@rainy-updates/cli 0.5.1-rc.2 → 0.5.1

package/dist/commands/bisect/engine.js

@@ -0,0 +1,89 @@
+import { NpmRegistryClient } from "../../registry/npm.js";
+import { VersionCache } from "../../cache/cache.js";
+import { bisectOracle } from "./oracle.js";
+/**
+ * Binary search engine for dependency bisecting.
+ * Given a sorted list of versions, finds the exact version that causes
+ * a test oracle to switch from "good" → "bad".
+ */
+export async function bisectVersions(versions, options) {
+    const result = {
+        packageName: options.packageName,
+        breakingVersion: null,
+        lastGoodVersion: null,
+        totalVersionsTested: 0,
+        iterations: 0,
+    };
+    if (versions.length === 0) {
+        return result;
+    }
+    let lo = 0;
+    let hi = versions.length - 1;
+    // Verify boundaries: hi must be "bad", lo must be "good"
+    const hiOutcome = await bisectOracle(options.packageName, versions[hi], options);
+    result.totalVersionsTested += 1;
+    result.iterations += 1;
+    if (hiOutcome !== "bad") {
+        // Latest version is good — nothing to bisect
+        return result;
+    }
+    const loOutcome = await bisectOracle(options.packageName, versions[lo], options);
+    result.totalVersionsTested += 1;
+    result.iterations += 1;
+    if (loOutcome === "bad") {
+        // Even the first version fails — can't determine boundary
+        result.breakingVersion = versions[lo];
+        return result;
+    }
+    // Binary search
+    while (lo + 1 < hi) {
+        const mid = Math.floor((lo + hi) / 2);
+        const outcome = await bisectOracle(options.packageName, versions[mid], options);
+        result.totalVersionsTested += 1;
+        result.iterations += 1;
+        if (outcome === "bad") {
+            hi = mid;
+        }
+        else if (outcome === "good") {
+            lo = mid;
+        }
+        else {
+            // "skip" — skip this version and go toward bad side
+            hi = mid - 1;
+        }
+    }
+    result.lastGoodVersion = versions[lo];
+    result.breakingVersion = versions[hi];
+    return result;
+}
+/**
+ * Fetches available versions for a package from registry/cache,
+ * optionally filtered to a user-specified range, sorted ascending.
+ */
+export async function fetchBisectVersions(options) {
+    const cache = await VersionCache.create();
+    const registry = new NpmRegistryClient(options.cwd, {
+        timeoutMs: options.registryTimeoutMs,
+        retries: 2,
+    });
+    const cached = await cache.getAny(options.packageName, "latest");
+    let allVersions = cached?.availableVersions ?? [];
+    if (allVersions.length === 0) {
+        const result = await registry.resolveManyPackageMetadata([options.packageName], {
+            concurrency: 1,
+            retries: 2,
+            timeoutMs: options.registryTimeoutMs,
+        });
+        const meta = result.metadata.get(options.packageName);
+        allVersions = meta?.versions ?? [];
+    }
+    if (options.versionRange) {
+        const [rangeStart, rangeEnd] = options.versionRange.split("..");
+        allVersions = allVersions.filter((v) => {
+            const afterStart = !rangeStart || v >= rangeStart;
+            const beforeEnd = !rangeEnd || v <= rangeEnd;
+            return afterStart && beforeEnd;
+        });
+    }
+    return allVersions.sort((a, b) => a.localeCompare(b, undefined, { numeric: true, sensitivity: "base" }));
+}

package/dist/commands/bisect/oracle.d.ts

@@ -0,0 +1,7 @@
+import type { BisectOptions, BisectOutcome } from "../../types/index.js";
+/**
+ * The "oracle" for bisect: installs a specific version of a package
+ * into the project's node_modules (via the shell), then runs --cmd.
+ * Returns "good" (exit 0), "bad" (non-zero exit), or "skip" on install error.
+ */
+export declare function bisectOracle(packageName: string, version: string, options: BisectOptions): Promise<BisectOutcome>;

