fix(ci): clean up lint and dead code

backend/internal/handler/auth_oauth_pending_flow.go

@@ -265,18 +265,6 @@ func pendingSessionWantsInvitation(payload map[string]any) bool {
 	return strings.EqualFold(strings.TrimSpace(pendingSessionStringValue(payload, "error")), "invitation_required")
 }
 
-func pendingOAuthCompletionIncludesTokenPayload(payload map[string]any) bool {
-	if len(payload) == 0 {
-		return false
-	}
-	for _, key := range []string{"access_token", "refresh_token"} {
-		if value := pendingSessionStringValue(payload, key); value != "" {
-			return true
-		}
-	}
-	return false
-}
-
 func pendingOAuthCompletionCanIssueTokenPair(session *dbent.PendingAuthSession, payload map[string]any) bool {
 	if session == nil {
 		return false

backend/internal/repository/migrations_runner.go

@@ -301,7 +301,9 @@ func findDuplicatePaymentOrderOutTradeNos(ctx context.Context, db *sql.DB) ([]st
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer func() {
+		_ = rows.Close()
+	}()
 
 	duplicates := make([]string, 0, 5)
 	for rows.Next() {

backend/internal/repository/user_repo.go

@@ -739,10 +739,6 @@ func (r *userRepository) ExistsByEmail(ctx context.Context, email string) (bool,
 	return r.client.User.Query().Where(userEmailLookupPredicate(email)).Exist(ctx)
 }
 
-func (r *userRepository) ensureNormalizedEmailAvailable(ctx context.Context, userID int64, email string) error {
-	return ensureNormalizedEmailAvailableWithClient(ctx, clientFromContext(ctx, r.client), userID, email)
-}
-
 func ensureNormalizedEmailAvailableWithClient(ctx context.Context, client *dbent.Client, userID int64, email string) error {
 	client = clientFromContext(ctx, client)
 	if client == nil {

backend/internal/repository/user_repo_email_lookup_unit_test.go

@@ -209,10 +209,10 @@ func TestUserRepositoryCreateSerializesNormalizedEmailConflictsUnderConcurrency(
 	successes := 0
 	conflicts := 0
 	for _, err := range errors {
-		switch {
-		case err == nil:
+		switch err {
+		case nil:
 			successes++
-		case err == service.ErrEmailExists:
+		case service.ErrEmailExists:
 			conflicts++
 		default:
 			t.Fatalf("unexpected create error: %v", err)

backend/internal/service/payment_service.go

@@ -281,15 +281,6 @@ func newLegacyAwarePaymentResumeService(legacyKey []byte) *PaymentResumeService
 	return NewPaymentResumeService(signingKey, verifyFallbacks...)
 }
 
-func psResumeSigningKey(configService *PaymentConfigService) []byte {
-	signingKey, _ := psResumeSigningKeys(configService)
-	return signingKey
-}
-
-func psResumeSigningKeys(configService *PaymentConfigService) ([]byte, [][]byte) {
-	return resolvePaymentResumeSigningKeys(psResumeLegacyVerificationKey(configService))
-}
-
 func psResumeLegacyVerificationKey(configService *PaymentConfigService) []byte {
 	if configService == nil {
 		return nil

backend/internal/service/payment_visible_method_instances.go

@@ -131,21 +131,6 @@ func selectVisibleMethodInstanceByProviderKey(instances []*dbent.PaymentProvider
 	return nil
 }
 
-func buildPaymentProviderConflictError(method string, conflicting *dbent.PaymentProviderInstance) error {
-	metadata := map[string]string{
-		"payment_method": NormalizeVisibleMethod(method),
-	}
-	if conflicting != nil {
-		metadata["conflicting_provider_id"] = fmt.Sprintf("%d", conflicting.ID)
-		metadata["conflicting_provider_key"] = conflicting.ProviderKey
-		metadata["conflicting_provider_name"] = conflicting.Name
-	}
-	return infraerrors.Conflict(
-		"PAYMENT_PROVIDER_CONFLICT",
-		fmt.Sprintf("%s payment already has an enabled provider instance", NormalizeVisibleMethod(method)),
-	).WithMetadata(metadata)
-}
-
 func (s *PaymentConfigService) validateVisibleMethodEnablementConflicts(
 	ctx context.Context,
 	excludeID int64,