Add test coverage and clean up lint warnings

- Add tests for config manager (Load, Write, Delete, TokenRefresh)
- Add tests for GraphQLError, TruncateQuery, and MockClient
- Add tests for pagination, style, and errors packages
- Replace unused function params with _ across test files
- Use value receivers on captureSentry stub methods
- Collapse repeated append calls in root.go buildExampleText
- Tighten file permissions in completion install (750/600)

Author: jai-deepsource

command/completion/completion.go

@@ -11,7 +11,7 @@ func NewCmdCompletion() *cobra.Command {
 	return &cobra.Command{
 		Use:   "completion",
 		Short: "Install shell completions for bash, zsh, or fish",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			return completion.Install(cmd.Root(), os.Stderr)
 		},
 	}

command/issues/tests/issues_test.go

@@ -806,7 +806,7 @@ func TestIssuesPaginationHardCap(t *testing.T) {
 
 	mock := graphqlclient.NewMockClient()
 	callCount := 0
-	mock.QueryFunc = func(_ context.Context, query string, vars map[string]any, result any) error {
+	mock.QueryFunc = func(_ context.Context, query string, _ map[string]any, result any) error {
 		callCount++
 		return json.Unmarshal(pageJSON, result)
 	}

command/root.go

@@ -115,9 +115,7 @@ func buildExampleText() string {
 	}
 	var lines []string
 	for _, ex := range examples {
-		lines = append(lines, style.Gray("# %s", ex.comment))
-		lines = append(lines, ex.cmd)
-		lines = append(lines, "")
+		lines = append(lines, style.Gray("# %s", ex.comment), ex.cmd, "")
 	}
 	// Remove trailing blank line
 	if len(lines) > 0 {

config/manager_test.go

@@ -1,11 +1,16 @@
 package config
 
 import (
+	"os"
+	"path/filepath"
 	"testing"
 
