npm - @topogram/cli - Versions diffs - 0.3.63 → 0.3.65 - Mend

@topogram/cli 0.3.63 → 0.3.65

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (344) hide show

package/package.json +1 -1
package/src/adoption/plan/index.js +703 -0
package/src/adoption/plan.d.ts +6 -0
package/src/adoption/plan.js +12 -703
package/src/adoption/reporting.d.ts +10 -0
package/src/adoption/review-groups.d.ts +6 -0
package/src/agent-brief.d.ts +3 -0
package/src/agent-brief.js +495 -0
package/src/agent-ops/query-builders/auth.js +375 -0
package/src/agent-ops/query-builders/change-risk/change-plan.js +123 -0
package/src/agent-ops/query-builders/change-risk/import-plan.js +49 -0
package/src/agent-ops/query-builders/change-risk/maintained.js +286 -0
package/src/agent-ops/query-builders/change-risk/review-packets.js +123 -0
package/src/agent-ops/query-builders/change-risk/risk.js +189 -0
package/src/agent-ops/query-builders/change-risk.js +25 -0
package/src/agent-ops/query-builders/common.js +149 -0
package/src/agent-ops/query-builders/maintained-risk.js +539 -0
package/src/agent-ops/query-builders/maintained-shared.js +120 -0
package/src/agent-ops/query-builders/multi-agent.js +547 -0
package/src/agent-ops/query-builders/projection-impacts.js +514 -0
package/src/agent-ops/query-builders/work-packets.js +417 -0
package/src/agent-ops/query-builders/workflow-context-shared.js +300 -0
package/src/agent-ops/query-builders/workflow-context.js +398 -0
package/src/agent-ops/query-builders/workflow-presets-core.js +676 -0
package/src/agent-ops/query-builders/workflow-presets.js +341 -0
package/src/agent-ops/query-builders.d.ts +26 -0
package/src/agent-ops/query-builders.js +42 -5021
package/src/archive/archive.d.ts +2 -0
package/src/archive/compact.d.ts +1 -0
package/src/archive/unarchive.d.ts +1 -0
package/src/catalog/constants.js +10 -0
package/src/catalog/copy.js +60 -0
package/src/catalog/diagnostics.js +15 -0
package/src/catalog/entries.js +42 -0
package/src/catalog/files.js +67 -0
package/src/catalog/provenance.js +122 -0
package/src/catalog/source.js +150 -0
package/src/catalog/validation.js +252 -0
package/src/catalog.d.ts +12 -0
package/src/catalog.js +18 -750
package/src/cli/catalog-alias.d.ts +1 -0
package/src/cli/command-parser.js +38 -0
package/src/cli/command-parsers/core.js +102 -0
package/src/cli/command-parsers/generator.js +39 -0
package/src/cli/command-parsers/import.js +44 -0
package/src/cli/command-parsers/legacy-workflow.js +21 -0
package/src/cli/command-parsers/project.js +47 -0
package/src/cli/command-parsers/sdlc.js +47 -0
package/src/cli/command-parsers/shared.js +51 -0
package/src/cli/command-parsers/template.js +48 -0
package/src/cli/commands/agent.js +47 -0
package/src/cli/commands/catalog/check.js +31 -0
package/src/cli/commands/catalog/copy.js +59 -0
package/src/cli/commands/catalog/doctor.js +248 -0
package/src/cli/commands/catalog/help.js +21 -0
package/src/cli/commands/catalog/list.js +52 -0
package/src/cli/commands/catalog/runner.js +92 -0
package/src/cli/commands/catalog/shared.js +17 -0
package/src/cli/commands/catalog/show.js +134 -0
package/src/cli/commands/catalog.js +32 -0
package/src/cli/commands/check.js +268 -0
package/src/cli/commands/doctor.js +268 -0
package/src/cli/commands/emit.js +149 -0
package/src/cli/commands/generate.js +96 -0
package/src/cli/commands/generator-policy/package-info.js +162 -0
package/src/cli/commands/generator-policy/payloads.js +372 -0
package/src/cli/commands/generator-policy/printers.js +159 -0
package/src/cli/commands/generator-policy/runner.js +81 -0
package/src/cli/commands/generator-policy/shared.js +39 -0
package/src/cli/commands/generator-policy.js +17 -0
package/src/cli/commands/generator.js +443 -0
package/src/cli/commands/import/adopt.js +170 -0
package/src/cli/commands/import/check.js +91 -0
package/src/cli/commands/import/diff.js +84 -0
package/src/cli/commands/import/help.js +47 -0
package/src/cli/commands/import/paths.js +277 -0
package/src/cli/commands/import/plan.js +284 -0
package/src/cli/commands/import/refresh.js +470 -0
package/src/cli/commands/import/status-history.js +196 -0
package/src/cli/commands/import/workspace.js +230 -0
package/src/cli/commands/import-runner.js +157 -0
package/src/cli/commands/import.js +35 -0
