惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
S
Schneier on Security
Latest news
Latest news
F
Full Disclosure
T
Tenable Blog
T
Troy Hunt's Blog
The Last Watchdog
The Last Watchdog
S
Secure Thoughts
L
LangChain Blog
有赞技术团队
有赞技术团队
Project Zero
Project Zero
Cloudbric
Cloudbric
爱范儿
爱范儿
GbyAI
GbyAI
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
The Exploit Database - CXSecurity.com
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Recorded Future
Recorded Future
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
C
Cisco Blogs
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Engineering at Meta
Engineering at Meta
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
Kaspersky official blog
The Hacker News
The Hacker News
V
V2EX
F
Fortinet All Blogs
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News | PayPal Newsroom
博客园 - 三生石上(FineUI控件)
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
feat: support pi and opencode autoreview engines · openclaw/openclaw@31a189d
steipete · 2026-05-22 · via Recent Commits to openclaw:main

@@ -4,6 +4,7 @@ from __future__ import annotations

44

import argparse

55

import json

66

import os

7+

import re

78

import subprocess

89

import sys

910

import tempfile

@@ -67,11 +68,19 @@ SCHEMA: dict[str, Any] = {

6768

}

6869697070-

def run(args: list[str], cwd: Path, *, input_text: str | None = None, check: bool = True) -> subprocess.CompletedProcess[str]:

71+

def run(

72+

args: list[str],

73+

cwd: Path,

74+

*,

75+

input_text: str | None = None,

76+

env: dict[str, str] | None = None,

77+

check: bool = True,

78+

) -> subprocess.CompletedProcess[str]:

7179

result = subprocess.run(

7280

args,

7381

cwd=cwd,

7482

input=input_text,

83+

env=env,

7584

text=True,

7685

stdout=subprocess.PIPE,

7786

stderr=subprocess.PIPE,

@@ -396,6 +405,127 @@ def run_copilot(args: argparse.Namespace, repo: Path, prompt: str) -> str:

396405

return result.stdout

397406398407408+

def run_pi(args: argparse.Namespace, repo: Path, prompt: str) -> str:

409+

if not args.tools:

410+

raise SystemExit("--no-tools is not supported by the pi engine; use --tools read-only allowlist for review")

411+

if not args.model:

412+

raise SystemExit("--engine pi requires --model because autoreview isolates PI_CODING_AGENT_DIR from user settings")

413+

with tempfile.TemporaryDirectory(prefix="autoreview-pi.") as tempdir:

414+

temp = Path(tempdir)

415+

prompt_path = temp / "prompt.txt"

416+

prompt_path.write_text(prompt)

417+

os.chmod(prompt_path, 0o600)

418+

env = os.environ.copy()

419+

agent_dir = temp / "agent"

420+

agent_dir.mkdir()

421+

env["PI_CODING_AGENT_DIR"] = str(agent_dir)

422+

env["PI_CODING_AGENT_SESSION_DIR"] = str(temp / "sessions")

423+

env["PI_TELEMETRY"] = "0"

424+

cmd = [

425+

args.pi_bin,

426+

"--no-session",

427+

"--no-context-files",

428+

"--no-extensions",

429+

"--no-skills",

430+

"--no-prompt-templates",

431+

"--no-themes",

432+

"--tools",

433+

pi_readonly_tools(args),

434+

"--mode",

435+

"json",

436+

]

437+

if args.model:

438+

cmd.extend(["--model", args.model])

439+

cmd.extend(["-p", f"@{prompt_path}", "Read the attached review prompt and follow it exactly."])

