@hyperfrontend/versioning 0.1.0

package/workspace/operations/index.esm.js

@@ -0,0 +1,2663 @@
+import 'node:util';
+import { dirname } from 'node:path';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import 'node:os';
+
+/**
+ * Safe copies of Error built-ins via factory functions.
+ *
+ * Since constructors cannot be safely captured via Object.assign, this module
+ * provides factory functions that use Reflect.construct internally.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/error
+ */
+// Capture references at module initialization time
+const _Error = globalThis.Error;
+const _Reflect$2 = globalThis.Reflect;
+/**
+ * (Safe copy) Creates a new Error using the captured Error constructor.
+ * Use this instead of `new Error()`.
+ *
+ * @param message - Optional error message.
+ * @param options - Optional error options.
+ * @returns A new Error instance.
+ */
+const createError = (message, options) => _Reflect$2.construct(_Error, [message, options]);
+
+/**
+ * Safe copies of Map built-in via factory function.
+ *
+ * Since constructors cannot be safely captured via Object.assign, this module
+ * provides a factory function that uses Reflect.construct internally.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/map
+ */
+// Capture references at module initialization time
+const _Map = globalThis.Map;
+const _Reflect$1 = globalThis.Reflect;
+/**
+ * (Safe copy) Creates a new Map using the captured Map constructor.
+ * Use this instead of `new Map()`.
+ *
+ * @param iterable - Optional iterable of key-value pairs.
+ * @returns A new Map instance.
+ */
+const createMap = (iterable) => _Reflect$1.construct(_Map, iterable ? [iterable] : []);
+
+/**
+ * Safe copies of Set built-in via factory function.
+ *
+ * Since constructors cannot be safely captured via Object.assign, this module
+ * provides a factory function that uses Reflect.construct internally.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/set
+ */
+// Capture references at module initialization time
+const _Set = globalThis.Set;
+const _Reflect = globalThis.Reflect;
+/**
+ * (Safe copy) Creates a new Set using the captured Set constructor.
+ * Use this instead of `new Set()`.
+ *
+ * @param iterable - Optional iterable of values.
+ * @returns A new Set instance.
+ */
+const createSet = (iterable) => _Reflect.construct(_Set, iterable ? [iterable] : []);
+
+/**
+ * Converts a SemVer to its canonical string representation.
+ *
+ * @param version - The version to format
+ * @returns The version string (e.g., "1.2.3-alpha.1+build.123")
+ */
+function format(version) {
+    let result = `${version.major}.${version.minor}.${version.patch}`;
+    if (version.prerelease.length > 0) {
+        result += '-' + version.prerelease.join('.');
+    }
+    if (version.build.length > 0) {
+        result += '+' + version.build.join('.');
+    }
+    return result;
+}
+
+/**
+ * Safe copies of Number built-in methods and constants.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/number
+ */
+// Capture references at module initialization time
+const _parseInt = globalThis.parseInt;
+const _isNaN = globalThis.isNaN;
+// ============================================================================
+// Parsing
+// ============================================================================
+/**
+ * (Safe copy) Parses a string and returns an integer.
+ */
+const parseInt = _parseInt;
+// ============================================================================
+// Global Type Checking (legacy, less strict)
+// ============================================================================
+/**
+ * (Safe copy) Global isNaN function (coerces to number first, less strict than Number.isNaN).
+ */
+const globalIsNaN = _isNaN;
+
+/**
+ * Creates a new SemVer object.
+ *
+ * @param options - Version components
+ * @returns A new SemVer object
+ */
+function createSemVer(options) {
+    return {
+        major: options.major,
+        minor: options.minor,
+        patch: options.patch,
+        prerelease: options.prerelease ?? [],
+        build: options.build ?? [],
+        raw: options.raw,
+    };
+}
+
+/**
+ * Increments a version based on the bump type.
+ *
+ * @param version - The version to increment
+ * @param type - The type of bump (major, minor, patch, etc.)
+ * @param prereleaseId - Optional prerelease identifier for prerelease bumps
+ * @returns A new incremented SemVer
+ *
+ * @example
+ * increment(parseVersion('1.2.3'), 'minor') // 1.3.0
+ * increment(parseVersion('1.2.3'), 'major') // 2.0.0
+ * increment(parseVersion('1.2.3'), 'prerelease', 'alpha') // 1.2.4-alpha.0
+ */
+function increment(version, type, prereleaseId) {
+    switch (type) {
+        case 'major':
+            return createSemVer({
+                major: version.major + 1,
+                minor: 0,
+                patch: 0,
+                prerelease: [],
+                build: [],
+            });
+        case 'minor':
+            return createSemVer({
+                major: version.major,
+                minor: version.minor + 1,
+                patch: 0,
+                prerelease: [],
+                build: [],
+            });
+        case 'patch':
+            // If version has prerelease, just remove it (1.2.3-alpha -> 1.2.3)
+            if (version.prerelease.length > 0) {
+                return createSemVer({
+                    major: version.major,
+                    minor: version.minor,
+                    patch: version.patch,
+                    prerelease: [],
+                    build: [],
+                });
+            }
+            return createSemVer({
+                major: version.major,
+                minor: version.minor,
+                patch: version.patch + 1,
+                prerelease: [],
+                build: [],
+            });
+        case 'premajor':
+            return createSemVer({
+                major: version.major + 1,
+                minor: 0,
+                patch: 0,
+                prerelease: [prereleaseId ?? 'alpha', '0'],
+                build: [],
+            });
+        case 'preminor':
+            return createSemVer({
+                major: version.major,
+                minor: version.minor + 1,
+                patch: 0,
+                prerelease: [prereleaseId ?? 'alpha', '0'],
+                build: [],
+            });
+        case 'prepatch':
+            return createSemVer({
+                major: version.major,
+                minor: version.minor,
+                patch: version.patch + 1,
+                prerelease: [prereleaseId ?? 'alpha', '0'],
+                build: [],
+            });
+        case 'prerelease':
+            return incrementPrerelease(version, prereleaseId);
+        case 'none':
+        default:
+            return version;
+    }
+}
+/**
+ * Increments the prerelease portion of a version.
+ *
+ * @param version - The version to increment
+ * @param id - Optional prerelease identifier
+ * @returns A new version with incremented prerelease
+ */
+function incrementPrerelease(version, id) {
+    const prerelease = [...version.prerelease];
+    if (prerelease.length === 0) {
+        // No existing prerelease - start at patch+1 with id.0
+        return createSemVer({
+            major: version.major,
+            minor: version.minor,
+            patch: version.patch + 1,
+            prerelease: [id ?? 'alpha', '0'],
+            build: [],
+        });
+    }
+    // Check if the last identifier is numeric
+    const lastIdx = prerelease.length - 1;
+    const last = prerelease[lastIdx];
+    const lastNum = parseInt(last, 10);
+    if (!globalIsNaN(lastNum)) {
+        // Increment the numeric part
+        prerelease[lastIdx] = String(lastNum + 1);
+    }
+    else {
+        // Append .0
+        prerelease.push('0');
+    }
+    // If a different id is specified, replace the base identifier
+    if (id && prerelease.length > 0 && prerelease[0] !== id) {
+        prerelease[0] = id;
+        // Reset numeric part
+        if (prerelease.length > 1) {
+            prerelease[prerelease.length - 1] = '0';
+        }
+    }
+    return createSemVer({
+        major: version.major,
+        minor: version.minor,
+        patch: version.patch,
+        prerelease,
+        build: [],
+    });
+}
+
+/**
+ * Maximum version string length to prevent memory exhaustion.
+ */
+const MAX_VERSION_LENGTH = 256;
+/**
+ * Parses a semantic version string.
+ *
+ * Accepts versions in the format: MAJOR.MINOR.PATCH[-prerelease][+build]
+ * Optional leading 'v' or '=' prefixes are stripped.
+ *
+ * @param input - The version string to parse
+ * @returns A ParseVersionResult with the parsed version or error
+ *
+ * @example
+ * parseVersion('1.2.3') // { success: true, version: { major: 1, minor: 2, patch: 3, ... } }
+ * parseVersion('v1.0.0-alpha.1+build.123') // { success: true, ... }
+ * parseVersion('invalid') // { success: false, error: '...' }
+ */
+function parseVersion(input) {
+    // Input validation
+    if (!input || typeof input !== 'string') {
+        return { success: false, error: 'Version string is required' };
+    }
+    if (input.length > MAX_VERSION_LENGTH) {
+        return { success: false, error: `Version string exceeds maximum length of ${MAX_VERSION_LENGTH}` };
+    }
+    // Strip leading whitespace
+    let pos = 0;
+    while (pos < input.length && isWhitespace(input.charCodeAt(pos))) {
+        pos++;
+    }
+    // Strip trailing whitespace
+    let end = input.length;
+    while (end > pos && isWhitespace(input.charCodeAt(end - 1))) {
+        end--;
+    }
+    // Strip optional leading 'v' or '='
+    if (pos < end) {
+        const code = input.charCodeAt(pos);
+        if (code === 118 || code === 86) {
+            // 'v' or 'V'
+            pos++;
+        }
+        else if (code === 61) {
+            // '='
+            pos++;
+        }
+    }
+    // Parse major version
+    const majorResult = parseNumericIdentifier(input, pos, end);
+    if (!majorResult.success) {
+        return { success: false, error: majorResult.error ?? 'Invalid major version' };
+    }
+    pos = majorResult.endPos;
+    // Expect dot
+    if (pos >= end || input.charCodeAt(pos) !== 46) {
+        // '.'
+        return { success: false, error: 'Expected "." after major version' };
+    }
+    pos++;
+    // Parse minor version
+    const minorResult = parseNumericIdentifier(input, pos, end);
+    if (!minorResult.success) {
+        return { success: false, error: minorResult.error ?? 'Invalid minor version' };
+    }
+    pos = minorResult.endPos;
+    // Expect dot
+    if (pos >= end || input.charCodeAt(pos) !== 46) {
+        // '.'
