npm - @cristiancorreau/forge - Versions diffs - 2.1.0 - Mend

@cristiancorreau/forge 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/CHANGELOG.md +228 -0
package/LICENSE +191 -0
package/README.md +156 -0
package/assets/adapters/claude-code/commands/deploy-check.md +12 -0
package/assets/adapters/claude-code/commands/new-feature.md +11 -0
package/assets/adapters/claude-code/commands/plan.md +116 -0
package/assets/adapters/claude-code/commands/review.md +219 -0
package/assets/adapters/claude-code/commands/session-close.md +109 -0
package/assets/adapters/claude-code/commands/session-start.md +59 -0
package/assets/adapters/claude-code/commands/ship.md +133 -0
package/assets/adapters/claude-code/commands/wiki-ingest.md +7 -0
package/assets/adapters/claude-code/commands/wiki-lint.md +5 -0
package/assets/adapters/claude-code/commands/wiki-query.md +7 -0
package/assets/adapters/claude-code/commands/work.md +101 -0
package/assets/adapters/claude-code/generate-claude-md.py +304 -0
package/assets/adapters/codex/commands/plan.md +63 -0
package/assets/adapters/codex/commands/review.md +53 -0
package/assets/adapters/codex/commands/session-close.md +53 -0
package/assets/adapters/codex/commands/session-start.md +49 -0
package/assets/adapters/codex/commands/ship.md +53 -0
package/assets/adapters/codex/commands/work.md +53 -0
package/assets/adapters/codex/generate-codex-config.py +269 -0
package/assets/adapters/codex/hooks/codex.yaml.tpl +43 -0
package/assets/adapters/codex/hooks/forge-codex-finish.sh +158 -0
package/assets/adapters/codex/hooks/forge-codex-start.sh +186 -0
package/assets/adapters/kiro/generate-steering.py +367 -0
package/assets/adapters/opencode/HOOKS.md +123 -0
package/assets/adapters/opencode/commands/plan.md +119 -0
package/assets/adapters/opencode/commands/review.md +164 -0
package/assets/adapters/opencode/commands/session-close.md +111 -0
package/assets/adapters/opencode/commands/session-start.md +62 -0
package/assets/adapters/opencode/commands/ship.md +135 -0
package/assets/adapters/opencode/commands/work.md +82 -0
package/assets/adapters/opencode/generate-agents-md.py +262 -0
package/assets/core/agents/backend-engineer.md +61 -0
package/assets/core/agents/compliance-reviewer.md +83 -0
package/assets/core/agents/docs-writer.md +77 -0
package/assets/core/agents/frontend-engineer.md +70 -0
package/assets/core/agents/orchestrator.md +104 -0
package/assets/core/agents/security-auditor.md +54 -0
package/assets/core/agents/test-engineer.md +57 -0
package/assets/core/hooks/hooks-registry.yaml +48 -0
package/assets/core/hooks/post-turn-check.sh +139 -0
package/assets/core/hooks/pre-bash-check.py +202 -0
package/assets/core/hooks/pre-edit-check.py +317 -0
package/assets/core/hooks/session-start.sh +184 -0
package/assets/core/schemas/project.schema.json +503 -0
package/assets/core/skills/README.md +88 -0
package/assets/core/skills/aitmpl-search/SKILL.md +74 -0
package/assets/core/skills/browser-test/SKILL.md +177 -0
package/assets/core/skills/db-migrate/SKILL.md +163 -0
package/assets/core/skills/local2prod/SKILL.md +147 -0
package/assets/core/skills/new-feature/SKILL.md +155 -0
package/assets/core/skills/obsidian-sync/SKILL.md +152 -0
package/assets/core/skills/phase-kickoff/SKILL.md +69 -0
package/assets/core/skills/security-audit/SKILL.md +125 -0
package/assets/core/skills/spec/SKILL.md +72 -0
package/assets/core/skills/wiki-ingest/SKILL.md +183 -0
package/assets/core/skills/wiki-lint/SKILL.md +109 -0
package/assets/core/skills/wiki-query/SKILL.md +100 -0
package/assets/core/templates/claude-md/architecture.rules +20 -0
package/assets/core/templates/claude-md/global.md +30 -0
package/assets/core/templates/claude-md/project.md +36 -0
package/assets/core/templates/daily-note.md +38 -0
package/assets/core/templates/spec-template.md +43 -0
package/assets/core/workflows/sdd.md +69 -0
package/assets/core/workflows/sprint.md +59 -0
package/assets/forge.py +1265 -0
package/assets/hooks/pre-commit +43 -0
package/assets/manifest.json +274 -0
package/assets/profiles/astro/README.md +24 -0
package/assets/profiles/astro/agents/frontend-engineer.md +74 -0
