@rainy-updates/cli 0.5.2-rc.2 → 0.5.3

package/dist/core/review-model.js

@@ -0,0 +1,372 @@
+import path from "node:path";
+import process from "node:process";
+import { check } from "./check.js";
+import { createSummary, finalizeSummary } from "./summary.js";
+import { applyImpactScores } from "./impact.js";
+import { applyRiskAssessments } from "../risk/index.js";
+export async function buildReviewResult(options) {
+    const baseCheckOptions = {
+        ...options,
+        interactive: false,
+        showImpact: true,
+        showHomepage: true,
+    };
+    const checkResult = await check(baseCheckOptions);
+    const [auditResult, resolveResult, healthResult, licenseResult, unusedResult] = await Promise.all([
+        runSilenced(() => import("../commands/audit/runner.js").then((mod) => mod.runAudit(toAuditOptions(options)))),
+        runSilenced(() => import("../commands/resolve/runner.js").then((mod) => mod.runResolve(toResolveOptions(options)))),
+        runSilenced(() => import("../commands/health/runner.js").then((mod) => mod.runHealth(toHealthOptions(options)))),
+        runSilenced(() => import("../commands/licenses/runner.js").then((mod) => mod.runLicenses(toLicenseOptions(options)))),
+        runSilenced(() => import("../commands/unused/runner.js").then((mod) => mod.runUnused(toUnusedOptions(options)))),
+    ]);
+    const advisoryPackages = new Set(auditResult.packages.map((pkg) => pkg.packageName));
+    const impactedUpdates = applyImpactScores(checkResult.updates, {
+        advisoryPackages,
+        workspaceDependentCount: (name) => checkResult.updates.filter((item) => item.name === name).length,
+    });
+    const healthByName = new Map(healthResult.metrics.map((metric) => [metric.name, metric]));
+    const advisoriesByName = new Map();
+    const conflictsByName = new Map();
+    const licenseByName = new Map(licenseResult.packages.map((pkg) => [pkg.name, pkg]));
+    const licenseViolationNames = new Set(licenseResult.violations.map((pkg) => pkg.name));
+    const unusedByName = new Map();
+    for (const advisory of auditResult.advisories) {
+        const list = advisoriesByName.get(advisory.packageName) ?? [];
+        list.push(advisory);
+        advisoriesByName.set(advisory.packageName, list);
+    }
+    for (const conflict of resolveResult.conflicts) {
+        const list = conflictsByName.get(conflict.requester) ?? [];
+        list.push(conflict);
+        conflictsByName.set(conflict.requester, list);
+        const peerList = conflictsByName.get(conflict.peer) ?? [];
+        peerList.push(conflict);
+        conflictsByName.set(conflict.peer, peerList);
+    }
+    for (const issue of [...unusedResult.unused, ...unusedResult.missing]) {
+        const list = unusedByName.get(issue.name) ?? [];
+        list.push(issue);
+        unusedByName.set(issue.name, list);
+    }
+    const baseItems = impactedUpdates
+        .map((update) => enrichUpdate(update, advisoriesByName, conflictsByName, healthByName, licenseByName, licenseViolationNames, unusedByName))
+        .filter((item) => matchesReviewFilters(item, options));
+    const items = applyRiskAssessments(baseItems, {
+        knownPackageNames: new Set(checkResult.updates.map((item) => item.name)),
+    }).filter((item) => matchesReviewFilters(item, options));
+    const summary = createReviewSummary(checkResult.summary, items, [
+        ...checkResult.errors,
+        ...auditResult.errors,
+        ...resolveResult.errors,
+        ...healthResult.errors,
+        ...licenseResult.errors,
+        ...unusedResult.errors,
+    ], [
+        ...checkResult.warnings,
+        ...auditResult.warnings,
+        ...resolveResult.warnings,
+        ...healthResult.warnings,
+        ...licenseResult.warnings,
+        ...unusedResult.warnings,
+    ], options.interactive === true);
+    return {
+        projectPath: checkResult.projectPath,
+        target: checkResult.target,
+        summary,
+        items,
+        updates: items.map((item) => item.update),
+        errors: [...checkResult.errors, ...auditResult.errors, ...resolveResult.errors, ...healthResult.errors, ...licenseResult.errors, ...unusedResult.errors],
+        warnings: [...checkResult.warnings, ...auditResult.warnings, ...resolveResult.warnings, ...healthResult.warnings, ...licenseResult.warnings, ...unusedResult.warnings],
+    };
+}
+export function createDoctorResult(review) {
+    const verdict = review.summary.verdict ?? deriveVerdict(review.items, review.errors);
+    const primaryFindings = buildPrimaryFindings(review);
+    return {
+        verdict,
+        summary: review.summary,
+        review,
+        primaryFindings,
+        recommendedCommand: recommendCommand(review, verdict),
+    };
+}
+export function renderReviewResult(review) {
+    const lines = [];
+    lines.push(`Project: ${review.projectPath}`);
+    lines.push(`Target: ${review.target}`);
+    lines.push(`Verdict: ${review.summary.verdict ?? "safe"}`);
+    lines.push("");
+    if (review.items.length === 0) {
+        lines.push("No reviewable updates found.");
+    }
