@rainy-updates/cli 0.5.7 → 0.6.1

package/dist/commands/licenses/parser.js

@@ -2,6 +2,11 @@ export function parseLicensesArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         allow: undefined,
         deny: undefined,
         sbomFile: undefined,
@@ -25,6 +30,35 @@ export function parseLicensesArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--diff") {
             options.diffMode = true;
             continue;
@@ -105,6 +139,11 @@ Options:
   --json-file <path>     Write JSON report to file
   --diff                 Show only packages with a different license than last scan
   --workspace            Scan all workspace packages
+  --affected             Scan changed workspace packages and dependents
+  --staged               Limit scanning to staged changes
+  --base <ref>           Compare changes against a base git ref
+  --head <ref>           Compare changes against a head git ref
+  --since <ref>          Compare changes since a git ref
   --timeout <ms>         Registry request timeout (default: 10000)
   --concurrency <n>      Parallel registry requests (default: 12)
   --cwd <path>           Working directory (default: cwd)

package/dist/commands/licenses/runner.js

@@ -1,9 +1,9 @@
-import process from "node:process";
 import { discoverPackageDirs } from "../../workspace/discover.js";
 import { readManifest, collectDependencies, } from "../../parsers/package-json.js";
 import { asyncPool } from "../../utils/async-pool.js";
 import { stableStringify } from "../../utils/stable-json.js";
 import { writeFileAtomic } from "../../utils/io.js";
+import { writeStderr, writeStdout } from "../../utils/runtime.js";
 import { generateSbom } from "./sbom.js";
 /**
  * Entry point for `rup licenses`. Lazy-loaded by cli.ts.
@@ -20,7 +20,11 @@ export async function runLicenses(options) {
         errors: [],
         warnings: [],
     };
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeKinds: ["dependencies", "devDependencies", "optionalDependencies"],
+        includeDependents: options.affected === true,
+    });
     const allDeps = new Map(); // name → resolved version
     for (const packageDir of packageDirs) {
         let manifest;
@@ -63,17 +67,17 @@ export async function runLicenses(options) {
     }
     result.totalViolations = result.violations.length;
     // Render
-    process.stdout.write(renderLicenseTable(result) + "\n");
+    writeStdout(renderLicenseTable(result) + "\n");
     // SBOM output
     if (options.sbomFile) {
         const sbom = generateSbom(result.packages, options.cwd);
         await writeFileAtomic(options.sbomFile, stableStringify(sbom, 2) + "\n");
-        process.stderr.write(`[licenses] SBOM written to ${options.sbomFile}\n`);
+        writeStderr(`[licenses] SBOM written to ${options.sbomFile}\n`);
     }
     // JSON output
     if (options.jsonFile) {
         await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
-        process.stderr.write(`[licenses] JSON report written to ${options.jsonFile}\n`);
+        writeStderr(`[licenses] JSON report written to ${options.jsonFile}\n`);
     }
     return result;
 }

package/dist/commands/resolve/graph/builder.js

@@ -22,7 +22,11 @@ export async function buildPeerGraph(options,
  * to inject proposed upgrade versions before writing them to disk).
  */
 resolvedVersionOverrides) {
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeKinds: ["dependencies", "devDependencies", "optionalDependencies"],
+        includeDependents: options.affected === true,
+    });
     const cache = await VersionCache.create();
     const registry = new NpmRegistryClient(options.cwd, {
         timeoutMs: options.registryTimeoutMs,

package/dist/commands/resolve/parser.js

@@ -2,6 +2,11 @@ export function parseResolveArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         afterUpdate: false,
         safe: false,
         jsonFile: undefined,
@@ -23,6 +28,35 @@ export function parseResolveArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--after-update") {
             options.afterUpdate = true;
             continue;
@@ -77,6 +111,11 @@ Options:
   --after-update        Simulate conflicts after applying pending \`rup check\` updates
   --safe                Exit non-zero if any error-level conflicts exist
   --workspace           Scan all workspace packages
+  --affected            Scan changed workspace packages and their dependents
+  --staged              Limit scanning to staged changes
+  --base <ref>          Compare changes against a base git ref
+  --head <ref>          Compare changes against a head git ref
+  --since <ref>         Compare changes since a git ref
   --json-file <path>    Write JSON conflict report to file
   --timeout <ms>        Registry request timeout in ms (default: 10000)
   --concurrency <n>     Parallel registry requests (default: 12)

