feat: add new consolidated --print-graph flag [CSENG-182]

[snyk-abedonik]

• Tests written and linted ℹ︎
• Documentation written ℹ︎
• Commit history is tidy ℹ︎

What this does

The existing --print-effective-graph and --print-effective-graph-with-errors flags were designed as monolithic toggles that each bundled output format and content concerns together. This made it difficult to extend or compose behaviour without introducing yet more flag combinations.

This PR introduces a new consolidated --print-graph flag as the single entry point for requesting dependency graph output, with orthogonal toggles controlling independent axes of behaviour:

• --jsonl-output — emit the graph as JSONL instead of plain text
• --effective-graph — return the pruned/effective graph
• --print-errors — include resolution errors in the output

The legacy flags (--print-effective-graph, --print-effective-graph-with-errors) are preserved and handled via a compatibility path in chooseGraphArgument, so existing callers are not broken.

The SBOM resolution path (sbom_resolution.go) has been migrated to use the new consolidated flags (--print-graph + --jsonl-output + --print-errors), replacing the previous direct use of --print-effective-graph-with-errors.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Behavioral Regression 🔴 [critical] The executeLegacyWorkflow function unsets FlagPrintEffectiveGraph and FlagPrintEffectiveGraphWithErrors without setting FlagPrintEffectiveGraph back to true in the new configuration. In the legacy implementation (see old hunk), it requested a pruned/effective graph. In the new implementation, because FlagPrintEffectiveGraph is missing, prepareLegacyFlags in legacy_resolution.go will not append the --effective-graph modifier. This causes the fallback resolution to return a full dependency graph instead of a pruned one, which likely breaks downstream logic expecting a resolved/effective graph. legacyConfig.Set(FlagPrintGraph, true) legacyConfig.Set(FlagJSONLOutput, true) legacyConfig.Set(FlagPrintErrors, true) legacyConfig.Unset(FlagPrintEffectiveGraph) legacyConfig.Unset(FlagPrintEffectiveGraphWithErrors) Parser Mismatch 🟠 [major] In chooseGraphArgument, when FlagPrintGraph is enabled, the parser defaults to PlainText unless FlagJSONLOutput is explicitly set. If a user provides FlagPrintEffectiveGraph (via --effective-graph) but omits the JSONL toggle, the system will use a PlainText parser. However, evidence from the legacy paths (lines 50, 53, 56) shows that effective graphs are always returned in JSONL format. Attempting to parse JSONL output with a PlainText parser will result in a failure to extract the graph or any errors associated with it. if config.GetBool(FlagPrintGraph) { if config.GetBool(FlagJSONLOutput) { return "--print-graph", parsers.NewJSONL() } return "--print-graph", parsers.NewPlainText() }

📚 Repository Context Analyzed This review considered 14 relevant code sections from 12 files (average relevance: 0.84) pkg/ecosystems/orchestrator/orchestrator.go (lines 1-223) pkg/depgraph/errors.go (lines 1-183) internal/conversion/sbom.go (lines 1-77) pkg/ecosystems/README.md (lines 256-443) pkg/ecosystems/options.go (lines 1-93) internal/uv/uv_plugin.go (lines 1-232) pkg/depgraph/legacy_resolution.go (2 segments, lines 1-98) ... and 5 more file(s)