+    else {
+        lines.push("Updates:");
+        for (const item of review.items) {
+            const notes = [
+                item.update.diffType,
+                item.update.riskLevel ? `risk=${item.update.riskLevel}` : undefined,
+                typeof item.update.riskScore === "number"
+                    ? `score=${item.update.riskScore}`
+                    : undefined,
+                item.update.advisoryCount ? `security=${item.update.advisoryCount}` : undefined,
+                item.update.peerConflictSeverity && item.update.peerConflictSeverity !== "none"
+                    ? `peer=${item.update.peerConflictSeverity}`
+                    : undefined,
+                item.update.licenseStatus && item.update.licenseStatus !== "allowed"
+                    ? `license=${item.update.licenseStatus}`
+                    : undefined,
+            ].filter(Boolean);
+            lines.push(`- ${path.basename(item.update.packagePath)} :: ${item.update.name} ${item.update.fromRange} -> ${item.update.toRange} (${notes.join(", ")})`);
+            if (item.update.riskReasons && item.update.riskReasons.length > 0) {
+                lines.push(`  reasons: ${item.update.riskReasons.join("; ")}`);
+            }
+            if (item.update.recommendedAction) {
+                lines.push(`  action: ${item.update.recommendedAction}`);
+            }
+            if (item.update.homepage) {
+                lines.push(`  homepage: ${item.update.homepage}`);
+            }
+        }
+    }
+    if (review.errors.length > 0) {
+        lines.push("");
+        lines.push("Errors:");
+        for (const error of review.errors) {
+            lines.push(`- ${error}`);
+        }
+    }
+    if (review.warnings.length > 0) {
+        lines.push("");
+        lines.push("Warnings:");
+        for (const warning of review.warnings) {
+            lines.push(`- ${warning}`);
+        }
+    }
+    lines.push("");
+    lines.push(`Summary: ${review.summary.updatesFound} updates, riskPackages=${review.summary.riskPackages ?? 0}, securityPackages=${review.summary.securityPackages ?? 0}, peerConflictPackages=${review.summary.peerConflictPackages ?? 0}`);
+    return lines.join("\n");
+}
+export function renderDoctorResult(result, verdictOnly = false) {
+    const lines = [
+        `State: ${result.verdict}`,
+        `PrimaryRisk: ${result.primaryFindings[0] ?? "No blocking findings."}`,
+        `NextAction: ${result.recommendedCommand}`,
+    ];
+    if (!verdictOnly) {
+        lines.push(`Counts: updates=${result.summary.updatesFound}, security=${result.summary.securityPackages ?? 0}, risk=${result.summary.riskPackages ?? 0}, peer=${result.summary.peerConflictPackages ?? 0}, license=${result.summary.licenseViolationPackages ?? 0}`);
+    }
+    return lines.join("\n");
+}
+function enrichUpdate(update, advisoriesByName, conflictsByName, healthByName, licenseByName, licenseViolationNames, unusedByName) {
+    const advisories = advisoriesByName.get(update.name) ?? [];
+    const peerConflicts = conflictsByName.get(update.name) ?? [];
+    const health = healthByName.get(update.name);
+    const license = licenseByName.get(update.name);
+    const unusedIssues = unusedByName.get(update.name) ?? [];
+    return {
+        update: {
+            ...update,
+            advisoryCount: advisories.length,
+            peerConflictSeverity: peerConflicts.some((item) => item.severity === "error")
+                ? "error"
+                : peerConflicts.length > 0
+                    ? "warning"
+                    : "none",
+            licenseStatus: licenseViolationNames.has(update.name)
+                ? "denied"
+                : license
+                    ? "allowed"
+                    : "review",
+            healthStatus: health?.flags[0] ?? "healthy",
+        },
+        advisories,
+        health,
+        peerConflicts,
+        license,
+        unusedIssues,
+        selected: true,
+    };
+}
+function matchesReviewFilters(item, options) {
+    if ("securityOnly" in options && options.securityOnly && item.advisories.length === 0) {
+        return false;
+    }
+    if ("risk" in options && options.risk && !riskMatches(item.update.riskLevel, options.risk)) {
+        return false;
+    }
+    if ("diff" in options && options.diff && item.update.diffType !== options.diff) {
+        return false;
+    }
+    return true;
+}
+function riskMatches(current, threshold) {
+    const order = {
+        critical: 4,
+        high: 3,
+        medium: 2,
+        low: 1,
+    };
+    return order[current ?? "low"] >= order[threshold];
+}
+function createReviewSummary(base, items, errors, warnings, interactiveSession) {
+    const summary = finalizeSummary(createSummary({
+        scannedPackages: base.scannedPackages,
+        totalDependencies: base.totalDependencies,
+        checkedDependencies: base.checkedDependencies,
+        updatesFound: items.length,
+        upgraded: base.upgraded,
+        skipped: base.skipped,
+        warmedPackages: base.warmedPackages,
+        errors,
+        warnings,
