feat: link cli-run to its full_scan via report_run_id on finalize

The depscan side now joins cli_run → full_scans → repositories via the
report_run_id field to surface the scanned repo in the admin dashboard
view of each CLI run. Wire the CLI to send the full_scan_id (== the
report_run_id depscan expects) when it has one.

- finalize_cli_run accepts an optional report_run_id and includes it
  (nullable) in the POST body.
- streaming.py adds a module-level _report_run_id holder and a
  set_report_run_id() setter; teardown passes it through to finalize.
- socketcli.py captures diff.id at a single chokepoint after the
  diff-producing branches converge, guarded against the NO_DIFF_RAN /
  NO_SCAN_RAN sentinel values.

The field is nullable end-to-end so CLI invocations that fail before
producing a diff (or are run in modes that don't create one) still
finalize cleanly.

Author: barslev

socketsecurity/core/cli_run.py

@@ -51,12 +51,13 @@ def finalize_cli_run(
     client: CliClient,
     run_id: str,
     status: str = "success",
+    report_run_id: Optional[str] = None,
 ) -> None:
     try:
         client.request(
             path=f"python-cli-runs/{run_id}/finalize",
             method="POST",
-            payload=json.dumps({"status": status}),
+            payload=json.dumps({"status": status, "report_run_id": report_run_id}),
         )
     except Exception as e:
         log.debug(f"cli-run finalize failed (swallowed): {e}")

socketsecurity/core/streaming.py

@@ -17,13 +17,19 @@
 from .log_uploader import BatchedLogUploader, UploadingLogHandler
 
 _run_status: str = "success"
+_report_run_id: Optional[str] = None
 
 
 def set_run_status(status: str) -> None:
     global _run_status
     _run_status = status
 
 
+def set_report_run_id(report_run_id: Optional[str]) -> None:
+    global _report_run_id
+    _report_run_id = report_run_id
+
+
 def setup_streaming(
     *,
     client: CliClient,
@@ -66,7 +72,7 @@ def teardown() -> None:
         cli_logger.removeHandler(upload_handler)
         sdk_logger.removeHandler(upload_handler)
         log_uploader.stop()
-        finalize_cli_run(client, run_id, status=_run_status)
+        finalize_cli_run(client, run_id, status=_run_status, report_run_id=_report_run_id)
         cli_logger.removeHandler(terminal_handler)
         sdk_logger.removeHandler(terminal_handler)
         cli_logger.setLevel(saved_levels[0])

socketsecurity/socketcli.py

@@ -21,7 +21,7 @@
 from socketsecurity.core.messages import Messages
 from socketsecurity.core.scm_comments import Comments
 from socketsecurity.core.socket_config import SocketConfig
-from socketsecurity.core.streaming import set_run_status, setup_streaming
+from socketsecurity.core.streaming import set_report_run_id, set_run_status, setup_streaming
 from socketsecurity.output import OutputHandler
 
 socket_logger, log = initialize_logging()
@@ -761,6 +761,9 @@ def _is_unprocessed(c):
             )
             output_handler.handle_output(diff)
 
+    if diff.id not in ("NO_DIFF_RAN", "NO_SCAN_RAN"):
+        set_report_run_id(diff.id)
+
     # Handle license generation
     if not should_skip_scan and diff.id != "NO_DIFF_RAN" and diff.id != "NO_SCAN_RAN" and config.generate_license:
         all_packages = {}

tests/unit/test_cli_run.py

@@ -49,14 +49,22 @@ def test_register_cli_run_returns_none_on_bad_json():
     assert register_cli_run(client, client_version="1.0.0") is None
 
 
-def test_finalize_cli_run_posts_status():
+def test_finalize_cli_run_posts_status_and_null_report_run_id_by_default():
     client = Mock(spec=CliClient)
     finalize_cli_run(client, "run-x", status="failure")
 
     args, kwargs = client.request.call_args
     assert kwargs["path"] == "python-cli-runs/run-x/finalize"
     assert kwargs["method"] == "POST"
-    assert json.loads(kwargs["payload"]) == {"status": "failure"}
+    assert json.loads(kwargs["payload"]) == {"status": "failure", "report_run_id": None}
+
+
+def test_finalize_cli_run_includes_report_run_id_when_provided():
+    client = Mock(spec=CliClient)
+    finalize_cli_run(client, "run-x", status="success", report_run_id="fs-abc")
+
+    body = json.loads(client.request.call_args.kwargs["payload"])
+    assert body == {"status": "success", "report_run_id": "fs-abc"}
 
 
 def test_finalize_cli_run_swallows_errors():

tests/unit/test_streaming.py

@@ -4,14 +4,20 @@
 import pytest
 
 import socketsecurity.core.streaming as streaming_mod
-from socketsecurity.core.streaming import set_run_status, setup_streaming
+from socketsecurity.core.streaming import (
+    set_report_run_id,
+    set_run_status,
+    setup_streaming,
+)
 
 
 @pytest.fixture(autouse=True)
-def reset_run_status():
+def reset_streaming_state():
     streaming_mod._run_status = "success"
+    streaming_mod._report_run_id = None
     yield
     streaming_mod._run_status = "success"
+    streaming_mod._report_run_id = None
 
 
 def test_setup_streaming_returns_none_when_register_fails():
@@ -32,8 +38,8 @@ def test_teardown_finalizes_with_current_run_status():
 
     finalize_calls = []
 
-    def fake_finalize(client, run_id, status="success"):
-        finalize_calls.append(status)
+    def fake_finalize(client, run_id, status="success", report_run_id=None):
+        finalize_calls.append((status, report_run_id))
 
     with patch("socketsecurity.core.streaming.register_cli_run", return_value="run-1"), \
          patch("socketsecurity.core.streaming.finalize_cli_run", side_effect=fake_finalize), \
@@ -49,9 +55,10 @@ def fake_finalize(client, run_id, status="success"):
         assert teardown is not None
 
         set_run_status("failure")
+        set_report_run_id("fs-xyz")
         teardown()
 
-    assert finalize_calls == ["failure"]
+    assert finalize_calls == [("failure", "fs-xyz")]
 
 
 def test_set_run_status_default_is_success():
@@ -60,8 +67,8 @@ def test_set_run_status_default_is_success():
 
     finalize_calls = []
 
-    def fake_finalize(client, run_id, status="success"):
-        finalize_calls.append(status)
+    def fake_finalize(client, run_id, status="success", report_run_id=None):
+        finalize_calls.append((status, report_run_id))
 
     with patch("socketsecurity.core.streaming.register_cli_run", return_value="run-2"), \
          patch("socketsecurity.core.streaming.finalize_cli_run", side_effect=fake_finalize), \
@@ -76,7 +83,7 @@ def fake_finalize(client, run_id, status="success"):
         )
         teardown()
 
-    assert finalize_calls == ["success"]
+    assert finalize_calls == [("success", None)]
 
 
 def test_setup_streaming_restores_logger_state_on_teardown():