@varlock/bumpy 0.0.0 → 0.0.2

package/dist/publish-D_7RqEYL.mjs

@@ -0,0 +1,251 @@
+import { n as log, t as colorize } from "./logger-C2dEe5Su.mjs";
+import { a as loadConfig } from "./config-BkwIEaQg.mjs";
+import { n as detectWorkspaces } from "./package-manager-DcI5TdDE.mjs";
+import { n as discoverWorkspace } from "./workspace-CxEKakDm.mjs";
+import { t as DependencyGraph } from "./dep-graph-E-9-eQ2J.mjs";
+import { n as runArgsAsync, o as tryRunArgs } from "./shell-Dj7JRD_q.mjs";
+import { a as pushWithTags, i as listTags, r as hasUncommittedChanges } from "./git-CGHVXXKw.mjs";
+import { t as publishPackages } from "./publish-pipeline-ChnqW8nR.mjs";
+//#region src/core/github-release.ts
+/** Get the current HEAD commit SHA */
+function getHeadSha(rootDir) {
+	return tryRunArgs([
+		"git",
+		"rev-parse",
+		"HEAD"
+	], { cwd: rootDir });
+}
+/** Create individual GitHub releases for each published package */
+async function createIndividualReleases(releases, changesets, rootDir, opts = {}) {
+	if (!isGhAvailable()) {
+		log.dim("  gh CLI not found — skipping GitHub releases");
+		return;
+	}
+	const headSha = getHeadSha(rootDir);
+	for (const release of releases) {
+		const tag = `${release.name}@${release.newVersion}`;
+		const body = buildReleaseBody(release, changesets);
+		const title = `${release.name} v${release.newVersion}`;
+		if (opts.dryRun) {
+			log.dim(`  Would create GitHub release: ${title}`);
+			continue;
+		}
+		try {
+			const args = [
+				"gh",
+				"release",
+				"create",
+				tag,
+				"--title",
+				title,
+				"--notes",
+				body
+			];
+			if (headSha) args.push("--target", headSha);
+			await runArgsAsync(args, { cwd: rootDir });
+			log.dim(`  Created GitHub release: ${title}`);
+		} catch (err) {
+			log.warn(`  Failed to create GitHub release for ${tag}: ${err instanceof Error ? err.message : err}`);
+		}
+	}
+}
+/** Create a single aggregated GitHub release for all published packages */
+async function createAggregateRelease(releases, changesets, rootDir, opts = {}) {
+	if (!isGhAvailable()) {
+		log.dim("  gh CLI not found — skipping GitHub release");
+		return;
+	}
+	if (releases.length === 0) return;
+	const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+	const { tag, title } = resolveAggregateTagAndTitle(date, listTags(`release-${date}*`, { cwd: rootDir }), opts.title);
+	const body = buildAggregateBody(releases, changesets);
+	if (opts.dryRun) {
+		log.dim(`  Would create aggregate GitHub release: ${title}`);
+		log.dim(`  Tag: ${tag}`);
+		return;
+	}
+	try {
+		tryRunArgs([
+			"git",
+			"tag",
+			tag
+		], { cwd: rootDir });
+		const headSha = getHeadSha(rootDir);
+		const args = [
+			"gh",
+			"release",
+			"create",
+			tag,
+			"--title",
+			title,
+			"--notes",
+			body
+		];
+		if (headSha) args.push("--target", headSha);
+		await runArgsAsync(args, { cwd: rootDir });
+		log.success(`Created aggregate GitHub release: ${title}`);
+	} catch (err) {
+		log.warn(`Failed to create aggregate GitHub release: ${err instanceof Error ? err.message : err}`);
+	}
+}
+function buildReleaseBody(release, changesets) {
+	const lines = [];
+	const relevant = changesets.filter((cs) => release.changesets.includes(cs.id));
+	if (relevant.length > 0) {
+		for (const cs of relevant) if (cs.summary) lines.push(`- ${cs.summary.split("\n")[0]}`);
+	}
+	if (release.isDependencyBump && relevant.length === 0) lines.push("- Updated dependencies");
+	return lines.join("\n") || "No changelog entries.";
+}
+function buildAggregateBody(releases, changesets) {
+	const lines = [];
+	const groups = [
+		["Major Changes", releases.filter((r) => r.type === "major")],
+		["Minor Changes", releases.filter((r) => r.type === "minor")],
+		["Patch Changes", releases.filter((r) => r.type === "patch")]
+	];
+	for (const [heading, group] of groups) {
+		if (group.length === 0) continue;
+		lines.push(`## ${heading}\n`);
+		for (const release of group) {
