@standards-kit/conform 0.1.0

package/dist/sync-RLYBGYNY.js

@@ -0,0 +1,877 @@
+import "./chunk-P7TIZJ4C.js";
+import {
+  getProjectRoot,
+  loadConfig
+} from "./chunk-KHO6NIAI.js";
+
+// src/process/sync/applier.ts
+import { execa } from "execa";
+var ApplierError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "ApplierError";
+  }
+};
+async function applyBranchProtection(repoInfo, branch, desired, diffResult) {
+  if (!diffResult.hasChanges) {
+    return { success: true, applied: [], failed: [] };
+  }
+  const requestBody = buildBranchRulesetBody(branch, desired);
+  try {
+    if (diffResult.currentRulesetId === null) {
+      await execa(
+        "gh",
+        ["api", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, "-X", "POST", "--input", "-"],
+        { input: JSON.stringify(requestBody) }
+      );
+    } else {
+      await execa(
+        "gh",
+        [
+          "api",
+          `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,
+          "-X",
+          "PUT",
+          "--input",
+          "-"
+        ],
+        { input: JSON.stringify(requestBody) }
+      );
+    }
+    return { success: true, applied: diffResult.diffs, failed: [] };
+  } catch (error) {
+    return handleBranchApplyError(error, diffResult.diffs);
+  }
+}
+function handleBranchApplyError(error, diffs) {
+  const errorMessage = error instanceof Error ? error.message : String(error);
+  if (errorMessage.includes("403") || errorMessage.includes("Must have admin rights")) {
+    throw new ApplierError(
+      "Cannot update branch protection: insufficient permissions (requires admin access)",
+      "NO_PERMISSION"
+    );
+  }
+  return {
+    success: false,
+    applied: [],
+    failed: diffs.map((diff) => ({ diff, error: errorMessage }))
+  };
+}
+function buildBranchRulesetBody(branch, desired) {
+  const rules = [];
+  const pullRequestRule = buildPullRequestRule(desired);
+  if (pullRequestRule) {
+    rules.push(pullRequestRule);
+  }
+  const statusChecksRule = buildStatusChecksRule(desired);
+  if (statusChecksRule) {
+    rules.push(statusChecksRule);
+  }
+  if (desired.require_signed_commits === true) {
+    rules.push({ type: "required_signatures" });
+  }
+  const bypassActors = desired.bypass_actors?.map((actor) => ({
+    actor_id: actor.actor_id ?? null,
+    actor_type: actor.actor_type,
+    bypass_mode: actor.bypass_mode ?? "always"
+  })) ?? [];
+  return {
+    name: "Branch Protection",
+    target: "branch",
+    enforcement: "active",
+    conditions: {
+      ref_name: {
+        include: [`refs/heads/${branch}`],
+        exclude: []
+      }
+    },
+    bypass_actors: bypassActors,
+    rules
+  };
+}
+function buildPullRequestRule(desired) {
+  const hasReviewSettings = desired.required_reviews !== void 0 || desired.dismiss_stale_reviews !== void 0 || desired.require_code_owner_reviews !== void 0;
+  if (!hasReviewSettings) {
+    return null;
+  }
+  return {
+    type: "pull_request",
+    parameters: {
+      ...desired.required_reviews !== void 0 && {
+        required_approving_review_count: desired.required_reviews
+      },
+      ...desired.dismiss_stale_reviews !== void 0 && {
+        dismiss_stale_reviews_on_push: desired.dismiss_stale_reviews
+      },
+      ...desired.require_code_owner_reviews !== void 0 && {
+        require_code_owner_review: desired.require_code_owner_reviews
+      }
+    }
+  };
+}
+function buildStatusChecksRule(desired) {
+  const hasStatusSettings = desired.require_status_checks !== void 0 || desired.require_branches_up_to_date !== void 0;
+  if (!hasStatusSettings) {
+    return null;
+  }
+  const statusChecks = desired.require_status_checks?.map((context) => ({
+    context
+  })) ?? [];
+  return {
+    type: "required_status_checks",
+    parameters: {
+      required_status_checks: statusChecks,
+      strict_required_status_checks_policy: desired.require_branches_up_to_date ?? false
+    }
+  };
+}
+async function applyTagProtection(repoInfo, desired, diffResult) {
+  if (!diffResult.hasChanges) {
