@varlock/bumpy 1.2.1 → 1.2.2

package/README.md

@@ -3,29 +3,30 @@
     <img src="https://raw.githubusercontent.com/dmno-dev/bumpy/refs/heads/main/images/github-readme-banner.png" alt="Bumpy banner">
   </a>
 </p>
-<br/>
 <p align="center">
   <a href="https://npmjs.com/package/@varlock/bumpy"><img src="https://img.shields.io/npm/v/@varlock/bumpy.svg" alt="npm package"></a>
   <a href="https://github.com/dmno-dev/bumpy/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/@varlock/bumpy.svg" alt="license"></a>
   <a href="https://github.com/dmno-dev/bumpy/actions/workflows/ci.yaml"><img src="https://img.shields.io/github/actions/workflow/status/dmno-dev/bumpy/ci.yaml?style=flat&logo=github&label=CI" alt="build status"></a>
   <a href="https://chat.dmno.dev"><img src="https://img.shields.io/badge/chat-discord-5865F2?style=flat&logo=discord" alt="discord chat"></a>
 </p>
+
+<p align="center">Brought to you by <a href="https://varlock.dev">Varlock</a> 🧙‍♂️🔐 <a href="https://varlock.dev">check it out to secure your secrets</a></p>
 <br/>
 
 # @varlock/bumpy 🐸
 
-A modern package versioning and changelog generation tool — built for monorepos (works great in single packages too).
+A modern package versioning, release, and changelog generation tool. Built for monorepos, but works great in simpler projects too.
 
 ## How It Works
 
-Bumpy uses **bump files** (you may know them as "changesets" if coming from [that tool 🦋](https://github.com/changesets/changesets)) — small markdown files that declare an intent to release packages with a bump level (patch/minor/major), and a description that ends up in changelogs. Developers create these files as part of their PRs, and these files are then used to consolidate changes, generate changelogs, and trigger publishing. Specifically:
+Bumpy uses **bump files** (you may know them as "changesets" if coming from [that tool 🦋](https://github.com/changesets/changesets)) - small markdown files that declare an intent to release packages with a bump level (patch/minor/major), and a description that ends up in changelogs. Developers create these files as part of their PRs, and these files are then used to consolidate changes, generate changelogs, and trigger publishing. Specifically:
 
 - Devs/agents create bump files as part of their PRs (using `bumpy add` or manually)
 - A pre-push git hook can enforce bump files exist for changed packages
 - In CI, a workflow checks PRs for bump files, leaves a comment on the PR detailing changed packages
 - As PRs merge to the base branch, a "release PR" is kept up to date
   - Shows what packages will be released and their changelogs
-    — Including packages bumped automatically due to dependency relationships
+    - Including packages bumped automatically due to dependency relationships
 - When release PR is merged, publishing is triggered
   - Oending bump files are deleted and packages are published with updated versions and changelogs
 
@@ -47,15 +48,15 @@ Fixed locale fallback logic in utils.
 
 ## Features
 
-- **All package managers** — npm, pnpm, yarn, and bun workspaces
-- **Smart dependency propagation** — configurable rules for how version bumps cascade through your dependency graph (see [version propagation docs](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md))
-- **Pack-then-publish** — by default, publishes to npm (resolving `workspace:` and `catalog:` protocols, with OIDC/provenance support). Per-package custom publish commands let you target anything — VSCode extensions, Docker images, JSR, private registries, etc.
-- **Flexible package management** — include/exclude any package individually via per-package config, glob patterns, or `privatePackages` setting
-- **Non-interactive CLI** — `bumpy add` works fully non-interactively for CI/CD and AI-assisted development
-- **Aggregated GitHub releases** — optionally create a single consolidated release instead of one per package
-- **Auto-generate from commits** — `bumpy generate` creates bump files from branch commits — works with any commit style, with enhanced detection for conventional commits
-- **Pluggable changelog formatters** — built-in `"default"` and `"github"` formatters, or write your own
-- **Zero runtime dependencies** — dependencies are minimal and bundled at release time
+- **All package managers** - npm, pnpm, yarn, and bun workspaces
+- **Smart dependency propagation** - configurable rules for how version bumps cascade through your dependency graph (see [version propagation docs](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md))
+- **Pack-then-publish** - by default, publishes to npm (resolving `workspace:` and `catalog:` protocols, with OIDC/provenance support). Per-package custom publish commands let you target anything - VSCode extensions, Docker images, JSR, private registries, etc.
+- **Flexible package management** - include/exclude any package individually via per-package config, glob patterns, or `privatePackages` setting
+- **Non-interactive CLI** - `bumpy add` works fully non-interactively for CI/CD and AI-assisted development
+- **Aggregated GitHub releases** - optionally create a single consolidated release instead of one per package
+- **Auto-generate from commits** - `bumpy generate` creates bump files from branch commits - works with any commit style, with enhanced detection for conventional commits
+- **Pluggable changelog formatters** - built-in `"default"` and `"github"` formatters, or write your own
+- **Zero runtime dependencies** - dependencies are minimal and bundled at release time
 
 ## Getting Started
 
@@ -77,10 +78,10 @@ Then set up CI to automate versioning and publishing (see below).
 
