@rainy-updates/cli 0.5.7 → 0.6.0

package/dist/commands/snapshot/store.js

@@ -1,16 +1,6 @@
-import { createHash } from "node:crypto";
-import { promises as fs } from "node:fs";
 import path from "node:path";
+import { writeFileAtomic } from "../../utils/io.js";
 const DEFAULT_STORE_NAME = ".rup-snapshots.json";
-/**
- * Lightweight SQLite-free snapshot store (uses a JSON file in the project root).
- *
- * Design goals:
- *   - No extra runtime dependencies (SQLite bindings vary by runtime)
- *   - Human-readable store file (git-committable if desired)
- *   - Atomic writes via tmp-rename to prevent corruption
- *   - Fast: entire store fits in memory for typical use (< 50 snapshots)
- */
 export class SnapshotStore {
     storePath;
     entries = [];
@@ -26,8 +16,7 @@ export class SnapshotStore {
         if (this.loaded)
             return;
         try {
-            const raw = await fs.readFile(this.storePath, "utf8");
-            const parsed = JSON.parse(raw);
+            const parsed = (await Bun.file(this.storePath).json());
             if (Array.isArray(parsed)) {
                 this.entries = parsed;
             }
@@ -38,9 +27,7 @@ export class SnapshotStore {
         this.loaded = true;
     }
     async save() {
-        const tmp = this.storePath + ".tmp";
-        await fs.writeFile(tmp, JSON.stringify(this.entries, null, 2) + "\n", "utf8");
-        await fs.rename(tmp, this.storePath);
+        await writeFileAtomic(this.storePath, JSON.stringify(this.entries, null, 2) + "\n");
     }
     async saveSnapshot(manifests, lockfileHashes, label) {
         await this.load();
@@ -76,32 +63,30 @@ export class SnapshotStore {
         return false;
     }
 }
-/** Captures current package.json and lockfile state for a set of directories. */
 export async function captureState(packageDirs) {
     const manifests = {};
     const lockfileHashes = {};
-    const LOCKFILES = [
+    const lockfiles = [
         "package-lock.json",
         "pnpm-lock.yaml",
         "yarn.lock",
+        "bun.lock",
         "bun.lockb",
     ];
     await Promise.all(packageDirs.map(async (dir) => {
-        // Read package.json
         try {
-            const content = await fs.readFile(path.join(dir, "package.json"), "utf8");
-            manifests[dir] = content;
+            manifests[dir] = await Bun.file(path.join(dir, "package.json")).text();
         }
         catch {
             // No package.json — skip
         }
-        // Hash the first lockfile found
-        for (const lf of LOCKFILES) {
+        for (const lockfileName of lockfiles) {
+            const filePath = path.join(dir, lockfileName);
             try {
-                const content = await fs.readFile(path.join(dir, lf));
-                lockfileHashes[dir] = createHash("sha256")
-                    .update(content)
-                    .digest("hex");
+                const file = Bun.file(filePath);
+                if (!(await file.exists()))
+                    continue;
+                lockfileHashes[dir] = await hashFile(filePath);
                 break;
             }
             catch {
@@ -111,16 +96,11 @@ export async function captureState(packageDirs) {
     }));
     return { manifests, lockfileHashes };
 }
-/** Restores package.json files from a snapshot's manifest map. */
 export async function restoreState(entry) {
     await Promise.all(Object.entries(entry.manifests).map(async ([dir, content]) => {
-        const manifestPath = path.join(dir, "package.json");
-        const tmp = manifestPath + ".tmp";
-        await fs.writeFile(tmp, content, "utf8");
-        await fs.rename(tmp, manifestPath);
+        await writeFileAtomic(path.join(dir, "package.json"), content);
     }));
 }
-/** Computes a diff of dependency versions between two manifest snapshots. */
 export function diffManifests(before, after) {
     const changes = [];
     for (const [dir, afterJson] of Object.entries(after)) {
@@ -142,12 +122,15 @@ export function diffManifests(before, after) {
             "optionalDependencies",
         ];
         for (const field of fields) {
-            const before = beforeManifest[field] ?? {};
-            const after = afterManifest[field] ?? {};
-            const allNames = new Set([...Object.keys(before), ...Object.keys(after)]);
+            const beforeDeps = beforeManifest[field] ?? {};
+            const afterDeps = afterManifest[field] ?? {};
+            const allNames = new Set([
+                ...Object.keys(beforeDeps),
+                ...Object.keys(afterDeps),
+            ]);
             for (const name of allNames) {
-                const fromVer = before[name] ?? "(removed)";
-                const toVer = after[name] ?? "(removed)";
+                const fromVer = beforeDeps[name] ?? "(removed)";
+                const toVer = afterDeps[name] ?? "(removed)";
                 if (fromVer !== toVer) {
                     changes.push({ name, from: fromVer, to: toVer });
                 }
@@ -156,3 +139,8 @@ export function diffManifests(before, after) {
     }
     return changes;
 }
+async function hashFile(filePath) {
+    const hasher = new Bun.CryptoHasher("sha256");
+    hasher.update(await Bun.file(filePath).bytes());
+    return hasher.digest("hex");
+}