+        durations: {
+            totalMs: base.durationMs.total,
+            discoveryMs: base.durationMs.discovery,
+            registryMs: base.durationMs.registry,
+            cacheMs: base.durationMs.cache,
+        },
+        groupedUpdates: base.groupedUpdates,
+        cooldownSkipped: base.cooldownSkipped,
+        ciProfile: base.ciProfile,
+        prLimitHit: base.prLimitHit,
+        policyOverridesApplied: base.policyOverridesApplied,
+    }));
+    summary.durationMs.render = base.durationMs.render;
+    summary.streamedEvents = base.streamedEvents;
+    summary.fixPrApplied = base.fixPrApplied;
+    summary.fixBranchName = base.fixBranchName;
+    summary.fixCommitSha = base.fixCommitSha;
+    summary.fixPrBranchesCreated = base.fixPrBranchesCreated;
+    summary.interactiveSession = interactiveSession;
+    summary.securityPackages = items.filter((item) => item.advisories.length > 0).length;
+    summary.riskPackages = items.filter((item) => item.update.riskLevel === "critical" || item.update.riskLevel === "high").length;
+    summary.peerConflictPackages = items.filter((item) => item.update.peerConflictSeverity && item.update.peerConflictSeverity !== "none").length;
+    summary.licenseViolationPackages = items.filter((item) => item.update.licenseStatus === "denied").length;
+    summary.verdict = deriveVerdict(items, errors);
+    return summary;
+}
+function deriveVerdict(items, errors) {
+    if (items.some((item) => item.update.peerConflictSeverity === "error" ||
+        item.update.licenseStatus === "denied")) {
+        return "blocked";
+    }
+    if (items.some((item) => item.advisories.length > 0 || item.update.riskLevel === "critical")) {
+        return "actionable";
+    }
+    if (errors.length > 0 ||
+        items.some((item) => item.update.riskLevel === "high" || item.update.diffType === "major")) {
+        return "review";
+    }
+    return "safe";
+}
+function buildPrimaryFindings(review) {
+    const findings = [];
+    if ((review.summary.peerConflictPackages ?? 0) > 0) {
+        findings.push(`${review.summary.peerConflictPackages} package(s) have peer conflicts.`);
+    }
+    if ((review.summary.licenseViolationPackages ?? 0) > 0) {
+        findings.push(`${review.summary.licenseViolationPackages} package(s) violate license policy.`);
+    }
+    if ((review.summary.securityPackages ?? 0) > 0) {
+        findings.push(`${review.summary.securityPackages} package(s) have security advisories.`);
+    }
+    if ((review.summary.riskPackages ?? 0) > 0) {
+        findings.push(`${review.summary.riskPackages} package(s) are high risk.`);
+    }
+    if (review.errors.length > 0) {
+        findings.push(`${review.errors.length} execution error(s) need review before treating the result as clean.`);
+    }
+    if (findings.length === 0) {
+        findings.push("No blocking findings; remaining updates are low-risk.");
+    }
+    return findings;
+}
+function recommendCommand(review, verdict) {
+    if (verdict === "blocked")
+        return "rup review --interactive";
+    if ((review.summary.securityPackages ?? 0) > 0)
+        return "rup review --security-only";
+    if (review.errors.length > 0 || review.items.length > 0)
+        return "rup review --interactive";
+    return "rup check";
+}
+async function runSilenced(fn) {
+    const stdoutWrite = process.stdout.write.bind(process.stdout);
+    const stderrWrite = process.stderr.write.bind(process.stderr);
+    process.stdout.write = (() => true);
+    process.stderr.write = (() => true);
+    try {
+        return await fn();
+    }
+    finally {
+        process.stdout.write = stdoutWrite;
+        process.stderr.write = stderrWrite;
+    }
+}
+function toAuditOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        severity: undefined,
+        fix: false,
+        dryRun: true,
+        commit: false,
+        packageManager: "auto",
+        reportFormat: "json",
+        sourceMode: "auto",
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+    };
+}
+function toResolveOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        afterUpdate: true,
+        safe: false,
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+        cacheTtlSeconds: options.cacheTtlSeconds,
+    };
+}
+function toHealthOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        staleDays: 365,
+        includeDeprecated: true,
+        includeAlternatives: false,
+        reportFormat: "json",
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+    };
+}
+function toLicenseOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        allow: undefined,
+        deny: undefined,
+        sbomFile: undefined,
+        jsonFile: undefined,
+        diffMode: false,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+        cacheTtlSeconds: options.cacheTtlSeconds,
+    };
+}
+function toUnusedOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        srcDirs: ["src", "."],
+        includeDevDependencies: true,
+        fix: false,
+        dryRun: true,
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+    };
+}