 ## CI / GitHub Actions
 
-No GitHub App to install, no separate action to rely on — just call `bumpy ci` directly in your workflows. Two commands handle the entire release lifecycle:
+No GitHub App to install, no separate action to rely on - just call `bumpy ci` directly in your workflows. Two commands handle the entire release lifecycle:
 
-- **`bumpy ci check`** — runs on every PR. Computes the release plan from pending bump files and posts/updates a comment on the PR showing what versions would be released. Warns if any changed packages are missing bump files.
-- **`bumpy ci release`** — runs on push to main. If pending bump files exist, it opens (or updates) a "Version Packages" PR that applies all version bumps and changelog updates. If the current push _is_ the Version Packages PR being merged, it publishes the new versions, creates git tags, and creates GitHub releases.
+- **`bumpy ci check`** - runs on every PR. Computes the release plan from pending bump files and posts/updates a comment on the PR showing what versions would be released. Warns if any changed packages are missing bump files.
+- **`bumpy ci release`** - runs on push to main. If pending bump files exist, it opens (or updates) a "Version Packages" PR that applies all version bumps and changelog updates. If the current push _is_ the Version Packages PR being merged, it publishes the new versions, creates git tags, and creates GitHub releases.
 
 _examples use bun, but works with Node.js_
 
@@ -109,7 +110,7 @@ jobs:
 ### Release workflow
 
 ```yaml
-# .github/workflows/bumpy-release.yml — trusted publishing (OIDC, no secret needed)
+# .github/workflows/bumpy-release.yml - trusted publishing (OIDC, no secret needed)
 name: Bumpy Release
 on:
   push:
@@ -137,13 +138,13 @@ jobs:
           BUMPY_GH_TOKEN: ${{ secrets.BUMPY_GH_TOKEN }} # additonal PAT, needed to trigger CI checks on release PR
 ```
 
-> **Trusted publishing setup:** Configure each package on [npmjs.com](https://docs.npmjs.com/trusted-publishers/) → Package Settings → Trusted Publishers → GitHub Actions. Specify your org/user, repo, and the workflow filename (`bumpy-release.yml`). No `NPM_TOKEN` secret needed. Requires npm >= 11.5.1 — bumpy will warn if your version is too old.
+> **Trusted publishing setup:** Configure each package on [npmjs.com](https://docs.npmjs.com/trusted-publishers/) → Package Settings → Trusted Publishers → GitHub Actions. Specify your org/user, repo, and the workflow filename (`bumpy-release.yml`). No `NPM_TOKEN` secret needed. Requires npm >= 11.5.1 - bumpy will warn if your version is too old.
 
 <details>
 <summary>Alternative: token-based auth (NPM_TOKEN secret)</summary>
 
 ```yaml
-# .github/workflows/bumpy-release.yml — token-based auth
+# .github/workflows/bumpy-release.yml - token-based auth
 name: Bumpy Release
 on:
   push:
@@ -174,7 +175,7 @@ You can also use `bumpy ci release --auto-publish` to version + publish directly
 
 ### Token setup
 
-The default `github.token` works for basic functionality, but GitHub's anti-recursion guard means PRs created by the default token won't trigger other workflows — so your regular CI (tests, linting, etc.) won't run automatically on the Version Packages PR. To fix this, provide a `BUMPY_GH_TOKEN` secret using either a **fine-grained PAT** or a **GitHub App token**. See the [full token setup guide](https://github.com/dmno-dev/bumpy/blob/main/docs/github-actions.md#token-setup) for details.
+The default `github.token` works for basic functionality, but GitHub's anti-recursion guard means PRs created by the default token won't trigger other workflows - so your regular CI (tests, linting, etc.) won't run automatically on the Version Packages PR. To fix this, provide a `BUMPY_GH_TOKEN` secret using either a **fine-grained PAT** or a **GitHub App token**. See the [full token setup guide](https://github.com/dmno-dev/bumpy/blob/main/docs/github-actions.md#token-setup) for details.
 
 Run `bumpy ci setup` for interactive guidance, or set it up manually:
 
@@ -210,30 +211,30 @@ bumpy ai setup --target cursor    # creates Cursor rule file
 bumpy ai setup --target codex     # creates Codex instruction file
 ```
 