440+

result = run(cmd, repo, env=env, check=False)

441+

if result.returncode != 0:

442+

raise SystemExit(f"pi engine failed ({result.returncode})\n{result.stderr or result.stdout}")

443+

return result.stdout

444+445+446+

def run_opencode(args: argparse.Namespace, repo: Path, prompt: str) -> str:

447+

if not args.tools:

448+

raise SystemExit("--no-tools is not supported by the opencode engine; opencode requires read-only tools to load the review bundle")

449+

with tempfile.TemporaryDirectory(prefix="autoreview-opencode.") as tempdir:

450+

temp = Path(tempdir)

451+

config_dir = temp / "config"

452+

config_dir.mkdir()

453+

prompt_path = temp / "prompt.txt"

454+

prompt_path.write_text(prompt)

455+

os.chmod(prompt_path, 0o600)

456+

env = os.environ.copy()

457+

env.update(

458+

{

459+

"OPENCODE_CONFIG_DIR": str(config_dir),

460+

"OPENCODE_CONFIG_CONTENT": json.dumps(opencode_review_config(args)),

461+

"OPENCODE_DISABLE_PROJECT_CONFIG": "1",

462+

"OPENCODE_PURE": "1",

463+

"OPENCODE_DISABLE_AUTOUPDATE": "1",

464+

"OPENCODE_DISABLE_AUTOCOMPACT": "1",

465+

"OPENCODE_DISABLE_MODELS_FETCH": "1",

466+

}

467+

)

468+

cmd = [

469+

args.opencode_bin,

470+

"run",

471+

"--pure",

472+

"--format",

473+

"json",

474+

"--agent",

475+

"autoreview",

476+

"--dir",

477+

str(repo),

478+

"-f",

479+

str(prompt_path),

480+

]

481+

if args.model:

482+

cmd.extend(["--model", args.model])

483+

cmd.append("Read the attached review prompt and follow it exactly. Return only the requested JSON object.")

484+

result = run(cmd, repo, env=env, check=False)

485+

if result.returncode != 0:

486+

raise SystemExit(f"opencode engine failed ({result.returncode})\n{result.stderr or result.stdout}")

487+

return result.stdout

488+489+490+

def pi_readonly_tools(args: argparse.Namespace) -> str:

491+

return "read,grep,find,ls"

492+493+494+

def opencode_review_config(args: argparse.Namespace) -> dict[str, Any]:

495+

permission = {

496+

"*": "deny",

497+

"read": "allow",

498+

"grep": "allow",

499+

"glob": "allow",

500+

"list": "allow",

501+

"edit": "deny",

502+

"bash": "deny",

503+

"task": "deny",

504+

"todowrite": "deny",

505+

"question": "deny",

506+

"repo_clone": "deny",

507+

"repo_overview": "deny",

508+

"skill": "deny",

509+

}

510+

if args.web_search:

511+

permission.update(

512+

{

513+

"webfetch": "allow",

514+

"websearch": "allow",

515+

}

516+

)

517+

return {

518+

"agent": {

519+

"autoreview": {

520+

"description": "Read-only structured code review agent",

521+

"mode": "primary",

522+

"steps": 8,

523+

"permission": permission,

524+

}

525+

}

526+

}

527+528+399529

def claude_allowed_tools(args: argparse.Namespace) -> str:

400530

tools = [tool.strip() for tool in args.claude_allowed_tools.split(",") if tool.strip()]

401531

if not args.web_search:

@@ -434,6 +564,7 @@ def extract_json(text: str) -> dict[str, Any]:

434564435565

def extract_json_from_jsonl(text: str) -> dict[str, Any] | None:

436566

candidates: list[str] = []

567+

assistant_stream: list[str] = []

437568

for line in text.splitlines():

438569

line = line.strip()

439570

if not line:

@@ -444,21 +575,65 @@ def extract_json_from_jsonl(text: str) -> dict[str, Any] | None:

444575

continue

445576

if not isinstance(event, dict):

446577

continue

578+

if isinstance(event.get("text"), str):

579+

candidates.append(event["text"])

580+

assistant_stream.append(event["text"])

581+

if isinstance(event.get("delta"), str):

582+

assistant_stream.append(event["delta"])

447583

part = event.get("part")

448584

if isinstance(part, dict) and isinstance(part.get("text"), str):