package/dist/core/summary.js

@@ -1,3 +1,4 @@
+import { hasErrorCode } from "./errors.js";
 export function createSummary(input) {
     const offlineCacheMiss = input.errors.filter((error) => isOfflineCacheMissError(error)).length;
     const registryFailure = input.errors.filter((error) => isRegistryFailureError(error)).length;
@@ -42,6 +43,13 @@ export function createSummary(input) {
         prLimitHit: input.prLimitHit === true,
         streamedEvents: 0,
         policyOverridesApplied: Math.max(0, Math.round(input.policyOverridesApplied ?? 0)),
+        verdict: undefined,
+        interactiveSession: false,
+        riskPackages: 0,
+        securityPackages: 0,
+        peerConflictPackages: 0,
+        licenseViolationPackages: 0,
+        privateRegistryPackages: 0,
     };
 }
 export function finalizeSummary(summary) {
@@ -83,11 +91,12 @@ function isOfflineCacheMissError(value) {
     return value.includes("Offline cache miss");
 }
 function isRegistryFailureError(value) {
-    return (value.includes("Unable to resolve") ||
+    return (hasErrorCode(value, "REGISTRY_ERROR") ||
+        value.includes("Unable to resolve") ||
         value.includes("Unable to warm") ||
         value.includes("Registry request failed") ||
         value.includes("Registry temporary error"));
 }
 function isRegistryAuthError(value) {
-    return value.includes("Registry authentication failed") || value.includes("401");
+    return hasErrorCode(value, "AUTH_ERROR") || value.includes("Registry authentication failed") || value.includes("401");
 }

