[sergo] Sergo Report: timesleepnocontext First-Audit (Deferred-Cleanup FP + Enforce) - 2026-06-15

[github-actions[bot]]

Executive Summary

Run R37. The custom-linter registry grew 28 → 29 analyzers since R36. Doc surfaces have largely healed (doc.go All 29, spec_test synced to 29) and CI enforcement advanced 13 → 14 flags (-timeafterleak landed — R36's sg36a1 work shipped). With the new-linter trail well-covered, this run did the first-ever precision audit of timesleepnocontext (the 26th linter), surfacing a clean novel false-positive plus an enforce-readiness path. 2 issues created.

Tool / Registry Updates

• Serena LSP: unchanged at 23 tools (stable R4–R37).
• Linter registry: cmd/linters/main.go multichecker.Main now lists 29 analyzers (was 28). The new 29th sits among five style/quality linters Sergo has never audited (errorfwrapv, errormessage, excessivefuncparams, largefunc, ssljson); the shallow clone (HEAD ebeda50, unrelated) prevents git-dating exactly which is newest.
• Doc-sync (recurring gap) — improving: doc.go now says All 29 and spec_test.documentedAnalyzers() has 29 entries. Residual: the doc.go bullet list has only 28 bullets, missing the hardcodedfilepath bullet. Open issue doc-sync: linters/doc.go still says "All 24 active analyzers" after two new linters (hardcodedfilepath, timesleepnocontext) land [Content truncated due to length] #38787 covers doc-sync intent → not refiled.
• CI enforce: cgo.yml:1123 LINTER_FLAGS = 14 (added -timeafterleak). timesleepnocontext remains unenforced.

Strategy — 50 / 50 Split

Name: tool-change-29th-detect + FIRST timesleepnocontext precision audit (deferred-cleanup FP + enforce-readiness)

• Cached component (proven enforce-readiness pattern): grep the analyzer's full run scope (./cmd/... ./pkg/...) for the target call, map each site to its enclosing function signature, and distinguish real violations from non-matches. This pattern has landed repeatedly (tolowerequalfold tolowerequalfold: convert 13 ToLower/ToUpper equality sites to strings.EqualFold, then enforce in CI #37250, httpnoctx httpnoctx (27th linter): 3 prod *http.Client.Get calls omit context — convert to NewRequestWithContext+Do, then enforce in CI #39016, timeafterleak timeafterleak (28th linter): 3 prod loop+select time.After sites leak a timer per iteration — convert to time.NewTimer/Stop, the [Content truncated due to length] #39180-enforced).
• New exploration: timesleepnocontext (26th linter) had never been audited. Read the analyzer end-to-end, validated detection precision, and stress-tested the FuncLit-boundary handling — a dimension prior audits (which were on non-closure-crossing linters) never exercised.
• Run targets: ≤3 evidence-backed, non-duplicate issues; full reconciliation of prior open issues; cache + discussion refresh.

Findings

timesleepnocontext detection is clean — it resolves time.Sleep by package type-identity (ObjectOf → *types.PkgName → Imported().Path() == "time"), skips test files, and matches the ctx param via types.Identical. No syntactic-shadow bug. The issue is in how it attributes an outer function's context to a sleep inside a nested closure.

sg37a1 — False positive on deferred cleanup closures

The diagnostic loop walks enclosing funcs outward across both FuncDecl and FuncLit, and when an inner FuncLit lacks its own ctx param it falls through to the outer function's ctx. This is intentional for goroutine closures (go func(){ time.Sleep }(), tested by BadGoroutineWithCtx), but it also fires for deferred cleanup closures.

Real site — pkg/cli/mcp_inspect.go:131-148, inside InspectWorkflowMCP(ctx context.Context, ...):

defer func() {
    _ = cmd.Process.Signal(os.Interrupt) // graceful
    time.Sleep(mcpScriptsServerShutdownDelay) // <- FLAGGED via outer ctx
    _ = cmd.Process.Kill() // force
}()

This sleep is the graceful SIGINT → SIGKILL window. Rewriting it as select { case <-ctx.Done(): } would skip the window exactly when ctx is cancelled (when cleanup runs) — semantically wrong. Fix: treat a DeferStmt-wrapped FuncLit as a boundary (stop the search); keep GoStmt closures flagged.

sg37a2 — Enforce-readiness sweep

All 11 non-test time.Sleep calls across the analyzer's run scope mapped to their enclosing function:

Site	Enclosing function	ctx param?
docker_validation.go:219	validateDockerImage(...)	no
run_workflow_tracking.go:73	getLatestWorkflowRunWithRetry(...)	no
trial_repository.go:156	ensureTrialRepository(...)	no
logs_rate_limit.go:87/97/110/121	checkAndWaitForRateLimit(verbose)	no
mcp_inspect_inspector.go:164/208	spawnMCPInspector(...)	no
update_extension_check.go:411	cleanupStaleWindowsBackups(...)	no
mcp_inspect.go:138	InspectWorkflowMCP(ctx, ...) (defer)	yes — the FP

The only flagged production site is the deferred-cleanup FP. After sg37a1, zero real violations remain → append -timesleepnocontext to cgo.yml:1123.

