@visulima/vis 1.0.0-alpha.36 → 1.0.0-alpha.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/LICENSE.md +1 -503
  3. package/dist/bin.js +1 -1
  4. package/dist/binx.js +1 -1
  5. package/dist/config/index.d.ts +7 -0
  6. package/dist/packem_chunks/DEFAULT_CLEAN_KEEP.js +1 -0
  7. package/dist/packem_chunks/bin.js +302 -515
  8. package/dist/packem_chunks/bloom-sync.js +1 -1
  9. package/dist/packem_chunks/catalog-detector.js +1 -0
  10. package/dist/packem_chunks/detect.js +3 -0
  11. package/dist/packem_chunks/detect2.js +8 -0
  12. package/dist/packem_chunks/discord.js +4 -0
  13. package/dist/packem_chunks/dynamic-import.js +1 -0
  14. package/dist/packem_chunks/extra-files.js +3 -0
  15. package/dist/packem_chunks/fix.js +1 -1
  16. package/dist/packem_chunks/git.js +3 -0
  17. package/dist/packem_chunks/handler10.js +1 -1
  18. package/dist/packem_chunks/handler12.js +1 -1
  19. package/dist/packem_chunks/handler13.js +1 -1
  20. package/dist/packem_chunks/handler14.js +1 -1
  21. package/dist/packem_chunks/handler15.js +1 -1
  22. package/dist/packem_chunks/handler16.js +1 -1
  23. package/dist/packem_chunks/handler17.js +1 -1
  24. package/dist/packem_chunks/handler18.js +1 -1
  25. package/dist/packem_chunks/handler19.js +1 -1
  26. package/dist/packem_chunks/handler21.js +1 -1
  27. package/dist/packem_chunks/handler27.js +1 -1
  28. package/dist/packem_chunks/handler28.js +1 -1
  29. package/dist/packem_chunks/handler29.js +1 -1
  30. package/dist/packem_chunks/handler3.js +4 -4
  31. package/dist/packem_chunks/handler30.js +2 -7
  32. package/dist/packem_chunks/handler31.js +2 -33
  33. package/dist/packem_chunks/handler32.js +2 -3
  34. package/dist/packem_chunks/handler33.js +3 -8
  35. package/dist/packem_chunks/handler34.js +6 -4
  36. package/dist/packem_chunks/handler35.js +1 -1
  37. package/dist/packem_chunks/handler36.js +42 -5
  38. package/dist/packem_chunks/handler37.js +8 -11
  39. package/dist/packem_chunks/handler38.js +9 -3
  40. package/dist/packem_chunks/handler39.js +74 -21
  41. package/dist/packem_chunks/handler4.js +1 -1
  42. package/dist/packem_chunks/handler40.js +5 -61
  43. package/dist/packem_chunks/handler41.js +4 -3
  44. package/dist/packem_chunks/handler42.js +3 -6
  45. package/dist/packem_chunks/handler43.js +2 -24
  46. package/dist/packem_chunks/handler44.js +1 -25
  47. package/dist/packem_chunks/handler45.js +1 -153
  48. package/dist/packem_chunks/handler46.js +1 -10
  49. package/dist/packem_chunks/handler47.js +3 -24
  50. package/dist/packem_chunks/handler48.js +1 -322
  51. package/dist/packem_chunks/handler49.js +7 -708
  52. package/dist/packem_chunks/handler5.js +6 -6
  53. package/dist/packem_chunks/handler50.js +33 -48
  54. package/dist/packem_chunks/handler51.js +3 -27
  55. package/dist/packem_chunks/handler52.js +8 -3
  56. package/dist/packem_chunks/handler53.js +4 -200
  57. package/dist/packem_chunks/handler54.js +1 -38
  58. package/dist/packem_chunks/handler55.js +12 -0
  59. package/dist/packem_chunks/handler56.js +7 -0
  60. package/dist/packem_chunks/handler57.js +5 -0
  61. package/dist/packem_chunks/handler58.js +11 -0
  62. package/dist/packem_chunks/handler59.js +3 -0
  63. package/dist/packem_chunks/handler60.js +22 -0
  64. package/dist/packem_chunks/handler61.js +61 -0
  65. package/dist/packem_chunks/handler62.js +3 -0
  66. package/dist/packem_chunks/handler63.js +6 -0
  67. package/dist/packem_chunks/handler64.js +708 -0
  68. package/dist/packem_chunks/handler65.js +24 -0
  69. package/dist/packem_chunks/handler66.js +25 -0
  70. package/dist/packem_chunks/handler67.js +153 -0
  71. package/dist/packem_chunks/handler68.js +10 -0
  72. package/dist/packem_chunks/handler69.js +24 -0
  73. package/dist/packem_chunks/handler7.js +1 -1
  74. package/dist/packem_chunks/handler70.js +322 -0
  75. package/dist/packem_chunks/handler71.js +48 -0
  76. package/dist/packem_chunks/handler72.js +27 -0
  77. package/dist/packem_chunks/handler73.js +3 -0
  78. package/dist/packem_chunks/handler74.js +190 -0
  79. package/dist/packem_chunks/handler75.js +38 -0
  80. package/dist/packem_chunks/handler8.js +1 -1
  81. package/dist/packem_chunks/handler9.js +1 -1
  82. package/dist/packem_chunks/heal-accept.js +1 -1
  83. package/dist/packem_chunks/heal.js +1 -1
  84. package/dist/packem_chunks/help-command.js +1 -1
  85. package/dist/packem_chunks/index.js +1 -7
  86. package/dist/packem_chunks/index2.js +7 -0
  87. package/dist/packem_chunks/interface.js +2 -0
  88. package/dist/packem_chunks/keys-refresh.js +1 -1
  89. package/dist/packem_chunks/list.js +1 -1
  90. package/dist/packem_chunks/loader.js +1 -1
  91. package/dist/packem_chunks/orchestrator.js +39 -0
  92. package/dist/packem_chunks/pre-mode.js +2 -0
  93. package/dist/packem_chunks/print-config.js +2 -0
  94. package/dist/packem_chunks/prompts.js +7 -0
  95. package/dist/packem_chunks/publish-guards.js +1 -0
  96. package/dist/packem_chunks/registry.js +48 -0
  97. package/dist/packem_chunks/resolveFormatter.js +9 -0
  98. package/dist/packem_chunks/security.js +1 -0
  99. package/dist/packem_chunks/shell-runner.js +1 -0
  100. package/dist/packem_chunks/slack.js +2 -0
  101. package/dist/packem_chunks/snapshot.js +2 -0
  102. package/dist/packem_chunks/stage-publisher.js +1 -0
  103. package/dist/packem_chunks/staged-registry.js +2 -0
  104. package/dist/packem_chunks/state.js +3 -0
  105. package/dist/packem_chunks/success-walk.js +8 -0
  106. package/dist/packem_chunks/sync.js +1 -1
  107. package/dist/packem_chunks/sync2.js +1 -1
  108. package/dist/packem_chunks/tripwire.js +1 -1
  109. package/dist/packem_chunks/verify-lockfile.js +2 -2
  110. package/dist/packem_chunks/version-resolver.js +2 -0
  111. package/dist/packem_chunks/webhook.js +1 -0
  112. package/dist/packem_chunks/workflow-templates.js +167 -0
  113. package/dist/packem_chunks/workspace.js +2 -0
  114. package/dist/packem_shared/AfterAllProjectsVersioned-CAKI2nWf.js +1 -0
  115. package/dist/packem_shared/ReleaseClient-YHzBIxYS.js +1 -0
  116. package/dist/packem_shared/VisReleaseError-DMGRBTNO.js +1 -0
  117. package/dist/packem_shared/{ai-analysis-DT3bU-_M.js → ai-analysis-K-DKU3ZA.js} +1 -1
  118. package/dist/packem_shared/{ai-fix-BkNqd5nP.js → ai-fix-BPrYoCk8.js} +1 -1
  119. package/dist/packem_shared/api.d-BPftyU9r.d.ts +27 -0
  120. package/dist/packem_shared/createAdapter-bU4DIP3F.js +1 -0
  121. package/dist/packem_shared/createVersionActions-BK43SNDH.js +1 -0
  122. package/dist/packem_shared/{cyclonedx-86-DbHtf.js → cyclonedx-kYozDyxp.js} +3 -3
  123. package/dist/packem_shared/defineFormatter-D5dCp6Kv.js +1 -0
  124. package/dist/packem_shared/dependency-scan-anTuZB1t.js +1 -0
  125. package/dist/packem_shared/{docker-tNrDU3oK.js → docker-BMLrNtWm.js} +1 -1
  126. package/dist/packem_shared/{failure-log-Dwqt6_Ga.js → failure-log-CEWP3bP0.js} +1 -1
  127. package/dist/packem_shared/index-BJbpNthk.js +1 -0
  128. package/dist/packem_shared/index-CgcF6_wo.js +1 -0
  129. package/dist/packem_shared/{index-C0Vj3XF8.js → index-D1_fbGbj.js} +1 -1
  130. package/dist/packem_shared/interface.d-B7VK2rcH.d.ts +148 -0
  131. package/dist/packem_shared/interface.d-Cezzifoh.d.ts +106 -0
  132. package/dist/packem_shared/{missing-package-json-41VUWFBY.js → missing-package-json-BfWUxTGv.js} +1 -1
  133. package/dist/packem_shared/{native-config-sync-BKAZ0NIs.js → native-config-sync-BEkJW7g3.js} +8 -8
  134. package/dist/packem_shared/pm-runner-OGResYrA.js +1 -0
  135. package/dist/packem_shared/provenance-_CJjMKwu.js +1 -0
  136. package/dist/packem_shared/public-api-WqUCiyIe.js +131 -0
  137. package/dist/packem_shared/{registry-keys-Bf2zzlcZ.js → registry-keys-BfFto6vI.js} +1 -1
  138. package/dist/packem_shared/{resolve-explicit-jH0RKyMJ.js → resolve-explicit-CMDl55Nz.js} +2 -2
  139. package/dist/packem_shared/s1ngularity-Dhr3bPk0.js +1 -0
  140. package/dist/packem_shared/{scan-progress-JBbd9QeT.js → scan-progress-DG7_JmTV.js} +1 -1
  141. package/dist/packem_shared/{signatures-D1H6h6GH.js → signatures-C730vkyK.js} +2 -2
  142. package/dist/packem_shared/slug-DoueYuLo.js +1 -0
  143. package/dist/packem_shared/spinner-CV3WVJLv.js +1 -0
  144. package/dist/packem_shared/sticky-comment-D6_7-w8T.js +1 -0
  145. package/dist/packem_shared/{tabs-BqUepRaD.js → tabs-BuTy5gPV.js} +1 -1
  146. package/dist/packem_shared/{typosquats-C8qg1neE.js → typosquats-DN78xx1x.js} +1 -1
  147. package/dist/packem_shared/use-measured-height-_eVGWtWt.js +1 -0
  148. package/dist/packem_shared/verify-6WCmFmy8.js +1 -0
  149. package/dist/packem_shared/{vis-update-app-CTwRkNgj.js → vis-update-app-k3fDxech.js} +1 -1
  150. package/dist/release/core/changelog/index.d.ts +5 -0
  151. package/dist/release/core/changelog/index.js +1 -0
  152. package/dist/release/core/package-managers/index.d.ts +6 -0
  153. package/dist/release/core/package-managers/index.js +1 -0
  154. package/dist/release/core/version-actions/index.d.ts +14 -0
  155. package/dist/release/core/version-actions/index.js +1 -0
  156. package/dist/release/index.d.ts +196 -0
  157. package/dist/release/index.js +1 -0
  158. package/dist/release/plugin-sdk.d.ts +127 -0
  159. package/dist/release/plugin-sdk.js +1 -0
  160. package/dist/release/presets.d.ts +225 -0
  161. package/dist/release/presets.js +1 -0
  162. package/dist/release/types.d.ts +1377 -0
  163. package/dist/release/types.js +1 -0
  164. package/index.d.ts +201 -201
  165. package/index.js +578 -752
  166. package/package.json +53 -11
  167. package/schemas/vis-config.schema.json +1394 -6
  168. package/schemas/vis-release-config.schema.json +1390 -0
  169. package/dist/packem_shared/dependency-scan-BDTH898x.js +0 -1
  170. package/dist/packem_shared/index-CB4p298r.js +0 -1
  171. package/dist/packem_shared/index-DMefdF51.js +0 -1
  172. package/dist/packem_shared/pm-runner-pVihAfxV.js +0 -1
  173. package/dist/packem_shared/provenance-DMuEftgc.js +0 -1
  174. package/dist/packem_shared/s1ngularity-BkfgC6NO.js +0 -1
  175. package/dist/packem_shared/spinner-BXSl864p.js +0 -1
  176. package/dist/packem_shared/use-measured-height-BBJ9intr.js +0 -1
  177. package/dist/packem_shared/verify-Du7xZ2BJ.js +0 -1
@@ -0,0 +1,48 @@
1
+ import{createRequire as Ne}from"node:module";import{VisReleaseError as l}from"../packem_shared/VisReleaseError-DMGRBTNO.js";import{VersionActions as N}from"../packem_shared/AfterAllProjectsVersioned-CAKI2nWf.js";import{E as Re}from"../packem_shared/public-api-WqUCiyIe.js";import{resolveCleanStripList as Me}from"./DEFAULT_CLEAN_KEEP.js";import{assertValidPackageName as F,resolveCustomCommands as W,interpolateCommand as J}from"./security.js";const _e=Ne(import.meta.url),x=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,V=t=>{if(typeof x<"u"&&x.versions&&x.versions.node){const[e,n]=x.versions.node.split(".").map(Number);if(e>22||e===22&&n>=3||e===20&&n>=16)return x.getBuiltinModule(t)}return _e(t)},{readFile:A,writeFile:O,rm:je,readdir:xe}=V("node:fs/promises"),{dirname:U,join:h}=V("node:path"),{fileURLToPath:Ve}=V("node:url"),{mkdtempSync:G,writeFileSync:Oe}=V("node:fs"),{tmpdir:B}=V("node:os"),Ee=["dependencies","devDependencies","peerDependencies","optionalDependencies"],fe=(t,e)=>{if(t.startsWith("catalog:")||t==="*"||t==="workspace:*"||t==="workspace:^"||t==="workspace:~")return t;if(t.startsWith("workspace:")){const n=t.slice(10);return`workspace:${L(n)}${e}`}if(t.startsWith("npm:")){const n=t.lastIndexOf("@");if(n<=4)return t;const r=t.slice(4,n),s=t.slice(n+1),a=L(s);return`npm:${r}@${a}${e}`}return`${L(t)}${e}`},De=/^([\^~=]|>=?|<=?)/,L=t=>{const e=De.exec(t);return e?e[1]??"^":"^"},Tt=async(t,e,n={})=>{const r=n.serializeManifest??Ge,s=n.changelogPath??We,a=n.renderChangelogEntry??Je,i=new Map(t.releases.map(p=>[p.name,p.newVersion])),o=await Promise.all(t.releases.map(async p=>{const m=e.getPackage(p.name);if(!m)return;const y=Fe(m.manifest,p.newVersion,i),b=n.readManifest?.(m.manifestPath),w=s(m);return{changelogEntry:await a(p),changelogPath:w,manifestWrite:{content:r(y,b),path:m.manifestPath}}})),c=[],d=new Map;for(const p of o){if(!p)continue;c.push(p.manifestWrite);const m=d.get(p.changelogPath);m?m.push(p.changelogEntry):d.set(p.changelogPath,[p.changelogEntry])}for(const[p,m]of d){const y=m.join(`
2
+
3
+ `),b=n.readChangelog?.(p);c.push({content:Ue(y,b),path:p})}return{deletions:t.consumedChangeFiles.map(p=>p.path),writes:c}},Fe=(t,e,n)=>{const r={...t,version:e};for(const s of Ee){const a=t[s];if(!a||typeof a!="object")continue;const i={...a};let o=!1;for(const[c,d]of Object.entries(a)){const p=n.get(c);if(p===void 0)continue;const m=fe(d,p);m!==d&&(i[c]=m,o=!0)}o&&(r[s]=i)}return r},Le=/^# .+/,Te=/^## /m,Ue=(t,e)=>{const n=t.trim();if(!e||e.trim()==="")return`# Changelog
4
+
5
+ ${n}
6
+ `;const r=e.split(/\r?\n/);if(r[0]&&Le.test(r[0])){let s=1;for(;s<r.length&&!(r[s]??"").startsWith("## ");)s+=1;const a=r.slice(0,s),i=r.slice(s);return a.length>0&&a[a.length-1]!==""&&a.push(""),[...a,n,"",...i].join(`
7
+ `).replaceAll(/\n{3,}/g,`
8
+
9
+ `)}return Te.test(e)?`${n}
10
+
11
+ ${e.trimStart()}`:`${n}
12
+
13
+ ${e.trimStart()}`},Ge=(t,e)=>{const n=Be(e);return`${JSON.stringify(t,null,n)}
14
+ `},Be=t=>{if(!t)return 4;const e=/\n(\s+)"/.exec(t);if(!e)return 4;const n=(e[1]??"").length;return n===2||n===4?n:4},We=t=>`${t.dir}/CHANGELOG.md`,Je=t=>{const e=new Date().toISOString().slice(0,10),n=[`## ${t.newVersion}`,`<sub>${e}</sub>`,""];if(t.isCascadeBump||t.isGroupBump)for(const r of t.sources)n.push(`- Version bump from ${r.name}@${r.newVersion}`);else if(t.isDependencyBump&&t.changeFiles.length===0)for(const r of t.sources)r.newVersion===""?n.push(`- Removed dependency ${r.name}`):n.push(`- Updated dependency ${r.name}@${r.newVersion}`);else for(const r of t.changeFiles)for(const s of r.body.split(/\r?\n/)){if(s.trim()===""){n.push("");continue}n.push(s.startsWith("-")||s.startsWith("*")?s:`- ${s}`)}return n.join(`
15