package/src/cli/commands/inspect.js +55 -0
package/src/cli/commands/new.js +94 -0
package/src/cli/commands/package/constants.js +17 -0
package/src/cli/commands/package/doctor.js +240 -0
package/src/cli/commands/package/help.js +27 -0
package/src/cli/commands/package/lockfile.js +135 -0
package/src/cli/commands/package/npm.js +97 -0
package/src/cli/commands/package/reporting.js +35 -0
package/src/cli/commands/package/runner.js +33 -0
package/src/cli/commands/package/shared.js +9 -0
package/src/cli/commands/package/update-cli.js +252 -0
package/src/cli/commands/package/versions.js +35 -0
package/src/cli/commands/package.js +31 -0
package/src/cli/commands/query/change-plan.js +68 -0
package/src/cli/commands/query/definitions.js +202 -0
package/src/cli/commands/query/import-adopt.js +121 -0
package/src/cli/commands/query/runner/artifacts.js +102 -0
package/src/cli/commands/query/runner/boundaries.js +211 -0
package/src/cli/commands/query/runner/change.js +182 -0
package/src/cli/commands/query/runner/import-adopt.js +111 -0
package/src/cli/commands/query/runner/index.js +31 -0
package/src/cli/commands/query/runner/output.js +12 -0
package/src/cli/commands/query/runner/workflow.js +241 -0
package/src/cli/commands/query/runner.js +3 -0
package/src/cli/commands/query/workflow-context.js +5 -0
package/src/cli/commands/query/workspace.js +274 -0
package/src/cli/commands/query.js +11 -0
package/src/cli/commands/release-rollout.js +257 -0
package/src/cli/commands/release-shared.js +528 -0
package/src/cli/commands/release-status.js +429 -0
package/src/cli/commands/release.js +107 -0
package/src/cli/commands/sdlc.js +168 -0
package/src/cli/commands/setup.js +76 -0
package/src/cli/commands/source.js +291 -0
package/src/cli/commands/template/baseline.js +100 -0
package/src/cli/commands/template/check.js +466 -0
package/src/cli/commands/template/constants.js +8 -0
package/src/cli/commands/template/diagnostics.js +26 -0
package/src/cli/commands/template/help.js +28 -0
package/src/cli/commands/template/lifecycle.js +404 -0
package/src/cli/commands/template/list-show.js +287 -0
package/src/cli/commands/template/policy.js +422 -0
package/src/cli/commands/template/shared.js +127 -0
package/src/cli/commands/template/updates.js +352 -0
package/src/cli/commands/template-runner.js +198 -0
package/src/cli/commands/template.js +43 -0
package/src/cli/commands/trust.js +219 -0
package/src/cli/commands/version.js +40 -0
package/src/cli/commands/widget.js +168 -0
package/src/cli/commands/workflow.js +63 -0
package/src/cli/dispatcher.js +392 -0
package/src/cli/help-dispatch.js +188 -0
package/src/cli/help.js +296 -0
package/src/cli/migration-guidance.js +59 -0
package/src/cli/options.js +96 -0
package/src/cli/output-safety.js +107 -0
package/src/cli/path-normalization.js +29 -0
package/src/cli.js +47 -11711
package/src/example-implementation.d.ts +2 -0
package/src/format.d.ts +1 -0
package/src/generator/api/contracts.js +497 -0
package/src/generator/api/metadata.js +221 -0
package/src/generator/api/openapi.js +559 -0
package/src/generator/api/schema.js +124 -0
package/src/generator/api/types.d.ts +98 -0
package/src/generator/api.js +3 -1195
package/src/generator/check.d.ts +1 -0
package/src/generator/context/bundle.d.ts +1 -0
package/src/generator/context/shared/domain-sdlc.js +282 -0
package/src/generator/context/shared/maintained-boundary.js +665 -0
package/src/generator/context/shared/metrics.js +85 -0
package/src/generator/context/shared/primitives.js +64 -0
package/src/generator/context/shared/relationships.js +453 -0
package/src/generator/context/shared/summaries.js +263 -0
package/src/generator/context/shared/types.d.ts +207 -0
package/src/generator/context/shared.d.ts +44 -0
package/src/generator/context/shared.js +80 -1390
package/src/generator/context/slice/core.js +397 -0
package/src/generator/context/slice/sdlc.js +417 -0
package/src/generator/context/slice/ui-packets.js +183 -0
package/src/generator/context/slice.js +2 -859
package/src/generator/native/parity-bundle.js +2 -1
package/src/generator/registry/index.js +507 -0
package/src/generator/registry.js +18 -504
package/src/generator/runtime/environment/index.js +666 -0
package/src/generator/runtime/environment.js +4 -666