-The skill teaches the AI to examine git changes, identify affected packages, choose bump levels, and create bump files with `bumpy add`. It also instructs the AI to keep existing bump files up to date as work continues on a branch — updating packages, bump levels, and summaries to reflect the final state of changes.
+The skill teaches the AI to examine git changes, identify affected packages, choose bump levels, and create bump files with `bumpy add`. It also instructs the AI to keep existing bump files up to date as work continues on a branch - updating packages, bump levels, and summaries to reflect the final state of changes.
 
 ## Documentation
 
-- [Bump file format](https://github.com/dmno-dev/bumpy/blob/main/docs/bump-files.md) — syntax, bump levels, cascade control
-- [Configuration reference](https://github.com/dmno-dev/bumpy/blob/main/docs/configuration.md) — all `.bumpy/_config.json` and per-package options
-- [CLI reference](https://github.com/dmno-dev/bumpy/blob/main/docs/cli.md) — every command with flags and examples
-- [GitHub Actions setup](https://github.com/dmno-dev/bumpy/blob/main/docs/github-actions.md) — CI workflows, token setup, trusted publishing
-- [Version propagation](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md) — how dependency bumps cascade through your graph
+- [Bump file format](https://github.com/dmno-dev/bumpy/blob/main/docs/bump-files.md) - syntax, bump levels, cascade control
+- [Configuration reference](https://github.com/dmno-dev/bumpy/blob/main/docs/configuration.md) - all `.bumpy/_config.json` and per-package options
+- [CLI reference](https://github.com/dmno-dev/bumpy/blob/main/docs/cli.md) - every command with flags and examples
+- [GitHub Actions setup](https://github.com/dmno-dev/bumpy/blob/main/docs/github-actions.md) - CI workflows, token setup, trusted publishing
+- [Version propagation](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md) - how dependency bumps cascade through your graph
 
 ## Why files instead of conventional commits?
 
-Tools like semantic-release infer version bumps from commit messages (`feat:` → minor, `fix:` → patch). This works for simple projects but breaks down in monorepos — a single PR often touches multiple packages with different bump levels, squash merges lose per-commit metadata, and commit messages are a poor place to write user-facing changelog entries. Bump files are explicit, reviewable in the PR diff, and can describe changes in language meant for consumers rather than developers. If you prefer commit-based workflows, `bumpy generate` can bridge the gap by auto-creating bump files from your branch commits — it works with any commit style, not just conventional commits.
+Tools like semantic-release infer version bumps from commit messages (`feat:` → minor, `fix:` → patch). This works for simple projects but breaks down in monorepos - a single PR often touches multiple packages with different bump levels, squash merges lose per-commit metadata, and commit messages are a poor place to write user-facing changelog entries. Bump files are explicit, reviewable in the PR diff, and can describe changes in language meant for consumers rather than developers. If you prefer commit-based workflows, `bumpy generate` can bridge the gap by auto-creating bump files from your branch commits - it works with any commit style, not just conventional commits.
 
 ## Why not just use changesets?
 
-Bumpy is built as a successor to [@changesets/changesets](https://github.com/changesets/changesets). Changesets is mature and widely adopted, but has stagnated — hundreds of open issues around core design problems that are unlikely to be fixed without a rewrite. See [differences from changesets](https://github.com/dmno-dev/bumpy/blob/main/docs/differences-from-changesets.md) for a detailed comparison with links to specific issues. The biggest pain points bumpy addresses:
+Bumpy is built as a successor to [@changesets/changesets](https://github.com/changesets/changesets). Changesets is mature and widely adopted, but has stagnated - hundreds of open issues around core design problems that are unlikely to be fixed without a rewrite. See [differences from changesets](https://github.com/dmno-dev/bumpy/blob/main/docs/differences-from-changesets.md) for a detailed comparison with links to specific issues. The biggest pain points bumpy addresses:
 