+ `)},He=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Q={default:{},named:{}},Ke=t=>{if(!t)return Q;let e;try{e=Re(t,{schema:"core",strict:!0})}catch(s){throw new l({cause:s,code:"CONFIG_INVALID",message:`Failed to parse pnpm-workspace.yaml: ${s.message}`})}if(typeof e!="object"||e===null||Array.isArray(e))return Q;const n=e,r={default:{},named:{}};if(typeof n.catalog=="object"&&n.catalog!==null&&!Array.isArray(n.catalog))for(const[s,a]of Object.entries(n.catalog))typeof a=="string"&&(r.default[s]=a);if(typeof n.catalogs=="object"&&n.catalogs!==null&&!Array.isArray(n.catalogs))for(const[s,a]of Object.entries(n.catalogs)){if(typeof a!="object"||a===null||Array.isArray(a))continue;const i={};for(const[o,c]of Object.entries(a))typeof c=="string"&&(i[o]=c);r.named[s]=i}return r},we=(t,e,n)=>{if(!t.startsWith("catalog:"))return t;const r=t.slice(8),s=r===""?n.default:n.named[r];if(s)return s[e]},Y=(t,e)=>{const n={...t};for(const r of He){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("catalog:"))continue;const c=we(o,i,e);if(c===void 0)throw new l({code:"CONFIG_INVALID",message:`Cannot resolve "${o}" for dependency "${i}" in package "${t.name}". Add it to pnpm-workspace.yaml's "catalog" or "catalogs" block.`,packageName:t.name});a[i]=c}n[r]=a}return n},Ut=Object.defineProperty({__proto__:null,parseCatalogs:Ke,resolveCatalogRef:we,rewriteCatalogRefs:Y},Symbol.toStringTag,{value:"Module"}),qe="ACTIONS_ID_TOKEN_REQUEST_URL",z=t=>{const e=!!t.env[qe],n=!!t.env[t.staticTokenVar],r=t.workspaceConfig?.publish?.preferStaticToken===!0;return e&&!(r&&n)?"oidc":n?"token":"missing"};let T;const Ye="https://github.com/visulima/visulima",ze=async()=>{try{let t=U(Ve(import.meta.url));for(let e=0;e<6;e+=1){const n=h(t,"package.json");try{const s=await A(n,"utf8"),a=JSON.parse(s);if(a.name==="@visulima/vis"&&typeof a.version=="string")return a.version}catch{}const r=U(t);if(r===t)break;t=r}}catch{}return"unknown"},Qe=async()=>(T!==void 0||(T=`vis-release/${await ze()} (+${Ye})`),T),X=new Map,Xe=async t=>{const e=X.get(t);if(e!==void 0)return e;try{const n=await import("undici"),r=new n.ProxyAgent(t);return X.set(t,r),r}catch{return}},Ze=t=>t===301||t===302||t===303||t===307||t===308,et=(t,e)=>{try{const n=new URL(t),r=new URL(e);return n.host===r.host&&n.protocol===r.protocol}catch{return!1}},j=async(t,e={})=>{const n=e.maxRedirects??2,r={"User-Agent":await Qe(),...e.headers};e.headers?.["User-Agent"]&&(r["User-Agent"]=e.headers["User-Agent"]);let s=t,a=0;const i=e.httpProxy?await Xe(e.httpProxy):void 0;for(;;){let o;try{const p=e.fetchImpl??globalThis.fetch,m={headers:r,method:e.method??"GET",redirect:"manual"};i&&(m.dispatcher=i),o=await p(s,m)}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!Ze(o.status))return{json:async()=>{try{return await o.json()}catch{return}},ok:o.ok,status:o.status,text:async()=>{try{return await o.text()}catch{return""}}};const c=o.headers.get("location")??o.headers.get("Location");if(!c||a>=n)return{json:async()=>{},ok:!1,status:0,text:async()=>""};let d;try{d=new URL(c,s).toString()}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!et(t,d))return{json:async()=>{},ok:!1,status:0,text:async()=>""};s=d,a+=1}},tt="https://crates.io/api/v1/crates",nt="Cargo.toml",Z=async t=>{let e;try{e=await A(t,"utf8")}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to read Cargo.toml at ${t}: ${o.message}`})}const{parse:n}=await import("smol-toml");let r;try{r=n(e)}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to parse Cargo.toml at ${t}: ${o.message}`})}if(!r.package)throw new l({code:"CONFIG_INVALID",file:t,hint:"CargoVersionActions only supports publishable crates with a [package] table. For workspace roots, point per-package config at the member crate directory.",message:`Cargo.toml at ${t} has no [package] table.`});const{name:s}=r.package;if(typeof s!="string"||s.length===0)throw new l({code:"CONFIG_INVALID",file:t,message:`Cargo.toml at ${t} is missing [package].name.`});const a=r.package.version;let i;if(typeof a=="string"?i=a:a&&typeof a=="object"&&a.workspace===!0&&(i=r.workspace?.package?.version),typeof i!="string"||i.length===0)throw new l({code:"CONFIG_INVALID",file:t,hint:"Set [package].version explicitly, or — for workspace-inherited versions — ensure the root Cargo.toml carries [workspace.package].version and point per-package config at it.",message:`Cargo.toml at ${t} has no resolvable [package].version.`});return{name:s,version:i}},ee=async(t,e)=>{const n=`${tt}/${encodeURIComponent(t)}`;try{const r=await j(n,{headers:{Accept:"application/json"},httpProxy:e});if(r.status===404||!r.ok)return;const s=await r.json();return s?.crate?.max_stable_version??s?.crate?.max_version??void 0}catch{return}},rt=(t,e)=>z({env:t,staticTokenVar:"CARGO_REGISTRY_TOKEN",workspaceConfig:e})==="oidc",st=async(t,e)=>{const n=await t.run("cargo",["package","--list","--allow-dirty"],{cwd:e,silent:!0});return n.exitCode!==0?[]:n.stdout.split(/\r?\n/).map(r=>r.trim()).filter(r=>r.length>0)};class at extends N{id="cargo";async readPublishedVersion(e){const n=H(e.pkg);try{const{name:r}=await Z(n);return await ee(r)}catch{return}}async publish(e){if(e.dryRun)return{output:`[dry-run / cargo] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=H(e.pkg,e.perPackageConfig),r=ot(e.pkg,e.perPackageConfig),{name:s,version:a}=await Z(n);if(a!==e.release.newVersion)throw new l({code:"CONFIG_INVALID",file:n,hint:`Confirm the cargo() preset's crateDir points at the directory containing this Cargo.toml. Expected ${e.release.newVersion} on disk after the extra-files bump.`,message:`Cargo.toml version (${a}) does not match planned release version (${e.release.newVersion}) for ${e.pkg.name}.`,packageName:e.pkg.name});if(await ee(s,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[cargo] ${s}@${e.release.newVersion} already on crates.io`,published:!1};const i=rt(process.env,e.workspaceConfig);if(!i&&!process.env.CARGO_REGISTRY_TOKEN)throw new l({code:"AUTH_MISSING",hint:"Set CARGO_REGISTRY_TOKEN, or run from a GH-Actions job with `permissions: id-token: write` for OIDC trusted publishing.",message:`Cannot publish ${s}@${e.release.newVersion}: neither CARGO_REGISTRY_TOKEN nor OIDC trusted publishing is available.`,packageName:e.pkg.name});const o=e.workspaceConfig?.publish?.guards;if(o?.packSecretScan){const p=await st(e.pm.runner,r);if(p.length>0){const{runPackSecretScan:m}=await import("./publish-guards.js"),y=typeof o.packSecretScan=="object"?o.packSecretScan.ignore:void 0,b=await m({files:p,ignore:y,pkgDir:r});if(!b.passed){const{redactTokens:w}=await import("./security.js"),C=b.findings.map(_=>` • [packSecretScan] ${w(_.message)}${_.hint?`
16
+ → ${w(_.hint)}`:""}`).join(`
17
+ `);throw new l({code:"PUBLISH_FAILED",message:`Pre-publish secret scan failed for ${s}@${e.release.newVersion}:
18
+ ${C}`,packageName:e.pkg.name})}}}const c=["publish","--allow-dirty"];e.registry&&e.registry!=="https://crates.io"&&c.push("--registry",e.registry);const d=await e.pm.runner.run("cargo",c,{cwd:r,silent:!1});if(d.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the cargo output above. Common causes: missing CARGO_REGISTRY_TOKEN, OIDC permission misconfigured, version already published, crates.io rate limit. Re-runs are safe — the published-version probe short-circuits subsequent runs.",message:`cargo publish failed for ${s}@${e.release.newVersion}: exit ${d.exitCode}. stderr: ${d.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[cargo] published ${s}@${e.release.newVersion}${i?" (trusted publishing)":""}`,published:!0}}}const H=(t,e)=>{const n=e?.cargoTomlPath??nt;return h(t.dir,n)},ot=(t,e)=>U(H(t,e)),it=["linux/amd64","linux/arm64"],ct=t=>{const e=t.indexOf("/");if(e===-1)return{registry:"docker.io",repository:`library/${t}`};const n=t.slice(0,e),r=t.slice(e+1);return n==="localhost"||n.includes(".")||n.includes(":")?{registry:n,repository:r}:r.includes("/")?{registry:"docker.io",repository:t}:{registry:"docker.io",repository:`${n}/${r}`}},te=(t,e)=>{const{registry:n,repository:r}=ct(t);return`https://${n==="docker.io"?"registry-1.docker.io":n}/v2/${r}/manifests/${encodeURIComponent(e)}`},ke=t=>{const e=t??{};return{buildContext:e.buildContext,containerBuildArgs:e.containerBuildArgs,containerImage:e.containerImage,containerPlatforms:e.containerPlatforms,containerSigning:e.containerSigning,containerSkipLatest:e.containerSkipLatest}},pt=(t,e)=>{const n=ke(t);if(typeof n.containerImage!="string"||n.containerImage.length===0)throw new l({code:"CONFIG_INVALID",hint:["Container packages must declare `containerImage` in their per-pkg release config:","",' release.packages["<pkg>"] = container({',' image: "ghcr.io/scope/foo",',' platforms: ["linux/amd64", "linux/arm64"],',' signing: "cosign", // optional'," })","",'Or set `versionActions: "container"` + `containerImage` directly.'].join(`
19
+ `),message:`containerImage is required for versionActions: "container" on ${e}`,packageName:e});return{buildContext:n.buildContext,containerBuildArgs:n.containerBuildArgs,containerImage:n.containerImage,containerPlatforms:n.containerPlatforms,containerSigning:n.containerSigning,containerSkipLatest:n.containerSkipLatest}};class lt extends N{id="container";async readPublishedVersion(e){const n=ke(e.perPackageConfig);if(!n.containerImage)return;const r=e.pkg.version,s=te(n.containerImage,r);try{return(await j(s,{headers:{Accept:["application/vnd.oci.image.manifest.v1+json","application/vnd.oci.image.index.v1+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.list.v2+json"].join(",")},httpProxy:e.workspaceConfig?.httpProxy,method:"HEAD"})).status===200?r:void 0}catch{return}}async publish(e){const n=pt(e.perPackageConfig,e.pkg.name);if(e.dryRun){const{command:a}=ne(e,n);return{output:`[dry-run / container] would run: ${a.join(" ")}`,published:!0}}try{const a=te(n.containerImage,e.release.newVersion);if((await j(a,{httpProxy:e.workspaceConfig?.httpProxy,method:"HEAD"})).status===200)return{alreadyPublished:!0,output:`[container] ${n.containerImage}:${e.release.newVersion} already published`,published:!1}}catch{}const{command:r}=ne(e,n),s=await e.pm.runner.run(r[0],r.slice(1),{cwd:e.pkg.dir,silent:!1});if(s.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:["docker buildx build failed. Common causes:"," • Not authenticated to the registry — run `docker login <registry>` first."," For ECR: `aws ecr get-login-password --region <r> | docker login --username AWS --password-stdin <account>.dkr.ecr.<r>.amazonaws.com`"," For GCR/GAR: `gcloud auth configure-docker <region>-docker.pkg.dev`"," For GHCR: `echo $GITHUB_TOKEN | docker login ghcr.io -u <user> --password-stdin`"," • Buildx not installed / configured — `docker buildx create --use` (one-time setup)."," • Multi-arch build needs QEMU registered — `docker run --privileged --rm tonistiigi/binfmt --install all`."].join(`
20
+ `),message:`docker buildx failed for ${e.pkg.name}@${e.release.newVersion}: exit ${s.exitCode}. stderr: ${s.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});if(n.containerSigning==="cosign"){const a=`${n.containerImage}:${e.release.newVersion}`,i=await e.pm.runner.run("cosign",["sign","--yes",a],{cwd:e.pkg.dir,silent:!1});if(i.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"cosign signing failed. For keyless cosign, ensure COSIGN_EXPERIMENTAL=1 (cosign <2.0) and the CI runner has the OIDC token (`id-token: write` permission on GH Actions).",message:`cosign sign failed for ${a}: exit ${i.exitCode}. stderr: ${i.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}return{output:`[container] published ${n.containerImage}:${e.release.newVersion}${n.containerSkipLatest?"":" + :latest"}${n.containerSigning==="cosign"?" (signed via cosign)":""}`,published:!0}}}const ne=(t,e)=>{if(!e.containerImage)throw new Error("buildBuildxCommand requires config.containerImage");const n=(e.containerPlatforms??it).join(","),r=`${e.containerImage}:${t.release.newVersion}`,s=`${e.containerImage}:latest`,a=e.buildContext??".",i=["docker","buildx","build","--platform",n,"-t",r];e.containerSkipLatest||i.push("-t",s);for(const[o,c]of Object.entries(e.containerBuildArgs??{}))i.push("--build-arg",`${o}=${c}`);return i.push("--label",`org.opencontainers.image.version=${t.release.newVersion}`),i.push("--label",`org.opencontainers.image.title=${t.pkg.name}`),i.push("--push",a),{command:i}},ut="https://jsr.io",dt=/^@[a-z0-9-]+\/[a-z0-9-]+$/i,re=async t=>{let e;try{e=await A(t,"utf8")}catch(r){throw new l({cause:r,code:"CONFIG_INVALID",file:t,message:`Failed to read JSR manifest at ${t}: ${r.message}`})}let n;try{n=JSON.parse(e)}catch(r){throw new l({cause:r,code:"CONFIG_INVALID",file:t,message:`Failed to parse JSR manifest at ${t}: ${r.message}`})}if(typeof n.name!="string"||n.name.length===0)throw new l({code:"CONFIG_INVALID",file:t,hint:"JSR manifests must declare a `name` field with the `@scope/name` form.",message:`JSR manifest at ${t} is missing the \`name\` field.`});if(!dt.test(n.name))throw new l({code:"CONFIG_INVALID",file:t,hint:"JSR requires every package to publish under `@scope/name`. Add the `@scope/` prefix and lowercase the name (a-z, 0-9, hyphen).",message:`JSR manifest at ${t} declares an invalid \`name\`: "${n.name}". JSR requires the @scope/name form.`});if(typeof n.version!="string"||n.version.length===0)throw new l({code:"CONFIG_INVALID",file:t,hint:"Add a `version` literal to the JSR manifest, or wire the `jsr()` preset so vis bumps it for you.",message:`JSR manifest at ${t} is missing the \`version\` field.`});return{name:n.name,version:n.version}},se=async(t,e)=>{const n=`${ut}/${t}/meta.json`;try{const r=await j(n,{headers:{Accept:"application/json"},httpProxy:e});if(r.status===404||!r.ok)return;const s=await r.json();return typeof s?.latest=="string"?s.latest:void 0}catch{return}},mt=(t,e)=>z({env:t,staticTokenVar:"JSR_API_KEY",workspaceConfig:e})==="oidc",ae=(t,e)=>{const n=e?.jsrConfigPath??"jsr.json";return h(t.dir,n)};class gt extends N{id="jsr";async readPublishedVersion(e){const n=ae(e.pkg,e.perPackageConfig);try{const{name:r}=await re(n);return await se(r,e.workspaceConfig?.httpProxy)}catch{return}}async publish(e){if(e.dryRun)return{output:`[dry-run / jsr] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=ae(e.pkg,e.perPackageConfig),{name:r,version:s}=await re(n);if(s!==e.release.newVersion)throw new l({code:"CONFIG_INVALID",file:n,hint:`Confirm the jsr() preset's manifestPath points at the JSR config file the extra-files rule rewrites. Expected ${e.release.newVersion} on disk after the bump.`,message:`JSR manifest version (${s}) does not match planned release version (${e.release.newVersion}) for ${e.pkg.name}.`,packageName:e.pkg.name});if(await se(r,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[jsr] ${r}@${e.release.newVersion} already on jsr.io`,published:!1};const a=mt(process.env,e.workspaceConfig);if(!a&&!process.env.JSR_API_KEY)throw new l({code:"AUTH_MISSING",hint:"Set JSR_API_KEY for static-token auth, or run from a GH-Actions job with `permissions: id-token: write` so ACTIONS_ID_TOKEN_REQUEST_URL is exposed for OIDC trusted publishing.",message:`Cannot publish ${r}@${e.release.newVersion}: neither JSR_API_KEY nor OIDC trusted publishing is available.`,packageName:e.pkg.name});const i=["jsr","publish","--allow-dirty"],o=e.perPackageConfig?.jsrConfigPath;o!==void 0&&o!=="jsr.json"&&i.push("--config",o);for(const d of e.perPackageConfig?.jsrPublishArgs??[])i.push(d);const c=await e.pm.runner.run("npx",i,{cwd:e.pkg.dir,silent:!1});if(c.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the jsr CLI output above. Common causes: invalid JSR_API_KEY, OIDC permission misconfigured, version already published, slow-mode rate limit. Re-runs are safe — the published-version probe short-circuits subsequent runs.",message:`jsr publish failed for ${r}@${e.release.newVersion}: exit ${c.exitCode}. stderr: ${c.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[jsr] published ${r}@${e.release.newVersion}${a?" (trusted publishing)":""}`,published:!0}}}const ht=/<!--[\s\S]*?-->/g,ft=/<project\b[^>]*>([\s\S]*)/i,oe=/<version>\s*([^<]+?)\s*<\/version>/i,ie=/<groupId>\s*([^<]+?)\s*<\/groupId>/i,ce=/<artifactId>\s*([^<]+?)\s*<\/artifactId>/i,wt=/<modules\b[^>]*>[\s\S]*?<module\b/i,pe=t=>{const e=t.replaceAll(ht,""),n=ft.exec(e)?.[1]??e,r=n.replaceAll(/<parent\b[\s\S]*?<\/parent>/gi,"").replaceAll(/<dependencyManagement\b[\s\S]*?<\/dependencyManagement>/gi,"").replaceAll(/<dependencies\b[\s\S]*?<\/dependencies>/gi,"").replaceAll(/<build\b[\s\S]*?<\/build>/gi,"").replaceAll(/<profiles\b[\s\S]*?<\/profiles>/gi,"").replaceAll(/<pluginRepositories\b[\s\S]*?<\/pluginRepositories>/gi,"").replaceAll(/<repositories\b[\s\S]*?<\/repositories>/gi,""),s=oe.exec(r)??oe.exec(n),a=ie.exec(r)??ie.exec(n),i=ce.exec(r)??ce.exec(n),o=wt.test(n);return{artifactId:i?.[1],groupId:a?.[1],hasModules:o,version:s?.[1]}},kt=t=>{const e=/<latest>\s*([^<]+?)\s*<\/latest>/i.exec(t);if(e?.[1])return e[1];const n=/<versions>([\s\S]*?)<\/versions>/i.exec(t);return n?[...n[1].matchAll(/<version>\s*([^<]+?)\s*<\/version>/gi)].map(r=>r[1]).at(-1):void 0},bt=(t,e)=>{const n=t.split(".").map(s=>encodeURIComponent(s)).join("/"),r=encodeURIComponent(e);return`https://repo1.maven.org/maven2/${n}/${r}/maven-metadata.xml`},yt=["Native Maven publishing isn't implemented yet. Drop to the generic shell path:","",' release.packages["<your-pkg>"] = {',' ...pomXml({ pomDir: "jvm/sdk" }),',' versionActions: "shell",',' publishCommand: "mvn -B -ntp deploy",',' checkPublished: "",'," }","","Configure either `central-publishing-maven-plugin` (recommended for","Sonatype Central Portal) or `nexus-staging-maven-plugin` (legacy OSSRH)","in your pom.xml, plus credentials in ~/.m2/settings.xml.","","Maven Central does not (yet) support OIDC trusted publishing —","static credentials are required. See docs/guides/release-maven.mdx","for the full setup walkthrough."].join(`
21
+ `);class $t extends N{id="maven";warnedMultiModule=new WeakSet;warnIfMultiModule(e,n){!n.hasModules||this.warnedMultiModule.has(e)||(this.warnedMultiModule.add(e),process.stderr.write(`[vis release] ⚠ ${e.name} (${n.groupId??"?"}:${n.artifactId??"?"}) is a multi-module Maven project (<modules> present). vis treats it as a single artifact for version-read + already-published checks. For proper reactor handling, use \`versionActions: "shell"\` with \`mvn -B -ntp deploy\`.