package/src/generator/runtime/runtime-check/index.js +554 -0
package/src/generator/runtime/runtime-check.js +4 -554
package/src/generator/runtime/shared/index.js +572 -0
package/src/generator/runtime/shared.js +19 -570
package/src/generator/shared.d.ts +2 -0
package/src/generator/surfaces/shared.d.ts +3 -0
package/src/generator/surfaces/web/html-escape.js +22 -0
package/src/generator/surfaces/web/react.js +10 -8
package/src/generator/surfaces/web/sveltekit.js +7 -5
package/src/generator/surfaces/web/vanilla.js +8 -4
package/src/generator/widget-conformance/behavior-report.js +258 -0
package/src/generator/widget-conformance/checks.js +371 -0
package/src/generator/widget-conformance/projection-context.js +200 -0
package/src/generator/widget-conformance/report.js +166 -0
package/src/generator/widget-conformance/types.d.ts +121 -0
package/src/generator/widget-conformance.js +3 -824
package/src/generator.d.ts +2 -0
package/src/github-client.js +520 -0
package/src/import/core/context.d.ts +3 -0
package/src/import/core/contracts.d.ts +1 -0
package/src/import/core/registry.d.ts +4 -0
package/src/import/core/runner/candidates.js +217 -0
package/src/import/core/runner/options.js +22 -0
package/src/import/core/runner/reports.js +50 -0
package/src/import/core/runner/run.js +79 -0
package/src/import/core/runner/tracks.js +150 -0
package/src/import/core/runner/ui-drafts.js +337 -0
package/src/import/core/runner.js +3 -698
package/src/import/core/shared/api-routes.js +221 -0
package/src/import/core/shared/candidates.js +97 -0
package/src/import/core/shared/files.js +177 -0
package/src/import/core/shared/next-app.js +389 -0
package/src/import/core/shared/types.d.ts +51 -0
package/src/import/core/shared/ui-routes.js +230 -0
package/src/import/core/shared.js +67 -910
package/src/import/extractors/api/flutter-dio.js +4 -8
package/src/import/extractors/api/react-native-repository.js +4 -8
package/src/import/index.d.ts +4 -0
package/src/import/provenance.d.ts +4 -0
package/src/new-project/constants.js +128 -0
package/src/new-project/create.js +83 -0
package/src/new-project/json.js +28 -0
package/src/new-project/metadata.js +96 -0
package/src/new-project/package-spec.js +161 -0
package/src/new-project/project-files.js +348 -0
package/src/new-project/template-policy.js +269 -0
package/src/new-project/template-resolution.js +368 -0
package/src/new-project/template-snapshots.js +430 -0
package/src/new-project/template-updates.js +512 -0
package/src/new-project/types.d.ts +83 -0
package/src/new-project.js +6 -2188
package/src/npm-safety.js +79 -0
package/src/parser.d.ts +87 -0
package/src/parser.js +118 -0
package/src/path-helpers.d.ts +1 -0
package/src/path-helpers.js +20 -0
package/src/policy/review-boundaries.d.ts +15 -0
package/src/project-config/index.js +564 -0
package/src/project-config.js +19 -560
package/src/reconcile/docs.d.ts +8 -0
package/src/reconcile/journeys.d.ts +1 -0
package/src/resolver/enrich/acceptance-criterion.js +2 -0
package/src/resolver/enrich/bug.js +2 -0
package/src/resolver/enrich/pitch.js +2 -0
package/src/resolver/enrich/requirement.js +2 -0
package/src/resolver/enrich/task.js +2 -0
package/src/resolver/index.js +19 -2089
package/src/resolver/normalize.js +384 -1
package/src/resolver/plans.js +168 -0
package/src/resolver/projections-api.js +494 -0
package/src/resolver/projections-db.js +133 -0
package/src/resolver/projections-ui.js +317 -0
package/src/resolver/shapes.js +251 -0
package/src/resolver/shared.js +278 -0
package/src/resolver/widgets.js +132 -0
package/src/resolver.d.ts +1 -0
package/src/runtime-support.js +29 -0
package/src/sdlc/adopt.d.ts +1 -0
package/src/sdlc/check.d.ts +1 -0
package/src/sdlc/explain.d.ts +1 -0
package/src/sdlc/release.d.ts +1 -0
package/src/sdlc/scaffold.d.ts +1 -0
package/src/sdlc/transition.d.ts +1 -0
package/src/template-trust/constants.js +62 -0
package/src/template-trust/content.js +258 -0
package/src/template-trust/diff.js +92 -0
package/src/template-trust/policy.js +61 -0
package/src/template-trust/record.js +90 -0
package/src/template-trust/status.js +182 -0
package/src/template-trust.js +24 -687
package/src/text-helpers.d.ts +7 -0
package/src/text-helpers.js +245 -0
package/src/topogram-config.js +306 -0