package/dist/commands/resolve/runner.js

@@ -1,8 +1,8 @@
-import process from "node:process";
 import { buildPeerGraph } from "./graph/builder.js";
 import { resolvePeerConflicts } from "./graph/resolver.js";
 import { stableStringify } from "../../utils/stable-json.js";
 import { writeFileAtomic } from "../../utils/io.js";
+import { writeStderr, writeStdout } from "../../utils/runtime.js";
 /**
  * Entry point for `rup resolve`. Lazy-loaded by cli.ts.
  *
@@ -26,7 +26,7 @@ export async function runResolve(options) {
     if (options.afterUpdate) {
         versionOverrides = await fetchProposedVersions(options);
         if (versionOverrides.size === 0 && !options.silent) {
-            process.stderr.write("[resolve] No pending updates found — checking current state.\n");
+            writeStderr("[resolve] No pending updates found — checking current state.\n");
         }
     }
     let graph;
@@ -42,12 +42,12 @@ export async function runResolve(options) {
     result.errorConflicts = conflicts.filter((c) => c.severity === "error").length;
     result.warningConflicts = conflicts.filter((c) => c.severity === "warning").length;
     if (!options.silent) {
-        process.stdout.write(renderConflictsTable(result, options) + "\n");
+        writeStdout(renderConflictsTable(result, options) + "\n");
     }
     if (options.jsonFile) {
         await writeFileAtomic(options.jsonFile, stableStringify(result, 2) + "\n");
         if (!options.silent) {
-            process.stderr.write(`[resolve] JSON report written to ${options.jsonFile}\n`);
+            writeStderr(`[resolve] JSON report written to ${options.jsonFile}\n`);
         }
     }
     return result;
@@ -95,11 +95,21 @@ async function fetchProposedVersions(options) {
             cooldownDays: undefined,
             prLimit: undefined,
             onlyChanged: false,
+            affected: options.affected,
+            staged: options.staged,
+            baseRef: options.baseRef,
+            headRef: options.headRef,
+            sinceRef: options.sinceRef,
             ciProfile: "minimal",
             lockfileMode: "preserve",
             interactive: false,
             showImpact: false,
             showHomepage: false,
+            decisionPlanFile: undefined,
+            verify: "none",
+            testCommand: undefined,
+            verificationReportFile: undefined,
+            ciGate: "check",
         });
         for (const update of checkResult.updates ?? []) {
             overrides.set(update.name, update.toVersionResolved);

