@bensandee/tooling 0.33.0 → 0.35.0

package/dist/bin.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
-import { l as createRealExecutor$1, t as runDockerCheck, u as isExecSyncError } from "./check-B2AAPCBO.mjs";
+import { d as debug, f as debugExec, h as note, l as createRealExecutor$1, m as log, p as isEnvVerbose, t as runDockerCheck, u as isExecSyncError } from "./check-Ceom_OgJ.mjs";
 import { defineCommand, runMain } from "citty";
-import * as clack from "@clack/prompts";
+import * as p from "@clack/prompts";
 import { isCancel, select } from "@clack/prompts";
 import path from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, unlinkSync, writeFileSync } from "node:fs";
@@ -10,25 +10,9 @@ import JSON5 from "json5";
 import { parse } from "jsonc-parser";
 import { z } from "zod";
 import { FatalError, TransientError, UnexpectedError } from "@bensandee/common";
-import { isMap, isScalar, isSeq, parse as parse$1, parseDocument, stringify } from "yaml";
+import { isMap, isScalar, parse as parse$1, parseDocument, stringify, visit } from "yaml";
 import picomatch from "picomatch";
 import { tmpdir } from "node:os";
-//#region src/utils/log.ts
-const out = (msg) => console.log(msg);
-const isCI = Boolean(process.env["CI"]);
-const log$2 = isCI ? {
-	info: out,
-	warn: (msg) => out(`[warn] ${msg}`),
-	error: (msg) => out(`[error] ${msg}`),
-	success: (msg) => out(`✓ ${msg}`)
-} : clack.log;
-function note(body, title) {
-	if (isCI) {
-		if (title) out(`--- ${title} ---`);
-		out(body);
-	} else clack.note(body, title);
-}
-//#endregion
 //#region src/types.ts
 const LEGACY_TOOLS = [
 	"eslint",
@@ -312,7 +296,7 @@ function getMonorepoPackages(targetDir) {
 //#endregion
 //#region src/prompts/init-prompts.ts
 function isCancelled(value) {
-	return clack.isCancel(value);
+	return p.isCancel(value);
 }
 function detectProjectInfo(targetDir) {
 	const existingPkg = readPackageJson(targetDir);
@@ -323,7 +307,7 @@ function detectProjectInfo(targetDir) {
 	};
 }
 async function runInitPrompts(targetDir, saved) {
-	clack.intro("@bensandee/tooling repo:sync");
+	p.intro("@bensandee/tooling repo:sync");
 	const { detected, defaults, name } = detectProjectInfo(targetDir);
 	const isFirstInit = !saved;
 	const structure = saved?.structure ?? defaults.structure;
@@ -336,7 +320,7 @@ async function runInitPrompts(targetDir, saved) {
 	const projectType = saved?.projectType ?? defaults.projectType;
 	const detectPackageTypes = saved?.detectPackageTypes ?? defaults.detectPackageTypes;
 	if (detected.legacyConfigs.some((l) => l.tool === "prettier") && isFirstInit) {
-		const formatterAnswer = await clack.select({
+		const formatterAnswer = await p.select({
 			message: "Existing Prettier config found. Keep Prettier or migrate to oxfmt?",
 			initialValue: "prettier",
 			options: [{
@@ -349,14 +333,14 @@ async function runInitPrompts(targetDir, saved) {
 			}]
 		});
 		if (isCancelled(formatterAnswer)) {
-			clack.cancel("Cancelled.");
+			p.cancel("Cancelled.");
 			process.exit(0);
 		}
 		formatter = formatterAnswer;
 	}
 	const detectedCi = detectCiPlatform(targetDir);
 	if (isFirstInit && detectedCi === "none") {
-		const ciAnswer = await clack.select({
+		const ciAnswer = await p.select({
 			message: "CI workflow",
 			initialValue: "forgejo",
 			options: [
@@ -375,14 +359,14 @@ async function runInitPrompts(targetDir, saved) {
 			]
 		});
 		if (isCancelled(ciAnswer)) {
-			clack.cancel("Cancelled.");
+			p.cancel("Cancelled.");
 			process.exit(0);
 		}
 		ci = ciAnswer;
 	}
 	const hasExistingRelease = detected.hasReleaseItConfig || detected.hasSimpleReleaseConfig || detected.hasChangesetsConfig;
 	if (isFirstInit && !hasExistingRelease) {
-		const releaseAnswer = await clack.select({
+		const releaseAnswer = await p.select({
 			message: "Release management",
 			initialValue: defaults.releaseStrategy,
 			options: [
@@ -408,7 +392,7 @@ async function runInitPrompts(targetDir, saved) {
 			]
 		});
 		if (isCancelled(releaseAnswer)) {
-			clack.cancel("Cancelled.");
+			p.cancel("Cancelled.");
 			process.exit(0);
 		}
 		releaseStrategy = releaseAnswer;
@@ -416,12 +400,12 @@ async function runInitPrompts(targetDir, saved) {
 	let publishNpm = saved?.publishNpm ?? false;
 	if (isFirstInit && releaseStrategy !== "none") {
 		if (getPublishablePackages(targetDir, structure).length > 0) {
-			const answer = await clack.confirm({
+			const answer = await p.confirm({
 				message: "Publish packages to npm?",
 				initialValue: false
 			});
 			if (isCancelled(answer)) {
-				clack.cancel("Cancelled.");
+				p.cancel("Cancelled.");
 				process.exit(0);
 			}
 			publishNpm = answer;
@@ -430,18 +414,18 @@ async function runInitPrompts(targetDir, saved) {
 	let publishDocker = saved?.publishDocker ?? false;
 	if (isFirstInit) {
 		if (existsSync(path.join(targetDir, "Dockerfile")) || existsSync(path.join(targetDir, "docker/Dockerfile"))) {
-			const answer = await clack.confirm({
+			const answer = await p.confirm({
 				message: "Publish Docker images to a registry?",
 				initialValue: false
 			});
 			if (isCancelled(answer)) {
-				clack.cancel("Cancelled.");
+				p.cancel("Cancelled.");
 				process.exit(0);
 			}
 			publishDocker = answer;
 		}
 	}
-	clack.outro("Configuration complete!");
+	p.outro("Configuration complete!");
 	return {
 		name,
 		structure,
@@ -859,9 +843,6 @@ function generateTags(version) {
 function imageRef(namespace, imageName, tag) {
 	return `${namespace}/${imageName}:${tag}`;
 }
-function log$1(message) {
-	console.log(message);
-}
 /** Read the repo name from root package.json. */
 function readRepoName(executor, cwd) {
 	const rootPkgRaw = executor.readFile(path.join(cwd, "package.json"));
@@ -894,22 +875,24 @@ function runDockerBuild(executor, config) {
 	const repoName = readRepoName(executor, config.cwd);
 	if (config.packageDir) {
 		const pkg = readSinglePackageDocker(executor, config.cwd, config.packageDir, repoName);
-		log$1(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		log.info(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		debug(config, `Dockerfile: ${pkg.docker.dockerfile}, context: ${pkg.docker.context}`);
 		buildImage(executor, pkg, config.cwd, config.extraArgs);
-		log$1(`Built ${pkg.imageName}:latest`);
+		log.info(`Built ${pkg.imageName}:latest`);
 		return { packages: [pkg] };
 	}
 	const packages = detectDockerPackages(executor, config.cwd, repoName);
 	if (packages.length === 0) {
-		log$1("No packages with docker config found");
+		log.info("No packages with docker config found");
 		return { packages: [] };
 	}
-	log$1(`Found ${packages.length} Docker package(s): ${packages.map((p) => p.dir).join(", ")}`);
+	log.info(`Found ${String(packages.length)} Docker package(s): ${packages.map((p) => p.dir).join(", ")}`);
 	for (const pkg of packages) {
-		log$1(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		log.info(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		debug(config, `Dockerfile: ${pkg.docker.dockerfile}, context: ${pkg.docker.context}`);
 		buildImage(executor, pkg, config.cwd, config.extraArgs);
 	}
-	log$1(`Built ${packages.length} image(s)`);
+	log.info(`Built ${String(packages.length)} image(s)`);
 	return { packages };
 }
 /**
@@ -924,7 +907,8 @@ function runDockerPublish(executor, config) {
 	const { packages } = runDockerBuild(executor, {
 		cwd: config.cwd,
 		packageDir: void 0,
-		extraArgs: []
+		extraArgs: [],
+		verbose: config.verbose
 	});
 	if (packages.length === 0) return {
 		packages: [],
@@ -932,35 +916,38 @@ function runDockerPublish(executor, config) {
 	};
 	for (const pkg of packages) if (!pkg.version) throw new FatalError(`Package ${pkg.dir} has docker config but no version in package.json`);
 	if (!config.dryRun) {
-		log$1(`Logging in to ${config.registryHost}...`);
+		log.info(`Logging in to ${config.registryHost}...`);
 		const loginResult = executor.exec(`echo "${config.password}" | docker login ${config.registryHost} -u ${config.username} --password-stdin`);
+		debugExec(config, "docker login", loginResult);
 		if (loginResult.exitCode !== 0) throw new FatalError(`Docker login failed: ${loginResult.stderr}`);
-	} else log$1("[dry-run] Skipping docker login");
+	} else log.info("[dry-run] Skipping docker login");
 	const allTags = [];
 	try {
 		for (const pkg of packages) {
 			const tags = generateTags(pkg.version ?? "");
-			log$1(`${pkg.dir} v${pkg.version} → tags: ${tags.join(", ")}`);
+			log.info(`${pkg.dir} v${pkg.version} → tags: ${tags.join(", ")}`);
 			for (const tag of tags) {
 				const ref = imageRef(config.registryNamespace, pkg.imageName, tag);
 				allTags.push(ref);
-				log$1(`Tagging ${pkg.imageName} → ${ref}`);
+				log.info(`Tagging ${pkg.imageName} → ${ref}`);
 				const tagResult = executor.exec(`docker tag ${pkg.imageName} ${ref}`);
+				debugExec(config, `docker tag ${pkg.imageName} ${ref}`, tagResult);
 				if (tagResult.exitCode !== 0) throw new FatalError(`docker tag failed: ${tagResult.stderr}`);
 				if (!config.dryRun) {
-					log$1(`Pushing ${ref}...`);
+					log.info(`Pushing ${ref}...`);
 					const pushResult = executor.exec(`docker push ${ref}`);
+					debugExec(config, `docker push ${ref}`, pushResult);
 					if (pushResult.exitCode !== 0) throw new FatalError(`docker push failed: ${pushResult.stderr}`);
-				} else log$1(`[dry-run] Skipping push for ${ref}`);
+				} else log.info(`[dry-run] Skipping push for ${ref}`);
 			}
 		}
 	} finally {
 		if (!config.dryRun) {
-			log$1(`Logging out from ${config.registryHost}...`);
+			log.info(`Logging out from ${config.registryHost}...`);
 			executor.exec(`docker logout ${config.registryHost}`);
 		}
 	}
-	log$1(`Published ${allTags.length} image tag(s)`);
+	log.info(`Published ${String(allTags.length)} image tag(s)`);
 	return {
 		packages,
 		tags: allTags
@@ -976,10 +963,6 @@ function ensureSchemaComment(content, ci) {
 	if (content.includes("yaml-language-server")) return content;
 	return FORGEJO_SCHEMA_COMMENT + content;
 }
-/** Migrate content from old tooling binary name to new. */
-function migrateToolingBinary(content) {
-	return content.replaceAll("pnpm exec tooling ", "pnpm exec bst ");
-}
 /** Check if a YAML file has an opt-out comment in the first 10 lines. */
 function isToolingIgnored(content) {
 	return content.split("\n", 10).some((line) => line.includes(IGNORE_PATTERN));
@@ -1024,14 +1007,42 @@ function mergeLefthookCommands(existing, requiredCommands) {
 		};
 	}
 }
-/** Extract only the mergeable steps (those with a match) as RequiredSteps. */
-function toRequiredSteps(steps) {
-	return steps.filter((s) => s.match !== void 0).map((s) => ({
-		match: s.match,
-		step: s.step
-	}));
+/**
+* Normalize a workflow YAML string for comparison purposes.
