@visulima/vis 1.0.0-alpha.40 → 1.0.0-alpha.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/CHANGELOG.md +41 -0
  2. package/LICENSE.md +265 -35
  3. package/dist/bin.js +1 -1
  4. package/dist/binx.js +2 -2
  5. package/dist/config/index.d.ts +19 -1
  6. package/dist/config/index.js +1 -1
  7. package/dist/packem_chunks/bloom-status.js +1 -1
  8. package/dist/packem_chunks/bloom-sync.js +1 -1
  9. package/dist/packem_chunks/cli-exec.js +1 -0
  10. package/dist/packem_chunks/{bin.js → cli-main.js} +282 -274
  11. package/dist/packem_chunks/config.js +8 -11
  12. package/dist/packem_chunks/devtools.js +1 -78
  13. package/dist/packem_chunks/dispatch.js +4 -0
  14. package/dist/packem_chunks/doctor-probe.js +1 -1
  15. package/dist/packem_chunks/fix.js +1 -1
  16. package/dist/packem_chunks/handler.js +1 -1
  17. package/dist/packem_chunks/handler10.js +1 -1
  18. package/dist/packem_chunks/handler11.js +1 -1
  19. package/dist/packem_chunks/handler12.js +1 -1
  20. package/dist/packem_chunks/handler13.js +3 -3
  21. package/dist/packem_chunks/handler14.js +1 -1
  22. package/dist/packem_chunks/handler15.js +1 -1
  23. package/dist/packem_chunks/handler16.js +1 -1
  24. package/dist/packem_chunks/handler17.js +1 -1
  25. package/dist/packem_chunks/handler18.js +1 -1
  26. package/dist/packem_chunks/handler19.js +1 -1
  27. package/dist/packem_chunks/handler2.js +1 -4
  28. package/dist/packem_chunks/handler20.js +1 -1
  29. package/dist/packem_chunks/handler21.js +1 -1
  30. package/dist/packem_chunks/handler22.js +2 -2
  31. package/dist/packem_chunks/handler23.js +5 -1
  32. package/dist/packem_chunks/handler24.js +1 -1
  33. package/dist/packem_chunks/handler25.js +1 -1
  34. package/dist/packem_chunks/handler26.js +1 -5
  35. package/dist/packem_chunks/handler27.js +5 -1
  36. package/dist/packem_chunks/handler28.js +1 -3
  37. package/dist/packem_chunks/handler29.js +3 -1
  38. package/dist/packem_chunks/handler3.js +1 -4
  39. package/dist/packem_chunks/handler30.js +1 -2
  40. package/dist/packem_chunks/handler31.js +1 -2
  41. package/dist/packem_chunks/handler32.js +2 -2
  42. package/dist/packem_chunks/handler33.js +2 -3
  43. package/dist/packem_chunks/handler34.js +2 -6
  44. package/dist/packem_chunks/handler35.js +3 -1
  45. package/dist/packem_chunks/handler36.js +6 -42
  46. package/dist/packem_chunks/handler37.js +1 -8
  47. package/dist/packem_chunks/handler38.js +42 -9
  48. package/dist/packem_chunks/handler39.js +7 -74
  49. package/dist/packem_chunks/handler4.js +4 -6
  50. package/dist/packem_chunks/handler40.js +9 -5
  51. package/dist/packem_chunks/handler41.js +75 -4
  52. package/dist/packem_chunks/handler42.js +5 -3
  53. package/dist/packem_chunks/handler43.js +4 -2
  54. package/dist/packem_chunks/handler44.js +3 -1
  55. package/dist/packem_chunks/handler45.js +2 -1
  56. package/dist/packem_chunks/handler46.js +1 -1
  57. package/dist/packem_chunks/handler47.js +1 -3
  58. package/dist/packem_chunks/handler48.js +1 -1
  59. package/dist/packem_chunks/handler49.js +3 -7
  60. package/dist/packem_chunks/handler5.js +4 -8
  61. package/dist/packem_chunks/handler50.js +1 -33
  62. package/dist/packem_chunks/handler51.js +7 -3
  63. package/dist/packem_chunks/handler52.js +33 -8
  64. package/dist/packem_chunks/handler53.js +3 -4
  65. package/dist/packem_chunks/handler54.js +8 -1
  66. package/dist/packem_chunks/handler55.js +4 -12
  67. package/dist/packem_chunks/handler56.js +1 -7
  68. package/dist/packem_chunks/handler57.js +12 -5
  69. package/dist/packem_chunks/handler58.js +5 -11
  70. package/dist/packem_chunks/handler59.js +11 -3
  71. package/dist/packem_chunks/handler6.js +6 -1
  72. package/dist/packem_chunks/handler60.js +3 -22
  73. package/dist/packem_chunks/handler61.js +21 -60
  74. package/dist/packem_chunks/handler62.js +61 -3
  75. package/dist/packem_chunks/handler63.js +3 -6
  76. package/dist/packem_chunks/handler64.js +6 -708
  77. package/dist/packem_chunks/handler65.js +8 -23
  78. package/dist/packem_chunks/handler66.js +24 -25
  79. package/dist/packem_chunks/handler67.js +25 -153
  80. package/dist/packem_chunks/handler68.js +153 -10
  81. package/dist/packem_chunks/handler69.js +10 -24
  82. package/dist/packem_chunks/handler7.js +8 -1
  83. package/dist/packem_chunks/handler70.js +24 -322
  84. package/dist/packem_chunks/handler71.js +322 -48
  85. package/dist/packem_chunks/handler72.js +700 -19
  86. package/dist/packem_chunks/handler73.js +48 -3
  87. package/dist/packem_chunks/handler74.js +21 -184
  88. package/dist/packem_chunks/handler75.js +3 -38
  89. package/dist/packem_chunks/handler76.js +190 -0
  90. package/dist/packem_chunks/handler77.js +38 -0
  91. package/dist/packem_chunks/handler8.js +1 -1
  92. package/dist/packem_chunks/handler9.js +1 -1
  93. package/dist/packem_chunks/heal-accept.js +1 -1
  94. package/dist/packem_chunks/heal.js +1 -1
  95. package/dist/packem_chunks/help-command.js +4 -4
  96. package/dist/packem_chunks/index2.js +1 -1
  97. package/dist/packem_chunks/index3.js +135 -0
  98. package/dist/packem_chunks/index4.js +74 -0
  99. package/dist/packem_chunks/keys-refresh.js +1 -1
  100. package/dist/packem_chunks/lean.js +4 -0
  101. package/dist/packem_chunks/list.js +1 -1
  102. package/dist/packem_chunks/loader.js +1 -1
  103. package/dist/packem_chunks/loader2.js +1 -1
  104. package/dist/packem_chunks/orchestrator.js +3 -3
  105. package/dist/packem_chunks/prompts.js +1 -1
  106. package/dist/packem_chunks/prune.js +1 -1
  107. package/dist/packem_chunks/registry.js +2 -2
  108. package/dist/packem_chunks/run.js +1 -1
  109. package/dist/packem_chunks/shell-runner.js +1 -1
  110. package/dist/packem_chunks/status.js +1 -1
  111. package/dist/packem_chunks/sync.js +1 -1
  112. package/dist/packem_chunks/sync2.js +1 -1
  113. package/dist/packem_chunks/tar.js +1 -1
  114. package/dist/packem_chunks/tripwire.js +1 -1
  115. package/dist/packem_chunks/ts-loader.js +2 -0
  116. package/dist/packem_chunks/verify-lockfile.js +1 -1
  117. package/dist/packem_chunks/version-resolver.js +2 -2
  118. package/dist/packem_shared/CONFIG_FILES-MsOntfYT.js +1 -0
  119. package/dist/packem_shared/{Table-CcVkyULl-B_ef6zfS.js → Table-CcVkyULl-DLWu6XHL.js} +25 -26
  120. package/dist/packem_shared/{advisories-DLeO5KMN.js → advisories-aiDtubZQ.js} +1 -1
  121. package/dist/packem_shared/{affected-shas-cVnX8-zs.js → affected-shas-C1XuRlvo.js} +1 -1
  122. package/dist/packem_shared/{ai-analysis-BUeX2J2H.js → ai-analysis-CubpCxZJ.js} +4 -4
  123. package/dist/packem_shared/{ai-fix-9Vzlp6XU.js → ai-fix-Btd5AnSr.js} +2 -2
  124. package/dist/packem_shared/augment-8fIWWGSc.js +3 -0
  125. package/dist/packem_shared/bin-CnDBuLh3.js +2 -0
  126. package/dist/packem_shared/build-scripts-Doxce2VM.js +1 -0
  127. package/dist/packem_shared/command-runtime-RiCMa2C8.js +1 -0
  128. package/dist/packem_shared/compile-cache-B_Vf_WxT.js +3 -0
  129. package/dist/packem_shared/{cyclonedx-kYozDyxp.js → cyclonedx-NUJ9R2GQ.js} +1 -1
  130. package/dist/packem_shared/dependency-scan-B0HV_qeB.js +1 -0
  131. package/dist/packem_shared/{docker-BMLrNtWm.js → docker-DKlF-gk3.js} +1 -1
  132. package/dist/packem_shared/failure-log-C7r6UZLP.js +2 -0
  133. package/dist/packem_shared/{giget-DHY1sQZC.js → giget-DVTFJlbR.js} +2 -2
  134. package/dist/packem_shared/glob-fqg4KepW-7Bs2kZuM.js +1 -0
  135. package/dist/packem_shared/index-BKFEWXU_.js +1 -0
  136. package/dist/packem_shared/index-CPhv-r4c.js +28 -0
  137. package/dist/packem_shared/{index-CgcF6_wo.js → index-Cb4x6lWY.js} +1 -1
  138. package/dist/packem_shared/index-DjTWo3sH.js +1 -0
  139. package/dist/packem_shared/{index-BDmTbWX1.js → index-OQZQyN5R.js} +1 -1
  140. package/dist/packem_shared/index.server-J83sowC4.js +2 -0
  141. package/dist/packem_shared/{lifecycle-4z9hHE5b.js → lifecycle-D5roTh0a.js} +2 -2
  142. package/dist/packem_shared/{lockfile-C8Q1_4KK.js → lockfile-DIGyLfmF.js} +1 -1
  143. package/dist/packem_shared/main-B3juSU5z.js +1 -0
  144. package/dist/packem_shared/manifests-pLwnVmCN.js +1 -0
  145. package/dist/packem_shared/{min-release-age-D1alDE3K.js → min-release-age-pUAqTiv3.js} +3 -3
  146. package/dist/packem_shared/missing-package-json-DhYzuKhD.js +1 -0
  147. package/dist/packem_shared/{native-config-sync-BEkJW7g3.js → native-config-sync-4K9wWTj5.js} +1 -1
  148. package/dist/packem_shared/{osv-bloom-B03tUWf3.js → osv-bloom-OuTfu_LE.js} +1 -1
  149. package/dist/packem_shared/{pm-runner-OGResYrA.js → pm-runner-Dws_Bw1y.js} +1 -1
  150. package/dist/packem_shared/provenance-C0P-UYOM.js +1 -0
  151. package/dist/packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js +4 -0
  152. package/dist/packem_shared/registry-keys-D4chF-Wj.js +1 -0
  153. package/dist/packem_shared/{resolve-explicit-CMDl55Nz.js → resolve-explicit-Cgheka3B.js} +3 -3
  154. package/dist/packem_shared/resolve-runtime-CJSWV-K8.js +1 -0
  155. package/dist/packem_shared/run-file-B4TqKa0X.js +1 -0
  156. package/dist/packem_shared/runtime-check-0lUJvgKt.js +1 -0
  157. package/dist/packem_shared/runtime-process-Dmz0vCJy-DUwTvH1J.js +1 -0
  158. package/dist/packem_shared/s1ngularity-Du1NnSFP.js +1 -0
  159. package/dist/packem_shared/scan-progress-CN9ONR0y.js +2 -0
  160. package/dist/packem_shared/{selectors-GCJIe342.js → selectors-UmnAuc26.js} +1 -1
  161. package/dist/packem_shared/{signatures-C730vkyK.js → signatures-BOUhghTv.js} +1 -1
  162. package/dist/packem_shared/{spinner-CV3WVJLv.js → spinner-lhXugSx3.js} +1 -1
  163. package/dist/packem_shared/tabs-DTiU3usb.js +1 -0
  164. package/dist/packem_shared/target-options-ChWcK60i.js +1 -0
  165. package/dist/packem_shared/toolchain-DyCKnGch.js +5 -0
  166. package/dist/packem_shared/typosquats-DBOvXwph.js +1 -0
  167. package/dist/packem_shared/use-measured-height-CK2Co3XI.js +1 -0
  168. package/dist/packem_shared/verify-CVPYlUrF.js +1 -0
  169. package/dist/packem_shared/vis-update-app-DtHkwBca.js +1 -0
  170. package/dist/packem_shared/watch-Bkp_AAbc.js +1 -0
  171. package/dist/packem_shared/watch-loop-D9zbXzRd.js +11 -0
  172. package/dist/runtime/preload.d.ts +1 -0
  173. package/dist/runtime/preload.js +1 -0
  174. package/index.d.ts +14 -0
  175. package/index.js +28 -27
  176. package/package.json +18 -27
  177. package/schemas/vis-config.schema.json +12 -0
  178. package/dist/packem_shared/CONFIG_FILES-BfaR0jKT.js +0 -1
  179. package/dist/packem_shared/build-scripts-CCCi8U66.js +0 -1
  180. package/dist/packem_shared/dependency-scan-DnTgYleU.js +0 -1
  181. package/dist/packem_shared/failure-log-CEWP3bP0.js +0 -2
  182. package/dist/packem_shared/glob-fqg4KepW-B7EjLRvw.js +0 -1
  183. package/dist/packem_shared/index-Du8RWawQ.js +0 -1
  184. package/dist/packem_shared/index-yBikBkHT.js +0 -30
  185. package/dist/packem_shared/manifests-Dj3pRKBT.js +0 -1
  186. package/dist/packem_shared/missing-package-json-8vNHwbqw.js +0 -1
  187. package/dist/packem_shared/provenance-_CJjMKwu.js +0 -1
  188. package/dist/packem_shared/registry-keys-BfFto6vI.js +0 -1
  189. package/dist/packem_shared/runtime-check-Stc9AI78.js +0 -1
  190. package/dist/packem_shared/s1ngularity-Dhr3bPk0.js +0 -1
  191. package/dist/packem_shared/scan-progress-CFhc0CMj.js +0 -2
  192. package/dist/packem_shared/tabs-BuTy5gPV.js +0 -1
  193. package/dist/packem_shared/toolchain-pR7AJ-tB.js +0 -5
  194. package/dist/packem_shared/typosquats-DN78xx1x.js +0 -1
  195. package/dist/packem_shared/use-measured-height-_eVGWtWt.js +0 -1
  196. package/dist/packem_shared/verify-6WCmFmy8.js +0 -1
  197. package/dist/packem_shared/vis-update-app-k3fDxech.js +0 -1
  198. package/dist/packem_shared/watch-BvIwLG4N.js +0 -1
  199. package/dist/packem_shared/watch-loop-DWkvv2tK.js +0 -11
@@ -1,2 +1 @@
1
