@bensandee/tooling 0.18.0 → 0.21.0

package/dist/bin.mjs

@@ -1,15 +1,16 @@
 #!/usr/bin/env node
-import { l as createRealExecutor$1, t as runVerification, u as isExecSyncError } from "./verify-BaWlzdPh.mjs";
+import { l as createRealExecutor$1, t as runDockerCheck, u as isExecSyncError } from "./check-VAgrEX2D.mjs";
 import { defineCommand, runMain } from "citty";
 import * as p from "@clack/prompts";
 import path from "node:path";
-import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, unlinkSync, writeFileSync } from "node:fs";
 import JSON5 from "json5";
 import { parse } from "jsonc-parser";
 import { z } from "zod";
-import { isMap, isSeq, parse as parse$1, parseDocument } from "yaml";
+import { isMap, isScalar, isSeq, parse as parse$1, parseDocument, stringify } from "yaml";
 import { execSync } from "node:child_process";
 import { FatalError, TransientError, UnexpectedError } from "@bensandee/common";
+import { tmpdir } from "node:os";
 //#region src/types.ts
 const LEGACY_TOOLS = [
 	"eslint",
@@ -41,7 +42,7 @@ const TsconfigSchema = z.object({
 	include: z.array(z.string()).optional(),
 	exclude: z.array(z.string()).optional(),
 	files: z.array(z.string()).optional(),
-	references: z.array(z.object({ path: z.string() }).passthrough()).optional(),
+	references: z.array(z.object({ path: z.string() }).loose()).optional(),
 	compilerOptions: z.record(z.string(), z.unknown()).optional()
 }).loose();
 const RenovateSchema = z.object({
@@ -205,6 +206,32 @@ function computeDefaults(targetDir) {
 		detectPackageTypes: true
 	};
 }
+/**
+* List packages that would be published to npm (non-private, have a name).
+* For monorepos, scans packages/ subdirectories. For single repos, checks root package.json.
+* An optional pre-parsed root package.json can be passed to avoid re-reading from disk.
+*/
+function getPublishablePackages(targetDir, structure, rootPackageJson) {
+	if (structure === "monorepo") {
+		const packages = getMonorepoPackages(targetDir);
+		const results = [];
+		for (const pkg of packages) {
+			const pkgJson = readPackageJson(pkg.dir);
+			if (!pkgJson || pkgJson.private || !pkgJson.name) continue;
+			results.push({
+				name: pkgJson.name,
+				dir: pkg.dir
+			});
+		}
+		return results;
+	}
+	const pkg = rootPackageJson ?? readPackageJson(targetDir);
+	if (!pkg || pkg.private || !pkg.name) return [];
+	return [{
+		name: pkg.name,
+		dir: targetDir
+	}];
+}
 /** List packages in a monorepo's packages/ directory. */
 function getMonorepoPackages(targetDir) {
 	const packagesDir = path.join(targetDir, "packages");
@@ -456,7 +483,7 @@ const DeclarativeHealthCheckSchema = z.object({
 	url: z.string(),
 	status: z.number().int().optional()
 });
-const DockerVerifyConfigSchema = z.object({
+const DockerCheckConfigSchema = z.object({
 	composeFiles: z.array(z.string()).optional(),
 	envFile: z.string().optional(),
 	services: z.array(z.string()).optional(),
@@ -495,7 +522,7 @@ const ToolingConfigSchema = z.object({
 		dockerfile: z.string(),
 		context: z.string().default(".")
 	})).optional(),
-	dockerVerify: DockerVerifyConfigSchema.optional()
+	dockerCheck: z.union([z.literal(false), DockerCheckConfigSchema]).optional()
 });
 /** Load saved tooling config from the target directory. Returns undefined if missing or invalid. */
 function loadToolingConfig(targetDir) {
@@ -568,6 +595,334 @@ function mergeWithSavedConfig(detected, saved) {
 	};
 }
 //#endregion
+//#region src/utils/yaml-merge.ts
+const IGNORE_PATTERN = "@bensandee/tooling:ignore";
+const FORGEJO_SCHEMA_COMMENT = "# yaml-language-server: $schema=../../.vscode/forgejo-workflow.schema.json\n";
+/** Returns a yaml-language-server schema comment for Forgejo workflows, empty string otherwise. */
+function workflowSchemaComment(ci) {
+	return ci === "forgejo" ? FORGEJO_SCHEMA_COMMENT : "";
+}
+/** Prepend the Forgejo schema comment if it's not already present. No-op for GitHub. */
+function ensureSchemaComment(content, ci) {
+	if (ci !== "forgejo") return content;
+	if (content.includes("yaml-language-server")) return content;
+	return FORGEJO_SCHEMA_COMMENT + content;
+}
+/** Check if a YAML file has an opt-out comment in the first 10 lines. */
+function isToolingIgnored(content) {
+	return content.split("\n", 10).some((line) => line.includes(IGNORE_PATTERN));
+}
+/**
+* Ensure required commands exist under `pre-commit.commands` in a lefthook config.
+* Only adds missing commands — never modifies existing ones.
+* Returns unchanged content if the file has an opt-out comment or can't be parsed.
+*/
+function mergeLefthookCommands(existing, requiredCommands) {
+	if (isToolingIgnored(existing)) return {
+		content: existing,
+		changed: false
+	};
+	try {
+		const doc = parseDocument(existing);
+		let changed = false;
+		if (!doc.hasIn(["pre-commit", "commands"])) {
+			doc.setIn(["pre-commit", "commands"], requiredCommands);
+			return {
+				content: doc.toString(),
+				changed: true
+			};
+		}
+		const commands = doc.getIn(["pre-commit", "commands"]);
+		if (!isMap(commands)) return {
+			content: existing,
+			changed: false
+		};
+		for (const [name, config] of Object.entries(requiredCommands)) if (!commands.has(name)) {
+			commands.set(name, config);
+			changed = true;
+		}
+		return {
+			content: changed ? doc.toString() : existing,
+			changed
+		};
+	} catch {
+		return {
+			content: existing,
+			changed: false
+		};
+	}
+}
+/**
+* Ensure required steps exist in a workflow job's steps array.
+* Only adds missing steps at the end — never modifies existing ones.
+* Returns unchanged content if the file has an opt-out comment or can't be parsed.
+*/
+function mergeWorkflowSteps(existing, jobName, requiredSteps) {
+	if (isToolingIgnored(existing)) return {
+		content: existing,
+		changed: false
+	};
+	try {
+		const doc = parseDocument(existing);
+		const steps = doc.getIn([
+			"jobs",
+			jobName,
+			"steps"
+		]);
+		if (!isSeq(steps)) return {
+			content: existing,
+			changed: false
+		};
+		let changed = false;
+		for (const { match, step } of requiredSteps) if (!steps.items.some((item) => {
+			if (!isMap(item)) return false;
+			if (match.run) {
+				const run = item.get("run");
+				return typeof run === "string" && run.includes(match.run);
+			}
+			if (match.uses) {
+				const uses = item.get("uses");
+				return typeof uses === "string" && uses.startsWith(match.uses);
+			}
+			return false;
+		})) {
+			steps.add(doc.createNode(step));
+			changed = true;
+		}
+		return {
+			content: changed ? doc.toString() : existing,
+			changed
+		};
+	} catch {
+		return {
+			content: existing,
+			changed: false
+		};
+	}
+}
+/**
+* Add a job to an existing workflow YAML if it doesn't already exist.
+* Returns unchanged content if the job already exists, the file has an opt-out comment,
+* or the document can't be parsed.
+*/
+/**
+* Ensure a `concurrency` block exists at the workflow top level.
+* Adds it if missing — never modifies an existing one.
+* Returns unchanged content if the file has an opt-out comment or can't be parsed.
