komplian 0.7.1 → 0.7.3

package/README.md

@@ -26,7 +26,7 @@ Opcional: `export POSTMAN_API_KEY=…` solo para la sesión actual (tiene priori
 
 El comando llama a `GET https://api.getpostman.com/me` y **solo continúa** si el email de la cuenta es `@komplian.com`. **Si ya existen** la colección **Komplian API** y los entornos con el mismo nombre en ese workspace, se **actualizan**; si no, se crean.
 
-**Variables de la API Komplian** (`apiKey`, `adminApiKey`, `workspaceId`, …) se rellenan en Postman automáticamente si están en `process.env` o en archivos `.env` (busca `api/.env`, `.env`, etc.; o `KOMPLIAN_DOTENV` / `--dotenv ruta`). Nombres típicos: `API_KEY`, `ADMIN_API_KEY`, `KOMPLIAN_WORKSPACE_ID`. Los JSON exportados en `./komplian-postman/` **no** incluyen secretos (para no commitearlos).
+**Variables de la API Komplian** (`apiKey`, `adminApiKey`, `workspaceId`, …) se rellenan en Postman automáticamente si están en `process.env` o en archivos `.env` (busca `api/.env`, `.env`, etc.; o `KOMPLIAN_DOTENV` / `--dotenv ruta`). Nombres típicos: `API_KEY`, `ADMIN_API_KEY`, `KOMPLIAN_WORKSPACE_ID`. Los JSON exportados en `~/.komplian/postman-export/` (o `--out`) **no** incluyen secretos (para no commitearlos).
 
 - Solo exportar archivos (sin subir por API): `npx komplian postman --yes --export-only`
 - Otro workspace: `POSTMAN_WORKSPACE_ID=<id>`

package/komplian-localhost.mjs

@@ -519,12 +519,15 @@ export async function runLocalhost(argv) {
   if (!cliQuiet()) {
     log(`${c.cyan}━━ .env.local ━━${c.reset}`);
   }
-  for (const w of written) {
-    const st = w.skipped ? `${c.dim}skip${c.reset}` : `${c.green}ok${c.reset}`;
-    const name = w.label || "?";
-    if (cliQuiet()) {
-      logAlways(`  ${st} ${name}`);
-    } else {
+  if (cliQuiet()) {
+    const labels = written.map((w) => w.label || "?").join(`${c.dim}·${c.reset} `);
+    logAlways(
+      `  ${c.green}✓${c.reset} ${c.dim}.env.local${c.reset}  ${labels}`
+    );
+  } else {
+    for (const w of written) {
+      const st = w.skipped ? `${c.dim}skip${c.reset}` : `${c.green}ok${c.reset}`;
+      const name = w.label || "?";
       log(`  ${st} ${name}`);
     }
   }
@@ -565,7 +568,7 @@ export async function runLocalhost(argv) {
   });
 
   if (cliQuiet()) {
-    logAlways(`${c.cyan}━━ dev servers ━━${c.reset}`);
+    logAlways(`${c.dim}dev servers · Ctrl+C stop${c.reset}`);
   } else {
     log(`${c.cyan}━━ dev servers (${services.length}) ━━${c.reset} ${c.dim}Ctrl+C stop${c.reset}`);
     log("");
@@ -573,9 +576,13 @@ export async function runLocalhost(argv) {
 
   const npx = process.platform === "win32" ? "npx.cmd" : "npx";
   const useShell = process.platform === "win32";
+  /** --raw avoids concurrently prefix logger bugs (e.g. prev.replace on Windows / npx). */
+  const concArgs = cliQuiet()
+    ? ["--yes", "concurrently@9", "--raw", ...scripts]
+    : ["--yes", "concurrently@9", "-c", colors, "-n", names, ...scripts];
   const child = spawn(
     npx,
-    ["--yes", "concurrently@9", "-c", colors, "-n", names, ...scripts],
+    concArgs,
     {
       cwd: workspaceRoot,
       stdio: "inherit",

package/komplian-mcp-tools.mjs

@@ -65,6 +65,15 @@ const KOMPLIAN_MCP_PRESET = {
       args: ["-y", "chrome-devtools-mcp@latest"],
       env: {},
     },
+    /** Remote MCP — OAuth in Cursor (“Needs login”). */
+    "KOMPLIAN-vercel": {
+      url: "https://mcp.vercel.com",
+    },
+    /** Remote MCP — OAuth via mcp-remote (Neon docs). */
+    "KOMPLIAN-neon": {
+      command: "npx",
+      args: ["-y", "mcp-remote", "https://mcp.neon.tech/mcp"],
+    },
   },
 };
 
