fix: align trust command display with ai-trust accuracy improvements#62
fix: align trust command display with ai-trust accuracy improvements#62thebenignhacker merged 1 commit intomainfrom
Conversation
- Normalize registry verdicts (passed/listed/warnings) to CLI vocabulary - Show "Not scanned" instead of misleading "0/100" for unscanned packages - Show "NO DATA" instead of "UNKNOWN/Blocked" for not-found packages - Add confidence display and scan age with staleness warnings - Add disclaimer for unscanned packages - Add next steps guidance for not-found packages (no dead ends) - Lower default --min-trust from 3 to 2 - Exit code 1 when packages not found (unknown != safe) - Update ai-trust dependency to ^0.2.6
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
VERDICT: APPROVE
SUMMARY: This PR updates the trust command display logic to align with ai-trust v0.2.6's improved accuracy reporting. Changes include normalizing registry verdicts, displaying confidence and scan age metadata, adding actionable next steps for unscanned packages, and lowering the default minimum trust threshold from 3 to 2. All changes are display-related formatting and CLI output improvements with no security implications. The dependency bump to ai-trust ^0.2.6 follows standard semver practices for minor version updates.
(No security or correctness findings identified. All changes are presentation-layer improvements to the trust command's console output. The new helper functions normalizeTrustVerdict, formatTrustScore, formatTrustConfidence, and formatTrustScanAge perform safe string formatting and timestamp calculations without external input processing. Exit code logic correctly flags both below-threshold and not-found packages.)
Reviewed 2 files changed (9325 bytes)
1 participant
Summary
Test plan