@rainy-updates/cli 0.5.4 → 0.5.6

package/dist/commands/ga/runner.js

@@ -0,0 +1,129 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import process from "node:process";
+import { VersionCache } from "../../cache/cache.js";
+import { detectPackageManager } from "../../pm/detect.js";
+import { discoverPackageDirs } from "../../workspace/discover.js";
+import { stableStringify } from "../../utils/stable-json.js";
+import { writeFileAtomic } from "../../utils/io.js";
+export async function runGa(options) {
+    const packageManager = await detectPackageManager(options.cwd);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const cache = await VersionCache.create();
+    const checks = [];
+    checks.push({
+        name: "package-manager",
+        status: packageManager === "unknown" ? "warn" : "pass",
+        detail: packageManager === "unknown"
+            ? "No supported lockfile was detected. npm-compatible execution is still possible."
+            : `Detected package manager: ${packageManager}.`,
+    });
+    checks.push({
+        name: "workspace-discovery",
+        status: packageDirs.length > 0 ? "pass" : "fail",
+        detail: `Discovered ${packageDirs.length} package manifest path(s).`,
+    });
+    const lockfileCheck = await detectLockfile(options.cwd);
+    checks.push(lockfileCheck);
+    checks.push({
+        name: "cache-backend",
+        status: cache.backend === "sqlite" ? "pass" : cache.degraded ? "warn" : "pass",
+        detail: cache.backend === "sqlite"
+            ? "SQLite cache backend is available."
+            : `File cache backend active${cache.fallbackReason ? ` (${cache.fallbackReason})` : "."}`,
+    });
+    const distBuildExists = await fileExists(path.resolve(options.cwd, "dist/bin/cli.js"));
+    checks.push({
+        name: "dist-build",
+        status: distBuildExists ? "pass" : "warn",
+        detail: distBuildExists
+            ? "Built CLI entrypoint exists in dist/bin/cli.js."
+            : "Built CLI entrypoint is missing; run the build before publishing a release artifact.",
+    });
+    checks.push({
+        name: "benchmark-gates",
+        status: (await fileExists(path.resolve(options.cwd, "scripts/perf-smoke.mjs"))) &&
+            (await fileExists(path.resolve(options.cwd, "scripts/benchmark.mjs")))
+            ? "pass"
+            : "warn",
+        detail: "Benchmark scripts and perf smoke gates were checked for release readiness.",
+    });
+    checks.push({
+        name: "docs-contract",
+        status: (await fileExists(path.resolve(options.cwd, "README.md"))) &&
+            (await fileExists(path.resolve(options.cwd, "CHANGELOG.md")))
+            ? "pass"
+            : "warn",
+        detail: "README and CHANGELOG presence verified.",
+    });
+    const errors = checks.filter((check) => check.status === "fail").map((check) => check.detail);
+    const warnings = checks.filter((check) => check.status === "warn").map((check) => check.detail);
+    const result = {
+        ready: errors.length === 0,
+        projectPath: options.cwd,
+        packageManager,
+        workspacePackages: packageDirs.length,
+        cacheBackend: cache.backend,
+        checks,
+        warnings,
+        errors,
+    };
+    process.stdout.write(renderGaResult(result) + "\n");
+    if (options.jsonFile) {
+        await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
+    }
+    return result;
+}
+function renderGaResult(result) {
+    const lines = [
+        `Project: ${result.projectPath}`,
+        `GA Ready: ${result.ready ? "yes" : "no"}`,
+        `Package Manager: ${result.packageManager}`,
+        `Workspace Packages: ${result.workspacePackages}`,
+        `Cache Backend: ${result.cacheBackend}`,
+        "",
+        "Checks:",
+        ...result.checks.map((check) => `- [${check.status}] ${check.name}: ${check.detail}`),
+    ];
+    if (result.warnings.length > 0) {
+        lines.push("", "Warnings:");
+        lines.push(...result.warnings.map((warning) => `- ${warning}`));
+    }
+    if (result.errors.length > 0) {
+        lines.push("", "Errors:");
+        lines.push(...result.errors.map((error) => `- ${error}`));
+    }
+    return lines.join("\n");
+}
+async function detectLockfile(cwd) {
+    const lockfiles = [
+        "pnpm-lock.yaml",
+        "package-lock.json",
+        "npm-shrinkwrap.json",
+        "bun.lock",
+        "yarn.lock",
+    ];
+    for (const candidate of lockfiles) {
+        if (await fileExists(path.resolve(cwd, candidate))) {
+            return {
+                name: "lockfile",
+                status: "pass",
+                detail: `Detected lockfile: ${candidate}.`,
+            };
+        }
+    }
+    return {
+        name: "lockfile",
+        status: "warn",
+        detail: "No supported lockfile was detected.",
+    };
+}
+async function fileExists(filePath) {
+    try {
+        await fs.access(filePath);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/commands/resolve/runner.js