package/src/topogram-types.d.ts +69 -0
package/src/validator/common.js +488 -0
package/src/validator/data-model.js +237 -0
package/src/validator/docs.js +167 -0
package/src/validator/expressions.js +146 -1
package/src/validator/index.d.ts +23 -0
package/src/validator/index.js +32 -3585
package/src/validator/kinds.d.ts +41 -0
package/src/validator/kinds.js +2 -0
package/src/validator/model-helpers.js +46 -0
package/src/validator/per-kind/acceptance-criterion.js +5 -0
package/src/validator/per-kind/bug.js +6 -0
package/src/validator/per-kind/domain.js +15 -2
package/src/validator/per-kind/pitch.js +7 -0
package/src/validator/per-kind/requirement.js +5 -0
package/src/validator/per-kind/task.js +7 -0
package/src/validator/per-kind/widget.js +14 -0
package/src/validator/projections/api-http-async.js +410 -0
package/src/validator/projections/api-http-authz.js +88 -0
package/src/validator/projections/api-http-core.js +205 -0
package/src/validator/projections/api-http-policies.js +339 -0
package/src/validator/projections/api-http-responses.js +233 -0
package/src/validator/projections/api-http.js +44 -0
package/src/validator/projections/db.js +353 -0
package/src/validator/projections/generator-defaults.js +45 -0
package/src/validator/projections/helpers.js +87 -0
package/src/validator/projections/ui-helpers.js +214 -0
package/src/validator/projections/ui-navigation.js +344 -0
package/src/validator/projections/ui-structure.js +364 -0
package/src/validator/projections/ui-widgets.js +493 -0
package/src/validator/projections/ui.js +46 -0
package/src/validator/registry.js +48 -1
package/src/validator/utils.d.ts +20 -0
package/src/validator/utils.js +115 -12
package/src/validator.d.ts +2 -0
package/src/widget-behavior.d.ts +1 -0
package/src/workflows/adoption/index.js +26 -0
package/src/workflows/docs-generate.js +262 -0
package/src/workflows/docs-scan.js +703 -0
package/src/workflows/docs.js +15 -0
package/src/workflows/import-app/api/collect.js +221 -0
package/src/workflows/import-app/api/openapi.js +257 -0
package/src/workflows/import-app/api/routes.js +327 -0
package/src/workflows/import-app/api/sources.js +22 -0
package/src/workflows/import-app/api.js +4 -0
package/src/workflows/import-app/db.js +538 -0
package/src/workflows/import-app/index.js +30 -0
package/src/workflows/import-app/shared.js +218 -0
package/src/workflows/import-app/ui.js +443 -0
package/src/workflows/import-app/workflow.js +159 -0
package/src/workflows/reconcile/adoption-plan/build.js +208 -0
package/src/workflows/reconcile/adoption-plan/dependencies.js +75 -0
package/src/workflows/reconcile/adoption-plan/outputs.js +143 -0
package/src/workflows/reconcile/adoption-plan/paths.js +58 -0
package/src/workflows/reconcile/adoption-plan/projection-patches.js +177 -0
package/src/workflows/reconcile/adoption-plan/reasons.js +107 -0
package/src/workflows/reconcile/adoption-plan.js +32 -0
package/src/workflows/reconcile/auth/closures.js +115 -0
package/src/workflows/reconcile/auth/formatters.js +142 -0
package/src/workflows/reconcile/auth/inference.js +330 -0
package/src/workflows/reconcile/auth/roles.js +122 -0
package/src/workflows/reconcile/auth.js +37 -0
package/src/workflows/reconcile/bundle-core/index.js +600 -0
package/src/workflows/reconcile/bundle-core.js +14 -0
package/src/workflows/reconcile/bundle-shared.js +75 -0
package/src/workflows/reconcile/candidate-model.js +477 -0
package/src/workflows/reconcile/canonical-surface.js +264 -0
package/src/workflows/reconcile/gap-report.js +333 -0
package/src/workflows/reconcile/ids.js +6 -0
package/src/workflows/reconcile/impacts/adoption-plan.js +192 -0
package/src/workflows/reconcile/impacts/indexes.js +101 -0
package/src/workflows/reconcile/impacts/patches.js +252 -0
package/src/workflows/reconcile/impacts/reports.js +80 -0
package/src/workflows/reconcile/impacts.js +16 -0
package/src/workflows/reconcile/index.js +7 -0
package/src/workflows/reconcile/renderers.js +461 -0
package/src/workflows/reconcile/summary.js +90 -0
package/src/workflows/reconcile/workflow.js +309 -0
package/src/workflows/shared.js +189 -0
package/src/workflows/types.d.ts +93 -0
package/src/workflows.d.ts +1 -0
package/src/workflows.js +10 -7652
package/src/workspace-docs.d.ts +29 -0

