chore: Enable cyclop, gochecknoglobals, godot, nestif, nlreturn linters

Auto-fixed godot (comment periods) and nlreturn (newlines before returns)
across all packages. 23 issues remain for manual refactoring (mcs-e0yb):
- 12 cyclop (cyclomatic complexity)
- 9 gochecknoglobals (global variables)
- 2 nestif (nested if complexity)

Temporarily excluded until refactored.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: cv

.golangci.yml

@@ -17,8 +17,13 @@ linters:
     - gosec              # Security issues
 
     # Code quality
+    - cyclop             # Cyclomatic complexity
     - dupl               # Duplicated code blocks
+    - gochecknoglobals   # Disallow global variables
     - gochecknoinits     # Disallow init functions
+    - godot              # Check comment ending with period
+    - nestif             # Deeply nested if statements
+    - nlreturn           # Newline before return
     - canonicalheader    # HTTP header canonicalization
     - dupword            # Duplicate words (typos)
     - exhaustive         # Exhaustive switch statements
@@ -69,3 +74,16 @@ linters:
       - path: _test\.go
         linters:
           - goconst
+      # TODO(mcs-e0yb): Temporarily exclude new linters until refactored
+      # Cyclomatic complexity - 12 functions need refactoring
+      - path: \.go
+        linters:
+          - cyclop
+      # Global variables - 9 globals need evaluation
+      - path: \.go
+        linters:
+          - gochecknoglobals
+      # Nested if complexity - 2 functions need refactoring
+      - path: \.go
+        linters:
+          - nestif

internal/api/auth.go

@@ -19,84 +19,86 @@ import (
 )
 
 const (
-	// AuthRequestTimeout is the timeout for authentication-related API requests
+	// AuthRequestTimeout is the timeout for authentication-related API requests.
 	AuthRequestTimeout = 15 * time.Second
 
-	// IV is the initialization vector for AES encryption
+	// IV is the initialization vector for AES encryption.
 	IV = "0102030405060708"
 
-	// SignatureMD5 is used for key derivation
+	// SignatureMD5 is used for key derivation.
 	SignatureMD5 = "C383D8C4D279B78130AD52DC71D95CAA"
 
-	// AppPackageID identifies the mobile app package
+	// AppPackageID identifies the mobile app package.
 	AppPackageID = "com.interrait.mymazda"
 
-	// UserAgentBaseAPI is the User-Agent for base API requests
+	// UserAgentBaseAPI is the User-Agent for base API requests.
 	UserAgentBaseAPI = "MyMazda-Android/9.0.5"
 
-	// UserAgentUsherAPI is the User-Agent for Usher API requests
+	// UserAgentUsherAPI is the User-Agent for Usher API requests.
 	UserAgentUsherAPI = "MyMazda/9.0.5 (Google Pixel 3a; Android 11)"
 
-	// AppOS identifies the operating system
+	// AppOS identifies the operating system.
 	AppOS = "Android"
 
-	// AppVersion is the mobile app version
+	// AppVersion is the mobile app version.
 	AppVersion = "9.0.5"
 
-	// UsherSDKVersion is the Usher SDK version
+	// UsherSDKVersion is the Usher SDK version.
 	UsherSDKVersion = "11.3.0700.001"
 
-	// InternalUserID is a placeholder used in API requests
+	// InternalUserID is a placeholder used in API requests.
 	InternalUserID = "__INTERNAL_ID__"
 )
 
-// Authentication endpoint constants
+// Authentication endpoint constants.
 const (
 	EndpointCheckVersion  = "service/checkVersion"
 	EndpointEncryptionKey = "system/encryptionKey"
 	EndpointLogin         = "user/login"
 )
 
-// Region represents a valid geographic region
+// Region represents a valid geographic region.
 type Region string
 
 const (
-	// RegionMNAO represents Mazda North American Operations
+	// RegionMNAO represents Mazda North American Operations.
 	RegionMNAO Region = "MNAO"
-	// RegionMME represents Mazda Europe
+	// RegionMME represents Mazda Europe.
 	RegionMME Region = "MME"
-	// RegionMJO represents Mazda Japan
+	// RegionMJO represents Mazda Japan.
 	RegionMJO Region = "MJO"
 )
 
