@rainy-updates/cli 0.5.0-rc.1 → 0.5.0

package/CHANGELOG.md

@@ -2,6 +2,74 @@
 
 All notable changes to this project are documented in this file.
 
+## [0.5.0] - 2026-02-27
+
+### Changed
+
+- Promoted `0.5.0-rc.4` to General Availability.
+- Stabilized deterministic CI artifact behavior for JSON, SARIF, and GitHub outputs.
+- Finalized fix-PR summary metadata contract defaults for automation pipelines.
+
+### Added
+
+- GA release gate includes `perf:smoke` CI check for regression protection.
+
+## [0.5.0-rc.4] - 2026-02-27
+
+### Changed
+
+- Hardened deterministic CI artifacts:
+  - stable key ordering for JSON and SARIF files,
+  - deterministic sorting for updates, warnings, and errors in output pipelines.
+- Improved fail-reason classification consistency for registry/runtime failures across commands.
+- Fix-PR metadata in summary now has stable defaults (`fixPrApplied`, `fixBranchName`, `fixCommitSha`) to reduce contract drift.
+- Fix-PR staging now includes only updated manifests plus explicit report files, with deterministic file ordering.
+- Added warning when Bun runtime falls back from SQLite cache backend to file cache backend.
+
+### Added
+
+- Added `perf:smoke` script and CI gate to enforce a basic performance regression threshold.
+- Added deterministic output and summary regression tests.
+
+## [0.5.0-rc.2] - 2026-02-27
+
+### Added
+
+- New fix-PR automation flags for CI branch workflows:
+  - `--fix-pr`
+  - `--fix-branch <name>`
+  - `--fix-commit-message <text>`
+  - `--fix-dry-run`
+  - `--no-pr-report`
+- New summary metadata for fix-PR execution:
+  - `fixPrApplied`
+  - `fixBranchName`
+  - `fixCommitSha`
+- New GitHub output values for fix-PR state:
+  - `fix_pr_applied`
+  - `fix_pr_branch`
+  - `fix_pr_commit`
+- Added command-specific help output for `check --help`.
+
+### Changed
+
+- `check --fix-pr` now executes update application flow to support branch+commit automation without requiring `upgrade`.
+- Default PR report path is auto-assigned when `--fix-pr` is enabled: `.artifacts/deps-report.md`.
+- CLI path-like options are resolved against the final effective `--cwd` value (stable behavior when option order varies).
+- Workspace discovery now supports recursive patterns (`**`) and negated patterns (`!pattern`) with safer directory traversal defaults.
+- Registry resolution now loads `.npmrc` scope mappings (`@scope:registry=...`) from user and project config.
+
+### Fixed
+
+- Prevented stale output contracts by writing fix-PR metadata into JSON/GitHub/SARIF artifact flow after git automation is resolved.
+
+### Tests
+
+- Added parser tests for fix-PR flags and final-cwd path resolution.
+- Added workspace discovery coverage for recursive and negated patterns.
+- Added fix-PR dry-run workflow test in temporary git repos.
+- Extended GitHub output tests for new fix-PR keys.
+
 ## [0.5.0-rc.1] - 2026-02-27
 
 ### Added

package/README.md

@@ -39,6 +39,9 @@ npx @rainy-updates/cli check --workspace --ci --format json --json-file .artifac
 # 3) Apply upgrades with workspace sync
 npx @rainy-updates/cli upgrade --target latest --workspace --sync --install
 
+# 3b) Generate a fix branch + commit for CI automation
+npx @rainy-updates/cli check --workspace --fix-pr --fix-branch chore/rainy-updates
+
 # 4) Warm cache for deterministic offline checks
 npx @rainy-updates/cli warm-cache --workspace --concurrency 32
 npx @rainy-updates/cli check --workspace --offline --ci
@@ -154,6 +157,11 @@ Schedule:
 - `--github-output <path>`
 - `--sarif-file <path>`
 - `--pr-report-file <path>`
+- `--fix-pr`
+- `--fix-branch <name>`
+- `--fix-commit-message <text>`
+- `--fix-dry-run`
+- `--no-pr-report`
 - `--ci`
 
 ### Upgrade-only
@@ -189,6 +197,7 @@ rainy-updates --version
 - Node.js 20+ runtime.
 - Works with npm and pnpm workflows.
 - Uses optional `undici` pool path for high-throughput HTTP.
+- Reads `.npmrc` default and scoped registries for private package environments.
 - Cache-first architecture for speed and resilience.
 