+			lines.push(`### ${release.name} v${release.newVersion}\n`);
+			const relevant = changesets.filter((cs) => release.changesets.includes(cs.id));
+			if (relevant.length > 0) {
+				for (const cs of relevant) if (cs.summary) lines.push(`- ${cs.summary.split("\n")[0]}`);
+			} else if (release.isDependencyBump) lines.push("- Updated dependencies");
+			else if (release.isCascadeBump) lines.push("- Version bump via cascade rule");
+			lines.push("");
+		}
+	}
+	return lines.join("\n").trim() || "No changelog entries.";
+}
+/** Compute the aggregate release tag and title, appending -n suffix if a tag for the same date already exists */
+function resolveAggregateTagAndTitle(date, existingTags, titleTemplate) {
+	const baseTag = `release-${date}`;
+	const suffix = existingTags.length === 0 ? "" : `-${existingTags.length + 1}`;
+	return {
+		tag: `${baseTag}${suffix}`,
+		title: (titleTemplate || "Release {{date}}").replace("{{date}}", `${date}${suffix}`)
+	};
+}
+function isGhAvailable() {
+	return tryRunArgs(["gh", "--version"]) !== null;
+}
+//#endregion
+//#region src/commands/publish.ts
+/**
+* Publish packages that have been versioned but not yet published.
+* Detects unpublished versions by comparing package.json versions against npm registry.
+*/
+async function publishCommand(rootDir, opts) {
+	const config = await loadConfig(rootDir);
+	const { packages, catalogs } = await discoverWorkspace(rootDir, config);
+	const { packageManager: detectedPm } = await detectWorkspaces(rootDir);
+	const depGraph = new DependencyGraph(packages);
+	if (!opts.dryRun && hasUncommittedChanges({ cwd: rootDir })) {
+		log.warn("You have uncommitted changes. Commit or stash them before publishing.");
+		process.exit(1);
+	}
+	let toPublish = await findUnpublishedPackages(packages, config);
+	if (opts.filter) {
+		const { matchGlob } = await import("./config-BkwIEaQg.mjs").then((n) => n.t);
+		const patterns = opts.filter.split(",").map((p) => p.trim());
+		toPublish = toPublish.filter((r) => patterns.some((p) => matchGlob(r.name, p)));
+	}
+	if (toPublish.length === 0) {
+		log.info("No unpublished packages found.");
+		return;
+	}
+	const releasePlan = {
+		changesets: [],
+		releases: toPublish
+	};
+	if (opts.dryRun) log.bold("Dry run — would publish:");
+	else log.bold("Publishing:");
+	for (const r of toPublish) console.log(`  ${r.name}@${colorize(r.newVersion, "cyan")}`);
+	console.log();
+	const result = await publishPackages(releasePlan, packages, depGraph, config, rootDir, {
+		dryRun: opts.dryRun,
+		tag: opts.tag
+	}, catalogs, detectedPm);
+	if (result.published.length > 0) log.success(`Published ${result.published.length} package(s)`);
+	if (result.skipped.length > 0) log.dim(`Skipped ${result.skipped.length}: ${result.skipped.map((s) => s.name).join(", ")}`);
+	if (result.failed.length > 0) {
+		log.error(`Failed ${result.failed.length}: ${result.failed.map((f) => `${f.name} (${f.error})`).join(", ")}`);
+		process.exit(1);
+	}
+	if (!opts.dryRun && !opts.noPush && result.published.length > 0) try {
+		log.step("Pushing tags...");
+		pushWithTags({ cwd: rootDir });
+		log.success("Pushed tags to remote");
+	} catch (err) {
+		log.warn(`Failed to push tags: ${err instanceof Error ? err.message : err}`);
+	}
+	if (result.published.length > 0) {
+		const publishedReleases = releasePlan.releases.filter((r) => result.published.some((p) => p.name === r.name));
+		const aggConfig = config.aggregateRelease;
+		const isAggregate = aggConfig === true || typeof aggConfig === "object" && aggConfig.enabled;
+		const aggTitle = typeof aggConfig === "object" ? aggConfig.title : void 0;
+		if (isAggregate) await createAggregateRelease(publishedReleases, releasePlan.changesets, rootDir, {
+			dryRun: opts.dryRun,
+			title: aggTitle
+		});
+		else await createIndividualReleases(publishedReleases, releasePlan.changesets, rootDir, { dryRun: opts.dryRun });
+	}
+}
+/**
+* Find packages whose current version is not yet published.