+* Parses the YAML DOM to strip action versions from `uses:` values and remove all comments,
+* then re-serializes so that pinned hashes, older tags, or formatting differences
+* don't cause unnecessary overwrites.
+*/
+function normalizeWorkflow(content) {
+	const doc = parseDocument(content.replaceAll(/node\s+packages\/tooling-cli\/dist\/bin\.mjs/g, "pnpm exec bst"));
+	doc.comment = null;
+	doc.commentBefore = null;
+	visit(doc, {
+		Node(_key, node) {
+			if ("comment" in node) node.comment = null;
+			if ("commentBefore" in node) node.commentBefore = null;
+		},
+		Pair(_key, node) {
+			if (isScalar(node.key) && node.key.value === "uses" && isScalar(node.value) && typeof node.value.value === "string") node.value.value = node.value.value.replace(/@.*$/, "");
+		}
+	});
+	return doc.toString({
+		lineWidth: 0,
+		nullStr: ""
+	});
 }
-/** Build a complete workflow YAML string from structured options. Single source of truth for both new files and merge steps. */
+const DEV_BINARY_PATTERN = /node\s+packages\/tooling-cli\/dist\/bin\.mjs/;
+/**
+* If the existing file uses the dev binary path (`node packages/tooling-cli/dist/bin.mjs`),
+* substitute it back into the generated content so we don't overwrite it with `pnpm exec bst`.
+*/
+function preserveDevBinaryPath(generated, existing) {
+	if (!existing) return generated;
+	const match = DEV_BINARY_PATTERN.exec(existing);
+	if (!match) return generated;
+	return generated.replaceAll("pnpm exec bst", match[0]);
+}
+/** Build a complete workflow YAML string from structured options. Single source of truth for workflow files. */
 function buildWorkflowYaml(options) {
 	const doc = { name: options.name };
 	if (options.enableEmailNotifications) doc["enable-email-notifications"] = true;
@@ -1045,132 +1056,7 @@ function buildWorkflowYaml(options) {
 	return ensureSchemaComment(stringify(doc, {
 		lineWidth: 0,
 		nullStr: ""
-	}), options.ci);
-}
-/**
-* Ensure required steps exist in a workflow job's steps array.
-* Only adds missing steps at the end — never modifies existing ones.
-* Returns unchanged content if the file has an opt-out comment or can't be parsed.
-*/
-function mergeWorkflowSteps(existing, jobName, requiredSteps) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		const steps = doc.getIn([
-			"jobs",
-			jobName,
-			"steps"
-		]);
-		if (!isSeq(steps)) return {
-			content: existing,
-			changed: false
-		};
-		let changed = false;
-		for (const { match, step } of requiredSteps) if (!steps.items.some((item) => {
-			if (!isMap(item)) return false;
-			if (match.run) {
-				const run = item.get("run");
-				return typeof run === "string" && run.includes(match.run);
-			}
-			if (match.uses) {
-				const uses = item.get("uses");
-				return typeof uses === "string" && uses.startsWith(match.uses);
-			}
-			return false;
-		})) {
-			steps.add(doc.createNode(step));
-			changed = true;
-		}
-		return {
-			content: changed ? doc.toString() : existing,
-			changed
-		};
-	} catch {
-		return {
-			content: existing,
-			changed: false
-		};
-	}
-}
-/**
-* Add a job to an existing workflow YAML if it doesn't already exist.
-* Returns unchanged content if the job already exists, the file has an opt-out comment,
-* or the document can't be parsed.
-*/
-/**
-* Ensure a `concurrency` block exists at the workflow top level.
-* Adds it if missing — never modifies an existing one.
-* Returns unchanged content if the file has an opt-out comment or can't be parsed.
-*/
-/**
-* Ensure `on.push` has `tags-ignore: ["**"]` so tag pushes don't trigger CI.
-* Only adds the filter when `on.push` exists and `tags-ignore` is absent.
-*/
-function ensureWorkflowTagsIgnore(existing) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		const on = doc.get("on");
-		if (!isMap(on)) return {
-			content: existing,
-			changed: false
-		};
-		const push = on.get("push");
-		if (!isMap(push)) return {
-			content: existing,
-			changed: false
-		};
-		if (push.has("tags-ignore")) return {
-			content: existing,
-			changed: false
-		};
-		push.set("tags-ignore", ["**"]);
-		return {
-			content: doc.toString(),
-			changed: true
-		};
-	} catch {
-		return {
-			content: existing,
-			changed: false
-		};
-	}
-}
-function ensureWorkflowConcurrency(existing, concurrency) {
-	if (isToolingIgnored(existing)) return {
-		content: existing,
-		changed: false
-	};
-	try {
-		const doc = parseDocument(existing);
-		if (doc.has("concurrency")) return {
-			content: existing,
-			changed: false
-		};
-		doc.set("concurrency", concurrency);
-		const contents = doc.contents;
-		if (isMap(contents)) {
-			const items = contents.items;
-			const nameIdx = items.findIndex((p) => isScalar(p.key) && p.key.value === "name");
-			const concPair = items.pop();
-			if (concPair) items.splice(nameIdx + 1, 0, concPair);
-		}
-		return {
-			content: doc.toString(),
-			changed: true
-		};
-	} catch {
-		return {
-			content: existing,
-			changed: false
-		};
-	}
+	}).replace(/^(?=\S)/gm, (match, offset) => offset === 0 ? match : `\n${match}`), options.ci);
 }
 //#endregion
 //#region src/generators/ci-utils.ts
@@ -1190,38 +1076,24 @@ function computeNodeVersionYaml(ctx) {
 //#region src/generators/publish-ci.ts
 function publishSteps(nodeVersionYaml) {
 	return [
-		{
-			match: { uses: "actions/checkout" },
-			step: { uses: "actions/checkout@v6" }
-		},
-		{
-			match: { uses: "pnpm/action-setup" },
-			step: { uses: "pnpm/action-setup@v5" }
-		},
-		{
-			match: { uses: "actions/setup-node" },
-			step: {
-				uses: "actions/setup-node@v6",
-				with: nodeVersionYaml.startsWith("node-version-file") ? { "node-version-file": "package.json" } : { "node-version": "24" }
-			}
-		},
-		{
-			match: { run: "pnpm install" },
-			step: { run: "pnpm install --frozen-lockfile" }
-		},
-		{
-			match: { run: "docker:publish" },
-			step: {
-				name: "Publish Docker images",
-				env: {
-					DOCKER_REGISTRY_HOST: actionsExpr("vars.DOCKER_REGISTRY_HOST"),
-					DOCKER_REGISTRY_NAMESPACE: actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE"),
-					DOCKER_USERNAME: actionsExpr("secrets.DOCKER_USERNAME"),
-					DOCKER_PASSWORD: actionsExpr("secrets.DOCKER_PASSWORD")
-				},
-				run: "pnpm exec bst docker:publish"
-			}
-		}
+		{ step: { uses: "actions/checkout@v6" } },
+		{ step: { uses: "pnpm/action-setup@v5" } },
+		{ step: {
+			uses: "actions/setup-node@v6",
+			with: nodeVersionYaml.startsWith("node-version-file") ? { "node-version-file": "package.json" } : { "node-version": "24" }
+		} },
+		{ step: { run: "pnpm install --frozen-lockfile" } },
+		{ step: {
+			name: "Publish Docker images",
+			env: {
+				DOCKER_REGISTRY_HOST: actionsExpr("vars.DOCKER_REGISTRY_HOST"),
+				DOCKER_REGISTRY_NAMESPACE: actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE"),
+				DOCKER_USERNAME: actionsExpr("secrets.DOCKER_USERNAME"),
+				DOCKER_PASSWORD: actionsExpr("secrets.DOCKER_PASSWORD"),
+				RELEASE_DEBUG: actionsExpr("vars.RELEASE_DEBUG || 'false'")
+			},
+			run: "pnpm exec bst docker:publish"
+		} }
 	];
 }
 const DockerMapSchema = z.object({ docker: z.record(z.string(), z.unknown()).optional() });
@@ -1270,59 +1142,24 @@ async function generateDeployCi(ctx) {
 		jobName: "publish",
 		steps
 	});
-	if (ctx.exists(workflowPath)) {
-		const raw = ctx.read(workflowPath);
-		if (raw) {
-			const existing = migrateToolingBinary(raw);
-			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) {
-				if (existing !== raw) {
-					ctx.write(workflowPath, ensureSchemaComment(existing, ctx.config.ci));
-					return {
-						filePath: workflowPath,
-						action: "updated",
-						description: "Migrated tooling binary name in publish workflow"
-					};
-				}
-				return {
-					filePath: workflowPath,
-					action: "skipped",
-					description: "Publish workflow already up to date"
-				};
-			}
-			const merged = mergeWorkflowSteps(existing, "publish", toRequiredSteps(steps));
-			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
-			if (!merged.changed) {
-				if (withComment !== raw) {
-					ctx.write(workflowPath, withComment);
-					return {
-						filePath: workflowPath,
-						action: "updated",
-						description: existing !== raw ? "Migrated tooling binary name in publish workflow" : "Added schema comment to publish workflow"
-					};
-				}
-				return {
-					filePath: workflowPath,
-					action: "skipped",
-					description: "Existing publish workflow preserved"
-				};
-			}
-			ctx.write(workflowPath, withComment);
-			return {
-				filePath: workflowPath,
-				action: "updated",
-				description: "Added missing steps to publish workflow"
-			};
-		}
-		return {
+	const alreadyExists = ctx.exists(workflowPath);