package/dist/commands/unused/runner.js

@@ -1,9 +1,9 @@
 import path from "node:path";
-import process from "node:process";
 import { readManifest, } from "../../parsers/package-json.js";
 import { discoverPackageDirs } from "../../workspace/discover.js";
 import { writeFileAtomic } from "../../utils/io.js";
 import { stableStringify } from "../../utils/stable-json.js";
+import { writeStderr, writeStdout } from "../../utils/runtime.js";
 import { scanDirectory } from "./scanner.js";
 import { matchDependencies, removeUnusedFromManifest } from "./matcher.js";
 /**
@@ -60,16 +60,15 @@ export async function runUnused(options) {
         // ─ Apply fix ─────────────────────────────────────────────────────────────
         if (options.fix && unused.length > 0) {
             if (options.dryRun) {
-                process.stderr.write(`[unused] --dry-run: would remove ${unused.length} unused dep(s) from ${packageDir}/package.json\n`);
+                writeStderr(`[unused] --dry-run: would remove ${unused.length} unused dep(s) from ${packageDir}/package.json\n`);
             }
             else {
                 try {
-                    const { promises: fs } = await import("node:fs");
                     const manifestPath = path.join(packageDir, "package.json");
-                    const originalJson = await fs.readFile(manifestPath, "utf8");
+                    const originalJson = await Bun.file(manifestPath).text();
                     const updatedJson = removeUnusedFromManifest(originalJson, unused);
                     await writeFileAtomic(manifestPath, updatedJson);
-                    process.stderr.write(`[unused] Removed ${unused.length} unused dep(s) from ${packageDir}/package.json\n`);
+                    writeStderr(`[unused] Removed ${unused.length} unused dep(s) from ${packageDir}/package.json\n`);
                 }
                 catch (error) {
                     result.errors.push(`Failed to update package.json in ${packageDir}: ${String(error)}`);
@@ -80,11 +79,11 @@ export async function runUnused(options) {
     result.totalUnused = result.unused.length;
     result.totalMissing = result.missing.length;
     // ─ Render output ─────────────────────────────────────────────────────────
-    process.stdout.write(renderUnusedTable(result) + "\n");
+    writeStdout(renderUnusedTable(result) + "\n");
     // ─ JSON report ───────────────────────────────────────────────────────────
     if (options.jsonFile) {
         await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
-        process.stderr.write(`[unused] JSON report written to ${options.jsonFile}\n`);
+        writeStderr(`[unused] JSON report written to ${options.jsonFile}\n`);
     }
     return result;
 }

