@rainy-updates/cli 0.5.7 → 0.6.0

package/CHANGELOG.md

@@ -2,6 +2,87 @@
 
 All notable changes to this project are documented in this file.
 
+## [0.6.0] - 2026-03-01
+
+Dashboard-first release candidate for the `v0.6` series, focused on unifying the interactive surface, introducing replayable decision plans, tightening CI/apply verification flows, and undergoing a complete native Bun performance optimization.
+
+### Added
+
+- **Decision plan artifact flow**:
+  - new deterministic decision plan model for reviewed update sets,
+  - reusable `.artifacts/decision-plan.json` workflow,
+  - `upgrade --from-plan <path>` replay support,
+  - additive summary/output metadata for:
+    - `suggestedCommand`,
+    - `decisionPlan`,
+    - `interactiveSurface`,
+    - `queueFocus`.
+- **Verification flow for applied plans and upgrades**:
+  - `--verify none|install|test|install,test`,
+  - `--test-command "<cmd>"`,
+  - `--verification-report-file <path>`,
+  - additive verification metadata in summary and GitHub/metrics outputs:
+    - `verificationState`,
+    - `verificationFailures`.
+- **New CI gate model**:
+  - `ci --gate check|doctor|review|upgrade`,
+  - review gate emits a decision plan artifact without mutating manifests,
+  - upgrade gate replays a prior decision plan and can run verification.
+- **New verification core** under `src/core/verification.ts`.
+- **New decision plan core** under `src/core/decision-plan.ts`.
+- **New test coverage** for:
+  - decision plan serialization and replay,
+  - CI upgrade gate plan replay,
+  - verification report generation.
+
+- **Native Bun Optimizations**:
+  - Bun is now the primary Rainy runtime path for local execution, CI templates, and release verification flows.
+  - Added a shared Bun-first runtime layer for cwd/env/stdout/stderr/exit handling across the CLI command surface.
+  - Migrated verification and package-manager-aware test execution onto `Bun.spawn`, while keeping npm, pnpm, Bun, and yarn target-repo support intact.
+  - Migrated internal hot-path file operations onto `Bun.file()`, `Bun.write()`, `Bun.Glob`, and `Bun.CryptoHasher` across workspace discovery, lockfile hashing, snapshot persistence, audit target resolution, changelog cache reads, and CLI/package metadata loading.
+  - Added real atomic file writes for Rainy-managed artifacts, reports, caches, baselines, and snapshot restore paths.
+  - Added native `build:exe` target compilation for standalone Bun-first distributions using `bun build --compile`.
+
+### Changed
+
+- `dashboard` is now the primary interactive dependency decision surface.
+- `review --interactive` now routes into the shared dashboard flow instead of maintaining a separate interactive implementation path.
+- `doctor` now recommends dashboard-first next steps:
+  - `rup dashboard --mode review`
+  - `rup dashboard --mode review --focus security`
+  - `rup dashboard --mode review --focus blocked`
+- CLI help and README now document:
+  - `dashboard` as the primary interactive workflow,
+  - `upgrade --from-plan`,
+  - `ci --gate ...`,
+  - verification and verification-report flows,
+  - Bun as the preferred Rainy runtime via `bunx --bun` and compiled Bun artifacts.
+- `init-ci` generated workflows now:
+  - use Bun as the Rainy runtime by default,
+  - use explicit CI gates,
+  - emit a decision plan artifact in strict and enterprise modes,
+  - replay approved plans with verification in enterprise mode,
+  - align install and test commands with detected npm, pnpm, or Bun target repos.
+- Artifact manifests now include verification report output paths when configured.
+- Package-manager detection and verification defaults now treat Bun as a first-class package ecosystem instead of falling back to npm/pnpm-only assumptions.
+- GA readiness checks now validate both the JS dist CLI and the compiled Bun runtime artifact.
+
+### Removed
+
+- Removed the legacy standalone dashboard Ink/store implementation under `src/ui/dashboard/` in favor of a single shared interactive path.
+- Removed the remaining explicit `node:process` imports from the main CLI command surface in favor of the shared runtime layer.
+- Removed manual recursive workspace directory walking in favor of Bun-native glob expansion.
+
+### Tests
+
+- Added coverage for:
+  - `dashboard` parser support for mode/focus/plan/verification flags,
+  - additive GitHub output fields for decision-plan and verification metadata,
+  - updated CI bootstrap templates for review/upgrade gates,
+  - Bun-aware package-manager detection and verification defaults,
+  - GA runtime-artifact readiness checks,
+  - Bun-glob workspace discovery with hidden-directory and `node_modules` exclusions.
+
 ## [0.5.7] - 2026-03-01
 
