@visulima/vis 1.0.0-alpha.41 → 1.0.0-alpha.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. package/CHANGELOG.md +41 -0
  2. package/LICENSE.md +265 -35
  3. package/dist/bin.js +1 -1
  4. package/dist/binx.js +2 -2
  5. package/dist/config/index.d.ts +1 -1
  6. package/dist/config/index.js +1 -1
  7. package/dist/packem_chunks/CONFIG_FILES.js +8 -0
  8. package/dist/packem_chunks/bloom-status.js +1 -1
  9. package/dist/packem_chunks/bloom-sync.js +1 -1
  10. package/dist/packem_chunks/catalog.js +113 -0
  11. package/dist/packem_chunks/cli-exec.js +1 -0
  12. package/dist/packem_chunks/cli-main.js +1068 -0
  13. package/dist/packem_chunks/detect.js +3 -3
  14. package/dist/packem_chunks/devtools.js +1 -78
  15. package/dist/packem_chunks/dispatch.js +4 -0
  16. package/dist/packem_chunks/doctor-probe.js +1 -1
  17. package/dist/packem_chunks/fix.js +1 -1
  18. package/dist/packem_chunks/handler.js +1 -1
  19. package/dist/packem_chunks/handler10.js +5 -1
  20. package/dist/packem_chunks/handler11.js +1 -5
  21. package/dist/packem_chunks/handler12.js +27 -1
  22. package/dist/packem_chunks/handler13.js +5 -27
  23. package/dist/packem_chunks/handler14.js +1 -5
  24. package/dist/packem_chunks/handler15.js +1 -1
  25. package/dist/packem_chunks/handler16.js +1 -1
  26. package/dist/packem_chunks/handler17.js +1 -1
  27. package/dist/packem_chunks/handler18.js +1 -1
  28. package/dist/packem_chunks/handler19.js +5 -1
  29. package/dist/packem_chunks/handler2.js +1 -4
  30. package/dist/packem_chunks/handler20.js +2 -5
  31. package/dist/packem_chunks/handler21.js +2 -2
  32. package/dist/packem_chunks/handler22.js +5 -2
  33. package/dist/packem_chunks/handler23.js +1 -1
  34. package/dist/packem_chunks/handler24.js +1 -1
  35. package/dist/packem_chunks/handler25.js +1 -1
  36. package/dist/packem_chunks/handler26.js +1 -1
  37. package/dist/packem_chunks/handler27.js +1 -1
  38. package/dist/packem_chunks/handler28.js +1 -1
  39. package/dist/packem_chunks/handler29.js +1 -1
  40. package/dist/packem_chunks/handler3.js +4 -4
  41. package/dist/packem_chunks/handler30.js +1 -1
  42. package/dist/packem_chunks/handler33.js +1 -1
  43. package/dist/packem_chunks/handler4.js +4 -6
  44. package/dist/packem_chunks/handler40.js +1 -1
  45. package/dist/packem_chunks/handler5.js +6 -8
  46. package/dist/packem_chunks/handler50.js +5 -5
  47. package/dist/packem_chunks/handler51.js +5 -5
  48. package/dist/packem_chunks/handler52.js +1 -1
  49. package/dist/packem_chunks/handler53.js +1 -1
  50. package/dist/packem_chunks/handler54.js +1 -1
  51. package/dist/packem_chunks/handler55.js +1 -1
  52. package/dist/packem_chunks/handler56.js +1 -1
  53. package/dist/packem_chunks/handler57.js +5 -7
  54. package/dist/packem_chunks/handler58.js +11 -5
  55. package/dist/packem_chunks/handler59.js +3 -11
  56. package/dist/packem_chunks/handler6.js +8 -1
  57. package/dist/packem_chunks/handler60.js +22 -3
  58. package/dist/packem_chunks/handler61.js +60 -21
  59. package/dist/packem_chunks/handler62.js +3 -61
  60. package/dist/packem_chunks/handler63.js +6 -3
  61. package/dist/packem_chunks/handler64.js +9 -6
  62. package/dist/packem_chunks/handler65.js +2 -708
  63. package/dist/packem_chunks/handler66.js +10 -10
  64. package/dist/packem_chunks/handler67.js +5 -5
  65. package/dist/packem_chunks/handler68.js +1 -1
  66. package/dist/packem_chunks/handler69.js +5 -5
  67. package/dist/packem_chunks/handler7.js +1 -1
  68. package/dist/packem_chunks/handler70.js +7 -7
  69. package/dist/packem_chunks/handler71.js +15 -15
  70. package/dist/packem_chunks/handler72.js +708 -48
  71. package/dist/packem_chunks/handler73.js +48 -27
  72. package/dist/packem_chunks/handler74.js +27 -3
  73. package/dist/packem_chunks/handler75.js +3 -190
  74. package/dist/packem_chunks/handler76.js +189 -37
  75. package/dist/packem_chunks/handler77.js +38 -0
  76. package/dist/packem_chunks/handler8.js +1 -1
  77. package/dist/packem_chunks/handler9.js +1 -1
  78. package/dist/packem_chunks/heal-accept.js +1 -1
  79. package/dist/packem_chunks/heal.js +1 -1
  80. package/dist/packem_chunks/help-command.js +4 -4
  81. package/dist/packem_chunks/index2.js +2 -2
  82. package/dist/packem_chunks/index3.js +135 -0
  83. package/dist/packem_chunks/index4.js +74 -0
  84. package/dist/packem_chunks/keys-refresh.js +1 -1
  85. package/dist/packem_chunks/lean.js +4 -0
  86. package/dist/packem_chunks/list.js +1 -1
  87. package/dist/packem_chunks/loader.js +1 -1
  88. package/dist/packem_chunks/loader2.js +1 -1
  89. package/dist/packem_chunks/orchestrator.js +19 -19
  90. package/dist/packem_chunks/prompts.js +1 -1
  91. package/dist/packem_chunks/prune.js +1 -1
  92. package/dist/packem_chunks/registry.js +2 -2
  93. package/dist/packem_chunks/run.js +1 -1
  94. package/dist/packem_chunks/shell-runner.js +1 -1
  95. package/dist/packem_chunks/status.js +1 -1
  96. package/dist/packem_chunks/sync.js +1 -1
  97. package/dist/packem_chunks/sync2.js +1 -1
  98. package/dist/packem_chunks/tar.js +1 -1
  99. package/dist/packem_chunks/tripwire.js +1 -1
  100. package/dist/packem_chunks/ts-loader.js +2 -0
  101. package/dist/packem_chunks/verify-lockfile.js +1 -1
  102. package/dist/packem_chunks/version-resolver.js +2 -2
  103. package/dist/packem_shared/{Table-CcVkyULl-B_ef6zfS.js → Table-CcVkyULl-DLWu6XHL.js} +25 -26
  104. package/dist/packem_shared/{advisories-DLeO5KMN.js → advisories-CefYKEPe.js} +1 -1
  105. package/dist/packem_shared/{affected-shas-cVnX8-zs.js → affected-shas-C1XuRlvo.js} +1 -1
  106. package/dist/packem_shared/{ai-analysis-BUeX2J2H.js → ai-analysis-Co-b15d_.js} +7 -7
  107. package/dist/packem_shared/{ai-fix-9Vzlp6XU.js → ai-fix-DnJDgPN-.js} +9 -9
  108. package/dist/packem_shared/augment-8fIWWGSc.js +3 -0
  109. package/dist/packem_shared/bin-DDq2oszw.js +1 -0
  110. package/dist/packem_shared/build-scripts-Doxce2VM.js +1 -0
  111. package/dist/packem_shared/command-runtime-RiCMa2C8.js +1 -0
  112. package/dist/packem_shared/compile-cache-B_Vf_WxT.js +3 -0
  113. package/dist/packem_shared/{cyclonedx-Cadls41z.js → cyclonedx-BTBzGCBW.js} +1 -1
  114. package/dist/packem_shared/dependency-scan-DEv-scN6.js +1 -0
  115. package/dist/packem_shared/{docker-BMLrNtWm.js → docker-DKlF-gk3.js} +1 -1
  116. package/dist/packem_shared/env-XJzocuUP.js +27 -0
  117. package/dist/packem_shared/failure-log-Sp1j-5qo.js +2 -0
  118. package/dist/packem_shared/{giget-DHY1sQZC.js → giget-DVTFJlbR.js} +2 -2
  119. package/dist/packem_shared/glob-fqg4KepW-7Bs2kZuM.js +1 -0
  120. package/dist/packem_shared/index-B0EsgdzO.js +1 -0
  121. package/dist/packem_shared/{index-DGSsjmpV.js → index-Cg0IHaFI.js} +1 -1
  122. package/dist/packem_shared/index-CkZnT2Fe.js +1 -0
  123. package/dist/packem_shared/index-DJAnbLEh.js +28 -0
  124. package/dist/packem_shared/index-DjTWo3sH.js +1 -0
  125. package/dist/packem_shared/{index-BDmTbWX1.js → index-OQZQyN5R.js} +1 -1
  126. package/dist/packem_shared/index.server-J83sowC4.js +2 -0
  127. package/dist/packem_shared/{lifecycle-4z9hHE5b.js → lifecycle-C4nRsXxc.js} +2 -2
  128. package/dist/packem_shared/{lockfile-C8Q1_4KK.js → lockfile-DIGyLfmF.js} +1 -1
  129. package/dist/packem_shared/main-B3juSU5z.js +1 -0
  130. package/dist/packem_shared/manifests-pLwnVmCN.js +1 -0
  131. package/dist/packem_shared/{min-release-age-D1alDE3K.js → min-release-age-B23Mr7NO.js} +3 -3
  132. package/dist/packem_shared/missing-package-json-DdMNbe_j.js +1 -0
  133. package/dist/packem_shared/{native-config-sync-BEkJW7g3.js → native-config-sync-4K9wWTj5.js} +1 -1
  134. package/dist/packem_shared/{osv-bloom-B03tUWf3.js → osv-bloom-BsQ-aFiM.js} +1 -1
  135. package/dist/packem_shared/packument-QjOLAMSk.js +1 -0
  136. package/dist/packem_shared/{pm-runner-BKZQo7Ts.js → pm-runner-CIH0wPh-.js} +1 -1
  137. package/dist/packem_shared/prompt-DjXHVgYU.js +1 -0
  138. package/dist/packem_shared/provenance-CilBg0Ee.js +1 -0
  139. package/dist/packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js +4 -0
  140. package/dist/packem_shared/registry-keys-BEavOCPz.js +1 -0
  141. package/dist/packem_shared/resolve-explicit-C4o8_-SE.js +5 -0
  142. package/dist/packem_shared/resolve-runtime-CJSWV-K8.js +1 -0
  143. package/dist/packem_shared/run-file-B4TqKa0X.js +1 -0
  144. package/dist/packem_shared/runtime-check-0lUJvgKt.js +1 -0
  145. package/dist/packem_shared/runtime-process-Dmz0vCJy-DUwTvH1J.js +1 -0
  146. package/dist/packem_shared/s1ngularity-DuG-LLaX.js +1 -0
  147. package/dist/packem_shared/scan-progress-RTMsE3Z4.js +2 -0
  148. package/dist/packem_shared/{selectors-GCJIe342.js → selectors-UmnAuc26.js} +1 -1
  149. package/dist/packem_shared/{signatures-Xpd6HjG_.js → signatures-CYheSqd3.js} +2 -2
  150. package/dist/packem_shared/spinner-DuJJvFTl.js +1 -0
  151. package/dist/packem_shared/tabs-CgxCvjCY.js +1 -0
  152. package/dist/packem_shared/target-merge-DOm6h6tW.js +11 -0
  153. package/dist/packem_shared/target-options-ChWcK60i.js +1 -0
  154. package/dist/packem_shared/toolchain-DyCKnGch.js +5 -0
  155. package/dist/packem_shared/typosquats-hCtH-23t.js +1 -0
  156. package/dist/packem_shared/use-measured-height-BKUjhm_3.js +1 -0
  157. package/dist/packem_shared/verify-CVPYlUrF.js +1 -0
  158. package/dist/packem_shared/vis-update-app-K-qATSeh.js +1 -0
  159. package/dist/packem_shared/watch-Bkp_AAbc.js +1 -0
  160. package/dist/packem_shared/watch-loop-WE7nWIEt.js +11 -0
  161. package/dist/packem_shared/window-ops-DDePlWLV.js +2 -0
  162. package/dist/runtime/preload.d.ts +1 -0
  163. package/dist/runtime/preload.js +1 -0
  164. package/index.d.ts +215 -201
  165. package/index.js +54 -53
  166. package/package.json +18 -27
  167. package/dist/packem_chunks/bin.js +0 -1198
  168. package/dist/packem_chunks/config.js +0 -21
  169. package/dist/packem_shared/CONFIG_FILES-BfaR0jKT.js +0 -1
  170. package/dist/packem_shared/build-scripts-CCCi8U66.js +0 -1
  171. package/dist/packem_shared/command-runtime-CR70qSUM.js +0 -1
  172. package/dist/packem_shared/dependency-scan-DnTgYleU.js +0 -1
  173. package/dist/packem_shared/failure-log-CEWP3bP0.js +0 -2
  174. package/dist/packem_shared/glob-fqg4KepW-B7EjLRvw.js +0 -1
  175. package/dist/packem_shared/index-3jMNqQom.js +0 -1
  176. package/dist/packem_shared/index-Bt521H5J.js +0 -30
  177. package/dist/packem_shared/manifests-Dj3pRKBT.js +0 -1
  178. package/dist/packem_shared/missing-package-json-8vNHwbqw.js +0 -1
  179. package/dist/packem_shared/provenance-BFEwKgI3.js +0 -1
  180. package/dist/packem_shared/registry-keys-BfFto6vI.js +0 -1
  181. package/dist/packem_shared/resolve-explicit-C6WM-I2u.js +0 -5
  182. package/dist/packem_shared/runtime-check-Stc9AI78.js +0 -1
  183. package/dist/packem_shared/s1ngularity-DCPmPE5M.js +0 -1
  184. package/dist/packem_shared/scan-progress-CFhc0CMj.js +0 -2
  185. package/dist/packem_shared/spinner-CV3WVJLv.js +0 -1
  186. package/dist/packem_shared/tabs-BuTy5gPV.js +0 -1
  187. package/dist/packem_shared/toolchain-pR7AJ-tB.js +0 -5
  188. package/dist/packem_shared/typosquats-DN78xx1x.js +0 -1
  189. package/dist/packem_shared/use-measured-height-_eVGWtWt.js +0 -1
  190. package/dist/packem_shared/verify-6WCmFmy8.js +0 -1
  191. package/dist/packem_shared/vis-update-app-k3fDxech.js +0 -1
  192. package/dist/packem_shared/watch-BvIwLG4N.js +0 -1
  193. package/dist/packem_shared/watch-loop-DWkvv2tK.js +0 -11
@@ -0,0 +1,74 @@
1
+ /*!
2
+ * Copyright (c) Squirrel Chat et al., All rights reserved.
3
+ * SPDX-License-Identifier: BSD-3-Clause
4
+ *
5
+ * Redistribution and use in source and binary forms, with or without
6
+ * modification, are permitted provided that the following conditions are met:
7
+ *
8
+ * 1. Redistributions of source code must retain the above copyright notice, this
9
+ * list of conditions and the following disclaimer.
10
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
11
+ * this list of conditions and the following disclaimer in the
12
+ * documentation and/or other materials provided with the distribution.
13
+ * 3. Neither the name of the copyright holder nor the names of its contributors
14
+ * may be used to endorse or promote products derived from this software without
15
+ * specific prior written permission.
16
+ *
17
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
18
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
21
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
24
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
+ */function T(e,t){let r=e.slice(0,t).split(/\r\n|\n|\r/g);return[r.length,r.pop().length+1]}function A(e,t,r){let l=e.split(/\r\n|\n|\r/g),o="",i=(Math.log10(t+1)|0)+1;for(let n=t-1;n<=t+1;n++){let s=l[n-1];s&&(o+=n.toString().padEnd(i," "),o+=": ",o+=s,o+=`
28
+ `,n===t&&(o+=" ".repeat(i+r+2),o+=`^
29
+ `))}return o}class u extends Error{line;column;codeblock;constructor(t,r){const[l,o]=T(r.toml,r.ptr),i=A(r.toml,l,o);super(`Invalid TOML document: ${t}
30
+
31
+ ${i}`,r),this.line=l,this.column=o,this.codeblock=i}}function I(e,t){let r=0;for(;e[t-++r]==="\\";);return--r&&r%2}function m(e,t=0,r=e.length){let l=e.indexOf(`
32
+ `,t);return e[l-1]==="\r"&&l--,l<=r?l:-1}function p(e,t){for(let r=t;r<e.length;r++){let l=e[r];if(l===`
33
+ `)return r;if(l==="\r"&&e[r+1]===`
34
+ `)return r+1;if(l<" "&&l!==" "||l==="")throw new u("control characters are not allowed in comments",{toml:e,ptr:t})}return e.length}function d(e,t,r,l){let o;for(;;){for(;(o=e[t])===" "||o===" "||!r&&(o===`
35
+ `||o==="\r"&&e[t+1]===`
36
+ `);)t++;if(l||o!=="#")break;t=p(e,t)}return t}function $(e,t,r,l,o=!1){if(!l)return t=m(e,t),t<0?e.length:t;for(let i=t;i<e.length;i++){let n=e[i];if(n==="#")i=m(e,i);else{if(n===r)return i+1;if(n===l||o&&(n===`
37
+ `||n==="\r"&&e[i+1]===`
38
+ `))return i}}throw new u("cannot find end of structure",{toml:e,ptr:t})}function O(e,t){let r=e[t],l=r===e[t+1]&&e[t+1]===e[t+2]?e.slice(t,t+3):r;t+=l.length-1;do t=e.indexOf(l,++t);while(t>-1&&r!=="'"&&I(e,t));return t>-1&&(t+=l.length,l.length>1&&(e[t]===r&&t++,e[t]===r&&t++)),t}/*!
39
+ * Copyright (c) Squirrel Chat et al., All rights reserved.
40
+ * SPDX-License-Identifier: BSD-3-Clause
41
+ *
42
+ * Redistribution and use in source and binary forms, with or without
43
+ * modification, are permitted provided that the following conditions are met:
44
+ *
45
+ * 1. Redistributions of source code must retain the above copyright notice, this
46
+ * list of conditions and the following disclaimer.
47
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
48
+ * this list of conditions and the following disclaimer in the
49
+ * documentation and/or other materials provided with the distribution.
50
+ * 3. Neither the name of the copyright holder nor the names of its contributors
51
+ * may be used to endorse or promote products derived from this software without
52
+ * specific prior written permission.
53
+ *
54
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
55
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
56
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
57
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
58
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
60
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
61
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
62
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
63
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64
+ */let E=/^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}(?::\d{2}(?:\.\d+)?)?)?(Z|[-+]\d{2}:\d{2})?$/i;class h extends Date{#t=!1;#r=!1;#e=null;constructor(t){let r=!0,l=!0,o="Z";if(typeof t=="string"){let i=t.match(E);i?(i[1]||(r=!1,t=`0000-01-01T${t}`),l=!!i[2],l&&t[10]===" "&&(t=t.replace(" ","T")),i[2]&&+i[2]>23?t="":(o=i[3]||null,t=t.toUpperCase(),!o&&l&&(t+="Z"))):t=""}super(t),isNaN(this.getTime())||(this.#t=r,this.#r=l,this.#e=o)}isDateTime(){return this.#t&&this.#r}isLocal(){return!this.#t||!this.#r||!this.#e}isDate(){return this.#t&&!this.#r}isTime(){return this.#r&&!this.#t}isValid(){return this.#t||this.#r}toISOString(){let t=super.toISOString();if(this.isDate())return t.slice(0,10);if(this.isTime())return t.slice(11,23);if(this.#e===null)return t.slice(0,-1);if(this.#e==="Z")return t;let r=+this.#e.slice(1,3)*60+ +this.#e.slice(4,6);return r=this.#e[0]==="-"?r:-r,new Date(this.getTime()-r*6e4).toISOString().slice(0,-1)+this.#e}static wrapAsOffsetDateTime(t,r="Z"){let l=new h(t);return l.#e=r,l}static wrapAsLocalDateTime(t){let r=new h(t);return r.#e=null,r}static wrapAsLocalDate(t){let r=new h(t);return r.#r=!1,r.#e=null,r}static wrapAsLocalTime(t){let r=new h(t);return r.#t=!1,r.#e=null,r}}let N=/^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\d(_?\d)*))$/,j=/^[+-]?\d(_?\d)*(\.\d(_?\d)*)?([eE][+-]?\d(_?\d)*)?$/,D=/^[+-]?0[0-9_]/,Z=/^[0-9a-f]{2,8}$/i,x={b:"\b",t:" ",n:`
65
+ `,f:"\f",r:"\r",e:"\x1B",'"':'"',"\\":"\\"};function k(e,t=0,r=e.length){let l=e[t]==="'",o=e[t++]===e[t]&&e[t]===e[t+1];o&&(r-=2,e[t+=2]==="\r"&&t++,e[t]===`
66
+ `&&t++);let i=0,n,s="",f=t;for(;t<r-1;){let a=e[t++];if(a===`
67
+ `||a==="\r"&&e[t]===`
68
+ `){if(!o)throw new u("newlines are not allowed in strings",{toml:e,ptr:t-1})}else if(a<" "&&a!==" "||a==="")throw new u("control characters are not allowed in strings",{toml:e,ptr:t-1});if(n){if(n=!1,a==="x"||a==="u"||a==="U"){let c=e.slice(t,t+=a==="x"?2:a==="u"?4:8);if(!Z.test(c))throw new u("invalid unicode escape",{toml:e,ptr:i});try{s+=String.fromCodePoint(parseInt(c,16))}catch{throw new u("invalid unicode escape",{toml:e,ptr:i})}}else if(o&&(a===`
69
+ `||a===" "||a===" "||a==="\r")){if(t=d(e,t-1,!0),e[t]!==`
70
+ `&&e[t]!=="\r")throw new u("invalid escape: only line-ending whitespace may be escaped",{toml:e,ptr:i});t=d(e,t)}else if(a in x)s+=x[a];else throw new u("unrecognized escape sequence",{toml:e,ptr:i});f=t}else!l&&a==="\\"&&(i=t-1,n=!0,s+=e.slice(f,i))}return s+e.slice(f,r-1)}function L(e,t,r,l){if(e==="true")return!0;if(e==="false")return!1;if(e==="-inf")return-1/0;if(e==="inf"||e==="+inf")return 1/0;if(e==="nan"||e==="+nan"||e==="-nan")return NaN;if(e==="-0")return l?0n:0;let o=N.test(e);if(o||j.test(e)){if(D.test(e))throw new u("leading zeroes are not allowed",{toml:t,ptr:r});e=e.replace(/_/g,"");let n=+e;if(isNaN(n))throw new u("invalid number",{toml:t,ptr:r});if(o){if((o=!Number.isSafeInteger(n))&&!l)throw new u("integer value cannot be represented losslessly",{toml:t,ptr:r});(o||l===!0)&&(n=BigInt(e))}return n}const i=new h(e);if(!i.isValid())throw new u("invalid value",{toml:t,ptr:r});return i}function V(e,t,r){let l=e.slice(t,r),o=l.indexOf("#");return o>-1&&(p(e,o),l=l.slice(0,o)),[l.trimEnd(),o]}function b(e,t,r,l,o){if(l===0)throw new u("document contains excessively nested structures. aborting.",{toml:e,ptr:t});let i=e[t];if(i==="["||i==="{"){let[f,a]=i==="["?B(e,t,l,o):z(e,t,l,o);if(r){if(a=d(e,a),e[a]===",")a++;else if(e[a]!==r)throw new u("expected comma or end of structure",{toml:e,ptr:a})}return[f,a]}let n;if(i==='"'||i==="'"){n=O(e,t);let f=k(e,t,n);if(r){if(n=d(e,n),e[n]&&e[n]!==","&&e[n]!==r&&e[n]!==`
71
+ `&&e[n]!=="\r")throw new u("unexpected character encountered",{toml:e,ptr:n});n+=+(e[n]===",")}return[f,n]}n=$(e,t,",",r);let s=V(e,t,n-+(e[n-1]===","));if(!s[0])throw new u("incomplete key-value declaration: no value specified",{toml:e,ptr:t});return r&&s[1]>-1&&(n=d(e,t+s[1]),n+=+(e[n]===",")),[L(s[0],e,t,o),n]}let P=/^[a-zA-Z0-9-_]+[ \t]*$/;function g(e,t,r="="){let l=t-1,o=[],i=e.indexOf(r,t);if(i<0)throw new u("incomplete key-value: cannot find end of key",{toml:e,ptr:t});do{let n=e[t=++l];if(n!==" "&&n!==" ")if(n==='"'||n==="'"){if(n===e[t+1]&&n===e[t+2])throw new u("multiline strings are not allowed in keys",{toml:e,ptr:t});let s=O(e,t);if(s<0)throw new u("unfinished string encountered",{toml:e,ptr:t});l=e.indexOf(".",s);let f=e.slice(s,l<0||l>i?i:l),a=m(f);if(a>-1)throw new u("newlines are not allowed in keys",{toml:e,ptr:t+l+a});if(f.trimStart())throw new u("found extra tokens after the string part",{toml:e,ptr:s});if(i<s&&(i=e.indexOf(r,s),i<0))throw new u("incomplete key-value: cannot find end of key",{toml:e,ptr:t});o.push(k(e,t,s))}else{l=e.indexOf(".",t);let s=e.slice(t,l<0||l>i?i:l);if(!P.test(s))throw new u("only letter, numbers, dashes and underscores are allowed in keys",{toml:e,ptr:t});o.push(s.trimEnd())}}while(l+1&&l<i);return[o,d(e,i+1,!0,!0)]}function z(e,t,r,l){let o={},i=new Set,n;for(t++;(n=e[t++])!=="}"&&n;){if(n===",")throw new u("expected value, found comma",{toml:e,ptr:t-1});if(n==="#")t=p(e,t);else if(n!==" "&&n!==" "&&n!==`
72
+ `&&n!=="\r"){let s,f=o,a=!1,[c,S]=g(e,t-1);for(let w=0;w<c.length;w++){if(w&&(f=a?f[s]:f[s]={}),s=c[w],(a=Object.hasOwn(f,s))&&(typeof f[s]!="object"||i.has(f[s])))throw new u("trying to redefine an already defined value",{toml:e,ptr:t});!a&&s==="__proto__"&&Object.defineProperty(f,s,{enumerable:!0,configurable:!0,writable:!0})}if(a)throw new u("trying to redefine an already defined value",{toml:e,ptr:t});let[y,_]=b(e,S,"}",r-1,l);i.add(y),f[s]=y,t=_}}if(!n)throw new u("unfinished table encountered",{toml:e,ptr:t});return[o,t]}function B(e,t,r,l){let o=[],i;for(t++;(i=e[t++])!=="]"&&i;){if(i===",")throw new u("expected value, found comma",{toml:e,ptr:t-1});if(i==="#")t=p(e,t);else if(i!==" "&&i!==" "&&i!==`
73
+ `&&i!=="\r"){let n=b(e,t-1,"]",r-1,l);o.push(n[0]),t=n[1]}}if(!i)throw new u("unfinished array encountered",{toml:e,ptr:t});return[o,t]}function v(e,t,r,l){let o=t,i=r,n,s=!1,f;for(let a=0;a<e.length;a++){if(a){if(o=s?o[n]:o[n]={},i=(f=i[n]).c,l===0&&(f.t===1||f.t===2))return null;if(f.t===2){let c=o.length-1;o=o[c],i=i[c].c}}if(n=e[a],(s=Object.hasOwn(o,n))&&i[n]?.t===0&&i[n]?.d)return null;s||(n==="__proto__"&&(Object.defineProperty(o,n,{enumerable:!0,configurable:!0,writable:!0}),Object.defineProperty(i,n,{enumerable:!0,configurable:!0,writable:!0})),i[n]={t:a<e.length-1&&l===2?3:l,d:!1,i:0,c:{}})}if(f=i[n],f.t!==l&&!(l===1&&f.t===3)||(l===2&&(f.d||(f.d=!0,o[n]=[]),o[n].push(o={}),f.c[f.i++]=f={t:1,d:!1,i:0,c:{}}),f.d))return null;if(f.d=!0,l===1)o=s?o[n]:o[n]={};else if(l===0&&s)return null;return[n,o,f.c]}function C(e,{maxDepth:t=1e3,integersAsBigInt:r}={}){let l={},o={},i=l,n=o;for(let s=d(e,0);s<e.length;){if(e[s]==="["){let f=e[++s]==="[",a=g(e,s+=+f,"]");if(f){if(e[a[1]-1]!=="]")throw new u("expected end of table declaration",{toml:e,ptr:a[1]-1});a[1]++}let c=v(a[0],l,o,f?2:1);if(!c)throw new u("trying to redefine an already defined table or value",{toml:e,ptr:s});n=c[2],i=c[1],s=a[1]}else{let f=g(e,s),a=v(f[0],i,n,0);if(!a)throw new u("trying to redefine an already defined table or value",{toml:e,ptr:s});let c=b(e,f[1],void 0,t,r);a[1][a[0]]=c[0],s=c[1]}if(s=d(e,s,!0),e[s]&&e[s]!==`
74
+ `&&e[s]!=="\r")throw new u("each key-value declaration must be followed by an end-of-line",{toml:e,ptr:s});s=d(e,s)}return l}export{h as TomlDate,u as TomlError,C as parse};
@@ -1,4 +1,4 @@
1
- import{p as r}from"./bin.js";import{c as i,f as a}from"../packem_shared/registry-keys-BfFto6vI.js";const n=async({options:s})=>{if(s.clear){const t=i();if(s.json){process.stdout.write(`${JSON.stringify({cleared:t,refetched:!1},void 0,2)}
1
+ import{p as r}from"./cli-main.js";import{c as i,f as a}from"../packem_shared/registry-keys-BEavOCPz.js";const n=async({options:s})=>{if(s.clear){const t=i();if(s.json){process.stdout.write(`${JSON.stringify({cleared:t,refetched:!1},void 0,2)}
2
2
  `);return}r.success(t?"Cleared cached npm signing keys.":"No cached npm signing keys to clear.");return}const e=await a({forceRefresh:!0});if(e===void 0){if(s.json){process.stdout.write(`${JSON.stringify({cleared:!1,error:"fetch-failed",refetched:!1},void 0,2)}
3
3
  `),process.exitCode=1;return}r.error("Failed to fetch npm signing keys (network error and no cached keys available)."),process.exitCode=1;return}if(s.json){process.stdout.write(`${JSON.stringify({cleared:!1,fromCache:e.fromCache,keyCount:e.keys.length,refetched:!e.fromCache,stale:e.stale??!1},void 0,2)}
4
4
  `);return}if(e.fromCache&&e.stale===!0){r.warn(`Network fetch failed — falling back to expired cache (${String(e.keys.length)} keys).`);return}r.success(`Refreshed npm signing keys (${String(e.keys.length)} keys).`)};export{n as default};
@@ -0,0 +1,4 @@
1
+ import{A as u,B as a}from"../packem_shared/index-OQZQyN5R.js";import{r as d}from"../packem_shared/resolve-runtime-CJSWV-K8.js";import{r as p}from"../packem_shared/run-file-B4TqKa0X.js";const m=i=>{let r,o;const s=[];for(let e=0;e<i.length;e+=1){const t=i[e];if(o===void 0){if(t==="--runtime"){r=i[e+1],e+=1;continue}if(t.startsWith("--runtime=")){r=t.slice(10);continue}o=t;continue}s.push(t)}return s[0]==="--"&&s.shift(),{file:o,runtimeFlag:r,scriptArguments:s}},v=async i=>{const{file:r,runtimeFlag:o,scriptArguments:s}=m(i);if(r===void 0){process.stderr.write(`No file specified. Usage: vis x <file> [args...]
