npm - @rainy-updates/cli - Versions diffs - 0.4.4 → 0.5.0-rc.1 - Mend

@rainy-updates/cli 0.4.4 → 0.5.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,35 @@
 All notable changes to this project are documented in this file.
+## [0.5.0-rc.1] - 2026-02-27
+### Added
+- New CI rollout controls:
+  - `--fail-on none|patch|minor|major|any`
+  - `--max-updates <n>`
+- New baseline workflow command:
+  - `baseline --save --file <path>` to snapshot dependency state
+  - `baseline --check --file <path>` to detect dependency drift
+- New `init-ci --mode enterprise` template:
+  - Node runtime matrix (`20`, `22`)
+  - stricter default permissions
+  - artifact retention policy
+  - built-in rollout gate flags (`--fail-on`, `--max-updates`)
+### Changed
+- Dependency target selection now evaluates available package versions from registry metadata, improving `patch|minor|major` accuracy.
+- CLI parser now rejects unknown options and missing option values with explicit errors (safer CI behavior).
+- SARIF output now reports the actual package version dynamically.
+### Tests
+- Added baseline snapshot/diff tests.
+- Added enterprise workflow generation tests.
+- Added semver target selection tests using available version sets.
+- Added parser tests for baseline command, rollout flags, and unknown option rejection.
 ## [0.4.4] - 2026-02-27
 ### Changed

package/README.md CHANGED Viewed

@@ -25,6 +25,7 @@ pnpm add -D @rainy-updates/cli
 - `check`: analyze dependencies and report available updates.
 - `upgrade`: rewrite dependency ranges in manifests, optionally install lockfile updates.
 - `warm-cache`: prefetch package metadata for fast and offline checks.
+- `baseline`: save and compare dependency baseline snapshots.
 ## Quick usage
@@ -41,6 +42,10 @@ npx @rainy-updates/cli upgrade --target latest --workspace --sync --install
 # 4) Warm cache for deterministic offline checks
 npx @rainy-updates/cli warm-cache --workspace --concurrency 32
 npx @rainy-updates/cli check --workspace --offline --ci
+# 5) Save and compare baseline drift in CI
+npx @rainy-updates/cli baseline --save --file .artifacts/deps-baseline.json --workspace
+npx @rainy-updates/cli baseline --check --file .artifacts/deps-baseline.json --workspace --ci
 ```
 ## What it does in production
@@ -108,7 +113,7 @@ Generate a workflow in the target project automatically:
 ```bash
 # strict mode (recommended)
-npx @rainy-updates/cli init-ci --mode strict --schedule weekly
+npx @rainy-updates/cli init-ci --mode enterprise --schedule weekly
 # lightweight mode
 npx @rainy-updates/cli init-ci --mode minimal --schedule daily
@@ -121,6 +126,7 @@ Generated file:
 Modes:
 - `strict`: warm-cache + offline check + artifacts + SARIF upload.
+- `enterprise`: strict checks + runtime matrix + retention policy + rollout gates.
 - `minimal`: fast check-only workflow for quick adoption.
 Schedule:
@@ -140,6 +146,8 @@ Schedule:
 - `--concurrency <n>`
 - `--cache-ttl <seconds>`
 - `--offline`
+- `--fail-on none|patch|minor|major|any`
+- `--max-updates <n>`
 - `--policy-file <path>`
 - `--format table|json|minimal|github`
 - `--json-file <path>`
@@ -154,6 +162,12 @@ Schedule:
 - `--pm auto|npm|pnpm`
 - `--sync`
+### Baseline-only
+- `--save`
+- `--check`
+- `--file <path>`
 ## Config support
 Configuration can be loaded from:

package/dist/bin/cli.js CHANGED Viewed

@@ -8,6 +8,7 @@ import { check } from "../core/check.js";
 import { upgrade } from "../core/upgrade.js";
 import { warmCache } from "../core/warm-cache.js";
 import { initCiWorkflow } from "../core/init-ci.js";
+import { diffBaseline, saveBaseline } from "../core/baseline.js";
 import { renderResult } from "../output/format.js";
 import { writeGitHubOutput } from "../output/github.js";
 import { createSarifReport } from "../output/sarif.js";
@@ -34,6 +35,31 @@ async function main() {
                 : `CI workflow already exists at ${workflow.path}. Use --force to overwrite.\n`);
             return;
         }
+        if (parsed.command === "baseline") {
+            if (parsed.options.action === "save") {
+                const saved = await saveBaseline(parsed.options);
+                process.stdout.write(`Saved baseline at ${saved.filePath} (${saved.entries} entries)\n`);
+                return;
+            }
+            const diff = await diffBaseline(parsed.options);
+            const changes = diff.added.length + diff.removed.length + diff.changed.length;
+            if (changes === 0) {
+                process.stdout.write(`No baseline drift detected (${diff.filePath}).\n`);
+                return;
+            }
+            process.stdout.write(`Baseline drift detected (${diff.filePath}).\n`);
+            if (diff.added.length > 0) {
+                process.stdout.write(`Added: ${diff.added.length}\n`);
+            }
+            if (diff.removed.length > 0) {
+                process.stdout.write(`Removed: ${diff.removed.length}\n`);
+            }
+            if (diff.changed.length > 0) {
+                process.stdout.write(`Changed: ${diff.changed.length}\n`);
+            }
+            process.exitCode = 1;
+            return;
+        }
         const result = parsed.command === "upgrade"
             ? await upgrade(parsed.options)
             : parsed.command === "warm-cache"
@@ -58,13 +84,7 @@ async function main() {
             await fs.mkdir(path.dirname(parsed.options.sarifFile), { recursive: true });
             await fs.writeFile(parsed.options.sarifFile, JSON.stringify(sarif, null, 2) + "\n", "utf8");
         }
-        if (parsed.options.ci && result.updates.length > 0) {
-            process.exitCode = 1;
-            return;
-        }
-        if (result.errors.length > 0) {
-            process.exitCode = 2;
-        }
+        process.exitCode = resolveExitCode(result, parsed.options.failOn, parsed.options.maxUpdates, parsed.options.ci);
     }
     catch (error) {
         process.stderr.write(`rainy-updates: ${String(error)}\n`);
@@ -117,8 +137,21 @@ Create a GitHub Actions workflow template at:
 Options:
   --force
-  --mode minimal|strict
+  --mode minimal|strict|enterprise
   --schedule weekly|daily|off`;
+    }
+    if (isCommand && command === "baseline") {
+        return `rainy-updates baseline [options]
+Save or compare dependency baseline snapshots.
+Options:
+  --save
+  --check
+  --file <path>
+  --workspace
+  --dep-kinds deps,dev,optional,peer
+  --ci`;
     }
     return `rainy-updates <command> [options]
@@ -127,6 +160,7 @@ Commands:
   upgrade     Apply updates to manifests
   warm-cache  Warm local cache for fast/offline checks
   init-ci     Scaffold GitHub Actions workflow
+  baseline    Save/check dependency baseline snapshots
 Global options:
   --cwd <path>
@@ -138,6 +172,8 @@ Global options:
   --sarif-file <path>
   --pr-report-file <path>
   --policy-file <path>
+  --fail-on none|patch|minor|major|any
+  --max-updates <n>
   --concurrency <n>
   --cache-ttl <seconds>
   --offline
@@ -152,3 +188,22 @@ async function readPackageVersion() {
     const parsed = JSON.parse(content);
     return parsed.version ?? "0.0.0";
 }
+function resolveExitCode(result, failOn, maxUpdates, ciMode) {
+    if (result.errors.length > 0)
+        return 2;
+    if (typeof maxUpdates === "number" && result.updates.length > maxUpdates)
+        return 1;
+    const effectiveFailOn = failOn && failOn !== "none" ? failOn : ciMode ? "any" : "none";
+    if (!shouldFailForUpdates(result.updates, effectiveFailOn))
+        return 0;
+    return 1;
+}
+function shouldFailForUpdates(updates, failOn) {
+    if (failOn === "none")
+        return false;
+    if (failOn === "any" || failOn === "patch")
+        return updates.length > 0;
+    if (failOn === "minor")
+        return updates.some((update) => update.diffType === "minor" || update.diffType === "major");
+    return updates.some((update) => update.diffType === "major");
+}

package/dist/cache/cache.d.ts CHANGED Viewed

@@ -5,5 +5,5 @@ export declare class VersionCache {
     static create(customPath?: string): Promise<VersionCache>;
     getValid(packageName: string, target: TargetLevel): Promise<CachedVersion | null>;
     getAny(packageName: string, target: TargetLevel): Promise<CachedVersion | null>;
-    set(packageName: string, target: TargetLevel, latestVersion: string, ttlSeconds: number): Promise<void>;
+    set(packageName: string, target: TargetLevel, latestVersion: string, availableVersions: string[], ttlSeconds: number): Promise<void>;
 }

package/dist/cache/cache.js CHANGED Viewed

@@ -9,7 +9,13 @@ class FileCacheStore {
     async get(packageName, target) {
         const entries = await this.readEntries();
         const key = this.getKey(packageName, target);
-        return entries[key] ?? null;
+        const entry = entries[key];
+        if (!entry)
+            return null;
+        return {
+            ...entry,
+            availableVersions: Array.isArray(entry.availableVersions) ? entry.availableVersions : [entry.latestVersion],
+        };
     }
     async set(entry) {
         const entries = await this.readEntries();
@@ -39,31 +45,63 @@ class SqliteCacheStore {
         package_name TEXT NOT NULL,
         target TEXT NOT NULL,
         latest_version TEXT NOT NULL,
+        available_versions TEXT NOT NULL,
         fetched_at INTEGER NOT NULL,
         ttl_seconds INTEGER NOT NULL,
         PRIMARY KEY (package_name, target)
       );
     `);
+        this.ensureSchema();
     }
     async get(packageName, target) {
-        const row = this.db
-            .prepare(`SELECT package_name, target, latest_version, fetched_at, ttl_seconds FROM versions WHERE package_name = ? AND target = ?`)
-            .get(packageName, target);
+        let row;
+        try {
+            row = this.db
+                .prepare(`SELECT package_name, target, latest_version, available_versions, fetched_at, ttl_seconds FROM versions WHERE package_name = ? AND target = ?`)
+                .get(packageName, target);
+        }
+        catch {
+            row = this.db
+                .prepare(`SELECT package_name, target, latest_version, fetched_at, ttl_seconds FROM versions WHERE package_name = ? AND target = ?`)
+                .get(packageName, target);
+        }
         if (!row)
             return null;
         return {
             packageName: row.package_name,
             target: row.target,
             latestVersion: row.latest_version,
+            availableVersions: parseJsonArray(row.available_versions ?? row.latest_version, row.latest_version),
             fetchedAt: row.fetched_at,
             ttlSeconds: row.ttl_seconds,
         };
     }
     async set(entry) {
-        this.db
-            .prepare(`INSERT OR REPLACE INTO versions (package_name, target, latest_version, fetched_at, ttl_seconds)
-         VALUES (?, ?, ?, ?, ?)`)
-            .run(entry.packageName, entry.target, entry.latestVersion, entry.fetchedAt, entry.ttlSeconds);
+        try {
+            this.db
+                .prepare(`INSERT OR REPLACE INTO versions (package_name, target, latest_version, available_versions, fetched_at, ttl_seconds)
+           VALUES (?, ?, ?, ?, ?, ?)`)
+                .run(entry.packageName, entry.target, entry.latestVersion, JSON.stringify(entry.availableVersions), entry.fetchedAt, entry.ttlSeconds);
+        }
+        catch {
+            this.db
+                .prepare(`INSERT OR REPLACE INTO versions (package_name, target, latest_version, fetched_at, ttl_seconds)
+           VALUES (?, ?, ?, ?, ?)`)
+                .run(entry.packageName, entry.target, entry.latestVersion, entry.fetchedAt, entry.ttlSeconds);
+        }
+    }
+    ensureSchema() {
+        try {
+            const columns = this.db.prepare("PRAGMA table_info(versions);").all();
+            const hasAvailableVersions = columns.some((column) => column.name === "available_versions");
+            if (!hasAvailableVersions) {
+                this.db.exec("ALTER TABLE versions ADD COLUMN available_versions TEXT;");
+            }
+            this.db.exec("UPDATE versions SET available_versions = latest_version WHERE available_versions IS NULL;");
+        }
+        catch {
+            // Best-effort migration.
+        }
     }
 }
 export class VersionCache {
@@ -92,11 +130,12 @@ export class VersionCache {
     async getAny(packageName, target) {
         return this.store.get(packageName, target);
     }
-    async set(packageName, target, latestVersion, ttlSeconds) {
+    async set(packageName, target, latestVersion, availableVersions, ttlSeconds) {
         await this.store.set({
             packageName,
             target,
             latestVersion,
+            availableVersions,
             fetchedAt: Date.now(),
             ttlSeconds,
         });
@@ -115,3 +154,17 @@ async function tryCreateSqliteStore(dbPath) {
     }
     return null;
 }
+function parseJsonArray(raw, fallback) {
+    if (typeof raw !== "string")
+        return [fallback];
+    try {
+        const parsed = JSON.parse(raw);
+        if (!Array.isArray(parsed))
+            return [fallback];
+        const values = parsed.filter((value) => typeof value === "string");
+        return values.length > 0 ? values : [fallback];
+    }
+    catch {
+        return [fallback];
+    }
+}