+    return { success: true, applied: [], failed: [] };
+  }
+  const requestBody = buildTagRulesetBody(desired);
+  try {
+    if (diffResult.currentRulesetId === null) {
+      await execa(
+        "gh",
+        ["api", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, "-X", "POST", "--input", "-"],
+        { input: JSON.stringify(requestBody) }
+      );
+    } else {
+      await execa(
+        "gh",
+        [
+          "api",
+          `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,
+          "-X",
+          "PUT",
+          "--input",
+          "-"
+        ],
+        { input: JSON.stringify(requestBody) }
+      );
+    }
+    return { success: true, applied: diffResult.diffs, failed: [] };
+  } catch (error) {
+    return handleTagApplyError(error, diffResult.diffs);
+  }
+}
+function buildTagRulesetBody(desired) {
+  const rules = [];
+  if (desired.prevent_deletion !== false) {
+    rules.push({ type: "deletion" });
+  }
+  if (desired.prevent_update !== false) {
+    rules.push({ type: "update" });
+  }
+  const patterns = desired.patterns ?? ["v*"];
+  const includePatterns = patterns.map((p) => `refs/tags/${p}`);
+  return {
+    name: "Tag Protection",
+    target: "tag",
+    enforcement: "active",
+    conditions: {
+      ref_name: {
+        include: includePatterns,
+        exclude: []
+      }
+    },
+    rules
+  };
+}
+function handleTagApplyError(error, diffs) {
+  const errorMessage = error instanceof Error ? error.message : String(error);
+  if (errorMessage.includes("403") || errorMessage.includes("Must have admin rights")) {
+    throw new ApplierError(
+      "Cannot update tag protection: insufficient permissions (requires admin access)",
+      "NO_PERMISSION"
+    );
+  }
+  return {
+    success: false,
+    applied: [],
+    failed: diffs.map((diff) => ({ diff, error: errorMessage }))
+  };
+}
+
+// src/process/sync/differ.ts
+var fieldMappings = [
+  {
+    name: "required_reviews",
+    getCurrentValue: (c) => c.requiredReviews,
+    getDesiredValue: (d) => d.required_reviews
+  },
+  {
+    name: "dismiss_stale_reviews",
+    getCurrentValue: (c) => c.dismissStaleReviews,
+    getDesiredValue: (d) => d.dismiss_stale_reviews
+  },
+  {
+    name: "require_code_owner_reviews",
+    getCurrentValue: (c) => c.requireCodeOwnerReviews,
+    getDesiredValue: (d) => d.require_code_owner_reviews
+  },
+  {
+    name: "require_status_checks",
+    getCurrentValue: (c) => c.requiredStatusChecks,
+    getDesiredValue: (d) => d.require_status_checks,
+    isArray: true
+  },
+  {
+    name: "require_branches_up_to_date",
+    getCurrentValue: (c) => c.requireBranchesUpToDate,
+    getDesiredValue: (d) => d.require_branches_up_to_date
+  },
+  {
+    name: "require_signed_commits",
+    getCurrentValue: (c) => c.requireSignedCommits,
+    getDesiredValue: (d) => d.require_signed_commits
+  },
+  {
+    name: "enforce_admins",
+    getCurrentValue: (c) => c.enforceAdmins,
+    getDesiredValue: (d) => d.enforce_admins
+  }
+];
+function computeDiff(repoInfo, current, desired) {
+  const diffs = collectDiffs(current, desired);
+  const bypassDiff = compareBypassActors(
+    current.bypassActors,
+    desired.bypass_actors,
+    current.rulesetId
+  );
+  if (bypassDiff) {
+    diffs.push(bypassDiff);
+  }
+  return {
+    repoInfo,
+    branch: current.branch,
+    diffs,
+    hasChanges: diffs.length > 0,
+    currentRulesetId: current.rulesetId
+  };
+}
+function collectDiffs(current, desired) {
+  const diffs = [];
+  for (const mapping of fieldMappings) {
+    const desiredValue = mapping.getDesiredValue(desired);
+    if (desiredValue === void 0) {
+      continue;
+    }
+    const currentValue = mapping.getCurrentValue(current);
+    const diff = mapping.isArray ? compareArrayValue(mapping.name, currentValue, desiredValue) : compareValue(mapping.name, currentValue, desiredValue);
+    if (diff) {
+      diffs.push(diff);
+    }
+  }
+  return diffs;
+}
+function compareValue(setting, current, desired) {
+  const currentValue = current ?? null;
