@rainy-updates/cli 0.5.0-rc.2 → 0.5.1-rc.1

package/CHANGELOG.md

@@ -2,6 +2,68 @@
 
 All notable changes to this project are documented in this file.
 
+## [0.5.1-rc.1] - 2026-02-27
+
+### Added
+
+- New `ci` command for CI-first orchestration:
+  - profile-driven automation with `--mode minimal|strict|enterprise`,
+  - warm-cache + check/upgrade flow with deterministic artifacts.
+- New rollout and orchestration flags:
+  - `--group-by none|name|scope|kind|risk`
+  - `--group-max <n>`
+  - `--cooldown-days <n>`
+  - `--pr-limit <n>`
+  - `--only-changed`
+- Additive summary/output contract fields:
+  - `groupedUpdates`
+  - `cooldownSkipped`
+  - `ciProfile`
+  - `prLimitHit`
+- Policy schema extensions:
+  - global `cooldownDays`
+  - package rule `group` and `priority`
+
+### Changed
+
+- `check` now supports cooldown-aware filtering when publish timestamps are available.
+- CI workflow templates generated by `init-ci` now use `rainy-updates ci` with explicit profile mode.
+- GitHub output, metrics output, SARIF properties, and PR report include new CI orchestration metadata.
+
+### Tests
+
+- Added parser coverage for `ci` command orchestration flags.
+- Extended workflow, policy, summary, and output tests for new metadata and profile behavior.
+
+## [0.5.0] - 2026-02-27
+
+### Changed
+
+- Promoted `0.5.0-rc.4` to General Availability.
+- Stabilized deterministic CI artifact behavior for JSON, SARIF, and GitHub outputs.
+- Finalized fix-PR summary metadata contract defaults for automation pipelines.
+
+### Added
+
+- GA release gate includes `perf:smoke` CI check for regression protection.
+
+## [0.5.0-rc.4] - 2026-02-27
+
+### Changed
+
+- Hardened deterministic CI artifacts:
+  - stable key ordering for JSON and SARIF files,
+  - deterministic sorting for updates, warnings, and errors in output pipelines.
+- Improved fail-reason classification consistency for registry/runtime failures across commands.
+- Fix-PR metadata in summary now has stable defaults (`fixPrApplied`, `fixBranchName`, `fixCommitSha`) to reduce contract drift.
+- Fix-PR staging now includes only updated manifests plus explicit report files, with deterministic file ordering.
+- Added warning when Bun runtime falls back from SQLite cache backend to file cache backend.
+
+### Added
+
+- Added `perf:smoke` script and CI gate to enforce a basic performance regression threshold.
+- Added deterministic output and summary regression tests.
+
 ## [0.5.0-rc.2] - 2026-02-27
 
 ### Added

package/README.md

@@ -24,6 +24,7 @@ pnpm add -D @rainy-updates/cli
 
 - `check`: analyze dependencies and report available updates.
 - `upgrade`: rewrite dependency ranges in manifests, optionally install lockfile updates.
+- `ci`: run CI-focused dependency automation (warm cache, check/upgrade, policy gates).
 - `warm-cache`: prefetch package metadata for fast and offline checks.
 - `baseline`: save and compare dependency baseline snapshots.
 
@@ -36,6 +37,9 @@ npx @rainy-updates/cli check --format table
 # 2) Strict CI mode (non-zero when updates exist)
 npx @rainy-updates/cli check --workspace --ci --format json --json-file .artifacts/updates.json
 
+# 2b) CI orchestration mode
+npx @rainy-updates/cli ci --workspace --mode strict --format github --json-file .artifacts/updates.json
+
 # 3) Apply upgrades with workspace sync
 npx @rainy-updates/cli upgrade --target latest --workspace --sync --install
 
