[duplicate-code] Duplicate Code Analysis Report

[github-actions]

Analysis of latest commit on main branch

Summary

Analysis of the internal/ Go source files found 3 significant duplication patterns across the codebase. Two patterns carry correctness/safety implications beyond maintainability (inconsistent session-ID extraction can panic; inconsistent HTTP error formats break API contracts). The third pattern represents ~120+ lines of structural boilerplate that could be reduced to a shared helper.

Detected Patterns

1. WASM Guard Dispatch Boilerplate – Severity: Medium – See sub-issue [duplicate-code] Duplicate Code Pattern: WASM Guard Function Dispatch Boilerplate #2826
2. Session ID Context Extraction Inconsistency – Severity: High – See sub-issue [duplicate-code] Duplicate Code Pattern: Session ID Context Extraction Inconsistency #2827
3. HTTP Error Response Inconsistency – Severity: Medium – See sub-issue [duplicate-code] Duplicate Code Pattern: HTTP Error Response Format Inconsistency #2828

Overall Impact

• Total Duplicated Lines: ~130+ lines across the three patterns
• Affected Files: 6 files (internal/guard/wasm.go, internal/server/session.go, internal/server/unified.go, internal/server/routed.go, internal/server/auth.go, internal/server/handlers.go)
• Maintainability Risk: High — the session-ID pattern already contains a latent panic (forced type assertion without ok check in routed.go:91)
• Refactoring Priority: High for session/HTTP patterns; Medium for WASM guard dispatch

Next Steps

1. Review individual sub-issues for detailed analysis and concrete refactoring steps
2. Fix the latent panic risk in routed.go:91 as a priority
3. Standardise JSON error responses in auth.go
4. Optionally extract shared WASM dispatch preamble

Analysis Metadata

• Analyzed Files: Go source files under internal/ (excluding *_test.go)
• Detection Method: Static pattern search + semantic code analysis
• Analysis Date: 2026-03-30