 ## CI/CD included
@@ -196,6 +205,7 @@ rainy-updates --version
 This package ships with production CI/CD pipelines in the repository:
 
 - Continuous integration pipeline for typecheck, tests, build, and production smoke checks.
+- Performance smoke gate (`perf:smoke`) to catch startup/runtime regressions in CI.
 - Tag-driven release pipeline for npm publishing with provenance.
 - Release preflight validation for npm auth/scope checks before publishing.
 

package/dist/bin/cli.js

@@ -9,10 +9,14 @@ import { upgrade } from "../core/upgrade.js";
 import { warmCache } from "../core/warm-cache.js";
 import { initCiWorkflow } from "../core/init-ci.js";
 import { diffBaseline, saveBaseline } from "../core/baseline.js";
+import { applyFixPr } from "../core/fix-pr.js";
 import { renderResult } from "../output/format.js";
 import { writeGitHubOutput } from "../output/github.js";
 import { createSarifReport } from "../output/sarif.js";
 import { renderPrReport } from "../output/pr-report.js";
+import { writeFileAtomic } from "../utils/io.js";
+import { resolveFailReason } from "../core/summary.js";
+import { stableStringify } from "../utils/stable-json.js";
 async function main() {
     try {
         const argv = process.argv.slice(2);
@@ -60,31 +64,39 @@ async function main() {
             process.exitCode = 1;
             return;
         }
-        const result = parsed.command === "upgrade"
-            ? await upgrade(parsed.options)
-            : parsed.command === "warm-cache"
-                ? await warmCache(parsed.options)
-                : await check(parsed.options);
-        const rendered = renderResult(result, parsed.options.format);
-        process.stdout.write(rendered + "\n");
-        if (parsed.options.jsonFile) {
-            await fs.mkdir(path.dirname(parsed.options.jsonFile), { recursive: true });
-            await fs.writeFile(parsed.options.jsonFile, JSON.stringify(result, null, 2) + "\n", "utf8");
-        }
+        const result = await runCommand(parsed);
         if (parsed.options.prReportFile) {
             const markdown = renderPrReport(result);
-            await fs.mkdir(path.dirname(parsed.options.prReportFile), { recursive: true });
-            await fs.writeFile(parsed.options.prReportFile, markdown + "\n", "utf8");
+            await writeFileAtomic(parsed.options.prReportFile, markdown + "\n");
+        }
+        if (parsed.options.fixPr && (parsed.command === "check" || parsed.command === "upgrade")) {
+            result.summary.fixPrApplied = false;
+            result.summary.fixBranchName = parsed.options.fixBranch ?? "chore/rainy-updates";
+            result.summary.fixCommitSha = "";
+            const fixResult = await applyFixPr(parsed.options, result, parsed.options.prReportFile ? [parsed.options.prReportFile] : []);
+            result.summary.fixPrApplied = fixResult.applied;
+            result.summary.fixBranchName = fixResult.branchName ?? "";
+            result.summary.fixCommitSha = fixResult.commitSha ?? "";
+        }
+        result.summary.failReason = resolveFailReason(result.updates, result.errors, parsed.options.failOn, parsed.options.maxUpdates, parsed.options.ci);
+        const renderStartedAt = Date.now();
+        let rendered = renderResult(result, parsed.options.format);
+        result.summary.durationMs.render = Math.max(0, Date.now() - renderStartedAt);
+        if (parsed.options.format === "json" || parsed.options.format === "metrics") {
+            rendered = renderResult(result, parsed.options.format);
+        }
+        if (parsed.options.jsonFile) {
+            await writeFileAtomic(parsed.options.jsonFile, stableStringify(result, 2) + "\n");
         }
         if (parsed.options.githubOutputFile) {
             await writeGitHubOutput(parsed.options.githubOutputFile, result);
         }
         if (parsed.options.sarifFile) {
             const sarif = createSarifReport(result);
-            await fs.mkdir(path.dirname(parsed.options.sarifFile), { recursive: true });
-            await fs.writeFile(parsed.options.sarifFile, JSON.stringify(sarif, null, 2) + "\n", "utf8");
+            await writeFileAtomic(parsed.options.sarifFile, stableStringify(sarif, 2) + "\n");
         }
-        process.exitCode = resolveExitCode(result, parsed.options.failOn, parsed.options.maxUpdates, parsed.options.ci);
+        process.stdout.write(rendered + "\n");
+        process.exitCode = resolveExitCode(result, result.summary.failReason);
     }
     catch (error) {
         process.stderr.write(`rainy-updates: ${String(error)}\n`);
@@ -94,6 +106,36 @@ async function main() {
 void main();
 function renderHelp(command) {
     const isCommand = command && !command.startsWith("-");
+    if (isCommand && command === "check") {
+        return `rainy-updates check [options]
+
+Detect available dependency updates.
+
+Options:
+  --workspace
+  --target patch|minor|major|latest
+  --filter <pattern>
+  --reject <pattern>
+  --dep-kinds deps,dev,optional,peer
+  --concurrency <n>
+  --cache-ttl <seconds>
+  --policy-file <path>
+  --offline
+  --fix-pr
+  --fix-branch <name>
+  --fix-commit-message <text>
+  --fix-dry-run
+  --fix-pr-no-checkout
+  --no-pr-report
+  --json-file <path>
+  --github-output <path>
+  --sarif-file <path>
+  --pr-report-file <path>
+  --fail-on none|patch|minor|major|any
+  --max-updates <n>
+  --log-level error|warn|info|debug
+  --ci`;
+    }
     if (isCommand && command === "warm-cache") {
         return `rainy-updates warm-cache [options]
 