+  if (currentValue === desired) {
+    return null;
+  }
+  return {
+    setting,
+    current: currentValue,
+    desired,
+    action: currentValue === null ? "add" : "change"
+  };
+}
+function compareArrayValue(setting, current, desired) {
+  const currentArray = current ?? [];
+  const sortedCurrent = [...currentArray].sort();
+  const sortedDesired = [...desired].sort();
+  const areEqual = sortedCurrent.length === sortedDesired.length && sortedCurrent.every((v, i) => v === sortedDesired[i]);
+  if (areEqual) {
+    return null;
+  }
+  return {
+    setting,
+    current: currentArray,
+    desired,
+    action: currentArray.length === 0 ? "add" : "change"
+  };
+}
+function compareBypassActors(current, desired, rulesetId) {
+  if (desired === void 0) {
+    return null;
+  }
+  const currentActors = current ?? [];
+  const sortKey = (a) => `${a.actor_type}:${a.actor_id ?? ""}:${a.bypass_mode ?? "always"}`;
+  const sortedCurrent = [...currentActors].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));
+  const sortedDesired = [...desired].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));
+  const normalize = (actors) => actors.map((a) => ({
+    actor_type: a.actor_type,
+    actor_id: a.actor_id,
+    bypass_mode: a.bypass_mode ?? "always"
+  }));
+  const normalizedCurrent = normalize(sortedCurrent);
+  const normalizedDesired = normalize(sortedDesired);
+  const areEqual = normalizedCurrent.length === normalizedDesired.length && normalizedCurrent.every(
+    (c, i) => c.actor_type === normalizedDesired[i].actor_type && c.actor_id === normalizedDesired[i].actor_id && c.bypass_mode === normalizedDesired[i].bypass_mode
+  );
+  if (areEqual) {
+    return null;
+  }
+  return {
+    setting: "bypass_actors",
+    current: currentActors,
+    desired,
+    action: rulesetId === null ? "add" : "change"
+  };
+}
+function formatValue(value) {
+  if (value === null || value === void 0) {
+    return "not set";
+  }
+  if (Array.isArray(value)) {
+    return value.length === 0 ? "[]" : `[${value.join(", ")}]`;
+  }
+  return String(value);
+}
+function computeTagDiff(repoInfo, current, desired) {
+  const diffs = [];
+  const rulesetId = current.rulesetId;
+  collectPatternDiff(diffs, current, desired);
+  collectBooleanDiff(diffs, {
+    s: "prevent_deletion",
+    c: current.preventDeletion,
+    d: desired.prevent_deletion,
+    r: rulesetId
+  });
+  collectBooleanDiff(diffs, {
+    s: "prevent_update",
+    c: current.preventUpdate,
+    d: desired.prevent_update,
+    r: rulesetId
+  });
+  return { repoInfo, diffs, hasChanges: diffs.length > 0, currentRulesetId: rulesetId };
+}
+function collectPatternDiff(diffs, current, desired) {
+  if (desired.patterns === void 0) {
+    return;
+  }
+  const curr = [...current.patterns].sort();
+  const des = [...desired.patterns].sort();
+  const match = curr.length === des.length && curr.every((v, i) => v === des[i]);
+  if (!match) {
+    diffs.push({
+      setting: "patterns",
+      current: current.patterns,
+      desired: desired.patterns,
+      action: curr.length === 0 ? "add" : "change"
+    });
+  }
+}
+function collectBooleanDiff(diffs, o) {
+  if (o.d !== void 0 && o.c !== o.d) {
+    diffs.push({
+      setting: o.s,
+      current: o.c,
+      desired: o.d,
+      action: o.r === null ? "add" : "change"
+    });
+  }
+}
+
+// src/process/sync/fetcher.ts
+import { execa as execa2 } from "execa";
+var FetcherError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "FetcherError";
+  }
+};
+async function isGhAvailable() {
+  try {
+    await execa2("gh", ["--version"]);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function getRepoInfo(projectRoot) {
+  try {
+    const result = await execa2("gh", ["repo", "view", "--json", "owner,name"], {
+      cwd: projectRoot
+    });
+    const data = JSON.parse(result.stdout);
+    return { owner: data.owner.login, repo: data.name };
+  } catch {
+    throw new FetcherError("Could not determine GitHub repository from git remote", "NO_REPO");
+  }
+}
+async function fetchBranchProtection(repoInfo, branch) {