package/dist/core/upgrade.d.ts

@@ -1,2 +1,3 @@
 import type { UpgradeOptions, UpgradeResult } from "../types/index.js";
 export declare function upgrade(options: UpgradeOptions): Promise<UpgradeResult>;
+export declare function applySelectedUpdates(options: UpgradeOptions, updates: UpgradeResult["updates"]): Promise<void>;

package/dist/core/upgrade.js

@@ -1,6 +1,7 @@
 import { check } from "./check.js";
 import { readManifest, writeManifest } from "../parsers/package-json.js";
 import { installDependencies } from "../pm/install.js";
+import { detectPackageManager } from "../pm/detect.js";
 import { applyRangeStyle, parseVersion, compareVersions } from "../utils/semver.js";
 import { buildWorkspaceGraph } from "../workspace/graph.js";
 import { captureLockfileSnapshot, changedLockfiles, validateLockfileMode } from "../utils/lockfile.js";
@@ -14,8 +15,30 @@ export async function upgrade(options) {
             changed: false,
         };
     }
+    await applySelectedUpdates(options, checkResult.updates);
+    const lockfileChanges = await changedLockfiles(options.cwd, lockfilesBefore);
+    if (lockfileChanges.length > 0 && (options.lockfileMode === "preserve" || options.lockfileMode === "error")) {
+        throw new Error(`Lockfile changes detected in ${options.lockfileMode} mode: ${lockfileChanges.join(", ")}`);
+    }
+    if (lockfileChanges.length > 0 && options.lockfileMode === "update") {
+        checkResult.warnings.push(`Lockfiles changed: ${lockfileChanges.map((item) => item.split("/").pop()).join(", ")}`);
+    }
+    return {
+        ...checkResult,
+        changed: true,
+        summary: {
+            ...checkResult.summary,
+            upgraded: checkResult.updates.length,
+        },
+    };
+}
+export async function applySelectedUpdates(options, updates) {
+    validateLockfileMode(options.lockfileMode, options.install);
+    if (updates.length === 0) {
+        return;
+    }
     const manifestsByPath = new Map();
-    for (const update of checkResult.updates) {
+    for (const update of updates) {
         const manifestPath = update.packagePath;
         let manifest = manifestsByPath.get(manifestPath);
         if (!manifest) {
@@ -26,32 +49,15 @@ export async function upgrade(options) {
     }
     if (options.sync) {
         const graph = buildWorkspaceGraph(manifestsByPath, options.includeKinds);
-        if (graph.cycles.length > 0) {
-            checkResult.warnings.push(`Workspace graph contains cycle(s): ${graph.cycles.map((cycle) => cycle.join(" -> ")).join(" | ")}`);
-        }
-        applyWorkspaceSync(manifestsByPath, graph.orderedPaths, graph.localPackageNames, options.includeKinds, checkResult.updates);
+        applyWorkspaceSync(manifestsByPath, graph.orderedPaths, graph.localPackageNames, options.includeKinds, updates);
     }
     for (const [manifestPath, manifest] of manifestsByPath) {
         await writeManifest(manifestPath, manifest);
     }
     if (options.install) {
-        await installDependencies(options.cwd, options.packageManager, checkResult.packageManager);
-    }
-    const lockfileChanges = await changedLockfiles(options.cwd, lockfilesBefore);
-    if (lockfileChanges.length > 0 && (options.lockfileMode === "preserve" || options.lockfileMode === "error")) {
-        throw new Error(`Lockfile changes detected in ${options.lockfileMode} mode: ${lockfileChanges.join(", ")}`);
-    }
-    if (lockfileChanges.length > 0 && options.lockfileMode === "update") {
-        checkResult.warnings.push(`Lockfiles changed: ${lockfileChanges.map((item) => item.split("/").pop()).join(", ")}`);
+        const detected = await detectPackageManager(options.cwd);
+        await installDependencies(options.cwd, options.packageManager, detected);
     }
-    return {
-        ...checkResult,
-        changed: true,
-        summary: {
-            ...checkResult.summary,
-            upgraded: checkResult.updates.length,
-        },
-    };
 }
 function applyWorkspaceSync(manifestsByPath, orderedPaths, localPackageNames, includeKinds, updates) {
     const desiredByPackage = new Map();

