[duplicate-code] Duplicate Code Pattern: Mutex-Protected Tag Mutation in DIFC Agent

[github-actions]

Part of duplicate code analysis: #1765

Summary

In internal/difc/agent.go, the methods AddSecrecyTag, AddIntegrityTag, and DropIntegrityTag follow an identical mutex-lock + debug-log + mutation + operational-log pattern, resulting in ~21 lines of near-identical code repeated 3 times.

Duplication Details

Pattern: Mutex-Protected Tag Mutation with Dual Logging

• Severity: Medium

• Occurrences: 3 instances (4 if DropSecrecyTag exists similarly)

• Locations:

  • internal/difc/agent.go (lines ~42–49): AddSecrecyTag()
  • internal/difc/agent.go (lines ~52–59): AddIntegrityTag()
  • internal/difc/agent.go (lines ~61–67): DropIntegrityTag()

• Code Sample (structurally identical for each method):

func (a *AgentLabels) AddSecrecyTag(tag Tag) {
    logAgent.Printf("Agent %s adding secrecy tag: %s", a.AgentID, tag)
    a.mu.Lock()
    defer a.mu.Unlock()
    a.Secrecy.Label.Add(tag)
    log.Printf("[DIFC] Agent %s gained secrecy tag: %s", a.AgentID, tag)
}

func (a *AgentLabels) AddIntegrityTag(tag Tag) {
    logAgent.Printf("Agent %s adding integrity tag: %s", a.AgentID, tag)
    a.mu.Lock()
    defer a.mu.Unlock()
    a.Integrity.Label.Add(tag)
    log.Printf("[DIFC] Agent %s gained integrity tag: %s", a.AgentID, tag)
}

The only differences are the label field accessed (Secrecy/Integrity) and the log message text.

Impact Analysis

• Maintainability: Adding a new tag type (e.g., ConfidentialityTag) requires copy-pasting this 7-line block and modifying the field reference. Logging format changes must be applied in 3+ places.
• Bug Risk: Medium — If the locking pattern changes (e.g., adding a timeout or condition), all copies must be updated consistently.
• Code Bloat: ~21 lines of near-identical logic; easily consolidated to a single helper.

Refactoring Recommendations

1. Extract modifyTag() Helper Method

   func (a *AgentLabels) modifyTag(labelType string, label *LabelSet, action func(), tag Tag) {
       logAgent.Printf("Agent %s modifying %s tag: %s", a.AgentID, labelType, tag)
       a.mu.Lock()
       defer a.mu.Unlock()
       action()
       log.Printf("[DIFC] Agent %s modified %s tag: %s", a.AgentID, labelType, tag)
   }
   
   func (a *AgentLabels) AddSecrecyTag(tag Tag) {
       a.modifyTag("secrecy", &a.Secrecy.Label, func() { a.Secrecy.Label.Add(tag) }, tag)
   }

   • Estimated effort: Low (30–60 minutes)
   • Benefits: Single locking pattern; uniform log format; easy to add new tag types

2. Use Functional Options for Label Access

   • Pass a *Label pointer directly to a shared addTag/dropTag function
   • Estimated effort: Low (1 hour)

Implementation Checklist

• Review duplication findings
• Extract shared modifyTag or addTag/dropTag helper
• Update AddSecrecyTag, AddIntegrityTag, DropIntegrityTag to use helper
• Update tests if needed
• Verify no functionality broken

Parent Issue

See parent analysis report: #1765
Related to #1765

Generated by Duplicate Code Detector · ◷

• expires on Mar 18, 2026, 2:56 AM UTC

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster

[lpcox]

Addressed in PR #1926. See PR description for details on which patterns were refactored vs already resolved.