rlsbl 0.9.0 → 0.9.1

package/README.md

@@ -4,161 +4,156 @@
 
 # rlsbl
 
-Release orchestration and project scaffolding CLI for npm, PyPI, and Go.
+Release orchestration and project scaffolding CLI for npm, PyPI, and Go. Pure Python, no dependencies.
 
 ## Install
 
-From npm:
+From PyPI:
 
 ```
-npm i -g rlsbl
+uv tool install rlsbl
 ```
 
-From PyPI (requires Node.js 18+):
+From npm (wrapper):
 
 ```
-uv tool install rlsbl
+npm i -g rlsbl
 ```
 
 ## Quick start
 
 ```
-rlsbl scaffold
-rlsbl release minor
+rlsbl scaffold          # set up CI/CD, hooks, changelog
+# ... develop, commit ...
+rlsbl release minor     # bump, tag, push, create GitHub Release
+rlsbl watch <sha>       # monitor CI for that release
 ```
 
 ## Commands
 
-All commands work at the top level -- registries are auto-detected from project files (`package.json`, `pyproject.toml`, `go.mod`). Use `--registry <npm|pypi|go>` when you need to target a specific registry.
+All commands auto-detect registries from project files (`package.json`, `pyproject.toml`, `go.mod`). Use `--registry <npm|pypi|go>` to target a specific one.
+
+| Command | Description |
+|---------|-------------|
+| `release [patch\|minor\|major]` | Bump version, commit, tag, push, create GitHub Release |
+| `scaffold [--force] [--update]` | Scaffold CI/CD, hooks, and release infrastructure |
+| `status` | Show version, branch, last tag, changelog coverage, CI presence |
+| `check <name>` | Check name availability on npm/PyPI (parallel variant queries) |
+| `config [show\|init\|migrate\|status]` | Manage project configuration and schema migrations |
+| `undo [--yes]` | Revert the last release (tag, commit, GitHub Release) |
+| `discover [--mine]` | List rlsbl ecosystem projects via GitHub topic search |
+| `watch [<sha>]` | Monitor CI runs for a commit (parallel polling), notify on completion |
+| `unreleased [--json]` | List commits since last tag, report changelog coverage |
+| `prs` | List open pull requests for the current repo |
+| `record-gif` | Record a demo GIF with vhs |
+| `pre-push-check` | Verify CHANGELOG entry exists for the current version |
+
+Global flags: `--help`, `--version`, `--registry <npm|pypi|go>`, `--no-tag`.
 
-### scaffold [--force] [--update]
+## Release flow
 
-Scaffolds CI/CD infrastructure and release tooling for all detected registries.
+When you run `rlsbl release [patch|minor|major]`:
 
-```
-rlsbl scaffold
-rlsbl scaffold --registry npm          # target npm only
-rlsbl scaffold --registry pypi --force # overwrite existing files
-rlsbl scaffold --registry go           # target Go only
-```
+1. Verifies `gh` CLI is installed and authenticated
+2. Checks working tree is clean
+3. Reads the current version from the primary project file
+4. Computes the new version; confirms the tag does not already exist
+5. Validates `CHANGELOG.md` contains a `## <new-version>` section
+6. Runs `.rlsbl/hooks/pre-release.sh` if present (non-zero exit aborts; receives `RLSBL_VERSION`)
+7. Acquires advisory lockfile (`.rlsbl/lock`) to prevent concurrent operations
+8. Writes the new version to all detected project files and `.rlsbl/version`
+9. Adds `rlsbl` keyword to manifests if ecosystem tagging is enabled
+10. Verifies no unexpected files were modified (race condition guard)
+11. Commits the version bump (uses `safegit` if available)
+12. Tags and pushes to `origin`
+13. Creates a GitHub Release with the changelog entry as notes
+14. Adds `rlsbl` topic to the GitHub repo (if tagging enabled)
+15. Runs `.rlsbl/hooks/post-release.sh` if present (non-fatal; receives `RLSBL_VERSION`)
+16. Prints `Watch CI: rlsbl watch <sha>`
 
-Context-aware behavior when files already exist (without `--force`):
+Use `--dry-run` to preview without changes. Use `--yes` for non-interactive mode (CI, AI agents).
 
