@rainy-updates/cli 0.5.1 → 0.5.2-rc.1

package/dist/commands/licenses/sbom.js

@@ -0,0 +1,70 @@
+import { randomUUID } from "node:crypto";
+import path from "node:path";
+/**
+ * Generates an SPDX 2.3 compliant SBOM JSON document from a list of
+ * scanned package licenses.
+ *
+ * SPDX 2.3 spec: https://spdx.github.io/spdx-spec/v2.3/
+ * Required by: CISA SBOM mandate, EU Cyber Resilience Act, many enterprise
+ * security standards.
+ */
+export function generateSbom(packages, projectName) {
+    const docId = `SPDXRef-DOCUMENT`;
+    const rootId = `SPDXRef-Package-root`;
+    const timestamp = new Date().toISOString();
+    const namespace = `https://spdx.org/spdxdocs/${encodeURIComponent(path.basename(projectName))}-${randomUUID()}`;
+    const spdxPackages = [
+        // Root package entry
+        {
+            SPDXID: rootId,
+            name: path.basename(projectName),
+            versionInfo: "NOASSERTION",
+            downloadLocation: "NOASSERTION",
+            licenseConcluded: "NOASSERTION",
+            licenseDeclared: "NOASSERTION",
+            copyrightText: "NOASSERTION",
+        },
+        // One entry per dependency
+        ...packages.map((pkg) => ({
+            SPDXID: toSpdxId(pkg.name, pkg.version),
+            name: pkg.name,
+            versionInfo: pkg.version,
+            downloadLocation: pkg.repository
+                ? normalizeRepoUrl(pkg.repository)
+                : `https://www.npmjs.com/package/${encodeURIComponent(pkg.name)}`,
+            licenseConcluded: pkg.spdxExpression ?? "NOASSERTION",
+            licenseDeclared: pkg.spdxExpression ?? "NOASSERTION",
+            copyrightText: "NOASSERTION",
+        })),
+    ];
+    const relationships = [
+        {
+            spdxElementId: docId,
+            relationshipType: "DESCRIBES",
+            relatedSpdxElement: rootId,
+        },
+        ...packages.map((pkg) => ({
+            spdxElementId: rootId,
+            relationshipType: "DEPENDS_ON",
+            relatedSpdxElement: toSpdxId(pkg.name, pkg.version),
+        })),
+    ];
+    return {
+        spdxVersion: "SPDX-2.3",
+        dataLicense: "CC0-1.0",
+        name: `SBOM for ${path.basename(projectName)}`,
+        documentNamespace: namespace,
+        packages: spdxPackages,
+        relationships,
+    };
+}
+/** Converts a package name + version to a valid SPDX ID. */
+function toSpdxId(name, version) {
+    const safe = `${name}-${version}`.replace(/[^a-zA-Z0-9-.]/g, "-");
+    return `SPDXRef-Package-${safe}`;
+}
+/** Normalize various repository URL formats to a clean string. */
+function normalizeRepoUrl(raw) {
+    // git+https://... or git://...
+    return raw.replace(/^git\+/, "").replace(/\.git$/, "");
+}

package/dist/commands/resolve/graph/builder.d.ts

@@ -0,0 +1,20 @@
+import type { PeerGraph, ResolveOptions } from "../../../types/index.js";
+/**
+ * Builds an in-memory PeerGraph from the direct dependencies declared in
+ * package.json, enriched with peerDependency ranges fetched from the registry.
+ *
+ * Performance strategy:
+ *   - Collect all unique package names first (single pass)
+ *   - Check cache for packument data (zero network cost on cache hit)
+ *   - Fetch missing ones via asyncPool (parallel, up to options.concurrency)
+ *   - Build PeerGraph from merged results
+ *
+ * The graph only contains packages that declare peerDependencies — packages
+ * without peers are implicitly conflict-free and excluded to keep the graph lean.
+ */
+export declare function buildPeerGraph(options: ResolveOptions, 
+/**
+ * Optional override of the resolved versions map (used by --after-update mode
+ * to inject proposed upgrade versions before writing them to disk).
+ */
+resolvedVersionOverrides?: Map<string, string>): Promise<PeerGraph>;