@@ -151,6 +155,12 @@ Schedule:
 - `--offline`
 - `--fail-on none|patch|minor|major|any`
 - `--max-updates <n>`
+- `--group-by none|name|scope|kind|risk`
+- `--group-max <n>`
+- `--cooldown-days <n>`
+- `--pr-limit <n>`
+- `--only-changed`
+- `--mode minimal|strict|enterprise` (for `ci`)
 - `--policy-file <path>`
 - `--format table|json|minimal|github`
 - `--json-file <path>`
@@ -205,6 +215,7 @@ rainy-updates --version
 This package ships with production CI/CD pipelines in the repository:
 
 - Continuous integration pipeline for typecheck, tests, build, and production smoke checks.
+- Performance smoke gate (`perf:smoke`) to catch startup/runtime regressions in CI.
 - Tag-driven release pipeline for npm publishing with provenance.
 - Release preflight validation for npm auth/scope checks before publishing.
 

package/dist/bin/cli.js

@@ -7,6 +7,7 @@ import { parseCliArgs } from "../core/options.js";
 import { check } from "../core/check.js";
 import { upgrade } from "../core/upgrade.js";
 import { warmCache } from "../core/warm-cache.js";
+import { runCi } from "../core/ci.js";
 import { initCiWorkflow } from "../core/init-ci.js";
 import { diffBaseline, saveBaseline } from "../core/baseline.js";
 import { applyFixPr } from "../core/fix-pr.js";
@@ -14,6 +15,9 @@ import { renderResult } from "../output/format.js";
 import { writeGitHubOutput } from "../output/github.js";
 import { createSarifReport } from "../output/sarif.js";
 import { renderPrReport } from "../output/pr-report.js";
+import { writeFileAtomic } from "../utils/io.js";
+import { resolveFailReason } from "../core/summary.js";
+import { stableStringify } from "../utils/stable-json.js";
 async function main() {
     try {
         const argv = process.argv.slice(2);
@@ -64,30 +68,43 @@ async function main() {
         const result = await runCommand(parsed);
         if (parsed.options.prReportFile) {
             const markdown = renderPrReport(result);
-            await fs.mkdir(path.dirname(parsed.options.prReportFile), { recursive: true });
-            await fs.writeFile(parsed.options.prReportFile, markdown + "\n", "utf8");
+            await writeFileAtomic(parsed.options.prReportFile, markdown + "\n");
         }
-        if (parsed.options.fixPr && (parsed.command === "check" || parsed.command === "upgrade")) {
+        if (parsed.options.fixPr && (parsed.command === "check" || parsed.command === "upgrade" || parsed.command === "ci")) {
+            result.summary.fixPrApplied = false;
+            result.summary.fixBranchName = parsed.options.fixBranch ?? "chore/rainy-updates";
+            result.summary.fixCommitSha = "";
             const fixResult = await applyFixPr(parsed.options, result, parsed.options.prReportFile ? [parsed.options.prReportFile] : []);
             result.summary.fixPrApplied = fixResult.applied;
-            result.summary.fixBranchName = fixResult.branchName;
-            result.summary.fixCommitSha = fixResult.commitSha;
+            result.summary.fixBranchName = fixResult.branchName ?? "";
+            result.summary.fixCommitSha = fixResult.commitSha ?? "";
+        }
+        result.summary.failReason = resolveFailReason(result.updates, result.errors, parsed.options.failOn, parsed.options.maxUpdates, parsed.options.ci);
+        const renderStartedAt = Date.now();
+        let rendered = renderResult(result, parsed.options.format);
+        result.summary.durationMs.render = Math.max(0, Date.now() - renderStartedAt);
+        if (parsed.options.format === "json" || parsed.options.format === "metrics") {
+            rendered = renderResult(result, parsed.options.format);
+        }
+        if (parsed.options.onlyChanged &&
+            result.updates.length === 0 &&
+            result.errors.length === 0 &&
+            result.warnings.length === 0 &&
+            (parsed.options.format === "table" || parsed.options.format === "minimal" || parsed.options.format === "github")) {
+            rendered = "";
         }
         if (parsed.options.jsonFile) {
-            await fs.mkdir(path.dirname(parsed.options.jsonFile), { recursive: true });
-            await fs.writeFile(parsed.options.jsonFile, JSON.stringify(result, null, 2) + "\n", "utf8");
+            await writeFileAtomic(parsed.options.jsonFile, stableStringify(result, 2) + "\n");
         }
         if (parsed.options.githubOutputFile) {
             await writeGitHubOutput(parsed.options.githubOutputFile, result);
         }
         if (parsed.options.sarifFile) {
             const sarif = createSarifReport(result);
-            await fs.mkdir(path.dirname(parsed.options.sarifFile), { recursive: true });