- import{createRequire as R}from"node:module";import{DEFAULT_CHANGES_DIR as C}from"./DEFAULT_CLEAN_KEEP.js";import{b as E,f as B}from"./orchestrator.js";import{r as T}from"../packem_shared/slug-DoueYuLo.js";import{VisReleaseError as w}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const S=R(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$=e=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[o,n]=u.versions.node.split(".").map(Number);if(o>22||o===22&&n>=3||o===20&&n>=16)return u.getBuiltinModule(e)}return S(e)},{mkdir:V,writeFile:O}=$("node:fs/promises"),{resolve:b,sep:k,join:P}=$("node:path");let y;const W=e=>{y=e},_=async()=>y||(await import("./shell-runner.js")).createShellRunner(),v=e=>!e||!/^[\dv]/i.test(e)?!1:/^[\d.+\-a-z]+$/i.test(e),D=e=>{const o=e.trim(),n=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Bb]ump\s+(?<dep>\S+)\s+from\s+(?<fromVersion>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+in\s+\S+)?$/.exec(o);if(n?.groups){const t=n.groups.toVersion;return v(t)?{dep:n.groups.dep,fromVersion:n.groups.fromVersion,toVersion:t}:void 0}const s=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Uu]pdate\s+(?:dependency|module)\s+(?<dep>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+\S.*)?$/.exec(o);if(s?.groups){const t=s.groups.toVersion;return v(t)?{dep:s.groups.dep,fromVersion:"",toVersion:t}:void 0}},A=async e=>{const o=process.env.PR_NUMBER;if(o&&/^\d+$/.test(o))return Number.parseInt(o,10);const n=process.env.GITHUB_REF;if(n){const s=/^refs\/pull\/(\d+)\//.exec(n);if(s)return Number.parseInt(s[1],10)}try{const s=await(await _()).run("gh",["pr","view","--json","number"],{cwd:e,silent:!0});if(s.exitCode===0){const t=JSON.parse(s.stdout.trim());if(typeof t.number=="number")return t.number}}catch{}},L=async(e,o)=>{try{const n=await(await _()).run("gh",["pr","view",String(o),"--json","title,body,author"],{cwd:e,silent:!0});return n.exitCode!==0?void 0:JSON.parse(n.stdout.trim())}catch{return}},U=(e,o)=>{const n=[];for(const s of o){const{manifest:t}=s;(Object.hasOwn(t.dependencies??{},e)||Object.hasOwn(t.devDependencies??{},e)||Object.hasOwn(t.peerDependencies??{},e)||Object.hasOwn(t.optionalDependencies??{},e))&&n.push(s.name)}return n},F=e=>{const o={};for(const n of e.split(",")){const s=n.trim();if(!s)continue;const t=s.lastIndexOf(":");if(t<1)throw new w({code:"BUMP_FILE_INVALID",message:`Invalid --packages entry: ${JSON.stringify(s)}. Expected "package:level".`});const i=s.slice(0,t).trim(),r=s.slice(t+1).trim();if(r!=="major"&&r!=="minor"&&r!=="patch"&&r!=="none")throw new w({code:"BUMP_FILE_INVALID",message:`Invalid bump level: ${JSON.stringify(r)}. Expected major|minor|patch|none.`});o[i]=r}return o},M=async e=>{const{multiSelectPrompt:o,selectPrompt:n,textPrompt:s}=await import("./prompts.js"),t=await o("Which packages to bump?",e.map(p=>({label:p,value:p}))),i={};for(const p of t){const f=await n(`Bump level for ${p}?`,[{label:"patch — bug fixes only",value:"patch"},{label:"minor — new feature, backward-compatible",value:"minor"},{label:"major — breaking change",value:"major"},{label:"none — acknowledged, no direct bump",value:"none"}]);i[p]=f}const r=await s("Changelog entry (markdown):","");return{bumps:i,message:r}},Y=async({logger:e,options:o,workspaceRoot:n})=>{const s=n??process.cwd(),t=await E({cwd:s,skipRegistryLookup:!0});let i={},r=o.message??"";if(o.fromBotPr){const c=await A(s);if(c===void 0){e.error("No PR found. Set PR_NUMBER, run inside a GitHub Actions PR workflow, or check `gh pr view` works on this branch."),process.exitCode=1;return}const a=await L(s,c);if(!a||typeof a.title!="string"){e.error(`Could not fetch PR #${c} via \`gh pr view\`. Ensure gh is on PATH and authenticated.`),process.exitCode=1;return}const d=D(a.title);if(!d){e.info(`PR #${c} title is not a recognised Dependabot / Renovate pattern; skipping.`),e.info(`Title: ${a.title}`),process.exitCode=0;return}const h=U(d.dep,t.packages),N=d.fromVersion?`from ${d.fromVersion} to ${d.toVersion}`:`to ${d.toVersion}`;if(r=r||`Updated ${d.dep} ${N}`,h.length===0){const g=t.packages[0]?.name;if(!g){e.error("Workspace has no packages — cannot author an acknowledging change file."),process.exitCode=1;return}i={[g]:"none"},r=`${r} (no workspace package depends on ${d.dep})`}else for(const g of h)i[g]="patch"}else if(o.empty)i={},r=r||"Empty change file (no release).";else if(o.packages){i=F(o.packages);const c=new Set(t.packages.map(a=>a.name));for(const a of Object.keys(i))if(!c.has(a))throw new w({code:"BUMP_FILE_INVALID",message:`Unknown workspace package in --packages: ${JSON.stringify(a)}.`,packageName:a})}else{if(!process.stdout.isTTY){e.error("--packages is required when stdin is not a TTY."),e.error("Example: vis release add --packages '@scope/cerebro:minor' --message 'Add X'"),process.exitCode=1;return}const c=await M(t.packages.map(a=>a.name));i=c.bumps,r=r||c.message}if(Object.keys(i).length===0){e.error("No bumps specified."),process.exitCode=1;return}const p=t.config.changesDir??C,f=(o.name??T()).replaceAll(/[^a-z0-9-]/gi,"-"),l=b(s),x=l.endsWith(k)?l:`${l}${k}`,m=b(s,p);if(m!==l&&!m.startsWith(x))throw new w({code:"CONFIG_INVALID",message:`changesDir resolves outside the workspace: ${m} (workspace: ${l}).`});const j=P(m,`${f}.md`),I=B({bumps:i},r);await V(m,{recursive:!0}),await O(j,I,{flag:"wx"}),e.info(`Created ${p}/${f}.md`),e.info("");for(const[c,a]of Object.entries(i))e.info(` ${c}: ${a}`);r&&(e.info(""),e.info(` Body: ${r.split(`
2
- `)[0]?.slice(0,80)??""}`))};export{W as __setBotPrRunnerForTests,Y as default,D as parseBotPrTitle};
1
+ import{I as f,E as d}from"../packem_shared/pm-runner-Dws_Bw1y.js";import{r as g,a as m}from"../packem_shared/command-runtime-RiCMa2C8.js";import{i as k}from"../packem_shared/utils-Cxree603.js";const h=async({argument:r,logger:n,options:o,process:i,visConfig:a,workspaceRoot:t})=>{const e=r;if(!e||e.length===0)throw new Error("No packages specified. Usage: vis why <package...>");const s=t??i.cwd,p=g({logger:n,options:o,visConfig:a},s),c=f(s,{backend:m(p),configBackend:a?.install?.backend,configCorepack:a?.install?.corepack}),l=d(c,{depth:o.depth===void 0?void 0:Number(o.depth),dev:o.dev||!1,filter:k(o.filter),global:o.global||!1,json:o.json||!1,long:o.long||!1,noOptional:o.optional===!1,packages:e,parseable:o.parseable||!1,prod:o.prod||!1,recursive:o.recursive||!1},s,n);l!==0&&l!==1&&(process.exitCode=l)};export{h as default};
@@ -1,2 +1 @@
1
- import{releaseChangelog as l}from"../packem_shared/ReleaseClient-YHzBIxYS.js";const c=async({logger:o,options:t,workspaceRoot:r})=>{const s=r??process.cwd(),i=t.filter?t.filter.split(",").map(e=>e.trim()).filter(Boolean):void 0,n=await l({channel:t.channel,cwd:s,projects:i});if(t.json){process.stdout.write(`${JSON.stringify(n,null,2)}
2
- `),n.projectChangelogs.length===0&&(process.exitCode=1);return}if(n.projectChangelogs.length===0){o.info("No pending releases — no changelog entries to render."),process.exitCode=1;return}for(const e of n.projectChangelogs)o.info(`# ${e.package} → ${e.file}`),o.info(""),o.info(e.content),o.info("")};export{c as default};
1
+ import{A as d,B as w}from"../packem_shared/index-OQZQyN5R.js";import{r as v}from"../packem_shared/command-runtime-RiCMa2C8.js";import{r as u}from"../packem_shared/run-file-B4TqKa0X.js";const R=async({argument:s,logger:i,options:n,rawUnknown:t,visConfig:a,workspaceRoot:f})=>{const m=s??[],[o,...p]=m;if(o===void 0)throw new Error("No file specified. Usage: vis x <file> [args...]");const r=process.cwd(),c=d(o)?o:w(r,o),g=[...p,...t??[]],{runtime:l}=v({logger:i,options:n,visConfig:a},f??r),e=await u(c,g,l,r);e!==0&&(process.exitCode=e)};export{R as default};
@@ -1,2 +1,2 @@
1
- import{DEFAULT_CHANGES_DIR as R}from"./DEFAULT_CLEAN_KEEP.js";import{b as D,r as F,c as b}from"./orchestrator.js";import{createShellRunner as E}from"./shell-runner.js";const y=async({logger:r,options:d,workspaceRoot:$})=>{const s=$??process.cwd(),p=d.noFail===!0,u=d.strict===!0,t=await D({cwd:s}),{printConfigIfRequested:x}=await import("./print-config.js");if(x(d,t,r))return;const{files:i}=await F({changesDir:t.config.changesDir,cwd:s});if(i.length===0){u?(r.error("No change files present and --strict is set."),r.error(`Run \`vis release add\` to author one in ${t.config.changesDir??R}.`),process.exitCode=p?0:1):(r.warn("No change files present. PR will not produce a release."),process.exitCode=0);return}if(!u){r.info(`${i.length} change file(s) present. ✓`),process.exitCode=0;return}const m=t.config.baseBranch??"main",g=await E().run("git",["diff","--name-only",`${m}...HEAD`],{cwd:s,silent:!0});if(g.exitCode!==0){r.warn(`Could not run git diff vs ${m}: ${g.stderr}`),process.exitCode=0;return}const f=g.stdout.split(`
2
- `).map(e=>e.trim()).filter(Boolean);if(f.length===0){r.info("No source files changed. ✓"),process.exitCode=0;return}const{default:w}=await import("./index.js"),k=t.config.changedFilePatterns??["**"],v=(e,n,l)=>{if(!e.startsWith(`${n}/`))return!1;const h=e.slice(n.length+1);return l.some(o=>w(o,h))},C=new Set(b(i).keys()),c=new Set;for(const e of f){const n=t.packages.find(o=>{const a=o.dir.startsWith(s)?o.dir.slice(s.length).replace(/^[/\\]/,""):o.dir;return e===`${a}/package.json`||e.startsWith(`${a}/`)});for(const o of t.packages){const a=t.perPackageConfig.get(o.name)?.additionalPaths;!a||a.length===0||a.some(P=>w(P,e))&&!C.has(o.name)&&c.add(o.name)}if(!n)continue;const l=n.dir.startsWith(s)?n.dir.slice(s.length).replace(/^[/\\]/,""):n.dir,h=t.perPackageConfig.get(n.name)?.changedFilePatterns??k;e!==`${l}/package.json`&&!v(e,l,h)||C.has(n.name)||c.add(n.name)}if(c.size>0){r.error("The following packages have changes but no covering change file:");for(const e of c)r.error(` - ${e}`);r.error("Run `vis release add` to author one."),process.exitCode=p?0:1;return}r.info(`${i.length} change file(s); ${f.length} changed file(s) all covered. ✓`),process.exitCode=0};export{y as default};
1
+ import{createRequire as R}from"node:module";import{DEFAULT_CHANGES_DIR as C}from"./DEFAULT_CLEAN_KEEP.js";import{b as E,f as B}from"./orchestrator.js";import{r as T}from"../packem_shared/slug-DoueYuLo.js";import{VisReleaseError as w}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const S=R(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$=e=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[o,n]=u.versions.node.split(".").map(Number);if(o>22||o===22&&n>=3||o===20&&n>=16)return u.getBuiltinModule(e)}return S(e)},{mkdir:V,writeFile:O}=$("node:fs/promises"),{resolve:b,sep:k,join:P}=$("node:path");let y;const W=e=>{y=e},_=async()=>y||(await import("./shell-runner.js")).createShellRunner(),v=e=>!e||!/^[\dv]/i.test(e)?!1:/^[\d.+\-a-z]+$/i.test(e),D=e=>{const o=e.trim(),n=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Bb]ump\s+(?<dep>\S+)\s+from\s+(?<fromVersion>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+in\s+\S+)?$/.exec(o);if(n?.groups){const t=n.groups.toVersion;return v(t)?{dep:n.groups.dep,fromVersion:n.groups.fromVersion,toVersion:t}:void 0}const s=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Uu]pdate\s+(?:dependency|module)\s+(?<dep>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+\S.*)?$/.exec(o);if(s?.groups){const t=s.groups.toVersion;return v(t)?{dep:s.groups.dep,fromVersion:"",toVersion:t}:void 0}},A=async e=>{const o=process.env.PR_NUMBER;if(o&&/^\d+$/.test(o))return Number.parseInt(o,10);const n=process.env.GITHUB_REF;if(n){const s=/^refs\/pull\/(\d+)\//.exec(n);if(s)return Number.parseInt(s[1],10)}try{const s=await(await _()).run("gh",["pr","view","--json","number"],{cwd:e,silent:!0});if(s.exitCode===0){const t=JSON.parse(s.stdout.trim());if(typeof t.number=="number")return t.number}}catch{}},L=async(e,o)=>{try{const n=await(await _()).run("gh",["pr","view",String(o),"--json","title,body,author"],{cwd:e,silent:!0});return n.exitCode!==0?void 0:JSON.parse(n.stdout.trim())}catch{return}},U=(e,o)=>{const n=[];for(const s of o){const{manifest:t}=s;(Object.hasOwn(t.dependencies??{},e)||Object.hasOwn(t.devDependencies??{},e)||Object.hasOwn(t.peerDependencies??{},e)||Object.hasOwn(t.optionalDependencies??{},e))&&n.push(s.name)}return n},F=e=>{const o={};for(const n of e.split(",")){const s=n.trim();if(!s)continue;const t=s.lastIndexOf(":");if(t<1)throw new w({code:"BUMP_FILE_INVALID",message:`Invalid --packages entry: ${JSON.stringify(s)}. Expected "package:level".`});const i=s.slice(0,t).trim(),r=s.slice(t+1).trim();if(r!=="major"&&r!=="minor"&&r!=="patch"&&r!=="none")throw new w({code:"BUMP_FILE_INVALID",message:`Invalid bump level: ${JSON.stringify(r)}. Expected major|minor|patch|none.`});o[i]=r}return o},M=async e=>{const{multiSelectPrompt:o,selectPrompt:n,textPrompt:s}=await import("./prompts.js"),t=await o("Which packages to bump?",e.map(p=>({label:p,value:p}))),i={};for(const p of t){const f=await n(`Bump level for ${p}?`,[{label:"patch — bug fixes only",value:"patch"},{label:"minor — new feature, backward-compatible",value:"minor"},{label:"major — breaking change",value:"major"},{label:"none — acknowledged, no direct bump",value:"none"}]);i[p]=f}const r=await s("Changelog entry (markdown):","");return{bumps:i,message:r}},Y=async({logger:e,options:o,workspaceRoot:n})=>{const s=n??process.cwd(),t=await E({cwd:s,skipRegistryLookup:!0});let i={},r=o.message??"";if(o.fromBotPr){const c=await A(s);if(c===void 0){e.error("No PR found. Set PR_NUMBER, run inside a GitHub Actions PR workflow, or check `gh pr view` works on this branch."),process.exitCode=1;return}const a=await L(s,c);if(!a||typeof a.title!="string"){e.error(`Could not fetch PR #${c} via \`gh pr view\`. Ensure gh is on PATH and authenticated.`),process.exitCode=1;return}const d=D(a.title);if(!d){e.info(`PR #${c} title is not a recognised Dependabot / Renovate pattern; skipping.`),e.info(`Title: ${a.title}`),process.exitCode=0;return}const h=U(d.dep,t.packages),N=d.fromVersion?`from ${d.fromVersion} to ${d.toVersion}`:`to ${d.toVersion}`;if(r=r||`Updated ${d.dep} ${N}`,h.length===0){const g=t.packages[0]?.name;if(!g){e.error("Workspace has no packages cannot author an acknowledging change file."),process.exitCode=1;return}i={[g]:"none"},r=`${r} (no workspace package depends on ${d.dep})`}else for(const g of h)i[g]="patch"}else if(o.empty)i={},r=r||"Empty change file (no release).";else if(o.packages){i=F(o.packages);const c=new Set(t.packages.map(a=>a.name));for(const a of Object.keys(i))if(!c.has(a))throw new w({code:"BUMP_FILE_INVALID",message:`Unknown workspace package in --packages: ${JSON.stringify(a)}.`,packageName:a})}else{if(!process.stdout.isTTY){e.error("--packages is required when stdin is not a TTY."),e.error("Example: vis release add --packages '@scope/cerebro:minor' --message 'Add X'"),process.exitCode=1;return}const c=await M(t.packages.map(a=>a.name));i=c.bumps,r=r||c.message}if(Object.keys(i).length===0){e.error("No bumps specified."),process.exitCode=1;return}const p=t.config.changesDir??C,f=(o.name??T()).replaceAll(/[^a-z0-9-]/gi,"-"),l=b(s),x=l.endsWith(k)?l:`${l}${k}`,m=b(s,p);if(m!==l&&!m.startsWith(x))throw new w({code:"CONFIG_INVALID",message:`changesDir resolves outside the workspace: ${m} (workspace: ${l}).`});const j=P(m,`${f}.md`),I=B({bumps:i},r);await V(m,{recursive:!0}),await O(j,I,{flag:"wx"}),e.info(`Created ${p}/${f}.md`),e.info("");for(const[c,a]of Object.entries(i))e.info(` ${c}: ${a}`);r&&(e.info(""),e.info(` Body: ${r.split(`