package/dist/config/loader.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { DependencyKind, OutputFormat, TargetLevel } from "../types/index.js";
+import type { DependencyKind, FailOnLevel, OutputFormat, TargetLevel } from "../types/index.js";
 export interface FileConfig {
     target?: TargetLevel;
     filter?: string;
@@ -15,6 +15,8 @@ export interface FileConfig {
     offline?: boolean;
     policyFile?: string;
     prReportFile?: string;
+    failOn?: FailOnLevel;
+    maxUpdates?: number;
     install?: boolean;
     packageManager?: "auto" | "npm" | "pnpm";
     sync?: boolean;

package/dist/core/baseline.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { BaselineOptions, DependencyKind } from "../types/index.js";
+interface BaselineEntry {
+    packagePath: string;
+    kind: DependencyKind;
+    name: string;
+    range: string;
+}
+export interface BaselineSaveResult {
+    filePath: string;
+    entries: number;
+}
+export interface BaselineDiffResult {
+    filePath: string;
+    added: BaselineEntry[];
+    removed: BaselineEntry[];
+    changed: Array<{
+        before: BaselineEntry;
+        after: BaselineEntry;
+    }>;
+}
+export declare function saveBaseline(options: BaselineOptions): Promise<BaselineSaveResult>;
+export declare function diffBaseline(options: BaselineOptions): Promise<BaselineDiffResult>;
+export {};

package/dist/core/baseline.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import { collectDependencies, readManifest } from "../parsers/package-json.js";
+import { discoverPackageDirs } from "../workspace/discover.js";
+export async function saveBaseline(options) {
+    const entries = await collectBaselineEntries(options.cwd, options.workspace, options.includeKinds);
+    const payload = {
+        version: 1,
+        createdAt: new Date().toISOString(),
+        entries,
+    };
+    await fs.mkdir(path.dirname(options.filePath), { recursive: true });
+    await fs.writeFile(options.filePath, JSON.stringify(payload, null, 2) + "\n", "utf8");
+    return {
+        filePath: options.filePath,
+        entries: entries.length,
+    };
+}
+export async function diffBaseline(options) {
+    const content = await fs.readFile(options.filePath, "utf8");
+    const baseline = JSON.parse(content);
+    const currentEntries = await collectBaselineEntries(options.cwd, options.workspace, options.includeKinds);
+    const baselineMap = new Map(baseline.entries.map((entry) => [toKey(entry), entry]));
+    const currentMap = new Map(currentEntries.map((entry) => [toKey(entry), entry]));
+    const added = [];
+    const removed = [];
+    const changed = [];
+    for (const [key, current] of currentMap) {
+        const base = baselineMap.get(key);
+        if (!base) {
+            added.push(current);
+            continue;
+        }
+        if (base.range !== current.range) {
+            changed.push({ before: base, after: current });
+        }
+    }
+    for (const [key, base] of baselineMap) {
+        if (!currentMap.has(key)) {
+            removed.push(base);
+        }
+    }
+    return {
+        filePath: options.filePath,
+        added: sortEntries(added),
+        removed: sortEntries(removed),
+        changed: changed.sort((a, b) => toKey(a.after).localeCompare(toKey(b.after))),
+    };
+}
+async function collectBaselineEntries(cwd, workspace, includeKinds) {
+    const packageDirs = await discoverPackageDirs(cwd, workspace);
+    const entries = [];
+    for (const packageDir of packageDirs) {
+        const manifest = await readManifest(packageDir);
+        const deps = collectDependencies(manifest, includeKinds);
+        for (const dep of deps) {
+            entries.push({
+                packagePath: path.relative(cwd, packageDir) || ".",
+                kind: dep.kind,
+                name: dep.name,
+                range: dep.range,
+            });
+        }
+    }
+    return sortEntries(entries);
+}
+function toKey(entry) {
+    return `${entry.packagePath}::${entry.kind}::${entry.name}`;
+}
+function sortEntries(entries) {
+    return [...entries].sort((a, b) => toKey(a).localeCompare(toKey(b)));
+}

