You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Analysis of repository: github/gh-aw-mcpg Workflow run: §28755174481
Overview
This report analyzes all 149 non-test Go source files across 24 packages in internal/, cataloging 929 functions/methods. The analysis identifies semantic clusters, outliers, and near-duplicate patterns. The codebase is generally well-organized; findings below are refactoring opportunities rather than critical defects.
Analysis Metadata
Total Go Files Analyzed: 149 (non-test, in internal/)
Total Functions/Methods Cataloged: 929
Packages Analyzed: 24
Top packages by function count: server (130), config (128), difc (115), logger (107), guard (75)
Issue: Two packages independently implement a function to format a session ID for logging.
File
Function
Behavior
internal/launcher/log_helpers.go
sessionSuffix(sessionID string) string
Returns " for session '<id>'" or ""
internal/server/log_helpers.go
truncateSessionID(sessionID string) string
Returns first 8 chars or "(none)"
While the exact output differs, both serve the same purpose: producing a log-safe representation of a session ID. The launcher variant doesn't truncate at all, which may leak full session IDs into logs.
Recommendation: Consolidate into internal/util with a shared FormatSessionIDForLog(sessionID string) string function. This also fixes the missing truncation in the launcher path.
Estimated Impact: Consistent session ID logging across all packages, reduced duplication.
2. Parallel Rate-Limit Reset Parsers
Issue: Two different implementations parse GitHub rate-limit reset times with different input formats.
The files even have cross-references in comments acknowledging each other's existence — a code smell indicating they should share a home. Both handle the same concern (deriving a time.Time from GitHub rate-limit data).
Recommendation: Consolidate both into internal/githubhttp/ (e.g., a new internal/githubhttp/ratelimit.go), since rate-limit handling is GitHub-specific. The server package can import it.
Estimated Impact: Centralized rate-limit parsing, easier to update when the GitHub API changes.
3. truncateSanitized is a Trivial Alias in logger/rpc_format.go
This is a one-liner alias for util.Truncate with no added behavior. The sibling truncateAndSanitize is meaningful (chains sanitization + truncation). This alias adds indirection without value.
Recommendation: Remove truncateSanitized and call util.Truncate(sanitized, maxLength) directly at the two call sites.
Estimated Impact: Minor — reduces unnecessary indirection.
4. IsSingularReadTool in difc/evaluator.go — Potential Misplacement
This is a tool-naming convention helper that classifies MCP tool names by name prefix. It doesn't use any DIFC types or labels — it's a pure string classification utility in a file with 18 complex DIFC evaluation functions.
Recommendation: Move to internal/mcp/helpers.go or a new internal/difc/tool_helpers.go to separate it from the core DIFC evaluation logic.
Estimated Impact: Better discoverability — developers looking for tool-naming utilities will find them in the MCP package.
5. CreateHTTPServerForRoutedMode Co-location
Issue: internal/server/routed.go contains CreateHTTPServerForRoutedMode, while internal/server/http_server.go contains CreateHTTPServerForMCP. Both are public HTTP server factory functions that call the same buildMCPHTTPServer helper (defined in http_server.go).
routed.go currently holds only 3 functions, with the server-creation concern mixed with routing logic.
Recommendation: Move CreateHTTPServerForRoutedMode to http_server.go to co-locate all HTTP server factory functions. Leave pure routing logic (route registration, filtered server cache setup) in routed.go.
Estimated Impact: Clearer file responsibility — http_server.go owns all HTTP server creation.
🔧 Semantic Function Clustering Analysis
Analysis of repository: github/gh-aw-mcpg
Workflow run: §28755174481
Overview
This report analyzes all 149 non-test Go source files across 24 packages in
internal/, cataloging 929 functions/methods. The analysis identifies semantic clusters, outliers, and near-duplicate patterns. The codebase is generally well-organized; findings below are refactoring opportunities rather than critical defects.Analysis Metadata
internal/)server(130),config(128),difc(115),logger(107),guard(75)Identified Issues
1. Parallel
sessionSuffix/truncateSessionIDFunctionsIssue: Two packages independently implement a function to format a session ID for logging.
internal/launcher/log_helpers.gosessionSuffix(sessionID string) string" for session '<id>'"or""internal/server/log_helpers.gotruncateSessionID(sessionID string) string"(none)"While the exact output differs, both serve the same purpose: producing a log-safe representation of a session ID. The
launchervariant doesn't truncate at all, which may leak full session IDs into logs.Recommendation: Consolidate into
internal/utilwith a sharedFormatSessionIDForLog(sessionID string) stringfunction. This also fixes the missing truncation in the launcher path.Estimated Impact: Consistent session ID logging across all packages, reduced duplication.
