@rainy-updates/cli 0.5.0-rc.1 → 0.5.0

package/dist/registry/npm.js

@@ -1,10 +1,15 @@
+import { promises as fs } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
 import { asyncPool } from "../utils/async-pool.js";
 const DEFAULT_TIMEOUT_MS = 8000;
 const USER_AGENT = "@rainy-updates/cli";
+const DEFAULT_REGISTRY = "https://registry.npmjs.org/";
 export class NpmRegistryClient {
     requesterPromise;
-    constructor() {
-        this.requesterPromise = createRequester();
+    constructor(cwd) {
+        this.requesterPromise = createRequester(cwd);
     }
     async resolvePackageMetadata(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
         const requester = await this.requesterPromise;
@@ -16,7 +21,7 @@ export class NpmRegistryClient {
                     return { latestVersion: null, versions: [] };
                 }
                 if (response.status === 429 || response.status >= 500) {
-                    throw new Error(`Registry temporary error: ${response.status}`);
+                    throw new RetryableRegistryError(`Registry temporary error: ${response.status}`, response.retryAfterMs ?? computeBackoffMs(attempt));
                 }
                 if (response.status < 200 || response.status >= 300) {
                     throw new Error(`Registry request failed: ${response.status}`);
@@ -27,7 +32,8 @@ export class NpmRegistryClient {
             catch (error) {
                 lastError = String(error);
                 if (attempt < 3) {
-                    await sleep(120 * attempt);
+                    const backoffMs = error instanceof RetryableRegistryError ? error.waitMs : computeBackoffMs(attempt);
+                    await sleep(backoffMs);
                 }
             }
         }
@@ -79,15 +85,30 @@ export class NpmRegistryClient {
 function sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
 }
-async function createRequester() {
-    const undiciRequester = await tryCreateUndiciRequester();
+function computeBackoffMs(attempt) {
+    const baseMs = Math.max(120, attempt * 180);
+    const jitterMs = Math.floor(Math.random() * 120);
+    return baseMs + jitterMs;
+}
+class RetryableRegistryError extends Error {
+    waitMs;
+    constructor(message, waitMs) {
+        super(message);
+        this.waitMs = waitMs;
+    }
+}
+async function createRequester(cwd) {
+    const registryConfig = await loadRegistryConfig(cwd ?? process.cwd());
+    const undiciRequester = await tryCreateUndiciRequester(registryConfig);
     if (undiciRequester)
         return undiciRequester;
     return async (packageName, timeoutMs) => {
         const controller = new AbortController();
         const timeout = setTimeout(() => controller.abort(), timeoutMs);
+        const registry = resolveRegistryForPackage(packageName, registryConfig);
+        const url = buildRegistryUrl(registry, packageName);
         try {
-            const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+            const response = await fetch(url, {
                 headers: {
                     accept: "application/json",
                     "user-agent": USER_AGENT,
@@ -95,28 +116,28 @@ async function createRequester() {
                 signal: controller.signal,
             });
             const data = (await response.json().catch(() => null));
-            return { status: response.status, data };
+            return {
+                status: response.status,
+                data,
+                retryAfterMs: parseRetryAfterHeader(response.headers.get("retry-after")),
+            };
         }
         finally {
             clearTimeout(timeout);
         }
     };
 }
-async function tryCreateUndiciRequester() {
+async function tryCreateUndiciRequester(registryConfig) {
     try {
         const dynamicImport = Function("specifier", "return import(specifier)");
         const undici = await dynamicImport("undici");
-        const pool = new undici.Pool("https://registry.npmjs.org", {
-            connections: 20,
-            pipelining: 10,
-            allowH2: true,
-        });
         return async (packageName, timeoutMs) => {
             const controller = new AbortController();
             const timeout = setTimeout(() => controller.abort(), timeoutMs);