-            await fs.writeFile(parsed.options.sarifFile, JSON.stringify(sarif, null, 2) + "\n", "utf8");
+            await writeFileAtomic(parsed.options.sarifFile, stableStringify(sarif, 2) + "\n");
         }
-        const rendered = renderResult(result, parsed.options.format);
         process.stdout.write(rendered + "\n");
-        process.exitCode = resolveExitCode(result, parsed.options.failOn, parsed.options.maxUpdates, parsed.options.ci);
+        process.exitCode = resolveExitCode(result, result.summary.failReason);
     }
     catch (error) {
         process.stderr.write(`rainy-updates: ${String(error)}\n`);
@@ -116,6 +133,7 @@ Options:
   --fix-branch <name>
   --fix-commit-message <text>
   --fix-dry-run
+  --fix-pr-no-checkout
   --no-pr-report
   --json-file <path>
   --github-output <path>
@@ -123,6 +141,12 @@ Options:
   --pr-report-file <path>
   --fail-on none|patch|minor|major|any
   --max-updates <n>
+  --group-by none|name|scope|kind|risk
+  --group-max <n>
+  --cooldown-days <n>
+  --pr-limit <n>
+  --only-changed
+  --log-level error|warn|info|debug
   --ci`;
     }
     if (isCommand && command === "warm-cache") {
@@ -161,9 +185,40 @@ Options:
   --fix-branch <name>
   --fix-commit-message <text>
   --fix-dry-run
+  --fix-pr-no-checkout
   --no-pr-report
   --json-file <path>
   --pr-report-file <path>`;
+    }
+    if (isCommand && command === "ci") {
+        return `rainy-updates ci [options]
+
+Run CI-oriented dependency automation pipeline.
+
+Options:
+  --workspace
+  --mode minimal|strict|enterprise
+  --group-by none|name|scope|kind|risk
+  --group-max <n>
+  --cooldown-days <n>
+  --pr-limit <n>
+  --only-changed
+  --offline
+  --concurrency <n>
+  --fix-pr
+  --fix-branch <name>
+  --fix-commit-message <text>
+  --fix-dry-run
+  --fix-pr-no-checkout
+  --no-pr-report
+  --json-file <path>
+  --github-output <path>
+  --sarif-file <path>
+  --pr-report-file <path>
+  --fail-on none|patch|minor|major|any
+  --max-updates <n>
+  --log-level error|warn|info|debug
+  --ci`;
     }
     if (isCommand && command === "init-ci") {
         return `rainy-updates init-ci [options]
@@ -194,6 +249,7 @@ Options:
 Commands:
   check       Detect available updates
   upgrade     Apply updates to manifests
+  ci          Run CI-focused update pipeline
   warm-cache  Warm local cache for fast/offline checks
   init-ci     Scaffold GitHub Actions workflow
   baseline    Save/check dependency baseline snapshots
@@ -202,7 +258,7 @@ Global options:
   --cwd <path>
   --workspace
   --target patch|minor|major|latest
-  --format table|json|minimal|github
+  --format table|json|minimal|github|metrics
   --json-file <path>
   --github-output <path>
   --sarif-file <path>
@@ -210,11 +266,19 @@ Global options:
   --policy-file <path>
   --fail-on none|patch|minor|major|any
   --max-updates <n>
+  --group-by none|name|scope|kind|risk
+  --group-max <n>
+  --cooldown-days <n>
+  --pr-limit <n>
+  --only-changed
+  --mode minimal|strict|enterprise
   --fix-pr
   --fix-branch <name>
   --fix-commit-message <text>
   --fix-dry-run
+  --fix-pr-no-checkout
   --no-pr-report
+  --log-level error|warn|info|debug
   --concurrency <n>
   --cache-ttl <seconds>
   --offline
@@ -229,6 +293,9 @@ async function runCommand(parsed) {
     if (parsed.command === "warm-cache") {
         return await warmCache(parsed.options);
     }
+    if (parsed.command === "ci") {
+        return await runCi(parsed.options);
+    }
     if (parsed.options.fixPr) {
         const upgradeOptions = {
             ...parsed.options,
@@ -247,22 +314,10 @@ async function readPackageVersion() {
     const parsed = JSON.parse(content);
     return parsed.version ?? "0.0.0";
 }
-function resolveExitCode(result, failOn, maxUpdates, ciMode) {
+function resolveExitCode(result, failReason) {
     if (result.errors.length > 0)
         return 2;
-    if (typeof maxUpdates === "number" && result.updates.length > maxUpdates)
+    if (failReason !== "none")
         return 1;
-    const effectiveFailOn = failOn && failOn !== "none" ? failOn : ciMode ? "any" : "none";
-    if (!shouldFailForUpdates(result.updates, effectiveFailOn))
-        return 0;
-    return 1;
-}
-function shouldFailForUpdates(updates, failOn) {
-    if (failOn === "none")
-        return false;
-    if (failOn === "any" || failOn === "patch")
-        return updates.length > 0;
-    if (failOn === "minor")
-        return updates.some((update) => update.diffType === "minor" || update.diffType === "major");
-    return updates.some((update) => update.diffType === "major");
+    return 0;
 }

