Merge branch 'main' into docs/daily-updates-2026-05-13-22231a2a63284e49

Author: pelikhan

…thub_workflows_shared_repo-mind-light.md …thub_workflows_shared_repo-mind-light.md.github/aw/imports/githubnext/repo-mind-light-aw/b7f12b67daa31a47c4caa3b5ee3851639edce709/.github_workflows_shared_repo-mind-light.md renamed to .github/aw/imports/githubnext/repo-mind-light-aw/ca993f50371e3fc138e672335bfc5879e60f3e98/.github_workflows_shared_repo-mind-light.md .github/aw/imports/githubnext/repo-mind-light-aw/b7f12b67daa31a47c4caa3b5ee3851639edce709/.github_workflows_shared_repo-mind-light.md renamed to .github/aw/imports/githubnext/repo-mind-light-aw/ca993f50371e3fc138e672335bfc5879e60f3e98/.github_workflows_shared_repo-mind-light.md

@@ -0,0 +1,26 @@
+---
+name: go-linters
+description: Add and validate custom Go analysis linters in gh-aw.
+---
+
+# Go Linters
+
+Use this guide when adding a new custom Go analysis linter in this repository.
+
+## Where to add a new linter
+
+1. Create a new package under `pkg/linters/<linter-name>/`.
+2. Define an analyzer in that package (exported as `Analyzer`).
+3. Add tests in the same package using `analysistest` with fixtures under `testdata/src/...`.
+4. Register the analyzer in `cmd/linters/main.go` so it runs via the multichecker binary.
+
+## Build and test linters
+
+- Test only your linter package:
+  - `go test ./pkg/linters/<linter-name>/...`
+- Build the custom linter runner:
+  - `go build ./cmd/linters`
+- Run all custom linters across the repo:
+  - `make golint-custom`
+
+`make golint-custom` builds `cmd/linters` and runs it against `./cmd/...` and `./pkg/...`.

.github/skills/go-linters/SKILL.md

@@ -22,7 +22,50 @@ on:
     - 'install-gh-aw.sh'
   workflow_dispatch:
 jobs:
+  lint-gate:
+    name: Lint Gate
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+    concurrency:
+      group: ci-${{ github.ref }}-lint-gate
+      cancel-in-progress: true
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd   # v6.0.2
+
+    - name: Set up Node.js
+      id: setup-node
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f   # v6
+      with:
+        node-version: "24"
+        cache: npm
+        cache-dependency-path: actions/setup/js/package-lock.json
+
+    - name: Set up Go
+      id: setup-go
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c   # v6
+      with:
+        go-version-file: go.mod
+        cache: true
+
+    - name: Install npm dependencies
+      run: npm ci
+      working-directory: ./actions/setup/js
+
+    - name: Install golangci-lint
+      run: make install-golangci-lint
+
+    - name: Run formatting + lint gate
+      run: |
+        make fmt-check
+        make fmt-check-json
+        make lint-cjs
+
   test:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
@@ -227,6 +270,8 @@ jobs:
         retention-days: 14
 
   build:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
@@ -315,6 +360,8 @@ jobs:
         GH_TOKEN: ${{ github.token }}
 
   build-wasm:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
@@ -851,7 +898,15 @@ jobs:
     - name: Lint error messages
       run: make lint-errors
 
+      # Custom Go analysis linters (pkg/linters via cmd/linters multichecker)
+      # continue-on-error: the existing codebase has large functions; this step is informational
+    - name: Run custom linters
+      continue-on-error: true
+      run: make golint-custom
+
   actions-build:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 10
     permissions:
@@ -914,6 +969,8 @@ jobs:
   fuzz:
     # Only run fuzz tests on main branch (10s is insufficient for PRs)
     if: github.ref == 'refs/heads/main'
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 20
     permissions:
@@ -1072,6 +1129,8 @@ jobs:
         retention-days: 14
 
   security:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
@@ -1131,6 +1190,8 @@ jobs:
   security-scan:
     # Only run security scans on main branch to reduce PR overhead
     if: github.ref == 'refs/heads/main'
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 10  # Prevent jobs from hanging indefinitely
     permissions:
@@ -1201,6 +1262,8 @@ jobs:
       run: ./gh-aw compile poem-bot ${{ matrix.tool.flag }} --verbose
 
   mcp-server-compile-test:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 10
     permissions:
@@ -1373,6 +1436,8 @@ jobs:
 
   cross-platform-build:
     name: Build & Test on ${{ matrix.os }}
+    needs:
+    - lint-gate
     runs-on: ${{ matrix.os }}
     timeout-minutes: 20
     permissions:
@@ -1503,6 +1568,8 @@ jobs:
 
   alpine-container-test:
     name: Alpine Container Test
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 20
     permissions:
@@ -1639,6 +1706,8 @@ jobs:
         rm -rf test-workspace
 
   safe-outputs-conformance:
+    needs:
+    - lint-gate
     runs-on: ubuntu-latest
     timeout-minutes: 10
     permissions:
@@ -1703,6 +1772,7 @@ jobs:
     - validate-yaml
     - bench
     - check-validator-sizes
+    - lint-gate
     - lint-go
     - actions-build
     - fuzz