[linter-miner] Add file-close-not-deferred linter

[github-actions]

Summary

Adds a new static analysis linter that detects file operations where Close() is called manually instead of being deferred, preventing potential resource leaks from early returns or panics.

Changes

New Linter Implementation

• pkg/linters/fileclosenotdeferred/fileclosenotdeferred.go: Implemented analyzer using go/analysis framework that:
  • Flags calls to file.Close() outside of defer statements
  • Tracks file handle state per types.Object to correctly handle variable shadowing
  • Reports violations immediately on variable reassignment to prevent hidden manual-close issues
  • Focuses on os.File operations where missing defer is a common resource leak pattern

Integration

• cmd/linters/main.go: Registered fileclosenotdeferred analyzer in the multichecker analyzer list

• linters: Updated compiled binary executable

Testing

• pkg/linters/fileclosenotdeferred/fileclosenotdeferred_test.go: Added analysistest-based unit test suite

• pkg/linters/fileclosenotdeferred/testdata/src/fileclosenotdeferred/fileclosenotdeferred.go: Created comprehensive test fixtures covering:

  • Positive cases: manual Close() calls that should be flagged
  • Negative cases: proper defer Close() usage that should not be flagged
  • Edge cases: blank identifier assignments, closures, variable shadowing, file handle reassignment after manual close

Documentation

• docs/adr/33834-add-file-close-not-deferred-linter.md: Added Architecture Decision Record documenting:
  • Rationale for the linter
  • Design decisions including per-variable state tracking approach
  • Considered alternatives
  • Normative specification of detection rules

Impact

• Type: Enhancement
• Breaking: No
• Scope: Adds new static analysis capability to detect resource leak patterns in file operations

Technical Notes

The linter uses types.Object as the tracking key rather than variable names to correctly handle shadowing scenarios where the same variable name is reused in inner scopes. Violations are reported immediately when a file variable is reassigned after a manual close, ensuring the first open's missing defer is not hidden by subsequent operations.

Commits

• 3ebe0e0ff Report violation immediately on reassignment to prevent hidden manual-close issues
• ac12035cb Address all PR review comments for file-close-not-deferred linter
• 888078785 Address PR review feedback for file-close-not-deferred linter
• f775d6edd Merge branch 'main' into linter-miner/file-close-not-deferred-f8e2ce8262f5fe49
• ab58db206 docs(adr): add draft ADR for file-close-not-deferred linter
• fb914db41 Merge branch 'main' into linter-miner/file-close-not-deferred-f8e2ce8262f5fe49
• 6d168821a Add file-close-not-deferred linter

Generated by PR Description Updater for issue #33834 · ● 1.6M · ◷

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[Copilot]

Pull request overview

Adds a new custom Go analysis linter to detect os.Open/os.Create/os.OpenFile patterns where files are closed manually instead of using an immediate defer, and wires the analyzer into the linter multichecker with analysistest-based fixtures.

Changes:

• Implement fileclosenotdeferred analyzer to track opened file variables and detect non-deferred Close() usage.
• Add analysistest harness + testdata fixtures for positive/negative cases.
• Register the analyzer in cmd/linters multichecker.

Show a summary per file

File	Description
pkg/linters/file-close-not-deferred/file-close-not-deferred.go	New analyzer implementation that tracks open calls and reports manual Close() without defer.
pkg/linters/file-close-not-deferred/file-close-not-deferred_test.go	analysistest runner for the analyzer.
pkg/linters/file-close-not-deferred/testdata/src/fileclosenotdeferred/fileclosenotdeferred.go	Fixtures covering manual close, deferred close, and error-assigned close patterns.
cmd/linters/main.go	Registers the new analyzer in the multichecker binary.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 6

[github-actions]

Skills-Based Review 🧠

Applied /tdd and /diagnose based on this linter implementation (a diagnostic tool with test-driven development approach).

Key Themes

1. Typo in Core Field Name (hasManuaClose → hasManualClose)
This typo appears 5 times in the code and will confuse future maintainers. A simple find-and-replace will fix it.

2. Scope Ambiguity
The linter only flags files with manual close (no defer). Files that are never closed at all are silently ignored. This may be intentional, but it's not documented. Consider either:

• Clarifying in the doc string that this only catches "manual close without defer"
• OR expanding the scope to catch "any file not properly deferred"

3. Missing Edge Case Tests
The test fixtures cover the happy path well, but don't include a "file never closed" case. Adding this would clarify the linter's intended scope and prevent future confusion.