22
+ `))}async readPublishedVersion(e){const n=e.perPackageConfig??{},r=h(e.pkg.dir,n.pomPath??"pom.xml");let s;try{s=await A(r,"utf8")}catch{return}const a=pe(s);if(this.warnIfMultiModule(e.pkg,a),!a.groupId||!a.artifactId||n.mavenMetadataUrl==="")return;const i=n.mavenMetadataUrl??bt(a.groupId,a.artifactId);try{const o=await j(i,{headers:{Accept:"text/xml,application/xml;q=0.9,*/*;q=0.8"},httpProxy:e.workspaceConfig?.httpProxy});if(o.status===404||!o.ok)return;const c=await o.text();return kt(c)}catch{return}}async publish(e){const n=e.perPackageConfig??{},r=h(e.pkg.dir,n.pomPath??"pom.xml");let s;try{const o=await A(r,"utf8");s=pe(o)}catch{s=void 0}const a=s?.groupId&&s?.artifactId?`${s.groupId}:${s.artifactId}`:e.pkg.name;if(e.dryRun)return{output:`[dry-run / maven] would publish ${e.pkg.name}@${e.release.newVersion} (${a}) (native publish not yet implemented — would use shell path)`,published:!0};const i=`Failing artifact: ${a}
23
+ Pom: ${r}
24
+
25
+ ${yt}`;throw new l({code:"CONFIG_INVALID",hint:i,message:`Native Maven publishing is not implemented for ${e.pkg.name}@${e.release.newVersion} (${a}). Use \`versionActions: "shell"\` with \`mvn deploy\` until the Sonatype Central Portal client lands.`,packageName:e.pkg.name})}}const be=(t,e)=>{if(e===!1)return{...t};const n=new Set(Me(e)),r={name:t.name,version:t.version};for(const[s,a]of Object.entries(t))n.has(s)||(r[s]=a);return r},ye="https://registry.npmjs.org/",vt="npm:registry.npmjs.org",le=async t=>{const e=h(t,"npm");try{return(await xe(e,{withFileTypes:!0})).filter(n=>n.isDirectory()).map(n=>n.name)}catch{return[]}},It=async t=>{const e=t.ACTIONS_ID_TOKEN_REQUEST_URL,n=t.ACTIONS_ID_TOKEN_REQUEST_TOKEN;if(!e||!n)return;const r=`${e}${e.includes("?")?"&":"?"}audience=${encodeURIComponent(vt)}`,s=await fetch(r,{headers:{Authorization:`Bearer ${n}`}});if(!s.ok)return;const a=await s.json().catch(()=>({}));return typeof a.value=="string"?a.value:void 0},Ct=async(t,e)=>{const n=await fetch(`${ye}-/npm/v1/oidc/token/exchange/package/${encodeURIComponent(t)}`,{headers:{Authorization:`Bearer ${e}`},method:"POST"});if(!n.ok)return;const r=await n.json().catch(()=>({}));return typeof r.token=="string"?r.token:void 0},ue=async(t,e,n)=>{if(e){const s=await Ct(t,e);if(s)return{source:"oidc",token:s}}const r=n.NPM_TOKEN;if(r)return{source:"NPM_TOKEN",token:r};throw new l({code:"AUTH_MISSING",message:`Cannot publish ${t}: OIDC exchange did not succeed and NPM_TOKEN is not set.`,packageName:t})},de=(t,e)=>{Oe(t,`//registry.npmjs.org/:_authToken=${e}
26
+ registry=${ye}
27
+ `)};class Pt extends N{id="native-addon";async readPublishedVersion(e){try{F(e.pkg.name);const{execFileSync:n}=await import("node:child_process");return n("npm",["view",e.pkg.name,"version"],{stdio:["ignore","pipe","ignore"]}).toString().trim()||void 0}catch{return}}async publish(e){if(e.dryRun){const c=await le(e.pkg.dir);return{output:`[dry-run] would publish ${e.pkg.name}@${e.release.newVersion} + ${c.length} platform package(s)`,published:!0}}const n=await le(e.pkg.dir);if(n.length===0){const{NpmVersionActions:c}=await Promise.resolve().then(()=>_t);return new c().publish(e)}const{env:r}=process,s=await It(r),a=e.release.newVersion,i=new Map,o=[];try{await Promise.all(n.map(async g=>{const u=h(e.pkg.dir,"npm",g,"package.json"),f=await A(u,"utf8");i.set(u,f);const $=JSON.parse(f);$.version=a,await O(u,`${JSON.stringify($,null,4)}
28
+ `)}));const{execFileSync:c}=await import("node:child_process"),d=await Promise.all(n.map(async g=>{const u=h(e.pkg.dir,"npm",g),f=h(u,"package.json"),$=await A(f,"utf8"),k=JSON.parse($);F(k.name);const P=await ue(k.name,s,r),v=G(h(B(),"vis-release-napi-"));o.push(v);const S=h(v,".npmrc");return de(S,P.token),{manifest:k,npmrcPath:S,platform:g,platformDir:u}})),p=e.workspaceConfig?.publish?.guards;if(p&&Object.values(p).some(g=>g!==void 0&&g!==!1&&g!=="off")){const{runPublishGuards:g}=await import("./publish-guards.js");for(const{manifest:u,platformDir:f}of d){const $=c("npm",["pack","--dry-run","--json"],{cwd:f,stdio:["ignore","pipe","ignore"]}).toString();let k=[];try{k=JSON.parse($)[0]?.files?.map(v=>v.path)??[]}catch{}const P=await g({config:p,manifest:u,packFiles:k,pkgDir:f,runner:e.pm.runner,sourceManifest:u});if(P.blockers.length>0){const v=P.blockers.flatMap(S=>S.findings.map(D=>` • [${S.gate}] ${D.message}${D.hint?`
29
+ → ${D.hint}`:""}`)).join(`
30
+ `);throw new l({code:"PUBLISH_FAILED",message:`Pre-publish guards failed for ${u.name}@${a} (platform package):
31
+ ${v}`,packageName:u.name})}}}const m=e.tag??"latest",y=(g,u)=>{const f=["publish",g,"--tag",m,"--access","public","--userconfig",u];return e.provenance&&f.push("--provenance"),f};for(const{manifest:g,npmrcPath:u,platformDir:f}of d)try{c("npm",y(f,u),{env:{...r,NPM_CONFIG_USERCONFIG:u},stdio:"inherit"})}catch($){const k=$.message;if(!k.includes("EPUBLISHCONFLICT")&&!k.includes("cannot publish over"))throw new l({cause:$,code:"PUBLISH_FAILED",message:`Failed to publish platform package ${g.name}@${a}: ${k}`,packageName:g.name})}const b=e.versionedManifestByName.get(e.pkg.name)??e.pkg.manifest,w={...b},C={...b.optionalDependencies};for(const{manifest:g}of d)Object.hasOwn(C,g.name)&&(C[g.name]=a);w.optionalDependencies=C;const _=Y(w,e.catalogs),I=be(_,e.cleanPackageJsonConfig),E=await A(e.pkg.manifestPath,"utf8");try{await O(e.pkg.manifestPath,`${JSON.stringify(I,null,4)}
32
+ `),F(e.pkg.name);const g=await ue(e.pkg.name,s,r),u=G(h(B(),"vis-release-napi-parent-"));o.push(u);const f=h(u,".npmrc");de(f,g.token);const $=c("npm",["pack","--pack-destination",u,"--json"],{cwd:e.pkg.dir,env:r,stdio:["ignore","pipe","ignore"]}).toString();let k;try{const v=JSON.parse($);v[0]?.filename&&(k=h(u,v[0].filename))}catch{}const P=["publish",k??e.pkg.dir,"--tag",m,"--access","public","--userconfig",f];if(e.provenance&&P.push("--provenance"),c("npm",P,{env:{...r,NPM_CONFIG_USERCONFIG:f},stdio:"inherit"}),k){const{hashTarball:v}=await import("./publish-guards.js");return{published:!0,tarball:await v(k)}}return{published:!0}}finally{await O(e.pkg.manifestPath,E)}}finally{for(const[c,d]of i)try{await O(c,d)}catch{}for(const c of o)try{await je(c,{force:!0,recursive:!0})}catch{}}}}const St=async(t,e)=>{const{extractPackFilesFromRaw:n}=await import("./publish-guards.js"),r=n(e.raw);if(r!==void 0)return r;const s=await t.pm.runner.run("npm",["pack","--dry-run","--json"],{cwd:t.pkg.dir,silent:!0});if(s.exitCode!==0)return[];try{return n(JSON.parse(s.stdout))??[]}catch{return[]}},me=1800*1e3,ge=15*1e3,he=t=>{if(t===!0)return{enabled:!0,pollIntervalMs:ge,timeoutMs:me};if(t&&typeof t=="object"){const e=t;return{enabled:!0,pollIntervalMs:e.pollIntervalMs??ge,timeoutMs:e.timeoutMs??me}}return{enabled:!1,pollIntervalMs:0,timeoutMs:0}};class $e extends N{id="npm";async readPublishedVersion(e){try{const n=await e.pm.runner.run("npm",["view",e.pkg.name,"version","--silent"],{cwd:e.pkg.dir,silent:!0});return n.exitCode!==0?void 0:n.stdout.trim()||void 0}catch{return}}async publish(e){if(e.dryRun)return{output:`[dry-run] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};if(e.resumeStageId){const d=he(e.workspaceConfig?.publish?.stage);if(!d.enabled)throw new l({code:"CONFIG_INVALID",message:`Cannot resume stage ${e.resumeStageId} for ${e.pkg.name}@${e.release.newVersion}: publish.stage is now disabled. Resolve the stage manually via \`vis release stage approve|reject ${e.resumeStageId}\`.`,packageName:e.pkg.name});return this.resumeStagedPublish(e,d)}const n=e.perPackageConfig&&e.workspaceConfig?W(e.pkg.name,e.perPackageConfig,e.workspaceConfig):{};if(n.buildCommand){const d=J(n.buildCommand,{name:e.pkg.name,version:e.release.newVersion}),p=await e.pm.runner.run(process.platform==="win32"?"cmd":"sh",process.platform==="win32"?["/c",d]:["-c",d],{cwd:e.pkg.dir,silent:!1});if(p.exitCode!==0)throw new Error(`buildCommand failed for ${e.pkg.name}: exit ${p.exitCode}`)}const r=e.versionedManifestByName.get(e.pkg.name)??e.pkg.manifest,s=Nt(r,e.versionedManifestByName),a=Y(s,e.catalogs),i=be(a,e.cleanPackageJsonConfig),o=await import("node:fs/promises"),c=await o.readFile(e.pkg.manifestPath,"utf8");try{if(await o.writeFile(e.pkg.manifestPath,`${JSON.stringify(i,null,4)}
33
+ `),n.publishCommand){const p={name:e.pkg.name,version:e.release.newVersion},m=Array.isArray(n.publishCommand)?n.publishCommand:[n.publishCommand];for(const y of m){const b=J(y,p),w=await e.pm.runner.run(process.platform==="win32"?"cmd":"sh",process.platform==="win32"?["/c",b]:["-c",b],{cwd:e.pkg.dir,silent:!1});if(w.exitCode!==0)throw new Error(`publishCommand failed for ${e.pkg.name}: exit ${w.exitCode}`)}return{output:`[custom] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}}const d=G(h(B(),"vis-release-pack-"));try{const p=await e.pm.pack({cwd:e.pkg.dir,destination:d}),m=e.workspaceConfig?.publish?.guards;if(m&&Object.values(m).some(u=>u!==void 0&&u!==!1&&u!=="off")){const{runPublishGuards:u}=await import("./publish-guards.js"),f=await St(e,p),$=await u({config:m,manifest:i,packFiles:f,pkgDir:e.pkg.dir,runner:e.pm.runner,sourceManifest:e.pkg.manifest});if($.blockers.length>0){const{redactTokens:k}=await import("./security.js"),P=$.blockers.flatMap(v=>v.findings.map(S=>` • [${v.gate}] ${k(S.message)}${S.hint?`
34
+ → ${k(S.hint)}`:""}`)).join(`
35
+ `);throw new l({code:"PUBLISH_FAILED",message:`Pre-publish guards failed for ${e.pkg.name}@${e.release.newVersion}:
36
+ ${P}`,packageName:e.pkg.name})}}const{hashTarball:y}=await import("./publish-guards.js"),b=await y(p.tarball);if((e.workspaceConfig?.publish?.publishStrategy??"npm-publish-tarball")==="native"){const u=e.pm.id;return e.provenance&&u==="bun"&&process.stderr.write(`[vis release] ⚠ publishStrategy "native": bun has no --provenance/OIDC support; ${e.pkg.name}@${e.release.newVersion} publishes without provenance.
37
+ `),e.otp&&u==="yarn"&&process.stderr.write(`[vis release] ⚠ publishStrategy "native": \`yarn npm publish\` ignores --otp; configure 2FA via .yarnrc.yml for ${e.pkg.name}.
38
+ `),{...await e.pm.publishNative({access:"public",cwd:e.pkg.dir,otp:e.otp,provenance:e.provenance,registry:e.registry,tag:e.tag}),tarball:b}}const w=he(e.workspaceConfig?.publish?.stage);if(w.enabled){const{refuseRestrictedOidc:u}=await import("./stage-publisher.js"),f=e.pkg.manifest.publishConfig?.access;u(f)}const C=await e.pm.publish({access:"public",otp:e.otp,provenance:e.provenance,registry:e.registry,stage:w.enabled,tag:e.tag,tarball:p.tarball});if(!w.enabled||!C.stageId)return{...C,tarball:b};const{waitForStageDecision:_}=await import("./stage-publisher.js"),{stageId:I}=C,E=Date.now();process.stderr.write(`[vis release] ⏳ ${e.pkg.name}@${e.release.newVersion} staged (id ${I}). Waiting up to ${Math.round(w.timeoutMs/6e4)}m for a maintainer to approve via npmjs.com or \`npm stage approve ${I}\`...
39
+ `);const g=await _({cwd:e.pkg.dir,onProgress:u=>{u>0&&u%3e5<w.pollIntervalMs&&process.stderr.write(`[vis release] still waiting for ${e.pkg.name} stage decision (${Math.round(u/6e4)}m elapsed)...
40
+ `)},packageName:e.pkg.name,pollIntervalMs:w.pollIntervalMs,runner:e.pm.runner,stageId:I,timeoutMs:w.timeoutMs,version:e.release.newVersion});return g==="approved"?(process.stderr.write(`[vis release] ✓ ${e.pkg.name}@${e.release.newVersion} approved + promoted (${Math.round((Date.now()-E)/1e3)}s).
41
+ `),{...C,stageId:void 0,tarball:b}):g==="rejected"?(process.stdout.write(`::warning::Stage rejected for ${e.pkg.name}@${e.release.newVersion} (id ${I}). Re-stage by re-running the release once the review feedback is addressed.
42
+ `),{alreadyPublished:!1,output:`stage-rejected: ${I}`,published:!1,stageId:I}):(process.stdout.write(`::warning::Stage timeout for ${e.pkg.name}@${e.release.newVersion} (id ${I}) after ${Math.round(w.timeoutMs/6e4)}m. Re-run \`vis release publish\` once a maintainer can approve, or run \`vis release stage approve ${I}\` manually.
43
+ `),{alreadyPublished:!1,output:`stage-timeout: ${I}`,published:!1,stageId:I})}finally{await o.rm(d,{force:!0,recursive:!0})}}finally{await o.writeFile(e.pkg.manifestPath,c)}}async resumeStagedPublish(e,n){const r=e.resumeStageId,s=Date.now();process.stderr.write(`[vis release] ↻ Resuming wait on staged ${e.pkg.name}@${e.release.newVersion} (id ${r}) — tarball already uploaded; not re-publishing.
44
+ `);const{waitForStageDecision:a}=await import("./stage-publisher.js"),i=await a({cwd:e.pkg.dir,onProgress:o=>{o>0&&o%3e5<n.pollIntervalMs&&process.stderr.write(`[vis release] still waiting for ${e.pkg.name} stage decision (resume, ${Math.round(o/6e4)}m elapsed)...
45
+ `)},packageName:e.pkg.name,pollIntervalMs:n.pollIntervalMs,runner:e.pm.runner,stageId:r,timeoutMs:n.timeoutMs,version:e.release.newVersion});return i==="approved"?(process.stderr.write(`[vis release] ✓ ${e.pkg.name}@${e.release.newVersion} approved + promoted on resume (${Math.round((Date.now()-s)/1e3)}s).
46
+ `),{output:`[resumed] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}):i==="rejected"?(process.stdout.write(`::warning::Stage rejected on resume for ${e.pkg.name}@${e.release.newVersion} (id ${r}).
47
+ `),{alreadyPublished:!1,output:`stage-rejected: ${r}`,published:!1,stageId:r}):(process.stdout.write(`::warning::Stage timeout on resume for ${e.pkg.name}@${e.release.newVersion} (id ${r}) after ${Math.round(n.timeoutMs/6e4)}m.