package/dist/commands/resolve/graph/builder.js

@@ -0,0 +1,183 @@
+import { asyncPool } from "../../../utils/async-pool.js";
+import { VersionCache } from "../../../cache/cache.js";
+import { NpmRegistryClient } from "../../../registry/npm.js";
+import { readManifest, collectDependencies, } from "../../../parsers/package-json.js";
+import { discoverPackageDirs } from "../../../workspace/discover.js";
+/**
+ * Builds an in-memory PeerGraph from the direct dependencies declared in
+ * package.json, enriched with peerDependency ranges fetched from the registry.
+ *
+ * Performance strategy:
+ *   - Collect all unique package names first (single pass)
+ *   - Check cache for packument data (zero network cost on cache hit)
+ *   - Fetch missing ones via asyncPool (parallel, up to options.concurrency)
+ *   - Build PeerGraph from merged results
+ *
+ * The graph only contains packages that declare peerDependencies — packages
+ * without peers are implicitly conflict-free and excluded to keep the graph lean.
+ */
+export async function buildPeerGraph(options, 
+/**
+ * Optional override of the resolved versions map (used by --after-update mode
+ * to inject proposed upgrade versions before writing them to disk).
+ */
+resolvedVersionOverrides) {
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const cache = await VersionCache.create();
+    const registry = new NpmRegistryClient(options.cwd, {
+        timeoutMs: options.registryTimeoutMs,
+        retries: 2,
+    });
+    // ─ Step 1: collect all declared dependencies and their current versions ────
+    const declaredVersions = new Map(); // name → range/version
+    const roots = [];
+    for (const packageDir of packageDirs) {
+        let manifest;
+        try {
+            manifest = await readManifest(packageDir);
+        }
+        catch {
+            continue;
+        }
+        const deps = collectDependencies(manifest, [
+            "dependencies",
+            "devDependencies",
+            "optionalDependencies",
+        ]);
+        for (const dep of deps) {
+            if (!declaredVersions.has(dep.name)) {
+                // Strip range prefix to get a bare version for peer satisfaction checks
+                const bare = dep.range.replace(/^[~^>=<]/, "").split(" ")[0] ?? dep.range;
+                declaredVersions.set(dep.name, bare);
+                roots.push(dep.name);
+            }
+        }
+    }
+    // Apply version overrides (--after-update mode)
+    if (resolvedVersionOverrides) {
+        for (const [name, version] of resolvedVersionOverrides) {
+            declaredVersions.set(name, version);
+        }
+    }
+    const packageNames = Array.from(declaredVersions.keys());
+    // ─ Step 2: fetch peer dependency data ─────────────────────────────────────
+    // Check cache first, then fetch missing ones from registry
+    const peerDataByName = new Map();
+    const uncached = [];
+    for (const name of packageNames) {
+        const cached = await cache.getAny(name, "latest");
+        const resolvedVersion = resolvedVersionOverrides?.get(name) ??
+            declaredVersions.get(name) ??
+            "0.0.0";
+        if (cached) {
+            // We have cached packument; peer deps would need a separate field.
+            // For now, initialize with empty peers (fetched below if needed).
+            peerDataByName.set(name, {
+                resolvedVersion,
+                peerRequirements: new Map(),
+            });
+        }
+        else {
+            uncached.push(name);
+        }
+    }
+    // Fetch peer deps for packages not in cache
+    if (uncached.length > 0) {
+        const fetched = await registry.resolveManyPackageMetadata(uncached, {
+            concurrency: options.concurrency,
+            timeoutMs: options.registryTimeoutMs,
+            retries: 2,
+        });
+        for (const name of uncached) {
+            const resolvedVersion = resolvedVersionOverrides?.get(name) ??