4. Test Fixtures as Teaching Tools
The test code could better demonstrate why manual close is dangerous (early returns, panics, etc.). Adding explanatory comments would help developers understand the bug pattern, not just detect it.

Positive Highlights

✅ Clear motivation: The PR description explains the problem with concrete examples from the codebase
✅ Good test coverage: Tests cover manual close, deferred close, and error-checking patterns
✅ Follows project conventions: Uses analysistest framework, skips test files correctly
✅ Practical value: Targets a real bug pattern found in 3 places in the codebase

Verdict

The linter implementation is solid and follows good patterns. The issues are minor (typo + scope clarification) and don't block merge, but fixing the typo before merge would prevent technical debt.

---

Matt Pocock Skills Applied:

• /tdd — Test-driven development principles
• /diagnose — Disciplined debugging and bug pattern detection

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · ● 759.8K

Comments that could not be inline-anchored

pkg/linters/file-close-not-deferred/file-close-not-deferred.go:87

[/tdd] Typo in field name: hasManuaClose should be hasManualClose. This typo propagates throughout the code (lines 87, 109, 121, 133, 148) and will confuse future maintainers.

- hasManuaClose: false,
+ hasManualClose: false,

Consider adding a test that exercises the field name explicitly in a table-driven test to catch typos like this.

pkg/linters/file-close-not-deferred/testdata/src/fileclosenotdeferred/fileclosenotdeferred.go:55

[/tdd] Missing edge case: What happens when a file is opened but never closed at all (neither deferred nor manual)? This is a real-world bug pattern that the linter should probably flag.

Consider adding a test fixture:

// not flagged: file never closed (different issue - out of scope?)
func ReadFileNeverClosed() error {
    file, err := os.Open("test.txt")
    if err != nil {
        return err
    }
    // ... code but no close at all ...
    return nil
}

This clarifies the li…

pkg/linters/file-close-not-deferred/file-close-not-deferred.go:132

[/diagnose] The logic only reports if hasManuaClose && !hasDefer. This means files that are never closed at all are silently ignored. Is this intentional?

If the goal is strictly "flag manual close without defer", the current logic is correct but the documentation should clarify this narrow scope. If the goal is broader ("flag any file not properly closed"), you'd want:

if !state.hasDefer {
    pass.Report(analysis.Diagnostic{
        Pos:     state.openPos,
        Message: "file…

</details>

<details><summary>pkg/linters/file-close-not-deferred/testdata/src/fileclosenotdeferred/fileclosenotdeferred.go:207</summary>

