diff --git a/cmd/chat-cli/api/client.go b/cmd/chat-cli/api/client.go
index 1a891aa..e55dee8 100644
--- a/cmd/chat-cli/api/client.go
+++ b/cmd/chat-cli/api/client.go
@@ -125,7 +125,7 @@ func (c *Client) PollMessages(
 
 	req.Header.Set("Authorization", "Bearer "+c.Token)
 
-	resp, err := client.Do(req)
+	resp, err := client.Do(req) //nolint:gosec // URL built from trusted BaseURL + hardcoded path
 	if err != nil {
 		return nil, err
 	}
@@ -272,7 +272,7 @@ func (c *Client) do(
 		)
 	}
 
-	resp, err := c.HTTPClient.Do(req)
+	resp, err := c.HTTPClient.Do(req) //nolint:gosec // URL built from trusted BaseURL + hardcoded path
 	if err != nil {
 		return nil, fmt.Errorf("http: %w", err)
 	}
diff --git a/internal/handlers/api_test.go b/internal/handlers/api_test.go
index 8cdbab3..964a9f5 100644
--- a/internal/handlers/api_test.go
+++ b/internal/handlers/api_test.go
@@ -158,7 +158,7 @@ func (ts *testServer) doReq(
 		req.Header.Set("Content-Type", "application/json")
 	}
 
-	return http.DefaultClient.Do(req)
+	return http.DefaultClient.Do(req) //nolint:gosec // test server URL
 }
 
 func (ts *testServer) doReqAuth(
@@ -181,7 +181,7 @@ func (ts *testServer) doReqAuth(
 		req.Header.Set("Authorization", "Bearer "+token)
 	}
 
-	return http.DefaultClient.Do(req)
+	return http.DefaultClient.Do(req) //nolint:gosec // test server URL
 }
 
 func (ts *testServer) createSession(nick string) string {
@@ -984,7 +984,7 @@ func TestConcurrentSessions(t *testing.T) {
 		go func(i int) {
 			defer wg.Done()
 
-			nick := "concurrent_" + string(rune('a'+i))
+			nick := "concurrent_" + string(rune('a'+i)) //nolint:gosec // i is 0-19, safe range
 
 			body, err := json.Marshal(map[string]string{"nick": nick})
 			if err != nil {