@@ -83,10 +92,12 @@ Enable each row in **Cursor → Settings → MCP**. Fill \`env\` per the table.
 | **KOMPLIAN-sentry** | \`@sentry/mcp-server\` | Sentry | First time: browser login. **Komplian:** org \`komplian\`, \`regionUrl\` \`https://de.sentry.io\`, projects \`komplian-api\` / \`komplian-app\`. |
 | **KOMPLIAN-stripe** | \`@stripe/mcp\` | Stripe API | \`STRIPE_SECRET_KEY\` (restricted / test in dev). [Stripe MCP docs](https://docs.stripe.com/mcp). |
 | **KOMPLIAN-chrome-devtools** | \`chrome-devtools-mcp\` | Chrome (network, console, screenshots) | Needs **Node 20.19+** and stable Chrome. [Chrome DevTools MCP](https://developer.chrome.com/blog/chrome-devtools-mcp). |
+| **KOMPLIAN-vercel** | \`url\` → \`https://mcp.vercel.com\` | Vercel projects & deploys | **OAuth** in Cursor (see [Vercel MCP](https://mcp.vercel.com/)). No token in JSON. |
+| **KOMPLIAN-neon** | \`npx -y mcp-remote https://mcp.neon.tech/mcp\` | Neon Postgres / API | **OAuth** when the client starts (see [Neon MCP](https://neon.tech/docs/ai/neon-mcp-server)). Alt: local \`@neondatabase/mcp-server-neon\` + API key. |
 
 ## 2. Optional: Cursor native connectors
 
-For Cursor OAuth/UI connectors: **Settings → MCP** → **Atlassian**, **Sentry**, **Stripe**, **Chrome DevTools**. They can coexist with **KOMPLIAN-*** entries; avoid duplicating the same capability twice.
+For Cursor OAuth/UI connectors: **Settings → MCP** → **Atlassian**, **Sentry**, **Stripe**, **Chrome DevTools**, **Vercel**, **Neon**. They can coexist with **KOMPLIAN-*** entries; avoid duplicating the same capability twice.
 
 ## 3. Restart
 

package/komplian-onboard.mjs

@@ -8,7 +8,7 @@
  *   npx komplian onboard --yes
  */
 
-import { spawnSync } from "node:child_process";
+import { spawnSync, spawn } from "node:child_process";
 import { existsSync, readFileSync, mkdirSync, cpSync, rmSync, readdirSync, statSync } from "node:fs";
 import { dirname, join, resolve, normalize } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -41,21 +41,73 @@ function log(s = "") {
   console.log(s);
 }
 