+        return { success: false, error: 'Expected "." after minor version' };
+    }
+    pos++;
+    // Parse patch version
+    const patchResult = parseNumericIdentifier(input, pos, end);
+    if (!patchResult.success) {
+        return { success: false, error: patchResult.error ?? 'Invalid patch version' };
+    }
+    pos = patchResult.endPos;
+    // Parse optional prerelease
+    const prerelease = [];
+    if (pos < end && input.charCodeAt(pos) === 45) {
+        // '-'
+        pos++;
+        const prereleaseResult = parseIdentifiers(input, pos, end, [43]); // Stop at '+'
+        if (!prereleaseResult.success) {
+            return { success: false, error: prereleaseResult.error ?? 'Invalid prerelease' };
+        }
+        prerelease.push(...prereleaseResult.identifiers);
+        pos = prereleaseResult.endPos;
+    }
+    // Parse optional build metadata
+    const build = [];
+    if (pos < end && input.charCodeAt(pos) === 43) {
+        // '+'
+        pos++;
+        const buildResult = parseIdentifiers(input, pos, end, []);
+        if (!buildResult.success) {
+            return { success: false, error: buildResult.error ?? 'Invalid build metadata' };
+        }
+        build.push(...buildResult.identifiers);
+        pos = buildResult.endPos;
+    }
+    // Check for trailing characters
+    if (pos < end) {
+        return { success: false, error: `Unexpected character at position ${pos}: "${input[pos]}"` };
+    }
+    return {
+        success: true,
+        version: createSemVer({
+            major: majorResult.value,
+            minor: minorResult.value,
+            patch: patchResult.value,
+            prerelease,
+            build,
+            raw: input,
+        }),
+    };
+}
+/**
+ * Parses a numeric identifier (non-negative integer, no leading zeros except for "0").
+ *
+ * @param input - Input string to parse
+ * @param start - Start position in the input
+ * @param end - End position in the input
+ * @returns Numeric parsing result
+ */
+function parseNumericIdentifier(input, start, end) {
+    if (start >= end) {
+        return { success: false, value: 0, endPos: start, error: 'Expected numeric identifier' };
+    }
+    let pos = start;
+    const firstCode = input.charCodeAt(pos);
+    // Must start with a digit
+    if (!isDigit(firstCode)) {
+        return { success: false, value: 0, endPos: pos, error: 'Expected digit' };
+    }
+    // Check for leading zero (only "0" is valid, not "01", "007", etc.)
+    if (firstCode === 48 && pos + 1 < end && isDigit(input.charCodeAt(pos + 1))) {
+        return { success: false, value: 0, endPos: pos, error: 'Numeric identifier cannot have leading zeros' };
+    }
+    // Consume digits
+    let value = 0;
+    while (pos < end && isDigit(input.charCodeAt(pos))) {
+        value = value * 10 + (input.charCodeAt(pos) - 48);
+        pos++;
+        // Prevent overflow
+        if (value > Number.MAX_SAFE_INTEGER) {
+            return { success: false, value: 0, endPos: pos, error: 'Numeric identifier is too large' };
+        }
+    }
+    return { success: true, value, endPos: pos };
+}
+/**
+ * Parses dot-separated identifiers (for prerelease/build).
+ *
+ * @param input - Input string to parse
+ * @param start - Start position in the input
+ * @param end - End position in the input
+ * @param stopCodes - Character codes that signal end of identifiers
+ * @returns Identifiers parsing result
+ */
+function parseIdentifiers(input, start, end, stopCodes) {
+    const identifiers = [];
+    let pos = start;
+    while (pos < end) {
+        // Check for stop characters
+        if (stopCodes.includes(input.charCodeAt(pos))) {
+            break;
+        }
+        // Parse one identifier
+        const identStart = pos;
+        while (pos < end) {
+            const code = input.charCodeAt(pos);
+            // Stop at dot or stop characters
+            if (code === 46 || stopCodes.includes(code)) {
+                break;
+            }
+            // Must be alphanumeric or hyphen
+            if (!isAlphanumeric(code) && code !== 45) {
+                return { success: false, identifiers: [], endPos: pos, error: `Invalid character in identifier: "${input[pos]}"` };
+            }
+            pos++;
+        }
+        // Empty identifier is not allowed
+        if (pos === identStart) {
+            return { success: false, identifiers: [], endPos: pos, error: 'Empty identifier' };
+        }
+        identifiers.push(input.slice(identStart, pos));
+        // Consume dot separator
+        if (pos < end && input.charCodeAt(pos) === 46) {
+            pos++;
+            // Dot at end is invalid
+            if (pos >= end || stopCodes.includes(input.charCodeAt(pos))) {
+                return { success: false, identifiers: [], endPos: pos, error: 'Identifier expected after dot' };
+            }
+        }
+    }
+    return { success: true, identifiers, endPos: pos };
+}
+/**
+ * Checks if a character code is a digit (0-9).
+ *
+ * @param code - Character code to check
+ * @returns True if the code represents a digit
+ */
+function isDigit(code) {
+    return code >= 48 && code <= 57;
+}
+/**
+ * Checks if a character code is alphanumeric or hyphen.
+ *
+ * @param code - Character code to check
+ * @returns True if the code represents an alphanumeric character
+ */
+function isAlphanumeric(code) {
+    return ((code >= 48 && code <= 57) || // 0-9
+        (code >= 65 && code <= 90) || // A-Z
+        (code >= 97 && code <= 122) // a-z
+    );
+}
+/**
+ * Checks if a character code is whitespace.
+ *
+ * @param code - Character code to check
+ * @returns True if the code represents whitespace
+ */
+function isWhitespace(code) {
+    return code === 32 || code === 9 || code === 10 || code === 13;
+}
+
+/**
+ * Safe copies of Object built-in methods.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/object
+ */
+// Capture references at module initialization time
+const _Object = globalThis.Object;
+/**
+ * (Safe copy) Prevents modification of existing property attributes and values,
+ * and prevents the addition of new properties.
+ */
+const freeze = _Object.freeze;
+/**
+ * (Safe copy) Returns the names of the enumerable string properties and methods of an object.
+ */
+const keys = _Object.keys;
+/**
+ * (Safe copy) Returns an array of key/values of the enumerable own properties of an object.
+ */
+const entries = _Object.entries;
+/**
+ * (Safe copy) Adds one or more properties to an object, and/or modifies attributes of existing properties.
+ */
+const defineProperties = _Object.defineProperties;
+
+/**
+ * Dependency Graph
+ *
+ * Builds and analyzes dependency relationships between workspace projects.
+ * Provides functions for traversing the dependency graph and determining
+ * build/release order.
+ */
+/**
+ * Gets all transitive dependents of a package (direct and indirect).
+ *
+ * @param workspace - The workspace containing projects
+ * @param packageName - Name of the package to analyze
+ * @returns Set of all packages that depend on this package
+ *
+ * @example
+ * ```typescript
+ * // If lib-a depends on lib-utils and app-main depends on lib-a
+ * // Then getTransitiveDependents('lib-utils') returns ['lib-a', 'app-main']
+ * ```
+ */
+function getTransitiveDependents(workspace, packageName) {
+    const dependents = createSet();
+    const queue = [packageName];
+    while (queue.length > 0) {
+        const current = queue.shift();
+        if (current === undefined) {
+            break;
+        }
+        const directDependents = workspace.dependencyGraph.get(current) ?? [];
+        for (const dep of directDependents) {
+            if (!dependents.has(dep)) {
+                dependents.add(dep);
+                queue.push(dep);
+            }
+        }
+    }
+    return dependents;
+}
+
+/**
+ * Cascade Bump
+ *
+ * Calculates which packages need version bumps when dependencies change.
+ * Implements cascade versioning for monorepos where dependents may need
+ * to be bumped when their dependencies are updated.
+ */
+/**
+ * Default cascade bump options.
+ */
+const DEFAULT_CASCADE_OPTIONS = {
+    cascadeBumpType: 'patch',
+    includeDevDependencies: false,
+    includePeerDependencies: true,
+    prereleaseId: 'alpha',
+};
+/**
+ * Calculates cascade bumps for a workspace given direct bumps.
+ *
+ * When packages are directly bumped (e.g., due to commits), their dependents
+ * may also need version bumps. This function calculates all affected packages.
+ *
+ * @param workspace - Workspace containing projects and dependency graph
+ * @param directBumps - Packages with direct changes
+ * @param options - Configuration for cascade bump calculation
+ * @returns Cascade bump result
+ *
+ * @example
+ * ```typescript
+ * import { calculateCascadeBumps } from '@hyperfrontend/versioning'
+ *
+ * // If lib-utils is getting a minor bump
+ * const result = calculateCascadeBumps(workspace, [
+ *   { name: 'lib-utils', bumpType: 'minor' }
+ * ])
+ *
+ * // result.bumps includes lib-utils and all packages that depend on it
+ * for (const bump of result.bumps) {
+ *   console.log(`${bump.name}: ${bump.currentVersion} -> ${bump.nextVersion}`)
+ * }
+ * ```
+ */
+function calculateCascadeBumps(workspace, directBumps, options = {}) {
+    const opts = { ...DEFAULT_CASCADE_OPTIONS, ...options };
+    const directBumpMap = createMap(directBumps.map((b) => [b.name, b]));
+    const allBumps = createMap();
+    // Process direct bumps first
+    for (const input of directBumps) {
+        const project = workspace.projects.get(input.name);
+        if (!project) {
+            continue;
+        }
+        const planned = createPlannedBump(project, input.bumpType, 'direct', [], opts.prereleaseId);
+        allBumps.set(input.name, planned);
+    }
+    // Calculate cascade bumps
+    const processed = createSet();
+    const queue = [...directBumps.map((b) => b.name)];
+    while (queue.length > 0) {
+        const current = queue.shift();
+        if (current === undefined || processed.has(current)) {
+            continue;
+        }
+        processed.add(current);
+        // Get dependents
+        const dependents = getTransitiveDependents(workspace, current);
+        for (const depName of dependents) {
+            // Skip if already has a direct bump
+            if (directBumpMap.has(depName)) {
+                continue;
+            }
+            // Skip if already planned
+            if (allBumps.has(depName)) {
+                // Update triggered by list
+                const existing = allBumps.get(depName);
+                if (existing && !existing.triggeredBy.includes(current)) {
+                    allBumps.set(depName, {
+                        ...existing,
+                        triggeredBy: [...existing.triggeredBy, current],
+                    });
+                }
+                continue;
+            }
+            const project = workspace.projects.get(depName);
+            if (!project) {
+                continue;
+            }
+            // Check if we should include this dependent based on dependency type
+            if (!shouldCascade(workspace, depName, current, opts)) {
+                continue;
+            }
+            const planned = createPlannedBump(project, opts.cascadeBumpType, 'cascade', [current], opts.prereleaseId);
+            allBumps.set(depName, planned);
+            // Continue cascading from this dependent
+            queue.push(depName);
+        }
+    }
+    // Convert to arrays and categorize
+    const bumps = [...allBumps.values()];
+    const directBumpsArray = bumps.filter((b) => b.reason === 'direct');
+    const cascadeBumpsArray = bumps.filter((b) => b.reason === 'cascade');
+    // Sort bumps by name for consistent output
+    bumps.sort((a, b) => a.name.localeCompare(b.name));
+    return {
+        bumps,
+        directBumps: directBumpsArray,
+        cascadeBumps: cascadeBumpsArray,
+        totalAffected: bumps.length,
+    };
+}
+/**
+ * Determines if a cascade should propagate based on dependency type.