2
+ `),process.exitCode=1;return}const e=process.cwd(),t=u(r)?r:a(e,r);let c;try{c=d(e,{flag:o})}catch(f){process.stderr.write(`${f.message}
3
+ `),process.exitCode=1;return}c.deferredNotice!==void 0&&process.stderr.write(`${c.deferredNotice}
4
+ `);const n=await p(t,s,c.runtime,e);n!==0&&(process.exitCode=n)};export{m as parseLeanXArgs,v as runLeanX};
@@ -1,3 +1,3 @@
1
- import{createRequire as _}from"node:module";import{ag as x,p as o,ah as B}from"./bin.js";import{w as R}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{W as V}from"../packem_shared/build-scripts-CCCi8U66.js";import{m as y,f as w}from"../packem_shared/index-BDmTbWX1.js";import{a as W}from"./config.js";const j=_(import.meta.url),v=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,D=c=>{if(typeof v<"u"&&v.versions&&v.versions.node){const[r,f]=v.versions.node.split(".").map(Number);if(r>22||r===22&&f>=3||r===20&&f>=16)return v.getBuiltinModule(c)}return j(c)},{readdirSync:S,statSync:M}=D("node:fs"),q=(c,r={})=>{const f=y(c,"node_modules");if(!w(f))return[];const l=new Map,p=new Set,$=(n,s,t)=>{const e=`${s}@${t}`;if(p.has(e))return;p.add(e);const i=t.startsWith(c)?t.slice(c.length+1):t;let u=l.get(n);u||(u=[],l.set(n,u)),u.some(b=>b.name===s)||u.push({name:s,relativePath:i})},d=(n,s="")=>{let t;try{t=S(n)}catch{return}for(const e of t){const i=y(n,e);if(e.startsWith("@")){d(i,`${e}/`);continue}if(e===".pnpm"&&s===""){let a;try{a=S(i)}catch{continue}for(const m of a){const h=y(i,m,"node_modules");w(h)&&d(h)}continue}if(e.startsWith("."))continue;const u=s+e,b=y(i,"package.json");try{if(!M(i).isDirectory()||!w(b))continue;const a=W(b),m=typeof a.name=="string"?a.name:u;if(typeof a.bin=="string"){const k=m.includes("/")?m.split("/").pop():m;$(k,m,i)}else if(a.bin&&typeof a.bin=="object")for(const k of Object.keys(a.bin))$(k,m,i);const h=y(i,"node_modules");w(h)&&d(h)}catch{}}};d(f);const g=[];for(const[n,s]of l)s.length<2||r[n]===!0||s.every(t=>r[`${t.name}#${n}`]===!0)||g.push({bin:n,packages:s});return g.sort((n,s)=>n.bin.localeCompare(s.bin))},C=new Set(["bun","npm","pnpm","yarn"]),J=({options:c,visConfig:r,workspaceRoot:f})=>{const l=f??process.cwd(),p=R(l),$=r?.security?.policies?.installScripts?.allow??{},d=r?.security?.allowBins??{},g=r?.security?.pinVersions===!0,n=V(l,$,{pinVersions:g}),s=q(l,d),t=r&&C.has(p.name)?x(r,p.name,l):void 0;if(c.json){process.stdout.write(`${JSON.stringify({binConflicts:s,drift:t,excess:n.excess,installed:n.installed.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),packageManager:p.name,pinVersions:g,unapproved:n.unapproved.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),versionDrift:n.versionDrift},void 0,2)}
1
+ import{createRequire as _}from"node:module";import{h as x,p as o,v as B}from"./cli-main.js";import{w as R}from"../packem_shared/pm-runner-CIH0wPh-.js";import{W as V}from"../packem_shared/build-scripts-Doxce2VM.js";import{m as y,f as w}from"../packem_shared/index-OQZQyN5R.js";import{a as W}from"../packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js";const j=_(import.meta.url),v=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,D=c=>{if(typeof v<"u"&&v.versions&&v.versions.node){const[r,f]=v.versions.node.split(".").map(Number);if(r>22||r===22&&f>=3||r===20&&f>=16)return v.getBuiltinModule(c)}return j(c)},{readdirSync:S,statSync:M}=D("node:fs"),q=(c,r={})=>{const f=y(c,"node_modules");if(!w(f))return[];const l=new Map,p=new Set,$=(n,s,t)=>{const e=`${s}@${t}`;if(p.has(e))return;p.add(e);const i=t.startsWith(c)?t.slice(c.length+1):t;let u=l.get(n);u||(u=[],l.set(n,u)),u.some(b=>b.name===s)||u.push({name:s,relativePath:i})},d=(n,s="")=>{let t;try{t=S(n)}catch{return}for(const e of t){const i=y(n,e);if(e.startsWith("@")){d(i,`${e}/`);continue}if(e===".pnpm"&&s===""){let a;try{a=S(i)}catch{continue}for(const m of a){const h=y(i,m,"node_modules");w(h)&&d(h)}continue}if(e.startsWith("."))continue;const u=s+e,b=y(i,"package.json");try{if(!M(i).isDirectory()||!w(b))continue;const a=W(b),m=typeof a.name=="string"?a.name:u;if(typeof a.bin=="string"){const k=m.includes("/")?m.split("/").pop():m;$(k,m,i)}else if(a.bin&&typeof a.bin=="object")for(const k of Object.keys(a.bin))$(k,m,i);const h=y(i,"node_modules");w(h)&&d(h)}catch{}}};d(f);const g=[];for(const[n,s]of l)s.length<2||r[n]===!0||s.every(t=>r[`${t.name}#${n}`]===!0)||g.push({bin:n,packages:s});return g.sort((n,s)=>n.bin.localeCompare(s.bin))},C=new Set(["bun","npm","pnpm","yarn"]),J=({options:c,visConfig:r,workspaceRoot:f})=>{const l=f??process.cwd(),p=R(l),$=r?.security?.policies?.installScripts?.allow??{},d=r?.security?.allowBins??{},g=r?.security?.pinVersions===!0,n=V(l,$,{pinVersions:g}),s=q(l,d),t=r&&C.has(p.name)?x(r,p.name,l):void 0;if(c.json){process.stdout.write(`${JSON.stringify({binConflicts:s,drift:t,excess:n.excess,installed:n.installed.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),packageManager:p.name,pinVersions:g,unapproved:n.unapproved.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),versionDrift:n.versionDrift},void 0,2)}
2
2
  `);return}if(o.info(`Build-script status (${p.name}):
3
3
  `),n.installed.length===0&&n.unapproved.length===0&&o.success(" No installed packages declare lifecycle scripts."),n.installed.length>0){o.success(` Approved (${String(n.installed.length)}):`);for(const e of n.installed)o.info(` ✓ ${e.name} — ${e.hooks.join(", ")}`)}if(n.unapproved.length>0){o.info(""),o.warn(` Unapproved (${String(n.unapproved.length)}):`);for(const e of n.unapproved)o.info(` ✗ ${e.name} — ${e.hooks.join(", ")}`);o.notice(" Run 'vis approve-builds' to review.")}if(n.excess.length>0){o.info(""),o.warn(` Stale allowlist entries (${String(n.excess.length)}):`);for(const e of n.excess)o.info(` ! ${e}`);o.notice(" Remove these from vis.config.ts security.policies.installScripts.allow.")}if(n.versionDrift.length>0){o.info(""),o.warn(` Version drift (pinVersions: true) — ${String(n.versionDrift.length)} entr${n.versionDrift.length===1?"y":"ies"} point at outdated versions:`);for(const{from:e,to:i}of n.versionDrift)o.info(` ${e} → ${i}`);o.notice(" Update vis.config.ts security.policies.installScripts.allow keys to migrate.")}if(s.length>0){o.info(""),o.warn(` Bin conflicts (${String(s.length)}) — multiple packages expose the same bin name:`);for(const e of s)o.info(` ${e.bin} ← ${e.packages.map(i=>i.name).join(", ")}`);o.notice(" Add the bin (or 'pkg#bin') to vis.config.ts security.allowBins to silence this.")}if(t?.hasDrift){o.info("");for(const e of B(t))o.warn(e)}};export{J as default};
@@ -1,4 +1,4 @@
1
- import{createRequire as m}from"node:module";import{w as d,M as _}from"../packem_shared/pm-runner-BKZQo7Ts.js";const w=m(import.meta.url),o=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=e=>{if(typeof o<"u"&&o.versions&&o.versions.node){const[t,r]=o.versions.node.split(".").map(Number);if(t>22||t===22&&r>=3||t===20&&r>=16)return o.getBuiltinModule(e)}return w(e)},{createInterface:y}=g("node:readline"),s="sigstore",$=()=>!!process.stdout.isTTY&&process.env.CI!=="true",v=e=>new Promise(t=>{const r=y({input:process.stdin,output:process.stderr});r.question(`${e} (Y/n) `,i=>{r.close();const n=i.trim().toLowerCase();t(n===""||n==="y"||n==="yes")})}),h=e=>{const t=d(e),r=_(t,{exact:!1,filter:[],global:!1,optional:!1,packages:[s],peer:!1,saveDev:!0,workspace:!1,workspaceRoot:!1},e,console);return Promise.resolve({exitCode:r})},R=()=>{try{return import.meta.resolve(s),!0}catch{return!1}},I=e=>{let t="pnpm";try{t=d(e).name}catch{}switch(t){case"bun":return`bun add -d ${s}`;case"npm":return`npm install -D ${s}`;case"yarn":return`yarn add -D ${s}`;default:return`pnpm add -D ${s}`}},D=()=>import("sigstore"),T=async(e={})=>{const t=e.interactive??$(),r=e.prompt??v,i=e.runInstall??h,n=e.importImpl??D,l=e.workspaceRoot??process.cwd(),a=I(l);try{return await n()}catch(p){const{code:u,message:f}=p;if(!(u==="ERR_MODULE_NOT_FOUND"||u==="MODULE_NOT_FOUND")||!f.includes(s))throw p}if(!t)throw new Error(`${s} is not installed. \`vis attest\` needs it for keyless signing/verification. Install it in your repo first:
1
+ import{createRequire as m}from"node:module";import{w as d,M as _}from"../packem_shared/pm-runner-CIH0wPh-.js";const w=m(import.meta.url),o=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=e=>{if(typeof o<"u"&&o.versions&&o.versions.node){const[t,r]=o.versions.node.split(".").map(Number);if(t>22||t===22&&r>=3||t===20&&r>=16)return o.getBuiltinModule(e)}return w(e)},{createInterface:y}=g("node:readline"),s="sigstore",$=()=>!!process.stdout.isTTY&&process.env.CI!=="true",v=e=>new Promise(t=>{const r=y({input:process.stdin,output:process.stderr});r.question(`${e} (Y/n) `,i=>{r.close();const n=i.trim().toLowerCase();t(n===""||n==="y"||n==="yes")})}),h=e=>{const t=d(e),r=_(t,{exact:!1,filter:[],global:!1,optional:!1,packages:[s],peer:!1,saveDev:!0,workspace:!1,workspaceRoot:!1},e,console);return Promise.resolve({exitCode:r})},R=()=>{try{return import.meta.resolve(s),!0}catch{return!1}},I=e=>{let t="pnpm";try{t=d(e).name}catch{}switch(t){case"bun":return`bun add -d ${s}`;case"npm":return`npm install -D ${s}`;case"yarn":return`yarn add -D ${s}`;default:return`pnpm add -D ${s}`}},D=()=>import("sigstore"),T=async(e={})=>{const t=e.interactive??$(),r=e.prompt??v,i=e.runInstall??h,n=e.importImpl??D,l=e.workspaceRoot??process.cwd(),a=I(l);try{return await n()}catch(p){const{code:u,message:f}=p;if(!(u==="ERR_MODULE_NOT_FOUND"||u==="MODULE_NOT_FOUND")||!f.includes(s))throw p}if(!t)throw new Error(`${s} is not installed. \`vis attest\` needs it for keyless signing/verification. Install it in your repo first:
2
2
  ${a}`);if(!await r(`${s} isn't installed. Install it now?`))throw new Error(`${s} install declined. Re-run \`vis attest\` after installing manually:
3
3
  ${a}`);const c=await i(l);if(c.exitCode!==0)throw new Error(`Install of ${s} failed (exit ${String(c.exitCode)}). Install manually and retry:
4
4
  ${a}`);return await n()};export{I as installCommandFor,R as isSigstoreInstalled,T as loadOptionalSigstore};
@@ -1 +1 @@
1
- import{H as r}from"../packem_shared/index-BDmTbWX1.js";import{createJiti as u}from"jiti";const a=(t,e)=>{if(!e||typeof e!="object")throw new TypeError(`${t}: default export must be an object (got ${e===null?"null":typeof e}). Use createTemplate({ ... }).`);const o=e;if(typeof o.about!="object"||o.about===null)throw new TypeError(`${t}: default export missing required "about" object`);if(typeof o.produce!="function")throw new TypeError(`${t}: default export missing required "produce" function`);return e},f=async t=>{const e=await u(r(t),{fsCache:!1,moduleCache:!1}).import(t,{default:!0,try:!0})??null;return a(t,e)};export{f as loadNativeTemplate};
1
+ import{importTs as r}from"./ts-loader.js";const n=(t,o)=>{if(!o||typeof o!="object")throw new TypeError(`${t}: default export must be an object (got ${o===null?"null":typeof o}). Use createTemplate({ ... }).`);const e=o;if(typeof e.about!="object"||e.about===null)throw new TypeError(`${t}: default export missing required "about" object`);if(typeof e.produce!="function")throw new TypeError(`${t}: default export missing required "produce" function`);return o},p=async t=>{const o=(await r(t)).default??null;return n(t,o)};export{p as loadNativeTemplate};
@@ -1,39 +1,39 @@
1
- import{createRequire as De}from"node:module";import{p as x}from"../packem_shared/index-DGSsjmpV.js";import{DEFAULT_CHANGES_DIR as q,DEFAULT_DEPENDENCY_BUMP_RULES as Oe,DEFAULT_CONFIG as Be}from"./DEFAULT_CLEAN_KEEP.js";import{VisReleaseError as R}from"../packem_shared/VisReleaseError-DMGRBTNO.js";import{e as Le,p as Te,c as xe}from"./registry.js";import{E as Ue}from"../packem_shared/public-api-WqUCiyIe.js";import{BUMP_LEVELS as le,maxBump as oe,bumpRank as Q,normaliseGroup as ge}from"../release/types.js";import Z from"./index.js";import{d as He,c as We}from"./detect.js";import{escapeMarkdown as Ye,assertValidPackageName as Je}from"./security.js";import{createShellRunner as J}from"./shell-runner.js";const Se=De(import.meta.url),W=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,pe=e=>{if(typeof W<"u"&&W.versions&&W.versions.node){const[a,t]=W.versions.node.split(".").map(Number);if(a>22||a===22&&t>=3||a===20&&t>=16)return W.getBuiltinModule(e)}return Se(e)},{readdir:Ve,readFile:Ee,writeFile:Fe,unlink:_e}=pe("node:fs/promises"),{resolve:X,sep:K,join:Ge}=pe("node:path"),{realpathSync:ze}=pe("node:fs"),qe=/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/,Xe=e=>{const a=qe.exec(e);return a?{body:(a[2]??"").trim(),frontmatter:a[1]??""}:null},Ke=/^(?:@[a-z0-9-]+\/)?[\w.-]+$/i,Qe=214,Ze=e=>e.length===0||e.length>Qe||e.startsWith(".")||e.startsWith("_")||e.startsWith("-")?!1:Ke.test(e),ie=e=>typeof e=="string"&&le.includes(e),ea=/^\s*(pr|commit|author)\s*:\s*(.+?)\s*$/i,aa=e=>{const a=e.split(/\r?\n/),t={};let n=0;for(const c of a){if(c.trim()===""){n+=1;continue}const d=ea.exec(c);if(!d)break;const[,l="",i=""]=d;switch(l.toLowerCase()){case"author":{t.author=i.startsWith("@")?i:`@${i}`;break}case"commit":{t.commit=i;break}case"pr":{const r=Number.parseInt(i,10);!Number.isNaN(r)&&r>0&&(t.pr=r);break}}n+=1}const s=a.slice(n).join(`
2
- `).trim();return{meta:Object.keys(t).length>0?t:void 0,remainder:s}},me=e=>typeof e=="object"&&e!==null&&!Array.isArray(e)&&"bump"in e,ta=(e,a,t)=>{if(!ie(a.bump))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid bump level for "${e}": ${JSON.stringify(a.bump)}. Expected one of: ${le.join(", ")}`,packageName:e});const n={bump:a.bump,package:e};if(a.releaseAs!==void 0){if(typeof a.releaseAs!="string"||!/^\d+\.\d+\.\d+(?:[-+].*)?$/.test(a.releaseAs))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid releaseAs for "${e}": ${JSON.stringify(a.releaseAs)}. Expected a semver string like "2.0.0" or "2.0.0-rc.1".`,packageName:e});n.releaseAs=a.releaseAs}if(a.cascade!==void 0){if(typeof a.cascade!="object"||a.cascade===null||Array.isArray(a.cascade))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Cascade block for "${e}" must be an object mapping package globs to bump levels.`,packageName:e});const s={};for(const[c,d]of Object.entries(a.cascade)){if(!ie(d))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid cascade bump level for "${c}": ${JSON.stringify(d)}.`,packageName:e});s[c]=d}n.cascade=s}return n},ne=e=>e.replaceAll(/^.*[/\\]/g,"").replace(/\.md$/i,""),na=(e,a)=>{const t=Xe(e);if(!t)throw new R({code:"BUMP_FILE_INVALID",file:a,message:"Change file is missing YAML frontmatter (expected `---` delimiters)."});let n;try{n=Ue(t.frontmatter,{schema:"core",strict:!0})}catch(i){throw new R({cause:i,code:"BUMP_FILE_INVALID",file:a,message:`YAML parse failed: ${i.message}`})}if(n==null)return{body:t.body.trim(),id:ne(a),path:a,payload:{bumps:{}}};if(typeof n!="object"||Array.isArray(n))throw new R({code:"BUMP_FILE_INVALID",file:a,message:"Frontmatter must be a YAML object mapping package names to bump levels."});const s=Object.entries(n);if(s.length===0)return{body:t.body.trim(),id:ne(a),path:a,payload:{bumps:{}}};for(const[i]of s)if(!Ze(i))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Invalid package name: ${JSON.stringify(i)}.`,packageName:i});let c;if(s.length===1&&me(s[0][1])){const[i,r]=s[0];c=ta(i,r,a)}else{const i={};for(const[r,m]of s){if(me(m))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Mixed simple + nested entries are not allowed. Package "${r}" uses the nested shape but the file has multiple top-level entries.`,packageName:r});if(!ie(m))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Invalid bump level for "${r}": ${JSON.stringify(m)}. Expected one of: ${le.join(", ")}`,packageName:r});i[r]=m}c={bumps:i}}const{meta:d,remainder:l}=aa(t.body);return{body:l,id:ne(a),meta:d,path:a,payload:c}},Ya=(e,a)=>{let t;if("bumps"in e){const n=Object.entries(e.bumps).map(([s,c])=>`${se(s)}: ${c}`);t=n.length>0?n.join(`
3
- `):"{}"}else{const n=[`${se(e.package)}:`,` bump: ${e.bump}`];if(e.releaseAs&&n.push(` releaseAs: ${e.releaseAs}`),e.cascade){n.push(" cascade:");for(const[s,c]of Object.entries(e.cascade))n.push(` ${se(s)}: ${c}`)}t=n.join(`
1
+ import{createRequire as Se}from"node:module";import{u as x}from"../packem_shared/index-Cg0IHaFI.js";import{DEFAULT_CHANGES_DIR as X,DEFAULT_DEPENDENCY_BUMP_RULES as Le,DEFAULT_CONFIG as Be}from"./DEFAULT_CLEAN_KEEP.js";import{VisReleaseError as R}from"../packem_shared/VisReleaseError-DMGRBTNO.js";import{e as Te,p as xe,c as Ge}from"./registry.js";import{E as He}from"../packem_shared/public-api-WqUCiyIe.js";import{BUMP_LEVELS as le,maxBump as oe,bumpRank as K,normaliseGroup as ge}from"../release/types.js";import Q from"./index.js";import{d as We,c as Ye}from"./detect.js";import{escapeMarkdown as Je,assertValidPackageName as ze}from"./security.js";import{createShellRunner as z}from"./shell-runner.js";const Ve=Se(import.meta.url),W=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,pe=e=>{if(typeof W<"u"&&W.versions&&W.versions.node){const[a,t]=W.versions.node.split(".").map(Number);if(a>22||a===22&&t>=3||a===20&&t>=16)return W.getBuiltinModule(e)}return Ve(e)},{readdir:Ee,readFile:Fe,writeFile:_e,unlink:Oe}=pe("node:fs/promises"),{resolve:re,sep:Y,join:Ue}=pe("node:path"),{realpathSync:me}=pe("node:fs"),qe=/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/,Xe=e=>{const a=qe.exec(e);return a?{body:(a[2]??"").trim(),frontmatter:a[1]??""}:null},Ke=/^(?:@[a-z0-9-]+\/)?[\w.-]+$/i,Qe=214,Ze=e=>e.length===0||e.length>Qe||e.startsWith(".")||e.startsWith("_")||e.startsWith("-")?!1:Ke.test(e),ie=e=>typeof e=="string"&&le.includes(e),ea=/^\s*(pr|commit|author)\s*:\s*(.+?)\s*$/i,aa=e=>{const a=e.split(/\r?\n/),t={};let n=0;for(const c of a){if(c.trim()===""){n+=1;continue}const d=ea.exec(c);if(!d)break;const[,l="",o=""]=d;switch(l.toLowerCase()){case"author":{t.author=o.startsWith("@")?o:`@${o}`;break}case"commit":{t.commit=o;break}case"pr":{const r=Number.parseInt(o,10);!Number.isNaN(r)&&r>0&&(t.pr=r);break}}n+=1}const s=a.slice(n).join(`
2
+ `).trim();return{meta:Object.keys(t).length>0?t:void 0,remainder:s}},ue=e=>typeof e=="object"&&e!==null&&!Array.isArray(e)&&"bump"in e,ta=(e,a,t)=>{if(!ie(a.bump))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid bump level for "${e}": ${JSON.stringify(a.bump)}. Expected one of: ${le.join(", ")}`,packageName:e});const n={bump:a.bump,package:e};if(a.releaseAs!==void 0){if(typeof a.releaseAs!="string"||!/^\d+\.\d+\.\d+(?:[-+].*)?$/.test(a.releaseAs))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid releaseAs for "${e}": ${JSON.stringify(a.releaseAs)}. Expected a semver string like "2.0.0" or "2.0.0-rc.1".`,packageName:e});n.releaseAs=a.releaseAs}if(a.cascade!==void 0){if(typeof a.cascade!="object"||a.cascade===null||Array.isArray(a.cascade))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Cascade block for "${e}" must be an object mapping package globs to bump levels.`,packageName:e});const s={};for(const[c,d]of Object.entries(a.cascade)){if(!ie(d))throw new R({code:"BUMP_FILE_INVALID",file:t,message:`Invalid cascade bump level for "${c}": ${JSON.stringify(d)}.`,packageName:e});s[c]=d}n.cascade=s}return n},te=e=>e.replaceAll(/^.*[/\\]/g,"").replace(/\.md$/i,""),na=(e,a)=>{const t=Xe(e);if(!t)throw new R({code:"BUMP_FILE_INVALID",file:a,message:"Change file is missing YAML frontmatter (expected `---` delimiters)."});let n;try{n=He(t.frontmatter,{schema:"core",strict:!0})}catch(o){throw new R({cause:o,code:"BUMP_FILE_INVALID",file:a,message:`YAML parse failed: ${o.message}`})}if(n==null)return{body:t.body.trim(),id:te(a),path:a,payload:{bumps:{}}};if(typeof n!="object"||Array.isArray(n))throw new R({code:"BUMP_FILE_INVALID",file:a,message:"Frontmatter must be a YAML object mapping package names to bump levels."});const s=Object.entries(n);if(s.length===0)return{body:t.body.trim(),id:te(a),path:a,payload:{bumps:{}}};for(const[o]of s)if(!Ze(o))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Invalid package name: ${JSON.stringify(o)}.`,packageName:o});let c;if(s.length===1&&ue(s[0][1])){const[o,r]=s[0];c=ta(o,r,a)}else{const o={};for(const[r,m]of s){if(ue(m))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Mixed simple + nested entries are not allowed. Package "${r}" uses the nested shape but the file has multiple top-level entries.`,packageName:r});if(!ie(m))throw new R({code:"BUMP_FILE_INVALID",file:a,message:`Invalid bump level for "${r}": ${JSON.stringify(m)}. Expected one of: ${le.join(", ")}`,packageName:r});o[r]=m}c={bumps:o}}const{meta:d,remainder:l}=aa(t.body);return{body:l,id:te(a),meta:d,path:a,payload:c}},Ya=(e,a)=>{let t;if("bumps"in e){const n=Object.entries(e.bumps).map(([s,c])=>`${ne(s)}: ${c}`);t=n.length>0?n.join(`