+*/
+function ensureWorkflowConcurrency(existing, concurrency) {
+	if (isToolingIgnored(existing)) return {
+		content: existing,
+		changed: false
+	};
+	try {
+		const doc = parseDocument(existing);
+		if (doc.has("concurrency")) return {
+			content: existing,
+			changed: false
+		};
+		doc.set("concurrency", concurrency);
+		const contents = doc.contents;
+		if (isMap(contents)) {
+			const items = contents.items;
+			const nameIdx = items.findIndex((p) => isScalar(p.key) && p.key.value === "name");
+			const concPair = items.pop();
+			if (concPair) items.splice(nameIdx + 1, 0, concPair);
+		}
+		return {
+			content: doc.toString(),
+			changed: true
+		};
+	} catch {
+		return {
+			content: existing,
+			changed: false
+		};
+	}
+}
+function addWorkflowJob(existing, jobName, jobConfig) {
+	if (isToolingIgnored(existing)) return {
+		content: existing,
+		changed: false
+	};
+	try {
+		const doc = parseDocument(existing);
+		const jobs = doc.getIn(["jobs"]);
+		if (!isMap(jobs)) return {
+			content: existing,
+			changed: false
+		};
+		if (jobs.has(jobName)) return {
+			content: existing,
+			changed: false
+		};
+		jobs.set(jobName, doc.createNode(jobConfig));
+		return {
+			content: doc.toString(),
+			changed: true
+		};
+	} catch {
+		return {
+			content: existing,
+			changed: false
+		};
+	}
+}
+//#endregion
+//#region src/generators/deploy-ci.ts
+/** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
+function actionsExpr$2(expr) {
+	return `\${{ ${expr} }}`;
+}
+function hasEnginesNode$2(ctx) {
+	return typeof ctx.packageJson?.["engines"]?.["node"] === "string";
+}
+function deployWorkflow(ci, nodeVersionYaml) {
+	return `${workflowSchemaComment(ci)}name: Deploy
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          ${nodeVersionYaml}
+      - run: pnpm install --frozen-lockfile
+      - name: Publish Docker images
+        env:
+          DOCKER_REGISTRY_HOST: ${actionsExpr$2("vars.DOCKER_REGISTRY_HOST")}
+          DOCKER_REGISTRY_NAMESPACE: ${actionsExpr$2("vars.DOCKER_REGISTRY_NAMESPACE")}
+          DOCKER_USERNAME: ${actionsExpr$2("secrets.DOCKER_USERNAME")}
+          DOCKER_PASSWORD: ${actionsExpr$2("secrets.DOCKER_PASSWORD")}
+        run: pnpm exec tooling docker:publish
+`;
+}
+function requiredDeploySteps() {
+	return [
+		{
+			match: { uses: "actions/checkout" },
+			step: { uses: "actions/checkout@v4" }
+		},
+		{
+			match: { uses: "pnpm/action-setup" },
+			step: { uses: "pnpm/action-setup@v4" }
+		},
+		{
+			match: { uses: "actions/setup-node" },
+			step: { uses: "actions/setup-node@v4" }
+		},
+		{
+			match: { run: "pnpm install" },
+			step: { run: "pnpm install --frozen-lockfile" }
+		},
+		{
+			match: { run: "docker:publish" },
+			step: { run: "pnpm exec tooling docker:publish" }
+		}
+	];
+}
+/** Convention paths to check for Dockerfiles. */
+const CONVENTION_DOCKERFILE_PATHS$1 = ["Dockerfile", "docker/Dockerfile"];
+const DockerMapSchema = z.object({ docker: z.record(z.string(), z.unknown()).optional() });
+/** Get names of packages that have Docker builds (by convention or .tooling.json config). */
+function getDockerPackageNames(ctx) {
+	const names = [];
+	const configRaw = ctx.read(".tooling.json");
+	if (configRaw) {
+		const result = DockerMapSchema.safeParse(JSON.parse(configRaw));
+		if (result.success && result.data.docker) names.push(...Object.keys(result.data.docker));
+	}
+	if (ctx.config.structure === "monorepo") {
+		const packages = getMonorepoPackages(ctx.targetDir);
+		for (const pkg of packages) {
+			const dirName = pkg.name.split("/").pop() ?? pkg.name;
+			if (names.includes(dirName)) continue;
+			for (const rel of CONVENTION_DOCKERFILE_PATHS$1) if (ctx.exists(`packages/${dirName}/${rel}`)) {
+				names.push(dirName);
+				break;
+			}
+		}
+	} else for (const rel of CONVENTION_DOCKERFILE_PATHS$1) if (ctx.exists(rel)) {
+		if (!names.includes(ctx.config.name)) names.push(ctx.config.name);
+		break;
+	}
+	return names;
+}
+/** Check whether any Docker packages exist by convention or .tooling.json config. */
+function hasDockerPackages(ctx) {
+	return getDockerPackageNames(ctx).length > 0;
+}
+async function generateDeployCi(ctx) {
+	const filePath = "deploy-ci";
+	if (!hasDockerPackages(ctx) || ctx.config.ci === "none") return {
+		filePath,
+		action: "skipped",
+		description: "Deploy CI workflow not applicable"
+	};
+	const isGitHub = ctx.config.ci === "github";
+	const workflowPath = isGitHub ? ".github/workflows/publish.yml" : ".forgejo/workflows/publish.yml";
+	const nodeVersionYaml = hasEnginesNode$2(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const content = deployWorkflow(ctx.config.ci, nodeVersionYaml);
+	if (ctx.exists(workflowPath)) {
+		const existing = ctx.read(workflowPath);
+		if (existing) {
+			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) return {
+				filePath: workflowPath,
+				action: "skipped",
+				description: "Deploy workflow already up to date"
+			};
+			const merged = mergeWorkflowSteps(existing, "deploy", requiredDeploySteps());
+			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
+			if (withComment === content) {
+				ctx.write(workflowPath, content);
+				return {
+					filePath: workflowPath,
+					action: "updated",
+					description: "Added missing steps to deploy workflow"
+				};
+			}
+			if (await ctx.confirmOverwrite(workflowPath) === "skip") {
+				if (merged.changed || withComment !== merged.content) {
+					ctx.write(workflowPath, withComment);
+					return {
+						filePath: workflowPath,
+						action: "updated",
+						description: "Added missing steps to deploy workflow"
+					};
+				}
+				return {
+					filePath: workflowPath,
+					action: "skipped",
+					description: "Existing deploy workflow preserved"
+				};
+			}
+			ctx.write(workflowPath, content);
+			return {
+				filePath: workflowPath,
+				action: "updated",
+				description: "Replaced deploy workflow with updated template"
+			};
+		}
+		return {
+			filePath: workflowPath,
+			action: "skipped",
+			description: "Deploy workflow already up to date"
+		};
+	}
+	ctx.write(workflowPath, content);
+	return {
+		filePath: workflowPath,
+		action: "created",
+		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions deploy workflow`