48
+ `),{alreadyPublished:!1,output:`stage-timeout: ${r}`,published:!1,stageId:r})}}const At=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Nt=(t,e)=>{const n={...t};for(const r of At){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("workspace:"))continue;const c=e.get(i);c&&(a[i]=fe(o.slice(10)==="*"?"*":o,c.version),a[i].startsWith("workspace:")&&(a[i]=a[i].slice(10)))}n[r]=a}return n},_t=Object.defineProperty({__proto__:null,NpmVersionActions:$e},Symbol.toStringTag,{value:"Module"});class jt extends N{id="private";async readPublishedVersion(e){}async publish(e){return{output:`[private] skipped publish for ${e.pkg.name}@${e.release.newVersion}`,published:!1}}}const ve=t=>`https://pypi.org/pypi/${encodeURIComponent(t.toLowerCase())}/json`,xt=(t,e)=>e?.uvLockPath?h(t.dir,e.uvLockPath):h(t.dir,"uv.lock"),Vt=async(t,e)=>{let n;try{n=await M(t)}catch{return"no-root-pyproject"}if(n===void 0)return"no-root-pyproject";const r=n.tool?.uv?.workspace?.members;if(!Array.isArray(r)||r.length===0)return"no-workspace";const s=e.replace(/^\.\//,"").replaceAll("\\","/");for(const a of r){if(typeof a!="string")continue;const i=a.replace(/^\.\//,"").replaceAll("\\","/");if(i===s)return"member";if(i.endsWith("/*")){const o=i.slice(0,-2);if(s.startsWith(`${o}/`)&&!s.slice(o.length+1).includes("/"))return"member"}if(i.endsWith("/**")){const o=i.slice(0,-3);if(s===o||s.startsWith(`${o}/`))return"member"}}return"missing"},M=async t=>{const e=h(t,"pyproject.toml");let n;try{n=await A(e,"utf8")}catch(s){const{code:a}=s;if(a==="ENOENT")return;throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to read ${e}: ${s.message}`})}const{parse:r}=await import("smol-toml");try{return r(n)}catch(s){throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to parse ${e}: ${s.message}`})}},Ie=async(t,e)=>{try{return(await t.run("uv",["--version"],{cwd:e,silent:!0})).exitCode===0}catch{return!1}},Ce=t=>{const e=t?.["build-system"]?.["build-backend"];return e?e.startsWith("hatchling")?"hatch":e.startsWith("poetry.core")||e.startsWith("poetry_core")?"poetry":e.startsWith("pdm.backend")||e.startsWith("pdm_backend")?"pdm":e.startsWith("setuptools")?"setuptools":e.startsWith("uv_build")||e.startsWith("uv.build")?"uv":"unknown":"unknown"},Pe=(t,e)=>t==="uv"||t==="unknown"&&e?{backend:t,buildCommand:{args:["build"],binary:"uv"},hasUv:e,publishCommand:{args:["publish"],binary:"uv"}}:{backend:t,buildCommand:{args:["-m","build"],binary:"python"},hasUv:e,publishCommand:{args:["upload","dist/*"],binary:"twine"}},Se=(t,e)=>z({env:t,staticTokenVar:"TWINE_PASSWORD",workspaceConfig:e}),K=async(t,e)=>{try{const n=await j(ve(t),{headers:{Accept:"application/json"},httpProxy:e});return n.status===404||!n.ok?void 0:(await n.json())?.info?.version}catch{return}},q=(t,e)=>e?.pythonProjectDir?h(t.dir,e.pythonProjectDir):t.dir;class Ae extends N{id="python";async readPublishedVersion(e){const n=q(e.pkg,e.perPackageConfig),r=(await M(n).catch(()=>{}))?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");return K(r)}async publish(e){if(e.dryRun)return{output:`[dry-run / python] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=e.perPackageConfig??{},r=q(e.pkg,n),s=await M(r);if(s?.project?.dynamic?.includes("version"))throw new l({code:"CONFIG_INVALID",file:h(r,"pyproject.toml"),hint:"Dynamic versioning isn't supported by PythonVersionActions yet; use versionActions: 'shell' with your build backend's version-bump tool (e.g. `hatch version` or `poetry version` for non-vcs setups).",message:`${e.pkg.name}: pyproject.toml declares dynamic = ["version", ...]; PythonVersionActions requires a static [project] version.`,packageName:e.pkg.name});if(s?.project?.version&&s.project.version!==e.release.newVersion)throw new l({code:"BUMP_FILE_INVALID",file:h(r,"pyproject.toml"),hint:`Ensure the pyproject() preset is wired up for this package so the version literal in [project] is bumped before publish. Expected ${e.release.newVersion}, found ${s.project.version}.`,message:`${e.pkg.name}: pyproject.toml version ${s.project.version} differs from planned ${e.release.newVersion}.`,packageName:e.pkg.name});const a=s?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");if(await K(a,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[python] ${a}@${e.release.newVersion} already on PyPI`,published:!1};const i=await Ie(e.pm.runner,e.pkg.dir),o=Ce(s),c=Pe(o,i),d=Se(process.env,e.workspaceConfig);if(d==="missing")throw new l({code:"AUTH_MISSING",hint:["Set TWINE_PASSWORD to a PyPI API token (`TWINE_USERNAME=__token__` is injected automatically), OR","configure trusted publishing on PyPI and grant the workflow `permissions: id-token: write` so ACTIONS_ID_TOKEN_REQUEST_URL is exposed.","See https://docs.pypi.org/trusted-publishers/"].join(" "),message:`${e.pkg.name}: no PyPI credentials detected (neither TWINE_PASSWORD nor OIDC trusted-publishing env).`,packageName:e.pkg.name});const p=await e.pm.runner.run(c.buildCommand.binary,c.buildCommand.args,{cwd:r,silent:!1});if(p.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.buildCommand.binary} ${c.buildCommand.args.join(" ")} output above. Common causes: missing ${c.backend==="uv"?"uv":"build/setuptools/wheel"} dependency, broken pyproject.toml, source files missing from \`include\`.`,message:`${e.pkg.name}: build failed (${c.buildCommand.binary} ${c.buildCommand.args.join(" ")}): exit ${p.exitCode}. stderr: ${p.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});const m={...process.env};d==="token"&&!m.TWINE_USERNAME&&(m.TWINE_USERNAME="__token__");const y=await e.pm.runner.run(c.publishCommand.binary,c.publishCommand.args,{cwd:r,env:m,silent:!1});if(y.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.publishCommand.binary} output above. Common causes: invalid API token, version already published (this should have been caught by readPublishedVersion — file a vis bug), 2FA required without a token.`,message:`${e.pkg.name}: publish failed (${c.publishCommand.binary} ${c.publishCommand.args.join(" ")}): exit ${y.exitCode}. stderr: ${y.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[python/${c.backend}${c.hasUv?"+uv":""}] published ${a}@${e.release.newVersion}`,published:!0}}}const Gt=Object.defineProperty({__proto__:null,PYPI_PROJECT_URL:ve,PythonVersionActions:Ae,checkUvWorkspaceMembership:Vt,detectAuthMode:Se,detectBackend:Ce,detectUv:Ie,fetchPyPiVersion:K,readPyProject:M,resolveBuildEnv:Pe,resolveProjectDir:q,resolveUvLockPath:xt},Symbol.toStringTag,{value:"Module"}),R=async(t,e,n,r)=>{const s=J(n,r),a=process.platform==="win32",i=a?"cmd":"sh",o=a?["/c",s]:["-c",s];return t.run(i,o,{cwd:e,silent:!1})};class Ot extends N{id="shell";async readPublishedVersion(e){const n=e.perPackageConfig??{},{workspaceConfig:r}=e;if(!r)return;const s=W(e.pkg.name,n,r);if(!s.checkPublished)return;const a=await R(e.pm.runner,e.pkg.dir,s.checkPublished,{name:e.pkg.name,version:e.pkg.version});if(a.exitCode!==0)return;const i=a.stdout.trim();return/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(i)?.[0]}async publish(e){if(e.dryRun)return{output:`[dry-run / shell] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const{workspaceConfig:n}=e,r=e.perPackageConfig??{};if(!n)throw new l({code:"CONFIG_INVALID",message:`Shell publish actions for ${e.pkg.name} require a workspace config (release.allowCustomCommands gate).`,packageName:e.pkg.name});const s=W(e.pkg.name,r,n);if(!s.publishCommand)throw new l({code:"CONFIG_INVALID",hint:`Set release.allowCustomCommands (workspace-wide boolean or an allow-list including "${e.pkg.name}") and configure release.packages["${e.pkg.name}"].publishCommand.`,message:`Shell publish actions for ${e.pkg.name} require a publishCommand AND the trust gate to permit it.`,packageName:e.pkg.name});const a={name:e.pkg.name,registry:e.registry,tag:e.tag,version:e.release.newVersion};if(s.checkPublished){const o=await R(e.pm.runner,e.pkg.dir,s.checkPublished,a);if(o.exitCode===0&&/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(o.stdout.trim())?.[0]===e.release.newVersion)return{alreadyPublished:!0,output:`[shell] ${e.pkg.name}@${e.release.newVersion} already on the registry`,published:!1}}if(s.buildCommand){const o=await R(e.pm.runner,e.pkg.dir,s.buildCommand,a);if(o.exitCode!==0)throw new l({code:"PUBLISH_FAILED",message:`buildCommand failed for ${e.pkg.name}: exit ${o.exitCode}. stderr: ${o.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}const i=Array.isArray(s.publishCommand)?s.publishCommand:[s.publishCommand];for(const o of i){const c=await R(e.pm.runner,e.pkg.dir,o,a);if(c.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the publishCommand output above. Common causes: missing auth token, registry unreachable, version already published (re-run safe — `checkPublished` short-circuits subsequent runs).",message:`publishCommand failed for ${e.pkg.name}@${e.release.newVersion}: exit ${c.exitCode}. stderr: ${c.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}return{output:`[shell] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}}}const Bt=t=>{switch(t){case"cargo":return new at;case"container":return new lt;case"jsr":return new gt;case"maven":return new $t;case"native-addon":return new Pt;case"private":return new jt;case"python":return new Ae;case"shell":return new Ot;default:return new $e}};export{be as a,fe as b,Bt as c,Ue as d,Tt as e,Ut as f,Gt as g,Ke as p,Y as r};
@@ -0,0 +1,9 @@
1
+ import{createRequire as V}from"node:module";import{createShellRunner as G}from"./shell-runner.js";const _=V(import.meta.url),y=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,j=e=>{if(typeof y<"u"&&y.versions&&y.versions.node){const[n,s]=y.versions.node.split(".").map(Number);if(n>22||n===22&&s>=3||n===20&&s>=16)return y.getBuiltinModule(e)}return _(e)},{pathToFileURL:k}=j("node:url"),S=[{section:"Breaking Changes",type:"breaking"},{section:"Features",type:"feat"},{section:"Bug Fixes",type:"fix"},{section:"Performance Improvements",type:"perf"},{section:"Reverts",type:"revert"},{section:"Documentation",type:"docs"},{hidden:!0,section:"Styles",type:"style"},{hidden:!0,section:"Code Refactoring",type:"refactor"},{hidden:!0,section:"Tests",type:"test"},{hidden:!0,section:"Build System",type:"build"},{hidden:!0,section:"Continuous Integration",type:"ci"},{hidden:!0,section:"Miscellaneous Chores",type:"chore"}],W=/^(?<type>[a-z]+)(?:\([^)]+\))?!?:\s+/,E=/^(?:[\p{Emoji_Presentation}\p{Extended_Pictographic}]|:\w+:)\s+/u,D=e=>{const n=e.replace(E,""),s=W.exec(n);if(s?.groups?.type)return n.includes("!:")&&n.split("!:")[0]?.match(/^[a-z]+(?:\([^)]+\))?$/)?"breaking":s.groups.type},P=e=>`(${e.startsWith("@")?e:`@${e}`})`,T=(e,n)=>{for(const s of n){const o=s.line.startsWith("-")||s.line.startsWith("*")?s.line:`- ${s.line}`;e.push(`${o}${s.suffix}`)}},z=(e,n,s)=>{const o=new Map;for(const t of n){const c=t.type??"other",i=o.get(c)??[];i.push({line:t.line,suffix:t.suffix}),o.set(c,i)}for(const t of s){const c=o.get(t.type);if(t.hidden){o.delete(t.type);continue}if(!(!c||c.length===0)){e.push(`### ${t.section}`),e.push("");for(const i of c){const u=i.line.startsWith("-")||i.line.startsWith("*")?i.line:`- ${i.line}`;e.push(`${u}${i.suffix}`)}e.push(""),o.delete(t.type)}}if(!s.some(t=>t.type==="other"&&t.hidden)&&o.size>0){e.push("### Miscellaneous"),e.push("");for(const t of o.values())for(const c of t){const i=c.line.startsWith("-")||c.line.startsWith("*")?c.line:`- ${c.line}`;e.push(`${i}${c.suffix}`)}}},B=(e={})=>n=>{const{changeFiles:s,date:o,release:t,target:c}=n,i=[];c!=="github-release"&&(i.push(`## ${t.newVersion}`),i.push(`<sub>${o}</sub>`),i.push(""));const u=[];for(const r of s){const a=r.body.trim();if(!a)continue;const p=e.authorCredit?r.meta?.author:void 0,h=p?` ${P(p)}`:"";for(const d of a.split(/\r?\n/)){const m=d.trim();m&&u.push({line:m,suffix:h,type:D(m)})}}const f=e.sections===void 0?void 0:e.sections.length===0?S:e.sections;if(f?z(i,u,f):T(i,u),t.isCascadeBump||t.isGroupBump)for(const r of t.sources){const a=t.isCascadeBump?"Cascade from":"Group bump with";i.push(`- ${a} ${r.name}@${r.newVersion}`)}else if(t.isDependencyBump&&s.length===0)for(const r of t.sources)r.newVersion===""?i.push(`- Removed dependency ${r.name}`):i.push(`- Updated dependency ${r.name}@${r.newVersion}`);return i.join(`
2
+ `).replaceAll(/\n{3,}/g,`
3
+
4
+ `).trim()},L=B(),N={includeCommitLink:!0,internalAuthors:[],thankContributors:!0},I=async(e,n,s)=>{if(e)return e;const{createRemoteClient:o,detectRemoteProvider:t}=await import("./detect2.js"),c=await t(s,n,void 0);return o(c).detectRepoSlug(s,n)},M=async(e,n,s)=>{const o=await e.run("git",["log","--diff-filter=A","--pretty=format:%aN%n%aE","--",s],{cwd:n,silent:!0});return o.exitCode!==0?void 0:o.stdout.split(`
5
+ `)[0]?.trim()||void 0},U=(e,n)=>n?e.replaceAll(/(?<!\[)#(\d+)/g,(s,o)=>`[#${o}](https://github.com/${n}/issues/${o})`):e,x=(e={})=>{const n={...N,...e},s=e.runner??G();let o;return async t=>{const{changeFiles:c,date:i,release:u,target:f}=t,r=[],a=new Set,p=process.cwd();o||(o=I(e.repo,s,p));const h=await o;f!=="github-release"&&(r.push(`## ${u.newVersion}`),r.push(`<sub>${i}</sub>`),r.push(""));for(const d of c){const m=d.body.trim(),l=d.meta??{},$=l.author??await M(s,p,d.path);$&&n.thankContributors&&!n.internalAuthors.includes($.replace(/^@/,""))&&a.add($.startsWith("@")?$:`@${$}`);const g=[];if(l.pr&&h?g.push(`[#${l.pr}](https://github.com/${h}/pull/${l.pr})`):l.pr&&g.push(`#${l.pr}`),l.commit&&n.includeCommitLink&&h){const b=l.commit.slice(0,7);g.push(`[\`${b}\`](https://github.com/${h}/commit/${l.commit})`)}const w=g.length>0?` (${g.join(", ")})`:"";if(m)for(const b of m.split(/\r?\n/)){const C=b.trim();if(!C)continue;const v=U(C,h);C.startsWith("-")||C.startsWith("*")?r.push(`${v}${w}`):r.push(`- ${v}${w}`)}}if(u.isCascadeBump||u.isGroupBump)for(const d of u.sources){const m=u.isCascadeBump?"Cascade from":"Group bump with";r.push(`- ${m} ${d.name}@${d.newVersion}`)}else if(u.isDependencyBump&&c.length===0)for(const d of u.sources)d.newVersion===""?r.push(`- Removed dependency ${d.name}`):r.push(`- Updated dependency ${d.name}@${d.newVersion}`);return n.thankContributors&&a.size>0&&(r.push(""),r.push(`Thanks ${[...a].join(", ")}!`)),r.join(`
6
+ `)}},F=["Added","Changed","Deprecated","Removed","Fixed","Security"],q=e=>{const n=e.toLowerCase();return F.find(s=>s.toLowerCase()===n)},K={add:"Added",bugfix:"Fixed",change:"Changed",changed:"Changed",chore:"Changed",deprecate:"Deprecated",deprecated:"Deprecated",feat:"Added",feature:"Added",fix:"Fixed",perf:"Changed",refactor:"Changed",remove:"Removed",removed:"Removed",sec:"Security",security:"Security"},H=/^\s*\[(added|changed|deprecated|removed|fixed|security)\]\s*:?\s*(.*)$/i,J=e=>e.replace(/^[-*]\s+/,"").trim(),O=e=>{const n=/^([a-z]+)(?:\([^)]+\))?!?\s*:\s*(.*)$/i.exec(e.trim());if(!n)return;const s=n[1].toLowerCase(),o=K[s];if(o)return{rest:n[2].trim(),section:o}},Q=e=>e==="major"?"Changed":e==="minor"?"Added":"Fixed",A=(e,n)=>/\bBREAKING(?:\s+CHANGE)?\b/.test(e)||/^\s*[a-z]+(?:\([^)]+\))?!\s*:/i.test(e)||n==="major",X=(e,n,s,o)=>{const t=J(e);if(!t)return;const c=H.exec(t);if(c){const u=q(c[1]);if(u){s[u].push(`- ${c[2].trim()}`);return}}const i=O(t);if(i){A(t,n)&&o.push(`- ${i.rest||t}`),s[i.section].push(`- ${i.rest||t}`);return}A(t,n)&&o.push(`- ${t}`),s[Q(n)].push(`- ${t}`)},Y=(e,n,s,o,t)=>{if(n)return`${n}/compare/${o}...${t}`;if(e)return`https://github.com/${e}/compare/${o}...${t}`},R=(e={})=>n=>{const{changeFiles:s,date:o,release:t,target:c}=n,i={Added:[],Changed:[],Deprecated:[],Fixed:[],Removed:[],Security:[]},u=[],f=t.type;for(const a of s)for(const p of a.body.trim().split(/\r?\n/))p.trim()&&X(p,f,i,u);if(t.isCascadeBump||t.isGroupBump)for(const a of t.sources){const p=t.isCascadeBump?"Cascade from":"Group bump with";i.Changed.push(`- ${p} \`${a.name}\`@${a.newVersion}`)}else if(t.isDependencyBump&&s.length===0)for(const a of t.sources)a.newVersion===""?i.Removed.push(`- Removed dependency \`${a.name}\``):i.Changed.push(`- Updated dependency \`${a.name}\`@${a.newVersion}`);const r=[];if(c!=="github-release"&&(r.push(`## [${t.newVersion}] - ${o}`),r.push("")),u.length>0){r.push("### ⚠ BREAKING CHANGES"),r.push("");for(const a of u)r.push(a);r.push("")}for(const a of F){const p=i[a];if(p.length!==0){r.push(`### ${a}`),r.push("");for(const h of p)r.push(h);r.push("")}}if(c!=="github-release"){const a=`${t.name}@${t.oldVersion}`,p=`${t.name}@${t.newVersion}`,h=Y(e.repo,e.compareUrlPrefix,t.name,a,p);h&&r.push(`[${t.newVersion}]: ${h}`)}return r.join(`
7
+ `).replaceAll(/\n{3,}/g,`
8
+
9
+ `).trimEnd()},te=async(e,n)=>{if(e===!1)return()=>"";if(e===void 0||e==="default")return L;if(e==="github")return x();if(e==="keep-a-changelog"||e==="keepachangelog")return R();let s,o={};if(Array.isArray(e)?[s,o={}]=e:s=e,s==="default")return B(o);if(s==="github")return x(o);if(s==="keep-a-changelog"||s==="keepachangelog")return R(o);const t=s.startsWith(".")?`${n}/${s}`:s,c=k(t).href,{dynamicEsmImport:i}=await import("./dynamic-import.js"),u=await i(c),f=typeof u=="function"?u:u.default;if(typeof f!="function")throw new TypeError(`Custom changelog formatter at ${s} did not export a default function or a callable module.`);if(Array.isArray(e))try{const r=f(o);if(typeof r=="function")return r}catch{}return f};export{te as resolveFormatter};
