AIBoMGen CLI version
v0.2.1
Go version (if built from source)
go1.25.x
Operating system
Any
Command used
aibomgen-cli scan --input ./my-project --log-level debug
Expected behavior
Debug mode produces additional diagnostic output such as which files are being scanned, which detection rules matched, which HF API endpoints are being called, and what metadata fields are being applied.
Actual behavior
All seven commands (scan, generate, enrich, validate, completeness, merge, vuln-scan) validate --log-level as quiet|standard|debug but every implementation only branches on level == "quiet". The debug branch is never referenced. Running with --log-level debug produces output identical to --log-level standard. The accepted value is dead code.
Additional context
Fix: either implement meaningful debug output (e.g. per-file scan hits, per-field metadata apply results, HTTP request URLs) or remove debug from the accepted values and documentation until it is implemented. Leaving a documented but no-op flag erodes trust in the CLI's observability story.
AIBoMGen CLI version
v0.2.1
Go version (if built from source)
go1.25.x
Operating system
Any
Command used
Expected behavior
Debug mode produces additional diagnostic output such as which files are being scanned, which detection rules matched, which HF API endpoints are being called, and what metadata fields are being applied.
Actual behavior
All seven commands (
scan,generate,enrich,validate,completeness,merge,vuln-scan) validate--log-levelasquiet|standard|debugbut every implementation only branches onlevel == "quiet". Thedebugbranch is never referenced. Running with--log-level debugproduces output identical to--log-level standard. The accepted value is dead code.Additional context
Fix: either implement meaningful debug output (e.g. per-file scan hits, per-field metadata apply results, HTTP request URLs) or remove
debugfrom the accepted values and documentation until it is implemented. Leaving a documented but no-op flag erodes trust in the CLI's observability story.