 Final stabilization release for the `v0.5` series, focused on modularization, doctor scan quality, and maintainability.

package/README.md

@@ -29,6 +29,7 @@ Rainy Updates gives teams one dependency lifecycle:
 - `check` detects candidate updates.
 - `doctor` summarizes the current situation.
 - `review` decides what should happen.
+- `dashboard` is the primary interactive decision surface.
 - `upgrade` applies the approved change set.
 
 Everything else supports that lifecycle: CI orchestration, advisory lookup, peer resolution, licenses, snapshots, baselines, and fix-PR automation.
@@ -43,16 +44,16 @@ Everything else supports that lifecycle: CI orchestration, advisory lookup, peer
 
 ```bash
 # 1) Detect what changed
-npx @rainy-updates/cli check --workspace --show-impact
+bunx --bun @rainy-updates/cli check --workspace --show-impact
 
 # 2) Summarize what matters
-npx @rainy-updates/cli doctor --workspace
+bunx --bun @rainy-updates/cli doctor --workspace
 
-# 3) Decide in the review surface
-npx @rainy-updates/cli review --interactive
+# 3) Decide in the dashboard
+bunx --bun @rainy-updates/cli dashboard --mode review --plan-file .artifacts/decision-plan.json
 
-# 4) Apply the approved set
-npx @rainy-updates/cli upgrade --interactive
+# 4) Apply the approved plan
+bunx --bun @rainy-updates/cli upgrade --from-plan .artifacts/decision-plan.json
 ```
 
 ## Why teams use it
@@ -67,10 +68,15 @@ npx @rainy-updates/cli upgrade --interactive
 ## Install
 
 ```bash
+# Preferred: run with Bun's runtime directly
+bunx --bun @rainy-updates/cli check
+
 # As a project dev dependency (recommended for teams)
 npm install --save-dev @rainy-updates/cli
 # or
 pnpm add -D @rainy-updates/cli
+# or
+bun add -d @rainy-updates/cli
 ```
 
 Once installed, three binary aliases are available in your `node_modules/.bin/`:
@@ -88,16 +94,25 @@ rainy-up check
 rainy-updates check
 ```
 
-### One-off usage with npx (no install required)
+### Bun-first runtime
 
 ```bash
-# Always works without installing:
+# Preferred no-install path:
+bunx --bun @rainy-updates/cli check
+bunx --bun @rainy-updates/cli audit --severity high
+bunx --bun @rainy-updates/cli ci --workspace --mode strict
+```
+
+### One-off usage with npx (compatibility path)
+
+```bash
+# Compatibility path when Bun is not available:
 npx @rainy-updates/cli check
 npx @rainy-updates/cli audit --severity high
 npx @rainy-updates/cli ci --workspace --mode strict
 ```
 
-> **Note:** The short aliases (`rup`, `rainy-up`) only work after installing the package. For one-off `npx` runs, use `npx @rainy-updates/cli <command>`.
+> **Note:** Rainy is Bun-first at runtime. `bunx --bun @rainy-updates/cli ...` is the fastest no-install path. The npm package and `npx` remain supported compatibility paths.
 
 ## Commands
 
@@ -106,6 +121,7 @@ npx @rainy-updates/cli ci --workspace --mode strict
 - `check` — detect candidate dependency updates
 - `doctor` — summarize the current dependency situation
 - `review` — decide what to do with security, risk, peer, and policy context
+- `dashboard` — open the primary interactive decision console
 - `upgrade` — apply the approved change set
 - `ga` — audit GA and CI readiness for the current checkout
 
@@ -123,71 +139,108 @@ npx @rainy-updates/cli ci --workspace --mode strict
 
 ## Quick usage
 
-> Commands work with `npx` (no install) **or** with the `rup` / `rainy-up` shortcut if the package is installed.
+> Commands work with `bunx --bun`, with `npx` as a compatibility path, or with the `rup` / `rainy-up` shortcut if the package is installed.
 