package/dist/core/check.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import path from "node:path";
 import { collectDependencies, readManifest } from "../parsers/package-json.js";
 import { matchesPattern } from "../utils/pattern.js";
-import { applyRangeStyle, classifyDiff, clampTarget, pickTargetVersion } from "../utils/semver.js";
+import { applyRangeStyle, classifyDiff, clampTarget, pickTargetVersionFromAvailable } from "../utils/semver.js";
 import { VersionCache } from "../cache/cache.js";
 import { NpmRegistryClient } from "../registry/npm.js";
 import { detectPackageManager } from "../pm/detect.js";
@@ -53,7 +53,10 @@ export async function check(options) {
     for (const packageName of uniquePackageNames) {
         const cached = await cache.getValid(packageName, options.target);
         if (cached) {
-            resolvedVersions.set(packageName, cached.latestVersion);
+            resolvedVersions.set(packageName, {
+                latestVersion: cached.latestVersion,
+                availableVersions: cached.availableVersions,
+            });
         }
         else {
             unresolvedPackages.push(packageName);
@@ -64,7 +67,10 @@ export async function check(options) {
             for (const packageName of unresolvedPackages) {
                 const stale = await cache.getAny(packageName, options.target);
                 if (stale) {
-                    resolvedVersions.set(packageName, stale.latestVersion);
+                    resolvedVersions.set(packageName, {
+                        latestVersion: stale.latestVersion,
+                        availableVersions: stale.availableVersions,
+                    });
                     warnings.push(`Using stale cache for ${packageName} because --offline is enabled.`);
                 }
                 else {
@@ -73,19 +79,25 @@ export async function check(options) {
             }
         }
         else {
-            const fetched = await registryClient.resolveManyLatestVersions(unresolvedPackages, {
+            const fetched = await registryClient.resolveManyPackageMetadata(unresolvedPackages, {
                 concurrency: options.concurrency,
             });
-            for (const [packageName, version] of fetched.versions) {
-                resolvedVersions.set(packageName, version);
-                if (version) {
-                    await cache.set(packageName, options.target, version, options.cacheTtlSeconds);
+            for (const [packageName, metadata] of fetched.metadata) {
+                resolvedVersions.set(packageName, {
+                    latestVersion: metadata.latestVersion,
+                    availableVersions: metadata.versions,
+                });
+                if (metadata.latestVersion) {
+                    await cache.set(packageName, options.target, metadata.latestVersion, metadata.versions, options.cacheTtlSeconds);
                 }
             }
             for (const [packageName, error] of fetched.errors) {
                 const stale = await cache.getAny(packageName, options.target);
                 if (stale) {
-                    resolvedVersions.set(packageName, stale.latestVersion);
+                    resolvedVersions.set(packageName, {
+                        latestVersion: stale.latestVersion,
+                        availableVersions: stale.availableVersions,
+                    });
                     warnings.push(`Using stale cache for ${packageName} due to registry error: ${error}`);
                 }
                 else {
@@ -95,12 +107,12 @@ export async function check(options) {
         }
     }
     for (const task of tasks) {
-        const latestVersion = resolvedVersions.get(task.dependency.name);
-        if (!latestVersion)
+        const metadata = resolvedVersions.get(task.dependency.name);
+        if (!metadata?.latestVersion)
             continue;
         const rule = policy.packageRules.get(task.dependency.name);
         const effectiveTarget = clampTarget(options.target, rule?.maxTarget);
-        const picked = pickTargetVersion(task.dependency.range, latestVersion, effectiveTarget);
+        const picked = pickTargetVersionFromAvailable(task.dependency.range, metadata.availableVersions, metadata.latestVersion, effectiveTarget);
         if (!picked)
             continue;
         const nextRange = applyRangeStyle(task.dependency.range, picked);

package/dist/core/init-ci.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export type InitCiMode = "minimal" | "strict";
+export type InitCiMode = "minimal" | "strict" | "enterprise";
 export type InitCiSchedule = "weekly" | "daily" | "off";
 export interface InitCiOptions {
     mode: InitCiMode;

