fix(lint): fix all linting errors

- Check BindEnv return values in config.go
- Add bounds checks for int->int32/uint32 conversions to prevent overflow
- Remove unused test helper functions

cmd/audit-service/audit_service_fx.go

@@ -5,6 +5,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"math"
 	"net"
 	"time"
 
@@ -275,9 +276,13 @@ func (s *auditServerImpl) Query(ctx context.Context, req *auditv1.QueryRequest)
 		})
 	}
 
+	total := len(protoEntries)
+	if total > math.MaxInt32 {
+		total = math.MaxInt32
+	}
 	return &auditv1.QueryResponse{
 		Entries: protoEntries,
-		Total:   int32(len(protoEntries)),
+		Total:   int32(total),
 	}, nil
 }
 

cmd/identity-service/identity_service_fx.go

@@ -8,6 +8,7 @@ import (
 	"crypto/subtle"
 	"encoding/base64"
 	"fmt"
+	"math"
 	"net"
 	"strings"
 	"time"
@@ -72,7 +73,11 @@ func verifyPassword(password, hash string) (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(len(expectedHash)))
+	hashLen := len(expectedHash)
+	if hashLen < 0 || hashLen > math.MaxUint32 {
+		return false, fmt.Errorf("invalid hash length: %d", hashLen)
+	}
+	actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(hashLen))
 	return subtle.ConstantTimeCompare(expectedHash, actualHash) == 1, nil
 }