package/dist/commands/review/parser.js

@@ -1,9 +1,9 @@
 import path from "node:path";
-import process from "node:process";
 import { ensureRiskLevel } from "../../core/options.js";
+import { exitProcess, getRuntimeCwd, writeStdout, } from "../../utils/runtime.js";
 export function parseReviewArgs(args) {
     const options = {
-        cwd: process.cwd(),
+        cwd: getRuntimeCwd(),
         target: "latest",
         filter: undefined,
         reject: undefined,
@@ -37,6 +37,11 @@ export function parseReviewArgs(args) {
         cooldownDays: undefined,
         prLimit: undefined,
         onlyChanged: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         ciProfile: "minimal",
         lockfileMode: "preserve",
         interactive: false,
@@ -47,6 +52,12 @@ export function parseReviewArgs(args) {
         diff: undefined,
         applySelected: false,
         showChangelog: false,
+        decisionPlanFile: undefined,
+        queueFocus: "all",
+        verify: "none",
+        testCommand: undefined,
+        verificationReportFile: undefined,
+        ciGate: "check",
     };
     for (let i = 0; i < args.length; i += 1) {
         const current = args[i];
@@ -62,6 +73,39 @@ export function parseReviewArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--only-changed") {
+            options.onlyChanged = true;
+            continue;
+        }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--interactive") {
             options.interactive = true;
             continue;
@@ -94,6 +138,41 @@ export function parseReviewArgs(args) {
             options.applySelected = true;
             continue;
         }
+        if (current === "--plan-file" && next) {
+            options.decisionPlanFile = path.resolve(options.cwd, next);
+            i += 1;
+            continue;
+        }
+        if (current === "--plan-file")
+            throw new Error("Missing value for --plan-file");
+        if (current === "--verify" && next) {
+            if (next === "none" ||
+                next === "install" ||
+                next === "test" ||
+                next === "install,test") {
+                options.verify = next;
+                i += 1;
+                continue;
+            }
+            throw new Error("--verify must be none, install, test or install,test");
+        }
+        if (current === "--verify")
+            throw new Error("Missing value for --verify");
+        if (current === "--test-command" && next) {
+            options.testCommand = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--test-command")
+            throw new Error("Missing value for --test-command");
+        if (current === "--verification-report-file" && next) {
+            options.verificationReportFile = path.resolve(options.cwd, next);
+            i += 1;
+            continue;
+        }
+        if (current === "--verification-report-file") {
+            throw new Error("Missing value for --verification-report-file");
+        }
         if (current === "--show-changelog") {
             options.showChangelog = true;
             continue;
@@ -148,13 +227,22 @@ export function parseReviewArgs(args) {
             throw new Error("Missing value for --registry-retries");
         }
         if (current === "--help" || current === "-h") {
-            process.stdout.write(REVIEW_HELP);
-            process.exit(0);
+            writeStdout(REVIEW_HELP);
+            exitProcess(0);
         }
         if (current.startsWith("-"))
             throw new Error(`Unknown review option: ${current}`);
         throw new Error(`Unexpected review argument: ${current}`);
     }
+    if (options.securityOnly) {
+        options.queueFocus = "security";
+    }
+    else if (options.risk === "critical" || options.risk === "high") {
+        options.queueFocus = "risk";
+    }
+    else if (options.diff === "major") {
+        options.queueFocus = "major";
+    }
     return options;
 }
 const REVIEW_HELP = `
@@ -169,8 +257,17 @@ Options:
   --risk <level>          Minimum risk: critical, high, medium, low
   --diff <level>          Filter by patch, minor, major, latest
   --apply-selected        Apply all filtered updates after review
+  --plan-file <path>      Write the selected decision set to a reusable plan file
+  --verify <mode>         Run post-apply verification: none, install, test, install,test
+  --test-command <cmd>    Override the command used for test verification
   --show-changelog        Fetch release notes summaries for review output
   --workspace             Scan all workspace packages
+  --only-changed         Limit analysis to changed packages
+  --affected             Include changed packages and their dependents
+  --staged               Limit analysis to staged changes
+  --base <ref>           Compare changes against a base git ref
+  --head <ref>           Compare changes against a head git ref
+  --since <ref>          Compare changes since a git ref
   --policy-file <path>    Load policy overrides
   --json-file <path>      Write JSON review report to file
   --registry-timeout-ms <n>