-| File | Behavior |
-|---|---|
-| `CLAUDE.md` | Appends rlsbl sections if the marker is not present |
-| `.gitignore` | Merges missing entries from the template |
-| `.github/workflows/ci.yml` | Preserves existing file, prints a note to review manually |
-| All others | Skipped |
+First release: if the current version has never been tagged, `release` publishes it as-is (bump type is ignored).
 
-### release [patch|minor|major] [--dry-run] [--quiet]
+Pre-release versions (e.g. `1.0.0-beta.1`) are supported.
 
-Bumps version, commits, pushes, and creates a GitHub Release. Defaults to `patch`.
+## Scaffold
 
 ```
-rlsbl release minor
-rlsbl release major --dry-run --registry npm
+rlsbl scaffold              # create CI/CD for all detected registries
+rlsbl scaffold --update     # three-way merge template updates with user customizations
+rlsbl scaffold --force      # overwrite managed files (user-owned files still preserved)
+rlsbl scaffold --no-commit  # skip auto-commit of scaffolded files
 ```
 
-The version is synced across all detected project files (`package.json`, `pyproject.toml`, `VERSION`) regardless of which registry is primary. Go projects use a plain `VERSION` file as the version source.
+Created files are committed automatically by default.
 
-If `.rlsbl/hooks/pre-release.sh` exists, it runs before any changes are made. A non-zero exit aborts the release. If `.rlsbl/hooks/post-release.sh` exists, it runs after the release completes (non-fatal). See [Release flow](#release-flow) for details.
+| File | Purpose |
+|------|---------|
+| `.github/workflows/ci.yml` | CI workflow (lint, test) |
+| `.github/workflows/publish.yml` | Publish on GitHub Release (OIDC) |
+| `CHANGELOG.md` | Version changelog |
+| `LICENSE` | MIT license (author and year filled in) |
+| `.gitignore` | Standard ignores for the ecosystem |
+| `CLAUDE.md` | AI assistant instructions |
+| `.claude/settings.json` | Claude Code settings |
+| `.rlsbl/hooks/pre-release.sh` | User-customizable pre-release validation |
+| `.rlsbl/hooks/post-release.sh` | User-customizable post-release actions |
+| `.git/hooks/pre-push` | One-liner: `exec rlsbl pre-push-check "$@"` |
+| `.rlsbl/bases/` | Three-way merge bases for `--update` |
 
-### status
+**Three-way merge (`--update`):** Bases are stored at scaffold time. On `--update`, user customizations and template updates merge via `git merge-file`. Conflicts get git-style conflict markers.
 
-Shows project status: package name, version (per registry), git branch, last tag, working tree state, changelog coverage, and CI workflow presence.
+**User-owned files** (CHANGELOG.md, LICENSE, hooks) are never overwritten, even with `--force`.
 
-```
-rlsbl status
-rlsbl status --registry pypi
-```
+**Runs config migrations** when `.rlsbl/config-schema.json` exists.
 
-### check \<name\>
+## Config management
 
-Checks name availability on both npm and PyPI, and warns about confusingly similar names.
+Schema-driven configuration migration system for projects that ship user-facing config files.
 
 ```
-rlsbl check my-cool-lib
-rlsbl check my-cool-lib --registry npm   # npm only
+rlsbl config init      # scaffold config migration infrastructure
+rlsbl config migrate   # run pending migrations
+rlsbl config status    # show migration status
+rlsbl config show      # show resolved project configuration
 ```
 
-npm checks variant spellings (hyphens, underscores, dots, no separator). PyPI normalizes per PEP 503 and checks common alternatives.
+`config init` creates `.rlsbl/config-schema.json` and a `defaults/` directory. Migrations support deep merge, flat merge, and list-by-key merge strategies with versioned schema tracking and atomic writes.
 