+*
+* Detection strategy (per package):
+* 1. Custom `checkPublished` command → run it, compare output to current version
+* 2. `skipNpmPublish` or custom `publishCommand` → check git tags
+* 3. Default → check npm registry via `npm info`
+*/
+async function findUnpublishedPackages(packages, _config) {
+	const unpublished = [];
+	for (const [name, pkg] of packages) {
+		if (pkg.private && !pkg.bumpy?.publishCommand) continue;
+		if (pkg.version === "0.0.0") continue;
+		if (!await checkIfPublished(name, pkg.version, pkg.bumpy)) unpublished.push({
+			name,
+			type: "patch",
+			oldVersion: pkg.version,
+			newVersion: pkg.version,
+			changesets: [],
+			isDependencyBump: false,
+			isCascadeBump: false
+		});
+	}
+	return unpublished;
+}
+async function checkIfPublished(name, version, pkgConfig) {
+	const { runAsync, runArgsAsync, tryRunArgs } = await import("./shell-Dj7JRD_q.mjs").then((n) => n.i);
+	if (pkgConfig?.checkPublished) try {
+		return (await runAsync(pkgConfig.checkPublished)).trim() === version;
+	} catch {
+		return false;
+	}
+	if (pkgConfig?.skipNpmPublish || pkgConfig?.publishCommand) {
+		const tag = `${name}@${version}`;
+		return tryRunArgs([
+			"git",
+			"tag",
+			"-l",
+			tag
+		]) === tag;
+	}
+	try {
+		const args = [
+			"npm",
+			"info",
+			`${name}@${version}`,
+			"version"
+		];
+		if (pkgConfig?.registry) args.push("--registry", pkgConfig.registry);
+		return await runArgsAsync(args) === version;
+	} catch {
+		return false;
+	}
+}
+//#endregion
+export { publishCommand };

package/dist/publish-pipeline-ChnqW8nR.mjs

@@ -0,0 +1,277 @@
+import { n as log, t as colorize } from "./logger-C2dEe5Su.mjs";
+import { a as readJson, c as writeJson } from "./fs-0AtnPUUe.mjs";
+import { r as resolveCatalogDep } from "./package-manager-DcI5TdDE.mjs";
+import { a as sq, n as runArgsAsync, o as tryRunArgs, r as runAsync } from "./shell-Dj7JRD_q.mjs";
+import { r as stripProtocol } from "./semver-BTzYh8vc.mjs";
+import { o as tagExists, t as createTag } from "./git-CGHVXXKw.mjs";
+import { resolve } from "node:path";
+import { unlink } from "node:fs/promises";
+import { appendFileSync, existsSync, readFileSync, writeFileSync } from "node:fs";
+//#region src/core/publish-pipeline.ts
+/**
+* Detect which CI OIDC provider is available for npm trusted publishing.
+* Returns the provider name or null if none detected.
