fix: clear stale labels when findings are downgraded, ignored, or resolved

lelia · lelia · commit bbe170ff2af0 · 2026-03-30T22:41:48.000-04:00
Signed-off-by: lelia &lt;2418071+lelia@users.noreply.github.com&gt;
diff --git a/socket_basics/core/notification/github_pr_notifier.py b/socket_basics/core/notification/github_pr_notifier.py
@@ -36,14 +36,11 @@ def __init__(self, params: Dict[str, Any] | None = None):
 
     def notify(self, facts: Dict[str, Any]) -> None:
         notifications = facts.get('notifications', []) or []
+        labels_enabled = self.config.get('pr_labels_enabled', True)
         
         if not isinstance(notifications, list):
             logger.error('GithubPRNotifier: only supports new format - list of dicts with title/content')
             return
-            
-        if not notifications:
-            logger.info('GithubPRNotifier: no notifications present; skipping')
-            return
 
         # Get full scan URL if available and store it for use in truncation
         self.full_scan_url = facts.get('full_scan_html_url')
@@ -58,6 +55,13 @@ def notify(self, facts: Dict[str, Any]) -> None:
                 logger.warning('GithubPRNotifier: skipping invalid notification item: %s', type(item))
 
         if not valid_notifications:
+            if labels_enabled:
+                pr_number = self._get_pr_number()
+                if pr_number:
+                    self._reconcile_pr_labels(pr_number, [])
+                else:
+                    logger.warning('GithubPRNotifier: unable to determine PR number for label reconciliation')
+            logger.info('GithubPRNotifier: no notifications present; skipping comments')
             return
 
         # Get PR number for current branch
@@ -117,7 +121,7 @@ def notify(self, facts: Dict[str, Any]) -> None:
                 logger.error('GithubPRNotifier: failed to post individual comment')
 
         # Add labels to PR if enabled
-        if self.config.get('pr_labels_enabled', True) and pr_number:
+        if labels_enabled and pr_number:
             labels = self._determine_pr_labels(valid_notifications)
             self._reconcile_pr_labels(pr_number, labels)
     def _managed_pr_label_config(self) -> Dict[str, str]:
diff --git a/tests/test_github_pr_notifier.py b/tests/test_github_pr_notifier.py
@@ -87,3 +87,20 @@ def test_reconcile_pr_labels_clears_managed_labels_when_none_desired(monkeypatch
 
     assert success is True
     assert removed == ['security: high']
+
+
+def test_notify_reconciles_labels_even_when_notifications_are_empty(monkeypatch):
+    notifier = GithubPRNotifier(
+        {
+            'repository': 'SocketDev/socket-basics',
+            'pr_labels_enabled': True,
+        }
+    )
+
+    reconciled: list[tuple[int, list[str]]] = []
+    monkeypatch.setattr(notifier, '_get_pr_number', lambda: 123)
+    monkeypatch.setattr(notifier, '_reconcile_pr_labels', lambda pr_number, labels: reconciled.append((pr_number, labels)) or True)
+
+    notifier.notify({'notifications': []})
+
+    assert reconciled == [(123, [])]
