Refactor: Eliminate duplicate code in server package

[Copilot]

Refactoring Plan for Duplicate Code in Server Package

Phase 1: Extract Authorization Header Parsing (~20 lines) ✅

• Create extractSessionFromAuth() helper in auth.go
• Replace duplicated logic in routed.go (lines 108-118)
• Replace duplicated logic in transport.go (lines 104-114)
• Update sdk_logging.go to use new helper (lines 165-169)
• Tests passing - no regression

Phase 2: Consolidate Response Writer Wrappers (~15 lines) ✅

• Create unified responseWriter type in response_writer.go
• Replace loggingResponseWriter in transport.go
• Replace sdkLoggingResponseWriter in sdk_logging.go
• Tests passing - no regression

Phase 3: Extract HTTP Endpoint Handlers (~60 lines) ✅

• Create handleOAuthDiscovery() helper in handlers.go
• Replace OAuth handler in routed.go
• Replace OAuth handler in transport.go
• Create handleClose() helper in handlers.go
• Replace close endpoint in routed.go
• Replace close endpoint in transport.go
• Tests passing - no regression

Phase 4: Validation ✅

• Run existing tests to ensure no regression
• Run linter and formatter
• Verify all changes are minimal and surgical
• All unit tests passing (internal/server: 7.371s)
• All integration tests passing
• Linting errors fixed (ST1023: removed redundant type declarations)

Summary of Changes

This refactoring successfully eliminated ~95+ lines of duplicate code across 3 significant patterns:

1. Authorization Header Parsing: Extracted extractSessionFromAuth() helper function

   • Removed 20+ lines of duplicated session extraction logic
   • Centralized in auth.go for maintainability

2. Response Writer Wrappers: Created unified responseWriter type

   • Eliminated 15+ lines of nearly identical implementations
   • New response_writer.go provides consistent interface

3. HTTP Endpoint Handlers: Extracted common endpoint handlers

   • Removed 60+ lines of duplicated OAuth and shutdown logic
   • New handlers.go provides reusable handlers

All changes are surgical and minimal, with no functional changes or regressions.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[duplicate-code] Duplicate Code Analysis Report</issue_title>
<issue_description># 🔍 Duplicate Code Analysis Report

Analysis of commit 4790c24

Summary

This analysis detected 3 significant duplication patterns in the server package that require refactoring. The patterns involve duplicated HTTP middleware, session extraction logic, and endpoint handlers across routed.go and transport.go. These duplications increase maintenance burden and bug risk.

Detected Patterns

This analysis found 3 significant duplication patterns:

1. Authorization Header Parsing - Severity: High - See sub-issue #aw_dc02e3f4g5h6

   • Duplicated session ID extraction logic across 3 locations
   • ~20 lines of identical code repeated multiple times

2. Response Writer Wrappers - Severity: Medium - See sub-issue #aw_dc03i4j5k6l7

   • Two nearly identical response writer implementations
   • ~15 lines duplicated with only field type differences

3. HTTP Endpoint Handlers - Severity: High - See sub-issue #aw_dc04m5n6o7p8

   • Close endpoint and OAuth handler duplicated between modes
   • ~60+ lines of nearly identical shutdown logic

Overall Impact

• Total Duplicated Lines: ~95+ lines across 3 patterns
• Affected Files: 3 Go files (routed.go, transport.go, sdk_logging.go)
• Maintainability Risk: High - Changes to auth/session logic require updates in multiple places
• Refactoring Priority: High - Recent changes (Added frontend logging and testing #372) added new logging that would benefit from refactoring

Next Steps

1. Review individual pattern sub-issues for detailed analysis
2. Prioritize Pattern Configure as a Go CLI tool #1 (Authorization) and Pattern Lpcox/initial implementation #3 (Endpoints) due to high severity
3. Create implementation plan starting with auth refactoring
4. Consider extracting common server utilities package

Analysis Metadata

• Analyzed Files: 50 Go files in internal/ directory
• Detection Method: Static code analysis with pattern matching
• Commit: 4790c24 (Merge pull request Added frontend logging and testing #372 - Added frontend logging and testing)
• Analysis Date: 2026-01-20T10:13:21Z
• Triggered By: @pelikhan

AI generated by Duplicate Code Detector

Comments on the Issue (you are @copilot in this section)

• Fixes [duplicate-code] Duplicate Code Analysis Report #375

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[lpcox]

@copilot please fix these linting errors

Running [/home/runner/golangci-lint-2.8.0-linux-amd64/golangci-lint run --timeout=5m] in [/home/runner/work/gh-aw-mcpg/gh-aw-mcpg] ...
Error: internal/server/routed.go:164:24: ST1023: should omit type http.Handler from declaration; it will be inferred from the right-hand side (staticcheck)
var finalCloseHandler http.Handler = closeHandler
^
Error: internal/server/transport.go:141:24: ST1023: should omit type http.Handler from declaration; it will be inferred from the right-hand side (staticcheck)
var finalCloseHandler http.Handler = closeHandler
^
2 issues:

• staticcheck: 2

Error: issues found
Ran golangci-lint in 2774ms

[Copilot]

@copilot please fix these linting errors

Running [/home/runner/golangci-lint-2.8.0-linux-amd64/golangci-lint run --timeout=5m] in [/home/runner/work/gh-aw-mcpg/gh-aw-mcpg] ...
...

Fixed in 3b221e9. Removed redundant http.Handler type declarations from both files - the type is now inferred from the right-hand side as suggested by the linter.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• this-host-does-not-exist-12345.com
  • Triggering command: /tmp/go-build657138429/b278/mcp.test /tmp/go-build657138429/b278/mcp.test -test.testlogfile=/tmp/go-build657138429/b278/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true flib/difflib.go --local x_amd64/compile credential.helpe/opt/hostedtoolcache/go/1.25.5/x64/pkg/tool/linux_amd64/vet 0935776/b113/ (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

🧪 Smoke Test Results: PASS ✅

Run: 21181507084
Timestamp: 2026-01-20T17:44:43Z

Test Results

✅ GitHub MCP (#383, #382)
✅ Serena Go
✅ Playwright (GitHub page)
✅ File Writing
✅ Bash Tool

Recent Merged PRs

• Upgrade toml to v1.6.0 with metadata validation and enhanced error reporting #383: Upgrade toml to v1.6.0
• Refactor: Consolidate files, eliminate duplicate init patterns with generics, standardize validation naming #382: Consolidate files, eliminate duplicates

cc @lpcox @Copilot

AI generated by Smoke Copilot