upd-cli 0.1.9__tar.gz → 0.2.0__tar.gz

{upd_cli-0.1.9 → upd_cli-0.2.0}/CHANGELOG.md

@@ -19,6 +19,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 
 
+
+
+## [0.2.0](https://github.com/rvben/upd/compare/v0.1.10...v0.2.0) - 2026-06-11
+
+### Breaking Changes
+
+- **audit**: give vulnerabilities_found its own exit code 6 as a declared outcome ([0037dc4](https://github.com/rvben/upd/commit/0037dc4e075f7d3cca7e51096fc11d07e1aa1cdb))
+
+### Added
+
+- **audit**: give vulnerabilities_found its own exit code 6 as a declared outcome ([0037dc4](https://github.com/rvben/upd/commit/0037dc4e075f7d3cca7e51096fc11d07e1aa1cdb))
+
+## [0.1.10](https://github.com/rvben/upd/compare/v0.1.9...v0.1.10) - 2026-06-11
+
+### Added
+
+- **schema**: declare updates_available as an outcome, not an error kind ([4f55a02](https://github.com/rvben/upd/commit/4f55a02e3b80384f19199691302f96ba4deb9246))
+
 ## [0.1.9](https://github.com/rvben/upd/compare/v0.1.8...v0.1.9) - 2026-06-11
 
 ### Added

{upd_cli-0.1.9 → upd_cli-0.2.0}/Cargo.lock

@@ -2015,7 +2015,7 @@ checksum = "e9df2af067a7953e9c3831320f35c1cc0600c30d44d9f7a12b01db1cd88d6b47"
 
 [[package]]
 name = "upd"
-version = "0.1.9"
+version = "0.2.0"
 dependencies = [
  "anyhow",
  "async-trait",

{upd_cli-0.1.9 → upd_cli-0.2.0}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "upd"
-version = "0.1.9"
+version = "0.2.0"
 edition = "2024"
 rust-version = "1.95.0"
 description = "A fast dependency updater for Python, Node.js, Rust, Go, Ruby, Terraform, GitHub Actions, pre-commit, and Mise projects"

{upd_cli-0.1.9 → upd_cli-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: upd-cli
-Version: 0.1.9
+Version: 0.2.0
 Classifier: Development Status :: 4 - Beta
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers

{upd_cli-0.1.9 → upd_cli-0.2.0}/fixtures/clispec-v0.2.json

@@ -38,6 +38,11 @@
       "description": "The finite set of `kind` values the tool emits in structured errors. Consumers can write exhaustive handlers against this set.",
       "type": "array",
       "items": { "$ref": "#/$defs/error" }
+    },
+    "outcomes": {
+      "description": "Documented non-zero exit codes that signal a data state rather than a failure (the diff/grep convention). An outcome exit writes no error envelope; stdout carries the result. Codes must not overlap with the exit codes declared in `errors`.",
+      "type": "array",
+      "items": { "$ref": "#/$defs/outcome" }
     }
   },
   "$defs": {
@@ -106,6 +111,27 @@
         "description": { "type": "string" }
       }
     },
+    "outcome": {
+      "type": "object",
+      "required": ["code", "name"],
+      "properties": {
+        "code": {
+          "description": "The exit code the tool returns for this outcome. Consumers can branch on it without parsing anything.",
+          "type": "integer",
+          "minimum": 1,
+          "maximum": 255
+        },
+        "name": {
+          "description": "Stable identifier for the outcome. Snake_case by convention.",
+          "type": "string",
+          "minLength": 1,
+          "pattern": "^[a-z][a-z0-9_]*$"
+        },
+        "description": {
+          "type": "string"
+        }
+      }
+    },
     "error": {
       "type": "object",
       "required": ["kind"],

{upd_cli-0.1.9 → upd_cli-0.2.0}/src/lib.rs

@@ -53,15 +53,17 @@ pub fn decide_exit_code(non_mutating: bool, has_pending_updates: bool, has_error
 ///
 /// - `2` — scan errors occurred; errors take precedence over vulnerability
 ///   findings so that CI can distinguish a broken scan from a clean one.
-/// - `3` — vulnerabilities were found and `no_fail` is `false`; distinct from
-///   the update exit codes (1 = pending updates, 2 = errors) so callers can
-///   handle each condition independently.
+/// - `6` — vulnerabilities were found and `no_fail` is `false`; a dedicated
+///   code, distinct from the update exit codes (1 = pending updates,
+///   2 = errors) and from the error exit codes declared in the schema, so
+///   callers can branch on the exit code alone. Declared as the
+///   `vulnerabilities_found` outcome in the schema.
 /// - `0` — no vulnerabilities found, or `no_fail` suppresses the non-zero exit.
 pub fn decide_audit_exit_code(vuln_count: usize, error_count: usize, no_fail: bool) -> i32 {
     if error_count > 0 {
         2
     } else if vuln_count > 0 && !no_fail {
-        3
+        6
     } else {
         0
     }