+	};
+}
+//#endregion
 //#region src/generators/package-json.ts
 const STANDARD_SCRIPTS_SINGLE = {
 	build: "tsdown",
@@ -597,7 +952,9 @@ const MANAGED_SCRIPTS = {
 	check: "checks:run",
 	"ci:check": "pnpm check",
 	"tooling:check": "repo:sync --check",
-	"tooling:sync": "repo:sync"
+	"tooling:sync": "repo:sync",
+	"docker:build": "docker:build",
+	"docker:check": "docker:check"
 };
 /** Deprecated scripts to remove during migration. */
 const DEPRECATED_SCRIPTS = ["tooling:init", "tooling:update"];
@@ -643,9 +1000,7 @@ function addReleaseDeps(deps, config) {
 			deps["release-it"] = "18.1.2";
 			if (config.structure === "monorepo") deps["@release-it/bumper"] = "7.0.2";
 			break;
-		case "simple":
-			deps["commit-and-tag-version"] = "12.5.0";
-			break;
+		case "simple": break;
 		case "changesets":
 			deps["@changesets/cli"] = "2.29.4";
 			break;
@@ -656,7 +1011,7 @@ function getAddedDevDepNames(config) {
 	const deps = { ...ROOT_DEV_DEPS };
 	if (config.structure !== "monorepo") Object.assign(deps, PER_PACKAGE_DEV_DEPS);
 	deps["@bensandee/config"] = "0.8.2";
-	deps["@bensandee/tooling"] = "0.18.0";
+	deps["@bensandee/tooling"] = "0.21.0";
 	if (config.formatter === "oxfmt") deps["oxfmt"] = "0.35.0";
 	if (config.formatter === "prettier") deps["prettier"] = "3.8.1";
 	addReleaseDeps(deps, config);
@@ -674,10 +1029,14 @@ async function generatePackageJson(ctx) {
 	};
 	if (ctx.config.releaseStrategy === "changesets") allScripts["changeset"] = "changeset";
 	if (ctx.config.releaseStrategy !== "none" && ctx.config.releaseStrategy !== "changesets") allScripts["trigger-release"] = "pnpm exec tooling release:trigger";
+	if (hasDockerPackages(ctx)) {
+		allScripts["docker:build"] = "pnpm exec tooling docker:build";
+		allScripts["docker:check"] = "pnpm exec tooling docker:check";
+	}
 	const devDeps = { ...ROOT_DEV_DEPS };
 	if (!isMonorepo) Object.assign(devDeps, PER_PACKAGE_DEV_DEPS);
 	devDeps["@bensandee/config"] = isWorkspacePackage(ctx, "@bensandee/config") ? "workspace:*" : "0.8.2";
-	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.18.0";
+	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.21.0";
 	if (ctx.config.useEslintPlugin) devDeps["@bensandee/eslint-plugin"] = isWorkspacePackage(ctx, "@bensandee/eslint-plugin") ? "workspace:*" : "0.9.2";
 	if (ctx.config.formatter === "oxfmt") devDeps["oxfmt"] = "0.35.0";
 	if (ctx.config.formatter === "prettier") devDeps["prettier"] = "3.8.1";
@@ -1139,164 +1498,33 @@ async function generateGitignore(ctx) {
 		ctx.write(filePath, updated);
 		if (missingRequired.length === 0) return {
 			filePath,
-			action: "skipped",
-			description: "Only optional entries missing"
-		};
-		return {
-			filePath,
-			action: "updated",
-			description: `Appended ${String(missing.length)} missing entries`
-		};
-	}
-	ctx.write(filePath, ALL_ENTRIES.join("\n") + "\n");
-	return {
-		filePath,
-		action: "created",
-		description: "Generated .gitignore"
-	};
-}
-//#endregion
-//#region src/utils/yaml-merge.ts
-const IGNORE_PATTERN = "@bensandee/tooling:ignore";
-const FORGEJO_SCHEMA_COMMENT = "# yaml-language-server: $schema=../../.vscode/forgejo-workflow.schema.json\n";
-/** Returns a yaml-language-server schema comment for Forgejo workflows, empty string otherwise. */
-function workflowSchemaComment(ci) {
-	return ci === "forgejo" ? FORGEJO_SCHEMA_COMMENT : "";
-}
-/** Prepend the Forgejo schema comment if it's not already present. No-op for GitHub. */
-function ensureSchemaComment(content, ci) {
-	if (ci !== "forgejo") return content;
-	if (content.includes("yaml-language-server")) return content;
-	return FORGEJO_SCHEMA_COMMENT + content;
-}
-/** Check if a YAML file has an opt-out comment in the first 10 lines. */
-function isToolingIgnored(content) {
-	return content.split("\n", 10).some((line) => line.includes(IGNORE_PATTERN));
-}
-/**
-* Ensure required commands exist under `pre-commit.commands` in a lefthook config.
-* Only adds missing commands — never modifies existing ones.
-* Returns unchanged content if the file has an opt-out comment or can't be parsed.
-*/
-function mergeLefthookCommands(existing, requiredCommands) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		let changed = false;
-		if (!doc.hasIn(["pre-commit", "commands"])) {
-			doc.setIn(["pre-commit", "commands"], requiredCommands);
-			return {
-				content: doc.toString(),
-				changed: true
-			};
-		}
-		const commands = doc.getIn(["pre-commit", "commands"]);
-		if (!isMap(commands)) return {
-			content: existing,
-			changed: false
-		};
-		for (const [name, config] of Object.entries(requiredCommands)) if (!commands.has(name)) {
-			commands.set(name, config);
-			changed = true;
-		}
-		return {
-			content: changed ? doc.toString() : existing,
-			changed
-		};
-	} catch {
-		return {
-			content: existing,
-			changed: false
-		};
-	}
-}
-/**
-* Ensure required steps exist in a workflow job's steps array.
-* Only adds missing steps at the end — never modifies existing ones.
-* Returns unchanged content if the file has an opt-out comment or can't be parsed.
-*/
-function mergeWorkflowSteps(existing, jobName, requiredSteps) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		const steps = doc.getIn([
-			"jobs",
-			jobName,
-			"steps"
-		]);
-		if (!isSeq(steps)) return {
-			content: existing,
-			changed: false
-		};
-		let changed = false;
-		for (const { match, step } of requiredSteps) if (!steps.items.some((item) => {
-			if (!isMap(item)) return false;
-			if (match.run) {
-				const run = item.get("run");
-				return typeof run === "string" && run.includes(match.run);
-			}
-			if (match.uses) {
-				const uses = item.get("uses");
-				return typeof uses === "string" && uses.startsWith(match.uses);
-			}
-			return false;
-		})) {
-			steps.add(doc.createNode(step));
-			changed = true;
-		}
-		return {
-			content: changed ? doc.toString() : existing,
-			changed
-		};
-	} catch {
-		return {
-			content: existing,
-			changed: false
-		};
-	}
-}
-/**
-* Add a job to an existing workflow YAML if it doesn't already exist.
-* Returns unchanged content if the job already exists, the file has an opt-out comment,
-* or the document can't be parsed.