package/dist/core/init-ci.js CHANGED Viewed

@@ -15,7 +15,9 @@ export async function initCiWorkflow(cwd, force, options) {
     const scheduleBlock = renderScheduleBlock(options.schedule);
     const workflow = options.mode === "minimal"
         ? minimalWorkflowTemplate(scheduleBlock, packageManager)
-        : strictWorkflowTemplate(scheduleBlock, packageManager);
+        : options.mode === "strict"
+            ? strictWorkflowTemplate(scheduleBlock, packageManager)
+            : enterpriseWorkflowTemplate(scheduleBlock, packageManager);
     await mkdir(path.dirname(workflowPath), { recursive: true });
     await writeFile(workflowPath, workflow, "utf8");
     return { path: workflowPath, created: true };
@@ -49,3 +51,9 @@ function minimalWorkflowTemplate(scheduleBlock, packageManager) {
 function strictWorkflowTemplate(scheduleBlock, packageManager) {
     return `name: Rainy Updates\n\non:\n${scheduleBlock}\n\npermissions:\n  contents: read\n  security-events: write\n\njobs:\n  dependency-check:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n\n      - name: Setup Node\n        uses: actions/setup-node@v4\n        with:\n          node-version: '20'\n\n${installStep(packageManager)}\n\n      - name: Warm cache\n        run: npx @rainy-updates/cli warm-cache --workspace --concurrency 32\n\n      - name: Run strict dependency check\n        run: |\n          npx @rainy-updates/cli check \\\n            --workspace \\\n            --offline \\\n            --ci \\\n            --concurrency 32 \\\n            --format github \\\n            --json-file .artifacts/deps-report.json \\\n            --pr-report-file .artifacts/deps-report.md \\\n            --sarif-file .artifacts/deps-report.sarif \\\n            --github-output $GITHUB_OUTPUT\n\n      - name: Upload report artifacts\n        uses: actions/upload-artifact@v4\n        with:\n          name: rainy-updates-report\n          path: .artifacts/\n\n      - name: Upload SARIF\n        uses: github/codeql-action/upload-sarif@v3\n        with:\n          sarif_file: .artifacts/deps-report.sarif\n`;
 }
+function enterpriseWorkflowTemplate(scheduleBlock, packageManager) {
+    const detectedPmInstall = packageManager === "pnpm"
+        ? "corepack enable && corepack prepare pnpm@9 --activate && pnpm install --frozen-lockfile"
+        : "npm ci";
+    return `name: Rainy Updates Enterprise\n\non:\n${scheduleBlock}\n\npermissions:\n  contents: read\n  security-events: write\n  actions: read\n\nconcurrency:\n  group: rainy-updates-\${{ github.ref }}\n  cancel-in-progress: false\n\njobs:\n  dependency-check:\n    runs-on: ubuntu-latest\n    strategy:\n      fail-fast: false\n      matrix:\n        node: [20, 22]\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n\n      - name: Setup Node\n        uses: actions/setup-node@v4\n        with:\n          node-version: \${{ matrix.node }}\n\n      - name: Install dependencies\n        run: ${detectedPmInstall}\n\n      - name: Warm cache\n        run: npx @rainy-updates/cli warm-cache --workspace --concurrency 32\n\n      - name: Check updates with rollout controls\n        run: |\n          npx @rainy-updates/cli check \\\n            --workspace \\\n            --offline \\\n            --concurrency 32 \\\n            --format github \\\n            --fail-on minor \\\n            --max-updates 50 \\\n            --json-file .artifacts/deps-report-node-\${{ matrix.node }}.json \\\n            --pr-report-file .artifacts/deps-report-node-\${{ matrix.node }}.md \\\n            --sarif-file .artifacts/deps-report-node-\${{ matrix.node }}.sarif \\\n            --github-output $GITHUB_OUTPUT\n\n      - name: Upload report artifacts\n        uses: actions/upload-artifact@v4\n        with:\n          name: rainy-updates-report-node-\${{ matrix.node }}\n          path: .artifacts/\n          retention-days: 14\n\n      - name: Upload SARIF\n        uses: github/codeql-action/upload-sarif@v3\n        with:\n          sarif_file: .artifacts/deps-report-node-\${{ matrix.node }}.sarif\n`;
+}

package/dist/core/options.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { CheckOptions, UpgradeOptions } from "../types/index.js";
+import type { BaselineOptions, CheckOptions, UpgradeOptions } from "../types/index.js";
 import type { InitCiMode, InitCiSchedule } from "./init-ci.js";
 export type ParsedCliArgs = {
     command: "check";
@@ -17,5 +17,10 @@ export type ParsedCliArgs = {
         mode: InitCiMode;
         schedule: InitCiSchedule;
     };
+} | {
+    command: "baseline";
+    options: BaselineOptions & {
+        action: "save" | "check";
+    };
 };
 export declare function parseCliArgs(argv: string[]): Promise<ParsedCliArgs>;