package/assets/profiles/django/agents/api-engineer.md +83 -0
package/assets/profiles/expo/README.md +24 -0
package/assets/profiles/expo/agents/mobile-engineer.md +69 -0
package/assets/profiles/express/agents/api-engineer.md +60 -0
package/assets/profiles/fastapi/README.md +32 -0
package/assets/profiles/fastapi/agents/api-engineer.md +87 -0
package/assets/profiles/go-gin/agents/api-engineer.md +98 -0
package/assets/profiles/hono-drizzle/README.md +31 -0
package/assets/profiles/hono-drizzle/agents/api-engineer.md +82 -0
package/assets/profiles/laravel/README.md +32 -0
package/assets/profiles/laravel/agents/api-engineer.md +114 -0
package/assets/profiles/laravel/agents/fullstack-engineer.md +67 -0
package/assets/profiles/laravel/agents/migration-specialist.md +420 -0
package/assets/profiles/nestjs/agents/api-engineer.md +79 -0
package/assets/profiles/nextjs-admin/README.md +32 -0
package/assets/profiles/nextjs-admin/agents/admin-engineer.md +78 -0
package/assets/profiles/playwright-crawler/agents/scanner-engineer.md +51 -0
package/assets/profiles/rails/agents/fullstack-engineer.md +61 -0
package/assets/profiles/sveltekit/agents/frontend-engineer.md +96 -0
package/assets/profiles/vuenuxt/agents/frontend-engineer.md +82 -0
package/assets/profiles/wordpress/README.md +30 -0
package/assets/profiles/wordpress/agents/divi-engineer.md +273 -0
package/assets/profiles/wordpress/agents/elementor-engineer.md +310 -0
package/assets/profiles/wordpress/agents/wp-engineer.md +216 -0
package/assets/requirements.txt +2 -0
package/assets/scripts/aitmpl-search.py +808 -0
package/assets/scripts/forge-add-opportunities.py +92 -0
package/assets/scripts/forge-audit.py +1061 -0
package/assets/scripts/forge-generate-all.py +283 -0
package/assets/scripts/forge-init.py +900 -0
package/assets/scripts/forge-migrate-project-yaml.py +397 -0
package/assets/scripts/forge-scaffold-profile.py +181 -0
package/assets/scripts/forge-teardown.py +193 -0
package/assets/scripts/forge-validate-project-yaml.py +457 -0
package/assets/scripts/forge-wizard.py +1003 -0
package/assets/scripts/setup-codex.sh +229 -0
package/assets/scripts/team-install.sh +147 -0
package/assets/scripts/token-stats.py +201 -0
package/assets/templates/modes/enterprise.yaml.tpl +114 -0
package/assets/templates/modes/multi-runtime.yaml.tpl +89 -0
package/assets/templates/modes/new-stack.yaml.tpl +101 -0
package/assets/templates/modes/startup.yaml.tpl +74 -0
package/assets/templates/project.yaml.tpl +185 -0
package/assets/templates/wiki/concepts/_template.md +22 -0
package/assets/templates/wiki/entities/_template.md +19 -0
package/assets/templates/wiki/index.md +32 -0
package/assets/templates/wiki/log.md +6 -0
package/assets/templates/wiki/sources/_template.md +25 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +64 -0
package/dist/cli.js.map +1 -0
package/dist/commands/audit.d.ts +2 -0
package/dist/commands/audit.d.ts.map +1 -0
package/dist/commands/audit.js +21 -0
package/dist/commands/audit.js.map +1 -0
package/dist/commands/doctor.d.ts +2 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +58 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/generate.d.ts +2 -0
package/dist/commands/generate.d.ts.map +1 -0
package/dist/commands/generate.js +27 -0
package/dist/commands/generate.js.map +1 -0
package/dist/commands/init.d.ts +2 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +22 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/validate.d.ts +2 -0
package/dist/commands/validate.d.ts.map +1 -0
package/dist/commands/validate.js +20 -0
package/dist/commands/validate.js.map +1 -0
package/dist/lib/paths.d.ts +10 -0
package/dist/lib/paths.d.ts.map +1 -0
package/dist/lib/paths.js +49 -0
package/dist/lib/paths.js.map +1 -0
package/dist/lib/python.d.ts +4 -0
package/dist/lib/python.d.ts.map +1 -0
package/dist/lib/python.js +46 -0
package/dist/lib/python.js.map +1 -0
package/package.json +46 -0

package/assets/core/hooks/pre-edit-check.py ADDED Viewed

@@ -0,0 +1,317 @@
+#!/usr/bin/env python3
+"""
+Forge v2 — PreToolUse hook: pre-edit-check.py
+Enforces branch guard, debug detection, and secret detection before file edits.