@@ -25,7 +25,7 @@ export async function runResolve(options) {
     let versionOverrides;
     if (options.afterUpdate) {
         versionOverrides = await fetchProposedVersions(options);
-        if (versionOverrides.size === 0) {
+        if (versionOverrides.size === 0 && !options.silent) {
             process.stderr.write("[resolve] No pending updates found — checking current state.\n");
         }
     }
@@ -41,10 +41,14 @@ export async function runResolve(options) {
     result.conflicts = conflicts;
     result.errorConflicts = conflicts.filter((c) => c.severity === "error").length;
     result.warningConflicts = conflicts.filter((c) => c.severity === "warning").length;
-    process.stdout.write(renderConflictsTable(result, options) + "\n");
+    if (!options.silent) {
+        process.stdout.write(renderConflictsTable(result, options) + "\n");
+    }
     if (options.jsonFile) {
         await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
-        process.stderr.write(`[resolve] JSON report written to ${options.jsonFile}\n`);
+        if (!options.silent) {
+            process.stderr.write(`[resolve] JSON report written to ${options.jsonFile}\n`);
+        }
     }
     return result;
 }

package/dist/commands/review/parser.js

@@ -46,6 +46,7 @@ export function parseReviewArgs(args) {
         risk: undefined,
         diff: undefined,
         applySelected: false,
+        showChangelog: false,
     };
     for (let i = 0; i < args.length; i += 1) {
         const current = args[i];
@@ -93,6 +94,10 @@ export function parseReviewArgs(args) {
             options.applySelected = true;
             continue;
         }
+        if (current === "--show-changelog") {
+            options.showChangelog = true;
+            continue;
+        }
         if (current === "--json-file" && next) {
             options.jsonFile = path.resolve(options.cwd, next);
             i += 1;
@@ -164,6 +169,7 @@ Options:
   --risk <level>          Minimum risk: critical, high, medium, low
   --diff <level>          Filter by patch, minor, major, latest
   --apply-selected        Apply all filtered updates after review
+  --show-changelog        Fetch release notes summaries for review output
   --workspace             Scan all workspace packages
   --policy-file <path>    Load policy overrides
   --json-file <path>      Write JSON review report to file

package/dist/commands/review/runner.js

@@ -6,10 +6,11 @@ import { stableStringify } from "../../utils/stable-json.js";
 import { writeFileAtomic } from "../../utils/io.js";
 export async function runReview(options) {
     const review = await buildReviewResult(options);
-    let selectedUpdates = review.updates;
+    let selectedItems = review.items;
     if (options.interactive && review.updates.length > 0) {
-        selectedUpdates = await runTui(review.updates);
+        selectedItems = await runTui(review.items);
     }
+    const selectedUpdates = selectedItems.map((item) => item.update);
     if (options.applySelected && selectedUpdates.length > 0) {
         await applySelectedUpdates({
             ...options,
@@ -20,8 +21,8 @@ export async function runReview(options) {
     }
     process.stdout.write(renderReviewResult({
         ...review,
+        items: selectedItems,
         updates: selectedUpdates,
-        items: review.items.filter((item) => selectedUpdates.some((selected) => selected.name === item.update.name && selected.packagePath === item.update.packagePath)),
     }) + "\n");
     if (options.jsonFile) {
         await writeFileAtomic(options.jsonFile, stableStringify(review, 2) + "\n");

