Exit codes¶
trustcheck is designed to fit into automation as well as interactive review.
0: success1: upstream PyPI or network failure2: command usage error3: invalid or unexpected response, or internal processing failure4: policy failure triggered by--strictor another enforced policy configuration5: remediation was blocked, could not prove minimality, or failed validation
Automation guidance¶
Treat exit code 4 as a policy gate outcome rather than a crash. In CI, this usually means the tool ran correctly and intentionally blocked promotion.
Exit code 5 means no dependency bytes were accepted. Common causes include
an excluded secure release, an immutable VCS or local dependency, a missing
native locker, search-limit exhaustion, a stale input digest, or a generated
lockfile that failed the final rescan.
This also applies to trustcheck scan: the command prints vulnerability records while still returning 4 when policy settings such as --fail-on-vulnerability any block the release.