+	const existing = alreadyExists ? ctx.read(workflowPath) : void 0;
+	if (existing) {
+		if (isToolingIgnored(existing)) return {
+			filePath: workflowPath,
+			action: "skipped",
+			description: "Publish workflow has ignore comment"
+		};
+		if (normalizeWorkflow(existing) === normalizeWorkflow(content)) return {
 			filePath: workflowPath,
 			action: "skipped",
 			description: "Publish workflow already up to date"
 		};
 	}
-	ctx.write(workflowPath, content);
+	ctx.write(workflowPath, preserveDevBinaryPath(content, existing));
 	return {
 		filePath: workflowPath,
-		action: "created",
+		action: alreadyExists ? "updated" : "created",
 		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions publish workflow`
 	};
 }
@@ -1590,7 +1427,7 @@ function getAddedDevDepNames(config) {
 	const deps = { ...ROOT_DEV_DEPS };
 	if (config.structure !== "monorepo") Object.assign(deps, PER_PACKAGE_DEV_DEPS);
 	deps["@bensandee/config"] = "0.9.1";
-	deps["@bensandee/tooling"] = "0.33.0";
+	deps["@bensandee/tooling"] = "0.35.0";
 	if (config.formatter === "oxfmt") deps["oxfmt"] = {
 		"@changesets/cli": "2.30.0",
 		"@release-it/bumper": "7.0.5",
@@ -1645,7 +1482,7 @@ async function generatePackageJson(ctx) {
 	const devDeps = { ...ROOT_DEV_DEPS };
 	if (!isMonorepo) Object.assign(devDeps, PER_PACKAGE_DEV_DEPS);
 	devDeps["@bensandee/config"] = isWorkspacePackage(ctx, "@bensandee/config") ? "workspace:*" : "0.9.1";
-	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.33.0";
+	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.35.0";
 	if (ctx.config.useEslintPlugin) devDeps["@bensandee/eslint-plugin"] = isWorkspacePackage(ctx, "@bensandee/eslint-plugin") ? "workspace:*" : "0.9.2";
 	if (ctx.config.formatter === "oxfmt") devDeps["oxfmt"] = {
 		"@changesets/cli": "2.30.0",
@@ -1693,10 +1530,6 @@ async function generatePackageJson(ctx) {
 			changes.push("set type: \"module\"");
 		}
 		const existingScripts = pkg.scripts ?? {};
-		for (const [key, value] of Object.entries(existingScripts)) if (typeof value === "string" && value.includes("pnpm exec tooling ")) {
-			existingScripts[key] = migrateToolingBinary(value);
-			changes.push(`migrated script: ${key}`);
-		}
 		for (const [key, value] of Object.entries(allScripts)) if (!(key in existingScripts)) {
 			existingScripts[key] = value;
 			changes.push(`added script: ${key}`);
@@ -2183,41 +2016,58 @@ async function generateGitignore(ctx) {
 }
 //#endregion
 //#region src/generators/ci.ts
+/** Build the release step for the check job (changesets strategy). */
+function changesetsReleaseStep(ci, publishesNpm) {
+	if (ci === "github") return { step: {
+		uses: "changesets/action@v1",
+		if: "github.ref == 'refs/heads/main'",
+		with: {
+			publish: "pnpm changeset publish",
+			version: "pnpm changeset version"
+		},
+		env: {
+			GITHUB_TOKEN: actionsExpr("github.token"),
+			...publishesNpm && { NPM_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
+		}
+	} };
+	return { step: {
+		name: "Release",
+		if: "github.ref == 'refs/heads/main'",
+		env: {
+			FORGEJO_SERVER_URL: actionsExpr("github.server_url"),
+			FORGEJO_REPOSITORY: actionsExpr("github.repository"),
+			RELEASE_TOKEN: actionsExpr("secrets.RELEASE_TOKEN"),
+			...publishesNpm && { NODE_AUTH_TOKEN: actionsExpr("secrets.NPM_TOKEN") },
+			RELEASE_DEBUG: actionsExpr("vars.RELEASE_DEBUG || 'false'")
+		},
+		run: "pnpm exec bst release:changesets"
+	} };
+}
 const CI_CONCURRENCY = {
 	group: `ci-${actionsExpr("github.ref")}`,
 	"cancel-in-progress": actionsExpr("github.ref != 'refs/heads/main'")
 };
-function checkSteps(nodeVersionYaml) {
+function checkSteps(nodeVersionYaml, publishesNpm) {
+	const isNodeVersionFile = nodeVersionYaml.startsWith("node-version-file");
 	return [
-		{
-			match: { uses: "actions/checkout" },
-			step: { uses: "actions/checkout@v6" }
-		},
-		{
-			match: { uses: "pnpm/action-setup" },
-			step: { uses: "pnpm/action-setup@v5" }
-		},
-		{
-			match: { uses: "actions/setup-node" },
-			step: {
-				uses: "actions/setup-node@v6",
-				with: {
-					...nodeVersionYaml.startsWith("node-version-file") ? { "node-version-file": "package.json" } : { "node-version": "24" },
-					cache: "pnpm"
-				}
-			}
-		},
-		{
-			match: { run: "pnpm install" },
-			step: { run: "pnpm install --frozen-lockfile" }
-		},
-		{
-			match: { run: "check" },
-			step: {
-				name: "Run all checks",
-				run: "pnpm ci:check"
+		{ step: {
+			uses: "actions/checkout@v6",
+			with: { "fetch-depth": 0 }
+		} },
+		{ step: { uses: "pnpm/action-setup@v5" } },
+		{ step: {
+			uses: "actions/setup-node@v6",
+			with: {
+				...isNodeVersionFile ? { "node-version-file": "package.json" } : { "node-version": "24" },
+				cache: "pnpm",
+				...publishesNpm && { "registry-url": actionsExpr("vars.NPM_REGISTRY_URL || 'https://registry.npmjs.org'") }
 			}
-		}
+		} },
+		{ step: { run: "pnpm install --frozen-lockfile" } },
+		{ step: {
+			name: "Run all checks",
+			run: "pnpm ci:check"
+		} }
 	];
 }
 /** Resolve the CI workflow filename based on release strategy. */
@@ -2233,7 +2083,9 @@ async function generateCi(ctx) {
 	const isGitHub = ctx.config.ci === "github";
 	const isForgejo = !isGitHub;
 	const isChangesets = ctx.config.releaseStrategy === "changesets";
-	const steps = checkSteps(computeNodeVersionYaml(ctx));
+	const nodeVersionYaml = computeNodeVersionYaml(ctx);
+	const publishesNpm = ctx.config.publishNpm === true;
+	const steps = [...checkSteps(nodeVersionYaml, isChangesets && publishesNpm), ...isChangesets ? [changesetsReleaseStep(ctx.config.ci, publishesNpm)] : []];
 	const content = buildWorkflowYaml({
 		ci: ctx.config.ci,
 		name: "CI",
@@ -2250,42 +2102,24 @@ async function generateCi(ctx) {
 		steps
 	});
 	const filePath = ciWorkflowPath(ctx.config.ci, ctx.config.releaseStrategy);
-	if (ctx.exists(filePath)) {
-		const existing = ctx.read(filePath);
-		if (existing) {
-			let result = mergeWorkflowSteps(existing, "check", toRequiredSteps(steps));
-			const withTagsIgnore = ensureWorkflowTagsIgnore(result.content);
-			result = {
-				content: withTagsIgnore.content,
-				changed: result.changed || withTagsIgnore.changed
-			};
-			if (isChangesets) {
-				const withConcurrency = ensureWorkflowConcurrency(result.content, CI_CONCURRENCY);
-				result = {
-					content: withConcurrency.content,
-					changed: result.changed || withConcurrency.changed
-				};
-			}
-			const withComment = ensureSchemaComment(result.content, isGitHub ? "github" : "forgejo");
-			if (result.changed || withComment !== result.content) {
-				ctx.write(filePath, withComment);
-				return {
-					filePath,
-					action: "updated",
-					description: "Added missing steps to CI workflow"
-				};
-			}
-		}
-		return {
+	const alreadyExists = ctx.exists(filePath);
+	const existing = alreadyExists ? ctx.read(filePath) : void 0;
+	if (existing) {
+		if (isToolingIgnored(existing)) return {
+			filePath,
+			action: "skipped",
+			description: "CI workflow has ignore comment"
+		};
+		if (normalizeWorkflow(existing) === normalizeWorkflow(content)) return {
 			filePath,
 			action: "skipped",
 			description: "CI workflow already up to date"
 		};
 	}
-	ctx.write(filePath, content);
+	ctx.write(filePath, preserveDevBinaryPath(content, existing));
 	return {
 		filePath,
-		action: "created",
+		action: alreadyExists ? "updated" : "created",
 		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions CI workflow`
 	};
 }
@@ -2762,47 +2596,33 @@ async function generateChangesets(ctx) {
 function commonSteps(nodeVersionYaml, publishesNpm) {
 	const isNodeVersionFile = nodeVersionYaml.startsWith("node-version-file");
 	return [
-		{
-			match: { uses: "actions/checkout" },
-			step: {
-				uses: "actions/checkout@v6",
-				with: { "fetch-depth": 0 }
-			}
-		},
-		{
-			match: { uses: "pnpm/action-setup" },
-			step: { uses: "pnpm/action-setup@v5" }
-		},
-		{
-			match: { uses: "actions/setup-node" },
-			step: {
-				uses: "actions/setup-node@v6",
-				with: {
-					...isNodeVersionFile ? { "node-version-file": "package.json" } : { "node-version": "24" },
-					cache: "pnpm",
-					...publishesNpm && { "registry-url": "https://registry.npmjs.org" }
-				}
+		{ step: {
+			uses: "actions/checkout@v6",
+			with: { "fetch-depth": 0 }
+		} },
+		{ step: { uses: "pnpm/action-setup@v5" } },
+		{ step: {
+			uses: "actions/setup-node@v6",
+			with: {
+				...isNodeVersionFile ? { "node-version-file": "package.json" } : { "node-version": "24" },
+				cache: "pnpm",
+				...publishesNpm && { "registry-url": actionsExpr("vars.NPM_REGISTRY_URL || 'https://registry.npmjs.org'") }
 			}
-		},
-		{
-			match: { run: "pnpm install" },