package/dist/commands/bisect/oracle.js

@@ -0,0 +1,36 @@
+import { spawn } from "node:child_process";
+import path from "node:path";
+/**
+ * The "oracle" for bisect: installs a specific version of a package
+ * into the project's node_modules (via the shell), then runs --cmd.
+ * Returns "good" (exit 0), "bad" (non-zero exit), or "skip" on install error.
+ */
+export async function bisectOracle(packageName, version, options) {
+    if (options.dryRun) {
+        // In dry-run mode, simulate the oracle without side effects
+        process.stderr.write(`[bisect:dry-run] Would test ${packageName}@${version}\n`);
+        return "skip";
+    }
+    const installResult = await runShell(`npm install --no-save ${packageName}@${version}`, options.cwd);
+    if (installResult !== 0) {
+        process.stderr.write(`[bisect] Failed to install ${packageName}@${version}, skipping.\n`);
+        return "skip";
+    }
+    process.stderr.write(`[bisect] Testing ${packageName}@${version}...\n`);
+    const testResult = await runShell(options.testCommand, options.cwd);
+    const outcome = testResult === 0 ? "good" : "bad";
+    process.stderr.write(`[bisect] ${packageName}@${version} → ${outcome}\n`);
+    return outcome;
+}
+function runShell(command, cwd) {
+    return new Promise((resolve) => {
+        const [bin, ...args] = command.split(" ");
+        const child = spawn(bin, args, {
+            cwd: path.resolve(cwd),
+            shell: true,
+            stdio: "pipe",
+        });
+        child.on("close", (code) => resolve(code ?? 1));
+        child.on("error", () => resolve(1));
+    });
+}

package/dist/commands/bisect/parser.d.ts

@@ -0,0 +1,2 @@
+import type { BisectOptions } from "../../types/index.js";
+export declare function parseBisectArgs(args: string[]): BisectOptions;

package/dist/commands/bisect/parser.js

@@ -0,0 +1,73 @@
+import path from "node:path";
+import process from "node:process";
+export function parseBisectArgs(args) {
+    const options = {
+        cwd: process.cwd(),
+        packageName: "",
+        versionRange: undefined,
+        testCommand: "npm test",
+        concurrency: 4,
+        registryTimeoutMs: 8000,
+        cacheTtlSeconds: 3600,
+        dryRun: false,
+    };
+    let index = 0;
+    while (index < args.length) {
+        const current = args[index];
+        const next = args[index + 1];
+        if (!current.startsWith("-") && !options.packageName) {
+            options.packageName = current;
+            index += 1;
+            continue;
+        }
+        if (current === "--cmd" && next) {
+            options.testCommand = next;
+            index += 2;
+            continue;
+        }
+        if (current === "--cmd") {
+            throw new Error("Missing value for --cmd");
+        }
+        if (current === "--range" && next) {
+            options.versionRange = next;
+            index += 2;
+            continue;
+        }
+        if (current === "--range") {
+            throw new Error("Missing value for --range");
+        }
+        if (current === "--cwd" && next) {
+            options.cwd = path.resolve(next);
+            index += 2;
+            continue;
+        }
+        if (current === "--cwd") {
+            throw new Error("Missing value for --cwd");
+        }
+        if (current === "--dry-run") {
+            options.dryRun = true;
+            index += 1;
+            continue;
+        }
+        if (current === "--registry-timeout-ms" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed <= 0) {
+                throw new Error("--registry-timeout-ms must be a positive integer");
+            }
+            options.registryTimeoutMs = parsed;
+            index += 2;
+            continue;
+        }
+        if (current === "--registry-timeout-ms") {
+            throw new Error("Missing value for --registry-timeout-ms");
+        }
+        if (current.startsWith("-")) {
+            throw new Error(`Unknown bisect option: ${current}`);
+        }
+        throw new Error(`Unexpected bisect argument: ${current}`);
+    }
+    if (!options.packageName) {
+        throw new Error('bisect requires a package name: rup bisect <package> --cmd "<test command>"');
+    }
+    return options;
+}