package/src/cli/commands/package/doctor.js ADDED Viewed

@@ -0,0 +1,240 @@
+// @ts-check
+import childProcess from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import {
+  catalogDoctorPackageDiagnostic,
+  runNpmViewPackageSpec
+} from "../catalog.js";
+import { CLI_PACKAGE_NAME, ENGINE_ROOT } from "./constants.js";
+import { compareSemver } from "./versions.js";
+/**
+ * @param {string} cwd
+ * @returns {string|null}
+ */
+export function readProjectCliDependencySpec(cwd) {
+  const packagePath = path.join(cwd, "package.json");
+  if (!fs.existsSync(packagePath)) {
+    return null;
+  }
+  try {
+    const pkg = JSON.parse(fs.readFileSync(packagePath, "utf8"));
+    const dependencies = {
+      ...(pkg.dependencies && typeof pkg.dependencies === "object" ? pkg.dependencies : {}),
+      ...(pkg.devDependencies && typeof pkg.devDependencies === "object" ? pkg.devDependencies : {})
+    };
+    const spec = dependencies[CLI_PACKAGE_NAME];
+    return typeof spec === "string" && spec ? spec : null;
+  } catch {
+    return null;
+  }
+}
+/**
+ * @param {string|null} spec
+ * @returns {boolean}
+ */
+export function isLocalCliDependencySpec(spec) {
+  if (!spec) {
+    return false;
+  }
+  return spec.startsWith("file:") ||
+    spec.startsWith(".") ||
+    spec.startsWith("/") ||
+    spec.endsWith(".tgz");
+}
+/**
+ * @returns {{ version: string, minimum: string, ok: boolean, diagnostics: any[] }}
+ */
+export function checkDoctorNode() {
+  const version = process.version;
+  const minimum = "20.0.0";
+  const ok = compareSemver(version.replace(/^v/, ""), minimum) >= 0;
+  return {
+    version,
+    minimum: `>=${minimum}`,
+    ok,
+    diagnostics: ok ? [] : [{
+      code: "node_version_unsupported",
+      severity: "error",
+      message: `Topogram requires Node.js >=${minimum}; current version is ${version}.`,
+      path: null,
+      suggestedFix: "Install Node.js 20 or newer."
+    }]
+  };
+}
+/**
+ * @returns {{ available: boolean, version: string|null, diagnostics: any[] }}
+ */
+export function checkDoctorNpm() {
+  const npmBin = process.platform === "win32" ? "npm.cmd" : "npm";
+  const result = childProcess.spawnSync(npmBin, ["--version"], {
+    encoding: "utf8",
+    env: {
+      ...process.env,
+      PATH: process.env.PATH || ""
+    }
+  });
+  if (result.status === 0) {
+    return {
+      available: true,
+      version: String(result.stdout || "").trim() || null,
+      diagnostics: []
+    };
+  }
+  return {
+    available: false,
+    version: null,
+    diagnostics: [{
+      code: "npm_not_found",
+      severity: "error",
+      message: "npm was not found on PATH.",
+      path: null,
+      suggestedFix: "Install Node.js/npm, then rerun `topogram doctor`."
+    }]
+  };
+}
+/**
+ * @returns {string}
+ */
+export function readInstalledCliPackageVersion() {
+  const packagePath = path.join(ENGINE_ROOT, "package.json");
+  if (!fs.existsSync(packagePath)) {
+    return "0.0.0";
+  }
+  const pkg = JSON.parse(fs.readFileSync(packagePath, "utf8"));
+  return typeof pkg.version === "string" ? pkg.version : "0.0.0";
+}
+/**
+ * @param {string} key
+ * @returns {string|null}
+ */
+export function npmConfigGet(key) {
+  const npmBin = process.platform === "win32" ? "npm.cmd" : "npm";
+  const result = childProcess.spawnSync(npmBin, ["config", "get", key], {
+    encoding: "utf8",
+    env: {
+      ...process.env,
+      PATH: process.env.PATH || ""
+    }
+  });
+  if (result.status !== 0) {
+    return null;
+  }
+  const value = String(result.stdout || "").trim();
+  return value && value !== "undefined" && value !== "null" ? value : null;
+}
+/**
+ * @param {string} packageSpec
+ * @returns {{ ok: boolean, checkedVersion: string|null, diagnostics: any[] }}
+ */
+export function checkDoctorPackageAccess(packageSpec) {
+  const result = runNpmViewPackageSpec(packageSpec);
+  if (result.status === 0) {
+    return {
+      ok: true,
+      checkedVersion: String(result.stdout || "").trim().replace(/^"|"$/g, "") || null,
+      diagnostics: []
+    };
+  }
+  return {
+    ok: false,
+    checkedVersion: null,
+    diagnostics: [doctorPackageDiagnostic(packageSpec, result)]
+  };
+}
+/**
+ * @param {string} spec
+ * @returns {string|null}
+ */
+export function registryPackageNameFromSpec(spec) {
+  if (!spec || spec.startsWith(".") || spec.startsWith("/") || spec.startsWith("file:") || spec.endsWith(".tgz")) {
+    return null;
+  }
+  if (spec.startsWith("@")) {
+    const parts = spec.split("/");
+    if (parts.length < 2) {
+      return null;
+    }
+    return `${parts[0]}/${parts[1].replace(/@[^@]+$/, "")}`;
+  }
+  return spec.replace(/@[^@]+$/, "");
+}
+/**
+ * @param {string} packageSpec
+ * @returns {{ ok: boolean, package: string|null, packageSpec: string, currentVersion: string|null, latestVersion: string|null, current: boolean|null, diagnostics: any[] }}
+ */
+export function checkTemplatePackageStatus(packageSpec) {
+  const packageName = registryPackageNameFromSpec(packageSpec);
+  if (!packageName) {
+    return {
+      ok: true,
+      package: null,
+      packageSpec,
+      currentVersion: null,
+      latestVersion: null,
+      current: null,
+      diagnostics: []
+    };
+  }
+  const access = checkDoctorPackageAccess(packageSpec);
+  const latest = checkDoctorPackageAccess(`${packageName}@latest`);
+  const currentVersion = access.checkedVersion;
+  const latestVersion = latest.checkedVersion;
+  return {
+    ok: access.ok && latest.ok,
+    package: packageName,
+    packageSpec,
+    currentVersion,
+    latestVersion,
+    current: currentVersion && latestVersion ? currentVersion === latestVersion : null,
+    diagnostics: [...access.diagnostics, ...latest.diagnostics]
+  };
+}
+/**
+ * @param {string} packageSpec
+ * @returns {{ checked: false, ok: null, package: string|null, packageSpec: string, currentVersion: null, latestVersion: null, current: null, reason: string, diagnostics: any[] }}
+ */
+export function localTemplatePackageStatus(packageSpec) {
+  return {
+    checked: false,
+    ok: null,
+    package: registryPackageNameFromSpec(packageSpec),
+    packageSpec,
+    currentVersion: null,
+    latestVersion: null,
+    current: null,
+    reason: "Package registry checks were skipped because --local was used.",
+    diagnostics: []
+  };
+}
+/**
+ * @param {string} packageSpec
+ * @param {{ stdout?: string, stderr?: string, error?: Error }} result
+ * @returns {any}
+ */
+function doctorPackageDiagnostic(packageSpec, result) {
+  const diagnostic = catalogDoctorPackageDiagnostic({
+    id: CLI_PACKAGE_NAME,
+    kind: "package",
+    package: CLI_PACKAGE_NAME,
+    defaultVersion: packageSpec.slice(`${CLI_PACKAGE_NAME}@`.length)
+  }, packageSpec, result);
+  return {
+    ...diagnostic,
+    code: diagnostic.code.replace(/^catalog_package_/, "package_registry_"),
+    path: CLI_PACKAGE_NAME
+  };
+}