+  try {
+    const result = await execa2("gh", ["api", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);
+    const rulesets = JSON.parse(result.stdout);
+    return parseBranchRuleset(rulesets, branch);
+  } catch (error) {
+    return handleBranchFetchError(error, branch);
+  }
+}
+function handleBranchFetchError(error, branch) {
+  const errorMessage = error instanceof Error ? error.message : String(error);
+  if (errorMessage.includes("404")) {
+    return createEmptySettings(branch);
+  }
+  if (errorMessage.includes("403") || errorMessage.includes("Must have admin rights")) {
+    throw new FetcherError(
+      "Cannot read branch protection: insufficient permissions (requires admin access)",
+      "NO_PERMISSION"
+    );
+  }
+  throw new FetcherError(`Failed to fetch branch protection: ${errorMessage}`, "API_ERROR");
+}
+function parseBranchRuleset(rulesets, branch) {
+  const branchRuleset = rulesets.find(
+    (r) => r.target === "branch" && r.enforcement === "active" && matchesBranch(r.conditions?.ref_name?.include ?? [], branch)
+  );
+  if (!branchRuleset) {
+    return createEmptySettings(branch);
+  }
+  const rules = branchRuleset.rules ?? [];
+  const prRule = rules.find((r) => r.type === "pull_request");
+  const statusRule = rules.find((r) => r.type === "required_status_checks");
+  const signaturesRule = rules.find((r) => r.type === "required_signatures");
+  const bypassActors = parseBypassActors(branchRuleset.bypass_actors);
+  const enforceAdmins = bypassActors === null || bypassActors.length === 0;
+  return {
+    branch,
+    requiredReviews: prRule?.parameters?.required_approving_review_count ?? null,
+    dismissStaleReviews: prRule?.parameters?.dismiss_stale_reviews_on_push ?? null,
+    requireCodeOwnerReviews: prRule?.parameters?.require_code_owner_review ?? null,
+    requiredStatusChecks: statusRule?.parameters?.required_status_checks?.map((c) => c.context) ?? null,
+    requireBranchesUpToDate: statusRule?.parameters?.strict_required_status_checks_policy ?? null,
+    requireSignedCommits: signaturesRule !== void 0,
+    enforceAdmins,
+    bypassActors,
+    rulesetId: branchRuleset.id,
+    rulesetName: branchRuleset.name
+  };
+}
+function matchesBranch(patterns, branch) {
+  for (const pattern of patterns) {
+    const cleanPattern = pattern.replace(/^refs\/heads\//, "");
+    if (cleanPattern === branch) {
+      return true;
+    }
+    if (cleanPattern === "~DEFAULT_BRANCH" && branch === "main") {
+      return true;
+    }
+    if (cleanPattern === "~ALL") {
+      return true;
+    }
+    if (cleanPattern.includes("*")) {
+      const regex = new RegExp(`^${cleanPattern.replace(/\*/g, ".*")}$`);
+      if (regex.test(branch)) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+function parseBypassActors(actors) {
+  if (!actors || actors.length === 0) {
+    return null;
+  }
+  return actors.map((actor) => ({
+    actor_type: actor.actor_type,
+    actor_id: actor.actor_id ?? void 0,
+    bypass_mode: actor.bypass_mode
+  }));
+}
+function createEmptySettings(branch) {
+  return {
+    branch,
+    requiredReviews: null,
+    dismissStaleReviews: null,
+    requireCodeOwnerReviews: null,
+    requiredStatusChecks: null,
+    requireBranchesUpToDate: null,
+    requireSignedCommits: null,
+    enforceAdmins: null,
+    bypassActors: null,
+    rulesetId: null,
+    rulesetName: null
+  };
+}
+async function fetchTagProtection(repoInfo) {
+  try {
+    const result = await execa2("gh", ["api", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);
+    const rulesets = JSON.parse(result.stdout);
+    return parseTagRuleset(rulesets);
+  } catch (error) {
+    return handleTagFetchError(error);
+  }
+}
+function parseTagRuleset(rulesets) {
+  const tagRuleset = rulesets.find((r) => r.target === "tag" && r.name === "Tag Protection");
+  if (!tagRuleset) {
+    return createEmptyTagSettings();
+  }
+  const patterns = tagRuleset.conditions?.ref_name?.include?.map((p) => p.replace(/^refs\/tags\//, "")) ?? [];