449585

candidates.append(part["text"])

586+

assistant_stream.append(part["text"])

587+

assistant_event = event.get("assistantMessageEvent")

588+

if isinstance(assistant_event, dict):

589+

if isinstance(assistant_event.get("content"), str):

590+

candidates.append(assistant_event["content"])

591+

if isinstance(assistant_event.get("delta"), str):

592+

assistant_stream.append(assistant_event["delta"])

593+

partial = assistant_event.get("partial")

594+

if isinstance(partial, dict):

595+

candidates.extend(extract_text_blocks(partial.get("content")))

450596

data = event.get("data")

451597

if isinstance(data, dict) and isinstance(data.get("content"), str):

452598

candidates.append(data["content"])

453599

if isinstance(event.get("result"), str):

454600

candidates.append(event["result"])

601+

message = event.get("message")

602+

if isinstance(message, dict):

603+

texts = extract_text_blocks(message.get("content"))

604+

candidates.extend(texts)

605+

if message.get("role") == "assistant":

606+

assistant_stream.extend(texts)

607+

messages = event.get("messages")

608+

if isinstance(messages, list):

609+

for item in messages:

610+

if not isinstance(item, dict):

611+

continue

612+

texts = extract_text_blocks(item.get("content"))

613+

candidates.extend(texts)

614+

if item.get("role") == "assistant":

615+

assistant_stream.extend(texts)

616+

if assistant_stream:

617+

candidates.append("".join(assistant_stream))

455618

for candidate in reversed(candidates):

456619

parsed = parse_json_candidate(candidate)

457620

if isinstance(parsed, dict) and "findings" in parsed:

458621

return parsed

459622

return None

460623461624625+

def extract_text_blocks(value: Any) -> list[str]:

626+

if isinstance(value, str):

627+

return [value]

628+

if not isinstance(value, list):

629+

return []

630+

result: list[str] = []

631+

for item in value:

632+

if isinstance(item, dict) and isinstance(item.get("text"), str):

633+

result.append(item["text"])

634+

return result

635+636+462637

def parse_json_candidate(text: str) -> Any | None:

463638

stripped = text.strip()

464639

if stripped.startswith("```"):

@@ -468,14 +643,30 @@ def parse_json_candidate(text: str) -> Any | None:

468643

try:

469644

parsed = json.loads(stripped)

470645

except json.JSONDecodeError:

471-

return None

646+

repaired = repair_invalid_json_escapes(stripped)

647+

if repaired == stripped:

648+

return None

649+

try:

650+

parsed = json.loads(repaired)

651+

except json.JSONDecodeError:

652+

return None

472653

if isinstance(parsed, str) and parsed != text:

473654

nested = parse_json_candidate(parsed)

474655

return nested if nested is not None else parsed

475656

return parsed

476657477658478-

def validate_report(report: dict[str, Any], repo: Path, changed_paths: set[str], required: list[str]) -> None:

659+

def repair_invalid_json_escapes(text: str) -> str:

660+

return re.sub(r'\\(?!["\\/bfnrtu])', "", text)

661+662+663+

def validate_report(

664+

report: dict[str, Any],

665+

repo: Path,

666+

changed_paths: set[str],

667+

required: list[str],

668+

required_any: list[str],

669+

) -> None:

479670

allowed_top = {"findings", "overall_correctness", "overall_explanation", "overall_confidence"}

480671

extra_top = set(report) - allowed_top

481672

if extra_top:

@@ -534,6 +725,10 @@ def validate_report(report: dict[str, Any], repo: Path, changed_paths: set[str],

534725

for needle in required:

535726

if needle.lower() not in haystack:

536727

raise SystemExit(f"required finding text not found: {needle}")

728+

for group in required_any:

729+

needles = [needle.strip().lower() for needle in group.split(",") if needle.strip()]

730+

if needles and not any(needle in haystack for needle in needles):

731+

raise SystemExit(f"required finding text not found; need one of: {', '.join(needles)}")