-### discover [--mine]
+### Library API
 
-Lists all projects in the rlsbl ecosystem by querying GitHub for repositories with the `rlsbl` topic.
+```python
+from rlsbl.lib import ConfigMigrator, load_schema, migrate
 
+# One-liner: load schema and run all pending migrations
+result = migrate(".")  # returns {filename: was_written} or None
 ```
-rlsbl discover
-rlsbl discover --mine              # only your repos
-```
-
-Uses GitHub token if available (higher rate limit). Works unauthenticated for public repos.
 
-### Ecosystem tagging
+## Undo
 
-By default, `scaffold` and `release` add an `"rlsbl"` keyword to `package.json` and/or `pyproject.toml`, and set the `rlsbl` topic on the GitHub repository. This makes projects discoverable via `rlsbl discover`.
-
-To disable tagging:
-
-| Method | Scope |
-|---|---|
-| `--no-tag` flag | Single invocation |
-| `{"tag": false}` in `.rlsbl/config.json` | This project |
-| `{"tag": false}` in `~/.rlsbl/config.json` | All your projects |
-
-Precedence: CLI flag > project config > user config > default (enabled).
-
-Global flags: `--help`, `--version`.
+```
+rlsbl undo         # interactive: confirms before each destructive step
+rlsbl undo --yes   # non-interactive: auto-confirms, auto-pushes
+```
 
-## Release flow
+Reverts the last release:
 
-When you run `release`, the following happens in order:
+1. Deletes the GitHub Release
+2. Deletes the git tag (remote + local)
+3. Reverts the version bump commit (if HEAD matches the tag)
+4. Pushes the revert commit (with confirmation, or automatic with `--yes`)
 
-1. Verifies `gh` CLI is installed and authenticated
-2. Checks that the git working tree is clean
-3. Reads the current version from the primary project file
-4. Computes the new version and confirms the git tag does not already exist
-5. Validates that `CHANGELOG.md` contains a `## <new-version>` section
-6. Runs `.rlsbl/hooks/pre-release.sh` if present (non-zero exit aborts)
-7. Writes the new version to the primary project file
-8. Syncs the new version to all other detected project files
-9. Commits the version bump (uses `safegit` if available, otherwise `git`)
-10. Pushes the branch to `origin`
-11. Creates a GitHub Release tagged `v<new-version>` with the changelog entry as notes
-12. The GitHub Release triggers `publish.yml`, which publishes to the registry
-13. Runs `.rlsbl/hooks/post-release.sh` if present (non-fatal -- the release is already complete). The `RLSBL_VERSION` env var is set to the released version. Useful for local install (`go install ./cmd/myapp/`), deploy, or notifications.
-14. Spawns a background process that watches CI via `gh run watch`. When CI finishes, it prints the result to stderr (so AI agents can read it) and sends a desktop notification (`notify-send` on Linux, `osascript` on macOS). On CI failure, it also prints the GitHub Actions run URL. This happens automatically -- no configuration needed.
-
-## What scaffold creates
-
-| File | Source | Purpose |
-|---|---|---|
-| `.github/workflows/ci.yml` | Registry-specific | CI workflow (lint, test) |
-| `.github/workflows/publish.yml` | Registry-specific | Publish on GitHub Release (OIDC) |
-| `CHANGELOG.md` | Shared | Version changelog |
-| `LICENSE` | Shared | MIT license (author and year filled in) |
-| `.gitignore` | Shared | Standard ignores for the ecosystem |
-| `CLAUDE.md` | Shared | AI assistant instructions |
-| `.claude/settings.json` | Shared | Claude Code settings |
-| `.rlsbl/hooks/pre-release.sh` | Shared | User-customizable pre-release validation |
-| `.rlsbl/hooks/post-release.sh` | Shared | User-customizable post-release actions |
-| `.git/hooks/pre-push` | Shared | One-liner that calls `rlsbl pre-push-check` |
-
-Hook files are made executable automatically. The `record-gif` and `pre-push-check` functionality is provided as built-in subcommands (`rlsbl record-gif`, `rlsbl pre-push-check`) rather than scaffolded scripts.
-
-The scaffolded `.gitignore` includes a `*.local-only` pattern. Create a `.local-only/` directory or rename files with a `.local-only` suffix to keep them out of version control -- useful for local-only assets, experiments, and keeping the working tree clean for tools that check `git status`.
+On partial failure, prints a structured summary table with remediation commands for each failed step.
 
 ## Pre-push hook
 
-The `rlsbl pre-push-check` subcommand enforces changelog coverage. During `scaffold`, a one-liner git hook is installed at `.git/hooks/pre-push` that calls this subcommand. It prevents pushing when `CHANGELOG.md` lacks an entry for the current version.
-
-How it works:
+The `.git/hooks/pre-push` hook calls `rlsbl pre-push-check`, which:
 
 1. Detects project type (`package.json`, `pyproject.toml`, or `VERSION`)
 2. Extracts the current version
-3. Checks that `CHANGELOG.md` contains a heading `## <version>`
-4. Blocks the push with an error if the entry is missing
+3. Checks that `CHANGELOG.md` contains a `## <version>` heading
+4. Blocks the push if the entry is missing
 
 To reinstall manually:
 
@@ -166,30 +161,40 @@ To reinstall manually:
 echo '#!/bin/sh' > .git/hooks/pre-push && echo 'exec rlsbl pre-push-check "$@"' >> .git/hooks/pre-push && chmod +x .git/hooks/pre-push
 ```
 