{upd_cli-0.1.9 → upd_cli-0.2.0}/src/schema.rs

@@ -251,13 +251,19 @@ fn build_schema() -> Value {
                 ]
             }
         ],
-        "errors": [
+        "outcomes": [
             {
-                "kind": "updates_available",
-                "description": "Updates are available (dry-run mode only). Run with --apply to write changes",
-                "exit_code": 1,
-                "retryable": false
+                "code": 1,
+                "name": "updates_available",
+                "description": "Updates are available (dry-run mode only); the report is on stdout. Not an error. Run with --apply to write changes"
             },
+            {
+                "code": 6,
+                "name": "vulnerabilities_found",
+                "description": "Security vulnerabilities found during audit; the report is on stdout. Not an error. Use --no-fail to exit 0 instead"
+            }
+        ],
+        "errors": [
             {
                 "kind": "io_error",
                 "description": "File read or write failed, or a required path does not exist",
@@ -281,12 +287,6 @@ fn build_schema() -> Value {
                 "description": "Version conflict detected between files",
                 "exit_code": 5,
                 "retryable": false
-            },
-            {
-                "kind": "vulnerabilities_found",
-                "description": "Security vulnerabilities found during audit (use --no-fail to suppress non-zero exit)",
-                "exit_code": 3,
-                "retryable": false
             }
         ]
     })
@@ -358,18 +358,32 @@ mod tests {
     }
 
     #[test]
-    fn schema_declares_updates_available_error_with_exit_code_1() {
+    fn schema_declares_updates_available_outcome_with_code_1() {
         let s = build_schema();
-        let errors = s["errors"].as_array().expect("errors must be an array");
-        let updates_available = errors
+        let outcomes = s["outcomes"].as_array().expect("outcomes must be an array");
+        let updates_available = outcomes
             .iter()
-            .find(|e| e["kind"].as_str() == Some("updates_available"))
-            .expect("must declare an 'updates_available' error kind");
+            .find(|o| o["name"].as_str() == Some("updates_available"))
+            .expect("must declare an 'updates_available' outcome");
         assert_eq!(
-            updates_available["exit_code"].as_u64(),
+            updates_available["code"].as_u64(),
             Some(1),
             "updates_available must map to exit code 1 (the dry-run signal)"
         );
+        let errors = s["errors"].as_array().expect("errors must be an array");
+        assert!(
+            !errors
+                .iter()
+                .any(|e| e["kind"].as_str() == Some("updates_available")),
+            "updates_available is an outcome, not an error kind"
+        );
+        for outcome in outcomes {
+            let code = outcome["code"].as_u64().expect("outcome must have a code");
+            assert!(
+                !errors.iter().any(|e| e["exit_code"].as_u64() == Some(code)),
+                "outcome code {code} must not overlap with error exit codes"
+            );
+        }
     }
 
     #[test]

{upd_cli-0.1.9 → upd_cli-0.2.0}/tests/exit_codes.rs

@@ -344,8 +344,8 @@ fn decide_audit_exit_code_clean() {
 #[test]
 fn decide_audit_exit_code_vulns_without_no_fail() {
     use upd::decide_audit_exit_code;
-    assert_eq!(decide_audit_exit_code(1, 0, false), 3);
-    assert_eq!(decide_audit_exit_code(162, 0, false), 3);
+    assert_eq!(decide_audit_exit_code(1, 0, false), 6);
+    assert_eq!(decide_audit_exit_code(162, 0, false), 6);
 }
 
 /// Unit test: vulns found, --no-fail present → exit 0.
@@ -388,7 +388,7 @@ fn audit_on_empty_workspace_exits_zero() {
 /// A wiremock server stands in for the OSV API and reports one vulnerability
 /// for `requests==1.0.0`.
 #[tokio::test]
-async fn audit_with_vulns_exits_three() {
+async fn audit_with_vulns_exits_six() {
     use wiremock::matchers::{method, path};
     use wiremock::{Mock, MockServer, ResponseTemplate};
 
@@ -422,8 +422,8 @@ async fn audit_with_vulns_exits_three() {
     );
 
     assert_eq!(
-        code, 3,
-        "audit with vulns must exit 3 (no --no-fail); stderr: {stderr}"
+        code, 6,
+        "audit with vulns must exit 6, the vulnerabilities_found outcome (no --no-fail); stderr: {stderr}"
     );
 }
 

{upd_cli-0.1.9 → upd_cli-0.2.0}/tests/fix_audit.rs

@@ -159,9 +159,9 @@ async fn fix_audit_dry_run_exits_1_and_leaves_file_unchanged() {
 }
 
 /// When a vulnerability has no `fixed_version`, emit a warning and don't touch the file.
-/// Falls through to normal audit exit code (3 = vulnerable, !no_fail).
+/// Falls through to normal audit exit code (6 = vulnerabilities_found outcome, !no_fail).
 #[tokio::test]
-async fn fix_audit_no_fixed_version_warns_and_exits_3() {
+async fn fix_audit_no_fixed_version_warns_and_exits_6() {
     use wiremock::matchers::{method, path};
     use wiremock::{Mock, MockServer, ResponseTemplate};
 
@@ -198,10 +198,10 @@ async fn fix_audit_no_fixed_version_warns_and_exits_3() {
     );
 
     // No fixable packages → falls through to normal audit exit code.
-    // Normal audit with vulnerabilities and !no_fail → exit 3.
+    // Normal audit with vulnerabilities and !no_fail → exit 6.
     assert_eq!(
-        code, 3,
-        "should exit 3 (vulnerable, no fix available); stdout: {stdout}\nstderr: {stderr}"
+        code, 6,
+        "should exit 6 (vulnerabilities_found outcome, no fix available); stdout: {stdout}\nstderr: {stderr}"
     );
 
     let content = fs::read_to_string(&req_path).unwrap();