+                declaredVersions.get(name) ??
+                "0.0.0";
+            peerDataByName.set(name, {
+                resolvedVersion,
+                peerRequirements: new Map(), // peer deps from packument handled below
+            });
+        }
+        // The registry packument includes peerDependencies in the version object.
+        // Fetch peer deps via a targeted per-package request for the resolved version.
+        const peerFetchTasks = uncached.map((name) => async () => {
+            const resolvedVersion = resolvedVersionOverrides?.get(name) ??
+                declaredVersions.get(name) ??
+                "0.0.0";
+            const peerDeps = await fetchPeerDepsForVersion(name, resolvedVersion, options.registryTimeoutMs);
+            const existing = peerDataByName.get(name);
+            if (existing) {
+                existing.peerRequirements = peerDeps;
+            }
+        });
+        await asyncPool(options.concurrency, peerFetchTasks);
+    }
+    // Also fetch peer deps for cached packages where we don't have peer data
+    const cachedPeerFetchTasks = packageNames
+        .filter((n) => !uncached.includes(n))
+        .map((name) => async () => {
+        const resolvedVersion = resolvedVersionOverrides?.get(name) ??
+            declaredVersions.get(name) ??
+            "0.0.0";
+        const peerDeps = await fetchPeerDepsForVersion(name, resolvedVersion, options.registryTimeoutMs);
+        const existing = peerDataByName.get(name);
+        if (existing && peerDeps.size > 0) {
+            existing.peerRequirements = peerDeps;
+        }
+    });
+    await asyncPool(options.concurrency, cachedPeerFetchTasks);
+    // ─ Step 3: assemble PeerGraph ─────────────────────────────────────────────
+    const nodes = new Map();
+    for (const [name, metadata] of peerDataByName) {
+        if (metadata.peerRequirements.size > 0) {
+            nodes.set(name, {
+                name,
+                resolvedVersion: metadata.resolvedVersion,
+                peerRequirements: metadata.peerRequirements,
+            });
+        }
+    }
+    // Also add nodes that are referenced AS peers (so the resolver can look them up)
+    for (const [, node] of nodes) {
+        for (const [peerName] of node.peerRequirements) {
+            if (!nodes.has(peerName) && declaredVersions.has(peerName)) {
+                const meta = peerDataByName.get(peerName);
+                nodes.set(peerName, {
+                    name: peerName,
+                    resolvedVersion: meta?.resolvedVersion ?? declaredVersions.get(peerName) ?? "0.0.0",
+                    peerRequirements: new Map(), // this node has no peer requirements of its own
+                });
+            }
+        }
+    }
+    return { nodes, roots: [...new Set(roots)] };
+}
+/**
+ * Fetches peerDependencies for a specific version of a package directly from
+ * the npm registry packument. Returns an empty Map on any failure.
+ */
+async function fetchPeerDepsForVersion(packageName, version, timeoutMs) {
+    const peerDeps = new Map();
+    try {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), timeoutMs);
+        const url = `https://registry.npmjs.org/${encodeURIComponent(packageName)}`;
+        const response = await fetch(url, {
+            signal: controller.signal,
+            headers: { accept: "application/json" },
+        });
+        clearTimeout(timer);
+        if (!response.ok)
+            return peerDeps;
+        const packument = (await response.json());
+        const versionData = packument.versions?.[version];
+        if (!versionData?.peerDependencies)
+            return peerDeps;
+        for (const [peer, range] of Object.entries(versionData.peerDependencies)) {
+            peerDeps.set(peer, range);
+        }
+    }
+    catch {
+        // Network/parse failure — return empty peer map (no false positives)
+    }
+    return peerDeps;
+}