package/dist/commands/unused/scanner.js

@@ -93,34 +93,31 @@ export async function scanDirectory(dir) {
 async function walkDirectory(dir, collector) {
     let entries;
     try {
-        entries = await fs.readdir(dir);
+        entries = await fs.readdir(dir, { withFileTypes: true });
     }
     catch {
         return;
     }
     const tasks = [];
-    for (const entryName of entries) {
+    for (const entry of entries) {
+        const entryName = entry.name;
         if (IGNORED_DIRS.has(entryName))
             continue;
         const fullPath = path.join(dir, entryName);
-        tasks.push(fs
-            .stat(fullPath)
-            .then((stat) => {
-            if (stat.isDirectory()) {
-                return walkDirectory(fullPath, collector);
-            }
-            if (stat.isFile()) {
-                const ext = path.extname(entryName).toLowerCase();
-                if (!SOURCE_EXTENSIONS.has(ext))
-                    return;
-                return fs
-                    .readFile(fullPath, "utf8")
-                    .then((source) => {
-                    for (const name of extractImportsFromSource(source)) {
-                        collector.add(name);
-                    }
-                })
-                    .catch(() => undefined);
+        if (entry.isDirectory()) {
+            tasks.push(walkDirectory(fullPath, collector));
+            continue;
+        }
+        if (!entry.isFile())
+            continue;
+        const ext = path.extname(entryName).toLowerCase();
+        if (!SOURCE_EXTENSIONS.has(ext))
+            continue;
+        tasks.push(Bun.file(fullPath)
+            .text()
+            .then((source) => {
+            for (const name of extractImportsFromSource(source)) {
+                collector.add(name);
             }
         })
             .catch(() => undefined));

package/dist/config/loader.d.ts

@@ -1,4 +1,4 @@
-import type { CiProfile, DependencyKind, FailOnLevel, GroupBy, LockfileMode, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
+import type { CiProfile, SelectedPackageManager, DependencyKind, FailOnLevel, GroupBy, LockfileMode, LogLevel, OutputFormat, TargetLevel } from "../types/index.js";
 export interface FileConfig {
     target?: TargetLevel;
     filter?: string;
@@ -39,7 +39,7 @@ export interface FileConfig {
     showImpact?: boolean;
     showHomepage?: boolean;
     install?: boolean;
-    packageManager?: "auto" | "npm" | "pnpm";
+    packageManager?: SelectedPackageManager;
     sync?: boolean;
 }
 export declare function loadConfig(cwd: string): Promise<FileConfig>;

package/dist/config/loader.js

@@ -1,4 +1,3 @@
-import { promises as fs } from "node:fs";
 import path from "node:path";
 export async function loadConfig(cwd) {
     const fromRc = await loadRcFile(cwd);
@@ -13,8 +12,7 @@ async function loadRcFile(cwd) {
     for (const candidate of candidates) {
         const filePath = path.join(cwd, candidate);
         try {
-            const content = await fs.readFile(filePath, "utf8");
-            return JSON.parse(content);
+            return (await Bun.file(filePath).json());
         }
         catch {
             // noop
@@ -25,8 +23,7 @@ async function loadRcFile(cwd) {
 async function loadPackageConfig(cwd) {
     const packagePath = path.join(cwd, "package.json");
     try {
-        const content = await fs.readFile(packagePath, "utf8");
-        const parsed = JSON.parse(content);
+        const parsed = (await Bun.file(packagePath).json());
         return parsed.rainyUpdates ?? {};
     }
     catch {