package/dist/cache/cache.d.ts

@@ -1,6 +1,8 @@
 import type { CachedVersion, TargetLevel } from "../types/index.js";
 export declare class VersionCache {
     private readonly store;
+    readonly backend: "sqlite" | "file";
+    readonly degraded: boolean;
     private constructor();
     static create(customPath?: string): Promise<VersionCache>;
     getValid(packageName: string, target: TargetLevel): Promise<CachedVersion | null>;

package/dist/cache/cache.js

@@ -106,17 +106,22 @@ class SqliteCacheStore {
 }
 export class VersionCache {
     store;
-    constructor(store) {
+    backend;
+    degraded;
+    constructor(store, backend, degraded) {
         this.store = store;
+        this.backend = backend;
+        this.degraded = degraded;
     }
     static async create(customPath) {
         const basePath = customPath ?? path.join(os.homedir(), ".cache", "rainy-updates");
         const sqlitePath = path.join(basePath, "cache.db");
         const sqliteStore = await tryCreateSqliteStore(sqlitePath);
         if (sqliteStore)
-            return new VersionCache(sqliteStore);
+            return new VersionCache(sqliteStore, "sqlite", false);
         const jsonPath = path.join(basePath, "cache.json");
-        return new VersionCache(new FileCacheStore(jsonPath));
+        const degraded = typeof Bun !== "undefined";
+        return new VersionCache(new FileCacheStore(jsonPath), "file", degraded);
     }
     async getValid(packageName, target) {
         const entry = await this.store.get(packageName, target);

package/dist/config/loader.d.ts

@@ -1,4 +1,4 @@
-import type { DependencyKind, FailOnLevel, OutputFormat, TargetLevel } from "../types/index.js";
+import type { CiProfile, DependencyKind, FailOnLevel, GroupBy, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
 export interface FileConfig {
     target?: TargetLevel;
     filter?: string;
@@ -21,7 +21,15 @@ export interface FileConfig {
     fixBranch?: string;
     fixCommitMessage?: string;
     fixDryRun?: boolean;
+    fixPrNoCheckout?: boolean;
     noPrReport?: boolean;
+    logLevel?: LogLevel;
+    groupBy?: GroupBy;
+    groupMax?: number;
+    cooldownDays?: number;
+    prLimit?: number;
+    onlyChanged?: boolean;
+    ciProfile?: CiProfile;
     install?: boolean;
     packageManager?: "auto" | "npm" | "pnpm";
     sync?: boolean;

