bun-ready 0.2.3 → 0.3.0

package/dist/cli.js

@@ -86,15 +86,133 @@ var init_bun_check = __esm(() => {
   init_spawn();
 });
 
+// src/baseline.ts
+var exports_baseline = {};
+__export(exports_baseline, {
+  updateBaseline: () => updateBaseline,
+  saveBaseline: () => saveBaseline,
+  loadBaseline: () => loadBaseline,
+  createFindingFingerprint: () => createFindingFingerprint,
+  compareFindings: () => compareFindings,
+  calculateBaselineMetrics: () => calculateBaselineMetrics
+});
+import { promises as fs4 } from "node:fs";
+import { createHash } from "node:crypto";
+function createFindingFingerprint(finding, packageName) {
+  const normalizedDetails = finding.details.map((d) => d.trim().toLowerCase()).sort().join("|");
+  const detailsHash = createHash("md5").update(normalizedDetails).digest("hex");
+  return {
+    id: finding.id,
+    packageName: packageName || "root",
+    severity: finding.severity,
+    detailsHash
+  };
+}
+function calculateBaselineMetrics(findings, packages) {
+  const greenCount = findings.filter((f) => f.severity === "green").length;
+  const yellowCount = findings.filter((f) => f.severity === "yellow").length;
+  const redCount = findings.filter((f) => f.severity === "red").length;
+  const packagesGreen = packages.filter((p) => p.severity === "green").length;
+  const packagesYellow = packages.filter((p) => p.severity === "yellow").length;
+  const packagesRed = packages.filter((p) => p.severity === "red").length;
+  return {
+    totalFindings: findings.length,
+    greenCount,
+    yellowCount,
+    redCount,
+    packagesGreen,
+    packagesYellow,
+    packagesRed
+  };
+}
+function compareFindings(baseline, current) {
+  const baselineMap = new Map;
+  const currentMap = new Map;
+  for (const fp of baseline) {
+    const key = `${fp.id}:${fp.packageName}:${fp.detailsHash}`;
+    baselineMap.set(key, fp);
+  }
+  for (const fp of current) {
+    const key = `${fp.id}:${fp.packageName}:${fp.detailsHash}`;
+    currentMap.set(key, fp);
+  }
+  const newFindings = [];
+  for (const [key, fp] of currentMap.entries()) {
+    if (!baselineMap.has(key)) {
+      newFindings.push(fp);
+    }
+  }
+  const resolvedFindings = [];
+  for (const [key, fp] of baselineMap.entries()) {
+    if (!currentMap.has(key)) {
+      resolvedFindings.push(fp);
+    }
+  }
+  const severityChanges = [];
+  for (const [key, currentFp] of currentMap.entries()) {
+    const baselineFp = baselineMap.get(key);
+    if (baselineFp && currentFp.severity !== baselineFp.severity) {
+      severityChanges.push({
+        fingerprint: currentFp,
+        oldSeverity: baselineFp.severity,
+        newSeverity: currentFp.severity
+      });
+    }
+  }
+  const regressionReasons = [];
+  let isRegression = false;
+  const newRedFindings = newFindings.filter((f) => f.severity === "red");
+  if (newRedFindings.length > 0) {
+    isRegression = true;
+    regressionReasons.push(`New RED findings detected: ${newRedFindings.map((f) => f.id).join(", ")}`);
+  }
+  const upgradedToRed = severityChanges.filter((c) => c.newSeverity === "red");
+  if (upgradedToRed.length > 0) {
+    isRegression = true;
+    regressionReasons.push(`Severity upgraded to RED: ${upgradedToRed.map((c) => c.fingerprint.id).join(", ")}`);
+  }
+  return {
+    newFindings,
+    resolvedFindings,
+    severityChanges,
+    isRegression,
+    regressionReasons
+  };
+}
+async function saveBaseline(baseline, filePath) {
+  const json = JSON.stringify(baseline, null, 2);
+  await fs4.writeFile(filePath, json, "utf-8");
+}
+async function loadBaseline(filePath) {
+  try {
+    const json = await fs4.readFile(filePath, "utf-8");
+    const data = JSON.parse(json);
+    if (typeof data === "object" && data !== null && typeof data.version === "string" && typeof data.timestamp === "string" && Array.isArray(data.findings)) {
+      return data;
+    }
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+function updateBaseline(existing, current) {
+  return {
+    ...existing,
+    timestamp: new Date().toISOString(),
+    findings: current
+  };
+}
+var init_baseline = () => {};
+
 // src/cli.ts
-import { promises as fs3 } from "node:fs";
-import path5 from "node:path";
+import { promises as fs5 } from "node:fs";
+import path7 from "node:path";
 
 // src/analyze.ts
 init_spawn();
-import path4 from "node:path";
+import path5 from "node:path";
 import os from "node:os";
-import { promises as fs2 } from "node:fs";
+import { promises as fs3 } from "node:fs";
 
 // src/util.ts
 import { promises as fs } from "node:fs";
@@ -488,6 +606,173 @@ var summarizeSeverity = (findings, installOk, testOk) => {
     sev = "red";
   return sev;
 };
+var calculatePackageStats = (pkg, findings) => {
+  const dependencies = pkg.dependencies || {};
+  const devDependencies = pkg.devDependencies || {};
+  const riskyPackageNames = new Set;
+  for (const finding of findings) {
+    for (const detail of finding.details) {
+      const match = detail.match(/^([a-zA-Z0-9_@\/\.\-]+)/);
+      if (match && match[1]) {
+        const fullPkg = match[1];
+        const pkgName = fullPkg.split(/[@:]/)[0];
+        if (pkgName) {
+          riskyPackageNames.add(pkgName);
+        }
+      }
+    }
+  }
+  let cleanDependencies = 0;
+  let riskyDependencies = 0;
+  let cleanDevDependencies = 0;
+  let riskyDevDependencies = 0;
+  for (const depName of Object.keys(dependencies)) {
+    if (riskyPackageNames.has(depName)) {
+      riskyDependencies++;
+    } else {
+      cleanDependencies++;
+    }
+  }
+  for (const depName of Object.keys(devDependencies)) {
+    if (riskyPackageNames.has(depName)) {
+      riskyDevDependencies++;
+    } else {
+      cleanDevDependencies++;
+    }
+  }
+  return {
+    totalDependencies: Object.keys(dependencies).length,
+    totalDevDependencies: Object.keys(devDependencies).length,
+    cleanDependencies,
+    cleanDevDependencies,
+    riskyDependencies,
+    riskyDevDependencies
+  };
+};
+var calculateFindingsSummary = (findings) => {
+  let green = 0;
+  let yellow = 0;
+  let red = 0;
+  for (const finding of findings) {
+    if (finding.severity === "green") {
+      green++;
+    } else if (finding.severity === "yellow") {
+      yellow++;
+    } else if (finding.severity === "red") {
+      red++;
+    }
+  }
+  return {
+    green,
+    yellow,
+    red,
+    total: green + yellow + red
+  };
+};
+
+// src/usage_analyzer.ts
+import { promises as fs2 } from "node:fs";
+import path2 from "node:path";
+var SUPPORTED_EXTENSIONS = [".ts", ".js", ".tsx", ".jsx", ".mts", ".mjs"];
+var IMPORT_PATTERNS = [
+  /import\s+(?:\{[^}]*\}|\*\s+as\s+\w+|\w+)\s+from\s+['"]([^./][^'"]*)['"]/g,
+  /import\s*\(\s*['"]([^./][^'"]*)['"]\s*\)/g,
+  /require\s*\(\s*['"]([^./][^'"]*)['"]\s*\)/g
+];
+function extractPackageNames(content) {
+  const packageSet = new Set;
+  for (const pattern of IMPORT_PATTERNS) {
+    let match;
+    while ((match = pattern.exec(content)) !== null) {
+      const packageName = match[1];
+      if (packageName) {
+        packageSet.add(packageName);
+      }
+    }
+  }
+  return Array.from(packageSet);
+}
+async function findSourceFiles(dirPath) {
+  const files = [];
+  let entries;
+  try {
+    entries = await fs2.readdir(dirPath, { withFileTypes: true });