+/** Branding and repo progress: always visible (even when KOMPLIAN_CLI_QUIET=1). */
+function ux(s = "") {
+  console.log(s);
+}
+
+/** Block-letter logo + box frame (OpenClaw-style table). */
 function banner() {
-  log(
-    [
-      `${c.cyan}${c.bold}`,
-      "██╗  ██╗  ██████╗  ███╗   ███╗ ██████╗  ██╗      ██╗  █████╗  ███╗   ██╗",
-      "██║ ██╔╝ ██╔═══██╗ ████╗ ████║ ██╔══██╗ ██║      ██║ ██╔══██╗ ████╗  ██║",
-      "█████╔╝  ██║   ██║ ██╔████╔██║ ██████╔╝ ██║      ██║ ███████║ ██╔██╗ ██║",
-      "██╔═██╗  ██║   ██║ ██║╚██╔╝██║ ██╔═══╝  ██║      ██║ ██╔══██║ ██║╚██╗██║",
-      "██║  ██╗ ╚██████╔╝ ██║ ╚═╝ ██║ ██║      ███████╗ ██║ ██║  ██║ ██║ ╚████║",
-      "╚═╝  ╚═╝  ╚═════╝  ╚═╝     ╚═╝ ╚═╝      ╚══════╝ ╚═╝ ╚═╝  ╚═╝ ╚═╝  ╚═══╝",
-      `${c.reset}`,
-      `${c.dim}  Secure setup · GitHub CLI · git clone · Zero org OAuth setup${c.reset}`,
-      "",
-    ].join("\n")
-  );
+  const art = [
+    "██╗  ██╗  ██████╗  ███╗   ███╗ ██████╗  ██╗      ██╗  █████╗  ███╗   ██╗",
+    "██║ ██╔╝ ██╔═══██╗ ████╗ ████║ ██╔══██╗ ██║      ██║ ██╔══██╗ ████╗  ██║",
+    "█████╔╝  ██║   ██║ ██╔████╔██║ ██████╔╝ ██║      ██║ ███████║ ██╔██╗ ██║",
+    "██╔═██╗  ██║   ██║ ██║╚██╔╝██║ ██╔═══╝  ██║      ██║ ██╔══██║ ██║╚██╗██║",
+    "██║  ██╗ ╚██████╔╝ ██║ ╚═╝ ██║ ██║      ███████╗ ██║ ██║  ██║ ██║ ╚████║",
+    "╚═╝  ╚═╝  ╚═════╝  ╚═╝     ╚═╝ ╚═╝      ╚══════╝ ╚═╝ ╚═╝  ╚═╝ ╚═╝  ╚═══╝",
+  ];
+  const w = Math.max(...art.map((line) => [...line].length));
+  const pad = (line) => line + " ".repeat(w - [...line].length);
+  const horiz = "─".repeat(w + 2);
+  const b = `${c.cyan}${c.bold}`;
+  const x = c.reset;
+  ux(`${b}┌${horiz}┐${x}`);
+  for (const line of art) {
+    ux(`${b}│ ${pad(line)} │${x}`);
+  }
+  ux(`${b}└${horiz}┘${x}`);
+  ux(`${c.dim}  Secure setup · GitHub CLI · Monorepo${c.reset}`);
+  ux("");
+}
+
+function startBatchSpinner(message) {
+  const frames = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
+  const cloud = `${c.blue}☁${c.reset}`;
+  let i = 0;
+  const id = setInterval(() => {
+    const fr = frames[i++ % frames.length];
+    process.stdout.write(
+      `\r  ${cloud} ${c.cyan}${fr}${c.reset} ${c.dim}${message}${c.reset}  `
+    );
+  }, 90);
+  return {
+    stop() {
+      clearInterval(id);
+      process.stdout.write("\r\x1b[K");
+    },
+  };
+}
+
+function runSpawn(cmd, args, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn(cmd, args, {
+      ...spawnWin({
+        cwd,
+        stdio: ["ignore", "pipe", "pipe"],
+      }),
+    });
+    let stderr = "";
+    child.stderr?.setEncoding?.("utf8");
+    child.stderr?.on("data", (d) => {
+      stderr += String(d);
+    });
+    child.on("close", (code) => {
+      resolve({ status: code === 0 ? 0 : code ?? 1, stderr });
+    });
+    child.on("error", (err) => {
+      resolve({ status: 1, stderr: String(err?.message || err) });
+    });
+  });
 }
 