-			step: { run: "pnpm install --frozen-lockfile" }
-		}
+		} },
+		{ step: { run: "pnpm install --frozen-lockfile" } }
 	];
 }
 function releaseItSteps(ci, nodeVersionYaml, publishesNpm) {
 	const tokenEnv = ci === "github" ? { GITHUB_TOKEN: actionsExpr("github.token") } : { RELEASE_TOKEN: actionsExpr("secrets.RELEASE_TOKEN") };
 	const npmEnv = publishesNpm ? { NODE_AUTH_TOKEN: actionsExpr("secrets.NPM_TOKEN") } : {};
-	return [...commonSteps(nodeVersionYaml, publishesNpm), {
-		match: { run: "release-it" },
-		step: {
-			run: "pnpm release-it --ci",
-			env: {
-				...tokenEnv,
-				...npmEnv
-			}
+	return [...commonSteps(nodeVersionYaml, publishesNpm), { step: {
+		run: "pnpm release-it --ci",
+		env: {
+			...tokenEnv,
+			...npmEnv,
+			RELEASE_DEBUG: actionsExpr("vars.RELEASE_DEBUG || 'false'")
 		}
-	}];
+	} }];
 }
 /** Build the workflow_dispatch trigger with optional inputs for the simple strategy. */
 function simpleWorkflowDispatchTrigger() {
@@ -2840,70 +2660,36 @@ function simpleReleaseCommand() {
 	].join("\n");
 }
 function simpleReleaseSteps(ci, nodeVersionYaml, publishesNpm, hasDocker) {
-	const releaseStep = {
-		match: { run: "release:simple" },
-		step: {
-			name: "Release",
-			env: ci === "github" ? { GITHUB_TOKEN: actionsExpr("github.token") } : {
+	const releaseStep = { step: {
+		name: "Release",
+		env: {
+			...ci === "github" ? { GITHUB_TOKEN: actionsExpr("github.token") } : {
 				FORGEJO_SERVER_URL: actionsExpr("github.server_url"),
 				FORGEJO_REPOSITORY: actionsExpr("github.repository"),
 				RELEASE_TOKEN: actionsExpr("secrets.RELEASE_TOKEN")
 			},
-			run: simpleReleaseCommand()
-		}
-	};
-	const dockerStep = {
-		match: { run: "docker:publish" },
-		step: {
-			name: "Publish Docker images",
-			if: "success()",
-			env: {
-				DOCKER_REGISTRY_HOST: actionsExpr("vars.DOCKER_REGISTRY_HOST"),
-				DOCKER_REGISTRY_NAMESPACE: actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE"),
-				DOCKER_USERNAME: actionsExpr("secrets.DOCKER_USERNAME"),
-				DOCKER_PASSWORD: actionsExpr("secrets.DOCKER_PASSWORD")
-			},
-			run: "pnpm exec bst docker:publish"
-		}
-	};
+			RELEASE_DEBUG: actionsExpr("vars.RELEASE_DEBUG || 'false'")
+		},
+		run: simpleReleaseCommand()
+	} };
+	const dockerStep = { step: {
+		name: "Publish Docker images",
+		if: "success()",
+		env: {
+			DOCKER_REGISTRY_HOST: actionsExpr("vars.DOCKER_REGISTRY_HOST"),
+			DOCKER_REGISTRY_NAMESPACE: actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE"),
+			DOCKER_USERNAME: actionsExpr("secrets.DOCKER_USERNAME"),
+			DOCKER_PASSWORD: actionsExpr("secrets.DOCKER_PASSWORD"),
+			RELEASE_DEBUG: actionsExpr("vars.RELEASE_DEBUG || 'false'")
+		},
+		run: "pnpm exec bst docker:publish"
+	} };
 	return [
 		...commonSteps(nodeVersionYaml, publishesNpm),
 		releaseStep,
 		...hasDocker ? [dockerStep] : []
 	];
 }
-/** Build the required release step for the check job (changesets). */
-function changesetsReleaseStep(ci, publishesNpm) {
-	if (ci === "github") return {
-		match: { uses: "changesets/action" },
-		step: {
-			uses: "changesets/action@v1",
-			if: "github.ref == 'refs/heads/main'",
-			with: {
-				publish: "pnpm changeset publish",
-				version: "pnpm changeset version"
-			},
-			env: {
-				GITHUB_TOKEN: actionsExpr("github.token"),
-				...publishesNpm && { NPM_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
-			}
-		}
-	};
-	return {
-		match: { run: "release:changesets" },
-		step: {
-			name: "Release",
-			if: "github.ref == 'refs/heads/main'",
-			env: {
-				FORGEJO_SERVER_URL: actionsExpr("github.server_url"),
-				FORGEJO_REPOSITORY: actionsExpr("github.repository"),
-				RELEASE_TOKEN: actionsExpr("secrets.RELEASE_TOKEN"),
-				...publishesNpm && { NODE_AUTH_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
-			},
-			run: "pnpm exec bst release:changesets"
-		}
-	};
-}
 function buildSteps(strategy, ci, nodeVersionYaml, publishesNpm, hasDocker) {
 	switch (strategy) {
 		case "release-it": return releaseItSteps(ci, nodeVersionYaml, publishesNpm);
@@ -2911,40 +2697,6 @@ function buildSteps(strategy, ci, nodeVersionYaml, publishesNpm, hasDocker) {
 		default: return null;
 	}
 }
-function generateChangesetsReleaseCi(ctx, publishesNpm) {
-	const ciPath = ciWorkflowPath(ctx.config.ci, ctx.config.releaseStrategy);
-	const raw = ctx.read(ciPath);
-	if (!raw) return {
-		filePath: ciPath,
-		action: "skipped",
-		description: "CI workflow not found — run check generator first"
-	};
-	const existing = migrateToolingBinary(raw);
-	const merged = mergeWorkflowSteps(existing, "check", [changesetsReleaseStep(ctx.config.ci, publishesNpm)]);
-	if (!merged.changed) {
-		if (existing !== raw) {
-			const withComment = ensureSchemaComment(existing, ctx.config.ci);
-			ctx.write(ciPath, withComment);
-			return {
-				filePath: ciPath,
-				action: "updated",
-				description: "Migrated tooling binary name in CI workflow"
-			};
-		}
-		return {
-			filePath: ciPath,
-			action: "skipped",
-			description: "Release step in CI workflow already up to date"
-		};
-	}
-	const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
-	ctx.write(ciPath, withComment);
-	return {
-		filePath: ciPath,
-		action: "updated",
-		description: "Added release step to CI workflow"
-	};
-}
 async function generateReleaseCi(ctx) {
 	const filePath = "release-ci";
 	if (ctx.config.releaseStrategy === "none" || ctx.config.ci === "none") return {
@@ -2953,7 +2705,11 @@ async function generateReleaseCi(ctx) {
 		description: "Release CI workflow not applicable"
 	};
 	const publishesNpm = ctx.config.publishNpm === true;
-	if (ctx.config.releaseStrategy === "changesets") return generateChangesetsReleaseCi(ctx, publishesNpm);
+	if (ctx.config.releaseStrategy === "changesets") return {
+		filePath,
+		action: "skipped",
+		description: "Release step included in CI workflow"
+	};
 	const isGitHub = ctx.config.ci === "github";
 	const workflowPath = isGitHub ? ".github/workflows/release.yml" : ".forgejo/workflows/release.yml";
 	const nodeVersionYaml = computeNodeVersionYaml(ctx);
@@ -2973,59 +2729,24 @@ async function generateReleaseCi(ctx) {
 		jobName: "release",
 		steps
 	});
-	if (ctx.exists(workflowPath)) {
-		const raw = ctx.read(workflowPath);
-		if (raw) {
-			const existing = migrateToolingBinary(raw);
-			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) {
-				if (existing !== raw) {
-					ctx.write(workflowPath, ensureSchemaComment(existing, ctx.config.ci));
-					return {
-						filePath: workflowPath,
-						action: "updated",
-						description: "Migrated tooling binary name in release workflow"
-					};
-				}
-				return {
-					filePath: workflowPath,
-					action: "skipped",
-					description: "Release workflow already up to date"
-				};
-			}
-			const merged = mergeWorkflowSteps(existing, "release", toRequiredSteps(steps));
-			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
-			if (!merged.changed) {
-				if (withComment !== raw) {
-					ctx.write(workflowPath, withComment);
-					return {
-						filePath: workflowPath,
-						action: "updated",
-						description: existing !== raw ? "Migrated tooling binary name in release workflow" : "Added schema comment to release workflow"
-					};
-				}
-				return {
-					filePath: workflowPath,
-					action: "skipped",
-					description: "Existing release workflow preserved"
-				};
-			}
-			ctx.write(workflowPath, withComment);
-			return {
-				filePath: workflowPath,
-				action: "updated",
-				description: "Added missing steps to release workflow"
-			};
-		}
-		return {
+	const alreadyExists = ctx.exists(workflowPath);
+	const existing = alreadyExists ? ctx.read(workflowPath) : void 0;
+	if (existing) {
+		if (isToolingIgnored(existing)) return {
+			filePath: workflowPath,
+			action: "skipped",
+			description: "Release workflow has ignore comment"
+		};
+		if (normalizeWorkflow(existing) === normalizeWorkflow(content)) return {
 			filePath: workflowPath,
 			action: "skipped",
 			description: "Release workflow already up to date"
 		};
 	}
-	ctx.write(workflowPath, content);
+	ctx.write(workflowPath, preserveDevBinaryPath(content, existing));
 	return {
 		filePath: workflowPath,
-		action: "created",
+		action: alreadyExists ? "updated" : "created",
 		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions release workflow`
 	};
 }
@@ -3321,7 +3042,7 @@ function generateMigratePrompt(results, config, detected) {
 	const timestamp = (/* @__PURE__ */ new Date()).toISOString();
 	sections.push("# Migration Prompt");
 	sections.push("");
-	sections.push(`_Generated by \`@bensandee/tooling@0.33.0 repo:sync\` on ${timestamp}_`);