3
+ `):"{}"}else{const n=[`${ne(e.package)}:`,` bump: ${e.bump}`];if(e.releaseAs&&n.push(` releaseAs: ${e.releaseAs}`),e.cascade){n.push(" cascade:");for(const[s,c]of Object.entries(e.cascade))n.push(` ${ne(s)}: ${c}`)}t=n.join(`
4
4
  `)}return`---
5
5
  ${t}
6
6
  ---
7
7
  ${a.trim()===""?"":`${a.trim()}
8
- `}`},se=e=>/^[a-z0-9-]/.test(e)?e:`"${e}"`,sa=e=>{const a=new Map,t=s=>s==="major"?3:s==="minor"?2:s==="patch"?1:0,n=(s,c)=>{const d=a.get(s);(d===void 0||t(c)>t(d))&&a.set(s,c)};for(const s of e)if("bumps"in s.payload)for(const[c,d]of Object.entries(s.payload.bumps))n(c,d);else n(s.payload.package,s.payload.bump);return a},ue=(e,a)=>a.filter(t=>"bumps"in t.payload?Object.hasOwn(t.payload.bumps,e):t.payload.package===e),ra=new Set(["README.md","readme.md"]),oa=async e=>{const a=e.changesDir??q,t=X(e.cwd),n=X(e.cwd,a),s=n,c=t.endsWith(K)?t:`${t}${K}`;if(n!==t&&!n.startsWith(c))throw new R({code:"CONFIG_INVALID",message:`changesDir resolves outside the workspace: ${n} (workspace: ${t}). Set release.changesDir to a path inside the repo.`});const d=[];let l;try{l=await Ve(s)}catch(r){if(r.code==="ENOENT")return{files:[],warnings:[]};throw new R({cause:r,code:"CONFIG_INVALID",message:`Cannot read change-files directory ${s}: ${r.message}`})}const i=l.filter(r=>!ra.has(r)&&r.endsWith(".md"));return{files:await Promise.all(i.map(async r=>{const m=Ge(s,r),o=await Ee(m,"utf8");return na(o,m)})),warnings:d}},ia=(e,a)=>{if(!a)return;if(Object.hasOwn(a,e)){const n=Object.keys(a).filter(s=>s!==e&&he(s)&&Z(s,e));return fe(e,a[e],n)}const t=[];for(const[n]of Object.entries(a))he(n)&&Z(n,e)&&t.push(n);if(t.length>0){const[n,...s]=t;return fe(e,a[n],s)}},fe=(e,a,t=[])=>{let{tag:n}=a;return n==="branch-name"&&(n=ca(e)),{branch:e,mode:a.mode??"auto-publish",...t.length>0?{overlapping:t}:{},prerelease:a.prerelease,range:a.range,tag:n}},ca=e=>e.toLowerCase().replaceAll(/[^a-z0-9.-]/g,"-").replaceAll(/^-+|-+$/g,"")||"branch",pa=/[!()*+?@[\]{|}]/,he=e=>pa.test(e),la=async(e,a)=>{try{const t=await a.run("git",["rev-parse","--abbrev-ref","HEAD"],{cwd:e,silent:!0});if(t.exitCode!==0)return;const n=t.stdout.trim();return n==="HEAD"||n===""?void 0:n}catch{return}},da=["dependencies","devDependencies","peerDependencies","optionalDependencies"];class ga{dependents;dependenciesByPackage;packagesByName;constructor(a){this.dependents=new Map,this.dependenciesByPackage=new Map,this.packagesByName=new Map;for(const t of a){if(this.packagesByName.has(t.name))throw new R({code:"DUPLICATE_PACKAGE_NAME",message:`Duplicate package name "${t.name}" — found at ${this.packagesByName.get(t.name).dir} and ${t.dir}.`,packageName:t.name});this.packagesByName.set(t.name,t),this.dependents.set(t.name,[]),this.dependenciesByPackage.set(t.name,[])}for(const t of a)for(const n of da){const s=t.manifest[n];if(!(!s||typeof s!="object"))for(const[c,d]of Object.entries(s))this.packagesByName.has(c)&&(this.dependents.get(c).push({kind:n,name:t.name,range:d}),this.dependenciesByPackage.get(t.name).push({kind:n,name:c,range:d}))}}getPackage(a){return this.packagesByName.get(a)}allPackages(){return[...this.packagesByName.values()]}isInternal(a){return this.packagesByName.has(a)}getDependents(a){return this.dependents.get(a)??[]}getDependencies(a){return this.dependenciesByPackage.get(a)??[]}topologicalSort(a){const t=a?new Set(a):new Set(this.packagesByName.keys()),n=new Set,s=new Set,c=[],d=(l,i)=>{if(!n.has(l)){if(s.has(l)){const r=i.indexOf(l),m=r===-1?[...i,l]:[...i.slice(r),l];throw new R({code:"CYCLIC_DEPENDENCY",message:`Cyclic dependency detected: ${m.join(" → ")}`})}s.add(l);for(const r of this.getDependencies(l))t.has(r.name)&&r.kind!=="devDependencies"&&d(r.name,[...i,l]);s.delete(l),n.add(l),c.push(l)}};for(const l of t)d(l,[]);return c}get size(){return this.packagesByName.size}}const ma=/\{(name|version|previousVersion|date|repo|contributors)\}/g,ua=(e,a)=>e.replaceAll(ma,(t,n)=>a[n]??""),fa=(e,a={})=>{const t=new Set;for(const c of a.internalAuthors??[]){const d=c.trim().toLowerCase().replace(/^@/,"");d.length>0&&t.add(d)}const n=new Set,s=[];for(const c of e){const d=c.meta?.author;if(d)for(const l of d.split(",")){const i=l.trim();if(!i)continue;const r=i.replace(/^@/,"");if(r.length===0)continue;const m=r.toLowerCase();n.has(m)||t.has(m)||(n.add(m),s.push(Ye(i)))}}return s.length===0?"":s.map(c=>`- ${c}`).join(`
9
- `)},ee=e=>{const{current:a,prerelease:t}=e;let{bump:n}=e;if(!x.valid(a))throw new R({code:"CONFIG_INVALID",message:`Invalid current version: ${JSON.stringify(a)}`});const s=x.parse(a),c=s.prerelease[0],d=s.prerelease.length>0;if(s.major===0&&e.bumpMinorPreMajor&&(n==="major"&&(n="minor"),n==="minor"&&e.bumpPatchForMinorPreMajor&&(n="patch")),n==="none")return(c??void 0)===(t??void 0)?a:!d&&t?`${s.major}.${s.minor}.${s.patch}-${t}.0`:d&&!t?`${s.major}.${s.minor}.${s.patch}`:d&&t?`${s.major}.${s.minor}.${s.patch}-${t}.0`:a;if(d&&t&&c===t){const i=ha(s);if(we[n]<=we[i]){const o=x.inc(a,"prerelease",t);if(!o)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for prerelease bump on ${a}`});return o}const r=`${s.major}.${s.minor}.${s.patch}`,m=x.inc(r,n);if(!m)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${r}`});return`${m}-${t}.0`}if(t){const i=`${s.major}.${s.minor}.${s.patch}`,r=x.inc(i,n);if(!r)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${i}`});return`${r}-${t}.0`}if(d){const i=`${s.major}.${s.minor}.${s.patch}`,r=x.inc(i,n);if(!r)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${i}`});return r}const l=x.inc(a,n);if(!l)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${a}`});return l},we={major:3,minor:2,patch:1},ha=e=>e.minor===0&&e.patch===0?"major":e.patch===0?"minor":"patch",wa=(e,a)=>{const t=ke(a);return t?x.satisfies(e,t,{includePrerelease:!0}):!0},ke=e=>{if(!e||e.startsWith("catalog:")||e==="*"||e==="workspace:*"||e==="workspace:^"||e==="workspace:~")return null;if(e.startsWith("workspace:")){const a=e.slice(10);return a==="*"||a==="^"||a==="~"?null:a}if(e.startsWith("npm:")){const a=e.lastIndexOf("@");return a>4?e.slice(a+1):null}return e},re=100,G=(e,a,t,n,{isCascadeBump:s=!1,isDependencyBump:c=!1,isGroupBump:d=!1,source:l}={})=>{const i=e.get(a);if(i){const r=i.type;return i.type=oe(i.type,t),i.reasons.add(n),c&&(i.isDependencyBump=!0),d&&(i.isGroupBump=!0),s&&(i.isCascadeBump=!0),l&&i.sources.set(l.name,{bumpType:l.bumpType,newVersion:l.newVersion}),i.type!==r}return e.set(a,{isCascadeBump:s,isDependencyBump:c,isGroupBump:d,name:a,proactiveSeen:!1,reasons:new Set([n]),sources:l?new Map([[l.name,{bumpType:l.bumpType,newVersion:l.newVersion}]]):new Map,type:t}),!0},ya=(e,a,t,n)=>{const s=t?.get(e)?.dependencyBumpRules?.[a];if(s!==void 0)return s;const c=n.dependencyBumpRules?.[a];return c!==void 0?c:Oe[a]??!1},ye=(e,a)=>Q(e)>=Q(a),be=(e,a)=>a==="match"?e:a,ba=(e,a)=>a===!0?!0:Array.isArray(a)?a.includes(e):!1,$a=10,va=(e,a,t,n,s,c,d)=>{let l=!1;for(const i of e.values()){const r=a.getPackage(i.name);if(!r)continue;const m=n.currentVersions?.get(i.name)??r.version,o=t.get(i.name)??ee({bump:i.type,bumpMinorPreMajor:n.bumpMinorPreMajor,bumpPatchForMinorPreMajor:n.bumpPatchForMinorPreMajor,current:m,prerelease:n.prerelease});t.set(i.name,o);for(const p of a.getDependents(i.name)){if(p.kind==="devDependencies"){if(!ba(i.name,c.bumpDevDependencies))continue;if(G(e,p.name,"patch","DEVDEPENDENCY_BUMPED",{isDependencyBump:!0,source:{bumpType:i.type,name:i.name,newVersion:o}})&&(l=!0,t.delete(p.name)),c.bumpDevDependencies===!0){let w=d.get(i.name);w||(w=new Set,d.set(i.name,w)),w.add(p.name)}continue}const h=ke(p.range);if(h===null||wa(o,h))continue;let u,k="DEPENDENCY_OUT_OF_RANGE";p.kind==="peerDependencies"?(u=i.type==="none"?"patch":i.type,k="PEER_DEP_MATCH",h.startsWith("^0.")&&u!=="patch"&&s.push(`^0.x peer dep "${i.name}" → "${p.name}" produced a ${u} bump. Consider widening the range manually.`)):u="patch",G(e,p.name,u,k,{isDependencyBump:!0,source:{bumpType:i.type,name:i.name,newVersion:o}})&&(l=!0,t.delete(p.name))}}return l},ka=(e,a,t)=>{let n=!1;for(const s of t.fixed??[]){const c=ge(s),d=ae(c.packages,a),l=d.filter(r=>e.has(r));if(l.length===0)continue;let i="none";for(const r of l)i=oe(i,e.get(r).type);for(const r of d)a.isInternal(r)&&G(e,r,i,"FIXED_GROUP",{isGroupBump:!0})&&(n=!0)}for(const s of t.linked??[]){const c=ge(s),d=ae(c.packages,a).filter(i=>e.has(i));if(d.length===0)continue;let l="none";for(const i of d)l=oe(l,e.get(i).type);for(const i of d)G(e,i,l,"LINKED_GROUP",{isGroupBump:!0})&&(n=!0)}return n},$e=new WeakMap,Pa=/[!()*+?@[\]{|}]/,ae=(e,a)=>{let t=$e.get(a);t||(t={allNames:a.allPackages().map(s=>s.name),matched:new Map},$e.set(a,t));const n=new Set;for(const s of e){if(!Pa.test(s)){n.add(s);continue}let c=t.matched.get(s);c||(c=t.allNames.filter(d=>Z(s,d)),t.matched.set(s,c));for(const d of c)n.add(d)}return[...n]},Ca=(e,a,t,n,s,c)=>{let d=!1;const l=n.updateInternalDependencies??"out-of-range",i=r=>{const m=c.get(r.name);if(m!==void 0)return m;const o=ee({bump:r.type,bumpMinorPreMajor:s.bumpMinorPreMajor,bumpPatchForMinorPreMajor:s.bumpPatchForMinorPreMajor,current:s.currentVersions?.get(r.name)??t.getPackage(r.name).version,prerelease:s.prerelease});return c.set(r.name,o),o};for(const r of a){if("bumps"in r.payload||!r.payload.cascade)continue;const m=e.get(r.payload.package);if(!m)continue;const o=c.get(m.name)??ee({bump:m.type,bumpMinorPreMajor:s.bumpMinorPreMajor,bumpPatchForMinorPreMajor:s.bumpPatchForMinorPreMajor,current:s.currentVersions?.get(m.name)??t.getPackage(m.name).version,prerelease:s.prerelease});c.set(m.name,o);for(const[p,h]of Object.entries(r.payload.cascade))for(const u of ae([p],t))t.isInternal(u)&&G(e,u,h,"CASCADE",{isCascadeBump:!0,source:{bumpType:m.type,name:m.name,newVersion:o}})&&(d=!0)}for(const r of e.values()){const m=s.perPackageConfig?.get(r.name)?.cascadeTo;if(m)for(const[o,p]of Object.entries(m)){if(!ye(r.type,p.trigger))continue;const h=be(r.type,p.bumpAs),u=i(r);for(const k of ae([o],t))t.isInternal(k)&&G(e,k,h,"CASCADE_TO",{isCascadeBump:!0,source:{bumpType:r.type,name:r.name,newVersion:u}})&&(d=!0)}}if(l==="out-of-range")return d;for(const r of e.values())if(!r.proactiveSeen&&!(l==="minor"&&Q(r.type)<Q("minor"))){for(const m of t.getDependents(r.name)){const o=ya(m.name,m.kind,s.perPackageConfig,n);if(o===!1||!ye(r.type,o.trigger))continue;const p=be(r.type,o.bumpAs);if(p==="none")continue;const h=i(r);G(e,m.name,p,"DEPENDENCY_BUMPED",{isDependencyBump:!0,source:{bumpType:r.type,name:r.name,newVersion:h}})&&(d=!0)}r.proactiveSeen=!0}return d},Na=(e,a,t,n={})=>{const s=new Map,c=[],d=new Map;for(const[o,p]of sa(e).entries()){if(!a.isInternal(o)){c.push(`Change file references non-workspace package "${o}" — ignored.`);continue}p!=="none"&&G(s,o,p,"EXPLICIT")}for(const o of n.catalogConsumers??[]){if(!a.isInternal(o.packageName))continue;const p=`catalog:${o.catalog}/${o.dep}`;G(s,o.packageName,"patch","CATALOG_CHANGED",{isDependencyBump:!0,source:{bumpType:"patch",name:p,newVersion:o.newVersion??""}})}const l=new Map,i=o=>{const p=ue(o,e).map(u=>"releaseAs"in u.payload?{file:u.path,version:u.payload.releaseAs}:void 0).filter(u=>u!==void 0&&typeof u.version=="string"),h=new Set(p.map(u=>u.version));if(h.size>1)throw new R({code:"BUMP_FILE_INVALID",message:`Conflicting releaseAs values for ${o}: ${[...h].join(", ")}. Found in: ${p.map(u=>u.file).join(", ")}. Consolidate the change files to a single override.`,packageName:o});return p[0]?.version},r=new Map;for(const o of s.values()){if(o.type==="none")continue;const p=i(o.name);p&&(r.set(o.name,p),d.set(o.name,p))}for(let o=0;o<re;o+=1){const p=va(s,a,d,n,c,t,l),h=ka(s,a,t),u=Ca(s,e,a,t,n,d);if(!p&&!h&&!u)break;o===re-1&&c.push(`Release plan did not converge after ${re} iterations — releasing the current best plan. This usually indicates a config bug (cyclic cascade?).`)}for(const[o,p]of l){const h=p.size;h>$a&&c.push(`bumpDevDependencies: true triggered ${h} patch-cascades to distinct dependents from a single devdep bump (${o}). Consider scoping with the array form ['only', 'these', 'sources'].`)}const m=[];for(const o of s.values()){if(o.type==="none")continue;const p=a.getPackage(o.name);if(!p)continue;const h=ue(o.name,e),u=r.get(o.name),k=n.currentVersions?.get(o.name)??p.version,w=u??d.get(o.name)??ee({bump:o.type,bumpMinorPreMajor:n.bumpMinorPreMajor,bumpPatchForMinorPreMajor:n.bumpPatchForMinorPreMajor,current:k,prerelease:n.prerelease});m.push({changeFiles:h,isCascadeBump:o.isCascadeBump,isDependencyBump:o.isDependencyBump,isGroupBump:o.isGroupBump,name:o.name,newVersion:w,oldVersion:k,reasons:[...o.reasons],sources:[...o.sources.entries()].map(([$,b])=>({name:$,...b})),type:o.type})}return m.sort((o,p)=>o.name.localeCompare(p.name)),{consumedChangeFiles:e,releases:m,warnings:c}},Pe=async(e,a,t={})=>{const n=await e.listPackages(),s=[],c=new Map,d=new Map,l=o=>{try{return ze(X(o))}catch{return X(o)}},i=t.cwd===void 0?void 0:l(t.cwd),r=o=>o.replaceAll("\\","/"),m=[];for(const{manifest:o,manifestPath:p}of n){const h=ce(typeof o.name=="string"?o.name:"",o,a);if(o.napi!==void 0||h.versionActions==="native-addon"){const u=r(p.replace(/[/\\]package\.json$/i,""));m.push(`${u}/npm/`)}}for(const{manifest:o,manifestPath:p}of n){if(typeof o.name!="string"||o.name==="")continue;const h=r(p.replace(/[/\\]package\.json$/i,""));if(m.some(w=>h.startsWith(w)))continue;if(Je(o.name),d.has(o.name))throw new R({code:"DUPLICATE_PACKAGE_NAME",message:`Duplicate package name "${o.name}" — at ${d.get(o.name)} and ${p}.`,packageName:o.name});if(d.set(o.name,p),i!==void 0){const w=l(p),$=i.endsWith(K)?i:`${i}${K}`;if(w!==i&&!w.startsWith($))throw new R({code:"CONFIG_INVALID",message:`Package manifest is outside the workspace: ${p} (workspace: ${i}).`,packageName:o.name})}const u=ce(o.name,o,a);if(!Ce(o.name,o,u,a))continue;const k=p.replace(/[/\\]package\.json$/i,"");s.push({dir:k,manifest:o,manifestPath:p,name:o.name,private:o.private===!0,version:typeof o.version=="string"?o.version:"0.0.0"}),c.set(o.name,u)}return{packages:s,perPackageConfig:c}},ce=(e,a,t)=>{const n=t.packages?.[e]??{},s=a["vis-release"]??{};return{...n,...s}},Ce=(e,a,t,n)=>t.managed===!1?!1:t.managed===!0?!0:ve(e,n.ignore??[])?!1:ve(e,n.include??[])?!0:a.private===!0&&!(n.privatePackages?.version??!1)?!1:n.defaultManaged??!1,ve=(e,a)=>a.some(t=>Z(t,e)),Ne=(e,a)=>a.versionActions!==void 0?a.versionActions:e.manifest.napi!==void 0?"native-addon":e.private?"private":"npm",Ja=Object.defineProperty({__proto__:null,discoverPackages:Pe,isPackageManaged:Ce,mergePerPackageConfig:ce,resolveVersionActionsId:Ne},Symbol.toStringTag,{value:"Module"}),za=async(e={})=>{const a=e.cwd??process.cwd(),t=J(),n=await He(a),s=We(n,t),c=await s.detectVersion(a);if(c&&!Ia(c,s.minVersion))throw new R({code:"PM_VERSION_TOO_LOW",hint:`pnpm install -g ${s.id}@latest (or your equivalent)`,message:`${s.id} version ${c} is below the required minimum ${s.minVersion}. Upgrade ${s.id} to enable release operations.`});let d={};try{const{loadVisConfig:A}=await import("../packem_shared/CONFIG_FILES-BfaR0jKT.js"),C=await A(a);C.release&&(d=C.release)}catch(A){const{code:C}=A,g=A.message??"";if(!(C==="ENOENT"||C==="MODULE_NOT_FOUND"||/cannot find module/i.test(g)))throw A}const l=Aa(d,e.config??{});!l.acknowledgeUnstable&&process.env.VIS_RELEASE_SUPPRESS_UNSTABLE!=="1"&&process.stderr.write("[vis release] ⚠ This subsystem is flagged unstable. Set `release.acknowledgeUnstable: true` in vis.config.ts to suppress this warning. (RFC §21.2)\n");const i=e.channel??await la(a,t),r=i?ia(i,l.channels):void 0,m=await import("node:fs/promises"),o={listPackages:async()=>{const A=await s.listWorkspacePackages(a);return(await Promise.all(A.map(async C=>{const g=`${C.path}/package.json`;try{const y=await m.readFile(g,"utf8");return{manifest:JSON.parse(y),manifestPath:g}}catch{return}}))).filter(C=>C!==void 0)}},{packages:p,perPackageConfig:h}=await Pe(o,l,{cwd:a}),u=new ga(p),{files:k}=await oa({changesDir:l.changesDir,cwd:a}),{readPreMode:w}=await import("./pre-mode.js"),$=await w(a,l.changesDir??".vis/release");let b;$?.mode==="pre"?b=$.tag:$?.mode==="exit-pending"?b=void 0:b=r?.prerelease;const P=e.firstRelease===!0,{resolveCurrentVersionsForWorkspace:v}=await import("./version-resolver.js"),{versions:L,warnings:V}=await v(p,u,l,h,{cwd:a,firstRelease:P,pm:s,runner:t,skipRegistryLookup:e.skipRegistryLookup===!0}),T=[],N=[];if(l.detectCatalogChanges===!0)try{const{detectCatalogChanges:A,findCatalogConsumers:C,parseCatalogs:g}=await import("./catalog-detector.js"),y=await s.readCatalogYaml(a),j=g(y);let B;try{const _=await t.run("git",["show","HEAD~1:pnpm-workspace.yaml"],{cwd:a,silent:!0});_.exitCode===0&&(B=_.stdout)}catch{}const S=g(B),D=A(S,j).filter(_=>_.oldVersion!==void 0&&_.newVersion!==void 0);if(D.length>0){const _=C(p,j);for(const M of D){const I=_.get(M.catalog)?.get(M.dep)??[];for(const f of I)T.push({catalog:M.catalog,dep:M.dep,newVersion:M.newVersion,oldVersion:M.oldVersion,packageName:f.packageName})}T.length>0&&N.push(`Catalog change-detection: ${D.length} catalog dep(s) moved; ${T.length} consumer-package patch bump(s) tagged CATALOG_CHANGED.`)}}catch(A){N.push(`Catalog change-detection skipped: ${A.message}.`)}const E=Na(k,u,l,{bumpMinorPreMajor:l.bumpMinorPreMajor,bumpPatchForMinorPreMajor:l.bumpPatchForMinorPreMajor,catalogConsumers:T,currentVersions:L,perPackageConfig:h,prerelease:b});if(N.length>0&&E.warnings.push(...N),V.length>0&&E.warnings.push(...V),P&&E.warnings.push('First-release mode: currentVersionResolver forced to "disk", remote tag-collision checks skipped. Drop --first-release after the initial wave lands.'),$?.mode==="pre"&&E.warnings.push(`Pre-mode is ACTIVE (tag "${$.tag}"); every version produces a prerelease. Exit with \`vis release pre exit\` when ready to ship stable.`),$?.mode==="exit-pending"&&E.warnings.push(`Pre-mode is EXIT-PENDING (was "${$.tag}"); the next \`vis release version\` will consolidate the prerelease and delete pre.json.`),r?.overlapping&&r.overlapping.length>0&&E.warnings.push(`Branch "${i}" matches multiple channel patterns: "${r.branch}" (active) plus ${r.overlapping.map(A=>`"${A}"`).join(", ")}. Reorder channels in vis.config.ts if this is unintentional.`),e.projects&&e.projects.length>0){const{default:A}=await import("./index.js"),C=e.projects;E.releases=E.releases.filter(g=>C.some(y=>g.name===y||A(y,g.name)))}return{branch:i,channel:r?{mode:r.mode,prerelease:r.prerelease,tag:r.tag}:void 0,config:l,cwd:a,depGraph:u,firstRelease:P,packages:p,perPackageConfig:h,plan:E,pm:s,preMode:$}},Aa=(...e)=>{let a={...Be};for(const t of e)a={...a,...t};return a},Ia=(e,a)=>{const t=x.coerce(e)?.version??e;try{return x.gte(t,a)}catch{return!0}},Y=async(e,a,t)=>{if(!a||a.trim()==="")return;const n=J(),s=process.platform==="win32",c=s?"cmd":"sh",d=s?["/c",a]:["-c",a],l=await n.run(c,d,{cwd:e,silent:!1});if(l.exitCode!==0)throw new Error(`${t} failed (exit ${l.exitCode}): ${a}`)},Ae=async(e,a,t,n={})=>{const{findConflictingPendingStages:s,readStagedRegistry:c,removePendingStages:d,writeStagedRegistry:l}=await import("./staged-registry.js"),i=e.config.changesDir??q;let r=t??await c(e.cwd,i);if(r.pending.length===0)return;const m=new Map(e.plan.releases.map(w=>[w.name,w.newVersion])),o=[...m.keys()];let p=s(r,o).filter(w=>m.get(w.name)!==w.version);if(p.length===0)return;let h=[];if(!n.skipSelfHeal){const w=n.runner??J();h=(await Promise.all(p.map(async $=>{const b=await w.run("npm",["view",`${$.name}@${$.version}`,"dist.tarball","--silent"],{cwd:e.cwd,silent:!0});return b.exitCode===0&&b.stdout.trim().length>0?$.id:void 0}))).filter($=>$!==void 0)}if(h.length>0){if(r=d(r,h),n.persistSelfHeal!==!1)try{await l(e.cwd,i,r)}catch{}if(p=s(r,o).filter(w=>m.get(w.name)!==w.version),p.length===0)return}const u=p.map(w=>` • ${w.name}@${w.version} — stage ${w.id} (${w.reason}, recorded ${w.stagedAt})`).join(`