+*
+* Supported providers:
+* - GitHub Actions: `ACTIONS_ID_TOKEN_REQUEST_URL` (set when `id-token: write` permission is granted)
+* - GitLab CI: `GITLAB_CI` + `NPM_ID_TOKEN`
+* - CircleCI: `CIRCLECI` + `NPM_ID_TOKEN`
+*/
+function detectOidcProvider() {
+	if (process.env.ACTIONS_ID_TOKEN_REQUEST_URL) return "github-actions";
+	if (process.env.GITLAB_CI && process.env.NPM_ID_TOKEN) return "gitlab";
+	if (process.env.CIRCLECI && process.env.NPM_ID_TOKEN) return "circleci";
+	return null;
+}
+const OIDC_NPM_UPGRADE_HINTS = {
+	"github-actions": "Add `actions/setup-node@v6` with `node-version: lts/*` to your workflow",
+	gitlab: "Use a Node.js image with npm >= 11.5.1 or run `npm install -g npm@latest`",
+	circleci: "Use a Node.js image with npm >= 11.5.1 or run `sudo npm install -g npm@latest`"
+};
+/**
+* Set up npm authentication for publishing.
+*
+* Handles three scenarios:
+* 1. **Trusted publishing (OIDC)** — GitHub Actions, GitLab CI, or CircleCI with OIDC configured.
+*    npm >= 11.5.1 authenticates automatically via OIDC token exchange.
+*    No secret needed, but we check the npm version and warn if too old.
+* 2. **Token-based auth** — `NPM_TOKEN` or `NODE_AUTH_TOKEN` env var.
+*    Writes a project-level `.npmrc` so npm can authenticate.
+* 3. **Pre-configured** — user already has `.npmrc` with auth (e.g. via `actions/setup-node`).
+*/
+function setupNpmAuth(rootDir, publishManager) {
+	if (publishManager !== "npm") return;
+	const npmrcPath = resolve(rootDir, ".npmrc");
+	const existingNpmrc = existsSync(npmrcPath) ? readFileSync(npmrcPath, "utf-8") : "";
+	if (existingNpmrc.includes(":_authToken=")) {
+		log.dim("  Using existing .npmrc auth configuration");
+		return;
+	}
+	const oidcProvider = detectOidcProvider();
+	if (oidcProvider) {
+		const npmVersion = tryRunArgs(["npm", "--version"]);
+		if (npmVersion) {
+			const [major, minor, patch] = npmVersion.split(".").map(Number);
+			if (!(major > 11 || major === 11 && (minor > 5 || minor === 5 && patch >= 1))) {
+				log.warn(`  npm ${npmVersion} detected — trusted publishing (OIDC) requires npm >= 11.5.1`);
+				log.warn(`  ${OIDC_NPM_UPGRADE_HINTS[oidcProvider]}`);
+			} else log.dim(`  OIDC detected (${oidcProvider}) — npm ${npmVersion} will authenticate via trusted publishing`);
+		}
+		return;
+	}
+	const token = process.env.NODE_AUTH_TOKEN || process.env.NPM_TOKEN;
+	if (token) {
+		if (process.env.NPM_TOKEN && !process.env.NODE_AUTH_TOKEN) process.env.NODE_AUTH_TOKEN = token;
+		const authLine = "//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}";
+		if (existingNpmrc) appendFileSync(npmrcPath, `\n${authLine}\n`);
+		else writeFileSync(npmrcPath, `${authLine}\n`);
+		log.dim("  Configured .npmrc with auth token");
+		return;
+	}
+	if (process.env.CI) {
+		log.warn("  No npm authentication detected. Publishing will likely fail.");
+		log.warn("  Options:");
+		log.warn("    • Trusted publishing (OIDC): add `id-token: write` permission + npm >= 11.5.1");
+		log.warn("    • Token auth: set NPM_TOKEN or NODE_AUTH_TOKEN environment variable");
+		log.warn("    • Manual: add `actions/setup-node` with `registry-url` to your workflow");
+	}
+}
+/**
+* Publish all packages in the release plan.
+* Order: topological (dependencies published before dependents).