-*/
-function addWorkflowJob(existing, jobName, jobConfig) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		const jobs = doc.getIn(["jobs"]);
-		if (!isMap(jobs)) return {
-			content: existing,
-			changed: false
-		};
-		if (jobs.has(jobName)) return {
-			content: existing,
-			changed: false
-		};
-		jobs.set(jobName, doc.createNode(jobConfig));
-		return {
-			content: doc.toString(),
-			changed: true
+			action: "skipped",
+			description: "Only optional entries missing"
 		};
-	} catch {
 		return {
-			content: existing,
-			changed: false
+			filePath,
+			action: "updated",
+			description: `Appended ${String(missing.length)} missing entries`
 		};
 	}
+	ctx.write(filePath, ALL_ENTRIES.join("\n") + "\n");
+	return {
+		filePath,
+		action: "created",
+		description: "Generated .gitignore"
+	};
 }
 //#endregion
 //#region src/generators/ci.ts
-function hasEnginesNode$2(ctx) {
+/** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
+function actionsExpr$1(expr) {
+	return `\${{ ${expr} }}`;
+}
+const CI_CONCURRENCY = {
+	group: `ci-${actionsExpr$1("github.ref")}`,
+	"cancel-in-progress": true
+};
+function hasEnginesNode$1(ctx) {
 	const raw = ctx.read("package.json");
 	if (!raw) return false;
 	return typeof parsePackageJson(raw)?.engines?.["node"] === "string";
@@ -1309,6 +1537,10 @@ ${emailNotifications}on:
     branches: [main]
   pull_request:
 
+concurrency:
+  group: ci-${actionsExpr$1("github.ref")}
+  cancel-in-progress: true
+
 jobs:
   check:
     runs-on: ubuntu-latest
@@ -1364,15 +1596,16 @@ async function generateCi(ctx) {
 		description: "CI workflow not requested"
 	};
 	const isGitHub = ctx.config.ci === "github";
-	const nodeVersionYaml = hasEnginesNode$2(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
 	const filePath = isGitHub ? ".github/workflows/check.yml" : ".forgejo/workflows/check.yml";
 	const content = ciWorkflow(nodeVersionYaml, !isGitHub);
 	if (ctx.exists(filePath)) {
 		const existing = ctx.read(filePath);
 		if (existing) {
 			const merged = mergeWorkflowSteps(existing, "check", requiredCheckSteps(nodeVersionYaml));
-			const withComment = ensureSchemaComment(merged.content, isGitHub ? "github" : "forgejo");
-			if (merged.changed || withComment !== merged.content) {
+			const withConcurrency = ensureWorkflowConcurrency(merged.content, CI_CONCURRENCY);
+			const withComment = ensureSchemaComment(withConcurrency.content, isGitHub ? "github" : "forgejo");
+			if (merged.changed || withConcurrency.changed || withComment !== withConcurrency.content) {
 				ctx.write(filePath, withComment);
 				return {
 					filePath,
@@ -1841,13 +2074,13 @@ async function generateChangesets(ctx) {
 //#endregion
 //#region src/generators/release-ci.ts
 /** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
-function actionsExpr$1(expr) {
+function actionsExpr(expr) {
 	return `\${{ ${expr} }}`;
 }
-function hasEnginesNode$1(ctx) {
+function hasEnginesNode(ctx) {
 	return typeof ctx.packageJson?.["engines"]?.["node"] === "string";
 }
-function commonSteps(nodeVersionYaml) {
+function commonSteps(nodeVersionYaml, publishesNpm) {
 	return `      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -1855,18 +2088,18 @@ function commonSteps(nodeVersionYaml) {
       - uses: actions/setup-node@v4
         with:
           ${nodeVersionYaml}
-          cache: pnpm
-          registry-url: "https://registry.npmjs.org"
+          cache: pnpm${publishesNpm ? `\n          registry-url: "https://registry.npmjs.org"` : ""}
       - run: pnpm install --frozen-lockfile
       - run: pnpm build`;
 }
-function releaseItWorkflow(ci, nodeVersionYaml) {
+function releaseItWorkflow(ci, nodeVersionYaml, publishesNpm) {
 	const isGitHub = ci === "github";
 	const permissions = isGitHub ? `
 permissions:
   contents: write
 ` : "";
 	const tokenEnv = isGitHub ? `GITHUB_TOKEN: \${{ github.token }}` : `FORGEJO_TOKEN: \${{ secrets.FORGEJO_TOKEN }}`;
+	const npmEnv = publishesNpm ? `\n          NODE_AUTH_TOKEN: \${{ secrets.NPM_TOKEN }}` : "";
 	return `${workflowSchemaComment(ci)}name: Release
 on:
   workflow_dispatch:
@@ -1875,14 +2108,13 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-${commonSteps(nodeVersionYaml)}
+${commonSteps(nodeVersionYaml, publishesNpm)}
       - run: pnpm release-it --ci
         env:
-          ${tokenEnv}
-          NODE_AUTH_TOKEN: \${{ secrets.NPM_TOKEN }}
+          ${tokenEnv}${npmEnv}
 `;
 }
-function commitAndTagVersionWorkflow(ci, nodeVersionYaml) {
+function commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm) {
 	const isGitHub = ci === "github";
 	const permissions = isGitHub ? `
 permissions:
@@ -1912,52 +2144,69 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-${commonSteps(nodeVersionYaml)}${gitConfigStep}${releaseStep}
+${commonSteps(nodeVersionYaml, publishesNpm)}${gitConfigStep}${releaseStep}
 `;
 }
-function changesetsReleaseJobConfig(ci, nodeVersionYaml) {
+function changesetsReleaseJobConfig(ci, nodeVersionYaml, publishesNpm) {
 	const isGitHub = ci === "github";
 	const nodeWith = {
 		...nodeVersionYaml.startsWith("node-version-file") ? { "node-version-file": "package.json" } : { "node-version": "24" },
 		cache: "pnpm",
-		"registry-url": "https://registry.npmjs.org"
+		...publishesNpm && { "registry-url": "https://registry.npmjs.org" }
 	};
-	if (isGitHub) return {
-		needs: "check",
-		if: "github.ref == 'refs/heads/main'",
-		"runs-on": "ubuntu-latest",
-		permissions: {
-			contents: "write",
-			"pull-requests": "write"
-		},
-		steps: [
-			{
-				uses: "actions/checkout@v4",
-				with: { "fetch-depth": 0 }
+	if (isGitHub) {
+		const changesetsEnv = {
+			GITHUB_TOKEN: actionsExpr("github.token"),
+			...publishesNpm && { NPM_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
+		};
+		return {
+			needs: "check",
+			if: "github.ref == 'refs/heads/main'",
+			concurrency: {
+				group: "release",
+				"cancel-in-progress": false
 			},
-			{ uses: "pnpm/action-setup@v4" },
-			{
-				uses: "actions/setup-node@v4",
-				with: nodeWith
+			"runs-on": "ubuntu-latest",
+			permissions: {
+				contents: "write",
+				"pull-requests": "write"
 			},
-			{ run: "pnpm install --frozen-lockfile" },
-			{ run: "pnpm build" },
-			{
-				uses: "changesets/action@v1",
-				with: {
-					publish: "pnpm changeset publish",
-					version: "pnpm changeset version"
+			steps: [
+				{
+					uses: "actions/checkout@v4",
+					with: { "fetch-depth": 0 }
+				},
+				{ uses: "pnpm/action-setup@v4" },
+				{
+					uses: "actions/setup-node@v4",
+					with: nodeWith
 				},
-				env: {
-					GITHUB_TOKEN: actionsExpr$1("github.token"),
-					NPM_TOKEN: actionsExpr$1("secrets.NPM_TOKEN")
+				{ run: "pnpm install --frozen-lockfile" },
+				{ run: "pnpm build" },
+				{
+					uses: "changesets/action@v1",
+					with: {
+						publish: "pnpm changeset publish",
+						version: "pnpm changeset version"
+					},
+					env: changesetsEnv
 				}
-			}
-		]
+			]
+		};
+	}
+	const releaseEnv = {
+		FORGEJO_SERVER_URL: actionsExpr("github.server_url"),
+		FORGEJO_REPOSITORY: actionsExpr("github.repository"),
+		FORGEJO_TOKEN: actionsExpr("secrets.FORGEJO_TOKEN"),
+		...publishesNpm && { NODE_AUTH_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
 	};