10
- `),k=a==="version"?"version":"publish";throw new R({code:"STAGE_PENDING",hint:"Resolve via `vis release stage approve <id>` / `--all` or `vis release stage reject <id>`, commit the updated staged.json, then retry.",message:`Refusing to ${k} — ${p.length} package(s) have a pending stage from a prior wave:
11
- ${u}`})},qa=async(e,a={})=>{if(e.plan.releases.length===0)return{changedFiles:[],deletedFiles:[],plan:e.plan};if(await Ae(e,"version",void 0,{persistSelfHeal:!1}),!a.dryRun&&e.config.preVersionCommand&&await Y(e.cwd,e.config.preVersionCommand,"preVersionCommand"),!a.dryRun&&e.config.groupPreVersionCommands){const{normaliseGroup:p}=await import("../release/types.js"),h=[...e.config.fixed??[],...e.config.linked??[]].map(k=>p(k)),{default:u}=await import("./index.js");for(const[k,w]of Object.entries(e.config.groupPreVersionCommands)){const $=Number.parseInt(k.replace(/^group-/,""),10),b=h[$];!b||!e.plan.releases.some(P=>b.packages.some(v=>P.name===v||u(v,P.name)))||await Y(e.cwd,w,`groupPreVersionCommand[${k}]`)}}const t=await import("node:fs/promises"),{readFileSync:n}=await import("node:fs"),{resolveFormatter:s}=await import("./resolveFormatter.js"),{resolveGroupChangelogRouting:c}=await import("./workspace.js"),d=await s(e.config.changelog,e.cwd),l=new Date().toISOString().slice(0,10),i=c(e.config,e.packages,e.cwd),r=await Le(e.plan,e.depGraph,{changelogPath:p=>i.get(p.name)??`${p.dir}/CHANGELOG.md`,readChangelog:p=>{try{return n(p,"utf8")}catch{return}},readManifest:p=>{try{return n(p,"utf8")}catch{return}},renderChangelogEntry:p=>d({changeFiles:p.changeFiles,date:l,release:p,target:"changelog"})}),m=[];{const{applyExtraFilesForRelease:p}=await import("./extra-files.js"),h=await Promise.all(e.plan.releases.map(async u=>{const k=e.depGraph.getPackage(u.name);if(!k)return{warnings:[],writes:[]};const w=e.perPackageConfig.get(u.name)?.extraFiles??[],$=e.config.publish?.extraFiles??[];return w.length===0&&$.length===0?{warnings:[],writes:[]}:p(e.cwd,k.dir,u.newVersion,u.name,$,w)}));for(const u of h){for(const k of u.writes)r.writes.push({content:k.content,path:k.path});m.push(...u.warnings)}m.length>0&&e.plan.warnings.push(...m)}if(a.dryRun)return{changedFiles:r.writes.map(p=>p.path),deletedFiles:r.deletions,plan:e.plan};await Promise.all([...r.writes.map(p=>Fe(p.path,p.content)),...r.deletions.map(async p=>{try{await _e(p)}catch{}})]);try{await e.pm.installLockfileOnly({cwd:e.cwd,silent:!0})}catch{}!a.dryRun&&e.config.formatChangedFiles&&await Ra(r.writes.map(p=>p.path),e.cwd);let o;if(a.commit){const{stageAndCommit:p}=await import("./git.js"),h=J(),u=["pnpm-lock.yaml","package-lock.json","yarn.lock","bun.lock","bun.lockb"],k=await import("node:path"),w=[];for(const b of u)try{await t.access(k.join(e.cwd,b)),w.push(k.join(e.cwd,b))}catch{}const $=e.config.aggregateRelease===!0||typeof e.config.aggregateRelease=="object"&&e.config.aggregateRelease.enabled;if(e.config.oneCommitPerPackage===!0&&!$&&e.plan.releases.length>0){const b=e.channel?.tag??e.branch??"main",P=r.writes.map(V=>V.path),v=new Set,{releases:L}=e.plan;for(let V=0;V<L.length;V+=1){const T=L[V],N=e.depGraph.getPackage(T.name),E=N?`${N.dir}${k.sep}`:void 0,A=E?P.filter(y=>y.startsWith(E)):[];for(const y of A)v.add(y);const C=V===L.length-1?[...P.filter(y=>!v.has(y)),...r.deletions,...w]:[],g=[...A,...C];g.length!==0&&(o=await p({cwd:e.cwd,runner:h},g,`release(${b}): ${T.name}@${T.newVersion} [skip ci]`,{author:e.config.gitUser}))}}else{const b=a.commitMessage??ja(e),P=[...r.writes.map(v=>v.path),...r.deletions,...w];o=await p({cwd:e.cwd,runner:h},P,b,{author:e.config.gitUser})}}if(!a.dryRun&&e.config.postVersionCommand&&await Y(e.cwd,e.config.postVersionCommand,"postVersionCommand"),!a.dryRun&&e.preMode?.mode==="exit-pending"){const{deletePreMode:p,preModeFilePath:h}=await import("./pre-mode.js"),u=e.config.changesDir??".vis/release";await p(e.cwd,u)&&e.plan.warnings.push(`Pre-mode exited: \`${h(e.cwd,u)}\` was deleted. Commit the deletion so the registry stays consistent across CI runs.`)}return{changedFiles:r.writes.map(p=>p.path),commitSha:o,deletedFiles:r.deletions,plan:e.plan}},Ra=async(e,a)=>{if(e.length===0)return;const{join:t}=await import("node:path");let n;try{const{createRequire:c}=await import("node:module"),{pathToFileURL:d}=await import("node:url"),l=c(t(a,"package.json"));n=await import(d(l.resolve("prettier")).href)}catch{return}const s=await import("node:fs/promises");for(const c of e)try{const d=await n.getFileInfo(c);if(d.ignored||!d.inferredParser)continue;const l=await s.readFile(c,"utf8"),i=await n.resolveConfig(c),r=await n.format(l,{...i,filepath:c});r!==l&&await s.writeFile(c,r)}catch{}},ja=e=>{const a=e.channel?.tag??e.branch??"main",{releases:t}=e.plan,n=t.length<=3?t.map(c=>`${c.name}@${c.newVersion}`).join(", "):`version ${t.length} packages`,s=t.map(c=>`- ${c.name}: ${c.oldVersion} → ${c.newVersion}`).join(`
8
+ `}`},ne=e=>/^[a-z0-9-]/.test(e)?e:`"${e}"`,sa=e=>{const a=new Map,t=s=>s==="major"?3:s==="minor"?2:s==="patch"?1:0,n=(s,c)=>{const d=a.get(s);(d===void 0||t(c)>t(d))&&a.set(s,c)};for(const s of e)if("bumps"in s.payload)for(const[c,d]of Object.entries(s.payload.bumps))n(c,d);else n(s.payload.package,s.payload.bump);return a},fe=(e,a)=>a.filter(t=>"bumps"in t.payload?Object.hasOwn(t.payload.bumps,e):t.payload.package===e),ra=new Set(["README.md","readme.md"]),oa=async e=>{const a=e.changesDir??X,t=re(e.cwd),n=re(e.cwd,a),s=n,c=t.endsWith(Y)?t:`${t}${Y}`;if(n!==t&&!n.startsWith(c))throw new R({code:"CONFIG_INVALID",message:`changesDir resolves outside the workspace: ${n} (workspace: ${t}). Set release.changesDir to a path inside the repo.`});const d=[];let l;try{l=await Ee(s)}catch(r){if(r.code==="ENOENT")return{files:[],warnings:[]};throw new R({cause:r,code:"CONFIG_INVALID",message:`Cannot read change-files directory ${s}: ${r.message}`})}const o=l.filter(r=>!ra.has(r)&&r.endsWith(".md"));return{files:await Promise.all(o.map(async r=>{const m=Ue(s,r),i=await Fe(m,"utf8");return na(i,m)})),warnings:d}},ia=(e,a)=>{if(!a)return;if(Object.hasOwn(a,e)){const n=Object.keys(a).filter(s=>s!==e&&we(s)&&Q(s,e));return he(e,a[e],n)}const t=[];for(const[n]of Object.entries(a))we(n)&&Q(n,e)&&t.push(n);if(t.length>0){const[n,...s]=t;return he(e,a[n],s)}},he=(e,a,t=[])=>{let{tag:n}=a;return n==="branch-name"&&(n=ca(e)),{branch:e,mode:a.mode??"auto-publish",...t.length>0?{overlapping:t}:{},prerelease:a.prerelease,range:a.range,tag:n}},ca=e=>e.toLowerCase().replaceAll(/[^a-z0-9.-]/g,"-").replaceAll(/^-+|-+$/g,"")||"branch",pa=/[!()*+?@[\]{|}]/,we=e=>pa.test(e),la=async(e,a)=>{try{const t=await a.run("git",["rev-parse","--abbrev-ref","HEAD"],{cwd:e,silent:!0});if(t.exitCode!==0)return;const n=t.stdout.trim();return n==="HEAD"||n===""?void 0:n}catch{return}},da=["dependencies","devDependencies","peerDependencies","optionalDependencies"];class ga{dependents;dependenciesByPackage;packagesByName;constructor(a){this.dependents=new Map,this.dependenciesByPackage=new Map,this.packagesByName=new Map;for(const t of a){if(this.packagesByName.has(t.name))throw new R({code:"DUPLICATE_PACKAGE_NAME",message:`Duplicate package name "${t.name}" — found at ${this.packagesByName.get(t.name).dir} and ${t.dir}.`,packageName:t.name});this.packagesByName.set(t.name,t),this.dependents.set(t.name,[]),this.dependenciesByPackage.set(t.name,[])}for(const t of a)for(const n of da){const s=t.manifest[n];if(!(!s||typeof s!="object"))for(const[c,d]of Object.entries(s))this.packagesByName.has(c)&&(this.dependents.get(c).push({kind:n,name:t.name,range:d}),this.dependenciesByPackage.get(t.name).push({kind:n,name:c,range:d}))}}getPackage(a){return this.packagesByName.get(a)}allPackages(){return[...this.packagesByName.values()]}isInternal(a){return this.packagesByName.has(a)}getDependents(a){return this.dependents.get(a)??[]}getDependencies(a){return this.dependenciesByPackage.get(a)??[]}topologicalSort(a){const t=a?new Set(a):new Set(this.packagesByName.keys()),n=new Set,s=new Set,c=[],d=(l,o)=>{if(!n.has(l)){if(s.has(l)){const r=o.indexOf(l),m=r===-1?[...o,l]:[...o.slice(r),l];throw new R({code:"CYCLIC_DEPENDENCY",message:`Cyclic dependency detected: ${m.join(" → ")}`})}s.add(l);for(const r of this.getDependencies(l))t.has(r.name)&&r.kind!=="devDependencies"&&d(r.name,[...o,l]);s.delete(l),n.add(l),c.push(l)}};for(const l of t)d(l,[]);return c}get size(){return this.packagesByName.size}}const ma=/\{(name|version|previousVersion|date|repo|contributors)\}/g,ua=(e,a)=>e.replaceAll(ma,(t,n)=>a[n]??""),fa=(e,a={})=>{const t=new Set;for(const c of a.internalAuthors??[]){const d=c.trim().toLowerCase().replace(/^@/,"");d.length>0&&t.add(d)}const n=new Set,s=[];for(const c of e){const d=c.meta?.author;if(d)for(const l of d.split(",")){const o=l.trim();if(!o)continue;const r=o.replace(/^@/,"");if(r.length===0)continue;const m=r.toLowerCase();n.has(m)||t.has(m)||(n.add(m),s.push(Je(o)))}}return s.length===0?"":s.map(c=>`- ${c}`).join(`
9
+ `)},Z=e=>{const{current:a,prerelease:t}=e;let{bump:n}=e;if(!x.valid(a))throw new R({code:"CONFIG_INVALID",message:`Invalid current version: ${JSON.stringify(a)}`});const s=x.parse(a),c=s.prerelease[0],d=s.prerelease.length>0;if(s.major===0&&e.bumpMinorPreMajor&&(n==="major"&&(n="minor"),n==="minor"&&e.bumpPatchForMinorPreMajor&&(n="patch")),n==="none")return(c??void 0)===(t??void 0)?a:!d&&t?`${s.major}.${s.minor}.${s.patch}-${t}.0`:d&&!t?`${s.major}.${s.minor}.${s.patch}`:d&&t?`${s.major}.${s.minor}.${s.patch}-${t}.0`:a;if(d&&t&&c===t){const o=ha(s);if(ye[n]<=ye[o]){const i=x.inc(a,"prerelease",t);if(!i)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for prerelease bump on ${a}`});return i}const r=`${s.major}.${s.minor}.${s.patch}`,m=x.inc(r,n);if(!m)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${r}`});return`${m}-${t}.0`}if(t){const o=`${s.major}.${s.minor}.${s.patch}`,r=x.inc(o,n);if(!r)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${o}`});return`${r}-${t}.0`}if(d){const o=`${s.major}.${s.minor}.${s.patch}`,r=x.inc(o,n);if(!r)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${o}`});return r}const l=x.inc(a,n);if(!l)throw new R({code:"CONFIG_INVALID",message:`semver.inc returned null for ${n} bump on ${a}`});return l},ye={major:3,minor:2,patch:1},ha=e=>e.minor===0&&e.patch===0?"major":e.patch===0?"minor":"patch",wa=(e,a)=>{const t=Pe(a);return t?x.satisfies(e,t,{includePrerelease:!0}):!0},Pe=e=>{if(!e||e.startsWith("catalog:")||e==="*"||e==="workspace:*"||e==="workspace:^"||e==="workspace:~")return null;if(e.startsWith("workspace:")){const a=e.slice(10);return a==="*"||a==="^"||a==="~"?null:a}if(e.startsWith("npm:")){const a=e.lastIndexOf("@");return a>4?e.slice(a+1):null}return e},se=100,G=(e,a,t,n,{isCascadeBump:s=!1,isDependencyBump:c=!1,isGroupBump:d=!1,source:l}={})=>{const o=e.get(a);if(o){const r=o.type;return o.type=oe(o.type,t),o.reasons.add(n),c&&(o.isDependencyBump=!0),d&&(o.isGroupBump=!0),s&&(o.isCascadeBump=!0),l&&o.sources.set(l.name,{bumpType:l.bumpType,newVersion:l.newVersion}),o.type!==r}return e.set(a,{isCascadeBump:s,isDependencyBump:c,isGroupBump:d,name:a,proactiveSeen:!1,reasons:new Set([n]),sources:l?new Map([[l.name,{bumpType:l.bumpType,newVersion:l.newVersion}]]):new Map,type:t}),!0},ya=(e,a,t,n)=>{const s=t?.get(e)?.dependencyBumpRules?.[a];if(s!==void 0)return s;const c=n.dependencyBumpRules?.[a];return c!==void 0?c:Le[a]??!1},be=(e,a)=>K(e)>=K(a),ve=(e,a)=>a==="match"?e:a,ba=(e,a)=>a===!0?!0:Array.isArray(a)?a.includes(e):!1,va=10,$a=(e,a,t,n,s,c,d)=>{let l=!1;for(const o of e.values()){const r=a.getPackage(o.name);if(!r)continue;const m=n.currentVersions?.get(o.name)??r.version,i=t.get(o.name)??Z({bump:o.type,bumpMinorPreMajor:n.bumpMinorPreMajor,bumpPatchForMinorPreMajor:n.bumpPatchForMinorPreMajor,current:m,prerelease:n.prerelease});t.set(o.name,i);for(const p of a.getDependents(o.name)){if(p.kind==="devDependencies"){if(!ba(o.name,c.bumpDevDependencies))continue;if(G(e,p.name,"patch","DEVDEPENDENCY_BUMPED",{isDependencyBump:!0,source:{bumpType:o.type,name:o.name,newVersion:i}})&&(l=!0,t.delete(p.name)),c.bumpDevDependencies===!0){let w=d.get(o.name);w||(w=new Set,d.set(o.name,w)),w.add(p.name)}continue}const h=Pe(p.range);if(h===null||wa(i,h))continue;let u,P="DEPENDENCY_OUT_OF_RANGE";p.kind==="peerDependencies"?(u=o.type==="none"?"patch":o.type,P="PEER_DEP_MATCH",h.startsWith("^0.")&&u!=="patch"&&s.push(`^0.x peer dep "${o.name}" → "${p.name}" produced a ${u} bump. Consider widening the range manually.`)):u="patch",G(e,p.name,u,P,{isDependencyBump:!0,source:{bumpType:o.type,name:o.name,newVersion:i}})&&(l=!0,t.delete(p.name))}}return l},ka=(e,a,t)=>{let n=!1;for(const s of t.fixed??[]){const c=ge(s),d=ee(c.packages,a),l=d.filter(r=>e.has(r));if(l.length===0)continue;let o="none";for(const r of l)o=oe(o,e.get(r).type);for(const r of d)a.isInternal(r)&&G(e,r,o,"FIXED_GROUP",{isGroupBump:!0})&&(n=!0)}for(const s of t.linked??[]){const c=ge(s),d=ee(c.packages,a).filter(o=>e.has(o));if(d.length===0)continue;let l="none";for(const o of d)l=oe(l,e.get(o).type);for(const o of d)G(e,o,l,"LINKED_GROUP",{isGroupBump:!0})&&(n=!0)}return n},$e=new WeakMap,Pa=/[!()*+?@[\]{|}]/,ee=(e,a)=>{let t=$e.get(a);t||(t={allNames:a.allPackages().map(s=>s.name),matched:new Map},$e.set(a,t));const n=new Set;for(const s of e){if(!Pa.test(s)){n.add(s);continue}let c=t.matched.get(s);c||(c=t.allNames.filter(d=>Q(s,d)),t.matched.set(s,c));for(const d of c)n.add(d)}return[...n]},Ca=(e,a,t,n,s,c)=>{let d=!1;const l=n.updateInternalDependencies??"out-of-range",o=r=>{const m=c.get(r.name);if(m!==void 0)return m;const i=Z({bump:r.type,bumpMinorPreMajor:s.bumpMinorPreMajor,bumpPatchForMinorPreMajor:s.bumpPatchForMinorPreMajor,current:s.currentVersions?.get(r.name)??t.getPackage(r.name).version,prerelease:s.prerelease});return c.set(r.name,i),i};for(const r of a){if("bumps"in r.payload||!r.payload.cascade)continue;const m=e.get(r.payload.package);if(!m)continue;const i=c.get(m.name)??Z({bump:m.type,bumpMinorPreMajor:s.bumpMinorPreMajor,bumpPatchForMinorPreMajor:s.bumpPatchForMinorPreMajor,current:s.currentVersions?.get(m.name)??t.getPackage(m.name).version,prerelease:s.prerelease});c.set(m.name,i);for(const[p,h]of Object.entries(r.payload.cascade))for(const u of ee([p],t))t.isInternal(u)&&G(e,u,h,"CASCADE",{isCascadeBump:!0,source:{bumpType:m.type,name:m.name,newVersion:i}})&&(d=!0)}for(const r of e.values()){const m=s.perPackageConfig?.get(r.name)?.cascadeTo;if(m)for(const[i,p]of Object.entries(m)){if(!be(r.type,p.trigger))continue;const h=ve(r.type,p.bumpAs),u=o(r);for(const P of ee([i],t))t.isInternal(P)&&G(e,P,h,"CASCADE_TO",{isCascadeBump:!0,source:{bumpType:r.type,name:r.name,newVersion:u}})&&(d=!0)}}if(l==="out-of-range")return d;for(const r of e.values())if(!r.proactiveSeen&&!(l==="minor"&&K(r.type)<K("minor"))){for(const m of t.getDependents(r.name)){const i=ya(m.name,m.kind,s.perPackageConfig,n);if(i===!1||!be(r.type,i.trigger))continue;const p=ve(r.type,i.bumpAs);if(p==="none")continue;const h=o(r);G(e,m.name,p,"DEPENDENCY_BUMPED",{isDependencyBump:!0,source:{bumpType:r.type,name:r.name,newVersion:h}})&&(d=!0)}r.proactiveSeen=!0}return d},Na=(e,a,t,n={})=>{const s=new Map,c=[],d=new Map;for(const[i,p]of sa(e).entries()){if(!a.isInternal(i)){c.push(`Change file references non-workspace package "${i}" — ignored.`);continue}p!=="none"&&G(s,i,p,"EXPLICIT")}for(const i of n.catalogConsumers??[]){if(!a.isInternal(i.packageName))continue;const p=`catalog:${i.catalog}/${i.dep}`;G(s,i.packageName,"patch","CATALOG_CHANGED",{isDependencyBump:!0,source:{bumpType:"patch",name:p,newVersion:i.newVersion??""}})}const l=new Map,o=i=>{const p=fe(i,e).map(u=>"releaseAs"in u.payload?{file:u.path,version:u.payload.releaseAs}:void 0).filter(u=>u!==void 0&&typeof u.version=="string"),h=new Set(p.map(u=>u.version));if(h.size>1)throw new R({code:"BUMP_FILE_INVALID",message:`Conflicting releaseAs values for ${i}: ${[...h].join(", ")}. Found in: ${p.map(u=>u.file).join(", ")}. Consolidate the change files to a single override.`,packageName:i});return p[0]?.version},r=new Map;for(const i of s.values()){if(i.type==="none")continue;const p=o(i.name);p&&(r.set(i.name,p),d.set(i.name,p))}for(let i=0;i<se;i+=1){const p=$a(s,a,d,n,c,t,l),h=ka(s,a,t),u=Ca(s,e,a,t,n,d);if(!p&&!h&&!u)break;i===se-1&&c.push(`Release plan did not converge after ${se} iterations — releasing the current best plan. This usually indicates a config bug (cyclic cascade?).`)}for(const[i,p]of l){const h=p.size;h>va&&c.push(`bumpDevDependencies: true triggered ${h} patch-cascades to distinct dependents from a single devdep bump (${i}). Consider scoping with the array form ['only', 'these', 'sources'].`)}const m=[];for(const i of s.values()){if(i.type==="none")continue;const p=a.getPackage(i.name);if(!p)continue;const h=fe(i.name,e),u=r.get(i.name),P=n.currentVersions?.get(i.name)??p.version,w=u??d.get(i.name)??Z({bump:i.type,bumpMinorPreMajor:n.bumpMinorPreMajor,bumpPatchForMinorPreMajor:n.bumpPatchForMinorPreMajor,current:P,prerelease:n.prerelease});m.push({changeFiles:h,isCascadeBump:i.isCascadeBump,isDependencyBump:i.isDependencyBump,isGroupBump:i.isGroupBump,name:i.name,newVersion:w,oldVersion:P,reasons:[...i.reasons],sources:[...i.sources.entries()].map(([$,y])=>({name:$,...y})),type:i.type})}return m.sort((i,p)=>i.name.localeCompare(p.name)),{consumedChangeFiles:e,releases:m,warnings:c}},Ce=async(e,a,t={})=>{const n=await e.listPackages(),s=[],c=new Map,d=new Map,l=i=>{const p=re(i);try{return me.native(p)}catch{try{return me(p)}catch{return p}}},o=t.cwd===void 0?void 0:l(t.cwd),r=i=>i.replaceAll("\\","/"),m=[];for(const{manifest:i,manifestPath:p}of n){const h=ce(typeof i.name=="string"?i.name:"",i,a);if(i.napi!==void 0||h.versionActions==="native-addon"){const u=r(p.replace(/[/\\]package\.json$/i,""));m.push(`${u}/npm/`)}}for(const{manifest:i,manifestPath:p}of n){if(typeof i.name!="string"||i.name==="")continue;const h=r(p.replace(/[/\\]package\.json$/i,""));if(m.some(w=>h.startsWith(w)))continue;if(ze(i.name),d.has(i.name))throw new R({code:"DUPLICATE_PACKAGE_NAME",message:`Duplicate package name "${i.name}" — at ${d.get(i.name)} and ${p}.`,packageName:i.name});if(d.set(i.name,p),o!==void 0){const w=l(p),$=o.endsWith(Y)?o:`${o}${Y}`,y=b=>Y==="\\"?b.toLowerCase():b,k=y(w);if(k!==y(o)&&!k.startsWith(y($)))throw new R({code:"CONFIG_INVALID",message:`Package manifest is outside the workspace: ${p} (workspace: ${o}).`,packageName:i.name})}const u=ce(i.name,i,a);if(!Ne(i.name,i,u,a))continue;const P=p.replace(/[/\\]package\.json$/i,"");s.push({dir:P,manifest:i,manifestPath:p,name:i.name,private:i.private===!0,version:typeof i.version=="string"?i.version:"0.0.0"}),c.set(i.name,u)}return{packages:s,perPackageConfig:c}},ce=(e,a,t)=>{const n=t.packages?.[e]??{},s=a["vis-release"]??{};return{...n,...s}},Ne=(e,a,t,n)=>t.managed===!1?!1:t.managed===!0?!0:ke(e,n.ignore??[])?!1:ke(e,n.include??[])?!0:a.private===!0&&!(n.privatePackages?.version??!1)?!1:n.defaultManaged??!1,ke=(e,a)=>a.some(t=>Q(t,e)),Ae=(e,a)=>a.versionActions!