package/dist/config/policy.js

@@ -1,19 +1,24 @@
-import { promises as fs } from "node:fs";
 import path from "node:path";
 export async function loadPolicy(cwd, policyFile) {
-    const candidates = policyFile ? [policyFile] : [
-        path.join(cwd, ".rainyupdates-policy.json"),
-        path.join(cwd, "rainy-updates.policy.json"),
-    ];
+    const candidates = policyFile
+        ? [policyFile]
+        : [
+            path.join(cwd, ".rainyupdates-policy.json"),
+            path.join(cwd, "rainy-updates.policy.json"),
+        ];
     for (const candidate of candidates) {
-        const filePath = path.isAbsolute(candidate) ? candidate : path.resolve(cwd, candidate);
+        const filePath = path.isAbsolute(candidate)
+            ? candidate
+            : path.resolve(cwd, candidate);
         try {
-            const content = await fs.readFile(filePath, "utf8");
-            const parsed = JSON.parse(content);
+            const parsed = (await Bun.file(filePath).json());
             return {
                 ignorePatterns: parsed.ignore ?? [],
                 cooldownDays: asNonNegativeInt(parsed.cooldownDays),
-                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [pkg, normalizeRule(rule)])),
+                packageRules: new Map(Object.entries(parsed.packageRules ?? {}).map(([pkg, rule]) => [
+                    pkg,
+                    normalizeRule(rule),
+                ])),
                 matchRules: Object.values(parsed.packageRules ?? {})
                     .map((rule) => normalizeRule(rule))
                     .filter((rule) => typeof rule.match === "string" && rule.match.length > 0),
@@ -44,7 +49,9 @@ function normalizeRule(rule) {
         maxUpdatesPerRun: asNonNegativeInt(rule.maxUpdatesPerRun),
         cooldownDays: asNonNegativeInt(rule.cooldownDays),
         allowPrerelease: rule.allowPrerelease === true,
-        group: typeof rule.group === "string" && rule.group.trim().length > 0 ? rule.group.trim() : undefined,
+        group: typeof rule.group === "string" && rule.group.trim().length > 0
+            ? rule.group.trim()
+            : undefined,
         priority: asNonNegativeInt(rule.priority),
         target: rule.target,
         autofix: rule.autofix !== false,
@@ -60,7 +67,9 @@ function matchesPattern(value, pattern) {
         return false;
     if (pattern === "*")
         return true;
-    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    const escaped = pattern
+        .replace(/[.+^${}()|[\]\\]/g, "\\$&")
+        .replace(/\*/g, ".*");
     const regex = new RegExp(`^${escaped}$`);
     return regex.test(value);
 }

package/dist/core/analysis/run-silenced.js

@@ -1,4 +1,3 @@
-import process from "node:process";
 export async function runSilenced(fn) {
     const stdoutWrite = process.stdout.write.bind(process.stdout);
     const stderrWrite = process.stderr.write.bind(process.stderr);

package/dist/core/artifacts.js

@@ -1,10 +1,9 @@
-import crypto from "node:crypto";
 import path from "node:path";
 import { stableStringify } from "../utils/stable-json.js";
 import { writeFileAtomic } from "../utils/io.js";
 export function createRunId(command, options, result) {
-    const hash = crypto.createHash("sha256");
-    hash.update(stableStringify({
+    const hasher = new Bun.CryptoHasher("sha256");
+    hasher.update(stableStringify({
         command,
         cwd: path.resolve(options.cwd),
         target: options.target,
@@ -17,14 +16,15 @@ export function createRunId(command, options, result) {
             toRange: update.toRange,
         })),
     }, 0));
-    return hash.digest("hex").slice(0, 16);
+    return hasher.digest("hex").slice(0, 16);
 }
 export async function writeArtifactManifest(command, options, result) {
     const shouldWrite = options.ci ||
         Boolean(options.jsonFile) ||
         Boolean(options.githubOutputFile) ||
         Boolean(options.sarifFile) ||
-        Boolean(options.prReportFile);
+        Boolean(options.prReportFile) ||
+        Boolean(options.verificationReportFile);
     if (!shouldWrite)
         return null;
     const runId = result.summary.runId ?? createRunId(command, options, result);
@@ -41,6 +41,7 @@ export async function writeArtifactManifest(command, options, result) {
             githubOutputFile: options.githubOutputFile,
             sarifFile: options.sarifFile,
             prReportFile: options.prReportFile,
+            verificationReportFile: options.verificationReportFile,
         },
     };
     await writeFileAtomic(artifactManifestPath, stableStringify(manifest, 2) + "\n");