+  } catch (error) {
+    return files;
+  }
+  for (const entry of entries) {
+    const fullPath = path2.join(dirPath, entry.name);
+    if (entry.name === "node_modules" || entry.name.startsWith(".")) {
+      continue;
+    }
+    if (entry.isDirectory()) {
+      const subFiles = await findSourceFiles(fullPath);
+      files.push(...subFiles);
+    } else if (entry.isFile()) {
+      const ext = path2.extname(entry.name);
+      if (SUPPORTED_EXTENSIONS.includes(ext)) {
+        files.push(fullPath);
+      }
+    }
+  }
+  return files;
+}
+function getAllPackageNames(pkg) {
+  const packageNames = new Set;
+  if (pkg.dependencies) {
+    Object.keys(pkg.dependencies).forEach((name) => packageNames.add(name));
+  }
+  if (pkg.devDependencies) {
+    Object.keys(pkg.devDependencies).forEach((name) => packageNames.add(name));
+  }
+  if (pkg.optionalDependencies) {
+    Object.keys(pkg.optionalDependencies).forEach((name) => packageNames.add(name));
+  }
+  return packageNames;
+}
+var analyzePackageUsageAsync = async (pkg, packagePath, includeDetails = true) => {
+  const packageNames = getAllPackageNames(pkg);
+  const totalPackages = packageNames.size;
+  const sourceFiles = await findSourceFiles(packagePath);
+  const analyzedFiles = sourceFiles.length;
+  const usageByPackage = new Map;
+  for (const pkgName of packageNames) {
+    usageByPackage.set(pkgName, {
+      packageName: pkgName,
+      fileCount: 0,
+      filePaths: []
+    });
+  }
+  for (const filePath of sourceFiles) {
+    try {
+      const content = await fs2.readFile(filePath, "utf-8");
+      const importedPackages = extractPackageNames(content);
+      for (const importedPkg of importedPackages) {
+        const usage = usageByPackage.get(importedPkg);
+        if (usage) {
+          usage.fileCount++;
+          if (includeDetails) {
+            const relativePath = path2.relative(packagePath, filePath);
+            usage.filePaths.push(relativePath);
+          }
+          usageByPackage.set(importedPkg, usage);
+        }
+      }
+    } catch (error) {
+      continue;
+    }
+  }
+  if (includeDetails) {
+    for (const usage of usageByPackage.values()) {
+      usage.filePaths.sort();
+    }
+  }
+  return {
+    totalPackages,
+    analyzedFiles,
+    usageByPackage
+  };
+};
 
 // src/bun_logs.ts
 function parseInstallLogs(logs) {
@@ -543,11 +828,11 @@ function parseInstallLogs(logs) {
 }
 
 // src/workspaces.ts
-import path2 from "node:path";
+import path3 from "node:path";
 import fsSync from "node:fs";
-function globMatch(pattern, path3) {
+function globMatch(pattern, path4) {
   const patternParts = pattern.split("/");
-  const pathParts = path3.split("/");
+  const pathParts = path4.split("/");
   let patternIdx = 0;
   let pathIdx = 0;
   while (patternIdx < patternParts.length && pathIdx < pathParts.length) {
@@ -585,16 +870,16 @@ function discoverFromWorkspaces(rootPath, workspaces) {
   const patterns = Array.isArray(workspaces) ? workspaces : workspaces.packages;
   const packages = [];
   for (const pattern of patterns) {
-    const patternPath = path2.resolve(rootPath, pattern);
+    const patternPath = path3.resolve(rootPath, pattern);
     if (pattern.includes("/*") && !pattern.includes("/**")) {
       try {
-        const baseDir = path2.dirname(patternPath);
-        const patternName = path2.basename(patternPath);
+        const baseDir = path3.dirname(patternPath);
+        const patternName = path3.basename(patternPath);
         const entries = fsSync.readdirSync(baseDir, { withFileTypes: true });
         for (const entry of entries) {
           if (entry.isDirectory() && globMatch(patternName, entry.name)) {
-            const packagePath = path2.join(baseDir, entry.name);
-            const pkgJsonPath = path2.join(packagePath, "package.json");
+            const packagePath = path3.join(baseDir, entry.name);
+            const pkgJsonPath = path3.join(packagePath, "package.json");
             if (fileExistsSync(pkgJsonPath)) {
               packages.push(packagePath);
             }
@@ -615,7 +900,7 @@ function fileExistsSync(filePath) {
 }
 async function discoverWorkspaces(rootPath) {
   const packages = [];
-  const rootPkgJson = path2.join(rootPath, "package.json");
+  const rootPkgJson = path3.join(rootPath, "package.json");
   if (!await fileExists(rootPkgJson)) {
     return packages;
   }
@@ -629,7 +914,7 @@ async function discoverWorkspaces(rootPath) {
   }
   const packagePaths = discoverFromWorkspaces(rootPath, workspaces);
   for (const pkgPath of packagePaths) {
-    const pkgJsonPath = path2.join(pkgPath, "package.json");
+    const pkgJsonPath = path3.join(pkgPath, "package.json");
     try {
       const pkg = await readJsonFile(pkgJsonPath);
       if (pkg.name) {
@@ -647,7 +932,7 @@ async function discoverWorkspaces(rootPath) {
   return packages;
 }
 async function hasWorkspaces(rootPath) {
-  const rootPkgJson = path2.join(rootPath, "package.json");
+  const rootPkgJson = path3.join(rootPath, "package.json");
   if (!await fileExists(rootPkgJson)) {
     return false;
   }
@@ -656,10 +941,10 @@ async function hasWorkspaces(rootPath) {
 }
 
 // src/config.ts
-import path3 from "node:path";
+import path4 from "node:path";
 var CONFIG_FILE_NAME = "bun-ready.config.json";
 async function readConfig(rootPath) {
-  const configPath = path3.join(rootPath, CONFIG_FILE_NAME);
+  const configPath = path4.join(rootPath, CONFIG_FILE_NAME);
   if (!await fileExists(configPath)) {
     return null;
   }
@@ -703,13 +988,16 @@ function validateConfig(config) {
       result.failOn = cfg.failOn;
     }
   }
+  if (typeof cfg.detailed === "boolean") {
+    result.detailed = cfg.detailed;
+  }
   if (Object.keys(result).length === 0) {
     return null;
   }
   return result;
 }
 function mergeConfigWithOpts(config, opts) {
-  if (!config && !opts.failOn) {
+  if (!config && !opts.failOn && opts.detailed === undefined) {
     return null;
   }
   const result = {
@@ -718,29 +1006,32 @@ function mergeConfigWithOpts(config, opts) {
   if (opts.failOn) {
     result.failOn = opts.failOn;
   }
+  if (opts.detailed !== undefined) {
+    result.detailed = opts.detailed;
+  }
   return Object.keys(result).length > 0 ? result : null;
 }
 
 // src/analyze.ts
 async function readRepoInfo(packagePath) {
-  const packageJsonPath = path4.join(packagePath, "package.json");
+  const packageJsonPath = path5.join(packagePath, "package.json");
   const pkg = await readJsonFile(packageJsonPath);
   const scripts = pkg.scripts ?? {};
   const dependencies = pkg.dependencies ?? {};
   const devDependencies = pkg.devDependencies ?? {};
   const optionalDependencies = pkg.optionalDependencies ?? {};
   const lockfiles = {
-    bunLock: await fileExists(path4.join(packagePath, "bun.lock")),
-    bunLockb: await fileExists(path4.join(packagePath, "bun.lockb")),
-    npmLock: await fileExists(path4.join(packagePath, "package-lock.json")),
-    yarnLock: await fileExists(path4.join(packagePath, "yarn.lock")),
-    pnpmLock: await fileExists(path4.join(packagePath, "pnpm-lock.yaml"))
+    bunLock: await fileExists(path5.join(packagePath, "bun.lock")),
+    bunLockb: await fileExists(path5.join(packagePath, "bun.lockb")),