 	return {
 		needs: "check",
 		if: "github.ref == 'refs/heads/main'",
+		concurrency: {
+			group: "release",
+			"cancel-in-progress": false
+		},
 		"runs-on": "ubuntu-latest",
 		steps: [
 			{
@@ -1977,18 +2226,13 @@ function changesetsReleaseJobConfig(ci, nodeVersionYaml) {
 			},
 			{
 				name: "Release",
-				env: {
-					FORGEJO_SERVER_URL: actionsExpr$1("github.server_url"),
-					FORGEJO_REPOSITORY: actionsExpr$1("github.repository"),
-					FORGEJO_TOKEN: actionsExpr$1("secrets.FORGEJO_TOKEN"),
-					NODE_AUTH_TOKEN: actionsExpr$1("secrets.NPM_TOKEN")
-				},
+				env: releaseEnv,
 				run: "pnpm exec tooling release:changesets"
 			}
 		]
 	};
 }
-function requiredReleaseSteps(strategy, nodeVersionYaml) {
+function requiredReleaseSteps(strategy, nodeVersionYaml, publishesNpm) {
 	const isNodeVersionFile = nodeVersionYaml.startsWith("node-version-file");
 	const steps = [
 		{
@@ -2009,7 +2253,7 @@ function requiredReleaseSteps(strategy, nodeVersionYaml) {
 				with: {
 					...isNodeVersionFile ? { "node-version-file": "package.json" } : { "node-version": "24" },
 					cache: "pnpm",
-					"registry-url": "https://registry.npmjs.org"
+					...publishesNpm && { "registry-url": "https://registry.npmjs.org" }
 				}
 			}
 		},
@@ -2044,23 +2288,23 @@ function requiredReleaseSteps(strategy, nodeVersionYaml) {
 	}
 	return steps;
 }
-function buildWorkflow(strategy, ci, nodeVersionYaml) {
+function buildWorkflow(strategy, ci, nodeVersionYaml, publishesNpm) {
 	switch (strategy) {
-		case "release-it": return releaseItWorkflow(ci, nodeVersionYaml);
-		case "simple": return commitAndTagVersionWorkflow(ci, nodeVersionYaml);
+		case "release-it": return releaseItWorkflow(ci, nodeVersionYaml, publishesNpm);
+		case "simple": return commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm);
 		default: return null;
 	}
 }
-function generateChangesetsReleaseCi(ctx) {
+function generateChangesetsReleaseCi(ctx, publishesNpm) {
 	const checkPath = ctx.config.ci === "github" ? ".github/workflows/check.yml" : ".forgejo/workflows/check.yml";
-	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const nodeVersionYaml = hasEnginesNode(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
 	const existing = ctx.read(checkPath);
 	if (!existing) return {
 		filePath: checkPath,
 		action: "skipped",
 		description: "CI workflow not found — run check generator first"
 	};
-	const addResult = addWorkflowJob(existing, "release", changesetsReleaseJobConfig(ctx.config.ci, nodeVersionYaml));
+	const addResult = addWorkflowJob(existing, "release", changesetsReleaseJobConfig(ctx.config.ci, nodeVersionYaml, publishesNpm));
 	if (addResult.changed) {
 		const withComment = ensureSchemaComment(addResult.content, ctx.config.ci);
 		ctx.write(checkPath, withComment);
@@ -2070,7 +2314,7 @@ function generateChangesetsReleaseCi(ctx) {
 			description: "Added release job to CI workflow"
 		};
 	}
-	const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps("changesets", nodeVersionYaml));
+	const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps("changesets", nodeVersionYaml, publishesNpm));
 	if (!merged.changed) return {
 		filePath: checkPath,
 		action: "skipped",
@@ -2091,11 +2335,12 @@ async function generateReleaseCi(ctx) {
 		action: "skipped",
 		description: "Release CI workflow not applicable"
 	};
-	if (ctx.config.releaseStrategy === "changesets") return generateChangesetsReleaseCi(ctx);
+	const publishesNpm = getPublishablePackages(ctx.targetDir, ctx.config.structure, ctx.packageJson).length > 0;
+	if (ctx.config.releaseStrategy === "changesets") return generateChangesetsReleaseCi(ctx, publishesNpm);
 	const isGitHub = ctx.config.ci === "github";
 	const workflowPath = isGitHub ? ".github/workflows/release.yml" : ".forgejo/workflows/release.yml";
-	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
-	const content = buildWorkflow(ctx.config.releaseStrategy, ctx.config.ci, nodeVersionYaml);
+	const nodeVersionYaml = hasEnginesNode(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const content = buildWorkflow(ctx.config.releaseStrategy, ctx.config.ci, nodeVersionYaml, publishesNpm);
 	if (!content) return {
 		filePath,
 		action: "skipped",
@@ -2109,7 +2354,7 @@ async function generateReleaseCi(ctx) {
 				action: "skipped",
 				description: "Release workflow already up to date"
 			};
-			const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps(ctx.config.releaseStrategy, nodeVersionYaml));
+			const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps(ctx.config.releaseStrategy, nodeVersionYaml, publishesNpm));
 			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
 			if (withComment === content) {
 				ctx.write(workflowPath, content);
@@ -2312,7 +2557,7 @@ const SCHEMA_NPM_PATH = "@bensandee/config/schemas/forgejo-workflow.schema.json"
 const SCHEMA_LOCAL_PATH = ".vscode/forgejo-workflow.schema.json";
 const SETTINGS_PATH = ".vscode/settings.json";
 const SCHEMA_GLOB = ".forgejo/workflows/*.{yml,yaml}";
-const VscodeSettingsSchema = z.object({ "yaml.schemas": z.record(z.string(), z.unknown()).default({}) }).passthrough();
+const VscodeSettingsSchema = z.object({ "yaml.schemas": z.record(z.string(), z.unknown()).default({}) }).loose();
 function readSchemaFromNodeModules(targetDir) {
 	const candidate = path.join(targetDir, "node_modules", SCHEMA_NPM_PATH);
 	if (!existsSync(candidate)) return void 0;
@@ -2410,148 +2655,6 @@ async function generateVscodeSettings(ctx) {
 	return results;
 }
 //#endregion
-//#region src/generators/deploy-ci.ts
-/** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
-function actionsExpr(expr) {
-	return `\${{ ${expr} }}`;
-}
-function hasEnginesNode(ctx) {
-	return typeof ctx.packageJson?.["engines"]?.["node"] === "string";
-}
-function deployWorkflow(ci, nodeVersionYaml) {
-	return `${workflowSchemaComment(ci)}name: Deploy
-on:
-  push:
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v4
-        with:
-          ${nodeVersionYaml}
-      - run: pnpm install --frozen-lockfile
-      - name: Publish Docker images
-        env:
-          DOCKER_REGISTRY_HOST: ${actionsExpr("vars.DOCKER_REGISTRY_HOST")}
-          DOCKER_REGISTRY_NAMESPACE: ${actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE")}
-          DOCKER_USERNAME: ${actionsExpr("secrets.DOCKER_USERNAME")}
-          DOCKER_PASSWORD: ${actionsExpr("secrets.DOCKER_PASSWORD")}
-        run: pnpm exec tooling docker:publish
-`;
-}
-function requiredDeploySteps() {
-	return [
-		{
-			match: { uses: "actions/checkout" },
-			step: { uses: "actions/checkout@v4" }
-		},
-		{
-			match: { uses: "pnpm/action-setup" },
-			step: { uses: "pnpm/action-setup@v4" }
-		},
-		{
-			match: { uses: "actions/setup-node" },
-			step: { uses: "actions/setup-node@v4" }
-		},
-		{
-			match: { run: "pnpm install" },
-			step: { run: "pnpm install --frozen-lockfile" }
-		},
-		{
-			match: { run: "docker:publish" },
-			step: { run: "pnpm exec tooling docker:publish" }
-		}
-	];
-}
-/** Convention paths to check for Dockerfiles. */
-const CONVENTION_DOCKERFILE_PATHS$1 = ["Dockerfile", "docker/Dockerfile"];
-const DockerMapSchema = z.object({ docker: z.record(z.string(), z.unknown()).optional() });
