fix(scan): fail-soft on Loomweave taint-store write errors (1.0.7)#64
Merged
Conversation
A bare `wardline scan` auto-discovers a running Loomweave from its
published ephemeral port (ADR-044) with no --loomweave-url flag. On an
install without the [loomweave] extra, the opt-in taint-fact write
reached require_blake3() and raised LoomweaveError, which the CLI
surfaced as a hard exit 2 ("could not run — missing blake3 dep"),
killing the gate — its real job — over an optional side-channel's
optional dependency.
Catch LoomweaveError around the taint-store write and degrade to a
not-reachable WriteResult (reported with an actionable warning), at full
parity with the MCP scan tool. The write is best-effort enrichment; it
never changes the scan's exit code. This covers the missing-extra, 4xx,
and bad-scheme cases — closing the whole class, not just blake3.
Realign the finding-lifecycle glossary line anchors shifted by the fix.
Reported by a federated sibling (elspeth).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Cut the Loomweave taint-store write fail-soft fix as 1.0.7 so a base install (no [loomweave] extra) that auto-discovers a running Loomweave can run `wardline scan` again without installing blake3. Unblocks the federated sibling (elspeth) via `pip install -U wardline`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
A bare
wardline scanauto-discovers a running Loomweave from its published ephemeral port (ADR-044) with no--loomweave-urlflag. On an install without the[loomweave]extra, the opt-in taint-fact write reachedrequire_blake3()and raisedLoomweaveError, which the CLI surfaced as a hardexit 2("could not run — missing blake3 dep") — killing the gate (the scan's real job) over an optional side-channel's optional dependency.Reported by a federated sibling (elspeth), whose
wardline scandied in exactly this configuration.Fix
Catch
LoomweaveErroraround the taint-store write and degrade to a not-reachableWriteResult(reported via the existing fail-soft warning + status block), at full parity with the MCPscantool (mcp/server.py), which already handled this. The write is best-effort enrichment; it never changes the scan's exit code. This covers the missing-extra, 4xx, and bad-scheme cases — closing the whole class, not just blake3.src/wardline/cli/scan.py— wrap the loomweave write;LoomweaveError→ not-reachableWriteResult.docs/reference/finding-lifecycle-vocabulary.md+tests/docs/test_glossary_vocabulary.py).chore: prepare wardline 1.0.7— bump so the fix reaches PyPI; unblocks elspeth viapip install -U wardline.Behavior change (intentional)
An explicit
--loomweave-urlwith a 4xx/bad-scheme/missing-extra now degrades soft (warning + completed gate) instead ofexit 2. The warning prints on every--format(reporting sits outside the format branch), so it is never silent.Tests
test_scan_loomweave_error_is_fail_soft— replacestest_scan_loomweave_loud_error_exits_2; pins the 4xx case going soft.test_scan_missing_loomweave_extra_is_fail_soft_when_auto_discovered— reproduces the elspeth scenario end-to-end: realresolve_loomweave_urlpublished-port rung + blake3 absent at its genuine call site →exit 0.wardlineself-gate exit 0.🤖 Generated with Claude Code