+            const registry = resolveRegistryForPackage(packageName, registryConfig);
+            const url = buildRegistryUrl(registry, packageName);
             try {
-                const res = await pool.request({
-                    path: `/${encodeURIComponent(packageName)}`,
+                const res = await undici.request(url, {
                     method: "GET",
                     headers: {
                         accept: "application/json",
@@ -132,7 +153,19 @@ async function tryCreateUndiciRequester() {
                 catch {
                     data = null;
                 }
-                return { status: res.statusCode, data };
+                const retryAfter = (() => {
+                    const header = res.headers["retry-after"];
+                    if (Array.isArray(header))
+                        return header[0] ?? null;
+                    if (typeof header === "string")
+                        return header;
+                    return null;
+                })();
+                return {
+                    status: res.statusCode,
+                    data,
+                    retryAfterMs: parseRetryAfterHeader(retryAfter),
+                };
             }
             finally {
                 clearTimeout(timeout);
@@ -143,3 +176,89 @@ async function tryCreateUndiciRequester() {
         return null;
     }
 }
+async function loadRegistryConfig(cwd) {
+    const homeNpmrc = path.join(os.homedir(), ".npmrc");
+    const projectNpmrc = path.join(cwd, ".npmrc");
+    const merged = new Map();
+    for (const filePath of [homeNpmrc, projectNpmrc]) {
+        try {
+            const content = await fs.readFile(filePath, "utf8");
+            const parsed = parseNpmrc(content);
+            for (const [key, value] of parsed) {
+                merged.set(key, value);
+            }
+        }
+        catch {
+            // ignore missing/unreadable file
+        }
+    }
+    const defaultRegistry = normalizeRegistryUrl(merged.get("registry") ?? DEFAULT_REGISTRY);
+    const scopedRegistries = new Map();
+    for (const [key, value] of merged) {
+        if (!key.startsWith("@") || !key.endsWith(":registry"))
+            continue;
+        const scope = key.slice(0, key.indexOf(":registry"));
+        if (scope.length > 1) {
+            scopedRegistries.set(scope, normalizeRegistryUrl(value));
+        }
+    }
+    return { defaultRegistry, scopedRegistries };
+}
+function parseNpmrc(content) {
+    const values = new Map();
+    const lines = content.split(/\r?\n/);
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.length === 0 || trimmed.startsWith("#") || trimmed.startsWith(";"))
+            continue;
+        const separator = trimmed.indexOf("=");
+        if (separator <= 0)
+            continue;
+        const key = trimmed.slice(0, separator).trim();
+        const value = trimmed.slice(separator + 1).trim();
+        if (key.length > 0 && value.length > 0) {
+            values.set(key, value);
+        }
+    }
+    return values;
+}
+function normalizeRegistryUrl(value) {
+    const normalized = value.endsWith("/") ? value : `${value}/`;
+    return normalized;
+}
+function resolveRegistryForPackage(packageName, config) {
+    const scope = extractScope(packageName);
+    if (scope) {
+        const scoped = config.scopedRegistries.get(scope);
+        if (scoped)
+            return scoped;
+    }
+    return config.defaultRegistry;
+}
+function extractScope(packageName) {
+    if (!packageName.startsWith("@"))
+        return null;
+    const firstSlash = packageName.indexOf("/");
+    if (firstSlash <= 1)
+        return null;
+    return packageName.slice(0, firstSlash);
+}
+function buildRegistryUrl(registry, packageName) {
+    const base = normalizeRegistryUrl(registry);
+    return new URL(encodeURIComponent(packageName), base).toString();
+}
+function parseRetryAfterHeader(value) {
+    if (!value)
+        return null;
+    const parsedSeconds = Number(value);
+    if (Number.isFinite(parsedSeconds) && parsedSeconds >= 0) {
+        return Math.round(parsedSeconds * 1000);
+    }
+    const untilMs = Date.parse(value);
+    if (!Number.isFinite(untilMs))
+        return null;
+    const delta = untilMs - Date.now();
+    if (delta <= 0)
+        return 0;
+    return delta;
+}