 ```bash
 # 1) Detect updates
+bunx --bun @rainy-updates/cli check --format table
 npx @rainy-updates/cli check --format table
 rup check --format table                      # if installed
 
 # 2) Summarize the state
-npx @rainy-updates/cli doctor --workspace
+bunx --bun @rainy-updates/cli doctor --workspace
 rup doctor --workspace
 
 # 3) Review and decide
-npx @rainy-updates/cli review --security-only
-rup review --interactive
+bunx --bun @rainy-updates/cli review --security-only
+rup dashboard --mode review --plan-file .artifacts/decision-plan.json
 rup review --show-changelog
 
-# 4) Apply upgrades with workspace sync
-npx @rainy-updates/cli upgrade --target latest --workspace --sync --install
-rup upgrade --target latest --workspace --sync --install
+# 4) Apply an approved decision plan with verification
+bunx --bun @rainy-updates/cli upgrade --from-plan .artifacts/decision-plan.json --verify install,test --test-command "bun test"
+rup upgrade --from-plan .artifacts/decision-plan.json --verify install,test --test-command "npm test"
 
 # 5) CI orchestration with policy gates
-npx @rainy-updates/cli ci --workspace --mode strict --format github
-rup ci --workspace --mode strict --format github
+bunx --bun @rainy-updates/cli ci --workspace --mode strict --gate review --plan-file .artifacts/decision-plan.json --format github
+rup ci --workspace --mode strict --gate review --plan-file .artifacts/decision-plan.json --format github
+
+# 6) Replay an approved plan in CI
+rup ci --workspace --mode strict --gate upgrade --from-plan .artifacts/decision-plan.json --verify test --test-command "npm test"
 
-# 6) Batch fix branches by scope (enterprise)
+# 7) Batch fix branches by scope (enterprise)
 npx @rainy-updates/cli ci --workspace --mode enterprise --group-by scope --fix-pr --fix-pr-batch-size 2
 rup ci --workspace --mode enterprise --group-by scope --fix-pr --fix-pr-batch-size 2
 
-# 7) Warm cache → deterministic offline CI check
+# 8) Warm cache -> deterministic offline CI check
 npx @rainy-updates/cli warm-cache --workspace --concurrency 32
 npx @rainy-updates/cli check --workspace --offline --ci
 
-# 8) Save and compare baseline drift
+# 9) Save and compare baseline drift
 npx @rainy-updates/cli baseline --save --file .artifacts/deps-baseline.json --workspace
 npx @rainy-updates/cli baseline --check --file .artifacts/deps-baseline.json --workspace --ci
 
-# 9) Scan for known CVEs
+# 10) Scan for known CVEs
 npx @rainy-updates/cli audit
 npx @rainy-updates/cli audit --severity high
 npx @rainy-updates/cli audit --summary
 npx @rainy-updates/cli audit --source osv
-npx @rainy-updates/cli audit --fix          # prints the patching npm install command
+npx @rainy-updates/cli audit --fix          # prints the patching install command for the detected package manager
 rup audit --severity high                   # if installed
 
-`audit` prefers npm/pnpm lockfiles today for exact installed-version inference, and now also reads simple `bun.lock` workspace entries when available. It reports source-health warnings when OSV or GitHub returns only partial coverage.
+`audit` resolves installed versions from lockfiles across npm, pnpm, and simple `bun.lock` workspace entries when available. It reports source-health warnings when OSV or GitHub returns only partial coverage.
 