+    npmLock: await fileExists(path5.join(packagePath, "package-lock.json")),
+    yarnLock: await fileExists(path5.join(packagePath, "yarn.lock")),
+    pnpmLock: await fileExists(path5.join(packagePath, "pnpm-lock.yaml"))
   };
   return { pkg, scripts, dependencies, devDependencies, optionalDependencies, lockfiles };
 }
 async function copyIfExists(from, to) {
   try {
-    await fs2.copyFile(from, to);
+    await fs3.copyFile(from, to);
   } catch {
     return;
   }
@@ -758,21 +1049,21 @@ async function runBunInstallDryRun(packagePath) {
       skipReason
     };
   }
-  const base = await fs2.mkdtemp(path4.join(os.tmpdir(), "bun-ready-"));
+  const base = await fs3.mkdtemp(path5.join(os.tmpdir(), "bun-ready-"));
   const cleanup = async () => {
     try {
-      await fs2.rm(base, { recursive: true, force: true });
+      await fs3.rm(base, { recursive: true, force: true });
     } catch {
       return;
     }
   };
   try {
-    await copyIfExists(path4.join(packagePath, "package.json"), path4.join(base, "package.json"));
-    await copyIfExists(path4.join(packagePath, "bun.lock"), path4.join(base, "bun.lock"));
-    await copyIfExists(path4.join(packagePath, "bun.lockb"), path4.join(base, "bun.lockb"));
-    await copyIfExists(path4.join(packagePath, "package-lock.json"), path4.join(base, "package-lock.json"));
-    await copyIfExists(path4.join(packagePath, "yarn.lock"), path4.join(base, "yarn.lock"));
-    await copyIfExists(path4.join(packagePath, "pnpm-lock.yaml"), path4.join(base, "pnpm-lock.yaml"));
+    await copyIfExists(path5.join(packagePath, "package.json"), path5.join(base, "package.json"));
+    await copyIfExists(path5.join(packagePath, "bun.lock"), path5.join(base, "bun.lock"));
+    await copyIfExists(path5.join(packagePath, "bun.lockb"), path5.join(base, "bun.lockb"));
+    await copyIfExists(path5.join(packagePath, "package-lock.json"), path5.join(base, "package-lock.json"));
+    await copyIfExists(path5.join(packagePath, "yarn.lock"), path5.join(base, "yarn.lock"));
+    await copyIfExists(path5.join(packagePath, "pnpm-lock.yaml"), path5.join(base, "pnpm-lock.yaml"));
     const res = await exec("bun", ["install", "--dry-run"], base);
     const combined = [...res.stdout ? res.stdout.split(`
 `) : [], ...res.stderr ? res.stderr.split(`
@@ -818,7 +1109,7 @@ function filterFindings(findings, config) {
 }
 async function analyzeSinglePackage(packagePath, opts, config, pkgName) {
   const info = await readRepoInfo(packagePath);
-  const name = pkgName || info.pkg.name || path4.basename(packagePath);
+  const name = pkgName || info.pkg.name || path5.basename(packagePath);
   let findings = [
     ...detectLockfileSignals({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }),
     ...detectScriptRisks({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }),
@@ -877,13 +1168,22 @@ async function analyzeSinglePackage(packagePath, opts, config, pkgName) {
     testOk = testResult.ok;
   }
   const severity = summarizeSeverity(findings, installOk, testOk);
+  const stats = calculatePackageStats(info.pkg, findings);
+  const findingsSummary = calculateFindingsSummary(findings);
+  let packageUsage;
+  if (opts.detailed) {
+    try {
+      const usage = await analyzePackageUsageAsync(info.pkg, packagePath, true);
+      packageUsage = usage;
+    } catch (error) {}
+  }
   const summaryLines = [];
   summaryLines.push(`Lockfiles: ${info.lockfiles.bunLock || info.lockfiles.bunLockb ? "bun" : "non-bun or missing"}`);
   summaryLines.push(`Lifecycle scripts: ${Object.keys(info.scripts).some((k) => ["postinstall", "prepare", "preinstall", "install"].includes(k)) ? "present" : "none"}`);
   summaryLines.push(`Native addon risk: ${findings.some((f) => f.id === "deps.native_addons") ? "yes" : "no"}`);
   summaryLines.push(`bun install dry-run: ${install ? install.ok ? "ok" : "failed" : "skipped"}`);
   summaryLines.push(`bun test: ${test ? test.ok ? "ok" : "failed" : "skipped"}`);
-  return {
+  const result = {
     name,
     path: packagePath,
     severity,
@@ -895,8 +1195,14 @@ async function analyzeSinglePackage(packagePath, opts, config, pkgName) {
     dependencies: info.dependencies,
     devDependencies: info.devDependencies,
     optionalDependencies: info.optionalDependencies,
-    lockfiles: info.lockfiles
+    lockfiles: info.lockfiles,
+    stats,
+    findingsSummary
   };
+  if (packageUsage !== undefined) {
+    result.packageUsage = packageUsage;
+  }
+  return result;
 }
 function aggregateSeverity(packages, overallSeverity) {
   if (overallSeverity === "red")
@@ -915,7 +1221,7 @@ function aggregateSeverity(packages, overallSeverity) {
 }
 async function analyzeRepoOverall(opts) {
   const repoPath = normalizeRepoPath(opts.repoPath);
-  const packageJsonPath = path4.join(repoPath, "package.json");
+  const packageJsonPath = path5.join(repoPath, "package.json");
   const hasPkg = await fileExists(packageJsonPath);
   const config = await readConfig(repoPath);
   if (!hasPkg) {
@@ -1029,6 +1335,27 @@ var badge = (s) => {
     return "\uD83D\uDFE1 YELLOW";
   return "\uD83D\uDD34 RED";
 };
+var getReadinessMessage = (severity, hasRedFindings) => {
+  if (severity === "green" && !hasRedFindings) {
+    return "✅ Вітаю, ви готові до переходу на Bun!";
+  }
+  if (severity === "yellow") {
+    return "⚠️ Нажаль ви не готові до переходу на Bun, але це можливо з деякими змінами";
+  }
+  return "❌ Нажаль ви не готові до переходу на Bun через критичні проблеми";
+};
+var formatFindingsTable = (summary) => {
+  const lines = [];
+  lines.push(`## Findings Summary`);
+  lines.push(`| Status | Count |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| \uD83D\uDFE2 Green | ${summary.green} |`);
+  lines.push(`| \uD83D\uDFE1 Yellow | ${summary.yellow} |`);
+  lines.push(`| \uD83D\uDD34 Red | ${summary.red} |`);
+  lines.push(`| **Total** | **${summary.total}** |`);
+  return lines.join(`
+`);
+};
 var getTopFindings = (pkg, count = 3) => {
   const sorted = [...pkg.findings].sort((a, b) => {
     const severityOrder = { red: 0, yellow: 1, green: 2 };
@@ -1041,14 +1368,157 @@ var getTopFindings = (pkg, count = 3) => {
 };
 var packageRow = (pkg) => {
   const name = pkg.name;
-  const path5 = pkg.path.replace(/\\/g, "/");
+  const path6 = pkg.path.replace(/\\/g, "/");
   const severity = badge(pkg.severity);
   const topFindings = getTopFindings(pkg, 2).join(", ") || "No issues";
-  return `| ${name} | \`${path5}\` | ${severity} | ${topFindings} |`;
+  return `| ${name} | \`${path6}\` | ${severity} | ${topFindings} |`;
+};
+var formatPackageStats = (pkg) => {
+  const lines = [];
+  if (pkg.stats) {
+    lines.push(`- Total dependencies: ${pkg.stats.totalDependencies}`);
+    lines.push(`- Total devDependencies: ${pkg.stats.totalDevDependencies}`);
+    lines.push(`- Clean dependencies: ${pkg.stats.cleanDependencies}`);
+    lines.push(`- Clean devDependencies: ${pkg.stats.cleanDevDependencies}`);
+    lines.push(`- Dependencies with findings: ${pkg.stats.riskyDependencies}`);
+    lines.push(`- DevDependencies with findings: ${pkg.stats.riskyDevDependencies}`);
+  }
+  if (pkg.packageUsage) {
+    lines.push(`- **Total files analyzed**: ${pkg.packageUsage.analyzedFiles}`);
+    const usedPackages = Array.from(pkg.packageUsage.usageByPackage.values()).filter((u) => u.fileCount > 0).length;