@@ -126,6 +168,12 @@ Options:
   --target patch|minor|major|latest
   --policy-file <path>
   --concurrency <n>
+  --fix-pr
+  --fix-branch <name>
+  --fix-commit-message <text>
+  --fix-dry-run
+  --fix-pr-no-checkout
+  --no-pr-report
   --json-file <path>
   --pr-report-file <path>`;
     }
@@ -166,7 +214,7 @@ Global options:
   --cwd <path>
   --workspace
   --target patch|minor|major|latest
-  --format table|json|minimal|github
+  --format table|json|minimal|github|metrics
   --json-file <path>
   --github-output <path>
   --sarif-file <path>
@@ -174,6 +222,13 @@ Global options:
   --policy-file <path>
   --fail-on none|patch|minor|major|any
   --max-updates <n>
+  --fix-pr
+  --fix-branch <name>
+  --fix-commit-message <text>
+  --fix-dry-run
+  --fix-pr-no-checkout
+  --no-pr-report
+  --log-level error|warn|info|debug
   --concurrency <n>
   --cache-ttl <seconds>
   --offline
@@ -181,6 +236,24 @@ Global options:
   --help, -h
   --version, -v`;
 }
+async function runCommand(parsed) {
+    if (parsed.command === "upgrade") {
+        return await upgrade(parsed.options);
+    }
+    if (parsed.command === "warm-cache") {
+        return await warmCache(parsed.options);
+    }
+    if (parsed.options.fixPr) {
+        const upgradeOptions = {
+            ...parsed.options,
+            install: false,
+            packageManager: "auto",
+            sync: false,
+        };
+        return await upgrade(upgradeOptions);
+    }
+    return await check(parsed.options);
+}
 async function readPackageVersion() {
     const currentFile = fileURLToPath(import.meta.url);
     const packageJsonPath = path.resolve(path.dirname(currentFile), "../../package.json");
@@ -188,22 +261,10 @@ async function readPackageVersion() {
     const parsed = JSON.parse(content);
     return parsed.version ?? "0.0.0";
 }
-function resolveExitCode(result, failOn, maxUpdates, ciMode) {
+function resolveExitCode(result, failReason) {
     if (result.errors.length > 0)
         return 2;
-    if (typeof maxUpdates === "number" && result.updates.length > maxUpdates)
+    if (failReason !== "none")
         return 1;
-    const effectiveFailOn = failOn && failOn !== "none" ? failOn : ciMode ? "any" : "none";
-    if (!shouldFailForUpdates(result.updates, effectiveFailOn))
-        return 0;
-    return 1;
-}
-function shouldFailForUpdates(updates, failOn) {
-    if (failOn === "none")
-        return false;
-    if (failOn === "any" || failOn === "patch")
-        return updates.length > 0;
-    if (failOn === "minor")
-        return updates.some((update) => update.diffType === "minor" || update.diffType === "major");
-    return updates.some((update) => update.diffType === "major");
+    return 0;
 }