==void 0?a.versionActions:e.manifest.napi!==void 0?"native-addon":e.private?"private":"npm",Ja=Object.defineProperty({__proto__:null,discoverPackages:Ce,isPackageManaged:Ne,mergePerPackageConfig:ce,resolveVersionActionsId:Ae},Symbol.toStringTag,{value:"Module"}),za=async(e={})=>{const a=e.cwd??process.cwd(),t=z(),n=await We(a),s=Ye(n,t),c=await s.detectVersion(a);if(c&&!Ia(c,s.minVersion))throw new R({code:"PM_VERSION_TOO_LOW",hint:`pnpm install -g ${s.id}@latest (or your equivalent)`,message:`${s.id} version ${c} is below the required minimum ${s.minVersion}. Upgrade ${s.id} to enable release operations.`});let d={};try{const{loadVisConfig:A}=await import("./CONFIG_FILES.js"),C=await A(a);C.release&&(d=C.release)}catch(A){const{code:C}=A,g=A.message??"";if(!(C==="ENOENT"||C==="MODULE_NOT_FOUND"||/cannot find module/i.test(g)))throw A}const l=Aa(d,e.config??{});!l.acknowledgeUnstable&&process.env.VIS_RELEASE_SUPPRESS_UNSTABLE!=="1"&&process.stderr.write("[vis release] ⚠ This subsystem is flagged unstable. Set `release.acknowledgeUnstable: true` in vis.config.ts to suppress this warning. (RFC §21.2)\n");const o=e.channel??await la(a,t),r=o?ia(o,l.channels):void 0,m=await import("node:fs/promises"),i={listPackages:async()=>{const A=await s.listWorkspacePackages(a);return(await Promise.all(A.map(async C=>{const g=`${C.path}/package.json`;try{const v=await m.readFile(g,"utf8");return{manifest:JSON.parse(v),manifestPath:g}}catch{return}}))).filter(C=>C!==void 0)}},{packages:p,perPackageConfig:h}=await Ce(i,l,{cwd:a}),u=new ga(p),{files:P}=await oa({changesDir:l.changesDir,cwd:a}),{readPreMode:w}=await import("./pre-mode.js"),$=await w(a,l.changesDir??".vis/release");let y;$?.mode==="pre"?y=$.tag:$?.mode==="exit-pending"?y=void 0:y=r?.prerelease;const k=e.firstRelease===!0,{resolveCurrentVersionsForWorkspace:b}=await import("./version-resolver.js"),{versions:B,warnings:V}=await b(p,u,l,h,{cwd:a,firstRelease:k,pm:s,runner:t,skipRegistryLookup:e.skipRegistryLookup===!0}),T=[],N=[];if(l.detectCatalogChanges===!0)try{const{detectCatalogChanges:A,findCatalogConsumers:C,parseCatalogs:g}=await import("./catalog-detector.js"),v=await s.readCatalogYaml(a),j=g(v);let L;try{const _=await t.run("git",["show","HEAD~1:pnpm-workspace.yaml"],{cwd:a,silent:!0});_.exitCode===0&&(L=_.stdout)}catch{}const S=g(L),D=A(S,j).filter(_=>_.oldVersion!==void 0&&_.newVersion!==void 0);if(D.length>0){const _=C(p,j);for(const M of D){const I=_.get(M.catalog)?.get(M.dep)??[];for(const f of I)T.push({catalog:M.catalog,dep:M.dep,newVersion:M.newVersion,oldVersion:M.oldVersion,packageName:f.packageName})}T.length>0&&N.push(`Catalog change-detection: ${D.length} catalog dep(s) moved; ${T.length} consumer-package patch bump(s) tagged CATALOG_CHANGED.`)}}catch(A){N.push(`Catalog change-detection skipped: ${A.message}.`)}const E=Na(P,u,l,{bumpMinorPreMajor:l.bumpMinorPreMajor,bumpPatchForMinorPreMajor:l.bumpPatchForMinorPreMajor,catalogConsumers:T,currentVersions:B,perPackageConfig:h,prerelease:y});if(N.length>0&&E.warnings.push(...N),V.length>0&&E.warnings.push(...V),k&&E.warnings.push('First-release mode: currentVersionResolver forced to "disk", remote tag-collision checks skipped. Drop --first-release after the initial wave lands.'),$?.mode==="pre"&&E.warnings.push(`Pre-mode is ACTIVE (tag "${$.tag}"); every version produces a prerelease. Exit with \`vis release pre exit\` when ready to ship stable.`),$?.mode==="exit-pending"&&E.warnings.push(`Pre-mode is EXIT-PENDING (was "${$.tag}"); the next \`vis release version\` will consolidate the prerelease and delete pre.json.`),r?.overlapping&&r.overlapping.length>0&&E.warnings.push(`Branch "${o}" matches multiple channel patterns: "${r.branch}" (active) plus ${r.overlapping.map(A=>`"${A}"`).join(", ")}. Reorder channels in vis.config.ts if this is unintentional.`),e.projects&&e.projects.length>0){const{default:A}=await import("./index.js"),C=e.projects;E.releases=E.releases.filter(g=>C.some(v=>g.name===v||A(v,g.name)))}return{branch:o,channel:r?{mode:r.mode,prerelease:r.prerelease,tag:r.tag}:void 0,config:l,cwd:a,depGraph:u,firstRelease:k,packages:p,perPackageConfig:h,plan:E,pm:s,preMode:$}},Aa=(...e)=>{let a={...Be};for(const t of e)a={...a,...t};return a},Ia=(e,a)=>{const t=x.coerce(e)?.version??e;try{return x.gte(t,a)}catch{return!0}},J=async(e,a,t)=>{if(!a||a.trim()==="")return;const n=z(),s=process.platform==="win32",c=s?"cmd":"sh",d=s?["/c",a]:["-c",a],l=await n.run(c,d,{cwd:e,silent:!1});if(l.exitCode!==0)throw new Error(`${t} failed (exit ${l.exitCode}): ${a}`)},Ie=async(e,a,t,n={})=>{const{findConflictingPendingStages:s,readStagedRegistry:c,removePendingStages:d,writeStagedRegistry:l}=await import("./staged-registry.js"),o=e.config.changesDir??X;let r=t??await c(e.cwd,o);if(r.pending.length===0)return;const m=new Map(e.plan.releases.map(w=>[w.name,w.newVersion])),i=[...m.keys()];let p=s(r,i).filter(w=>m.get(w.name)!==w.version);if(p.length===0)return;let h=[];if(!n.skipSelfHeal){const w=n.runner??z();h=(await Promise.all(p.map(async $=>{const y=await w.run("npm",["view",`${$.name}@${$.version}`,"dist.tarball","--silent"],{cwd:e.cwd,silent:!0});return y.exitCode===0&&y.stdout.trim().length>0?$.id:void 0}))).filter($=>$!==void 0)}if(h.length>0){if(r=d(r,h),n.persistSelfHeal!==!1)try{await l(e.cwd,o,r)}catch{}if(p=s(r,i).filter(w=>m.get(w.name)!==w.version),p.length===0)return}const u=p.map(w=>` • ${w.name}@${w.version} — stage ${w.id} (${w.reason}, recorded ${w.stagedAt})`).join(`
10
+ `),P=a==="version"?"version":"publish";throw new R({code:"STAGE_PENDING",hint:"Resolve via `vis release stage approve <id>` / `--all` or `vis release stage reject <id>`, commit the updated staged.json, then retry.",message:`Refusing to ${P} — ${p.length} package(s) have a pending stage from a prior wave:
11
+ ${u}`})},qa=async(e,a={})=>{if(e.plan.releases.length===0)return{changedFiles:[],deletedFiles:[],plan:e.plan};if(await Ie(e,"version",void 0,{persistSelfHeal:!1}),!a.dryRun&&e.config.preVersionCommand&&await J(e.cwd,e.config.preVersionCommand,"preVersionCommand"),!a.dryRun&&e.config.groupPreVersionCommands){const{normaliseGroup:p}=await import("../release/types.js"),h=[...e.config.fixed??[],...e.config.linked??[]].map(P=>p(P)),{default:u}=await import("./index.js");for(const[P,w]of Object.entries(e.config.groupPreVersionCommands)){const $=Number.parseInt(P.replace(/^group-/,""),10),y=h[$];!y||!e.plan.releases.some(k=>y.packages.some(b=>k.name===b||u(b,k.name)))||await J(e.cwd,w,`groupPreVersionCommand[${P}]`)}}const t=await import("node:fs/promises"),{readFileSync:n}=await import("node:fs"),{resolveFormatter:s}=await import("./resolveFormatter.js"),{resolveGroupChangelogRouting:c}=await import("./workspace.js"),d=await s(e.config.changelog,e.cwd),l=new Date().toISOString().slice(0,10),o=c(e.config,e.packages,e.cwd),r=await Te(e.plan,e.depGraph,{changelogPath:p=>o.get(p.name)??`${p.dir}/CHANGELOG.md`,readChangelog:p=>{try{return n(p,"utf8")}catch{return}},readManifest:p=>{try{return n(p,"utf8")}catch{return}},renderChangelogEntry:p=>d({changeFiles:p.changeFiles,date:l,release:p,target:"changelog"})}),m=[];{const{applyExtraFilesForRelease:p}=await import("./extra-files.js"),h=await Promise.all(e.plan.releases.map(async u=>{const P=e.depGraph.getPackage(u.name);if(!P)return{warnings:[],writes:[]};const w=e.perPackageConfig.get(u.name)?.extraFiles??[],$=e.config.publish?.extraFiles??[];return w.length===0&&$.length===0?{warnings:[],writes:[]}:p(e.cwd,P.dir,u.newVersion,u.name,$,w)}));for(const u of h){for(const P of u.writes)r.writes.push({content:P.content,path:P.path});m.push(...u.warnings)}m.length>0&&e.plan.warnings.push(...m)}if(a.dryRun)return{changedFiles:r.writes.map(p=>p.path),deletedFiles:r.deletions,plan:e.plan};await Promise.all([...r.writes.map(p=>_e(p.path,p.content)),...r.deletions.map(async p=>{try{await Oe(p)}catch{}})]);try{await e.pm.installLockfileOnly({cwd:e.cwd,silent:!0})}catch{}!a.dryRun&&e.config.formatChangedFiles&&await Ra(r.writes.map(p=>p.path),e.cwd);let i;if(a.commit){const{stageAndCommit:p}=await import("./git.js"),h=z(),u=["pnpm-lock.yaml","package-lock.json","yarn.lock","bun.lock","bun.lockb"],P=await import("node:path"),w=[];for(const y of u)try{await t.access(P.join(e.cwd,y)),w.push(P.join(e.cwd,y))}catch{}const $=e.config.aggregateRelease===!0||typeof e.config.aggregateRelease=="object"&&e.config.aggregateRelease.enabled;if(e.config.oneCommitPerPackage===!0&&!$&&e.plan.releases.length>0){const y=e.channel?.tag??e.branch??"main",k=r.writes.map(V=>V.path),b=new Set,{releases:B}=e.plan;for(let V=0;V<B.length;V+=1){const T=B[V],N=e.depGraph.getPackage(T.name),E=N?`${N.dir}${P.sep}`:void 0,A=E?k.filter(v=>v.startsWith(E)):[];for(const v of A)b.add(v);const C=V===B.length-1?[...k.filter(v=>!b.has(v)),...r.deletions,...w]:[],g=[...A,...C];g.length!==0&&(i=await p({cwd:e.cwd,runner:h},g,`release(${y}): ${T.name}@${T.newVersion} [skip ci]`,{author:e.config.gitUser}))}}else{const y=a.commitMessage??ja(e),k=[...r.writes.map(b=>b.path),...r.deletions,...w];i=await p({cwd:e.cwd,runner:h},k,y,{author:e.config.gitUser})}}if(!a.dryRun&&e.config.postVersionCommand&&await J(e.cwd,e.config.postVersionCommand,"postVersionCommand"),!a.dryRun&&e.preMode?.mode==="exit-pending"){const{deletePreMode:p,preModeFilePath:h}=await import("./pre-mode.js"),u=e.config.changesDir??".vis/release";await p(e.cwd,u)&&e.plan.warnings.push(`Pre-mode exited: \`${h(e.cwd,u)}\` was deleted. Commit the deletion so the registry stays consistent across CI runs.`)}return{changedFiles:r.writes.map(p=>p.path),commitSha:i,deletedFiles:r.deletions,plan:e.plan}},Ra=async(e,a)=>{if(e.length===0)return;const{join:t}=await import("node:path");let n;try{const{createRequire:c}=await import("node:module"),{pathToFileURL:d}=await import("node:url"),l=c(t(a,"package.json"));n=await import(d(l.resolve("prettier")).href)}catch{return}const s=await import("node:fs/promises");for(const c of e)try{const d=await n.getFileInfo(c);if(d.ignored||!d.inferredParser)continue;const l=await s.readFile(c,"utf8"),o=await n.resolveConfig(c),r=await n.format(l,{...o,filepath:c});r!==l&&await s.writeFile(c,r)}catch{}},ja=e=>{const a=e.channel?.tag??e.branch??"main",{releases:t}=e.plan,n=t.length<=3?t.map(c=>`${c.name}@${c.newVersion}`).join(", "):`version ${t.length} packages`,s=t.map(c=>`- ${c.name}: ${c.oldVersion} → ${c.newVersion}`).join(`
12
12
  `);return`release(${a}): ${n} [skip ci]
13
13
 
14
- ${s}`},Xa=async(e,a={})=>{const t={failed:[],published:[],skipped:[],tags:[],tagsPushed:!1},n=J();if(e.plan.releases.length===0)return t;if(!a.dryRun&&e.channel?.mode==="version-pr"){const{createRemoteClient:i,detectRemoteProvider:r}=await import("./detect2.js"),m=await r(e.cwd,n,e.config.provider),o=await i(m,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}).detectRepoSlug(e.cwd,n),p=e.config.versionPr?.branch??"vis-release/version-packages";if(o)try{const h=await n.run("gh",["pr","list","--head",p,"--state","open","--json","number"],{cwd:e.cwd,silent:!0});if(h.exitCode===0&&h.stdout.trim()&&h.stdout.trim()!=="[]"){const u=JSON.parse(h.stdout);if(u[0])return t.failed.push({name:"_preflight",reason:`Open release PR #${u[0].number} exists. Merge or close it before publishing locally. (Override: --no-push then \`git push --tags\` manually.)`}),t}}catch{}}if(!a.dryRun&&e.config.prePublishCommand)try{await Y(e.cwd,e.config.prePublishCommand,"prePublishCommand")}catch(i){return t.failed.push({name:"_prePublishCommand",reason:i.message}),t}const s=e.config.changesDir??q,{acquireLock:c,releaseLock:d}=await import("./state.js");let l=!1;if(!a.dryRun)try{await c(e.cwd,s),l=!0}catch(i){return t.failed.push({name:"_lock",reason:i.message}),t}try{const{clearState:i,filterPlanByState:r,newState:m,readState:o,writeState:p}=await import("./state.js"),{readStagedRegistry:h,removePendingStages:u,upsertPendingStages:k,writeStagedRegistry:w}=await import("./staged-registry.js"),$=e.config.changesDir??q;let b=a.resume?await o(e.cwd,$):void 0,P=await h(e.cwd,$);await Ae(e,"publish",P,{runner:n}),P=await h(e.cwd,$);const v={pending:[...P.pending]};let{releases:L}=e.plan;b?L=r(L,b):(b=m(e.channel?.tag,e.plan.releases),a.dryRun||await p(e.cwd,$,b));const V=await e.pm.readCatalogYaml(e.cwd),T=Te(V),N=e.depGraph.topologicalSort(L.map(g=>g.name)),E=new Map(L.map(g=>[g.name,g])),A=new Set,C=new Map;for(const g of e.plan.releases){const y=e.depGraph.getPackage(g.name);y&&C.set(g.name,{...y.manifest,version:g.newVersion})}for(const g of N){const y=E.get(g);if(!y){t.skipped.push({name:g,reason:"topo-sort returned a name not in the release plan (internal bug)"});continue}const j=e.depGraph.getPackage(g);if(!j)continue;const B=[...new Set(e.depGraph.getDependencies(g).filter(f=>f.kind!=="devDependencies"&&A.has(f.name)).map(f=>f.name))];if(B.length>0){t.skipped.push({name:g,reason:`dependency-failed: not published because ${B.join(", ")} failed to publish (publishing would orphan this package's dependency range)`}),A.add(g);continue}const S=e.perPackageConfig.get(g)??{},D=Ne(j,S),_=a.publishActionsOverride??xe(D),M=a.tag??e.channel?.tag,I=P.pending.find(f=>f.name===g&&f.version===y.newVersion);try{const f=await _.publish({catalogs:T,cleanPackageJsonConfig:e.config.publish?.cleanPackageJson,dryRun:a.dryRun,otp:a.otp,perPackageConfig:S,pkg:j,pm:e.pm,provenance:Ea(e),registry:S.registry,release:y,resumeStageId:I?.id,tag:M,versionedManifestByName:C,workspaceConfig:e.config});if(f.published||f.alreadyPublished){const O=P.pending.filter(F=>F.name===g&&F.version===y.newVersion).map(F=>F.id);O.length>0&&(P=u(P,O))}if(f.published)t.published.push({name:g,stageId:f.stageId,tarball:f.tarball,version:y.newVersion}),b.published.push(`${g}@${y.newVersion}`);else if(f.alreadyPublished)t.skipped.push({name:g,reason:"already-published"}),b.published.push(`${g}@${y.newVersion}`);else if(t.skipped.push({name:g,reason:f.output??"skipped"}),f.stageId){const O=(f.output??"").startsWith("stage-rejected")?"rejected":"timeout";P=k(P,[{id:f.stageId,name:g,reason:O,stagedAt:new Date().toISOString(),tag:M??"latest",version:y.newVersion}])}a.dryRun||await p(e.cwd,$,b)}catch(f){t.failed.push({name:g,reason:f.message}),A.add(g)}}if(!a.dryRun&&!a.noTag&&t.published.length>0){const{createOrUpdateFloatingTag:g,createTag:y,defaultTagFor:j,pushTags:B,renderTagPattern:S}=await import("./git.js"),D=e.config.releaseTagPattern,_=e.channel?.tag,M=e.config.floatingMajorTag===!0,I=!!e.channel?.prerelease||!!e.preMode;for(const{name:f,version:O}of t.published){const F=e.perPackageConfig.get(f)?.releaseTagPattern??D,U=F?S(F,{channel:_,name:f,version:O}):j(f,O);try{await y({cwd:e.cwd,runner:n},U,`Release ${f}@${O}`,{signing:e.config.signing,skipRemoteCheck:e.firstRelease}),t.tags.push(U)}catch(H){e.firstRelease&&H instanceof R&&H.code==="TAG_COLLISION"?t.skipped.push({name:U,reason:"tag-creation: tag already exists (first-release — skipped)"}):t.skipped.push({name:U,reason:`tag-creation: ${H.message}`})}const z=e.depGraph.getPackage(f),Ie=e.perPackageConfig.get(f),Re=z?.manifest?.private===!0,je=Ie?.skipNpmPublish===!0;if(M&&!I&&!F?.includes("{major}")&&!Re&&!je){const H=O.split(/[-+]/,1)[0].split(".")[0];if(H!==void 0&&H!==""){const de=f.replace(/^@/,"").replaceAll("/","-");if(de!==""){const te=`${de}-v${H}`;try{await g({cwd:e.cwd,runner:n},te,{push:!a.noPush,signing:e.config.signing}),t.tags.push(te)}catch(Me){t.skipped.push({name:te,reason:`floating-major-tag: ${Me.message}`})}}}}}if(!a.noPush&&t.tags.length>0)try{await B({cwd:e.cwd,runner:n}),t.tagsPushed=!0}catch(f){t.tagsPushed=!1,t.failed.push({name:"_pushTags",reason:`git push --tags failed: ${f.message}. Retry with: git push --tags`})}b.tagged=[...t.tags],b.pushed=t.tagsPushed,a.dryRun||await p(e.cwd,$,b),t.failed.length===0&&t.published.length>0&&!a.dryRun&&await i(e.cwd,$)}if(!a.dryRun){const g=v.pending.length,y=P.pending.length,j=await w(e.cwd,$,P);if(j.changed){const{stageAndCommitFile:B}=await import("./git.js");let S;if(j.removed)S="chore(release): clear pending stage registry [skip ci]";else if(y>g){const D=y-g;S=`chore(release): record ${D} new pending stage${D===1?"":"s"} [skip ci]`}else if(y<g){const D=g-y;S=`chore(release): drain ${D} resolved stage${D===1?"":"s"} [skip ci]`}else S=`chore(release): update pending stage registry (${y} pending) [skip ci]`;try{await B({cwd:e.cwd,runner:n},j.path,S,{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(D){process.stderr.write(`[vis release] Warning: could not commit ${j.path}: ${D.message}
15
- `)}}}if(!a.dryRun&&t.published.length>0&&e.config.workspaceChangelog!==!1){const g=e.config.workspaceChangelog,y=typeof g=="object"?g:void 0,j=typeof e.config.aggregateRelease=="object"?e.config.aggregateRelease.enabled:e.config.aggregateRelease===!0;if(y!==void 0||j)try{const{writeWorkspaceChangelogWave:B}=await import("./workspace.js"),S=new Set(t.published.map(M=>M.name)),D=e.plan.releases.filter(M=>S.has(M.name)),_=await B({changelogConfig:e.config.changelog,cwd:e.cwd,workspaceChangelog:e.config.workspaceChangelog},D);if(_)try{const{stageAndCommitFile:M}=await import("./git.js");await M({cwd:e.cwd,runner:n},_,"chore(release): record wave [skip ci]",{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(M){process.stderr.write(`[vis release] Warning: could not commit workspace CHANGELOG.md: ${M.message}
16
- `)}}catch(B){process.stderr.write(`[vis release] Warning: could not write workspace CHANGELOG.md wave entry: ${B.message}
17
- `)}}if(!a.dryRun&&t.published.length>0&&t.tagsPushed){e.config.publish?.noRelease!==!0&&await Va(e,t,n);try{const{walkSuccessfulRelease:g}=await import("./success-walk.js"),{createRemoteClient:y,detectRemoteProvider:j}=await import("./detect2.js"),{resolveFormatter:B}=await import("./resolveFormatter.js"),S=await j(e.cwd,n,e.config.provider),D=y(S,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}),_=await D.detectRepoSlug(e.cwd,n),M=await B(e.config.changelog,e.cwd),{recordRecentlyWalked:I}=await import("./staged-registry.js"),f=new Set([...b.walked??[],...(P.recentlyWalked??[]).map(F=>F.key)]),O={...t,published:t.published.filter(F=>!f.has(`${F.name}@${F.version}`))};if(O.published.length>0){const F=await g(e,O,n,{client:D,formatter:M,repo:_}),U=O.published.map(z=>`${z.name}@${z.version}`);b.walked=[...b.walked??[],...U],await p(e.cwd,$,b),P=I(P,U),F.warnings.length>0&&e.plan.warnings.push(...F.warnings)}}catch(g){e.plan.warnings.push(`successWalk: could not run post-release walk: ${g.message}`)}if(e.config.notifications)try{const{dispatchNotifications:g}=await import("./interface.js"),{createRemoteClient:y,detectRemoteProvider:j}=await import("./detect2.js"),B=await j(e.cwd,n,e.config.provider),S=await y(B,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}).detectRepoSlug(e.cwd,n);let D;try{const I=`${e.cwd}/package.json`,f=await import("node:fs/promises");D=JSON.parse(await f.readFile(I,"utf8")).name}catch{}const _=new Set([...b.notified??[],...(P.recentlyNotified??[]).map(I=>I.key)]),M=t.published.filter(I=>!_.has(`${I.name}@${I.version}`));if(M.length>0){const I=await g(e.config.notifications,{channel:e.channel?.tag,completedAt:new Date().toISOString(),...D===void 0?{}:{monorepoName:D},published:M.map(f=>({name:f.name,tag:e.channel?.tag,...f.url===void 0?{}:{url:f.url},version:f.version})),...S===void 0?{}:{repo:S},skipped:t.skipped.map(f=>({name:f.name,reason:f.reason}))},{warn:f=>e.plan.warnings.push(f)});if(I.succeeded.length>0){const f=M.map(F=>`${F.name}@${F.version}`);b.notified=[...b.notified??[],...f],await p(e.cwd,$,b);const{recordRecentlyNotified:O}=await import("./staged-registry.js");P=O(P,f)}if(I.failed.length>0||I.succeeded.length>0){const f=I.succeeded.length+I.failed.length;if(I.failed.length>0){e.plan.warnings.push(`[notifications] dispatched ${I.succeeded.length}/${f} channels${I.succeeded.length>0?` (succeeded: ${I.succeeded.join(", ")})`:""}; ${I.failed.length} failed.`);for(const O of I.failed)e.plan.warnings.push(`[notifications:${O.id}] ${O.error}`)}}}}catch(g){e.plan.warnings.push(`notifications: dispatch failed: ${g.message}`)}if(!a.dryRun)try{const g=await w(e.cwd,$,P);if(g.changed){const{stageAndCommitFile:y}=await import("./git.js");try{await y({cwd:e.cwd,runner:n},g.path,"chore(release): record cross-runner notify/walk dedupe [skip ci]",{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(j){process.stderr.write(`[vis release] Warning: could not commit ${g.path} (notify/walk dedupe): ${j.message}