@@ -0,0 +1 @@
1
+ import o from"./index.js";import{VisReleaseError as r}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const g=/^(?:@[a-z0-9-]{1,39}\/)?[a-z0-9._-]{1,214}$/,n=a=>typeof a!="string"||a.length===0||a.length>214||a.startsWith(".")||a.startsWith("_")?!1:g.test(a),h=a=>{if(!n(a))throw new r({code:"CONFIG_INVALID",message:`Invalid package name: ${JSON.stringify(a)}. Must match ^(@scope/)?[a-z0-9._-]+$ and be ≤ 214 chars (npm spec).`,packageName:typeof a=="string"?a:void 0})},c=a=>`'${a.replaceAll("'",String.raw`'\''`)}'`,m=a=>`"${a.replaceAll('"','""')}"`,l=(a,e=process.platform==="win32")=>e?m(a):c(a),i=(a,e)=>{const s=e.allowCustomCommands;return s===void 0||s===!1?!1:s===!0?!0:Array.isArray(s)?s.some(t=>a===t||o(t,a)):!1},u=(a,e,s=process.platform==="win32")=>a.replaceAll("{{name}}",l(e.name,s)).replaceAll("{{version}}",l(e.version,s)).replaceAll("{{tag}}",l(e.tag??"",s)).replaceAll("{{registry}}",l(e.registry??"",s)),p=[/\bnpm_[A-Za-z0-9]{20,}/g,/\bghp_[A-Za-z0-9]{20,}/g,/\bgho_[A-Za-z0-9]{20,}/g,/\bghs_[A-Za-z0-9]{20,}/g,/\bghu_[A-Za-z0-9]{20,}/g,/\bgithub_pat_\w{70,}/g,/\bglpat-[\w-]{20,}/g,/\bAKIA[0-9A-Z]{16}\b/g,/\bASIA[0-9A-Z]{16}\b/g,/\bcio[A-Za-z0-9]{40,}/g,/\bpypi-AgEIcHlwaS5vcmcCJ[\w-]+/g,/ACTIONS_ID_TOKEN_REQUEST_TOKEN=\S+/g,/\b_authToken=\S+/g,/\bBasic\s+[A-Za-z0-9+/=]{16,}/g,/--otp[= ]\S+/g,/\bone[- ]time password:?\s*\d{6,}/gi,/\bEOTP\s+\d{6,}/g,/Bearer (?!\[REDACTED\])[^\s"']+/g],C=a=>{let e=a;for(const s of p)e=e.replaceAll(s,"[REDACTED]");return e},A={"&":"&amp;","<":"&lt;",">":"&gt;"},_=a=>{let e=a.replaceAll(/[<>&]/g,s=>A[s]??s);return e=e.replaceAll("`","\\`"),e},f=(a,e,s)=>i(a,s)?{buildCommand:e.buildCommand,checkPublished:e.checkPublished,publishCommand:e.publishCommand}:{};export{h as assertValidPackageName,m as cmdq,_ as escapeMarkdown,u as interpolateCommand,i as isCustomCommandAllowed,n as isValidPackageName,C as redactTokens,f as resolveCustomCommands,l as shellQuote,c as sq};
@@ -0,0 +1 @@
1
+ import{x as c}from"tinyexec";import{redactTokens as o}from"./security.js";const h=()=>({run:async(s,t,r)=>{try{const e=await c(s,[...t],{nodeOptions:{cwd:r.cwd,env:{...process.env,...r.env},stdio:r.silent?["ignore","pipe","pipe"]:"inherit"},throwOnError:!1});return{exitCode:typeof e.exitCode=="number"?e.exitCode:-1,stderr:o(e.stderr??""),stdout:o(e.stdout??"")}}catch(e){return{exitCode:-1,stderr:o(e.message),stdout:""}}}}),f=()=>new a;class a{handlers=[];on(t,r,e){this.handlers.push({argsPrefix:r,command:t,respond:e})}async run(t,r,e){for(const n of this.handlers)if(!(n.command!==t||r.length<n.argsPrefix.length)&&n.argsPrefix.every((d,i)=>d===r[i]))return n.respond(e.cwd);return{exitCode:0,stderr:"",stdout:""}}}export{a as MockRunner,f as createMockRunner,h as createShellRunner};
@@ -0,0 +1,2 @@
1
+ import{expandNotificationTemplate as r}from"./interface.js";const l=n=>n.url?`• <${n.url}|${n.name}@${n.version}>`:`• ${n.name}@${n.version}`;class m{constructor(t){this.config=t,this.id=t.id?`slack:${t.id}`:"slack"}config;id;async send(t){const c=this.config.title?r(this.config.title,t):`🚀 Released ${t.published.length} package${t.published.length===1?"":"s"}`,i=[{text:{text:c,type:"plain_text"},type:"header"}];t.published.length>0&&i.push({text:{text:t.published.map(e=>l(e)).join(`
2
+ `),type:"mrkdwn"},type:"section"});const o=[];t.channel&&o.push(`channel: \`${t.channel}\``),t.repo&&o.push(`<https://github.com/${t.repo}|${t.repo}>`);const a=Date.parse(t.completedAt);Number.isFinite(a)?o.push(`<!date^${Math.floor(a/1e3)}^{date_short_pretty} at {time}|${t.completedAt}>`):o.push(t.completedAt),i.push({elements:[{text:o.join(" • "),type:"mrkdwn"}],type:"context"}),t.skipped.length>0&&this.config.includeSkipped!==!1&&(i.push({type:"divider"}),i.push({text:{text:`*Skipped (${t.skipped.length}):* ${t.skipped.map(e=>`\`${e.name}\` (${e.reason})`).join(", ")}`,type:"mrkdwn"},type:"section"}));const h={blocks:i,text:c,...this.config.channelOverride?{channel:this.config.channelOverride}:{},...this.config.username?{username:this.config.username}:{},...this.config.iconEmoji?{icon_emoji:this.config.iconEmoji}:{}};let s;try{s=await fetch(this.config.webhook,{body:JSON.stringify(h),headers:{"Content-Type":"application/json"},method:"POST"})}catch(e){const p=e instanceof Error?e.name:"NetworkError";throw new Error(`Slack webhook fetch failed (${p})`,{cause:e})}if(!s.ok){const e=await s.text().catch(()=>"");throw new Error(`Slack webhook returned ${s.status} ${s.statusText}${e?`: ${e.slice(0,200)}`:""}`)}}}export{m as SlackNotificationChannel};
@@ -0,0 +1,2 @@
1
+ import{createRequire as O}from"node:module";import{DEFAULT_CHANGES_DIR as G}from"./DEFAULT_CLEAN_KEEP.js";import{p as $,r as Q,a as X,b as Y}from"./registry.js";import{getCurrentSha as z,getShortSha as K}from"./git.js";import{N as Z}from"./detect.js";const J=O(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,U=s=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[e,r]=u.versions.node.split(".").map(Number);if(e>22||e===22&&r>=3||e===20&&r>=16)return u.getBuiltinModule(s)}return J(s)},{readFile:W,writeFile:N}=U("node:fs/promises"),ee=(s,e)=>s.replaceAll("{tag}",e.tag).replaceAll("{sha}",e.sha).replaceAll("{shortSha}",e.shortSha).replaceAll("{branch}",e.branch??"").replaceAll("{pr}",e.pr??"").replaceAll("{timestamp}",e.timestamp),ce=async s=>{const{context:e,dryRun:r=!1,registry:g,tag:n}=s,{createShellRunner:c}=await import("./shell-runner.js"),o=s.runner??c(),l=await z({cwd:e.cwd,runner:o}),i=await K({cwd:e.cwd,runner:o});if(!l||!i)throw new Error("Could not resolve git HEAD. Snapshot requires a git workspace.");const w=e.config.snapshot?.versionTemplate??"0.0.0-{tag}-{shortSha}",A=new Date().toISOString().replaceAll(/[:.]/g,"").slice(0,14),m=e.config.snapshot?.tags??[],p=await o.run("git",["rev-parse","--abbrev-ref","HEAD"],{cwd:e.cwd,silent:!0}).then(t=>t.exitCode===0?t.stdout.trim():void 0).catch(()=>{}),S=process.env.VIS_PR_NUMBER??process.env.PR_NUMBER,R=[n];for(const t of m){let a;switch(t){case"branch":{a=p&&p!=="HEAD"?p:void 0;break}case"pr":{a=S?`pr-${S}`:void 0;break}case"sha":{a=l;break}case"short-sha":{a=i;break}default:a=void 0}a&&a!==n&&!R.includes(a)&&R.push(a)}let f=e.packages;if(s.filter){const{default:t}=await import("./index.js"),a=s.filter.split(",").map(h=>h.trim()).filter(Boolean);f=f.filter(h=>a.some(y=>h.name===y||t(y,h.name)))}f=f.filter(t=>!t.private);const d=ee(w,{branch:p&&p!=="HEAD"?p:void 0,pr:S,sha:l,shortSha:i,tag:n,timestamp:A}),P=new Map;for(const t of f)P.set(t.name,{...t.manifest,version:d});const F=$(await e.pm.readCatalogYaml(e.cwd)),H=new Z(o),b=[],v=[],k=[],j=e.config.changesDir??G,{acquireLock:T,releaseLock:q}=await import("./state.js");let C=!1;if(!r)try{await T(e.cwd,j),C=!0}catch(t){return k.push({name:"_lock",reason:t.message}),{failed:k,published:b,skipped:v,snapshotVersion:d,tag:n}}try{for(const t of f){const a=ae(t,P),h=Q(a,F),y=X(h,e.config.publish?.cleanPackageJson);if(r){b.push({name:t.name,version:d});continue}let D;try{D=await W(t.manifestPath,"utf8"),await N(t.manifestPath,`${JSON.stringify(y,null,4)}
2
+ `);const{mkdtempSync:E}=await import("node:fs"),{tmpdir:x}=await import("node:os"),{join:B}=await import("node:path"),M=E(B(x(),"vis-snapshot-")),V=await e.pm.pack({cwd:t.dir,destination:M});let _;for(const I of R){const L=await H.publish({access:"public",extraArgs:["--no-git-checks"],registry:g,tag:I,tarball:V.tarball});_??=L}_?.published?b.push({name:t.name,version:d}):_?.alreadyPublished?v.push({name:t.name,reason:"already-published"}):v.push({name:t.name,reason:_?.output??"unknown"})}catch(E){k.push({name:t.name,reason:E.message})}finally{if(D!==void 0)try{await N(t.manifestPath,D)}catch{}}}}finally{C&&await q(e.cwd,j)}return{failed:k,published:b,skipped:v,snapshotVersion:d,tag:n}},te=["dependencies","devDependencies","peerDependencies","optionalDependencies"],ae=(s,e)=>{const r=e.get(s.name)??s.manifest,g={...r};for(const n of te){const c=r[n];if(!c||typeof c!="object")continue;const o={...c};for(const[l,i]of Object.entries(c)){const w=e.get(l);if(w&&i.startsWith("workspace:")){const A=i.slice(10),m=Y(A==="*"?"*":i,w.version);o[l]=m.startsWith("workspace:")?m.slice(10):m}}g[n]=o}return g};export{ce as runSnapshot};
@@ -0,0 +1 @@
1
+ import{createRequire as n}from"node:module";import{VisReleaseError as d}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const a=n(import.meta.url),o=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,c=e=>{if(typeof o<"u"&&o.versions&&o.versions.node){const[t,s]=o.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return o.getBuiltinModule(e)}return a(e)},{setTimeout:u}=c("node:timers/promises"),f=async e=>{const t=Date.now(),s=r=>{const i=r.trim();if(!i)return!1;try{return typeof JSON.parse(i).id=="string"}catch{return!1}};for(;Date.now()-t<e.timeoutMs;){const r=await e.runner.run("npm",["stage","view",e.stageId,"--json"],{cwd:e.cwd,silent:!0});if(!(r.exitCode===0&&s(r.stdout))){const i=await e.runner.run("npm",["view",`${e.packageName}@${e.version}`,"dist.tarball","--silent"],{cwd:e.cwd,silent:!0});return i.exitCode===0&&i.stdout.trim()?"approved":"rejected"}e.onProgress?.(Date.now()-t),await u(e.pollIntervalMs)}return"timeout"},m=(e,t=process.env)=>{const s=e==="restricted",r=!!t.ACTIONS_ID_TOKEN_REQUEST_URL&&!t.NPM_TOKEN;if(s&&r)throw new d({code:"CONFIG_INVALID",hint:"Either set publish.stage: false, or fall back to NPM_TOKEN authentication (export NPM_TOKEN; trusted publishing on restricted packages is tracked for a future release).",message:"publish.stage with OIDC trusted publishing is not supported for restricted-access packages in v1."})};export{m as refuseRestrictedOidc,f as waitForStageDecision};
@@ -0,0 +1,2 @@
1
+ import{createRequire as S}from"node:module";import{VisReleaseError as l}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const w=S(import.meta.url),o=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,p=e=>{if(typeof o<"u"&&o.versions&&o.versions.node){const[n,r]=o.versions.node.split(".").map(Number);if(n>22||n===22&&r>=3||n===20&&r>=16)return o.getBuiltinModule(e)}return w(e)},{readFile:h,unlink:v,mkdir:_,writeFile:N}=p("node:fs/promises"),{dirname:k,join:O}=p("node:path"),y=(e,n)=>O(e,n,"staged.json"),R=()=>({pending:[],recentlyNotified:[],recentlyWalked:[],updatedAt:new Date().toISOString(),version:1}),c=100,T=720*60*60*1e3,u=(e,n=Date.now())=>{if(!e||e.length===0)return[];const r=n-T,t=e.filter(i=>{const a=Date.parse(i.at);return Number.isFinite(a)&&a>=r});return t.length<=c?t:[...t].sort((i,a)=>Date.parse(a.at)-Date.parse(i.at)).slice(0,c)},P=async(e,n)=>{const r=y(e,n);let t;try{t=await h(r,"utf8")}catch(a){if(a.code==="ENOENT")return R();throw new l({cause:a,code:"STATE_FILE_CORRUPT",message:`Failed to read staged registry at ${r}: ${a.message}`})}let i;try{i=JSON.parse(t)}catch(a){throw new l({cause:a,code:"STATE_FILE_CORRUPT",message:`Staged registry at ${r} is not valid JSON: ${a.message}. Remove the file or fix it manually.`})}if(i.version!==1)throw new l({code:"STATE_FILE_CORRUPT",message:`Staged registry at ${r} reports unknown version ${i.version}. Upgrade vis or remove the file.`});if(!Array.isArray(i.pending))throw new l({code:"STATE_FILE_CORRUPT",message:`Staged registry at ${r} is missing the "pending" array.`});return i},F=async(e,n,r)=>{const t=y(e,n);let i;try{const d=await h(t,"utf8");i=JSON.parse(d)}catch{i=void 0}const a=u(r.recentlyNotified),s=u(r.recentlyWalked),g={...r,recentlyNotified:a,recentlyWalked:s};if(g.pending.length===0&&a.length===0&&s.length===0){if(i===void 0)return{changed:!1,path:t,removed:!1};try{await v(t)}catch(d){if(d.code!=="ENOENT")throw d}return{changed:!0,path:t,removed:!0}}if(i&&E(i,g))return{changed:!1,path:t,removed:!1};await _(k(t),{recursive:!0});const m=`${JSON.stringify({...g,updatedAt:new Date().toISOString()},null,2)}
2
+ `;return await N(t,m),{changed:!0,path:t,removed:!1}},W=(e,n,r=new Date().toISOString())=>{if(n.length===0)return e;const t=e.recentlyNotified??[],i=new Set(t.map(s=>s.key)),a=n.filter(s=>!i.has(s)).map(s=>({at:r,key:s}));return a.length===0?e:{...e,recentlyNotified:[...t,...a],updatedAt:r}},$=(e,n,r=new Date().toISOString())=>{if(n.length===0)return e;const t=e.recentlyWalked??[],i=new Set(t.map(s=>s.key)),a=n.filter(s=>!i.has(s)).map(s=>({at:r,key:s}));return a.length===0?e:{...e,recentlyWalked:[...t,...a],updatedAt:r}},j=(e,n)=>{if(n.length===0)return e;const r=new Map(e.pending.map(t=>[t.id,t]));for(const t of n)r.set(t.id,t);return{...e,pending:[...r.values()],updatedAt:new Date().toISOString()}},C=(e,n)=>{if(n.length===0||e.pending.length===0)return e;const r=new Set(n),t=e.pending.filter(i=>!r.has(i.id));return t.length===e.pending.length?e:{...e,pending:t,updatedAt:new Date().toISOString()}},b=(e,n)=>{if(e.pending.length===0||n.length===0)return[];const r=new Set(n);return e.pending.filter(t=>r.has(t.name))},f=(e,n)=>{const r=e??[],t=n??[];if(r.length!==t.length)return!1;if(r.length===0)return!0;const i=new Map(r.map(a=>[a.key,a]));for(const a of t)if(i.get(a.key)?.at!==a.at)return!1;return!0},E=(e,n)=>A(e.pending,n.pending)&&f(e.recentlyNotified,n.recentlyNotified)&&f(e.recentlyWalked,n.recentlyWalked),A=(e,n)=>{if(e.length!==n.length)return!1;if(e.length===0)return!0;const r=new Map(e.map(t=>[t.id,t]));for(const t of n){const i=r.get(t.id);if(!i||i.name!==t.name||i.version!==t.version||i.reason!==t.reason||(i.tag??"latest")!==(t.tag??"latest"))return!1}return!0};export{b as findConflictingPendingStages,A as pendingSetsEqual,u as pruneOldEntries,P as readStagedRegistry,W as recordRecentlyNotified,$ as recordRecentlyWalked,E as registryContentsEqual,C as removePendingStages,y as stagedRegistryPath,j as upsertPendingStages,F as writeStagedRegistry};
@@ -0,0 +1,3 @@
1
+ import{createRequire as E}from"node:module";import{VisReleaseError as o}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const S=E(import.meta.url),i=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,l=t=>{if(typeof i<"u"&&i.versions&&i.versions.node){const[a,e]=i.versions.node.split(".").map(Number);if(a>22||a===22&&e>=3||a===20&&e>=16)return i.getBuiltinModule(t)}return S(t)},{constants:u}=l("node:fs"),{mkdir:w,readFile:p,unlink:d,open:R,writeFile:O}=l("node:fs/promises"),{platform:$,hostname:h}=l("node:os"),{dirname:m,join:y}=l("node:path"),c=(t,a)=>y(t,a,".state.json"),N=async(t,a)=>{try{const e=await p(c(t,a),"utf8"),s=JSON.parse(e);if(s.version!==1)throw new o({code:"STATE_FILE_CORRUPT",message:`Unknown state file version: ${s.version}. Delete ${c(t,a)} to start fresh.`});return s}catch(e){if(e.code==="ENOENT")return;throw e instanceof o?e:new o({cause:e,code:"STATE_FILE_CORRUPT",message:`Failed to read state file: ${e.message}`})}},P=async(t,a,e)=>{const s=c(t,a);await w(m(s),{recursive:!0}),await O(s,`${JSON.stringify(e,null,2)}
2
+ `)},C=async(t,a)=>{try{await d(c(t,a))}catch(e){if(e.code!=="ENOENT")throw new o({cause:e,code:"STATE_FILE_CORRUPT",message:`Could not clear state file at ${c(t,a)}: ${e.message}. Remove it manually before the next run.`})}},I=(t,a)=>({applied:[],channel:t,notified:[],plan:[...a],published:[],pushed:!1,startedAt:new Date().toISOString(),tagged:[],version:1,walked:[]}),L=(t,a)=>{const e=new Set(a.published);return t.filter(s=>!e.has(`${s.name}@${s.newVersion}`))},k=3600*1e3,_=(t,a)=>y(t,a,".lock"),v=t=>{try{return process.kill(t,0),!0}catch{return!1}},b=async(t,a)=>{const e=_(t,a);await w(m(e),{recursive:!0});const s={acquiredAt:new Date().toISOString(),hostname:h(),pid:process.pid,platform:$()},T=`${JSON.stringify(s,null,2)}
3
+ `,f=async()=>{try{const n=await R(e,u.O_WRONLY|u.O_CREAT|u.O_EXCL,384);try{await n.writeFile(T)}finally{await n.close()}return!0}catch(n){if(n.code==="EEXIST")return!1;throw n}};if(await f())return e;let r;try{r=JSON.parse(await p(e,"utf8"))}catch{}if(r){const n=Date.now()-new Date(r.acquiredAt).getTime();if((!r.hostname||r.hostname===h())&&v(r.pid)&&n<k){const g=r.hostname?`${r.hostname}:${r.pid}`:`PID ${r.pid}`;throw new o({code:"STATE_FILE_CORRUPT",message:`Release lock held by ${g} (acquired ${Math.round(n/1e3)}s ago). Wait for the other run, or remove ${e} if you're sure it's stale.`})}}try{await d(e)}catch{}if(await f())return e;throw new o({code:"STATE_FILE_CORRUPT",message:`Could not acquire release lock at ${e} after clearing a stale entry. Another process took it. Retry in a few seconds.`})},q=async(t,a)=>{try{await d(_(t,a))}catch{}};export{b as acquireLock,C as clearState,L as filterPlanByState,_ as lockFilePath,I as newState,N as readState,q as releaseLock,c as stateFilePath,P as writeState};
@@ -0,0 +1,8 @@
1
+ const p="<!-- vis-release-success -->",k=["released"],v=`${p}
2
+ :tada: This issue has been resolved in version {version} :tada:
3
+
4
+ The release is available on [GitHub release]({url}).