+    lines.push(`- **Packages used in code**: ${usedPackages}`);
+  }
+  return lines;
+};
+var formatPolicyApplied = (policy) => {
+  const lines = [];
+  lines.push(`## Policy Applied`);
+  lines.push(``);
+  lines.push(`- **Rules applied**: ${policy.rulesApplied}`);
+  lines.push(`- **Findings modified**: ${policy.findingsModified}`);
+  lines.push(`- **Findings disabled**: ${policy.findingsDisabled}`);
+  lines.push(`- **Severity upgraded**: ${policy.severityUpgraded}`);
+  lines.push(`- **Severity downgraded**: ${policy.severityDowngraded}`);
+  lines.push(``);
+  if (policy.rules.length > 0) {
+    lines.push(`### Policy Rules`);
+    for (const rule of policy.rules) {
+      const actionBadge = getPolicyActionBadge(rule.action);
+      lines.push(`- **${rule.findingId}**: ${actionBadge}`);
+      if (rule.originalSeverity && rule.newSeverity && rule.originalSeverity !== rule.newSeverity) {
+        lines.push(`  - ${badge(rule.originalSeverity)} → ${badge(rule.newSeverity)}`);
+      }
+      if (rule.reason) {
+        lines.push(`  - Reason: ${rule.reason}`);
+      }
+    }
+    lines.push(``);
+  } else {
+    lines.push(`No policy rules were applied.`);
+    lines.push(``);
+  }
+  return lines.join(`
+`);
+};
+var getPolicyActionBadge = (action) => {
+  if (action === "fail")
+    return "\uD83D\uDED1 FAIL";
+  if (action === "warn")
+    return "⚠️ WARN";
+  if (action === "off")
+    return "\uD83D\uDD34 OFF";
+  return "\uD83D\uDD35 IGNORE";
+};
+var formatBaselineComparison = (comparison) => {
+  const lines = [];
+  lines.push(`## Baseline Comparison`);
+  lines.push(``);
+  if (comparison.isRegression) {
+    lines.push(`\uD83D\uDD34 **REGRESSION DETECTED**`);
+  } else {
+    lines.push(`✅ No regression detected`);
+  }
+  lines.push(``);
+  if (comparison.newFindings.length > 0) {
+    lines.push(`### New Findings (${comparison.newFindings.length})`);
+    for (const f of comparison.newFindings) {
+      const severityBadge = badge(f.severity);
+      lines.push(`- ${severityBadge} **${f.id}** in package \`${f.packageName}\``);
+    }
+    lines.push(``);
+  }
+  if (comparison.resolvedFindings.length > 0) {
+    lines.push(`### Resolved Findings (${comparison.resolvedFindings.length})`);
+    for (const f of comparison.resolvedFindings) {
+      const severityBadge = badge(f.severity);
+      lines.push(`- ${severityBadge} **${f.id}** in package \`${f.packageName}\``);
+    }
+    lines.push(``);
+  }
+  if (comparison.severityChanges.length > 0) {
+    lines.push(`### Severity Changes (${comparison.severityChanges.length})`);
+    for (const c of comparison.severityChanges) {
+      const oldBadge = badge(c.oldSeverity);
+      const newBadge = badge(c.newSeverity);
+      lines.push(`- **${c.fingerprint.id}** in package \`${c.fingerprint.packageName}\`: ${oldBadge} → ${newBadge}`);
+    }
+    lines.push(``);
+  }
+  if (comparison.regressionReasons.length > 0) {
+    lines.push(`### Regression Reasons`);
+    for (const reason of comparison.regressionReasons) {
+      lines.push(`- ${reason}`);
+    }
+    lines.push(``);
+  }
+  if (comparison.newFindings.length === 0 && comparison.resolvedFindings.length === 0 && comparison.severityChanges.length === 0) {
+    lines.push(`No changes detected from baseline.`);
+    lines.push(``);
+  }
+  return lines.join(`
+`);
+};
+var formatChangedOnly = (changedPackages, baselineFile) => {
+  const lines = [];
+  lines.push(`## Scanned Packages (Changed-only)`);
+  lines.push(``);
+  if (changedPackages.length === 0) {
+    lines.push(`No packages were identified as changed.`);
+  } else {
+    lines.push(`The following packages were scanned (only changed packages):`);
+    lines.push(``);
+    for (const pkgPath of changedPackages) {
+      const normalizedPath = pkgPath.replace(/\\/g, "/");
+      lines.push(`- \`${normalizedPath}\``);
+    }
+  }
+  lines.push(``);
+  if (baselineFile) {
+    lines.push(`**Verdict type:** Regression verdict (comparing changed packages against baseline)`);
+  } else {
+    lines.push(`**Verdict type:** Partial verdict (only changed packages scanned, no baseline)`);
+    lines.push(`⚠️ Note: This is a partial scan. For complete verdict, provide a baseline file.`);
+  }
+  lines.push(``);
+  return lines.join(`
+`);
 };
 function renderMarkdown(r) {
   const lines = [];
-  lines.push(`# bun-ready report`);
+  const bunVersion = process.version;
+  const hasRedFindings = r.findings.some((f) => f.severity === "red");
+  const readinessMessage = getReadinessMessage(r.severity, hasRedFindings);
+  lines.push(`# bun-ready report - Tested with Bun ${bunVersion}`);
+  lines.push(``);
+  lines.push(readinessMessage);
+  lines.push(``);
+  const rootFindingsSummary = {
+    green: r.findings.filter((f) => f.severity === "green").length,
+    yellow: r.findings.filter((f) => f.severity === "yellow").length,
+    red: r.findings.filter((f) => f.severity === "red").length,
+    total: r.findings.length
+  };
+  lines.push(formatFindingsTable(rootFindingsSummary));
   lines.push(``);
   lines.push(`**Overall:** ${badge(r.severity)}`);
   lines.push(``);
@@ -1084,6 +1554,9 @@ function renderMarkdown(r) {
     }
     lines.push(``);
   }
+  if (r.policyApplied) {
+    lines.push(formatPolicyApplied(r.policyApplied));
+  }
   lines.push(`## Root Package`);
   lines.push(`- Path: \`${r.repo.packageJsonPath.replace(/\\/g, "/")}\``);
   lines.push(`- Workspaces: ${r.repo.hasWorkspaces ? "yes" : "no"}`);
@@ -1127,6 +1600,13 @@ function renderMarkdown(r) {
     }
     lines.push(``);
   }
+  const rootPkgForStats = r.packages?.find((p) => p.path === r.repo.packageJsonPath);
+  if (rootPkgForStats && rootPkgForStats.stats) {
+    lines.push(`## Package Summary`);
+    for (const l of formatPackageStats(rootPkgForStats))
+      lines.push(l);
+    lines.push(``);
+  }
   lines.push(`## Root Findings`);
   if (r.findings.length === 0) {
     lines.push(`No findings for root package.`);
@@ -1147,6 +1627,13 @@ function renderMarkdown(r) {
     }
   }
   lines.push(``);
+  if (r.baselineComparison) {
+    lines.push(formatBaselineComparison(r.baselineComparison));
+  }
+  if (r.changedPackages) {
+    const baselineFile = r.baselineFile;
+    lines.push(formatChangedOnly(r.changedPackages, baselineFile));
+  }
   if (r.packages && r.packages.length > 0) {
     const sortedPackages = stableSort(r.packages, (p) => p.name);
     for (const pkg of sortedPackages) {
@@ -1157,6 +1644,12 @@ function renderMarkdown(r) {
       for (const l of pkg.summaryLines)
         lines.push(`- ${l}`);
       lines.push(``);
+      if (pkg.stats) {
+        lines.push(`**Package Summary**`);
+        for (const l of formatPackageStats(pkg))
+          lines.push(l);
+        lines.push(``);
+      }
       if (pkg.install) {
         lines.push(`**bun install (dry-run):** ${pkg.install.ok ? "ok" : "failed"}`);
         if (pkg.install.logs.length > 0 && pkg.install.logs.length < 10) {
@@ -1202,28 +1695,627 @@ function renderMarkdown(r) {
   return lines.join(`
 `);
 }
+var renderDetailedReport = (r) => {
+  const lines = [];
+  const bunVersion = process.version;
+  const hasRedFindings = r.findings.some((f) => f.severity === "red");