package/dist/cache/cache.d.ts

@@ -1,6 +1,8 @@
 import type { CachedVersion, TargetLevel } from "../types/index.js";
 export declare class VersionCache {
     private readonly store;
+    readonly backend: "sqlite" | "file";
+    readonly degraded: boolean;
     private constructor();
     static create(customPath?: string): Promise<VersionCache>;
     getValid(packageName: string, target: TargetLevel): Promise<CachedVersion | null>;

package/dist/cache/cache.js

@@ -106,17 +106,22 @@ class SqliteCacheStore {
 }
 export class VersionCache {
     store;
-    constructor(store) {
+    backend;
+    degraded;
+    constructor(store, backend, degraded) {
         this.store = store;
+        this.backend = backend;
+        this.degraded = degraded;
     }
     static async create(customPath) {
         const basePath = customPath ?? path.join(os.homedir(), ".cache", "rainy-updates");
         const sqlitePath = path.join(basePath, "cache.db");
         const sqliteStore = await tryCreateSqliteStore(sqlitePath);
         if (sqliteStore)
-            return new VersionCache(sqliteStore);
+            return new VersionCache(sqliteStore, "sqlite", false);
         const jsonPath = path.join(basePath, "cache.json");
-        return new VersionCache(new FileCacheStore(jsonPath));
+        const degraded = typeof Bun !== "undefined";
+        return new VersionCache(new FileCacheStore(jsonPath), "file", degraded);
     }
     async getValid(packageName, target) {
         const entry = await this.store.get(packageName, target);

package/dist/config/loader.d.ts

@@ -1,4 +1,4 @@
-import type { DependencyKind, FailOnLevel, OutputFormat, TargetLevel } from "../types/index.js";
+import type { DependencyKind, FailOnLevel, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
 export interface FileConfig {
     target?: TargetLevel;
     filter?: string;
@@ -17,6 +17,13 @@ export interface FileConfig {
     prReportFile?: string;
     failOn?: FailOnLevel;
     maxUpdates?: number;
+    fixPr?: boolean;
+    fixBranch?: string;
+    fixCommitMessage?: string;
+    fixDryRun?: boolean;
+    fixPrNoCheckout?: boolean;
+    noPrReport?: boolean;
+    logLevel?: LogLevel;
     install?: boolean;
     packageManager?: "auto" | "npm" | "pnpm";
     sync?: boolean;

package/dist/config/policy.d.ts

@@ -2,15 +2,26 @@ import type { TargetLevel } from "../types/index.js";
 export interface PolicyConfig {
     ignore?: string[];
     packageRules?: Record<string, {
+        match?: string;
         maxTarget?: TargetLevel;
         ignore?: boolean;
+        maxUpdatesPerRun?: number;
+        cooldownDays?: number;
+        allowPrerelease?: boolean;
     }>;
 }
+export interface PolicyRule {
+    match?: string;
+    maxTarget?: TargetLevel;
+    ignore: boolean;
+    maxUpdatesPerRun?: number;
+    cooldownDays?: number;
+    allowPrerelease?: boolean;
+}
 export interface ResolvedPolicy {
     ignorePatterns: string[];
-    packageRules: Map<string, {
-        maxTarget?: TargetLevel;
-        ignore: boolean;
-    }>;
+    packageRules: Map<string, PolicyRule>;
+    matchRules: PolicyRule[];
 }
 export declare function loadPolicy(cwd: string, policyFile?: string): Promise<ResolvedPolicy>;
+export declare function resolvePolicyRule(packageName: string, policy: ResolvedPolicy): PolicyRule | undefined;