+	"github.com/deepsourcelabs/cli/buildinfo"
 	"github.com/deepsourcelabs/cli/internal/adapters"
 	"github.com/deepsourcelabs/cli/internal/secrets"
+	"github.com/pelletier/go-toml"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type fakeSecretStore struct {
@@ -40,3 +45,151 @@ func TestManagerLoadTokenFromSecrets(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "secret-token", cfg.Token)
 }
+
+func TestManagerLoadFromFile(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+
+	configDir := filepath.Join(tempDir, buildinfo.ConfigDirName)
+	require.NoError(t, os.MkdirAll(configDir, 0o700))
+
+	tomlData := `host = "app.deepsource.io"
+user = "alice"
+token = "file-token"
+`
+	require.NoError(t, os.WriteFile(filepath.Join(configDir, ConfigFileName), []byte(tomlData), 0o644))
+
+	mgr := NewManager(adapters.NewOSFileSystem(), homeDir)
+	cfg, err := mgr.Load()
+	require.NoError(t, err)
+	assert.Equal(t, "app.deepsource.io", cfg.Host)
+	assert.Equal(t, "alice", cfg.User)
+	assert.Equal(t, "file-token", cfg.Token)
+}
+
+func TestManagerLoadNoFile(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+
+	mgr := NewManager(adapters.NewOSFileSystem(), homeDir)
+	cfg, err := mgr.Load()
+	require.NoError(t, err)
+	assert.Empty(t, cfg.Host)
+	assert.Empty(t, cfg.User)
+	assert.Empty(t, cfg.Token)
+}
+
+func TestManagerWrite(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+
+	// Use NoopStore so token stays in the TOML file
+	mgr := NewManager(adapters.NewOSFileSystem(), homeDir)
+	err := mgr.Write(&CLIConfig{
+		Host: "example.com",
+		User: "bob",
+	})
+	require.NoError(t, err)
+
+	// Read back the raw TOML
+	path := filepath.Join(tempDir, buildinfo.ConfigDirName, ConfigFileName)
+	data, err := os.ReadFile(path)
+	require.NoError(t, err)
+
+	var got CLIConfig
+	require.NoError(t, toml.Unmarshal(data, &got))
+	assert.Equal(t, "example.com", got.Host)
+	assert.Equal(t, "bob", got.User)
+}
+
+func TestManagerWriteStoresTokenInSecrets(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+	store := &fakeSecretStore{data: make(map[string]string)}
+
+	mgr := NewManagerWithSecrets(adapters.NewOSFileSystem(), homeDir, store, "mykey")
+	err := mgr.Write(&CLIConfig{
+		Host:  "example.com",
+		Token: "super-secret",
+	})
+	require.NoError(t, err)
+
+	// Token should be in secret store
+	assert.Equal(t, "super-secret", store.data["mykey"])
+
+	// Token should NOT be in the TOML file
+	path := filepath.Join(tempDir, buildinfo.ConfigDirName, ConfigFileName)
+	data, err := os.ReadFile(path)
+	require.NoError(t, err)
+
+	var got CLIConfig
+	require.NoError(t, toml.Unmarshal(data, &got))
+	assert.Empty(t, got.Token, "token should not be written to TOML when secret store succeeds")
+}
+
+func TestManagerDelete(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+	store := &fakeSecretStore{data: map[string]string{"mykey": "tok"}}
+
+	mgr := NewManagerWithSecrets(adapters.NewOSFileSystem(), homeDir, store, "mykey")
+
+	// Write a config first
+	require.NoError(t, mgr.Write(&CLIConfig{Host: "example.com", Token: "tok"}))
+
+	// Delete it
+	require.NoError(t, mgr.Delete())
+
+	// File should be gone
+	path := filepath.Join(tempDir, buildinfo.ConfigDirName, ConfigFileName)
+	_, err := os.Stat(path)
+	assert.True(t, os.IsNotExist(err), "config file should be deleted")
+
+	// Secret should be gone
+	_, ok := store.data["mykey"]
+	assert.False(t, ok, "secret should be deleted")
+}
+
+func TestManagerDeleteNonExistent(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+
+	mgr := NewManager(adapters.NewOSFileSystem(), homeDir)
+	err := mgr.Delete()
+	assert.NoError(t, err, "deleting non-existent config should not error")
+}
+
+func TestManagerTokenRefreshCallback(t *testing.T) {
+	tempDir := t.TempDir()
+	homeDir := func() (string, error) { return tempDir, nil }
+	store := &fakeSecretStore{data: make(map[string]string)}
+
+	mgr := NewManagerWithSecrets(adapters.NewOSFileSystem(), homeDir, store, "key")
+
+	// Write initial config
+	require.NoError(t, mgr.Write(&CLIConfig{Host: "example.com", User: "old@test.com", Token: "old-token"}))
+
+	// Invoke the refresh callback
+	cb := mgr.TokenRefreshCallback()
+	cb("new-token", "2030-01-01T00:00:00Z", "new@test.com")
+
+	// Reload and verify
+	cfg, err := mgr.Load()
+	require.NoError(t, err)
+	assert.Equal(t, "new-token", cfg.Token)
+	assert.Equal(t, "new@test.com", cfg.User)
+	assert.False(t, cfg.TokenExpiresIn.IsZero(), "token expiry should be set")
+}
+
+func TestNewManagerDefaults(t *testing.T) {
+	homeDir := func() (string, error) { return "/tmp", nil }
+
+	// NewManager uses NoopStore
+	mgr := NewManager(adapters.NewOSFileSystem(), homeDir)
+	assert.NotNil(t, mgr)
+
+	// nil store defaults to NoopStore, empty key defaults to KeychainKey
+	mgr2 := NewManagerWithSecrets(adapters.NewOSFileSystem(), homeDir, nil, "")
+	assert.NotNil(t, mgr2)
+	assert.Equal(t, buildinfo.KeychainKey, mgr2.secretsKey)
+}