package/src/cli/commands/package/help.js ADDED Viewed

@@ -0,0 +1,27 @@
+// @ts-check
+import { PACKAGE_UPDATE_CLI_CHECK_SCRIPTS } from "./constants.js";
+/**
+ * @returns {void}
+ */
+export function printPackageHelp() {
+  console.log("Usage: topogram package update-cli <version|--latest> [--json]");
+  console.log("");
+  console.log("Updates a consumer project to a Topogram CLI version and runs verification when dependencies are current.");
+  console.log("");
+  console.log("Behavior:");
+  console.log("  - npmjs package inspection confirms the requested public CLI version.");
+  console.log("  - npm install updates package.json and package-lock.json.");
+  console.log("  - Available consumer verification scripts run after install.");
+  console.log(`  - Recognized scripts: ${PACKAGE_UPDATE_CLI_CHECK_SCRIPTS.join(", ")}.`);
+  console.log("  - Verification scripts are selected by strength: verify, then pack:check, then check.");
+  console.log("");
+  console.log("Examples:");
+  console.log("  topogram package update-cli 0.3.5");
+  console.log("  topogram package update-cli --latest");
+  console.log("  topogram package update-cli --latest --json");
+  console.log("");
+  console.log("Auth help:");
+  console.log("  topogram setup package-auth");
+}

