1,4 @@
+// Package compensatingcontrol provides public types and helpers reusable across the codebase.
 package compensatingcontrol
 
 import (

pkg/domain/ctemcycle/entity.go

@@ -1,3 +1,4 @@
+// Package ctemcycle provides public types and helpers reusable across the codebase.
 package ctemcycle
 
 import (

pkg/domain/datasource/asset_source.go

@@ -1,3 +1,4 @@
+// Package datasource provides public types and helpers reusable across the codebase.
 package datasource
 
 import (

pkg/domain/exposure/entity.go

@@ -1,3 +1,4 @@
+// Package exposure provides public types and helpers reusable across the codebase.
 package exposure
 
 import (

pkg/domain/findingsource/entity.go

@@ -1,3 +1,4 @@
+// Package findingsource provides public types and helpers reusable across the codebase.
 package findingsource
 
 import (

pkg/domain/group/entity.go

@@ -1,3 +1,4 @@
+// Package group provides public types and helpers reusable across the codebase.
 package group
 
 import (

pkg/domain/integration/entity.go

@@ -1,3 +1,4 @@
+// Package integration provides public types and helpers reusable across the codebase.
 package integration
 
 import (

pkg/domain/module/dependency.go

@@ -1,3 +1,4 @@
+// Package module provides public types and helpers reusable across the codebase.
 package module
 
 import "strings"

pkg/domain/notification/entity.go

@@ -1,3 +1,4 @@
+// Package notification provides public types and helpers reusable across the codebase.
 package notification
 
 import (

pkg/domain/permissionset/entity.go

@@ -1,3 +1,4 @@
+// Package permissionset provides public types and helpers reusable across the codebase.
 package permissionset
 
 import (

pkg/domain/scannertemplate/entity.go

@@ -1,4 +1,4 @@
-// Package scanner_template defines the ScannerTemplate domain entity for custom scanner templates.
+// Package scannertemplate defines the ScannerTemplate domain entity for custom scanner templates.
 package scannertemplate
 
 import (

pkg/domain/scansession/entity.go

@@ -1,3 +1,4 @@
+// Package scansession provides public types and helpers reusable across the codebase.
 package scansession
 
 import (

pkg/domain/scope/entity.go

@@ -1,3 +1,4 @@
+// Package scope provides public types and helpers reusable across the codebase.
 package scope
 
 import (

pkg/domain/secretstore/encryption.go

@@ -1,3 +1,4 @@
+// Package secretstore provides public types and helpers reusable across the codebase.
 package secretstore
 
 import (