2
+ `)[0]?.slice(0,80)??""}`))};export{W as __setBotPrRunnerForTests,Y as default,D as parseBotPrTitle};
@@ -1,3 +1,2 @@
1
- import{b as h}from"./orchestrator.js";import{escapeMarkdown as f}from"./security.js";import{createShellRunner as g}from"./shell-runner.js";import{d as w,a as R,u as $}from"../packem_shared/sticky-comment-D6_7-w8T.js";const k=(o,a)=>{const e=["### 🚀 Release Plan",""];if(a&&(e.push(`Channel: \`${a}\``),e.push("")),o.releases.length===0)return e.push("_No pending releases._ (Add a change file via `vis release add` to mark this PR as releasing.)"),e.join(`
2
- `);const n={major:[],minor:[],patch:[]};for(const s of o.releases)n[s.type].push(s);for(const s of["major","minor","patch"])if(n[s].length!==0){e.push(`#### ${s.charAt(0).toUpperCase()}${s.slice(1)}`),e.push("");for(const r of n[s]){const t=[];r.isCascadeBump&&t.push("cascade"),r.isGroupBump&&t.push("group"),r.isDependencyBump&&!r.isCascadeBump&&t.push("dep-bump");const i=t.length>0?` _(${t.join(", ")})_`:"";e.push(`- \`${r.name}\`: ${r.oldVersion} **${r.newVersion}**${i}`)}e.push("")}if(o.warnings.length>0){e.push("#### ⚠️ Warnings"),e.push("");for(const s of o.warnings)e.push(`- ${f(s)}`)}return e.join(`
3
- `)},v=async({logger:o,options:a,workspaceRoot:e})=>{const n=e??process.cwd(),s=a.noFail===!0,r=a.strict===!0,t=g(),i=await w(t,n),c=R(process.env);(!i||!c)&&o.warn("Not running in a PR context (GITHUB_REF / PR_NUMBER missing or `gh repo view` failed). Falling back to local print.");const p=await h({cwd:n,skipRegistryLookup:!0}),{printConfigIfRequested:d}=await import("./print-config.js");if(d(a,p,o))return;const m=p.config.versionPr?.commentMarker??"<!-- vis-release-comment -->",l=k(p.plan,p.channel?.tag);if(i&&c){const u=await $({body:l,cwd:n,issueNumber:c,marker:m,repo:i,runner:t});if(u)o.info(`${u.created?"Posted":"Updated"} release-plan comment on PR #${c} (id: ${u.id}).`);else{o.error("Failed to post / update PR comment."),process.exitCode=s?0:1;return}}else o.info(l);r&&p.plan.releases.length===0&&(o.error("--strict and no pending releases."),process.exitCode=s?0:1)};export{v as default};
1
+ import{releaseChangelog as l}from"../packem_shared/ReleaseClient-YHzBIxYS.js";const c=async({logger:o,options:t,workspaceRoot:r})=>{const s=r??process.cwd(),i=t.filter?t.filter.split(",").map(e=>e.trim()).filter(Boolean):void 0,n=await l({channel:t.channel,cwd:s,projects:i});if(t.json){process.stdout.write(`${JSON.stringify(n,null,2)}
2
+ `),n.projectChangelogs.length===0&&(process.exitCode=1);return}if(n.projectChangelogs.length===0){o.info("No pending releases — no changelog entries to render."),process.exitCode=1;return}for(const e of n.projectChangelogs)o.info(`# ${e.package} → ${e.file}`),o.info(""),o.info(e.content),o.info("")};export{c as default};
@@ -1,6 +1,2 @@
1
- import{createRequire as _}from"node:module";import{b as y}from"./orchestrator.js";const m=_(import.meta.url),r=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=n=>{if(typeof r<"u"&&r.versions&&r.versions.node){const[o,i]=r.versions.node.split(".").map(Number);if(o>22||o===22&&i>=3||o===20&&i>=16)return r.getBuiltinModule(n)}return m(n)},{appendFileSync:f}=g("node:fs"),B=async({logger:n,options:o,workspaceRoot:i})=>{const l=i??process.cwd(),s=await y({cwd:l,skipRegistryLookup:!0}),{printConfigIfRequested:u}=await import("./print-config.js");if(u(o,s,n))return;const t=s.plan.releases.length===0?"nothing":s.channel?.mode==="version-pr"?"version-pr":"publish",a=s.plan.releases.map(e=>e.name),p={channel:s.channel?.tag,mode:t,packages:a,plan:s.plan.releases.map(e=>({isCascadeBump:e.isCascadeBump,isDependencyBump:e.isDependencyBump,isGroupBump:e.isGroupBump,name:e.name,newVersion:e.newVersion,oldVersion:e.oldVersion,type:e.type})),prerelease:s.channel?.prerelease,warnings:s.plan.warnings};process.stdout.write(`${JSON.stringify(p,null,2)}
2
- `);const c=process.env.GITHUB_OUTPUT;if(c){const e=[`mode=${t}`,`packages=${a.join(",")}`,`json<<__VIS_RELEASE_EOF__
3
- ${JSON.stringify(p)}
4
- __VIS_RELEASE_EOF__`];try{f(c,`${e.join(`
5
- `)}
6
- `)}catch(d){n.warn(`Could not write $GITHUB_OUTPUT: ${d.message}`)}}};export{B as default};
1
+ import{DEFAULT_CHANGES_DIR as R}from"./DEFAULT_CLEAN_KEEP.js";import{b as D,c as F,d as b}from"./orchestrator.js";import{createShellRunner as E}from"./shell-runner.js";const y=async({logger:r,options:d,workspaceRoot:$})=>{const s=$??process.cwd(),p=d.noFail===!0,u=d.strict===!0,t=await D({cwd:s}),{printConfigIfRequested:x}=await import("./print-config.js");if(x(d,t,r))return;const{files:i}=await F({changesDir:t.config.changesDir,cwd:s});if(i.length===0){u?(r.error("No change files present and --strict is set."),r.error(`Run \`vis release add\` to author one in ${t.config.changesDir??R}.`),process.exitCode=p?0:1):(r.warn("No change files present. PR will not produce a release."),process.exitCode=0);return}if(!u){r.info(`${i.length} change file(s) present. ✓`),process.exitCode=0;return}const m=t.config.baseBranch??"main",g=await E().run("git",["diff","--name-only",`${m}...HEAD`],{cwd:s,silent:!0});if(g.exitCode!==0){r.warn(`Could not run git diff vs ${m}: ${g.stderr}`),process.exitCode=0;return}const f=g.stdout.split(`
2
+ `).map(e=>e.trim()).filter(Boolean);if(f.length===0){r.info("No source files changed. ✓"),process.exitCode=0;return}const{default:w}=await import("./index.js"),k=t.config.changedFilePatterns??["**"],v=(e,n,l)=>{if(!e.startsWith(`${n}/`))return!1;const h=e.slice(n.length+1);return l.some(o=>w(o,h))},C=new Set(b(i).keys()),c=new Set;for(const e of f){const n=t.packages.find(o=>{const a=o.dir.startsWith(s)?o.dir.slice(s.length).replace(/^[/\\]/,""):o.dir;return e===`${a}/package.json`||e.startsWith(`${a}/`)});for(const o of t.packages){const a=t.perPackageConfig.get(o.name)?.additionalPaths;!a||a.length===0||a.some(P=>w(P,e))&&!C.has(o.name)&&c.add(o.name)}if(!n)continue;const l=n.dir.startsWith(s)?n.dir.slice(s.length).replace(/^[/\\]/,""):n.dir,h=t.perPackageConfig.get(n.name)?.changedFilePatterns??k;e!==`${l}/package.json`&&!v(e,l,h)||C.has(n.name)||c.add(n.name)}if(c.size>0){r.error("The following packages have changes but no covering change file:");for(const e of c)r.error(` - ${e}`);r.error("Run `vis release add` to author one."),process.exitCode=p?0:1;return}r.info(`${i.length} change file(s); ${f.length} changed file(s) all covered. ✓`),process.exitCode=0};export{y as default};
@@ -1 +1,3 @@
1
- import{b as f}from"./orchestrator.js";import{createShellRunner as g}from"./shell-runner.js";const p=async({logger:r,options:n,workspaceRoot:l})=>{const t=l??process.cwd(),i=g(),s=await f({cwd:t}),e=n.branch??s.config.versionPr?.branch??"vis-release/version-packages",o=n.base??s.config.baseBranch??"main";r.info(`Rebasing ${e} onto ${o}...`);const a=await i.run("git",["fetch","origin",`${e}:${e}`,o],{cwd:t,silent:!0});if(a.exitCode!==0){r.info(`No remote branch ${e} to rebase (${a.stderr.trim()||"fetch failed"}). Skipping.`);return}const c=await i.run("git",["switch",e],{cwd:t,silent:!0});if(c.exitCode!==0){r.error(`Could not switch to ${e}: ${c.stderr.trim()}`),process.exitCode=1;return}if((await i.run("git",["rebase",`origin/${o}`],{cwd:t,silent:!0})).exitCode!==0){await i.run("git",["rebase","--abort"],{cwd:t,silent:!0}),r.error("Rebase produced conflicts; aborting. Resolve manually, or let the next `vis release ci release` recompute the version PR from scratch."),process.exitCode=1;return}const u=await i.run("git",["rev-list","--count",`origin/${e}..${e}`],{cwd:t,silent:!0});if(u.exitCode===0&&u.stdout.trim()==="0"){r.info(`${e} is already up to date with ${o}. Nothing to push.`);return}const d=await i.run("git",["push","--force-with-lease","origin",`${e}:${e}`],{cwd:t,silent:!0});if(d.exitCode!==0){r.error(`Failed to force-push ${e}: ${d.stderr.trim()}`),process.exitCode=1;return}r.info(`Force-pushed ${e} after rebasing onto ${o}.`)};export{p as default};
1
+ import{b as h}from"./orchestrator.js";import{escapeMarkdown as f}from"./security.js";import{createShellRunner as g}from"./shell-runner.js";import{d as w,a as R,u as $}from"../packem_shared/sticky-comment-D6_7-w8T.js";const k=(o,a)=>{const e=["### 🚀 Release Plan",""];if(a&&(e.push(`Channel: \`${a}\``),e.push("")),o.releases.length===0)return e.push("_No pending releases._ (Add a change file via `vis release add` to mark this PR as releasing.)"),e.join(`
2
+ `);const n={major:[],minor:[],patch:[]};for(const s of o.releases)n[s.type].push(s);for(const s of["major","minor","patch"])if(n[s].length!==0){e.push(`#### ${s.charAt(0).toUpperCase()}${s.slice(1)}`),e.push("");for(const r of n[s]){const t=[];r.isCascadeBump&&t.push("cascade"),r.isGroupBump&&t.push("group"),r.isDependencyBump&&!r.isCascadeBump&&t.push("dep-bump");const i=t.length>0?` _(${t.join(", ")})_`:"";e.push(`- \`${r.name}\`: ${r.oldVersion} → **${r.newVersion}**${i}`)}e.push("")}if(o.warnings.length>0){e.push("#### ⚠️ Warnings"),e.push("");for(const s of o.warnings)e.push(`- ${f(s)}`)}return e.join(`
3
+ `)},v=async({logger:o,options:a,workspaceRoot:e})=>{const n=e??process.cwd(),s=a.noFail===!0,r=a.strict===!0,t=g(),i=await w(t,n),c=R(process.env);(!i||!c)&&o.warn("Not running in a PR context (GITHUB_REF / PR_NUMBER missing or `gh repo view` failed). Falling back to local print.");const p=await h({cwd:n,skipRegistryLookup:!0}),{printConfigIfRequested:d}=await import("./print-config.js");if(d(a,p,o))return;const m=p.config.versionPr?.commentMarker??"<!-- vis-release-comment -->",l=k(p.plan,p.channel?.tag);if(i&&c){const u=await $({body:l,cwd:n,issueNumber:c,marker:m,repo:i,runner:t});if(u)o.info(`${u.created?"Posted":"Updated"} release-plan comment on PR #${c} (id: ${u.id}).`);else{o.error("Failed to post / update PR comment."),process.exitCode=s?0:1;return}}else o.info(l);r&&p.plan.releases.length===0&&(o.error("--strict and no pending releases."),process.exitCode=s?0:1)};export{v as default};
@@ -1,42 +1,6 @@
1
- const i=`
2
- 🔧 vis release CI setup
3
-
4
- 1. Workflow permissions
5
- Add to .github/workflows/vis-release.yml:
6
- permissions:
7
- contents: write
8
- pull-requests: write
9
- id-token: write # required for OIDC trusted publishing on npm
10
-
11
- 2. Secrets
12
- Required:
13
- - VIS_GH_TOKEN — PAT or GitHub App token. Used to force-push the
14
- version-PR branch and create/edit the version PR. The default
15
- \${{ github.token }} is anti-recursion-locked and cannot trigger
16
- downstream workflows on the version-PR.
17
- - GH_TOKEN — \${{ github.token }} works for read-only / commenting.
18
- Optional:
19
- - NPM_TOKEN — fallback when OIDC is not available. Trusted Publishing
20
- (id-token: write) is preferred.
21
-
22
- 3. Trusted Publishing on npm
23
- For each published package:
24
- a. https://npmjs.com/package/<name>/access → Publishing access
25
- b. Add a Trusted Publisher with provider=GitHub Actions
26
- c. Repository: visulima/visulima
27
- d. Workflow filename: vis-release.yml
28
- e. Environment name: (leave blank unless you use one)
29
-
30
- 4. Concurrency group (recommended)
31
- concurrency:
32
- group: vis-release-\${{ github.ref }}
33
- cancel-in-progress: false
34
-
35
- 5. Husky pre-commit gate (optional)
36
- Add to .husky/pre-commit:
37
- vis release check --hook pre-commit --no-fail
38
- (Or run \`vis release init\` and confirm the prompt — it'll auto-wire
39
- the hook if you say yes.)