package/dist/commands/review/runner.js

@@ -1,16 +1,42 @@
-import process from "node:process";
-import { runTui } from "../../ui/tui.js";
 import { buildReviewResult, renderReviewResult } from "../../core/review-model.js";
 import { applySelectedUpdates } from "../../core/upgrade.js";
+import { createDecisionPlan, writeDecisionPlan } from "../../core/decision-plan.js";
 import { stableStringify } from "../../utils/stable-json.js";
 import { writeFileAtomic } from "../../utils/io.js";
+import { writeStdout } from "../../utils/runtime.js";
 export async function runReview(options) {
     const review = await buildReviewResult(options);
-    let selectedItems = review.items;
     if (options.interactive && review.updates.length > 0) {
-        selectedItems = await runTui(review.items);
+        const { runDashboard } = await import("../dashboard/runner.js");
+        const dashboard = await runDashboard({
+            ...options,
+            mode: options.applySelected ? "upgrade" : "review",
+            focus: options.queueFocus ?? "all",
+            applySelected: options.applySelected,
+        }, review);
+        review.summary.decisionPlan = dashboard.decisionPlanFile;
+        review.summary.interactiveSurface = "dashboard";
+        review.summary.queueFocus = options.queueFocus ?? "all";
+        if (options.jsonFile) {
+            await writeFileAtomic(options.jsonFile, stableStringify(review, 2) + "\n");
+        }
+        return review;
     }
+    let selectedItems = review.items;
     const selectedUpdates = selectedItems.map((item) => item.update);
+    if (options.decisionPlanFile) {
+        const decisionPlan = createDecisionPlan({
+            review,
+            selectedItems,
+            sourceCommand: "review",
+            mode: options.applySelected ? "upgrade" : "review",
+            focus: options.queueFocus ?? "all",
+        });
+        const decisionPlanFile = options.decisionPlanFile;
+        await writeDecisionPlan(decisionPlanFile, decisionPlan);
+        review.decisionPlan = decisionPlan;
+        review.summary.decisionPlan = decisionPlanFile;
+    }
     if (options.applySelected && selectedUpdates.length > 0) {
         await applySelectedUpdates({
             ...options,
@@ -19,7 +45,7 @@ export async function runReview(options) {
             sync: false,
         }, selectedUpdates);
     }
-    process.stdout.write(renderReviewResult({
+    writeStdout(renderReviewResult({
         ...review,
         items: selectedItems,
         updates: selectedUpdates,

package/dist/commands/snapshot/parser.js

@@ -3,6 +3,11 @@ export function parseSnapshotArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         action: "list",
         label: undefined,
         snapshotId: undefined,
@@ -25,6 +30,35 @@ export function parseSnapshotArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--label" && next) {
             options.label = next;
             i++;
@@ -75,6 +109,11 @@ Options:
   --label <name>        Human-readable label for the snapshot
   --store <path>        Custom snapshot store file (default: .rup-snapshots.json)
   --workspace           Include all workspace packages
+  --affected            Include changed workspace packages and dependents
+  --staged              Limit snapshot scope to staged changes
+  --base <ref>          Compare changes against a base git ref
+  --head <ref>          Compare changes against a head git ref
+  --since <ref>         Compare changes since a git ref
   --cwd <path>          Working directory (default: cwd)
   --help                Show this help
 `.trimStart();