-# 10) Check dependency maintenance health
+# 11) Check dependency maintenance health
 npx @rainy-updates/cli health
 npx @rainy-updates/cli health --stale 6m   # flag packages with no release in 6 months
 npx @rainy-updates/cli health --stale 180d # same but in days
 rup health --stale 6m                       # if installed
 
-# 11) Find which version introduced a breaking change
+# 12) Find which version introduced a breaking change
 npx @rainy-updates/cli bisect axios --cmd "bun test"
 npx @rainy-updates/cli bisect react --range "18.0.0..19.0.0" --cmd "npm test"
 npx @rainy-updates/cli bisect lodash --cmd "npm run test:unit" --dry-run
 rup bisect axios --cmd "bun test"           # if installed
 
-# 12) Focus review on high-risk changes
+# 13) Focus review on high-risk changes
 rup review --risk high --diff major
 
-# 13) Audit GA / CI readiness
+# 14) Audit GA / CI readiness
 rup ga --workspace
 ```
 
+## Decision Plans And Verification
+
+Rainy can persist an approved update set as a deterministic decision plan and replay it later:
+
+```bash
+# Create a reviewed plan
+rup dashboard --mode review --plan-file .artifacts/decision-plan.json
+
+# Apply only that approved plan later
+rup upgrade --from-plan .artifacts/decision-plan.json
+
+# Apply and verify install + tests
+rup upgrade \
+  --from-plan .artifacts/decision-plan.json \
+  --verify install,test \
+  --test-command "bun test" \
+  --verification-report-file .artifacts/verification.json
+```
+
+This is the intended local review -> CI replay workflow.
+
+Verification follows the target repository's package manager when one is detected.
+That means Bun repositories can verify with `bun install` / `bun test`, while npm and pnpm projects keep their native install/test flows.
+
+## CI Gates
+
+`ci` supports explicit execution gates:
+
+- `--gate check` runs detection only.
+- `--gate doctor` computes the high-level verdict and doctor metadata.
+- `--gate review` emits a decision plan artifact without mutating the repo.
+- `--gate upgrade` replays an existing plan and can run verification.
+
 ## What it does in production
 
 ### Update detection engine
@@ -275,8 +328,8 @@ Generated file:
 
 Modes:
 
-- `strict`: warm-cache + offline check + artifacts + SARIF upload.
-- `enterprise`: strict checks + runtime matrix + retention policy + rollout gates.
+- `strict`: warm-cache + review gate + artifacts + SARIF upload.
+- `enterprise`: strict checks + runtime matrix + review/upgrade gates + retention policy.
 - `minimal`: fast check-only workflow for quick adoption.
 
 Schedule:
@@ -307,9 +360,15 @@ Schedule:
 - `--pr-limit <n>`
 - `--only-changed`
 - `--interactive`
+- `--plan-file <path>`
+- `--from-plan <path>`
+- `--verify none|install|test|install,test`
+- `--test-command <cmd>`
+- `--verification-report-file <path>`
 - `--show-impact`
 - `--show-homepage`
 - `--mode minimal|strict|enterprise` (for `ci`)
+- `--gate check|doctor|review|upgrade` (for `ci`)
 - `--fix-pr-batch-size <n>` (for batched fix branches in `ci`)
 - `--policy-file <path>`
 - `--format table|json|minimal|github`
@@ -328,7 +387,7 @@ Schedule:
 ### Upgrade-only
 
 - `--install`
-- `--pm auto|npm|pnpm`
+- `--pm auto|bun|npm|pnpm|yarn`
 - `--sync`
 
 ### Review-only

package/dist/bin/cli.js

@@ -1,8 +1,5 @@
 #!/usr/bin/env node
-import { promises as fs } from "node:fs";
-import path from "node:path";
-import process from "node:process";
-import { fileURLToPath } from "node:url";
+import { readFileSync } from "node:fs";
 import { parseCliArgs } from "../core/options.js";
 import { applyFixPr } from "../core/fix-pr.js";
 import { applyFixPrBatches } from "../core/fix-pr-batch.js";
@@ -14,17 +11,18 @@ import { renderPrReport } from "../output/pr-report.js";
 import { writeFileAtomic } from "../utils/io.js";
 import { resolveFailReason } from "../core/summary.js";
 import { stableStringify } from "../utils/stable-json.js";
+import { getRuntimeArgv, setRuntimeExitCode, writeStderr, writeStdout, } from "../utils/runtime.js";