40
-
41
- 📚 RFC: packages/tooling/vis/rfc/design-release-manager.md (§16)
42
- `,o=async({logger:e})=>{e.info(i)};export{o as default};
1
+ import{createRequire as _}from"node:module";import{b as y}from"./orchestrator.js";const m=_(import.meta.url),r=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=n=>{if(typeof r<"u"&&r.versions&&r.versions.node){const[o,i]=r.versions.node.split(".").map(Number);if(o>22||o===22&&i>=3||o===20&&i>=16)return r.getBuiltinModule(n)}return m(n)},{appendFileSync:f}=g("node:fs"),B=async({logger:n,options:o,workspaceRoot:i})=>{const l=i??process.cwd(),s=await y({cwd:l,skipRegistryLookup:!0}),{printConfigIfRequested:u}=await import("./print-config.js");if(u(o,s,n))return;const t=s.plan.releases.length===0?"nothing":s.channel?.mode==="version-pr"?"version-pr":"publish",a=s.plan.releases.map(e=>e.name),p={channel:s.channel?.tag,mode:t,packages:a,plan:s.plan.releases.map(e=>({isCascadeBump:e.isCascadeBump,isDependencyBump:e.isDependencyBump,isGroupBump:e.isGroupBump,name:e.name,newVersion:e.newVersion,oldVersion:e.oldVersion,type:e.type})),prerelease:s.channel?.prerelease,warnings:s.plan.warnings};process.stdout.write(`${JSON.stringify(p,null,2)}
2
+ `);const c=process.env.GITHUB_OUTPUT;if(c){const e=[`mode=${t}`,`packages=${a.join(",")}`,`json<<__VIS_RELEASE_EOF__
3
+ ${JSON.stringify(p)}
4
+ __VIS_RELEASE_EOF__`];try{f(c,`${e.join(`
5
+ `)}
6
+ `)}catch(d){n.warn(`Could not write $GITHUB_OUTPUT: ${d.message}`)}}};export{B as default};
@@ -1,8 +1 @@
1
- import{b as g}from"./orchestrator.js";import{detectRemoteProvider as h,createRemoteClient as $}from"./detect2.js";import{createShellRunner as w}from"./shell-runner.js";import{runSnapshot as R}from"./snapshot.js";const y=(r,o)=>{if(r.length===0)return"_No packages were affected by this PR._";const n=["### 📦 Preview Packages",""];for(const e of r){const t=`${e.name}@${e.version}`;n.push(`- \`${e.name}\` → \`${e.version}\``),o?n.push(` \`\`\`sh
2
- npm i ${t} --registry ${o}
3
- \`\`\``):n.push(` \`\`\`sh
4
- npm i ${t}
5
- \`\`\``)}return n.join(`
6
- `)},S=async({logger:r,options:o,workspaceRoot:n})=>{const e=n??process.cwd(),t=w(),l=await h(e,t),a=$(l),s=a.detectPullRequestNumber(process.env),p=o.tag??(s?`pr-${s}`:void 0);if(!p){r.error("Could not determine snapshot tag. Pass --tag or run in a PR context (GITHUB_REF=refs/pull/<n>/merge)."),process.exitCode=1;return}if(o.onClose){await C(e,t,a,s,r);return}let c,u;try{c=await g({cwd:e});const{printConfigIfRequested:i}=await import("./print-config.js");if(i(o,c,r))return;u=await R({context:c,runner:t,tag:p})}catch(i){r.error(`Snapshot failed: ${i.message}`),process.exitCode=1;return}if(r.info(`Snapshotted ${u.published.length} package(s) at version ${u.snapshotVersion} → tag "${u.tag}"`),!s)return;const d=await a.detectRepoSlug(e,t);if(!d){r.warn("Could not detect repo slug — skipping sticky PR comment.");return}const m="<!-- vis-release-snapshot-comment -->",f=`${m}
7
-
8
- ${y(u.published,c.config.snapshot?.registry)}`;try{const i=await a.upsertStickyComment(t,{body:f,cwd:e,issueNumber:s,marker:m,repo:d});i&&r.info(`${i.created?"Posted":"Updated"} snapshot comment on PR #${s}.`)}catch(i){r.warn(`upsertStickyComment failed (publish already succeeded): ${i.message}`)}},C=async(r,o,n,e,t)=>{if(!e){t.error("PR-close cleanup requires a PR context."),process.exitCode=1;return}const l=await n.detectRepoSlug(r,o);if(!l){t.warn("Could not detect repo slug — skipping cleanup.");return}const a=await o.run("gh",["api",`repos/${l}/pulls/${e}/commits`,"--paginate"],{cwd:r,silent:!0});if(a.exitCode!==0){t.warn(`gh api failed: ${a.stderr}`);return}let s;try{s=JSON.parse(a.stdout)}catch{t.warn("Could not parse gh api output.");return}const p=[`pr-${e}`];for(const c of s)p.push(c.sha,c.sha.slice(0,7));t.info(`Cleanup intent for PR #${e}: ${p.length} tag pattern(s) across ${s.length} commit(s)`),t.info("Default backend (pkg-pr-new) auto-cleans by TTL — no DELETE issued. Implement a custom backend's delete endpoint to enable real cleanup.")};export{S as default};
1
+ import{b as f}from"./orchestrator.js";import{createShellRunner as g}from"./shell-runner.js";const p=async({logger:r,options:n,workspaceRoot:l})=>{const t=l??process.cwd(),i=g(),s=await f({cwd:t}),e=n.branch??s.config.versionPr?.branch??"vis-release/version-packages",o=n.base??s.config.baseBranch??"main";r.info(`Rebasing ${e} onto ${o}...`);const a=await i.run("git",["fetch","origin",`${e}:${e}`,o],{cwd:t,silent:!0});if(a.exitCode!==0){r.info(`No remote branch ${e} to rebase (${a.stderr.trim()||"fetch failed"}). Skipping.`);return}const c=await i.run("git",["switch",e],{cwd:t,silent:!0});if(c.exitCode!==0){r.error(`Could not switch to ${e}: ${c.stderr.trim()}`),process.exitCode=1;return}if((await i.run("git",["rebase",`origin/${o}`],{cwd:t,silent:!0})).exitCode!==0){await i.run("git",["rebase","--abort"],{cwd:t,silent:!0}),r.error("Rebase produced conflicts; aborting. Resolve manually, or let the next `vis release ci release` recompute the version PR from scratch."),process.exitCode=1;return}const u=await i.run("git",["rev-list","--count",`origin/${e}..${e}`],{cwd:t,silent:!0});if(u.exitCode===0&&u.stdout.trim()==="0"){r.info(`${e} is already up to date with ${o}. Nothing to push.`);return}const d=await i.run("git",["push","--force-with-lease","origin",`${e}:${e}`],{cwd:t,silent:!0});if(d.exitCode!==0){r.error(`Failed to force-push ${e}: ${d.stderr.trim()}`),process.exitCode=1;return}r.info(`Force-pushed ${e} after rebasing onto ${o}.`)};export{p as default};
@@ -1,9 +1,42 @@
1
- import{b as j}from"./orchestrator.js";const A=async({logger:u,options:m,workspaceRoot:h})=>{const c=h??process.cwd(),a=[];let n;try{n=await j({cwd:c}),a.push({message:"vis.config.ts loaded; release block parsed.",name:"config-loads",severity:"error",status:"pass"})}catch(e){a.push({message:`Config failed to load: ${e.message}`,name:"config-loads",severity:"error",status:"fail"}),await $(u,m,a),process.exitCode=1;return}n.packages.length===0?a.push({message:"No packages discovered. Ensure your package manager's workspace block resolves.",name:"workspace-discovered",severity:"error",status:"fail"}):a.push({message:`Discovered ${n.packages.length} workspace package(s).`,name:"workspace-discovered",severity:"info",status:"pass"});try{const e=await n.pm.detectVersion(c);e?a.push({message:`${n.pm.id}@${e} (min required: ${n.pm.minVersion})`,name:"pm-version",severity:"info",status:"pass"}):a.push({message:`Could not detect ${n.pm.id} version.`,name:"pm-version",severity:"warn",status:"skip"})}catch(e){a.push({message:`Skipped: ${e.message}`,name:"pm-version",severity:"warn",status:"skip"})}n.branch&&n.channel?a.push({message:`Branch "${n.branch}" → channel ${n.channel.tag}${n.channel.prerelease?` (preid: ${n.channel.prerelease})`:""}, mode: ${n.channel.mode}`,name:"branch-channel",severity:"info",status:"pass"}):n.branch&&!n.channel?a.push({message:`Branch "${n.branch}" does not match any configured channel. Releases will use dist-tag "latest" by default.`,name:"branch-channel",severity:"warn",status:"fail"}):a.push({message:"No branch detected (detached HEAD or non-git workspace).",name:"branch-channel",severity:"warn",status:"skip"});try{await import("node:child_process").then(({execSync:e})=>{try{return e("gh --version",{stdio:"ignore"}),!0}catch{return!1}})?a.push({message:"gh CLI is on PATH.",name:"gh-cli-available",severity:"info",status:"pass"}):a.push({message:"gh CLI not found. GH releases / PR comments will be skipped.",name:"gh-cli-available",severity:"warn",status:"fail"})}catch{}if(process.env.CI==="true"||process.env.GITHUB_ACTIONS==="true")try{const{createShellRunner:e}=await import("./shell-runner.js"),i=await e().run("gh",["auth","status","--show-token"],{cwd:c,silent:!0}),t=`${i.stdout}
2
- ${i.stderr}`,s=/Token scopes:\s*(.+)/.exec(t);if(i.exitCode!==0||!s)a.push({message:"Skipped: `gh auth status` did not return a parseable Token scopes line. (Fine-grained tokens / OIDC-only auth fall in this bucket.)",name:"github.token-scopes",severity:"info",status:"skip"});else{const r=s[1].split(",").map(l=>l.trim().replaceAll(/^['"]|['"]$/g,"")).filter(Boolean),o=new Set(["admin:org","admin:repo_hook","delete_repo","repo","site_admin"]),g=r.filter(l=>o.has(l));g.length>0?a.push({message:`Token carries broader scopes than vis needs: ${g.join(", ")}. The release flow needs only contents:write + pull-requests:write (+ optional id-token:write for OIDC). Consider provisioning a fine-grained PAT or scoping the workflow's permissions block.`,name:"github.token-scopes",severity:"warn",status:"fail"}):a.push({message:`Token scopes look appropriately narrow: ${r.join(", ")||"(none)"}.`,name:"github.token-scopes",severity:"info",status:"pass"})}}catch{a.push({message:"Skipped: gh auth status could not be invoked.",name:"github.token-scopes",severity:"info",status:"skip"})}(process.env.CI==="true"||process.env.GITHUB_ACTIONS==="true")&&(process.env.ACTIONS_ID_TOKEN_REQUEST_URL?a.push({message:"GitHub Actions OIDC env vars present.",name:"oidc-available",severity:"info",status:"pass"}):process.env.NPM_TOKEN?a.push({message:"OIDC env vars missing; falling back to NPM_TOKEN. Add `permissions: { id-token: write }` to the workflow to enable trusted publishing.",name:"oidc-available",severity:"warn",status:"fail"}):a.push({message:"Neither OIDC env vars nor NPM_TOKEN are set in CI. Publish will fail.",name:"oidc-available",severity:"error",status:"fail"}));const y=await import("node:fs/promises"),b=await import("node:path");for(const e of n.packages){if(e.manifest.napi===void 0)continue;const i=b.join(e.dir,"npm");try{const t=(await y.readdir(i,{withFileTypes:!0})).filter(g=>g.isDirectory());if(t.length===0){a.push({message:`${e.name} has a napi field but no npm/<platform>/ subdirs. Run pnpm exec napi artifacts before publishing.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"fail"});continue}const s=[];for(const g of t){const l=b.join(i,g.name,"package.json");try{const p=JSON.parse(await y.readFile(l,"utf8"));p.version!==e.version&&s.push(`${g.name} (${p.version} vs parent ${e.version})`)}catch{s.push(`${g.name} (unreadable manifest)`)}}s.length>0?a.push({message:`${e.name}: platform versions out of sync — ${s.join(", ")}. They'll be re-synced on next publish.`,name:`napi-${e.name}-versions`,severity:"warn",status:"fail"}):a.push({message:`${e.name}: ${t.length} platform package(s), all versions in sync.`,name:`napi-${e.name}`,severity:"info",status:"pass"});const r=e.manifest.optionalDependencies??{},o=[];for(const g of t)try{const l=JSON.parse(await y.readFile(b.join(i,g.name,"package.json"),"utf8"));Object.hasOwn(r,l.name)||o.push(l.name)}catch{}o.length>0&&a.push({message:`${e.name}: missing optionalDependencies entries for: ${o.join(", ")}. Consumers won't get the right binary.`,name:`napi-${e.name}-optdeps`,severity:"error",status:"fail"})}catch{a.push({message:`${e.name}: could not read npm/ subdir.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"skip"})}}{const{resolveVersionActionsId:e}=await import("./orchestrator.js").then(t=>t.w),i=n.packages.filter(t=>e(t,n.perPackageConfig.get(t.name)??{})==="jsr");for(const t of i){const s=n.perPackageConfig.get(t.name)??{},r=["jsr","publish","--dry-run","--allow-dirty"],o=s.jsrConfigPath;o!==void 0&&o!=="jsr.json"&&r.push("--config",o);for(const g of s.jsrPublishArgs??[])r.push(g);try{const g=await n.pm.runner.run("npx",r,{cwd:t.dir,silent:!0});g.exitCode===0?a.push({message:`${t.name}: \`jsr publish --dry-run\` passed.`,name:`jsr-dry-run/${t.name}`,severity:"info",status:"pass"}):a.push({message:`${t.name}: \`jsr publish --dry-run\` reported issues (slow types / exports / auth?): ${(g.stderr||g.stdout).trim().slice(0,300)}`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"fail"})}catch(g){a.push({message:`${t.name}: could not run \`npx jsr publish --dry-run\` (${g.message}). Install the jsr CLI / check network to enable this pre-flight.`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"skip"})}}}if(n.plan.warnings.length>0)for(const e of n.plan.warnings)a.push({message:e,name:"plan-warning",severity:"warn",status:"fail"});else a.push({message:n.plan.releases.length===0?"No pending releases.":`Plan resolves ${n.plan.releases.length} release(s).`,name:"plan-readable",severity:"info",status:"pass"});const d=n.config.publish?.guards;if(d?.packSecretScan)try{await import("@visulima/secret-scanner"),a.push({message:"@visulima/secret-scanner resolves; pack-set secret scanning will run.",name:"publish-guards.packSecretScan",severity:"info",status:"pass"})}catch{a.push({message:"publish.guards.packSecretScan is enabled but @visulima/secret-scanner is not installed. pnpm add -D @visulima/secret-scanner, or set the gate to false.",name:"publish-guards.packSecretScan",severity:"error",status:"fail"})}d?.audit&&d.audit!=="off"&&a.push({message:`Runtime npm audit gate active at "${d.audit}" severity.`,name:"publish-guards.audit",severity:"info",status:"pass"});const f=n.config.publish?.releaseAssets;if((f?.stampHashes||f?.uploadTarball)&&a.push({message:`Release-asset attestation: stampHashes=${f.stampHashes??!1}, uploadTarball=${f.uploadTarball??!1}.`,name:"publish-releaseAssets",severity:"info",status:"pass"}),n.config.publish?.stage){try{const{execSync:r}=await import("node:child_process"),o=r("npm --version",{stdio:["ignore","pipe","ignore"]}).toString().trim(),[g="0",l="0"]=o.split("."),p=Number.parseInt(g,10)>11||Number.parseInt(g,10)===11&&Number.parseInt(l,10)>=15;a.push({message:p?`npm ${o} supports \`npm stage publish\`.`:`npm ${o} is too old for staged publishing. Upgrade to npm ≥ 11.15.0.`,name:"publish-stage.npm-version",severity:p?"info":"error",status:p?"pass":"fail"})}catch{a.push({message:"publish.stage is enabled but npm is not on PATH.",name:"publish-stage.npm-version",severity:"error",status:"fail"})}const e=n.config.publish?.registry??"https://registry.npmjs.org/",i=/(?:^|:\/\/)registry\.npmjs\.(?:org|com)\//.test(e);a.push({message:i?"Registry is npmjs.com; staging is supported.":`publish.stage is enabled but registry "${e}" is not npmjs.com. Staging is npm Inc-specific; the request will be rejected.`,name:"publish-stage.registry",severity:i?"info":"warn",status:i?"pass":"fail"});const t=n.packages.filter(r=>r.manifest.publishConfig?.access==="restricted"),s=!!process.env.ACTIONS_ID_TOKEN_REQUEST_URL&&!process.env.NPM_TOKEN;t.length>0&&s&&a.push({message:`${t.length} package(s) have publishConfig.access: "restricted" and OIDC trusted publishing is active. Staging this combo is not supported in v1 (no static token for the post-decision read). Set NPM_TOKEN, or disable publish.stage for these packages.`,name:"publish-stage.oidc-restricted",severity:"error",status:"fail"})}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readStagedRegistry:i}=await import("./staged-registry.js"),t=await i(c,n.config.changesDir??e);if(t.pending.length>0){const s=t.pending.map(r=>`${r.name}@${r.version} (${r.reason})`).join(", ");a.push({message:`${t.pending.length} pending stage(s) recorded in .vis/release/staged.json: ${s}. Approve / reject before the next release: vis release stage approve --all`,name:"publish-stage.pending",severity:"warn",status:"fail"})}}catch{}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readFile:i}=await import("node:fs/promises"),{join:t}=await import("node:path"),s=t(c,n.config.changesDir??e,".state.json"),r=await i(s,"utf8"),o=JSON.parse(r);Array.isArray(o.stagedIds)&&o.stagedIds.length>0&&a.push({message:`Found ${o.stagedIds.length} legacy stage id(s) in .state.json#stagedIds: ${o.stagedIds.join(", ")}. The new registry lives in .vis/release/staged.json. Approve / reject these via npmjs.com or \`vis release stage approve <id>\` to avoid losing them.