+"""
+import json
+import os
+import re
+import subprocess
+import sys
+DEBUG = os.environ.get("DEBUG", "") not in ("", "0", "false", "False")
+def dbg(msg):
+    if DEBUG:
+        print(f"[forge-hook-debug] {msg}", flush=True)
+def load_project_yaml():
+    """Walk up from cwd to find project.yaml. Returns dict or {}."""
+    try:
+        import yaml
+        path = os.getcwd()
+        for _ in range(6):
+            candidate = os.path.join(path, "project.yaml")
+            if os.path.isfile(candidate):
+                with open(candidate) as f:
+                    data = yaml.safe_load(f)
+                    return data if isinstance(data, dict) else {}
+            parent = os.path.dirname(path)
+            if parent == path:
+                break
+            path = parent
+    except Exception as e:
+        dbg(f"project.yaml load error: {e}")
+    return {}
+# ---------------------------------------------------------------------------
+# File classification helpers
+# ---------------------------------------------------------------------------
+CODE_EXTENSIONS = {
+    ".py", ".ts", ".js", ".tsx", ".jsx",
+    ".php", ".rb", ".go", ".rs", ".java",
+    ".cs", ".cpp", ".c", ".sh",
+}
+NON_CODE_EXTENSIONS = {
+    ".md", ".yaml", ".yml", ".json", ".toml", ".txt", ".lock",
+}
+ROOT_PROTECTED_NAMES = {"README.md", "CLAUDE.md", "CHANGELOG.md"}
+PROTECTED_DIRS = ("docs/", ".claude/")
+def is_code_file(file_path):
+    """Return True if the file path is considered a code file."""
+    _, ext = os.path.splitext(file_path)
+    if ext.lower() in CODE_EXTENSIONS:
+        return True
+    if ext.lower() in NON_CODE_EXTENSIONS:
+        return False
+    # Default: treat unknown extensions as non-code (safe)
+    return False
+def is_exempt_from_branch_guard(file_path):
+    """Return True if the file should be exempt from branch-guard blocking."""
+    norm = file_path.replace("\\", "/")
+    # Exempt protected dirs
+    for d in PROTECTED_DIRS:
+        if norm.startswith(d) or f"/{d.rstrip('/')}" in norm:
+            return True
+    # Exempt root-level protected names
+    basename = os.path.basename(norm)
+    if basename in ROOT_PROTECTED_NAMES:
+        return True
+    # Exempt root-level *.md files
+    if basename.endswith(".md") and "/" not in norm.lstrip("./"):
+        return True
+    # Exempt root-level *.yaml / *.json config files
+    if "/" not in norm.lstrip("./"):
+        _, ext = os.path.splitext(basename)
+        if ext.lower() in (".yaml", ".yml", ".json"):
+            return True
+    return False
+# ---------------------------------------------------------------------------
+# Check 1 — Branch guard
+# ---------------------------------------------------------------------------
+PROTECTED_BRANCHES = {"main", "master", "develop"}
+def check_branch_guard(file_path):
+    """Block code edits on protected branches."""
+    try:
+        result = subprocess.run(
+            ["git", "branch", "--show-current"],
+            capture_output=True,
+            text=True,
+            timeout=5,
+        )
+        branch = result.stdout.strip()
+        dbg(f"current branch: {branch!r}")
+    except Exception as e:
+        dbg(f"git branch error: {e}")
+        return None
+    if branch not in PROTECTED_BRANCHES:
+        return None
+    if not is_code_file(file_path):
+        return None
+    if is_exempt_from_branch_guard(file_path):
+        return None
+    return (
+        f"forge: edición bloqueada en {branch}. Crea una feature branch:\n"
+        f"  git checkout -b feature/<tema>-$(date +%Y-%m-%d)"
+    )
+# ---------------------------------------------------------------------------
+# Check 2 — Debug statements
+# ---------------------------------------------------------------------------
+def check_debug_statements(file_path, content):
+    """Warn (not block) if debug statements are found in new content."""
