Feature Request: Improve Error Handling Between jf ca (Curation Audit) and jf mvn

[krishnamanchikalapudi]

When using the JFrog CLI with Curation enabled:

• jf ca correctly reports blocked packages.
• However, if the user then runs jf mvn clean install, the build fails with 403 Forbidden.

This is misleading, because:

• The user actually has permission to download.
• The restriction comes from Curation Policy, not RBAC.
• Pipelines and developers cannot differentiate between permission denied and curation restriction.

Expected Behavior
The CLI should provide clearer error handling when curation blocks packages, either by:

• Returning a distinct error code/message (e.g., 423 Locked – Download restricted by Curation Policy) instead of 403 Forbidden.
• Makingjf caexit with a non-zero code when blocked packages are found, so pipelines can fail fast.

Current Behavior

• jf ca lists blocked packages but still exits successfully.
• jf mvn clean install fails with 403 Forbidden.
• Developers are misled into thinking it’s a permission issue instead of curation restriction.

Steps to Reproduce

• Run jf ca against a project with packages blocked by Curation.
• Observe blocked package list, but CLI exits 0.
• Run jf mvn clean install.
• Build fails with 403 Forbidden.

Proposed Solutions

• Option A: Introduce a new error code for curation restriction (e.g., 423 Locked).
• Option B: Make jf ca fail fast (non-zero exit code) when blocked packages are detected.

Business Value / Justification

• Clarity: Avoids misleading 403 errors for permission issues.
• Developer Experience: Developers know immediately when curation is the cause.
• Pipeline Reliability: CI/CD can stop earlier and notify security teams.
• Security Alignment: Ensures curation enforcement is explicit and observable.

Reference: https://github.com/ps-jfrog/spring-petclinic/actions/runs/18171249519/job/51726256557