`,name:"publish-stage.legacy-stagedIds",severity:"warn",status:"fail"})}catch{}{const e=n.packages.filter(i=>n.perPackageConfig.get(i.name)?.versionActions==="shell");for(const i of e){const t=n.perPackageConfig.get(i.name)??{},s=n.config.allowCustomCommands,r=s===!0||Array.isArray(s)&&s.includes(i.name),o=t.publishCommand!==void 0&&t.publishCommand!=="";r||a.push({message:`${i.name} uses versionActions: "shell" but release.allowCustomCommands does not permit it. Set allowCustomCommands: true or include "${i.name}" in the array.`,name:`shell-actions.${i.name}.trust-gate`,severity:"error",status:"fail"}),o?r&&a.push({message:`${i.name} → shell publish (${Array.isArray(t.publishCommand)?`${t.publishCommand.length} commands`:"1 command"}).`,name:`shell-actions.${i.name}`,severity:"info",status:"pass"}):a.push({message:`${i.name} uses versionActions: "shell" but no publishCommand is configured. Set release.packages["${i.name}"].publishCommand.`,name:`shell-actions.${i.name}.publish-command`,severity:"error",status:"fail"})}}if(!n.config.gitUser)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=e(),t=await i.run("git",["config","user.name"],{cwd:c,silent:!0}),s=await i.run("git",["config","user.email"],{cwd:c,silent:!0}),r=t.exitCode===0&&t.stdout.trim().length>0,o=s.exitCode===0&&s.stdout.trim().length>0;!r||!o?a.push({message:`git config user.name/user.email is not set (name=${r?"ok":"missing"}, email=${o?"ok":"missing"}). vis auto-commits staged.json and version bumps — these will fail without an identity. Set release.gitUser in vis.config.ts or configure git globally.`,name:"git.identity",severity:"warn",status:"fail"}):a.push({message:`git identity: ${t.stdout.trim()} <${s.stdout.trim()}>.`,name:"git.identity",severity:"info",status:"pass"})}catch{}if(n.config.signing){const{signing:e}=n.config;try{const{createShellRunner:i}=await import("./shell-runner.js"),t=i(),s=await t.run("git",["config","user.signingkey"],{cwd:c,silent:!0}),r=await t.run("git",["config","gpg.format"],{cwd:c,silent:!0}),o=s.exitCode===0?s.stdout.trim():"",g=r.exitCode===0?r.stdout.trim():"",l=o.length>0||!!e.key;if(e.mode==="ssh")g!=="ssh"||!l?a.push({message:`release.signing.mode is "ssh" but git config is incomplete (gpg.format=${g||"<unset>"}, user.signingkey=${l?"ok":"missing"}). Run \`git config gpg.format ssh\` and \`git config user.signingkey <path-to-key>\` before releasing.`,name:"git.signing",severity:"warn",status:"fail"}):a.push({message:"git signing: ssh mode active (gpg.format=ssh, signingkey configured).",name:"git.signing",severity:"info",status:"pass"});else if(e.mode==="sigstore"){const{gitsignAvailable:p}=await import("./git.js");await p({cwd:c,runner:t})?a.push({message:"git signing: sigstore mode (preview); gitsign is on PATH.",name:"git.signing",severity:"info",status:"pass"}):a.push({message:'release.signing.mode is "sigstore" (preview) but gitsign is not on PATH. Tags will fall back to GPG signing with a warning. Install gitsign: https://github.com/sigstore/gitsign',name:"git.signing",severity:"warn",status:"fail"})}else if(l){const p=e.key?/[\\/]/.test(e.key)||/\.(?:pem|gpg|key|asc|p12|pfx)$/i.test(e.key)||e.key.length<8?"configured":`…${e.key.slice(-4)}`:"from git config";a.push({message:`git signing: gpg mode active (key: ${p}).`,name:"git.signing",severity:"info",status:"pass"})}else a.push({message:'release.signing.mode is "gpg" but neither release.signing.key nor git config user.signingkey is set. Configure one before releasing.',name:"git.signing",severity:"warn",status:"fail"})}catch(i){a.push({message:`Could not verify git signing config: ${i.message}.`,name:"git.signing",severity:"warn",status:"skip"})}}if(n.config.floatingMajorTag===!0&&n.config.signing?.mode==="sigstore"&&a.push({message:`release.floatingMajorTag and release.signing.mode="sigstore" are both enabled. The floating-tag retarget force-pushes <unscoped-name>-v<major> (e.g. acme-action-v1) on every release, which appends a new sigstore transparency-log entry to Rekor each time (Rekor is append-only — entries are never removed). Over a long-lived major you'll accumulate one log entry per release. Consider either dropping floatingMajorTag (and pin consumers to a specific tag) or switching to gpg/ssh signing if the Rekor footprint matters for your project.`,name:"floating-major-tag.signing-risk",severity:"warn",status:"fail"}),n.config.floatingMajorTag===!0)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=await e().run("git",["tag","--list","v*"],{cwd:c,silent:!0});if(i.exitCode===0){const t=i.stdout.split(`
3
- `).map(s=>s.trim()).filter(s=>/^v\d+$/.test(s));if(t.length===0)a.push({message:"No legacy `v<major>` tags found; floating-tag migration is clean.",name:"floating-major-tag.legacy-tags",severity:"info",status:"pass"});else{const s=t.slice(0,5),r=t.length>5?` (+${t.length-5} more)`:"",o=t[0],g=o.slice(1);a.push({message:`Legacy floating-major tags detected (${s.join(", ")}${r}). After upgrading the floating-tag format to \`<safe-name>-v<major>\`, these legacy tags are no longer updated. Consumers pinning \`<repo>@${o}\` will silently freeze at the pre-upgrade commit. Migration:
4
- 1. Re-tag the legacy tag to point at the new floating tag:
5
- git tag -f ${o} <safe-name>-v${g}
6
- git push --force origin ${o}
7
- 2. Or sunset the legacy tag and announce the new pin to consumers.`,name:"floating-major-tag.legacy-tags",severity:"warn",status:"fail"})}}else a.push({message:`Skipped: \`git tag --list "v*"\` exited ${i.exitCode}.`,name:"floating-major-tag.legacy-tags",severity:"info",status:"skip"})}catch(e){a.push({message:`Skipped: could not list git tags: ${e.message}.`,name:"floating-major-tag.legacy-tags",severity:"info",status:"skip"})}if(m.firstRelease===!0){const e=[];try{const{createShellRunner:i}=await import("./shell-runner.js"),t=i(),s=new Set,r=n.config.releaseTagPattern??"{name}@{version}";s.add(r);for(const o of n.packages){const g=n.perPackageConfig.get(o.name)?.releaseTagPattern??r;s.add(g)}for(const o of s){const g=o.replaceAll(/\{(?:name|unscopedName|version|major|minor|patch|date|channel)\}/g,()=>"*"),l=await t.run("git",["tag","--list",g],{cwd:c,silent:!0});if(l.exitCode!==0)continue;const p=l.stdout.split(`
8
- `).map(v=>v.trim()).filter(Boolean);p.length>0&&e.push(`Found ${p.length} git tag(s) matching "${o}": ${p.slice(0,5).join(", ")}${p.length>5?` (+${p.length-5} more)`:""}.`)}}catch(i){e.push(`Could not scan git tags: ${i.message}.`)}try{const{resolveVersionActionsId:i}=await import("./orchestrator.js").then(s=>s.w),{createVersionActions:t}=await import("../packem_shared/createVersionActions-BK43SNDH.js");for(const s of n.packages){const r=n.perPackageConfig.get(s.name),o=i(s,r??{});let g;try{g=t(o)}catch{continue}let l;try{l=await g.readPublishedVersion.call(g,{perPackageConfig:r,pkg:s,pm:n.pm})}catch{continue}l&&l.length>0&&e.push(`${s.name} is already published at version ${l}.`)}}catch(i){e.push(`Could not probe published versions: ${i.message}.`)}e.length>0?a.push({message:`--first-release is set but the workspace is NOT greenfield: ${e.join(" ")} Remove --first-release and run a normal release, or roll back the existing tags / unpublish before bootstrapping.`,name:"first-release.repo-not-greenfield",severity:"error",status:"fail"}):a.push({message:"Workspace looks greenfield (no matching release tags, no published versions detected). Safe to use --first-release.",name:"first-release.repo-not-greenfield",severity:"info",status:"pass"})}if(n.config.gitlabHost){const{detectRemoteProvider:e}=await import("./detect2.js"),{createShellRunner:i}=await import("./shell-runner.js"),t=await e(c,i(),n.config.provider);t==="gitlab"?a.push({message:`Self-hosted GitLab host configured: ${n.config.gitlabHost}.`,name:"gitlab-host",severity:"info",status:"pass"}):a.push({message:`release.gitlabHost is set ("${n.config.gitlabHost}") but the resolved provider is "${t}". The host will be ignored. Either set release.provider: "gitlab" or remove gitlabHost.`,name:"gitlab-host",severity:"warn",status:"fail"})}if(n.config.githubHost){const{detectRemoteProvider:e}=await import("./detect2.js"),{createShellRunner:i}=await import("./shell-runner.js"),t=await e(c,i(),n.config.provider);t==="github"?await import("node:child_process").then(({execSync:s})=>{try{return s("gh --version",{stdio:"ignore"}),!0}catch{return!1}})?a.push({message:`Self-hosted GitHub Enterprise host configured: ${n.config.githubHost}.`,name:"github-host",severity:"info",status:"pass"}):a.push({message:`release.githubHost is set ("${n.config.githubHost}") but the gh CLI is not on PATH. Install gh and run \`gh auth login --hostname ${n.config.githubHost}\` before releasing.`,name:"github-host",severity:"error",status:"fail"}):a.push({message:`release.githubHost is set ("${n.config.githubHost}") but the resolved provider is "${t}". The host will be ignored. Either set release.provider: "github" or remove githubHost.`,name:"github-host",severity:"warn",status:"fail"})}{const e=await import("node:fs/promises"),i=await import("node:path");let t;for(const s of n.packages){const r=n.perPackageConfig.get(s.name);if(r){if(r.uvLockPath){const o=i.isAbsolute(r.uvLockPath)?r.uvLockPath:i.join(s.dir,r.uvLockPath);try{await e.access(o),a.push({message:`uv.lock present at ${o}.`,name:`uv-lockfile/${s.name}`,severity:"info",status:"pass"})}catch{a.push({message:`${s.name}: configured uvLockPath "${r.uvLockPath}" doesn't exist (expected ${o}). Run \`uv lock\` to generate it, or remove uvLockPath if the lockfile lives elsewhere.`,name:`uv-lockfile/${s.name}`,severity:"warn",status:"fail"})}}if(r.uvWorkspace?.root){const o=i.resolve(s.dir,r.uvWorkspace.root),g=i.relative(o,s.dir).replaceAll("\\","/");switch(t||({checkUvWorkspaceMembership:t}=await import("./registry.js").then(l=>l.g)),await t(o,g)){case"member":{a.push({message:`${s.name} is a member of the uv workspace rooted at ${o}.`,name:`uv-workspace/${s.name}`,severity:"info",status:"pass"});break}case"no-root-pyproject":{a.push({message:`${s.name}: uvWorkspace.root points at ${o} but no pyproject.toml was found there. Verify the path is correct.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"});break}case"no-workspace":{a.push({message:`${s.name}: uvWorkspace.root points at ${o} but that pyproject.toml has no [tool.uv.workspace] block. Add one with a "members" list, or drop the uvWorkspace setting.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"});break}default:a.push({message:`${s.name}: uv workspace root at ${o} has [tool.uv.workspace] but its "members" list doesn't include "${g}". Add the package to members or correct uvWorkspace.root.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"})}}}}}const{execFileSync:w}=await import("node:child_process"),k=(e,i)=>{const t=e.split(".").map(r=>Number.parseInt(r,10)),s=i.split(".").map(r=>Number.parseInt(r,10));for(const[r,o]of s.entries()){const g=t[r]??0;if(g!==(o??0))return g>(o??0)}return!0};{const e=process.versions.node,[i=0,t=0]=e.split(".").map(r=>Number.parseInt(r,10)),s=i===22&&t>=14||i>=24||i===23;a.push({message:`node@${e} (min: 22.14.0 || >=24.10.0)`,name:"node-version",severity:s?"info":"error",status:s?"pass":"fail"})}for(const[e,i,t]of[["git","2.31","git-version"],["gh","2.40","gh-version"]])try{const s=w(e,["--version"],{stdio:["ignore","pipe","ignore"]}).toString(),r=/(\d+\.\d+\.\d+)/.exec(s);if(!r)continue;const o=k(r[1],i);a.push({message:`${e}@${r[1]} (min: ${i})`,name:t,severity:o?"info":e==="git"?"error":"warn",status:o?"pass":"fail"})}catch{}{const e=new Set([n.config.publish?.registry??"https://registry.npmjs.org"]);for(const i of n.packages){const t=n.perPackageConfig.get(i.name)?.registry;t&&e.add(t)}for(const i of e)try{const t=i.replace(/\/+$/,""),s=await fetch(`${t}/-/ping`,{method:"HEAD",signal:AbortSignal.timeout(3e3)});a.push({message:`${i} reachable (HTTP ${s.status}).`,name:"registry-reachable",severity:s.ok||s.status===404?"info":"warn",status:"pass"})}catch(t){a.push({message:`${i} not reachable: ${t.message}. Publishing may fail (or you're offline — this is a warning).`,name:"registry-reachable",severity:"warn",status:"fail"})}}try{const e=w("git",["tag","--list"],{cwd:c,stdio:["ignore","pipe","ignore"]}).toString().split(/\r?\n/).map(s=>s.trim()).filter(Boolean),i=/(?:^|@)\d+\.\d+\.\d+(?:[-+].+)?$/,t=e.filter(s=>!i.test(s)&&!/^v?\d+\.\d+\.\d+/.test(s));a.push({message:e.length===0?"No git tags yet (fresh repo).":`${e.length-t.length}/${e.length} tags parse as a release tag${t.length>0?` (unrecognised: ${t.slice(0,3).join(", ")}${t.length>3?"…":""})`:""}.`,name:"tags-parseable",severity:"warn",status:t.length>0?"fail":"pass"})}catch{}{const{readFile:e}=await import("node:fs/promises"),i=await import("node:path");let t=0,s=0;for(const r of n.packages)try{const o=await e(i.join(r.dir,"CHANGELOG.md"),"utf8");s+=1,/^#{1,2}\s/m.test(o)&&(t+=1)}catch{}s>0&&a.push({message:`${t}/${s} existing CHANGELOG.md file(s) have a recognised heading structure.`,name:"changelog-format",severity:"info",status:t===s?"pass":"fail"})}try{const e=await n.pm.readCatalogYaml(c);if(e){const{parseCatalogs:i}=await import("./registry.js").then(r=>r.f),t=i(e),s=[];for(const r of n.packages)for(const o of["dependencies","devDependencies","peerDependencies","optionalDependencies"]){const g=r.manifest[o];if(!(!g||typeof g!="object"))for(const[l,p]of Object.entries(g)){if(typeof p!="string"||!p.startsWith("catalog:"))continue;const v=p.slice(8)||"default";(v==="default"?t.default?.[l]:t.named?.[v]?.[l])||s.push(`${r.name} → ${l} (${p})`)}}a.push({message:s.length===0?"All catalog: references resolve against pnpm-workspace.yaml.":`${s.length} catalog: reference(s) don't resolve: ${s.slice(0,3).join("; ")}${s.length>3?"…":""}`,name:"catalog-consistency",severity:"warn",status:s.length===0?"pass":"fail"})}}catch{}await $(u,m,a);const C=a.some(e=>e.severity==="error"&&e.status==="fail");process.exitCode=C?1:0},$=async(u,m,h)=>{if(m.json){process.stdout.write(`${JSON.stringify({checks:h},null,2)}
9
- `);return}for(const c of h){const a=`${c.status==="pass"?"✓":c.status==="fail"?"✗":"—"} [${c.severity}] ${c.name}: ${c.message}`;c.severity==="error"&&c.status==="fail"?u.error(a):c.severity==="warn"&&c.status==="fail"?u.warn(a):u.info(a)}};export{A as default};
1
+ const i=`
2
+ 🔧 vis release CI setup
3
+
4
+ 1. Workflow permissions
5
+ Add to .github/workflows/vis-release.yml:
6
+ permissions:
7
+ contents: write
8
+ pull-requests: write
9
+ id-token: write # required for OIDC trusted publishing on npm
10
+
11
+ 2. Secrets
12
+ Required:
13
+ - VIS_GH_TOKEN — PAT or GitHub App token. Used to force-push the
14
+ version-PR branch and create/edit the version PR. The default
15
+ \${{ github.token }} is anti-recursion-locked and cannot trigger
16
+ downstream workflows on the version-PR.
17
+ - GH_TOKEN — \${{ github.token }} works for read-only / commenting.
18
+ Optional:
19
+ - NPM_TOKEN — fallback when OIDC is not available. Trusted Publishing
20
+ (id-token: write) is preferred.
21
+
22
+ 3. Trusted Publishing on npm
23
+ For each published package:
24
+ a. https://npmjs.com/package/<name>/access → Publishing access
25
+ b. Add a Trusted Publisher with provider=GitHub Actions
26
+ c. Repository: visulima/visulima
27
+ d. Workflow filename: vis-release.yml
28
+ e. Environment name: (leave blank unless you use one)
29
+
30
+ 4. Concurrency group (recommended)
31
+ concurrency:
32
+ group: vis-release-\${{ github.ref }}
33
+ cancel-in-progress: false
34
+
35
+ 5. Husky pre-commit gate (optional)
36
+ Add to .husky/pre-commit:
37
+ vis release check --hook pre-commit --no-fail
38
+ (Or run \`vis release init\` and confirm the prompt — it'll auto-wire
39
+ the hook if you say yes.)