deepsource/graphqlclient/transport_test.go

@@ -1,6 +1,8 @@
 package graphqlclient
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -77,3 +79,126 @@ func TestIsTokenExpired(t *testing.T) {
 		}
 	}
 }
+
+// --- GraphQLError tests ---
+
+func TestGraphQLError_Error(t *testing.T) {
+	err := &GraphQLError{
+		Operation: "query",
+		Query:     "{ viewer { login } }",
+		Cause:     fmt.Errorf("connection refused"),
+	}
+	want := "GraphQL query failed: connection refused"
+	if got := err.Error(); got != want {
+		t.Errorf("Error() = %q, want %q", got, want)
+	}
+}
+
+func TestGraphQLError_Unwrap(t *testing.T) {
+	cause := fmt.Errorf("root cause")
+	err := &GraphQLError{Operation: "mutation", Cause: cause}
+	if err.Unwrap() != cause {
+		t.Error("Unwrap() should return the cause")
+	}
+}
+
+// --- TruncateQuery tests ---
+
+func TestTruncateQuery_Short(t *testing.T) {
+	q := "{ viewer { login } }"
+	if got := TruncateQuery(q); got != q {
+		t.Errorf("short query should be returned as-is, got %q", got)
+	}
+}
+
+func TestTruncateQuery_Long(t *testing.T) {
+	q := strings.Repeat("a", 150)
+	got := TruncateQuery(q)
+	if len(got) != 102 { // 100 + ".."
+		t.Errorf("expected length 102, got %d", len(got))
+	}
+	if !strings.HasSuffix(got, "..") {
+		t.Errorf("expected '..' suffix, got %q", got)
+	}
+}
+
+func TestTruncateQuery_Exact100(t *testing.T) {
+	q := strings.Repeat("b", 100)
+	if got := TruncateQuery(q); got != q {
+		t.Error("100-char query should be returned as-is")
+	}
+}
+
+// --- wrapper tests ---
+
+func TestNew(t *testing.T) {
+	client := New("https://api.deepsource.com/graphql/", "tok")
+	if client == nil {
+		t.Fatal("New() returned nil")
+	}
+}
+
+func TestSetAuthToken(t *testing.T) {
+	client := New("https://api.deepsource.com/graphql/", "old-token")
+	client.SetAuthToken("new-token")
+	// Verify via the wrapper's internal state
+	w, ok := client.(*wrapper)
+	if !ok {
+		t.Fatal("expected *wrapper type")
+	}
+	if w.token != "new-token" {
+		t.Errorf("token = %q, want %q", w.token, "new-token")
+	}
+}
+
+func TestMockClient_QueryDelegation(t *testing.T) {
+	called := false
+	mock := NewMockClient()
+	mock.QueryFunc = func(ctx context.Context, query string, vars map[string]any, result any) error {
+		called = true
+		if query != "{ viewer }" {
+			t.Errorf("query = %q, want %q", query, "{ viewer }")
+		}
+		return nil
+	}
+
+	err := mock.Query(context.Background(), "{ viewer }", nil, nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !called {
+		t.Error("QueryFunc was not called")
+	}
+}
+
+func TestMockClient_MutateDelegation(t *testing.T) {
+	wantErr := errors.New("mutation failed")
+	mock := NewMockClient()
+	mock.MutateFunc = func(ctx context.Context, mutation string, vars map[string]any, result any) error {
+		return wantErr
+	}
+
+	err := mock.Mutate(context.Background(), "mutation { ... }", nil, nil)
+	if err != wantErr {
+		t.Errorf("err = %v, want %v", err, wantErr)
+	}
+}
+
+func TestMockClient_NilFuncs(t *testing.T) {
+	mock := NewMockClient()
+	// Nil QueryFunc/MutateFunc should return nil
+	if err := mock.Query(context.Background(), "", nil, nil); err != nil {
+		t.Errorf("nil QueryFunc should return nil, got %v", err)
+	}
+	if err := mock.Mutate(context.Background(), "", nil, nil); err != nil {
+		t.Errorf("nil MutateFunc should return nil, got %v", err)
+	}
+}
+
+func TestMockClient_SetAuthToken(t *testing.T) {
+	mock := NewMockClient()
+	mock.SetAuthToken("test-token")
+	if mock.token != "test-token" {
+		t.Errorf("token = %q, want %q", mock.token, "test-token")
+	}
+}

deepsource/pagination/pagination_test.go

@@ -0,0 +1,61 @@
+package pagination
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func TestConstants(t *testing.T) {
+	if DefaultPageSize != 100 {
+		t.Errorf("DefaultPageSize = %d, want 100", DefaultPageSize)
+	}
+	if NestedPageSize != 500 {
+		t.Errorf("NestedPageSize = %d, want 500", NestedPageSize)
+	}
+	if MaxResults != 1000 {
+		t.Errorf("MaxResults = %d, want 1000", MaxResults)
+	}
+}
+
+func TestPageInfo_JSONRoundTrip(t *testing.T) {
+	cursor := "abc123"
+	original := PageInfo{HasNextPage: true, EndCursor: &cursor}
+
+	data, err := json.Marshal(original)
+	if err != nil {
+		t.Fatalf("Marshal: %v", err)
+	}
+
+	var decoded PageInfo
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		t.Fatalf("Unmarshal: %v", err)
+	}
+
+	if decoded.HasNextPage != original.HasNextPage {
+		t.Errorf("HasNextPage = %v, want %v", decoded.HasNextPage, original.HasNextPage)
+	}
+	if decoded.EndCursor == nil || *decoded.EndCursor != cursor {
+		t.Errorf("EndCursor = %v, want %q", decoded.EndCursor, cursor)
+	}
+}
+
+func TestPageInfo_NilCursor(t *testing.T) {
+	original := PageInfo{HasNextPage: false, EndCursor: nil}
+
+	data, err := json.Marshal(original)
+	if err != nil {
+		t.Fatalf("Marshal: %v", err)
+	}
+
+	var decoded PageInfo
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		t.Fatalf("Unmarshal: %v", err)
+	}
+
+	if decoded.HasNextPage != false {
+		t.Error("HasNextPage should be false")
+	}
+	if decoded.EndCursor != nil {
+		t.Errorf("EndCursor should be nil, got %v", decoded.EndCursor)
+	}
+}