How returning pointers to internal slices, exposing mutable globals, and using pointer receivers on read-only methods let callers corrupt state in a Go CLI — and the exact fixes. Go doesn't have private or protected . It has exported (uppercase) and unexported (lowercase). This makes encapsulation feel optional. I audited my Go CLI project for encapsulation violations and found 10. Each one let a caller reach into a struct's internal state and mutate it — accidentally or intentionally. The mutations were silent: no error, no panic, no log. The struct just stopped working correctly. Here are the 6 encapsulation issues I found, with the exact before/after code from the fix. Pattern 1: Returning the Backing Slice The Violation // BEFORE: Caller gets a reference to the internal slice func ( c * Catalog ) List () [] ControlDefinition { return c .…