package/dist/core/baseline.js

@@ -1,6 +1,6 @@
-import { promises as fs } from "node:fs";
 import path from "node:path";
 import { collectDependencies, readManifest } from "../parsers/package-json.js";
+import { writeFileAtomic } from "../utils/io.js";
 import { discoverPackageDirs } from "../workspace/discover.js";
 export async function saveBaseline(options) {
     const entries = await collectBaselineEntries(options.cwd, options.workspace, options.includeKinds);
@@ -9,16 +9,14 @@ export async function saveBaseline(options) {
         createdAt: new Date().toISOString(),
         entries,
     };
-    await fs.mkdir(path.dirname(options.filePath), { recursive: true });
-    await fs.writeFile(options.filePath, JSON.stringify(payload, null, 2) + "\n", "utf8");
+    await writeFileAtomic(options.filePath, JSON.stringify(payload, null, 2) + "\n");
     return {
         filePath: options.filePath,
         entries: entries.length,
     };
 }
 export async function diffBaseline(options) {
-    const content = await fs.readFile(options.filePath, "utf8");
-    const baseline = JSON.parse(content);
+    const baseline = (await Bun.file(options.filePath).json());
     const currentEntries = await collectBaselineEntries(options.cwd, options.workspace, options.includeKinds);
     const baselineMap = new Map(baseline.entries.map((entry) => [toKey(entry), entry]));
     const currentMap = new Map(currentEntries.map((entry) => [toKey(entry), entry]));

package/dist/core/check.js

@@ -1,5 +1,4 @@
 import path from "node:path";
-import process from "node:process";
 import { collectDependencies, readManifest } from "../parsers/package-json.js";
 import { matchesPattern } from "../utils/pattern.js";
 import { applyRangeStyle, classifyDiff, clampTarget, pickTargetVersionFromAvailable } from "../utils/semver.js";
@@ -11,6 +10,7 @@ import { loadPolicy, resolvePolicyRule } from "../config/policy.js";
 import { createSummary, finalizeSummary } from "./summary.js";
 import { applyImpactScores } from "./impact.js";
 import { formatClassifiedMessage } from "./errors.js";
+import { writeStdout } from "../utils/runtime.js";
 export async function check(options) {
     const startedAt = Date.now();
     let discoveryMs = 0;
@@ -48,7 +48,7 @@ export async function check(options) {
         if (!options.stream)
             return;
         streamedEvents += 1;
-        process.stdout.write(`${message}\n`);
+        writeStdout(`${message}\n`);
     };
     for (const packageDir of packageDirs) {
         let manifest;

