komplian 0.7.1 → 0.7.2

package/README.md

@@ -26,7 +26,7 @@ Opcional: `export POSTMAN_API_KEY=…` solo para la sesión actual (tiene priori
 
 El comando llama a `GET https://api.getpostman.com/me` y **solo continúa** si el email de la cuenta es `@komplian.com`. **Si ya existen** la colección **Komplian API** y los entornos con el mismo nombre en ese workspace, se **actualizan**; si no, se crean.
 
-**Variables de la API Komplian** (`apiKey`, `adminApiKey`, `workspaceId`, …) se rellenan en Postman automáticamente si están en `process.env` o en archivos `.env` (busca `api/.env`, `.env`, etc.; o `KOMPLIAN_DOTENV` / `--dotenv ruta`). Nombres típicos: `API_KEY`, `ADMIN_API_KEY`, `KOMPLIAN_WORKSPACE_ID`. Los JSON exportados en `./komplian-postman/` **no** incluyen secretos (para no commitearlos).
+**Variables de la API Komplian** (`apiKey`, `adminApiKey`, `workspaceId`, …) se rellenan en Postman automáticamente si están en `process.env` o en archivos `.env` (busca `api/.env`, `.env`, etc.; o `KOMPLIAN_DOTENV` / `--dotenv ruta`). Nombres típicos: `API_KEY`, `ADMIN_API_KEY`, `KOMPLIAN_WORKSPACE_ID`. Los JSON exportados en `~/.komplian/postman-export/` (o `--out`) **no** incluyen secretos (para no commitearlos).
 
 - Solo exportar archivos (sin subir por API): `npx komplian postman --yes --export-only`
 - Otro workspace: `POSTMAN_WORKSPACE_ID=<id>`

package/komplian-onboard.mjs

@@ -8,7 +8,7 @@
  *   npx komplian onboard --yes
  */
 
-import { spawnSync } from "node:child_process";
+import { spawnSync, spawn } from "node:child_process";
 import { existsSync, readFileSync, mkdirSync, cpSync, rmSync, readdirSync, statSync } from "node:fs";
 import { dirname, join, resolve, normalize } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -41,8 +41,13 @@ function log(s = "") {
   console.log(s);
 }
 
+/** Branding and repo progress: always visible (even when KOMPLIAN_CLI_QUIET=1). */
+function ux(s = "") {
+  console.log(s);
+}
+
 function banner() {
-  log(
+  ux(
     [
       `${c.cyan}${c.bold}`,
       "██╗  ██╗  ██████╗  ███╗   ███╗ ██████╗  ██╗      ██╗  █████╗  ███╗   ██╗",
@@ -52,12 +57,52 @@ function banner() {
       "██║  ██╗ ╚██████╔╝ ██║ ╚═╝ ██║ ██║      ███████╗ ██║ ██║  ██║ ██║ ╚████║",
       "╚═╝  ╚═╝  ╚═════╝  ╚═╝     ╚═╝ ╚═╝      ╚══════╝ ╚═╝ ╚═╝  ╚═╝ ╚═╝  ╚═══╝",
       `${c.reset}`,
-      `${c.dim}  Secure setup · GitHub CLI · git clone · Zero org OAuth setup${c.reset}`,
+      `${c.dim}  Secure setup · GitHub CLI · git clone${c.reset}`,
       "",
     ].join("\n")
   );
 }
 
+function startRepoSpinner(repoName) {
+  const frames = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
+  const cloud = `${c.blue}☁${c.reset}`;
+  let i = 0;
+  const id = setInterval(() => {
+    const fr = frames[i++ % frames.length];
+    process.stdout.write(
+      `\r  ${cloud}  ${c.cyan}${fr}${c.reset} ${c.bold}${repoName}${c.reset} ${c.dim}…${c.reset}   `
+    );
+  }, 90);
+  return {
+    stop() {
+      clearInterval(id);
+      process.stdout.write("\r\x1b[K");
+    },
+  };
+}
+
+function runSpawn(cmd, args, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn(cmd, args, {
+      ...spawnWin({
+        cwd,
+        stdio: ["ignore", "pipe", "pipe"],
+      }),
+    });
+    let stderr = "";
+    child.stderr?.setEncoding?.("utf8");
+    child.stderr?.on("data", (d) => {
+      stderr += String(d);
+    });
+    child.on("close", (code) => {
+      resolve({ status: code === 0 ? 0 : code ?? 1, stderr });
+    });
+    child.on("error", (err) => {
+      resolve({ status: 1, stderr: String(err?.message || err) });
+    });
+  });
+}
+
 function ghOk() {
   const r = spawnSync(
     "gh",
@@ -71,8 +116,8 @@ function ghOk() {
 }
 
 function runGhAuth() {
-  log(
-    `${c.yellow}→${c.reset} Abre ${c.bold}GitHub${c.reset} en el navegador (OAuth). No vemos tu contraseña.`
+  ux(
+    `${c.yellow}→${c.reset} Opening ${c.bold}GitHub${c.reset} in your browser (OAuth). Your password is not shown here.`
   );
   const r = spawnSync(
     "gh",
@@ -102,32 +147,32 @@ function verifyOrgMembership(org) {
     try {
       const j = JSON.parse(mem.stdout);
       if (j.state === "active") return;
-      log(
-        `${c.red}✗${c.reset} Membresía en ${c.bold}${org}${c.reset} no activa (state: ${j.state || "?"}).`
+      console.error(
+        `${c.red}✗${c.reset} Org ${c.bold}${org}${c.reset} membership not active (state: ${j.state || "?"}).`
       );
       process.exit(1);
     } catch {
-      log(`${c.red}✗${c.reset} Respuesta inválida al verificar la org.`);
+      console.error(`${c.red}✗${c.reset} Invalid response while verifying org membership.`);
       process.exit(1);
     }
   }
   const hint = (mem.stderr + mem.stdout).toLowerCase();
   if (hint.includes("404") || hint.includes("not found")) {
-    log(
-      `${c.red}✗${c.reset} Esta cuenta ${c.bold}no es miembro${c.reset} de la org ${c.bold}${org}${c.reset}.`
+    console.error(
+      `${c.red}✗${c.reset} This account is ${c.bold}not a member${c.reset} of org ${c.bold}${org}${c.reset}.`
     );
-    log(
-      `${c.dim}  ¿Otra cuenta? gh auth logout && gh auth login -h github.com -s repo -s read:org -w${c.reset}`
+    console.error(
+      `${c.dim}  Wrong account? gh auth logout && gh auth login -h github.com -s repo -s read:org -w${c.reset}`
     );
     process.exit(1);
   }
   if (hint.includes("403") || hint.includes("read:org") || hint.includes("scope")) {
-    log(`${c.red}✗${c.reset} Falta scope ${c.bold}read:org${c.reset} en gh.`);
-    log(`${c.dim}  gh auth refresh -h github.com -s repo -s read:org${c.reset}`);
+    console.error(`${c.red}✗${c.reset} GitHub CLI needs ${c.bold}read:org${c.reset} scope.`);
+    console.error(`${c.dim}  gh auth refresh -h github.com -s repo -s read:org${c.reset}`);
     process.exit(1);
   }
-  log(
-    `${c.red}✗${c.reset} No se pudo verificar la org (código ${mem.status}):\n${c.dim}${(mem.stderr || mem.stdout).trim()}${c.reset}`
+  console.error(
+    `${c.red}✗${c.reset} Could not verify org (exit ${mem.status}):\n${c.dim}${(mem.stderr || mem.stdout).trim()}${c.reset}`
   );
   process.exit(1);
 }
@@ -159,10 +204,12 @@ function needCmd(name, hint = "") {
         ? canRun("git", ["--version"])
         : canRun(name, ["--version"]);
   if (!ok) {
-    log(`${c.red}✗${c.reset} No se puede ejecutar ${c.bold}${name}${c.reset} (¿PATH o instalación?).${hint ? ` ${hint}` : ""}`);
+    console.error(
+      `${c.red}✗${c.reset} Cannot run ${c.bold}${name}${c.reset} (PATH or install?).${hint ? ` ${hint}` : ""}`
+    );
     if (IS_WIN) {
-      log(
-        `${c.dim}  Windows: cierra y abre la terminal tras instalar gh/git, o reinicia para refrescar PATH.${c.reset}`
+      console.error(
+        `${c.dim}  Windows: restart the terminal after installing gh/git, or reboot to refresh PATH.${c.reset}`
       );
     }
     process.exit(1);
@@ -180,7 +227,7 @@ function ghRepoList(org) {
     spawnWin({ encoding: "utf8", stdio: ["ignore", "pipe", "pipe"] })
   );
   if (r.status !== 0) {
-    log(`${c.red}✗${c.reset} gh repo list falló:\n${r.stderr || r.stdout}`);
+    console.error(`${c.red}✗${c.reset} gh repo list failed:\n${r.stderr || r.stdout}`);
     process.exit(1);
   }
   const rows = JSON.parse(r.stdout || "[]");
@@ -209,8 +256,8 @@ function resolveRepos(cfg, org, teamArg, allRepos) {
 
   const teams = cfg.teams || {};
   if (!teams[team]) {
-    log(
-      `${c.red}✗${c.reset} Equipo desconocido ${c.bold}${team}${c.reset}. Válidos: ${Object.keys(teams).sort().join(", ")}`
+    console.error(
+      `${c.red}✗${c.reset} Unknown team ${c.bold}${team}${c.reset}. Valid: ${Object.keys(teams).sort().join(", ")}`
     );
     process.exit(2);
   }
@@ -236,47 +283,50 @@ function isSafeTargetDir(abs) {
 function cloudLine(org, name, status) {
   const cloud = `${c.blue}☁${c.reset}`;
   if (status === "ok") {
-    return `  ${cloud}  ${c.green}✓${c.reset} ${c.bold}${org}/${name}${c.reset} ${c.dim}clonado${c.reset}`;
+    return `  ${cloud}  ${c.green}✓${c.reset} ${c.bold}${org}/${name}${c.reset} ${c.dim}cloned${c.reset}`;
   }
   if (status === "skip") {
-    return `  ${cloud}  ${c.yellow}○${c.reset} ${org}/${name} ${c.dim}(ya existe)${c.reset}`;
+    return `  ${cloud}  ${c.yellow}○${c.reset} ${org}/${name} ${c.dim}(already present)${c.reset}`;
   }
   if (status === "fail") {
-    return `  ${cloud}  ${c.red}✗${c.reset} ${org}/${name} ${c.dim}falló${c.reset}`;
+    return `  ${cloud}  ${c.red}✗${c.reset} ${org}/${name} ${c.dim}failed${c.reset}`;
   }
-  return `  ${cloud}  ${c.cyan}…${c.reset} ${org}/${name} ${c.dim}clonando…${c.reset}`;
+  return `  ${cloud}  ${c.cyan}…${c.reset} ${org}/${name} ${c.dim}cloning…${c.reset}`;
 }
 
-function cloneOne(org, name, workspace, useSsh) {
+async function cloneOneAsync(org, name, workspace, useSsh) {
   const q = process.env.KOMPLIAN_CLI_QUIET === "1";
   const gitDir = join(workspace, name, ".git");
   if (existsSync(gitDir)) {
-    if (q) console.log(`${c.yellow}○${c.reset} ${name}`);
-    else log(cloudLine(org, name, "skip"));
+    ux(cloudLine(org, name, "skip"));
     return true;
   }
-  if (!q) process.stdout.write(`\r${cloudLine(org, name, "pending")}`);
+
   const args = useSsh
     ? ["clone", `git@github.com:${org}/${name}.git`, name]
     : ["repo", "clone", `${org}/${name}`, name];
   const cmd = useSsh ? "git" : "gh";
-  const r = spawnSync(cmd, args, {
-    ...spawnWin({
-      cwd: workspace,
-      encoding: "utf8",
-      stdio: ["ignore", "pipe", "pipe"],
-    }),
-  });
-  if (!q) process.stdout.write("\r\x1b[K");
+
+  const tty = process.stdout.isTTY;
+  const spin = tty ? startRepoSpinner(name) : null;
+  if (!tty) {
+    ux(
+      `${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}cloning…${c.reset}`
+    );
+  }
+
+  const r = await runSpawn(cmd, args, workspace);
+  if (spin) spin.stop();
+
   if (r.status === 0) {
-    if (q) console.log(`${c.green}✓${c.reset} ${name}`);
-    else log(cloudLine(org, name, "ok"));
+    ux(cloudLine(org, name, "ok"));
     return true;
   }
-  if (q) console.error(`${c.red}✗${c.reset} ${name}`);
-  else {
-    log(cloudLine(org, name, "fail"));
-    if (r.stderr) log(`${c.dim}${r.stderr.trim()}${c.reset}`);
+  ux(cloudLine(org, name, "fail"));
+  const err = (r.stderr || "").trim();
+  if (err) {
+    if (q) console.error(`${c.dim}${err.slice(0, 500)}${c.reset}`);
+    else log(`${c.dim}${err}${c.reset}`);
   }
   return false;
 }
@@ -286,7 +336,7 @@ function copyCursorPack(workspace, cursorRepoUrl) {
   if (cursorRepoUrl && String(cursorRepoUrl).trim()) {
     const tmp = join(workspace, ".cursor-bootstrap-tmp");
     rmSync(tmp, { recursive: true, force: true });
-    log(`${c.dim}→${c.reset} Cursor pack (clone superficial)…`);
+    ux(`${c.dim}→${c.reset} Cursor rules pack…`);
     const r = spawnSync(
       "git",
       ["clone", "--depth", "1", String(cursorRepoUrl).trim(), tmp],
@@ -300,15 +350,18 @@ function copyCursorPack(workspace, cursorRepoUrl) {
       rmSync(rootCursor, { recursive: true, force: true });
       cpSync(join(tmp, ".cursor"), rootCursor, { recursive: true });
       rmSync(tmp, { recursive: true, force: true });
-      log(`${c.green}✓${c.reset} ${c.bold}.cursor${c.reset} ${c.dim}← KOMPLIAN_CURSOR_REPO${c.reset}`);
+      ux(`${c.green}✓${c.reset} ${c.bold}.cursor${c.reset} ${c.dim}(KOMPLIAN_CURSOR_REPO)${c.reset}`);
       return;
     }
     rmSync(tmp, { recursive: true, force: true });
-    log(`${c.yellow}○${c.reset} KOMPLIAN_CURSOR_REPO: falló el clone o no hay .cursor/ en la raíz`);
+    ux(
+      `${c.yellow}○${c.reset} KOMPLIAN_CURSOR_REPO: clone failed or no .cursor/ at repo root`
+    );
+  } else if (!process.env.KOMPLIAN_CLI_QUIET) {
+    log(
+      `${c.dim}○ No .cursor/ (optional: KOMPLIAN_CURSOR_REPO=<git url>).${c.reset}`
+    );
   }
-  log(
-    `${c.dim}○ Sin .cursor/ en el workspace (opcional: KOMPLIAN_CURSOR_REPO=<url git>).${c.reset}`
-  );
 }
 
 /** Sin esto, `npm install` crea o retoca package-lock.json y git muestra cambios sin querer. */
@@ -322,8 +375,8 @@ function npmInstallOneRepo(dir, name) {
   const pkg = join(dir, "package.json");
   if (!existsSync(pkg)) return { ok: true, skipped: true };
 
-  const stdio =
-    process.env.KOMPLIAN_CLI_QUIET === "1" ? "ignore" : "inherit";
+  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
+  const stdio = q ? "ignore" : "inherit";
 
   const yarnLock = join(dir, "yarn.lock");
   const pnpmLock = join(dir, "pnpm-lock.yaml");
@@ -332,11 +385,17 @@ function npmInstallOneRepo(dir, name) {
   if (existsSync(yarnLock)) {
     if (!canRun("yarn", ["--version"])) {
       log(
-        `${c.yellow}○${c.reset} ${name} ${c.dim}(yarn.lock; instala yarn o ejecuta yarn install a mano)${c.reset}`
+        `${c.yellow}○${c.reset} ${name} ${c.dim}(yarn.lock; install yarn or run yarn install manually)${c.reset}`
       );
       return { ok: true, skipped: true };
     }
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(yarn)${c.reset}`);
+    if (q) {
+      ux(
+        `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}yarn install…${c.reset}`
+      );
+    } else {
+      log(`${c.dim}→${c.reset} ${name} ${c.dim}(yarn)${c.reset}`);
+    }
     const r = spawnSync(
       "yarn",
       ["install", "--frozen-lockfile"],
@@ -348,11 +407,17 @@ function npmInstallOneRepo(dir, name) {
   if (existsSync(pnpmLock)) {
     if (!canRun("pnpm", ["--version"])) {
       log(
-        `${c.yellow}○${c.reset} ${name} ${c.dim}(pnpm-lock; instala pnpm o pnpm install a mano)${c.reset}`
+        `${c.yellow}○${c.reset} ${name} ${c.dim}(pnpm-lock; install pnpm or run pnpm install manually)${c.reset}`
       );
       return { ok: true, skipped: true };
     }
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(pnpm)${c.reset}`);
+    if (q) {
+      ux(
+        `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}pnpm install…${c.reset}`
+      );
+    } else {
+      log(`${c.dim}→${c.reset} ${name} ${c.dim}(pnpm)${c.reset}`);
+    }
     const r = spawnSync(
       "pnpm",
       ["install", "--frozen-lockfile"],
@@ -362,23 +427,35 @@ function npmInstallOneRepo(dir, name) {
   }
 
   if (!canRun("npm", ["--version"])) {
-    log(`${c.yellow}○${c.reset} npm no está en PATH — omito ${name}`);
+    log(`${c.yellow}○${c.reset} npm not in PATH — skipping ${name}`);
     return { ok: true, skipped: true };
   }
 
   const quiet = npmQuietFlags();
 
   if (existsSync(npmLock)) {
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm ci — lock sin cambios)${c.reset}`);
+    if (q) {
+      ux(
+        `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}npm ci…${c.reset}`
+      );
+    } else {
+      log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm ci)${c.reset}`);
+    }
     const r = spawnSync("npm", ["ci", ...quiet], spawnWin({ cwd: dir, stdio }));
     if (r.status === 0) return { ok: true, skipped: false };
     log(
-      `${c.yellow}○${c.reset} ${name}: npm ci falló (¿lock desincronizado?). ${c.dim}Revisa con npm install en ese repo.${c.reset}`
+      `${c.yellow}○${c.reset} ${name}: npm ci failed (lock out of sync?). ${c.dim}Try npm install in that repo.${c.reset}`
     );
     return { ok: false, skipped: false };
   }
 
-  log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm install — sin crear package-lock)${c.reset}`);
+  if (q) {
+    ux(
+      `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}npm install…${c.reset}`
+    );
+  } else {
+    log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm install — no new lockfile)${c.reset}`);
+  }
   const r = spawnSync(
     "npm",
     ["install", ...quiet, "--no-package-lock"],
@@ -392,6 +469,9 @@ function npmInstallEach(workspace) {
   if (!q) {
     log("");
     log(`${c.cyan}━━ dependencies ━━${c.reset}`);
+  } else {
+    ux("");
+    ux(`${c.cyan}Dependencies${c.reset}`);
   }
   for (const ent of readdirSync(workspace)) {
     const d = join(workspace, ent);
@@ -399,7 +479,12 @@ function npmInstallEach(workspace) {
     const { ok, skipped } = npmInstallOneRepo(d, ent);
     if (skipped) continue;
     if (q) {
-      console.log(`${ok ? c.green + "✓" + c.reset : c.yellow + "○" + c.reset} ${ent}`);
+      const cloud = `${c.blue}☁${c.reset}`;
+      if (ok) {
+        ux(`  ${cloud}  ${c.green}✓${c.reset} ${c.bold}${ent}${c.reset} ${c.dim}deps${c.reset}`);
+      } else {
+        ux(`  ${cloud}  ${c.yellow}○${c.reset} ${c.bold}${ent}${c.reset} ${c.dim}deps${c.reset}`);
+      }
     } else if (ok) {
       log(`${c.green}✓${c.reset} ${ent}`);
     } else {
@@ -409,30 +494,34 @@ function npmInstallEach(workspace) {
 }
 
 function usage() {
-  log(`Uso: komplian setup | onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
-  log(`  ${c.bold}Todo en uno:${c.reset} ${c.cyan}npx komplian setup${c.reset} ${c.dim}(onboard+postman+mcp+db+localhost; formulario en navegador si hace falta)${c.reset}`);
-  log(`  ${c.bold}Setup por pasos:${c.reset}`);
-  log(`  1. npx komplian onboard --yes`);
-  log(`  2. npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
-  log(`  3. npx komplian mcp-tools --yes`);
-  log(`  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 URLs dev → ~/.komplian + .env.local)${c.reset}`);
-  log(`  5. npx komplian localhost --yes`);
-  log(``);
-  log(`  npx komplian db:app:development  ${c.dim}(psql una DB)${c.reset}`);
-  log(``);
-  log(`  Antes (una vez): gh auth login -h github.com -s repo -s read:org -w`);
-  log(`  Requisitos: Node 18+, git, GitHub CLI (gh)`);
-  log(``);
-  log(`  onboard implica --install salvo --no-install`);
-  log(`  [carpeta]          Destino (por defecto: directorio actual, no ~/komplian)`);
-  log(`  -y, --yes          Sin menú interactivo (equipo por defecto del JSON)`);
-  log(`  -t, --team <slug>  Equipo en komplian-team-repos.json`);
-  log(`  -i, --install      npm install en cada repo con package.json`);
-  log(`  --no-install       No ejecutar npm install`);
-  log(`  --all-repos        Todos los repos visibles (menos exclude_from_all)`);
-  log(`  --ssh              Clonar con git@github.com:…`);
-  log(`  --list-teams       Lista slugs de equipo (solo JSON) y sale`);
-  log(`  -h, --help`);
+  console.log(`Usage: komplian setup | onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
+  console.log(
+    `  ${c.bold}All-in-one:${c.reset} ${c.cyan}npx komplian setup${c.reset} ${c.dim}(onboard+postman+mcp+db+localhost; browser form if needed)${c.reset}`
+  );
+  console.log(`  ${c.bold}Step by step:${c.reset}`);
+  console.log(`  1. npx komplian onboard --yes`);
+  console.log(`  2. npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
+  console.log(`  3. npx komplian mcp-tools --yes`);
+  console.log(
+    `  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 dev URLs → ~/.komplian + .env.local)${c.reset}`
+  );
+  console.log(`  5. npx komplian localhost --yes`);
+  console.log(``);
+  console.log(`  npx komplian db:app:development  ${c.dim}(psql one DB)${c.reset}`);
+  console.log(``);
+  console.log(`  Once: gh auth login -h github.com -s repo -s read:org -w`);
+  console.log(`  Requires: Node 18+, git, GitHub CLI (gh)`);
+  console.log(``);
+  console.log(`  onboard implies --install unless --no-install`);
+  console.log(`  [folder]           Target (default: cwd, not ~/komplian)`);
+  console.log(`  -y, --yes          Non-interactive (default team from JSON)`);
+  console.log(`  -t, --team <slug>  Team in komplian-team-repos.json`);
+  console.log(`  -i, --install      npm install in each repo with package.json`);
+  console.log(`  --no-install       Skip npm install`);
+  console.log(`  --all-repos        All visible repos (minus exclude_from_all)`);
+  console.log(`  --ssh              Clone with git@github.com:…`);
+  console.log(`  --list-teams       Print team slugs (JSON only) and exit`);
+  console.log(`  -h, --help`);
 }
 
 function parseArgs(argv) {
@@ -459,8 +548,8 @@ function parseArgs(argv) {
     else if (a === "-h" || a === "--help") out.help = true;
     else if (a === "-t" || a === "--team") {
       out.team = argv[++i] || "";
-    } else if (a.startsWith("-")) {
-      log(`${c.red}✗${c.reset} Opción desconocida: ${a}`);
+    }     else if (a.startsWith("-")) {
+      console.error(`${c.red}✗${c.reset} Unknown option: ${a}`);
       usage();
       process.exit(1);
     } else rest.push(a);
@@ -560,20 +649,22 @@ async function main() {
   }
 
   if (!existsSync(configPath)) {
-    log(`${c.red}✗${c.reset} Falta la config: ${configPath}`);
+    console.error(`${c.red}✗${c.reset} Missing config: ${configPath}`);
     process.exit(1);
   }
 
   const cfg = loadConfig(configPath);
 
   if (args.listTeams) {
-    log(Object.keys(cfg.teams || {}).sort().join("\n"));
+    console.log(Object.keys(cfg.teams || {}).sort().join("\n"));
     return;
   }
 
   const nodeMajor = Number(process.versions.node.split(".")[0], 10);
   if (nodeMajor < 18) {
-    log(`${c.red}✗${c.reset} Hace falta Node 18+. Tienes ${process.versions.node}.`);
+    console.error(
+      `${c.red}✗${c.reset} Node 18+ required. You have ${process.versions.node}.`
+    );
     process.exit(1);
   }
 
@@ -593,18 +684,16 @@ async function main() {
       process.exit(1);
     }
   }
-  if (!process.env.KOMPLIAN_CLI_QUIET) {
-    log(`${c.green}✓${c.reset} GitHub CLI OK`);
-  }
+
+  banner();
+  ux(`${c.green}✓${c.reset} GitHub CLI`);
 
   const org = process.env.KOMPLIAN_ORG || cfg.org || "Komplian";
   verifyOrgMembership(org);
-  logGhIdentity();
-  log(
-    `${c.green}✓${c.reset} Org ${c.bold}${org}${c.reset}: ${c.dim}membresía activa${c.reset}`
-  );
-
-  banner();
+  if (!process.env.KOMPLIAN_CLI_QUIET) {
+    logGhIdentity();
+  }
+  ux(`${c.green}✓${c.reset} Org ${c.bold}${org}${c.reset}`);
 
   let team = args.team;
   if (!team && !args.yes && !args.allRepos) {
@@ -613,7 +702,9 @@ async function main() {
 
   const repos = resolveRepos(cfg, org, team, args.allRepos);
   if (repos.length === 0) {
-    log(`${c.red}✗${c.reset} No hay repos que clonar (permisos / equipo / org).`);
+    console.error(
+      `${c.red}✗${c.reset} No repositories to clone (permissions / team / org).`
+    );
     process.exit(1);
   }
 
@@ -623,21 +714,28 @@ async function main() {
   }
   const abs = resolve(workspace.replace(/^~(?=$|[/\\])/, homedir()));
   if (!isSafeTargetDir(abs)) {
-    log(`${c.red}✗${c.reset} Carpeta destino no segura: ${abs}`);
+    console.error(`${c.red}✗${c.reset} Unsafe destination folder: ${abs}`);
     process.exit(1);
   }
 
   mkdirSync(abs, { recursive: true });
-  log("");
-  log(`${c.cyan}━━ Workspace ━━${c.reset} ${c.bold}${abs}${c.reset}`);
-  log(`${c.cyan}━━ Org ━━${c.reset} ${c.bold}${org}${c.reset}`);
-  if (team) log(`${c.cyan}━━ Equipo ━━${c.reset} ${c.bold}${team}${c.reset}`);
-  log(`${c.cyan}━━ Repos (${repos.length}) ━━${c.reset}`);
-  log("");
+  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
+  ux("");
+  if (!q) {
+    log(`${c.cyan}━━ Workspace ━━${c.reset} ${c.bold}${abs}${c.reset}`);
+    log(`${c.cyan}━━ Org ━━${c.reset} ${c.bold}${org}${c.reset}`);
+    if (team) log(`${c.cyan}━━ Team ━━${c.reset} ${c.bold}${team}${c.reset}`);
+    log(`${c.cyan}━━ Repos (${repos.length}) ━━${c.reset}`);
+  } else {
+    ux(`${c.dim}Workspace:${c.reset} ${abs}`);
+    if (team) ux(`${c.dim}Team:${c.reset} ${team}`);
+    ux(`${c.cyan}Repositories${c.reset} ${c.dim}(${repos.length})${c.reset}`);
+  }
+  ux("");
 
   let failed = 0;
   for (const name of repos) {
-    const ok = cloneOne(org, name, abs, args.ssh);
+    const ok = await cloneOneAsync(org, name, abs, args.ssh);
     if (!ok) failed += 1;
   }
 
@@ -647,16 +745,22 @@ async function main() {
     npmInstallEach(abs);
   }
 
-  log("");
-  log(`${c.cyan}━━ Listo ━━${c.reset}`);
+  ux("");
+  ux(`${c.cyan}━━ Done ━━${c.reset}`);
   if (failed > 0) {
-    log(`${c.yellow}○${c.reset} ${failed} repo(s) fallaron — revisa acceso y reintenta.`);
+    ux(
+      `${c.yellow}○${c.reset} ${failed} repo(s) failed — check access and retry.`
+    );
+  }
+  ux(`${c.green}✓${c.reset} Open in Cursor: ${c.bold}File → Open Folder → ${abs}${c.reset}`);
+  if (!q) {
+    log(
+      `${c.dim}  package-lock: npm ci. No lock: npm install --no-package-lock. yarn/pnpm: frozen lockfile. KOMPLIAN_NPM_AUDIT=1 enables npm audit.${c.reset}`
+    );
+    log(
+      `${c.dim}  Copy .env.example → .env per project; secrets in 1Password — never commit.${c.reset}`
+    );
   }
-  log(`${c.green}✓${c.reset} Cursor: ${c.bold}File → Open Folder → ${abs}${c.reset}`);
-  log(
-    `${c.dim}  Con package-lock.json: npm ci (no retoca el lock). Sin lock: npm install --no-package-lock. yarn/pnpm: lock congelado. KOMPLIAN_NPM_AUDIT=1 activa auditoría en npm.${c.reset}`
-  );
-  log(`${c.dim}  .env.example → .env por proyecto; secretos en 1Password — nunca commit.${c.reset}`);
 }
 
 main().catch((e) => {

package/komplian-postman.mjs

@@ -46,6 +46,11 @@ function formatHomePath(absPath) {
   return absPath;
 }
 
+/** JSON exports never go into the monorepo root (avoids accidental commits). */
+function defaultPostmanExportDir() {
+  return join(homedir(), ".komplian", "postman-export");
+}
+
 function maskEmail(email) {
   if (!email || typeof email !== "string" || !email.includes("@")) {
     return "[sin email]";
@@ -855,7 +860,7 @@ function usage() {
   log(``);
   log(`  -y, --yes           Sin prompts extra (si falta API key y hay TTY, pide la clave una vez y guarda)`);
   log(`  --export-only       Solo escribe JSON en disco (no llama a la API de Postman)`);
-  log(`  --out <dir>         Carpeta para export (por defecto: ./komplian-postman)`);
+  log(`  --out <dir>         Export folder (default: ~/.komplian/postman-export)`);
   log(`  --dotenv <ruta>     .env extra (además de api/.env, .env, KOMPLIAN_DOTENV)`);
   log(`  -h, --help`);
   log(``);
@@ -965,23 +970,29 @@ export async function runPostman(argv) {
     apiKey,
     process.env.POSTMAN_WORKSPACE_ID
   );
-  log(
-    `${c.green}✓${c.reset} Workspace Postman: ${c.bold}${workspaceId}${c.reset}`
-  );
+  if (!process.env.KOMPLIAN_CLI_QUIET) {
+    log(`${c.green}✓${c.reset} Postman workspace: ${c.bold}${workspaceId}${c.reset}`);
+  }
 
-  const outBase = args.outDir
-    ? resolve(args.outDir)
-    : resolve(process.cwd(), "komplian-postman");
+  ensureSecureKomplianDir();
+  const outBase = args.outDir ? resolve(args.outDir) : defaultPostmanExportDir();
   mkdirSync(outBase, { recursive: true });
 
   const collPath = join(outBase, "Komplian-API.postman_collection.json");
   writeFileSync(collPath, JSON.stringify(collection, null, 2), "utf8");
-  log(`${c.green}✓${c.reset} Export: ${c.dim}${collPath}${c.reset}`);
+  const quiet = process.env.KOMPLIAN_CLI_QUIET === "1";
+  if (!quiet) {
+    log(`${c.green}✓${c.reset} Export: ${c.dim}${collPath}${c.reset}`);
+  }
 
   for (const env of envsForExport) {
     const safe = env.name.replace(/[\\/]/g, "-") + ".postman_environment.json";
     writeFileSync(join(outBase, safe), JSON.stringify({ ...env }, null, 2), "utf8");
-    log(`${c.green}✓${c.reset} Export: ${c.dim}${join(outBase, safe)}${c.reset} ${c.dim}(sin secretos; no commitear)${c.reset}`);
+    if (!quiet) {
+      log(
+        `${c.green}✓${c.reset} Export: ${c.dim}${join(outBase, safe)}${c.reset} ${c.dim}(no secrets)${c.reset}`
+      );
+    }
   }
 
   if (args.exportOnly) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "komplian",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "description": "Komplian CLI: setup (all-in-one), onboard, Postman, localhost, mcp-tools, db (psql). Node 18+.",
   "type": "module",
   "engines": {