Add --reach-skip-cache to disable reachability analysis configuration caching and pass --range-style to the Coana fix CLI

[mtorp]

• Add --reach-skip-cache to disable the reachability analysis configuration that otherwise ensures projects previously scanned with tier 1 reachability analysis will scan faster, since the analysis doesn't have to go through the same iterative learning cycle of finding the best analysis configuration.
• Ensure the --range-style option for specifying the range style to use when upgrading packages is passed to the Coana CLI when Coana is used for applying fixes.
• Upgrade the Coana CLI to version 14.12.12.

[claude]

Claude finished @mtorp's task —— View job

---

Pull Request Review Complete ✅

Reviewed PR #724: Add --reach-skip-cache to disable reachability analysis configuration caching

Todo List:

• Read repository setup instructions (CLAUDE.md) - No repo-specific setup file found
• Examine changed files to understand implementation
• Review code quality and best practices
• Check for potential bugs and security issues
• Analyze performance implications
• Provide actionable feedback with specific suggestions

---

Review Summary

This PR successfully implements the --reach-skip-cache flag and ensures --range-style is passed to Coana CLI for fixes. The implementation is well-structured and consistent with the existing codebase patterns.

✅ Strengths

1. Consistent Implementation: The new reachSkipCache flag follows the same pattern as other reachability flags
2. Comprehensive Coverage: Added the flag to all relevant commands (scan create, scan reach, CI)
3. Good Testing: Added test coverage for the new flag in both scan create and scan reach tests
4. Proper Integration: Correctly passes the flag through the entire call chain to Coana CLI
5. Clean Code: No unnecessary complexity or code duplication

📋 Detailed Findings

Code Quality: Excellent

• Flag definition in reachability-flags.mts:34-40 is well-documented with clear description
• Consistent naming convention (reachSkipCache → --reach-skip-cache → --skip-cache-usage)
• Proper type safety throughout the implementation

Architecture: Sound

• New flag properly integrated into ReachabilityOptions type
• Correctly passed through performReachabilityAnalysis function
• Clean separation between CLI flag parsing and Coana CLI execution

Testing: Good Coverage

• Added tests for the new flag in both command test files
• Tests cover the flag both independently and with other reachability options
• Missing: Test for the new flag in CI context (minor)

Security: No Issues Found

• No sensitive data exposure
• Proper parameter validation
• Flag only affects caching behavior, not core security

Performance: Positive Impact

• The --skip-cache flag allows users to bypass potentially stale cache configurations
• May increase analysis time but ensures fresh results when needed
• Good trade-off between speed and correctness

🔍 Specific Code Review

src/commands/fix/coana-fix.mts:101-103, 121-123

...(fixConfig.rangeStyle
  ? ['--range-style', fixConfig.rangeStyle]
  : []),

✅ Good: Correctly passes --range-style to Coana CLI in both fix scenarios

src/commands/scan/perform-reachability-analysis.mts:165

...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []),

✅ Good: Proper conditional flag passing to Coana CLI

src/commands/scan/reachability-flags.mts:34-40

reachSkipCache: {
  type: 'boolean',
  default: false,
  description:
    'Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.',
},

✅ Excellent: Clear, comprehensive description explaining the default behavior and impact

🎯 Minor Suggestions

1. Test Coverage Enhancement - Consider adding a test for the CI command with the new flag
2. Documentation Consistency - The help text correctly shows up in both scan create and scan reach commands

🚀 Recommendation

APPROVE - This PR is ready for merge. The implementation is clean, well-tested, and follows established patterns. The changes are backwards-compatible and add valuable functionality for users who need to bypass cached reachability configurations.

---

[socket-security-staging]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​coana-tech/​cli@​14.12.10 ⏵ 14.12.12	+1		+1

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​coana-tech/​cli@​14.12.10 ⏵ 14.12.12

View full report

[barslev]

LGTM 👍