-- **Sane dependency propagation** — changesets hardcodes aggressive behavior where a minor bump triggers a major bump on all peer dependents. Bumpy uses a [three-phase algorithm](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md) with sensible defaults and full configurability.
-- **Workspace protocol resolution** — changesets uses `npm publish` even in pnpm/yarn workspaces, so `workspace:^` and `catalog:` protocols are NOT resolved, resulting in broken published packages.
-- **Custom publish commands** — changesets is hardcoded to `npm publish`. Bumpy supports per-package custom publish for VSCode extensions, Docker images, JSR, etc.
-- **Flexible package management** — changesets treats all private packages the same. Bumpy lets you include/exclude any package individually.
-- **CI without a separate action or bot** — changesets requires installing a [GitHub App](https://github.com/apps/changeset-bot) _and_ using a [separate GitHub Action](https://github.com/changesets/action). Bumpy replaces both with two CLI commands (`bumpy ci check` + `bumpy ci release`) that run directly in your workflows — no extra repos to trust, no app installation requiring org admin approval.
-- **Automatic migration** — `bumpy init` detects `.changeset/`, renames it to `.bumpy/`, migrates config, keeps pending files, and offers to uninstall `@changesets/cli`.
+- **Sane dependency propagation** - changesets hardcodes aggressive behavior where a minor bump triggers a major bump on all peer dependents. Bumpy uses a [three-phase algorithm](https://github.com/dmno-dev/bumpy/blob/main/docs/version-propagation.md) with sensible defaults and full configurability.
+- **Workspace protocol resolution** - changesets uses `npm publish` even in pnpm/yarn workspaces, so `workspace:^` and `catalog:` protocols are NOT resolved, resulting in broken published packages.
+- **Custom publish commands** - changesets is hardcoded to `npm publish`. Bumpy supports per-package custom publish for VSCode extensions, Docker images, JSR, etc.
+- **Flexible package management** - changesets treats all private packages the same. Bumpy lets you include/exclude any package individually.
+- **CI without a separate action or bot** - changesets requires installing a [GitHub App](https://github.com/apps/changeset-bot) _and_ using a [separate GitHub Action](https://github.com/changesets/action). Bumpy replaces both with two CLI commands (`bumpy ci check` + `bumpy ci release`) that run directly in your workflows - no extra repos to trust, no app installation requiring org admin approval.
+- **Automatic migration** - `bumpy init` detects `.changeset/`, renames it to `.bumpy/`, migrates config, keeps pending files, and offers to uninstall `@changesets/cli`.
 
 ## Development
 
@@ -253,4 +254,18 @@ bunx bumpy --help  # invoke built cli
 - Tracking workspace-level / non-publishable changes
 - More frogs 🐸
 
+---
+
+<p align="center">
+  <a href="https://varlock.dev" target="_blank" rel="noopener noreferrer">
+    <img src="https://raw.githubusercontent.com/dmno-dev/bumpy/refs/heads/main/images/github-readme-footer.jpg" alt="Bumpy was created by Varlock" >
+  </a>
+</p>
+<p align="center">
+  <b>Bumpy is a creation of the team behind <a href="https://varlock.dev">Varlock</a> 🧙‍♂️</b><br/>
+  <a href="https://varlock.dev">
+    Check it out for secure secret sorcery - get your keys out of plaintext!
+  </a>
+</p>
+
 <!-- note this readme is also used for the bumpy package! -->

package/dist/{add-DF6bawDT.mjs → add-DEqGa5gI.mjs}

@@ -1,13 +1,13 @@
 import { n as log, o as __toESM, r as require_picocolors } from "./logger-C2dEe5Su.mjs";
 import { n as exists, t as ensureDir } from "./fs-DnDogVn-.mjs";
-import { a as loadConfig, o as loadPackageConfig, r as getBumpyDir, s as matchGlob } from "./config-D7Umr-fT.mjs";
-import { t as discoverPackages } from "./workspace-BHsAPUmC.mjs";
-import { t as DependencyGraph } from "./dep-graph-DiLeAhl9.mjs";
-import { i as writeBumpFile } from "./bump-file-C3S_bzSf.mjs";
-import { r as getChangedFiles } from "./git-H9S9z6g-.mjs";
-import { c as ot, d as yt, i as _t, l as pt, o as gt, r as Ot, s as mt, t as unwrap, u as wt } from "./clack-C6bVkGxf.mjs";
-import { n as slugify, t as randomName } from "./names-C-TuOPbd.mjs";
-import { t as require_picomatch } from "./picomatch-DMmqYjgq.mjs";
+import { a as loadConfig, o as loadPackageConfig, r as getBumpyDir, s as matchGlob } from "./config-CJIj8xG3.mjs";
+import { t as discoverPackages } from "./workspace-c9-TqXed.mjs";
+import { t as DependencyGraph } from "./dep-graph-E-9-eQ2J.mjs";
+import { i as writeBumpFile } from "./bump-file-BTsntOO-.mjs";
+import { r as getChangedFiles } from "./git-D0__HP86.mjs";
+import { c as ot, d as yt, i as _t, l as pt, o as gt, r as Ot, s as mt, t as unwrap, u as wt } from "./clack-CJT1JFFa.mjs";
+import { n as slugify, t as randomName } from "./names-CBy7d8K_.mjs";
+import { t as require_picomatch } from "./picomatch-TGJi--_I.mjs";
 import { relative, resolve } from "node:path";
 import * as readline from "node:readline";
 //#region src/prompts/bump-select.ts

