fix(lint): fix all linting errors

- Check BindEnv return values in config.go
- Add bounds checks for int->int32/uint32 conversions to prevent overflow
- Remove unused test helper functions

cmd/audit-service/audit_service_fx.go

@@ -5,6 +5,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"math"
 	"net"
 	"time"
 
@@ -275,9 +276,13 @@ func (s *auditServerImpl) Query(ctx context.Context, req *auditv1.QueryRequest)
 		})
 	}
 
+	total := len(protoEntries)
+	if total > math.MaxInt32 {
+		total = math.MaxInt32
+	}
 	return &auditv1.QueryResponse{
 		Entries: protoEntries,
-		Total:   int32(len(protoEntries)),
+		Total:   int32(total),
 	}, nil
 }
 

cmd/identity-service/identity_service_fx.go

@@ -8,6 +8,7 @@ import (
 	"crypto/subtle"
 	"encoding/base64"
 	"fmt"
+	"math"
 	"net"
 	"strings"
 	"time"
@@ -72,7 +73,11 @@ func verifyPassword(password, hash string) (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(len(expectedHash)))
+	hashLen := len(expectedHash)
+	if hashLen < 0 || hashLen > math.MaxUint32 {
+		return false, fmt.Errorf("invalid hash length: %d", hashLen)
+	}
+	actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(hashLen))
 	return subtle.ConstantTimeCompare(expectedHash, actualHash) == 1, nil
 }
 

internal/client/grpc/audit_client.go

@@ -4,6 +4,7 @@ package grpc
 import (
 	"context"
 	"fmt"
+	"math"
 
 	auditv1 "git.dcentral.systems/toolz/goplt/api/proto/generated/audit/v1"
 	"git.dcentral.systems/toolz/goplt/pkg/registry"
@@ -86,9 +87,17 @@ func (c *AuditClient) Query(ctx context.Context, filters *services.AuditLogFilte
 		return nil, err
 	}
 
+	limit := filters.Limit
+	if limit > math.MaxInt32 {
+		limit = math.MaxInt32
+	}
+	offset := filters.Offset
+	if offset > math.MaxInt32 {
+		offset = math.MaxInt32
+	}
 	req := &auditv1.QueryRequest{
-		Limit:  int32(filters.Limit),
+		Limit:  int32(limit),
-		Offset: int32(filters.Offset),
+		Offset: int32(offset),
 	}
 
 	if filters.UserID != nil {

internal/config/config.go

@@ -100,9 +100,15 @@ func LoadConfig(env string) (config.ConfigProvider, error) {
 	// e.g., DATABASE_DSN -> database.dsn, SERVER_PORT -> server.port
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 	// Bind specific environment variables to config keys
-	v.BindEnv("database.dsn", "DATABASE_DSN")
+	if err := v.BindEnv("database.dsn", "DATABASE_DSN"); err != nil {
-	v.BindEnv("registry.consul.address", "REGISTRY_CONSUL_ADDRESS")
+		return nil, fmt.Errorf("failed to bind DATABASE_DSN: %w", err)
-	v.BindEnv("registry.type", "REGISTRY_TYPE")
+	}
+	if err := v.BindEnv("registry.consul.address", "REGISTRY_CONSUL_ADDRESS"); err != nil {
+		return nil, fmt.Errorf("failed to bind REGISTRY_CONSUL_ADDRESS: %w", err)
+	}
+	if err := v.BindEnv("registry.type", "REGISTRY_TYPE"); err != nil {
+		return nil, fmt.Errorf("failed to bind REGISTRY_TYPE: %w", err)
+	}
 
 	return NewViperConfig(v), nil
 }

services/audit/internal/api/server.go

@@ -2,6 +2,7 @@
 package api
 
 import (
+	"math"
 	"context"
 
 	auditv1 "git.dcentral.systems/toolz/goplt/api/proto/generated/audit/v1"
@@ -118,8 +119,12 @@ func (s *Server) Query(ctx context.Context, req *auditv1.QueryRequest) (*auditv1
 		})
 	}
 
+	total := len(protoEntries)
+	if total > math.MaxInt32 {
+		total = math.MaxInt32
+	}
 	return &auditv1.QueryResponse{
 		Entries: protoEntries,
-		Total:   int32(len(protoEntries)), // Note: This is a simplified total, actual total would require a count query
+		Total:   int32(total), // Note: This is a simplified total, actual total would require a count query
 	}, nil
 }

services/identity/internal/password/password.go

@@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"math"
 	"strings"
 
 	"golang.org/x/crypto/argon2"
@@ -77,7 +78,11 @@ func Verify(password, hash string) (bool, error) {
 	}
 
 	// Compute hash with same parameters
-	actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), uint32(len(expectedHash)))
+	hashLen := len(expectedHash)
+	if hashLen < 0 || hashLen > math.MaxUint32 {
+		return false, fmt.Errorf("invalid hash length: %d", hashLen)
+	}
+	actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), uint32(hashLen))
 
 	// Constant-time comparison
 	if subtle.ConstantTimeCompare(expectedHash, actualHash) == 1 {

services/identity/internal/password/password_test.go

@@ -209,33 +209,3 @@ func TestHash_Uniqueness(t *testing.T) {
 	}
 }
 
-// Helper functions for test
-func splitHash(hash string) []string {
-	parts := make([]string, 0, 6)
-	current := ""
-	for _, char := range hash {
-		if char == '$' {
-			if current != "" {
-				parts = append(parts, current)
-				current = ""
-			}
-		} else {
-			current += string(char)
-		}
-	}
-	if current != "" {
-		parts = append(parts, current)
-	}
-	return parts
-}
-
-func joinHash(parts []string) string {
-	result := ""
-	for i, part := range parts {
-		if i > 0 {
-			result += "$"
-		}
-		result += part
-	}
-	return result
-}