+    _, ext = os.path.splitext(file_path)
+    ext = ext.lower()
+    if ext not in CODE_EXTENSIONS:
+        return None
+    found = False
+    basename = os.path.basename(file_path)
+    norm = file_path.replace("\\", "/")
+    if ext in (".ts", ".js", ".tsx", ".jsx"):
+        if "console.log(" in content or "debugger;" in content:
+            found = True
+    elif ext == ".php":
+        if "var_dump(" in content or "dd(" in content or "print_r(" in content:
+            found = True
+    elif ext == ".py":
+        # Skip forge scripts and .agentic/ files
+        is_forge_script = basename.startswith("forge") and basename.endswith(".py")
+        in_agentic = ".agentic/" in norm
+        if not is_forge_script and not in_agentic:
+            if "print(" in content:
+                found = True
+    elif ext == ".rb":
+        if re.search(r"^\s*(puts |pp |p )", content, re.MULTILINE):
+            found = True
+    if found:
+        return (
+            f"forge: debug statement detectado en {file_path}"
+            " — recuerda quitarlo antes del commit"
+        )
+    return None
+# ---------------------------------------------------------------------------
+# Check 3 — Secret detection
+# ---------------------------------------------------------------------------
+SECRET_PATTERN = re.compile(
+    r'(password|passwd|secret|api_key|apikey|token|private_key)\s*[=:]\s*["\'][^"\']{8,}["\']',
+    re.IGNORECASE,
+)
+LONG_SECRET_PATTERN = re.compile(
+    r'\b(key|secret|token|password|auth|api_key|apikey)\b\s*[=:]\s*["\'][A-Za-z0-9+/=_\-]{20,}["\']',
+    re.IGNORECASE,
+)
+EXEMPT_EXTENSIONS = {".md"}
+EXEMPT_SUFFIXES = (".env.example", ".env.sample")
+TEST_PATTERNS = re.compile(r'\.(test|spec)\.')
+def is_exempt_from_secret_check(file_path):
+    norm = file_path.replace("\\", "/")
+    basename = os.path.basename(norm)
+    _, ext = os.path.splitext(basename)
+    if ext.lower() in EXEMPT_EXTENSIONS:
+        return True
+    for suffix in EXEMPT_SUFFIXES:
+        if norm.endswith(suffix):
+            return True
+    if TEST_PATTERNS.search(basename):
+        return True
+    return False
+def check_secret_detection(file_path, content):
+    """Block if hardcoded credentials are detected."""
+    if is_exempt_from_secret_check(file_path):
+        return None
+    if SECRET_PATTERN.search(content) or LONG_SECRET_PATTERN.search(content):
+        return (
+            f"forge: posible credencial hardcodeada detectada en {file_path}."
+            " Usa variables de entorno."
+        )
+    return None
+# ---------------------------------------------------------------------------
+# project.yaml — custom forbidden patterns + enterprise mode
+# ---------------------------------------------------------------------------
+def check_project_yaml_patterns(file_path, content, project):
+    """Check project.yaml forbidden_patterns if present."""