package/dist/core/ci.js

@@ -1,5 +1,8 @@
 import { check } from "./check.js";
 import { warmCache } from "./warm-cache.js";
+import { buildReviewResult, createDoctorResult } from "./review-model.js";
+import { createDecisionPlan, defaultDecisionPlanPath, writeDecisionPlan, } from "./decision-plan.js";
+import { upgrade } from "./upgrade.js";
 export async function runCi(options) {
     const profile = options.ciProfile;
     if (profile !== "minimal") {
@@ -16,5 +19,53 @@ export async function runCi(options) {
         offline: profile === "minimal" ? options.offline : true,
         concurrency: profile === "enterprise" ? Math.max(options.concurrency, 32) : options.concurrency,
     };
-    return await check(checkOptions);
+    if (options.ciGate === "check") {
+        return await check(checkOptions);
+    }
+    if (options.ciGate === "doctor") {
+        const review = await buildReviewResult(checkOptions);
+        createDoctorResult(review);
+        return reviewToCheckResult(review);
+    }
+    if (options.ciGate === "review") {
+        const review = await buildReviewResult(checkOptions);
+        const selectedItems = review.items.filter((item) => item.update.selectedByDefault !== false &&
+            item.update.decisionState !== "blocked");
+        const decisionPlanFile = options.decisionPlanFile ?? defaultDecisionPlanPath(options.cwd);
+        const plan = createDecisionPlan({
+            review,
+            selectedItems,
+            sourceCommand: "ci",
+            mode: "review",
+            focus: "all",
+        });
+        await writeDecisionPlan(decisionPlanFile, plan);
+        review.decisionPlan = plan;
+        review.summary.decisionPlan = decisionPlanFile;
+        review.summary.interactiveSurface = "dashboard";
+        review.summary.queueFocus = "all";
+        review.summary.suggestedCommand = `rup upgrade --from-plan ${decisionPlanFile}`;
+        return reviewToCheckResult(review);
+    }
+    const decisionPlanFile = options.decisionPlanFile ?? defaultDecisionPlanPath(options.cwd);
+    return upgrade({
+        ...checkOptions,
+        install: false,
+        packageManager: "auto",
+        sync: checkOptions.workspace,
+        fromPlanFile: decisionPlanFile,
+    });
+}
+function reviewToCheckResult(review) {
+    return {
+        projectPath: review.projectPath,
+        packagePaths: review.analysis.check.packagePaths,
+        packageManager: review.analysis.check.packageManager,
+        target: review.target,
+        timestamp: review.analysis.check.timestamp,
+        summary: review.summary,
+        updates: review.updates,
+        errors: review.errors,
+        warnings: review.warnings,
+    };
 }

package/dist/core/decision-plan.d.ts

@@ -0,0 +1,14 @@
+import type { DashboardMode, DecisionPlan, PackageUpdate, QueueFocus, ReviewItem, ReviewResult, UpgradeOptions } from "../types/index.js";
+export declare function defaultDecisionPlanPath(cwd: string): string;
+export declare function filterReviewItemsByFocus(items: ReviewItem[], focus: QueueFocus): ReviewItem[];
+export declare function createDecisionPlan(input: {
+    review: ReviewResult;
+    selectedItems: ReviewItem[];
+    sourceCommand: string;
+    mode: DashboardMode;
+    focus: QueueFocus;
+}): DecisionPlan;
+export declare function writeDecisionPlan(filePath: string, plan: DecisionPlan): Promise<void>;
+export declare function readDecisionPlan(filePath: string): Promise<DecisionPlan>;
+export declare function selectedUpdatesFromPlan(plan: DecisionPlan): PackageUpdate[];
+export declare function resolveDecisionPlanPath(options: Pick<UpgradeOptions, "cwd" | "decisionPlanFile">, explicit?: string): string;