package/dist/commands/bisect/runner.d.ts

@@ -0,0 +1,6 @@
+import type { BisectOptions, BisectResult } from "../../types/index.js";
+/**
+ * Entry point for the `bisect` command. Lazy-loaded by cli.ts.
+ * Fully isolated: does NOT import anything from core/options.ts.
+ */
+export declare function runBisect(options: BisectOptions): Promise<BisectResult>;

package/dist/commands/bisect/runner.js

@@ -0,0 +1,27 @@
+import { fetchBisectVersions, bisectVersions } from "./engine.js";
+/**
+ * Entry point for the `bisect` command. Lazy-loaded by cli.ts.
+ * Fully isolated: does NOT import anything from core/options.ts.
+ */
+export async function runBisect(options) {
+    process.stderr.write(`\n[bisect] Fetching available versions for ${options.packageName}...\n`);
+    const versions = await fetchBisectVersions(options);
+    if (versions.length === 0) {
+        throw new Error(`No versions found for package "${options.packageName}".`);
+    }
+    process.stderr.write(`[bisect] Found ${versions.length} versions. Starting binary search...\n`);
+    if (options.versionRange) {
+        process.stderr.write(`[bisect] Range: ${options.versionRange}\n`);
+    }
+    const result = await bisectVersions(versions, options);
+    if (result.breakingVersion) {
+        process.stdout.write(`\n✖ Break introduced in ${options.packageName}@${result.breakingVersion}\n` +
+            `  Last good version: ${result.lastGoodVersion ?? "none"}\n` +
+            `  Tested: ${result.totalVersionsTested} versions in ${result.iterations} iterations\n`);
+    }
+    else {
+        process.stdout.write(`\n✔ No breaking version found for ${options.packageName} (all versions passed).\n` +
+            `  Tested: ${result.totalVersionsTested} versions\n`);
+    }
+    return result;
+}

package/dist/commands/health/parser.d.ts

@@ -0,0 +1,2 @@
+import type { HealthOptions } from "../../types/index.js";
+export declare function parseHealthArgs(args: string[]): HealthOptions;

package/dist/commands/health/parser.js

@@ -0,0 +1,90 @@
+import path from "node:path";
+import process from "node:process";
+export function parseHealthArgs(args) {
+    const options = {
+        cwd: process.cwd(),
+        workspace: false,
+        staleDays: 365,
+        includeDeprecated: true,
+        includeAlternatives: false,
+        reportFormat: "table",
+        jsonFile: undefined,
+        concurrency: 16,
+        registryTimeoutMs: 8000,
+    };
+    let index = 0;
+    while (index < args.length) {
+        const current = args[index];
+        const next = args[index + 1];
+        if (current === "--cwd" && next) {
+            options.cwd = path.resolve(next);
+            index += 2;
+            continue;
+        }
+        if (current === "--cwd")
+            throw new Error("Missing value for --cwd");
+        if (current === "--workspace") {
+            options.workspace = true;
+            index += 1;
+            continue;
+        }
+        if (current === "--stale" && next) {
+            // Accept "12m" → 365, "6m" → 180, "365d" → 365, or plain number
+            const match = next.match(/^(\d+)(m|d)?$/);
+            if (!match)
+                throw new Error("--stale must be a number of days or a duration like 12m or 180d");
+            const value = parseInt(match[1], 10);
+            const unit = match[2] ?? "d";
+            options.staleDays = unit === "m" ? value * 30 : value;
+            index += 2;
+            continue;
+        }
+        if (current === "--stale")
+            throw new Error("Missing value for --stale");
+        if (current === "--deprecated") {
+            options.includeDeprecated = true;
+            index += 1;
+            continue;
+        }
+        if (current === "--no-deprecated") {
+            options.includeDeprecated = false;
+            index += 1;
+            continue;
+        }
+        if (current === "--alternatives") {
+            options.includeAlternatives = true;
+            index += 1;
+            continue;
+        }
+        if (current === "--report" && next) {
+            if (next !== "table" && next !== "json")
+                throw new Error("--report must be table or json");
+            options.reportFormat = next;
+            index += 2;
+            continue;
+        }
+        if (current === "--report")
+            throw new Error("Missing value for --report");
+        if (current === "--json-file" && next) {
+            options.jsonFile = path.resolve(options.cwd, next);
+            index += 2;
+            continue;
+        }
+        if (current === "--json-file")
+            throw new Error("Missing value for --json-file");
+        if (current === "--concurrency" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed <= 0)
+                throw new Error("--concurrency must be positive integer");
+            options.concurrency = parsed;
+            index += 2;
+            continue;
+        }
+        if (current === "--concurrency")
+            throw new Error("Missing value for --concurrency");
+        if (current.startsWith("-"))
+            throw new Error(`Unknown health option: ${current}`);
+        throw new Error(`Unexpected health argument: ${current}`);
+    }
+    return options;
+}