5
+
6
+ Your **[vis](https://github.com/visulima/visulima)** release pipeline shipped this. :rocket:`,C=(s,e)=>{const t=new Set,n=/(?:^|[\s(,;:!?])#(\d+)/g;let r;for(;(r=n.exec(s))!==null;){const a=Number.parseInt(r[1],10);Number.isFinite(a)&&a>0&&t.add(a)}const o=/\bgh-(\d+)/gi;for(;(r=o.exec(s))!==null;){const a=Number.parseInt(r[1],10);Number.isFinite(a)&&a>0&&t.add(a)}const u=/https?:\/\/([^\s/]+)\/([^\s)]*?)\/(?:pull|issues|merge_requests)\/(\d+)/gi;for(;(r=u.exec(s))!==null;){const a=Number.parseInt(r[3],10);if(Number.isFinite(a)&&a>0){if(e){const l=(r[2]??"").replaceAll(/^\/+|\/+$/g,"").replace(/\/-$/,""),m=e.replaceAll(/^\/+|\/+$/g,"");if(l.toLowerCase()!==m.toLowerCase())continue}t.add(a)}}return[...t].sort((a,l)=>a-l)},$=(s,e)=>{let t=s;if(e.url)t=t.replaceAll("{url}",e.url);else{const n=`${e.name}@${e.version}`;t=t.replaceAll(/\[[^\]]*\]\(\{url\}\)/g,n),t=t.replaceAll("{url}",n)}return t.replaceAll("{version}",e.version).replaceAll("{name}",e.name).replaceAll("{tag}",e.tag)},L=s=>{const e=s.config.successWalk??{};return{commentBody:e.commentBody??v,enabled:e.enabled!==!1,labels:e.labels??k,skipPrerelease:e.skipPrerelease!==!1}},N=async(s,e,t,n)=>{const r=new Set,o=new Map,u=new Date().toISOString().slice(0,10);for(const a of e.published){const l=s.plan.releases.find(c=>c.name===a.name);if(!l)continue;let m;try{m=await t({changeFiles:l.changeFiles,date:u,release:l,target:"github-release"})}catch{continue}const d=[m,...l.changeFiles.map(c=>c.body)].join(`
7
+ `);for(const c of C(d,n))o.has(c)||o.set(c,l),r.add(c)}return{firstReleaseByRef:o,refs:[...r].sort((a,l)=>a-l)}},R=(s,e)=>s?e.published.find(t=>t.name===s.name)?.url??"":"",F=s=>{let e=0;const t=[],n=()=>{if(e>=s)return;const r=t.shift();r&&(e+=1,r())};return r=>new Promise((o,u)=>{const a=()=>{e-=1,n()},l=()=>{r().then(o,u).finally(a)};t.push(l),n()})},W=s=>new Promise(e=>{setTimeout(e,s)}),_=s=>{if(!s||typeof s!="object")return!1;const e=s;return typeof e.status=="number"&&e.status===429||typeof e.statusCode=="number"&&e.statusCode===429?!0:typeof e.message=="string"?/\b429\b|rate[- ]?limit/i.test(e.message):!1},E=(s,e)=>{if(!s||typeof s!="object")return e;const t=s;if(typeof t.retryAfter=="number"&&Number.isFinite(t.retryAfter)&&t.retryAfter>=0)return Math.round(t.retryAfter*1e3);if(typeof t.message=="string"){const n=/Retry-After:\s*(\d+)/i.exec(t.message);if(n){const r=Number.parseInt(n[1],10);if(Number.isFinite(r)&&r>=0)return r*1e3}}return e},g=async(s,e=5e3)=>{try{return await s()}catch(t){if(!_(t))throw t;const n=E(t,e);return await W(n),s()}},x=async(s,e,t,n)=>{const r={commented:[],labeled:[],warnings:[]};if(s.config.successWalk===void 0)return r;const o=L(s);if(!o.enabled)return r;const u=!!s.channel?.prerelease||e.published.some(i=>i.version.includes("-"));if(o.skipPrerelease&&u||!n.repo)return r;const{firstReleaseByRef:a,refs:l}=await N(s,e,n.formatter,n.repo);if(l.length===0)return r;const m=s.channel?.tag??"",d=F(4),c=l.map(i=>d(async()=>{const f=a.get(i),y=f?.newVersion??e.published[0]?.version??"",w=f?.name??e.published[0]?.name??"",A=R(f,e),b=$(o.commentBody,{name:w,tag:m,url:A,version:y}),S=b.includes(p)?b:`${p}
8
+ ${b}`;try{if(await g(()=>n.client.upsertStickyComment(t,{body:S,cwd:s.cwd,issueNumber:i,marker:p,repo:n.repo})))r.commented.push(i);else{r.warnings.push(`successWalk: upsertStickyComment returned undefined for #${i}; skipping label step.`);return}}catch(h){r.warnings.push(`successWalk: failed to comment on #${i}: ${h.message}`);return}if(o.labels.length!==0)try{await g(()=>n.client.addLabels(t,{cwd:s.cwd,issueNumber:i,labels:o.labels,repo:n.repo}))?r.labeled.push(i):r.warnings.push(`successWalk: addLabels returned false for #${i}; the labels may not have been applied.`)}catch(h){r.warnings.push(`successWalk: failed to label #${i}: ${h.message}`)}}));return await Promise.all(c),r.commented.sort((i,f)=>i-f),r.labeled.sort((i,f)=>i-f),r};export{v as DEFAULT_SUCCESS_WALK_COMMENT,k as DEFAULT_SUCCESS_WALK_LABELS,p as SUCCESS_WALK_MARKER,C as extractReferences,F as pLimit,x as walkSuccessfulRelease,g as withRateLimitRetry};
@@ -1,2 +1,2 @@
1
- import{E as g}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{p as c}from"./bin.js";import{s as $}from"../packem_shared/scan-progress-JBbd9QeT.js";import{s as w,D as v}from"../packem_shared/advisories-DLeO5KMN.js";const S=t=>t?.security?.audit?.advisories??{},D=t=>t?t.split(",").map(r=>r.trim()).filter(r=>r.length>0):["npm"],b=async({logger:t,options:r,visConfig:h,workspaceRoot:d})=>{if(!d)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const l=r.format==="json",u=S(h),m=r.source??u.source??v,p=D(r.ecosystem),y=p.map(s=>({id:s,label:`Sync ${s} advisories`})),n=$(y,{live:!l}),i=[];try{for(const s of p){n.start(s);const o=Date.now();try{const e=await w({allowedHosts:u.allowedHosts,dbPath:r.db,ecosystem:s,force:!!r.force,source:m,workspaceRoot:d});i.push({ecosystem:s,result:e}),e.upToDate?n.finish(s,"ok",`up to date · ${f(Date.now()-o)}`):n.finish(s,"ok",`${e.advisoriesIngested.toLocaleString()} advisories · ${f(e.durationMs)}`)}catch(e){const a=e instanceof Error?e.message:String(e);i.push({ecosystem:s,error:a}),n.finish(s,"error",a)}}}finally{n.stop()}if(l){const s={ecosystems:i.map(o=>({advisoriesIngested:o.result?.advisoriesIngested??0,dbPath:o.result?.dbPath??null,durationMs:o.result?.durationMs??0,ecosystem:o.ecosystem,error:o.error??null,upToDate:o.result?.upToDate??!1})),source:m};process.stdout.write(`${JSON.stringify(s,void 0,2)}
1
+ import{E as g}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{p as c}from"./bin.js";import{s as $}from"../packem_shared/scan-progress-DG7_JmTV.js";import{s as w,D as v}from"../packem_shared/advisories-DLeO5KMN.js";const S=t=>t?.security?.audit?.advisories??{},D=t=>t?t.split(",").map(r=>r.trim()).filter(r=>r.length>0):["npm"],b=async({logger:t,options:r,visConfig:h,workspaceRoot:d})=>{if(!d)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const l=r.format==="json",u=S(h),m=r.source??u.source??v,p=D(r.ecosystem),y=p.map(s=>({id:s,label:`Sync ${s} advisories`})),n=$(y,{live:!l}),i=[];try{for(const s of p){n.start(s);const o=Date.now();try{const e=await w({allowedHosts:u.allowedHosts,dbPath:r.db,ecosystem:s,force:!!r.force,source:m,workspaceRoot:d});i.push({ecosystem:s,result:e}),e.upToDate?n.finish(s,"ok",`up to date · ${f(Date.now()-o)}`):n.finish(s,"ok",`${e.advisoriesIngested.toLocaleString()} advisories · ${f(e.durationMs)}`)}catch(e){const a=e instanceof Error?e.message:String(e);i.push({ecosystem:s,error:a}),n.finish(s,"error",a)}}}finally{n.stop()}if(l){const s={ecosystems:i.map(o=>({advisoriesIngested:o.result?.advisoriesIngested??0,dbPath:o.result?.dbPath??null,durationMs:o.result?.durationMs??0,ecosystem:o.ecosystem,error:o.error??null,upToDate:o.result?.upToDate??!1})),source:m};process.stdout.write(`${JSON.stringify(s,void 0,2)}
2
2
  `)}else{const s=i.filter(a=>a.error),o=i.filter(a=>a.result),e=o[0];e?.result?.dbPath&&c.info(g(`DB: ${e.result.dbPath}`)),s.length===0?c.success(`Synced ${o.length} ecosystem${o.length===1?"":"s"}.`):c.error(`${s.length} ecosystem${s.length===1?"":"s"} failed to sync.`)}i.some(s=>s.error)&&(process.exitCode=1)},f=t=>t>=1e3?`${(t/1e3).toFixed(1)}s`:`${Math.round(t)}ms`,R=b;export{R as advisoriesSyncExecute};
@@ -1,2 +1,2 @@
1
- import{p as e}from"./bin.js";import{w as u}from"../packem_shared/pm-runner-pVihAfxV.js";import{O as g}from"../packem_shared/native-config-sync-BKAZ0NIs.js";import{S as l}from"../packem_shared/min-release-age-D1alDE3K.js";const y=new Set(["bun","npm","pnpm","yarn"]),k=({options:r,visConfig:c,workspaceRoot:f})=>{const s=f??process.cwd(),n=u(s);if(!y.has(n.name)){e.warn(`Package manager '${n.name}' has no native security config to sync.`);return}if(!c?.security){e.warn("vis.config has no `security` block — nothing to sync.");return}const t=c.security.policies??{},a=Object.fromEntries(Object.entries(t.installScripts?.allow??{}).filter(([,o])=>o)),m=t.firstSeen?.minutes,p=t.firstSeen?.exclude??[],i=[];if(Object.keys(a).length>0&&!r.skipAllowBuilds&&i.push(...g(n.name,s,a)),r.skipMinReleaseAge||i.push(...l(n.name,s,m,p)),i.length===0){e.success("Nothing to sync — vis.config and native PM config are aligned.");return}e.info(`Syncing vis.config security settings to ${n.name} native config…
1
+ import{p as e}from"./bin.js";import{w as u}from"../packem_shared/pm-runner-OGResYrA.js";import{O as g}from"../packem_shared/native-config-sync-BEkJW7g3.js";import{S as l}from"../packem_shared/min-release-age-D1alDE3K.js";const y=new Set(["bun","npm","pnpm","yarn"]),k=({options:r,visConfig:c,workspaceRoot:f})=>{const s=f??process.cwd(),n=u(s);if(!y.has(n.name)){e.warn(`Package manager '${n.name}' has no native security config to sync.`);return}if(!c?.security){e.warn("vis.config has no `security` block — nothing to sync.");return}const t=c.security.policies??{},a=Object.fromEntries(Object.entries(t.installScripts?.allow??{}).filter(([,o])=>o)),m=t.firstSeen?.minutes,p=t.firstSeen?.exclude??[],i=[];if(Object.keys(a).length>0&&!r.skipAllowBuilds&&i.push(...g(n.name,s,a)),r.skipMinReleaseAge||i.push(...l(n.name,s,m,p)),i.length===0){e.success("Nothing to sync — vis.config and native PM config are aligned.");return}e.info(`Syncing vis.config security settings to ${n.name} native config…
2
2
  `);for(const o of i)e.success(` ${o}`)};export{k as default};
@@ -1,2 +1,2 @@
1
- import{createRequire as m}from"node:module";import{m as d,f as p,T as v}from"../packem_shared/index-BDmTbWX1.js";import{p as e}from"./bin.js";import{w as $}from"../packem_shared/pm-runner-pVihAfxV.js";import{a as u}from"./config.js";const g=m(import.meta.url),c=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,w=o=>{if(typeof c<"u"&&c.versions&&c.versions.node){const[t,s]=c.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return c.getBuiltinModule(o)}return g(o)},{spawnSync:y}=w("node:child_process"),n="@lavamoat/preinstall-always-fail",l=o=>{const t=d(o,"package.json");if(!p(t))return"no-package-json";try{const s=u(t);if(s.devDependencies?.[n]||s.dependencies?.[n])return"installed"}catch{}return"missing"},h=o=>{const t=d(o,"package.json");if(!p(t))return!1;try{const s=u(t);let i=!1;const a=r=>!r||!(n in r)?r:(i=!0,Object.fromEntries(Object.entries(r).filter(([f])=>f!==n)));return s.devDependencies=a(s.devDependencies),s.dependencies=a(s.dependencies),i&&v(t,`${JSON.stringify(s,null,2)}
1
+ import{createRequire as m}from"node:module";import{m as d,f as p,T as v}from"../packem_shared/index-BDmTbWX1.js";import{p as e}from"./bin.js";import{w as $}from"../packem_shared/pm-runner-OGResYrA.js";import{a as u}from"./config.js";const g=m(import.meta.url),c=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,w=o=>{if(typeof c<"u"&&c.versions&&c.versions.node){const[t,s]=c.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return c.getBuiltinModule(o)}return g(o)},{spawnSync:y}=w("node:child_process"),n="@lavamoat/preinstall-always-fail",l=o=>{const t=d(o,"package.json");if(!p(t))return"no-package-json";try{const s=u(t);if(s.devDependencies?.[n]||s.dependencies?.[n])return"installed"}catch{}return"missing"},h=o=>{const t=d(o,"package.json");if(!p(t))return!1;try{const s=u(t);let i=!1;const a=r=>!r||!(n in r)?r:(i=!0,Object.fromEntries(Object.entries(r).filter(([f])=>f!==n)));return s.devDependencies=a(s.devDependencies),s.dependencies=a(s.dependencies),i&&v(t,`${JSON.stringify(s,null,2)}
2
2
  `),i}catch{return!1}},D=({options:o,workspaceRoot:t})=>{const s=t??process.cwd();if(o.status){switch(l(s)){case"installed":{e.success(`Preinstall tripwire is installed (${n}).`),e.info("Removing 'ignore-scripts=true' will cause future installs to fail loudly.");break}case"missing":{e.warn("Preinstall tripwire is not installed."),e.info(`Run 'vis security tripwire' to add ${n} as a devDependency.`);break}default:e.error("No package.json found at the workspace root."),process.exitCode=1}return}if(o.remove){h(s)?e.success(`Removed ${n} from package.json. Run your PM's install to clean node_modules.`):e.info(`${n} was not present in package.json.`);return}if(l(s)==="installed"){e.info(`${n} is already installed.`);return}const i=$(s),a={bun:["add","-d",n],npm:["install","--save-dev",n],pnpm:["add","-D","-w",n],yarn:["add","-D",n]}[i.name];if(!a){e.error(`Cannot install tripwire — unsupported package manager '${i.name}'.`),process.exitCode=1;return}e.info(`Installing ${n} via ${i.name}…`);const r=y(i.name,a,{cwd:s,stdio:"inherit"});if(r.error){e.error(`Failed to install tripwire: ${r.error.message}`),process.exitCode=1;return}if(r.signal!==null){e.error(`${i.name} was terminated by signal ${r.signal}`),process.exitCode=1;return}if(r.status!==0){e.error(`${i.name} exited with code ${String(r.status)}`),process.exitCode=r.status??1;return}e.success(`Installed ${n} as a devDependency.`),e.notice(""),e.notice("How the tripwire works:"),e.notice(` ${n} declares a preinstall script that always fails.`),e.notice(" When 'ignore-scripts=true' is set (.npmrc / bunfig.toml / .yarnrc.yml),"),e.notice(" the script is skipped and installs succeed normally. If someone deletes"),e.notice(" that setting, the next install fails — loudly — instead of silently"),e.notice(" running every dependency's lifecycle scripts.")};export{D as default};
@@ -1,2 +1,2 @@
1
- import{D as b,p}from"./bin.js";import{w}from"../packem_shared/pm-runner-pVihAfxV.js";import{r as y,l as $,L as v}from"../packem_shared/dependency-scan-BDTH898x.js";import{v as C,m,f as S}from"../packem_shared/index-BDmTbWX1.js";import{e as x}from"../packem_shared/index-DMefdF51.js";const M=e=>{const s=e.trim();return s===""?!1:/^(?:git\+|git:\/\/|git@|ssh:\/\/)/i.test(s)||/^(?:github|gitlab|bitbucket|gist):/i.test(s)||/^[\w.-]+\/[\w.-]+(?:#.+)?$/.test(s)&&!s.includes("@")?!0:/^https?:\/\//i.test(s)},L=(e,s)=>{for(const t of s)if(t===e||t.endsWith("*")&&e.startsWith(t.slice(0,-1)))return!0;return!1},D=(e,s,t={})=>{const o=y(e,s);if(!o)return[];let i;try{i=C(m(e,o.file))}catch{return[]}const n=b(i,o.type);if(n.length===0)return[];const c=t.allow??[],l=[],f=new Set;for(const r of n){const a=`${r.name}@${r.version}`;for(const d of[r.dependencies,r.optionalDependencies])if(d){for(const[u,h]of Object.entries(d))if(!L(u,c))for(const k of h){if(!M(k))continue;const g=`${a}->${u}@${k}`;f.has(g)||(f.add(g),l.push({declaredBy:a,packageName:u,source:k}))}}}return l.sort((r,a)=>r.packageName.localeCompare(a.packageName)||r.declaredBy.localeCompare(a.declaredBy))},E=new Set(["firstSeen","publisherChange"]),N=e=>e.severity==="block"&&e.acceptedRisk===void 0,R=e=>{const s=e.security?.policies?.firstSeen?.minutes,t=typeof s=="number"&&s>0,o=e.security?.policies?.publisherChange?.mode==="no-downgrade",i=e.security?.blockExoticSubdeps===!0;return t||o||i},V=async e=>{const{offline:s=!1,packageManager:t,visConfig:o,workspaceRoot:i}=e,n=Date.now();if(!R(o))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!1,status:"skipped"};const c=y(i,t);if(!c||!S(m(i,c.file)))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!0,status:"fail"};const l=$(i,t,{includeDev:!0}),f=l.length,r=await x({offline:s,packageManager:t,packages:l,workspaceRoot:i},"install",{enabledPolicies:new Set(E),visConfig:o}),a=o.security?.blockExoticSubdeps===!0?D(i,t,{allow:o.security.exoticSubdepsAllow}):[],d=r.some(u=>N(u))||a.length>0;return{decisions:r,durationMs:Date.now()-n,entryCount:f,exoticViolations:a,lockfileMissing:!1,status:d?"fail":"pass"}},B=e=>e<1e3?`${String(e)}ms`:`${(e/1e3).toFixed(1)}s`,P=e=>{if(e.status==="skipped")return["– Lockfile supply-chain verification skipped (no firstSeen / publisherChange / blockExoticSubdeps policy configured)"];if(e.lockfileMissing)return["✗ Lockfile supply-chain verification failed — no lockfile found, the resolved closure cannot be attested"];const s=`(${String(e.entryCount)} ${e.entryCount===1?"entry":"entries"}, ${B(e.durationMs)})`;if(e.status==="pass")return[`✓ Lockfile passes supply-chain policies ${s}`];const t=[`✗ Lockfile failed supply-chain policy check ${s}`];for(const o of e.decisions)o.severity==="block"&&o.acceptedRisk===void 0&&t.push(` [${o.policy}] ${o.reason}`);for(const o of e.exoticViolations)t.push(` [blockExoticSubdeps] ${o.packageName} pulled from exotic source by ${o.declaredBy}: ${o.source}`);return t},I=async({options:e,visConfig:s,workspaceRoot:t})=>{const o=t??process.cwd(),i=w(o);if(!v[i.name]){p.warn(`Package manager '${i.name}' has no lockfile vis can verify.`);return}const n=await V({offline:!!e.offline,packageManager:i.name,visConfig:s??{},workspaceRoot:o});if(e.json){process.stdout.write(`${JSON.stringify(n,void 0,2)}
2
- `),n.status==="fail"&&(process.exitCode=1);return}const[c,...l]=P(n);if(n.status==="skipped"){p.info(c);return}if(n.status==="pass"){p.success(c);return}p.error(c);for(const f of l)p.error(f);process.exitCode=1};export{I as default};
1
