Skip to content

flaglint-go validate

flaglint-go validate checks whether a Go codebase complies with a flag-usage policy. It’s the only flaglint-go command that ever exits 1.

FlagDescription
--no-direct-launchdarklyFail if any direct LaunchDarkly Go SDK evaluation calls are found
--bootstrap-exclude stringArrayGlob pattern for files allowed to use the LaunchDarkly SDK directly (repeatable)
-f, --format stringOutput format: text | sarif (default text)
-o, --output stringWrite report to a file instead of stdout
--config stringPath to config file
--baseline stringBaseline file for comparing against known debt
--fail-on-newExit 1 if any findings are not in the baseline
--strict-typesAdditionally resolve findings only provable with real go/types information (interface satisfaction, transitive factory wrapping, cross-function method-value forwarding). Requires the module to build. See Identity Model.
Terminal window
flaglint-go validate ./services --no-direct-launchdarkly
✗ validate --no-direct-launchdarkly: 2 direct LaunchDarkly Go SDK call(s) found.
checkout.go:13:16 — BoolVariation("checkout-v2")
checkout.go:20:12 — IntVariation("discount-percentage")
These call sites must migrate to OpenFeature before this rule passes.

Pass output once no direct calls remain:

✓ validate --no-direct-launchdarkly: no direct LaunchDarkly Go SDK calls found.
Scanned 2 file(s).

--baseline/--fail-on-new runs independently of --no-direct-launchdarkly — use it alone to adopt CI enforcement before existing debt is resolved:

Terminal window
flaglint-go audit ./services --write-baseline .flaglint-baseline.json
flaglint-go validate ./services --baseline .flaglint-baseline.json --fail-on-new
Scanned 2 file(s). Found 2 LaunchDarkly Go SDK usage(s).
✓ No new findings beyond baseline

Once new debt is introduced:

Scanned 2 file(s). Found 3 LaunchDarkly Go SDK usage(s).
Error: 1 new finding(s) not in baseline:
- launchdarkly:BoolVariation:new-feature-flag:checkout.go

Re-run --write-baseline whenever you accept new debt on purpose.

A baseline also tracks each finding’s occurrence count, not just which fingerprints are known — so a brand-new duplicate of an already-baselined call (copy-pasted into the same file) is caught too, even though its fingerprint is already in the baseline:

Scanned 2 file(s). Found 3 LaunchDarkly Go SDK usage(s).
Error: 1 new finding(s) not in baseline:
- launchdarkly:BoolVariation:checkout-v2:checkout.go

A baseline written by an older version of flaglint-go (or by flaglint-js, which doesn’t have this extension yet) works the same as always — falling back to plain fingerprint-set comparison when a baseline has no occurrence counts recorded.

Terminal window
flaglint-go validate ./services --no-direct-launchdarkly --format sarif --output flaglint.sarif

SARIF findings use rule ID flaglint.go.direct-launchdarkly (Go-namespaced — distinct from flaglint-js’s flaglint.direct-launchdarkly, per the cross-tool contract). Note: unlike flaglint-js’s 0-based ESTree columns, Go’s token.Position.Column is already 1-based, so flaglint-go does not add 1 to column numbers.

Use --bootstrap-exclude for files allowed to use the SDK directly (a provider-wiring package, for example):

Terminal window
flaglint-go validate ./services --no-direct-launchdarkly --bootstrap-exclude "internal/openfeature-bootstrap/**"
CodeMeaning
0Success — no policy violations
1Policy failure — direct calls found (--no-direct-launchdarkly) or new findings beyond baseline (--fail-on-new)
2Invalid input — bad directory, bad --format, malformed config/baseline
3Internal error
130Interrupted (Ctrl-C)

scan and audit never exit anything but 0 (barring a tool error) — validate is the only policy gate.