+*/
+async function publishPackages(releasePlan, packages, depGraph, config, rootDir, opts = {}, catalogs = /* @__PURE__ */ new Map(), detectedPm = "npm") {
+	const result = {
+		published: [],
+		skipped: [],
+		failed: []
+	};
+	const publishConfig = config.publish;
+	setupNpmAuth(rootDir, publishConfig.publishManager);
+	const packManager = publishConfig.packManager === "auto" ? detectedPm : publishConfig.packManager;
+	const topoOrder = depGraph.topologicalSort(packages);
+	const releaseMap = new Map(releasePlan.releases.map((r) => [r.name, r]));
+	const ordered = [];
+	for (const name of topoOrder) {
+		const release = releaseMap.get(name);
+		if (release) ordered.push(release);
+	}
+	for (const release of ordered) {
+		const pkg = packages.get(release.name);
+		const pkgConfig = pkg.bumpy || {};
+		if (pkg.private && !pkgConfig.publishCommand) {
+			if (config.privatePackages.tag) createGitTag(release, rootDir, opts);
+			result.skipped.push({
+				name: release.name,
+				reason: "private"
+			});
+			continue;
+		}
+		log.step(`Publishing ${colorize(release.name, "cyan")}@${release.newVersion}`);
+		try {
+			if (pkgConfig.buildCommand) {
+				log.dim(`  Building...`);
+				if (!opts.dryRun) await runAsync(pkgConfig.buildCommand, { cwd: pkg.dir });
+			}
+			if (pkgConfig.publishCommand || publishConfig.protocolResolution === "in-place") await resolveProtocolsInPlace(pkg, packages, releasePlan, catalogs);
+			if (pkgConfig.publishCommand) {
+				const commands = Array.isArray(pkgConfig.publishCommand) ? pkgConfig.publishCommand : [pkgConfig.publishCommand];
+				for (const cmd of commands) {
+					const expanded = cmd.replace(/\{\{version\}\}/g, sq(release.newVersion)).replace(/\{\{name\}\}/g, sq(release.name));
+					log.dim(`  Running: ${expanded}`);
+					if (!opts.dryRun) await runAsync(expanded, { cwd: pkg.dir });
+				}
+			} else if (!pkgConfig.skipNpmPublish) if (publishConfig.protocolResolution === "pack") await packThenPublish(pkg, pkgConfig, config, packManager, opts);
+			else await npmPublishDirect(pkg, pkgConfig, config, opts);
+			else {
+				result.skipped.push({
+					name: release.name,
+					reason: "skipNpmPublish"
+				});
+				createGitTag(release, rootDir, opts);
+				continue;
+			}
+			createGitTag(release, rootDir, opts);
+			result.published.push({
+				name: release.name,
+				version: release.newVersion
+			});
+			log.success(`  Published ${release.name}@${release.newVersion}`);
+		} catch (err) {
+			const errMsg = err instanceof Error ? err.message : String(err);
+			log.error(`  Failed to publish ${release.name}: ${errMsg}`);
+			result.failed.push({
+				name: release.name,
+				error: errMsg
+			});
+		}
+	}
+	return result;
+}
+/**
+* Pack with the PM (which resolves workspace:/catalog: protocols into the tarball),
+* then publish the tarball with npm (which supports OIDC/provenance).
+*/
+async function packThenPublish(pkg, pkgConfig, config, packManager, opts) {
+	const packArgs = getPackArgs(packManager);
+	log.dim(`  Packing with: ${packArgs.join(" ")}`);
+	if (opts.dryRun) {
+		const publishArgs = buildPublishArgs(pkg, pkgConfig, config, opts, "<tarball>");
+		log.dim(`  Would publish with: ${publishArgs.join(" ")}`);
+		return;
+	}
+	const tarball = parseTarballPath(await runArgsAsync(packArgs, { cwd: pkg.dir }), pkg.dir);
+	try {
+		const publishArgs = buildPublishArgs(pkg, pkgConfig, config, opts, tarball);
+		log.dim(`  Publishing: ${publishArgs.join(" ")}`);
+		await runArgsAsync(publishArgs, { cwd: pkg.dir });
+	} finally {
+		try {
+			await unlink(tarball);
+		} catch {}
+	}
+}
+/** Publish directly from the package directory (no tarball) */
+async function npmPublishDirect(pkg, pkgConfig, config, opts) {
+	const args = buildPublishArgs(pkg, pkgConfig, config, opts);
+	log.dim(`  Running: ${args.join(" ")}`);
+	if (!opts.dryRun) await runArgsAsync(args, { cwd: pkg.dir });
+}
+function getPackArgs(pm) {
+	switch (pm) {
+		case "pnpm": return ["pnpm", "pack"];
+		case "bun": return [
+			"bun",
+			"pm",
+			"pack"
+		];
+		case "yarn": return ["yarn", "pack"];
+		default: return ["npm", "pack"];
+	}
+}
+function buildPublishArgs(pkg, pkgConfig, config, opts, tarball) {
+	const publishManager = config.publish.publishManager;
+	const args = [];
+	if (publishManager === "yarn") args.push("yarn", "npm", "publish");
+	else args.push(publishManager, "publish");
+	if (tarball) args.push(tarball);
+	const access = pkgConfig?.access || config.access;
+	args.push("--access", access);
+	if (pkgConfig?.registry) args.push("--registry", pkgConfig.registry);
+	if (opts.tag) args.push("--tag", opts.tag);
+	if (config.publish.publishArgs.length > 0) args.push(...config.publish.publishArgs);
+	return args;
+}
+/**
+* Parse the tarball path from pack command output.