+  const rules = tagRuleset.rules ?? [];
+  const preventDeletion = rules.some((r) => r.type === "deletion");
+  const preventUpdate = rules.some((r) => r.type === "update");
+  return {
+    patterns,
+    preventDeletion,
+    preventUpdate,
+    rulesetId: tagRuleset.id,
+    rulesetName: tagRuleset.name
+  };
+}
+function createEmptyTagSettings() {
+  return {
+    patterns: [],
+    preventDeletion: false,
+    preventUpdate: false,
+    rulesetId: null,
+    rulesetName: null
+  };
+}
+function handleTagFetchError(error) {
+  const errorMessage = error instanceof Error ? error.message : String(error);
+  if (errorMessage.includes("404")) {
+    return createEmptyTagSettings();
+  }
+  if (errorMessage.includes("403") || errorMessage.includes("Must have admin rights")) {
+    throw new FetcherError(
+      "Cannot read tag protection: insufficient permissions (requires admin access)",
+      "NO_PERMISSION"
+    );
+  }
+  throw new FetcherError(`Failed to fetch tag protection: ${errorMessage}`, "API_ERROR");
+}
+
+// src/process/sync/index.ts
+function writeLine(text) {
+  process.stdout.write(`${text}
+`);
+}
+async function runDiff(options) {
+  try {
+    const diffResult = await getDiffResult(options);
+    outputDiff(diffResult, options.format);
+    process.exit(diffResult.hasChanges ? 1 : 0);
+  } catch (error) {
+    handleError(error, options.format);
+  }
+}
+async function runSync(options) {
+  try {
+    const diffResult = await getDiffResult(options);
+    if (!diffResult.hasChanges) {
+      outputNoChanges(diffResult, options.format);
+      process.exit(0);
+    }
+    if (options.validateActors) {
+      const validationPassed = await validateActorsBeforeApply(options);
+      if (!validationPassed) {
+        process.exit(1);
+      }
+    }
+    if (!options.apply) {
+      outputPreview(diffResult, options.format);
+      process.exit(0);
+    }
+    const result = await applyChanges(options, diffResult);
+    outputSyncResult(diffResult, result, options.format);
+    process.exit(result.success ? 0 : 1);
+  } catch (error) {
+    handleError(error, options.format);
+  }
+}
+async function applyChanges(options, diffResult) {
+  const { config } = loadConfig(options.config);
+  const projectRoot = getProjectRoot(loadConfig(options.config).configPath);
+  const repoInfo = await getRepoInfo(projectRoot);
+  const desired = config.process?.repo?.ruleset ?? {};
+  return applyBranchProtection(repoInfo, diffResult.branch, desired, diffResult);
+}
+async function validateActorsBeforeApply(options) {
+  const { validateBypassActors, formatValidationResult } = await import("./validator-6PL5I5EC.js");
+  const { config } = loadConfig(options.config);
+  const projectRoot = getProjectRoot(loadConfig(options.config).configPath);
+  const repoInfo = await getRepoInfo(projectRoot);
+  const rulesetConfig = config.process?.repo?.ruleset;
+  const actors = rulesetConfig?.bypass_actors ?? [];
+  if (actors.length === 0) {
+    return true;
+  }
+  const result = await validateBypassActors(repoInfo, actors);
+  if (options.format === "json") {
+    process.stdout.write(`${JSON.stringify(result, null, 2)}
+`);
+  } else {
+    process.stdout.write(`${formatValidationResult(result)}
+`);
+  }
+  return result.valid;
+}
+async function getDiffResult(options) {
+  if (!await isGhAvailable()) {
+    throw new FetcherError("GitHub CLI (gh) not available", "NO_GH");
+  }
+  const { config, configPath } = loadConfig(options.config);
+  const projectRoot = getProjectRoot(configPath);
+  const repoInfo = await getRepoInfo(projectRoot);
+  const repoConfig = config.process?.repo;
+  const desired = repoConfig?.ruleset;
+  if (!desired) {
+    throw new Error("No [process.repo.ruleset] configured in standards.toml");
+  }
+  const branch = getBranch(desired.branch);
+  const current = await fetchBranchProtection(repoInfo, branch);
+  return computeDiff(repoInfo, current, desired);
+}
+function getBranch(configuredBranch) {
+  return configuredBranch ?? "main";
+}
+function outputDiff(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify(result, null, 2));