 import { handleDirectCommand, runPrimaryCommand } from "./dispatch.js";
 import { renderHelp } from "./help.js";
 async function main() {
     try {
-        const argv = process.argv.slice(2);
+        const argv = getRuntimeArgv();
         if (argv.includes("--version") || argv.includes("-v")) {
-            process.stdout.write((await readPackageVersion()) + "\n");
+            writeStdout((await readPackageVersion()) + "\n");
             return;
         }
         if (argv.includes("--help") || argv.includes("-h")) {
-            process.stdout.write(renderHelp(argv[0]) + "\n");
+            writeStdout(renderHelp(argv[0]) + "\n");
             return;
         }
         const parsed = await parseCliArgs(argv);
@@ -109,21 +107,23 @@ async function main() {
             const sarif = createSarifReport(result);
             await writeFileAtomic(parsed.options.sarifFile, stableStringify(sarif, 2) + "\n");
         }
-        process.stdout.write(rendered + "\n");
-        process.exitCode = resolveExitCode(result, result.summary.failReason);
+        writeStdout(rendered + "\n");
+        setRuntimeExitCode(resolveExitCode(result, result.summary.failReason));
     }
     catch (error) {
-        process.stderr.write(`rainy-updates (rup): ${String(error)}\n`);
-        process.exitCode = 2;
+        writeStderr(`rainy-updates (rup): ${String(error)}\n`);
+        setRuntimeExitCode(2);
     }
 }
 void main();
 async function readPackageVersion() {
-    const currentFile = fileURLToPath(import.meta.url);
-    const packageJsonPath = path.resolve(path.dirname(currentFile), "../../package.json");
-    const content = await fs.readFile(packageJsonPath, "utf8");
-    const parsed = JSON.parse(content);
-    return parsed.version ?? "0.0.0";
+    try {
+        const packageJson = JSON.parse(readFileSync(new URL("../../package.json", import.meta.url), "utf8"));
+        return packageJson.version ?? "0.0.0";
+    }
+    catch {
+        return "0.0.0";
+    }
 }
 function resolveExitCode(result, failReason) {
     if (result.errors.length > 0)

package/dist/bin/dispatch.js

@@ -1,17 +1,17 @@
-import process from "node:process";
 import { check } from "../core/check.js";
 import { upgrade } from "../core/upgrade.js";
 import { warmCache } from "../core/warm-cache.js";
 import { runCi } from "../core/ci.js";
 import { initCiWorkflow } from "../core/init-ci.js";
 import { diffBaseline, saveBaseline } from "../core/baseline.js";
+import { setRuntimeExitCode, writeStdout, } from "../utils/runtime.js";
 export async function handleDirectCommand(parsed) {
     if (parsed.command === "init-ci") {
         const workflow = await initCiWorkflow(parsed.options.cwd, parsed.options.force, {
             mode: parsed.options.mode,
             schedule: parsed.options.schedule,
         });
-        process.stdout.write(workflow.created
+        writeStdout(workflow.created
             ? `Created CI workflow at ${workflow.path}\n`
             : `CI workflow already exists at ${workflow.path}. Use --force to overwrite.\n`);
         return true;
@@ -19,110 +19,107 @@ export async function handleDirectCommand(parsed) {
     if (parsed.command === "baseline") {
         if (parsed.options.action === "save") {
             const saved = await saveBaseline(parsed.options);
-            process.stdout.write(`Saved baseline at ${saved.filePath} (${saved.entries} entries)\n`);
+            writeStdout(`Saved baseline at ${saved.filePath} (${saved.entries} entries)\n`);
             return true;
         }
         const diff = await diffBaseline(parsed.options);
         const changes = diff.added.length + diff.removed.length + diff.changed.length;
         if (changes === 0) {
-            process.stdout.write(`No baseline drift detected (${diff.filePath}).\n`);
+            writeStdout(`No baseline drift detected (${diff.filePath}).\n`);
             return true;
         }
-        process.stdout.write(`Baseline drift detected (${diff.filePath}).\n`);