+	sections.push(`_Generated by \`@bensandee/tooling@0.35.0 repo:sync\` on ${timestamp}_`);
 	sections.push("");
 	sections.push("The following prompt was generated by `@bensandee/tooling repo:sync`. Paste it into Claude Code or another AI assistant to finish migrating this repository.");
 	sections.push("");
@@ -3505,11 +3226,11 @@ function contextAsDockerReader(ctx) {
 function logDetectionSummary(ctx) {
 	if (ctx.config.publishDocker) {
 		const dockerPackages = detectDockerPackages(contextAsDockerReader(ctx), ctx.targetDir, ctx.config.name);
-		if (dockerPackages.length > 0) log$2.info(`Docker images: ${dockerPackages.map((pkg) => pkg.imageName).join(", ")}`);
+		if (dockerPackages.length > 0) log.info(`Docker images: ${dockerPackages.map((pkg) => pkg.imageName).join(", ")}`);
 	}
 	if (ctx.config.publishNpm) {
 		const publishable = getPublishablePackages(ctx.targetDir, ctx.config.structure, ctx.packageJson);
-		if (publishable.length > 0) log$2.info(`npm packages: ${publishable.map((pkg) => pkg.name).join(", ")}`);
+		if (publishable.length > 0) log.info(`npm packages: ${publishable.map((pkg) => pkg.name).join(", ")}`);
 	}
 }
 async function runInit(config, options = {}) {
@@ -3543,7 +3264,7 @@ async function runInit(config, options = {}) {
 	const promptPath = ".tooling-migrate.md";
 	ctx.write(promptPath, prompt);
 	if (!hasChanges && options.noPrompt) {
-		log$2.success("Repository is up to date.");
+		log.success("Repository is up to date.");
 		return results;
 	}
 	if (results.some((r) => r.action === "archived" && r.filePath.startsWith(".husky/"))) try {
@@ -3558,13 +3279,13 @@ async function runInit(config, options = {}) {
 	if (updated.length > 0) summaryLines.push(`Updated: ${updated.map((r) => r.filePath).join(", ")}`);
 	note(summaryLines.join("\n"), "Summary");
 	if (!options.noPrompt) {
-		log$2.info(`Migration prompt written to ${promptPath}`);
-		log$2.info("In Claude Code, run: \"Execute the steps in .tooling-migrate.md\"");
+		log.info(`Migration prompt written to ${promptPath}`);
+		log.info("In Claude Code, run: \"Execute the steps in .tooling-migrate.md\"");
 	}
 	const bensandeeDeps = getAddedDevDepNames(config).filter((name) => name.startsWith("@bensandee/"));
 	const hasLockfile = ctx.exists("pnpm-lock.yaml");
 	if (bensandeeDeps.length > 0 && hasLockfile) {
-		log$2.info("Updating @bensandee/* packages...");
+		log.info("Updating @bensandee/* packages...");
 		try {
 			execSync(`pnpm update --latest ${bensandeeDeps.join(" ")}`, {
 				cwd: config.targetDir,
@@ -3572,7 +3293,7 @@ async function runInit(config, options = {}) {
 				timeout: 6e4
 			});
 		} catch (_error) {
-			log$2.warn("Could not update @bensandee/* packages — run pnpm install manually");
+			log.warn("Could not update @bensandee/* packages — run pnpm install manually");
 		}
 	}
 	if (hasChanges && ctx.exists("package.json")) try {
@@ -3664,22 +3385,22 @@ async function runCheck(targetDir) {
 		return true;
 	});
 	if (actionable.length === 0) {
-		log$2.success("Repository is up to date.");
+		log.success("Repository is up to date.");
 		return 0;
 	}
-	log$2.warn(`${actionable.length} file(s) would be changed by repo:sync`);
+	log.warn(`${actionable.length} file(s) would be changed by repo:sync`);
 	for (const r of actionable) {
-		log$2.info(`  ${r.action}: ${r.filePath} — ${r.description}`);
+		log.info(`  ${r.action}: ${r.filePath} — ${r.description}`);
 		const newContent = pendingWrites.get(r.filePath);
 		if (!newContent) continue;
 		const existingPath = path.join(targetDir, r.filePath);
 		const existing = existsSync(existingPath) ? readFileSync(existingPath, "utf-8") : void 0;
 		if (!existing) {
 			const lineCount = newContent.split("\n").length - 1;
-			log$2.info(`    + ${lineCount} new lines`);
+			log.info(`    + ${lineCount} new lines`);
 		} else {
 			const diff = lineDiff(existing, newContent);
-			for (const line of diff) log$2.info(`    ${line}`);
+			for (const line of diff) log.info(`    ${line}`);
 		}
 	}
 	return 1;
@@ -3827,6 +3548,17 @@ function reconcileTags(expectedTags, remoteTags, stdoutTags) {
 }
 //#endregion
 //#region src/release/forgejo.ts
+const RETRY_ATTEMPTS = 3;
+const RETRY_BASE_DELAY_MS = 1e3;
+/** Safely read response body text for inclusion in error messages. */
+async function responseBodyText(res) {
+	try {
+		const text = await res.text();
+		return text.length > 500 ? text.slice(0, 500) + "…" : text;
+	} catch {
+		return "(could not read response body)";
+	}
+}
 const PullRequestSchema = z.array(z.object({
 	number: z.number(),
 	head: z.object({ ref: z.string() })
@@ -3840,7 +3572,10 @@ const PullRequestSchema = z.array(z.object({
 async function findOpenPr(executor, conn, head) {
 	const url = `${conn.serverUrl}/api/v1/repos/${conn.repository}/pulls?state=open`;
 	const res = await executor.fetch(url, { headers: { Authorization: `token ${conn.token}` } });
-	if (!res.ok) throw new TransientError(`Failed to list PRs: ${res.status} ${res.statusText}`);
+	if (!res.ok) {
+		const body = await responseBodyText(res);
+		throw new TransientError(`Failed to list PRs: ${res.status} ${res.statusText}\n${body}`);
+	}
 	const parsed = PullRequestSchema.safeParse(await res.json());
 	if (!parsed.success) throw new UnexpectedError(`Unexpected PR list response: ${parsed.error.message}`);
 	return parsed.data.find((pr) => pr.head.ref === head)?.number ?? null;
@@ -3862,7 +3597,10 @@ async function createPr(executor, conn, options) {
 		},
 		body: JSON.stringify(payload)
 	});
-	if (!res.ok) throw new TransientError(`Failed to create PR: ${res.status} ${res.statusText}`);
+	if (!res.ok) {
+		const body = await responseBodyText(res);
+		throw new TransientError(`Failed to create PR: ${res.status} ${res.statusText}\n${body}`);
+	}
 }
 /** Update an existing pull request's title and body. */
 async function updatePr(executor, conn, prNumber, options) {
@@ -3878,7 +3616,10 @@ async function updatePr(executor, conn, prNumber, options) {
 			body: options.body
 		})
 	});
-	if (!res.ok) throw new TransientError(`Failed to update PR #${String(prNumber)}: ${res.status} ${res.statusText}`);
+	if (!res.ok) {
+		const body = await responseBodyText(res);
+		throw new TransientError(`Failed to update PR #${String(prNumber)}: ${res.status} ${res.statusText}\n${body}`);
+	}
 }
 /** Merge a pull request by number. */
 async function mergePr(executor, conn, prNumber, options) {
@@ -3894,7 +3635,10 @@ async function mergePr(executor, conn, prNumber, options) {
 			delete_branch_after_merge: options?.deleteBranch ?? true
 		})
 	});
-	if (!res.ok) throw new TransientError(`Failed to merge PR #${String(prNumber)}: ${res.status} ${res.statusText}`);
+	if (!res.ok) {
+		const body = await responseBodyText(res);
+		throw new TransientError(`Failed to merge PR #${String(prNumber)}: ${res.status} ${res.statusText}\n${body}`);
+	}
 }
 /** Check whether a Forgejo release already exists for a given tag. */
 async function findRelease(executor, conn, tag) {
@@ -3903,7 +3647,8 @@ async function findRelease(executor, conn, tag) {
 	const res = await executor.fetch(url, { headers: { Authorization: `token ${conn.token}` } });
 	if (res.status === 200) return true;
 	if (res.status === 404) return false;
-	throw new TransientError(`Failed to check release for ${tag}: ${res.status} ${res.statusText}`);
+	const body = await responseBodyText(res);
+	throw new TransientError(`Failed to check release for ${tag}: ${res.status} ${res.statusText}\n${body}`);
 }
 /** Create a Forgejo release for a given tag. */
 async function createRelease(executor, conn, tag) {
@@ -3920,21 +3665,35 @@ async function createRelease(executor, conn, tag) {
 			body: `Published ${tag}`
 		})
 	});
-	if (!res.ok) throw new TransientError(`Failed to create release for ${tag}: ${res.status} ${res.statusText}`);
+	if (!res.ok) {
+		const body = await responseBodyText(res);
+		throw new TransientError(`Failed to create release for ${tag}: ${res.status} ${res.statusText}\n${body}`);
+	}
 }
-//#endregion
-//#region src/release/log.ts
-/** Log a debug message when verbose mode is enabled. */
-function debug(config, message) {
-	if (config.verbose) log$2.info(`[debug] ${message}`);
-}
-/** Log the result of an exec call when verbose mode is enabled. */
-function debugExec(config, label, result) {
-	if (!config.verbose) return;
-	const lines = [`[debug] ${label} (exit code ${String(result.exitCode)})`];
-	if (result.stdout.trim()) lines.push(`  stdout: ${result.stdout.trim()}`);
-	if (result.stderr.trim()) lines.push(`  stderr: ${result.stderr.trim()}`);
-	log$2.info(lines.join("\n"));
+/**
+* Ensure a Forgejo release exists for a tag, creating it if necessary.