+ import{D as b,p}from"./bin.js";import{w}from"../packem_shared/pm-runner-OGResYrA.js";import{r as y,l as $,L as v}from"../packem_shared/dependency-scan-anTuZB1t.js";import{v as C,m,f as S}from"../packem_shared/index-BDmTbWX1.js";import"../packem_shared/public-api-WqUCiyIe.js";import{e as x}from"../packem_shared/index-BJbpNthk.js";const M=e=>{const s=e.trim();return s===""?!1:/^(?:git\+|git:\/\/|git@|ssh:\/\/)/i.test(s)||/^(?:github|gitlab|bitbucket|gist):/i.test(s)||/^[\w.-]+\/[\w.-]+(?:#.+)?$/.test(s)&&!s.includes("@")?!0:/^https?:\/\//i.test(s)},L=(e,s)=>{for(const t of s)if(t===e||t.endsWith("*")&&e.startsWith(t.slice(0,-1)))return!0;return!1},D=(e,s,t={})=>{const o=y(e,s);if(!o)return[];let i;try{i=C(m(e,o.file))}catch{return[]}const n=b(i,o.type);if(n.length===0)return[];const c=t.allow??[],l=[],f=new Set;for(const r of n){const a=`${r.name}@${r.version}`;for(const d of[r.dependencies,r.optionalDependencies])if(d){for(const[u,h]of Object.entries(d))if(!L(u,c))for(const k of h){if(!M(k))continue;const g=`${a}->${u}@${k}`;f.has(g)||(f.add(g),l.push({declaredBy:a,packageName:u,source:k}))}}}return l.sort((r,a)=>r.packageName.localeCompare(a.packageName)||r.declaredBy.localeCompare(a.declaredBy))},E=new Set(["firstSeen","publisherChange"]),N=e=>e.severity==="block"&&e.acceptedRisk===void 0,R=e=>{const s=e.security?.policies?.firstSeen?.minutes,t=typeof s=="number"&&s>0,o=e.security?.policies?.publisherChange?.mode==="no-downgrade",i=e.security?.blockExoticSubdeps===!0;return t||o||i},V=async e=>{const{offline:s=!1,packageManager:t,visConfig:o,workspaceRoot:i}=e,n=Date.now();if(!R(o))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!1,status:"skipped"};const c=y(i,t);if(!c||!S(m(i,c.file)))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!0,status:"fail"};const l=$(i,t,{includeDev:!0}),f=l.length,r=await x({offline:s,packageManager:t,packages:l,workspaceRoot:i},"install",{enabledPolicies:new Set(E),visConfig:o}),a=o.security?.blockExoticSubdeps===!0?D(i,t,{allow:o.security.exoticSubdepsAllow}):[],d=r.some(u=>N(u))||a.length>0;return{decisions:r,durationMs:Date.now()-n,entryCount:f,exoticViolations:a,lockfileMissing:!1,status:d?"fail":"pass"}},B=e=>e<1e3?`${String(e)}ms`:`${(e/1e3).toFixed(1)}s`,P=e=>{if(e.status==="skipped")return["– Lockfile supply-chain verification skipped (no firstSeen / publisherChange / blockExoticSubdeps policy configured)"];if(e.lockfileMissing)return["✗ Lockfile supply-chain verification failed — no lockfile found, the resolved closure cannot be attested"];const s=`(${String(e.entryCount)} ${e.entryCount===1?"entry":"entries"}, ${B(e.durationMs)})`;if(e.status==="pass")return[`✓ Lockfile passes supply-chain policies ${s}`];const t=[`✗ Lockfile failed supply-chain policy check ${s}`];for(const o of e.decisions)o.severity==="block"&&o.acceptedRisk===void 0&&t.push(` [${o.policy}] ${o.reason}`);for(const o of e.exoticViolations)t.push(` [blockExoticSubdeps] ${o.packageName} pulled from exotic source by ${o.declaredBy}: ${o.source}`);return t},J=async({options:e,visConfig:s,workspaceRoot:t})=>{const o=t??process.cwd(),i=w(o);if(!v[i.name]){p.warn(`Package manager '${i.name}' has no lockfile vis can verify.`);return}const n=await V({offline:!!e.offline,packageManager:i.name,visConfig:s??{},workspaceRoot:o});if(e.json){process.stdout.write(`${JSON.stringify(n,void 0,2)}
2
+ `),n.status==="fail"&&(process.exitCode=1);return}const[c,...l]=P(n);if(n.status==="skipped"){p.info(c);return}if(n.status==="pass"){p.success(c);return}p.error(c);for(const f of l)p.error(f);process.exitCode=1};export{J as default};
@@ -0,0 +1,2 @@
1
+ import{p as k}from"../packem_shared/index-CgcF6_wo.js";import{c as $}from"./registry.js";import{d as w}from"./orchestrator.js";import{defaultTagFor as T,renderTagPattern as E}from"./git.js";const R=e=>{let t=0;const i=[],r=()=>{if(t>=e)return;const s=i.shift();s&&(t+=1,s())};return async s=>new Promise((c,a)=>{const m=()=>{t-=1,r()},d=()=>{s().then(c,a).finally(m)};i.push(d),r()})},b=4,p=new Map,h=(e,t)=>{const i=m=>m.replaceAll(/[$()*+.?[\\\]^{|}]/g,String.raw`\$&`);let r="^",s=0;const c=/\{(name|unscopedName|version|major|minor|patch|date|channel)\}/g;let a;for(;(a=c.exec(e))!==null;){switch(r+=i(e.slice(s,a.index)),a[1]){case"name":{r+=i(t.name);break}case"unscopedName":{r+=i(t.name.replace(/^@[^/]+\//,""));break}case"version":{r+=String.raw`(\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?)`;break}default:r+="[^/]+"}s=a.index+a[0].length}return r+=`${i(e.slice(s))}$`,new RegExp(r)},y=async(e,t,i,r)=>{if(t==="disk")return{resolvedFrom:"disk",version:e.version};if(t==="registry"){const l=w(e,r.perPackageConfig??{}),n=await $(l).readPublishedVersion({pkg:e,pm:r.pm,workspaceConfig:r.workspaceConfig});return n&&k.valid(n)?{resolvedFrom:"registry",version:n}:{fallbackReason:n===void 0?`registry returned no version for ${e.name} (likely a 404 / not-yet-published); falling back to manifest version ${e.version}.`:`registry returned an invalid semver "${n}" for ${e.name}; falling back to manifest version ${e.version}.`,resolvedFrom:"disk",version:e.version}}const s=r.perPackageConfig?.releaseTagPattern??r.workspaceConfig?.releaseTagPattern??"{name}@{version}",c=s.replaceAll(/\{(name|unscopedName|version|major|minor|patch|date|channel)\}/g,(l,n)=>n==="name"?e.name:n==="unscopedName"?e.name.replace(/^@[^/]+\//,""):"*"),a=await r.runner.run("git",["tag","--list",c,"--sort=-v:refname"],{cwd:r.cwd,silent:!0});if(a.exitCode!==0)return{fallbackReason:`git tag --list ${c} failed (exit ${a.exitCode}); falling back to manifest version ${e.version}.`,resolvedFrom:"disk",version:e.version};const m=a.stdout.split(`
2
+ `).map(l=>l.trim()).filter(Boolean);if(m.length===0)return{fallbackReason:`no git tag matched pattern "${s}" for ${e.name}; falling back to manifest version ${e.version}. (Pass --first-release to bootstrap.)`,resolvedFrom:"disk",version:e.version};const d=h(s,e),o=[];for(const l of m){const n=d.exec(l);n?.[1]&&k.valid(n[1])&&o.push(n[1])}return o.length===0?{fallbackReason:`git tag pattern "${s}" matched tags but none yielded a valid semver for ${e.name}; falling back to manifest version ${e.version}.`,resolvedFrom:"disk",version:e.version}:(o.sort(k.rcompare),{resolvedFrom:"git-tag",version:o[0]})},C=(e,t,i)=>i?"disk":t?.currentVersionResolver??e?.currentVersionResolver??"disk",V=async(e,t,i,r,s)=>{const c=new Map,a=[],m=R(b),d=await Promise.all(e.map(async o=>m(async()=>{const l=r.get(o.name),n=C(i,l,s.firstRelease),g=s.skipRegistryLookup?"disk":n,v=`${o.name}@${g}@${o.version}`,u=p.get(v);if(u)return{mode:g,pkg:o,result:await u};const f=y(o,g,t,{...s,perPackageConfig:l,workspaceConfig:i});return p.set(v,f),f.catch(()=>{p.get(v)===f&&p.delete(v)}),{mode:g,pkg:o,result:await f}})));for(const{mode:o,pkg:l,result:n}of d)c.set(l.name,n.version),n.fallbackReason&&o!=="disk"&&a.push(`currentVersionResolver (${o}): ${n.fallbackReason}`);return{versions:c,warnings:a}};export{b as REGISTRY_LOOKUP_CONCURRENCY,h as compileReleaseTagRegex,T as defaultTagFor,E as renderTagPattern,y as resolveCurrentVersion,V as resolveCurrentVersionsForWorkspace,C as resolveModeForPackage};
@@ -0,0 +1 @@
1
+ import{redactTokens as f}from"./security.js";import{expandNotificationTemplate as h}from"./interface.js";const c=(e,t)=>{if(typeof e=="string")return h(e,t);if(Array.isArray(e))return e.map(o=>c(o,t));if(e!==null&&typeof e=="object"){const o={};for(const[n,i]of Object.entries(e))o[n]=c(i,t);return o}return e},p=e=>({channel:e.channel,completedAt:e.completedAt,monorepoName:e.monorepoName,published:e.published.map(t=>({name:t.name,tag:t.tag,url:t.url,version:t.version})),repo:e.repo,skipped:e.skipped.map(t=>({name:t.name}))}),d=(e,t)=>{if(!e)return{};const o={};for(const[n,i]of Object.entries(e))o[n]=h(i,t);return o};class u{constructor(t){this.config=t,this.id=t.id?`webhook:${t.id}`:"webhook"}config;id;async send(t){const o=this.config.method??"POST",n={"Content-Type":"application/json",...d(this.config.headers,t)},i=this.config.body===void 0?p(t):c(this.config.body,t);let s;try{s=await fetch(this.config.url,{body:JSON.stringify(i),headers:n,method:o})}catch(r){const a=r instanceof Error?r.name:"NetworkError";throw new Error(`Webhook ${this.id} fetch failed (${a})`,{cause:r})}if(!s.ok){const r=await s.text().catch(()=>""),a=r?`: ${f(r.slice(0,200))}`:"";throw new Error(`Webhook ${this.id} POST <webhook-url> returned ${s.status} ${s.statusText}${a}`)}}}export{u as WebhookNotificationChannel};
@@ -0,0 +1,167 @@
1
+ const t=e=>{switch(e){case"bun":return"bun install --frozen-lockfile";case"npm":return"npm ci";case"pnpm":return"pnpm install --frozen-lockfile";case"yarn":return"yarn install --immutable";default:return`${e} install`}},r=e=>`${e} run build`,n=e=>e==="npm"?"npx":e==="bun"?"bunx":`${e} exec`,o=e=>{switch(e){case"bun":return"npm install -g bun";case"npm":return"";case"pnpm":return"npm install -g pnpm";case"yarn":return"corepack enable && corepack prepare yarn@stable --activate";default:return""}},l=e=>`# vis release — primary release workflow.
2
+ # Generated by \`vis release init --workflows\`. Edit freely.
3
+
4
+ name: vis release
5
+
6
+ on:
7
+ push:
8
+ branches:
9
+ ${e.branches.map(s=>` - "${s}"`).join(`
10
+ `)}
11
+ workflow_dispatch:
12
+
13
+ concurrency:
14
+ group: vis-release-\${{ github.ref }}
15
+ cancel-in-progress: false
16
+
17
+ permissions:
18
+ contents: write
19
+ pull-requests: write
20
+ ${e.useOidc?` id-token: write
21
+ `:""}
22
+ jobs:
23
+ release:
24
+ runs-on: ubuntu-latest
25
+ steps:
26
+ - uses: actions/checkout@v4
27
+ with:
28
+ fetch-depth: 0
29
+ token: \${{ secrets.VIS_GH_TOKEN || github.token }}
30
+ persist-credentials: false
31
+
32
+ - uses: actions/setup-node@v4
33
+ with:
34
+ node-version: "22"
35
+
36
+ ${e.packageManager==="pnpm"?` - uses: pnpm/action-setup@v4
37
+ `:""}${e.packageManager==="bun"?` - uses: oven-sh/setup-bun@v2
38
+ `:""} - run: ${t(e.packageManager)}
39
+ - run: ${r(e.packageManager)}
40
+
41
+ - run: ${n(e.packageManager)} vis release ci release
42
+ env:
43
+ GH_TOKEN: \${{ github.token }}
44
+ VIS_GH_TOKEN: \${{ secrets.VIS_GH_TOKEN || github.token }}
45
+ ${e.useOidc?` # OIDC trusted publishing — no publish token needed when configured on npmjs.com
46
+ `:" NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n"} GIT_AUTHOR_NAME: "vis-release-bot"
47
+ GIT_AUTHOR_EMAIL: "vis-release-bot@users.noreply.github.com"
48
+ GIT_COMMITTER_NAME: "vis-release-bot"
49
+ GIT_COMMITTER_EMAIL: "vis-release-bot@users.noreply.github.com"
50
+ `,g=e=>`# vis release ci check — sticky PR comment with release plan.
51
+ # Generated by \`vis release init --workflows\`. Edit freely.
52
+
53
+ name: vis release check
54
+
55
+ on:
56
+ pull_request:
57
+ types: [opened, synchronize, reopened]
58
+
59
+ permissions:
60
+ contents: read
61
+ pull-requests: write
62
+
63
+ jobs:
64
+ check:
65
+ runs-on: ubuntu-latest
66
+ steps:
67
+ - uses: actions/checkout@v4
68
+ with:
69
+ fetch-depth: 0
70
+ persist-credentials: false
71
+ - uses: actions/setup-node@v4
72
+ with:
73
+ node-version: "22"
74
+ ${e.packageManager==="pnpm"?` - uses: pnpm/action-setup@v4
75
+ `:""}${e.packageManager==="bun"?` - uses: oven-sh/setup-bun@v2
76
+ `:""} - run: ${t(e.packageManager)}
77
+ - run: ${n(e.packageManager)} vis release ci check
78
+ env:
79
+ GH_TOKEN: \${{ github.token }}
80
+ `,h=e=>`# vis release ci snapshot — preview release publish + sticky PR comment.
81
+ # Generated by \`vis release init --workflows\`. Edit freely.
82
+
83
+ name: vis release snapshot
84
+
85
+ on:
86
+ pull_request:
87
+ types: [opened, synchronize, reopened]
88
+
89
+ concurrency:
90
+ group: vis-release-snapshot-\${{ github.event.pull_request.number }}
91
+ cancel-in-progress: true
92
+
93
+ permissions:
94
+ contents: read
95
+ pull-requests: write
96
+ ${e.useOidc?` id-token: write
97
+ `:""}
98
+ jobs:
99
+ snapshot:
100
+ runs-on: ubuntu-latest
101
+ steps:
102
+ - uses: actions/checkout@v4
103
+ with:
104
+ fetch-depth: 0
105
+ persist-credentials: false
106
+ - uses: actions/setup-node@v4
107
+ with:
108
+ node-version: "22"
109
+ ${e.packageManager==="pnpm"?` - uses: pnpm/action-setup@v4
110
+ `:""}${e.packageManager==="bun"?` - uses: oven-sh/setup-bun@v2
111
+ `:""} - run: ${t(e.packageManager)}
112
+ - run: ${r(e.packageManager)}
113
+ - run: ${n(e.packageManager)} vis release ci snapshot
114
+ env:
115
+ GH_TOKEN: \${{ github.token }}
116
+ ${e.useOidc?"":" NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n"}`,b=e=>`# .gitlab-ci.yml — vis release CI pipeline.
117
+ # Generated by \`vis release init --workflows\`. Edit freely.
118
+ #
119
+ # Required CI/CD variables (Project Settings → CI/CD → Variables):
120
+ # - VIS_GH_TOKEN (or GITLAB_TOKEN) — PAT for force-pushing the version-PR branch
121
+ # - NPM_TOKEN — npm publish auth (until npm OIDC supports GitLab)
122
+ #
123
+ # Self-hosted GitLab: set release.gitlabHost in vis.config.ts (translates to
124
+ # GITLAB_HOST for every glab invocation), or export GITLAB_HOST in the job env.
125
+
126
+ stages:
127
+ - check
128
+ - release
129
+
130
+ default:
131
+ image: node:22
132
+
133
+ variables:
134
+ PM: "${e.packageManager}"
135
+
136
+ before_script:
137
+ ${o(e.packageManager)?` - ${o(e.packageManager)}
138
+ `:""} - ${t(e.packageManager)}
139
+
140
+ ${e.includeCheck?`vis-release-check:
141
+ stage: check
142
+ rules:
143
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
144
+ script:
145
+ - ${n(e.packageManager)} vis release ci check
146
+
147
+ `:""}${e.includeSnapshot?`vis-release-snapshot:
148
+ stage: check
149
+ rules:
150
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
151
+ script:
152
+ - ${r(e.packageManager)}
153
+ - ${n(e.packageManager)} vis release ci snapshot
154
+
155
+ `:""}vis-release:
156
+ stage: release
157
+ # Serialize releases per branch so two close-together pushes don't
158
+ # race on the same registry / staged.json / tag namespace. GitLab's
159
+ # equivalent of GitHub Actions' concurrency.group.
160
+ resource_group: vis-release-$CI_COMMIT_BRANCH
161
+ rules:
162
+ ${e.branches.map(s=>` - if: $CI_COMMIT_BRANCH == "${s}"`).join(`
163
+ `)}
164
+ script:
165
+ - ${r(e.packageManager)}
166
+ - ${n(e.packageManager)} vis release ci release
167
+ `,k=(e,s={})=>{const u=s.provider??(e.provider==="github"||e.provider==="gitlab"?e.provider:"github"),p=e.channels??{},i=s.branches??Object.keys(p);i.length===0&&i.push("main");const a={branches:i,includeCheck:s.includeCheck??!0,includeSnapshot:s.includeSnapshot??!0,packageManager:s.packageManager??"pnpm",useOidc:s.useOidc??!0};if(u==="gitlab")return[{content:b(a),path:".gitlab-ci.yml"}];const c=[{content:l(a),path:".github/workflows/vis-release.yml"}];return a.includeCheck&&c.push({content:g(a),path:".github/workflows/vis-release-check.yml"}),a.includeSnapshot&&c.push({content:h(a),path:".github/workflows/vis-release-snapshot.yml"}),c};export{k as generateWorkflowFiles};
@@ -0,0 +1,2 @@
1
+ import{createRequire as h}from"node:module";import w from"./index.js";import{normaliseGroup as _}from"../release/types.js";import{d as C}from"./registry.js";import{resolveFormatter as v}from"./resolveFormatter.js";const m=h(import.meta.url),g=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,u=o=>{if(typeof g<"u"&&g.versions&&g.versions.node){const[n,t]=g.versions.node.split(".").map(Number);if(n>22||n===22&&t>=3||n===20&&t>=16)return g.getBuiltinModule(o)}return m(o)},{readFile:d,writeFile:f}=u("node:fs/promises"),k="## Release wave {date} ({count} packages)",$=async(o,n,t,s={})=>{const r=s.renderer??t,e=[(s.waveHeading??k).replaceAll("{date}",n).replaceAll("{count}",String(o.length)),""];for(const a of o){e.push(`### ${a.name} → ${a.newVersion}`),e.push("");const i={changeFiles:a.changeFiles,date:n,release:a,target:"github-release"},c=await r(i);c.trim()?e.push(c.trim()):e.push("_No changelog entries._"),e.push("")}return e.join(`
2
+ `)},j=(o,n={})=>{const t=n.file??"CHANGELOG.md";return t.startsWith("/")?t:`${o}/${t}`},y=/[!()*+?@[\]{|}]/,G=(o,n)=>{const t=[],s=new Set;for(const r of o)if(y.test(r))for(const e of n)!s.has(e.name)&&w(r,e.name)&&(s.add(e.name),t.push(e));else{const e=n.find(a=>a.name===r);e&&!s.has(e.name)&&(s.add(e.name),t.push(e))}return t},N=(o,n,t)=>{const s=new Map,r=[...o.fixed??[],...o.linked??[]];for(const e of r){const a=_(e);if(a.changelog.mode!=="shared")continue;const i=G(a.packages,n);if(i.length===0)continue;let c;a.changelog.path?c=a.changelog.path.startsWith("/")?a.changelog.path:`${t}/${a.changelog.path}`:c=`${[...i].sort((l,p)=>l.name.localeCompare(p.name))[0].dir}/GROUP-CHANGELOG.md`;for(const l of i)s.has(l.name)||s.set(l.name,c)}return s},O=async(o,n)=>{if(n.length===0)return;const t=o.workspaceChangelog,s=typeof t=="object"?t:void 0,r=await v(o.changelogConfig,o.cwd),e=new Date().toISOString().slice(0,10),a=await $(n,e,r,s),i=j(o.cwd,s),c=await d(i,"utf8").catch(()=>{});return await f(i,C(a,c)),i};export{$ as renderWorkspaceChangelog,N as resolveGroupChangelogRouting,j as workspaceChangelogPath,O as writeWorkspaceChangelogWave};
@@ -0,0 +1 @@
1
+ class e{}class o{}export{o as AfterAllProjectsVersioned,e as VersionActions};
@@ -0,0 +1 @@
1
