chore: resolve advanced lint issues and improve test coverage to 64.8%

[poyrazK]

Overview

This PR resolves remaining advanced linter issues (specifically forcetypeassert) and significantly improves codebase test coverage, reaching 64.8%.

Changes

Lint and Error Handling

• Resolved all forcetypeassert violations by using safe comma-ok type assertions.
• Standardized error handling by aliasing standard library errors as stdlib_errors and using errors.Is/errors.As.
• Improved error wrapping across repository adapters (LVM, Libvirt).

Test Coverage Improvements

Added or expanded unit tests for the following components:

• Services: Auth lockout logic, API key caching, Gateway route management, Dashboard stats, and more.
• Workers: Accounting, Metrics Collector, and Cluster Reconciler loops.
• Repositories: Comprehensive coverage for Postgres repositories (Cluster, Cron, Autoscaling) and the Libvirt adapter.
• Adapters: Firecracker noop adapter now has 100% coverage.

Architecture and Main Entry Point

• Restructured cmd/api/main.go into granular helper functions (run, initInfrastructure, initBackends) for better maintainability and testability.
• Updated worker initialization to be more robust and configurable.
• Resolved accidental code duplication in the main API entry point.

Verification

• make test passes all unit tests.
• Statement coverage verified at 64.8%.

[Copilot]

Pull request overview

Copilot reviewed 247 out of 249 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 250 out of 252 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This syscall.Exec call is likely to trigger gosec G204 (subprocess launched with variable / user-controlled args). The previous //nolint:gosec suppression was removed, but .golangci.yml does not exclude G204, so CI may fail. Add back an explicit suppression with a short justification, or refactor in a way that satisfies gosec (if possible).

Suggested change

	allArgs := append([]string{"ssh"}, sshArgs...)
	allArgs := append([]string{"ssh"}, sshArgs...)
	//nolint:gosec // ssh is executed directly (no shell); user-controlled args are expected for interactive SSH

[Copilot]

setupSubnetServiceTest calls t.Helper() twice; the second call is redundant. Removing the duplicate keeps the test helper consistent and avoids unnecessary lint noise.

[Copilot]

Pull request overview

Copilot reviewed 250 out of 252 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 251 out of 253 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 241 out of 317 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The import of stdlib_errors should be placed after standard library imports and before third-party imports, following the conventional Go import ordering.

Suggested change

	stdlib_errors "errors"
	"time"
	"time"
	stdlib_errors "errors"

[Copilot]

Duplicate t.Helper() call should be removed. Only one call is needed.

Suggested change

t.Helper()

[Copilot]

The database cleanup is now registered but the old deferred cleanup pattern was likely present. Verify that there are no duplicate cleanup mechanisms that could cause issues.

[Copilot]

Returning different errors based on whether the user exists could allow user enumeration attacks. Consider always returning nil or a generic message for security, regardless of whether the user exists or not.

Suggested change

	// Mask user existence for security, but return other errors
	if errors.Is(err, errors.NotFound) {
	return nil
	}
	return err
	// Mask user existence for security while avoiding leaking internal errors.
	if errors.Is(err, errors.NotFound) {
	return nil
	}
	s.logger.Error("failed to get user by email for password reset", "email", email, "error", err)
	return stdlib_errors.New("could not process password reset request")

[Copilot]

Pull request overview

Copilot reviewed 241 out of 318 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The import of stdlib_errors should be placed after the standard library import block and before third-party imports to maintain proper import grouping.

Suggested change

	"context"
	"context"

[Copilot]

The t.Helper() call should be placed after the testing.Short() check to avoid unnecessary helper marking when the test is skipped.

Suggested change

	t.Helper()
	if testing.Short() {
	t.Skip("Skipping integration test in short mode")
	}
	if testing.Short() {
	t.Skip("Skipping integration test in short mode")
	}
	t.Helper()

[Copilot]

Removed blank line between function definitions is inconsistent with Go formatting conventions. Consider restoring the blank line for better readability.

Suggested change

	}
	}

[Copilot]

The unused mockImageService instance svc is created but not returned, which may indicate incomplete refactoring. Consider either returning it or documenting why it's needed for side effects only.

[Copilot]

Blank line added at the beginning of the YAML file serves no purpose and should be removed.

Suggested change