+*
+* Handles two edge cases:
+* - The release already exists before we try (skips creation)
+* - Forgejo auto-creates a release when a tag is pushed, causing a 500 race
+*   condition (detected by re-checking after failure)
+*
+* Retries on transient errors with exponential backoff.
+* Returns "created" | "exists" | "race" indicating what happened.
+*/
+async function ensureRelease(executor, conn, tag) {
+	if (await findRelease(executor, conn, tag)) return "exists";
+	for (let attempt = 1; attempt <= RETRY_ATTEMPTS; attempt++) try {
+		await createRelease(executor, conn, tag);
+		return "created";
+	} catch (error) {
+		if (await findRelease(executor, conn, tag)) return "race";
+		if (attempt >= RETRY_ATTEMPTS) throw error;
+		log.warn(`Release creation attempt ${String(attempt)}/${String(RETRY_ATTEMPTS)} failed: ${error instanceof Error ? error.message : String(error)}`);
+		const delay = RETRY_BASE_DELAY_MS * 2 ** (attempt - 1);
+		await new Promise((resolve) => setTimeout(resolve, delay));
+	}
+	throw new TransientError(`Failed to create release for ${tag} after ${String(RETRY_ATTEMPTS)} attempts`);
 }
 //#endregion
 //#region src/release/version.ts
@@ -4006,7 +3765,7 @@ function buildPrContent(executor, cwd, packagesBefore) {
 }
 /** Mode 1: version packages and create/update a PR. */
 async function runVersionMode(executor, config) {
-	log$2.info("Changesets detected — versioning packages");
+	log.info("Changesets detected — versioning packages");
 	const packagesBefore = executor.listWorkspacePackages(config.cwd);
 	debug(config, `Packages before versioning: ${packagesBefore.map((pkg) => `${pkg.name}@${pkg.version}`).join(", ") || "(none)"}`);
 	const changesetConfigPath = path.join(config.cwd, ".changeset", "config.json");
@@ -4032,19 +3791,19 @@ async function runVersionMode(executor, config) {
 	const addResult = executor.exec("git add -A", { cwd: config.cwd });
 	if (addResult.exitCode !== 0) throw new FatalError(`git add failed: ${addResult.stderr || addResult.stdout}`);
 	const remainingChangesets = executor.listChangesetFiles(config.cwd);
-	if (remainingChangesets.length > 0) log$2.warn(`Changeset files still present after versioning: ${remainingChangesets.join(", ")}`);
+	if (remainingChangesets.length > 0) log.warn(`Changeset files still present after versioning: ${remainingChangesets.join(", ")}`);
 	debug(config, `Changeset files after versioning: ${remainingChangesets.length > 0 ? remainingChangesets.join(", ") : "(none — all consumed)"}`);
 	const commitResult = executor.exec("git commit -m \"chore: version packages\"", { cwd: config.cwd });
 	debugExec(config, "git commit", commitResult);
 	if (commitResult.exitCode !== 0) {
-		log$2.info("Nothing to commit after versioning");
+		log.info("Nothing to commit after versioning");
 		return {
 			mode: "version",
 			pr: "none"
 		};
 	}
 	if (config.dryRun) {
-		log$2.info("[dry-run] Would push and create/update PR");
+		log.info("[dry-run] Would push and create/update PR");
 		return {
 			mode: "version",
 			pr: "none"
@@ -4067,7 +3826,7 @@ async function runVersionMode(executor, config) {
 			base: "main",
 			body
 		});
-		log$2.info("Created version PR");
+		log.info("Created version PR");
 		return {
 			mode: "version",
 			pr: "created"
@@ -4077,7 +3836,7 @@ async function runVersionMode(executor, config) {
 		title,
 		body
 	});
-	log$2.info(`Updated version PR #${String(existingPr)}`);
+	log.info(`Updated version PR #${String(existingPr)}`);
 	return {
 		mode: "version",
 		pr: "updated"
@@ -4085,24 +3844,9 @@ async function runVersionMode(executor, config) {
 }
 //#endregion
 //#region src/release/publish.ts
-const RETRY_ATTEMPTS = 3;
-const RETRY_BASE_DELAY_MS = 1e3;
-async function retryAsync(fn) {
-	let lastError;
-	for (let attempt = 0; attempt <= RETRY_ATTEMPTS; attempt++) try {
-		return await fn();
-	} catch (error) {
-		lastError = error;
-		if (attempt < RETRY_ATTEMPTS) {
-			const delay = RETRY_BASE_DELAY_MS * 2 ** attempt;
-			await new Promise((resolve) => setTimeout(resolve, delay));
-		}
-	}
-	throw lastError;
-}
 /** Mode 2: publish to npm, push tags, and create Forgejo releases. */
 async function runPublishMode(executor, config) {
-	log$2.info("No changesets — publishing packages");
+	log.info("No changesets — publishing packages");
 	const publishResult = executor.exec("pnpm changeset publish", { cwd: config.cwd });
 	debugExec(config, "pnpm changeset publish", publishResult);
 	if (publishResult.exitCode !== 0) throw new FatalError(`pnpm changeset publish failed (exit code ${String(publishResult.exitCode)}):\n${publishResult.stderr}`);
@@ -4117,11 +3861,11 @@ async function runPublishMode(executor, config) {
 	debug(config, `Reconciled tags to push: ${tagsToPush.length > 0 ? tagsToPush.join(", ") : "(none)"}`);
 	if (config.dryRun) {
 		if (tagsToPush.length === 0) {
-			log$2.info("No packages were published");
+			log.info("No packages were published");
 			return { mode: "none" };
 		}
-		log$2.info(`Tags to process: ${tagsToPush.join(", ")}`);
-		log$2.info("[dry-run] Would push tags and create releases");
+		log.info(`Tags to process: ${tagsToPush.join(", ")}`);
+		log.info("[dry-run] Would push tags and create releases");
 		return {
 			mode: "publish",
 			tags: tagsToPush
@@ -4137,10 +3881,10 @@ async function runPublishMode(executor, config) {
 	for (const tag of remoteExpectedTags) if (!await findRelease(executor, conn, tag)) tagsWithMissingReleases.push(tag);
 	const allTags = [...tagsToPush, ...tagsWithMissingReleases];
 	if (allTags.length === 0) {
-		log$2.info("No packages were published");
+		log.info("No packages were published");
 		return { mode: "none" };
 	}
-	log$2.info(`Tags to process: ${allTags.join(", ")}`);
+	log.info(`Tags to process: ${allTags.join(", ")}`);
 	const errors = [];
 	for (const tag of allTags) try {
 		if (!remoteSet.has(tag)) {
@@ -4151,24 +3895,14 @@ async function runPublishMode(executor, config) {
 			const pushTagResult = executor.exec(`git push origin refs/tags/${tag}`, { cwd: config.cwd });
 			if (pushTagResult.exitCode !== 0) throw new FatalError(`Failed to push tag ${tag}: ${pushTagResult.stderr || pushTagResult.stdout}`);
 		}
-		if (await findRelease(executor, conn, tag)) log$2.warn(`Release for ${tag} already exists — skipping`);
-		else {
-			await retryAsync(async () => {
-				try {
-					await createRelease(executor, conn, tag);
-				} catch (error) {
-					if (await findRelease(executor, conn, tag)) return;
-					throw error;
-				}
-			});
-			log$2.info(`Created release for ${tag}`);
-		}
+		if (await ensureRelease(executor, conn, tag) === "exists") log.warn(`Release for ${tag} already exists — skipping`);
+		else log.info(`Created release for ${tag}`);
 	} catch (error) {
 		errors.push({
 			tag,
 			error
 		});
-		log$2.warn(`Failed to process ${tag}: ${error instanceof Error ? error.message : String(error)}`);
+		log.warn(`Failed to process ${tag}: ${error instanceof Error ? error.message : String(error)}`);
 	}
 	if (errors.length > 0) throw new TransientError(`Failed to create releases for: ${errors.map((e) => e.tag).join(", ")}`);
 	return {
@@ -4262,6 +3996,14 @@ function configureGitAuth(executor, conn, cwd) {
 	const authUrl = `https://x-access-token:${conn.token}@${host}/${conn.repository}`;
 	executor.exec(`git remote set-url origin ${authUrl}`, { cwd });
 }
+/** Configure git user.name and user.email for CI bot commits. */
+function configureGitIdentity(executor, platform, cwd) {
+	const isGitHub = platform === "github";
+	const name = isGitHub ? "github-actions[bot]" : "forgejo-actions[bot]";
+	const email = isGitHub ? "github-actions[bot]@users.noreply.github.com" : "forgejo-actions[bot]@noreply.localhost";
+	executor.exec(`git config user.name "${name}"`, { cwd });
+	executor.exec(`git config user.email "${email}"`, { cwd });
+}
 //#endregion
 //#region src/commands/release-changesets.ts
 const releaseForgejoCommand = defineCommand({
@@ -4276,13 +4018,13 @@ const releaseForgejoCommand = defineCommand({
 		},
 		verbose: {
 			type: "boolean",
-			description: "Enable detailed debug logging (also enabled by RELEASE_DEBUG env var)"
+			description: "Enable detailed debug logging (also enabled by TOOLING_DEBUG env var)"
 		}
 	},
 	async run({ args }) {
 		if ((await runRelease(buildReleaseConfig({
 			dryRun: args["dry-run"] === true,
-			verbose: args.verbose === true || process.env["RELEASE_DEBUG"] === "true"
+			verbose: args.verbose === true || isEnvVerbose()
 		}), createRealExecutor())).mode === "none") process.exitCode = 0;
 	}
 });
@@ -4310,8 +4052,7 @@ async function runRelease(config, executor) {
 		debug(config, `Skipping release on non-main branch: ${branch}`);
 		return { mode: "none" };
 	}
-	executor.exec("git config user.name \"forgejo-actions[bot]\"", { cwd: config.cwd });
-	executor.exec("git config user.email \"forgejo-actions[bot]@noreply.localhost\"", { cwd: config.cwd });