14
+ ${s}`},Xa=async(e,a={})=>{const t={failed:[],published:[],skipped:[],tags:[],tagsPushed:!1},n=z();if(e.plan.releases.length===0)return t;if(!a.dryRun&&e.channel?.mode==="version-pr"){const{createRemoteClient:o,detectRemoteProvider:r}=await import("./detect2.js"),m=await r(e.cwd,n,e.config.provider),i=await o(m,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}).detectRepoSlug(e.cwd,n),p=e.config.versionPr?.branch??"vis-release/version-packages";if(i)try{const h=await n.run("gh",["pr","list","--head",p,"--state","open","--json","number"],{cwd:e.cwd,silent:!0});if(h.exitCode===0&&h.stdout.trim()&&h.stdout.trim()!=="[]"){const u=JSON.parse(h.stdout);if(u[0])return t.failed.push({name:"_preflight",reason:`Open release PR #${u[0].number} exists. Merge or close it before publishing locally. (Override: --no-push then \`git push --tags\` manually.)`}),t}}catch{}}if(!a.dryRun&&e.config.prePublishCommand)try{await J(e.cwd,e.config.prePublishCommand,"prePublishCommand")}catch(o){return t.failed.push({name:"_prePublishCommand",reason:o.message}),t}const s=e.config.changesDir??X,{acquireLock:c,releaseLock:d}=await import("./state.js");let l=!1;if(!a.dryRun)try{await c(e.cwd,s),l=!0}catch(o){return t.failed.push({name:"_lock",reason:o.message}),t}try{const{clearState:o,filterPlanByState:r,newState:m,readState:i,writeState:p}=await import("./state.js"),{readStagedRegistry:h,removePendingStages:u,upsertPendingStages:P,writeStagedRegistry:w}=await import("./staged-registry.js"),$=e.config.changesDir??X;let y=a.resume?await i(e.cwd,$):void 0,k=await h(e.cwd,$);await Ie(e,"publish",k,{runner:n}),k=await h(e.cwd,$);const b={pending:[...k.pending]};let{releases:B}=e.plan;y?B=r(B,y):(y=m(e.channel?.tag,e.plan.releases),a.dryRun||await p(e.cwd,$,y));const V=await e.pm.readCatalogYaml(e.cwd),T=xe(V),N=e.depGraph.topologicalSort(B.map(g=>g.name)),E=new Map(B.map(g=>[g.name,g])),A=new Set,C=new Map;for(const g of e.plan.releases){const v=e.depGraph.getPackage(g.name);v&&C.set(g.name,{...v.manifest,version:g.newVersion})}for(const g of N){const v=E.get(g);if(!v){t.skipped.push({name:g,reason:"topo-sort returned a name not in the release plan (internal bug)"});continue}const j=e.depGraph.getPackage(g);if(!j)continue;const L=[...new Set(e.depGraph.getDependencies(g).filter(f=>f.kind!=="devDependencies"&&A.has(f.name)).map(f=>f.name))];if(L.length>0){t.skipped.push({name:g,reason:`dependency-failed: not published because ${L.join(", ")} failed to publish (publishing would orphan this package's dependency range)`}),A.add(g);continue}const S=e.perPackageConfig.get(g)??{},D=Ae(j,S),_=a.publishActionsOverride??Ge(D),M=a.tag??e.channel?.tag,I=k.pending.find(f=>f.name===g&&f.version===v.newVersion);try{const f=await _.publish({catalogs:T,cleanPackageJsonConfig:e.config.publish?.cleanPackageJson,dryRun:a.dryRun,otp:a.otp,perPackageConfig:S,pkg:j,pm:e.pm,provenance:Ea(e),registry:S.registry,release:v,resumeStageId:I?.id,tag:M,versionedManifestByName:C,workspaceConfig:e.config});if(f.published||f.alreadyPublished){const O=k.pending.filter(F=>F.name===g&&F.version===v.newVersion).map(F=>F.id);O.length>0&&(k=u(k,O))}if(f.published)t.published.push({name:g,stageId:f.stageId,tarball:f.tarball,version:v.newVersion}),y.published.push(`${g}@${v.newVersion}`);else if(f.alreadyPublished)t.skipped.push({name:g,reason:"already-published"}),y.published.push(`${g}@${v.newVersion}`);else if(t.skipped.push({name:g,reason:f.output??"skipped"}),f.stageId){const O=(f.output??"").startsWith("stage-rejected")?"rejected":"timeout";k=P(k,[{id:f.stageId,name:g,reason:O,stagedAt:new Date().toISOString(),tag:M??"latest",version:v.newVersion}])}a.dryRun||await p(e.cwd,$,y)}catch(f){t.failed.push({name:g,reason:f.message}),A.add(g)}}if(!a.dryRun&&!a.noTag&&t.published.length>0){const{createOrUpdateFloatingTag:g,createTag:v,defaultTagFor:j,pushTags:L,renderTagPattern:S}=await import("./git.js"),D=e.config.releaseTagPattern,_=e.channel?.tag,M=e.config.floatingMajorTag===!0,I=!!e.channel?.prerelease||!!e.preMode;for(const{name:f,version:O}of t.published){const F=e.perPackageConfig.get(f)?.releaseTagPattern??D,U=F?S(F,{channel:_,name:f,version:O}):j(f,O);try{await v({cwd:e.cwd,runner:n},U,`Release ${f}@${O}`,{signing:e.config.signing,skipRemoteCheck:e.firstRelease}),t.tags.push(U)}catch(H){e.firstRelease&&H instanceof R&&H.code==="TAG_COLLISION"?t.skipped.push({name:U,reason:"tag-creation: tag already exists (first-release — skipped)"}):t.skipped.push({name:U,reason:`tag-creation: ${H.message}`})}const q=e.depGraph.getPackage(f),Re=e.perPackageConfig.get(f),je=q?.manifest?.private===!0,Me=Re?.skipNpmPublish===!0;if(M&&!I&&!F?.includes("{major}")&&!je&&!Me){const H=O.split(/[-+]/,1)[0].split(".")[0];if(H!==void 0&&H!==""){const de=f.replace(/^@/,"").replaceAll("/","-");if(de!==""){const ae=`${de}-v${H}`;try{await g({cwd:e.cwd,runner:n},ae,{push:!a.noPush,signing:e.config.signing}),t.tags.push(ae)}catch(De){t.skipped.push({name:ae,reason:`floating-major-tag: ${De.message}`})}}}}}if(!a.noPush&&t.tags.length>0)try{await L({cwd:e.cwd,runner:n}),t.tagsPushed=!0}catch(f){t.tagsPushed=!1,t.failed.push({name:"_pushTags",reason:`git push --tags failed: ${f.message}. Retry with: git push --tags`})}y.tagged=[...t.tags],y.pushed=t.tagsPushed,a.dryRun||await p(e.cwd,$,y),t.failed.length===0&&t.published.length>0&&!a.dryRun&&await o(e.cwd,$)}if(!a.dryRun){const g=b.pending.length,v=k.pending.length,j=await w(e.cwd,$,k);if(j.changed){const{stageAndCommitFile:L}=await import("./git.js");let S;if(j.removed)S="chore(release): clear pending stage registry [skip ci]";else if(v>g){const D=v-g;S=`chore(release): record ${D} new pending stage${D===1?"":"s"} [skip ci]`}else if(v<g){const D=g-v;S=`chore(release): drain ${D} resolved stage${D===1?"":"s"} [skip ci]`}else S=`chore(release): update pending stage registry (${v} pending) [skip ci]`;try{await L({cwd:e.cwd,runner:n},j.path,S,{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(D){process.stderr.write(`[vis release] Warning: could not commit ${j.path}: ${D.message}
15
+ `)}}}if(!a.dryRun&&t.published.length>0&&e.config.workspaceChangelog!==!1){const g=e.config.workspaceChangelog,v=typeof g=="object"?g:void 0,j=typeof e.config.aggregateRelease=="object"?e.config.aggregateRelease.enabled:e.config.aggregateRelease===!0;if(v!==void 0||j)try{const{writeWorkspaceChangelogWave:L}=await import("./workspace.js"),S=new Set(t.published.map(M=>M.name)),D=e.plan.releases.filter(M=>S.has(M.name)),_=await L({changelogConfig:e.config.changelog,cwd:e.cwd,workspaceChangelog:e.config.workspaceChangelog},D);if(_)try{const{stageAndCommitFile:M}=await import("./git.js");await M({cwd:e.cwd,runner:n},_,"chore(release): record wave [skip ci]",{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(M){process.stderr.write(`[vis release] Warning: could not commit workspace CHANGELOG.md: ${M.message}
16
+ `)}}catch(L){process.stderr.write(`[vis release] Warning: could not write workspace CHANGELOG.md wave entry: ${L.message}
17
+ `)}}if(!a.dryRun&&t.published.length>0&&t.tagsPushed){e.config.publish?.noRelease!==!0&&await Va(e,t,n);try{const{walkSuccessfulRelease:g}=await import("./success-walk.js"),{createRemoteClient:v,detectRemoteProvider:j}=await import("./detect2.js"),{resolveFormatter:L}=await import("./resolveFormatter.js"),S=await j(e.cwd,n,e.config.provider),D=v(S,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}),_=await D.detectRepoSlug(e.cwd,n),M=await L(e.config.changelog,e.cwd),{recordRecentlyWalked:I}=await import("./staged-registry.js"),f=new Set([...y.walked??[],...(k.recentlyWalked??[]).map(F=>F.key)]),O={...t,published:t.published.filter(F=>!f.has(`${F.name}@${F.version}`))};if(O.published.length>0){const F=await g(e,O,n,{client:D,formatter:M,repo:_}),U=O.published.map(q=>`${q.name}@${q.version}`);y.walked=[...y.walked??[],...U],await p(e.cwd,$,y),k=I(k,U),F.warnings.length>0&&e.plan.warnings.push(...F.warnings)}}catch(g){e.plan.warnings.push(`successWalk: could not run post-release walk: ${g.message}`)}if(e.config.notifications)try{const{dispatchNotifications:g}=await import("./interface.js"),{createRemoteClient:v,detectRemoteProvider:j}=await import("./detect2.js"),L=await j(e.cwd,n,e.config.provider),S=await v(L,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}).detectRepoSlug(e.cwd,n);let D;try{const I=`${e.cwd}/package.json`,f=await import("node:fs/promises");D=JSON.parse(await f.readFile(I,"utf8")).name}catch{}const _=new Set([...y.notified??[],...(k.recentlyNotified??[]).map(I=>I.key)]),M=t.published.filter(I=>!_.has(`${I.name}@${I.version}`));if(M.length>0){const I=await g(e.config.notifications,{channel:e.channel?.tag,completedAt:new Date().toISOString(),...D===void 0?{}:{monorepoName:D},published:M.map(f=>({name:f.name,tag:e.channel?.tag,...f.url===void 0?{}:{url:f.url},version:f.version})),...S===void 0?{}:{repo:S},skipped:t.skipped.map(f=>({name:f.name,reason:f.reason}))},{warn:f=>e.plan.warnings.push(f)});if(I.succeeded.length>0){const f=M.map(F=>`${F.name}@${F.version}`);y.notified=[...y.notified??[],...f],await p(e.cwd,$,y);const{recordRecentlyNotified:O}=await import("./staged-registry.js");k=O(k,f)}if(I.failed.length>0||I.succeeded.length>0){const f=I.succeeded.length+I.failed.length;if(I.failed.length>0){e.plan.warnings.push(`[notifications] dispatched ${I.succeeded.length}/${f} channels${I.succeeded.length>0?` (succeeded: ${I.succeeded.join(", ")})`:""}; ${I.failed.length} failed.`);for(const O of I.failed)e.plan.warnings.push(`[notifications:${O.id}] ${O.error}`)}}}}catch(g){e.plan.warnings.push(`notifications: dispatch failed: ${g.message}`)}if(!a.dryRun)try{const g=await w(e.cwd,$,k);if(g.changed){const{stageAndCommitFile:v}=await import("./git.js");try{await v({cwd:e.cwd,runner:n},g.path,"chore(release): record cross-runner notify/walk dedupe [skip ci]",{author:e.config.gitUser,push:!a.noPush,sign:e.config.gitSignCommits===!0})}catch(j){process.stderr.write(`[vis release] Warning: could not commit ${g.path} (notify/walk dedupe): ${j.message}
18
18
  `)}}}catch(g){process.stderr.write(`[vis release] Warning: could not update cross-runner dedupe registry: ${g.message}
19
- `)}}if(!a.dryRun&&e.config.postPublishCommand)try{await Y(e.cwd,e.config.postPublishCommand,"postPublishCommand")}catch(g){t.failed.push({name:"_postPublishCommand",reason:g.message})}return t}finally{l&&await d(e.cwd,s)}},Ma=e=>e.length===0?"":`## Related releases
19
+ `)}}if(!a.dryRun&&e.config.postPublishCommand)try{await J(e.cwd,e.config.postPublishCommand,"postPublishCommand")}catch(g){t.failed.push({name:"_postPublishCommand",reason:g.message})}return t}finally{l&&await d(e.cwd,s)}},Ma=e=>e.length===0?"":`## Related releases
20
20
 
21
21
  ${e.map(a=>`- [${a.name}](${a.url})`).join(`
22
22
  `)}`,Da=(e,a,t)=>{if(!a||!a.header&&!a.footer)return e;const n=c=>ua(c,{contributors:t.contributors??"",date:t.date,name:t.name,previousVersion:t.previousVersion,repo:t.repo,version:t.version}).replaceAll(/\n{3,}/g,`
23
23
 
24
24
  `).replace(/\s+$/,""),s=[];if(a.header){const c=n(a.header);c.length>0&&s.push(c)}if(s.push(e),a.footer){const c=n(a.footer);c.length>0&&s.push(c)}return s.join(`
25
25
 
26
- `)},Sa=e=>{if(!Array.isArray(e))return;const[a,t]=e;if(a!=="github"||typeof t!="object"||t===null)return;const{internalAuthors:n}=t;if(Array.isArray(n))return n.filter(s=>typeof s=="string")},Va=async(e,a,t)=>{const{createRemoteClient:n,detectRemoteProvider:s}=await import("./detect2.js"),c=await s(e.cwd,t,e.config.provider),d=n(c,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}),l=await d.detectRepoSlug(e.cwd,t);if(!l)return;const i=typeof e.config.aggregateRelease=="object"?e.config.aggregateRelease:{enabled:e.config.aggregateRelease===!0},r=e.config.publish?.draftRelease===!0,m=e.config.publish?.discussionCategory,o=e.config.publish?.addReleases;if(i.enabled){const v=new Date().toISOString().slice(0,10),L=(i.title??"Release {date}").replaceAll("{date}",v),V=`release-${v}`,T=a.published.map(N=>`- \`${N.name}\` → ${N.version}`).join(`
27
- `);try{const N=await d.createRelease(t,{body:T,cwd:e.cwd,discussionCategory:m,draft:r,repo:l,tag:V,title:L});if(N?.url)for(const E of a.published)E.url=N.url}catch{}return}const{defaultTagFor:p,renderTagPattern:h}=await import("./git.js"),u=e.config.releaseTagPattern,k=e.channel?.tag,w=e.config.publish?.releaseAssets??{},$=new Date().toISOString().slice(0,10),b=Sa(e.config.changelog),P=fa(e.plan.consumedChangeFiles??[],{internalAuthors:b});for(const v of a.published){const L=e.perPackageConfig.get(v.name)?.releaseTagPattern??u,V=L?h(L,{channel:k,name:v.name,version:v.version}):p(v.name,v.version),T=v.version.includes("-");let N=`Release of ${v.name}@${v.version}.`;if(v.stageId&&(N=`${N}
26
+ `)},Sa=e=>{if(!Array.isArray(e))return;const[a,t]=e;if(a!=="github"||typeof t!="object"||t===null)return;const{internalAuthors:n}=t;if(Array.isArray(n))return n.filter(s=>typeof s=="string")},Va=async(e,a,t)=>{const{createRemoteClient:n,detectRemoteProvider:s}=await import("./detect2.js"),c=await s(e.cwd,t,e.config.provider),d=n(c,{githubHost:e.config.githubHost,gitlabHost:e.config.gitlabHost,httpProxy:e.config.httpProxy}),l=await d.detectRepoSlug(e.cwd,t);if(!l)return;const o=typeof e.config.aggregateRelease=="object"?e.config.aggregateRelease:{enabled:e.config.aggregateRelease===!0},r=e.config.publish?.draftRelease===!0,m=e.config.publish?.discussionCategory,i=e.config.publish?.addReleases;if(o.enabled){const b=new Date().toISOString().slice(0,10),B=(o.title??"Release {date}").replaceAll("{date}",b),V=`release-${b}`,T=a.published.map(N=>`- \`${N.name}\` → ${N.version}`).join(`
27
+ `);try{const N=await d.createRelease(t,{body:T,cwd:e.cwd,discussionCategory:m,draft:r,repo:l,tag:V,title:B});if(N?.url)for(const E of a.published)E.url=N.url}catch{}return}const{defaultTagFor:p,renderTagPattern:h}=await import("./git.js"),u=e.config.releaseTagPattern,P=e.channel?.tag,w=e.config.publish?.releaseAssets??{},$=new Date().toISOString().slice(0,10),y=Sa(e.config.changelog),k=fa(e.plan.consumedChangeFiles??[],{internalAuthors:y});for(const b of a.published){const B=e.perPackageConfig.get(b.name)?.releaseTagPattern??u,V=B?h(B,{channel:P,name:b.name,version:b.version}):p(b.name,b.version),T=b.version.includes("-");let N=`Release of ${b.name}@${b.version}.`;if(b.stageId&&(N=`${N}
28
28
 
29
- > ⏳ **Staged — not yet installable.** Approve via \`vis release stage approve ${v.stageId}\` or the npmjs.com web UI.`),w.stampHashes&&v.tarball&&(N=`${N}
29
+ > ⏳ **Staged — not yet installable.** Approve via \`vis release stage approve ${b.stageId}\` or the npmjs.com web UI.`),w.stampHashes&&b.tarball&&(N=`${N}
30
30
 
31
31
  ### Tarball integrity
32
32
 
33
- - size: \`${v.tarball.size}\` bytes
34
- - sha256: \`${v.tarball.sha256}\`
35
- - sha512: \`${v.tarball.sha512}\``),o!==void 0&&o!==!1)try{const C=V.lastIndexOf("@"),g=C>0?V.slice(0,C+1):"",y=await d.listRecentReleases(t,{cwd:e.cwd,excludeTag:V,limit:5,repo:l,tagPrefix:g}),j=Ma(y);j&&(N=o==="top"?`${j}
33
+ - size: \`${b.tarball.size}\` bytes
34
+ - sha256: \`${b.tarball.sha256}\`
35
+ - sha512: \`${b.tarball.sha512}\``),i!==void 0&&i!==!1)try{const C=V.lastIndexOf("@"),g=C>0?V.slice(0,C+1):"",v=await d.listRecentReleases(t,{cwd:e.cwd,excludeTag:V,limit:5,repo:l,tagPrefix:g}),j=Ma(v);j&&(N=i==="top"?`${j}
36
36
 
37
37
  ${N}`:`${N}
38
38
 
39
- ${j}`)}catch{}const{releaseNoteTemplate:E}=e.config;if(E){const C=e.plan.releases.find(g=>g.name===v.name)?.oldVersion??"";N=Da(N,E,{contributors:P,date:$,name:v.name,previousVersion:C,repo:l,version:v.version})}const A=[];w.uploadTarball&&v.tarball&&A.push(v.tarball.path);try{const C=await d.createRelease(t,{assets:A.length>0?A:void 0,body:N,cwd:e.cwd,discussionCategory:m,draft:r,prerelease:T,repo:l,tag:V,title:`${v.name} v${v.version}`});C?.url&&(v.url=C.url)}catch(C){console.warn(`createRelease failed for ${v.name}@${v.version} (tag ${V}): ${C.message}`)}}},Ea=e=>(e.config.publish?.publishArgs??[]).includes("--provenance")&&e.pm.id!=="bun";export{qa as a,za as b,sa as c,Ne as d,Ya as f,Xa as p,oa as r,Ja as w};
39
+ ${j}`)}catch{}const{releaseNoteTemplate:E}=e.config;if(E){const C=e.plan.releases.find(g=>g.name===b.name)?.oldVersion??"";N=Da(N,E,{contributors:k,date:$,name:b.name,previousVersion:C,repo:l,version:b.version})}const A=[];w.uploadTarball&&b.tarball&&A.push(b.tarball.path);try{const C=await d.createRelease(t,{assets:A.length>0?A:void 0,body:N,cwd:e.cwd,discussionCategory:m,draft:r,prerelease:T,repo:l,tag:V,title:`${b.name} v${b.version}`});C?.url&&(b.url=C.url)}catch(C){console.warn(`createRelease failed for ${b.name}@${b.version} (tag ${V}): ${C.message}`)}}},Ea=e=>(e.config.publish?.publishArgs??[]).includes("--provenance")&&e.pm.id!=="bun";export{qa as a,za as b,oa as c,sa as d,Ya as f,Xa as p,Ae as r,Ja as w};
@@ -1,4 +1,4 @@
1
- import{createRequire as l}from"node:module";import{E as n}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";const u=l(import.meta.url),i=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,p=o=>{if(typeof i<"u"&&i.versions&&i.versions.node){const[e,s]=i.versions.node.split(".").map(Number);if(e>22||e===22&&s>=3||e===20&&s>=16)return i.getBuiltinModule(o)}return u(o)},{createInterface:c}=p("node:readline"),a=(o,e)=>new Promise(s=>{o.question(e,r=>{s(r.trim())})}),f=async(o,e=!0)=>{const s=c({input:process.stdin,output:process.stdout});try{const r=await a(s,`${o} ${n(e?"[Y/n]":"[y/N]")} `);return r===""?e:/^y(?:es)?$/i.test(r)}finally{s.close()}},w=async(o,e="")=>{const s=c({input:process.stdin,output:process.stdout});try{const r=e?` ${n(`(${e})`)}`:"",t=await a(s,`${o}${r} `);return t===""?e:t}finally{s.close()}},y=async(o,e)=>{if(e.length===0)throw new Error("selectPrompt called with no options.");const s=c({input:process.stdin,output:process.stdout});try{process.stdout.write(`${o}
1
+ import{createRequire as l}from"node:module";import{E as n}from"../packem_shared/index.server-J83sowC4.js";const u=l(import.meta.url),i=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,p=o=>{if(typeof i<"u"&&i.versions&&i.versions.node){const[e,s]=i.versions.node.split(".").map(Number);if(e>22||e===22&&s>=3||e===20&&s>=16)return i.getBuiltinModule(o)}return u(o)},{createInterface:c}=p("node:readline"),a=(o,e)=>new Promise(s=>{o.question(e,r=>{s(r.trim())})}),f=async(o,e=!0)=>{const s=c({input:process.stdin,output:process.stdout});try{const r=await a(s,`${o} ${n(e?"[Y/n]":"[y/N]")} `);return r===""?e:/^y(?:es)?$/i.test(r)}finally{s.close()}},w=async(o,e="")=>{const s=c({input:process.stdin,output:process.stdout});try{const r=e?` ${n(`(${e})`)}`:"",t=await a(s,`${o}${r} `);return t===""?e:t}finally{s.close()}},y=async(o,e)=>{if(e.length===0)throw new Error("selectPrompt called with no options.");const s=c({input:process.stdin,output:process.stdout});try{process.stdout.write(`${o}
2
2
  `);for(const[r,t]of e.entries())process.stdout.write(` ${r+1}) ${t.label}
3
3
  `);for(;;){const r=await a(s,n(` [1-${e.length}] `)),t=Number.parseInt(r,10);if(!Number.isNaN(t)&&t>=1&&t<=e.length)return e[t-1].value;process.stdout.write(n(` Please enter a number between 1 and ${e.length}.
