Fix has_manifest_files failing to match root-level manifest files

[dc-larsen]

Summary

has_manifest_files() unconditionally prepends **/ to patterns without /, then matches using PurePath.match(). In Python 3.12+, PurePath("package.json").match("**/package.json") returns False because ** requires at least one directory component. Root-level manifest files (the common case) never match.

This sets has_supported_files=False, forcing every scan into full scan mode instead of diff scan mode. Full scans don't post MR/PR comments.

Fix

Try the direct pattern match first (handles root-level files), then fall back to **/ prefixed pattern for subdirectory matching.

Reproduction

1. Create a git repo with package.json at the root
2. Run socketcli --target-path . --enable-debug --enable-diff
3. Before fix: has_supported_files=False, falls back to full scan
4. After fix: has_supported_files=True, proceeds with diff scan

Test plan

• Added unit tests for root-level, subdirectory, wildcard, and edge cases (11 tests)
• Reproduced locally on Python 3.14, confirmed fix resolves the issue
• Verify socketdev/cli:latest Docker image Python version

Fixes Zendesk #2447

[github-actions]

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.77.dev3

Docker image: socketdev/cli:pr-168

[lelia]

❌ Version Check Failed

Please increment...

@dc-larsen you can resolve this locally by running python .hooks/version_check.py

[lelia]

@dc-larsen I recently added a GH workflow that will automatically runs unit tests for the CLI when PRs are opened, but I realized it won't pick up anything under /tests/core/**/*.py. Could you please make the following updates:

• Update .github/workflows/python-tests.yml to trigger on tests/core/**/*.py (not just tests/unit/**/*.py)
• Update the workflow test command (L50) to run both suites (or all tests), e.g. uv run pytest -q tests/unit/ tests/core/ or uv run pytest -q tests/

Thanks!

[dc-larsen]

Done — added tests/core/**/*.py to the trigger paths and updated the test command to run both suites.

[lelia]

Done — added tests/core/**/*.py to the trigger paths and updated the test command to run both suites.

Thanks! Looks like that has surfaced some legitimate test failures, but I don't believe they were introduced by your PR.

Rather, there's been some substantial drift between several core unit tests and the SDK model that the CLI relies upon, and because these tests weren't running continuously, it's likely they've been silently failing for a while.

If you're curious, here's the details for the fixes I just pushed up to get tests passing:

• Updated stale core test fixtures/mocks to match current SDK/core behavior:
  • tests/core/conftest.py
  • tests/data/repos/repo_info_success.json
  • tests/data/repos/repo_info_no_head.json
• Updated outdated test expectations and object construction in:
  • tests/core/test_sdk_methods.py
  • tests/core/test_package_and_alerts.py
  • tests/core/test_supporting_methods.py
  • tests/core/test_diff_generation.py
  • tests/core/test_has_manifest_files.py
• Fixed real core compatibility gaps surfaced by enabling tests/core:
  • socketsecurity/core/classes.py
    • Package now supports optional release/diffType in full-scan contexts
    • from_diff_artifact now handles current diff artifact shapes (including enum diffType and flattened/no-ref variants)
  • socketsecurity/core/__init__.py
    • get_sbom_data now consistently returns artifact dicts (matching downstream usage)

Now that we have these tests running regularly, we should be able to prevent a lot more CLI <> SDK drift! 🎉