+  } else {
+    outputDiffText(result);
+  }
+}
+function outputDiffText(result) {
+  writeRepoHeader(result);
+  if (!result.hasChanges) {
+    writeLine("No changes needed. Settings match configuration.");
+    return;
+  }
+  writeDiffTable(result);
+  writeLine("");
+  writeLine(
+    `${result.diffs.length} setting(s) differ. Run 'conform process sync --apply' to apply changes.`
+  );
+}
+function writeRepoHeader(result) {
+  writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);
+  writeLine(`Branch: ${result.branch}`);
+  writeLine("");
+}
+function writeDiffTable(result) {
+  const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);
+  const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);
+  writeLine(`${"Setting".padEnd(settingWidth)}  ${"Current".padEnd(currentWidth)}  Desired`);
+  writeLine("-".repeat(settingWidth + currentWidth + 20));
+  for (const diff of result.diffs) {
+    const currentStr = formatValue(diff.current);
+    const desiredStr = formatValue(diff.desired);
+    writeLine(
+      `${diff.setting.padEnd(settingWidth)}  ${currentStr.padEnd(currentWidth)}  ${desiredStr}`
+    );
+  }
+}
+function outputNoChanges(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify({ ...result, message: "No changes needed" }, null, 2));
+  } else {
+    writeRepoHeader(result);
+    writeLine("No changes needed. Settings match configuration.");
+  }
+}
+function outputPreview(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify({ ...result, preview: true }, null, 2));
+  } else {
+    writeRepoHeader(result);
+    writeLine("Would apply the following changes:");
+    for (const diff of result.diffs) {
+      writeLine(`  ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);
+    }
+    writeLine("");
+    writeLine("Run with --apply to make these changes.");
+  }
+}
+function outputSyncResult(diffResult, result, format) {
+  if (format === "json") {
+    writeLine(
+      JSON.stringify(
+        { repoInfo: diffResult.repoInfo, branch: diffResult.branch, ...result },
+        null,
+        2
+      )
+    );
+  } else {
+    outputSyncResultText(diffResult, result);
+  }
+}
+function outputSyncResultText(diffResult, result) {
+  writeRepoHeader(diffResult);
+  writeLine("Applying changes...");
+  for (const diff of result.applied) {
+    writeLine(`  + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);
+  }
+  for (const { diff, error } of result.failed) {
+    writeLine(`  x ${diff.setting}: ${error}`);
+  }
+  writeLine("");
+  if (result.success) {
+    writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);
+  } else {
+    writeLine(`x ${result.failed.length} setting(s) failed to sync.`);
+  }
+}
+function handleError(error, format) {
+  const { message, code } = extractErrorInfo(error);
+  if (format === "json") {
+    writeLine(JSON.stringify({ error: true, code, message }, null, 2));
+  } else {
+    writeLine(`Error: ${message}`);
+  }
+  process.exit(2);
+}
+function extractErrorInfo(error) {
+  if (error instanceof FetcherError) {
+    return { message: error.message, code: error.code };
+  }
+  if (error instanceof ApplierError) {
+    return { message: error.message, code: error.code };
+  }
+  if (error instanceof Error) {
+    return { message: error.message, code: "ERROR" };
+  }
+  return { message: String(error), code: "ERROR" };
+}
+async function runTagDiff(options) {
+  try {
+    const diffResult = await getTagDiffResult(options);
+    outputTagDiff(diffResult, options.format);
+    process.exit(diffResult.hasChanges ? 1 : 0);
+  } catch (error) {
+    handleError(error, options.format);
+  }
+}
+async function runTagSync(options) {
+  try {
+    const diffResult = await getTagDiffResult(options);
+    if (!diffResult.hasChanges) {
+      outputTagNoChanges(diffResult, options.format);
+      process.exit(0);
+    }
+    if (!options.apply) {
+      outputTagPreview(diffResult, options.format);
+      process.exit(0);
+    }
+    const result = await applyTagChanges(options, diffResult);