package/dist/commands/resolve/graph/conflict.d.ts

@@ -0,0 +1,20 @@
+import type { PeerConflict } from "../../../types/index.js";
+interface ConflictInput {
+    requester: string;
+    peer: string;
+    requiredRange: string;
+    resolvedVersion: string;
+    isInstalled: boolean;
+}
+/**
+ * Classifies a potential peer conflict and generates a human-readable suggestion.
+ *
+ * Severity rules:
+ *   "error"   — peer is not installed at all
+ *   "error"   — resolved version is outside the required range entirely
+ *               (would produce ERESOLVE in npm)
+ *   "warning" — resolved version satisfies a subrange of the requirement
+ *               but crosses a major boundary (soft peer warning in npm 7+)
+ */
+export declare function classifyConflict(input: ConflictInput): PeerConflict;
+export {};

package/dist/commands/resolve/graph/conflict.js

@@ -0,0 +1,52 @@
+import { parseVersion } from "../../../utils/semver.js";
+/**
+ * Classifies a potential peer conflict and generates a human-readable suggestion.
+ *
+ * Severity rules:
+ *   "error"   — peer is not installed at all
+ *   "error"   — resolved version is outside the required range entirely
+ *               (would produce ERESOLVE in npm)
+ *   "warning" — resolved version satisfies a subrange of the requirement
+ *               but crosses a major boundary (soft peer warning in npm 7+)
+ */
+export function classifyConflict(input) {
+    const severity = determineSeverity(input);
+    const suggestion = buildSuggestion(input);
+    return {
+        requester: input.requester,
+        peer: input.peer,
+        requiredRange: input.requiredRange,
+        resolvedVersion: input.resolvedVersion,
+        severity,
+        suggestion,
+    };
+}
+function determineSeverity(input) {
+    if (!input.isInstalled)
+        return "error";
+    // If we can parse both versions, check if they're in the same major series
+    const resolved = parseVersion(input.resolvedVersion);
+    const rangeVersion = extractBaseVersion(input.requiredRange);
+    if (!resolved || !rangeVersion) {
+        // Can't parse → assume it's a hard error to be safe
+        return "error";
+    }
+    // Different major → ERESOLVE-level incompatibility
+    if (resolved.major !== rangeVersion.major)
+        return "error";
+    // Same major but version is below the floor declared in the range → error
+    // (e.g. resolved=18.1.0 required=^18.3.0 — same major but concrete floor missed)
+    return "warning";
+}
+function extractBaseVersion(range) {
+    const stripped = range.trim().replace(/^[~^>=<]+/, "");
+    return parseVersion(stripped.split(" ")[0] ?? stripped);
+}
+function buildSuggestion(input) {
+    if (!input.isInstalled) {
+        return `Install ${input.peer}@${input.requiredRange} — required by ${input.requester} but not found in the dependency tree`;
+    }
+    const clean = input.requiredRange.replace(/^[~^]/, "");
+    return (`Upgrade ${input.peer} from ${input.resolvedVersion} to ${clean} ` +
+        `(required by ${input.requester}: "${input.peer}": "${input.requiredRange}")`);
+}

package/dist/commands/resolve/graph/resolver.d.ts

@@ -0,0 +1,17 @@
+import type { PeerGraph, PeerConflict } from "../../../types/index.js";
+/**
+ * Resolves peer conflicts in the given PeerGraph.
+ *
+ * Algorithm: single-pass BFS over the graph.
+ *   For each node N that has peer requirements:
+ *     For each (peerName, requiredRange) in N.peerRequirements:
+ *       1. Look up peerName in the graph (the resolved version we have)
+ *       2. Call satisfies(resolvedVersion, requiredRange)
+ *       3. If not satisfied → conflict
+ *
+ * Complexity: O(n × max_peers_per_package) — effectively O(n) since
+ * peerDependencies counts are always small (< 10 in practice).
+ *
+ * Returns an array of conflicts sorted by severity (errors first) then by name.
+ */
+export declare function resolvePeerConflicts(graph: PeerGraph): PeerConflict[];