package/dist/core/analysis-bundle.d.ts

@@ -0,0 +1,4 @@
+import type { AnalysisBundle, CheckOptions, DoctorOptions, ReviewOptions } from "../types/index.js";
+export declare function buildAnalysisBundle(options: ReviewOptions | DoctorOptions | CheckOptions, config?: {
+    includeChangelog?: boolean;
+}): Promise<AnalysisBundle>;

package/dist/core/analysis-bundle.js

@@ -0,0 +1,241 @@
+import { fetchChangelog } from "../commands/changelog/fetcher.js";
+import { applyImpactScores } from "./impact.js";
+import { applyRiskAssessments } from "../risk/index.js";
+import { check } from "./check.js";
+export async function buildAnalysisBundle(options, config = {}) {
+    const baseCheckOptions = {
+        ...options,
+        interactive: false,
+        showImpact: true,
+        showHomepage: true,
+    };
+    const checkResult = await check(baseCheckOptions);
+    const [auditResult, resolveResult, healthResult, licenseResult, unusedResult] = await runSilenced(() => Promise.all([
+        import("../commands/audit/runner.js").then((mod) => mod.runAudit(toAuditOptions(options))),
+        import("../commands/resolve/runner.js").then((mod) => mod.runResolve(toResolveOptions(options))),
+        import("../commands/health/runner.js").then((mod) => mod.runHealth(toHealthOptions(options))),
+        import("../commands/licenses/runner.js").then((mod) => mod.runLicenses(toLicenseOptions(options))),
+        import("../commands/unused/runner.js").then((mod) => mod.runUnused(toUnusedOptions(options))),
+    ]));
+    const items = await buildReviewItems(checkResult.updates, auditResult, resolveResult, healthResult, licenseResult, unusedResult, config);
+    return {
+        check: checkResult,
+        audit: auditResult,
+        resolve: resolveResult,
+        health: healthResult,
+        licenses: licenseResult,
+        unused: unusedResult,
+        items,
+        degradedSources: auditResult.sourceHealth
+            .filter((source) => source.status !== "ok")
+            .map((source) => source.source),
+    };
+}
+async function buildReviewItems(updates, auditResult, resolveResult, healthResult, licenseResult, unusedResult, config) {
+    const advisoryPackages = new Set(auditResult.packages.map((pkg) => pkg.packageName));
+    const impactedUpdates = applyImpactScores(updates, {
+        advisoryPackages,
+        workspaceDependentCount: (name) => updates.filter((item) => item.name === name).length,
+    });
+    const healthByName = new Map(healthResult.metrics.map((metric) => [metric.name, metric]));
+    const advisoriesByName = new Map();
+    const conflictsByName = new Map();
+    const licenseByName = new Map(licenseResult.packages.map((pkg) => [pkg.name, pkg]));
+    const licenseViolationNames = new Set(licenseResult.violations.map((pkg) => pkg.name));
+    const unusedByName = new Map();
+    for (const advisory of auditResult.advisories) {
+        const list = advisoriesByName.get(advisory.packageName) ?? [];
+        list.push(advisory);
+        advisoriesByName.set(advisory.packageName, list);
+    }
+    for (const conflict of resolveResult.conflicts) {
+        const list = conflictsByName.get(conflict.requester) ?? [];
+        list.push(conflict);
+        conflictsByName.set(conflict.requester, list);
+        const peerList = conflictsByName.get(conflict.peer) ?? [];
+        peerList.push(conflict);
+        conflictsByName.set(conflict.peer, peerList);
+    }
+    for (const issue of [...unusedResult.unused, ...unusedResult.missing]) {
+        const list = unusedByName.get(issue.name) ?? [];
+        list.push(issue);
+        unusedByName.set(issue.name, list);
+    }
+    const enrichedUpdates = await maybeAttachReleaseNotes(impactedUpdates, Boolean(config.includeChangelog));
+    return applyRiskAssessments(enrichedUpdates.map((update) => enrichUpdate(update, advisoriesByName, conflictsByName, healthByName, licenseByName, licenseViolationNames, unusedByName)), {
+        knownPackageNames: new Set(updates.map((item) => item.name)),
+    }).map((item) => ({
+        ...item,
+        update: {
+            ...item.update,
+            policyAction: derivePolicyAction(item),
+            decisionState: deriveDecisionState(item),
+            selectedByDefault: deriveDecisionState(item) !== "blocked",
+            blockedReason: deriveDecisionState(item) === "blocked"
+                ? item.update.recommendedAction
+                : undefined,
+            monitorReason: item.update.healthStatus === "stale" ? "Package health should be monitored." : undefined,
+        },
+    }));
+}
+function enrichUpdate(update, advisoriesByName, conflictsByName, healthByName, licenseByName, licenseViolationNames, unusedByName) {
+    const advisories = advisoriesByName.get(update.name) ?? [];