40
+
41
+ 📚 RFC: packages/tooling/vis/rfc/design-release-manager.md (§16)
42
+ `,o=async({logger:e})=>{e.info(i)};export{o as default};
@@ -1,75 +1,8 @@
1
- import{createRequire as N}from"node:module";const R=N(import.meta.url),j=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=e=>{if(typeof j<"u"&&j.versions&&j.versions.node){const[n,a]=j.versions.node.split(".").map(Number);if(n>22||n===22&&a>=3||n===20&&a>=16)return j.getBuiltinModule(e)}return R(e)},{mkdir:J,readFile:$,writeFile:w,readdir:S,access:M,rm:O}=A("node:fs/promises"),{join:l,relative:v,dirname:P}=A("node:path"),k=async e=>{try{return await M(e),!0}catch{return!1}},_=async e=>await k(l(e,".changeset"))?"changesets":await k(l(e,".bumpy"))?"bumpy":await(async()=>{for(const a of[".releaserc.json",".releaserc.cjs",".releaserc.js"])if(await k(l(e,a)))return!0;const n=[l(e,"packages"),l(e,"apps")];for(;n.length>0;){const a=n.shift();let t;try{t=await S(a,{withFileTypes:!0})}catch{continue}for(const s of t)if(s.isDirectory()){if(s.name==="node_modules"||s.name.startsWith("."))continue;n.push(l(a,s.name))}else if(s.name===".releaserc.json"||s.name===".releaserc.cjs"||s.name===".releaserc.js")return!0;if(n.length>200)break}return!1})()?"semantic-release":"fresh",C=async e=>{const n=[];for(const s of[".releaserc.json",".releaserc.cjs",".releaserc.js"]){const f=l(e,s);await k(f)&&n.push(f)}const a=[l(e,"packages"),l(e,"apps")];let t=0;for(;a.length>0&&t<5e3;){const s=a.shift();t+=1;let f;try{f=await S(s,{withFileTypes:!0})}catch{continue}for(const i of f){const r=l(s,i.name);if(i.isDirectory()){if(i.name==="node_modules"||i.name.startsWith("."))continue;a.push(r)}else(i.name===".releaserc.json"||i.name===".releaserc.cjs"||i.name===".releaserc.js")&&n.push(r)}}return n},F=async e=>{if(!e.endsWith(".json"))return{path:e};try{const n=await $(e,"utf8"),a=JSON.parse(n);return{branches:a.branches,extends:typeof a.extends=="string"?a.extends:void 0,path:e,plugins:Array.isArray(a.plugins)?a.plugins:void 0}}catch{return}},B=e=>Array.isArray(e)?e.map(n=>{if(typeof n=="string")return{name:n};if(typeof n=="object"&&n!==null&&typeof n.name=="string"){const a=n;return{channel:a.channel,name:a.name,prerelease:a.prerelease}}}).filter(n=>n!==void 0):[],T=e=>{const n={};for(const a of e){const t={tag:"latest"};typeof a.prerelease=="string"?(t.prerelease=a.prerelease,t.tag=a.prerelease,t.mode="auto-publish"):a.prerelease===!0?(t.prerelease=a.name,t.tag=a.name,t.mode="auto-publish"):(t.tag=a.channel??(a.name==="main"||a.name==="master"?"latest":a.name),t.mode="version-pr"),n[a.name]=t}return n},z=async({logger:e,options:n,workspaceRoot:a})=>{const t=a??process.cwd(),s=n.dryRun===!0;let f=n.apply===!0;s&&f&&(e.warn("--apply is ignored because --dry-run is set (dry-run takes precedence)."),f=!1);let i;n.fromSemanticRelease?i="semantic-release":n.fromChangesets?i="changesets":n.fromBumpy?i="bumpy":n.fresh?i="fresh":i=await _(t),e.info(`Detected source: ${i}`),e.info("");const r=l(t,".vis","release"),c=".vis/release/.state.json",g=".vis/release/.lock",u=l(t,".gitignore");if(s)e.info(`[dry-run] would create directory: ${r}`),e.info(`[dry-run] would append to .gitignore:
2
- ${c}
3
- ${g}`);else{await J(r,{recursive:!0}),e.info(`Created ${v(t,r)}/`);try{const p=await $(u,"utf8"),h=[];p.includes(c)||h.push(c),p.includes(g)||h.push(g),h.length>0&&(await w(u,`${p.replace(/\n*$/,`
4
- `)}
5
- # vis release subsystem
6
- ${h.join(`
7
- `)}
8
- `),e.info("Updated .gitignore."))}catch{await w(u,`# vis release subsystem
9
- ${c}
10
- ${g}
11
- `),e.info("Created .gitignore.")}}const o=".vis/release/**",d=l(t,".secretlintignore");if(s)e.info(`[dry-run] would add to .secretlintignore:
12
- ${o}`);else try{const p=await $(d,"utf8");p.includes(o)||(await w(d,`${p.replace(/\n*$/,`
13
- `)}
14
- # vis release change files (author handles false-positive secretlint)
15
- ${o}
16
- `),e.info("Updated .secretlintignore."))}catch{await w(d,`# vis release change files (author handles false-positive secretlint)
17
- ${o}
18
- `),e.info("Created .secretlintignore.")}switch(i){case"bumpy":{await U(t,s,e);break}case"changesets":{await E(t,s,e);break}case"semantic-release":{await D(t,s,f,e);break}default:V(e)}await q(t,s,n.yes===!0,e),await G(t,s,n,e),e.info(""),e.info("Next steps:"),e.info(" 1. Add the `release: { ... }` block above to your vis.config.ts"),e.info(" 2. Author your first change file: vis release add"),e.info(" 3. Preview the plan: vis release status"),e.info(" 4. Apply: vis release version --dry-run")},D=async(e,n,a,t)=>{const s=await C(e);if(t.info(`Found ${s.length} .releaserc file(s).`),s.length===0)return;let f=[],i=0;for(const o of s){const d=await F(o);d&&(d.branches&&(f=[...f,...B(d.branches)]),d.plugins?.some(p=>typeof p=="string"&&p.includes("native-addons"))&&(i+=1),d.plugins?.some(p=>Array.isArray(p)&&typeof p[0]=="string"&&p[0].includes("native-addons"))&&(i+=1))}const r=new Set,c=f.filter(o=>r.has(o.name)?!1:(r.add(o.name),!0)),g=c.length>0?T(c):{alpha:{mode:"auto-publish",prerelease:"alpha",tag:"alpha"},main:{mode:"version-pr",tag:"latest"}};t.info(""),t.info("Suggested vis.config.ts release block (paste into your existing config):"),t.info("");const u=` release: {
19
- baseBranch: "main",
20
- defaultManaged: false, // flip to true after Phase 6
21
- channels: {
22
- ${Object.entries(g).map(([o,d])=>` ${JSON.stringify(o)}: ${JSON.stringify(d)},`).join(`
23
- `)}
24
- },
25
- publish: {
26
- packManager: "auto",
27
- publishStrategy: "npm-publish-tarball",
28
- publishArgs: ["--provenance"],
29
- protocolResolution: "pack",
30
- catalogResolution: "auto",
31
- cleanPackageJson: true,
32
- },
33
- gitUser: { name: "release-bot", email: "release-bot@example.com" },
34
- },`;if(t.info(u),t.info(""),i>0&&(t.info(`Found ${i} package(s) using a NAPI native-addons plugin.`),t.info("These will auto-detect via the `napi` field in package.json — no config needed."),t.info("")),t.info("Migration is per-package opt-in (RFC §17.1). For each package you want to migrate:"),t.info(' 1. Add to its package.json: "vis-release": { "managed": true }'),t.info(" 2. Backfill any missing git tags so already-published detection works."),t.info(" 3. Add to multi-semantic-release's --ignore-packages list in your release workflow."),t.info(""),!a){t.info("Existing .releaserc.json files are kept in place during transition (deleted in Phase 6)."),t.info("Re-run with `--apply` to perform the writes automatically.");return}t.info(""),t.info("Applying migration writes (--apply set)…"),await I(e,s,u,t),t.info(""),t.info("Migration writes complete. Follow-up steps you still need to do manually:"),t.info(" - Update your CI workflow: remove `multi-semantic-release` step, add `vis release ci/release` step (see `.github/workflows/vis-release.yml` example in the vis package)"),t.info(" - Run `pnpm install` to drop semantic-release deps once you remove them from root package.json"),t.info(" - Run `vis release doctor` to verify the migration")},I=async(e,n,a,t)=>{const s=l(e,"vis.config.ts"),f=await $(s,"utf8").catch(()=>{});if(f===void 0){const i=`import { defineConfig } from "@visulima/vis/config";
1
+ import{b as g}from"./orchestrator.js";import{detectRemoteProvider as h,createRemoteClient as $}from"./detect2.js";import{createShellRunner as w}from"./shell-runner.js";import{runSnapshot as R}from"./snapshot.js";const y=(r,o)=>{if(r.length===0)return"_No packages were affected by this PR._";const n=["### 📦 Preview Packages",""];for(const e of r){const t=`${e.name}@${e.version}`;n.push(`- \`${e.name}\` \`${e.version}\``),o?n.push(` \`\`\`sh
2
+ npm i ${t} --registry ${o}
3
+ \`\`\``):n.push(` \`\`\`sh
4
+ npm i ${t}
5
+ \`\`\``)}return n.join(`
6
+ `)},S=async({logger:r,options:o,workspaceRoot:n})=>{const e=n??process.cwd(),t=w(),l=await h(e,t),a=$(l),s=a.detectPullRequestNumber(process.env),p=o.tag??(s?`pr-${s}`:void 0);if(!p){r.error("Could not determine snapshot tag. Pass --tag or run in a PR context (GITHUB_REF=refs/pull/<n>/merge)."),process.exitCode=1;return}if(o.onClose){await C(e,t,a,s,r);return}let c,u;try{c=await g({cwd:e});const{printConfigIfRequested:i}=await import("./print-config.js");if(i(o,c,r))return;u=await R({context:c,runner:t,tag:p})}catch(i){r.error(`Snapshot failed: ${i.message}`),process.exitCode=1;return}if(r.info(`Snapshotted ${u.published.length} package(s) at version ${u.snapshotVersion} → tag "${u.tag}"`),!s)return;const d=await a.detectRepoSlug(e,t);if(!d){r.warn("Could not detect repo slug — skipping sticky PR comment.");return}const m="<!-- vis-release-snapshot-comment -->",f=`${m}
35
7
 
36
- export default defineConfig({
37
- ${a}
38
- });
39
- `;await w(s,i),t.info(` wrote ${v(e,s)}`)}else if(/\brelease\s*:/.test(f))t.warn(` skipped ${v(e,s)} — already has a \`release\` key; merge the suggested block manually.`);else{const i=W(f,a);i===void 0?t.warn(` skipped ${v(e,s)} — could not locate \`defineConfig({\` or \`export default {\` to inject into; merge the suggested block manually.`):(await w(s,i),t.info(` updated ${v(e,s)} (injected release block)`))}for(const i of n){const r=P(i),c=l(r,"package.json");if(!await k(c))continue;const g=await $(c,"utf8");let u;try{u=JSON.parse(g)}catch{t.warn(` skipped ${v(e,c)} — invalid JSON.`);continue}const o=u["vis-release"];if(o!==null&&typeof o=="object"&&o.managed===!0)continue;const d=o!==null&&typeof o=="object"?{...o,managed:!0}:{managed:!0};u["vis-release"]=d,await w(c,`${JSON.stringify(u,void 0,4)}
40
- `),t.info(` updated ${v(e,c)} (added vis-release.managed = true)`)}for(const i of n)await O(i,{force:!0}),t.info(` deleted ${v(e,i)}`)},W=(e,n)=>{const a=/defineConfig\s*\(\s*\{/.exec(e);if(a!==null){const s=a.index+a[0].length;return`${e.slice(0,s)}
41
- ${n}
42
- ${e.slice(s)}`}const t=/export\s+default\s+\{/.exec(e);if(t!==null){const s=t.index+t[0].length;return`${e.slice(0,s)}
43
- ${n}
44
- ${e.slice(s)}`}},E=async(e,n,a)=>{const t=l(e,".changeset"),s=l(t,"config.json"),f=l(t,"pre.json");if(await k(f)){a.error("Pre-release mode is active in changesets (.changeset/pre.json exists)."),a.error("Run `changeset pre exit && changeset version` to consume pending changes, then re-run `vis release init`."),process.exitCode=1;return}let i={};try{i=JSON.parse(await $(s,"utf8"))}catch{a.warn(".changeset/config.json missing or unreadable; using defaults.")}const r={access:i.access==="restricted"?"restricted":"public",baseBranch:typeof i.baseBranch=="string"?i.baseBranch:"main",defaultManaged:!0,fixed:Array.isArray(i.fixed)?i.fixed:[],ignore:Array.isArray(i.ignore)?i.ignore:[],linked:Array.isArray(i.linked)?i.linked:[],privatePackages:i.privatePackages??{tag:!1,version:!1},updateInternalDependencies:i.updateInternalDependencies??"out-of-range"},c=i.changelog,g=typeof c=="string"?c:Array.isArray(c)&&typeof c[0]=="string"?c[0]:void 0;let u;c===!1?u="false":g?.includes("@changesets/changelog-github")?u='"github"':(g?.includes("@changesets/cli"),u='"default"');const o=[];let d=0;try{const p=await S(t);for(const h of p)!h.endsWith(".md")||h==="README.md"||o.push(h)}catch{}if(o.length>0){const p=l(e,".vis","release");let h=0;for(const b of o){const m=l(t,b),y=l(p,b);if(n){a.info(`[dry-run] would copy ${m} → ${y}`);continue}if(await k(y)){a.info(`Skipping existing ${v(e,y)}.`),h+=1;continue}const x=await $(m,"utf8");await w(y,x),d+=1}h>0&&a.info(`Skipped ${h} file(s) that already exist in .vis/release/.`)}a.info(`Found ${o.length} pending .changeset/*.md file(s); ${d>0?`copied ${d} to .vis/release/`:"(dry-run — would copy)"}.`),a.info(""),a.info("Suggested vis.config.ts release block:"),a.info(""),a.info(` release: {
45
- baseBranch: ${JSON.stringify(r.baseBranch)},
46
- access: ${JSON.stringify(r.access)},
47
- defaultManaged: ${r.defaultManaged},
48
- updateInternalDependencies: ${JSON.stringify(r.updateInternalDependencies)},
49
- fixed: ${JSON.stringify(r.fixed)},
50
- linked: ${JSON.stringify(r.linked)},
51
- ignore: ${JSON.stringify(r.ignore)},
52
- privatePackages: ${JSON.stringify(r.privatePackages)},
53
- changelog: ${u},
54
- publish: {
55
- packManager: "auto",
56
- publishStrategy: "npm-publish-tarball",
57
- cleanPackageJson: true,
58
- },
59
- },`),a.info(""),a.info("After confirming the config, you can delete `.changeset/` (or run `vis release init --remove-changesets`).")},U=async(e,n,a)=>{const t=l(e,".bumpy"),s=l(t,"_config.json");let f={};try{f=JSON.parse(await $(s,"utf8"))}catch{a.warn(".bumpy/_config.json missing or unreadable; using defaults.")}const i=JSON.stringify(f,null,4).split(`
60
- `).map(g=>` ${g}`).join(`
61
- `),r=[];let c=0;try{const g=await S(t);for(const u of g)!u.endsWith(".md")||u==="README.md"||r.push(u)}catch{}if(r.length>0){const g=l(e,".vis","release");let u=0;for(const o of r){const d=l(t,o),p=l(g,o);if(n){a.info(`[dry-run] would copy ${d} → ${p}`);continue}if(await k(p)){a.info(`Skipping existing ${v(e,p)}.`),u+=1;continue}const h=await $(d,"utf8");await w(p,h),c+=1}u>0&&a.info(`Skipped ${u} file(s) that already exist in .vis/release/.`)}a.info(`Found ${r.length} pending .bumpy/*.md file(s); ${c>0?`copied ${c} to .vis/release/`:"(dry-run)"}.`),a.info(""),a.info("Suggested vis.config.ts release block (bumpy config translates 1:1):"),a.info(""),a.info(` release: ${i.trimStart()},`),a.info(""),a.info("After confirming, delete `.bumpy/`.")},q=async(e,n,a,t)=>{const s=l(e,".husky","pre-commit");if(!await k(s))return;const f=await $(s,"utf8").catch(()=>"");if(f.includes("vis release check"))return;const i="vis release check --hook pre-commit --no-fail";if(!await(async()=>{if(!process.stdout.isTTY||process.env.CI==="true")return!1;if(a)return!0;try{const{confirmPrompt:c}=await import("./prompts.js");return await c(`Wire \`${i}\` into your .husky/pre-commit hook?`,!0)}catch{return!1}})()){t.info(""),t.info("Optional: add this line to .husky/pre-commit:"),t.info(` ${i}`);return}if(n){t.info(`[dry-run] would append \`${i}\` to .husky/pre-commit`);return}const r=`${f.replace(/\n*$/,`
62
- `)}${i}
63
- `;await w(s,r),t.info("Wired vis release check into .husky/pre-commit.")},G=async(e,n,a,t)=>{const s=a.workflows===!0,f=a.yes===!0;if(!s&&(!process.stdout.isTTY||process.env.CI==="true"))return;if(!(s||f||await(async()=>{try{const{confirmPrompt:m}=await import("./prompts.js");return await m("Generate CI workflow files for the active provider?",!0)}catch{return!1}})())){t.info(""),t.info("Skipped workflow generation. Re-run with `vis release init --workflows` later.");return}const{detectRemoteProvider:i}=await import("./detect2.js"),{generateWorkflowFiles:r}=await import("./workflow-templates.js"),{detectPackageManager:c}=await import("../packem_shared/createAdapter-bU4DIP3F.js"),{createShellRunner:g}=await import("./shell-runner.js"),u=g(),o=await i(e,u,void 0),d=await c(e,u),p=a.packageManager??d;let h={};try{const{loadVisConfig:m}=await import("../packem_shared/CONFIG_FILES-BfaR0jKT.js"),y=await m(e);y.release&&(h=y.release)}catch{}const b=r(h,{packageManager:p,provider:o});t.info(""),t.info(`Generating ${b.length} workflow file(s) for ${o}:`);for(const m of b){const y=l(e,m.path);if(await k(y)){t.warn(` ${m.path} — already exists, skipping`);continue}if(n){t.info(` ${m.path} — [dry-run] would write ${m.content.length} bytes`);continue}const x=await import("node:path");await J(x.dirname(y),{recursive:!0}),await w(y,m.content),t.info(` ${m.path} — wrote ${m.content.length} bytes`)}},V=e=>{e.info(""),e.info("Suggested vis.config.ts release block:"),e.info(""),e.info(` release: {
64
- baseBranch: "main",
65
- defaultManaged: true,
66
- channels: {
67
- main: { tag: "latest", mode: "version-pr" },
68
- },
69
- publish: {
70
- packManager: "auto",
71
- publishStrategy: "npm-publish-tarball",
72
- publishArgs: ["--provenance"],
73
- cleanPackageJson: true,
74
- },
75
- },`)};export{z as default};
8
+ ${y(u.published,c.config.snapshot?.registry)}`;try{const i=await a.upsertStickyComment(t,{body:f,cwd:e,issueNumber:s,marker:m,repo:d});i&&r.info(`${i.created?"Posted":"Updated"} snapshot comment on PR #${s}.`)}catch(i){r.warn(`upsertStickyComment failed (publish already succeeded): ${i.message}`)}},C=async(r,o,n,e,t)=>{if(!e){t.error("PR-close cleanup requires a PR context."),process.exitCode=1;return}const l=await n.detectRepoSlug(r,o);if(!l){t.warn("Could not detect repo slug — skipping cleanup.");return}const a=await o.run("gh",["api",`repos/${l}/pulls/${e}/commits`,"--paginate"],{cwd:r,silent:!0});if(a.exitCode!==0){t.warn(`gh api failed: ${a.stderr}`);return}let s;try{s=JSON.parse(a.stdout)}catch{t.warn("Could not parse gh api output.");return}const p=[`pr-${e}`];for(const c of s)p.push(c.sha,c.sha.slice(0,7));t.info(`Cleanup intent for PR #${e}: ${p.length} tag pattern(s) across ${s.length} commit(s)`),t.info("Default backend (pkg-pr-new) auto-cleans by TTL — no DELETE issued. Implement a custom backend's delete endpoint to enable real cleanup.")};export{S as default};