package/dist/config/policy.js

@@ -12,13 +12,10 @@ export async function loadPolicy(cwd, policyFile) {
             const parsed = JSON.parse(content);
             return {
                 ignorePatterns: parsed.ignore ?? [],
-                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [
-                    pkg,
-                    {
-                        maxTarget: rule.maxTarget,
-                        ignore: rule.ignore === true,
-                    },
-                ])),
+                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [pkg, normalizeRule(rule)])),
+                matchRules: Object.values(parsed.packageRules ?? {})
+                    .map((rule) => normalizeRule(rule))
+                    .filter((rule) => typeof rule.match === "string" && rule.match.length > 0),
             };
         }
         catch {
@@ -28,5 +25,36 @@ export async function loadPolicy(cwd, policyFile) {
     return {
         ignorePatterns: [],
         packageRules: new Map(),
+        matchRules: [],
     };
 }
+export function resolvePolicyRule(packageName, policy) {
+    const exact = policy.packageRules.get(packageName);
+    if (exact)
+        return exact;
+    return policy.matchRules.find((rule) => matchesPattern(packageName, rule.match));
+}
+function normalizeRule(rule) {
+    return {
+        match: typeof rule.match === "string" ? rule.match : undefined,
+        maxTarget: rule.maxTarget,
+        ignore: rule.ignore === true,
+        maxUpdatesPerRun: asNonNegativeInt(rule.maxUpdatesPerRun),
+        cooldownDays: asNonNegativeInt(rule.cooldownDays),
+        allowPrerelease: rule.allowPrerelease === true,
+    };
+}
+function asNonNegativeInt(value) {
+    if (typeof value !== "number" || !Number.isInteger(value) || value < 0)
+        return undefined;
+    return value;
+}
+function matchesPattern(value, pattern) {
+    if (!pattern || pattern.length === 0)
+        return false;
+    if (pattern === "*")
+        return true;
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    const regex = new RegExp(`^${escaped}$`);
+    return regex.test(value);
+}