package/src/cli/commands/package/lockfile.js ADDED Viewed

@@ -0,0 +1,135 @@
+// @ts-check
+import fs from "node:fs";
+import path from "node:path";
+import { CLI_PACKAGE_NAME, NPMJS_REGISTRY } from "./constants.js";
+import { readProjectCliDependencySpec } from "./doctor.js";
+import { messageFromError } from "./shared.js";
+import { normalizeRegistryUrl } from "./versions.js";
+/**
+ * Remove stale tarball metadata for the CLI package before npm installs the
+ * requested version. npm package registry can repack publish metadata, so copying a
+ * local npm-pack resolved URL or integrity into a consumer lockfile can make
+ * npm ci fail with a checksum mismatch.
+ *
+ * @param {string} cwd
+ * @param {string} version
+ * @returns {boolean}
+ */
+export function sanitizeTopogramLockForPackageUpdate(cwd, version) {
+  const lockPath = path.join(cwd, "package-lock.json");
+  if (!fs.existsSync(lockPath)) {
+    return false;
+  }
+  const lock = JSON.parse(fs.readFileSync(lockPath, "utf8"));
+  const packages = lock && typeof lock === "object" && lock.packages && typeof lock.packages === "object"
+    ? lock.packages
+    : null;
+  const packageEntry = packages?.[`node_modules/${CLI_PACKAGE_NAME}`];
+  if (!packageEntry || typeof packageEntry !== "object" || packageEntry.version !== version) {
+    return false;
+  }
+  let changed = false;
+  for (const key of ["resolved", "integrity"]) {
+    if (Object.prototype.hasOwnProperty.call(packageEntry, key)) {
+      delete packageEntry[key];
+      changed = true;
+    }
+  }
+  if (changed) {
+    fs.writeFileSync(lockPath, `${JSON.stringify(lock, null, 2)}\n`, "utf8");
+  }
+  return changed;
+}
+/**
+ * @param {string} cwd
+ * @returns {{ checked: boolean, path: string, packageVersion: string|null, dependencySpec: string|null, hasTarballMetadata: boolean, resolvedVersion: string|null, refreshRecommended: boolean, diagnostics: Array<Record<string, any>> }}
+ */
+export function inspectTopogramCliLockfile(cwd) {
+  const lockPath = path.join(cwd, "package-lock.json");
+  /** @type {{ checked: boolean, path: string, packageVersion: string|null, dependencySpec: string|null, hasTarballMetadata: boolean, resolvedVersion: string|null, refreshRecommended: boolean, diagnostics: Array<Record<string, any>> }} */
+  const result = {
+    checked: false,
+    path: lockPath,
+    packageVersion: null,
+    dependencySpec: readProjectCliDependencySpec(cwd),
+    hasTarballMetadata: false,
+    resolvedVersion: null,
+    refreshRecommended: false,
+    diagnostics: []
+  };
+  if (!fs.existsSync(lockPath)) {
+    return result;
+  }
+  result.checked = true;
+  try {
+    const lock = JSON.parse(fs.readFileSync(lockPath, "utf8"));
+    const entry = lock?.packages?.[`node_modules/${CLI_PACKAGE_NAME}`];
+    if (!entry || typeof entry !== "object") {
+      return result;
+    }
+    result.packageVersion = typeof entry.version === "string" ? entry.version : null;
+    const resolved = typeof entry.resolved === "string" ? entry.resolved : null;
+    result.resolvedVersion = resolved ? resolvedTopogramCliVersion(resolved) : null;
+    result.hasTarballMetadata = Object.prototype.hasOwnProperty.call(entry, "resolved") ||
+      Object.prototype.hasOwnProperty.call(entry, "integrity");
+    const conventionVersion = readTopogramCliVersionConvention(cwd);
+    const resolvedVersionMismatch = Boolean(result.packageVersion && result.resolvedVersion && result.resolvedVersion !== result.packageVersion);
+    const normalizedResolved = normalizeRegistryUrl(resolved);
+    const normalizedRegistry = normalizeRegistryUrl(NPMJS_REGISTRY) || NPMJS_REGISTRY;
+    const npmjsTarball = Boolean(normalizedResolved && normalizedResolved.startsWith(`${normalizedRegistry}/`));
+    const localTarballMetadata = Boolean(resolved && (
+      /^file:/.test(resolved) ||
+      (!npmjsTarball && /\.tgz(?:$|[?#])/.test(resolved))
+    ));
+    result.refreshRecommended = Boolean(
+      result.packageVersion &&
+      conventionVersion &&
+      conventionVersion === result.packageVersion &&
+      (resolvedVersionMismatch || localTarballMetadata)
+    );
+    if (result.refreshRecommended) {
+      result.diagnostics.push({
+        code: "topogram_cli_lockfile_refresh_available",
+        severity: "warning",
+        message: "package-lock.json contains stale Topogram CLI tarball metadata for the pinned version.",
+        path: lockPath,
+        suggestedFix: `Run \`topogram package update-cli ${result.packageVersion}\` to refresh from npm registry metadata.`
+      });
+    }
+  } catch (error) {
+    result.diagnostics.push({
+      code: "topogram_cli_lockfile_unreadable",
+      severity: "warning",
+      message: `Could not inspect package-lock.json: ${messageFromError(error)}`,
+      path: lockPath,
+      suggestedFix: "Regenerate package-lock.json with npm install."
+    });
+  }
+  return result;
+}
+/**
+ * @param {string} resolved
+ * @returns {string|null}
+ */
+function resolvedTopogramCliVersion(resolved) {
+  const match = resolved.match(/\/@topogram\/cli\/-\/cli-([^/.?#]+(?:\.[^/.?#]+){2}(?:[-+][^/?#]+)?)\.tgz/);
+  return match ? match[1] : null;
+}
+/**
+ * @param {string} cwd
+ * @returns {string|null}
+ */
+export function readTopogramCliVersionConvention(cwd) {
+  const versionPath = path.join(cwd, "topogram-cli.version");
+  if (!fs.existsSync(versionPath)) {
+    return null;
+  }
+  const value = fs.readFileSync(versionPath, "utf8").trim();
+  return value || null;
+}