+    outputTagSyncResult(diffResult, result, options.format);
+    process.exit(result.success ? 0 : 1);
+  } catch (error) {
+    handleError(error, options.format);
+  }
+}
+async function getTagDiffResult(options) {
+  if (!await isGhAvailable()) {
+    throw new FetcherError("GitHub CLI (gh) not available", "NO_GH");
+  }
+  const { config, configPath } = loadConfig(options.config);
+  const projectRoot = getProjectRoot(configPath);
+  const repoInfo = await getRepoInfo(projectRoot);
+  const repoConfig = config.process?.repo;
+  if (!repoConfig?.tag_protection?.patterns || repoConfig.tag_protection.patterns.length === 0) {
+    throw new Error("No [process.repo.tag_protection] patterns configured in standards.toml");
+  }
+  const desired = repoConfig.tag_protection;
+  const current = await fetchTagProtection(repoInfo);
+  return computeTagDiff(repoInfo, current, desired);
+}
+async function applyTagChanges(options, diffResult) {
+  const { config } = loadConfig(options.config);
+  const desired = config.process?.repo?.tag_protection ?? {};
+  return applyTagProtection(diffResult.repoInfo, desired, diffResult);
+}
+function outputTagDiff(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify(result, null, 2));
+  } else {
+    outputTagDiffText(result);
+  }
+}
+function outputTagDiffText(result) {
+  writeTagRepoHeader(result);
+  if (!result.hasChanges) {
+    writeLine("No changes needed. Tag protection settings match configuration.");
+    return;
+  }
+  writeTagDiffTable(result);
+  writeLine("");
+  writeLine(
+    `${result.diffs.length} setting(s) differ. Run 'conform process sync-tags --apply' to apply changes.`
+  );
+}
+function writeTagRepoHeader(result) {
+  writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);
+  writeLine(`Target: Tag Protection Ruleset`);
+  writeLine("");
+}
+function writeTagDiffTable(result) {
+  const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);
+  const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);
+  writeLine(`${"Setting".padEnd(settingWidth)}  ${"Current".padEnd(currentWidth)}  Desired`);
+  writeLine("-".repeat(settingWidth + currentWidth + 20));
+  for (const diff of result.diffs) {
+    const currentStr = formatValue(diff.current);
+    const desiredStr = formatValue(diff.desired);
+    writeLine(
+      `${diff.setting.padEnd(settingWidth)}  ${currentStr.padEnd(currentWidth)}  ${desiredStr}`
+    );
+  }
+}
+function outputTagNoChanges(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify({ ...result, message: "No changes needed" }, null, 2));
+  } else {
+    writeTagRepoHeader(result);
+    writeLine("No changes needed. Tag protection settings match configuration.");
+  }
+}
+function outputTagPreview(result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify({ ...result, preview: true }, null, 2));
+  } else {
+    writeTagRepoHeader(result);
+    writeLine("Would apply the following changes:");
+    for (const diff of result.diffs) {
+      writeLine(`  ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);
+    }
+    writeLine("");
+    writeLine("Run with --apply to make these changes.");
+  }
+}
+function outputTagSyncResult(diffResult, result, format) {
+  if (format === "json") {
+    writeLine(JSON.stringify({ repoInfo: diffResult.repoInfo, ...result }, null, 2));
+  } else {
+    outputTagSyncResultText(diffResult, result);
+  }
+}
+function outputTagSyncResultText(diffResult, result) {
+  writeTagRepoHeader(diffResult);
+  writeLine("Applying tag protection changes...");
+  for (const diff of result.applied) {
+    writeLine(`  + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);
+  }
+  for (const { diff, error } of result.failed) {
+    writeLine(`  x ${diff.setting}: ${error}`);
+  }
+  writeLine("");
+  if (result.success) {
+    writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);
+  } else {
+    writeLine(`x ${result.failed.length} setting(s) failed to sync.`);
+  }
+}
+export {
+  runDiff,
+  runSync,
+  runTagDiff,
+  runTagSync
+};
+//# sourceMappingURL=sync-RLYBGYNY.js.map