package/dist/core/warm-cache.js

@@ -6,6 +6,7 @@ import { NpmRegistryClient } from "../registry/npm.js";
 import { detectPackageManager } from "../pm/detect.js";
 import { discoverPackageDirs } from "../workspace/discover.js";
 import { createSummary, finalizeSummary } from "./summary.js";
+import { formatClassifiedMessage } from "./errors.js";
 export async function warmCache(options) {
     const startedAt = Date.now();
     let discoveryMs = 0;
@@ -23,7 +24,13 @@ export async function warmCache(options) {
     const errors = [];
     const warnings = [];
     if (cache.degraded) {
-        warnings.push("SQLite cache backend unavailable in Bun runtime. Falling back to file cache backend.");
+        warnings.push(formatClassifiedMessage({
+            code: "CACHE_BACKEND_FALLBACK",
+            whatFailed: cache.fallbackReason ?? "Preferred SQLite cache backend is unavailable.",
+            intact: "Warm-cache continues using the file cache backend.",
+            validity: "partial",
+            next: "Restore SQLite support or unset the forced file backend override if you need the preferred backend.",
+        }));
     }
     let totalDependencies = 0;
     const packageNames = new Set();
@@ -72,7 +79,13 @@ export async function warmCache(options) {
                     warmed += 1;
                 }
                 else {
-                    errors.push(`Offline cache miss for ${pkg}. Cannot warm cache in --offline mode.`);
+                    errors.push(formatClassifiedMessage({
+                        code: "REGISTRY_ERROR",
+                        whatFailed: `Offline cache miss for ${pkg}.`,
+                        intact: "Previously cached packages remain available.",
+                        validity: "invalid",
+                        next: "Retry warm-cache without --offline.",
+                    }));
                     emitStream(`[error] Offline cache miss for ${pkg}`);
                 }
             }
@@ -96,8 +109,19 @@ export async function warmCache(options) {
             }
             cacheMs += Date.now() - cacheWriteStartedAt;
             for (const [pkg, error] of fetched.errors) {
-                errors.push(`Unable to warm ${pkg}: ${error}`);
-                emitStream(`[error] Unable to warm ${pkg}: ${error}`);
+                const classified = formatClassifiedMessage({
+                    code: error.includes("401") || error.includes("403")
+                        ? "AUTH_ERROR"
+                        : "REGISTRY_ERROR",
+                    whatFailed: `Unable to warm ${pkg}: ${error}.`,
+                    intact: "Any successfully warmed packages remain cached.",
+                    validity: "partial",
+                    next: error.includes("401") || error.includes("403")
+                        ? "Check registry credentials in .npmrc and retry warm-cache."
+                        : "Retry warm-cache or continue with stale cache if available.",
+                });
+                errors.push(classified);
+                emitStream(`[error] ${classified}`);
             }
         }
     }

package/dist/index.d.ts

@@ -7,4 +7,6 @@ export { saveBaseline, diffBaseline } from "./core/baseline.js";
 export { createSarifReport } from "./output/sarif.js";
 export { writeGitHubOutput, renderGitHubAnnotations } from "./output/github.js";
 export { renderPrReport } from "./output/pr-report.js";
-export type { CheckOptions, CheckResult, CiProfile, DependencyKind, FailOnLevel, GroupBy, OutputFormat, PackageUpdate, RunOptions, TargetLevel, UpgradeOptions, UpgradeResult, } from "./types/index.js";
+export { buildReviewResult, createDoctorResult } from "./core/review-model.js";
+export { applyRiskAssessments } from "./risk/index.js";
+export type { CheckOptions, CheckResult, CiProfile, DependencyKind, FailOnLevel, GroupBy, OutputFormat, PackageUpdate, RunOptions, TargetLevel, UpgradeOptions, UpgradeResult, ReviewOptions, ReviewResult, DoctorOptions, DoctorResult, Verdict, RiskLevel, RiskCategory, RiskAssessment, RiskFactor, MaintainerChurnStatus, } from "./types/index.js";