package/dist/commands/health/runner.d.ts

@@ -0,0 +1,7 @@
+import type { HealthOptions, HealthResult } from "../../types/index.js";
+/**
+ * Lazy-loaded entry point for `rup health`.
+ * Discovers packages, queries npm registry for publication metadata,
+ * detects stale and deprecated packages, and renders a health report.
+ */
+export declare function runHealth(options: HealthOptions): Promise<HealthResult>;

package/dist/commands/health/runner.js

@@ -0,0 +1,130 @@
+import { collectDependencies, readManifest, } from "../../parsers/package-json.js";
+import { discoverPackageDirs } from "../../workspace/discover.js";
+import { asyncPool } from "../../utils/async-pool.js";
+import { writeFileAtomic } from "../../utils/io.js";
+import { stableStringify } from "../../utils/stable-json.js";
+async function fetchNpmMeta(packageName, timeoutMs) {
+    try {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), timeoutMs);
+        const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+            signal: controller.signal,
+            headers: { Accept: "application/vnd.npm.install-v1+json" },
+        });
+        clearTimeout(timer);
+        if (!response.ok)
+            return {};
+        return (await response.json());
+    }
+    catch {
+        return {};
+    }
+}
+function analyzePackage(name, currentVersion, meta, options) {
+    const flags = [];
+    const isDeprecated = typeof meta.deprecated === "string" && meta.deprecated.length > 0;
+    const now = Date.now();
+    let lastPublished = null;
+    let daysSinceLastRelease = null;
+    if (meta.time) {
+        const releaseTimes = Object.entries(meta.time)
+            .filter(([k]) => k !== "created" && k !== "modified")
+            .map(([, v]) => new Date(v).getTime())
+            .filter((t) => !Number.isNaN(t))
+            .sort((a, b) => b - a);
+        if (releaseTimes[0]) {
+            lastPublished = new Date(releaseTimes[0]).toISOString().slice(0, 10);
+            daysSinceLastRelease = Math.floor((now - releaseTimes[0]) / (1000 * 60 * 60 * 24));
+        }
+    }
+    if (isDeprecated && options.includeDeprecated)
+        flags.push("deprecated");
+    if (daysSinceLastRelease !== null && daysSinceLastRelease > options.staleDays)
+        flags.push("stale");
+    if (daysSinceLastRelease !== null &&
+        daysSinceLastRelease > options.staleDays * 2)
+        flags.push("unmaintained");
+    return {
+        name,
+        currentVersion,
+        lastPublished,
+        isDeprecated,
+        deprecatedMessage: isDeprecated ? meta.deprecated : undefined,
+        isArchived: false, // Would require GitHub API; deferred
+        daysSinceLastRelease,
+        flags,
+    };
+}
+function renderHealthTable(metrics) {
+    const flagged = metrics.filter((m) => m.flags.length > 0);
+    if (flagged.length === 0)
+        return "✔ All packages appear healthy.\n";
+    const lines = [
+        `Found ${flagged.length} package${flagged.length === 1 ? "" : "s"} with health concerns:\n`,
+        "Package".padEnd(30) +
+            "Flags".padEnd(25) +
+            "Last Release".padEnd(15) +
+            "Message",
+        "─".repeat(90),
+    ];
+    for (const m of flagged) {
+        const name = m.name.slice(0, 28).padEnd(30);
+        const flags = m.flags.join(", ").padEnd(25);
