fix: address format and lint issues

Author: salmonumbrella

internal/cmd/auth.go

@@ -19,12 +19,24 @@ import (
 )
 
 var (
-	openSecretsStore  = secrets.OpenDefault
-	authorizeGoogle   = googleauth.Authorize
-	startManageServer = googleauth.StartManageServer
-	checkRefreshToken = googleauth.CheckRefreshToken
+	openSecretsStore     = secrets.OpenDefault
+	authorizeGoogle      = googleauth.Authorize
+	startManageServer    = googleauth.StartManageServer
+	checkRefreshToken    = googleauth.CheckRefreshToken
+	ensureKeychainAccess = defaultEnsureKeychainAccess
 )
 
+// defaultEnsureKeychainAccess verifies keychain is accessible before starting OAuth flow.
+func defaultEnsureKeychainAccess() error {
+	store, err := secrets.OpenDefault()
+	if err != nil {
+		return fmt.Errorf("keychain access: %w", err)
+	}
+	// Trigger a read to verify keychain access
+	_, _ = store.Keys()
+	return nil
+}
+
 type AuthCmd struct {
 	Credentials AuthCredentialsCmd `cmd:"" name:"credentials" help:"Store OAuth client credentials"`
 	Add         AuthAddCmd         `cmd:"" name:"add" help:"Authorize and store a refresh token"`
@@ -300,6 +312,11 @@ type AuthAddCmd struct {
 func (c *AuthAddCmd) Run(ctx context.Context) error {
 	u := ui.FromContext(ctx)
 
+	// Verify keychain access before starting the OAuth flow
+	if err := ensureKeychainAccess(); err != nil {
+		return err
+	}
+
 	var services []googleauth.Service
 	if strings.EqualFold(strings.TrimSpace(c.ServicesCSV), "") || strings.EqualFold(strings.TrimSpace(c.ServicesCSV), "all") {
 		services = googleauth.AllServices()

internal/cmd/calendar.go

@@ -335,7 +335,8 @@ func (c *CalendarUpdateCmd) Run(ctx context.Context, kctx *kong.Context, flags *
 
 	// For --add-attendee, fetch current event to preserve existing attendees with metadata.
 	if flagProvided(kctx, "add-attendee") {
-		existing, err := svc.Events.Get(calendarID, eventID).Do()
+		var existing *calendar.Event
+		existing, err = svc.Events.Get(calendarID, eventID).Do()
 		if err != nil {
 			return fmt.Errorf("failed to fetch current event: %w", err)
 		}

internal/cmd/gmail_send.go

@@ -54,7 +54,7 @@ func (c *GmailSendCmd) Run(ctx context.Context, flags *RootFlags) error {
 		if err != nil {
 			return fmt.Errorf("invalid --from address %q: %w", c.From, err)
 		}
-		if sa.VerificationStatus != "accepted" {
+		if sa.VerificationStatus != gmailVerificationAccepted {
 			return fmt.Errorf("--from address %q is not verified (status: %s)", c.From, sa.VerificationStatus)
 		}
 		fromAddr = c.From

internal/secrets/store.go

@@ -37,13 +37,16 @@ type Token struct {
 	RefreshToken string    `json:"-"`
 }
 
-const keyringPasswordEnv = "GOG_KEYRING_PASSWORD" //nolint:gosec // env var name, not a credential
-const keyringBackendEnv = "GOG_KEYRING_BACKEND"   //nolint:gosec // env var name, not a credential
+const (
+	keyringPasswordEnv = "GOG_KEYRING_PASSWORD" //nolint:gosec // env var name, not a credential
+	keyringBackendEnv  = "GOG_KEYRING_BACKEND"  //nolint:gosec // env var name, not a credential
+)
 
 var (
-	errMissingEmail        = errors.New("missing email")
-	errMissingRefreshToken = errors.New("missing refresh token")
-	errNoTTY               = errors.New("no TTY available for keyring file backend password prompt")
+	errMissingEmail          = errors.New("missing email")
+	errMissingRefreshToken   = errors.New("missing refresh token")
+	errNoTTY                 = errors.New("no TTY available for keyring file backend password prompt")
+	errInvalidKeyringBackend = errors.New("invalid keyring backend")
 )
 
 func allowedBackendsFromEnv() ([]keyring.BackendType, error) {
@@ -55,7 +58,7 @@ func allowedBackendsFromEnv() ([]keyring.BackendType, error) {
 	case "file":
 		return []keyring.BackendType{keyring.FileBackend}, nil
 	default:
-		return nil, fmt.Errorf("invalid %s (expected auto, keychain, or file)", keyringBackendEnv)
+		return nil, fmt.Errorf("%w: %s (expected auto, keychain, or file)", errInvalidKeyringBackend, keyringBackendEnv)
 	}
 }