fix(go): fix command serialization bugs

[saie-ch]

Bugs Fixed:

Permissions.MarshalBinary() - Fixed missing continuation flags between stream/topic entries. The serializer wasn't writing 1-byte flags
(1=has_next, 0=no_next) after each entry, causing the server to incorrectly parse permission data and potentially grant wrong permissions. Also
added len() > 0 checks to match Rust SDK's behavior of skipping empty maps.

Note: Does NOT fix #2980, #2981, #2982 (missing 4-byte permissions_len field before permissions data - those are separate issues found during the review of #2973).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.95%. Comparing base (5cc7c37) to head (231c531).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3015      +/-   ##
============================================
+ Coverage     71.88%   71.95%   +0.06%     
  Complexity      930      930              
============================================
  Files          1118     1120       +2     
  Lines         92992    93179     +187     
  Branches      70513    70513              
============================================
+ Hits          66851    67043     +192     
+ Misses        23582    23578       -4     
+ Partials       2559     2558       -1     

Flag	Coverage Δ
go	38.97% <100.00%> (+2.58%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
foreign/go/contracts/users.go	100.00% <100.00%> (+7.57%)	⬆️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[saie-ch]

@chengxilo could you please check this?

[hubcio]

PR description is not good enough. please make it more meaningful: what bug was that, how did it manifest and how was it fixed. prefer on describing why instead of what.

[ryankert01]

I think it's better to add a test to prevent regression

[saie-ch]

I think it's better to add a test to prevent regression

we are adding tests in #2973

[hubcio]

@saie-ch so why these tests passed? do those commits overlap?

[saie-ch]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to?
For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

[chengxilo]

I think it's better to add a test to prevent regression

we are adding tests in #2973

In this PR, you better only address the problem of Permissions

Permissions.MarshalBinary() - Fixed missing continuation flags between stream/topic entries. The serializer wasn't writing 1-byte flags (1=has_next, 0=no_next) after each entry, causing the server to incorrectly parse permission data and potentially grant wrong permissions. Also added len() > 0 checks to match Rust SDK's behavior of skipping empty maps.

For the following changes related to commands, it would be better to address them in #2973, since they were discovered while you implementing command tests(and more importantly, they are logic of commands):

CreateUser - Fixed capacity calculation that didn't account for individual length prefix bytes. Was allocating 4 + len(username) + len(password) but needed 1 + len(username) + 1 + len(password) + 1 + 1 for proper byte accounting. Also removed double-counted permissions flag byte.

UpdatePermissions - Fixed panic when writing has_permissions flag. Buffer was allocated as len(userIdBytes) without the required 1-byte flag, causing index-out-of-bounds when accessing bytes[position]. Now allocates len(userIdBytes) + 1.

UpdateUser - Fixed panic from insufficient buffer allocation (missing flag bytes) and removed input mutation side effect. Method was modifying caller's struct by allocating new(string) when Username was nil. Now uses read-only access with proper buffer sizing: len(userIdBytes) + 2 for both flags.

Regarding this part

Note: Does NOT fix #2980, #2981, #2982 (missing 4-byte permissions_len field before permissions data - those are separate issues found during the review of #2973).

I’m still a bit confused why we tend to separate bug fixes and tests into different PRs. In many cases, writing tests alongside the fix makes it easier to validate the implementation immediately ^v^.

[chengxilo]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to? For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

Sorry for making you confused, actually you just need to use a seperate PR to solve the problem of iggon.Permissions since it's not in the scope of that PR. 😢

[chengxilo]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to? For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

Also I think the tests @hubcio refering to is the tests you implemented for command. As those tests passed it bascially means they didn't detect the bug in iggon.Permission , that's why @hubcio and @ryankert01 are requesting you to add a test, because we don't have a proper test for the iggon.Permission.

[saie-ch]

@chengxilo I misunderstood the original review feedback and thought the suggestion was to separate ALL bug fixes from the tests.

Now:
Permissions fix -> Should be in a separate PR (this one).
Command fixes -> Should stay in #2973
I'll add a unit test for permissions in this PR too.