+	configureGitIdentity(executor, "forgejo", config.cwd);
 	configureGitAuth(executor, config, config.cwd);
 	const changesetFiles = executor.listChangesetFiles(config.cwd);
 	debug(config, `Changeset files found: ${changesetFiles.length > 0 ? changesetFiles.join(", ") : "(none)"}`);
@@ -4369,7 +4110,7 @@ async function triggerForgejo(conn, ref, inputs) {
 		body: JSON.stringify(body)
 	});
 	if (!res.ok) throw new FatalError(`Failed to trigger Forgejo workflow: ${res.status} ${res.statusText}`);
-	log$2.info(`Triggered release workflow on Forgejo (ref: ${ref})`);
+	log.info(`Triggered release workflow on Forgejo (ref: ${ref})`);
 }
 function triggerGitHub(ref, inputs) {
 	const executor = createRealExecutor();
@@ -4377,7 +4118,7 @@ function triggerGitHub(ref, inputs) {
 	const cmd = `gh workflow run release.yml --ref ${ref}${inputFlags ? ` ${inputFlags}` : ""}`;
 	const result = executor.exec(cmd, { cwd: process.cwd() });
 	if (result.exitCode !== 0) throw new FatalError(`Failed to trigger GitHub workflow: ${result.stderr || result.stdout || "unknown error"}`);
-	log$2.info(`Triggered release workflow on GitHub (ref: ${ref})`);
+	log.info(`Triggered release workflow on GitHub (ref: ${ref})`);
 }
 //#endregion
 //#region src/commands/forgejo-create-release.ts
@@ -4397,11 +4138,11 @@ const createForgejoReleaseCommand = defineCommand({
 		const executor = createRealExecutor();
 		const conn = resolved.conn;
 		if (await findRelease(executor, conn, args.tag)) {
-			log$2.info(`Release for ${args.tag} already exists — skipping`);
+			log.info(`Release for ${args.tag} already exists — skipping`);
 			return;
 		}
 		await createRelease(executor, conn, args.tag);
-		log$2.info(`Created Forgejo release for ${args.tag}`);
+		log.info(`Created Forgejo release for ${args.tag}`);
 	}
 });
 //#endregion
@@ -4428,26 +4169,26 @@ async function mergeForgejo(conn, dryRun) {
 	const prNumber = await findOpenPr(executor, conn, HEAD_BRANCH);
 	if (prNumber === null) throw new FatalError(`No open PR found for branch ${HEAD_BRANCH}`);
 	if (dryRun) {
-		log$2.info(`[dry-run] Would merge PR #${String(prNumber)} and delete branch ${HEAD_BRANCH}`);
+		log.info(`[dry-run] Would merge PR #${String(prNumber)} and delete branch ${HEAD_BRANCH}`);
 		return;
 	}
 	await mergePr(executor, conn, prNumber, {
 		method: "merge",
 		deleteBranch: true
 	});
-	log$2.info(`Merged PR #${String(prNumber)} and deleted branch ${HEAD_BRANCH}`);
+	log.info(`Merged PR #${String(prNumber)} and deleted branch ${HEAD_BRANCH}`);
 }
 function mergeGitHub(dryRun) {
 	const executor = createRealExecutor();
 	if (dryRun) {
 		const prNum = executor.exec(`gh pr view ${HEAD_BRANCH} --json number --jq .number`, { cwd: process.cwd() }).stdout.trim();
 		if (!prNum) throw new FatalError(`No open PR found for branch ${HEAD_BRANCH}`);
-		log$2.info(`[dry-run] Would merge PR #${prNum} and delete branch ${HEAD_BRANCH}`);
+		log.info(`[dry-run] Would merge PR #${prNum} and delete branch ${HEAD_BRANCH}`);
 		return;
 	}
 	const result = executor.exec(`gh pr merge ${HEAD_BRANCH} --merge --delete-branch`, { cwd: process.cwd() });
 	if (result.exitCode !== 0) throw new FatalError(`Failed to merge PR: ${result.stderr || result.stdout || "unknown error"}`);
-	log$2.info(`Merged changesets PR and deleted branch ${HEAD_BRANCH}`);
+	log.info(`Merged changesets PR and deleted branch ${HEAD_BRANCH}`);
 }
 //#endregion
 //#region src/release/simple.ts
@@ -4477,20 +4218,15 @@ function readVersion(executor, cwd) {
 	if (!pkg?.version) throw new FatalError("No version field found in package.json");
 	return pkg.version;
 }
-/** Configure git identity for CI bot commits. */
-function configureGitIdentity(executor, config) {
-	const isGitHub = config.platform?.type === "github";
-	const name = isGitHub ? "github-actions[bot]" : "forgejo-actions[bot]";
-	const email = isGitHub ? "github-actions[bot]@users.noreply.github.com" : "forgejo-actions[bot]@noreply.localhost";
-	executor.exec(`git config user.name "${name}"`, { cwd: config.cwd });
-	executor.exec(`git config user.email "${email}"`, { cwd: config.cwd });
-	debug(config, `Configured git identity: ${name} <${email}>`);
+/** Resolve the platform type string for git identity configuration. */
+function platformType(config) {
+	return config.platform?.type === "github" ? "github" : "forgejo";
 }
 /** Run the full commit-and-tag-version release flow. */
 async function runSimpleRelease(executor, config) {
-	configureGitIdentity(executor, config);
+	configureGitIdentity(executor, platformType(config), config.cwd);
 	const command = buildCommand(config);
-	log$2.info(`Running: ${command}`);
+	log.info(`Running: ${command}`);
 	const versionResult = executor.exec(command, { cwd: config.cwd });
 	debugExec(config, "commit-and-tag-version", versionResult);
 	if (versionResult.exitCode !== 0) throw new FatalError(`commit-and-tag-version failed (exit code ${String(versionResult.exitCode)}):\n${versionResult.stderr || versionResult.stdout}`);
@@ -4500,12 +4236,12 @@ async function runSimpleRelease(executor, config) {
 	debugExec(config, "git describe", tagResult);
 	const tag = tagResult.stdout.trim();
 	if (!tag) throw new FatalError("Could not determine the new tag from git describe");
-	log$2.info(`Version ${version} tagged as ${tag}`);
+	log.info(`Version ${version} tagged as ${tag}`);
 	if (config.dryRun) {
 		const slidingTags = config.noSlidingTags ? [] : computeSlidingTags(version);
-		log$2.info(`[dry-run] Would push to origin with --follow-tags`);
-		if (slidingTags.length > 0) log$2.info(`[dry-run] Would create sliding tags: ${slidingTags.join(", ")}`);
-		if (!config.noRelease && config.platform) log$2.info(`[dry-run] Would create ${config.platform.type} release for ${tag}`);
+		log.info(`[dry-run] Would push to origin with --follow-tags`);
+		if (slidingTags.length > 0) log.info(`[dry-run] Would create sliding tags: ${slidingTags.join(", ")}`);
+		if (!config.noRelease && config.platform) log.info(`[dry-run] Would create ${config.platform.type} release for ${tag}`);
 		return {
 			version,
 			tag,
@@ -4526,7 +4262,7 @@ async function runSimpleRelease(executor, config) {
 		debugExec(config, "git push", pushResult);
 		if (pushResult.exitCode !== 0) throw new FatalError(`git push failed (exit code ${String(pushResult.exitCode)}):\n${pushResult.stderr || pushResult.stdout}`);
 		pushed = true;
-		log$2.info("Pushed to origin");
+		log.info("Pushed to origin");
 	}
 	let slidingTags = [];
 	if (!config.noSlidingTags && pushed) {
@@ -4537,8 +4273,8 @@ async function runSimpleRelease(executor, config) {
 		}
 		const forcePushResult = executor.exec(`git push origin ${slidingTags.join(" ")} --force`, { cwd: config.cwd });
 		debugExec(config, "force-push sliding tags", forcePushResult);
-		if (forcePushResult.exitCode !== 0) log$2.warn(`Warning: Failed to push sliding tags: ${forcePushResult.stderr || forcePushResult.stdout}`);
-		else log$2.info(`Created sliding tags: ${slidingTags.join(", ")}`);
+		if (forcePushResult.exitCode !== 0) log.warn(`Warning: Failed to push sliding tags: ${forcePushResult.stderr || forcePushResult.stdout}`);
+		else log.info(`Created sliding tags: ${slidingTags.join(", ")}`);
 	}
 	let releaseCreated = false;
 	if (!config.noRelease && config.platform) releaseCreated = await createPlatformRelease(executor, config, tag);
@@ -4553,21 +4289,20 @@ async function runSimpleRelease(executor, config) {
 async function createPlatformRelease(executor, config, tag) {
 	if (!config.platform) return false;
 	if (config.platform.type === "forgejo") {
-		if (await findRelease(executor, config.platform.conn, tag)) {
+		if (await ensureRelease(executor, config.platform.conn, tag) === "exists") {
 			debug(config, `Release for ${tag} already exists, skipping`);
 			return false;
 		}
-		await createRelease(executor, config.platform.conn, tag);
-		log$2.info(`Created Forgejo release for ${tag}`);
+		log.info(`Created Forgejo release for ${tag}`);
 		return true;
 	}
 	const ghResult = executor.exec(`gh release create ${tag} --generate-notes`, { cwd: config.cwd });
 	debugExec(config, "gh release create", ghResult);
 	if (ghResult.exitCode !== 0) {
-		log$2.warn(`Warning: Failed to create GitHub release: ${ghResult.stderr || ghResult.stdout}`);
+		log.warn(`Warning: Failed to create GitHub release: ${ghResult.stderr || ghResult.stdout}`);
 		return false;
 	}
-	log$2.info(`Created GitHub release for ${tag}`);
+	log.info(`Created GitHub release for ${tag}`);
 	return true;
 }
 //#endregion
@@ -4584,7 +4319,7 @@ const releaseSimpleCommand = defineCommand({
 		},
 		verbose: {
 			type: "boolean",
-			description: "Enable detailed debug logging (also enabled by RELEASE_DEBUG env var)"
+			description: "Enable detailed debug logging (also enabled by TOOLING_DEBUG env var)"
 		},
 		"no-push": {
 			type: "boolean",
@@ -4613,7 +4348,7 @@ const releaseSimpleCommand = defineCommand({