package/dist/types/index.d.ts

@@ -1,7 +1,9 @@
 export type DependencyKind = "dependencies" | "devDependencies" | "optionalDependencies" | "peerDependencies";
 export type TargetLevel = "patch" | "minor" | "major" | "latest";
-export type OutputFormat = "table" | "json" | "minimal" | "github";
+export type OutputFormat = "table" | "json" | "minimal" | "github" | "metrics";
 export type FailOnLevel = "none" | "patch" | "minor" | "major" | "any";
+export type LogLevel = "error" | "warn" | "info" | "debug";
+export type FailReason = "none" | "updates-threshold" | "severity-threshold" | "registry-failure" | "offline-cache-miss" | "policy-blocked";
 export interface RunOptions {
     cwd: string;
     target: TargetLevel;
@@ -21,6 +23,13 @@ export interface RunOptions {
     prReportFile?: string;
     failOn?: FailOnLevel;
     maxUpdates?: number;
+    fixPr?: boolean;
+    fixBranch?: string;
+    fixCommitMessage?: string;
+    fixDryRun?: boolean;
+    fixPrNoCheckout?: boolean;
+    noPrReport?: boolean;
+    logLevel: LogLevel;
 }
 export interface CheckOptions extends RunOptions {
 }
@@ -53,6 +62,7 @@ export interface PackageUpdate {
     reason?: string;
 }
 export interface Summary {
+    contractVersion: "2";
     scannedPackages: number;
     totalDependencies: number;
     checkedDependencies: number;
@@ -60,6 +70,28 @@ export interface Summary {
     upgraded: number;
     skipped: number;
     warmedPackages: number;
+    failReason: FailReason;
+    errorCounts: {
+        total: number;
+        offlineCacheMiss: number;
+        registryFailure: number;
+        other: number;
+    };
+    warningCounts: {
+        total: number;
+        staleCache: number;
+        other: number;
+    };
+    durationMs: {
+        total: number;
+        discovery: number;
+        registry: number;
+        cache: number;
+        render: number;
+    };
+    fixPrApplied: boolean;
+    fixBranchName: string;
+    fixCommitSha: string;
 }
 export interface CheckResult {
     projectPath: string;

package/dist/utils/io.d.ts

@@ -0,0 +1 @@
+export declare function writeFileAtomic(filePath: string, content: string): Promise<void>;

package/dist/utils/io.js

@@ -0,0 +1,10 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import crypto from "node:crypto";
+export async function writeFileAtomic(filePath, content) {
+    const dir = path.dirname(filePath);
+    await fs.mkdir(dir, { recursive: true });
+    const tempPath = path.join(dir, `.tmp-${path.basename(filePath)}-${crypto.randomUUID()}`);
+    await fs.writeFile(tempPath, content, "utf8");
+    await fs.rename(tempPath, filePath);
+}

package/dist/utils/stable-json.d.ts

@@ -0,0 +1 @@
+export declare function stableStringify(value: unknown, indent?: number): string;

package/dist/utils/stable-json.js

@@ -0,0 +1,20 @@
+function isPlainObject(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function sortValue(value) {
+    if (Array.isArray(value)) {
+        return value.map((item) => sortValue(item));
+    }
+    if (!isPlainObject(value)) {
+        return value;
+    }
+    const sorted = {};
+    const keys = Object.keys(value).sort((a, b) => a.localeCompare(b));
+    for (const key of keys) {
+        sorted[key] = sortValue(value[key]);
+    }
+    return sorted;
+}
+export function stableStringify(value, indent = 2) {
+    return JSON.stringify(sortValue(value), null, indent);
+}