package/dist/index.js

@@ -7,3 +7,5 @@ export { saveBaseline, diffBaseline } from "./core/baseline.js";
 export { createSarifReport } from "./output/sarif.js";
 export { writeGitHubOutput, renderGitHubAnnotations } from "./output/github.js";
 export { renderPrReport } from "./output/pr-report.js";
+export { buildReviewResult, createDoctorResult } from "./core/review-model.js";
+export { applyRiskAssessments } from "./risk/index.js";

package/dist/output/format.d.ts

@@ -1,2 +1,5 @@
 import type { CheckResult, OutputFormat } from "../types/index.js";
-export declare function renderResult(result: CheckResult, format: OutputFormat): string;
+export declare function renderResult(result: CheckResult, format: OutputFormat, display?: {
+    showImpact?: boolean;
+    showHomepage?: boolean;
+}): string;

package/dist/output/format.js

@@ -1,6 +1,6 @@
 import { renderGitHubAnnotations } from "./github.js";
 import { stableStringify } from "../utils/stable-json.js";
-export function renderResult(result, format) {
+export function renderResult(result, format, display = {}) {
     if (format === "json") {
         return stableStringify(result, 2);
     }
@@ -8,10 +8,27 @@ export function renderResult(result, format) {
         if (result.updates.length === 0 && result.summary.warmedPackages > 0) {
             return `Cache warmed for ${result.summary.warmedPackages} package(s).`;
         }
+        if (result.updates.length === 0 && result.errors.length > 0) {
+            const [firstError] = result.errors;
+            const suffix = result.errors.length > 1 ? ` (+${result.errors.length - 1} more errors)` : "";
+            return `${firstError}${suffix}`;
+        }
         if (result.updates.length === 0)
             return "No updates found.";
         return result.updates
-            .map((item) => `${item.packagePath} :: ${item.name}: ${item.fromRange} -> ${item.toRange}`)
+            .map((item) => {
+            const parts = [`${item.packagePath} :: ${item.name}: ${item.fromRange} -> ${item.toRange}`];
+            if (display.showImpact && item.impactScore) {
+                parts.push(`impact=${item.impactScore.rank}:${item.impactScore.score}`);
+            }
+            if (typeof item.riskScore === "number") {
+                parts.push(`risk=${item.riskLevel}:${item.riskScore}`);
+            }
+            if (display.showHomepage && item.homepage) {
+                parts.push(item.homepage);
+            }
+            return parts.join(" | ");
+        })
             .join("\n");
     }
     if (format === "github") {
@@ -40,6 +57,11 @@ export function renderResult(result, format) {
             `policy_overrides_applied=${result.summary.policyOverridesApplied}`,
             `registry_auth_failures=${result.summary.errorCounts.registryAuthFailure}`,
             `fix_pr_branches_created=${result.summary.fixPrBranchesCreated}`,
+            `verdict=${result.summary.verdict ?? ""}`,
+            `risk_packages=${result.summary.riskPackages ?? 0}`,
+            `security_packages=${result.summary.securityPackages ?? 0}`,
+            `peer_conflict_packages=${result.summary.peerConflictPackages ?? 0}`,
+            `license_violation_packages=${result.summary.licenseViolationPackages ?? 0}`,
         ].join("\n");
     }
     const lines = [];
@@ -59,7 +81,20 @@ export function renderResult(result, format) {
     else {
         lines.push("Updates:");
         for (const update of result.updates) {
-            lines.push(`- ${update.packagePath} :: ${update.name} [${update.kind}] ${update.fromRange} -> ${update.toRange} (${update.diffType})`);
+            lines.push(`- ${update.packagePath} :: ${update.name} [${update.kind}] ${update.fromRange} -> ${update.toRange} (${[
+                update.diffType,
+                display.showImpact && update.impactScore
+                    ? `impact=${update.impactScore.rank}:${update.impactScore.score}`
+                    : undefined,
+                display.showHomepage && update.homepage ? update.homepage : undefined,
+                update.riskLevel ? `risk=${update.riskLevel}` : undefined,
+                typeof update.riskScore === "number" ? `score=${update.riskScore}` : undefined,
+            ]
+                .filter(Boolean)
+                .join(", ")})`);
+            if (update.recommendedAction) {
+                lines.push(`  action: ${update.recommendedAction}`);
+            }
         }
     }
     if (result.errors.length > 0) {
@@ -80,6 +115,9 @@ export function renderResult(result, format) {
     lines.push(`Summary: ${result.summary.updatesFound} updates, ${result.summary.checkedDependencies}/${result.summary.totalDependencies} checked, ${result.summary.warmedPackages} warmed`);
     lines.push(`Groups=${result.summary.groupedUpdates}, cooldownSkipped=${result.summary.cooldownSkipped}, ciProfile=${result.summary.ciProfile}, prLimitHit=${result.summary.prLimitHit ? "yes" : "no"}`);
     lines.push(`StreamedEvents=${result.summary.streamedEvents}, policyOverrides=${result.summary.policyOverridesApplied}, registryAuthFailures=${result.summary.errorCounts.registryAuthFailure}`);
+    if (result.summary.verdict) {
+        lines.push(`Verdict=${result.summary.verdict}, riskPackages=${result.summary.riskPackages ?? 0}, securityPackages=${result.summary.securityPackages ?? 0}, peerConflictPackages=${result.summary.peerConflictPackages ?? 0}, licenseViolationPackages=${result.summary.licenseViolationPackages ?? 0}`);
+    }
     lines.push(`Contract v${result.summary.contractVersion}, failReason=${result.summary.failReason}, duration=${result.summary.durationMs.total}ms`);
     if (result.summary.fixPrApplied) {
         lines.push(`Fix PR: applied on branch ${result.summary.fixBranchName ?? "unknown"} (${result.summary.fixCommitSha ?? "no-commit"})`);