 function ghOk() {
@@ -71,8 +123,8 @@ function ghOk() {
 }
 
 function runGhAuth() {
-  log(
-    `${c.yellow}→${c.reset} Abre ${c.bold}GitHub${c.reset} en el navegador (OAuth). No vemos tu contraseña.`
+  ux(
+    `${c.yellow}→${c.reset} Opening ${c.bold}GitHub${c.reset} in your browser (OAuth). Your password is not shown here.`
   );
   const r = spawnSync(
     "gh",
@@ -102,32 +154,32 @@ function verifyOrgMembership(org) {
     try {
       const j = JSON.parse(mem.stdout);
       if (j.state === "active") return;
-      log(
-        `${c.red}✗${c.reset} Membresía en ${c.bold}${org}${c.reset} no activa (state: ${j.state || "?"}).`
+      console.error(
+        `${c.red}✗${c.reset} Org ${c.bold}${org}${c.reset} membership not active (state: ${j.state || "?"}).`
       );
       process.exit(1);
     } catch {
-      log(`${c.red}✗${c.reset} Respuesta inválida al verificar la org.`);
+      console.error(`${c.red}✗${c.reset} Invalid response while verifying org membership.`);
       process.exit(1);
     }
   }
   const hint = (mem.stderr + mem.stdout).toLowerCase();
   if (hint.includes("404") || hint.includes("not found")) {
-    log(
-      `${c.red}✗${c.reset} Esta cuenta ${c.bold}no es miembro${c.reset} de la org ${c.bold}${org}${c.reset}.`
+    console.error(
+      `${c.red}✗${c.reset} This account is ${c.bold}not a member${c.reset} of org ${c.bold}${org}${c.reset}.`
     );
-    log(
-      `${c.dim}  ¿Otra cuenta? gh auth logout && gh auth login -h github.com -s repo -s read:org -w${c.reset}`
+    console.error(
+      `${c.dim}  Wrong account? gh auth logout && gh auth login -h github.com -s repo -s read:org -w${c.reset}`
     );
     process.exit(1);
   }
   if (hint.includes("403") || hint.includes("read:org") || hint.includes("scope")) {
-    log(`${c.red}✗${c.reset} Falta scope ${c.bold}read:org${c.reset} en gh.`);
-    log(`${c.dim}  gh auth refresh -h github.com -s repo -s read:org${c.reset}`);
+    console.error(`${c.red}✗${c.reset} GitHub CLI needs ${c.bold}read:org${c.reset} scope.`);
+    console.error(`${c.dim}  gh auth refresh -h github.com -s repo -s read:org${c.reset}`);
     process.exit(1);
   }
-  log(
-    `${c.red}✗${c.reset} No se pudo verificar la org (código ${mem.status}):\n${c.dim}${(mem.stderr || mem.stdout).trim()}${c.reset}`
+  console.error(
+    `${c.red}✗${c.reset} Could not verify org (exit ${mem.status}):\n${c.dim}${(mem.stderr || mem.stdout).trim()}${c.reset}`
   );
   process.exit(1);
 }
@@ -159,10 +211,12 @@ function needCmd(name, hint = "") {
         ? canRun("git", ["--version"])
         : canRun(name, ["--version"]);
   if (!ok) {
-    log(`${c.red}✗${c.reset} No se puede ejecutar ${c.bold}${name}${c.reset} (¿PATH o instalación?).${hint ? ` ${hint}` : ""}`);
+    console.error(
+      `${c.red}✗${c.reset} Cannot run ${c.bold}${name}${c.reset} (PATH or install?).${hint ? ` ${hint}` : ""}`
+    );
     if (IS_WIN) {
-      log(
-        `${c.dim}  Windows: cierra y abre la terminal tras instalar gh/git, o reinicia para refrescar PATH.${c.reset}`
+      console.error(
+        `${c.dim}  Windows: restart the terminal after installing gh/git, or reboot to refresh PATH.${c.reset}`
       );
     }
     process.exit(1);
@@ -180,7 +234,7 @@ function ghRepoList(org) {
     spawnWin({ encoding: "utf8", stdio: ["ignore", "pipe", "pipe"] })
   );
   if (r.status !== 0) {
-    log(`${c.red}✗${c.reset} gh repo list falló:\n${r.stderr || r.stdout}`);
+    console.error(`${c.red}✗${c.reset} gh repo list failed:\n${r.stderr || r.stdout}`);
     process.exit(1);
   }
   const rows = JSON.parse(r.stdout || "[]");
@@ -209,8 +263,8 @@ function resolveRepos(cfg, org, teamArg, allRepos) {
 
   const teams = cfg.teams || {};
   if (!teams[team]) {
-    log(
-      `${c.red}✗${c.reset} Equipo desconocido ${c.bold}${team}${c.reset}. Válidos: ${Object.keys(teams).sort().join(", ")}`
+    console.error(
+      `${c.red}✗${c.reset} Unknown team ${c.bold}${team}${c.reset}. Valid: ${Object.keys(teams).sort().join(", ")}`
     );
     process.exit(2);
   }
@@ -233,52 +287,27 @@ function isSafeTargetDir(abs) {
   return !bad.includes(n);
 }
 
-function cloudLine(org, name, status) {
-  const cloud = `${c.blue}☁${c.reset}`;
-  if (status === "ok") {
-    return `  ${cloud}  ${c.green}✓${c.reset} ${c.bold}${org}/${name}${c.reset} ${c.dim}clonado${c.reset}`;
-  }
-  if (status === "skip") {
-    return `  ${cloud}  ${c.yellow}○${c.reset} ${org}/${name} ${c.dim}(ya existe)${c.reset}`;
-  }
-  if (status === "fail") {
-    return `  ${cloud}  ${c.red}✗${c.reset} ${org}/${name} ${c.dim}falló${c.reset}`;
-  }
-  return `  ${cloud}  ${c.cyan}…${c.reset} ${org}/${name} ${c.dim}clonando…${c.reset}`;
+function summarizeCloneLine(repos, outcomes) {
+  const parts = repos.map((name) => {
+    const st = outcomes.get(name) || "fail";
+    if (st === "fail") return `${c.red}✗${c.reset} ${name}`;
+    if (st === "skip") return `${c.green}✓${c.reset} ${c.dim}${name}${c.reset}`;
+    return `${c.green}✓${c.reset} ${name}`;
+  });
+  return `  ${c.blue}☁${c.reset} ${parts.join(`   `)}`;
 }
 
-function cloneOne(org, name, workspace, useSsh) {
-  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
-  const gitDir = join(workspace, name, ".git");
-  if (existsSync(gitDir)) {
-    if (q) console.log(`${c.yellow}○${c.reset} ${name}`);
-    else log(cloudLine(org, name, "skip"));
-    return true;
-  }
-  if (!q) process.stdout.write(`\r${cloudLine(org, name, "pending")}`);
-  const args = useSsh
-    ? ["clone", `git@github.com:${org}/${name}.git`, name]
-    : ["repo", "clone", `${org}/${name}`, name];
-  const cmd = useSsh ? "git" : "gh";
-  const r = spawnSync(cmd, args, {
-    ...spawnWin({
-      cwd: workspace,
-      encoding: "utf8",
-      stdio: ["ignore", "pipe", "pipe"],
-    }),
-  });
-  if (!q) process.stdout.write("\r\x1b[K");
-  if (r.status === 0) {
-    if (q) console.log(`${c.green}✓${c.reset} ${name}`);
-    else log(cloudLine(org, name, "ok"));
-    return true;
-  }
-  if (q) console.error(`${c.red}✗${c.reset} ${name}`);
-  else {
-    log(cloudLine(org, name, "fail"));
-    if (r.stderr) log(`${c.dim}${r.stderr.trim()}${c.reset}`);
-  }
-  return false;
+function summarizeDepsLine(results) {
+  const ran = results.filter((r) => !r.skipped);
+  if (ran.length === 0) {
+    return `  ${c.blue}☁${c.reset} ${c.dim}dependencies — nothing to install${c.reset}`;
+  }
+  const parts = ran.map((r) =>
+    r.ok
+      ? `${c.green}✓${c.reset} ${r.name}`
+      : `${c.yellow}○${c.reset} ${r.name}`
+  );
+  return `  ${c.blue}☁${c.reset} ${parts.join(`   `)}`;
 }
 