package/dist/workspace/discover.js

@@ -1,18 +1,27 @@
 import { promises as fs } from "node:fs";
 import path from "node:path";
+const HARD_IGNORE_DIRS = new Set(["node_modules", ".git", ".turbo", ".next", "dist", "coverage"]);
+const MAX_DISCOVERED_DIRS = 20000;
 export async function discoverPackageDirs(cwd, workspaceMode) {
     if (!workspaceMode) {
         return [cwd];
     }
     const roots = new Set([cwd]);
-    const packagePatterns = await readPackageJsonWorkspacePatterns(cwd);
-    const pnpmPatterns = await readPnpmWorkspacePatterns(cwd);
-    for (const pattern of [...packagePatterns, ...pnpmPatterns]) {
-        const dirs = await expandSingleLevelPattern(cwd, pattern);
+    const patterns = [...(await readPackageJsonWorkspacePatterns(cwd)), ...(await readPnpmWorkspacePatterns(cwd))];
+    const include = patterns.filter((item) => !item.startsWith("!"));
+    const exclude = patterns.filter((item) => item.startsWith("!")).map((item) => item.slice(1));
+    for (const pattern of include) {
+        const dirs = await expandWorkspacePattern(cwd, pattern);
         for (const dir of dirs) {
             roots.add(dir);
         }
     }
+    for (const pattern of exclude) {
+        const dirs = await expandWorkspacePattern(cwd, pattern);
+        for (const dir of dirs) {
+            roots.delete(dir);
+        }
+    }
     const existing = [];
     for (const dir of roots) {
         const packageJsonPath = path.join(dir, "package.json");
@@ -21,7 +30,7 @@ export async function discoverPackageDirs(cwd, workspaceMode) {
             existing.push(dir);
         }
         catch {
-            // ignore
+            // ignore missing package.json
         }
     }
     return existing.sort();
@@ -53,7 +62,7 @@ async function readPnpmWorkspacePatterns(cwd) {
             const trimmed = line.trim();
             if (!trimmed.startsWith("-"))
                 continue;
-            const value = trimmed.replace(/^-\s*/, "").replace(/^['\"]|['\"]$/g, "");
+            const value = trimmed.replace(/^-\s*/, "").replace(/^['"]|['"]$/g, "");
             if (value.length > 0) {
                 patterns.push(value);
             }
@@ -64,23 +73,52 @@ async function readPnpmWorkspacePatterns(cwd) {
         return [];
     }
 }
-async function expandSingleLevelPattern(cwd, pattern) {
-    if (!pattern.includes("*")) {
-        return [path.resolve(cwd, pattern)];
-    }
-    const normalized = pattern.replace(/\\/g, "/");
-    const starIndex = normalized.indexOf("*");
-    const basePart = normalized.slice(0, starIndex).replace(/\/$/, "");
-    const suffix = normalized.slice(starIndex + 1);
-    if (suffix.length > 0 && suffix !== "/") {
+async function expandWorkspacePattern(cwd, pattern) {
+    const normalized = pattern.replace(/\\/g, "/").replace(/^\.\//, "").replace(/\/+$/, "");
+    if (normalized.length === 0)
         return [];
+    if (!normalized.includes("*")) {
+        return [path.resolve(cwd, normalized)];
+    }
+    const segments = normalized.split("/").filter(Boolean);
+    const results = new Set();
+    await collectMatches(path.resolve(cwd), segments, 0, results);
+    return Array.from(results);
+}
+async function collectMatches(baseDir, segments, index, out) {
+    if (out.size > MAX_DISCOVERED_DIRS) {
+        throw new Error(`Workspace discovery exceeded ${MAX_DISCOVERED_DIRS} directories. Refine workspace patterns.`);
     }
-    const baseDir = path.resolve(cwd, basePart);
+    if (index >= segments.length) {
+        out.add(baseDir);
+        return;
+    }
+    const segment = segments[index];
+    if (segment === "**") {
+        await collectMatches(baseDir, segments, index + 1, out);
+        const children = await readChildDirs(baseDir);
+        for (const child of children) {
+            await collectMatches(child, segments, index, out);
+        }
+        return;
+    }
+    if (segment === "*") {
+        const children = await readChildDirs(baseDir);
+        for (const child of children) {
+            await collectMatches(child, segments, index + 1, out);
+        }
+        return;
+    }
+    await collectMatches(path.join(baseDir, segment), segments, index + 1, out);
+}
+async function readChildDirs(dir) {
     try {
-        const entries = await fs.readdir(baseDir, { withFileTypes: true });
+        const entries = await fs.readdir(dir, { withFileTypes: true });
         return entries
             .filter((entry) => entry.isDirectory())
-            .map((entry) => path.join(baseDir, entry.name));
+            .filter((entry) => !HARD_IGNORE_DIRS.has(entry.name))
+            .filter((entry) => !entry.name.startsWith("."))
+            .map((entry) => path.join(dir, entry.name));
     }
     catch {
         return [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rainy-updates/cli",
-  "version": "0.5.0-rc.1",
+  "version": "0.5.0",
   "description": "Agentic CLI to check and upgrade npm/pnpm dependencies for CI workflows",
   "type": "module",
   "private": false,
@@ -47,6 +47,7 @@
     "test": "bun test",
     "lint": "bunx biome check src tests",
     "check": "bun run typecheck && bun test",
+    "perf:smoke": "node scripts/perf-smoke.mjs",
     "test:prod": "node dist/bin/cli.js --help && node dist/bin/cli.js --version",
     "prepublishOnly": "bun run check && bun run build && bun run test:prod"
   },