Generated Tasks → Issues Created

1. sg37a1 — timesleepnocontext precision: FP on time.Sleep inside deferred cleanup closures. Single-file analyzer change + one testdata case.
2. sg37a2 — timesleepnocontext enforce-readiness: zero prod violations after the FP fix; add the CI flag. Blocked by sg37a1.

Metrics

Metric	Value
Run	R37 (37 total)
Findings	6
Issues created	2 (sg37a1, sg37a2)
Success score	9 / 10
Avg score (lifetime)	8.78
Registry	29 analyzers (28→29)
CI-enforced	14 flags (13→14, +timeafterleak)

Historical Context / Reconciliation

• Landed: -timeafterleak now in CI → R36 sg36a1 (timeafterleak (28th linter): 3 prod loop+select time.After sites leak a timer per iteration — convert to time.NewTimer/Stop, the [Content truncated due to length] #39180) enforcement shipped (issue still shows open; may auto-close). R36 sg35a1/a2 (httpnoctx (27th linter): 3 prod *http.Client.Get calls omit context — convert to NewRequestWithContext+Do, then enforce in CI #39016/httpnoctx precision: isHTTPClientReceiver only matches *http.Client pointers — value & embedded http.Client receivers escape (la [Content truncated due to length] #39017) httpnoctx landed earlier.
• Still open: timeafterleak (28th linter): 3 prod loop+select time.After sites leak a timer per iteration — convert to time.NewTimer/Stop, the [Content truncated due to length] #39180/timeafterleak precision: a stored time.After channel (timer := time.After(d); <-timer) inside a loop+select escapes detection — [Content truncated due to length] #39181 (timeafterleak, 1d); doc-sync: linters/doc.go still says "All 24 active analyzers" after two new linters (hardcodedfilepath, timesleepnocontext) land [Content truncated due to length] #38787/hardcodedfilepath precision: hasFormatVerb misses flag/width/precision verbs (%05d, %-10s, %8.2f) and 9 verb letters (%x %t %c % [Content truncated due to length] #38788/ctxbackground precision: isContextBackgroundCall matches identifier name "context" syntactically while the same file detects the [Content truncated due to length] #38789 (doc-sync, hardcodedfilepath FP, ctxbackground precision — 3d); execcommandwithoutcontext precision: false positive on nil-guarded exec.Command fallback — autofix injects a nil context that pa [Content truncated due to length] #38281/execcommandwithoutcontext enforce-readiness: propagate context in connectStdioMCPServer (2 sites), add nolint support, then enfo [Content truncated due to length] #38282 (execcommand, 5d — complex control-flow, reverify R38, report if ≥6d).

Recommendations / Next-Run Focus (R38)

• Reconcile sg37a1/a2 posting + landing; reverify the aging execcommand pair (execcommandwithoutcontext precision: false positive on nil-guarded exec.Command fallback — autofix injects a nil context that pa [Content truncated due to length] #38281/execcommandwithoutcontext enforce-readiness: propagate context in connectStdioMCPServer (2 sites), add nolint support, then enfo [Content truncated due to length] #38282) and report/noop if ≥6d.
• Watch for a 30th linter via registry-count delta.
• Begin first audits of the never-touched style linters (errormessage changed-file scoping, excessivefuncparams/largefunc threshold config, errorfwrapv %v→%w type-identity, ssljson artifact-spec edges).
• New reusable heuristic recorded: FuncLit-kind matters — ctx-inheritance linters must distinguish GoStmt (flag) from DeferStmt cleanup (don't flag).

References:

• §27525869216

Generated by 🤖 Sergo - Serena Go Expert · 280.5 AIC · ⌖ 13.9 AIC · ⊞ 5.3K · ◷

• expires on Jun 15, 2026, 9:37 PM UTC-08:00

[github-actions[bot]]

This discussion has been marked as outdated by Sergo - Serena Go Expert.

A newer discussion is available at Discussion #39495.