+        writeStdout(`Baseline drift detected (${diff.filePath}).\n`);
         if (diff.added.length > 0)
-            process.stdout.write(`Added: ${diff.added.length}\n`);
+            writeStdout(`Added: ${diff.added.length}\n`);
         if (diff.removed.length > 0)
-            process.stdout.write(`Removed: ${diff.removed.length}\n`);
+            writeStdout(`Removed: ${diff.removed.length}\n`);
         if (diff.changed.length > 0)
-            process.stdout.write(`Changed: ${diff.changed.length}\n`);
-        process.exitCode = 1;
+            writeStdout(`Changed: ${diff.changed.length}\n`);
+        setRuntimeExitCode(1);
         return true;
     }
     if (parsed.command === "bisect") {
         const { runBisect } = await import("../commands/bisect/runner.js");
         const result = await runBisect(parsed.options);
-        process.exitCode = result.breakingVersion ? 1 : 0;
+        setRuntimeExitCode(result.breakingVersion ? 1 : 0);
         return true;
     }
     if (parsed.command === "audit") {
         const { runAudit } = await import("../commands/audit/runner.js");
         const result = await runAudit(parsed.options);
-        process.exitCode = result.advisories.length > 0 ? 1 : 0;
+        setRuntimeExitCode(result.advisories.length > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "health") {
         const { runHealth } = await import("../commands/health/runner.js");
         const result = await runHealth(parsed.options);
-        process.exitCode = result.totalFlagged > 0 ? 1 : 0;
+        setRuntimeExitCode(result.totalFlagged > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "unused") {
         const { runUnused } = await import("../commands/unused/runner.js");
         const result = await runUnused(parsed.options);
-        process.exitCode = result.totalUnused > 0 || result.totalMissing > 0 ? 1 : 0;
+        setRuntimeExitCode(result.totalUnused > 0 || result.totalMissing > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "resolve") {
         const { runResolve } = await import("../commands/resolve/runner.js");
         const result = await runResolve(parsed.options);
-        process.exitCode = result.errorConflicts > 0 ? 1 : 0;
+        setRuntimeExitCode(result.errorConflicts > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "licenses") {
         const { runLicenses } = await import("../commands/licenses/runner.js");
         const result = await runLicenses(parsed.options);
-        process.exitCode = result.totalViolations > 0 ? 1 : 0;
+        setRuntimeExitCode(result.totalViolations > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "snapshot") {
         const { runSnapshot } = await import("../commands/snapshot/runner.js");
         const result = await runSnapshot(parsed.options);
-        process.exitCode = result.errors.length > 0 ? 1 : 0;
+        setRuntimeExitCode(result.errors.length > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "review") {
         const { runReview } = await import("../commands/review/runner.js");
         const result = await runReview(parsed.options);
-        process.exitCode =
-            result.summary.verdict === "blocked" ||
-                result.summary.verdict === "actionable" ||
-                result.summary.verdict === "review"
-                ? 1
-                : 0;
+        setRuntimeExitCode(result.summary.verdict === "blocked" ||
+            result.summary.verdict === "actionable" ||
+            result.summary.verdict === "review"
+            ? 1
+            : 0);
         return true;
     }
     if (parsed.command === "doctor") {
         const { runDoctor } = await import("../commands/doctor/runner.js");
         const result = await runDoctor(parsed.options);
-        process.exitCode = result.verdict === "safe" ? 0 : 1;
+        setRuntimeExitCode(result.verdict === "safe" ? 0 : 1);
         return true;
     }
     if (parsed.command === "dashboard") {
         const { runDashboard } = await import("../commands/dashboard/runner.js");
