@planu/cli 4.1.0 → 4.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/engine/hooks/git-hook-generator.js +31 -0
  3. package/dist/tools/git/hook-ops.js +30 -0
  4. package/package.json +8 -7
package/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## [4.1.1] - 2026-05-21
2
+
3
+ ### Features
4
+ - Enforce dependency freshness as a blocking pre-push gate for lockfile drift, high/critical vulnerabilities, and outdated direct dependencies.
5
+ - Add the same pnpm dependency freshness guard to Planu-generated pre-push hooks.
6
+
7
+ ### Tests
8
+ - Add coverage for the dependency freshness script and generated hook contents.
9
+
10
+
1
11
  ## [4.1.0] - 2026-05-21
2
12
 
3
13
  ### Features
package/dist/engine/hooks/git-hook-generator.js CHANGED
@@ -66,6 +66,37 @@ if command -v planu >/dev/null 2>&1; then
66
66
  planu detect-drift --project-id "${projectId}" --mode quick 2>/dev/null || true
67
67
  fi
68
68
 
69
+ if command -v pnpm >/dev/null 2>&1 && [ -f "package.json" ] && [ -f "pnpm-lock.yaml" ]; then
70
+ echo "[Planu] Checking dependency freshness..."
71
+ pnpm install --frozen-lockfile --ignore-scripts >/dev/null || {
72
+ echo "ERROR: package.json and pnpm-lock.yaml are not synchronized."
73
+ echo "Run: pnpm install --lockfile-only --ignore-scripts"
74
+ exit 1
75
+ }
76
+ pnpm audit --audit-level=high || {
77
+ echo "ERROR: High or critical dependency vulnerabilities found."
78
+ echo "Run: pnpm audit and update the affected packages before pushing."
79
+ exit 1
80
+ }
81
+ OUTDATED_JSON="$(mktemp)"
82
+ OUTDATED_ERR="$(mktemp)"
83
+ set +e
84
+ pnpm outdated --format=json >"\${OUTDATED_JSON}" 2>"\${OUTDATED_ERR}"
85
+ OUTDATED_STATUS=$?
86
+ set -e
87
+ if [ "\${OUTDATED_STATUS}" -gt 1 ]; then
88
+ echo "ERROR: Failed to query dependency freshness from the registry."
89
+ cat "\${OUTDATED_ERR}"
90
+ rm -f "\${OUTDATED_JSON}" "\${OUTDATED_ERR}"
91
+ exit 1
92
+ fi
93
+ node -e "const fs=require('fs');const raw=fs.readFileSync(process.argv[1],'utf8').trim();const data=raw?JSON.parse(raw):{};const count=Array.isArray(data)?data.length:Object.keys(data).length;if(count>0){console.error('ERROR: Outdated dependencies found. Run: bash scripts/check-updates.sh --apply, pnpm update, or update intentionally before pushing.');process.exit(1)}" "\${OUTDATED_JSON}" || {
94
+ rm -f "\${OUTDATED_JSON}" "\${OUTDATED_ERR}"
95
+ exit 1
96
+ }
97
+ rm -f "\${OUTDATED_JSON}" "\${OUTDATED_ERR}"
98
+ fi
99
+
69
100
  echo "[Planu] Pre-push checks complete."
