Package Exports

maintenance-release-operator
maintenance-release-operator/src/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (maintenance-release-operator) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

maintenance-release-operator

Enforce truth in your repositories.

MRO is a strict, deterministic governance tool that checks repo legitimacy and automates compliant releases. No flexibility by default. No AI. No dark patterns.

Philosophy: MRO enforces what repositories claim about themselves. If your README says tests pass, they better pass. If you have dependencies, they better be secure. See PHILOSOPHY.md for governance principles.

Core Documents:
📜 PHILOSOPHY.md — Governance principles, strictness guarantees, what MRO will never become
💰 PRICING.md — Economic boundaries, free vs. paid, monetization model
🛡️ POLICY.md — Safety constraints, engineering guardrails, data handling

Quick Start

# No install required — just run:
npx maintenance-release-operator check

Output:

🔍 Running maintenance checks...

  ✅ package.json exists
  ✅ README.md exists
  ❌ LICENSE exists
     → Add a LICENSE file. Try: npx license mit
  ❌ CHANGELOG exists
     → Create CHANGELOG.md to track versions
  ✅ .gitignore exists
  ✅ No package-lock.json AND pnpm-lock.yaml (pick one)
  ✅ CI workflow exists

─────────────────────────────────
  Passed: 5/7
  ⚠️  2 issue(s) found
─────────────────────────────────

Install (Optional)

# Global install for frequent use
npm install -g maintenance-release-operator

# Then just run:
mro check

Commands

`check`

Run all maintenance checks on the current repo.

mro check           # Human-readable output
mro check --json    # JSON output for scripting

Exit codes:

0 — All checks passed
1 — One or more checks failed

`release`

Automate version bumping, changelog updates, and git tagging.

mro release          # Bump patch version (default)
mro release patch    # Bump patch: 1.2.3 → 1.2.4
mro release minor    # Bump minor: 1.2.3 → 1.3.0
mro release major    # Bump major: 1.2.3 → 2.0.0

What it does:

✅ Checks working tree is clean
✅ Runs CI checks (npm run ci)
✅ Calculates next version
✅ Updates package.json
✅ Updates CHANGELOG.md with recent commits
✅ Creates git commit and tag (vX.Y.Z)

Safety checks:

❌ Fails if working tree is dirty
❌ Fails if CI checks fail

After release:

git push origin main
git push origin v1.2.4
npm publish  # if publishing to npm

What It Checks

Check	Enforcement Reason
`package.json`	Node projects must declare dependencies and metadata
`README.md`	Repos without documentation are unmaintainable
`LICENSE`	No license = legal ambiguity = unusable
`CHANGELOG.md`	Version history must be documented
`.gitignore`	Secrets and build artifacts must not be committed
Lockfile conflicts	Multiple lockfiles = non-deterministic installs
CI workflow	Claims of "tests passing" must be verifiable
Test script	`npm test` must be runnable
Node engines	Supported versions must be declared
Outdated deps	Stale dependencies accumulate security debt
Security vulns	Known CVEs must be surfaced

Roadmap

mro release — Automate changelog + version bump + tag ✅
mro deps — Check for outdated/vulnerable dependencies
mro audit — Security-focused checks
Config file support (.mrorc)

Pricing

The CLI is free forever. Org-level enforcement and enterprise features will have paid tiers.

See PRICING.md for economic boundaries, philosophy, and future SKUs.

Contributing

Issues and PRs welcome. Please read the existing issues before opening a new one.

License

MIT