chore: adding scope flags to cli [CSENG-68]

chore: update os flow version

Author: brew42

cliv2/go.mod

@@ -11,18 +11,18 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/rs/zerolog v1.34.0
 	github.com/snyk/cli-extension-ai-bom v0.0.0-20260115091503-3d0699c466ef
-	github.com/snyk/cli-extension-dep-graph v0.15.1
+	github.com/snyk/cli-extension-dep-graph v0.14.3
 	github.com/snyk/cli-extension-iac v0.0.0-20250829110702-b41ac109dab0
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20260115114457-a8ac3358ec57
-	github.com/snyk/cli-extension-mcp-scan v0.0.0-20260120142932-0eea0566625a
-	github.com/snyk/cli-extension-os-flows v0.0.0-20260115160519-84f621016a34
+	github.com/snyk/cli-extension-mcp-scan v0.0.0-20251217093101-0705cbe3593b
+	github.com/snyk/cli-extension-os-flows v0.0.0-20260126114133-44216d2c49f1
 	github.com/snyk/cli-extension-sbom v0.0.0-20260109124810-cfdd074f8eeb
 	github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
 	github.com/snyk/error-catalog-golang-public v0.0.0-20260108110943-21ad0c940c14
-	github.com/snyk/go-application-framework v0.0.0-20260123095953-bb4eb487ccfb
+	github.com/snyk/go-application-framework v0.0.0-20260126083422-c997413c310e
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
 	github.com/snyk/snyk-iac-capture v0.6.5
-	github.com/snyk/snyk-ls v0.0.0-20260123134153-c85af1965c75
+	github.com/snyk/snyk-ls v0.0.0-20260113102244-36303931affc
 	github.com/snyk/studio-mcp v1.3.0
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.10
@@ -206,7 +206,7 @@ require (
 	github.com/shirou/gopsutil v3.21.11+incompatible // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
-	github.com/snyk/code-client-go v1.25.0 // indirect
+	github.com/snyk/code-client-go v1.24.5 // indirect
 	github.com/snyk/dep-graph/go v0.0.0-20251219134535-fcb262dc6d25 // indirect
 	github.com/snyk/policy-engine v1.1.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
@@ -279,5 +279,3 @@ replace github.com/mattn/go-localereader v0.0.1 => github.com/mattn/go-localerea
 // replace github.com/snyk/cli-extension-ai-bom => ../../cli-extension-ai-bom
 
 // replace github.com/snyk/studio-mcp => ../../studio-mcp
-
-// replace github.com/snyk/cli-extension-mcp-scan => ../../cli-extension-mcp-scan

