Skip to content

fix: clarify category gate failure message for inclusive threshold#231

Merged
hello-args merged 8 commits into
MCP-Audit:mainfrom
laishettikarthik-tech:main
Jun 11, 2026
Merged

fix: clarify category gate failure message for inclusive threshold#231
hello-args merged 8 commits into
MCP-Audit:mainfrom
laishettikarthik-tech:main

Conversation

@laishettikarthik-tech

@laishettikarthik-tech laishettikarthik-tech commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Closes #209

What this PR does

  • Fixes confusing failure message in category_gate_failures that
    showed "Passed" while exiting with code 1
  • Message now explicitly shows score >= limit with "(inclusive gate)"
  • Updated --fail-on-category help text to explain inclusive semantics
  • Added 3 unit tests for boundary conditions in test_category_gates.py

Changes

  • src/mcts/report/data.py — clearer failure message with score/limit
  • src/mcts/cli/main.py — updated --fail-on-category help text
  • tests/test_category_gates.py — 3 new boundary tests

Before

"Excessive Permissions scored Passed (limit 0)" → exit 1

After

"Excessive Permissions: risk score 0 >= limit 0
(inclusive gate — 'Passed' is category label, not CI result)" → exit 1

@laishettikarthik-tech
fix: clarify category gate failure message for inclusive threshold
25888c2
@laishettikarthik-tech
clarify --fail-on-category help text with inclusive threshold semantics
b618aee 
Updated help message for 'fail_on_category' option to clarify threshold behavior.
@laishettikarthik-tech
add boundary tests for inclusive category gate failure message
e0c7eb2
@laishettikarthik-tech
deduplicate Docker FROM findings by path and image ref
e749457 
Refactor Dockerfile scanning to deduplicate file paths and images.
@laishettikarthik-tech
add Docker supply-chain deduplication tests
d7f58a3 
Add tests for deduplication of Dockerfile findings in various scenarios.
@laishettikarthik-tech

laishettikarthik-tech commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Note for maintainer: This PR contains fixes for two separate issues:

  1. Closes fix: clarify category gate failure message for inclusive threshold #231 — clarify category gate failure message (data.py + main.py + tests)
  2. Closes [BUG] Deduplicate duplicate Docker FROM findings in supply-chain scan #190 — deduplicate Docker FROM findings (supply_chain.py + tests)

Both were committed to the same branch. Happy to split into separate PRs
if preferred — just let me know!

@hello-args

hello-args commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

@laishettikarthik-tech its fine for now, but please make sure to split into different branches when issues are unrelated.
Happy to merge if checks are good!!

@laishettikarthik-tech

laishettikarthik-tech commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for the feedback. Apologies for the failing checks. I'm looking into the CI failures and will submit a fix shortly so the tests pass cleanly.

@hello-args
Merge remote-tracking branch 'origin/main' into pr-231-category-gate
940b1d3
@hello-args
Fix supply_chain IndentationError and merge main into PR MCP-Audit#231.
6108514 
Correct _scan_dockerfile body indentation, sync with main's pyproject
parsing, align docker dedupe tests with unpinned-image detection, and
run ruff format on touched files.
@hello-args
Merge main and resolve test_analyzers conflict for PR MCP-Audit#231.
c96dd88 
Keep data-leakage loopback regression from main alongside Docker
dedupe tests from this branch.
@hello-args hello-args merged commit c21e733 into MCP-Audit:main Jun 11, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Clarify --fail-on-category error when score equals inclusive limit

2 participants

@laishettikarthik-tech @hello-args