Golang

Artoo, Obmondo’s Mattermost bot, got a PR review engine that runs on a self-hosted Qwen3-14B with a ~32K context window. The key problem: a single Kubernetes PR can have 10,000+ lines of diff. The solution: Go pre-processing that compresses diffs to ~2KB before the LLM ever sees them — using go/ast for Go files, YAML key-level diffing for Helm/K8s configs, and priority-based file truncation. This post covers why each decision was made and what the LLM still cannot do.

Two bugs surfaced during a CEO-plan audit of the vuls-exporter codebase that are easy to introduce and silent enough to survive code review. Both involve standard-library primitives that look correct but fail quietly on Linux. The bugs at a glance filepath.Glob("**/*.json") does not recurse on Linux — it matches nothing in subdirectories and returns nil, nil. Raw unix.InotifyAddWatch does not automatically watch new subdirectories — any directory created after the watch is set up is silently ignored. Bug 1: filepath.Glob does not support ** The code looked like this: ...

security-exporter returned 0 CVEs on every CentOS and RHEL host. The root cause was a silent data drop: ParsePackages silently skips any line that does not match its exact tab-separated format, and our rpm collector was producing the wrong format. This post covers the full diagnosis, the fix using the vuls-recommended 6-field rpm query, source package extraction using the NVR last-two-hyphens algorithm, and the Helm chart simplification that removed the entire legacy go-cve-dictionary + PostgreSQL pipeline.