cliv2/go.sum

@@ -524,36 +524,36 @@ github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnB
 github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/snyk/cli-extension-ai-bom v0.0.0-20260115091503-3d0699c466ef h1:w+PLQGOM3wHGZ89Hhh16AL0OVFfgbZiGs8XYEYxHgks=
 github.com/snyk/cli-extension-ai-bom v0.0.0-20260115091503-3d0699c466ef/go.mod h1:vcRqbTJ3oEM4I6q88opeq2erDtdXW9TLKhU63iJXPM4=
-github.com/snyk/cli-extension-dep-graph v0.15.1 h1:SK1cMIfIzpmQhcfVnn77FZHQgcXT/3d9ZzTog1uPT3c=
-github.com/snyk/cli-extension-dep-graph v0.15.1/go.mod h1:Do/xNThRKSbZcIC2JCCgkBJ2X/h/YbN5i12znPEEvjY=
+github.com/snyk/cli-extension-dep-graph v0.14.3 h1:kwIsZhukBVRTOmcyDel2/KCCPyH0pdcq18QEM4QL7Oc=
+github.com/snyk/cli-extension-dep-graph v0.14.3/go.mod h1:Do/xNThRKSbZcIC2JCCgkBJ2X/h/YbN5i12znPEEvjY=
 github.com/snyk/cli-extension-iac v0.0.0-20250829110702-b41ac109dab0 h1:ecGoMisVTnz5xRnt9yXW2hlRrIyYM123yMt1NeNEo6s=
 github.com/snyk/cli-extension-iac v0.0.0-20250829110702-b41ac109dab0/go.mod h1:tLxyhtrRiEvbSLQ6PbCsl29ZXK6s2aunRuL6cSe/8cE=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20260115114457-a8ac3358ec57 h1:8A/m+2Kqq7YylEZxAO/Ap6C5Fr+21WRM9BecxzOg098=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20260115114457-a8ac3358ec57/go.mod h1:AFto63ozNmCXtKb5oTTD3Qz1jEl/HCqCVwpZCfTpSIE=
-github.com/snyk/cli-extension-mcp-scan v0.0.0-20260120142932-0eea0566625a h1:ElZXU6njO7McDQ7u7nAsJ5PCcwvA2+dEsadRM4P41JQ=
-github.com/snyk/cli-extension-mcp-scan v0.0.0-20260120142932-0eea0566625a/go.mod h1:i/EDskKxg68MtWaIOWFyataAMtcXOb/DQPLxT5jtLRE=
-github.com/snyk/cli-extension-os-flows v0.0.0-20260115160519-84f621016a34 h1:VtbScRQpbpmOE6MqHhMHUhQszSUO83oeVUb7U8td0uE=
-github.com/snyk/cli-extension-os-flows v0.0.0-20260115160519-84f621016a34/go.mod h1:s3HX7yjdyP5PYe+ZTMyrJA5wv6hCnmfGdh7Nk5la6tY=
+github.com/snyk/cli-extension-mcp-scan v0.0.0-20251217093101-0705cbe3593b h1:d8s+TntutaQlPcB+5I2781ALWEgGfQh2XQjPrt0oRy8=
+github.com/snyk/cli-extension-mcp-scan v0.0.0-20251217093101-0705cbe3593b/go.mod h1:dRgGvQssSQ1U//nQ0D+H8JXnjz1ZhG9GWbz8GEaFRMQ=
+github.com/snyk/cli-extension-os-flows v0.0.0-20260126114133-44216d2c49f1 h1:xlw3z5a6KrpoLXgoGjzjc3LyxDjZCxylHuiEoQ8U9No=
+github.com/snyk/cli-extension-os-flows v0.0.0-20260126114133-44216d2c49f1/go.mod h1:eYla0N+RzCa88JT6v4t/sAQthfJgyOHO1Oj9J72/Exw=
 github.com/snyk/cli-extension-sbom v0.0.0-20260109124810-cfdd074f8eeb h1:5cAi3VwdoE4d6kc6D6qSge11e/ALBMmuBatySFd8rfE=
 github.com/snyk/cli-extension-sbom v0.0.0-20260109124810-cfdd074f8eeb/go.mod h1:jIACVV10j4pW7LFrlYYtjn9mZm2JnXeFBM6/aTNJgvM=
-github.com/snyk/code-client-go v1.25.0 h1:1lcg6asMpMWwpaZLKVDdci3OrAv6rRoCsCcT8Ci/fUI=
-github.com/snyk/code-client-go v1.25.0/go.mod h1:YYggK3UbOHl5rg7uBhLzsKZBFNavcwFUse/EWCKWdzw=
+github.com/snyk/code-client-go v1.24.5 h1:ySsfTeaNmi3nWSuM3YaVIiSAG+H/ikD2hACxqneIZJw=
+github.com/snyk/code-client-go v1.24.5/go.mod h1:YYggK3UbOHl5rg7uBhLzsKZBFNavcwFUse/EWCKWdzw=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9fEJCkXEOjboZjY+77lQfnvqBZ/60xNHk=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
 github.com/snyk/dep-graph/go v0.0.0-20251219134535-fcb262dc6d25 h1:dwJ4Kdp4c5aaWI+waHomarhouWF6BUYzfen0B6aqaNA=
 github.com/snyk/dep-graph/go v0.0.0-20251219134535-fcb262dc6d25/go.mod h1:hTr91da/4ze2nk9q6ZW1BmfM2Z8rLUZSEZ3kK+6WGpc=
 github.com/snyk/error-catalog-golang-public v0.0.0-20260108110943-21ad0c940c14 h1:R74dgtKtcrIOG/349YDV8arH7D09pob3lAcJc290FqI=
 github.com/snyk/error-catalog-golang-public v0.0.0-20260108110943-21ad0c940c14/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
-github.com/snyk/go-application-framework v0.0.0-20260123095953-bb4eb487ccfb h1:UrbwqO33pr/m4Nyx0vugkktvd6c7m+Hf+GhRG9foN1E=
-github.com/snyk/go-application-framework v0.0.0-20260123095953-bb4eb487ccfb/go.mod h1:LPR080GrK2jqNN9/hgVwKkXTVS3BlvwqmTN60lX5wdA=
+github.com/snyk/go-application-framework v0.0.0-20260126083422-c997413c310e h1:VEtn9Hy4J+QWkxdVIoi73ERjNprvq3QOkWck5PRw1ag=
+github.com/snyk/go-application-framework v0.0.0-20260126083422-c997413c310e/go.mod h1:LPR080GrK2jqNN9/hgVwKkXTVS3BlvwqmTN60lX5wdA=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
 github.com/snyk/policy-engine v1.1.2 h1:BYWigTxPjiQer4m2jYhO623KmGdmmzA3S60k9AJPT+Q=
 github.com/snyk/policy-engine v1.1.2/go.mod h1:WW0eEb6adCEZ8CPGYsq19J6iPsvoeeTet+OWdU5Nrlw=
 github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E=
 github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk=
-github.com/snyk/snyk-ls v0.0.0-20260123134153-c85af1965c75 h1:vESgXzdRk44Gz3Ro1ZAodTD6DyexC4GFGGPbjkO/6CQ=
-github.com/snyk/snyk-ls v0.0.0-20260123134153-c85af1965c75/go.mod h1:+DFpqPnUgqNDCa1bhszp+oPh/MP4HGLQCf4lMTBwVVQ=
+github.com/snyk/snyk-ls v0.0.0-20260113102244-36303931affc h1:SDrgJvB+1Sqg+RUvywrn3JGvvBNgR1fXBRrtEv0qSxI=
+github.com/snyk/snyk-ls v0.0.0-20260113102244-36303931affc/go.mod h1:STDRX94wGUjny7cg2a1gxbsmoXNuHQJISQWQKGOjRZ0=
 github.com/snyk/studio-mcp v1.3.0 h1:6eqjiaab9hILdoY4awAF2z+xj03VOB93DbLhlzYyRB4=
 github.com/snyk/studio-mcp v1.3.0/go.mod h1:+OuCQy/pOysingGYHNUojmpSVse/q36KODBaJlOvsNQ=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=