-// String returns the string representation of the region
+// String returns the string representation of the region.
 func (r Region) String() string {
 	return string(r)
 }
 
-// IsValid checks if the region is valid
+// IsValid checks if the region is valid.
 func (r Region) IsValid() bool {
 	_, ok := RegionConfigs[string(r)]
+
 	return ok
 }
 
-// ParseRegion parses a string into a Region, returning an error if invalid
+// ParseRegion parses a string into a Region, returning an error if invalid.
 func ParseRegion(s string) (Region, error) {
 	r := Region(s)
 	if !r.IsValid() {
 		return "", fmt.Errorf("invalid region: %s (must be one of: MNAO, MME, MJO)", s)
 	}
+
 	return r, nil
 }
 
-// RegionConfig holds configuration for a specific region
+// RegionConfig holds configuration for a specific region.
 type RegionConfig struct {
 	AppCode  string
 	BaseURL  string
 	UsherURL string
 }
 
-// RegionConfigs maps region codes to their configurations
+// RegionConfigs maps region codes to their configurations.
 var RegionConfigs = map[string]RegionConfig{
 	"MNAO": {
 		AppCode:  "202007270941270111799",
@@ -115,7 +117,7 @@ var RegionConfigs = map[string]RegionConfig{
 	},
 }
 
-// Client represents an API client
+// Client represents an API client.
 type Client struct {
 	email    string
 	password string
@@ -138,7 +140,7 @@ type Client struct {
 	sleepFunc         func(context.Context, time.Duration) error
 }
 
-// NewClient creates a new API client
+// NewClient creates a new API client.
 func NewClient(email, password string, region Region) (*Client, error) {
 	if !region.IsValid() {
 		return nil, fmt.Errorf("invalid region: %s", region)
@@ -162,25 +164,25 @@ func NewClient(email, password string, region Region) (*Client, error) {
 	}, nil
 }
 
-// SetDebug enables or disables debug logging
+// SetDebug enables or disables debug logging.
 func (c *Client) SetDebug(debug bool) {
 	c.debug = debug
 }
 
-// SetCachedCredentials sets the client's cached authentication credentials
+// SetCachedCredentials sets the client's cached authentication credentials.
 func (c *Client) SetCachedCredentials(accessToken string, accessTokenExpirationTs int64, encKey, signKey string) {
 	c.accessToken = accessToken
 	c.accessTokenExpirationTs = accessTokenExpirationTs
 	c.Keys.EncKey = encKey
 	c.Keys.SignKey = signKey
 }
 
-// GetCredentials returns the current authentication credentials for caching
+// GetCredentials returns the current authentication credentials for caching.
 func (c *Client) GetCredentials() (accessToken string, accessTokenExpirationTs int64, encKey, signKey string) {
 	return c.accessToken, c.accessTokenExpirationTs, c.Keys.EncKey, c.Keys.SignKey
 }
 
-// GetEncryptionKeys retrieves the encryption and signing keys from the API
+// GetEncryptionKeys retrieves the encryption and signing keys from the API.
 func (c *Client) GetEncryptionKeys(ctx context.Context) error {
 	// Ensure we have a timeout for the request
 	ctx, cancel := context.WithTimeout(ctx, AuthRequestTimeout)
@@ -245,7 +247,7 @@ func (c *Client) GetEncryptionKeys(ctx context.Context) error {
 	return nil
 }
 
-// GetUsherEncryptionKey retrieves the RSA public key from Usher API
+// GetUsherEncryptionKey retrieves the RSA public key from Usher API.
 func (c *Client) GetUsherEncryptionKey(ctx context.Context) (string, string, error) {
 	// Ensure we have a timeout for the request
 	ctx, cancel := context.WithTimeout(ctx, AuthRequestTimeout)
@@ -287,7 +289,7 @@ func (c *Client) GetUsherEncryptionKey(ctx context.Context) (string, string, err
 	return response.Data.PublicKey, response.Data.VersionPrefix, nil
 }
 
-// Login authenticates with the API and retrieves an access token
+// Login authenticates with the API and retrieves an access token.
 func (c *Client) Login(ctx context.Context) error {
 	// Ensure we have a timeout for the request
 	ctx, cancel := context.WithTimeout(ctx, AuthRequestTimeout)
@@ -364,7 +366,7 @@ func (c *Client) Login(ctx context.Context) error {
 	return nil
 }
 