package/dist/commands/resolve/graph/resolver.js

@@ -0,0 +1,71 @@
+import { satisfies } from "../../../utils/semver.js";
+import { classifyConflict } from "./conflict.js";
+/**
+ * Resolves peer conflicts in the given PeerGraph.
+ *
+ * Algorithm: single-pass BFS over the graph.
+ *   For each node N that has peer requirements:
+ *     For each (peerName, requiredRange) in N.peerRequirements:
+ *       1. Look up peerName in the graph (the resolved version we have)
+ *       2. Call satisfies(resolvedVersion, requiredRange)
+ *       3. If not satisfied → conflict
+ *
+ * Complexity: O(n × max_peers_per_package) — effectively O(n) since
+ * peerDependencies counts are always small (< 10 in practice).
+ *
+ * Returns an array of conflicts sorted by severity (errors first) then by name.
+ */
+export function resolvePeerConflicts(graph) {
+    const conflicts = [];
+    const queue = [...graph.roots];
+    const visited = new Set();
+    // BFS traversal so we process in dependency order (roots first)
+    while (queue.length > 0) {
+        const name = queue.shift();
+        if (visited.has(name))
+            continue;
+        visited.add(name);
+        const node = graph.nodes.get(name);
+        if (!node) {
+            // Queue children: any node that references `name` as a peer
+            // (they will be checked when processed)
+            continue;
+        }
+        for (const [peerName, requiredRange] of node.peerRequirements) {
+            const peerNode = graph.nodes.get(peerName);
+            if (!peerNode) {
+                // Package not in the dependency tree at all → hard error
+                conflicts.push(classifyConflict({
+                    requester: name,
+                    peer: peerName,
+                    requiredRange,
+                    resolvedVersion: "(not installed)",
+                    isInstalled: false,
+                }));
+                continue;
+            }
+            const peerVersion = peerNode.resolvedVersion;
+            const satisfied = satisfies(peerVersion, requiredRange);
+            if (!satisfied) {
+                conflicts.push(classifyConflict({
+                    requester: name,
+                    peer: peerName,
+                    requiredRange,
+                    resolvedVersion: peerVersion,
+                    isInstalled: true,
+                }));
+            }
+            // Always enqueue the peer for processing
+            if (!visited.has(peerName)) {
+                queue.push(peerName);
+            }
+        }
+    }
+    // Sort: errors first, then warnings; within category sort by requester name
+    return conflicts.sort((a, b) => {
+        if (a.severity !== b.severity) {
+            return a.severity === "error" ? -1 : 1;
+        }
+        return a.requester.localeCompare(b.requester);
+    });
+}

package/dist/commands/resolve/parser.d.ts

@@ -0,0 +1,2 @@
+import type { ResolveOptions } from "../../types/index.js";
+export declare function parseResolveArgs(args: string[]): ResolveOptions;

