@rainy-updates/cli 0.6.0 → 0.6.2

package/dist/commands/hook/runner.js

@@ -0,0 +1,174 @@
+import { chmod, mkdir, unlink } from "node:fs/promises";
+import path from "node:path";
+import { writeStdout } from "../../utils/runtime.js";
+const MANAGED_MARKER = "# rainy-updates managed hook";
+const HOOKS = [
+    {
+        name: "pre-commit",
+        command: '$(resolve_rup) unused --workspace --staged && $(resolve_rup) resolve --workspace --staged',
+    },
+    {
+        name: "pre-push",
+        command: '$(resolve_rup) audit --workspace --affected --report summary',
+    },
+];
+export async function runHook(options) {
+    const hookDir = await resolveHookDir(options.cwd);
+    const result = {
+        action: options.action,
+        hookDir,
+        installed: [],
+        removed: [],
+        checked: [],
+        errors: [],
+        warnings: [],
+    };
+    if (options.action === "install") {
+        await mkdir(hookDir, { recursive: true });
+        for (const hook of HOOKS) {
+            const hookPath = path.join(hookDir, hook.name);
+            const existing = await readHookState(hookPath);
+            if (existing.status === "foreign") {
+                result.warnings.push(`Skipped ${hook.name}: existing hook is not Rainy-managed.`);
+                result.checked.push({ name: hook.name, status: "foreign" });
+                continue;
+            }
+            await Bun.write(hookPath, renderHookScript(hook.command));
+            await makeExecutable(hookPath);
+            result.installed.push(hook.name);
+            result.checked.push({ name: hook.name, status: "managed" });
+        }
+    }
+    else if (options.action === "uninstall") {
+        for (const hook of HOOKS) {
+            const hookPath = path.join(hookDir, hook.name);
+            const existing = await readHookState(hookPath);
+            if (existing.status === "managed") {
+                await unlink(hookPath).catch(() => undefined);
+                result.removed.push(hook.name);
+            }
+            else if (existing.status === "foreign") {
+                result.warnings.push(`Left ${hook.name} untouched: existing hook is not Rainy-managed.`);
+            }
+            result.checked.push({ name: hook.name, status: existing.status });
+        }
+    }
+    else {
+        for (const hook of HOOKS) {
+            const hookPath = path.join(hookDir, hook.name);
+            const existing = await readHookState(hookPath);
+            result.checked.push({ name: hook.name, status: existing.status });
+            if (existing.status === "foreign") {
+                result.warnings.push(`${hook.name} exists but is not Rainy-managed.`);
+            }
+        }
+    }
+    writeStdout(renderHookResult(result) + "\n");
+    return result;
+}
+async function resolveHookDir(cwd) {
+    const resolved = await runGit(cwd, ["rev-parse", "--git-path", "hooks"]);
+    if (!resolved.ok) {
+        throw new Error(`Unable to resolve git hooks directory: ${resolved.error}`);
+    }
+    const hookDir = resolved.stdout.trim();
+    if (hookDir.length === 0) {
+        throw new Error("Git hooks directory could not be determined.");
+    }
+    return path.resolve(cwd, hookDir);
+}
+async function readHookState(hookPath) {
+    try {
+        const file = Bun.file(hookPath);
+        if (!(await file.exists())) {
+            return { status: "missing" };
+        }
+        const content = await file.text();
+        return content.includes(MANAGED_MARKER)
+            ? { status: "managed", content }
+            : { status: "foreign", content };
+    }
+    catch {
+        return { status: "missing" };
+    }
+}
+function renderHookScript(command) {
+    return `#!/bin/sh
+${MANAGED_MARKER}
+set -eu
+
+resolve_rup() {
+  if command -v rup >/dev/null 2>&1; then
+    printf '%s' "rup"
+    return
+  fi
+  if command -v rainy-updates >/dev/null 2>&1; then
+    printf '%s' "rainy-updates"
+    return
+  fi
+  if command -v rainy-up >/dev/null 2>&1; then
+    printf '%s' "rainy-up"
+    return
+  fi
+  printf '%s\n' "Rainy Updates CLI not found in PATH." >&2
+  exit 127
+}
+
+${command}
+`;
+}
+async function makeExecutable(filePath) {
+    await chmod(filePath, 0o755);
+}
+async function runGit(cwd, args) {
+    try {
+        const proc = Bun.spawn(["git", ...args], {
+            cwd,
+            stdout: "pipe",
+            stderr: "pipe",
+        });
+        const [stdout, stderr, code] = await Promise.all([
+            new Response(proc.stdout).text(),
+            new Response(proc.stderr).text(),
+            proc.exited,
+        ]);
+        if (code !== 0) {
+            return { ok: false, error: stderr.trim() || `git ${args.join(" ")} failed` };
+        }
+        return { ok: true, stdout };
+    }
+    catch (error) {
+        return { ok: false, error: String(error) };
+    }
+}
+function renderHookResult(result) {
+    const lines = [
+        `Hook action: ${result.action}`,
+        `Hook dir: ${result.hookDir ?? "unknown"}`,
+    ];
+    if (result.installed.length > 0) {
+        lines.push(`Installed: ${result.installed.join(", ")}`);
+    }
+    if (result.removed.length > 0) {
+        lines.push(`Removed: ${result.removed.join(", ")}`);
+    }
+    if (result.checked.length > 0) {
+        lines.push("Checks:");
+        for (const check of result.checked) {
+            lines.push(`- ${check.name}: ${check.status}`);
+        }
+    }
+    if (result.warnings.length > 0) {
+        lines.push("Warnings:");
+        for (const warning of result.warnings) {
+            lines.push(`- ${warning}`);
+        }
+    }
+    if (result.errors.length > 0) {
+        lines.push("Errors:");
+        for (const error of result.errors) {
+            lines.push(`- ${error}`);
+        }
+    }
+    return lines.join("\n");
+}