package/dist/core/options.js CHANGED Viewed

@@ -7,7 +7,7 @@ const DEFAULT_INCLUDE_KINDS = [
     "optionalDependencies",
     "peerDependencies",
 ];
-const KNOWN_COMMANDS = ["check", "upgrade", "warm-cache", "init-ci"];
+const KNOWN_COMMANDS = ["check", "upgrade", "warm-cache", "init-ci", "baseline"];
 export async function parseCliArgs(argv) {
     const firstArg = argv[0];
     const isKnownCommand = KNOWN_COMMANDS.includes(firstArg);
@@ -34,10 +34,14 @@ export async function parseCliArgs(argv) {
         offline: false,
         policyFile: undefined,
         prReportFile: undefined,
+        failOn: "none",
+        maxUpdates: undefined,
     };
     let force = false;
-    let initCiMode = "strict";
+    let initCiMode = "enterprise";
     let initCiSchedule = "weekly";
+    let baselineAction = "check";
+    let baselineFilePath = path.resolve(base.cwd, ".rainy-updates-baseline.json");
     let resolvedConfig = await loadConfig(base.cwd);
     applyConfig(base, resolvedConfig);
     for (let index = 0; index < args.length; index += 1) {
@@ -48,23 +52,36 @@ export async function parseCliArgs(argv) {
             index += 1;
             continue;
         }
+        if (current === "--target") {
+            throw new Error("Missing value for --target");
+        }
         if (current === "--filter" && next) {
             base.filter = next;
             index += 1;
             continue;
         }
+        if (current === "--filter") {
+            throw new Error("Missing value for --filter");
+        }
         if (current === "--reject" && next) {
             base.reject = next;
             index += 1;
             continue;
         }
+        if (current === "--reject") {
+            throw new Error("Missing value for --reject");
+        }
         if (current === "--cwd" && next) {
             base.cwd = path.resolve(next);
             resolvedConfig = await loadConfig(base.cwd);
             applyConfig(base, resolvedConfig);
+            baselineFilePath = path.resolve(base.cwd, ".rainy-updates-baseline.json");
             index += 1;
             continue;
         }
+        if (current === "--cwd") {
+            throw new Error("Missing value for --cwd");
+        }
         if (current === "--cache-ttl" && next) {
             const parsed = Number(next);
             if (!Number.isFinite(parsed) || parsed < 0) {
@@ -74,11 +91,17 @@ export async function parseCliArgs(argv) {
             index += 1;
             continue;
         }
+        if (current === "--cache-ttl") {
+            throw new Error("Missing value for --cache-ttl");
+        }
         if (current === "--format" && next) {
             base.format = ensureFormat(next);
             index += 1;
             continue;
         }
+        if (current === "--format") {
+            throw new Error("Missing value for --format");
+        }
         if (current === "--ci") {
             base.ci = true;
             continue;
@@ -92,16 +115,25 @@ export async function parseCliArgs(argv) {
             index += 1;
             continue;
         }
+        if (current === "--json-file") {
+            throw new Error("Missing value for --json-file");
+        }
         if (current === "--github-output" && next) {
             base.githubOutputFile = path.resolve(next);
             index += 1;
             continue;
         }
+        if (current === "--github-output") {
+            throw new Error("Missing value for --github-output");
+        }
         if (current === "--sarif-file" && next) {
             base.sarifFile = path.resolve(next);
             index += 1;
             continue;
         }
+        if (current === "--sarif-file") {
+            throw new Error("Missing value for --sarif-file");
+        }
         if (current === "--concurrency" && next) {
             const parsed = Number(next);
             if (!Number.isInteger(parsed) || parsed <= 0) {
@@ -111,6 +143,9 @@ export async function parseCliArgs(argv) {
             index += 1;
             continue;
         }
+        if (current === "--concurrency") {
+            throw new Error("Missing value for --concurrency");
+        }
         if (current === "--offline") {
             base.offline = true;
             continue;
@@ -120,30 +155,99 @@ export async function parseCliArgs(argv) {
             index += 1;
             continue;
         }
+        if (current === "--policy-file") {
+            throw new Error("Missing value for --policy-file");
+        }
         if (current === "--pr-report-file" && next) {
             base.prReportFile = path.resolve(next);
             index += 1;
             continue;
         }
+        if (current === "--pr-report-file") {
+            throw new Error("Missing value for --pr-report-file");
+        }
         if (current === "--force") {
             force = true;
             continue;
         }
+        if (current === "--install" && command === "upgrade") {
+            continue;
+        }
+        if (current === "--sync" && command === "upgrade") {
+            continue;
+        }
+        if (current === "--pm" && next && command === "upgrade") {
+            parsePackageManager(args);
+            index += 1;
+            continue;
+        }
+        if (current === "--pm" && command === "upgrade") {
+            throw new Error("Missing value for --pm");
+        }
         if (current === "--mode" && next) {
             initCiMode = ensureInitCiMode(next);
             index += 1;
             continue;
         }
+        if (current === "--mode") {
+            throw new Error("Missing value for --mode");
+        }
         if (current === "--schedule" && next) {
             initCiSchedule = ensureInitCiSchedule(next);
             index += 1;
             continue;
         }
+        if (current === "--schedule") {
+            throw new Error("Missing value for --schedule");
+        }
         if (current === "--dep-kinds" && next) {
             base.includeKinds = parseDependencyKinds(next);
             index += 1;
             continue;
         }
+        if (current === "--dep-kinds") {
+            throw new Error("Missing value for --dep-kinds");
+        }
+        if (current === "--fail-on" && next) {
+            base.failOn = ensureFailOn(next);
+            index += 1;
+            continue;
+        }
+        if (current === "--fail-on") {
+            throw new Error("Missing value for --fail-on");
+        }
+        if (current === "--max-updates" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed < 0) {
+                throw new Error("--max-updates must be a non-negative integer");
+            }
+            base.maxUpdates = parsed;
+            index += 1;
+            continue;
+        }
+        if (current === "--max-updates") {
+            throw new Error("Missing value for --max-updates");
+        }
+        if (current === "--save") {
+            baselineAction = "save";
+            continue;
+        }
+        if (current === "--check") {
+            baselineAction = "check";
+            continue;
+        }
+        if (current === "--file" && next) {
+            baselineFilePath = path.resolve(base.cwd, next);
+            index += 1;
+            continue;
+        }
+        if (current === "--file") {
+            throw new Error("Missing value for --file");
+        }
+        if (current.startsWith("-")) {
+            throw new Error(`Unknown option: ${current}`);
+        }
+        throw new Error(`Unexpected argument: ${current}`);
     }
     if (command === "upgrade") {
         const configPm = resolvedConfig.packageManager;
@@ -170,6 +274,19 @@ export async function parseCliArgs(argv) {
             },
         };
     }
+    if (command === "baseline") {
+        return {
+            command,
+            options: {
+                action: baselineAction,
+                cwd: base.cwd,
+                workspace: base.workspace,
+                includeKinds: base.includeKinds,
+                filePath: baselineFilePath,
+                ci: base.ci,
+            },
+        };
+    }
     return {
         command: "check",
         options: base,
@@ -212,6 +329,12 @@ function applyConfig(base, config) {
     if (typeof config.prReportFile === "string") {
         base.prReportFile = path.resolve(base.cwd, config.prReportFile);
     }
+    if (typeof config.failOn === "string") {
+        base.failOn = ensureFailOn(config.failOn);
+    }
+    if (typeof config.maxUpdates === "number" && Number.isInteger(config.maxUpdates) && config.maxUpdates >= 0) {
+        base.maxUpdates = config.maxUpdates;
+    }
 }
 function parsePackageManager(args) {
     const index = args.indexOf("--pm");
@@ -257,10 +380,10 @@ function parseDependencyKinds(value) {
     return Array.from(new Set(mapped));
 }
 function ensureInitCiMode(value) {
-    if (value === "minimal" || value === "strict") {
+    if (value === "minimal" || value === "strict" || value === "enterprise") {
         return value;
     }
-    throw new Error("--mode must be minimal or strict");
+    throw new Error("--mode must be minimal, strict or enterprise");
 }
 function ensureInitCiSchedule(value) {
     if (value === "weekly" || value === "daily" || value === "off") {
@@ -268,3 +391,9 @@ function ensureInitCiSchedule(value) {
     }
     throw new Error("--schedule must be weekly, daily or off");
 }
+function ensureFailOn(value) {
+    if (value === "none" || value === "patch" || value === "minor" || value === "major" || value === "any") {
+        return value;
+    }
+    throw new Error("--fail-on must be none, patch, minor, major or any");
+}