+        const lastRel = (m.lastPublished ?? "unknown").padEnd(15);
+        const msg = m.deprecatedMessage ??
+            (m.daysSinceLastRelease !== null ? `${m.daysSinceLastRelease}d ago` : "");
+        lines.push(`${name}${flags}${lastRel}${msg}`);
+    }
+    return lines.join("\n");
+}
+/**
+ * Lazy-loaded entry point for `rup health`.
+ * Discovers packages, queries npm registry for publication metadata,
+ * detects stale and deprecated packages, and renders a health report.
+ */
+export async function runHealth(options) {
+    const result = {
+        metrics: [],
+        totalFlagged: 0,
+        errors: [],
+        warnings: [],
+    };
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const versionMap = new Map();
+    for (const dir of packageDirs) {
+        let manifest;
+        try {
+            manifest = await readManifest(dir);
+        }
+        catch (error) {
+            result.errors.push(`Failed to read package.json in ${dir}: ${String(error)}`);
+            continue;
+        }
+        const deps = collectDependencies(manifest, [
+            "dependencies",
+            "devDependencies",
+            "optionalDependencies",
+        ]);
+        for (const dep of deps) {
+            if (!versionMap.has(dep.name)) {
+                versionMap.set(dep.name, dep.range.replace(/^[\^~>=<]/, ""));
+            }
+        }
+    }
+    const entries = [...versionMap.entries()];
+    process.stderr.write(`[health] Analyzing ${entries.length} packages...\n`);
+    const tasks = entries.map(([name, version]) => async () => {
+        const meta = await fetchNpmMeta(name, options.registryTimeoutMs);
+        return analyzePackage(name, version, meta, options);
+    });
+    const rawResults = await asyncPool(options.concurrency, tasks);
+    const metrics = rawResults.filter((r) => !(r instanceof Error));
+    result.metrics = metrics.sort((a, b) => (b.daysSinceLastRelease ?? 0) - (a.daysSinceLastRelease ?? 0));
+    result.totalFlagged = result.metrics.filter((m) => m.flags.length > 0).length;
+    process.stdout.write(renderHealthTable(result.metrics) + "\n");
+    if (options.jsonFile) {
+        await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
+        process.stderr.write(`[health] JSON report written to ${options.jsonFile}\n`);
+    }
+    return result;
+}

package/dist/config/loader.d.ts

@@ -1,4 +1,4 @@
-import type { CiProfile, DependencyKind, FailOnLevel, GroupBy, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
+import type { CiProfile, DependencyKind, FailOnLevel, GroupBy, LockfileMode, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
 export interface FileConfig {
     target?: TargetLevel;
     filter?: string;
@@ -12,7 +12,10 @@ export interface FileConfig {
     githubOutputFile?: string;
     sarifFile?: string;
     concurrency?: number;
+    registryTimeoutMs?: number;
+    registryRetries?: number;
     offline?: boolean;
+    stream?: boolean;
     policyFile?: string;
     prReportFile?: string;
     failOn?: FailOnLevel;
@@ -31,6 +34,7 @@ export interface FileConfig {
     prLimit?: number;
     onlyChanged?: boolean;
     ciProfile?: CiProfile;
+    lockfileMode?: LockfileMode;
     install?: boolean;
     packageManager?: "auto" | "npm" | "pnpm";
     sync?: boolean;