package/dist/output/github.js

@@ -21,6 +21,11 @@ export async function writeGitHubOutput(filePath, result) {
         `streamed_events=${result.summary.streamedEvents}`,
         `policy_overrides_applied=${result.summary.policyOverridesApplied}`,
         `registry_auth_failures=${result.summary.errorCounts.registryAuthFailure}`,
+        `verdict=${result.summary.verdict ?? ""}`,
+        `risk_packages=${result.summary.riskPackages ?? 0}`,
+        `security_packages=${result.summary.securityPackages ?? 0}`,
+        `peer_conflict_packages=${result.summary.peerConflictPackages ?? 0}`,
+        `license_violation_packages=${result.summary.licenseViolationPackages ?? 0}`,
         `fix_pr_applied=${result.summary.fixPrApplied === true ? "1" : "0"}`,
         `fix_pr_branches_created=${result.summary.fixPrBranchesCreated}`,
         `fix_pr_branch=${result.summary.fixBranchName ?? ""}`,
@@ -37,7 +42,7 @@ export function renderGitHubAnnotations(result) {
         return left.packagePath.localeCompare(right.packagePath);
     });
     for (const update of sortedUpdates) {
-        lines.push(`::notice title=Dependency Update::${update.name} ${update.fromRange} -> ${update.toRange} (${update.packagePath})`);
+        lines.push(`::notice title=Dependency Update::${update.name} ${update.fromRange} -> ${update.toRange} (${update.packagePath})${typeof update.riskScore === "number" ? ` [risk=${update.riskLevel}:${update.riskScore}]` : ""}`);
     }
     for (const warning of [...result.warnings].sort((a, b) => a.localeCompare(b))) {
         lines.push(`::warning title=Rainy Updates::${warning}`);