+* Each PM has different output formats:
+*   npm/pnpm: tarball filename on the last line
+*   bun:      tarball filename mid-output, summary lines after
+*   yarn:     'success Wrote tarball to "/path/to/foo.tgz".'
+*/
+function parseTarballPath(output, cwd) {
+	const tgzMatch = output.match(/(?:^|["'\s])([^\s"']*\.tgz)/m);
+	if (tgzMatch) {
+		const tarball = tgzMatch[1];
+		return tarball.startsWith("/") ? tarball : resolve(cwd, tarball);
+	}
+	const lines = output.trim().split("\n").filter(Boolean);
+	const lastLine = lines[lines.length - 1]?.trim() || "";
+	return lastLine.startsWith("/") ? lastLine : resolve(cwd, lastLine);
+}
+function createGitTag(release, rootDir, opts) {
+	const tag = `${release.name}@${release.newVersion}`;
+	if (opts.dryRun) {
+		log.dim(`  Would create tag: ${tag}`);
+		return;
+	}
+	if (tagExists(tag, { cwd: rootDir })) {
+		log.dim(`  Tag ${tag} already exists, skipping`);
+		return;
+	}
+	createTag(tag, { cwd: rootDir });
+	log.dim(`  Tagged: ${tag}`);
+}
+/**
+* Resolve workspace:/catalog: protocols by rewriting package.json in-place.
+* Used for custom publish commands and "in-place" protocolResolution mode.
+*/
+async function resolveProtocolsInPlace(pkg, packages, releasePlan, catalogs) {
+	const pkgJsonPath = resolve(pkg.dir, "package.json");
+	const pkgJson = await readJson(pkgJsonPath);
+	let modified = false;
+	const releaseMap = new Map(releasePlan.releases.map((r) => [r.name, r]));
+	for (const depField of [
+		"dependencies",
+		"devDependencies",
+		"peerDependencies",
+		"optionalDependencies"
+	]) {
+		const deps = pkgJson[depField];
+		if (!deps) continue;
+		for (const [depName, range] of Object.entries(deps)) {
+			let resolved = null;
+			if (range.startsWith("catalog:")) {
+				resolved = resolveCatalogDep(depName, range, catalogs);
+				if (!resolved) {
+					log.warn(`  Could not resolve ${depName}: "${range}" — catalog entry not found`);
+					continue;
+				}
+			} else if (range.startsWith("workspace:")) {
+				const cleanRange = stripProtocol(range);
+				if (cleanRange === "*" || cleanRange === "^" || cleanRange === "~") {
+					const depPkg = packages.get(depName);
+					const version = releaseMap.get(depName)?.newVersion || depPkg?.version || "0.0.0";
+					resolved = `${cleanRange === "*" ? "^" : cleanRange}${version}`;
+				} else resolved = cleanRange;
+			}
+			if (resolved) {
+				deps[depName] = resolved;
+				modified = true;
+			}
+		}
+	}
+	if (modified) await writeJson(pkgJsonPath, pkgJson);
+}
+//#endregion
+export { publishPackages as t };

package/dist/release-plan-BEzwApuK.mjs

@@ -0,0 +1,173 @@
+import { g as parseIsolatedBump, h as maxBump, l as DEFAULT_BUMP_RULES, m as hasCascade, p as bumpLevel, s as matchGlob } from "./config-BkwIEaQg.mjs";
+import { n as satisfies, r as stripProtocol, t as bumpVersion } from "./semver-BTzYh8vc.mjs";
+//#region src/core/release-plan.ts
+/**
+* Build a release plan from pending changesets, the dependency graph, and config.