package/dist/core/decision-plan.js

@@ -0,0 +1,107 @@
+import path from "node:path";
+import { stableStringify } from "../utils/stable-json.js";
+import { writeFileAtomic } from "../utils/io.js";
+export function defaultDecisionPlanPath(cwd) {
+    return path.resolve(cwd, ".artifacts/decision-plan.json");
+}
+export function filterReviewItemsByFocus(items, focus) {
+    if (focus === "security") {
+        return items.filter((item) => item.advisories.length > 0);
+    }
+    if (focus === "risk") {
+        return items.filter((item) => item.update.riskLevel === "critical" ||
+            item.update.riskLevel === "high");
+    }
+    if (focus === "major") {
+        return items.filter((item) => item.update.diffType === "major");
+    }
+    if (focus === "blocked") {
+        return items.filter((item) => item.update.decisionState === "blocked");
+    }
+    if (focus === "workspace") {
+        return items.filter((item) => Boolean(item.update.workspaceGroup));
+    }
+    return items;
+}
+export function createDecisionPlan(input) {
+    const selectedKeys = new Set(input.selectedItems.map((item) => packageUpdateKey(item.update)));
+    const items = input.review.items.map((item) => ({
+        ...toDecisionPlanItem(item.update),
+        selected: selectedKeys.has(packageUpdateKey(item.update)),
+    }));
+    return {
+        contractVersion: "1",
+        createdAt: new Date().toISOString(),
+        sourceCommand: input.sourceCommand,
+        mode: input.mode,
+        focus: input.focus,
+        projectPath: input.review.projectPath,
+        target: input.review.target,
+        interactiveSurface: "dashboard",
+        summary: {
+            totalItems: items.length,
+            selectedItems: items.filter((item) => item.selected).length,
+        },
+        items,
+    };
+}
+export async function writeDecisionPlan(filePath, plan) {
+    await writeFileAtomic(filePath, stableStringify(plan, 2) + "\n");
+}
+export async function readDecisionPlan(filePath) {
+    const parsed = (await Bun.file(filePath).json());
+    if (parsed.contractVersion !== "1" ||
+        !Array.isArray(parsed.items) ||
+        typeof parsed.projectPath !== "string") {
+        throw new Error(`Invalid decision plan: ${filePath}`);
+    }
+    return parsed;
+}
+export function selectedUpdatesFromPlan(plan) {
+    return plan.items.filter((item) => item.selected).map(toPackageUpdate);
+}
+export function resolveDecisionPlanPath(options, explicit) {
+    return (explicit ?? options.decisionPlanFile ?? defaultDecisionPlanPath(options.cwd));
+}
+function toDecisionPlanItem(update) {
+    return {
+        packagePath: update.packagePath,
+        name: update.name,
+        kind: update.kind,
+        fromRange: update.fromRange,
+        toRange: update.toRange,
+        toVersionResolved: update.toVersionResolved,
+        diffType: update.diffType,
+        riskLevel: update.riskLevel,
+        riskScore: update.riskScore,
+        policyAction: update.policyAction,
+        decisionState: update.decisionState,
+        selected: true,
+    };
+}
+function toPackageUpdate(item) {
+    return {
+        packagePath: item.packagePath,
+        name: item.name,
+        kind: item.kind,
+        fromRange: item.fromRange,
+        toRange: item.toRange,
+        toVersionResolved: item.toVersionResolved,
+        diffType: item.diffType,
+        filtered: false,
+        autofix: true,
+        riskLevel: item.riskLevel,
+        riskScore: item.riskScore,
+        policyAction: item.policyAction,
+        decisionState: item.decisionState,
+    };
+}
+function packageUpdateKey(update) {
+    return [
+        update.packagePath,
+        update.kind,
+        update.name,
+        update.fromRange,
+        update.toRange,
+    ].join("::");
+}

package/dist/core/doctor/result.js

@@ -17,6 +17,7 @@ export function createDoctorResult(review) {
     review.summary.primaryFindingCode = findings[0]?.code;
     review.summary.primaryFindingCategory = findings[0]?.category;
     review.summary.nextActionReason = nextActionReason;
+    review.summary.suggestedCommand = recommendedCommand;
     return {
         verdict,
         score,
@@ -31,11 +32,13 @@ export function createDoctorResult(review) {
 }
 function recommendDoctorCommand(review, verdict) {
     if (verdict === "blocked")
-        return "rup review --interactive";
-    if ((review.summary.securityPackages ?? 0) > 0)
-        return "rup review --security-only";
-    if (review.errors.length > 0 || review.items.length > 0)
-        return "rup review --interactive";
+        return "rup dashboard --mode review --focus blocked";
+    if ((review.summary.securityPackages ?? 0) > 0) {
+        return "rup dashboard --mode review --focus security";
+    }
+    if (review.errors.length > 0 || review.items.length > 0) {
+        return "rup dashboard --mode review";
+    }
     return "rup check";
 }
 function describeNextActionReason(review, verdict) {