-/** Check whether any Docker packages exist by convention or .tooling.json config. */
-function hasDockerPackages(ctx) {
-	const configRaw = ctx.read(".tooling.json");
-	if (configRaw) {
-		const result = DockerMapSchema.safeParse(JSON.parse(configRaw));
-		if (result.success && result.data.docker && Object.keys(result.data.docker).length > 0) return true;
-	}
-	if (ctx.config.structure === "monorepo") {
-		const packages = getMonorepoPackages(ctx.targetDir);
-		for (const pkg of packages) {
-			const dirName = pkg.name.split("/").pop() ?? pkg.name;
-			for (const rel of CONVENTION_DOCKERFILE_PATHS$1) if (ctx.exists(`packages/${dirName}/${rel}`)) return true;
-		}
-	} else for (const rel of CONVENTION_DOCKERFILE_PATHS$1) if (ctx.exists(rel)) return true;
-	return false;
-}
-async function generateDeployCi(ctx) {
-	const filePath = "deploy-ci";
-	if (!hasDockerPackages(ctx) || ctx.config.ci === "none") return {
-		filePath,
-		action: "skipped",
-		description: "Deploy CI workflow not applicable"
-	};
-	const isGitHub = ctx.config.ci === "github";
-	const workflowPath = isGitHub ? ".github/workflows/publish.yml" : ".forgejo/workflows/publish.yml";
-	const nodeVersionYaml = hasEnginesNode(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
-	const content = deployWorkflow(ctx.config.ci, nodeVersionYaml);
-	if (ctx.exists(workflowPath)) {
-		const existing = ctx.read(workflowPath);
-		if (existing) {
-			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) return {
-				filePath: workflowPath,
-				action: "skipped",
-				description: "Deploy workflow already up to date"
-			};
-			const merged = mergeWorkflowSteps(existing, "deploy", requiredDeploySteps());
-			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
-			if (withComment === content) {
-				ctx.write(workflowPath, content);
-				return {
-					filePath: workflowPath,
-					action: "updated",
-					description: "Added missing steps to deploy workflow"
-				};
-			}
-			if (await ctx.confirmOverwrite(workflowPath) === "skip") {
-				if (merged.changed || withComment !== merged.content) {
-					ctx.write(workflowPath, withComment);
-					return {
-						filePath: workflowPath,
-						action: "updated",
-						description: "Added missing steps to deploy workflow"
-					};
-				}
-				return {
-					filePath: workflowPath,
-					action: "skipped",
-					description: "Existing deploy workflow preserved"
-				};
-			}
-			ctx.write(workflowPath, content);
-			return {
-				filePath: workflowPath,
-				action: "updated",
-				description: "Replaced deploy workflow with updated template"
-			};
-		}
-		return {
-			filePath: workflowPath,
-			action: "skipped",
-			description: "Deploy workflow already up to date"
-		};
-	}
-	ctx.write(workflowPath, content);
-	return {
-		filePath: workflowPath,
-		action: "created",
-		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions deploy workflow`
-	};
-}
-//#endregion
 //#region src/generators/pipeline.ts
 /** Run all generators sequentially and return their results. */
 async function runGenerators(ctx) {
@@ -2748,6 +2851,16 @@ function generateMigratePrompt(results, config, detected) {
 }
 //#endregion
 //#region src/commands/repo-init.ts
+/** Log what was detected so the user understands generator decisions. */
+function logDetectionSummary(ctx) {
+	const dockerNames = getDockerPackageNames(ctx);
+	if (dockerNames.length > 0) p.log.info(`Detected Docker packages: ${dockerNames.join(", ")}`);
+	if (ctx.config.releaseStrategy !== "none") {
+		const publishable = getPublishablePackages(ctx.targetDir, ctx.config.structure, ctx.packageJson);
+		if (publishable.length > 0) p.log.info(`Will publish npm packages: ${publishable.map((pkg) => pkg.name).join(", ")}`);
+		else p.log.info("No publishable npm packages — npm registry setup will be skipped");
+	}
+}
 async function runInit(config, options = {}) {
 	const detected = detectProject(config.targetDir);
 	const s = p.spinner();
@@ -2767,6 +2880,7 @@ async function runInit(config, options = {}) {
 		if (p.isCancel(result)) return "skip";
 		return result;
 	}));
+	logDetectionSummary(ctx);
 	s.start("Generating configuration files...");
 	const results = await runGenerators(ctx);
 	const alreadyArchived = new Set(results.filter((r) => r.action === "archived").map((r) => r.filePath));
@@ -2777,8 +2891,7 @@ async function runInit(config, options = {}) {
 	});
 	const created = results.filter((r) => r.action === "created");
 	const updated = results.filter((r) => r.action === "updated");
-	const archived = results.filter((r) => r.action === "archived");
-	if (!(created.length > 0 || updated.length > 0 || archived.length > 0) && options.noPrompt) {
+	if (!(created.length > 0 || updated.length > 0 || archivedFiles.length > 0) && options.noPrompt) {
 		s.stop("Repository is up to date.");
 		return results;
 	}
@@ -2792,7 +2905,6 @@ async function runInit(config, options = {}) {
 	const summaryLines = [];
 	if (created.length > 0) summaryLines.push(`Created: ${created.map((r) => r.filePath).join(", ")}`);
 	if (updated.length > 0) summaryLines.push(`Updated: ${updated.map((r) => r.filePath).join(", ")}`);
-	if (archived.length > 0) summaryLines.push(`Archived: ${archived.map((r) => r.filePath).join(", ")}`);
 	p.note(summaryLines.join("\n"), "Summary");
 	if (!options.noPrompt) {
 		const prompt = generateMigratePrompt(results, config, detected);
@@ -2887,6 +2999,7 @@ async function runCheck(targetDir) {
 	const saved = loadToolingConfig(targetDir);
 	const detected = buildDefaultConfig(targetDir, {});
 	const { ctx, pendingWrites } = createDryRunContext(saved ? mergeWithSavedConfig(detected, saved) : detected);
+	logDetectionSummary(ctx);
 	const actionable = (await runGenerators(ctx)).filter((r) => {
 		if (r.action !== "created" && r.action !== "updated") return false;
 		const newContent = pendingWrites.get(r.filePath);
@@ -3803,7 +3916,7 @@ const CHECKS = [
 	},
 	{ name: "knip" },
 	{ name: "tooling:check" },
-	{ name: "image:check" }
+	{ name: "docker:check" }
 ];
 function defaultGetScripts(targetDir) {
 	try {
@@ -3870,7 +3983,7 @@ function runRunChecks(targetDir, options = {}) {
 const runChecksCommand = defineCommand({
 	meta: {
 		name: "checks:run",
-		description: "Run all standard checks (build, typecheck, lint, test, format, knip, tooling:check, image:check)"
+		description: "Run all standard checks (build, typecheck, lint, test, format, knip, tooling:check, docker:check)"
 	},
 	args: {
 		dir: {
@@ -3880,7 +3993,7 @@ const runChecksCommand = defineCommand({
 		},
 		skip: {
 			type: "string",
-			description: "Comma-separated list of checks to skip (build, typecheck, lint, test, format, knip, tooling:check, image:check)",
+			description: "Comma-separated list of checks to skip (build, typecheck, lint, test, format, knip, tooling:check, docker:check)",
 			required: false
 		},
 		add: {
@@ -4073,7 +4186,7 @@ function generateTags(version) {
 function imageRef(namespace, imageName, tag) {
 	return `${namespace}/${imageName}:${tag}`;
 }
-function log(message) {
+function log$1(message) {
 	console.log(message);
 }
 function debug(verbose, message) {
@@ -4114,22 +4227,22 @@ function runDockerBuild(executor, config) {
 	const repoName = readRepoName(executor, config.cwd);
 	if (config.packageDir) {
