[duplicate-code] Duplicate Code Pattern: Guard Interface Structural Duplication (LabelAgent / LabelResponse)

[github-actions]

Part of duplicate code analysis: #2361

Summary

internal/guard/noop.go and internal/guard/write_sink.go both implement the Guard interface and contain near-identical structural duplication in LabelAgent (returns empty AgentLabelsPayload) and LabelResponse (returns nil, nil). The LabelAgent bodies differ only by the value of the DIFCMode field.

Duplication Details

Pattern: Near-Identical LabelAgent Method Body

• Severity: Medium

• Occurrences: 2 implementations

• Locations:

  • internal/guard/noop.go lines 28–37
  • internal/guard/write_sink.go lines 71–79

• Code Sample:

  // noop.go (lines 28–37)
  func (g *NoopGuard) LabelAgent(ctx context.Context, policy interface{}, backend BackendCaller, caps *difc.Capabilities) (*LabelAgentResult, error) {
      log.Printf("Initializing agent labels with noop guard")
      return &LabelAgentResult{
          Agent: AgentLabelsPayload{
              Secrecy:   []string{},
              Integrity: []string{},
          },
          DIFCMode: difc.ModeStrict,  // ← only difference
      }, nil
  }
  
  // write_sink.go (lines 71–79)
  func (g *WriteSinkGuard) LabelAgent(_ context.Context, _ interface{}, _ BackendCaller, _ *difc.Capabilities) (*LabelAgentResult, error) {
      logWriteSink.Print("LabelAgent: returning empty labels (write-sink does not label agents)")
      return &LabelAgentResult{
          Agent: AgentLabelsPayload{
              Secrecy:   []string{},
              Integrity: []string{},
          },
          DIFCMode: difc.ModeFilter,  // ← only difference
      }, nil
  }

Pattern: Identical LabelResponse Method Body

• Severity: Low–Medium

• Occurrences: 2 implementations

• Locations:

  • internal/guard/noop.go lines 60–65
  • internal/guard/write_sink.go lines 107–108

• Code Sample:

  // Both implementations are identical:
  func (g *(Guard)) LabelResponse(...) (difc.LabeledData, error) {
      // optional log line
      return nil, nil
  }

Impact Analysis

• Maintainability: Any change to AgentLabelsPayload structure requires updating multiple places
• Bug Risk: Inconsistent changes (e.g., fixing initialization in one guard but not another)
• Code Bloat: ~12 lines duplicated across guard implementations

Refactoring Recommendations

1. Extract emptyAgentLabelsResult(mode string) *LabelAgentResult helper in internal/guard/guard.go:

   // emptyAgentLabelsResult returns a LabelAgentResult with empty agent labels for the given DIFC mode.
   func emptyAgentLabelsResult(mode string) *LabelAgentResult {
       return &LabelAgentResult{
           Agent: AgentLabelsPayload{
               Secrecy:   []string{},
               Integrity: []string{},
           },
           DIFCMode: mode,
       }
   }

   • Then noop.go calls: return emptyAgentLabelsResult(difc.ModeStrict), nil
   • And write_sink.go calls: return emptyAgentLabelsResult(difc.ModeFilter), nil
   • Estimated effort: 30 minutes
   • Benefits: Single place to update AgentLabelsPayload initialization

2. Consider a BaseGuard embedded struct if more guard implementations are added in the future, providing default LabelResponse returning nil, nil.

Implementation Checklist

• Add emptyAgentLabelsResult helper to internal/guard/guard.go
• Refactor noop.go LabelAgent to use helper
• Refactor write_sink.go LabelAgent to use helper
• Run make test to verify no regressions

Parent Issue

See parent analysis report: #2361
Related to #2361

Generated by Duplicate Code Detector · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

• expires on Mar 30, 2026, 3:05 AM UTC

[github-actions]

🤖 This is an automated response from Repo Assist.

Verified the duplication in the current codebase:

• noop.go lines 28–37 and write_sink.go lines 71–79 both build and return an identical AgentLabelsPayload{Secrecy: []string{}, Integrity: []string{}} — the only difference is the DIFCMode value (difc.ModeStrict vs difc.ModeFilter).
• noop.go line 60–65 and write_sink.go line 107–108 both implement LabelResponse as a trivial return nil, nil.

The proposed emptyAgentLabelsResult(mode string) *LabelAgentResult helper in internal/guard/guard.go is the right approach. One small note: noop.go currently calls the package-level log variable (from context.go) instead of its own logNoop in the LabelAgent body — that existing logger bug is tracked separately in #2362 / PR #2377. A follow-on refactor to use emptyAgentLabelsResult should also switch to logNoop.Printf(...) in the same pass to keep the file internally consistent.

The LabelResponse nil, nil bodies are simple enough that a shared noopLabelResponse helper may be over-engineering; inlining is fine here. The LabelAgent consolidation is the higher-value change (~12 lines eliminated, single place to update AgentLabelsPayload).

Generated by Repo Assist · ◷

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@851905c06e905bf362a9f6cc54f912e3df747d55