package/dist/core/check.js

@@ -6,16 +6,26 @@ import { VersionCache } from "../cache/cache.js";
 import { NpmRegistryClient } from "../registry/npm.js";
 import { detectPackageManager } from "../pm/detect.js";
 import { discoverPackageDirs } from "../workspace/discover.js";
-import { loadPolicy } from "../config/policy.js";
+import { loadPolicy, resolvePolicyRule } from "../config/policy.js";
+import { createSummary, finalizeSummary } from "./summary.js";
 export async function check(options) {
+    const startedAt = Date.now();
+    let discoveryMs = 0;
+    let cacheMs = 0;
+    let registryMs = 0;
+    const discoveryStartedAt = Date.now();
     const packageManager = await detectPackageManager(options.cwd);
     const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    discoveryMs += Date.now() - discoveryStartedAt;
     const cache = await VersionCache.create();
-    const registryClient = new NpmRegistryClient();
+    const registryClient = new NpmRegistryClient(options.cwd);
     const policy = await loadPolicy(options.cwd, options.policyFile);
     const updates = [];
     const errors = [];
     const warnings = [];
+    if (cache.degraded) {
+        warnings.push("SQLite cache backend unavailable in Bun runtime. Falling back to file cache backend.");
+    }
     let totalDependencies = 0;
     const tasks = [];
     let skipped = 0;
@@ -35,7 +45,7 @@ export async function check(options) {
                 continue;
             if (options.reject && matchesPattern(dep.name, options.reject))
                 continue;
-            const rule = policy.packageRules.get(dep.name);
+            const rule = resolvePolicyRule(dep.name, policy);
             if (rule?.ignore === true) {
                 skipped += 1;
                 continue;
@@ -47,9 +57,10 @@ export async function check(options) {
             tasks.push({ packageDir, dependency: dep });
         }
     }
-    const uniquePackageNames = Array.from(new Set(tasks.map((task) => task.dependency.name)));
+    const uniquePackageNames = Array.from(new Set(tasks.map((task) => task.dependency.name))).sort((a, b) => a.localeCompare(b));
     const resolvedVersions = new Map();
     const unresolvedPackages = [];
+    const cacheLookupStartedAt = Date.now();
     for (const packageName of uniquePackageNames) {
         const cached = await cache.getValid(packageName, options.target);
         if (cached) {
@@ -62,8 +73,10 @@ export async function check(options) {
             unresolvedPackages.push(packageName);
         }
     }
+    cacheMs += Date.now() - cacheLookupStartedAt;
     if (unresolvedPackages.length > 0) {
         if (options.offline) {
+            const cacheFallbackStartedAt = Date.now();
             for (const packageName of unresolvedPackages) {
                 const stale = await cache.getAny(packageName, options.target);
                 if (stale) {
@@ -77,11 +90,15 @@ export async function check(options) {
                     errors.push(`Offline cache miss for ${packageName}. Run once without --offline to warm cache.`);
                 }
             }
+            cacheMs += Date.now() - cacheFallbackStartedAt;
         }
         else {
+            const registryStartedAt = Date.now();
             const fetched = await registryClient.resolveManyPackageMetadata(unresolvedPackages, {
                 concurrency: options.concurrency,
             });
+            registryMs += Date.now() - registryStartedAt;
+            const cacheWriteStartedAt = Date.now();
             for (const [packageName, metadata] of fetched.metadata) {
                 resolvedVersions.set(packageName, {
                     latestVersion: metadata.latestVersion,
@@ -91,6 +108,8 @@ export async function check(options) {
                     await cache.set(packageName, options.target, metadata.latestVersion, metadata.versions, options.cacheTtlSeconds);
                 }
             }
+            cacheMs += Date.now() - cacheWriteStartedAt;
+            const cacheStaleStartedAt = Date.now();
             for (const [packageName, error] of fetched.errors) {
                 const stale = await cache.getAny(packageName, options.target);
                 if (stale) {
@@ -104,13 +123,14 @@ export async function check(options) {
                     errors.push(`Unable to resolve ${packageName}: ${error}`);
                 }
             }
+            cacheMs += Date.now() - cacheStaleStartedAt;
         }
     }
     for (const task of tasks) {
         const metadata = resolvedVersions.get(task.dependency.name);
         if (!metadata?.latestVersion)
             continue;
-        const rule = policy.packageRules.get(task.dependency.name);
+        const rule = resolvePolicyRule(task.dependency.name, policy);
         const effectiveTarget = clampTarget(options.target, rule?.maxTarget);
         const picked = pickTargetVersionFromAvailable(task.dependency.range, metadata.availableVersions, metadata.latestVersion, effectiveTarget);
         if (!picked)
@@ -130,15 +150,26 @@ export async function check(options) {
             reason: rule?.maxTarget ? `policy maxTarget=${rule.maxTarget}` : undefined,
         });
     }
-    const summary = {
+    const limitedUpdates = sortUpdates(applyRuleUpdateCaps(updates, policy));
+    const sortedErrors = [...errors].sort((a, b) => a.localeCompare(b));
+    const sortedWarnings = [...warnings].sort((a, b) => a.localeCompare(b));
+    const summary = finalizeSummary(createSummary({
         scannedPackages: packageDirs.length,
         totalDependencies,
         checkedDependencies: tasks.length,
-        updatesFound: updates.length,
+        updatesFound: limitedUpdates.length,
         upgraded: 0,
         skipped,
         warmedPackages: 0,
-    };
+        errors: sortedErrors,
+        warnings: sortedWarnings,
+        durations: {
+            totalMs: Date.now() - startedAt,
+            discoveryMs,
+            registryMs,
+            cacheMs,
+        },
+    }));
     return {
         projectPath: options.cwd,
         packagePaths: packageDirs,
@@ -146,8 +177,44 @@ export async function check(options) {
         target: options.target,
         timestamp: new Date().toISOString(),
         summary,
-        updates,
-        errors,
-        warnings,
+        updates: limitedUpdates,
+        errors: sortedErrors,
+        warnings: sortedWarnings,
     };
 }
+function applyRuleUpdateCaps(updates, policy) {
+    const limited = [];
+    const seenPerPackage = new Map();
+    for (const update of updates) {
+        const rule = resolvePolicyRule(update.name, policy);
+        const cap = rule?.maxUpdatesPerRun;
+        if (typeof cap !== "number") {
+            limited.push(update);
+            continue;
+        }
+        const seen = seenPerPackage.get(update.name) ?? 0;
+        if (seen >= cap) {
+            continue;
+        }
+        seenPerPackage.set(update.name, seen + 1);
+        limited.push(update);
+    }
+    return limited;
+}
+function sortUpdates(updates) {
+    return [...updates].sort((left, right) => {
+        const byPath = left.packagePath.localeCompare(right.packagePath);
+        if (byPath !== 0)
+            return byPath;
+        const byName = left.name.localeCompare(right.name);
+        if (byName !== 0)
+            return byName;
+        const byKind = left.kind.localeCompare(right.kind);
+        if (byKind !== 0)
+            return byKind;
+        const byFrom = left.fromRange.localeCompare(right.fromRange);
+        if (byFrom !== 0)
+            return byFrom;
+        return left.toRange.localeCompare(right.toRange);
+    });
+}

package/dist/core/fix-pr.d.ts

@@ -0,0 +1,7 @@
+import type { CheckResult, RunOptions } from "../types/index.js";
+export interface FixPrResult {
+    applied: boolean;
+    branchName?: string;
+    commitSha?: string;
+}
+export declare function applyFixPr(options: RunOptions, result: CheckResult, extraFiles: string[]): Promise<FixPrResult>;