[dead-code] chore: remove dead functions — 1 function removed

[github-actions]

[dead-code] chore: remove dead functions — 1 function removed

Summary

Removes the unused hasBashWildcardInTools helper function from pkg/workflow/claude_tools.go and its corresponding test suite from pkg/workflow/claude_engine_tools_test.go. No call sites remain; this is a pure dead-code cleanup with no behaviour change.

---

Changes by file

File	Change type	Impact	Breaking
pkg/workflow/claude_tools.go	modified	high	false
pkg/workflow/claude_engine_tools_test.go	modified	medium	false

---

Detailed file changes

pkg/workflow/claude_tools.go — deleted function

• Removed hasBashWildcardInTools(tools map[string]any) bool.
• The function inspected the neutral tools map for unrestricted bash access via three patterns: bash: true, bash: nil, and bash: ["*"] / bash: [":*"].
• Classified as high impact because the function touched security-adjacent logic (detecting unrestricted bash in tool definitions), even though no caller existed.

pkg/workflow/claude_engine_tools_test.go — deleted tests

• Removed TestHasBashWildcardInTools and all its table-driven sub-cases that exercised the deleted helper.
• Classified as medium impact (test-only surface, but the removed coverage was non-trivial).

---

Risk assessment

• Behaviour change: None. Function had no callers.
• Security surface: The deleted function was detection logic (read-only analysis), not enforcement; removing it does not weaken any access control path.
• Test coverage: Only the tests for the deleted function are removed; no other test coverage is affected.
• Rollback: Trivial — revert the two file edits.

---

Agentic analysis hints

• dead_code_label: hasBashWildcardInTools
• affected_packages: pkg/workflow
• deleted_symbols: hasBashWildcardInTools
• deleted_tests: TestHasBashWildcardInTools
• commit: b136dc47a
• pr_category: dead-code / chore
• requires_migration: false
• requires_config_change: false
• touches_security_logic: true (detection only, not enforcement)

Generated by PR Description Updater for issue #34674 · sonnet46 778.9K · ◷

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

No test files were added or modified in this PR. Test Quality Sentinel skipped. PR #34674 is a dead-code removal that only deletes the TestHasBashWildcardInTools test function (along with its corresponding production function hasBashWildcardInTools). No new or changed tests to analyze.

[github-actions]

✅ PR Code Quality Reviewer completed the code quality review.

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #34674 does not have the 'implementation' label and has 0 new lines in default business logic directories (threshold: 100).

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[Copilot]

Pull request overview

Removes a Go helper and its associated unit test that were identified as unreachable by the deadcode static analyzer, reducing maintenance surface in the workflow tooling layer.

Changes:

• Deleted hasBashWildcardInTools from pkg/workflow/claude_tools.go.
• Removed TestHasBashWildcardInTools from pkg/workflow/claude_engine_tools_test.go.
• Confirmed there are no remaining references to hasBashWildcardInTools in the Go codebase.

Show a summary per file

File	Description
pkg/workflow/claude_tools.go	Removes the unused hasBashWildcardInTools helper.
pkg/workflow/claude_engine_tools_test.go	Removes the unit test that only covered the deleted helper.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 0

[github-actions]

Dead code removal is correct — one documentation gap remains

The removal is valid: hasBashWildcardInTools was already decoupled from the permission-mode selection path in a prior commit (the claude_engine_test.go test names — "bash wildcard * no longer forces bypassPermissions" etc. — make this explicit). Deleting both the function and its test is the right cleanup.

Documentation gap (not blocking — already merged): AGENTS.md line 721 still reads:

hasBashWildcardInTools() in claude_tools.go determines which mode is selected — changes here affect the security boundary

This is now stale. A follow-up commit should update that section to describe the actual current mechanism (engine.permission-mode override field + stripClaudePermissionModeArgs) so future contributors do not search for a function that no longer exists.

🔎 Code quality review by PR Code Quality Reviewer · sonnet46 818.3K

[github-actions]

Skills-Based Review 🧠

Applied /zoom-out — clean dead-code removal; one documentation note.

📋 Key Themes & Highlights

Key Themes

• AGENTS.md is now stale: The security-model section ("Claude Engine Tool Enforcement Security Model") still references hasBashWildcardInTools() as the function that determines which permission mode is selected, and describes bypassPermissions as being auto-selected for bash: "*" workflows — but neither of those things is true anymore. The current claude_engine.go defaults to acceptEdits and only switches to auto via isEditToolExplicitlyDisabled, never to bypassPermissions automatically. AGENTS.md lines 715, 721 should be updated to reflect the current behavior.
• The removal itself is correct: deadcode confirmed no live call site existed; go build and go vet pass; the 9-case test suite is appropriately retired alongside the function it covered.

Positive Highlights

• ✅ Pure deletion — zero additions, no risk of introducing new bugs
• ✅ Build and vet verified before opening the PR
• ✅ Well-documented PR description explaining before/after dead-function count

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · sonnet46 1.2M