 function copyCursorPack(workspace, cursorRepoUrl) {
@@ -286,7 +315,7 @@ function copyCursorPack(workspace, cursorRepoUrl) {
   if (cursorRepoUrl && String(cursorRepoUrl).trim()) {
     const tmp = join(workspace, ".cursor-bootstrap-tmp");
     rmSync(tmp, { recursive: true, force: true });
-    log(`${c.dim}→${c.reset} Cursor pack (clone superficial)…`);
+    ux(`${c.dim}→${c.reset} Cursor rules pack…`);
     const r = spawnSync(
       "git",
       ["clone", "--depth", "1", String(cursorRepoUrl).trim(), tmp],
@@ -300,15 +329,18 @@ function copyCursorPack(workspace, cursorRepoUrl) {
       rmSync(rootCursor, { recursive: true, force: true });
       cpSync(join(tmp, ".cursor"), rootCursor, { recursive: true });
       rmSync(tmp, { recursive: true, force: true });
-      log(`${c.green}✓${c.reset} ${c.bold}.cursor${c.reset} ${c.dim}← KOMPLIAN_CURSOR_REPO${c.reset}`);
+      ux(`${c.green}✓${c.reset} ${c.bold}.cursor${c.reset} ${c.dim}(KOMPLIAN_CURSOR_REPO)${c.reset}`);
       return;
     }
     rmSync(tmp, { recursive: true, force: true });
-    log(`${c.yellow}○${c.reset} KOMPLIAN_CURSOR_REPO: falló el clone o no hay .cursor/ en la raíz`);
+    ux(
+      `${c.yellow}○${c.reset} KOMPLIAN_CURSOR_REPO: clone failed or no .cursor/ at repo root`
+    );
+  } else if (!process.env.KOMPLIAN_CLI_QUIET) {
+    log(
+      `${c.dim}○ No .cursor/ (optional: KOMPLIAN_CURSOR_REPO=<git url>).${c.reset}`
+    );
   }
-  log(
-    `${c.dim}○ Sin .cursor/ en el workspace (opcional: KOMPLIAN_CURSOR_REPO=<url git>).${c.reset}`
-  );
 }
 
 /** Sin esto, `npm install` crea o retoca package-lock.json y git muestra cambios sin querer. */
@@ -318,12 +350,13 @@ function npmQuietFlags() {
   return audit ? [] : ["--no-audit", "--no-fund"];
 }
 
-function npmInstallOneRepo(dir, name) {
+function npmInstallOneRepo(dir, name, opts = {}) {
+  const silent = opts.silent === true;
   const pkg = join(dir, "package.json");
   if (!existsSync(pkg)) return { ok: true, skipped: true };
 
-  const stdio =
-    process.env.KOMPLIAN_CLI_QUIET === "1" ? "ignore" : "inherit";
+  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
+  const stdio = silent || q ? "ignore" : "inherit";
 
   const yarnLock = join(dir, "yarn.lock");
   const pnpmLock = join(dir, "pnpm-lock.yaml");
@@ -331,12 +364,22 @@ function npmInstallOneRepo(dir, name) {
 
   if (existsSync(yarnLock)) {
     if (!canRun("yarn", ["--version"])) {
-      log(
-        `${c.yellow}○${c.reset} ${name} ${c.dim}(yarn.lock; instala yarn o ejecuta yarn install a mano)${c.reset}`
-      );
+      if (!silent) {
+        log(
+          `${c.yellow}○${c.reset} ${name} ${c.dim}(yarn.lock; install yarn or run yarn install manually)${c.reset}`
+        );
+      }
       return { ok: true, skipped: true };
     }
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(yarn)${c.reset}`);
+    if (!silent) {
+      if (q) {
+        ux(
+          `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}yarn…${c.reset}`
+        );
+      } else {
+        log(`${c.dim}→${c.reset} ${name} ${c.dim}(yarn)${c.reset}`);
+      }
+    }
     const r = spawnSync(
       "yarn",
       ["install", "--frozen-lockfile"],
@@ -347,12 +390,22 @@ function npmInstallOneRepo(dir, name) {
 
   if (existsSync(pnpmLock)) {
     if (!canRun("pnpm", ["--version"])) {
-      log(
-        `${c.yellow}○${c.reset} ${name} ${c.dim}(pnpm-lock; instala pnpm o pnpm install a mano)${c.reset}`
-      );
+      if (!silent) {
+        log(
+          `${c.yellow}○${c.reset} ${name} ${c.dim}(pnpm-lock; install pnpm or run pnpm install manually)${c.reset}`
+        );
+      }
       return { ok: true, skipped: true };
     }
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(pnpm)${c.reset}`);
+    if (!silent) {
+      if (q) {
+        ux(
+          `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}pnpm…${c.reset}`
+        );
+      } else {
+        log(`${c.dim}→${c.reset} ${name} ${c.dim}(pnpm)${c.reset}`);
+      }
+    }
     const r = spawnSync(
       "pnpm",
       ["install", "--frozen-lockfile"],
@@ -362,23 +415,43 @@ function npmInstallOneRepo(dir, name) {
   }
 