package/dist/commands/resolve/parser.js

@@ -0,0 +1,89 @@
+export function parseResolveArgs(args) {
+    const options = {
+        cwd: process.cwd(),
+        workspace: false,
+        afterUpdate: false,
+        safe: false,
+        jsonFile: undefined,
+        concurrency: 12,
+        registryTimeoutMs: 10_000,
+        cacheTtlSeconds: 3600,
+    };
+    for (let i = 0; i < args.length; i++) {
+        const current = args[i];
+        const next = args[i + 1];
+        if (current === "--cwd" && next) {
+            options.cwd = next;
+            i++;
+            continue;
+        }
+        if (current === "--cwd")
+            throw new Error("Missing value for --cwd");
+        if (current === "--workspace") {
+            options.workspace = true;
+            continue;
+        }
+        if (current === "--after-update") {
+            options.afterUpdate = true;
+            continue;
+        }
+        if (current === "--safe") {
+            options.safe = true;
+            continue;
+        }
+        if (current === "--json-file" && next) {
+            options.jsonFile = next;
+            i++;
+            continue;
+        }
+        if (current === "--json-file")
+            throw new Error("Missing value for --json-file");
+        if (current === "--concurrency" && next) {
+            const n = Number(next);
+            if (!Number.isInteger(n) || n <= 0)
+                throw new Error("--concurrency must be a positive integer");
+            options.concurrency = n;
+            i++;
+            continue;
+        }
+        if (current === "--concurrency")
+            throw new Error("Missing value for --concurrency");
+        if (current === "--timeout" && next) {
+            const ms = Number(next);
+            if (!Number.isFinite(ms) || ms <= 0)
+                throw new Error("--timeout must be a positive number");
+            options.registryTimeoutMs = ms;
+            i++;
+            continue;
+        }
+        if (current === "--timeout")
+            throw new Error("Missing value for --timeout");
+        if (current === "--help" || current === "-h") {
+            process.stdout.write(RESOLVE_HELP);
+            process.exit(0);
+        }
+        if (current.startsWith("-"))
+            throw new Error(`Unknown option: ${current}`);
+    }
+    return options;
+}
+const RESOLVE_HELP = `
+rup resolve — Detect peer dependency conflicts (pure-TS, no subprocess spawn)
+
+Usage:
+  rup resolve [options]
+
+Options:
+  --after-update        Simulate conflicts after applying pending \`rup check\` updates
+  --safe                Exit non-zero if any error-level conflicts exist
+  --workspace           Scan all workspace packages
+  --json-file <path>    Write JSON conflict report to file
+  --timeout <ms>        Registry request timeout in ms (default: 10000)
+  --concurrency <n>     Parallel registry requests (default: 12)
+  --cwd <path>          Working directory (default: cwd)
+  --help                Show this help
+
+Exit codes:
+  0  No conflicts
+  1  One or more peer conflicts detected
+`.trimStart();

package/dist/commands/resolve/runner.d.ts

@@ -0,0 +1,13 @@
+import type { ResolveOptions, ResolveResult } from "../../types/index.js";
+/**
+ * Entry point for `rup resolve`. Lazy-loaded by cli.ts.
+ *
+ * Modes:
+ *   default          — check current peer-dep state for conflicts
+ *   --after-update   — re-check after applying pending `rup check` updates
+ *                      in-memory (reads proposed versions from check runner)
+ *
+ * The pure-TS peer graph is assembled entirely from registry data; no subprocess
+ * is spawned. When the cache is warm this completes in < 1 s for typical projects.
+ */
+export declare function runResolve(options: ResolveOptions): Promise<ResolveResult>;