+* This is the core algorithm of bumpy.
+*/
+function assembleReleasePlan(changesets, packages, depGraph, config) {
+	if (changesets.length === 0) return {
+		changesets: [],
+		releases: []
+	};
+	const planned = /* @__PURE__ */ new Map();
+	const cascadeOverrides = /* @__PURE__ */ new Map();
+	for (const cs of changesets) for (const release of cs.releases) {
+		if (!packages.has(release.name)) continue;
+		const { bump, isolated } = parseIsolatedBump(release.type);
+		const existing = planned.get(release.name);
+		if (existing) {
+			existing.type = maxBump(existing.type, bump);
+			if (!isolated) existing.isolated = false;
+			existing.changesets.add(cs.id);
+		} else planned.set(release.name, {
+			type: bump,
+			isolated,
+			isDependencyBump: false,
+			isCascadeBump: false,
+			changesets: new Set([cs.id])
+		});
+		if (hasCascade(release)) {
+			if (!cascadeOverrides.has(release.name)) cascadeOverrides.set(release.name, /* @__PURE__ */ new Map());
+			const overrides = cascadeOverrides.get(release.name);
+			for (const [pattern, bumpType] of Object.entries(release.cascade)) {
+				const existing = overrides.get(pattern);
+				overrides.set(pattern, maxBump(existing, bumpType));
+			}
+		}
+	}
+	for (const group of config.fixed) {
+		let groupBump;
+		let groupIsolated = true;
+		for (const nameOrGlob of group) for (const [name, bump] of planned) if (matchGlob(name, nameOrGlob)) {
+			groupBump = maxBump(groupBump, bump.type);
+			if (!bump.isolated) groupIsolated = false;
+		}
+		if (!groupBump) continue;
+		for (const nameOrGlob of group) for (const [name] of packages) {
+			if (!matchGlob(name, nameOrGlob)) continue;
+			const existing = planned.get(name);
+			if (existing) {
+				existing.type = groupBump;
+				existing.isolated = groupIsolated;
+			} else planned.set(name, {
+				type: groupBump,
+				isolated: groupIsolated,
+				isDependencyBump: false,
+				isCascadeBump: false,
+				changesets: /* @__PURE__ */ new Set()
+			});
+		}
+	}
+	for (const group of config.linked) {
+		let groupBump;
+		for (const nameOrGlob of group) for (const [name, bump] of planned) if (matchGlob(name, nameOrGlob)) groupBump = maxBump(groupBump, bump.type);
+		if (!groupBump) continue;
+		for (const nameOrGlob of group) for (const [name] of packages) {
+			if (!matchGlob(name, nameOrGlob)) continue;
+			const existing = planned.get(name);
+			if (existing) existing.type = groupBump;
+		}
+	}
+	let changed = true;
+	let iterations = 0;
+	const MAX_ITERATIONS = 100;
+	while (changed && iterations < MAX_ITERATIONS) {
+		changed = false;
+		iterations++;
+		for (const [pkgName, bump] of planned) {
+			if (bump.isolated) continue;
+			const csOverrides = cascadeOverrides.get(pkgName);
+			if (csOverrides) for (const [pattern, cascadeBumpType] of csOverrides) for (const [targetName] of packages) {
+				if (!matchGlob(targetName, pattern)) continue;
+				if (applyBump(planned, targetName, cascadeBumpType, false, true, bump.changesets)) changed = true;
+			}
+			const cascadeTo = packages.get(pkgName)?.bumpy?.cascadeTo;
+			if (cascadeTo) for (const [pattern, rule] of Object.entries(cascadeTo)) {
+				if (!shouldTrigger(bump.type, rule.trigger)) continue;
+				const cascadeBump = rule.bumpAs === "match" ? bump.type : rule.bumpAs;
+				for (const [targetName] of packages) {