+  const readinessMessage = getReadinessMessage(r.severity, hasRedFindings);
+  lines.push(`# bun-ready detailed report - Tested with Bun ${bunVersion}`);
+  lines.push(``);
+  lines.push(readinessMessage);
+  lines.push(``);
+  const rootFindingsSummary = {
+    green: r.findings.filter((f) => f.severity === "green").length,
+    yellow: r.findings.filter((f) => f.severity === "yellow").length,
+    red: r.findings.filter((f) => f.severity === "red").length,
+    total: r.findings.length
+  };
+  lines.push(formatFindingsTable(rootFindingsSummary));
+  lines.push(``);
+  lines.push(`**Overall:** ${badge(r.severity)}`);
+  lines.push(``);
+  if (r.policyApplied) {
+    lines.push(formatPolicyApplied(r.policyApplied));
+  }
+  lines.push(`## Detailed Package Usage`);
+  lines.push(``);
+  let hasUsageInfo = false;
+  if (r.packages && r.packages.length > 0) {
+    const sortedPackages = stableSort(r.packages, (p) => p.name);
+    for (const pkg of sortedPackages) {
+      if (!pkg.packageUsage)
+        continue;
+      hasUsageInfo = true;
+      lines.push(`### ${pkg.name}`);
+      lines.push(``);
+      lines.push(`**Total files analyzed:** ${pkg.packageUsage.analyzedFiles}`);
+      lines.push(`**Total packages:** ${pkg.packageUsage.totalPackages}`);
+      lines.push(``);
+      const sortedUsage = Array.from(pkg.packageUsage.usageByPackage.values()).filter((u) => u.fileCount > 0).sort((a, b) => b.fileCount - a.fileCount);
+      if (sortedUsage.length === 0) {
+        lines.push(`No package usage detected in source files.`);
+        lines.push(``);
+        continue;
+      }
+      for (const usage of sortedUsage) {
+        const depVersion = pkg.dependencies[usage.packageName] || pkg.devDependencies[usage.packageName] || "";
+        const versionStr = depVersion ? `@${depVersion}` : "";
+        lines.push(`#### ${usage.packageName}${versionStr} (${usage.fileCount} file${usage.fileCount !== 1 ? "s" : ""})`);
+        lines.push(``);
+        if (usage.filePaths.length > 0) {
+          for (const filePath of usage.filePaths) {
+            lines.push(`- ${filePath}`);
+          }
+        } else {
+          lines.push(`- No file paths collected`);
+        }
+        lines.push(``);
+      }
+    }
+  }
+  if (!hasUsageInfo) {
+    lines.push(`No package usage information available. Run with --detailed flag to enable usage analysis.`);
+    lines.push(``);
+  }
+  lines.push(`---`);
+  lines.push(``);
+  lines.push(`## Root Findings`);
+  if (r.findings.length === 0) {
+    lines.push(`No findings for root package.`);
+  } else {
+    const findings = stableSort(r.findings, (f) => `${f.severity}:${f.id}`);
+    for (const f of findings) {
+      lines.push(`### ${f.title} (${badge(f.severity)})`);
+      lines.push(``);
+      for (const d of f.details)
+        lines.push(`- ${d}`);
+      if (f.hints.length > 0) {
+        lines.push(``);
+        lines.push(`**Hints:**`);
+        for (const h of f.hints)
+          lines.push(`- ${h}`);
+      }
+      lines.push(``);
+    }
+  }
+  lines.push(``);
+  if (r.baselineComparison) {
+    lines.push(formatBaselineComparison(r.baselineComparison));
+  }
+  if (r.changedPackages) {
+    const baselineFile = r.baselineFile;
+    lines.push(formatChangedOnly(r.changedPackages, baselineFile));
+  }
+  return lines.join(`
+`);
+};
 
 // src/report_json.ts
 function renderJson(r) {
   return JSON.stringify(r, null, 2);
 }
 
+// src/sarif.ts
+import path6 from "node:path";
+function severityToSarifLevel(severity) {
+  switch (severity) {
+    case "green":
+      return "note";
+    case "yellow":
+      return "warning";
+    case "red":
+      return "error";
+  }
+}
+function createSarifRule(finding) {
+  const descriptionText = finding.details.length > 0 ? finding.details[0] : finding.title;
+  const fullDesc = { text: descriptionText };
+  const helpParts = [];
+  if (finding.details.length > 0) {
+    helpParts.push("Details:");
+    finding.details.forEach((d) => helpParts.push(`  - ${d}`));
+  }
+  if (finding.hints.length > 0) {
+    helpParts.push("Hints:");
+    finding.hints.forEach((h) => helpParts.push(`  - ${h}`));
+  }
+  const helpText = helpParts.length > 0 ? helpParts.join(`
+`) : "No hints available";
+  return {
+    id: finding.id,
+    shortDescription: {
+      text: finding.title
+    },
+    fullDescription: fullDesc,
+    help: {
+      text: helpText
+    },
+    defaultConfiguration: {
+      level: severityToSarifLevel(finding.severity)
+    }
+  };
+}
+function determineFindingLocation(finding, repoPath, packageName) {
+  if (!packageName) {
+    return {
+      physicalLocation: {
+        artifactLocation: {
+          uri: path6.basename(repoPath)
+        }
+      }
+    };
+  }
+  const relativePath = packageName === "root" ? "package.json" : packageName;
+  return {
+    physicalLocation: {
+      artifactLocation: {
+        uri: relativePath
+      }
+    }
+  };
+}
+function createSarifResult(finding, repoPath, packageName) {
+  const messageParts = [finding.title];
+  if (finding.details.length > 0) {
+    messageParts.push("");
+    messageParts.push("Details:");
+    messageParts.push(...finding.details.map((d) => `- ${d}`));
+  }
+  const messageText = messageParts.join(`
+`);
+  return {
+    ruleId: finding.id,
+    level: severityToSarifLevel(finding.severity),
+    message: {
+      text: messageText
+    },
+    locations: [determineFindingLocation(finding, repoPath, packageName)]
+  };
+}
+function renderSarif(result) {
+  const allFindings = [...result.findings];
+  if (result.packages) {
+    for (const pkg of result.packages) {
+      for (const finding of pkg.findings) {
+        if (!allFindings.some((f) => f.id === finding.id)) {
+          allFindings.push(finding);
+        }
+      }
+    }
+  }
+  const rulesMap = new Map;
+  for (const finding of allFindings) {
+    if (!rulesMap.has(finding.id)) {
+      rulesMap.set(finding.id, createSarifRule(finding));
+    }
+  }
+  const rules = Array.from(rulesMap.values()).sort((a, b) => a.id.localeCompare(b.id));
+  const results = [];
+  for (const finding of result.findings) {
+    results.push(createSarifResult(finding, result.repo.packageJsonPath, "root"));
+  }
+  for (const pkg of result.packages || []) {
+    const packageName = pkg.name;
+    for (const finding of pkg.findings) {
+      results.push(createSarifResult(finding, result.repo.packageJsonPath, packageName));
+    }
+  }
+  const sarifLog = {
+    version: "2.1.0",
+    $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: "bun-ready",
+            version: result.version || "0.3.0",
+            semanticVersion: "2.1.0",
+            rules
+          }
+        },
+        results
+      }
+    ]
+  };
+  return sarifLog;
+}
+
+// src/ci_summary.ts
+function getTopFindings2(findings, count = 3) {
+  const sorted = [...findings].sort((a, b) => {
+    const severityOrder = { red: 0, yellow: 1, green: 2 };
+    if (severityOrder[a.severity] !== severityOrder[b.severity]) {
+      return severityOrder[a.severity] - severityOrder[b.severity];
+    }
+    return a.id.localeCompare(b.id);
+  });
+  const badge2 = (s) => {
+    switch (s) {
+      case "green":
+        return "\uD83D\uDFE2";
+      case "yellow":
+        return "\uD83D\uDFE1";