+ *
+ * @param workspace - Workspace containing the project
+ * @param dependent - Name of the dependent package
+ * @param dependency - Name of the dependency being bumped
+ * @param opts - Cascade bump options
+ * @returns True if the bump should cascade to this dependent
+ */
+function shouldCascade(workspace, dependent, dependency, opts) {
+    const project = workspace.projects.get(dependent);
+    if (!project) {
+        return false;
+    }
+    const pkg = project.packageJson;
+    // Check production dependencies (always cascades)
+    if (pkg.dependencies?.[dependency]) {
+        return true;
+    }
+    // Check dev dependencies
+    if (opts.includeDevDependencies && pkg.devDependencies?.[dependency]) {
+        return true;
+    }
+    // Check peer dependencies
+    if (opts.includePeerDependencies && pkg.peerDependencies?.[dependency]) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Creates a planned bump for a project.
+ *
+ * @param project - Project to create bump plan for
+ * @param bumpType - Type of version bump to apply
+ * @param reason - Reason for the bump (direct, cascade, or sync)
+ * @param triggeredBy - List of packages that triggered this bump
+ * @param prereleaseId - Optional prerelease identifier
+ * @returns Planned bump object with version information
+ */
+function createPlannedBump(project, bumpType, reason, triggeredBy, prereleaseId) {
+    const parseResult = parseVersion(project.version);
+    if (!parseResult.success || !parseResult.version) {
+        throw createError(`Invalid version for ${project.name}: ${project.version}`);
+    }
+    const next = computeNextVersion(parseResult.version, bumpType, prereleaseId);
+    return {
+        name: project.name,
+        currentVersion: project.version,
+        nextVersion: format(next),
+        bumpType,
+        reason,
+        triggeredBy,
+    };
+}
+/**
+ * Computes the next version based on bump type.
+ *
+ * @param current - Current semantic version
+ * @param bumpType - Type of version bump to apply
+ * @param prereleaseId - Optional prerelease identifier
+ * @returns New semantic version after bump
+ */
+function computeNextVersion(current, bumpType, prereleaseId) {
+    if (bumpType === 'none') {
+        return current;
+    }
+    return increment(current, bumpType, prereleaseId);
+}
+/**
+ * Calculates cascade bumps starting from a single package.
+ *
+ * @param workspace - Workspace containing projects and dependency graph
+ * @param packageName - Package with direct changes
+ * @param bumpType - Type of bump for the direct change
+ * @param options - Configuration for cascade behavior
+ * @returns Cascade bump result
+ */
+function calculateCascadeBumpsFromPackage(workspace, packageName, bumpType, options = {}) {
+    return calculateCascadeBumps(workspace, [{ name: packageName, bumpType }], options);
+}
+/**
+ * Gets a summary of the cascade bump calculation.
+ *
+ * @param result - Result object from cascade bump calculation
+ * @returns Human-readable summary
+ */
+function summarizeCascadeBumps(result) {
+    if (result.totalAffected === 0) {
+        return 'No packages affected';
+    }
+    const lines = [];
+    lines.push(`${result.totalAffected} package(s) affected:`);
+    lines.push(`  - ${result.directBumps.length} direct bump(s)`);
+    lines.push(`  - ${result.cascadeBumps.length} cascade bump(s)`);
+    lines.push('');
+    lines.push('Planned bumps:');
+    for (const bump of result.bumps) {
+        const suffix = bump.reason === 'cascade' ? ` (triggered by ${bump.triggeredBy.join(', ')})` : '';
+        lines.push(`  ${bump.name}: ${bump.currentVersion} -> ${bump.nextVersion} [${bump.bumpType}]${suffix}`);
+    }
+    return lines.join('\n');
+}
+
+/**
+ * Safe copies of JSON built-in methods.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/json
+ */
+// Capture references at module initialization time
+const _JSON = globalThis.JSON;
+/**
+ * (Safe copy) Converts a JavaScript Object Notation (JSON) string into an object.
+ */
+const parse = _JSON.parse;
+/**
+ * (Safe copy) Converts a JavaScript value to a JavaScript Object Notation (JSON) string.
+ */
+const stringify = _JSON.stringify;
+
+/**
+ * Safe copies of Console built-in methods.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/console
+ */
+// Capture references at module initialization time
+const _console = globalThis.console;
+/**
+ * (Safe copy) Outputs a message to the console.
+ */
+const log = _console.log.bind(_console);
+/**
+ * (Safe copy) Outputs a warning message to the console.
+ */
+const warn = _console.warn.bind(_console);
+/**
+ * (Safe copy) Outputs an error message to the console.
+ */
+const error = _console.error.bind(_console);
+/**
+ * (Safe copy) Outputs an informational message to the console.
+ */
+const info = _console.info.bind(_console);
+/**
+ * (Safe copy) Outputs a debug message to the console.
+ */
+const debug = _console.debug.bind(_console);
+/**
+ * (Safe copy) Outputs a stack trace to the console.
+ */
+_console.trace.bind(_console);
+/**
+ * (Safe copy) Displays an interactive listing of the properties of a specified object.
+ */
+_console.dir.bind(_console);
+/**
+ * (Safe copy) Displays tabular data as a table.
+ */
+_console.table.bind(_console);
+/**
+ * (Safe copy) Writes an error message to the console if the assertion is false.
+ */
+_console.assert.bind(_console);
+/**
+ * (Safe copy) Clears the console.
+ */
+_console.clear.bind(_console);
+/**
+ * (Safe copy) Logs the number of times that this particular call to count() has been called.
+ */
+_console.count.bind(_console);
+/**
+ * (Safe copy) Resets the counter used with console.count().
+ */
+_console.countReset.bind(_console);
+/**
+ * (Safe copy) Creates a new inline group in the console.
+ */
+_console.group.bind(_console);
+/**
+ * (Safe copy) Creates a new inline group in the console that is initially collapsed.
+ */
+_console.groupCollapsed.bind(_console);
+/**
+ * (Safe copy) Exits the current inline group.
+ */
+_console.groupEnd.bind(_console);
+/**
+ * (Safe copy) Starts a timer with a name specified as an input parameter.
+ */
+_console.time.bind(_console);
+/**
+ * (Safe copy) Stops a timer that was previously started.
+ */
+_console.timeEnd.bind(_console);
+/**
+ * (Safe copy) Logs the current value of a timer that was previously started.
+ */
+_console.timeLog.bind(_console);
+
+/**
+ * Safe copies of Array built-in static methods.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/array
+ */
+// Capture references at module initialization time
+const _Array = globalThis.Array;
+/**
+ * (Safe copy) Determines whether the passed value is an Array.
+ */
+const isArray = _Array.isArray;
+
+const registeredClasses = [];
+
+/**
+ * Returns the data type of the target.
+ * Uses native `typeof` operator, however, makes distinction between `null`, `array`, and `object`.
+ * Also, when classes are registered via `registerClass`, it checks if objects are instance of any known registered class.
+ *
+ * @param target - The target to get the data type of.
+ * @returns The data type of the target.
+ */
+const getType = (target) => {
+    if (target === null)
+        return 'null';
+    const nativeDataType = typeof target;
+    if (nativeDataType === 'object') {
+        if (isArray(target))
+            return 'array';
+        for (const registeredClass of registeredClasses) {
+            if (target instanceof registeredClass)
+                return registeredClass.name;
+        }
+    }
+    return nativeDataType;
+};
+
+/**
+ * Safe copies of Math built-in methods.
+ *
+ * These references are captured at module initialization time to protect against
+ * prototype pollution attacks. Import only what you need for tree-shaking.
+ *
+ * @module @hyperfrontend/immutable-api-utils/built-in-copy/math
+ */
+// Capture references at module initialization time
+const _Math = globalThis.Math;
+// ============================================================================
+// Min/Max
+// ============================================================================
+/**
+ * (Safe copy) Returns the larger of zero or more numbers.
+ */
+const max = _Math.max;
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/**
+ * Creates a wrapper function that only executes the wrapped function if the condition function returns true.
+ *
+ * @param func - The function to be conditionally executed.
+ * @param conditionFunc - A function that returns a boolean, determining if `func` should be executed.
+ * @returns A wrapped version of `func` that executes conditionally.
+ */
+function createConditionalExecutionFunction(func, conditionFunc) {
+    return function (...args) {
+        if (conditionFunc()) {
+            return func(...args);
+        }
+    };
+}
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/**
+ * Creates a wrapper function that silently ignores any errors thrown by the wrapped void function.
+ * This function is specifically for wrapping functions that do not return a value (void functions).
+ * Exceptions are swallowed without any logging or handling.
+ *
+ * @param func - The void function to be wrapped.
+ * @returns A wrapped version of the input function that ignores errors.
+ */
+function createErrorIgnoringFunction(func) {
+    return function (...args) {
+        try {
+            func(...args);
+        }
+        catch {
+            // Deliberately swallowing/ignoring the exception
+        }
+    };
+}
+
+/* eslint-disable @typescript-eslint/no-unused-vars */
+/**
+ * A no-operation function (noop) that does nothing regardless of the arguments passed.
+ * It is designed to be as permissive as possible in its typing without using the `Function` keyword.
+ *
+ * @param args - Any arguments passed to the function (ignored)
+ */
+const noop = (...args) => {
+    // Intentionally does nothing
+};
+
+const logLevels = ['none', 'error', 'warn', 'log', 'info', 'debug'];
+const priority = {
+    error: 4,
+    warn: 3,
+    log: 2,
+    info: 1,
+    debug: 0,
+};
+/**
+ * Validates whether a given string is a valid log level.
+ *
+ * @param level - The log level to validate
+ * @returns True if the level is valid, false otherwise
+ */
+function isValidLogLevel(level) {
+    return logLevels.includes(level);
+}
+/**
+ * Creates a log level configuration manager for controlling logging behavior.
+ * Provides methods to get, set, and evaluate log levels based on priority.