-// IsTokenValid checks if the access token is present and not expired
+// IsTokenValid checks if the access token is present and not expired.
 func (c *Client) IsTokenValid() bool {
 	return cache.IsTokenValid(c.accessToken, c.accessTokenExpirationTs)
 }
@@ -382,22 +384,25 @@ func (c *Client) getSignFromTimestamp(timestamp string) string {
 
 	timestampExtended := strings.ToUpper(timestamp + timestamp[6:] + timestamp[3:])
 	temporarySignKey := c.getTemporarySignKeyFromAppCode()
+
 	return SignWithSHA256(timestampExtended + temporarySignKey)
 }
 
 func (c *Client) getTemporarySignKeyFromAppCode() string {
 	val1 := SignWithMD5(c.appCode + AppPackageID)
 	val2 := strings.ToLower(SignWithMD5(val1 + SignatureMD5))
+
 	return val2[20:32] + val2[0:10] + val2[4:6]
 }
 
 func (c *Client) getDecryptionKeyFromAppCode() string {
 	val1 := SignWithMD5(c.appCode + AppPackageID)
 	val2 := strings.ToLower(SignWithMD5(val1 + SignatureMD5))
+
 	return val2[4:20]
 }
 
-// decryptCheckVersionPayload decrypts and parses the checkVersion response payload
+// decryptCheckVersionPayload decrypts and parses the checkVersion response payload.
 func (c *Client) decryptCheckVersionPayload(payload string) (*CheckVersionResponse, error) {
 	key := c.getDecryptionKeyFromAppCode()
 	decrypted, err := DecryptAES128CBC(payload, key, IV)

internal/api/client.go

@@ -14,22 +14,23 @@ import (
 )
 
 const (
-	// MaxRetries is the maximum number of retries for API requests
+	// MaxRetries is the maximum number of retries for API requests.
 	MaxRetries = 4
 )
 
 // calculateBackoff returns the backoff duration for a given retry count.
-// Uses exponential backoff: 1s, 2s, 4s, 8s
+// Uses exponential backoff: 1s, 2s, 4s, 8s.
 func calculateBackoff(retryCount int) time.Duration {
 	if retryCount <= 0 {
 		return 0
 	}
 	// 2^(retryCount-1) seconds, capped at 8 seconds
 	backoffSeconds := min(1<<(retryCount-1), 8)
+
 	return time.Duration(backoffSeconds) * time.Second
 }
 
-// sleepWithContext sleeps for the specified duration, but returns early if context is cancelled
+// sleepWithContext sleeps for the specified duration, but returns early if context is cancelled.
 func sleepWithContext(ctx context.Context, duration time.Duration) error {
 	if duration <= 0 {
 		return nil
@@ -45,17 +46,17 @@ func sleepWithContext(ctx context.Context, duration time.Duration) error {
 	}
 }
 
-// APIRequest makes an API request with proper encryption, signing, and error handling
+// APIRequest makes an API request with proper encryption, signing, and error handling.
 func (c *Client) APIRequest(ctx context.Context, method, uri string, queryParams map[string]string, bodyParams map[string]any, needsKeys, needsAuth bool) (map[string]any, error) {
 	return c.apiRequestWithRetry(ctx, method, uri, queryParams, bodyParams, needsKeys, needsAuth, 0)
 }
 
-// APIRequestJSON makes an API request and returns the raw decrypted JSON bytes
+// APIRequestJSON makes an API request and returns the raw decrypted JSON bytes.
 func (c *Client) APIRequestJSON(ctx context.Context, method, uri string, queryParams map[string]string, bodyParams map[string]any, needsKeys, needsAuth bool) ([]byte, error) {
 	return c.apiRequestJSONWithRetry(ctx, method, uri, queryParams, bodyParams, needsKeys, needsAuth, 0)
 }
 
-// retryFunc is the type for functions that can be retried
+// retryFunc is the type for functions that can be retried.
 type retryFunc[T any] func(ctx context.Context, method, uri string, queryParams map[string]string, bodyParams map[string]any, needsKeys, needsAuth bool) (T, error)
 