+ import{b as r,a as d,p as h}from"../packem_chunks/orchestrator.js";const w=async(a={})=>{const e=await r(a),t=await d(e,{dryRun:a.dryRun});return{changedFiles:t.changedFiles,deletedFiles:t.deletedFiles,plan:t.plan}},y=async(a={})=>{const e=await r(a),{resolveFormatter:t}=await import("../packem_chunks/resolveFormatter.js"),n=await t(e.config.changelog,e.cwd),g=new Date().toISOString().slice(0,10),o=[];for(const s of e.plan.releases){const i=e.depGraph.getPackage(s.name);if(!i)continue;const l=await n({changeFiles:s.changeFiles,date:g,release:s,target:"changelog"});o.push({content:l,file:`${i.dir}/CHANGELOG.md`,package:s.name})}return{projectChangelogs:o}},F=async(a={})=>{const e=await r(a);return await h(e,{dryRun:a.dryRun,otp:a.otp,tag:a.tag})},m=async a=>{const e=await r(a),{runSnapshot:t}=await import("../packem_chunks/snapshot.js"),n=await t({context:e,dryRun:a.dryRun,registry:a.registry,tag:a.tag});return{failed:n.failed,published:n.published,skipped:n.skipped,snapshotVersion:n.snapshotVersion,tag:n.tag}},R=async(a={})=>{const e=await r(a),t=await d(e,{dryRun:a.dryRun}),n={changedFiles:t.changedFiles,deletedFiles:t.deletedFiles,plan:t.plan},{resolveFormatter:g}=await import("../packem_chunks/resolveFormatter.js"),o=await g(e.config.changelog,e.cwd),s=new Date().toISOString().slice(0,10),i=[];for(const c of t.plan.releases){const p=e.depGraph.getPackage(c.name);if(!p)continue;const f=await o({changeFiles:c.changeFiles,date:s,release:c,target:"changelog"});i.push({content:f,file:`${p.dir}/CHANGELOG.md`,package:c.name})}const l={projectChangelogs:i};if(a.skipPublish)return{changelog:l,publish:{failed:[],published:[],skipped:[]},version:n};const u=await h(e,{dryRun:a.dryRun,otp:void 0,tag:void 0});return{changelog:l,publish:u,version:n}};class C{constructor(e={}){this.config=e}config;releaseVersion(e={}){return w({...e,config:this.config})}releaseChangelog(e={}){return y({...e,config:this.config})}releasePublish(e={}){return F({...e,config:this.config})}releaseSnapshot(e){return m({...e,config:this.config})}}export{C as ReleaseClient,R as release,y as releaseChangelog,F as releasePublish,m as releaseSnapshot,w as releaseVersion};
@@ -0,0 +1 @@
1
+ class i extends Error{code;hint;docsUrl;packageName;file;line;constructor(e){super(e.message,{cause:e.cause}),this.name="VisReleaseError",this.code=e.code,this.hint=e.hint,this.docsUrl=e.docsUrl,this.packageName=e.packageName,this.file=e.file,this.line=e.line}}const r=s=>new i(s);export{i as VisReleaseError,r as visReleaseError};
@@ -1,4 +1,4 @@
1
- import{createRequire as G}from"node:module";import{az as ee,aA as te,aB as re,h as ae,k as f,a5 as se,g as k,c as oe,aC as ne}from"../packem_chunks/bin.js";const K=G(import.meta.url),M=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=e=>{if(typeof M<"u"&&M.versions&&M.versions.node){const[a,t]=M.versions.node.split(".").map(Number);if(a>22||a===22&&t>=3||a===20&&t>=16)return M.getBuiltinModule(e)}return K(e)},{spawn:Y,execFileSync:N,execFile:X}=A("node:child_process"),{existsSync:_}=A("node:fs"),{platform:Z,homedir:P}=A("node:os"),{join:h}=A("node:path"),{promisify:Q}=A("node:util"),ie=/v?(\d+\.\d+\.\d+(?:-[\w.]+)?)/,ue=5e3,ce=1e4,de=3e5,le=4096,T=Z()==="win32",q=["amp","claude","codex","copilot","crush","cursor","droid","gemini","kimi","opencode","qwen"];class w extends Error{exitCode;durationMs;provider;stderr;stdout;timedOut;aborted;constructor(a,t){super(a),this.name="AiRunError",this.provider=t.provider,this.exitCode=t.exitCode??null,this.durationMs=t.durationMs,this.stdout=t.stdout??"",this.stderr=t.stderr??"",this.timedOut=t.timedOut??!1,this.aborted=t.aborted??!1}}const pe={alternateCommands:[],buildArgs:(e,{dangerous:a})=>{const t=["-x",e];return a&&t.push("--dangerously-allow-all"),t},command:"amp",defaultModel:"",envVariable:"AMP_PATH",supportsMaxTokens:!1,supportsModel:!1},me={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=[];return a&&r.push("--dangerously-skip-permissions"),t&&r.push("--model",t),r.push("--output-format","text","-p",e),r},command:"claude",defaultModel:"",envVariable:"CLAUDE_PATH",supportsMaxTokens:!1,supportsModel:!0},ge={alternateCommands:["openai-codex"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["exec"];return t&&r.push("--model",t),a&&r.push("--dangerously-bypass-approvals-and-sandbox"),r.push(e),r},command:"codex",defaultModel:"",envVariable:"CODEX_PATH",supportsMaxTokens:!1,supportsModel:!0},he={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p",e];return a&&r.push("--allow-all-tools"),t&&r.push("--model",t),r},command:"copilot",defaultModel:"",envVariable:"COPILOT_PATH",supportsMaxTokens:!1,supportsModel:!0},fe={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=["run"];return a&&r.push("--yolo"),t&&r.push("-m",t),r.push(e),r},command:"crush",defaultModel:"",envVariable:"CRUSH_PATH",supportsMaxTokens:!1,supportsModel:!0},ye={alternateCommands:["cursor"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p"];return a&&r.push("--force"),r.push("--output-format","text"),t&&r.push("--model",t),r.push(e),r},command:"agent",defaultModel:"",envVariable:"CURSOR_PATH",supportsMaxTokens:!1,supportsModel:!0},ve={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=[e];return a&&r.push("--skip-permissions-unsafe"),r.push("-o","text"),t&&r.push("-m",t),r},command:"droid",defaultModel:"",envVariable:"DROID_PATH",supportsMaxTokens:!1,supportsModel:!0},be={alternateCommands:["gemini-cli"],buildArgs:(e,{dangerous:a,maxTokens:t,model:r})=>{const s=[];return a||s.push("--sandbox"),r&&s.push("--model",r),s.push("--max-output-tokens",String(t),"-p",e),s},command:"gemini",defaultModel:"gemini-2.5-pro",envVariable:"GEMINI_PATH",supportsMaxTokens:!0,supportsModel:!0},ke={alternateCommands:[],buildArgs:(e,{model:a})=>{const t=["--quiet","-p",e];return a&&t.push("-m",a),t},command:"kimi",defaultModel:"",envVariable:"KIMI_PATH",supportsMaxTokens:!1,supportsModel:!0},we={alternateCommands:[],buildArgs:(e,{model:a})=>{const t=["run",e];return a&&t.push("-m",a),t},command:"opencode",defaultModel:"",envVariable:"OPENCODE_PATH",supportsMaxTokens:!1,supportsModel:!0},Me={alternateCommands:["qwen-code"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p",e];return a&&r.push("--yolo"),r.push("-o","text"),t&&r.push("-m",t),r},command:"qwen",defaultModel:"",envVariable:"QWEN_PATH",supportsMaxTokens:!1,supportsModel:!0};Q(X);const V={amp:pe,claude:me,codex:ge,copilot:he,crush:fe,cursor:ye,droid:ve,gemini:be,kimi:ke,opencode:we,qwen:Me},Ae=/\.(?:bat|cmd)$/i,D=e=>T&&Ae.test(e),L=e=>`"${e.replaceAll('"','""')}"`,O=e=>e==="~"||e.startsWith("~/")||T&&e.startsWith("~\\")?h(P(),e.slice(2)):e,Se=e=>{try{const a=N(T?"where":"which",[e],{encoding:"utf8",stdio:["pipe","pipe","pipe"],timeout:ue}).trim().split(`
1
+ import{createRequire as G}from"node:module";import{az as ee,aA as te,aB as re,h as ae,k as f,a5 as se,m as k,d as oe,aC as ne}from"../packem_chunks/bin.js";const K=G(import.meta.url),M=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=e=>{if(typeof M<"u"&&M.versions&&M.versions.node){const[a,t]=M.versions.node.split(".").map(Number);if(a>22||a===22&&t>=3||a===20&&t>=16)return M.getBuiltinModule(e)}return K(e)},{spawn:Y,execFileSync:N,execFile:X}=A("node:child_process"),{existsSync:_}=A("node:fs"),{platform:Z,homedir:P}=A("node:os"),{join:h}=A("node:path"),{promisify:Q}=A("node:util"),ie=/v?(\d+\.\d+\.\d+(?:-[\w.]+)?)/,ue=5e3,ce=1e4,de=3e5,le=4096,T=Z()==="win32",q=["amp","claude","codex","copilot","crush","cursor","droid","gemini","kimi","opencode","qwen"];class w extends Error{exitCode;durationMs;provider;stderr;stdout;timedOut;aborted;constructor(a,t){super(a),this.name="AiRunError",this.provider=t.provider,this.exitCode=t.exitCode??null,this.durationMs=t.durationMs,this.stdout=t.stdout??"",this.stderr=t.stderr??"",this.timedOut=t.timedOut??!1,this.aborted=t.aborted??!1}}const pe={alternateCommands:[],buildArgs:(e,{dangerous:a})=>{const t=["-x",e];return a&&t.push("--dangerously-allow-all"),t},command:"amp",defaultModel:"",envVariable:"AMP_PATH",supportsMaxTokens:!1,supportsModel:!1},me={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=[];return a&&r.push("--dangerously-skip-permissions"),t&&r.push("--model",t),r.push("--output-format","text","-p",e),r},command:"claude",defaultModel:"",envVariable:"CLAUDE_PATH",supportsMaxTokens:!1,supportsModel:!0},ge={alternateCommands:["openai-codex"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["exec"];return t&&r.push("--model",t),a&&r.push("--dangerously-bypass-approvals-and-sandbox"),r.push(e),r},command:"codex",defaultModel:"",envVariable:"CODEX_PATH",supportsMaxTokens:!1,supportsModel:!0},he={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p",e];return a&&r.push("--allow-all-tools"),t&&r.push("--model",t),r},command:"copilot",defaultModel:"",envVariable:"COPILOT_PATH",supportsMaxTokens:!1,supportsModel:!0},fe={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=["run"];return a&&r.push("--yolo"),t&&r.push("-m",t),r.push(e),r},command:"crush",defaultModel:"",envVariable:"CRUSH_PATH",supportsMaxTokens:!1,supportsModel:!0},ye={alternateCommands:["cursor"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p"];return a&&r.push("--force"),r.push("--output-format","text"),t&&r.push("--model",t),r.push(e),r},command:"agent",defaultModel:"",envVariable:"CURSOR_PATH",supportsMaxTokens:!1,supportsModel:!0},ve={alternateCommands:[],buildArgs:(e,{dangerous:a,model:t})=>{const r=[e];return a&&r.push("--skip-permissions-unsafe"),r.push("-o","text"),t&&r.push("-m",t),r},command:"droid",defaultModel:"",envVariable:"DROID_PATH",supportsMaxTokens:!1,supportsModel:!0},be={alternateCommands:["gemini-cli"],buildArgs:(e,{dangerous:a,maxTokens:t,model:r})=>{const s=[];return a||s.push("--sandbox"),r&&s.push("--model",r),s.push("--max-output-tokens",String(t),"-p",e),s},command:"gemini",defaultModel:"gemini-2.5-pro",envVariable:"GEMINI_PATH",supportsMaxTokens:!0,supportsModel:!0},ke={alternateCommands:[],buildArgs:(e,{model:a})=>{const t=["--quiet","-p",e];return a&&t.push("-m",a),t},command:"kimi",defaultModel:"",envVariable:"KIMI_PATH",supportsMaxTokens:!1,supportsModel:!0},we={alternateCommands:[],buildArgs:(e,{model:a})=>{const t=["run",e];return a&&t.push("-m",a),t},command:"opencode",defaultModel:"",envVariable:"OPENCODE_PATH",supportsMaxTokens:!1,supportsModel:!0},Me={alternateCommands:["qwen-code"],buildArgs:(e,{dangerous:a,model:t})=>{const r=["-p",e];return a&&r.push("--yolo"),r.push("-o","text"),t&&r.push("-m",t),r},command:"qwen",defaultModel:"",envVariable:"QWEN_PATH",supportsMaxTokens:!1,supportsModel:!0};Q(X);const V={amp:pe,claude:me,codex:ge,copilot:he,crush:fe,cursor:ye,droid:ve,gemini:be,kimi:ke,opencode:we,qwen:Me},Ae=/\.(?:bat|cmd)$/i,D=e=>T&&Ae.test(e),L=e=>`"${e.replaceAll('"','""')}"`,O=e=>e==="~"||e.startsWith("~/")||T&&e.startsWith("~\\")?h(P(),e.slice(2)):e,Se=e=>{try{const a=N(T?"where":"which",[e],{encoding:"utf8",stdio:["pipe","pipe","pipe"],timeout:ue}).trim().split(`
2
2
  `)[0]?.trim();return a&&a.length>0?a:void 0}catch{return}},$e=e=>{const a=P();if(T){const t=process.env.APPDATA??"",r=process.env.LOCALAPPDATA??"",s=process.env.ProgramFiles??"";return[h(t,"npm",`${e}.cmd`),h(t,"npm",e),h(r,"Programs",e,`${e}.exe`),h(s,e,`${e}.exe`),h(a,".npm-global","bin",`${e}.cmd`)]}return[`/opt/homebrew/bin/${e}`,`/usr/local/bin/${e}`,h(a,".npm-global","bin",e),h(a,".local","bin",e),h(a,".cargo","bin",e)]},Te=e=>{try{const a=N(e,["--version"],{encoding:"utf8",shell:D(e),stdio:["pipe","pipe","pipe"],timeout:ce}),t=ie.exec(a);return t?t[1]:void 0}catch{return}},F=(e,a={})=>{const t=V[e],r={available:!1,name:e},s=a.version!==!1,o=i=>{if(s)return Te(i)},n=process.env[t.envVariable];if(n&&_(O(n))){const i=O(n);return{...r,available:!0,detectionMethod:"envvar",path:i,version:o(i)}}const c=[t.command,...t.alternateCommands];for(const i of c){const u=Se(i);if(u)return{...r,available:!0,detectionMethod:"which",path:u,version:o(u)}}for(const i of c)for(const u of $e(i))if(_(u))return{...r,available:!0,detectionMethod:"known-path",path:u,version:o(u)};return r},xe=(e={})=>q.map(a=>F(a,e)),Ce=(e={})=>xe(e).filter(a=>a.available),Ee=(e,a,t={})=>{const r=V[e],s=t.model??r.defaultModel,o=t.maxTokens!==void 0&&Number.isFinite(t.maxTokens)?t.maxTokens:le;return r.buildArgs(a,{dangerous:t.dangerous===!0,maxTokens:o,model:s})},Re=async(e,a,t={})=>{if(!e.available||!e.path)throw new w(`AI provider "${e.name}" is not available.`,{durationMs:0,provider:e.name});const r=Ee(e.name,a,t),s=t.timeoutMs!==void 0&&Number.isFinite(t.timeoutMs)?t.timeoutMs:de,o=e.path,n=D(o),c=Date.now();if(t.signal?.aborted)throw new w(`${e.name} CLI run was aborted.`,{aborted:!0,durationMs:0,provider:e.name});return new Promise((i,u)=>{const m={cwd:t.cwd,env:{...process.env,...t.env,FORCE_COLOR:"0",NO_COLOR:"1"},shell:n,stdio:["pipe","pipe","pipe"]},l=n?r.map(d=>L(d)):r,g=Y(n?L(o):o,l,m);g.stdin?.end();let y="",v="",b=!1,E,R,S;const x=()=>{clearTimeout(R),clearTimeout(E),S&&t.signal?.removeEventListener("abort",S)},J=()=>{g.kill("SIGKILL")},I=d=>{if(b)return;b=!0,g.kill("SIGTERM"),E=setTimeout(J,5e3),x();const p=Date.now()-c,W=d?new w(`${e.name} CLI run was aborted.`,{aborted:!0,durationMs:p,provider:e.name,stderr:v,stdout:y}):new w(`${e.name} CLI timed out after ${String(s)}ms`,{durationMs:p,provider:e.name,stderr:v,stdout:y,timedOut:!0});u(W)};R=setTimeout(I,s,!1),S=()=>{I(!0)},t.signal?.addEventListener("abort",S,{once:!0}),g.stdout?.on("data",d=>{const p=d.toString("utf8");y+=p,t.onStdout?.(p)}),g.stderr?.on("data",d=>{const p=d.toString("utf8");v+=p,t.onStderr?.(p)}),g.on("close",d=>{if(b)return;b=!0,x();const p=Date.now()-c;d===0?i({durationMs:p,exitCode:d,provider:e.name,stderr:v,stdout:y}):u(new w(`${e.name} CLI exited with code ${String(d)}: ${v||y}`,{durationMs:p,exitCode:d,provider:e.name,stderr:v,stdout:y}))}),g.on("error",d=>{b||(b=!0,x(),u(new w(`Failed to spawn ${e.name} CLI: ${d.message}`,{durationMs:Date.now()-c,provider:e.name,stderr:v,stdout:y})))})})},Ie=12e4,_e=2,Le=1e3,Oe=e=>new Promise(a=>{setTimeout(a,e)}),H=async(e,a,t=_e)=>{let r;for(let s=0;s<=t;s+=1)try{return(await Re(e,a,{timeoutMs:Ie})).stdout}catch(o){if(r=o instanceof Error?o:new Error(String(o)),r.message.includes("timed out"))throw r;if(s<t){const n=Le*2**s;await Oe(n)}}throw r??new Error("AI request failed after retries")},je={amp:30,claude:80,codex:60,copilot:50,crush:35,cursor:40,droid:20,gemini:100,kimi:25,opencode:35,qwen:30},Ne=e=>{if(e?.provider){if(!q.includes(e.provider))return;const r=F(e.provider);return r.available?r:void 0}const a=Ce();if(a.length===0)return;const t={...je,...e?.priority};return a.toSorted((r,s)=>(t[s.name]??0)-(t[r.name]??0))[0]},Pe=new Set(["defer","review","skip","update"]),qe=new Set(["critical","high","low","medium"]),Ve=new Set(["high","low","medium"]),De=50,C=30,Fe=e=>e.map(a=>{const t=a.vulnerabilities&&a.vulnerabilities.length>0?` [VULNERABILITIES: ${a.vulnerabilities.map(s=>`${s.severity} ${s.id}`).join(", ")}]`:"";let r="";if(a.socketReport){const s=Math.round(a.socketReport.score.overall*100),o=[`score:${String(s)}%`];if(a.socketReport.alerts.length>0){const n={};for(const i of a.socketReport.alerts)n[i.severity]=(n[i.severity]??0)+1;const c=Object.entries(n).map(([i,u])=>`${String(u)} ${i}`).join(", ");o.push(`alerts: ${c}`)}o.push(`supply-chain:${String(Math.round(a.socketReport.score.supplyChain*100))}%`),o.push(`quality:${String(Math.round(a.socketReport.score.quality*100))}%`),r=` [SOCKET.DEV: ${o.join(", ")}]`}return`- ${a.packageName}: ${a.currentRange} → ${a.newRange} (${a.updateType})${t}${r}`}).join(`
3
3
  `),$=`Respond ONLY with valid JSON in this exact structure:
4
4
  {
@@ -1,4 +1,4 @@
1
- import{createRequire as b}from"node:module";import{readLastRunSummary as O}from"@visulima/task-runner";import{a as T}from"./failure-log-Dwqt6_Ga.js";import{a8 as w,a9 as j,aa as k,z as C,A as D,ab as P,ac as F,ad as N}from"../packem_chunks/bin.js";import{A as y,B as v,m as R,y as B}from"./index-BDmTbWX1.js";import{R as E,r as M,b as q}from"./ai-analysis-DT3bU-_M.js";const $=b(import.meta.url),d=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,I=t=>{if(typeof d<"u"&&d.versions&&d.versions.node){const[e,a]=d.versions.node.split(".").map(Number);if(e>22||e===22&&a>=3||e===20&&a>=16)return d.getBuiltinModule(t)}return $(t)},{readFile:_,writeFile:A}=I("node:fs/promises"),H=32*1024,W=(t,e)=>{if(t.length<=e)return t;const a=t.slice(-e),o=t.length-a.length;return`[…${String(o)} bytes truncated from head…]
1
+ import{createRequire as b}from"node:module";import{readLastRunSummary as O}from"@visulima/task-runner";import{a as T}from"./failure-log-CEWP3bP0.js";import{a8 as w,a9 as j,aa as k,z as C,A as D,ab as P,ac as F,ad as N}from"../packem_chunks/bin.js";import{A as y,B as v,m as R,y as B}from"./index-BDmTbWX1.js";import{R as E,r as M,b as q}from"./ai-analysis-K-DKU3ZA.js";const $=b(import.meta.url),d=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,I=t=>{if(typeof d<"u"&&d.versions&&d.versions.node){const[e,a]=d.versions.node.split(".").map(Number);if(e>22||e===22&&a>=3||e===20&&a>=16)return d.getBuiltinModule(t)}return $(t)},{readFile:_,writeFile:A}=I("node:fs/promises"),H=32*1024,W=(t,e)=>{if(t.length<=e)return t;const a=t.slice(-e),o=t.length-a.length;return`[…${String(o)} bytes truncated from head…]
2
2
  ${a}`},L=async(t,e)=>e===void 0?O(t,{dataDirectory:C(t)}):D(t,e),ut=async(t,e,a={})=>{const o=a.terminalOutputLimit??H,[s,n]=await Promise.all([T(t,e),L(t,a.runId)]),i=n?w(n,e):void 0;if(!s&&!i)return;let r,c;if(n&&i){const h=await j(t,n.id),p=h?w(h,e):void 0;r=k(i.hashDetails,p?.hashDetails),c=h?.id}const u=s?.terminalOutput??"";return{command:s?.command??void 0,cwd:s?.cwd??void 0,dependencies:i?.dependencies??[],duration:i?.duration,exitCode:s?.exitCode??i?.exitCode,hash:i?.hash??s?.hash,hashDetails:i?.hashDetails,hashDiff:r,previousRunId:c,project:i?.target.project,runId:n?.id??s?.runId,status:s?.status??(i?Y(i):void 0),target:i?.target.target,taskId:e,terminalOutput:W(u,o),terminalOutputCaptured:!!s,timestamp:s?.timestamp??i?.endTime??i?.startTime}},Y=t=>{if(t.exitCode!==void 0&&t.exitCode!==0)return"failure";switch(t.cacheStatus){case"HIT":return"local-cache";case"REMOTE_HIT":return"remote-cache";case"SKIPPED":return"skipped";default:return t.exitCode===0?"success":void 0}},J=3600*1e3,x=80,K=new Set(["high","low","medium"]),U=()=>`You are an expert software engineer helping fix a failing build/test/lint task.
3
3
 
4
4
  You will be given: