javi-forge 1.1.0 → 1.2.0

package/ci-local/ci-local.sh

@@ -46,9 +46,24 @@ setup_ci_commands() {
             ;;
         node)
             DOCKERFILE="node.Dockerfile"
-            LINT_CMD="$BUILD_TOOL run lint"
-            COMPILE_CMD="$BUILD_TOOL run build"
-            TEST_CMD="$BUILD_TOOL test"
+            # Only set lint if the script exists in package.json
+            if grep -q '"lint"' "$PROJECT_DIR/package.json" 2>/dev/null; then
+                LINT_CMD="$BUILD_TOOL run lint"
+            else
+                LINT_CMD=""
+            fi
+            # Only set compile if build script exists
+            if grep -q '"build"' "$PROJECT_DIR/package.json" 2>/dev/null; then
+                COMPILE_CMD="$BUILD_TOOL run build"
+            else
+                COMPILE_CMD=""
+            fi
+            # Only set test if test script exists
+            if grep -q '"test"' "$PROJECT_DIR/package.json" 2>/dev/null; then
+                TEST_CMD="$BUILD_TOOL test"
+            else
+                TEST_CMD=""
+            fi
             ;;
         python)
             DOCKERFILE="python.Dockerfile"
@@ -206,6 +221,7 @@ run_in_ci() {
     fi
     docker run "${docker_flags[@]}" \
         --stop-timeout 30 \
+        --entrypoint "" \
         -v "$PROJECT_DIR:/home/runner/work" \
         -e CI=true \
         "$image_name" timeout "$timeout" bash -c "$1"

package/ci-local/hooks/pre-commit

@@ -1,162 +1,17 @@
 #!/bin/bash
 # =============================================================================
-# PRE-COMMIT: Universal quick checks before commit
+# PRE-COMMIT: Quick CI check via javi-forge
 # =============================================================================
-# Detecta el stack y ejecuta lint + compile rapido
-# Tiempo: ~30-60 segundos
+# Requires: npm install -g javi-forge
+# To skip:  git commit --no-verify
 # =============================================================================
 
 set -e
 
-# Encontrar directorio .ci-local
-HOOK_DIR="$(cd "$(dirname "$0")" && pwd)"
-if [[ -d "$HOOK_DIR/../.ci-local" ]]; then
-    CI_LOCAL_DIR="$HOOK_DIR/../.ci-local"
-elif [[ -d "$(git rev-parse --show-toplevel)/.ci-local" ]]; then
-    CI_LOCAL_DIR="$(git rev-parse --show-toplevel)/.ci-local"
-else
-    echo "Warning: .ci-local not found, skipping pre-commit checks"
-    exit 0
-fi
-
-PROJECT_DIR="$(dirname "$CI_LOCAL_DIR")"
-
-# Source shared library for colors and detect_stack
-source "$CI_LOCAL_DIR/../lib/common.sh"
-
-echo -e "${YELLOW}[pre-commit] Running quick checks...${NC}"
-
-# =============================================================================
-# CHECK: No AI attribution in staged files
-# =============================================================================
-echo -e "${YELLOW}[1/3] Checking for AI attribution...${NC}"
-
-# Patrones prohibidos (case insensitive)
-AI_PATTERNS=(
-    "co-authored-by:.*claude"
-    "co-authored-by:.*anthropic"
-    "co-authored-by:.*gpt"
-    "co-authored-by:.*openai"
-    "co-authored-by:.*copilot"
-    "co-authored-by:.*gemini"
-    "co-authored-by:.*\bai\b"
-    "made by claude"
-    "made by gpt"
-    "made by ai"
-    "generated by claude"
-    "generated by gpt"
-    "generated by ai"
-    "generated with claude"
-    "generated with ai"
-    "written by claude"
-    "written by ai"
-    "created by claude"
-    "created by ai"
-    "assisted by claude"
-    "assisted by ai"
-    "with help from claude"
-    "claude code"
-    "made by anthropic"
-    "powered by anthropic"
-    "created by anthropic"
-    "made by openai"
-    "powered by openai"
-    "created by openai"
-    "@anthropic.com"
-    "@openai.com"
-)
-
-# Check actual staged content using git show :0:file
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -vE '\.(png|jpg|jpeg|gif|ico|woff|ttf|eot|svg|lock)$' || true)
-
-if [[ -n "$STAGED_FILES" ]]; then
-    for pattern in "${AI_PATTERNS[@]}"; do
-        while IFS= read -r file; do
-            [[ -z "$file" ]] && continue
-            if git show ":0:$file" 2>/dev/null | grep -iqE "$pattern"; then
-                echo -e "${RED}[BLOCKED] AI attribution found in staged content: $file${NC}"
-                echo -e "${RED}  Pattern matched: $pattern${NC}"
-                git show ":0:$file" | grep -inE "$pattern" | head -3 | while IFS= read -r line; do
-                    echo -e "${RED}    $line${NC}"
-                done
-                echo ""
-                echo -e "${YELLOW}Remove AI attribution before committing.${NC}"
-                exit 1
-            fi
-        done <<< "$STAGED_FILES"
-    done
-    echo -e "${GREEN}  No AI attribution found${NC}"
-fi
-
-# Semgrep security scan - native or Docker fallback
-SEMGREP_CMD=""
-SEMGREP_MODE=""
-if command -v semgrep &> /dev/null; then
-    SEMGREP_CMD="native"
-    SEMGREP_MODE="native"
-elif command -v docker &> /dev/null && docker info &> /dev/null 2>&1; then
-    SEMGREP_CMD="docker"
-    SEMGREP_MODE="Docker"
-fi
-
-if [[ -n "$SEMGREP_CMD" ]]; then
-    echo -e "${YELLOW}[2/3] Security scan (Semgrep via $SEMGREP_MODE)...${NC}"
-    STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(java|kt|js|ts|py|go|rs)$' || true)
-    if [[ -n "$STAGED_FILES" ]]; then
-        if [[ "$SEMGREP_CMD" == "native" ]]; then
-            echo "$STAGED_FILES" | tr '\n' '\0' | xargs -0 semgrep --config=.ci-local/semgrep.yml --severity=ERROR --quiet 2>/dev/null || {
-                echo -e "${RED}Semgrep found issues${NC}"
-                exit 1
-            }
-        else
-            # Pipe file list via stdin into the container where xargs feeds it to semgrep
-            echo "$STAGED_FILES" | docker run --rm -i -v "${PROJECT_DIR}:/src" -w /src returntocorp/semgrep \
-                sh -c 'xargs semgrep --config=/src/.ci-local/semgrep.yml --severity=ERROR --quiet' 2>/dev/null || {
-                echo -e "${RED}Semgrep found issues${NC}"
-                exit 1
-            }
-        fi
-        echo -e "${GREEN}Security OK${NC}"
-    else
-        echo -e "${GREEN}No files to scan${NC}"
-    fi
-else
-    echo -e "${YELLOW}[2/3] Semgrep not available, skipping (install semgrep or use Docker)${NC}"
-fi
-
-# Quick compile/lint basado en el stack
-echo -e "${YELLOW}[3/3] Quick compile check...${NC}"
-cd "$PROJECT_DIR"
-
-# Use shared stack detection from lib/common.sh
-detect_stack
-
-case "$STACK_TYPE" in
-    java-gradle)
-        ./gradlew spotlessCheck classes --no-daemon -q 2>/dev/null || {
-            echo -e "${RED}Gradle check failed. Run: ./gradlew spotlessApply${NC}"
-            exit 1
-        }
-        ;;
-    java-maven)
-        ./mvnw compile -q 2>/dev/null || exit 1
-        ;;
-    node)
-        if [[ "$BUILD_TOOL" == "pnpm" ]]; then
-            pnpm lint --silent 2>/dev/null || exit 1
-        elif [[ "$BUILD_TOOL" == "yarn" ]]; then
-            yarn lint --silent 2>/dev/null || exit 1
-        else
-            npm run lint --silent 2>/dev/null || exit 1
-        fi
-        ;;
-    rust)
-        cargo check --quiet 2>/dev/null || exit 1
-        ;;
-    go)
-        go build ./... 2>/dev/null || exit 1
-        ;;
-esac
-
-echo -e "${GREEN}Compile OK${NC}"
-echo -e "${GREEN}[pre-commit] All checks passed!${NC}"
+echo "PRE-COMMIT: Running quick check..."
+javi-forge ci --quick --no-security --no-ghagga || {
+    echo ""
+    echo "Quick check FAILED — Fix the issues above before committing."
+    echo "To skip: git commit --no-verify"
+    exit 1
+}

package/ci-local/hooks/pre-push

@@ -1,41 +1,24 @@
 #!/bin/bash
 # =============================================================================
-# PRE-PUSH: Full CI simulation before push
+# PRE-PUSH: Full CI simulation via javi-forge
 # =============================================================================
-# Corre tests en Docker identico al CI
-# Si pasa aca -> pasa en GitHub Actions / GitLab CI
+# Requires: npm install -g javi-forge
+# To skip:  git push --no-verify
 # =============================================================================
 
 set -e
 
-# Encontrar directorio .ci-local
-if [[ -d "$(git rev-parse --show-toplevel)/.ci-local" ]]; then
-    CI_LOCAL_DIR="$(git rev-parse --show-toplevel)/.ci-local"
-else
-    echo "Warning: .ci-local not found, skipping pre-push CI simulation"
-    exit 0
-fi
-
-# Source shared library for colors
-source "$CI_LOCAL_DIR/../lib/common.sh"
-
-echo -e "${BLUE}PRE-PUSH: CI Simulation${NC}"
-
-# Verificar Docker
-if ! docker info &> /dev/null; then
-    echo -e "${RED}Docker is not running.${NC}"
-    echo -e "${YELLOW}  Start Docker or use: git push --no-verify${NC}"
+# Verify Docker is running
+if ! docker info &>/dev/null; then
+    echo "PRE-PUSH: Docker is not running."
+    echo "  Start Docker or use: git push --no-verify"
     exit 1
 fi
 
-# Ejecutar CI local
-"$CI_LOCAL_DIR/ci-local.sh" full || {
-    echo -e ""
-    echo -e "${RED}CI SIMULATION FAILED - Push aborted${NC}"
-    echo -e "${RED}Fix the issues above before pushing.${NC}"
-    echo -e "${RED}To skip: git push --no-verify${NC}"
+echo "PRE-PUSH: Running CI simulation..."
+javi-forge ci || {
+    echo ""
+    echo "CI FAILED — Push aborted. Fix the issues above before pushing."
+    echo "To skip: git push --no-verify"
     exit 1
 }
-
-echo -e ""
-echo -e "${GREEN}CI Simulation PASSED - Safe to push!${NC}"

package/dist/commands/ci.d.ts

@@ -0,0 +1,33 @@
+import type { Stack } from '../types/index.js';
+export type CIMode = 'full' | 'quick' | 'shell' | 'detect';
+export interface CIOptions {
+    projectDir?: string;
+    mode?: CIMode;
+    /** Skip Docker entirely — run commands natively */
+    noDocker?: boolean;
+    /** Skip GHAGGA review step */
+    noGhagga?: boolean;
+    /** Skip Semgrep security scan */
+    noSecurity?: boolean;
+    /** Timeout in seconds for each Docker step (default: 600) */
+    timeout?: number;
+}
+export type CIStepStatus = 'pending' | 'running' | 'done' | 'error' | 'skipped';
+export interface CIStep {
+    id: string;
+    label: string;
+    status: CIStepStatus;
+    detail?: string;
+}
+export type CIStepCallback = (step: CIStep) => void;
+export interface CIStackInfo {
+    stackType: Stack;
+    buildTool: string;
+    javaVersion: string;
+    lintCmd: string | null;
+    compileCmd: string | null;
+    testCmd: string | null;
+}
+export declare function detectCIStack(projectDir: string): Promise<CIStackInfo>;
+export declare function runCI(options: CIOptions, onStep: CIStepCallback): Promise<void>;
+//# sourceMappingURL=ci.d.ts.map

package/dist/commands/ci.js

@@ -0,0 +1,341 @@
+import { execFile, spawn } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs-extra';
+import path from 'path';
+import { isDockerAvailable, ensureImage, runInContainer, openShell } from '../lib/docker.js';
+const execFileAsync = promisify(execFile);
+// =============================================================================
+// Stack detection
+// =============================================================================
+export async function detectCIStack(projectDir) {
+    let stackType = 'node';
+    let buildTool = 'npm';
+    let javaVersion = '21';
+    // Java Gradle
+    if (await fs.pathExists(path.join(projectDir, 'build.gradle.kts')) ||
+        await fs.pathExists(path.join(projectDir, 'build.gradle'))) {
+        stackType = 'java-gradle';
+        buildTool = 'gradle';
+        // Try to read java version from build files
+        const ktsPath = path.join(projectDir, 'build.gradle.kts');
+        const gradlePath = path.join(projectDir, 'build.gradle');
+        if (await fs.pathExists(ktsPath)) {
+            const content = await fs.readFile(ktsPath, 'utf-8');
+            const match = content.match(/JavaLanguageVersion\.of\((\d+)\)/);
+            if (match?.[1])
+                javaVersion = match[1];
+        }
+        else if (await fs.pathExists(gradlePath)) {
+            const content = await fs.readFile(gradlePath, 'utf-8');
+            const match = content.match(/sourceCompatibility\s*=\s*['"]*(\d+)/);
+            if (match?.[1])
+                javaVersion = match[1];
+        }
+    }
+    // Java Maven
+    else if (await fs.pathExists(path.join(projectDir, 'pom.xml'))) {
+        stackType = 'java-maven';
+        buildTool = 'mvn';
+    }
+    // Node
+    else if (await fs.pathExists(path.join(projectDir, 'package.json'))) {
+        stackType = 'node';
+        if (await fs.pathExists(path.join(projectDir, 'pnpm-lock.yaml')))
+            buildTool = 'pnpm';
+        else if (await fs.pathExists(path.join(projectDir, 'yarn.lock')))
+            buildTool = 'yarn';
+        else
+            buildTool = 'npm';
+    }
+    // Go
+    else if (await fs.pathExists(path.join(projectDir, 'go.mod'))) {
+        stackType = 'go';
+        buildTool = 'go';
+    }
+    // Rust
+    else if (await fs.pathExists(path.join(projectDir, 'Cargo.toml'))) {
+        stackType = 'rust';
+        buildTool = 'cargo';
+    }
+    // Python
+    else if (await fs.pathExists(path.join(projectDir, 'pyproject.toml')) ||
+        await fs.pathExists(path.join(projectDir, 'requirements.txt')) ||
+        await fs.pathExists(path.join(projectDir, 'setup.py'))) {
+        stackType = 'python';
+        if (await fs.pathExists(path.join(projectDir, 'uv.lock')))
+            buildTool = 'uv';
+        else if (await fs.pathExists(path.join(projectDir, 'poetry.lock')))
+            buildTool = 'poetry';
+        else
+            buildTool = 'pip';
+    }
+    // Build CI commands per stack
+    const { lintCmd, compileCmd, testCmd } = await buildCICommands(stackType, buildTool, projectDir);
+    return { stackType, buildTool, javaVersion, lintCmd, compileCmd, testCmd };
+}
+async function buildCICommands(stack, buildTool, projectDir) {
+    switch (stack) {
+        case 'java-gradle':
+            return {
+                lintCmd: './gradlew spotlessCheck --no-daemon',
+                compileCmd: './gradlew classes testClasses --no-daemon',
+                testCmd: './gradlew test --no-daemon',
+            };
+        case 'java-maven':
+            return {
+                lintCmd: './mvnw spotless:check',
+                compileCmd: './mvnw compile test-compile',
+                testCmd: './mvnw test',
+            };
+        case 'node': {
+            const pkgPath = path.join(projectDir, 'package.json');
+            let pkgContent = '';
+            try {
+                pkgContent = await fs.readFile(pkgPath, 'utf-8');
+            }
+            catch { /* no package.json */ }
+            // Clean dist/ before build to avoid permission issues from prior Docker builds
+            const buildPrefix = 'rm -rf dist/ && ';
+            return {
+                lintCmd: pkgContent.includes('"lint"') ? `${buildTool} run lint` : null,
+                compileCmd: pkgContent.includes('"build"') ? `${buildPrefix}${buildTool} run build` : null,
+                testCmd: pkgContent.includes('"test"') ? `${buildTool} ${buildTool === 'npm' ? 'test' : 'run test'}` : null,
+            };
+        }
+        case 'python':
+            return {
+                lintCmd: 'ruff check . && { pylint **/*.py 2>/dev/null || true; }',
+                compileCmd: null,
+                testCmd: 'pytest',
+            };
+        case 'go':
+            return {
+                lintCmd: 'golangci-lint run',
+                compileCmd: 'go build ./...',
+                testCmd: 'go test ./...',
+            };
+        case 'rust':
+            return {
+                lintCmd: 'cargo clippy -- -D warnings',
+                compileCmd: 'cargo build',
+                testCmd: 'cargo test',
+            };
+        default:
+            return { lintCmd: null, compileCmd: null, testCmd: null };
+    }
+}
+// =============================================================================
+// GHAGGA check
+// =============================================================================
+async function isGhaggaAvailable() {
+    try {
+        await execFileAsync('ghagga', ['--version'], { timeout: 3000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// =============================================================================
+// Main CI runner
+// =============================================================================
+function report(onStep, id, label, status, detail) {
+    onStep({ id, label, status, detail });
+}
+export async function runCI(options, onStep) {
+    const { projectDir = process.cwd(), mode = 'full', noDocker = false, noGhagga = false, noSecurity = false, timeout = 600, } = options;
+    // ── Detect stack ────────────────────────────────────────────────────────────
+    const stepDetect = 'detect';
+    report(onStep, stepDetect, 'Detecting stack', 'running');
+    let stackInfo;
+    try {
+        stackInfo = await detectCIStack(projectDir);
+        report(onStep, stepDetect, `Stack: ${stackInfo.stackType} (${stackInfo.buildTool})`, 'done');
+    }
+    catch (e) {
+        report(onStep, stepDetect, 'Detecting stack', 'error', String(e));
+        throw e;
+    }
+    // ── Detect mode ─────────────────────────────────────────────────────────────
+    if (mode === 'detect')
+        return;
+    // ── Shell mode ──────────────────────────────────────────────────────────────
+    if (mode === 'shell') {
+        if (noDocker) {
+            report(onStep, 'shell', 'Shell', 'error', '--shell requires Docker');
+            throw new Error('--shell requires Docker');
+        }
+        report(onStep, 'docker-image', 'Building Docker image', 'running');
+        try {
+            await ensureImage({ stack: stackInfo.stackType, javaVersion: stackInfo.javaVersion });
+            report(onStep, 'docker-image', 'Docker image ready', 'done');
+        }
+        catch (e) {
+            report(onStep, 'docker-image', 'Building Docker image', 'error', String(e));
+            throw e;
+        }
+        await openShell(projectDir);
+        return;
+    }
+    // ── Check Docker ─────────────────────────────────────────────────────────────
+    if (!noDocker) {
+        const stepDocker = 'docker-check';
+        report(onStep, stepDocker, 'Checking Docker', 'running');
+        const dockerOk = await isDockerAvailable();
+        if (!dockerOk) {
+            report(onStep, stepDocker, 'Docker not available', 'error', 'Start Docker or use --no-docker');
+            throw new Error('Docker is not available');
+        }
+        report(onStep, stepDocker, 'Docker available', 'done');
+        // Build image
+        const stepImage = 'docker-image';
+        report(onStep, stepImage, `Building image for ${stackInfo.stackType}`, 'running');
+        try {
+            await ensureImage({ stack: stackInfo.stackType, javaVersion: stackInfo.javaVersion });
+            report(onStep, stepImage, 'Docker image ready', 'done');
+        }
+        catch (e) {
+            report(onStep, stepImage, 'Building Docker image', 'error', String(e));
+            throw e;
+        }
+    }
+    // ── Lint ─────────────────────────────────────────────────────────────────────
+    if (stackInfo.lintCmd) {
+        const stepLint = 'lint';
+        report(onStep, stepLint, `Lint: ${stackInfo.lintCmd}`, 'running');
+        try {
+            await runStep(stackInfo.lintCmd, projectDir, noDocker, timeout);
+            report(onStep, stepLint, 'Lint passed', 'done');
+        }
+        catch (e) {
+            report(onStep, stepLint, 'Lint failed', 'error', String(e));
+            throw e;
+        }
+    }
+    // ── Compile ──────────────────────────────────────────────────────────────────
+    if (stackInfo.compileCmd) {
+        const stepCompile = 'compile';
+        report(onStep, stepCompile, `Compile: ${stackInfo.compileCmd}`, 'running');
+        try {
+            await runStep(stackInfo.compileCmd, projectDir, noDocker, timeout);
+            report(onStep, stepCompile, 'Compile passed', 'done');
+        }
+        catch (e) {
+            report(onStep, stepCompile, 'Compile failed', 'error', String(e));
+            throw e;
+        }
+    }
+    // ── Test (full mode only) ────────────────────────────────────────────────────
+    if (mode === 'full' && stackInfo.testCmd) {
+        const stepTest = 'test';
+        report(onStep, stepTest, `Test: ${stackInfo.testCmd}`, 'running');
+        try {
+            await runStep(stackInfo.testCmd, projectDir, noDocker, timeout);
+            report(onStep, stepTest, 'Tests passed', 'done');
+        }
+        catch (e) {
+            report(onStep, stepTest, 'Tests failed', 'error', String(e));
+            throw e;
+        }
+    }
+    // ── Security scan (full mode only) ──────────────────────────────────────────
+    if (mode === 'full' && !noSecurity) {
+        const stepSecurity = 'security';
+        const semgrepAvailable = await isSemgrepAvailable();
+        if (semgrepAvailable) {
+            report(onStep, stepSecurity, 'Security scan (Semgrep)', 'running');
+            try {
+                await runSemgrep(projectDir);
+                report(onStep, stepSecurity, 'Security scan passed', 'done');
+            }
+            catch (e) {
+                report(onStep, stepSecurity, 'Security scan failed', 'error', String(e));
+                throw e;
+            }
+        }
+        else {
+            report(onStep, stepSecurity, 'Security scan', 'skipped', 'Semgrep not available — install semgrep or Docker');
+        }
+    }
+    // ── GHAGGA review (full mode only) ──────────────────────────────────────────
+    if (mode === 'full' && !noGhagga) {
+        const stepGhagga = 'ghagga';
+        const ghagga = await isGhaggaAvailable();
+        if (ghagga) {
+            report(onStep, stepGhagga, 'GHAGGA review', 'running');
+            try {
+                await runGhagga(projectDir);
+                report(onStep, stepGhagga, 'GHAGGA review passed', 'done');
+            }
+            catch (e) {
+                report(onStep, stepGhagga, 'GHAGGA review failed', 'error', String(e));
+                throw e;
+            }
+        }
+        else {
+            report(onStep, stepGhagga, 'GHAGGA review', 'skipped', 'ghagga not installed');
+        }
+    }
+}
+// =============================================================================
+// Step runners
+// =============================================================================
+async function runStep(command, projectDir, noDocker, timeout) {
+    if (noDocker) {
+        // Run natively
+        await new Promise((resolve, reject) => {
+            const proc = spawn('bash', ['-c', command], {
+                cwd: projectDir,
+                stdio: 'inherit',
+                env: { ...process.env, CI: 'true' },
+            });
+            proc.on('close', code => code === 0 ? resolve() : reject(new Error(`Command failed with code ${code}`)));
+            proc.on('error', reject);
+        });
+    }
+    else {
+        const result = await runInContainer({
+            projectDir,
+            command: `cd /home/runner/work && ${command}`,
+            timeout,
+            stream: true,
+        });
+        if (result.exitCode !== 0) {
+            throw new Error(`Command failed with exit code ${result.exitCode}`);
+        }
+    }
+}
+async function isSemgrepAvailable() {
+    try {
+        await execFileAsync('semgrep', ['--version'], { timeout: 3000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function runSemgrep(projectDir) {
+    // Look for semgrep config in project or use auto
+    const semgrepConfig = await fs.pathExists(path.join(projectDir, '.semgrep.yml'))
+        ? path.join(projectDir, '.semgrep.yml')
+        : 'auto';
+    await new Promise((resolve, reject) => {
+        const proc = spawn('semgrep', ['--config', semgrepConfig, '--severity', 'ERROR', '--quiet', '.'], {
+            cwd: projectDir,
+            stdio: 'inherit',
+        });
+        proc.on('close', code => code === 0 ? resolve() : reject(new Error(`Semgrep found issues (exit ${code})`)));
+        proc.on('error', reject);
+    });
+}
+async function runGhagga(projectDir) {
+    await new Promise((resolve, reject) => {
+        const proc = spawn('ghagga', ['review', '--plain', '--exit-on-issues'], {
+            cwd: projectDir,
+            stdio: 'inherit',
+        });
+        proc.on('close', code => code === 0 ? resolve() : reject(new Error(`GHAGGA review found issues (exit ${code})`)));
+        proc.on('error', reject);
+    });
+}
+//# sourceMappingURL=ci.js.map

package/dist/commands/init.js

@@ -49,6 +49,11 @@ export async function initProject(options, onStep) {
                 // Set core.hooksPath to ci-local/hooks
                 const hooksDir = path.join(ciLocalDest, 'hooks');
                 if (await fs.pathExists(hooksDir)) {
+                    // Ensure hooks are executable
+                    const hookFiles = await fs.readdir(hooksDir);
+                    for (const hook of hookFiles) {
+                        await fs.chmod(path.join(hooksDir, hook), 0o755);
+                    }
                     await execFileAsync('git', ['config', 'core.hooksPath', 'ci-local/hooks'], { cwd: projectDir });
                 }
             }

package/dist/index.js

@@ -2,18 +2,26 @@
 import React from 'react';
 import { render } from 'ink';
 import meow from 'meow';
+import updateNotifier from 'update-notifier';
+import { createRequire } from 'module';
 import App from './ui/App.js';
 import Doctor from './ui/Doctor.js';
 import AnalyzeUI from './ui/AnalyzeUI.js';
 import Plugin from './ui/Plugin.js';
 import LlmsTxt from './ui/LlmsTxt.js';
+import CI from './ui/CI.js';
 import { CIProvider as CIContextProvider } from './ui/CIContext.js';
+// Check for updates in background (non-blocking, cached 24h)
+const _require = createRequire(import.meta.url);
+const pkg = _require('../package.json');
+updateNotifier({ pkg, updateCheckInterval: 1000 * 60 * 60 * 24 }).notify();
 const cli = meow(`
   Usage
     $ javi-forge [command] [options]
 
   Commands
     init              Bootstrap a new project (default)
+    ci                Run CI simulation (lint + compile + test + security + ghagga)
     analyze           Run repoforge skills analysis
     doctor            Show health report
     plugin add        Install a plugin from GitHub (org/repo)
@@ -35,19 +43,28 @@ const cli = meow(`
     --version       Show version
     --help          Show this help
 
+  CI options (javi-forge ci)
+    --quick         Lint + compile only (fast, for pre-commit)
+    --shell         Open interactive shell in CI container
+    --detect        Show detected stack and exit
+    --no-docker     Run commands natively (no Docker)
+    --no-ghagga     Skip GHAGGA review
+    --no-security   Skip Semgrep security scan
+    --timeout N     Per-step timeout in seconds (default: 600)
+
   Examples
     $ javi-forge
     $ javi-forge init --dry-run
     $ javi-forge init --stack node --ci github
-    $ javi-forge init --dry-run --project-name app --stack node --ci github --batch
+    $ javi-forge ci
+    $ javi-forge ci --quick
+    $ javi-forge ci --no-ghagga --no-security
+    $ javi-forge ci --no-docker
+    $ javi-forge ci --shell
     $ javi-forge analyze
-    $ javi-forge analyze --dry-run
     $ javi-forge doctor
     $ javi-forge plugin add mapbox/agent-skills
     $ javi-forge plugin list
-    $ javi-forge plugin search ai
-    $ javi-forge plugin validate ./my-plugin
-    $ javi-forge plugin remove my-plugin
 `, {
     importMeta: import.meta,
     flags: {
@@ -59,6 +76,14 @@ const cli = meow(`
         ghagga: { type: 'boolean', default: false },
         mock: { type: 'boolean', default: false },
         batch: { type: 'boolean', default: false },
+        // CI flags
+        quick: { type: 'boolean', default: false },
+        shell: { type: 'boolean', default: false },
+        detect: { type: 'boolean', default: false },
+        noDocker: { type: 'boolean', default: false },
+        noGhagga: { type: 'boolean', default: false },
+        noSecurity: { type: 'boolean', default: false },
+        timeout: { type: 'number', default: 600 },
     }
 });
 const subcommand = cli.input[0] ?? 'init';
@@ -67,6 +92,15 @@ const VALID_CI = ['github', 'gitlab', 'woodpecker'];
 const VALID_MEMORY = ['engram', 'obsidian-brain', 'memory-simple', 'none'];
 const isCI = cli.flags.batch || process.env['CI'] === '1' || process.env['CI'] === 'true';
 switch (subcommand) {
+    case 'ci': {
+        const ciMode = cli.flags.detect ? 'detect'
+            : cli.flags.shell ? 'shell'
+                : cli.flags.quick ? 'quick'
+                    : 'full';
+        render(React.createElement(CIContextProvider, { isCI: true },
+            React.createElement(CI, { projectDir: process.cwd(), mode: ciMode, noDocker: cli.flags.noDocker, noGhagga: cli.flags.noGhagga, noSecurity: cli.flags.noSecurity, timeout: cli.flags.timeout })));
+        break;
+    }
     case 'doctor': {
         render(React.createElement(CIContextProvider, { isCI: isCI },
             React.createElement(Doctor, null)));

package/dist/lib/docker.d.ts

@@ -0,0 +1,43 @@
+import type { Stack } from '../types/index.js';
+export interface DockerRunOptions {
+    /** Absolute path to mount as /home/runner/work */
+    projectDir: string;
+    /** Command to run inside the container */
+    command: string;
+    /** Timeout in seconds (default: 600) */
+    timeout?: number;
+    /** Stream output to stdout/stderr (default: true) */
+    stream?: boolean;
+}
+export interface DockerRunResult {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+}
+export interface DockerImageOptions {
+    stack: Stack;
+    /** Java version override (only for java-* stacks) */
+    javaVersion?: string;
+    /** Directory where Dockerfiles are stored (defaults to package-bundled dir) */
+    dockerfilesDir?: string;
+}
+export declare function getImageName(stack: Stack): string;
+export declare function getDockerfileContent(stack: Stack): string;
+export declare function isDockerAvailable(): Promise<boolean>;
+/**
+ * Ensure a CI Docker image exists and is up-to-date.
+ * Rebuilds only if the Dockerfile content has changed (hash-based staleness check).
+ * Returns the image name.
+ */
+export declare function ensureImage(options: DockerImageOptions): Promise<string>;
+/**
+ * Run a shell command inside the CI Docker container.
+ * Mounts projectDir as /home/runner/work.
+ * Streams output to process.stdout/stderr by default.
+ */
+export declare function runInContainer(options: DockerRunOptions): Promise<DockerRunResult>;
+/**
+ * Open an interactive shell inside the CI container.
+ */
+export declare function openShell(projectDir: string): Promise<void>;
+//# sourceMappingURL=docker.d.ts.map

package/dist/lib/docker.js

@@ -0,0 +1,223 @@
+import { execFile, spawn } from 'child_process';
+import { promisify } from 'util';
+import crypto from 'crypto';
+import fs from 'fs-extra';
+import path from 'path';
+const execFileAsync = promisify(execFile);
+// =============================================================================
+// Image name
+// =============================================================================
+export function getImageName(stack) {
+    return `javi-forge-ci-${stack}`;
+}
+// =============================================================================
+// Dockerfile content per stack
+// =============================================================================
+export function getDockerfileContent(stack) {
+    switch (stack) {
+        case 'java-gradle':
+        case 'java-maven':
+            return [
+                'ARG JAVA_VERSION=21',
+                'FROM eclipse-temurin:${JAVA_VERSION}-jdk-noble',
+                'RUN apt-get update && apt-get install -y git curl unzip && rm -rf /var/lib/apt/lists/*',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+        case 'node':
+            return [
+                'FROM node:22-slim',
+                'RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*',
+                'RUN npm install -g pnpm',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+        case 'python':
+            return [
+                'FROM python:3.12-slim',
+                'RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*',
+                'RUN pip install --no-cache-dir pytest ruff pylint poetry',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+        case 'go':
+            return [
+                'FROM golang:1.23-bookworm',
+                'RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*',
+                'RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.0 && mv /root/go/bin/golangci-lint /usr/local/bin/',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+        case 'rust':
+            return [
+                'FROM rust:1.83-slim',
+                'RUN apt-get update && apt-get install -y git pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*',
+                'RUN rustup component add clippy rustfmt',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+        default:
+            return [
+                'FROM ubuntu:24.04',
+                'RUN apt-get update && apt-get install -y git curl && rm -rf /var/lib/apt/lists/*',
+                'RUN useradd -m -s /bin/bash runner',
+                'USER runner',
+                'WORKDIR /home/runner/work',
+                'ENTRYPOINT ["/bin/bash", "-c"]',
+            ].join('\n');
+    }
+}
+// =============================================================================
+// Docker availability
+// =============================================================================
+export async function isDockerAvailable() {
+    try {
+        await execFileAsync('docker', ['info'], { timeout: 5000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// =============================================================================
+// Image management
+// =============================================================================
+/**
+ * Ensure a CI Docker image exists and is up-to-date.
+ * Rebuilds only if the Dockerfile content has changed (hash-based staleness check).
+ * Returns the image name.
+ */
+export async function ensureImage(options) {
+    const { stack, javaVersion, dockerfilesDir } = options;
+    const imageName = getImageName(stack);
+    // Resolve Dockerfile path
+    const dockerDir = dockerfilesDir ?? path.join(path.dirname(new URL(import.meta.url).pathname), '../../ci-local/docker');
+    const dockerfilePath = path.join(dockerDir, `${stack}.Dockerfile`);
+    // Write Dockerfile if it doesn't exist yet (first run)
+    if (!await fs.pathExists(dockerfilePath)) {
+        await fs.ensureDir(dockerDir);
+        await fs.writeFile(dockerfilePath, getDockerfileContent(stack), 'utf-8');
+    }
+    // Staleness check: compare Dockerfile hash with the one embedded in the image label
+    const content = await fs.readFile(dockerfilePath, 'utf-8');
+    const currentHash = crypto.createHash('sha256').update(content).digest('hex');
+    let imageHash = '';
+    try {
+        const { stdout } = await execFileAsync('docker', [
+            'inspect', '--format', '{{index .Config.Labels "dockerfile-hash"}}', imageName,
+        ]);
+        imageHash = stdout.trim();
+    }
+    catch {
+        // Image doesn't exist yet
+    }
+    if (currentHash === imageHash) {
+        return imageName;
+    }
+    // Build image
+    const buildArgs = [
+        'build',
+        '--label', `dockerfile-hash=${currentHash}`,
+        '-f', dockerfilePath,
+        '-t', imageName,
+    ];
+    if (javaVersion && (stack === 'java-gradle' || stack === 'java-maven')) {
+        buildArgs.push('--build-arg', `JAVA_VERSION=${javaVersion}`);
+    }
+    buildArgs.push(dockerDir);
+    await new Promise((resolve, reject) => {
+        const proc = spawn('docker', buildArgs, { stdio: 'inherit' });
+        proc.on('close', code => code === 0 ? resolve() : reject(new Error(`docker build exited with code ${code}`)));
+        proc.on('error', reject);
+    });
+    return imageName;
+}
+// =============================================================================
+// Run command in container
+// =============================================================================
+/**
+ * Run a shell command inside the CI Docker container.
+ * Mounts projectDir as /home/runner/work.
+ * Streams output to process.stdout/stderr by default.
+ */
+export async function runInContainer(options) {
+    const { projectDir, command, timeout = 600, stream = true } = options;
+    const stack = await detectStackFromDir(projectDir);
+    const imageName = getImageName(stack);
+    const isInteractive = process.stdin.isTTY && stream;
+    const dockerArgs = [
+        'run', '--rm',
+        ...(isInteractive ? ['-it'] : []),
+        '--stop-timeout', '30',
+        '--entrypoint', '',
+        '-v', `${projectDir}:/home/runner/work`,
+        '-e', 'CI=true',
+        imageName,
+        'timeout', String(timeout), 'bash', '-c', command,
+    ];
+    return new Promise((resolve, reject) => {
+        const proc = spawn('docker', dockerArgs, {
+            stdio: stream ? 'inherit' : 'pipe',
+        });
+        let stdout = '';
+        let stderr = '';
+        if (!stream) {
+            proc.stdout?.on('data', (d) => { stdout += d.toString(); });
+            proc.stderr?.on('data', (d) => { stderr += d.toString(); });
+        }
+        proc.on('close', code => resolve({ exitCode: code ?? 1, stdout, stderr }));
+        proc.on('error', reject);
+    });
+}
+/**
+ * Open an interactive shell inside the CI container.
+ */
+export async function openShell(projectDir) {
+    const stack = await detectStackFromDir(projectDir);
+    const imageName = getImageName(stack);
+    await new Promise((resolve, reject) => {
+        const proc = spawn('docker', [
+            'run', '--rm', '-it',
+            '--entrypoint', '',
+            '-v', `${projectDir}:/home/runner/work`,
+            '-e', 'CI=true',
+            imageName,
+            'bash', '-c', 'cd /home/runner/work && exec bash',
+        ], { stdio: 'inherit' });
+        proc.on('close', () => resolve());
+        proc.on('error', reject);
+    });
+}
+// =============================================================================
+// Internal helpers
+// =============================================================================
+async function detectStackFromDir(projectDir) {
+    if (await fs.pathExists(path.join(projectDir, 'build.gradle.kts')))
+        return 'java-gradle';
+    if (await fs.pathExists(path.join(projectDir, 'build.gradle')))
+        return 'java-gradle';
+    if (await fs.pathExists(path.join(projectDir, 'pom.xml')))
+        return 'java-maven';
+    if (await fs.pathExists(path.join(projectDir, 'package.json')))
+        return 'node';
+    if (await fs.pathExists(path.join(projectDir, 'go.mod')))
+        return 'go';
+    if (await fs.pathExists(path.join(projectDir, 'Cargo.toml')))
+        return 'rust';
+    if (await fs.pathExists(path.join(projectDir, 'pyproject.toml')) ||
+        await fs.pathExists(path.join(projectDir, 'requirements.txt')) ||
+        await fs.pathExists(path.join(projectDir, 'setup.py')))
+        return 'python';
+    return 'node'; // fallback
+}
+//# sourceMappingURL=docker.js.map

package/dist/ui/CI.d.ts

@@ -0,0 +1,9 @@
+import React from 'react';
+import type { CIOptions } from '../commands/ci.js';
+interface CIProps extends CIOptions {
+    /** Called when CI finishes (success or failure) */
+    onDone?: (success: boolean) => void;
+}
+export default function CI(props: CIProps): React.JSX.Element;
+export {};
+//# sourceMappingURL=CI.d.ts.map

package/dist/ui/CI.js

@@ -0,0 +1,91 @@
+import React, { useEffect, useState, useRef } from 'react';
+import { Box, Text, useApp } from 'ink';
+import Spinner from 'ink-spinner';
+import { runCI } from '../commands/ci.js';
+import Header from './Header.js';
+import { theme } from './theme.js';
+// =============================================================================
+// Icons
+// =============================================================================
+const STATUS_ICON = {
+    pending: '○',
+    running: '●',
+    done: '✓',
+    error: '✗',
+    skipped: '–',
+};
+const STATUS_COLOR = {
+    pending: theme.muted,
+    running: theme.warning,
+    done: theme.success,
+    error: theme.error,
+    skipped: theme.muted,
+};
+// =============================================================================
+// Component
+// =============================================================================
+export default function CI(props) {
+    const { exit } = useApp();
+    const [steps, setSteps] = useState([]);
+    const [done, setDone] = useState(false);
+    const [success, setSuccess] = useState(null);
+    const started = useRef(false);
+    useEffect(() => {
+        if (started.current)
+            return;
+        started.current = true;
+        const onStep = (step) => {
+            setSteps(prev => {
+                const idx = prev.findIndex(s => s.id === step.id);
+                if (idx >= 0) {
+                    const next = [...prev];
+                    next[idx] = step;
+                    return next;
+                }
+                return [...prev, step];
+            });
+        };
+        runCI(props, onStep)
+            .then(() => {
+            setSuccess(true);
+            setDone(true);
+            props.onDone?.(true);
+            setTimeout(() => exit(), 200);
+        })
+            .catch(() => {
+            setSuccess(false);
+            setDone(true);
+            props.onDone?.(false);
+            // Give user time to read the error before exiting with failure code
+            setTimeout(() => {
+                exit();
+                process.exitCode = 1;
+            }, 300);
+        });
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []);
+    const mode = props.mode ?? 'full';
+    const subtitle = mode === 'quick' ? 'ci — quick' : mode === 'shell' ? 'ci — shell' : 'ci';
+    return (React.createElement(Box, { flexDirection: "column", padding: 1 },
+        React.createElement(Header, { subtitle: subtitle }),
+        React.createElement(Box, { flexDirection: "column", marginBottom: 1 }, steps.map(step => (React.createElement(Box, { key: step.id },
+            React.createElement(Text, { color: STATUS_COLOR[step.status] },
+                step.status === 'running'
+                    ? React.createElement(Spinner, { type: "dots" })
+                    : `${STATUS_ICON[step.status]} `,
+                step.label,
+                step.detail
+                    ? React.createElement(Text, { color: theme.muted, dimColor: true },
+                        '  ',
+                        step.detail)
+                    : null))))),
+        done && success === true && (React.createElement(Box, { marginTop: 1, flexDirection: "column" },
+            React.createElement(Text, { color: theme.success, bold: true }, "\u2713 CI passed \u2014 safe to push!"))),
+        done && success === false && (React.createElement(Box, { marginTop: 1, flexDirection: "column" },
+            React.createElement(Text, { color: theme.error, bold: true }, "\u2717 CI failed \u2014 fix the issues above before pushing."),
+            React.createElement(Text, { color: theme.muted, dimColor: true }, "  To skip: git push --no-verify"))),
+        !done && steps.length === 0 && (React.createElement(Text, { color: theme.warning },
+            React.createElement(Spinner, { type: "dots" }),
+            ' Starting CI...'))));
+}
+//# sourceMappingURL=CI.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javi-forge",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Project scaffolding and AI-ready CI bootstrap",
   "type": "module",
   "bin": {
@@ -23,9 +23,14 @@
     "ink-spinner": "^5.0.0",
     "meow": "^14.1.0",
     "react": "^19.2.4",
+    "update-notifier": "^7.3.1",
     "yaml": "^2.8.2"
   },
   "devDependencies": {
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/exec": "^7.1.0",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.6",
     "@stryker-mutator/core": "^9.6.0",
     "@stryker-mutator/typescript-checker": "^9.6.0",
     "@stryker-mutator/vitest-runner": "^9.6.0",
@@ -33,7 +38,10 @@
     "@types/glob": "^9.0.0",
     "@types/node": "^25.5.0",
     "@types/react": "^19.2.14",
+    "@types/update-notifier": "^6.0.8",
     "@vitest/coverage-v8": "^4.1.0",
+    "conventional-changelog-conventionalcommits": "^9.3.0",
+    "semantic-release": "^25.0.3",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.1.0"