70
101
  `;
71
102
  }
package/dist/tools/git/hook-ops.js CHANGED
@@ -165,6 +165,36 @@ function buildPrePushScript(protectedBranches, stalenessThreshold, baseBranch) {
165
165
  ' fi',
166
166
  'fi',
167
167
  '',
168
+ '# Dependency freshness gate for pnpm projects',
169
+ 'if command -v pnpm >/dev/null 2>&1 && [ -f "package.json" ] && [ -f "pnpm-lock.yaml" ]; then',
170
+ ' echo "[Planu] Checking dependency freshness..."',
171
+ ' pnpm install --frozen-lockfile --ignore-scripts >/dev/null || {',
172
+ ' echo "ERROR: package.json and pnpm-lock.yaml are not synchronized."',
173
+ ' echo "Run: pnpm install --lockfile-only --ignore-scripts"',
174
+ ' exit 1',
175
+ ' }',
176
+ ' pnpm audit --audit-level=high || {',
177
+ ' echo "ERROR: High or critical dependency vulnerabilities found."',
178
+ ' echo "Run: pnpm audit and update the affected packages before pushing."',
179
+ ' exit 1',
180
+ ' }',
181
+ ' OUTDATED_JSON=$(mktemp)',
182
+ ' OUTDATED_ERR=$(mktemp)',
183
+ ' pnpm outdated --format=json >"$OUTDATED_JSON" 2>"$OUTDATED_ERR"',
184
+ ' OUTDATED_STATUS=$?',
185
+ ' if [ "$OUTDATED_STATUS" -gt 1 ]; then',
186
+ ' echo "ERROR: Failed to query dependency freshness from the registry."',
187
+ ' cat "$OUTDATED_ERR"',
188
+ ' rm -f "$OUTDATED_JSON" "$OUTDATED_ERR"',
189
+ ' exit 1',
190
+ ' fi',
191
+ " node -e \"const fs=require('fs');const raw=fs.readFileSync(process.argv[1],'utf8').trim();const data=raw?JSON.parse(raw):{};const count=Array.isArray(data)?data.length:Object.keys(data).length;if(count>0){console.error('ERROR: Outdated dependencies found. Run: bash scripts/check-updates.sh --apply, pnpm update, or update intentionally before pushing.');process.exit(1)}\" \"$OUTDATED_JSON\" || {",
192
+ ' rm -f "$OUTDATED_JSON" "$OUTDATED_ERR"',
193
+ ' exit 1',
194
+ ' }',
195
+ ' rm -f "$OUTDATED_JSON" "$OUTDATED_ERR"',
196
+ 'fi',
197
+ '',
168
198
  'exit 0',
169
199
  ].join('\n');
170
200
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@planu/cli",
3
- "version": "4.1.0",
3
+ "version": "4.1.1",
4
4
  "description": "Planu — MCP Server for Spec Driven Development with native Rust acceleration for hot paths. Cross-platform (Linux/macOS/Windows, x64/arm64, glibc/musl).",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -32,12 +32,12 @@
32
32
  "packageName": "@planu/core"
33
33
  },
34
34
  "optionalDependencies": {
35
- "@planu/core-darwin-arm64": "4.1.0",
36
- "@planu/core-darwin-x64": "4.1.0",
37
- "@planu/core-linux-arm64-gnu": "4.1.0",
38
- "@planu/core-linux-arm64-musl": "4.1.0",
39
- "@planu/core-linux-x64-gnu": "4.1.0",
40
- "@planu/core-linux-x64-musl": "4.1.0"
35
+ "@planu/core-darwin-arm64": "4.1.1",
36
+ "@planu/core-darwin-x64": "4.1.1",
37
+ "@planu/core-linux-arm64-gnu": "4.1.1",
38
+ "@planu/core-linux-arm64-musl": "4.1.1",
39
+ "@planu/core-linux-x64-gnu": "4.1.1",
40
+ "@planu/core-linux-x64-musl": "4.1.1"
41
41
  },
42
42
  "engines": {
43
43
  "node": ">=24.0.0"
@@ -68,6 +68,7 @@
68
68
  "test:integration": "vitest run tests/integration",
69
69
  "check": "pnpm typecheck && pnpm lint && pnpm format:check",
70
70
  "check:strict": "pnpm typecheck && pnpm lint && pnpm format:check && pnpm audit:deadcode && pnpm audit:circular && pnpm audit:types && pnpm audit:security && pnpm audit:licenses && pnpm audit:i18n",
71
+ "check:deps:fresh": "bash scripts/check-dependency-freshness.sh",
71
72
  "audit:deadcode": "knip",
72
73
  "audit:circular": "madge --circular --extensions ts src/",
73
74
  "audit:types": "type-coverage --at-least 98 --ignore-catch --strict --ignore-files 'tests/**'",