diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 810f4fd..729b1f7 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -53,7 +53,7 @@ jobs: - name: Run Trivy vulnerability scanner continue-on-error: true if: github.event_name != 'pull_request' - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: image-ref: ${{ env.QUAY_IMAGE }}:latest format: "table" diff --git a/gourmand-exceptions.toml b/gourmand-exceptions.toml index a5f2171..e6b1cf4 100644 --- a/gourmand-exceptions.toml +++ b/gourmand-exceptions.toml @@ -122,3 +122,8 @@ justification = "_store_one is called from both index_file (sync) and index_path check = "verbose_comments" path = "src/mcp_trove_crunchtools/indexer.py" justification = "Phase comments (Phase 1b, Phase 2) document the concurrent pipeline stages for the async indexer." + +[[exceptions]] +check = "lint_suppression" +path = "src/mcp_trove_crunchtools/database.py" +justification = "noqa: S608 on query_errors() f-string SQL — WHERE clause is built from hardcoded strings only, all user values are bound via params tuple." diff --git a/src/mcp_trove_crunchtools/database.py b/src/mcp_trove_crunchtools/database.py index dbbf357..83b6361 100644 --- a/src/mcp_trove_crunchtools/database.py +++ b/src/mcp_trove_crunchtools/database.py @@ -329,8 +329,6 @@ def log_run_error(run_id: int, error_message: str) -> None: ) -# --- Per-file error tracking --- - _TRANSIENT_PATTERNS = ( "connection reset", "dns", diff --git a/src/mcp_trove_crunchtools/tools/status.py b/src/mcp_trove_crunchtools/tools/status.py index 9386d0b..d0b5341 100644 --- a/src/mcp_trove_crunchtools/tools/status.py +++ b/src/mcp_trove_crunchtools/tools/status.py @@ -134,7 +134,6 @@ async def trove_quality( resolved_filter: bool | None = None if show_resolved else False errors = db.query_errors(resolved=resolved_filter, path=path, limit=limit) - # Compute aggregate counts across all errors (not just the page returned) all_errors = db.query_errors(resolved=None, path=path, limit=10_000) total = len(all_errors) resolved_count = sum(1 for e in all_errors if e["resolved"]) diff --git a/tests/test_tools.py b/tests/test_tools.py index 80377bb..6027bd5 100644 --- a/tests/test_tools.py +++ b/tests/test_tools.py @@ -329,13 +329,11 @@ async def test_quality_after_error(self, in_memory_db: sqlite3.Connection) -> No assert result["by_type"]["permanent"] == 1 assert len(result["errors"]) == 2 - # Resolve one error and verify test_db.resolve_errors("/nonexistent/test/bad.pdf") result = await trove_quality(show_resolved=True) assert result["resolved"] == 1 assert result["unresolved"] == 1 - # Default (show_resolved=False) should only return unresolved result = await trove_quality() assert len(result["errors"]) == 1 assert result["errors"][0]["path"] == "/nonexistent/test/corrupt.pdf"