@oddessentials/repo-standards 1.0.1 → 1.2.0

package/dist/config/standards.typescript-js.azure-devops.json

@@ -397,6 +397,67 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            "renovate.json5",
+            ".renovaterc.json5",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports GHA + AzDO (self-hosted or Mend Renovate App). Dependabot is GitHub-native only. For AzDO: use Renovate via self-hosted runner, Docker container job, or Mend's hosted service.",
+          "pinningNotes": "Pin Renovate Docker image version in AzDO pipelines for determinism.",
+          "verification": "Check for renovate.json (or .renovaterc.json) OR .github/dependabot.yml. Verify dependency update PRs are being created."
+        }
+      },
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "anyOfFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs",
+            ".dependency-cruiser.mjs"
+          ],
+          "exampleConfigFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs"
+          ],
+          "exampleTools": [
+            "dependency-cruiser"
+          ],
+          "notes": "Define forbidden imports, layer rules, and circular dependency bans. Run in CI as blocking check.",
+          "pinningNotes": "Pin dependency-cruiser version in package.json devDependencies.",
+          "verification": "Run 'npx depcruise --validate' or equivalent. Verify architectural rules are documented and enforced."
+        }
+      },
       {
         "ciHints": {
           "azure-devops": {
@@ -523,7 +584,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -551,5 +613,5 @@
   },
   "stack": "typescript-js",
   "stackLabel": "TypeScript / JavaScript",
-  "version": 1
+  "version": 2
 }

package/dist/config/standards.typescript-js.github-actions.json

@@ -397,6 +397,67 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            "renovate.json5",
+            ".renovaterc.json5",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports GHA + AzDO (self-hosted or Mend Renovate App). Dependabot is GitHub-native only. For AzDO: use Renovate via self-hosted runner, Docker container job, or Mend's hosted service.",
+          "pinningNotes": "Pin Renovate Docker image version in AzDO pipelines for determinism.",
+          "verification": "Check for renovate.json (or .renovaterc.json) OR .github/dependabot.yml. Verify dependency update PRs are being created."
+        }
+      },
+      {
+        "ciHints": {
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "anyOfFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs",
+            ".dependency-cruiser.mjs"
+          ],
+          "exampleConfigFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs"
+          ],
+          "exampleTools": [
+            "dependency-cruiser"
+          ],
+          "notes": "Define forbidden imports, layer rules, and circular dependency bans. Run in CI as blocking check.",
+          "pinningNotes": "Pin dependency-cruiser version in package.json devDependencies.",
+          "verification": "Run 'npx depcruise --validate' or equivalent. Verify architectural rules are documented and enforced."
+        }
+      },
       {
         "ciHints": {
           "github-actions": {
@@ -523,7 +584,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -551,5 +613,5 @@
   },
   "stack": "typescript-js",
   "stackLabel": "TypeScript / JavaScript",
-  "version": 1
+  "version": 2
 }

package/dist/config/standards.typescript-js.json

@@ -445,6 +445,75 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          },
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            "renovate.json5",
+            ".renovaterc.json5",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports GHA + AzDO (self-hosted or Mend Renovate App). Dependabot is GitHub-native only. For AzDO: use Renovate via self-hosted runner, Docker container job, or Mend's hosted service.",
+          "pinningNotes": "Pin Renovate Docker image version in AzDO pipelines for determinism.",
+          "verification": "Check for renovate.json (or .renovaterc.json) OR .github/dependabot.yml. Verify dependency update PRs are being created."
+        }
+      },
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          },
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "anyOfFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs",
+            ".dependency-cruiser.mjs"
+          ],
+          "exampleConfigFiles": [
+            ".dependency-cruiser.cjs",
+            ".dependency-cruiser.js",
+            "dependency-cruiser.config.cjs"
+          ],
+          "exampleTools": [
+            "dependency-cruiser"
+          ],
+          "notes": "Define forbidden imports, layer rules, and circular dependency bans. Run in CI as blocking check.",
+          "pinningNotes": "Pin dependency-cruiser version in package.json devDependencies.",
+          "verification": "Run 'npx depcruise --validate' or equivalent. Verify architectural rules are documented and enforced."
+        }
+      },
       {
         "ciHints": {
           "azure-devops": {
@@ -584,7 +653,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -612,5 +682,5 @@
   },
   "stack": "typescript-js",
   "stackLabel": "TypeScript / JavaScript",
-  "version": 1
+  "version": 2
 }

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-export type StackId = "typescript-js" | "csharp-dotnet" | "python";
+export type StackId = "typescript-js" | "csharp-dotnet" | "python" | "rust" | "go";
 export type CiSystem = "azure-devops" | "github-actions";
 export interface MasterJson {
     version: number;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,OAAO,GAAG,eAAe,GAAG,eAAe,GAAG,QAAQ,CAAC;AACnE,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAEzD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnE,SAAS,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,SAAS,EAAE,GAAG,CAAC;CAChB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,OAAO,GACf,eAAe,GACf,eAAe,GACf,QAAQ,GACR,MAAM,GACN,IAAI,CAAC;AACT,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAEzD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnE,SAAS,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,SAAS,EAAE,GAAG,CAAC;CAChB"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@oddessentials/repo-standards",
   "private": false,
-  "version": "1.0.1",
+  "version": "1.2.0",
   "description": "Standards and CI filtering utilities for multi-stack repository governance.",
   "type": "module",
   "scripts": {