From 4a332e1df2fb205747d9681784b73946a0846e1e Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Fri, 24 Apr 2026 10:48:41 +0200
Subject: [PATCH] fix(fix): fail when .socket.facts.json is present in manifest
 files

Previously socket fix silently filtered out any .socket.facts.json
artifact before uploading manifests. Now the command fails fast and
asks the user to delete the file before re-running.

Bumps version to 1.1.86.
---
 CHANGELOG.md                   |  5 +++++
 package.json                   |  2 +-
 src/commands/fix/coana-fix.mts | 22 +++++++++++++++++-----
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8dae106f5..fae196516 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.86](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.86) - 2026-04-24
+
+### Changed
+- `socket fix` now fails with a clear error when a `.socket.facts.json` analysis artifact is present alongside manifest files, prompting you to delete it before re-running
+
 ## [1.1.85](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.85) - 2026-04-20
 
 ### Changed
diff --git a/package.json b/package.json
index 78ed805a7..babaa2517 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.85",
+  "version": "1.1.86",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
index 144799305..d68d65e43 100644
--- a/src/commands/fix/coana-fix.mts
+++ b/src/commands/fix/coana-fix.mts
@@ -169,13 +169,25 @@ export async function coanaFix(
     config: socketConfig,
     cwd,
   })
-  // Exclude any .socket.facts.json files that happen to be in the scan
-  // folder before the analysis was run.
-  const filepathsToUpload = scanFilepaths.filter(
-    p => path.basename(p).toLowerCase() !== DOT_SOCKET_DOT_FACTS_JSON,
+  // Fail if any .socket.facts.json files are present in the scan folder.
+  // These are analysis artifacts and must be removed before re-running fix.
+  const factsFiles = scanFilepaths.filter(
+    p => path.basename(p).toLowerCase() === DOT_SOCKET_DOT_FACTS_JSON,
   )
+  if (factsFiles.length) {
+    if (!silence) {
+      spinner?.stop()
+    }
+    return {
+      ok: false,
+      message: `Found ${DOT_SOCKET_DOT_FACTS_JSON} in manifest files`,
+      cause:
+        `Delete the following ${pluralize('file', factsFiles.length)} before running socket fix again:\n` +
+        factsFiles.map(p => `  - ${p}`).join('\n'),
+    }
+  }
   const uploadCResult = await handleApiCall(
-    sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, cwd),
+    sockSdk.uploadManifestFiles(orgSlug, scanFilepaths, cwd),
     {
       description: 'upload manifests',
       spinner,