package/dist/core/warm-cache.js CHANGED Viewed

@@ -52,12 +52,12 @@ export async function warmCache(options) {
             }
         }
         else {
-            const fetched = await registryClient.resolveManyLatestVersions(needsFetch, {
+            const fetched = await registryClient.resolveManyPackageMetadata(needsFetch, {
                 concurrency: options.concurrency,
             });
-            for (const [pkg, version] of fetched.versions) {
-                if (version) {
-                    await cache.set(pkg, options.target, version, options.cacheTtlSeconds);
+            for (const [pkg, metadata] of fetched.metadata) {
+                if (metadata.latestVersion) {
+                    await cache.set(pkg, options.target, metadata.latestVersion, metadata.versions, options.cacheTtlSeconds);
                     warmed += 1;
                 }
             }

package/dist/index.d.ts CHANGED Viewed

@@ -2,7 +2,8 @@ export { check } from "./core/check.js";
 export { upgrade } from "./core/upgrade.js";
 export { warmCache } from "./core/warm-cache.js";
 export { initCiWorkflow } from "./core/init-ci.js";
+export { saveBaseline, diffBaseline } from "./core/baseline.js";
 export { createSarifReport } from "./output/sarif.js";
 export { writeGitHubOutput, renderGitHubAnnotations } from "./output/github.js";
 export { renderPrReport } from "./output/pr-report.js";
-export type { CheckOptions, CheckResult, DependencyKind, OutputFormat, PackageUpdate, RunOptions, TargetLevel, UpgradeOptions, UpgradeResult, } from "./types/index.js";
+export type { CheckOptions, CheckResult, DependencyKind, FailOnLevel, OutputFormat, PackageUpdate, RunOptions, TargetLevel, UpgradeOptions, UpgradeResult, } from "./types/index.js";

package/dist/index.js CHANGED Viewed

@@ -2,6 +2,7 @@ export { check } from "./core/check.js";
 export { upgrade } from "./core/upgrade.js";
 export { warmCache } from "./core/warm-cache.js";
 export { initCiWorkflow } from "./core/init-ci.js";
+export { saveBaseline, diffBaseline } from "./core/baseline.js";
 export { createSarifReport } from "./output/sarif.js";
 export { writeGitHubOutput, renderGitHubAnnotations } from "./output/github.js";
 export { renderPrReport } from "./output/pr-report.js";

package/dist/output/sarif.js CHANGED Viewed

@@ -1,3 +1,6 @@
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
 export function createSarifReport(result) {
     const dependencyRuleId = "rainy-updates/dependency-update";
     const runtimeRuleId = "rainy-updates/runtime-error";
@@ -38,7 +41,7 @@ export function createSarifReport(result) {
                 tool: {
                     driver: {
                         name: "@rainy-updates/cli",
-                        version: "0.1.0",
+                        version: getToolVersion(),
                         rules: [
                             {
                                 id: dependencyRuleId,
@@ -58,3 +61,20 @@ export function createSarifReport(result) {
         ],
     };
 }
+let TOOL_VERSION_CACHE = null;
+function getToolVersion() {
+    if (TOOL_VERSION_CACHE)
+        return TOOL_VERSION_CACHE;
+    try {
+        const currentFile = fileURLToPath(import.meta.url);
+        const packageJsonPath = path.resolve(path.dirname(currentFile), "../../package.json");
+        const content = readFileSync(packageJsonPath, "utf8");
+        const parsed = JSON.parse(content);
+        TOOL_VERSION_CACHE = parsed.version ?? "0.0.0";
+        return TOOL_VERSION_CACHE;
+    }
+    catch {
+        TOOL_VERSION_CACHE = "0.0.0";
+        return TOOL_VERSION_CACHE;
+    }
+}

package/dist/registry/npm.d.ts CHANGED Viewed

@@ -3,12 +3,23 @@ export interface ResolveManyOptions {
     timeoutMs?: number;
 }
 export interface ResolveManyResult {
-    versions: Map<string, string | null>;
+    metadata: Map<string, {
+        latestVersion: string | null;
+        versions: string[];
+    }>;
     errors: Map<string, string>;
 }
 export declare class NpmRegistryClient {
     private readonly requesterPromise;
     constructor();
+    resolvePackageMetadata(packageName: string, timeoutMs?: number): Promise<{
+        latestVersion: string | null;
+        versions: string[];
+    }>;
     resolveLatestVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
-    resolveManyLatestVersions(packageNames: string[], options: ResolveManyOptions): Promise<ResolveManyResult>;
+    resolveManyPackageMetadata(packageNames: string[], options: ResolveManyOptions): Promise<ResolveManyResult>;
+    resolveManyLatestVersions(packageNames: string[], options: ResolveManyOptions): Promise<{
+        versions: Map<string, string | null>;
+        errors: Map<string, string>;
+    }>;
 }