package/dist/config/policy.d.ts

@@ -11,6 +11,8 @@ export interface PolicyConfig {
         allowPrerelease?: boolean;
         group?: string;
         priority?: number;
+        target?: TargetLevel;
+        autofix?: boolean;
     }>;
 }
 export interface PolicyRule {
@@ -22,6 +24,8 @@ export interface PolicyRule {
     allowPrerelease?: boolean;
     group?: string;
     priority?: number;
+    target?: TargetLevel;
+    autofix?: boolean;
 }
 export interface ResolvedPolicy {
     ignorePatterns: string[];

package/dist/config/policy.js

@@ -46,6 +46,8 @@ function normalizeRule(rule) {
         allowPrerelease: rule.allowPrerelease === true,
         group: typeof rule.group === "string" && rule.group.trim().length > 0 ? rule.group.trim() : undefined,
         priority: asNonNegativeInt(rule.priority),
+        target: rule.target,
+        autofix: rule.autofix !== false,
     };
 }
 function asNonNegativeInt(value) {

package/dist/core/check.js

@@ -1,4 +1,5 @@
 import path from "node:path";
+import process from "node:process";
 import { collectDependencies, readManifest } from "../parsers/package-json.js";
 import { matchesPattern } from "../utils/pattern.js";
 import { applyRangeStyle, classifyDiff, clampTarget, pickTargetVersionFromAvailable } from "../utils/semver.js";
@@ -18,7 +19,10 @@ export async function check(options) {
     const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
     discoveryMs += Date.now() - discoveryStartedAt;
     const cache = await VersionCache.create();
-    const registryClient = new NpmRegistryClient(options.cwd);
+    const registryClient = new NpmRegistryClient(options.cwd, {
+        timeoutMs: options.registryTimeoutMs,
+        retries: options.registryRetries,
+    });
     const policy = await loadPolicy(options.cwd, options.policyFile);
     const updates = [];
     const errors = [];
@@ -30,6 +34,14 @@ export async function check(options) {
     const tasks = [];
     let skipped = 0;
     let cooldownSkipped = 0;
+    let streamedEvents = 0;
+    let policyOverridesApplied = 0;
+    const emitStream = (message) => {
+        if (!options.stream)
+            return;
+        streamedEvents += 1;
+        process.stdout.write(`${message}\n`);
+    };
     for (const packageDir of packageDirs) {
         let manifest;
         try {
@@ -49,10 +61,14 @@ export async function check(options) {
             const rule = resolvePolicyRule(dep.name, policy);
             if (rule?.ignore === true) {
                 skipped += 1;
+                policyOverridesApplied += 1;
+                emitStream(`[policy-ignore] ${dep.name}`);
                 continue;
             }
             if (policy.ignorePatterns.some((pattern) => matchesPattern(dep.name, pattern))) {
                 skipped += 1;
+                policyOverridesApplied += 1;
+                emitStream(`[policy-ignore-pattern] ${dep.name}`);
                 continue;
             }
             tasks.push({ packageDir, dependency: dep });
@@ -99,6 +115,8 @@ export async function check(options) {
             const registryStartedAt = Date.now();
             const fetched = await registryClient.resolveManyPackageMetadata(unresolvedPackages, {
                 concurrency: options.concurrency,
+                retries: options.registryRetries,
+                timeoutMs: options.registryTimeoutMs,
             });
             registryMs += Date.now() - registryStartedAt;
             const cacheWriteStartedAt = Date.now();
@@ -126,6 +144,7 @@ export async function check(options) {
                 }
                 else {
                     errors.push(`Unable to resolve ${packageName}: ${error}`);
+                    emitStream(`[error] Unable to resolve ${packageName}: ${error}`);
                 }
             }
             cacheMs += Date.now() - cacheStaleStartedAt;