 		const pkg = readSinglePackageDocker(executor, config.cwd, config.packageDir, repoName);
-		log(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		log$1(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
 		buildImage(executor, pkg, config.cwd, config.verbose, config.extraArgs);
-		log(`Built ${pkg.imageName}:latest`);
+		log$1(`Built ${pkg.imageName}:latest`);
 		return { packages: [pkg] };
 	}
 	const packages = detectDockerPackages(executor, config.cwd, repoName);
 	if (packages.length === 0) {
-		log("No packages with docker config found");
+		log$1("No packages with docker config found");
 		return { packages: [] };
 	}
-	log(`Found ${packages.length} Docker package(s): ${packages.map((p) => p.dir).join(", ")}`);
+	log$1(`Found ${packages.length} Docker package(s): ${packages.map((p) => p.dir).join(", ")}`);
 	for (const pkg of packages) {
-		log(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		log$1(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
 		buildImage(executor, pkg, config.cwd, config.verbose, config.extraArgs);
 	}
-	log(`Built ${packages.length} image(s)`);
+	log$1(`Built ${packages.length} image(s)`);
 	return { packages };
 }
 /**
@@ -4153,35 +4266,35 @@ function runDockerPublish(executor, config) {
 	};
 	for (const pkg of packages) if (!pkg.version) throw new FatalError(`Package ${pkg.dir} has docker config but no version in package.json`);
 	if (!config.dryRun) {
-		log(`Logging in to ${config.registryHost}...`);
+		log$1(`Logging in to ${config.registryHost}...`);
 		const loginResult = executor.exec(`echo "${config.password}" | docker login ${config.registryHost} -u ${config.username} --password-stdin`);
 		if (loginResult.exitCode !== 0) throw new FatalError(`Docker login failed: ${loginResult.stderr}`);
-	} else log("[dry-run] Skipping docker login");
+	} else log$1("[dry-run] Skipping docker login");
 	const allTags = [];
 	try {
 		for (const pkg of packages) {
 			const tags = generateTags(pkg.version ?? "");
-			log(`${pkg.dir} v${pkg.version} → tags: ${tags.join(", ")}`);
+			log$1(`${pkg.dir} v${pkg.version} → tags: ${tags.join(", ")}`);
 			for (const tag of tags) {
 				const ref = imageRef(config.registryNamespace, pkg.imageName, tag);
 				allTags.push(ref);
-				log(`Tagging ${pkg.imageName} → ${ref}`);
+				log$1(`Tagging ${pkg.imageName} → ${ref}`);
 				const tagResult = executor.exec(`docker tag ${pkg.imageName} ${ref}`);
 				if (tagResult.exitCode !== 0) throw new FatalError(`docker tag failed: ${tagResult.stderr}`);
 				if (!config.dryRun) {
-					log(`Pushing ${ref}...`);
+					log$1(`Pushing ${ref}...`);
 					const pushResult = executor.exec(`docker push ${ref}`);
 					if (pushResult.exitCode !== 0) throw new FatalError(`docker push failed: ${pushResult.stderr}`);
-				} else log(`[dry-run] Skipping push for ${ref}`);
+				} else log$1(`[dry-run] Skipping push for ${ref}`);
 			}
 		}
 	} finally {
 		if (!config.dryRun) {
-			log(`Logging out from ${config.registryHost}...`);
+			log$1(`Logging out from ${config.registryHost}...`);
 			executor.exec(`docker logout ${config.registryHost}`);
 		}
 	}
-	log(`Published ${allTags.length} image tag(s)`);
+	log$1(`Published ${allTags.length} image tag(s)`);
 	return {
 		packages,
 		tags: allTags
@@ -4257,7 +4370,7 @@ const dockerBuildCommand = defineCommand({
 	}
 });
 //#endregion
-//#region src/docker-verify/detect.ts
+//#region src/docker-check/detect.ts
 /** Compose file names to scan, in priority order. */
 const COMPOSE_FILE_CANDIDATES = [
 	"docker-compose.yaml",
@@ -4269,15 +4382,30 @@ const COMPOSE_FILE_CANDIDATES = [
 const ComposePortSchema = z.union([z.string(), z.object({
 	published: z.union([z.string(), z.number()]),
 	target: z.union([z.string(), z.number()]).optional()
-}).passthrough()]);
+}).loose()]);
 const ComposeServiceSchema = z.object({
+	image: z.string().optional(),
 	ports: z.array(ComposePortSchema).optional(),
 	healthcheck: z.unknown().optional()
-}).passthrough();
-const ComposeFileSchema = z.object({ services: z.record(z.string(), ComposeServiceSchema).optional() }).passthrough();
-/** Detect which compose files exist at conventional paths. */
+}).loose();
+const ComposeFileSchema = z.object({ services: z.record(z.string(), ComposeServiceSchema).optional() }).loose();
+/** Directories to scan for compose files, in priority order. */
+const COMPOSE_DIR_CANDIDATES = [".", "docker"];
+/** Detect which compose files exist at conventional paths.
+*  Returns the resolved directory and the matching file names. */
 function detectComposeFiles(cwd) {
-	return COMPOSE_FILE_CANDIDATES.filter((name) => existsSync(path.join(cwd, name)));
+	for (const dir of COMPOSE_DIR_CANDIDATES) {
+		const absDir = path.resolve(cwd, dir);
+		const files = COMPOSE_FILE_CANDIDATES.filter((name) => existsSync(path.join(absDir, name)));
+		if (files.length > 0) return {
+			dir: absDir,
+			files
+		};
+	}
+	return {
+		dir: cwd,
+		files: []
+	};
 }
 /** Parse a single port mapping string and extract the host port. */
 function parsePortString(port) {
@@ -4331,6 +4459,7 @@ function parseComposeServices(cwd, composeFiles) {
 			}
 			serviceMap.set(name, {
 				name,
+				image: existing?.image ?? service.image,
 				hostPort,
 				hasHealthcheck: existing?.hasHealthcheck ?? service.healthcheck !== void 0
 			});
@@ -4338,6 +4467,15 @@ function parseComposeServices(cwd, composeFiles) {
 	}
 	return [...serviceMap.values()];
 }
+/** Extract deduplicated bare image names (without tags) from parsed services. */
+function extractComposeImageNames(services) {
+	const names = /* @__PURE__ */ new Set();
+	for (const service of services) if (service.image) {
+		const bare = service.image.split(":")[0];
+		if (bare) names.add(bare);
+	}
+	return [...names];
+}
 /** Generate health checks from parsed services: services with exposed ports get HTTP checks, unless they define a compose-level healthcheck. */
 function deriveHealthChecks(services) {
 	return services.filter((s) => s.hostPort !== void 0 && !s.hasHealthcheck).map((s) => ({
@@ -4345,20 +4483,81 @@ function deriveHealthChecks(services) {
 		url: `http://localhost:${String(s.hostPort)}/`
 	}));
 }
+/** Check overlay file name patterns, matched against the base compose file name. */
+const CHECK_OVERLAY_PATTERNS = [(base) => base.replace(/\.(yaml|yml)$/, `.check.$1`)];
+/** Detect a user-provided check overlay file alongside the base compose file. */
+function detectCheckOverlay(dir, baseFile) {
+	for (const pattern of CHECK_OVERLAY_PATTERNS) {
+		const candidate = pattern(baseFile);
+		if (existsSync(path.join(dir, candidate))) return candidate;
+	}
+}
+/** Detect a check env file in the compose directory. */
+function detectCheckEnvFile(dir) {
+	if (existsSync(path.join(dir, "docker-compose.check.env"))) return "docker-compose.check.env";
+}
+/** Fast healthcheck intervals for the generated check overlay. */
+const CHECK_HEALTHCHECK = {
+	interval: "5s",
+	timeout: "5s",
+	retries: 12,
+	start_period: "10s",
+	start_interval: "5s"
+};
+/**
+* Generate a check overlay YAML string from parsed services.
+* Sets `restart: "no"` on all services, and overrides healthcheck intervals
+* for services that define a healthcheck in the base compose file.
