add tests to cover diff timeout, API failure behaviors

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

Author: lelia

tests/core/test_sdk_methods.py

@@ -1,4 +1,5 @@
 import pytest
+from socketdev.exceptions import APIFailure
 from socketdev.fullscans import FullScanParams
 
 from socketsecurity.core import Core
@@ -101,6 +102,7 @@ def test_get_added_and_removed_packages(core):
         "head",
         "new",
         use_types=True,
+        include_license_details="true",
     )
 
     # Verify the results
@@ -115,6 +117,25 @@ def test_get_added_and_removed_packages(core):
     assert "dp2_t1" in removed  # Verify transitive dependencies are also tracked
     assert "pypi/direct_package_1@1.6.0" in all_packages  # Unchanged package is in full package map
 
+def test_get_added_and_removed_packages_can_exclude_license_details(core):
+    """Test that diff scan license detail expansion can be disabled."""
+    core.get_added_and_removed_packages("head", "new", include_license_details=False)
+
+    core.sdk.fullscans.stream_diff.assert_called_once_with(
+        core.config.org_slug,
+        "head",
+        "new",
+        use_types=True,
+        include_license_details="false",
+    )
+
+def test_get_added_and_removed_packages_reraises_api_failures(core):
+    """Test that API failures propagate to top-level CLI exit handling."""
+    core.sdk.fullscans.stream_diff.side_effect = APIFailure("upstream request timeout")
+
+    with pytest.raises(APIFailure):
+        core.get_added_and_removed_packages("head", "new")
+
 def test_empty_alerts_preserved(core):
     """Test that empty alerts arrays stay as empty arrays and don't become None"""
     # Get the scan that contains dp2 (which has empty alerts array)

tests/unit/test_cli_config.py

@@ -1,6 +1,9 @@
 import pytest
+
+from socketsecurity import socketcli
 from socketsecurity.config import CliConfig
 
+
 class TestCliConfig:
     def test_api_token_from_env(self, monkeypatch):
         monkeypatch.setenv("SOCKET_SECURITY_API_KEY", "test-token")
@@ -81,4 +84,25 @@ def test_workspace_is_independent_of_workspace_name(self):
             "--workspace-name", "monorepo-suffix",
         ])
         assert config.workspace == "my-workspace"
-        assert config.workspace_name == "monorepo-suffix"
+        assert config.workspace_name == "monorepo-suffix"
+
+    def test_api_request_timeout_defaults_to_twenty_minutes(self):
+        config = CliConfig.from_args(["--api-token", "test"])
+        assert socketcli.get_api_request_timeout(config) == 1200
+
+    def test_socket_sdk_receives_cli_timeout(self, monkeypatch):
+        captured = {}
+
+        def fake_socketdev(**kwargs):
+            captured.update(kwargs)
+            return object()
+
+        monkeypatch.setattr(socketcli, "socketdev", fake_socketdev)
+        config = CliConfig.from_args(["--api-token", "test", "--timeout", "1800"])
+
+        socketcli.build_socket_sdk(config)
+
+        assert captured["token"] == "test"
+        assert captured["timeout"] == 1800
+        assert captured["allow_unverified"] is False
+        assert captured["user_agent"] == f"SocketPythonCLI/{config.version}"

tests/unit/test_socketcli.py

@@ -0,0 +1,36 @@
+import sys
+
+import pytest
+from socketdev.exceptions import APIFailure
+
+from socketsecurity import socketcli
+
+
+def test_cli_honors_disable_blocking_for_api_failures(monkeypatch):
+    def fail_main_code():
+        raise APIFailure("upstream request timeout")
+
+    monkeypatch.setattr(socketcli, "main_code", fail_main_code)
+    monkeypatch.setattr(
+        sys,
+        "argv",
+        ["socketcli", "--api-token", "test", "--disable-blocking"],
+    )
+
+    with pytest.raises(SystemExit) as exc_info:
+        socketcli.cli()
+
+    assert exc_info.value.code == 0
+
+
+def test_cli_returns_error_for_api_failures_without_disable_blocking(monkeypatch):
+    def fail_main_code():
+        raise APIFailure("upstream request timeout")
+
+    monkeypatch.setattr(socketcli, "main_code", fail_main_code)
+    monkeypatch.setattr(sys, "argv", ["socketcli", "--api-token", "test"])
+
+    with pytest.raises(SystemExit) as exc_info:
+        socketcli.cli()
+
+    assert exc_info.value.code == 3