package/dist/commands/resolve/runner.js

@@ -0,0 +1,136 @@
+import process from "node:process";
+import { buildPeerGraph } from "./graph/builder.js";
+import { resolvePeerConflicts } from "./graph/resolver.js";
+import { stableStringify } from "../../utils/stable-json.js";
+import { writeFileAtomic } from "../../utils/io.js";
+/**
+ * Entry point for `rup resolve`. Lazy-loaded by cli.ts.
+ *
+ * Modes:
+ *   default          — check current peer-dep state for conflicts
+ *   --after-update   — re-check after applying pending `rup check` updates
+ *                      in-memory (reads proposed versions from check runner)
+ *
+ * The pure-TS peer graph is assembled entirely from registry data; no subprocess
+ * is spawned. When the cache is warm this completes in < 1 s for typical projects.
+ */
+export async function runResolve(options) {
+    const result = {
+        conflicts: [],
+        errorConflicts: 0,
+        warningConflicts: 0,
+        errors: [],
+        warnings: [],
+    };
+    let versionOverrides;
+    if (options.afterUpdate) {
+        versionOverrides = await fetchProposedVersions(options);
+        if (versionOverrides.size === 0) {
+            process.stderr.write("[resolve] No pending updates found — checking current state.\n");
+        }
+    }
+    let graph;
+    try {
+        graph = await buildPeerGraph(options, versionOverrides);
+    }
+    catch (err) {
+        result.errors.push(`Failed to build peer graph: ${String(err)}`);
+        return result;
+    }
+    const conflicts = resolvePeerConflicts(graph);
+    result.conflicts = conflicts;
+    result.errorConflicts = conflicts.filter((c) => c.severity === "error").length;
+    result.warningConflicts = conflicts.filter((c) => c.severity === "warning").length;
+    process.stdout.write(renderConflictsTable(result, options) + "\n");
+    if (options.jsonFile) {
+        await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
+        process.stderr.write(`[resolve] JSON report written to ${options.jsonFile}\n`);
+    }
+    return result;
+}
+/**
+ * In --after-update mode, runs `rup check` logic in read-only mode to get
+ * the proposed new versions, returning them as a version override map.
+ */
+async function fetchProposedVersions(options) {
+    const overrides = new Map();
+    try {
+        const { check } = await import("../../core/check.js");
+        const checkResult = await check({
+            cwd: options.cwd,
+            workspace: options.workspace,
+            concurrency: options.concurrency,
+            target: "latest",
+            filter: undefined,
+            reject: undefined,
+            includeKinds: ["dependencies", "devDependencies", "optionalDependencies"],
+            ci: false,
+            format: "table",
+            jsonFile: undefined,
+            githubOutputFile: undefined,
+            sarifFile: undefined,
+            cacheTtlSeconds: options.cacheTtlSeconds,
+            registryTimeoutMs: options.registryTimeoutMs,
+            registryRetries: 2,
+            offline: false,
+            stream: false,
+            policyFile: undefined,
+            prReportFile: undefined,
+            failOn: "none",
+            maxUpdates: undefined,
+            fixPr: false,
+            fixBranch: "chore/rainy-updates",
+            fixCommitMessage: undefined,
+            fixDryRun: false,
+            fixPrNoCheckout: false,
+            fixPrBatchSize: undefined,
+            noPrReport: false,
+            logLevel: "info",
+            groupBy: "none",
+            groupMax: undefined,
+            cooldownDays: undefined,
+            prLimit: undefined,
+            onlyChanged: false,
+            ciProfile: "minimal",
+            lockfileMode: "preserve",
+        });
+        for (const update of checkResult.updates ?? []) {
+            overrides.set(update.name, update.toVersionResolved);
+        }
+    }
+    catch {
+        // If check fails, fall back to current state (no overrides)
+    }
+    return overrides;
+}
+function renderConflictsTable(result, options) {
+    const { conflicts } = result;
+    if (conflicts.length === 0) {
+        return options.afterUpdate
+            ? "✔ No peer conflicts detected after proposed updates are applied."
+            : "✔ No peer conflicts detected in current dependency tree.";
+    }
+    const lines = [];
+    const header = options.afterUpdate
+        ? `\nPeer conflicts after proposed updates (${conflicts.length} found):\n`
+        : `\nPeer conflicts in current dependency tree (${conflicts.length} found):\n`;
+    lines.push(header);
+    const errors = conflicts.filter((c) => c.severity === "error");
+    const warnings = conflicts.filter((c) => c.severity === "warning");
+    if (errors.length > 0) {
+        lines.push(`  ✖ Errors (${errors.length}) — would cause ERESOLVE on install:\n`);
+        for (const c of errors) {
+            lines.push(`    \x1b[31m✖\x1b[0m ${c.requester}  requires  ${c.peer}@${c.requiredRange}  got  ${c.resolvedVersion}`);
+            lines.push(`      → ${c.suggestion}`);
+        }
+        lines.push("");
+    }
+    if (warnings.length > 0) {
+        lines.push(`  ⚠ Warnings (${warnings.length}) — soft peer incompatibilities:\n`);
+        for (const c of warnings) {
+            lines.push(`    \x1b[33m⚠\x1b[0m ${c.requester}  requires  ${c.peer}@${c.requiredRange}  got  ${c.resolvedVersion}`);
+            lines.push(`      → ${c.suggestion}`);
+        }
+    }
+    return lines.join("\n");
+}