package/dist/commands/licenses/parser.js

@@ -2,6 +2,11 @@ export function parseLicensesArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         allow: undefined,
         deny: undefined,
         sbomFile: undefined,
@@ -25,6 +30,35 @@ export function parseLicensesArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--diff") {
             options.diffMode = true;
             continue;
@@ -105,6 +139,11 @@ Options:
   --json-file <path>     Write JSON report to file
   --diff                 Show only packages with a different license than last scan
   --workspace            Scan all workspace packages
+  --affected             Scan changed workspace packages and dependents
+  --staged               Limit scanning to staged changes
+  --base <ref>           Compare changes against a base git ref
+  --head <ref>           Compare changes against a head git ref
+  --since <ref>          Compare changes since a git ref
   --timeout <ms>         Registry request timeout (default: 10000)
   --concurrency <n>      Parallel registry requests (default: 12)
   --cwd <path>           Working directory (default: cwd)

package/dist/commands/licenses/runner.js

@@ -20,7 +20,11 @@ export async function runLicenses(options) {
         errors: [],
         warnings: [],
     };
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeKinds: ["dependencies", "devDependencies", "optionalDependencies"],
+        includeDependents: options.affected === true,
+    });
     const allDeps = new Map(); // name → resolved version
     for (const packageDir of packageDirs) {
         let manifest;

package/dist/commands/resolve/graph/builder.js

@@ -22,7 +22,11 @@ export async function buildPeerGraph(options,
  * to inject proposed upgrade versions before writing them to disk).
  */
 resolvedVersionOverrides) {
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeKinds: ["dependencies", "devDependencies", "optionalDependencies"],
+        includeDependents: options.affected === true,
+    });
     const cache = await VersionCache.create();
     const registry = new NpmRegistryClient(options.cwd, {
         timeoutMs: options.registryTimeoutMs,

package/dist/commands/resolve/parser.js

@@ -2,6 +2,11 @@ export function parseResolveArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         afterUpdate: false,
         safe: false,
         jsonFile: undefined,
@@ -23,6 +28,35 @@ export function parseResolveArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--after-update") {
             options.afterUpdate = true;
             continue;
@@ -77,6 +111,11 @@ Options:
   --after-update        Simulate conflicts after applying pending \`rup check\` updates
   --safe                Exit non-zero if any error-level conflicts exist
   --workspace           Scan all workspace packages
+  --affected            Scan changed workspace packages and their dependents
+  --staged              Limit scanning to staged changes
+  --base <ref>          Compare changes against a base git ref
+  --head <ref>          Compare changes against a head git ref
+  --since <ref>         Compare changes since a git ref
   --json-file <path>    Write JSON conflict report to file
   --timeout <ms>        Registry request timeout in ms (default: 10000)
   --concurrency <n>     Parallel registry requests (default: 12)

package/dist/commands/resolve/runner.js

@@ -95,6 +95,11 @@ async function fetchProposedVersions(options) {
             cooldownDays: undefined,
             prLimit: undefined,
             onlyChanged: false,
+            affected: options.affected,
+            staged: options.staged,
+            baseRef: options.baseRef,
+            headRef: options.headRef,
+            sinceRef: options.sinceRef,
             ciProfile: "minimal",
             lockfileMode: "preserve",
             interactive: false,