package/dist/registry/npm.js CHANGED Viewed

@@ -6,21 +6,23 @@ export class NpmRegistryClient {
     constructor() {
         this.requesterPromise = createRequester();
     }
-    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+    async resolvePackageMetadata(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
         const requester = await this.requesterPromise;
         let lastError = null;
         for (let attempt = 1; attempt <= 3; attempt += 1) {
             try {
                 const response = await requester(packageName, timeoutMs);
-                if (response.status === 404)
-                    return null;
+                if (response.status === 404) {
+                    return { latestVersion: null, versions: [] };
+                }
                 if (response.status === 429 || response.status >= 500) {
                     throw new Error(`Registry temporary error: ${response.status}`);
                 }
                 if (response.status < 200 || response.status >= 300) {
                     throw new Error(`Registry request failed: ${response.status}`);
                 }
-                return response.data?.["dist-tags"]?.latest ?? null;
+                const versions = Object.keys(response.data?.versions ?? {});
+                return { latestVersion: response.data?.["dist-tags"]?.latest ?? null, versions };
             }
             catch (error) {
                 lastError = String(error);
@@ -31,18 +33,22 @@ export class NpmRegistryClient {
         }
         throw new Error(`Unable to resolve ${packageName}: ${lastError ?? "unknown error"}`);
     }
-    async resolveManyLatestVersions(packageNames, options) {
+    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+        const metadata = await this.resolvePackageMetadata(packageName, timeoutMs);
+        return metadata.latestVersion;
+    }
+    async resolveManyPackageMetadata(packageNames, options) {
         const unique = Array.from(new Set(packageNames));
-        const versions = new Map();
+        const metadata = new Map();
         const errors = new Map();
         const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
         const results = await asyncPool(options.concurrency, unique.map((pkg) => async () => {
             try {
-                const latest = await this.resolveLatestVersion(pkg, timeoutMs);
-                return { pkg, latest, error: null };
+                const packageMetadata = await this.resolvePackageMetadata(pkg, timeoutMs);
+                return { pkg, packageMetadata, error: null };
             }
             catch (error) {
-                return { pkg, latest: null, error: String(error) };
+                return { pkg, packageMetadata: null, error: String(error) };
             }
         }));
         for (const result of results) {
@@ -52,11 +58,22 @@ export class NpmRegistryClient {
             if (result.error) {
                 errors.set(result.pkg, result.error);
             }
-            else {
-                versions.set(result.pkg, result.latest);
+            else if (result.packageMetadata) {
+                metadata.set(result.pkg, result.packageMetadata);
             }
         }
-        return { versions, errors };
+        return { metadata, errors };
+    }
+    async resolveManyLatestVersions(packageNames, options) {
+        const metadataResult = await this.resolveManyPackageMetadata(packageNames, options);
+        const versions = new Map();
+        for (const [name, value] of metadataResult.metadata) {
+            versions.set(name, value.latestVersion);
+        }
+        return {
+            versions,
+            errors: metadataResult.errors,
+        };
     }
 }
 function sleep(ms) {

package/dist/types/index.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 export type DependencyKind = "dependencies" | "devDependencies" | "optionalDependencies" | "peerDependencies";
 export type TargetLevel = "patch" | "minor" | "major" | "latest";
 export type OutputFormat = "table" | "json" | "minimal" | "github";
+export type FailOnLevel = "none" | "patch" | "minor" | "major" | "any";
 export interface RunOptions {
     cwd: string;
     target: TargetLevel;
@@ -18,6 +19,8 @@ export interface RunOptions {
     offline: boolean;
     policyFile?: string;
     prReportFile?: string;
+    failOn?: FailOnLevel;
+    maxUpdates?: number;
 }
 export interface CheckOptions extends RunOptions {
 }
@@ -26,6 +29,13 @@ export interface UpgradeOptions extends RunOptions {
     packageManager: "auto" | "npm" | "pnpm";
     sync: boolean;
 }
+export interface BaselineOptions {
+    cwd: string;
+    workspace: boolean;
+    includeKinds: DependencyKind[];
+    filePath: string;
+    ci: boolean;
+}
 export interface PackageDependency {
     name: string;
     range: string;
@@ -78,6 +88,7 @@ export interface CachedVersion {
     packageName: string;
     target: TargetLevel;
     latestVersion: string;
+    availableVersions: string[];
     fetchedAt: number;
     ttlSeconds: number;
 }

package/dist/utils/semver.d.ts CHANGED Viewed

@@ -9,5 +9,6 @@ export declare function parseVersion(raw: string): ParsedVersion | null;
 export declare function compareVersions(a: ParsedVersion, b: ParsedVersion): number;
 export declare function classifyDiff(currentRange: string, nextVersion: string): TargetLevel;
 export declare function pickTargetVersion(currentRange: string, latestVersion: string, target: TargetLevel): string | null;
+export declare function pickTargetVersionFromAvailable(currentRange: string, availableVersions: string[], latestVersion: string, target: TargetLevel): string | null;
 export declare function applyRangeStyle(previousRange: string, version: string): string;
 export declare function clampTarget(requested: TargetLevel, maxAllowed?: TargetLevel): TargetLevel;

package/dist/utils/semver.js CHANGED Viewed

@@ -64,6 +64,30 @@ export function pickTargetVersion(currentRange, latestVersion, target) {
     }
     return latestVersion;
 }
+export function pickTargetVersionFromAvailable(currentRange, availableVersions, latestVersion, target) {
+    const current = parseVersion(currentRange);
+    if (!current || target === "latest")
+        return latestVersion;
+    const parsed = availableVersions
+        .map((version) => ({ raw: version, parsed: parseVersion(version) }))
+        .filter((item) => item.parsed !== null)
+        .filter((item) => compareVersions(item.parsed, current) > 0)
+        .sort((a, b) => compareVersions(a.parsed, b.parsed));
+    if (parsed.length === 0)
+        return null;
+    if (target === "major") {
+        return parsed[parsed.length - 1]?.raw ?? null;
+    }
+    if (target === "minor") {
+        const sameMajor = parsed.filter((item) => item.parsed.major === current.major);
+        return sameMajor.length > 0 ? sameMajor[sameMajor.length - 1].raw : null;
+    }
+    if (target === "patch") {
+        const sameLine = parsed.filter((item) => item.parsed.major === current.major && item.parsed.minor === current.minor);
+        return sameLine.length > 0 ? sameLine[sameLine.length - 1].raw : null;
+    }
+    return latestVersion;
+}
 export function applyRangeStyle(previousRange, version) {
     const prefix = normalizeRangePrefix(previousRange);
     return `${prefix}${version}`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rainy-updates/cli",
-  "version": "0.4.4",
+  "version": "0.5.0-rc.1",
   "description": "Agentic CLI to check and upgrade npm/pnpm dependencies for CI workflows",
   "type": "module",
   "private": false,