+    const peerConflicts = conflictsByName.get(update.name) ?? [];
+    const health = healthByName.get(update.name);
+    const license = licenseByName.get(update.name);
+    const unusedIssues = unusedByName.get(update.name) ?? [];
+    return {
+        update: {
+            ...update,
+            advisoryCount: advisories.length,
+            peerConflictSeverity: peerConflicts.some((item) => item.severity === "error")
+                ? "error"
+                : peerConflicts.length > 0
+                    ? "warning"
+                    : "none",
+            licenseStatus: licenseViolationNames.has(update.name)
+                ? "denied"
+                : license
+                    ? "allowed"
+                    : "review",
+            healthStatus: health?.flags[0] ?? "healthy",
+        },
+        advisories,
+        health,
+        peerConflicts,
+        license,
+        unusedIssues,
+        selected: true,
+    };
+}
+function derivePolicyAction(item) {
+    if (item.update.peerConflictSeverity === "error" || item.update.licenseStatus === "denied") {
+        return "block";
+    }
+    if ((item.update.advisoryCount ?? 0) > 0 || item.update.riskLevel === "critical") {
+        return "review";
+    }
+    if (item.update.healthStatus === "stale" || item.update.healthStatus === "archived") {
+        return "monitor";
+    }
+    return "allow";
+}
+function deriveDecisionState(item) {
+    if (item.update.peerConflictSeverity === "error" || item.update.licenseStatus === "denied") {
+        return "blocked";
+    }
+    if ((item.update.advisoryCount ?? 0) > 0 || item.update.riskLevel === "critical") {
+        return "actionable";
+    }
+    if (item.update.riskLevel === "high" || item.update.diffType === "major") {
+        return "review";
+    }
+    return "safe";
+}
+async function maybeAttachReleaseNotes(updates, includeChangelog) {
+    if (!includeChangelog || updates.length === 0) {
+        return updates;
+    }
+    const enriched = await Promise.all(updates.map(async (update) => ({
+        ...update,
+        releaseNotesSummary: summarizeChangelog(await fetchChangelog(update.name, update.repository)),
+    })));
+    return enriched;
+}
+function summarizeChangelog(content) {
+    if (!content)
+        return undefined;
+    const lines = content
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter(Boolean);
+    const title = lines.find((line) => line.startsWith("#"))?.replace(/^#+\s*/, "") ?? "Release notes";
+    const excerpt = lines.find((line) => !line.startsWith("#")) ?? "No summary available.";
+    return {
+        source: content.includes("# Release") ? "github-release" : "changelog-file",
+        title,
+        excerpt: excerpt.slice(0, 240),
+    };
+}
+async function runSilenced(fn) {
+    const stdoutWrite = process.stdout.write.bind(process.stdout);
+    const stderrWrite = process.stderr.write.bind(process.stderr);
+    process.stdout.write = (() => true);
+    process.stderr.write = (() => true);
+    try {
+        return await fn();
+    }
+    finally {
+        process.stdout.write = stdoutWrite;
+        process.stderr.write = stderrWrite;
+    }
+}
+function toAuditOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        severity: undefined,
+        fix: false,
+        dryRun: true,
+        commit: false,
+        packageManager: "auto",
+        reportFormat: "json",
+        sourceMode: "auto",
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+        silent: true,
+    };
+}
+function toResolveOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        afterUpdate: true,
+        safe: false,
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+        cacheTtlSeconds: options.cacheTtlSeconds,
+        silent: true,
+    };
+}
+function toHealthOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        staleDays: 365,
+        includeDeprecated: true,
+        includeAlternatives: false,
+        reportFormat: "json",
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+    };
+}
+function toLicenseOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        allow: undefined,
+        deny: undefined,
+        sbomFile: undefined,
+        jsonFile: undefined,
+        diffMode: false,
+        concurrency: options.concurrency,
+        registryTimeoutMs: options.registryTimeoutMs,
+        cacheTtlSeconds: options.cacheTtlSeconds,
+    };
+}
+function toUnusedOptions(options) {
+    return {
+        cwd: options.cwd,
+        workspace: options.workspace,
+        srcDirs: ["src", "."],
+        includeDevDependencies: true,
+        fix: false,
+        dryRun: true,
+        jsonFile: undefined,
+        concurrency: options.concurrency,
+    };
+}