4
4
  `))}}finally{s.close()}},$=async(o,e)=>{if(e.length===0)throw new Error("multiSelectPrompt called with no options.");const s=c({input:process.stdin,output:process.stdout});try{process.stdout.write(`${o}
@@ -1,3 +1,3 @@
1
- import{p as o}from"./bin.js";import{r as d}from"../packem_shared/advisories-DLeO5KMN.js";const f=async({fs:c,logger:u,options:e,workspaceRoot:s})=>{if(!s)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const r=e.db??d(s),t=e.format==="json";if(!e.force){o.warn(`Prune is destructive. Will remove: ${r}`),o.info("Re-run with --force to proceed."),t&&process.stdout.write(`${JSON.stringify({dbPath:r,reason:"needs --force",removed:!1})}
1
+ import{p as o}from"./cli-main.js";import{r as d}from"../packem_shared/advisories-CefYKEPe.js";const f=async({fs:c,logger:u,options:e,workspaceRoot:s})=>{if(!s)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const r=e.db??d(s),t=e.format==="json";if(!e.force){o.warn(`Prune is destructive. Will remove: ${r}`),o.info("Re-run with --force to proceed."),t&&process.stdout.write(`${JSON.stringify({dbPath:r,reason:"needs --force",removed:!1})}
2
2
  `);return}const a=[r,`${r}-wal`,`${r}-shm`,`${r}-journal`],i=[];for(const n of a)try{await c.rm(n,{force:!0}),i.push(n)}catch{}if(t){process.stdout.write(`${JSON.stringify({dbPath:r,files:i,removed:!0})}
3
3
  `);return}o.success(`Removed ${r}.`)},w=f;export{w as advisoriesPruneExecute};
@@ -12,7 +12,7 @@ ${e.trimStart()}`:`${n}
12
12
 
13
13
  ${e.trimStart()}`},Ge=(t,e)=>{const n=Be(e);return`${JSON.stringify(t,null,n)}
14
14
  `},Be=t=>{if(!t)return 4;const e=/\n(\s+)"/.exec(t);if(!e)return 4;const n=(e[1]??"").length;return n===2||n===4?n:4},We=t=>`${t.dir}/CHANGELOG.md`,Je=t=>{const e=new Date().toISOString().slice(0,10),n=[`## ${t.newVersion}`,`<sub>${e}</sub>`,""];if(t.isCascadeBump||t.isGroupBump)for(const r of t.sources)n.push(`- Version bump from ${r.name}@${r.newVersion}`);else if(t.isDependencyBump&&t.changeFiles.length===0)for(const r of t.sources)r.newVersion===""?n.push(`- Removed dependency ${r.name}`):n.push(`- Updated dependency ${r.name}@${r.newVersion}`);else for(const r of t.changeFiles)for(const s of r.body.split(/\r?\n/)){if(s.trim()===""){n.push("");continue}n.push(s.startsWith("-")||s.startsWith("*")?s:`- ${s}`)}return n.join(`
15
- `)},He=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Q={default:{},named:{}},Ke=t=>{if(!t)return Q;let e;try{e=Re(t,{schema:"core",strict:!0})}catch(s){throw new l({cause:s,code:"CONFIG_INVALID",message:`Failed to parse pnpm-workspace.yaml: ${s.message}`})}if(typeof e!="object"||e===null||Array.isArray(e))return Q;const n=e,r={default:{},named:{}};if(typeof n.catalog=="object"&&n.catalog!==null&&!Array.isArray(n.catalog))for(const[s,a]of Object.entries(n.catalog))typeof a=="string"&&(r.default[s]=a);if(typeof n.catalogs=="object"&&n.catalogs!==null&&!Array.isArray(n.catalogs))for(const[s,a]of Object.entries(n.catalogs)){if(typeof a!="object"||a===null||Array.isArray(a))continue;const i={};for(const[o,c]of Object.entries(a))typeof c=="string"&&(i[o]=c);r.named[s]=i}return r},we=(t,e,n)=>{if(!t.startsWith("catalog:"))return t;const r=t.slice(8),s=r===""?n.default:n.named[r];if(s)return s[e]},Y=(t,e)=>{const n={...t};for(const r of He){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("catalog:"))continue;const c=we(o,i,e);if(c===void 0)throw new l({code:"CONFIG_INVALID",message:`Cannot resolve "${o}" for dependency "${i}" in package "${t.name}". Add it to pnpm-workspace.yaml's "catalog" or "catalogs" block.`,packageName:t.name});a[i]=c}n[r]=a}return n},Ut=Object.defineProperty({__proto__:null,parseCatalogs:Ke,resolveCatalogRef:we,rewriteCatalogRefs:Y},Symbol.toStringTag,{value:"Module"}),qe="ACTIONS_ID_TOKEN_REQUEST_URL",z=t=>{const e=!!t.env[qe],n=!!t.env[t.staticTokenVar],r=t.workspaceConfig?.publish?.preferStaticToken===!0;return e&&!(r&&n)?"oidc":n?"token":"missing"};let T;const Ye="https://github.com/visulima/visulima",ze=async()=>{try{let t=U(Ve(import.meta.url));for(let e=0;e<6;e+=1){const n=h(t,"package.json");try{const s=await A(n,"utf8"),a=JSON.parse(s);if(a.name==="@visulima/vis"&&typeof a.version=="string")return a.version}catch{}const r=U(t);if(r===t)break;t=r}}catch{}return"unknown"},Qe=async()=>(T!==void 0||(T=`vis-release/${await ze()} (+${Ye})`),T),X=new Map,Xe=async t=>{const e=X.get(t);if(e!==void 0)return e;try{const n=await import("undici"),r=new n.ProxyAgent(t);return X.set(t,r),r}catch{return}},Ze=t=>t===301||t===302||t===303||t===307||t===308,et=(t,e)=>{try{const n=new URL(t),r=new URL(e);return n.host===r.host&&n.protocol===r.protocol}catch{return!1}},j=async(t,e={})=>{const n=e.maxRedirects??2,r={"User-Agent":await Qe(),...e.headers};e.headers?.["User-Agent"]&&(r["User-Agent"]=e.headers["User-Agent"]);let s=t,a=0;const i=e.httpProxy?await Xe(e.httpProxy):void 0;for(;;){let o;try{const p=e.fetchImpl??globalThis.fetch,m={headers:r,method:e.method??"GET",redirect:"manual"};i&&(m.dispatcher=i),o=await p(s,m)}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!Ze(o.status))return{json:async()=>{try{return await o.json()}catch{return}},ok:o.ok,status:o.status,text:async()=>{try{return await o.text()}catch{return""}}};const c=o.headers.get("location")??o.headers.get("Location");if(!c||a>=n)return{json:async()=>{},ok:!1,status:0,text:async()=>""};let d;try{d=new URL(c,s).toString()}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!et(t,d))return{json:async()=>{},ok:!1,status:0,text:async()=>""};s=d,a+=1}},tt="https://crates.io/api/v1/crates",nt="Cargo.toml",Z=async t=>{let e;try{e=await A(t,"utf8")}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to read Cargo.toml at ${t}: ${o.message}`})}const{parse:n}=await import("smol-toml");let r;try{r=n(e)}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to parse Cargo.toml at ${t}: ${o.message}`})}if(!r.package)throw new l({code:"CONFIG_INVALID",file:t,hint:"CargoVersionActions only supports publishable crates with a [package] table. For workspace roots, point per-package config at the member crate directory.",message:`Cargo.toml at ${t} has no [package] table.`});const{name:s}=r.package;if(typeof s!="string"||s.length===0)throw new l({code:"CONFIG_INVALID",file:t,message:`Cargo.toml at ${t} is missing [package].name.`});const a=r.package.version;let i;if(typeof a=="string"?i=a:a&&typeof a=="object"&&a.workspace===!0&&(i=r.workspace?.package?.version),typeof i!="string"||i.length===0)throw new l({code:"CONFIG_INVALID",file:t,hint:"Set [package].version explicitly, or — for workspace-inherited versions — ensure the root Cargo.toml carries [workspace.package].version and point per-package config at it.",message:`Cargo.toml at ${t} has no resolvable [package].version.`});return{name:s,version:i}},ee=async(t,e)=>{const n=`${tt}/${encodeURIComponent(t)}`;try{const r=await j(n,{headers:{Accept:"application/json"},httpProxy:e});if(r.status===404||!r.ok)return;const s=await r.json();return s?.crate?.max_stable_version??s?.crate?.max_version??void 0}catch{return}},rt=(t,e)=>z({env:t,staticTokenVar:"CARGO_REGISTRY_TOKEN",workspaceConfig:e})==="oidc",st=async(t,e)=>{const n=await t.run("cargo",["package","--list","--allow-dirty"],{cwd:e,silent:!0});return n.exitCode!==0?[]:n.stdout.split(/\r?\n/).map(r=>r.trim()).filter(r=>r.length>0)};class at extends N{id="cargo";async readPublishedVersion(e){const n=H(e.pkg);try{const{name:r}=await Z(n);return await ee(r)}catch{return}}async publish(e){if(e.dryRun)return{output:`[dry-run / cargo] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=H(e.pkg,e.perPackageConfig),r=ot(e.pkg,e.perPackageConfig),{name:s,version:a}=await Z(n);if(a!==e.release.newVersion)throw new l({code:"CONFIG_INVALID",file:n,hint:`Confirm the cargo() preset's crateDir points at the directory containing this Cargo.toml. Expected ${e.release.newVersion} on disk after the extra-files bump.`,message:`Cargo.toml version (${a}) does not match planned release version (${e.release.newVersion}) for ${e.pkg.name}.`,packageName:e.pkg.name});if(await ee(s,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[cargo] ${s}@${e.release.newVersion} already on crates.io`,published:!1};const i=rt(process.env,e.workspaceConfig);if(!i&&!process.env.CARGO_REGISTRY_TOKEN)throw new l({code:"AUTH_MISSING",hint:"Set CARGO_REGISTRY_TOKEN, or run from a GH-Actions job with `permissions: id-token: write` for OIDC trusted publishing.",message:`Cannot publish ${s}@${e.release.newVersion}: neither CARGO_REGISTRY_TOKEN nor OIDC trusted publishing is available.`,packageName:e.pkg.name});const o=e.workspaceConfig?.publish?.guards;if(o?.packSecretScan){const p=await st(e.pm.runner,r);if(p.length>0){const{runPackSecretScan:m}=await import("./publish-guards.js"),y=typeof o.packSecretScan=="object"?o.packSecretScan.ignore:void 0,b=await m({files:p,ignore:y,pkgDir:r});if(!b.passed){const{redactTokens:w}=await import("./security.js"),C=b.findings.map(_=>` • [packSecretScan] ${w(_.message)}${_.hint?`
15
+ `)},He=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Q={default:{},named:{}},Ke=t=>{if(!t)return Q;let e;try{e=Re(t,{schema:"core",strict:!0})}catch(s){throw new l({cause:s,code:"CONFIG_INVALID",message:`Failed to parse pnpm-workspace.yaml: ${s.message}`})}if(typeof e!="object"||e===null||Array.isArray(e))return Q;const n=e,r={default:{},named:{}};if(typeof n.catalog=="object"&&n.catalog!==null&&!Array.isArray(n.catalog))for(const[s,a]of Object.entries(n.catalog))typeof a=="string"&&(r.default[s]=a);if(typeof n.catalogs=="object"&&n.catalogs!==null&&!Array.isArray(n.catalogs))for(const[s,a]of Object.entries(n.catalogs)){if(typeof a!="object"||a===null||Array.isArray(a))continue;const i={};for(const[o,c]of Object.entries(a))typeof c=="string"&&(i[o]=c);r.named[s]=i}return r},we=(t,e,n)=>{if(!t.startsWith("catalog:"))return t;const r=t.slice(8),s=r===""?n.default:n.named[r];if(s)return s[e]},Y=(t,e)=>{const n={...t};for(const r of He){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("catalog:"))continue;const c=we(o,i,e);if(c===void 0)throw new l({code:"CONFIG_INVALID",message:`Cannot resolve "${o}" for dependency "${i}" in package "${t.name}". Add it to pnpm-workspace.yaml's "catalog" or "catalogs" block.`,packageName:t.name});a[i]=c}n[r]=a}return n},Ut=Object.defineProperty({__proto__:null,parseCatalogs:Ke,resolveCatalogRef:we,rewriteCatalogRefs:Y},Symbol.toStringTag,{value:"Module"}),qe="ACTIONS_ID_TOKEN_REQUEST_URL",z=t=>{const e=!!t.env[qe],n=!!t.env[t.staticTokenVar],r=t.workspaceConfig?.publish?.preferStaticToken===!0;return e&&!(r&&n)?"oidc":n?"token":"missing"};let T;const Ye="https://github.com/visulima/visulima",ze=async()=>{try{let t=U(Ve(import.meta.url));for(let e=0;e<6;e+=1){const n=h(t,"package.json");try{const s=await A(n,"utf8"),a=JSON.parse(s);if(a.name==="@visulima/vis"&&typeof a.version=="string")return a.version}catch{}const r=U(t);if(r===t)break;t=r}}catch{}return"unknown"},Qe=async()=>(T!==void 0||(T=`vis-release/${await ze()} (+${Ye})`),T),X=new Map,Xe=async t=>{const e=X.get(t);if(e!==void 0)return e;try{const n=await import("./index3.js").then(s=>s.i),r=new n.ProxyAgent(t);return X.set(t,r),r}catch{return}},Ze=t=>t===301||t===302||t===303||t===307||t===308,et=(t,e)=>{try{const n=new URL(t),r=new URL(e);return n.host===r.host&&n.protocol===r.protocol}catch{return!1}},j=async(t,e={})=>{const n=e.maxRedirects??2,r={"User-Agent":await Qe(),...e.headers};e.headers?.["User-Agent"]&&(r["User-Agent"]=e.headers["User-Agent"]);let s=t,a=0;const i=e.httpProxy?await Xe(e.httpProxy):void 0;for(;;){let o;try{const p=e.fetchImpl??globalThis.fetch,m={headers:r,method:e.method??"GET",redirect:"manual"};i&&(m.dispatcher=i),o=await p(s,m)}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!Ze(o.status))return{json:async()=>{try{return await o.json()}catch{return}},ok:o.ok,status:o.status,text:async()=>{try{return await o.text()}catch{return""}}};const c=o.headers.get("location")??o.headers.get("Location");if(!c||a>=n)return{json:async()=>{},ok:!1,status:0,text:async()=>""};let d;try{d=new URL(c,s).toString()}catch{return{json:async()=>{},ok:!1,status:0,text:async()=>""}}if(!et(t,d))return{json:async()=>{},ok:!1,status:0,text:async()=>""};s=d,a+=1}},tt="https://crates.io/api/v1/crates",nt="Cargo.toml",Z=async t=>{let e;try{e=await A(t,"utf8")}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to read Cargo.toml at ${t}: ${o.message}`})}const{parse:n}=await import("./index4.js");let r;try{r=n(e)}catch(o){throw new l({cause:o,code:"CONFIG_INVALID",file:t,message:`Failed to parse Cargo.toml at ${t}: ${o.message}`})}if(!r.package)throw new l({code:"CONFIG_INVALID",file:t,hint:"CargoVersionActions only supports publishable crates with a [package] table. For workspace roots, point per-package config at the member crate directory.",message:`Cargo.toml at ${t} has no [package] table.`});const{name:s}=r.package;if(typeof s!="string"||s.length===0)throw new l({code:"CONFIG_INVALID",file:t,message:`Cargo.toml at ${t} is missing [package].name.`});const a=r.package.version;let i;if(typeof a=="string"?i=a:a&&typeof a=="object"&&a.workspace===!0&&(i=r.workspace?.package?.version),typeof i!="string"||i.length===0)throw new l({code:"CONFIG_INVALID",file:t,hint:"Set [package].version explicitly, or — for workspace-inherited versions — ensure the root Cargo.toml carries [workspace.package].version and point per-package config at it.",message:`Cargo.toml at ${t} has no resolvable [package].version.`});return{name:s,version:i}},ee=async(t,e)=>{const n=`${tt}/${encodeURIComponent(t)}`;try{const r=await j(n,{headers:{Accept:"application/json"},httpProxy:e});if(r.status===404||!r.ok)return;const s=await r.json();return s?.crate?.max_stable_version??s?.crate?.max_version??void 0}catch{return}},rt=(t,e)=>z({env:t,staticTokenVar:"CARGO_REGISTRY_TOKEN",workspaceConfig:e})==="oidc",st=async(t,e)=>{const n=await t.run("cargo",["package","--list","--allow-dirty"],{cwd:e,silent:!0});return n.exitCode!==0?[]:n.stdout.split(/\r?\n/).map(r=>r.trim()).filter(r=>r.length>0)};class at extends N{id="cargo";async readPublishedVersion(e){const n=H(e.pkg);try{const{name:r}=await Z(n);return await ee(r)}catch{return}}async publish(e){if(e.dryRun)return{output:`[dry-run / cargo] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=H(e.pkg,e.perPackageConfig),r=ot(e.pkg,e.perPackageConfig),{name:s,version:a}=await Z(n);if(a!==e.release.newVersion)throw new l({code:"CONFIG_INVALID",file:n,hint:`Confirm the cargo() preset's crateDir points at the directory containing this Cargo.toml. Expected ${e.release.newVersion} on disk after the extra-files bump.`,message:`Cargo.toml version (${a}) does not match planned release version (${e.release.newVersion}) for ${e.pkg.name}.`,packageName:e.pkg.name});if(await ee(s,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[cargo] ${s}@${e.release.newVersion} already on crates.io`,published:!1};const i=rt(process.env,e.workspaceConfig);if(!i&&!process.env.CARGO_REGISTRY_TOKEN)throw new l({code:"AUTH_MISSING",hint:"Set CARGO_REGISTRY_TOKEN, or run from a GH-Actions job with `permissions: id-token: write` for OIDC trusted publishing.",message:`Cannot publish ${s}@${e.release.newVersion}: neither CARGO_REGISTRY_TOKEN nor OIDC trusted publishing is available.`,packageName:e.pkg.name});const o=e.workspaceConfig?.publish?.guards;if(o?.packSecretScan){const p=await st(e.pm.runner,r);if(p.length>0){const{runPackSecretScan:m}=await import("./publish-guards.js"),y=typeof o.packSecretScan=="object"?o.packSecretScan.ignore:void 0,b=await m({files:p,ignore:y,pkgDir:r});if(!b.passed){const{redactTokens:w}=await import("./security.js"),C=b.findings.map(_=>` • [packSecretScan] ${w(_.message)}${_.hint?`
16
16
  → ${w(_.hint)}`:""}`).join(`
17
17
  `);throw new l({code:"PUBLISH_FAILED",message:`Pre-publish secret scan failed for ${s}@${e.release.newVersion}:
18
18
  ${C}`,packageName:e.pkg.name})}}}const c=["publish","--allow-dirty"];e.registry&&e.registry!=="https://crates.io"&&c.push("--registry",e.registry);const d=await e.pm.runner.run("cargo",c,{cwd:r,silent:!1});if(d.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the cargo output above. Common causes: missing CARGO_REGISTRY_TOKEN, OIDC permission misconfigured, version already published, crates.io rate limit. Re-runs are safe — the published-version probe short-circuits subsequent runs.",message:`cargo publish failed for ${s}@${e.release.newVersion}: exit ${d.exitCode}. stderr: ${d.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[cargo] published ${s}@${e.release.newVersion}${i?" (trusted publishing)":""}`,published:!0}}}const H=(t,e)=>{const n=e?.cargoTomlPath??nt;return h(t.dir,n)},ot=(t,e)=>U(H(t,e)),it=["linux/amd64","linux/arm64"],ct=t=>{const e=t.indexOf("/");if(e===-1)return{registry:"docker.io",repository:`library/${t}`};const n=t.slice(0,e),r=t.slice(e+1);return n==="localhost"||n.includes(".")||n.includes(":")?{registry:n,repository:r}:r.includes("/")?{registry:"docker.io",repository:t}:{registry:"docker.io",repository:`${n}/${r}`}},te=(t,e)=>{const{registry:n,repository:r}=ct(t);return`https://${n==="docker.io"?"registry-1.docker.io":n}/v2/${r}/manifests/${encodeURIComponent(e)}`},ke=t=>{const e=t??{};return{buildContext:e.buildContext,containerBuildArgs:e.containerBuildArgs,containerImage:e.containerImage,containerPlatforms:e.containerPlatforms,containerSigning:e.containerSigning,containerSkipLatest:e.containerSkipLatest}},pt=(t,e)=>{const n=ke(t);if(typeof n.containerImage!="string"||n.containerImage.length===0)throw new l({code:"CONFIG_INVALID",hint:["Container packages must declare `containerImage` in their per-pkg release config:","",' release.packages["<pkg>"] = container({',' image: "ghcr.io/scope/foo",',' platforms: ["linux/amd64", "linux/arm64"],',' signing: "cosign", // optional'," })","",'Or set `versionActions: "container"` + `containerImage` directly.'].join(`
@@ -45,4 +45,4 @@ ${P}`,packageName:e.pkg.name})}}const{hashTarball:y}=await import("./publish-gua
45
45
  `)},packageName:e.pkg.name,pollIntervalMs:n.pollIntervalMs,runner:e.pm.runner,stageId:r,timeoutMs:n.timeoutMs,version:e.release.newVersion});return i==="approved"?(process.stderr.write(`[vis release] ✓ ${e.pkg.name}@${e.release.newVersion} approved + promoted on resume (${Math.round((Date.now()-s)/1e3)}s).