+					if (!matchGlob(targetName, pattern)) continue;
+					if (applyBump(planned, targetName, cascadeBump, false, true, bump.changesets)) changed = true;
+				}
+			}
+			const dependents = depGraph.getDependents(pkgName);
+			for (const dep of dependents) {
+				const rule = resolveRule(dep.name, pkgName, dep.depType, packages, config);
+				if (!shouldTrigger(bump.type, rule.trigger)) continue;
+				if (config.updateInternalDependencies === "out-of-range") {
+					if (satisfies(bumpVersion(packages.get(pkgName).version, bump.type), stripProtocol(dep.versionRange))) continue;
+				}
+				if (config.updateInternalDependencies === "none") continue;
+				if (config.updateInternalDependencies === "minor" && bumpLevel(bump.type) < bumpLevel("minor")) continue;
+				const depBump = rule.bumpAs === "match" ? bump.type : rule.bumpAs;
+				if (applyBump(planned, dep.name, depBump, true, false, bump.changesets)) changed = true;
+			}
+		}
+	}
+	const releases = [];
+	for (const [name, bump] of planned) {
+		const pkg = packages.get(name);
+		if (!pkg) continue;
+		const newVersion = bumpVersion(pkg.version, bump.type);
+		releases.push({
+			name,
+			type: bump.type,
+			oldVersion: pkg.version,
+			newVersion,
+			changesets: [...bump.changesets],
+			isDependencyBump: bump.isDependencyBump,
+			isCascadeBump: bump.isCascadeBump
+		});
+	}
+	releases.sort((a, b) => a.name.localeCompare(b.name));
+	return {
+		changesets,
+		releases
+	};
+}
+/** Apply a bump to a package, upgrading if already planned. Returns true if anything changed. */
+function applyBump(planned, name, type, isDependencyBump, isCascadeBump, sourceChangesets) {
+	const existing = planned.get(name);
+	if (existing) {
+		const newType = maxBump(existing.type, type);
+		if (newType === existing.type) return false;
+		existing.type = newType;
+		if (isDependencyBump) existing.isDependencyBump = true;
+		if (isCascadeBump) existing.isCascadeBump = true;
+		for (const cs of sourceChangesets) existing.changesets.add(cs);
+		return true;
+	}
+	planned.set(name, {
+		type,
+		isolated: false,
+		isDependencyBump,
+		isCascadeBump,
+		changesets: new Set(sourceChangesets)
+	});
+	return true;
+}
+/** Check if a bump level meets the trigger threshold */
+function shouldTrigger(bumpType, trigger) {
+	if (trigger === "none") return false;
+	return bumpLevel(bumpType) >= bumpLevel(trigger);
+}
+/**
+* Resolve the dependency bump rule for a specific dependent/dependency pair.
+* Priority: specificDependencyRules > per-package depType rules > global depType rules > defaults
+*/
+function resolveRule(dependentName, dependencyName, depType, packages, config) {
+	const dependent = packages.get(dependentName);
+	if (dependent?.bumpy?.specificDependencyRules?.[dependencyName]) return dependent.bumpy.specificDependencyRules[dependencyName];
+	if (dependent?.bumpy?.specificDependencyRules) {
+		for (const [pattern, rule] of Object.entries(dependent.bumpy.specificDependencyRules)) if (matchGlob(dependencyName, pattern)) return rule;
+	}
+	if (dependent?.bumpy?.dependencyBumpRules?.[depType]) return dependent.bumpy.dependencyBumpRules[depType];
+	if (config.dependencyBumpRules[depType]) return config.dependencyBumpRules[depType];
+	return DEFAULT_BUMP_RULES[depType] || {
+		trigger: "patch",
+		bumpAs: "patch"
+	};
+}
+//#endregion
+export { assembleReleasePlan as t };