fix(cli): preserve full per-skill JSON payload in recursive scans (#228)#231
Open
rodboev wants to merge 1 commit into
Open
fix(cli): preserve full per-skill JSON payload in recursive scans (#228)#231rodboev wants to merge 1 commit into
rodboev wants to merge 1 commit into
Conversation
rng1995
requested changes
Jun 30, 2026
rng1995
left a comment
Collaborator
There was a problem hiding this comment.
The JSON payload implementation is sound on this branch's base, but the PR conflicts with current main and its non-JSON regression test locks in behavior that main has since fixed. Rebase, preserve current main's combined-file behavior for recursive non-JSON --output, integrate the JSON payload work, and rerun the CLI suite.
…IDIA#228) Signed-off-by: Rod Boev <rod.boev@gmail.com>
5407376 to
a97aa41
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
skillspector scan --recursive --format jsoncurrently reduces each successfulskills[]entry to a summary row and drops the full per-skill report contract that single-skill JSON already exposes. This rebases the branch onto currentmain, preserves the recursive JSON contract for integrations by embedding the full per-skill payload, and keeps current main's combined-file behavior for recursive non-JSON--output.Closes #228
Root cause
_scan_multi_skill()already has the full graph result for each skill, including the rendered JSONreport_body. The recursive JSON writer rebuilds eachskills[]entry from onlyname,path,risk_score,risk_severity, andfinding_count, so the richer per-skill JSON document is discarded before the combined file is written. This branch had also diverged from current main's recursive non-JSON output path, so the stale Markdown assertion was locking in behavior main no longer has.Diff Notes
main, keeping the existing_result_body()helper and concatenated non-JSON--outputwriter.report_bodyvalues and merge them into each successful recursiveskills[]entry while retaining the compatibility summary keys.--outputfile behavior.Scope
This stays on the CLI/report-contract boundary. It does not change analyzers, report-node schema, SARIF output, structured-skill discovery, baseline threading, provider behavior, or non-recursive output.
Verification
.\.venv\Scripts\python.exe -m pytest tests/unit/test_cli.py(12 passed)uv run ruff check src/skillspector/cli.py tests/unit/test_cli.pyuv run ruff format --check src/skillspector/cli.py tests/unit/test_cli.py