46
46
  `),{output:`[resumed] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}):i==="rejected"?(process.stdout.write(`::warning::Stage rejected on resume for ${e.pkg.name}@${e.release.newVersion} (id ${r}).
47
47
  `),{alreadyPublished:!1,output:`stage-rejected: ${r}`,published:!1,stageId:r}):(process.stdout.write(`::warning::Stage timeout on resume for ${e.pkg.name}@${e.release.newVersion} (id ${r}) after ${Math.round(n.timeoutMs/6e4)}m.
48
- `),{alreadyPublished:!1,output:`stage-timeout: ${r}`,published:!1,stageId:r})}}const At=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Nt=(t,e)=>{const n={...t};for(const r of At){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("workspace:"))continue;const c=e.get(i);c&&(a[i]=fe(o.slice(10)==="*"?"*":o,c.version),a[i].startsWith("workspace:")&&(a[i]=a[i].slice(10)))}n[r]=a}return n},_t=Object.defineProperty({__proto__:null,NpmVersionActions:$e},Symbol.toStringTag,{value:"Module"});class jt extends N{id="private";async readPublishedVersion(e){}async publish(e){return{output:`[private] skipped publish for ${e.pkg.name}@${e.release.newVersion}`,published:!1}}}const ve=t=>`https://pypi.org/pypi/${encodeURIComponent(t.toLowerCase())}/json`,xt=(t,e)=>e?.uvLockPath?h(t.dir,e.uvLockPath):h(t.dir,"uv.lock"),Vt=async(t,e)=>{let n;try{n=await M(t)}catch{return"no-root-pyproject"}if(n===void 0)return"no-root-pyproject";const r=n.tool?.uv?.workspace?.members;if(!Array.isArray(r)||r.length===0)return"no-workspace";const s=e.replace(/^\.\//,"").replaceAll("\\","/");for(const a of r){if(typeof a!="string")continue;const i=a.replace(/^\.\//,"").replaceAll("\\","/");if(i===s)return"member";if(i.endsWith("/*")){const o=i.slice(0,-2);if(s.startsWith(`${o}/`)&&!s.slice(o.length+1).includes("/"))return"member"}if(i.endsWith("/**")){const o=i.slice(0,-3);if(s===o||s.startsWith(`${o}/`))return"member"}}return"missing"},M=async t=>{const e=h(t,"pyproject.toml");let n;try{n=await A(e,"utf8")}catch(s){const{code:a}=s;if(a==="ENOENT")return;throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to read ${e}: ${s.message}`})}const{parse:r}=await import("smol-toml");try{return r(n)}catch(s){throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to parse ${e}: ${s.message}`})}},Ie=async(t,e)=>{try{return(await t.run("uv",["--version"],{cwd:e,silent:!0})).exitCode===0}catch{return!1}},Ce=t=>{const e=t?.["build-system"]?.["build-backend"];return e?e.startsWith("hatchling")?"hatch":e.startsWith("poetry.core")||e.startsWith("poetry_core")?"poetry":e.startsWith("pdm.backend")||e.startsWith("pdm_backend")?"pdm":e.startsWith("setuptools")?"setuptools":e.startsWith("uv_build")||e.startsWith("uv.build")?"uv":"unknown":"unknown"},Pe=(t,e)=>t==="uv"||t==="unknown"&&e?{backend:t,buildCommand:{args:["build"],binary:"uv"},hasUv:e,publishCommand:{args:["publish"],binary:"uv"}}:{backend:t,buildCommand:{args:["-m","build"],binary:"python"},hasUv:e,publishCommand:{args:["upload","dist/*"],binary:"twine"}},Se=(t,e)=>z({env:t,staticTokenVar:"TWINE_PASSWORD",workspaceConfig:e}),K=async(t,e)=>{try{const n=await j(ve(t),{headers:{Accept:"application/json"},httpProxy:e});return n.status===404||!n.ok?void 0:(await n.json())?.info?.version}catch{return}},q=(t,e)=>e?.pythonProjectDir?h(t.dir,e.pythonProjectDir):t.dir;class Ae extends N{id="python";async readPublishedVersion(e){const n=q(e.pkg,e.perPackageConfig),r=(await M(n).catch(()=>{}))?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");return K(r)}async publish(e){if(e.dryRun)return{output:`[dry-run / python] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=e.perPackageConfig??{},r=q(e.pkg,n),s=await M(r);if(s?.project?.dynamic?.includes("version"))throw new l({code:"CONFIG_INVALID",file:h(r,"pyproject.toml"),hint:"Dynamic versioning isn't supported by PythonVersionActions yet; use versionActions: 'shell' with your build backend's version-bump tool (e.g. `hatch version` or `poetry version` for non-vcs setups).",message:`${e.pkg.name}: pyproject.toml declares dynamic = ["version", ...]; PythonVersionActions requires a static [project] version.`,packageName:e.pkg.name});if(s?.project?.version&&s.project.version!==e.release.newVersion)throw new l({code:"BUMP_FILE_INVALID",file:h(r,"pyproject.toml"),hint:`Ensure the pyproject() preset is wired up for this package so the version literal in [project] is bumped before publish. Expected ${e.release.newVersion}, found ${s.project.version}.`,message:`${e.pkg.name}: pyproject.toml version ${s.project.version} differs from planned ${e.release.newVersion}.`,packageName:e.pkg.name});const a=s?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");if(await K(a,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[python] ${a}@${e.release.newVersion} already on PyPI`,published:!1};const i=await Ie(e.pm.runner,e.pkg.dir),o=Ce(s),c=Pe(o,i),d=Se(process.env,e.workspaceConfig);if(d==="missing")throw new l({code:"AUTH_MISSING",hint:["Set TWINE_PASSWORD to a PyPI API token (`TWINE_USERNAME=__token__` is injected automatically), OR","configure trusted publishing on PyPI and grant the workflow `permissions: id-token: write` so ACTIONS_ID_TOKEN_REQUEST_URL is exposed.","See https://docs.pypi.org/trusted-publishers/"].join(" "),message:`${e.pkg.name}: no PyPI credentials detected (neither TWINE_PASSWORD nor OIDC trusted-publishing env).`,packageName:e.pkg.name});const p=await e.pm.runner.run(c.buildCommand.binary,c.buildCommand.args,{cwd:r,silent:!1});if(p.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.buildCommand.binary} ${c.buildCommand.args.join(" ")} output above. Common causes: missing ${c.backend==="uv"?"uv":"build/setuptools/wheel"} dependency, broken pyproject.toml, source files missing from \`include\`.`,message:`${e.pkg.name}: build failed (${c.buildCommand.binary} ${c.buildCommand.args.join(" ")}): exit ${p.exitCode}. stderr: ${p.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});const m={...process.env};d==="token"&&!m.TWINE_USERNAME&&(m.TWINE_USERNAME="__token__");const y=await e.pm.runner.run(c.publishCommand.binary,c.publishCommand.args,{cwd:r,env:m,silent:!1});if(y.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.publishCommand.binary} output above. Common causes: invalid API token, version already published (this should have been caught by readPublishedVersion — file a vis bug), 2FA required without a token.`,message:`${e.pkg.name}: publish failed (${c.publishCommand.binary} ${c.publishCommand.args.join(" ")}): exit ${y.exitCode}. stderr: ${y.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[python/${c.backend}${c.hasUv?"+uv":""}] published ${a}@${e.release.newVersion}`,published:!0}}}const Gt=Object.defineProperty({__proto__:null,PYPI_PROJECT_URL:ve,PythonVersionActions:Ae,checkUvWorkspaceMembership:Vt,detectAuthMode:Se,detectBackend:Ce,detectUv:Ie,fetchPyPiVersion:K,readPyProject:M,resolveBuildEnv:Pe,resolveProjectDir:q,resolveUvLockPath:xt},Symbol.toStringTag,{value:"Module"}),R=async(t,e,n,r)=>{const s=J(n,r),a=process.platform==="win32",i=a?"cmd":"sh",o=a?["/c",s]:["-c",s];return t.run(i,o,{cwd:e,silent:!1})};class Ot extends N{id="shell";async readPublishedVersion(e){const n=e.perPackageConfig??{},{workspaceConfig:r}=e;if(!r)return;const s=W(e.pkg.name,n,r);if(!s.checkPublished)return;const a=await R(e.pm.runner,e.pkg.dir,s.checkPublished,{name:e.pkg.name,version:e.pkg.version});if(a.exitCode!==0)return;const i=a.stdout.trim();return/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(i)?.[0]}async publish(e){if(e.dryRun)return{output:`[dry-run / shell] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const{workspaceConfig:n}=e,r=e.perPackageConfig??{};if(!n)throw new l({code:"CONFIG_INVALID",message:`Shell publish actions for ${e.pkg.name} require a workspace config (release.allowCustomCommands gate).`,packageName:e.pkg.name});const s=W(e.pkg.name,r,n);if(!s.publishCommand)throw new l({code:"CONFIG_INVALID",hint:`Set release.allowCustomCommands (workspace-wide boolean or an allow-list including "${e.pkg.name}") and configure release.packages["${e.pkg.name}"].publishCommand.`,message:`Shell publish actions for ${e.pkg.name} require a publishCommand AND the trust gate to permit it.`,packageName:e.pkg.name});const a={name:e.pkg.name,registry:e.registry,tag:e.tag,version:e.release.newVersion};if(s.checkPublished){const o=await R(e.pm.runner,e.pkg.dir,s.checkPublished,a);if(o.exitCode===0&&/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(o.stdout.trim())?.[0]===e.release.newVersion)return{alreadyPublished:!0,output:`[shell] ${e.pkg.name}@${e.release.newVersion} already on the registry`,published:!1}}if(s.buildCommand){const o=await R(e.pm.runner,e.pkg.dir,s.buildCommand,a);if(o.exitCode!==0)throw new l({code:"PUBLISH_FAILED",message:`buildCommand failed for ${e.pkg.name}: exit ${o.exitCode}. stderr: ${o.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}const i=Array.isArray(s.publishCommand)?s.publishCommand:[s.publishCommand];for(const o of i){const c=await R(e.pm.runner,e.pkg.dir,o,a);if(c.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the publishCommand output above. Common causes: missing auth token, registry unreachable, version already published (re-run safe — `checkPublished` short-circuits subsequent runs).",message:`publishCommand failed for ${e.pkg.name}@${e.release.newVersion}: exit ${c.exitCode}. stderr: ${c.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}return{output:`[shell] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}}}const Bt=t=>{switch(t){case"cargo":return new at;case"container":return new lt;case"jsr":return new gt;case"maven":return new $t;case"native-addon":return new Pt;case"private":return new jt;case"python":return new Ae;case"shell":return new Ot;default:return new $e}};export{be as a,fe as b,Bt as c,Ue as d,Tt as e,Ut as f,Gt as g,Ke as p,Y as r};
48
+ `),{alreadyPublished:!1,output:`stage-timeout: ${r}`,published:!1,stageId:r})}}const At=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Nt=(t,e)=>{const n={...t};for(const r of At){const s=t[r];if(!s||typeof s!="object")continue;const a={...s};for(const[i,o]of Object.entries(s)){if(!o.startsWith("workspace:"))continue;const c=e.get(i);c&&(a[i]=fe(o.slice(10)==="*"?"*":o,c.version),a[i].startsWith("workspace:")&&(a[i]=a[i].slice(10)))}n[r]=a}return n},_t=Object.defineProperty({__proto__:null,NpmVersionActions:$e},Symbol.toStringTag,{value:"Module"});class jt extends N{id="private";async readPublishedVersion(e){}async publish(e){return{output:`[private] skipped publish for ${e.pkg.name}@${e.release.newVersion}`,published:!1}}}const ve=t=>`https://pypi.org/pypi/${encodeURIComponent(t.toLowerCase())}/json`,xt=(t,e)=>e?.uvLockPath?h(t.dir,e.uvLockPath):h(t.dir,"uv.lock"),Vt=async(t,e)=>{let n;try{n=await M(t)}catch{return"no-root-pyproject"}if(n===void 0)return"no-root-pyproject";const r=n.tool?.uv?.workspace?.members;if(!Array.isArray(r)||r.length===0)return"no-workspace";const s=e.replace(/^\.\//,"").replaceAll("\\","/");for(const a of r){if(typeof a!="string")continue;const i=a.replace(/^\.\//,"").replaceAll("\\","/");if(i===s)return"member";if(i.endsWith("/*")){const o=i.slice(0,-2);if(s.startsWith(`${o}/`)&&!s.slice(o.length+1).includes("/"))return"member"}if(i.endsWith("/**")){const o=i.slice(0,-3);if(s===o||s.startsWith(`${o}/`))return"member"}}return"missing"},M=async t=>{const e=h(t,"pyproject.toml");let n;try{n=await A(e,"utf8")}catch(s){const{code:a}=s;if(a==="ENOENT")return;throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to read ${e}: ${s.message}`})}const{parse:r}=await import("./index4.js");try{return r(n)}catch(s){throw new l({cause:s,code:"BUMP_FILE_INVALID",file:e,message:`Failed to parse ${e}: ${s.message}`})}},Ie=async(t,e)=>{try{return(await t.run("uv",["--version"],{cwd:e,silent:!0})).exitCode===0}catch{return!1}},Ce=t=>{const e=t?.["build-system"]?.["build-backend"];return e?e.startsWith("hatchling")?"hatch":e.startsWith("poetry.core")||e.startsWith("poetry_core")?"poetry":e.startsWith("pdm.backend")||e.startsWith("pdm_backend")?"pdm":e.startsWith("setuptools")?"setuptools":e.startsWith("uv_build")||e.startsWith("uv.build")?"uv":"unknown":"unknown"},Pe=(t,e)=>t==="uv"||t==="unknown"&&e?{backend:t,buildCommand:{args:["build"],binary:"uv"},hasUv:e,publishCommand:{args:["publish"],binary:"uv"}}:{backend:t,buildCommand:{args:["-m","build"],binary:"python"},hasUv:e,publishCommand:{args:["upload","dist/*"],binary:"twine"}},Se=(t,e)=>z({env:t,staticTokenVar:"TWINE_PASSWORD",workspaceConfig:e}),K=async(t,e)=>{try{const n=await j(ve(t),{headers:{Accept:"application/json"},httpProxy:e});return n.status===404||!n.ok?void 0:(await n.json())?.info?.version}catch{return}},q=(t,e)=>e?.pythonProjectDir?h(t.dir,e.pythonProjectDir):t.dir;class Ae extends N{id="python";async readPublishedVersion(e){const n=q(e.pkg,e.perPackageConfig),r=(await M(n).catch(()=>{}))?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");return K(r)}async publish(e){if(e.dryRun)return{output:`[dry-run / python] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const n=e.perPackageConfig??{},r=q(e.pkg,n),s=await M(r);if(s?.project?.dynamic?.includes("version"))throw new l({code:"CONFIG_INVALID",file:h(r,"pyproject.toml"),hint:"Dynamic versioning isn't supported by PythonVersionActions yet; use versionActions: 'shell' with your build backend's version-bump tool (e.g. `hatch version` or `poetry version` for non-vcs setups).",message:`${e.pkg.name}: pyproject.toml declares dynamic = ["version", ...]; PythonVersionActions requires a static [project] version.`,packageName:e.pkg.name});if(s?.project?.version&&s.project.version!==e.release.newVersion)throw new l({code:"BUMP_FILE_INVALID",file:h(r,"pyproject.toml"),hint:`Ensure the pyproject() preset is wired up for this package so the version literal in [project] is bumped before publish. Expected ${e.release.newVersion}, found ${s.project.version}.`,message:`${e.pkg.name}: pyproject.toml version ${s.project.version} differs from planned ${e.release.newVersion}.`,packageName:e.pkg.name});const a=s?.project?.name??e.pkg.name.replace(/^@[^/]+\//,"");if(await K(a,e.workspaceConfig?.httpProxy)===e.release.newVersion)return{alreadyPublished:!0,output:`[python] ${a}@${e.release.newVersion} already on PyPI`,published:!1};const i=await Ie(e.pm.runner,e.pkg.dir),o=Ce(s),c=Pe(o,i),d=Se(process.env,e.workspaceConfig);if(d==="missing")throw new l({code:"AUTH_MISSING",hint:["Set TWINE_PASSWORD to a PyPI API token (`TWINE_USERNAME=__token__` is injected automatically), OR","configure trusted publishing on PyPI and grant the workflow `permissions: id-token: write` so ACTIONS_ID_TOKEN_REQUEST_URL is exposed.","See https://docs.pypi.org/trusted-publishers/"].join(" "),message:`${e.pkg.name}: no PyPI credentials detected (neither TWINE_PASSWORD nor OIDC trusted-publishing env).`,packageName:e.pkg.name});const p=await e.pm.runner.run(c.buildCommand.binary,c.buildCommand.args,{cwd:r,silent:!1});if(p.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.buildCommand.binary} ${c.buildCommand.args.join(" ")} output above. Common causes: missing ${c.backend==="uv"?"uv":"build/setuptools/wheel"} dependency, broken pyproject.toml, source files missing from \`include\`.`,message:`${e.pkg.name}: build failed (${c.buildCommand.binary} ${c.buildCommand.args.join(" ")}): exit ${p.exitCode}. stderr: ${p.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});const m={...process.env};d==="token"&&!m.TWINE_USERNAME&&(m.TWINE_USERNAME="__token__");const y=await e.pm.runner.run(c.publishCommand.binary,c.publishCommand.args,{cwd:r,env:m,silent:!1});if(y.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:`Inspect the ${c.publishCommand.binary} output above. Common causes: invalid API token, version already published (this should have been caught by readPublishedVersion — file a vis bug), 2FA required without a token.`,message:`${e.pkg.name}: publish failed (${c.publishCommand.binary} ${c.publishCommand.args.join(" ")}): exit ${y.exitCode}. stderr: ${y.stderr.trim().slice(0,500)}`,packageName:e.pkg.name});return{output:`[python/${c.backend}${c.hasUv?"+uv":""}] published ${a}@${e.release.newVersion}`,published:!0}}}const Gt=Object.defineProperty({__proto__:null,PYPI_PROJECT_URL:ve,PythonVersionActions:Ae,checkUvWorkspaceMembership:Vt,detectAuthMode:Se,detectBackend:Ce,detectUv:Ie,fetchPyPiVersion:K,readPyProject:M,resolveBuildEnv:Pe,resolveProjectDir:q,resolveUvLockPath:xt},Symbol.toStringTag,{value:"Module"}),R=async(t,e,n,r)=>{const s=J(n,r),a=process.platform==="win32",i=a?"cmd":"sh",o=a?["/c",s]:["-c",s];return t.run(i,o,{cwd:e,silent:!1})};class Ot extends N{id="shell";async readPublishedVersion(e){const n=e.perPackageConfig??{},{workspaceConfig:r}=e;if(!r)return;const s=W(e.pkg.name,n,r);if(!s.checkPublished)return;const a=await R(e.pm.runner,e.pkg.dir,s.checkPublished,{name:e.pkg.name,version:e.pkg.version});if(a.exitCode!==0)return;const i=a.stdout.trim();return/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(i)?.[0]}async publish(e){if(e.dryRun)return{output:`[dry-run / shell] would publish ${e.pkg.name}@${e.release.newVersion}`,published:!0};const{workspaceConfig:n}=e,r=e.perPackageConfig??{};if(!n)throw new l({code:"CONFIG_INVALID",message:`Shell publish actions for ${e.pkg.name} require a workspace config (release.allowCustomCommands gate).`,packageName:e.pkg.name});const s=W(e.pkg.name,r,n);if(!s.publishCommand)throw new l({code:"CONFIG_INVALID",hint:`Set release.allowCustomCommands (workspace-wide boolean or an allow-list including "${e.pkg.name}") and configure release.packages["${e.pkg.name}"].publishCommand.`,message:`Shell publish actions for ${e.pkg.name} require a publishCommand AND the trust gate to permit it.`,packageName:e.pkg.name});const a={name:e.pkg.name,registry:e.registry,tag:e.tag,version:e.release.newVersion};if(s.checkPublished){const o=await R(e.pm.runner,e.pkg.dir,s.checkPublished,a);if(o.exitCode===0&&/\b\d+\.\d+\.\d+(?:[-+][\w.+-]+)?\b/.exec(o.stdout.trim())?.[0]===e.release.newVersion)return{alreadyPublished:!0,output:`[shell] ${e.pkg.name}@${e.release.newVersion} already on the registry`,published:!1}}if(s.buildCommand){const o=await R(e.pm.runner,e.pkg.dir,s.buildCommand,a);if(o.exitCode!==0)throw new l({code:"PUBLISH_FAILED",message:`buildCommand failed for ${e.pkg.name}: exit ${o.exitCode}. stderr: ${o.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}const i=Array.isArray(s.publishCommand)?s.publishCommand:[s.publishCommand];for(const o of i){const c=await R(e.pm.runner,e.pkg.dir,o,a);if(c.exitCode!==0)throw new l({code:"PUBLISH_FAILED",hint:"Inspect the publishCommand output above. Common causes: missing auth token, registry unreachable, version already published (re-run safe — `checkPublished` short-circuits subsequent runs).",message:`publishCommand failed for ${e.pkg.name}@${e.release.newVersion}: exit ${c.exitCode}. stderr: ${c.stderr.trim().slice(0,500)}`,packageName:e.pkg.name})}return{output:`[shell] published ${e.pkg.name}@${e.release.newVersion}`,published:!0}}}const Bt=t=>{switch(t){case"cargo":return new at;case"container":return new lt;case"jsr":return new gt;case"maven":return new $t;case"native-addon":return new Pt;case"private":return new jt;case"python":return new Ae;case"shell":return new Ot;default:return new $e}};export{be as a,fe as b,Bt as c,Ue as d,Tt as e,Ut as f,Gt as g,Ke as p,Y as r};
@@ -1 +1 @@
1
- import{p as e,J as n,K as p}from"./bin.js";const w=({options:o,visConfig:l,workspaceRoot:r})=>{const i=r??process.cwd(),a=l?.security?.policies?.installScripts?.allow??{},s=Object.entries(a).filter(([,t])=>t).map(([t])=>t);s.length===0&&!o.rootOnly&&(e.warn("No approved packages in security.policies.installScripts.allow — nothing to run."),!o.withRoot)||(o.rootOnly||n(i,s),(o.withRoot||o.rootOnly)&&p(i))};export{w as default};
1
+ import{p as n,A as a,R as p}from"./cli-main.js";const w=({options:o,visConfig:l,workspaceRoot:r})=>{const i=r??process.cwd(),e=l?.security?.policies?.installScripts?.allow??{},s=Object.entries(e).filter(([,t])=>t).map(([t])=>t);s.length===0&&!o.rootOnly&&(n.warn("No approved packages in security.policies.installScripts.allow — nothing to run."),!o.withRoot)||(o.rootOnly||a(i,s),(o.withRoot||o.rootOnly)&&p(i))};export{w as default};
@@ -1 +1 @@
1
- import{x as c}from"tinyexec";import{redactTokens as o}from"./security.js";const h=()=>({run:async(s,t,r)=>{try{const e=await c(s,[...t],{nodeOptions:{cwd:r.cwd,env:{...process.env,...r.env},stdio:r.silent?["ignore","pipe","pipe"]:"inherit"},throwOnError:!1});return{exitCode:typeof e.exitCode=="number"?e.exitCode:-1,stderr:o(e.stderr??""),stdout:o(e.stdout??"")}}catch(e){return{exitCode:-1,stderr:o(e.message),stdout:""}}}}),f=()=>new a;class a{handlers=[];on(t,r,e){this.handlers.push({argsPrefix:r,command:t,respond:e})}async run(t,r,e){for(const n of this.handlers)if(!(n.command!==t||r.length<n.argsPrefix.length)&&n.argsPrefix.every((d,i)=>d===r[i]))return n.respond(e.cwd);return{exitCode:0,stderr:"",stdout:""}}}export{a as MockRunner,f as createMockRunner,h as createShellRunner};
1
+ import{k as c}from"../packem_shared/main-B3juSU5z.js";import{redactTokens as o}from"./security.js";const h=()=>({run:async(s,t,r)=>{try{const e=await c(s,[...t],{nodeOptions:{cwd:r.cwd,env:{...process.env,...r.env},stdio:r.silent?["ignore","pipe","pipe"]:"inherit"},throwOnError:!1});return{exitCode:typeof e.exitCode=="number"?e.exitCode:-1,stderr:o(e.stderr??""),stdout:o(e.stdout??"")}}catch(e){return{exitCode:-1,stderr:o(e.message),stdout:""}}}}),f=()=>new a;class a{handlers=[];on(t,r,e){this.handlers.push({argsPrefix:r,command:t,respond:e})}async run(t,r,e){for(const n of this.handlers)if(!(n.command!==t||r.length<n.argsPrefix.length)&&n.argsPrefix.every((d,i)=>d===r[i]))return n.respond(e.cwd);return{exitCode:0,stderr:"",stdout:""}}}export{a as MockRunner,f as createMockRunner,h as createShellRunner};