**[/tdd]** The test fixture shows a realistic bug scenario, but it doesn&#39;t demonstrate *why* this is dangerous. Consider adding a comment that shows the leak:

```go
// flagged: file.Close() not deferred
func ReadFileManualClose() error {
    file, err := os.Open(&quot;test.txt&quot;) // want `file Close\(\) should be deferred immediately after successful open to prevent resource leaks`
    if err != nil {
        return err
    }
    // BUG: early return here would leak the file descriptor
    if someCo…

</details>

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 100/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	1
✅ Design tests (behavioral contracts)	1 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	1 (100%)
Duplicate test clusters	0
Test inflation detected	No
🚨 Coding-guideline violations	0

---

Test Classification Details

Test	File	Classification	Issues Detected
TestFileCloseNotDeferred	pkg/linters/file-close-not-deferred/file-close-not-deferred_test.go:13	✅ Design	None

---

Analysis Notes

✅ TestFileCloseNotDeferred (pkg/linters/file-close-not-deferred/file-close-not-deferred_test.go:13)

Classification: Design test (high value)

What design invariant does this test enforce?
This test enforces that the analyzer correctly detects resource leak patterns where file Close() is not deferred after os.Open/os.Create/os.OpenFile calls. It verifies the analyzer's behavioral contract: given various patterns of file handling code, it must report diagnostics at the correct locations for non-deferred Close() calls.

What would break if deleted?
Deleting this test would allow regressions in the analyzer's detection logic:

• False negatives: failing to flag manual Close() calls
• False positives: incorrectly flagging properly deferred Close() calls
• Incorrect diagnostic positions or messages

Test scenarios covered (from testdata):

1. ✅ Error cases: Manual Close() without defer (3 variations: os.Open, os.Create, Close() with error assignment)
2. ✅ Happy path: Properly deferred Close()
3. ✅ Edge case: Blank identifier (file ignored, no warning expected)

Special note: This test uses golang.org/x/tools/go/analysis/analysistest.Run(), which is the standard framework for testing Go static analysis passes. The framework validates analyzer behavior by comparing actual diagnostics against // want comments in testdata files. While the test function contains no explicit assertions, this is the correct pattern for analyzer tests — behavioral validation happens through the framework.

---

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 1 test — unit test with //go:build !integration tag

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). The test verifies the analyzer's behavioral contract using the standard analysistest framework pattern, includes comprehensive coverage of both error and success cases, and shows no test inflation (16 test lines vs 149 production lines).

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

🧪 Test quality analysis by Test Quality Sentinel · ● 835.8K · ◷

[github-actions]

✅ Test Quality Sentinel: 100/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). The test uses the standard analysistest framework pattern and provides comprehensive behavioral coverage.

[github-actions]

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (220 new lines in pkg/) but does not have a linked Architecture Decision Record (ADR).

A draft ADR has been generated from the PR diff and committed to this branch to help you get started:

📄 Draft ADR: docs/adr/33834-add-file-close-not-deferred-linter.md

What to do next

1. Review the draft ADR committed to your branch — it was generated from the PR diff and follows the Michael Nygard template used by sibling ADRs (e.g., 33608-add-regexp-compile-in-function-linter.md).
2. Complete the missing sections — confirm the rationale, refine the alternatives, and adjust any consequences the AI couldn't infer (the Deciders field is currently Unknown).
3. Commit the finalized ADR to docs/adr/ on this branch.
4. Reference the ADR in this PR body by adding a line such as:

   ADR: ADR-33834: Add file-close-not-deferred Linter

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

Why this PR needs an ADR

Adding a new in-house static-analysis linter is the kind of decision that benefits from a written record: there are real alternatives (third-party linter, broader "resource hygiene" check, plain code review) and real trade-offs (false-negative scope, registry compile cost, deferred cleanup of the 3 pre-existing violations). Capturing the decision now makes it greppable when the next contributor asks "why do we have so many tiny linter packages?"

Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

• Context — What is the problem? What forces are at play?
• Decision — What did you decide? Why?
• Alternatives Considered — What else could have been done?
• Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as Markdown files numbered by PR number (e.g., 33834-...md for PR #33834).

🔒 This PR cannot merge until an ADR is linked in the PR body.

References: §26245378772

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · ● 4.9M · ◷

[pelikhan]

@copilot review all comments and reviews

[Copilot]

@copilot review all comments and reviews

Addressed all review comments in the latest commits:

• Directory renamed file-close-not-deferred → fileclosenotdeferred — consistent with the dash-free naming used by every other linter package; the import alias in cmd/linters/main.go is gone.
• Typo fixed hasManuaClose → hasManualClose.
• gofmt applied — the struct composite literal is now correctly formatted.
• *ast.FuncLit descent stopped — ast.Inspect now returns false when it hits a function literal, so os.Open/Close/defer inside closures are no longer attributed to the outer function's fileVars, preventing false positives and negatives.
• types.Object map key — fileVars is now keyed by types.Object (via pass.TypesInfo.ObjectOf) instead of variable name, which correctly handles shadowed variables in inner scopes.
• New test fixtures added for both the closure case (not flagged) and the shadowed-variable case (not flagged).
• ADR updated to reflect the renamed path and the implemented fixes.

[pelikhan]

@copilot review all comments and reviews

[Copilot]

@copilot review all comments and reviews

One remaining issue was outstanding: when the same variable is reassigned via plain = to a second os.Open* call, the first open's manual-close violation was silently overwritten. Fixed in the latest commit by reporting the violation immediately before overwriting the state, along with a new test fixture (ReopenWithManualCloseThenDefer) that covers this case.

[github-actions]

``
Please re-review once the checks settle and confirm the linter change is still on track.

Generated by 👨‍🍳 PR Sous Chef · ● 2.6M · ◷