document --disable-blocking exit behavior

lelia · lelia · commit 8cfbd86d1493 · 2026-05-21T14:40:22.000-04:00
Signed-off-by: lelia &lt;2418071+lelia@users.noreply.github.com&gt;
diff --git a/docs/cli-reference.md b/docs/cli-reference.md
@@ -305,7 +305,7 @@ The CLI will automatically install `@coana-tech/cli` if not present. Use `--reac
 | Parameter                | Required | Default | Description                                                           |
 |:-------------------------|:---------|:--------|:----------------------------------------------------------------------|
 | `--ignore-commit-files`    | False    | False   | Ignore commit files                                                   |
-| `--disable-blocking`       | False    | False   | Disable blocking mode                                                 |
+| `--disable-blocking`       | False    | False   | Non-blocking CI mode: the CLI always exits **0**, even when blocking alerts are present (including with `--strict-blocking`). Also exits 0 on uncaught runtime errors and Socket API failures, so the job is treated as successful while findings and errors are still logged. Takes precedence over `--strict-blocking`. |
 | `--disable-ignore`         | False    | False   | Disable support for `@SocketSecurity ignore` commands in PR comments. When set, alerts cannot be suppressed via comments and ignore instructions are hidden from comment output. |
 | `--strict-blocking`        | False    | False   | Fail on ANY security policy violations (blocking severity), not just new ones. Only works in diff mode. See [Strict Blocking Mode](#strict-blocking-mode) for details. |
 | `--enable-diff`            | False    | False   | Enable diff mode even when using `--integration api` (forces diff mode without SCM integration) |
diff --git a/socketsecurity/config.py b/socketsecurity/config.py
@@ -695,7 +695,11 @@ def create_argument_parser() -> argparse.ArgumentParser:
         "--disable-blocking",
         dest="disable_blocking",
         action="store_true",
-        help="Disable blocking mode"
+        help=(
+            "Non-blocking CI mode: always exit 0, even when blocking alerts are present "
+            "(including with --strict-blocking), on uncaught errors, or on Socket API failures. "
+            "Findings and errors are still logged. Overrides --strict-blocking."
+        ),
     )
     advanced_group.add_argument(
         "--disable_blocking",