+      case "red":
+        return "\uD83D\uDD34";
+    }
+  };
+  return sorted.slice(0, count).map((f) => `${badge2(f.severity)} ${f.title} (${f.id})`);
+}
+function generateNextActions(findings) {
+  const actions = [];
+  const actionSet = new Set;
+  for (const finding of findings) {
+    for (const hint of finding.hints) {
+      const action = hint.trim();
+      if (!actionSet.has(action)) {
+        actions.push(action);
+        actionSet.add(action);
+      }
+    }
+  }
+  return actions.slice(0, 5);
+}
+function calculateExitCode(severity, failOn) {
+  if (!failOn) {
+    if (severity === "green")
+      return 0;
+    if (severity === "yellow")
+      return 2;
+    return 3;
+  }
+  if (failOn === "green") {
+    if (severity === "green")
+      return 0;
+    return 3;
+  }
+  if (failOn === "yellow") {
+    if (severity === "red")
+      return 3;
+    return 0;
+  }
+  if (severity === "green")
+    return 0;
+  if (severity === "yellow")
+    return 2;
+  return 3;
+}
+function generateCISummary(result, failOn) {
+  const topFindings = getTopFindings2(result.findings, 3);
+  const nextActions = generateNextActions(result.findings);
+  const exitCode = calculateExitCode(result.severity, failOn);
+  return {
+    verdict: result.severity,
+    topFindings,
+    nextActions,
+    exitCode
+  };
+}
+function formatCISummaryText(summary) {
+  const badge2 = (s) => {
+    switch (s) {
+      case "green":
+        return "\uD83D\uDFE2 GREEN";
+      case "yellow":
+        return "\uD83D\uDFE1 YELLOW";
+      case "red":
+        return "\uD83D\uDD34 RED";
+    }
+  };
+  const lines = [];
+  lines.push("=== bun-ready CI Summary ===");
+  lines.push("");
+  lines.push(`Verdict: ${badge2(summary.verdict)}`);
+  lines.push("");
+  if (summary.topFindings.length > 0) {
+    lines.push("Top Issues:");
+    for (const finding of summary.topFindings) {
+      lines.push(`  - ${finding}`);
+    }
+    lines.push("");
+  }
+  if (summary.nextActions.length > 0) {
+    lines.push("Next Actions:");
+    for (let i = 0;i < summary.nextActions.length; i++) {
+      lines.push(`  ${i + 1}. ${summary.nextActions[i]}`);
+    }
+    lines.push("");
+  }
+  lines.push(`Exit Code: ${summary.exitCode}`);
+  return lines.join(`
+`);
+}
+function formatGitHubJobSummary(summary) {
+  const badge2 = (s) => {
+    switch (s) {
+      case "green":
+        return "\uD83D\uDFE2 **GREEN**";
+      case "yellow":
+        return "\uD83D\uDFE1 **YELLOW**";
+      case "red":
+        return "\uD83D\uDD34 **RED**";
+    }
+  };
+  const lines = [];
+  lines.push("## bun-ready CI Summary");
+  lines.push("");
+  lines.push(`### Verdict: ${badge2(summary.verdict)}`);
+  lines.push("");
+  if (summary.topFindings.length > 0) {
+    lines.push("### Top Issues");
+    lines.push("");
+    for (const finding of summary.topFindings) {
+      lines.push(`- ${finding}`);
+    }
+    lines.push("");
+  }
+  if (summary.nextActions.length > 0) {
+    lines.push("### Next Actions");
+    lines.push("");
+    for (let i = 0;i < summary.nextActions.length; i++) {
+      lines.push(`${i + 1}. ${summary.nextActions[i]}`);
+    }
+    lines.push("");
+  }
+  lines.push(`**Exit Code:** \`${summary.exitCode}\``);
+  return lines.join(`
+`);
+}
+
+// src/policy.ts
+function applySeverityChange(originalSeverity, change) {
+  if (change === "same")
+    return originalSeverity;
+  if (change === "upgrade") {
+    if (originalSeverity === "green")
+      return "yellow";
+    if (originalSeverity === "yellow")
+      return "red";
+    return "red";
+  }
+  if (originalSeverity === "red")
+    return "yellow";
+  if (originalSeverity === "yellow")
+    return "green";
+  return "green";
+}
+function parseRuleArgs(ruleArgs) {
+  const rules = [];
+  for (const arg of ruleArgs) {
+    const parts = arg.split(/[=:]/, 2);
+    if (parts.length !== 2)
+      continue;
+    const [id, actionOrChange] = parts.map((p) => p.trim());
+    if (!id || !actionOrChange) {
+      continue;
+    }
+    if (["fail", "warn", "off", "ignore"].includes(actionOrChange)) {
+      const actionRule = {
+        id,
+        action: actionOrChange
+      };
+      rules.push(actionRule);
+    } else if (["upgrade", "downgrade", "same"].includes(actionOrChange)) {
+      const severityRule = {
+        id,
+        severityChange: actionOrChange
+      };
+      rules.push(severityRule);
+    }
+  }
+  return rules;
+}
+function mergePolicyConfigs(cliPolicy, configPolicy) {
+  if (!cliPolicy && !configPolicy) {
+    return;
+  }
+  const result = {};
+  if (cliPolicy?.rules && cliPolicy.rules.length > 0) {
+    result.rules = cliPolicy.rules;
+  } else if (configPolicy?.rules && configPolicy.rules.length > 0) {
+    result.rules = configPolicy.rules;
+  }
+  if (cliPolicy?.thresholds && Object.keys(cliPolicy.thresholds).length > 0) {
+    result.thresholds = cliPolicy.thresholds;
+  } else if (configPolicy?.thresholds && Object.keys(configPolicy.thresholds).length > 0) {
+    result.thresholds = configPolicy.thresholds;
+  }
+  if (cliPolicy?.failOn) {
+    result.failOn = cliPolicy.failOn;
+  } else if (configPolicy?.failOn) {
+    result.failOn = configPolicy.failOn;
+  }
+  if (Object.keys(result).length === 0) {
+    return;
+  }
+  return result;
+}
+function findMatchingRule(findingId, rules) {
+  for (const rule of rules) {
+    if (rule.id === findingId) {
+      return rule;
+    }
+  }
+  for (const rule of rules) {
+    if (rule.id === "*") {
+      return rule;
+    }
+  }
+  return null;
+}
+function applyPolicy(findings, policy, metrics) {
+  const rules = policy.rules || [];
+  const thresholds = policy.thresholds;
+  const modifiedFindings = [];
+  const appliedRules = [];
+  let findingsModified = 0;
+  let findingsDisabled = 0;
+  let severityUpgraded = 0;
+  let severityDowngraded = 0;
+  for (const finding of findings) {
+    const rule = findMatchingRule(finding.id, rules);
+    if (!rule) {
+      modifiedFindings.push(finding);
+      continue;
+    }
+    const applied = {
+      findingId: finding.id,
+      action: rule.action || "ignore",
+      originalSeverity: finding.severity
+    };
+    if (rule.action === "off" || rule.action === "ignore") {
+      findingsDisabled++;
+      appliedRules.push(applied);
+      continue;
+    }
+    let newSeverity = finding.severity;
+    let wasModified = false;
+    if (rule.severityChange) {
+      newSeverity = finding.severity;
+      if (rule.action === "fail") {
+        newSeverity = "red";
+      } else if (rule.action === "warn") {
+        newSeverity = "yellow";
+      }
+      newSeverity = applySeverityChange(newSeverity, rule.severityChange);
+      if (rule.severityChange === "upgrade") {
+        severityUpgraded++;
+      } else if (rule.severityChange === "downgrade") {
+        severityDowngraded++;
+      }
+      wasModified = true;
+    } else if (rule.action === "fail" || rule.action === "warn") {
+      if (rule.action === "fail") {
+        newSeverity = "red";
+      } else if (rule.action === "warn") {
+        newSeverity = "yellow";
+      }
+      wasModified = true;
+      if (newSeverity !== finding.severity) {
+        const severityOrder = { green: 0, yellow: 1, red: 2 };