cliv2/internal/proxy/interceptor/legacyfeatureflaginterceptor.go

@@ -0,0 +1,78 @@
+package interceptor
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"net/http"
+	"regexp"
+
+	"github.com/elazarl/goproxy"
+	"github.com/snyk/go-application-framework/pkg/workflow"
+)
+
+const FeatureFlagShowMavenBuildScope = "internal_snyk_show_maven_scope_enabled"
+const FeatureFlagShowNpmBuildScope = "internal_snyk_show_npm_scope_enabled"
+
+type legacyFeatureFlagInterceptor struct {
+	requestCondition goproxy.ReqCondition
+	invocationCtx    workflow.InvocationContext
+}
+
+type featureFlagResponse struct {
+	OK bool `json:"ok"`
+}
+
+func (ni legacyFeatureFlagInterceptor) GetCondition() goproxy.ReqCondition {
+	return ni.requestCondition
+}
+
+// GetHandler for legacyFeatureFlagInterceptor will re-route all registry requests from the proxy to the configured feature flag values.
+// This ensures that we can control feature flag values for the legacy CLI from the CLIv2 configuration.
+// Currently, only the "show-maven-build-scope" and "show-npm-scope" feature flags are supported.
+func (ni legacyFeatureFlagInterceptor) GetHandler() goproxy.FuncReqHandler {
+	return func(req *http.Request, proxyCtx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
+		ni.invocationCtx.GetEnhancedLogger().Printf("legacyFeatureFlagInterceptor handling request for %s", req.URL.Path)
+		var configKey string
+		switch req.URL.Path {
+		case "/v1/cli-config/feature-flags/show-maven-build-scope":
+			configKey = FeatureFlagShowMavenBuildScope
+		case "/v1/cli-config/feature-flags/show-npm-scope":
+			configKey = FeatureFlagShowNpmBuildScope
+		default:
+			return req, nil
+		}
+
+		enabled := ni.invocationCtx.
+			GetConfiguration().
+			GetBool(configKey)
+
+		payload := featureFlagResponse{OK: enabled}
+		b, err := json.Marshal(payload)
+		if err != nil {
+			return req, nil
+		}
+
+		resp := &http.Response{
+			StatusCode: http.StatusOK,
+			Status:     "200 OK",
+			Header:     make(http.Header),
+			Body:       io.NopCloser(bytes.NewReader(b)),
+			Request:    req,
+		}
+		resp.Header.Set("Content-Type", "application/json")
+		ni.invocationCtx.GetEnhancedLogger().Printf("legacyFeatureFlagInterceptor response for %s is %v", configKey, enabled)
+
+		return req, resp
+	}
+}
+
+func NewLegacyFeatureFlagInterceptor(invocationCtx workflow.InvocationContext) Interceptor {
+	i := legacyFeatureFlagInterceptor{
+		requestCondition: goproxy.UrlMatches(
+			regexp.MustCompile(`/cli-config/feature-flags/(show-maven-build-scope|show-npm-scope)/?$`),
+		),
+		invocationCtx: invocationCtx,
+	}
+	return i
+}