@@ -1,6 +1,4 @@
1
- import{createRequire as b}from"node:module";import{h as _,d as O,e as j}from"./bin.js";import{w as R}from"../packem_shared/pm-runner-OGResYrA.js";import{l as E}from"../packem_shared/dependency-scan-DnTgYleU.js";import{r as I}from"../packem_shared/provenance-_CJjMKwu.js";import{r as P}from"../packem_shared/signatures-C730vkyK.js";import{loadOptionalSigstore as C}from"./loader.js";const N=b(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$=r=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[o,t]=u.versions.node.split(".").map(Number);if(o>22||o===22&&t>=3||o===20&&t>=16)return u.getBuiltinModule(r)}return N(r)},{createHash:S}=$("node:crypto"),{isAbsolute:y,resolve:k,basename:v}=$("node:path"),T=r=>(r??"").split(",").map(o=>o.trim()).filter(o=>o.length>0),K=async({logger:r,options:o,workspaceRoot:t})=>{if(!t)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const i=o.format??"table",c=o.prodOnly??!1,p=o.failOn==="error"?"error":"warning",l=T(o.allowlist),a=R(t),d=E(t,a.name,{includeDev:!c}).map(({name:e,version:n})=>({name:e,version:n})),[m,g]=await Promise.all([I(d,{allowlist:l,workspaceRoot:t}),P(d,{allowlist:l,workspaceRoot:t})]),s=[...m.map(e=>({code:"provenance-regression",message:`Resolved ${e.packageName}@${e.version} has no published provenance attestation, but ${e.packageName}@${e.priorVersionWithProvenance} did a provenance regression.`,packageName:e.packageName,severity:"warning",version:e.version})),...g.map(e=>({code:e.code,message:e.message,packageName:e.packageName,severity:e.severity,version:e.version}))],f=s.filter(e=>p==="error"?e.severity==="error":!0);if(i==="json")process.stdout.write(`${JSON.stringify({findings:s,ok:f.length===0},void 0,2)}
2
- `);else if(i==="ndjson")for(const e of s)process.stdout.write(`${JSON.stringify(e)}
3
- `);else if(s.length===0)r.info(`No provenance regressions or signature problems across ${String(d.length)} locked packages.`);else{const e=process.stdout.columns||80;r.info(_(O.createElement(j,{data:s.map(n=>({code:n.code,package:`${n.packageName}@${n.version}`,severity:n.severity}))}),{columns:e}));for(const n of s)r.warn(`${n.packageName}@${n.version}: ${n.message}`)}f.length>0&&(process.exitCode=1)},D=()=>process.env.CI==="true"||typeof process.env.ACTIONS_ID_TOKEN_REQUEST_URL=="string"||typeof process.env.SIGSTORE_ID_TOKEN=="string",q=(r,o,t)=>({_type:"https://in-toto.io/Statement/v1",predicate:{buildDefinition:{buildType:"https://visulima.com/vis/attest/v1",externalParameters:{workspaceRoot:t},internalParameters:{},resolvedDependencies:[]},runDetails:{builder:{id:"https://visulima.com/vis"},metadata:{invocationId:process.env.GITHUB_RUN_ID??"",startedOn:new Date().toISOString()}}},predicateType:"https://slsa.dev/provenance/v1",subject:[{digest:{sha256:o},name:r}]}),G=async({argument:r,fs:o,logger:t,options:i,workspaceRoot:c})=>{if(!c)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const p=r[0];if(!p)throw new Error("Missing subject. Usage: vis attest <path-to-artifact>");const l=i.predicate??"slsaProvenance";if(l!=="slsaProvenance")throw new Error(`Unsupported predicate '${l}'. Only 'slsaProvenance' is supported.`);const a=y(p)?p:k(c,p),d=i.requireSigning??!1,m=i.format??"table";let g;try{g=await o.readFile(a)}catch{throw new Error(`Cannot read subject artifact at ${a}.`)}const s=S("sha256").update(g).digest("hex");if(!D()){const h="No ambient OIDC token (not running in CI). Keyless signing needs a Fulcio identity from CI OIDC.";if(d)throw new Error(`${h} Re-run in CI or drop --require-signing.`);if(m==="json"){process.stdout.write(`${JSON.stringify({ok:!1,reason:"no-ambient-oidc",sha256:s,skipped:!0,subject:v(a)},void 0,2)}
4
- `);return}t.warn(`${h} Skipping signing (subject sha256: ${s}). Pass --require-signing to make this fatal.`);return}const f=q(v(a),s,c),e=Buffer.from(JSON.stringify(f)),n=await(await C({workspaceRoot:c})).attest(e,"application/vnd.in-toto+json"),w=i.output?y(i.output)?i.output:k(c,i.output):`${a}.sigstore`;if(await o.writeFile(w,`${JSON.stringify(n,void 0,2)}
5
- `,"utf8"),m==="json"){process.stdout.write(`${JSON.stringify({bundle:w,ok:!0,sha256:s,subject:v(a)},void 0,2)}
6
- `);return}t.info(`Signed SLSA v1 provenance for ${v(a)} (sha256 ${s.slice(0,16)}…).`),t.info(`Bundle written to ${w}.`)};export{G as attestEmitExecute,K as attestVerifyExecute};
1
+ import{getAffectedProjects as $}from"@visulima/task-runner";import{b as E,O as F}from"./cli-main.js";import{r as b}from"../packem_shared/affected-shas-C1XuRlvo.js";import{f as k}from"../packem_shared/selectors-UmnAuc26.js";const T=async({argument:w,logger:s,options:e,runtime:j,visConfig:u,workspaceRoot:h})=>{const l=w[0];if(!l)throw new Error("Missing target. Usage: vis affected <target>");if(!h)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const a=h,{packageJsons:v,workspace:i}=E(a,u),y=F(a,i,v),g=new Set(["deep","direct","none"]),p=e.downstream??"deep",d=e.upstream??"none";if(!g.has(p))throw new Error(`Invalid --downstream value: "${p}". Must be "none", "direct", or "deep".`);if(!g.has(d))throw new Error(`Invalid --upstream value: "${d}". Must be "none", "direct", or "deep".`);let{base:c}=e,{head:f}=e;if(!c||!f){const o=b({defaultBase:u?.defaultBase,workspaceRoot:a});c=c??o.base,f=f??o.head,s.info(`▸ Resolved affected refs from ${o.provider} (${o.notes.join("; ")})`)}const S={base:c,downstream:p,head:f,projectGraph:y,projects:i.projects,upstream:d,workspaceRoot:a},n=await $(S);if(n.changedFiles.length===0){s.info("No files changed. Nothing to run.");return}if(n.affectedProjects.length===0){s.info("No projects affected by the changes.");return}let{affectedProjects:t}=n;if(e.query&&(t=k(t,i,e.query),t.length===0)){s.info(`Query "${String(e.query)}" matched no affected projects.`);return}if(e.sparseCheckout){const o=[...new Set(t.map(m=>i.projects[m]?.root??m))].sort();process.stdout.write(`${o.join(`
2
+ `)}
3
+ `);return}s.info(`Affected projects: ${t.join(", ")}`),n.changedFiles.length>0&&(process.env.VIS_AFFECTED_FILES=n.changedFiles.join(`
4
+ `));const r=[l,`--projects=${t.join(",")}`];e.parallel!==void 0&&r.push(`--parallel=${String(e.parallel)}`),e.cache||r.push("--no-cache"),e.dryRun&&r.push("--dry-run"),e.partition&&r.push(`--partition=${String(e.partition)}`),e.reverse&&r.push("--reverse"),typeof e.runnerTags=="string"&&e.runnerTags!==""&&r.push(`--runner-tags=${e.runnerTags}`);try{await j.runCommand("run",{argv:r})}finally{delete process.env.VIS_AFFECTED_FILES}};export{T as default};
@@ -1,5 +1,9 @@
1
- import{b as d}from"./orchestrator.js";const k=async({logger:c,options:o,workspaceRoot:p})=>{const l=p??process.cwd(),t=await d({channel:o.channel,cwd:l,firstRelease:o.firstRelease===!0,skipRegistryLookup:!0}),{printConfigIfRequested:f}=await import("./print-config.js");if(f(o,t,c))return;const s=o.package,i=s?t.plan.releases.filter(e=>e.name===s):t.plan.releases;if(i.length===0){if(s!==void 0&&s!==""){const e=new Set(t.plan.releases.map(a=>a.name)).has(s),r=t.packages.some(a=>a.name===s);let n;if(e)n=`release plan unexpectedly empty for "${s}"`;else if(r)n=`package "${s}" is in the workspace but has no pending release (no change file targets it).`;else{const a=t.packages.slice(0,5).map(u=>u.name).join(", "),m=a?` Known workspace packages: ${a}${t.packages.length>5?",":""}.`:"";n=`package "${s}" is not in this workspace.${m}`}c.error(`--package filter matched no releases: ${n}`),o.json&&process.stdout.write(`${JSON.stringify({error:n},null,2)}
2
- `),process.exitCode=1;return}o.json&&process.stdout.write(`{}
3
- `);return}if(o.json){const e={};for(const r of i)e[r.name]={from:r.oldVersion,to:r.newVersion};process.stdout.write(`${JSON.stringify(e,null,2)}
4
- `);return}const g=[...i].sort((e,r)=>e.name.localeCompare(r.name));for(const e of g)process.stdout.write(`${e.name} ${e.oldVersion} -> ${e.newVersion}
5
- `)};export{k as default};
1
+ import{b as j}from"./orchestrator.js";const A=async({logger:u,options:m,workspaceRoot:h})=>{const c=h??process.cwd(),a=[];let n;try{n=await j({cwd:c}),a.push({message:"vis.config.ts loaded; release block parsed.",name:"config-loads",severity:"error",status:"pass"})}catch(e){a.push({message:`Config failed to load: ${e.message}`,name:"config-loads",severity:"error",status:"fail"}),await $(u,m,a),process.exitCode=1;return}n.packages.length===0?a.push({message:"No packages discovered. Ensure your package manager's workspace block resolves.",name:"workspace-discovered",severity:"error",status:"fail"}):a.push({message:`Discovered ${n.packages.length} workspace package(s).`,name:"workspace-discovered",severity:"info",status:"pass"});try{const e=await n.pm.detectVersion(c);e?a.push({message:`${n.pm.id}@${e} (min required: ${n.pm.minVersion})`,name:"pm-version",severity:"info",status:"pass"}):a.push({message:`Could not detect ${n.pm.id} version.`,name:"pm-version",severity:"warn",status:"skip"})}catch(e){a.push({message:`Skipped: ${e.message}`,name:"pm-version",severity:"warn",status:"skip"})}n.branch&&n.channel?a.push({message:`Branch "${n.branch}" channel ${n.channel.tag}${n.channel.prerelease?` (preid: ${n.channel.prerelease})`:""}, mode: ${n.channel.mode}`,name:"branch-channel",severity:"info",status:"pass"}):n.branch&&!n.channel?a.push({message:`Branch "${n.branch}" does not match any configured channel. Releases will use dist-tag "latest" by default.`,name:"branch-channel",severity:"warn",status:"fail"}):a.push({message:"No branch detected (detached HEAD or non-git workspace).",name:"branch-channel",severity:"warn",status:"skip"});try{await import("node:child_process").then(({execSync:e})=>{try{return e("gh --version",{stdio:"ignore"}),!0}catch{return!1}})?a.push({message:"gh CLI is on PATH.",name:"gh-cli-available",severity:"info",status:"pass"}):a.push({message:"gh CLI not found. GH releases / PR comments will be skipped.",name:"gh-cli-available",severity:"warn",status:"fail"})}catch{}if(process.env.CI==="true"||process.env.GITHUB_ACTIONS==="true")try{const{createShellRunner:e}=await import("./shell-runner.js"),i=await e().run("gh",["auth","status","--show-token"],{cwd:c,silent:!0}),t=`${i.stdout}
2
+ ${i.stderr}`,s=/Token scopes:\s*(.+)/.exec(t);if(i.exitCode!==0||!s)a.push({message:"Skipped: `gh auth status` did not return a parseable Token scopes line. (Fine-grained tokens / OIDC-only auth fall in this bucket.)",name:"github.token-scopes",severity:"info",status:"skip"});else{const r=s[1].split(",").map(l=>l.trim().replaceAll(/^['"]|['"]$/g,"")).filter(Boolean),o=new Set(["admin:org","admin:repo_hook","delete_repo","repo","site_admin"]),g=r.filter(l=>o.has(l));g.length>0?a.push({message:`Token carries broader scopes than vis needs: ${g.join(", ")}. The release flow needs only contents:write + pull-requests:write (+ optional id-token:write for OIDC). Consider provisioning a fine-grained PAT or scoping the workflow's permissions block.`,name:"github.token-scopes",severity:"warn",status:"fail"}):a.push({message:`Token scopes look appropriately narrow: ${r.join(", ")||"(none)"}.`,name:"github.token-scopes",severity:"info",status:"pass"})}}catch{a.push({message:"Skipped: gh auth status could not be invoked.",name:"github.token-scopes",severity:"info",status:"skip"})}(process.env.CI==="true"||process.env.GITHUB_ACTIONS==="true")&&(process.env.ACTIONS_ID_TOKEN_REQUEST_URL?a.push({message:"GitHub Actions OIDC env vars present.",name:"oidc-available",severity:"info",status:"pass"}):process.env.NPM_TOKEN?a.push({message:"OIDC env vars missing; falling back to NPM_TOKEN. Add `permissions: { id-token: write }` to the workflow to enable trusted publishing.",name:"oidc-available",severity:"warn",status:"fail"}):a.push({message:"Neither OIDC env vars nor NPM_TOKEN are set in CI. Publish will fail.",name:"oidc-available",severity:"error",status:"fail"}));const y=await import("node:fs/promises"),b=await import("node:path");for(const e of n.packages){if(e.manifest.napi===void 0)continue;const i=b.join(e.dir,"npm");try{const t=(await y.readdir(i,{withFileTypes:!0})).filter(g=>g.isDirectory());if(t.length===0){a.push({message:`${e.name} has a napi field but no npm/<platform>/ subdirs. Run pnpm exec napi artifacts before publishing.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"fail"});continue}const s=[];for(const g of t){const l=b.join(i,g.name,"package.json");try{const p=JSON.parse(await y.readFile(l,"utf8"));p.version!==e.version&&s.push(`${g.name} (${p.version} vs parent ${e.version})`)}catch{s.push(`${g.name} (unreadable manifest)`)}}s.length>0?a.push({message:`${e.name}: platform versions out of sync — ${s.join(", ")}. They'll be re-synced on next publish.`,name:`napi-${e.name}-versions`,severity:"warn",status:"fail"}):a.push({message:`${e.name}: ${t.length} platform package(s), all versions in sync.`,name:`napi-${e.name}`,severity:"info",status:"pass"});const r=e.manifest.optionalDependencies??{},o=[];for(const g of t)try{const l=JSON.parse(await y.readFile(b.join(i,g.name,"package.json"),"utf8"));Object.hasOwn(r,l.name)||o.push(l.name)}catch{}o.length>0&&a.push({message:`${e.name}: missing optionalDependencies entries for: ${o.join(", ")}. Consumers won't get the right binary.`,name:`napi-${e.name}-optdeps`,severity:"error",status:"fail"})}catch{a.push({message:`${e.name}: could not read npm/ subdir.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"skip"})}}{const{resolveVersionActionsId:e}=await import("./orchestrator.js").then(t=>t.w),i=n.packages.filter(t=>e(t,n.perPackageConfig.get(t.name)??{})==="jsr");for(const t of i){const s=n.perPackageConfig.get(t.name)??{},r=["jsr","publish","--dry-run","--allow-dirty"],o=s.jsrConfigPath;o!==void 0&&o!=="jsr.json"&&r.push("--config",o);for(const g of s.jsrPublishArgs??[])r.push(g);try{const g=await n.pm.runner.run("npx",r,{cwd:t.dir,silent:!0});g.exitCode===0?a.push({message:`${t.name}: \`jsr publish --dry-run\` passed.`,name:`jsr-dry-run/${t.name}`,severity:"info",status:"pass"}):a.push({message:`${t.name}: \`jsr publish --dry-run\` reported issues (slow types / exports / auth?): ${(g.stderr||g.stdout).trim().slice(0,300)}`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"fail"})}catch(g){a.push({message:`${t.name}: could not run \`npx jsr publish --dry-run\` (${g.message}). Install the jsr CLI / check network to enable this pre-flight.`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"skip"})}}}if(n.plan.warnings.length>0)for(const e of n.plan.warnings)a.push({message:e,name:"plan-warning",severity:"warn",status:"fail"});else a.push({message:n.plan.releases.length===0?"No pending releases.":`Plan resolves ${n.plan.releases.length} release(s).`,name:"plan-readable",severity:"info",status:"pass"});const d=n.config.publish?.guards;if(d?.packSecretScan)try{await import("@visulima/secret-scanner"),a.push({message:"@visulima/secret-scanner resolves; pack-set secret scanning will run.",name:"publish-guards.packSecretScan",severity:"info",status:"pass"})}catch{a.push({message:"publish.guards.packSecretScan is enabled but @visulima/secret-scanner is not installed. pnpm add -D @visulima/secret-scanner, or set the gate to false.",name:"publish-guards.packSecretScan",severity:"error",status:"fail"})}d?.audit&&d.audit!=="off"&&a.push({message:`Runtime npm audit gate active at "${d.audit}" severity.`,name:"publish-guards.audit",severity:"info",status:"pass"});const f=n.config.publish?.releaseAssets;if((f?.stampHashes||f?.uploadTarball)&&a.push({message:`Release-asset attestation: stampHashes=${f.stampHashes??!1}, uploadTarball=${f.uploadTarball??!1}.`,name:"publish-releaseAssets",severity:"info",status:"pass"}),n.config.publish?.stage){try{const{execSync:r}=await import("node:child_process"),o=r("npm --version",{stdio:["ignore","pipe","ignore"]}).toString().trim(),[g="0",l="0"]=o.split("."),p=Number.parseInt(g,10)>11||Number.parseInt(g,10)===11&&Number.parseInt(l,10)>=15;a.push({message:p?`npm ${o} supports \`npm stage publish\`.`:`npm ${o} is too old for staged publishing. Upgrade to npm ≥ 11.15.0.