+ *
+ * @param level - The initial log level (defaults to 'error')
+ * @returns A configuration object with log level management methods
+ * @throws {Error} When the provided level is not a valid log level
+ */
+function createLogLevelConfig(level = 'error') {
+    if (!isValidLogLevel(level)) {
+        throw createError('Cannot create log level configuration with a valid default log level');
+    }
+    const state = { level };
+    const getLogLevel = () => state.level;
+    const setLogLevel = (level) => {
+        if (!isValidLogLevel(level)) {
+            throw createError(`Cannot set value '${level}' level. Expected levels are ${logLevels}.`);
+        }
+        state.level = level;
+    };
+    const shouldLog = (level) => {
+        if (state.level === 'none' || level === 'none' || !isValidLogLevel(level)) {
+            return false;
+        }
+        return priority[level] >= priority[state.level];
+    };
+    return freeze({
+        getLogLevel,
+        setLogLevel,
+        shouldLog,
+    });
+}
+
+/**
+ * Creates a logger instance with configurable log level filtering.
+ * Each log function is wrapped to respect the current log level setting.
+ *
+ * @param error - Function to handle error-level logs (required)
+ * @param warn - Function to handle warning-level logs (optional, defaults to noop)
+ * @param log - Function to handle standard logs (optional, defaults to noop)
+ * @param info - Function to handle info-level logs (optional, defaults to noop)
+ * @param debug - Function to handle debug-level logs (optional, defaults to noop)
+ * @returns A frozen logger object with log methods and level control
+ * @throws {ErrorLevelFn} When any provided log function is invalid
+ */
+function createLogger(error, warn = noop, log = noop, info = noop, debug = noop) {
+    if (notValidLogFn(error)) {
+        throw createError(notFnMsg('error'));
+    }
+    if (notValidLogFn(warn)) {
+        throw createError(notFnMsg('warn'));
+    }
+    if (notValidLogFn(log)) {
+        throw createError(notFnMsg('log'));
+    }
+    if (notValidLogFn(info)) {
+        throw createError(notFnMsg('info'));
+    }
+    if (notValidLogFn(debug)) {
+        throw createError(notFnMsg('debug'));
+    }
+    const { setLogLevel, getLogLevel, shouldLog } = createLogLevelConfig();
+    const wrapLogFn = (fn, level) => {
+        if (fn === noop)
+            return fn;
+        const condition = () => shouldLog(level);
+        return createConditionalExecutionFunction(createErrorIgnoringFunction(fn), condition);
+    };
+    return freeze({
+        error: wrapLogFn(error, 'error'),
+        warn: wrapLogFn(warn, 'warn'),
+        log: wrapLogFn(log, 'log'),
+        info: wrapLogFn(info, 'info'),
+        debug: wrapLogFn(debug, 'debug'),
+        setLogLevel,
+        getLogLevel,
+    });
+}
+/**
+ * Validates whether a given value is a valid log function.
+ *
+ * @param fn - The value to validate
+ * @returns True if the value is not a function (invalid), false if it is valid
+ */
+function notValidLogFn(fn) {
+    return getType(fn) !== 'function' && fn !== noop;
+}
+/**
+ * Generates an error message for invalid log function parameters.
+ *
+ * @param label - The name of the log function that failed validation
+ * @returns A formatted error message string
+ */
+function notFnMsg(label) {
+    return `Cannot create a logger when ${label} is not a function`;
+}
+
+createLogger(error, warn, log, info, debug);
+
+/**
+ * Global log level registry.
+ * Tracks all created scoped loggers to allow global log level changes.
+ */
+const loggerRegistry = createSet();
+/** Redacted placeholder for sensitive values */
+const REDACTED = '[REDACTED]';
+/**
+ * Patterns that indicate a sensitive key name.
+ * Keys containing these patterns will have their values sanitized.
+ */
+const SENSITIVE_KEY_PATTERNS = [
+    /token/i,
+    /key/i,
+    /password/i,
+    /secret/i,
+    /credential/i,
+    /auth/i,
+    /bearer/i,
+    /api[_-]?key/i,
+    /private/i,
+    /passphrase/i,
+];
+/**
+ * Checks if a key name indicates sensitive data.
+ *
+ * @param key - Key name to check
+ * @returns True if the key indicates sensitive data
+ */
+function isSensitiveKey(key) {
+    return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+/**
+ * Sanitizes an object by replacing sensitive values with REDACTED.
+ * This function recursively processes nested objects and arrays.
+ *
+ * @param obj - Object to sanitize
+ * @returns New object with sensitive values redacted
+ */
+function sanitize(obj) {
+    if (obj === null || obj === undefined) {
+        return obj;
+    }
+    if (isArray(obj)) {
+        return obj.map((item) => sanitize(item));
+    }
+    if (typeof obj === 'object') {
+        const result = {};
+        for (const [key, value] of entries(obj)) {
+            if (isSensitiveKey(key)) {
+                result[key] = REDACTED;
+            }
+            else if (typeof value === 'object' && value !== null) {
+                result[key] = sanitize(value);
+            }
+            else {
+                result[key] = value;
+            }
+        }
+        return result;
+    }
+    return obj;
+}
+/**
+ * Formats a log message with optional metadata.
+ *
+ * @param namespace - Logger namespace prefix
+ * @param message - Log message
+ * @param meta - Optional metadata object
+ * @returns Formatted log string
+ */
+function formatMessage(namespace, message, meta) {
+    const prefix = `[${namespace}]`;
+    if (meta && keys(meta).length > 0) {
+        const sanitizedMeta = sanitize(meta);
+        return `${prefix} ${message} ${stringify(sanitizedMeta)}`;
+    }
+    return `${prefix} ${message}`;
+}
+/**
+ * Creates a scoped logger with namespace prefix and optional secret sanitization.
+ * All log messages will be prefixed with [namespace] and sensitive metadata
+ * values will be automatically redacted.
+ *
+ * @param namespace - Logger namespace (e.g., 'project-scope', 'analyze')
+ * @param options - Logger configuration options
+ * @returns A configured scoped logger instance
+ *
+ * @example
+ * ```typescript
+ * const logger = createScopedLogger('project-scope')
+ * logger.setLogLevel('debug')
+ *
+ * // Basic logging
+ * logger.info('Starting analysis', { path: './project' })
+ *
+ * // Sensitive data is automatically redacted
+ * logger.debug('Config loaded', { apiKey: 'secret123' })
+ * // Output: [project-scope] Config loaded {"apiKey":"[REDACTED]"}
+ * ```
+ */
+function createScopedLogger(namespace, options = {}) {
+    const { level = 'error', sanitizeSecrets = true } = options;
+    // Create wrapper functions that add namespace prefix and sanitization
+    const createLogFn = (baseFn) => (message, meta) => {
+        const processedMeta = sanitizeSecrets && meta ? sanitize(meta) : meta;
+        baseFn(formatMessage(namespace, message, processedMeta));
+    };
+    // Create base logger with wrapped functions
+    const baseLogger = createLogger(createLogFn(error), createLogFn(warn), createLogFn(log), createLogFn(info), createLogFn(debug));
+    // Set initial log level (use global override if set)
+    baseLogger.setLogLevel(level);
+    const scopedLogger = freeze({
+        error: (message, meta) => baseLogger.error(message, meta),
+        warn: (message, meta) => baseLogger.warn(message, meta),
+        log: (message, meta) => baseLogger.log(message, meta),
+        info: (message, meta) => baseLogger.info(message, meta),
+        debug: (message, meta) => baseLogger.debug(message, meta),
+        setLogLevel: baseLogger.setLogLevel,
+        getLogLevel: baseLogger.getLogLevel,
+    });
+    // Register logger for global level management
+    loggerRegistry.add(scopedLogger);
+    return scopedLogger;
+}
+/**
+ * Default logger instance for the project-scope library.
+ * Use this for general logging within the library.
+ *
+ * @example
+ * ```typescript
+ * import { logger } from '@hyperfrontend/project-scope/core'
+ *
+ * logger.setLogLevel('debug')
+ * logger.debug('Analyzing project', { path: './src' })
+ * ```
+ */
+createScopedLogger('project-scope');
+
+const fsLogger = createScopedLogger('project-scope:fs');
+/**
+ * Create a file system error with code and context.
+ *
+ * @param message - The error message describing what went wrong
+ * @param code - The category code for this type of filesystem failure
+ * @param context - Additional context including path, operation, and cause
+ * @returns A configured Error object with code and context properties
+ */
+function createFileSystemError(message, code, context) {
+    const error = createError(message);
+    defineProperties(error, {
+        code: { value: code, enumerable: true },
+        context: { value: context, enumerable: true },
+    });
+    return error;
+}
+/**
+ * Read file contents as string.
+ *
+ * @param filePath - Path to file
+ * @param encoding - File encoding (default: utf-8)
+ * @returns File contents as string
+ * @throws {Error} If file doesn't exist or can't be read
+ *
+ * @example
+ * ```typescript
+ * import { readFileContent } from '@hyperfrontend/project-scope'
+ *
+ * const content = readFileContent('./package.json')
+ * console.log(content) // JSON string
+ * ```
+ */
+function readFileContent(filePath, encoding = 'utf-8') {
+    if (!existsSync(filePath)) {
+        fsLogger.debug('File not found', { path: filePath });
+        throw createFileSystemError(`File not found: ${filePath}`, 'FS_NOT_FOUND', { path: filePath, operation: 'read' });
+    }
+    try {
+        return readFileSync(filePath, { encoding });
+    }
+    catch (error) {
+        fsLogger.warn('Failed to read file', { path: filePath });
+        throw createFileSystemError(`Failed to read file: ${filePath}`, 'FS_READ_ERROR', { path: filePath, operation: 'read', cause: error });
+    }
+}
+
+const fsWriteLogger = createScopedLogger('project-scope:fs:write');
+/**
+ * Ensure directory exists, create recursively if not.
+ *
+ * @param dirPath - Directory path to ensure exists
+ */
+function ensureDir(dirPath) {
+    if (!existsSync(dirPath)) {
+        fsWriteLogger.debug('Creating directory recursively', { path: dirPath });
+        mkdirSync(dirPath, { recursive: true });
+    }
+}
+/**
+ * Write string content to file.
+ * Creates parent directories if needed.
+ *
+ * @param filePath - Absolute or relative path to the target file
+ * @param content - String content to write to the file
+ * @param options - Optional write configuration (encoding, mode)
+ * @throws {Error} If write fails
+ *
+ * @example
+ * ```typescript
+ * import { writeFileContent } from '@hyperfrontend/project-scope'
+ *
+ * // Write a simple text file
+ * writeFileContent('./output/data.txt', 'Hello, World!')
+ *
+ * // Write with custom encoding
+ * writeFileContent('./output/data.txt', 'Content', { encoding: 'utf-8' })
+ * ```
+ */
+function writeFileContent(filePath, content, options) {
+    try {
+        fsWriteLogger.debug('Writing file content', { path: filePath, size: content.length, encoding: options?.encoding ?? 'utf-8' });
+        ensureDir(dirname(filePath));
+        writeFileSync(filePath, content, {
+            encoding: options?.encoding ?? 'utf-8',
+            mode: options?.mode,
+        });
+        fsWriteLogger.debug('File written successfully', { path: filePath });
+    }
+    catch (error) {
+        fsWriteLogger.warn('Failed to write file', { path: filePath, error: error instanceof Error ? error.message : String(error) });
+        throw createFileSystemError(`Failed to write file: ${filePath}`, 'FS_WRITE_ERROR', { path: filePath, operation: 'write', cause: error });
+    }
+}
+
+createScopedLogger('project-scope:fs:dir');
+
+createScopedLogger('project-scope:fs:traversal');
+
+createScopedLogger('project-scope:project:package');
+
+createScopedLogger('project-scope:heuristics:deps');
+
+/**
+ * Global registry of all caches for bulk operations.
+ */
+const cacheRegistry = createSet();
+/**
+ * Create a cache with optional TTL and size limits.
+ *
+ * The cache provides a simple key-value store with:
+ * - Optional TTL (time-to-live) for automatic expiration
+ * - Optional maxSize for limiting cache size with FIFO eviction
+ * - Lazy expiration (entries are checked on access)
+ *
+ * @param options - Cache configuration options
+ * @returns Cache instance
+ *
+ * @example
+ * ```typescript
+ * // Basic cache
+ * const cache = createCache<string, number>()
+ * cache.set('answer', 42)
+ * cache.get('answer') // 42
+ *
+ * // Cache with TTL (expires after 60 seconds)
+ * const ttlCache = createCache<string, object>({ ttl: 60000 })
+ *
+ * // Cache with max size (evicts oldest when full)
+ * const lruCache = createCache<string, object>({ maxSize: 100 })
+ *
+ * // Combined options
+ * const configCache = createCache<string, object>({
+ *   ttl: 30000,
+ *   maxSize: 50
+ * })
+ * ```
+ */
+function createCache(options) {
+    const { ttl, maxSize } = options ?? {};
+    const store = createMap();
+    // Track insertion order for FIFO eviction
+    const insertionOrder = [];
+    /**
+     * Check if an entry is expired.
+     *
+     * @param entry - Cache entry to check
+     * @returns True if entry is expired
+     */
+    function isExpired(entry) {
+        if (ttl === undefined)
+            return false;
+        // eslint-disable-next-line workspace/no-unsafe-builtin-methods -- Date.now() is needed for Jest fake timers compatibility
+        return Date.now() - entry.timestamp > ttl;
+    }
+    /**
+     * Evict oldest entries to make room for new ones.
+     */
+    function evictIfNeeded() {
+        if (maxSize === undefined)
+            return;
+        while (store.size >= maxSize && insertionOrder.length > 0) {
+            const oldestKey = insertionOrder.shift();
+            if (oldestKey !== undefined) {
+                store.delete(oldestKey);
+            }
+        }
+    }
+    /**
+     * Remove key from insertion order tracking.
+     *
+     * @param key - Key to remove from order tracking
+     */
+    function removeFromOrder(key) {
+        const index = insertionOrder.indexOf(key);
+        if (index !== -1) {
+            insertionOrder.splice(index, 1);
+        }
+    }
+    const cache = {
+        get(key) {
+            const entry = store.get(key);
+            if (!entry)
+                return undefined;
+            if (isExpired(entry)) {
+                store.delete(key);
+                removeFromOrder(key);
+                return undefined;
+            }
+            return entry.value;
+        },
+        set(key, value) {
+            // If key exists, remove from order first
+            if (store.has(key)) {
+                removeFromOrder(key);
+            }
+            else {
+                // Evict if needed before adding new entry
+                evictIfNeeded();
+            }
+            // eslint-disable-next-line workspace/no-unsafe-builtin-methods -- Date.now() is needed for Jest fake timers compatibility
+            store.set(key, { value, timestamp: Date.now() });
+            insertionOrder.push(key);
+        },
+        has(key) {
+            const entry = store.get(key);
+            if (!entry)
+                return false;
+            if (isExpired(entry)) {
+                store.delete(key);
+                removeFromOrder(key);
+                return false;
+            }
+            return true;
+        },
+        delete(key) {
+            removeFromOrder(key);
+            return store.delete(key);
+        },
+        clear() {
+            store.clear();
+            insertionOrder.length = 0;
+        },
+        size() {
+            return store.size;
+        },
+        keys() {
+            return [...insertionOrder];
+        },
+    };
+    // Register cache for global operations
+    cacheRegistry.add(cache);
+    return freeze(cache);
+}
+
+createScopedLogger('project-scope:project:walk');
+
+createScopedLogger('project-scope:project:search');
+
+createScopedLogger('project-scope:heuristics:entry-points');
+/**
+ * Cache for entry point discovery results.
+ * TTL: 60 seconds (entry points are relatively stable)
+ */
+createCache({ ttl: 60000, maxSize: 50 });
+
+createScopedLogger('project-scope:tech');
+/**
+ * Cache for tech detection results.
+ * TTL: 60 seconds (tech stack can change during active development)
+ */
+createCache({ ttl: 60000, maxSize: 50 });
+
+createScopedLogger('project-scope:heuristics:project-type');
+
+createScopedLogger('project-scope:root');
+
+createScopedLogger('project-scope:nx');
+
+createScopedLogger('project-scope:nx:devkit');
+
+createScopedLogger('project-scope:nx:config');
+
+createScopedLogger('project-scope:config');
+/**
+ * Cache for config detection results.
+ * TTL: 30 seconds (configs can change frequently during setup)
+ */
+createCache({ ttl: 30000, maxSize: 50 });
+
+/** Logger for analysis operations */
+createScopedLogger('project-scope:analyze');
+
+/** Logger for CLI operations */
+createScopedLogger('project-scope:cli');
+
+createScopedLogger('project-scope:encoding');
+
+createScopedLogger('project-scope:encoding:convert');
+
+createScopedLogger('project-scope:heuristics:framework');
+/**
+ * Cache for framework identification results.
+ * TTL: 60 seconds (frameworks are stable but can change during development)
+ */
+createCache({ ttl: 60000, maxSize: 50 });
+
+createScopedLogger('project-scope:vfs:tree');
+
+createScopedLogger('project-scope:vfs:factory');
+
+createScopedLogger('project-scope:vfs');
+
+createScopedLogger('project-scope:vfs:diff');
+
+/**
+ * Batch Update
+ *
+ * Utilities for updating multiple packages at once.
+ * Supports updating versions, dependencies, and other package.json fields.
+ */
+/**
+ * Default batch update options.
+ */
+const DEFAULT_BATCH_UPDATE_OPTIONS = {
+    dryRun: false,
+    updateDependencyReferences: true,
+};
+/**
+ * Applies planned bumps to the workspace.
+ * Updates package.json version fields for all affected packages.
+ *
+ * @param workspace - Workspace containing projects to update
+ * @param bumps - Planned version bumps
+ * @param options - Update options
+ * @returns Batch update result
+ *
+ * @example
+ * ```typescript
+ * import { applyBumps, calculateCascadeBumps } from '@hyperfrontend/versioning'
+ *
+ * const cascadeResult = calculateCascadeBumps(workspace, directBumps)
+ * const updateResult = applyBumps(workspace, cascadeResult.bumps)
+ *
+ * if (updateResult.success) {
+ *   console.log(`Updated ${updateResult.updated.length} packages`)
+ * } else {
+ *   console.error('Some updates failed:', updateResult.failed)
+ * }
+ * ```
+ */
+function applyBumps(workspace, bumps, options = {}) {
+    const opts = { ...DEFAULT_BATCH_UPDATE_OPTIONS, ...options };
+    const updated = [];
+    const failed = [];
+    // Build a map for dependency reference updates
+    const versionUpdates = createMap();
+    for (const bump of bumps) {
+        versionUpdates.set(bump.name, bump.nextVersion);
+    }
+    for (const bump of bumps) {
+        const project = workspace.projects.get(bump.name);
+        if (!project) {
+            failed.push({
+                name: bump.name,
+                packageJsonPath: '',
+                error: 'Project not found in workspace',
+            });
+            continue;
+        }
+        try {
+            if (!opts.dryRun) {
+                updatePackageVersion(project.packageJsonPath, bump.nextVersion);
+            }
+            updated.push({
+                name: bump.name,
+                packageJsonPath: project.packageJsonPath,
+                previousVersion: bump.currentVersion,
+                newVersion: bump.nextVersion,
+            });
+        }
+        catch (error) {
+            failed.push({
+                name: bump.name,
+                packageJsonPath: project.packageJsonPath,
+                error: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    // Update dependency references if requested
+    if (opts.updateDependencyReferences && !opts.dryRun) {
+        for (const project of workspace.projectList) {
+            try {
+                updateDependencyReferences(project.packageJsonPath, versionUpdates);
+            }
+            catch {
+                // Dependency reference updates are best-effort
+            }
+        }
+    }
+    return {
+        updated,
+        failed,
+        total: bumps.length,
+        success: failed.length === 0,
+    };
+}
+/**
+ * Updates the version field in a package.json file.
+ *
+ * @param packageJsonPath - Path to package.json
+ * @param newVersion - New version string
+ */
+function updatePackageVersion(packageJsonPath, newVersion) {
+    const content = readFileContent(packageJsonPath);
+    const pkg = parse(content);
+    pkg.version = newVersion;
+    const formatted = stringify(pkg, null, 2) + '\n';
+    writeFileContent(packageJsonPath, formatted);
+}
+/**
+ * Updates dependency version references in a package.json file.
+ *
+ * @param packageJsonPath - Path to package.json
+ * @param versionUpdates - Map of package name to new version
+ */
+function updateDependencyReferences(packageJsonPath, versionUpdates) {
+    const content = readFileContent(packageJsonPath);
+    const pkg = parse(content);
+    let modified = false;
+    const depTypes = ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'];
+    for (const depType of depTypes) {
+        const deps = pkg[depType];
+        if (deps) {
+            for (const [name, newVersion] of versionUpdates) {
+                if (deps[name]) {
+                    // Preserve version prefix (^, ~, etc.) or use exact version
+                    const currentRange = deps[name];
+                    const prefix = extractVersionPrefix(currentRange);
+                    deps[name] = prefix + newVersion;
+                    modified = true;
+                }
+            }
+        }
+    }
+    if (modified) {
+        const formatted = stringify(pkg, null, 2) + '\n';
+        writeFileContent(packageJsonPath, formatted);
+    }
+}
+/**
+ * Extracts the version prefix from a version range.
