Add hidden reach-continue-on-* flags for Coana v15 (#191)

mtorp · claude · web-flow · commit 82d3e9038fa2 · 2026-04-23T06:23:11.000+02:00
* Add hidden reach-continue-on-* flags for Coana v15

Coana v15 introduces four new halt-by-default behaviors in socket mode
and corresponding --reach-continue-on-* opt-outs. Expose them as hidden
flags on the Python CLI so it is ready to forward them when Coana v15
becomes the default.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;

* Bump version to 2.2.85

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.84"
+version = "2.2.85"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.84'
+__version__ = '2.2.85'
 USER_AGENT = f'SocketPythonCLI/{__version__}'
diff --git a/socketsecurity/config.py b/socketsecurity/config.py
@@ -131,6 +131,10 @@ class CliConfig:
     reach_additional_params: Optional[List[str]] = None
     only_facts_file: bool = False
     reach_use_only_pregenerated_sboms: bool = False
+    reach_continue_on_analysis_errors: bool = False
+    reach_continue_on_install_errors: bool = False
+    reach_continue_on_missing_lock_files: bool = False
+    reach_continue_on_no_source_files: bool = False
     max_purl_batch_size: int = 5000
     enable_commit_status: bool = False
     config_file: Optional[str] = None
@@ -236,6 +240,10 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
             'reach_additional_params': args.reach_additional_params,
             'only_facts_file': args.only_facts_file,
             'reach_use_only_pregenerated_sboms': args.reach_use_only_pregenerated_sboms,
+            'reach_continue_on_analysis_errors': args.reach_continue_on_analysis_errors,
+            'reach_continue_on_install_errors': args.reach_continue_on_install_errors,
+            'reach_continue_on_missing_lock_files': args.reach_continue_on_missing_lock_files,
+            'reach_continue_on_no_source_files': args.reach_continue_on_no_source_files,
             'max_purl_batch_size': args.max_purl_batch_size,
             'enable_commit_status': args.enable_commit_status,
             'config_file': args.config_file,
@@ -861,6 +869,30 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help="When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project. (requires --reach)"
     )
+    reachability_group.add_argument(
+        "--reach-continue-on-analysis-errors",
+        dest="reach_continue_on_analysis_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-install-errors",
+        dest="reach_continue_on_install_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-missing-lock-files",
+        dest="reach_continue_on_missing_lock_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-no-source-files",
+        dest="reach_continue_on_no_source_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
 
     parser.add_argument(
         '--version',
diff --git a/socketsecurity/core/tools/reachability.py b/socketsecurity/core/tools/reachability.py
@@ -104,6 +104,10 @@ def run_reachability_analysis(
         allow_unverified: bool = False,
         enable_debug: bool = False,
         use_only_pregenerated_sboms: bool = False,
+        continue_on_analysis_errors: bool = False,
+        continue_on_install_errors: bool = False,
+        continue_on_missing_lock_files: bool = False,
+        continue_on_no_source_files: bool = False,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -196,6 +200,18 @@ def run_reachability_analysis(
         if use_only_pregenerated_sboms:
             cmd.append("--use-only-pregenerated-sboms")
 
+        if continue_on_analysis_errors:
+            cmd.append("--reach-continue-on-analysis-errors")
+
+        if continue_on_install_errors:
+            cmd.append("--reach-continue-on-install-errors")
+
+        if continue_on_missing_lock_files:
+            cmd.append("--reach-continue-on-missing-lock-files")
+
+        if continue_on_no_source_files:
+            cmd.append("--reach-continue-on-no-source-files")
+
         # Add any additional parameters provided by the user
         if additional_params:
             cmd.extend(additional_params)
diff --git a/socketsecurity/socketcli.py b/socketsecurity/socketcli.py
@@ -303,7 +303,11 @@ def main_code():
                     additional_params=config.reach_additional_params,
                     allow_unverified=config.allow_unverified,
                     enable_debug=config.enable_debug,
-                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms
+                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms,
+                    continue_on_analysis_errors=config.reach_continue_on_analysis_errors,
+                    continue_on_install_errors=config.reach_continue_on_install_errors,
+                    continue_on_missing_lock_files=config.reach_continue_on_missing_lock_files,
+                    continue_on_no_source_files=config.reach_continue_on_no_source_files,
                 )
                 
                 log.info(f"Reachability analysis completed successfully")