+*/
+function generateCheckOverlay(services) {
+	const serviceOverrides = {};
+	for (const service of services) {
+		const override = { restart: "no" };
+		if (service.hasHealthcheck) override["healthcheck"] = { ...CHECK_HEALTHCHECK };
+		serviceOverrides[service.name] = override;
+	}
+	return stringify({ services: serviceOverrides });
+}
 /** Auto-detect compose config from conventional file locations. */
-function computeVerifyDefaults(cwd) {
-	const composeFiles = detectComposeFiles(cwd);
-	if (composeFiles.length === 0) return {};
-	const services = parseComposeServices(cwd, composeFiles);
+function computeCheckDefaults(cwd) {
+	const { dir, files } = detectComposeFiles(cwd);
+	if (files.length === 0) return {};
+	const baseFile = files[0];
+	const checkOverlay = baseFile ? detectCheckOverlay(dir, baseFile) : void 0;
+	const envFile = detectCheckEnvFile(dir);
+	const services = parseComposeServices(dir, files);
 	const healthChecks = deriveHealthChecks(services);
 	return {
-		composeFiles,
+		composeCwd: dir !== cwd ? dir : void 0,
+		composeFiles: files,
+		checkOverlay,
+		envFile,
 		services: services.map((s) => s.name),
 		healthChecks: healthChecks.length > 0 ? healthChecks : void 0
 	};
 }
+/** Create a DockerFileReader backed by the real filesystem. */
+function createFileReader() {
+	return {
+		listPackageDirs(cwd) {
+			const packagesDir = path.join(cwd, "packages");
+			try {
+				return readdirSync(packagesDir, { withFileTypes: true }).filter((entry) => entry.isDirectory()).map((entry) => entry.name);
+			} catch {
+				return [];
+			}
+		},
+		readFile(filePath) {
+			try {
+				return readFileSync(filePath, "utf-8");
+			} catch {
+				return null;
+			}
+		}
+	};
+}
 //#endregion
-//#region src/commands/docker-verify.ts
+//#region src/commands/docker-check.ts
 /** Convert declarative health checks to functional ones. */
 function toHttpHealthChecks(checks) {
 	return checks.map((check) => ({
@@ -4367,10 +4566,23 @@ function toHttpHealthChecks(checks) {
 		validate: async (res) => check.status ? res.status === check.status : res.ok
 	}));
 }
-const dockerVerifyCommand = defineCommand({
+/** Write the generated check overlay to a temp file. Returns the absolute path. */
+function writeTempOverlay(content) {
+	const name = `tooling-check-overlay-${process.pid}.yaml`;
+	const filePath = path.join(tmpdir(), name);
+	writeFileSync(filePath, content, "utf-8");
+	return filePath;
+}
+function log(message) {
+	console.log(message);
+}
+function warn(message) {
+	console.warn(message);
+}
+const dockerCheckCommand = defineCommand({
 	meta: {
-		name: "docker:verify",
-		description: "Verify Docker Compose stack health by auto-detecting services from compose files"
+		name: "docker:check",
+		description: "Check Docker Compose stack health by auto-detecting services from compose files"
 	},
 	args: {
 		timeout: {
@@ -4384,24 +4596,59 @@ const dockerVerifyCommand = defineCommand({
 	},
 	async run({ args }) {
 		const cwd = process.cwd();
-		const defaults = computeVerifyDefaults(cwd);
-		if (!defaults.composeFiles || defaults.composeFiles.length === 0) throw new FatalError("No compose files found. Expected docker-compose.yaml or compose.yaml.");
+		if (loadToolingConfig(cwd)?.dockerCheck === false) {
+			log("Docker check is disabled in .tooling.json");
+			return;
+		}
+		const defaults = computeCheckDefaults(cwd);
+		if (!defaults.composeFiles || defaults.composeFiles.length === 0) throw new FatalError("No compose files found. Expected docker-compose.yaml or compose.yaml in ./ or docker/.");
+		if (!defaults.checkOverlay) {
+			const composeCwd = defaults.composeCwd ?? cwd;
+			const expectedOverlay = (defaults.composeFiles[0] ?? "docker-compose.yaml").replace(/\.(yaml|yml)$/, ".check.$1");
+			warn(`Compose files found but no check overlay. Create ${path.relative(cwd, path.join(composeCwd, expectedOverlay))} to enable docker:check.`);
+			warn("To suppress this warning, set \"dockerCheck\": false in .tooling.json.");
+			return;
+		}
 		if (!defaults.services || defaults.services.length === 0) throw new FatalError("No services found in compose files.");
-		const config = {
-			compose: {
-				cwd,
-				composeFiles: defaults.composeFiles,
-				envFile: defaults.envFile,
-				services: defaults.services
-			},
-			buildCommand: defaults.buildCommand,
-			buildCwd: defaults.buildCwd,
-			healthChecks: defaults.healthChecks ? toHttpHealthChecks(defaults.healthChecks) : [],
-			timeoutMs: args.timeout ? Number.parseInt(args.timeout, 10) : defaults.timeoutMs,
-			pollIntervalMs: args["poll-interval"] ? Number.parseInt(args["poll-interval"], 10) : defaults.pollIntervalMs
-		};
-		const result = await runVerification(createRealExecutor$1(), config);
-		if (!result.success) throw new FatalError(`Verification failed (${result.reason}): ${result.message}`);
+		const composeCwd = defaults.composeCwd ?? cwd;
+		const services = parseComposeServices(composeCwd, defaults.composeFiles);
+		const fileReader = createFileReader();
+		const rootPkgRaw = fileReader.readFile(path.join(cwd, "package.json"));
+		if (rootPkgRaw) {
+			const rootPkg = parsePackageJson(rootPkgRaw);
+			if (rootPkg?.name) {
+				const dockerPackages = detectDockerPackages(fileReader, cwd, rootPkg.name);
+				const composeImages = extractComposeImageNames(services);
+				for (const pkg of dockerPackages) if (!composeImages.some((img) => img === pkg.imageName || img.endsWith(`/${pkg.imageName}`))) warn(`Docker package "${pkg.dir}" (image: ${pkg.imageName}) is not referenced in any compose service.`);
+			}
+		}
+		const tempOverlayPath = writeTempOverlay(generateCheckOverlay(services));
+		const composeFiles = [
+			...defaults.composeFiles,
+			tempOverlayPath,
+			defaults.checkOverlay
+		];
+		try {
+			const config = {
+				compose: {
+					cwd: composeCwd,
+					composeFiles,
+					envFile: defaults.envFile,
+					services: defaults.services
+				},
+				buildCommand: defaults.buildCommand,
+				buildCwd: defaults.buildCwd,
+				healthChecks: defaults.healthChecks ? toHttpHealthChecks(defaults.healthChecks) : [],
+				timeoutMs: args.timeout ? Number.parseInt(args.timeout, 10) : defaults.timeoutMs,
+				pollIntervalMs: args["poll-interval"] ? Number.parseInt(args["poll-interval"], 10) : defaults.pollIntervalMs
+			};
+			const result = await runDockerCheck(createRealExecutor$1(), config);
+			if (!result.success) throw new FatalError(`Check failed (${result.reason}): ${result.message}`);
+		} finally {
+			try {
+				unlinkSync(tempOverlayPath);
+			} catch (_error) {}
+		}
 	}
 });
 //#endregion
@@ -4409,7 +4656,7 @@ const dockerVerifyCommand = defineCommand({
 const main = defineCommand({
 	meta: {
 		name: "tooling",
-		version: "0.18.0",
+		version: "0.21.0",
 		description: "Bootstrap and maintain standardized TypeScript project tooling"
 	},
 	subCommands: {
@@ -4422,10 +4669,10 @@ const main = defineCommand({
 		"release:simple": releaseSimpleCommand,
 		"docker:publish": publishDockerCommand,
 		"docker:build": dockerBuildCommand,
-		"docker:verify": dockerVerifyCommand
+		"docker:check": dockerCheckCommand
 	}
 });
-console.log(`@bensandee/tooling v0.18.0`);
+console.log(`@bensandee/tooling v0.21.0`);
 runMain(main);
 //#endregion
 export {};