+ *
+ * @param versionRange - Version range string
+ * @returns The prefix (^, ~, >=, etc.) or empty string
+ */
+function extractVersionPrefix(versionRange) {
+    if (versionRange.startsWith('^'))
+        return '^';
+    if (versionRange.startsWith('~'))
+        return '~';
+    if (versionRange.startsWith('>='))
+        return '>=';
+    if (versionRange.startsWith('>'))
+        return '>';
+    if (versionRange.startsWith('<='))
+        return '<=';
+    if (versionRange.startsWith('<'))
+        return '<';
+    if (versionRange.startsWith('='))
+        return '=';
+    return '';
+}
+/**
+ * Updates a package.json file using a VFS Tree.
+ *
+ * @param tree - Virtual file system tree
+ * @param packageJsonPath - Relative path to package.json
+ * @param newVersion - New version string
+ */
+function updatePackageVersionInTree(tree, packageJsonPath, newVersion) {
+    const content = tree.read(packageJsonPath, 'utf-8');
+    if (!content) {
+        throw createError(`Could not read ${packageJsonPath}`);
+    }
+    const pkg = parse(content);
+    pkg.version = newVersion;
+    const formatted = stringify(pkg, null, 2) + '\n';
+    tree.write(packageJsonPath, formatted);
+}
+/**
+ * Creates a summary of the batch update result.
+ *
+ * @param result - Result object from batch update operation
+ * @returns Human-readable summary
+ */
+function summarizeBatchUpdate(result) {
+    const lines = [];
+    if (result.success) {
+        lines.push(`Successfully updated ${result.updated.length} package(s)`);
+    }
+    else {
+        lines.push(`Updated ${result.updated.length}/${result.total} package(s)`);
+        lines.push(`Failed: ${result.failed.length} package(s)`);
+    }
+    if (result.updated.length > 0) {
+        lines.push('');
+        lines.push('Updated packages:');
+        for (const pkg of result.updated) {
+            lines.push(`  ${pkg.name}: ${pkg.previousVersion} -> ${pkg.newVersion}`);
+        }
+    }
+    if (result.failed.length > 0) {
+        lines.push('');
+        lines.push('Failed packages:');
+        for (const pkg of result.failed) {
+            lines.push(`  ${pkg.name}: ${pkg.error}`);
+        }
+    }
+    return lines.join('\n');
+}
+
+/**
+ * Compares two semantic versions.
+ *
+ * @param a - First version
+ * @param b - Second version
+ * @returns -1 if a < b, 0 if a == b, 1 if a > b
+ *
+ * @example
+ * compare(parseVersion('1.0.0'), parseVersion('2.0.0')) // -1
+ * compare(parseVersion('1.0.0'), parseVersion('1.0.0')) // 0
+ * compare(parseVersion('2.0.0'), parseVersion('1.0.0')) // 1
+ */
+function compare(a, b) {
+    // Compare major, minor, patch
+    if (a.major !== b.major) {
+        return a.major < b.major ? -1 : 1;
+    }
+    if (a.minor !== b.minor) {
+        return a.minor < b.minor ? -1 : 1;
+    }
+    if (a.patch !== b.patch) {
+        return a.patch < b.patch ? -1 : 1;
+    }
+    // Compare prerelease
+    // Version with prerelease has lower precedence than release
+    if (a.prerelease.length === 0 && b.prerelease.length > 0) {
+        return 1; // a is release, b is prerelease -> a > b
+    }
+    if (a.prerelease.length > 0 && b.prerelease.length === 0) {
+        return -1; // a is prerelease, b is release -> a < b
+    }
+    // Both have prerelease - compare identifiers
+    const maxLen = max(a.prerelease.length, b.prerelease.length);
+    for (let i = 0; i < maxLen; i++) {
+        const aId = a.prerelease[i];
+        const bId = b.prerelease[i];
+        // Shorter prerelease array has lower precedence
+        if (aId === undefined && bId !== undefined) {
+            return -1;
+        }
+        if (aId !== undefined && bId === undefined) {
+            return 1;
+        }
+        if (aId === undefined || bId === undefined) {
+            continue;
+        }
+        // Compare identifiers
+        const cmp = compareIdentifiers(aId, bId);
+        if (cmp !== 0) {
+            return cmp;
+        }
+    }
+    return 0;
+}
+/**
+ * Checks if a version satisfies a comparator.
+ *
+ * @param version - Version to check
+ * @param comparator - Comparator to test against
+ * @returns True if version satisfies the comparator
+ */
+function satisfiesComparator(version, comparator) {
+    const cmp = compare(version, comparator.version);
+    switch (comparator.operator) {
+        case '=':
+            return cmp === 0;
+        case '>':
+            return cmp === 1;
+        case '>=':
+            return cmp >= 0;
+        case '<':
+            return cmp === -1;
+        case '<=':
+            return cmp <= 0;
+        case '^':
+        case '~':
+            // These should have been expanded during parsing
+            // If we encounter them here, treat as >=
+            return cmp >= 0;
+        default:
+            return false;
+    }
+}
+/**
+ * Checks if a version satisfies a range.
+ *
+ * @param version - Version to check
+ * @param range - Range to test against
+ * @returns True if version satisfies the range
+ *
+ * @example
+ * satisfies(parseVersion('1.2.3'), parseRange('^1.0.0')) // true
+ * satisfies(parseVersion('2.0.0'), parseRange('^1.0.0')) // false
+ */
+function satisfies(version, range) {
+    // Empty range matches any
+    if (range.sets.length === 0) {
+        return true;
+    }
+    // OR logic: at least one set must be satisfied
+    for (const set of range.sets) {
+        // AND logic: all comparators in set must be satisfied
+        let allSatisfied = true;
+        // Empty comparator set matches any
+        if (set.comparators.length === 0) {
+            return true;
+        }
+        for (const comp of set.comparators) {
+            if (!satisfiesComparator(version, comp)) {
+                allSatisfied = false;
+                break;
+            }
+        }
+        if (allSatisfied) {
+            return true;
+        }
+    }
+    return false;
+}
+// ============================================================================
+// Internal helpers
+// ============================================================================
+/**
+ * Compares two prerelease identifiers.
+ * Numeric identifiers have lower precedence than alphanumeric.
+ * Numeric identifiers are compared numerically.
+ * Alphanumeric identifiers are compared lexically.
+ *
+ * @param a - First prerelease identifier
+ * @param b - Second prerelease identifier
+ * @returns -1 if a < b, 0 if equal, 1 if a > b
+ */
+function compareIdentifiers(a, b) {
+    const aIsNumeric = isNumeric(a);
+    const bIsNumeric = isNumeric(b);
+    // Numeric identifiers have lower precedence
+    if (aIsNumeric && !bIsNumeric) {
+        return -1;
+    }
+    if (!aIsNumeric && bIsNumeric) {
+        return 1;
+    }
+    // Both numeric - compare as numbers
+    if (aIsNumeric && bIsNumeric) {
+        const aNum = parseInt(a, 10);
+        const bNum = parseInt(b, 10);
+        if (aNum < bNum)
+            return -1;
+        if (aNum > bNum)
+            return 1;
+        return 0;
+    }
+    // Both alphanumeric - compare lexically
+    if (a < b)
+        return -1;
+    if (a > b)
+        return 1;
+    return 0;
+}
+/**
+ * Checks if a string consists only of digits.
+ *
+ * @param str - String to check for numeric content
+ * @returns True if string contains only digits
+ */
+function isNumeric(str) {
+    if (str.length === 0)
+        return false;
+    for (let i = 0; i < str.length; i++) {
+        const code = str.charCodeAt(i);
+        if (code < 48 || code > 57) {
+            return false;
+        }
+    }
+    return true;
+}
+
+/**
+ * Creates a new Comparator.
+ *
+ * @param operator - The comparison operator
+ * @param version - The version to compare against
+ * @returns A new Comparator
+ */
+function createComparator(operator, version) {
+    return { operator, version };
+}
+/**
+ * Creates a new ComparatorSet.
+ *
+ * @param comparators - Array of comparators (AND logic)
+ * @returns A new ComparatorSet
+ */
+function createComparatorSet(comparators) {
+    return { comparators };
+}
+/**
+ * Creates a new Range.
+ *
+ * @param sets - Array of comparator sets (OR logic)
+ * @param raw - Original raw string
+ * @returns A new Range
+ */
+function createRange(sets, raw) {
+    return { sets, raw };
+}
+
+/**
+ * Maximum range string length.
+ */
+const MAX_RANGE_LENGTH = 1024;
+/**
+ * Parses a semver range string.
+ *
+ * Supports:
+ * - Exact: 1.2.3, =1.2.3
+ * - Comparators: >1.0.0, >=1.0.0, <2.0.0, <=2.0.0
+ * - Caret: ^1.2.3 (compatible with version)
+ * - Tilde: ~1.2.3 (approximately equivalent)
+ * - X-ranges: 1.x, 1.2.x, *
+ * - Hyphen ranges: 1.0.0 - 2.0.0
+ * - OR: 1.0.0 || 2.0.0
+ * - AND: >=1.0.0 <2.0.0
+ *
+ * @param input - The range string to parse
+ * @returns A ParseRangeResult with the parsed range or error
+ */
+function parseRange(input) {
+    if (!input || typeof input !== 'string') {
+        return { success: false, error: 'Range string is required' };
+    }
+    if (input.length > MAX_RANGE_LENGTH) {
+        return { success: false, error: `Range string exceeds maximum length of ${MAX_RANGE_LENGTH}` };
+    }
+    // Trim whitespace
+    const trimmed = input.trim();
+    // Handle wildcard/any
+    if (trimmed === '' || trimmed === '*' || trimmed.toLowerCase() === 'x') {
+        return { success: true, range: createRange([], input) };
+    }
+    // Split by || for OR logic
+    const orParts = splitByOr(trimmed);
+    const sets = [];
+    for (const part of orParts) {
+        const setResult = parseComparatorSet(part.trim());
+        if (!setResult.success) {
+            return { success: false, error: setResult.error };
+        }
+        if (setResult.set) {
+            sets.push(setResult.set);
+        }
+    }
+    return { success: true, range: createRange(sets, input) };
+}
+/**
+ * Splits a string by || delimiter, respecting nesting.