+    try:
+        rules = project.get("rules", {})
+        forbidden = rules.get("forbidden_patterns", [])
+        if not isinstance(forbidden, list):
+            return None
+        for pattern in forbidden:
+            if re.search(pattern, content):
+                return (
+                    f"forge: patrón prohibido detectado en {file_path} "
+                    f"(regla: {pattern!r})"
+                )
+    except Exception as e:
+        dbg(f"project.yaml patterns error: {e}")
+    return None
+# ---------------------------------------------------------------------------
+# Main
+# ---------------------------------------------------------------------------
+def main():
+    try:
+        raw = sys.stdin.read()
+        if not raw.strip():
+            dbg("empty stdin, allowing")
+            sys.exit(0)
+        data = json.loads(raw)
+    except Exception as e:
+        dbg(f"stdin parse error: {e}")
+        sys.exit(0)
+    try:
+        tool_name = data.get("tool_name", "")
+        tool_input = data.get("tool_input", {})
+        file_path = tool_input.get("file_path", "")
+        if not file_path:
+            sys.exit(0)
+        # Determine new content being written
+        if tool_name == "Write":
+            new_content = tool_input.get("content", "")
+        elif tool_name == "Edit":
+            new_content = tool_input.get("new_string", "")
+        else:
+            sys.exit(0)
+        dbg(f"tool={tool_name} file={file_path} content_len={len(new_content)}")
+        project = load_project_yaml()
+        enterprise_mode = project.get("mode", "") == "enterprise"
+        # Check 1 — Branch guard
+        block_msg = check_branch_guard(file_path)
+        if block_msg:
+            print(block_msg, flush=True)
+            sys.exit(2)
+        # Check 2 — Debug statements
+        warn_msg = check_debug_statements(file_path, new_content)
+        if warn_msg:
+            if enterprise_mode:
+                print(warn_msg, flush=True)
+                sys.exit(2)
+            else:
+                print(warn_msg, flush=True)
+                # fall through — warning only
+        # Check 3 — Secret detection
+        block_msg = check_secret_detection(file_path, new_content)
+        if block_msg:
+            print(block_msg, flush=True)
+            sys.exit(2)
+        # project.yaml forbidden patterns
+        block_msg = check_project_yaml_patterns(file_path, new_content, project)
+        if block_msg:
+            print(block_msg, flush=True)
+            sys.exit(2)
+    except Exception as e:
+        dbg(f"unexpected error: {e}")
+        sys.exit(0)
+    sys.exit(0)
+if __name__ == "__main__":
+    main()

package/assets/core/hooks/session-start.sh ADDED Viewed

@@ -0,0 +1,184 @@
+#!/usr/bin/env bash
+# Forge v2 — SessionStart hook: verifica ambiente antes de cada sesión.
+#
+# Evento recomendado: UserPromptSubmit (primer mensaje) — Claude Code aún no
+# expone SessionStart como evento de hook; UserPromptSubmit es el equivalente
+# más cercano para verificaciones al inicio de sesión.
+#
+# Diferente del slash command /session-start: este hook es automático y
+# determinístico — no requiere intervención del usuario.
+set -euo pipefail
+CHECKS_PASSED=0
+CHECKS_TOTAL=0
+OUTPUT=""
+HAS_ERROR=false
+check() {
+    local name="$1"
+    local result="$2"   # "ok" | "warn: <msg>" | "error: <msg>"
+    CHECKS_TOTAL=$((CHECKS_TOTAL + 1))
+    if [[ "$result" == "ok" ]]; then
+        CHECKS_PASSED=$((CHECKS_PASSED + 1))
+    elif [[ "$result" == error:* ]]; then
+        HAS_ERROR=true
+        local msg="${result#error: }"
+        OUTPUT+="  error: ${msg}\n"
+    else
+        local msg="${result#warn: }"
+        OUTPUT+="  warn: ${msg}\n"
+    fi
+}
+# ---------------------------------------------------------------------------
+# Check 1 — Herramientas básicas disponibles
+# ---------------------------------------------------------------------------
+if ! command -v git &>/dev/null; then
+    check "git" "error: git no está instalado o no está en PATH"
+else
+    check "git" "ok"
+fi
+if ! command -v python3 &>/dev/null; then
+    check "python3" "error: python3 no está instalado o no está en PATH"
+else
+    check "python3" "ok"
+fi
+# Si faltan herramientas críticas, salir ya con error
+if [[ "$HAS_ERROR" == "true" ]]; then
+    printf "forge session: ERROR — herramientas críticas faltantes:\n"
+    printf "%b" "$OUTPUT"
+    exit 2
+fi
