fix(install): shorten transitive HTTP remediation error (review item 12)

arika0093 · Copilot · arika0093 · commit 783450fc56ed · 2026-04-21T07:51:15.000Z
Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/apm_cli/install/insecure_policy.py b/src/apm_cli/install/insecure_policy.py
@@ -173,11 +173,8 @@ def _guard_transitive_insecure_dependencies(
         f"--allow-insecure-host {host}" for host in blocked_hosts
     )
     message = (
-        "Transitive HTTP (insecure) dependencies were found on unapproved host(s): "
-        f"{', '.join(blocked_hosts)}. "
-        "--allow-insecure only covers direct HTTP dependencies and transitive "
-        "HTTP dependencies on the same host. "
-        f"Re-run with {suggested_flags} to allow these transitive hosts."
+        f"Re-run with {suggested_flags} to allow transitive HTTP dependencies "
+        f"from unapproved host(s): {', '.join(blocked_hosts)}."
     )
     logger.error(message)
     raise InsecureDependencyPolicyError(message)
diff --git a/tests/unit/test_install_command.py b/tests/unit/test_install_command.py
@@ -1421,7 +1421,11 @@ def test_transitive_guard_blocks_unapproved_host(self):
                 allow_insecure_hosts=(),
             )
 
-        assert "mirror.example.com" in str(exc_info.value)
+        message = str(exc_info.value)
+        assert message.startswith(
+            "Re-run with --allow-insecure-host mirror.example.com"
+        )
+        assert "unapproved host(s): mirror.example.com" in message
 
     def test_transitive_guard_allows_same_host_as_direct_insecure_dependency(self):
         """A direct insecure dependency host also permits transitive deps on that host."""
@@ -1498,4 +1502,8 @@ def test_transitive_guard_blocks_different_host_without_explicit_allowance(self)
                 allow_insecure_hosts=(),
             )
 
-        assert "mirror.example.com" in str(exc_info.value)
+        message = str(exc_info.value)
+        assert message.startswith(
+            "Re-run with --allow-insecure-host mirror.example.com"
+        )
+        assert "unapproved host(s): mirror.example.com" in message

Original file line number	Diff line number	Diff line change
`@@ -173,11 +173,8 @@ def _guard_transitive_insecure_dependencies(`
`173`	`173`	`f"--allow-insecure-host {host}" for host in blocked_hosts`
`174`	`174`	`)`
`175`	`175`	`message = (`
`176`		`- "Transitive HTTP (insecure) dependencies were found on unapproved host(s): "`
`177`		`- f"{', '.join(blocked_hosts)}. "`
`178`		`- "--allow-insecure only covers direct HTTP dependencies and transitive "`
`179`		`- "HTTP dependencies on the same host. "`
`180`		`- f"Re-run with {suggested_flags} to allow these transitive hosts."`
	`176`	`+ f"Re-run with {suggested_flags} to allow transitive HTTP dependencies "`
	`177`	`+ f"from unapproved host(s): {', '.join(blocked_hosts)}."`
`181`	`178`	`)`
`182`	`179`	`logger.error(message)`
`183`	`180`	`raise InsecureDependencyPolicyError(message)`