+        if (severityOrder[newSeverity] > severityOrder[finding.severity]) {
+          severityUpgraded++;
+        } else {
+          severityDowngraded++;
+        }
+      }
+    }
+    if (wasModified) {
+      findingsModified++;
+    }
+    applied.newSeverity = newSeverity;
+    applied.reason = rule.reason;
+    modifiedFindings.push({
+      ...finding,
+      severity: newSeverity
+    });
+    appliedRules.push(applied);
+  }
+  let rulesApplied = appliedRules.length;
+  if (thresholds && metrics) {
+    if (thresholds.maxPackagesRed !== undefined && metrics.packagesRed > thresholds.maxPackagesRed) {
+      rulesApplied++;
+    }
+    if (thresholds.maxPackagesYellow !== undefined && metrics.packagesYellow > thresholds.maxPackagesYellow) {
+      rulesApplied++;
+    }
+  }
+  const summary = {
+    rulesApplied,
+    findingsModified,
+    findingsDisabled,
+    severityUpgraded,
+    severityDowngraded,
+    rules: appliedRules
+  };
+  return { modifiedFindings, summary };
+}
+
+// src/cli.ts
+init_baseline();
+
+// src/changed_only.ts
+init_spawn();
+async function getGitDiffPaths(repoPath, sinceRef) {
+  try {
+    const res = await exec("git", ["diff", "--name-only", sinceRef], repoPath);
+    if (!res.stdout) {
+      return [];
+    }
+    const paths = res.stdout.split(`
+`).map((p) => p.trim()).filter((p) => p.length > 0);
+    return paths;
+  } catch (error) {
+    return [];
+  }
+}
+function isWorkspacePackage(path7, workspacePackages) {
+  if (!workspacePackages || workspacePackages.length === 0) {
+    return false;
+  }
+  for (const wp of workspacePackages) {
+    const normalizedPath = path7.replace(/\\/g, "/");
+    const normalizedWpPath = wp.path.replace(/\\/g, "/");
+    if (normalizedPath.startsWith(normalizedWpPath)) {
+      return true;
+    }
+  }
+  return false;
+}
+function mapPathsToPackages(paths, packages) {
+  const packageMap = new Map;
+  for (const pkg of packages) {
+    const normalizedPath = pkg.path.replace(/\\/g, "/");
+    packageMap.set(normalizedPath, pkg.name);
+  }
+  const changedPackages = new Set;
+  for (const path7 of paths) {
+    for (const [pkgPath, pkgName] of packageMap.entries()) {
+      const relativePath = path7.replace(/\\/g, "/");
+      if (relativePath.startsWith(pkgPath)) {
+        changedPackages.add(pkgPath);
+        break;
+      }
+    }
+  }
+  return Array.from(changedPackages).sort();
+}
+async function detectChangedPackages(repoPath, sinceRef, workspacePackages) {
+  const paths = await getGitDiffPaths(repoPath, sinceRef);
+  if (paths.length === 0) {
+    return [];
+  }
+  let filteredPaths = paths;
+  if (workspacePackages && workspacePackages.length > 0) {
+    filteredPaths = paths.filter((p) => isWorkspacePackage(p, workspacePackages));
+  }
+  return filteredPaths;
+}
+
 // src/cli.ts
 var usage = () => {
   return [
     "bun-ready",
     "",
     "Usage:",
-    "  bun-ready scan <path> [--format md|json] [--out <file>] [--no-install] [--no-test] [--verbose] [--scope root|packages|all] [--fail-on green|yellow|red]",
+    "  bun-ready scan <path> [--format md|json|sarif] [--out <file>] [--no-install] [--no-test] [--verbose] [--detailed] [--scope root|packages|all] [--fail-on green|yellow|red] [--ci] [--output-dir <dir>] [--rule <id>=<action>] [--max-warnings <n>] [--baseline <file>] [--update-baseline] [--changed-only] [--since <ref>]",
     "",
     "Options:",
-    "  --format md|json       Output format (default: md)",
+    "  --format md|json|sarif       Output format (default: md)",
     "  --out <file>          Output file path (default: bun-ready.md or bun-ready.json)",
     "  --no-install           Skip bun install --dry-run",
     "  --no-test             Skip bun test",
     "  --verbose              Show detailed output",
+    "  --detailed            Show detailed package usage report with file paths",
     "  --scope root|packages|all  Scan scope for monorepos (default: all)",
     "  --fail-on green|yellow|red  Fail policy (default: red)",
+    "  --ci                  Run in CI mode (stable output, minimal noise)",
+    "  --output-dir <dir>    Output directory for all artifacts (in CI mode)",
+    "  --rule <id>=<action>  Apply policy rule (e.g., --rule deps.native_addons=fail)",
+    "  --max-warnings <n>    Maximum warnings allowed (threshold)",
+    "  --baseline <file>      Baseline file for regression detection",
+    "  --update-baseline      Update baseline file after scan",
+    "  --changed-only         Scan only changed packages (monorepos)",
+    "  --since <ref>         Git ref for changed packages (e.g., main, HEAD~1)",
     "",
     "Exit codes:",
     "  0   green",
@@ -1246,6 +2338,7 @@ var parseArgs = (argv) => {
         runInstall: true,
         runTest: true,
         verbose: false,
+        detailed: false,
         scope: "all"
       }
     };
@@ -1256,13 +2349,20 @@ var parseArgs = (argv) => {
   let runInstall = true;
   let runTest = true;
   let verbose = false;
+  let detailed = false;
   let scope = "all";
   let failOn;
+  let ci;
+  let outputDir;
+  let ruleArgs = [];
+  let maxWarnings;
+  let baseline;
+  let changedOnly;
   for (let i = 2;i < args.length; i++) {
     const a = args[i] ?? "";
     if (a === "--format") {
       const v = args[i + 1] ?? "";
-      if (v === "md" || v === "json")
+      if (v === "md" || v === "json" || v === "sarif")
         format = v;
       i++;
       continue;
@@ -1284,6 +2384,10 @@ var parseArgs = (argv) => {
       verbose = true;
       continue;
     }
+    if (a === "--detailed") {
+      detailed = true;
+      continue;
+    }
     if (a === "--scope") {
       const v = args[i + 1] ?? "";
       if (v === "root" || v === "packages" || v === "all")
@@ -1298,6 +2402,59 @@ var parseArgs = (argv) => {
       i++;
       continue;
     }
+    if (a === "--ci") {
+      ci = { mode: true };
+      continue;
+    }
+    if (a === "--output-dir") {
+      outputDir = args[i + 1];
+      i++;
+      continue;
+    }
+    if (a === "--rule") {
+      ruleArgs.push(args[i + 1] ?? "");
+      i++;
+      continue;
+    }
+    if (a === "--max-warnings") {
+      const v = args[i + 1] ?? "";
+      const num = parseInt(v, 10);
+      if (!isNaN(num) && num >= 0) {
+        maxWarnings = num;
+      }
+      i++;
+      continue;
+    }
+    if (a === "--baseline") {
+      baseline = { file: args[i + 1] ?? "" };
+      i++;
+      continue;
+    }
+    if (a === "--update-baseline") {
+      if (!baseline) {
+        baseline = { file: "", update: true };
+      } else {
+        baseline.update = true;
+      }
+      continue;
+    }
+    if (a === "--changed-only") {
+      if (!changedOnly) {
+        changedOnly = { enabled: true };
+      } else {
+        changedOnly.enabled = true;
+      }
+      continue;
+    }
+    if (a === "--since") {
+      if (!changedOnly) {
+        changedOnly = { enabled: true, sinceRef: args[i + 1] ?? "" };
+      } else {
+        changedOnly.sinceRef = args[i + 1] ?? "";
+      }
+      i++;
+      continue;
+    }
   }
   const baseOpts = {
     repoPath,
@@ -1306,40 +2463,42 @@ var parseArgs = (argv) => {
     runInstall,
     runTest,
     verbose,
+    detailed,
     scope
   };
   if (failOn !== undefined) {
     baseOpts.failOn = failOn;