@@ -136,12 +155,17 @@ export async function check(options) {
         if (!metadata?.latestVersion)
             continue;
         const rule = resolvePolicyRule(task.dependency.name, policy);
-        const effectiveTarget = clampTarget(options.target, rule?.maxTarget);
+        const baseTarget = rule?.target ?? options.target;
+        const effectiveTarget = clampTarget(baseTarget, rule?.maxTarget);
+        if (rule?.target || rule?.maxTarget || rule?.autofix === false) {
+            policyOverridesApplied += 1;
+        }
         const picked = pickTargetVersionFromAvailable(task.dependency.range, metadata.availableVersions, metadata.latestVersion, effectiveTarget);
         if (!picked)
             continue;
         if (shouldSkipByCooldown(picked, metadata.publishedAtByVersion, options.cooldownDays, policy.cooldownDays, rule?.cooldownDays)) {
             cooldownSkipped += 1;
+            emitStream(`[cooldown-skip] ${task.dependency.name}@${picked}`);
             continue;
         }
         const nextRange = applyRangeStyle(task.dependency.range, picked);
@@ -156,14 +180,17 @@ export async function check(options) {
             toVersionResolved: picked,
             diffType: classifyDiff(task.dependency.range, picked),
             filtered: false,
+            autofix: rule?.autofix !== false,
             reason: rule?.maxTarget ? `policy maxTarget=${rule.maxTarget}` : undefined,
         });
+        emitStream(`[update] ${task.dependency.name} ${task.dependency.range} -> ${nextRange} (${classifyDiff(task.dependency.range, picked)})`);
     }
     const grouped = groupUpdates(updates, options.groupBy);
     const groupedUpdates = grouped.length;
     const groupedSorted = sortUpdates(grouped.flatMap((group) => group.items));
     const groupedCapped = typeof options.groupMax === "number" ? groupedSorted.slice(0, options.groupMax) : groupedSorted;
-    const ruleLimited = applyRuleUpdateCaps(groupedCapped, policy);
+    const prioritized = applyPolicyPrioritySort(groupedCapped, policy);
+    const ruleLimited = applyRuleUpdateCaps(prioritized, policy);
     const prLimited = typeof options.prLimit === "number" ? ruleLimited.slice(0, options.prLimit) : ruleLimited;
     const limitedUpdates = sortUpdates(prLimited);
     const prLimitHit = typeof options.prLimit === "number" && groupedSorted.length > options.prLimit;
@@ -189,7 +216,9 @@ export async function check(options) {
         cooldownSkipped,
         ciProfile: options.ciProfile,
         prLimitHit,
+        policyOverridesApplied,
     }));
+    summary.streamedEvents = streamedEvents;
     return {
         projectPath: options.cwd,
         packagePaths: packageDirs,
@@ -266,6 +295,30 @@ function applyRuleUpdateCaps(updates, policy) {
     }
     return limited;
 }
+function applyPolicyPrioritySort(updates, policy) {
+    return [...updates].sort((left, right) => {
+        const leftPriority = resolvePolicyRule(left.name, policy)?.priority ?? 0;
+        const rightPriority = resolvePolicyRule(right.name, policy)?.priority ?? 0;
+        if (leftPriority !== rightPriority)
+            return rightPriority - leftPriority;
+        const byRisk = riskRank(left.diffType) - riskRank(right.diffType);
+        if (byRisk !== 0)
+            return byRisk;
+        const byName = left.name.localeCompare(right.name);
+        if (byName !== 0)
+            return byName;
+        return left.packagePath.localeCompare(right.packagePath);
+    });
+}
+function riskRank(value) {
+    if (value === "patch")
+        return 0;
+    if (value === "minor")
+        return 1;
+    if (value === "major")
+        return 2;
+    return 3;
+}
 function sortUpdates(updates) {
     return [...updates].sort((left, right) => {
         const byPath = left.packagePath.localeCompare(right.packagePath);