 	},
 	async run({ args }) {
 		const cwd = process.cwd();
-		const verbose = args.verbose === true || process.env["RELEASE_DEBUG"] === "true";
+		const verbose = args.verbose === true || isEnvVerbose();
 		const noRelease = args["no-release"] === true;
 		let platform;
 		if (!noRelease) {
@@ -4697,12 +4432,12 @@ const ciReporter = {
 const localReporter = {
 	groupStart: (_name) => {},
 	groupEnd: () => {},
-	passed: (name) => log$2.success(name),
-	failed: (name) => log$2.error(`${name} failed`),
-	undefinedCheck: (name) => log$2.error(`${name} not defined in package.json`),
-	skippedNotDefined: (names) => log$2.info(`Skipped (not defined): ${names.join(", ")}`),
-	allPassed: () => log$2.success("All checks passed"),
-	anyFailed: (names) => log$2.error(`Failed checks: ${names.join(", ")}`)
+	passed: (name) => log.success(name),
+	failed: (name) => log.error(`${name} failed`),
+	undefinedCheck: (name) => log.error(`${name} not defined in package.json`),
+	skippedNotDefined: (names) => log.info(`Skipped (not defined): ${names.join(", ")}`),
+	allPassed: () => log.success("All checks passed"),
+	anyFailed: (names) => log.error(`Failed checks: ${names.join(", ")}`)
 };
 function runRunChecks(targetDir, options = {}) {
 	const exec = options.execCommand ?? defaultExecCommand;
@@ -4712,6 +4447,7 @@ function runRunChecks(targetDir, options = {}) {
 	const isCI = Boolean(process.env["CI"]);
 	const failFast = options.failFast ?? !isCI;
 	const reporter = isCI ? ciReporter : localReporter;
+	const vc = { verbose: options.verbose ?? false };
 	const definedScripts = getScripts(targetDir);
 	const addedNames = new Set(add);
 	const allChecks = [...CHECKS, ...add.map((name) => ({ name }))];
@@ -4727,11 +4463,13 @@ function runRunChecks(targetDir, options = {}) {
 			continue;
 		}
 		const cmd = check.args ? `pnpm run ${check.name} ${check.args}` : `pnpm run ${check.name}`;
+		debug(vc, `Running: ${cmd} (in ${targetDir})`);
 		reporter.groupStart(check.name);
 		const start = Date.now();
 		const exitCode = exec(cmd, targetDir);
 		const elapsed = ((Date.now() - start) / 1e3).toFixed(1);
 		reporter.groupEnd();
+		debug(vc, `${check.name}: exit code ${String(exitCode)}, ${elapsed}s`);
 		if (exitCode === 0) reporter.passed(check.name, elapsed);
 		else {
 			reporter.failed(check.name, elapsed);
@@ -4772,13 +4510,19 @@ const runChecksCommand = defineCommand({
 			type: "boolean",
 			description: "Stop on first failure (default: true in dev, false in CI)",
 			required: false
+		},
+		verbose: {
+			type: "boolean",
+			description: "Emit detailed debug logging",
+			required: false
 		}
 	},
 	run({ args }) {
 		const exitCode = runRunChecks(path.resolve(args.dir ?? "."), {
 			skip: args.skip ? new Set(args.skip.split(",").map((s) => s.trim())) : void 0,
 			add: args.add ? args.add.split(",").map((s) => s.trim()) : void 0,
-			failFast: args["fail-fast"] ? true : void 0
+			failFast: args["fail-fast"] ? true : void 0,
+			verbose: args.verbose === true || isEnvVerbose()
 		});
 		process.exitCode = exitCode;
 	}
@@ -4795,10 +4539,16 @@ const publishDockerCommand = defineCommand({
 		name: "docker:publish",
 		description: "Build, tag, and push Docker images for packages with an image:build script"
 	},
-	args: { "dry-run": {
-		type: "boolean",
-		description: "Build and tag images but skip login, push, and logout"
-	} },
+	args: {
+		"dry-run": {
+			type: "boolean",
+			description: "Build and tag images but skip login, push, and logout"
+		},
+		verbose: {
+			type: "boolean",
+			description: "Emit detailed debug logging"
+		}
+	},
 	async run({ args }) {
 		const config = {
 			cwd: process.cwd(),
@@ -4806,7 +4556,8 @@ const publishDockerCommand = defineCommand({
 			registryNamespace: requireEnv("DOCKER_REGISTRY_NAMESPACE"),
 			username: requireEnv("DOCKER_USERNAME"),
 			password: requireEnv("DOCKER_PASSWORD"),
-			dryRun: args["dry-run"] === true
+			dryRun: args["dry-run"] === true,
+			verbose: args.verbose === true || isEnvVerbose()
 		};
 		runDockerPublish(createRealExecutor(), config);
 	}
@@ -4839,6 +4590,10 @@ const dockerBuildCommand = defineCommand({
 			type: "string",
 			description: "Build a single package by directory path (e.g. packages/server). Useful as an image:build script."
 		},
+		verbose: {
+			type: "boolean",
+			description: "Emit detailed debug logging"
+		},
 		_: {
 			type: "positional",
 			required: false,
@@ -4849,6 +4604,7 @@ const dockerBuildCommand = defineCommand({
 		const executor = createRealExecutor();
 		const rawExtra = args._ ?? [];
 		const extraArgs = Array.isArray(rawExtra) ? rawExtra.map(String) : [String(rawExtra)];
+		const verbose = args.verbose === true || isEnvVerbose();
 		let cwd = process.cwd();
 		let packageDir = args.package;
 		if (!packageDir) {
@@ -4859,7 +4615,8 @@ const dockerBuildCommand = defineCommand({
 		runDockerBuild(executor, {
 			cwd,
 			packageDir,
-			extraArgs: extraArgs.filter((a) => a.length > 0)
+			extraArgs: extraArgs.filter((a) => a.length > 0),
+			verbose
 		});
 	}
 });
@@ -5076,12 +4833,6 @@ function writeTempOverlay(content) {
 	writeFileSync(filePath, content, "utf-8");
 	return filePath;
 }
-function log(message) {
-	console.log(message);
-}
-function warn(message) {
-	console.warn(message);
-}
 const dockerCheckCommand = defineCommand({
 	meta: {
 		name: "docker:check",
@@ -5095,12 +4846,16 @@ const dockerCheckCommand = defineCommand({
 		"poll-interval": {
 			type: "string",
 			description: "Interval between polling attempts, in ms (default: 5000)"
+		},
+		verbose: {
+			type: "boolean",
+			description: "Emit detailed debug logging"
 		}
 	},
 	async run({ args }) {
 		const cwd = process.cwd();
 		if (loadToolingConfig(cwd)?.dockerCheck === false) {
-			log("Docker check is disabled in .tooling.json");
+			log.info("Docker check is disabled in .tooling.json");
 			return;
 		}
 		const defaults = computeCheckDefaults(cwd);
@@ -5108,8 +4863,8 @@ const dockerCheckCommand = defineCommand({
 		if (!defaults.checkOverlay) {
 			const composeCwd = defaults.composeCwd ?? cwd;
 			const expectedOverlay = (defaults.composeFiles[0] ?? "docker-compose.yaml").replace(/\.(yaml|yml)$/, ".check.$1");
-			warn(`Compose files found but no check overlay. Create ${path.relative(cwd, path.join(composeCwd, expectedOverlay))} to enable docker:check.`);
-			warn("To suppress this warning, set \"dockerCheck\": false in .tooling.json.");
+			log.warn(`Compose files found but no check overlay. Create ${path.relative(cwd, path.join(composeCwd, expectedOverlay))} to enable docker:check.`);
+			log.warn("To suppress this warning, set \"dockerCheck\": false in .tooling.json.");
 			return;
 		}
 		if (!defaults.services || defaults.services.length === 0) throw new FatalError("No services found in compose files.");
@@ -5122,7 +4877,7 @@ const dockerCheckCommand = defineCommand({
 			if (rootPkg?.name) {
 				const dockerPackages = detectDockerPackages(fileReader, cwd, rootPkg.name);
 				const composeImages = extractComposeImageNames(services);
-				for (const pkg of dockerPackages) if (!composeImages.some((img) => img === pkg.imageName || img.endsWith(`/${pkg.imageName}`))) warn(`Docker package "${pkg.dir}" (image: ${pkg.imageName}) is not referenced in any compose service.`);
+				for (const pkg of dockerPackages) if (!composeImages.some((img) => img === pkg.imageName || img.endsWith(`/${pkg.imageName}`))) log.warn(`Docker package "${pkg.dir}" (image: ${pkg.imageName}) is not referenced in any compose service.`);
 			}
 		}
 		const tempOverlayPath = writeTempOverlay(generateCheckOverlay(services));
@@ -5143,7 +4898,8 @@ const dockerCheckCommand = defineCommand({
 				buildCwd: defaults.buildCwd,
 				healthChecks: defaults.healthChecks ? toHttpHealthChecks(defaults.healthChecks) : [],
 				timeoutMs: args.timeout ? Number.parseInt(args.timeout, 10) : defaults.timeoutMs,
-				pollIntervalMs: args["poll-interval"] ? Number.parseInt(args["poll-interval"], 10) : defaults.pollIntervalMs
+				pollIntervalMs: args["poll-interval"] ? Number.parseInt(args["poll-interval"], 10) : defaults.pollIntervalMs,
+				verbose: args.verbose === true || isEnvVerbose()
 			};
 			const result = await runDockerCheck(createRealExecutor$1(), config);
 			if (!result.success) throw new FatalError(`Check failed (${result.reason}): ${result.message}`);
@@ -5159,7 +4915,7 @@ const dockerCheckCommand = defineCommand({
 const main = defineCommand({
 	meta: {
 		name: "bst",
-		version: "0.33.0",
+		version: "0.35.0",
 		description: "Bootstrap and maintain standardized TypeScript project tooling"
 	},
 	subCommands: {
@@ -5175,7 +4931,7 @@ const main = defineCommand({
 		"docker:check": dockerCheckCommand
 	}
 });
-console.log(`@bensandee/tooling v0.33.0`);
+console.log(`@bensandee/tooling v0.35.0`);
 async function run() {
 	await runMain(main);
 	process.exit(process.exitCode ?? 0);