-## First publish
+## Ecosystem tagging
 
-The first version must be published manually before CI can take over:
+`scaffold` and `release` add an `"rlsbl"` keyword to project manifests and set the `rlsbl` topic on the GitHub repository, making projects discoverable via `rlsbl discover`.
 
-| Registry | Manual first publish | Then configure |
-|---|---|---|
-| npm | Add an `NPM_TOKEN` secret to your GitHub repo (Settings > Secrets > Actions), then push a release | CI handles subsequent publishes |
-| PyPI | Run `uv publish` | Set up [Trusted Publishing](https://docs.pypi.org/trusted-publishers/) on pypi.org |
-| Go | Push to GitHub and create a release -- Go modules are published by the tag itself | No secrets needed; `pkg.go.dev` indexes automatically |
+To disable:
 
-After configuration, all subsequent releases are handled by CI when `rlsbl release` creates a GitHub Release. Go projects use GoReleaser in CI (via GitHub Actions) to build cross-platform binaries.
+| Method | Scope |
+|--------|-------|
+| `--no-tag` flag | Single invocation |
+| `{"tag": false}` in `.rlsbl/config.json` | This project |
+| `{"tag": false}` in `~/.rlsbl/config.json` | All projects |
 
 ## Environment variables
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `RLSBL_PUSH_TIMEOUT` | `120` | Timeout in seconds for `git push` operations. Increase if your pre-push hooks (e.g. test suites) take longer than 2 minutes. |
-| `RLSBL_VERSION` | -- | Set automatically when running `.rlsbl/hooks/post-release.sh`. Contains the just-released version string. |
+| `RLSBL_PUSH_TIMEOUT` | `120` | Timeout in seconds for `git push` operations |
+| `RLSBL_VERSION` | -- | Set when running pre-release and post-release hooks; contains the version being released |
+| `GITHUB_TOKEN` | -- | Used by `gh` CLI for GitHub API calls; `discover` works unauthenticated for public repos |
+
+## First publish
+
+| Registry | Setup | Then |
+|----------|-------|------|
+| npm | Add `NPM_TOKEN` secret to GitHub repo (Settings > Secrets > Actions) | CI publishes on GitHub Release |
+| PyPI | Run `uv publish` once, then set up [Trusted Publishing](https://docs.pypi.org/trusted-publishers/) | CI publishes via OIDC |
+| Go | Push tag -- Go modules are published by the tag itself | `pkg.go.dev` indexes automatically |
 
 ## Requirements
 
-- Node 18+
+- Python 3.11+
 - [GitHub CLI](https://cli.github.com) (`gh`), installed and authenticated
 - git
+- Node 24+ (for npm CI/publish templates)
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rlsbl",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Release orchestration and project scaffolding for npm, PyPI, and Go",
   "license": "MIT",
   "bin": {