package/dist/config/policy.d.ts

@@ -1,16 +1,33 @@
 import type { TargetLevel } from "../types/index.js";
 export interface PolicyConfig {
     ignore?: string[];
+    cooldownDays?: number;
     packageRules?: Record<string, {
+        match?: string;
         maxTarget?: TargetLevel;
         ignore?: boolean;
+        maxUpdatesPerRun?: number;
+        cooldownDays?: number;
+        allowPrerelease?: boolean;
+        group?: string;
+        priority?: number;
     }>;
 }
+export interface PolicyRule {
+    match?: string;
+    maxTarget?: TargetLevel;
+    ignore: boolean;
+    maxUpdatesPerRun?: number;
+    cooldownDays?: number;
+    allowPrerelease?: boolean;
+    group?: string;
+    priority?: number;
+}
 export interface ResolvedPolicy {
     ignorePatterns: string[];
-    packageRules: Map<string, {
-        maxTarget?: TargetLevel;
-        ignore: boolean;
-    }>;
+    cooldownDays?: number;
+    packageRules: Map<string, PolicyRule>;
+    matchRules: PolicyRule[];
 }
 export declare function loadPolicy(cwd: string, policyFile?: string): Promise<ResolvedPolicy>;
+export declare function resolvePolicyRule(packageName: string, policy: ResolvedPolicy): PolicyRule | undefined;

package/dist/config/policy.js

@@ -12,13 +12,11 @@ export async function loadPolicy(cwd, policyFile) {
             const parsed = JSON.parse(content);
             return {
                 ignorePatterns: parsed.ignore ?? [],
-                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [
-                    pkg,
-                    {
-                        maxTarget: rule.maxTarget,
-                        ignore: rule.ignore === true,
-                    },
-                ])),
+                cooldownDays: asNonNegativeInt(parsed.cooldownDays),
+                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [pkg, normalizeRule(rule)])),
+                matchRules: Object.values(parsed.packageRules ?? {})
+                    .map((rule) => normalizeRule(rule))
+                    .filter((rule) => typeof rule.match === "string" && rule.match.length > 0),
             };
         }
         catch {
@@ -27,6 +25,40 @@ export async function loadPolicy(cwd, policyFile) {
     }
     return {
         ignorePatterns: [],
+        cooldownDays: undefined,
         packageRules: new Map(),
+        matchRules: [],
     };
 }
+export function resolvePolicyRule(packageName, policy) {
+    const exact = policy.packageRules.get(packageName);
+    if (exact)
+        return exact;
+    return policy.matchRules.find((rule) => matchesPattern(packageName, rule.match));
+}
+function normalizeRule(rule) {
+    return {
+        match: typeof rule.match === "string" ? rule.match : undefined,
+        maxTarget: rule.maxTarget,
+        ignore: rule.ignore === true,
+        maxUpdatesPerRun: asNonNegativeInt(rule.maxUpdatesPerRun),
+        cooldownDays: asNonNegativeInt(rule.cooldownDays),
+        allowPrerelease: rule.allowPrerelease === true,
+        group: typeof rule.group === "string" && rule.group.trim().length > 0 ? rule.group.trim() : undefined,
+        priority: asNonNegativeInt(rule.priority),
+    };
+}
+function asNonNegativeInt(value) {
+    if (typeof value !== "number" || !Number.isInteger(value) || value < 0)
+        return undefined;
+    return value;
+}
+function matchesPattern(value, pattern) {
+    if (!pattern || pattern.length === 0)
+        return false;
+    if (pattern === "*")
+        return true;
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    const regex = new RegExp(`^${escaped}$`);
+    return regex.test(value);
+}