         const result = await runDashboard(parsed.options);
-        process.exitCode = result.errors.length > 0 ? 1 : 0;
+        setRuntimeExitCode(result.errors.length > 0 ? 1 : 0);
         return true;
     }
     if (parsed.command === "ga") {
         const { runGa } = await import("../commands/ga/runner.js");
         const result = await runGa(parsed.options);
-        process.exitCode = result.ready ? 0 : 1;
+        setRuntimeExitCode(result.ready ? 0 : 1);
         return true;
     }
     if (parsed.options.interactive &&
         (parsed.command === "check" ||
             parsed.command === "upgrade" ||
             parsed.command === "ci")) {
-        const { runReview } = await import("../commands/review/runner.js");
-        const result = await runReview({
+        const { runDashboard } = await import("../commands/dashboard/runner.js");
+        const result = await runDashboard({
             ...parsed.options,
-            securityOnly: false,
-            risk: undefined,
-            diff: undefined,
+            mode: parsed.command === "upgrade" ? "upgrade" : "review",
+            focus: "all",
             applySelected: parsed.command === "upgrade",
         });
-        process.exitCode =
-            result.summary.verdict === "safe" && result.updates.length === 0 ? 0 : 1;
+        setRuntimeExitCode(result.errors.length > 0 ? 1 : 0);
         return true;
     }
     return false;

package/dist/bin/help.js

@@ -41,6 +41,10 @@ Options:
   --pr-limit <n>
   --only-changed
   --interactive
+  --plan-file <path>
+  --verify none|install|test|install,test
+  --test-command <cmd>
+  --verification-report-file <path>
   --show-impact
   --show-links
   --show-homepage
@@ -79,7 +83,7 @@ Options:
   --workspace
   --sync
   --install
-  --pm auto|npm|pnpm
+  --pm auto|bun|npm|pnpm|yarn
   --target patch|minor|major|latest
   --policy-file <path>
   --concurrency <n>
@@ -92,6 +96,10 @@ Options:
   --fix-pr-no-checkout
   --fix-pr-batch-size <n>
   --interactive
+  --from-plan <path>
+  --verify none|install|test|install,test
+  --test-command <cmd>
+  --verification-report-file <path>
   --lockfile-mode preserve|update|error
   --no-pr-report
   --json-file <path>
@@ -109,6 +117,7 @@ Run CI-oriented automation around the same lifecycle:
 Options:
   --workspace
   --mode minimal|strict|enterprise
+  --gate check|doctor|review|upgrade
   --group-by none|name|scope|kind|risk
   --group-max <n>
   --cooldown-days <n>
@@ -126,6 +135,10 @@ Options:
   --fix-pr-no-checkout
   --fix-pr-batch-size <n>
   --no-pr-report
+  --plan-file <path>
+  --verify none|install|test|install,test
+  --test-command <cmd>
+  --verification-report-file <path>
   --json-file <path>
   --github-output <path>
   --sarif-file <path>
@@ -192,6 +205,7 @@ Options:
   --risk critical|high|medium|low
   --diff patch|minor|major|latest
   --apply-selected
+  --plan-file <path>
   --show-changelog
   --policy-file <path>
   --json-file <path>
@@ -209,6 +223,22 @@ Options:
   --verdict-only
   --include-changelog
   --json-file <path>`;
+    }
+    if (isCommand && command === "dashboard") {
+        return `rainy-updates dashboard [options]
+
+Open the primary interactive dependency operations console.
+
+Options:
+  --workspace
+  --mode check|review|upgrade
+  --focus all|security|risk|major|blocked|workspace
+  --apply-selected
+  --plan-file <path>
+  --verify none|install|test|install,test
+  --test-command <cmd>
+  --verification-report-file <path>
+  --cwd <path>`;
     }
     if (isCommand && command === "ga") {
         return `rainy-updates ga [options]
@@ -227,7 +257,7 @@ Commands:
   doctor      Summarize what matters
   review      Decide what to do
   upgrade     Apply the approved change set
-  dashboard   Open the interactive DevOps dashboard (Ink TUI)
+  dashboard   Open the primary interactive dependency dashboard
   ci          Run CI-focused orchestration
   warm-cache  Warm local cache for fast/offline checks
   init-ci     Scaffold GitHub Actions workflow