   }
+  if (ci !== undefined) {
+    baseOpts.ci = ci;
+  }
+  if (outputDir !== undefined) {
+    if (!baseOpts.ci) {
+      baseOpts.ci = { mode: true };
+    }
+    baseOpts.ci.outputDir = outputDir;
+  }
+  if (ruleArgs.length > 0 || maxWarnings !== undefined) {
+    const policy = {};
+    if (ruleArgs.length > 0) {
+      policy.rules = parseRuleArgs(ruleArgs);
+    }
+    if (maxWarnings !== undefined) {
+      policy.thresholds = { maxWarnings };
+    }
+    baseOpts.policy = policy;
+  }
+  if (baseline !== undefined && (baseline.file || baseline.update)) {
+    baseOpts.baseline = baseline;
+  }
+  if (changedOnly !== undefined && changedOnly.enabled) {
+    baseOpts.changedOnly = changedOnly;
+  }
   return {
     cmd,
     opts: baseOpts
   };
 };
-var exitCode = (sev, failOn) => {
-  if (!failOn) {
-    if (sev === "green")
-      return 0;
-    if (sev === "yellow")
-      return 2;
-    return 3;
-  }
-  if (failOn === "green") {
-    if (sev === "green")
-      return 0;
-    return 3;
-  }
-  if (failOn === "yellow") {
-    if (sev === "red")
-      return 3;
-    return 0;
-  }
-  if (sev === "green")
-    return 0;
-  if (sev === "yellow")
-    return 2;
-  return 3;
-};
 var main = async () => {
   const { cmd, opts } = parseArgs(process.argv);
   if (cmd !== "scan") {
@@ -1347,7 +2506,15 @@ var main = async () => {
 `);
     process.exit(1);
   }
-  const config = await mergeConfigWithOpts(null, opts);
+  const configOpts = {};
+  if (opts.failOn !== undefined) {
+    configOpts.failOn = opts.failOn;
+  }
+  if (opts.detailed !== undefined) {
+    configOpts.detailed = opts.detailed;
+  }
+  const config = await mergeConfigWithOpts(null, configOpts);
+  const mergedPolicy = mergePolicyConfigs(opts.policy, config?.rules ? { rules: config.rules } : undefined);
   const scanOpts = {
     repoPath: opts.repoPath,
     format: opts.format,
@@ -1360,14 +2527,78 @@ var main = async () => {
   if (opts.failOn !== undefined) {
     scanOpts.failOn = opts.failOn;
   }
+  if (opts.ci !== undefined) {
+    scanOpts.ci = opts.ci;
+  }
+  if (mergedPolicy !== undefined) {
+    scanOpts.policy = mergedPolicy;
+  }
   const res = await analyzeRepoOverall(scanOpts);
-  if (res.install?.skipReason || res.test?.skipReason) {
+  let changedPackages;
+  if (opts.changedOnly?.enabled && opts.changedOnly?.sinceRef) {
+    try {
+      const detectedPaths = await detectChangedPackages(opts.repoPath, opts.changedOnly.sinceRef, res.packages?.map((p) => ({ path: p.path, packageJsonPath: p.path, name: p.name })));
+      if (res.packages) {
+        changedPackages = mapPathsToPackages(detectedPaths, res.packages);
+      }
+    } catch (error) {
+      process.stderr.write(`Failed to detect changed packages: ${error instanceof Error ? error.message : String(error)}
+`);
+    }
+  }
+  let baselineData = null;
+  if (opts.baseline?.file) {
+    try {
+      baselineData = await loadBaseline(opts.baseline.file);
+    } catch (error) {
+      process.stderr.write(`Failed to load baseline: ${error instanceof Error ? error.message : String(error)}
+`);
+      process.exit(1);
+    }
+  }
+  let finalResult = res;
+  if (mergedPolicy) {
+    const policyResult = applyPolicy(res.findings, mergedPolicy);
+    finalResult = {
+      ...res,
+      findings: policyResult.modifiedFindings,
+      policyApplied: policyResult.summary
+    };
+  }
+  const { createFindingFingerprint: createFindingFingerprint2, calculateBaselineMetrics: calculateBaselineMetrics2 } = await Promise.resolve().then(() => (init_baseline(), exports_baseline));
+  const packages = finalResult.packages || [];
+  const allFindings = [...finalResult.findings];
+  for (const pkg of packages) {
+    for (const finding of pkg.findings) {
+      allFindings.push(finding);
+    }
+  }
+  const currentFingerprints = allFindings.map((f) => createFindingFingerprint2(f));
+  if (baselineData) {
+    const comparison = compareFindings(baselineData.findings, currentFingerprints);
+    finalResult = {
+      ...finalResult,
+      baselineComparison: comparison
+    };
+    if (opts.baseline?.update) {
+      const updatedBaseline = {
+        ...baselineData,
+        timestamp: new Date().toISOString(),
+        findings: currentFingerprints
+      };
+      await saveBaseline(updatedBaseline, opts.baseline.file || "");
+    }
+  }
+  if (changedPackages) {
+    finalResult.changedPackages = changedPackages;
+  }
+  if (finalResult.install?.skipReason || finalResult.test?.skipReason) {
     const skipWarnings = [];
-    if (res.install?.skipReason) {
-      skipWarnings.push(`Install check skipped: ${res.install.skipReason}`);
+    if (finalResult.install?.skipReason) {
+      skipWarnings.push(`Install check skipped: ${finalResult.install.skipReason}`);
     }
-    if (res.test?.skipReason) {
-      skipWarnings.push(`Test run skipped: ${res.test.skipReason}`);
+    if (finalResult.test?.skipReason) {
+      skipWarnings.push(`Test run skipped: ${finalResult.test.skipReason}`);
     }
     if (skipWarnings.length > 0) {
       process.stderr.write(`WARNING:
@@ -1376,13 +2607,48 @@ ${skipWarnings.map((w) => `  - ${w}`).join(`
 `);
     }
   }
-  const out = opts.format === "json" ? renderJson(res) : renderMarkdown(res);
-  const target = opts.outFile ?? (opts.format === "json" ? "bun-ready.json" : "bun-ready.md");
-  const resolved = path5.resolve(process.cwd(), target);
-  await fs3.writeFile(resolved, out, "utf8");
-  process.stdout.write(`Wrote ${opts.format.toUpperCase()} report to ${resolved}
+  let out = "";
+  if (opts.format === "sarif") {
+    out = JSON.stringify(renderSarif(finalResult), null, 2);
+  } else if (opts.format === "json") {
+    out = renderJson(finalResult);
+  } else {
+    out = opts.detailed ? renderDetailedReport(finalResult) : renderMarkdown(finalResult);
+  }
+  let target = opts.outFile;
+  let outputDir = opts.ci?.outputDir;
+  if (!target) {
+    if (opts.format === "sarif") {
+      target = "bun-ready.sarif.json";
+    } else if (opts.format === "json") {
+      target = "bun-ready.json";
+    } else if (opts.detailed) {
+      target = "bun-ready-detailed.md";
+    } else {
+      target = "bun-ready.md";
+    }
+  }
+  const resolved = outputDir ? path7.resolve(process.cwd(), outputDir, target) : path7.resolve(process.cwd(), target);
+  if (outputDir) {
+    await fs5.mkdir(path7.dirname(resolved), { recursive: true });
+  }
+  await fs5.writeFile(resolved, out, "utf8");
+  if (opts.ci?.mode) {
+    const ciSummary = generateCISummary(finalResult, config?.failOn || opts.failOn);
+    const summaryText = formatCISummaryText(ciSummary);
+    process.stdout.write(`
+${summaryText}
 `);
-  process.exit(exitCode(res.severity, config?.failOn || opts.failOn));
+    if (process.env.GITHUB_STEP_SUMMARY) {
+      const githubSummary = formatGitHubJobSummary(ciSummary);
+      await fs5.writeFile(process.env.GITHUB_STEP_SUMMARY, githubSummary, "utf8");
+    }
+  } else {
+    process.stdout.write(`Wrote ${opts.format.toUpperCase()} report to ${resolved}
+`);
+  }
+  const exitCodeValue = calculateExitCode(finalResult.severity, config?.failOn || opts.failOn);
+  process.exit(exitCodeValue);
 };
 main().catch((e) => {
   const msg = e instanceof Error ? e.message : String(e);