`,name:"publish-stage.npm-version",severity:p?"info":"error",status:p?"pass":"fail"})}catch{a.push({message:"publish.stage is enabled but npm is not on PATH.",name:"publish-stage.npm-version",severity:"error",status:"fail"})}const e=n.config.publish?.registry??"https://registry.npmjs.org/",i=/(?:^|:\/\/)registry\.npmjs\.(?:org|com)\//.test(e);a.push({message:i?"Registry is npmjs.com; staging is supported.":`publish.stage is enabled but registry "${e}" is not npmjs.com. Staging is npm Inc-specific; the request will be rejected.`,name:"publish-stage.registry",severity:i?"info":"warn",status:i?"pass":"fail"});const t=n.packages.filter(r=>r.manifest.publishConfig?.access==="restricted"),s=!!process.env.ACTIONS_ID_TOKEN_REQUEST_URL&&!process.env.NPM_TOKEN;t.length>0&&s&&a.push({message:`${t.length} package(s) have publishConfig.access: "restricted" and OIDC trusted publishing is active. Staging this combo is not supported in v1 (no static token for the post-decision read). Set NPM_TOKEN, or disable publish.stage for these packages.`,name:"publish-stage.oidc-restricted",severity:"error",status:"fail"})}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readStagedRegistry:i}=await import("./staged-registry.js"),t=await i(c,n.config.changesDir??e);if(t.pending.length>0){const s=t.pending.map(r=>`${r.name}@${r.version} (${r.reason})`).join(", ");a.push({message:`${t.pending.length} pending stage(s) recorded in .vis/release/staged.json: ${s}. Approve / reject before the next release: vis release stage approve --all`,name:"publish-stage.pending",severity:"warn",status:"fail"})}}catch{}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readFile:i}=await import("node:fs/promises"),{join:t}=await import("node:path"),s=t(c,n.config.changesDir??e,".state.json"),r=await i(s,"utf8"),o=JSON.parse(r);Array.isArray(o.stagedIds)&&o.stagedIds.length>0&&a.push({message:`Found ${o.stagedIds.length} legacy stage id(s) in .state.json#stagedIds: ${o.stagedIds.join(", ")}. The new registry lives in .vis/release/staged.json. Approve / reject these via npmjs.com or \`vis release stage approve <id>\` to avoid losing them.`,name:"publish-stage.legacy-stagedIds",severity:"warn",status:"fail"})}catch{}{const e=n.packages.filter(i=>n.perPackageConfig.get(i.name)?.versionActions==="shell");for(const i of e){const t=n.perPackageConfig.get(i.name)??{},s=n.config.allowCustomCommands,r=s===!0||Array.isArray(s)&&s.includes(i.name),o=t.publishCommand!==void 0&&t.publishCommand!=="";r||a.push({message:`${i.name} uses versionActions: "shell" but release.allowCustomCommands does not permit it. Set allowCustomCommands: true or include "${i.name}" in the array.`,name:`shell-actions.${i.name}.trust-gate`,severity:"error",status:"fail"}),o?r&&a.push({message:`${i.name} → shell publish (${Array.isArray(t.publishCommand)?`${t.publishCommand.length} commands`:"1 command"}).`,name:`shell-actions.${i.name}`,severity:"info",status:"pass"}):a.push({message:`${i.name} uses versionActions: "shell" but no publishCommand is configured. Set release.packages["${i.name}"].publishCommand.`,name:`shell-actions.${i.name}.publish-command`,severity:"error",status:"fail"})}}if(!n.config.gitUser)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=e(),t=await i.run("git",["config","user.name"],{cwd:c,silent:!0}),s=await i.run("git",["config","user.email"],{cwd:c,silent:!0}),r=t.exitCode===0&&t.stdout.trim().length>0,o=s.exitCode===0&&s.stdout.trim().length>0;!r||!o?a.push({message:`git config user.name/user.email is not set (name=${r?"ok":"missing"}, email=${o?"ok":"missing"}). vis auto-commits staged.json and version bumps — these will fail without an identity. Set release.gitUser in vis.config.ts or configure git globally.`,name:"git.identity",severity:"warn",status:"fail"}):a.push({message:`git identity: ${t.stdout.trim()} <${s.stdout.trim()}>.`,name:"git.identity",severity:"info",status:"pass"})}catch{}if(n.config.signing){const{signing:e}=n.config;try{const{createShellRunner:i}=await import("./shell-runner.js"),t=i(),s=await t.run("git",["config","user.signingkey"],{cwd:c,silent:!0}),r=await t.run("git",["config","gpg.format"],{cwd:c,silent:!0}),o=s.exitCode===0?s.stdout.trim():"",g=r.exitCode===0?r.stdout.trim():"",l=o.length>0||!!e.key;if(e.mode==="ssh")g!=="ssh"||!l?a.push({message:`release.signing.mode is "ssh" but git config is incomplete (gpg.format=${g||"<unset>"}, user.signingkey=${l?"ok":"missing"}). Run \`git config gpg.format ssh\` and \`git config user.signingkey <path-to-key>\` before releasing.`,name:"git.signing",severity:"warn",status:"fail"}):a.push({message:"git signing: ssh mode active (gpg.format=ssh, signingkey configured).",name:"git.signing",severity:"info",status:"pass"});else if(e.mode==="sigstore"){const{gitsignAvailable:p}=await import("./git.js");await p({cwd:c,runner:t})?a.push({message:"git signing: sigstore mode (preview); gitsign is on PATH.",name:"git.signing",severity:"info",status:"pass"}):a.push({message:'release.signing.mode is "sigstore" (preview) but gitsign is not on PATH. Tags will fall back to GPG signing with a warning. Install gitsign: https://github.com/sigstore/gitsign',name:"git.signing",severity:"warn",status:"fail"})}else if(l){const p=e.key?/[\\/]/.test(e.key)||/\.(?:pem|gpg|key|asc|p12|pfx)$/i.test(e.key)||e.key.length<8?"configured":`…${e.key.slice(-4)}`:"from git config";a.push({message:`git signing: gpg mode active (key: ${p}).`,name:"git.signing",severity:"info",status:"pass"})}else a.push({message:'release.signing.mode is "gpg" but neither release.signing.key nor git config user.signingkey is set. Configure one before releasing.',name:"git.signing",severity:"warn",status:"fail"})}catch(i){a.push({message:`Could not verify git signing config: ${i.message}.`,name:"git.signing",severity:"warn",status:"skip"})}}if(n.config.floatingMajorTag===!0&&n.config.signing?.mode==="sigstore"&&a.push({message:`release.floatingMajorTag and release.signing.mode="sigstore" are both enabled. The floating-tag retarget force-pushes <unscoped-name>-v<major> (e.g. acme-action-v1) on every release, which appends a new sigstore transparency-log entry to Rekor each time (Rekor is append-only — entries are never removed). Over a long-lived major you'll accumulate one log entry per release. Consider either dropping floatingMajorTag (and pin consumers to a specific tag) or switching to gpg/ssh signing if the Rekor footprint matters for your project.`,name:"floating-major-tag.signing-risk",severity:"warn",status:"fail"}),n.config.floatingMajorTag===!0)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=await e().run("git",["tag","--list","v*"],{cwd:c,silent:!0});if(i.exitCode===0){const t=i.stdout.split(`
3
+ `).map(s=>s.trim()).filter(s=>/^v\d+$/.test(s));if(t.length===0)a.push({message:"No legacy `v<major>` tags found; floating-tag migration is clean.",name:"floating-major-tag.legacy-tags",severity:"info",status:"pass"});else{const s=t.slice(0,5),r=t.length>5?` (+${t.length-5} more)`:"",o=t[0],g=o.slice(1);a.push({message:`Legacy floating-major tags detected (${s.join(", ")}${r}). After upgrading the floating-tag format to \`<safe-name>-v<major>\`, these legacy tags are no longer updated. Consumers pinning \`<repo>@${o}\` will silently freeze at the pre-upgrade commit. Migration:
4
+ 1. Re-tag the legacy tag to point at the new floating tag:
5
+ git tag -f ${o} <safe-name>-v${g}
6
+ git push --force origin ${o}
7
+ 2. Or sunset the legacy tag and announce the new pin to consumers.`,name:"floating-major-tag.legacy-tags",severity:"warn",status:"fail"})}}else a.push({message:`Skipped: \`git tag --list "v*"\` exited ${i.exitCode}.`,name:"floating-major-tag.legacy-tags",severity:"info",status:"skip"})}catch(e){a.push({message:`Skipped: could not list git tags: ${e.message}.`,name:"floating-major-tag.legacy-tags",severity:"info",status:"skip"})}if(m.firstRelease===!0){const e=[];try{const{createShellRunner:i}=await import("./shell-runner.js"),t=i(),s=new Set,r=n.config.releaseTagPattern??"{name}@{version}";s.add(r);for(const o of n.packages){const g=n.perPackageConfig.get(o.name)?.releaseTagPattern??r;s.add(g)}for(const o of s){const g=o.replaceAll(/\{(?:name|unscopedName|version|major|minor|patch|date|channel)\}/g,()=>"*"),l=await t.run("git",["tag","--list",g],{cwd:c,silent:!0});if(l.exitCode!==0)continue;const p=l.stdout.split(`
8
+ `).map(v=>v.trim()).filter(Boolean);p.length>0&&e.push(`Found ${p.length} git tag(s) matching "${o}": ${p.slice(0,5).join(", ")}${p.length>5?` (+${p.length-5} more)`:""}.`)}}catch(i){e.push(`Could not scan git tags: ${i.message}.`)}try{const{resolveVersionActionsId:i}=await import("./orchestrator.js").then(s=>s.w),{createVersionActions:t}=await import("../packem_shared/createVersionActions-BK43SNDH.js");for(const s of n.packages){const r=n.perPackageConfig.get(s.name),o=i(s,r??{});let g;try{g=t(o)}catch{continue}let l;try{l=await g.readPublishedVersion.call(g,{perPackageConfig:r,pkg:s,pm:n.pm})}catch{continue}l&&l.length>0&&e.push(`${s.name} is already published at version ${l}.`)}}catch(i){e.push(`Could not probe published versions: ${i.message}.`)}e.length>0?a.push({message:`--first-release is set but the workspace is NOT greenfield: ${e.join(" ")} Remove --first-release and run a normal release, or roll back the existing tags / unpublish before bootstrapping.`,name:"first-release.repo-not-greenfield",severity:"error",status:"fail"}):a.push({message:"Workspace looks greenfield (no matching release tags, no published versions detected). Safe to use --first-release.",name:"first-release.repo-not-greenfield",severity:"info",status:"pass"})}if(n.config.gitlabHost){const{detectRemoteProvider:e}=await import("./detect2.js"),{createShellRunner:i}=await import("./shell-runner.js"),t=await e(c,i(),n.config.provider);t==="gitlab"?a.push({message:`Self-hosted GitLab host configured: ${n.config.gitlabHost}.`,name:"gitlab-host",severity:"info",status:"pass"}):a.push({message:`release.gitlabHost is set ("${n.config.gitlabHost}") but the resolved provider is "${t}". The host will be ignored. Either set release.provider: "gitlab" or remove gitlabHost.`,name:"gitlab-host",severity:"warn",status:"fail"})}if(n.config.githubHost){const{detectRemoteProvider:e}=await import("./detect2.js"),{createShellRunner:i}=await import("./shell-runner.js"),t=await e(c,i(),n.config.provider);t==="github"?await import("node:child_process").then(({execSync:s})=>{try{return s("gh --version",{stdio:"ignore"}),!0}catch{return!1}})?a.push({message:`Self-hosted GitHub Enterprise host configured: ${n.config.githubHost}.`,name:"github-host",severity:"info",status:"pass"}):a.push({message:`release.githubHost is set ("${n.config.githubHost}") but the gh CLI is not on PATH. Install gh and run \`gh auth login --hostname ${n.config.githubHost}\` before releasing.`,name:"github-host",severity:"error",status:"fail"}):a.push({message:`release.githubHost is set ("${n.config.githubHost}") but the resolved provider is "${t}". The host will be ignored. Either set release.provider: "github" or remove githubHost.`,name:"github-host",severity:"warn",status:"fail"})}{const e=await import("node:fs/promises"),i=await import("node:path");let t;for(const s of n.packages){const r=n.perPackageConfig.get(s.name);if(r){if(r.uvLockPath){const o=i.isAbsolute(r.uvLockPath)?r.uvLockPath:i.join(s.dir,r.uvLockPath);try{await e.access(o),a.push({message:`uv.lock present at ${o}.`,name:`uv-lockfile/${s.name}`,severity:"info",status:"pass"})}catch{a.push({message:`${s.name}: configured uvLockPath "${r.uvLockPath}" doesn't exist (expected ${o}). Run \`uv lock\` to generate it, or remove uvLockPath if the lockfile lives elsewhere.`,name:`uv-lockfile/${s.name}`,severity:"warn",status:"fail"})}}if(r.uvWorkspace?.root){const o=i.resolve(s.dir,r.uvWorkspace.root),g=i.relative(o,s.dir).replaceAll("\\","/");switch(t||({checkUvWorkspaceMembership:t}=await import("./registry.js").then(l=>l.g)),await t(o,g)){case"member":{a.push({message:`${s.name} is a member of the uv workspace rooted at ${o}.`,name:`uv-workspace/${s.name}`,severity:"info",status:"pass"});break}case"no-root-pyproject":{a.push({message:`${s.name}: uvWorkspace.root points at ${o} but no pyproject.toml was found there. Verify the path is correct.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"});break}case"no-workspace":{a.push({message:`${s.name}: uvWorkspace.root points at ${o} but that pyproject.toml has no [tool.uv.workspace] block. Add one with a "members" list, or drop the uvWorkspace setting.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"});break}default:a.push({message:`${s.name}: uv workspace root at ${o} has [tool.uv.workspace] but its "members" list doesn't include "${g}". Add the package to members or correct uvWorkspace.root.`,name:`uv-workspace/${s.name}`,severity:"warn",status:"fail"})}}}}}const{execFileSync:w}=await import("node:child_process"),k=(e,i)=>{const t=e.split(".").map(r=>Number.parseInt(r,10)),s=i.split(".").map(r=>Number.parseInt(r,10));for(const[r,o]of s.entries()){const g=t[r]??0;if(g!==(o??0))return g>(o??0)}return!0};{const e=process.versions.node,[i=0,t=0]=e.split(".").map(r=>Number.parseInt(r,10)),s=i===22&&t>=14||i>=24||i===23;a.push({message:`node@${e} (min: 22.14.0 || >=24.10.0)`,name:"node-version",severity:s?"info":"error",status:s?"pass":"fail"})}for(const[e,i,t]of[["git","2.31","git-version"],["gh","2.40","gh-version"]])try{const s=w(e,["--version"],{stdio:["ignore","pipe","ignore"]}).toString(),r=/(\d+\.\d+\.\d+)/.exec(s);if(!r)continue;const o=k(r[1],i);a.push({message:`${e}@${r[1]} (min: ${i})`,name:t,severity:o?"info":e==="git"?"error":"warn",status:o?"pass":"fail"})}catch{}{const e=new Set([n.config.publish?.registry??"https://registry.npmjs.org"]);for(const i of n.packages){const t=n.perPackageConfig.get(i.name)?.registry;t&&e.add(t)}for(const i of e)try{const t=i.replace(/\/+$/,""),s=await fetch(`${t}/-/ping`,{method:"HEAD",signal:AbortSignal.timeout(3e3)});a.push({message:`${i} reachable (HTTP ${s.status}).`,name:"registry-reachable",severity:s.ok||s.status===404?"info":"warn",status:"pass"})}catch(t){a.push({message:`${i} not reachable: ${t.message}. Publishing may fail (or you're offline — this is a warning).`,name:"registry-reachable",severity:"warn",status:"fail"})}}try{const e=w("git",["tag","--list"],{cwd:c,stdio:["ignore","pipe","ignore"]}).toString().split(/\r?\n/).map(s=>s.trim()).filter(Boolean),i=/(?:^|@)\d+\.\d+\.\d+(?:[-+].+)?$/,t=e.filter(s=>!i.test(s)&&!/^v?\d+\.\d+\.\d+/.test(s));a.push({message:e.length===0?"No git tags yet (fresh repo).":`${e.length-t.length}/${e.length} tags parse as a release tag${t.length>0?` (unrecognised: ${t.slice(0,3).join(", ")}${t.length>3?"…":""})`:""}.`,name:"tags-parseable",severity:"warn",status:t.length>0?"fail":"pass"})}catch{}{const{readFile:e}=await import("node:fs/promises"),i=await import("node:path");let t=0,s=0;for(const r of n.packages)try{const o=await e(i.join(r.dir,"CHANGELOG.md"),"utf8");s+=1,/^#{1,2}\s/m.test(o)&&(t+=1)}catch{}s>0&&a.push({message:`${t}/${s} existing CHANGELOG.md file(s) have a recognised heading structure.`,name:"changelog-format",severity:"info",status:t===s?"pass":"fail"})}try{const e=await n.pm.readCatalogYaml(c);if(e){const{parseCatalogs:i}=await import("./registry.js").then(r=>r.f),t=i(e),s=[];for(const r of n.packages)for(const o of["dependencies","devDependencies","peerDependencies","optionalDependencies"]){const g=r.manifest[o];if(!(!g||typeof g!="object"))for(const[l,p]of Object.entries(g)){if(typeof p!="string"||!p.startsWith("catalog:"))continue;const v=p.slice(8)||"default";(v==="default"?t.default?.[l]:t.named?.[v]?.[l])||s.push(`${r.name} → ${l} (${p})`)}}a.push({message:s.length===0?"All catalog: references resolve against pnpm-workspace.yaml.":`${s.length} catalog: reference(s) don't resolve: ${s.slice(0,3).join("; ")}${s.length>3?"…":""}`,name:"catalog-consistency",severity:"warn",status:s.length===0?"pass":"fail"})}}catch{}await $(u,m,a);const C=a.some(e=>e.severity==="error"&&e.status==="fail");process.exitCode=C?1:0},$=async(u,m,h)=>{if(m.json){process.stdout.write(`${JSON.stringify({checks:h},null,2)}
9
+ `);return}for(const c of h){const a=`${c.status==="pass"?"✓":c.status==="fail"?"✗":"—"} [${c.severity}] ${c.name}: ${c.message}`;c.severity==="error"&&c.status==="fail"?u.error(a):c.severity==="warn"&&c.status==="fail"?u.warn(a):u.info(a)}};export{A as default};