package/dist/core/artifacts.d.ts

@@ -0,0 +1,3 @@
+import type { ArtifactManifest, CheckResult, RunOptions } from "../types/index.js";
+export declare function createRunId(command: string, options: RunOptions, result: CheckResult): string;
+export declare function writeArtifactManifest(command: string, options: RunOptions, result: CheckResult): Promise<ArtifactManifest | null>;

package/dist/core/artifacts.js

@@ -0,0 +1,48 @@
+import crypto from "node:crypto";
+import path from "node:path";
+import { stableStringify } from "../utils/stable-json.js";
+import { writeFileAtomic } from "../utils/io.js";
+export function createRunId(command, options, result) {
+    const hash = crypto.createHash("sha256");
+    hash.update(stableStringify({
+        command,
+        cwd: path.resolve(options.cwd),
+        target: options.target,
+        workspace: options.workspace,
+        ciProfile: options.ciProfile,
+        updates: result.updates.map((update) => ({
+            packagePath: update.packagePath,
+            name: update.name,
+            fromRange: update.fromRange,
+            toRange: update.toRange,
+        })),
+    }, 0));
+    return hash.digest("hex").slice(0, 16);
+}
+export async function writeArtifactManifest(command, options, result) {
+    const shouldWrite = options.ci ||
+        Boolean(options.jsonFile) ||
+        Boolean(options.githubOutputFile) ||
+        Boolean(options.sarifFile) ||
+        Boolean(options.prReportFile);
+    if (!shouldWrite)
+        return null;
+    const runId = result.summary.runId ?? createRunId(command, options, result);
+    const artifactManifestPath = path.resolve(options.cwd, ".artifacts", `rainy-manifest-${runId}.json`);
+    const manifest = {
+        runId,
+        createdAt: new Date().toISOString(),
+        command,
+        projectPath: result.projectPath,
+        ciProfile: options.ciProfile,
+        artifactManifestPath,
+        outputs: {
+            jsonFile: options.jsonFile,
+            githubOutputFile: options.githubOutputFile,
+            sarifFile: options.sarifFile,
+            prReportFile: options.prReportFile,
+        },
+    };
+    await writeFileAtomic(artifactManifestPath, stableStringify(manifest, 2) + "\n");
+    return manifest;
+}