package/dist/apply-release-plan-Bi9OSWks.mjs

@@ -0,0 +1,57 @@
+import { a as readJson, c as removeFile, f as writeText, i as listFiles, l as updateJsonFields, n as exists, s as readText, u as updateJsonNestedField } from "./fs-DnDogVn-.mjs";
+import { r as getBumpyDir } from "./config-CJIj8xG3.mjs";
+import { a as prependToChangelog, i as loadFormatter, n as generateChangelogEntry } from "./changelog-xKuL0IKx.mjs";
+import { resolve } from "node:path";
+//#region src/core/apply-release-plan.ts
+/** Apply the release plan: bump versions, update changelogs, delete bump files */
+async function applyReleasePlan(releasePlan, packages, rootDir, config) {
+	const releaseMap = new Map(releasePlan.releases.map((r) => [r.name, r]));
+	const formatter = config.changelog !== false ? await loadFormatter(config.changelog, rootDir) : null;
+	for (const release of releasePlan.releases) {
+		const pkgJsonPath = resolve(packages.get(release.name).dir, "package.json");
+		const pkgJson = await readJson(pkgJsonPath);
+		await updateJsonFields(pkgJsonPath, { version: release.newVersion });
+		for (const depField of [
+			"dependencies",
+			"devDependencies",
+			"peerDependencies",
+			"optionalDependencies"
+		]) {
+			const deps = pkgJson[depField];
+			if (!deps) continue;
+			for (const [depName, range] of Object.entries(deps)) {
+				const depRelease = releaseMap.get(depName);
+				if (!depRelease) continue;
+				await updateJsonNestedField(pkgJsonPath, depField, depName, updateRange(range, depRelease.newVersion));
+			}
+		}
+	}
+	if (formatter) for (const release of releasePlan.releases) {
+		const changelogPath = resolve(packages.get(release.name).dir, "CHANGELOG.md");
+		const entry = await generateChangelogEntry(release, releasePlan.bumpFiles, formatter);
+		let existingContent = "";
+		if (await exists(changelogPath)) existingContent = await readText(changelogPath);
+		await writeText(changelogPath, prependToChangelog(existingContent, entry));
+	}
+	const bumpyDir = getBumpyDir(rootDir);
+	const allBumpFiles = await listFiles(bumpyDir, ".md");
+	for (const file of allBumpFiles) {
+		if (file === "README.md") continue;
+		await removeFile(resolve(bumpyDir, file));
+	}
+}
+/** Update a version range to include a new version, preserving the range prefix */
+function updateRange(range, newVersion) {
+	let protocol = "";
+	let cleanRange = range;
+	const protoMatch = range.match(/^(workspace:|catalog:)/);
+	if (protoMatch) {
+		protocol = protoMatch[1];
+		cleanRange = range.slice(protocol.length);
+	}
+	const prefix = cleanRange.match(/^(\^|~|>=|>|<=|<|=)?/)?.[1] ?? "^";
+	if (cleanRange === "*" || cleanRange === "" || cleanRange === "^" || cleanRange === "~") return range;
+	return `${protocol}${prefix}${newVersion}`;
+}
+//#endregion
+export { applyReleasePlan as t };