+ *
+ * @param input - Range string containing OR groups
+ * @returns Array of OR-separated parts
+ */
+function splitByOr(input) {
+    const parts = [];
+    let current = '';
+    let pos = 0;
+    while (pos < input.length) {
+        if (input[pos] === '|' && pos + 1 < input.length && input[pos + 1] === '|') {
+            parts.push(current);
+            current = '';
+            pos += 2;
+        }
+        else {
+            current += input[pos];
+            pos++;
+        }
+    }
+    parts.push(current);
+    return parts;
+}
+/**
+ * Parses a single comparator set (space-separated comparators = AND logic).
+ *
+ * @param input - Comparator set string
+ * @returns Parsed set result
+ */
+function parseComparatorSet(input) {
+    if (!input || input.trim() === '') {
+        return { success: true }; // Empty set matches any
+    }
+    const trimmed = input.trim();
+    // Check for hyphen range: "1.0.0 - 2.0.0"
+    const hyphenMatch = parseHyphenRange(trimmed);
+    if (hyphenMatch.isHyphenRange) {
+        if (!hyphenMatch.success) {
+            return { success: false, error: hyphenMatch.error };
+        }
+        return { success: true, set: hyphenMatch.set };
+    }
+    // Split by whitespace for AND logic
+    const tokens = splitByWhitespace(trimmed);
+    const comparators = [];
+    for (const token of tokens) {
+        const compResult = parseSingleComparator(token);
+        if (!compResult.success) {
+            return { success: false, error: compResult.error };
+        }
+        if (compResult.comparators) {
+            comparators.push(...compResult.comparators);
+        }
+    }
+    if (comparators.length === 0) {
+        return { success: true }; // Empty matches any
+    }
+    return { success: true, set: createComparatorSet(comparators) };
+}
+/**
+ * Checks for and parses hyphen ranges like "1.0.0 - 2.0.0".
+ *
+ * @param input - Potential hyphen range string
+ * @returns Hyphen range parsing result
+ */
+function parseHyphenRange(input) {
+    // Look for " - " (space-hyphen-space)
+    let hyphenPos = -1;
+    for (let i = 0; i < input.length - 2; i++) {
+        if (input[i] === ' ' && input[i + 1] === '-' && input[i + 2] === ' ') {
+            hyphenPos = i;
+            break;
+        }
+    }
+    if (hyphenPos === -1) {
+        return { isHyphenRange: false, success: true };
+    }
+    const leftPart = input.slice(0, hyphenPos).trim();
+    const rightPart = input.slice(hyphenPos + 3).trim();
+    const leftVersion = parseSimpleVersion(leftPart);
+    if (!leftVersion) {
+        return { isHyphenRange: true, success: false, error: `Invalid left side of hyphen range: "${leftPart}"` };
+    }
+    const rightVersion = parseSimpleVersion(rightPart);
+    if (!rightVersion) {
+        return { isHyphenRange: true, success: false, error: `Invalid right side of hyphen range: "${rightPart}"` };
+    }
+    // Hyphen range: >=left <=right
+    const comparators = [createComparator('>=', leftVersion), createComparator('<=', rightVersion)];
+    return {
+        isHyphenRange: true,
+        success: true,
+        set: createComparatorSet(comparators),
+    };
+}
+/**
+ * Splits by whitespace.
+ *
+ * @param input - String to split
+ * @returns Array of whitespace-separated tokens
+ */
+function splitByWhitespace(input) {
+    const tokens = [];
+    let current = '';
+    for (const char of input) {
+        if (char === ' ' || char === '\t') {
+            if (current) {
+                tokens.push(current);
+                current = '';
+            }
+        }
+        else {
+            current += char;
+        }
+    }
+    if (current) {
+        tokens.push(current);
+    }
+    return tokens;
+}
+/**
+ * Parses a single comparator token (e.g., ">=1.0.0", "^1.2.3", "~1.0").
+ *
+ * @param token - Comparator token to parse
+ * @returns Parsed comparator result
+ */
+function parseSingleComparator(token) {
+    let pos = 0;
+    let operator = '=';
+    // Parse operator
+    if (token[pos] === '^') {
+        operator = '^';
+        pos++;
+    }
+    else if (token[pos] === '~') {
+        operator = '~';
+        pos++;
+    }
+    else if (token[pos] === '>') {
+        if (token[pos + 1] === '=') {
+            operator = '>=';
+            pos += 2;
+        }
+        else {
+            operator = '>';
+            pos++;
+        }
+    }
+    else if (token[pos] === '<') {
+        if (token[pos + 1] === '=') {
+            operator = '<=';
+            pos += 2;
+        }
+        else {
+            operator = '<';
+            pos++;
+        }
+    }
+    else if (token[pos] === '=') {
+        operator = '=';
+        pos++;
+    }
+    const versionPart = token.slice(pos);
+    // Handle wildcards: *, x, X
+    if (versionPart === '*' || versionPart.toLowerCase() === 'x') {
+        // Wildcard matches any - return empty (will be handled as match-all)
+        return { success: true, comparators: [] };
+    }
+    // Handle x-ranges: 1.x, 1.2.x
+    if (versionPart.includes('x') || versionPart.includes('X') || versionPart.includes('*')) {
+        return parseXRange(versionPart);
+    }
+    // Parse version
+    const version = parseSimpleVersion(versionPart);
+    if (!version) {
+        return { success: false, error: `Invalid version in comparator: "${versionPart}"` };
+    }
+    // For caret and tilde, expand to range
+    if (operator === '^') {
+        return expandCaretRange(version);
+    }
+    if (operator === '~') {
+        return expandTildeRange(version);
+    }
+    return { success: true, comparators: [createComparator(operator, version)] };
+}
+/**
+ * Parses x-ranges like 1.x, 1.2.x, etc.
+ *
+ * @param input - X-range string to parse
+ * @param _operator - Range operator (unused but kept for interface consistency)
+ * @returns Comparator result
+ */
+function parseXRange(input, _operator) {
+    const parts = input.split('.');
+    const nums = [];
+    for (const part of parts) {
+        const lower = part.toLowerCase();
+        if (lower === 'x' || lower === '*' || lower === '') {
+            break;
+        }
+        const num = parseInt(part, 10);
+        if (globalIsNaN(num) || num < 0) {
+            return { success: false, error: `Invalid x-range: "${input}"` };
+        }
+        nums.push(num);
+    }
+    if (nums.length === 0) {
+        // * or X alone - match any
+        return { success: true, comparators: [] };
+    }
+    if (nums.length === 1) {
+        // 1.x or 1.* -> >=1.0.0 <2.0.0
+        const lower = createSemVer({ major: nums[0], minor: 0, patch: 0 });
+        const upper = createSemVer({ major: nums[0] + 1, minor: 0, patch: 0 });
+        return { success: true, comparators: [createComparator('>=', lower), createComparator('<', upper)] };
+    }
+    // 1.2.x -> >=1.2.0 <1.3.0
+    const lower = createSemVer({ major: nums[0], minor: nums[1], patch: 0 });
+    const upper = createSemVer({ major: nums[0], minor: nums[1] + 1, patch: 0 });
+    return { success: true, comparators: [createComparator('>=', lower), createComparator('<', upper)] };
+}
+/**
+ * Expands caret range: ^1.2.3 -> >=1.2.3 <2.0.0
+ *
+ * @param version - Base version for caret range
+ * @returns Expanded comparator result
+ */
+function expandCaretRange(version) {
+    let upperMajor = version.major;
+    let upperMinor = 0;
+    let upperPatch = 0;
+    if (version.major === 0) {
+        if (version.minor === 0) {
+            // ^0.0.x -> >=0.0.x <0.0.(x+1)
+            upperPatch = version.patch + 1;
+            upperMinor = version.minor;
+        }
+        else {
+            // ^0.x.y -> >=0.x.y <0.(x+1).0
+            upperMinor = version.minor + 1;
+        }
+    }
+    else {
+        // ^x.y.z -> >=x.y.z <(x+1).0.0
+        upperMajor = version.major + 1;
+    }
+    const upper = createSemVer({ major: upperMajor, minor: upperMinor, patch: upperPatch });
+    return { success: true, comparators: [createComparator('>=', version), createComparator('<', upper)] };
+}
+/**
+ * Expands tilde range: ~1.2.3 -> >=1.2.3 <1.3.0
+ *
+ * @param version - Base version for tilde range
+ * @returns Expanded comparator result
+ */
+function expandTildeRange(version) {
+    const upper = createSemVer({
+        major: version.major,
+        minor: version.minor + 1,
+        patch: 0,
+    });
+    return { success: true, comparators: [createComparator('>=', version), createComparator('<', upper)] };
+}
+/**
+ * Parses a simple version string (no range operators).
+ * More lenient - accepts partial versions.
+ *
+ * @param input - Version string to parse
+ * @returns Parsed SemVer or null if invalid
+ */
+function parseSimpleVersion(input) {
+    if (!input)
+        return null;
+    let pos = 0;
+    // Skip leading v
+    if (input[pos] === 'v' || input[pos] === 'V') {
+        pos++;
+    }
+    const parts = input.slice(pos).split('.');
+    if (parts.length === 0)
+        return null;
+    const nums = [];
+    for (const part of parts) {
+        // Stop at prerelease or build
+        const dashIdx = part.indexOf('-');
+        const plusIdx = part.indexOf('+');
+        let numPart = part;
+        if (dashIdx !== -1) {
+            numPart = part.slice(0, dashIdx);
+        }
+        else if (plusIdx !== -1) {
+            numPart = part.slice(0, plusIdx);
+        }
+        if (numPart === '' || numPart.toLowerCase() === 'x' || numPart === '*') {
+            break;
+        }
+        const num = parseInt(numPart, 10);
+        if (globalIsNaN(num) || num < 0)
+            return null;
+        nums.push(num);
+    }
+    if (nums.length === 0)
+        return null;
+    return createSemVer({
+        major: nums[0],
+        minor: nums[1] ?? 0,
+        patch: nums[2] ?? 0,
+        prerelease: [],
+        build: [],
+        raw: input,
+    });
+}
+
+/**
+ * Workspace Validation
+ *
+ * Validation utilities for workspace integrity checks.
+ * Verifies package configurations, dependencies, and workspace structure.
+ */
+/**
+ * Validates a workspace for common issues.