+# ---------------------------------------------------------------------------
+# Check 2 — Branch actual no es main/master
+# ---------------------------------------------------------------------------
+CURRENT_BRANCH="$(git branch --show-current 2>/dev/null || true)"
+if [[ "$CURRENT_BRANCH" == "main" || "$CURRENT_BRANCH" == "master" ]]; then
+    check "branch" "warn: branch '${CURRENT_BRANCH}' — considera trabajar en una feature branch"
+else
+    check "branch" "ok"
+fi
+# ---------------------------------------------------------------------------
+# Check 3 — Cambios sin commitear
+# ---------------------------------------------------------------------------
+GIT_STATUS="$(git status --short 2>/dev/null || true)"
+if [[ -n "$GIT_STATUS" ]]; then
+    check "uncommitted" "warn: cambios sin commitear en el worktree"
+else
+    check "uncommitted" "ok"
+fi
+# ---------------------------------------------------------------------------
+# Check 4 — project.yaml existe
+# ---------------------------------------------------------------------------
+PROJECT_YAML=""
+SEARCH_PATH="$(pwd)"
+for _i in 1 2 3 4 5 6; do
+    if [[ -f "${SEARCH_PATH}/project.yaml" ]]; then
+        PROJECT_YAML="${SEARCH_PATH}/project.yaml"
+        break
+    fi
+    PARENT="$(dirname "$SEARCH_PATH")"
+    [[ "$PARENT" == "$SEARCH_PATH" ]] && break
+    SEARCH_PATH="$PARENT"
+done
+if [[ -z "$PROJECT_YAML" ]]; then
+    check "project.yaml" "warn: project.yaml no encontrado — ejecutar forge-wizard.py"
+else
+    check "project.yaml" "ok"
+    # ---------------------------------------------------------------------------
+    # Check 5 — project.yaml tiene project.name y project.mode
+    # ---------------------------------------------------------------------------
+    YAML_VALID="$(python3 - "$PROJECT_YAML" <<'PYEOF'
+import sys, yaml
+path = sys.argv[1]
+try:
+    with open(path) as f:
+        data = yaml.safe_load(f)
+    if not isinstance(data, dict):
+        print("invalid")
+        sys.exit(0)
+    missing = []
+    project = data.get("project", {})
+    if not project.get("name"):
+        missing.append("project.name")
+    if not project.get("mode"):
+        missing.append("project.mode")
+    if missing:
+        print("missing:" + ",".join(missing))
+    else:
+        print("ok")
+except Exception as e:
+    print(f"error:{e}")
+PYEOF
+)"
+    if [[ "$YAML_VALID" == "ok" ]]; then
+        check "project.yaml.fields" "ok"
+    elif [[ "$YAML_VALID" == missing:* ]]; then
+        MISSING_FIELDS="${YAML_VALID#missing:}"
+        check "project.yaml.fields" "warn: project.yaml faltan campos: ${MISSING_FIELDS}"
+    else
+        check "project.yaml.fields" "warn: project.yaml no se pudo parsear — verificar sintaxis"
+    fi
+    # ---------------------------------------------------------------------------
+    # Check 6 — Variables de entorno de producción activas en sesión local
+    # ---------------------------------------------------------------------------
+    HAS_DEPLOY="$(python3 - "$PROJECT_YAML" <<'PYEOF'
+import sys, yaml
+path = sys.argv[1]
+try:
+    with open(path) as f:
+        data = yaml.safe_load(f)
+    if isinstance(data, dict) and data.get("deploy"):
+        print("yes")
+    else:
+        print("no")
+except Exception:
+    print("no")
+PYEOF
+)"
+    if [[ "$HAS_DEPLOY" == "yes" ]]; then
+        PROD_VARS=""
+        while IFS='=' read -r key _value; do
+            if [[ "$key" =~ ^(PROD_|PRODUCTION_|PROD$|PRODUCTION$) ]]; then
+                PROD_VARS+="${key} "
+            fi
+        done < <(env)
+        if [[ -n "$PROD_VARS" ]]; then
+            check "prod-env" "warn: variables de producción activas en sesión: ${PROD_VARS// /, } — verificar que es intencional"
+        else
+            check "prod-env" "ok"
+        fi
+    else
+        check "prod-env" "ok"
+    fi
+fi
+# ---------------------------------------------------------------------------
+# Salida
+# ---------------------------------------------------------------------------
+WARNINGS=$((CHECKS_TOTAL - CHECKS_PASSED))
+if [[ $WARNINGS -eq 0 ]]; then
+    # Silencioso — todo OK
+    exit 0
+fi
+# Construir etiquetas para el resumen
+LABELS=""
+[[ "$CURRENT_BRANCH" == "main" || "$CURRENT_BRANCH" == "master" ]] && LABELS+="[branch ${CURRENT_BRANCH}] "
+[[ -n "$GIT_STATUS" ]] && LABELS+="[cambios sin commitear] "
+[[ -z "$PROJECT_YAML" ]] && LABELS+="[sin project.yaml] "
+printf "forge session: %d advertencia(s) — %s\n" "$WARNINGS" "${LABELS%% }"
+printf "%b" "$OUTPUT"
+exit 0