package/dist/{bump-file-C3S_bzSf.mjs → bump-file-BTsntOO-.mjs}

@@ -1,7 +1,7 @@
 import { f as writeText, i as listFiles, s as readText } from "./fs-DnDogVn-.mjs";
-import { r as getBumpyDir } from "./config-D7Umr-fT.mjs";
-import { i as jsYaml } from "./package-manager-ByJ0wKYh.mjs";
-import { s as tryRunArgs } from "./shell-CY7OD48z.mjs";
+import { r as getBumpyDir } from "./config-CJIj8xG3.mjs";
+import { i as jsYaml } from "./package-manager-CClZtIHP.mjs";
+import { s as tryRunArgs } from "./shell-u3bYGxNy.mjs";
 import { resolve } from "node:path";
 import { existsSync } from "node:fs";
 //#region src/core/bump-file.ts
@@ -190,21 +190,18 @@ function extractBumpFileIdsFromChangedFiles(changedFiles) {
 function filterBranchBumpFiles(allBumpFiles, changedFiles, rootDir, parseErrors = []) {
 	const branchBumpFileIds = extractBumpFileIdsFromChangedFiles(changedFiles);
 	const branchBumpFiles = allBumpFiles.filter((bf) => branchBumpFileIds.has(bf.id));
-	let hasEmptyBumpFile = false;
+	const emptyBumpFileIds = [];
 	if (rootDir) {
 		const parsedIds = new Set(branchBumpFiles.map((bf) => bf.id));
 		const bumpyDir = getBumpyDir(rootDir);
 		for (const id of branchBumpFileIds) if (!parsedIds.has(id) && existsSync(resolve(bumpyDir, `${id}.md`))) {
-			if (!parseErrors.some((e) => e.includes(`"${id}"`))) {
-				hasEmptyBumpFile = true;
-				break;
-			}
+			if (!parseErrors.some((e) => e.includes(`"${id}"`))) emptyBumpFileIds.push(id);
 		}
 	}
 	return {
 		branchBumpFiles,
 		branchBumpFileIds,
-		hasEmptyBumpFile
+		emptyBumpFileIds
 	};
 }
 //#endregion

package/dist/{changelog-github-DZSHX3Tb.mjs → changelog-github-CEaDCtTk.mjs}

@@ -1,4 +1,5 @@
-import { s as tryRunArgs } from "./shell-CY7OD48z.mjs";
+import { s as tryRunArgs } from "./shell-u3bYGxNy.mjs";
+import { o as sortBumpFilesByType, r as getBumpTypeForPackage } from "./changelog-xKuL0IKx.mjs";
 //#region src/core/changelog-github.ts
 /** Authors filtered from "Thanks" attribution by default (e.g. bots) */
 /** Authors filtered from "Thanks" attribution by default (e.g. AI/automation bots) */
@@ -34,21 +35,32 @@ function createGithubFormatter(options = {}) {
 		const serverUrl = process.env.GITHUB_SERVER_URL || "https://github.com";
 		const lines = [];
 		lines.push(`## ${release.newVersion}`);
-		lines.push("");
-		lines.push(`_${date}_`);
+		lines.push(`<sub>${date}</sub>`);
 		lines.push("");
 		const relevantBumpFiles = bumpFiles.filter((bf) => release.bumpFiles.includes(bf.id));
-		if (relevantBumpFiles.length > 0) for (const bf of relevantBumpFiles) {
+		const sorted = sortBumpFilesByType(relevantBumpFiles, release.name);
+		for (const bf of sorted) {
 			if (!bf.summary) continue;
+			const type = getBumpTypeForPackage(bf, release.name);
+			const tag = type !== release.type ? ` *(${type})*` : "";
 			const { cleanSummary, overrides } = extractSummaryMeta(bf.summary);
 			const gitInfo = resolveBumpFileInfo(bf.id, repoSlug, serverUrl, overrides);
 			const summaryLines = cleanSummary.split("\n");
 			const firstLine = linkifyIssueRefs(summaryLines[0], serverUrl, repoSlug);
-			const prefix = formatPrefix(gitInfo, serverUrl, repoSlug, includeCommitLink, thankContributors, internalAuthorsSet);
-			lines.push(`-${prefix ? ` ${prefix} -` : ""} ${firstLine}`);
+			const { links, thanks } = formatPrefix(gitInfo, serverUrl, repoSlug, includeCommitLink, thankContributors, internalAuthorsSet);
+			const parts = [
+				links,
+				tag,
+				thanks
+			].filter(Boolean);
+			const hasMeta = parts.length > 0;
+			lines.push(`- ${parts.join(" ")}${hasMeta ? " - " : ""}${firstLine}`);
 			for (let i = 1; i < summaryLines.length; i++) if (summaryLines[i].trim()) lines.push(`  ${linkifyIssueRefs(summaryLines[i], serverUrl, repoSlug)}`);
 		}
-		if (release.isDependencyBump && relevantBumpFiles.length === 0) lines.push("- Updated dependencies");
+		if (release.isDependencyBump) {
+			const depTag = release.type !== "patch" ? ` *(patch)* -` : "";
+			lines.push(`-${depTag} Updated dependencies`);
+		}
 		if (release.isCascadeBump && !release.isDependencyBump && relevantBumpFiles.length === 0) lines.push("- Version bump via cascade rule");
 		lines.push("");
 		return lines.join("\n");
@@ -169,18 +181,22 @@ function findBumpFileCommitInfo(bumpFileId, repo) {
 	}
 }
 /**
-* Build the prefix portion of a changelog line: PR link, commit link, thanks.
-* Matches the format used by @changesets/changelog-github.
+* Build the prefix portions of a changelog line, split into links and thanks
+* so the bump type tag can be inserted between them.
 */
 function formatPrefix(info, serverUrl, repo, includeCommitLink, thankContributors, internalAuthors) {
-	const parts = [];
-	if (info.prNumber && info.prUrl) parts.push(`[#${info.prNumber}](${info.prUrl})`);
+	const linkParts = [];
+	if (info.prNumber && info.prUrl) linkParts.push(`[#${info.prNumber}](${info.prUrl})`);
 	if (includeCommitLink && info.commitHash && repo) {
 		const short = info.commitHash.slice(0, 7);
-		parts.push(`[\`${short}\`](${serverUrl}/${repo}/commit/${info.commitHash})`);
+		linkParts.push(`[\`${short}\`](${serverUrl}/${repo}/commit/${info.commitHash})`);
 	}
-	if (thankContributors && info.author && !internalAuthors.has(info.author.toLowerCase())) parts.push(`Thanks [@${info.author}](${serverUrl}/${info.author})!`);
-	return parts.join(" ");
+	let thanks = "";
+	if (thankContributors && info.author && !internalAuthors.has(info.author.toLowerCase())) thanks = `Thanks [@${info.author}](${serverUrl}/${info.author})!`;
+	return {
+		links: linkParts.join(" "),
+		thanks
+	};
 }
 /**
 * Linkify bare issue/PR references like #123 in text,