 // genericRetry implements the retry logic with exponential backoff for API requests.
@@ -108,6 +109,7 @@ func genericRetry[T any](
 			if err := c.sleepFunc(ctx, backoff); err != nil {
 				return zero, err
 			}
+
 			return genericRetry(ctx, c, method, uri, queryParams, bodyParams, needsKeys, needsAuth, retryCount+1, executeFunc)
 		} else if errors.As(err, &tokenErr) {
 			// Login again and retry
@@ -119,8 +121,10 @@ func genericRetry[T any](
 			if err := c.sleepFunc(ctx, backoff); err != nil {
 				return zero, err
 			}
+
 			return genericRetry(ctx, c, method, uri, queryParams, bodyParams, needsKeys, needsAuth, retryCount+1, executeFunc)
 		}
+
 		return zero, err
 	}
 
@@ -314,34 +318,37 @@ func (c *Client) sendAPIRequestJSON(ctx context.Context, method, uri string, que
 	return c.decryptPayloadBytes(encryptedPayload)
 }
 
-// ensureKeysPresent ensures encryption keys are available
+// ensureKeysPresent ensures encryption keys are available.
 func (c *Client) ensureKeysPresent(ctx context.Context) error {
 	if c.Keys.EncKey == "" || c.Keys.SignKey == "" {
 		return c.GetEncryptionKeys(ctx)
 	}
+
 	return nil
 }
 
-// ensureTokenValid ensures access token is valid
+// ensureTokenValid ensures access token is valid.
 func (c *Client) ensureTokenValid(ctx context.Context) error {
 	if !c.IsTokenValid() {
 		return c.Login(ctx)
 	}
+
 	return nil
 }
 
-// encryptPayloadUsingKey encrypts a payload using the client's encryption key
+// encryptPayloadUsingKey encrypts a payload using the client's encryption key.
 func (c *Client) encryptPayloadUsingKey(payload string) (string, error) {
 	if c.Keys.EncKey == "" {
 		return "", NewAPIError("Missing encryption key")
 	}
 	if payload == "" {
 		return "", nil
 	}
+
 	return EncryptAES128CBC([]byte(payload), c.Keys.EncKey, IV)
 }
 
-// decryptPayloadUsingKey decrypts a payload using the client's encryption key
+// decryptPayloadUsingKey decrypts a payload using the client's encryption key.
 func (c *Client) decryptPayloadUsingKey(payload string) (map[string]any, error) {
 	if c.Keys.EncKey == "" {
 		return nil, NewAPIError("Missing encryption key")
@@ -360,7 +367,7 @@ func (c *Client) decryptPayloadUsingKey(payload string) (map[string]any, error)
 	return result, nil
 }
 
-// decryptPayloadBytes decrypts a payload and returns raw JSON bytes
+// decryptPayloadBytes decrypts a payload and returns raw JSON bytes.
 func (c *Client) decryptPayloadBytes(payload string) ([]byte, error) {
 	if c.Keys.EncKey == "" {
 		return nil, NewAPIError("Missing encryption key")
@@ -374,7 +381,7 @@ func (c *Client) decryptPayloadBytes(payload string) ([]byte, error) {
 	return decrypted, nil
 }
 
-// getSignFromPayloadAndTimestamp generates a signature from payload and timestamp
+// getSignFromPayloadAndTimestamp generates a signature from payload and timestamp.
 func (c *Client) getSignFromPayloadAndTimestamp(payload, timestamp string) string {
 	if timestamp == "" {
 		return ""
@@ -390,7 +397,7 @@ func (c *Client) getSignFromPayloadAndTimestamp(payload, timestamp string) strin
 	return SignWithSHA256(dataToSign)
 }
 
-// logRequest logs request details when debug mode is enabled
+// logRequest logs request details when debug mode is enabled.
 func (c *Client) logRequest(method, url string, headers map[string]string, body string) {
 	if !c.debug {
 		return
@@ -410,7 +417,7 @@ func (c *Client) logRequest(method, url string, headers map[string]string, body
 	}
 }
 
-// logResponse logs response details when debug mode is enabled
+// logResponse logs response details when debug mode is enabled.
 func (c *Client) logResponse(statusCode int, body []byte) {
 	if !c.debug {
 		return