cliv2/internal/proxy/interceptor/legacyfeatureflaginterceptor_test.go

@@ -0,0 +1,94 @@
+package interceptor
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/rs/zerolog"
+	"github.com/snyk/go-application-framework/pkg/mocks"
+
+	"github.com/elazarl/goproxy"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLegacyFeatureFlagInterceptor_Routing(t *testing.T) {
+	tests := []struct {
+		name         string
+		path         string
+		shouldHandle bool
+		configKey    string // only used when shouldHandle == true
+	}{
+		{
+			name:         "maven path",
+			path:         "https://example.com/v1/cli-config/feature-flags/show-maven-build-scope?org=abc",
+			shouldHandle: true,
+			configKey:    FeatureFlagShowMavenBuildScope,
+		},
+		{
+			name:         "npm path",
+			path:         "https://example.com/v1/cli-config/feature-flags/show-npm-scope?org=abc",
+			shouldHandle: true,
+			configKey:    FeatureFlagShowNpmBuildScope,
+		},
+		{
+			name:         "other path",
+			path:         "https://example.com/api/v1/other-endpoint",
+			shouldHandle: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+
+			configMock := mocks.NewMockConfiguration(ctrl)
+
+			// Only expect config access when the interceptor should handle the path.
+			if tt.shouldHandle {
+				configMock.EXPECT().
+					GetBool(tt.configKey).
+					Return(true).
+					AnyTimes()
+			}
+
+			invocationCtxMock := mocks.NewMockInvocationContext(ctrl)
+			invocationCtxMock.EXPECT().
+				GetConfiguration().
+				Return(configMock).
+				AnyTimes()
+
+			interceptor := NewLegacyFeatureFlagInterceptor(invocationCtxMock)
+			handler := interceptor.GetHandler()
+
+			req := httptest.NewRequest(http.MethodGet, tt.path, nil)
+			proxyCtx := &goproxy.ProxyCtx{}
+
+			matched := interceptor.GetCondition().HandleReq(req, proxyCtx)
+			assert.Equal(t, tt.shouldHandle, matched)
+
+			if !tt.shouldHandle {
+				return
+			}
+
+			logger := zerolog.Nop()
+			invocationCtxMock.EXPECT().GetEnhancedLogger().Return(&logger).AnyTimes()
+
+			_, resp := handler(req, proxyCtx)
+			assert.NotNil(t, resp)
+			assert.Equal(t, http.StatusOK, resp.StatusCode)
+			assert.Equal(t, "application/json", resp.Header.Get("Content-Type"))
+
+			bodyBytes, err := io.ReadAll(resp.Body)
+			assert.NoError(t, err)
+
+			var parsed featureFlagResponse
+			assert.NoError(t, json.Unmarshal(bodyBytes, &parsed))
+			assert.True(t, parsed.OK)
+		})
+	}
+}

cliv2/pkg/basic_workflows/legacycli.go

@@ -190,6 +190,7 @@ func createInternalProxy(config configuration.Configuration, debugLogger *zerolo
 	}
 
 	wrapperProxy.RegisterInterceptor(interceptor.NewV1AnalyticsInterceptor(invocation))
+	wrapperProxy.RegisterInterceptor(interceptor.NewLegacyFeatureFlagInterceptor(invocation))
 	// The networkinjector intercepts all requests from the legacy CLI and re-routes them to the existing networking
 	// layer. It should therefore be kept as the last interceptor in the chain, as it circuit breaks goproxy's own
 	// routing. Any interceptor added later will not be called.