package/dist/changelog-xKuL0IKx.mjs

@@ -0,0 +1,109 @@
+import { n as log } from "./logger-C2dEe5Su.mjs";
+import { t as BUMP_LEVELS } from "./types-CSM0c2-m.mjs";
+import { relative, resolve } from "node:path";
+import { realpathSync } from "node:fs";
+//#region src/core/changelog.ts
+/** Get the bump type a bump file applies to a specific package */
+function getBumpTypeForPackage(bf, packageName) {
+	const rel = bf.releases.find((r) => r.name === packageName);
+	return rel?.type === "none" ? "patch" : rel?.type ?? "patch";
+}
+/** Sort bump files by bump type for a specific package (major → minor → patch) */
+function sortBumpFilesByType(bumpFiles, packageName) {
+	return [...bumpFiles].sort((a, b) => {
+		const aLevel = BUMP_LEVELS[getBumpTypeForPackage(a, packageName)];
+		return BUMP_LEVELS[getBumpTypeForPackage(b, packageName)] - aLevel;
+	});
+}
+/** Default formatter — version heading with date, bullet points sorted by bump type */
+const defaultFormatter = (ctx) => {
+	const { release, bumpFiles, date } = ctx;
+	const lines = [];
+	lines.push(`## ${release.newVersion}`);
+	lines.push(`<sub>${date}</sub>`);
+	lines.push("");
+	const relevantBumpFiles = bumpFiles.filter((bf) => release.bumpFiles.includes(bf.id));
+	const sorted = sortBumpFilesByType(relevantBumpFiles, release.name);
+	for (const bf of sorted) {
+		if (!bf.summary) continue;
+		const type = getBumpTypeForPackage(bf, release.name);
+		const tag = type !== release.type ? `*(${type})* ` : "";
+		const summaryLines = bf.summary.split("\n");
+		lines.push(`- ${tag}${summaryLines[0]}`);
+		for (let i = 1; i < summaryLines.length; i++) if (summaryLines[i].trim()) lines.push(`  ${summaryLines[i]}`);
+	}
+	if (release.isDependencyBump) {
+		const tag = release.type !== "patch" ? `*(patch)* ` : "";
+		lines.push(`- ${tag}Updated dependencies`);
+	}
+	if (release.isCascadeBump && !release.isDependencyBump && relevantBumpFiles.length === 0) lines.push("- Version bump via cascade rule");
+	lines.push("");
+	return lines.join("\n");
+};
+const BUILTIN_FORMATTERS = {
+	default: defaultFormatter,
+	github: async () => {
+		const { createGithubFormatter } = await import("./changelog-github-CEaDCtTk.mjs");
+		return createGithubFormatter();
+	}
+};
+/**
+* Load a changelog formatter from config.
+* Supports: "default", "./path/to/formatter.ts", or a module name.
+*/
+async function loadFormatter(changelog, rootDir) {
+	const [name, options] = Array.isArray(changelog) ? changelog : [changelog, {}];
+	if (name === "github") {
+		const { createGithubFormatter } = await import("./changelog-github-CEaDCtTk.mjs");
+		return createGithubFormatter(options);
+	}
+	if (typeof name === "string" && BUILTIN_FORMATTERS[name]) {
+		const builtin = BUILTIN_FORMATTERS[name];
+		if (typeof builtin === "function" && builtin.length === 0) return builtin();
+		return builtin;
+	}
+	if (typeof name === "string") try {
+		let modulePath;
+		if (name.startsWith(".")) {
+			modulePath = resolve(rootDir, name);
+			try {
+				modulePath = realpathSync(modulePath);
+			} catch {}
+			const rel = relative(realpathSync(rootDir), modulePath);
+			if (rel.startsWith("..") || resolve("/", rel) === resolve("/")) throw new Error(`Changelog formatter path "${name}" resolves outside the project root`);
+		} else modulePath = name;
+		const mod = await import(modulePath);
+		const exported = mod.default || mod.changelogFormatter;
+		if (typeof exported === "function") {
+			const result = exported(options);
+			if (typeof result === "function") return result;
+			return exported;
+		}
+		throw new Error(`Changelog module "${name}" does not export a function`);
+	} catch (err) {
+		log.warn(`Failed to load changelog formatter "${name}": ${err instanceof Error ? err.message : err}`);
+		log.warn("Falling back to default formatter");
+		return defaultFormatter;
+	}
+	return defaultFormatter;
+}
+/** Generate a changelog entry using the configured formatter */
+async function generateChangelogEntry(release, bumpFiles, formatter = defaultFormatter, date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0]) {
+	return formatter({
+		release,
+		bumpFiles,
+		date
+	});
+}
+/** Prepend a new entry to an existing CHANGELOG.md content */
+function prependToChangelog(existingContent, newEntry) {
+	const headerMatch = existingContent.match(/^# /m);
+	if (headerMatch && headerMatch.index !== void 0) {
+		const afterTitle = existingContent.indexOf("\n##");
+		if (afterTitle !== -1) return existingContent.slice(0, afterTitle + 1) + "\n" + newEntry + "\n" + existingContent.slice(afterTitle + 1);
+		return existingContent.trimEnd() + "\n\n" + newEntry;
+	}
+	return "# Changelog\n\n" + newEntry;
+}
+//#endregion
+export { prependToChangelog as a, loadFormatter as i, generateChangelogEntry as n, sortBumpFilesByType as o, getBumpTypeForPackage as r, defaultFormatter as t };