+ *
+ * @param workspace - The workspace to validate
+ * @returns Validation report
+ *
+ * @example
+ * ```typescript
+ * import { validateWorkspace } from '@hyperfrontend/versioning'
+ *
+ * const report = validateWorkspace(workspace)
+ *
+ * if (!report.valid) {
+ *   console.error(`${report.errorCount} error(s) found`)
+ *   for (const result of report.results) {
+ *     if (!result.result.valid) {
+ *       console.error(`  ${result.checkName}: ${result.result.error}`)
+ *     }
+ *   }
+ * }
+ * ```
+ */
+function validateWorkspace(workspace) {
+    const results = [];
+    // Workspace-level checks
+    results.push({
+        checkId: 'workspace-has-projects',
+        checkName: 'Workspace has projects',
+        packageName: null,
+        result: validateHasProjects(workspace),
+    });
+    results.push({
+        checkId: 'no-circular-dependencies',
+        checkName: 'No circular dependencies',
+        packageName: null,
+        result: validateNoCircularDependencies(workspace),
+    });
+    // Package-level checks
+    for (const project of workspace.projectList) {
+        results.push({
+            checkId: 'valid-version',
+            checkName: `Valid semver version`,
+            packageName: project.name,
+            result: validateProjectVersion(project),
+        });
+        results.push({
+            checkId: 'valid-name',
+            checkName: `Valid package name`,
+            packageName: project.name,
+            result: validateProjectName(project),
+        });
+        results.push({
+            checkId: 'dependency-versions',
+            checkName: `Internal dependency versions`,
+            packageName: project.name,
+            result: validateDependencyVersions(workspace, project),
+        });
+    }
+    // Aggregate results
+    const errors = results.filter((r) => !r.result.valid);
+    const warnings = results.filter((r) => r.result.warning !== undefined);
+    const invalidPackageNames = errors
+        .filter((r) => r.packageName !== null)
+        .map((r) => r.packageName)
+        .filter((name) => name !== null);
+    const invalidPackages = createSet(invalidPackageNames);
+    return {
+        results,
+        valid: errors.length === 0,
+        errorCount: errors.length,
+        warningCount: warnings.length,
+        invalidPackages: [...invalidPackages],
+    };
+}
+/**
+ * Validates that the workspace has at least one project.
+ *
+ * @param workspace - Workspace to validate for project existence
+ * @returns Validation result indicating success or failure
+ */
+function validateHasProjects(workspace) {
+    if (workspace.projects.size === 0) {
+        return {
+            valid: false,
+            error: 'Workspace has no projects',
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Validates that there are no circular dependencies.
+ *
+ * @param workspace - Workspace to check for circular dependencies
+ * @returns Validation result indicating success or failure with cycle info
+ */
+function validateNoCircularDependencies(workspace) {
+    // Build adjacency list
+    const visited = createSet();
+    const recursionStack = createSet();
+    /**
+     * Depth-first search to detect cycles in the dependency graph.
+     *
+     * @param node - Current node being visited
+     * @returns True if a cycle was found starting from this node
+     */
+    function hasCycle(node) {
+        visited.add(node);
+        recursionStack.add(node);
+        const deps = workspace.reverseDependencyGraph.get(node) ?? [];
+        for (const dep of deps) {
+            if (!visited.has(dep)) {
+                if (hasCycle(dep)) {
+                    return true;
+                }
+            }
+            else if (recursionStack.has(dep)) {
+                return true;
+            }
+        }
+        recursionStack.delete(node);
+        return false;
+    }
+    for (const name of workspace.projects.keys()) {
+        if (!visited.has(name)) {
+            if (hasCycle(name)) {
+                return {
+                    valid: false,
+                    error: 'Circular dependency detected',
+                };
+            }
+        }
+    }
+    return { valid: true };
+}
+/**
+ * Validates a project's version is valid semver.
+ *
+ * @param project - Project to validate version for
+ * @returns Validation result indicating success or failure
+ */
+function validateProjectVersion(project) {
+    const result = parseVersion(project.version);
+    if (!result.success) {
+        return {
+            valid: false,
+            error: `Invalid semver version: ${project.version}`,
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Validates a project's package name.
+ *
+ * @param project - Project to validate name for
+ * @returns Validation result indicating success or failure
+ */
+function validateProjectName(project) {
+    if (!project.name || project.name.trim() === '') {
+        return {
+            valid: false,
+            error: 'Package name is required',
+        };
+    }
+    // Check for valid npm package name using safe validation without complex regex
+    const nameValidationResult = validatePackageNameFormat(project.name);
+    if (!nameValidationResult.valid) {
+        return {
+            valid: false,
+            error: `Invalid package name format: ${project.name}`,
+        };
+    }
+    // Check length
+    if (project.name.length > 214) {
+        return {
+            valid: false,
+            error: 'Package name exceeds 214 characters',
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Validates that internal dependency versions are satisfiable.
+ *
+ * @param workspace - Workspace containing all projects
+ * @param project - Project to validate dependencies for
+ * @returns Validation result with warnings for unsatisfied versions
+ */
+function validateDependencyVersions(workspace, project) {
+    const warnings = [];
+    for (const depName of project.internalDependencies) {
+        const dep = workspace.projects.get(depName);
+        if (!dep) {
+            continue; // Handled by dependency existence check
+        }
+        // Get the version range from package.json
+        const depTypes = ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'];
+        let versionRange;
+        for (const depType of depTypes) {
+            const deps = project.packageJson[depType];
+            if (deps?.[depName]) {
+                versionRange = deps[depName];
+                break;
+            }
+        }
+        if (versionRange) {
+            const depVersionResult = parseVersion(dep.version);
+            if (depVersionResult.success && depVersionResult.version && !isWorkspaceVersion(versionRange)) {
+                // Parse the version range
+                const rangeResult = parseRange(versionRange);
+                if (rangeResult.success && rangeResult.range) {
+                    // Check if the current version satisfies the range
+                    if (!satisfies(depVersionResult.version, rangeResult.range)) {
+                        warnings.push(`${depName}@${dep.version} does not satisfy ${versionRange}`);
+                    }
+                }
+            }
+        }
+    }
+    if (warnings.length > 0) {
+        return {
+            valid: true, // Warning, not error
+            warning: warnings.join('; '),
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Validates npm package name format without using complex regex.
+ * This avoids ReDoS vulnerabilities from backtracking regex patterns.
+ *
+ * @param name - Package name to validate
+ * @returns Validation result
+ */
+function validatePackageNameFormat(name) {
+    // Valid characters for package names: lowercase letters, digits, hyphens, underscores, dots
+    const isValidChar = (char) => {
+        const code = char.charCodeAt(0);
+        return ((code >= 97 && code <= 122) || // a-z
+            (code >= 48 && code <= 57) || // 0-9
+            code === 45 || // -
+            code === 95 || // _
+            code === 46 // .
+        );
+    };
+    // First char must be lowercase letter or digit
+    const isValidFirstChar = (char) => {
+        const code = char.charCodeAt(0);
+        return (code >= 97 && code <= 122) || (code >= 48 && code <= 57);
+    };
+    // Handle scoped packages (@scope/name)
+    if (name.startsWith('@')) {
+        const slashIndex = name.indexOf('/');
+        if (slashIndex === -1 || slashIndex === 1 || slashIndex === name.length - 1) {
+            return { valid: false };
+        }
+        // Validate scope (after @, before /)
+        const scope = name.slice(1, slashIndex);
+        if (!isValidFirstChar(scope[0]))
+            return { valid: false };
+        for (const char of scope) {
+            if (!isValidChar(char))
+                return { valid: false };
+        }
+        // Validate name (after /)
+        const packageName = name.slice(slashIndex + 1);
+        if (!isValidFirstChar(packageName[0]))
+            return { valid: false };
+        for (const char of packageName) {
+            if (!isValidChar(char))
+                return { valid: false };
+        }
+    }
+    else {
+        // Unscoped package
+        if (!isValidFirstChar(name[0]))
+            return { valid: false };
+        for (const char of name) {
+            if (!isValidChar(char))
+                return { valid: false };
+        }
+    }
+    return { valid: true };
+}
+/**
+ * Checks if a version range is a workspace protocol version.
+ *
+ * @param versionRange - Version range string to check
+ * @returns True if the range uses workspace protocol
+ */
+function isWorkspaceVersion(versionRange) {
+    return versionRange.startsWith('workspace:') || versionRange === '*' || versionRange === 'link:';
+}
+/**
+ * Validates a single project.
+ *
+ * @param project - The project to validate
+ * @returns Validation result
+ */
+function validateProject(project) {
+    const versionResult = validateProjectVersion(project);
+    if (!versionResult.valid) {
+        return versionResult;
+    }
+    const nameResult = validateProjectName(project);
+    if (!nameResult.valid) {
+        return nameResult;
+    }
+    return { valid: true };
+}
+/**
+ * Creates a summary of the validation report.
+ *
+ * @param report - Report object from workspace validation
+ * @returns Human-readable summary
+ */
+function summarizeValidation(report) {
+    const lines = [];
+    if (report.valid) {
+        lines.push('Workspace validation passed');
+        if (report.warningCount > 0) {
+            lines.push(`  ${report.warningCount} warning(s)`);
+        }
+    }
+    else {
+        lines.push('Workspace validation failed');
+        lines.push(`  ${report.errorCount} error(s)`);
+        lines.push(`  ${report.warningCount} warning(s)`);
+        lines.push('');
+        lines.push('Errors:');
+        for (const result of report.results) {
+            if (!result.result.valid) {
+                const pkg = result.packageName ? `[${result.packageName}] ` : '';
+                lines.push(`  ${pkg}${result.checkName}: ${result.result.error}`);
+            }
+        }
+        if (report.warningCount > 0) {
+            lines.push('');
+            lines.push('Warnings:');
+            for (const result of report.results) {
+                if (result.result.warning) {
+                    const pkg = result.packageName ? `[${result.packageName}] ` : '';
+                    lines.push(`  ${pkg}${result.checkName}: ${result.result.warning}`);
+                }
+            }
+        }
+    }
+    return lines.join('\n');
+}
+
+export { DEFAULT_BATCH_UPDATE_OPTIONS, DEFAULT_CASCADE_OPTIONS, applyBumps, calculateCascadeBumps, calculateCascadeBumpsFromPackage, summarizeBatchUpdate, summarizeCascadeBumps, summarizeValidation, updatePackageVersionInTree, validateProject, validateWorkspace };
+//# sourceMappingURL=index.esm.js.map