537732538733539734

def number_in_range(value: Any) -> bool:

@@ -574,13 +769,15 @@ def parse_args() -> argparse.Namespace:

574769

parser.add_argument("--mode", choices=["auto", "local", "branch", "commit"], default="auto")

575770

parser.add_argument("--base")

576771

parser.add_argument("--commit", default="HEAD")

577-

parser.add_argument("--engine", choices=["codex", "claude", "droid", "copilot"], default=os.environ.get("AUTOREVIEW_ENGINE", "codex"))

772+

parser.add_argument("--engine", choices=["codex", "claude", "droid", "copilot", "pi", "opencode"], default=os.environ.get("AUTOREVIEW_ENGINE", "codex"))

578773

parser.add_argument("--model")

579774

parser.add_argument("--codex-bin", default=os.environ.get("CODEX_BIN", "codex"))

580775

parser.add_argument("--claude-bin", default=os.environ.get("CLAUDE_BIN", "claude"))

581776

parser.add_argument("--droid-bin", default=os.environ.get("DROID_BIN", "droid"))

582777

parser.add_argument("--copilot-bin", default=os.environ.get("COPILOT_BIN", "copilot"))

583-

parser.add_argument("--no-tools", dest="tools", action="store_false", default=True, help="Disable tools for engines that support it. Codex and copilot reject no-tools review.")

778+

parser.add_argument("--pi-bin", default=os.environ.get("PI_BIN", "pi"))

779+

parser.add_argument("--opencode-bin", default=os.environ.get("OPENCODE_BIN", "opencode"))

780+

parser.add_argument("--no-tools", dest="tools", action="store_false", default=True, help="Disable tools for engines that support it. Codex, copilot, pi, and opencode reject no-tools review.")

584781

parser.add_argument("--no-web-search", dest="web_search", action="store_false", default=True)

585782

parser.add_argument(

586783

"--claude-allowed-tools",

@@ -596,10 +793,11 @@ def parse_args() -> argparse.Namespace:

596793

parser.add_argument("--json-output", help="Write validated structured review JSON.")

597794

parser.add_argument("--parallel-tests", help="Run a test command concurrently with review; failure fails the helper.")

598795

parser.add_argument("--require-finding", action="append", default=[], help="Require finding text to contain this substring.")

796+

parser.add_argument("--require-any-finding", action="append", default=[], help="Require finding text to contain at least one comma-separated substring.")

599797

parser.add_argument("--expect-findings", action="store_true", help="Treat findings as success; for harness acceptance tests.")

600798

parser.add_argument("--dry-run", action="store_true")

601799

args = parser.parse_args()

602-

if args.engine not in {"codex", "claude", "droid", "copilot"}:

800+

if args.engine not in {"codex", "claude", "droid", "copilot", "pi", "opencode"}:

603801

raise SystemExit(f"invalid --engine/AUTOREVIEW_ENGINE: {args.engine}")

604802

return args

605803

@@ -613,6 +811,10 @@ def run_engine(args: argparse.Namespace, repo: Path, prompt: str) -> str:

613811

return run_droid(args, repo, prompt)

614812

if args.engine == "copilot":

615813

return run_copilot(args, repo, prompt)

814+

if args.engine == "pi":

815+

return run_pi(args, repo, prompt)

816+

if args.engine == "opencode":

817+

return run_opencode(args, repo, prompt)

616818

raise SystemExit(f"unsupported engine: {args.engine}")

617819618820

@@ -649,7 +851,7 @@ def main() -> int:

649851

try:

650852

raw = run_engine(args, repo, prompt)

651853

report = extract_json(raw)

652-

validate_report(report, repo, changed_paths, args.require_finding)

854+

validate_report(report, repo, changed_paths, args.require_finding, args.require_any_finding)

653855

if args.json_output:

654856

Path(args.json_output).write_text(json.dumps(report, indent=2) + "\n")

655857