package/dist/{check-BJL-YDWz.mjs → check-D3eXRyKJ.mjs}

@@ -1,9 +1,9 @@
 import { n as log, o as __toESM, t as colorize } from "./logger-C2dEe5Su.mjs";
-import { a as loadConfig, o as loadPackageConfig, r as getBumpyDir } from "./config-D7Umr-fT.mjs";
-import { n as discoverWorkspace } from "./workspace-BHsAPUmC.mjs";
-import { r as readBumpFiles, t as filterBranchBumpFiles } from "./bump-file-C3S_bzSf.mjs";
-import { r as getChangedFiles } from "./git-H9S9z6g-.mjs";
-import { t as require_picomatch } from "./picomatch-DMmqYjgq.mjs";
+import { a as loadConfig, o as loadPackageConfig, r as getBumpyDir } from "./config-CJIj8xG3.mjs";
+import { n as discoverWorkspace } from "./workspace-c9-TqXed.mjs";
+import { r as readBumpFiles, t as filterBranchBumpFiles } from "./bump-file-BTsntOO-.mjs";
+import { r as getChangedFiles } from "./git-D0__HP86.mjs";
+import { t as require_picomatch } from "./picomatch-TGJi--_I.mjs";
 import { relative } from "node:path";
 //#region src/commands/check.ts
 var import_picomatch = /* @__PURE__ */ __toESM(require_picomatch(), 1);
@@ -30,8 +30,8 @@ async function checkCommand(rootDir, opts = {}) {
 		for (const err of parseErrors) log.error(err);
 		process.exit(1);
 	}
-	const { branchBumpFiles, hasEmptyBumpFile } = filterBranchBumpFiles(allBumpFiles, changedFiles, rootDir);
-	if (hasEmptyBumpFile) {
+	const { branchBumpFiles, emptyBumpFileIds } = filterBranchBumpFiles(allBumpFiles, changedFiles, rootDir);
+	if (emptyBumpFileIds.length > 0) {
 		log.success("Empty bump file found — no releases needed.");
 		return;
 	}