package/dist/commands/review/parser.js

@@ -37,6 +37,11 @@ export function parseReviewArgs(args) {
         cooldownDays: undefined,
         prLimit: undefined,
         onlyChanged: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         ciProfile: "minimal",
         lockfileMode: "preserve",
         interactive: false,
@@ -68,6 +73,39 @@ export function parseReviewArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--only-changed") {
+            options.onlyChanged = true;
+            continue;
+        }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i += 1;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--interactive") {
             options.interactive = true;
             continue;
@@ -224,6 +262,12 @@ Options:
   --test-command <cmd>    Override the command used for test verification
   --show-changelog        Fetch release notes summaries for review output
   --workspace             Scan all workspace packages
+  --only-changed         Limit analysis to changed packages
+  --affected             Include changed packages and their dependents
+  --staged               Limit analysis to staged changes
+  --base <ref>           Compare changes against a base git ref
+  --head <ref>           Compare changes against a head git ref
+  --since <ref>          Compare changes since a git ref
   --policy-file <path>    Load policy overrides
   --json-file <path>      Write JSON review report to file
   --registry-timeout-ms <n>

package/dist/commands/snapshot/parser.js

@@ -3,6 +3,11 @@ export function parseSnapshotArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         action: "list",
         label: undefined,
         snapshotId: undefined,
@@ -25,6 +30,35 @@ export function parseSnapshotArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--label" && next) {
             options.label = next;
             i++;
@@ -75,6 +109,11 @@ Options:
   --label <name>        Human-readable label for the snapshot
   --store <path>        Custom snapshot store file (default: .rup-snapshots.json)
   --workspace           Include all workspace packages
+  --affected            Include changed workspace packages and dependents
+  --staged              Limit snapshot scope to staged changes
+  --base <ref>          Compare changes against a base git ref
+  --head <ref>          Compare changes against a head git ref
+  --since <ref>         Compare changes since a git ref
   --cwd <path>          Working directory (default: cwd)
   --help                Show this help
 `.trimStart();

package/dist/commands/snapshot/runner.js

@@ -16,7 +16,10 @@ export async function runSnapshot(options) {
         errors: [],
         warnings: [],
     };
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeDependents: options.affected === true,
+    });
     const store = new SnapshotStore(options.cwd, options.storeFile);
     switch (options.action) {
         // ─ save ──────────────────────────────────────────────────────────────────

package/dist/commands/unused/parser.js

@@ -3,6 +3,11 @@ export function parseUnusedArgs(args) {
     const options = {
         cwd: process.cwd(),
         workspace: false,
+        affected: false,
+        staged: false,
+        baseRef: undefined,
+        headRef: undefined,
+        sinceRef: undefined,
         srcDirs: DEFAULT_SRC_DIRS,
         includeDevDependencies: true,
         fix: false,
@@ -24,6 +29,35 @@ export function parseUnusedArgs(args) {
             options.workspace = true;
             continue;
         }
+        if (current === "--affected") {
+            options.affected = true;
+            continue;
+        }
+        if (current === "--staged") {
+            options.staged = true;
+            continue;
+        }
+        if (current === "--base" && next) {
+            options.baseRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--base")
+            throw new Error("Missing value for --base");
+        if (current === "--head" && next) {
+            options.headRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--head")
+            throw new Error("Missing value for --head");
+        if (current === "--since" && next) {
+            options.sinceRef = next;
+            i++;
+            continue;
+        }
+        if (current === "--since")
+            throw new Error("Missing value for --since");
         if (current === "--src" && next) {
             options.srcDirs = next
                 .split(",")
@@ -81,6 +115,11 @@ Usage:
 Options:
   --src <dirs>          Comma-separated source directories to scan (default: src)
   --workspace           Scan all workspace packages
+  --affected            Scan changed workspace packages and their dependents
+  --staged              Limit scanning to staged changes
+  --base <ref>          Compare changes against a base git ref
+  --head <ref>          Compare changes against a head git ref
+  --since <ref>         Compare changes since a git ref
   --no-dev              Exclude devDependencies from unused detection
   --fix                 Remove unused dependencies from package.json
   --dry-run             Preview changes without writing

package/dist/commands/unused/runner.js

@@ -24,7 +24,10 @@ export async function runUnused(options) {
         errors: [],
         warnings: [],
     };
-    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace);
+    const packageDirs = await discoverPackageDirs(options.cwd, options.workspace, {
+        git: options,
+        includeDependents: false,
+    });
     for (const packageDir of packageDirs) {
         // ─ Read manifest ─────────────────────────────────────────────────────────
         let manifest;

package/dist/commands/unused/scanner.d.ts

@@ -1,10 +1,11 @@
 /**
- * Extracts all imported package names from a single source file.
+ * Extracts all imported package names from a single source file using AST.
  *
  * Handles:
  *   - ESM static:  import ... from "pkg"
  *   - ESM dynamic: import("pkg")
  *   - CJS:         require("pkg")
+ *   - ESM re-export: export ... from "pkg"
  *
  * Strips subpath imports (e.g. "lodash/merge" → "lodash"),
  * skips relative imports and node: builtins.