package/dist/core/check.js

@@ -208,6 +208,7 @@ export async function check(options) {
             continue;
         updates.push({
             packagePath: path.resolve(task.packageDir),
+            workspaceGroup: path.basename(task.packageDir),
             name: task.dependency.name,
             kind: task.dependency.kind,
             fromRange: task.dependency.range,
@@ -267,6 +268,7 @@ export async function check(options) {
         policyOverridesApplied,
     }));
     summary.streamedEvents = streamedEvents;
+    summary.cacheBackend = cache.backend;
     summary.riskPackages = limitedUpdates.filter((item) => item.impactScore?.rank === "critical" || item.impactScore?.rank === "high").length;
     return {
         projectPath: options.cwd,
@@ -305,7 +307,10 @@ function groupUpdates(updates, groupBy) {
         byGroup.set(key, current);
     }
     return Array.from(byGroup.entries())
-        .map(([key, items]) => ({ key, items: sortUpdates(items) }))
+        .map(([key, items]) => ({
+        key,
+        items: sortUpdates(items).map((item) => ({ ...item, groupKey: key })),
+    }))
         .sort((left, right) => left.key.localeCompare(right.key));
 }
 function groupKey(update, groupBy) {

package/dist/core/options.d.ts

@@ -1,4 +1,4 @@
-import type { BaselineOptions, CheckOptions, UpgradeOptions, AuditOptions, BisectOptions, HealthOptions, UnusedOptions, ResolveOptions, LicenseOptions, SnapshotOptions, ReviewOptions, DoctorOptions, RiskLevel } from "../types/index.js";
+import type { BaselineOptions, CheckOptions, UpgradeOptions, AuditOptions, BisectOptions, HealthOptions, UnusedOptions, ResolveOptions, LicenseOptions, SnapshotOptions, ReviewOptions, DoctorOptions, RiskLevel, DashboardOptions, GaOptions } from "../types/index.js";
 import type { InitCiMode, InitCiSchedule } from "./init-ci.js";
 export type ParsedCliArgs = {
     command: "check";
@@ -52,6 +52,12 @@ export type ParsedCliArgs = {
 } | {
     command: "doctor";
     options: DoctorOptions;
+} | {
+    command: "dashboard";
+    options: DashboardOptions;
+} | {
+    command: "ga";
+    options: GaOptions;
 };
 export declare function parseCliArgs(argv: string[]): Promise<ParsedCliArgs>;
 export declare function ensureRiskLevel(value: string): RiskLevel;

package/dist/core/options.js

@@ -23,6 +23,8 @@ const KNOWN_COMMANDS = [
     "snapshot",
     "review",
     "doctor",
+    "dashboard",
+    "ga",
 ];
 export async function parseCliArgs(argv) {
     const firstArg = argv[0];
@@ -72,6 +74,14 @@ export async function parseCliArgs(argv) {
         const { parseDoctorArgs } = await import("../commands/doctor/parser.js");
         return { command, options: parseDoctorArgs(args) };
     }
+    if (command === "dashboard") {
+        const { parseDashboardArgs } = await import("../commands/dashboard/parser.js");
+        return { command, options: parseDashboardArgs(args) };
+    }
+    if (command === "ga") {
+        const { parseGaArgs } = await import("../commands/ga/parser.js");
+        return { command, options: parseGaArgs(args) };
+    }
     const base = {
         cwd: process.cwd(),
         target: "latest",
@@ -450,6 +460,10 @@ export async function parseCliArgs(argv) {
             base.showImpact = true;
             continue;
         }
+        if (current === "--show-links") {
+            base.showHomepage = true;
+            continue;
+        }
         if (current === "--show-homepage") {
             base.showHomepage = true;
             continue;