2. Parallel Rate-Limit Reset Parsers
Issue: Two different implementations parse GitHub rate-limit reset times with different input formats.
internal/githubhttp/client.goParseRateLimitResetHeader(value string) time.Timeinternal/server/rate_limit.goparseRateLimitResetFromText(text string) time.TimeThe files even have cross-references in comments acknowledging each other's existence — a code smell indicating they should share a home. Both handle the same concern (deriving a
time.Timefrom GitHub rate-limit data).Recommendation: Consolidate both into
internal/githubhttp/(e.g., a newinternal/githubhttp/ratelimit.go), since rate-limit handling is GitHub-specific. Theserverpackage can import it.Estimated Impact: Centralized rate-limit parsing, easier to update when the GitHub API changes.
3.
truncateSanitizedis a Trivial Alias inlogger/rpc_format.goIssue:
internal/logger/rpc_format.godefines:This is a one-liner alias for
util.Truncatewith no added behavior. The siblingtruncateAndSanitizeis meaningful (chains sanitization + truncation). This alias adds indirection without value.Recommendation: Remove
truncateSanitizedand callutil.Truncate(sanitized, maxLength)directly at the two call sites.Estimated Impact: Minor — reduces unnecessary indirection.
4.
IsSingularReadToolindifc/evaluator.go— Potential MisplacementIssue:
internal/difc/evaluator.gocontains:This is a tool-naming convention helper that classifies MCP tool names by name prefix. It doesn't use any DIFC types or labels — it's a pure string classification utility in a file with 18 complex DIFC evaluation functions.
Recommendation: Move to
internal/mcp/helpers.goor a newinternal/difc/tool_helpers.goto separate it from the core DIFC evaluation logic.Estimated Impact: Better discoverability — developers looking for tool-naming utilities will find them in the MCP package.
5.
CreateHTTPServerForRoutedModeCo-locationIssue:
internal/server/routed.gocontainsCreateHTTPServerForRoutedMode, whileinternal/server/http_server.gocontainsCreateHTTPServerForMCP. Both are public HTTP server factory functions that call the samebuildMCPHTTPServerhelper (defined inhttp_server.go).routed.gocurrently holds only 3 functions, with the server-creation concern mixed with routing logic.Recommendation: Move
CreateHTTPServerForRoutedModetohttp_server.goto co-locate all HTTP server factory functions. Leave pure routing logic (route registration, filtered server cache setup) inrouted.go.Estimated Impact: Clearer file responsibility —
http_server.goowns all HTTP server creation.Function Cluster Summary
Well-Organized Clusters ✓
internal/config/validation*.go(8 files)internal/difc/(8 files)internal/guard/(9 files)internal/logger/(13 files)internal/httputil/+server/response_writer.goserver.responseWritercorrectly embedshttputil.BaseResponseWriterIntentional Patterns (No Action Needed)
rejectAuthRequest/rejectHMACRequest: Thin wrappers aroundrejectRequest— correctly documented as the intended pattern inhttp_helpers.go.InitFileLogger,InitMarkdownLogger, etc.: 7 separate logger init functions — intentional design for independent loggers dispatched viainitLoggerSet.envutil/expand_env_args.govsconfig/expand.go: Different expansion concerns (Docker-eflags vs${VAR}syntax in config JSON) — correct separation.Refactoring Recommendations by Priority
Priority 1: High Impact
Consolidate session ID formatting (Issue Configure as a Go CLI tool #1)
sessionSuffix/truncateSessionIDinto sharedinternal/utilutilityCentralize rate-limit reset parsing (Issue Lpcox/initial implementation #2)
parseRateLimitResetFromTexttointernal/githubhttp/Priority 2: Medium Impact
Remove
truncateSanitizedalias (Issue Lpcox/initial implementation #3)util.TruncatedirectlyMove
IsSingularReadToolto MCP package (Issue Lpcox/add difc #4)internal/mcp/helpers.godifc/andserver/Move
CreateHTTPServerForRoutedModetohttp_server.go(Issue Updated Dockerfile #5)Implementation Checklist
sessionSuffix/truncateSessionIDinto shared utility with proper truncationinternal/githubhttp/truncateSanitizedalias; callutil.TruncatedirectlyIsSingularReadTooltointernal/mcp/helpers.goCreateHTTPServerForRoutedModetohttp_server.gomake agent-finishedafter each refactor to verify no regressionsReferences:
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.