[duplicate-code] Duplicate Code Analysis Report

[github-actions]

Analysis of commit 6ba4d05

Summary

Analysis of the latest commit (fix: compliance gaps — HTTP 400 for malformed auth headers, reject unknown TOML fields, random API key generation) found 2 significant duplication patterns in Go source files. Both exceed the reporting threshold of >10 duplicated lines or 3+ similar pattern instances.

Detected Patterns

This analysis found 2 significant duplication patterns:

1. Bearer/Agent Header Prefix Parsing — Severity: High — See sub-issue [duplicate-code] Duplicate Code Pattern: Bearer/Agent Header Prefix Parsing in auth/header.go #3109
2. Random Hex-Encoded Byte Generation — Severity: Medium — See sub-issue [duplicate-code] Duplicate Code Pattern: Random Hex-Encoded Byte Generation #3110

Overall Impact

• Total Duplicated Lines: ~26 lines across 2 patterns
• Affected Files: 3 files (internal/auth/header.go, internal/cmd/root.go, internal/middleware/jqschema.go)
• Maintainability Risk: Medium — The auth header duplication is in a security-sensitive path where inconsistent handling between ParseAuthHeader and ExtractSessionID could introduce bugs during future spec changes
• Refactoring Priority: Medium — Pattern 1 is in the auth critical path and should be addressed soon; Pattern 2 is lower risk

Next Steps

1. Review individual pattern sub-issues for detailed analysis
2. Prioritize the Bearer/Agent header parsing refactoring (Pattern 1) due to its security relevance
3. Consider adding a shared randutil package (Pattern 2) when convenient

Analysis Metadata

• Analyzed Files: ~80 Go files (all non-test files in internal/, main.go)
• Excluded: *_test.go, test/ directories, .github/ directories
• Detection Method: Semantic pattern search + manual code review
• Commit: 6ba4d05503a777a89aedf6fc271514d85094816d
• Analysis Date: 2026-04-03T05:55:52Z