package/dist/commands/snapshot/runner.js

@@ -1,6 +1,6 @@
-import process from "node:process";
 import { discoverPackageDirs } from "../../workspace/discover.js";
 import { SnapshotStore, captureState, restoreState, diffManifests, } from "./store.js";
+import { writeStderr, writeStdout } from "../../utils/runtime.js";
 /**
  * Entry point for `rup snapshot`. Lazy-loaded by cli.ts.
  *
@@ -16,7 +16,10 @@ export async function runSnapshot(options) {
         errors: [],
         warnings: [],
     };
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeDependents: options.affected === true,
+    });
     const store = new SnapshotStore(options.cwd, options.storeFile);
     switch (options.action) {
         // ─ save ──────────────────────────────────────────────────────────────────
@@ -27,7 +30,7 @@ export async function runSnapshot(options) {
             const entry = await store.saveSnapshot(manifests, lockfileHashes, label);
             result.snapshotId = entry.id;
             result.label = entry.label;
-            process.stdout.write(`✔ Snapshot saved: ${entry.label} (${entry.id})\n`);
+            writeStdout(`✔ Snapshot saved: ${entry.label} (${entry.id})\n`);
             break;
         }
         // ─ list ──────────────────────────────────────────────────────────────────
@@ -39,20 +42,20 @@ export async function runSnapshot(options) {
                 createdAt: new Date(e.createdAt).toISOString(),
             }));
             if (entries.length === 0) {
-                process.stdout.write("No snapshots saved yet. Use `rup snapshot save` to create one.\n");
+                writeStdout("No snapshots saved yet. Use `rup snapshot save` to create one.\n");
             }
             else {
-                process.stdout.write(`\n${entries.length} snapshot(s):\n\n`);
-                process.stdout.write("  " + "ID".padEnd(30) + "Label".padEnd(30) + "Created\n");
-                process.stdout.write("  " + "─".repeat(75) + "\n");
+                writeStdout(`\n${entries.length} snapshot(s):\n\n`);
+                writeStdout("  " + "ID".padEnd(30) + "Label".padEnd(30) + "Created\n");
+                writeStdout("  " + "─".repeat(75) + "\n");
                 for (const e of entries) {
-                    process.stdout.write("  " +
+                    writeStdout("  " +
                         e.id.padEnd(30) +
                         e.label.padEnd(30) +
                         new Date(e.createdAt).toLocaleString() +
                         "\n");
                 }
-                process.stdout.write("\n");
+                writeStdout("\n");
             }
             break;
         }
@@ -72,8 +75,8 @@ export async function runSnapshot(options) {
             result.snapshotId = entry.id;
             result.label = entry.label;
             const count = Object.keys(entry.manifests).length;
-            process.stdout.write(`✔ Restored ${count} package.json file(s) from snapshot "${entry.label}" (${entry.id})\n`);
-            process.stdout.write("  Re-run your package manager install to apply.\n");
+            writeStdout(`✔ Restored ${count} package.json file(s) from snapshot "${entry.label}" (${entry.id})\n`);
+            writeStdout("  Re-run your package manager install to apply.\n");
             break;
         }
         // ─ diff ──────────────────────────────────────────────────────────────────
@@ -92,23 +95,23 @@ export async function runSnapshot(options) {
             const changes = diffManifests(entry.manifests, currentManifests);
             result.diff = changes;
             if (changes.length === 0) {
-                process.stdout.write(`✔ No dependency changes since snapshot "${entry.label}"\n`);
+                writeStdout(`✔ No dependency changes since snapshot "${entry.label}"\n`);
             }
             else {
-                process.stdout.write(`\nDependency changes since snapshot "${entry.label}":\n\n`);
-                process.stdout.write("  " + "Package".padEnd(35) + "Before".padEnd(20) + "After\n");
-                process.stdout.write("  " + "─".repeat(65) + "\n");
+                writeStdout(`\nDependency changes since snapshot "${entry.label}":\n\n`);
+                writeStdout("  " + "Package".padEnd(35) + "Before".padEnd(20) + "After\n");
+                writeStdout("  " + "─".repeat(65) + "\n");
                 for (const c of changes) {
-                    process.stdout.write("  " + c.name.padEnd(35) + c.from.padEnd(20) + c.to + "\n");
+                    writeStdout("  " + c.name.padEnd(35) + c.from.padEnd(20) + c.to + "\n");
                 }
-                process.stdout.write("\n");
+                writeStdout("\n");
             }
             break;
         }
     }
     if (result.errors.length > 0) {
         for (const err of result.errors) {
-            process.stderr.write(`[snapshot] ✖ ${err}\n`);
+            writeStderr(`[snapshot] ✖ ${err}\n`);
         }
     }
     return result;

package/dist/commands/snapshot/store.d.ts

@@ -1,13 +1,4 @@
 import type { SnapshotEntry } from "../../types/index.js";
-/**
- * Lightweight SQLite-free snapshot store (uses a JSON file in the project root).
- *
- * Design goals:
- *   - No extra runtime dependencies (SQLite bindings vary by runtime)
- *   - Human-readable store file (git-committable if desired)
- *   - Atomic writes via tmp-rename to prevent corruption
- *   - Fast: entire store fits in memory for typical use (< 50 snapshots)
- */
 export declare class SnapshotStore {
     private readonly storePath;
     private entries;
@@ -20,14 +11,11 @@ export declare class SnapshotStore {
     findSnapshot(idOrLabel: string): Promise<SnapshotEntry | null>;
     deleteSnapshot(idOrLabel: string): Promise<boolean>;
 }
-/** Captures current package.json and lockfile state for a set of directories. */
 export declare function captureState(packageDirs: string[]): Promise<{
     manifests: Record<string, string>;
     lockfileHashes: Record<string, string>;
 }>;
-/** Restores package.json files from a snapshot's manifest map. */
 export declare function restoreState(entry: SnapshotEntry): Promise<void>;
-/** Computes a diff of dependency versions between two manifest snapshots. */
 export declare function diffManifests(before: Record<string, string>, after: Record<string, string>): Array<{
     name: string;
     from: string;