package/src/cli/commands/package/npm.js ADDED Viewed

@@ -0,0 +1,97 @@
+// @ts-check
+import childProcess from "node:child_process";
+import { localNpmrcEnv } from "../../../npm-safety.js";
+import { CLI_PACKAGE_NAME, NPMJS_REGISTRY } from "./constants.js";
+import { isPackageVersion } from "./versions.js";
+/**
+ * @param {string[]} args
+ * @param {string} cwd
+ * @returns {any}
+ */
+export function runNpmForPackageUpdate(args, cwd) {
+  const npmBin = process.platform === "win32" ? "npm.cmd" : "npm";
+  return childProcess.spawnSync(npmBin, args, {
+    cwd,
+    encoding: "utf8",
+    env: {
+      ...process.env,
+      ...localNpmrcEnv(cwd),
+      PATH: process.env.PATH || ""
+    }
+  });
+}
+/**
+ * @param {string} cwd
+ * @returns {string}
+ */
+export function latestTopogramCliVersion(cwd) {
+  const result = runNpmForPackageUpdate(["view", "--json", `--registry=${NPMJS_REGISTRY}`, "--", CLI_PACKAGE_NAME, "version"], cwd);
+  if (result.status !== 0) {
+    throw new Error(formatPackageUpdateNpmError(`${CLI_PACKAGE_NAME}@latest`, "inspect", result));
+  }
+  const raw = String(result.stdout || "").trim();
+  const version = raw.startsWith("\"") ? JSON.parse(raw) : raw;
+  if (!isPackageVersion(version)) {
+    throw new Error(`npm returned invalid latest version '${version || "(empty)"}' for ${CLI_PACKAGE_NAME}.`);
+  }
+  return version;
+}
+/**
+ * @param {any} result
+ * @returns {boolean}
+ */
+function isPackageUpdateNpmAuthFailure(result) {
+  const output = [result.error?.message, result.stderr, result.stdout].filter(Boolean).join("\n").trim();
+  const normalized = output.toLowerCase();
+  return /\b(e401|eneedauth)\b/.test(normalized) ||
+    normalized.includes("unauthenticated") ||
+    normalized.includes("authentication required");
+}
+/**
+ * @param {string} spec
+ * @param {"inspect"|"install"|"check"} step
+ * @param {any} result
+ * @returns {string}
+ */
+export function formatPackageUpdateNpmError(spec, step, result) {
+  const output = [result.error?.message, result.stderr, result.stdout].filter(Boolean).join("\n").trim();
+  const normalized = output.toLowerCase();
+  if (result.error?.code === "ENOENT") {
+    return "npm was not found. Install Node.js/npm and retry.";
+  }
+  if (isPackageUpdateNpmAuthFailure(result)) {
+    return [
+      `Authentication is required to ${step} ${spec}.`,
+      "Configure registry-specific npm auth when using private packages.",
+      output
+    ].filter(Boolean).join("\n");
+  }
+  if (/\be403\b/.test(normalized) || normalized.includes("forbidden") || normalized.includes("permission")) {
+    return [
+      `Package access was denied while trying to ${step} ${spec}.`,
+      "Check npm package registry read access for the consumer environment.",
+      output
+    ].filter(Boolean).join("\n");
+  }
+  if (/\b(e404|404)\b/.test(normalized) || normalized.includes("not found")) {
+    return [
+      `${spec} was not found, or the current token does not have access to it.`,
+      "Check the package version and npm package registry access.",
+      output
+    ].filter(Boolean).join("\n");
+  }
+  if (/\beintegrity\b/.test(normalized) || normalized.includes("integrity checksum failed")) {
+    return [
+      `Package integrity failed while trying to ${step} ${spec}.`,
+      "Regenerate package-lock.json from the published npm package registry tarball.",
+      output
+    ].filter(Boolean).join("\n");
+  }
+  return `Failed to ${step} ${spec}.\n${output || "unknown error"}`.trim();
+}

package/src/cli/commands/package/reporting.js ADDED Viewed

@@ -0,0 +1,35 @@
+// @ts-check
+/**
+ * @param {import("./update-cli.js").PackageUpdateCliPayload} payload
+ * @returns {void}
+ */
+export function printPackageUpdateCli(payload) {
+  for (const diagnostic of payload.diagnostics) {
+    if (diagnostic.severity === "warning") {
+      console.warn(`Warning: ${diagnostic.message}`);
+    }
+  }
+  console.log(`Updated ${payload.packageName} to ^${payload.requestedVersion}.`);
+  if (payload.requestedLatest) {
+    console.log(`Resolved latest version: ${payload.requestedVersion}`);
+  }
+  console.log(`Checked package: ${payload.packageName}@${payload.checkedVersion} via ${payload.packageCheckSource}`);
+  console.log(`Updated dependency: ${payload.dependencySpec} via ${payload.dependencyUpdatedBy}`);
+  if (payload.lockfileSanitized) {
+    console.log("Lockfile: refreshed existing @topogram/cli entry from registry metadata");
+  }
+  if (payload.versionConventionUpdated) {
+    console.log(`Version convention: updated ${payload.versionConventionPath}`);
+  }
+  console.log(`Checks run: ${payload.scriptsRun.join(", ") || "none"}`);
+  if (payload.skippedScripts.length > 0) {
+    console.log(`Checks skipped: ${payload.skippedScripts.join(", ")}`);
+  }
+  console.log("");
+  console.log("Next steps:");
+  console.log("  git diff package.json package-lock.json");
+  console.log(`  git commit -am "Update Topogram CLI to ${payload.requestedVersion}"`);
+  console.log("  git push");
+  console.log("  confirm the repo verification workflow passes");
+}

package/src/cli/commands/package/runner.js ADDED Viewed

@@ -0,0 +1,33 @@
+// @ts-check
+import { stableStringify } from "../../../format.js";
+import { printPackageHelp } from "./help.js";
+import { printPackageUpdateCli } from "./reporting.js";
+import { buildPackageUpdateCliPayload } from "./update-cli.js";
+/**
+ * @param {{
+ *   commandArgs: Record<string, any>,
+ *   inputPath: string|null|undefined,
+ *   json: boolean
+ * }} context
+ * @returns {number}
+ */
+export function runPackageCommand(context) {
+  const { commandArgs, inputPath, json } = context;
+  if (commandArgs.packageCommand !== "update-cli") {
+    throw new Error(`Unknown package command '${commandArgs.packageCommand}'`);
+  }
+  if (!inputPath) {
+    console.error("Missing required <version>.");
+    printPackageHelp();
+    return 1;
+  }
+  const payload = buildPackageUpdateCliPayload(inputPath);
+  if (json) {
+    console.log(stableStringify(payload));
+  } else {
+    printPackageUpdateCli(payload);
+  }
+  return 0;
+}

package/src/cli/commands/package/shared.js ADDED Viewed

@@ -0,0 +1,9 @@
+// @ts-check
+/**
+ * @param {unknown} error
+ * @returns {string}
+ */
+export function messageFromError(error) {
+  return error instanceof Error ? error.message : String(error);
+}