From 6b159710fd4f8ff7ce18dcf52d1c31032c371235 Mon Sep 17 00:00:00 2001 From: joeseverino Date: Tue, 23 Jun 2026 10:46:42 -0500 Subject: [PATCH] fix: bound the vault-MCP parity audit's CLI scan to its own subparser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit parseCliUpdateFlags anchored the end of the update-writeup block on `args = parser.parse_args()`, which lives in __main__.py, not cli.py — so the slice ran to EOF and swept up every later subcommand's flags. Adding any subcommand after update-writeup (the new task-* verbs did) tripped it. Bound the scan to the next `.add_parser(` so it reads only update-writeup, order- independent. --- tests/audits/check-vault-mcp-parity.mjs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/audits/check-vault-mcp-parity.mjs b/tests/audits/check-vault-mcp-parity.mjs index ea643f8..9cbf8b2 100644 --- a/tests/audits/check-vault-mcp-parity.mjs +++ b/tests/audits/check-vault-mcp-parity.mjs @@ -113,7 +113,11 @@ function parseMcpUpdateFields(text) { function parseCliUpdateFlags(text) { const start = text.indexOf('"update-writeup"'); if (start === -1) fail('MCP cli.py is missing the update-writeup subcommand'); - const end = text.indexOf('args = parser.parse_args()', start); + // Bound the scan to this one subparser — stop at the next `.add_parser(`. + // (cli.py builds the parser but never calls parse_args(); that lives in + // __main__.py, so anchoring on `args = parser.parse_args()` ran the slice to + // EOF and swept up every later subcommand's flags.) + const end = text.indexOf('.add_parser(', start + 1); const block = text.slice(start, end === -1 ? text.length : end); const fields = new Set(); for (const match of block.matchAll(/add_argument\("--([a-z][a-z-]*)"/g)) {