fix(cli): align audit and analyze --fail-on defaults

[btwshivam]

audit defaults --fail-on to high, analyze defaults it to empty:

// cmd/optiqor/main.go:217 (analyze)
cmd.Flags().StringVar(&failOn, "fail-on", "", "...")

// cmd/optiqor/main.go:572 (audit)
cmd.Flags().StringVar(&failOn, "fail-on", "high", "...")

same chart, identical findings, different exit codes. analyze returns 0 on a HIGH security finding, audit returns 1. confusing for CI authors who switch between the two.

pick one. either lift "" to audit for parity (recommended, opt-in is honest), or push "high" down into analyze. update the README severity table to match.

[github-actions]

Welcome to optiqor-cli, and thanks for opening your first issue!

A maintainer will triage this within 48 hours. While you wait:

• Read CONTRIBUTING.md if you'd like to send a fix
• Try it on your own chart: npx @optiqor/cli analyze ./your-helm-chart
• Discussions for questions and design talk

Tip: if you can paste the output of optiqor analyze --debug ./your-chart (or a minimal chart fragment that reproduces) we'll diagnose 90% faster.

[priyadonthireddy2975]

Hi @btwshivam,

I would like to work on this issue under GirlScript Summer of Code (GSSoC) 2026.

I have reviewed the issue and understand that the default --fail-on behavior between audit and analyze commands needs to be aligned for consistency.

Could you please assign this issue to me?

Thank you!

[rajsingh1301]

/assign

Hey! @btwshivam , Thanks for pointing this out.

That makes sense ,I'll align the default behavior between analyze and audit so they're consistent. The plan is to lift "" to the audit command as suggested, which means both commands will exit with 0 by default unless --fail-on is explicitly configured.

Here's what I'll update:

1. Change the default value of the fail-on flag to "" in newAuditCmd() inside cmd/optiqor/main.go .
2. Update CLAUDE.md and remove the note mentioning stricter --fail-on defaults for audit .
3. Run the full test suite (go test ./...) to make sure everything, including golden file checks, passes cleanly .

I'll open a PR with these changes shortly.

[github-actions]

Assigned to @rajsingh1301. Thanks for picking this up!

Heads-up: if there's no activity (comment or PR linked here) within 10 days, the issue will be auto-released so others can pick it up. Comment any time to reset that timer.

Need help getting started? Check CONTRIBUTING.md or ask in the issue thread.