   if (!canRun("npm", ["--version"])) {
-    log(`${c.yellow}○${c.reset} npm no está en PATH — omito ${name}`);
+    if (!silent) {
+      log(`${c.yellow}○${c.reset} npm not in PATH — skipping ${name}`);
+    }
     return { ok: true, skipped: true };
   }
 
   const quiet = npmQuietFlags();
 
   if (existsSync(npmLock)) {
-    log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm ci — lock sin cambios)${c.reset}`);
+    if (!silent) {
+      if (q) {
+        ux(
+          `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}npm ci…${c.reset}`
+        );
+      } else {
+        log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm ci)${c.reset}`);
+      }
+    }
     const r = spawnSync("npm", ["ci", ...quiet], spawnWin({ cwd: dir, stdio }));
     if (r.status === 0) return { ok: true, skipped: false };
-    log(
-      `${c.yellow}○${c.reset} ${name}: npm ci falló (¿lock desincronizado?). ${c.dim}Revisa con npm install en ese repo.${c.reset}`
-    );
+    if (!silent) {
+      log(
+        `${c.yellow}○${c.reset} ${name}: npm ci failed (lock out of sync?). ${c.dim}Try npm install in that repo.${c.reset}`
+      );
+    }
     return { ok: false, skipped: false };
   }
 
-  log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm install — sin crear package-lock)${c.reset}`);
+  if (!silent) {
+    if (q) {
+      ux(
+        `  ${c.blue}☁${c.reset}  ${c.cyan}…${c.reset} ${c.bold}${name}${c.reset} ${c.dim}npm install…${c.reset}`
+      );
+    } else {
+      log(`${c.dim}→${c.reset} ${name} ${c.dim}(npm install — no new lockfile)${c.reset}`);
+    }
+  }
   const r = spawnSync(
     "npm",
     ["install", ...quiet, "--no-package-lock"],
@@ -387,52 +460,47 @@ function npmInstallOneRepo(dir, name) {
   return { ok: r.status === 0, skipped: false };
 }
 
-function npmInstallEach(workspace) {
-  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
-  if (!q) {
-    log("");
-    log(`${c.cyan}━━ dependencies ━━${c.reset}`);
-  }
+/** Silent installs for batch UX (single spinner + one summary line). */
+function npmInstallBatch(workspace) {
+  const results = [];
   for (const ent of readdirSync(workspace)) {
     const d = join(workspace, ent);
     if (!statSync(d).isDirectory()) continue;
-    const { ok, skipped } = npmInstallOneRepo(d, ent);
-    if (skipped) continue;
-    if (q) {
-      console.log(`${ok ? c.green + "✓" + c.reset : c.yellow + "○" + c.reset} ${ent}`);
-    } else if (ok) {
-      log(`${c.green}✓${c.reset} ${ent}`);
-    } else {
-      log(`${c.yellow}○${c.reset} ${ent}`);
-    }
+    const { ok, skipped } = npmInstallOneRepo(d, ent, { silent: true });
+    results.push({ name: ent, ok, skipped });
   }
+  return results;
 }
 
 function usage() {
-  log(`Uso: komplian setup | onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
-  log(`  ${c.bold}Todo en uno:${c.reset} ${c.cyan}npx komplian setup${c.reset} ${c.dim}(onboard+postman+mcp+db+localhost; formulario en navegador si hace falta)${c.reset}`);
-  log(`  ${c.bold}Setup por pasos:${c.reset}`);
-  log(`  1. npx komplian onboard --yes`);
-  log(`  2. npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
-  log(`  3. npx komplian mcp-tools --yes`);
-  log(`  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 URLs dev → ~/.komplian + .env.local)${c.reset}`);
-  log(`  5. npx komplian localhost --yes`);
-  log(``);
-  log(`  npx komplian db:app:development  ${c.dim}(psql una DB)${c.reset}`);
-  log(``);
-  log(`  Antes (una vez): gh auth login -h github.com -s repo -s read:org -w`);
-  log(`  Requisitos: Node 18+, git, GitHub CLI (gh)`);
-  log(``);
-  log(`  onboard implica --install salvo --no-install`);
-  log(`  [carpeta]          Destino (por defecto: directorio actual, no ~/komplian)`);
-  log(`  -y, --yes          Sin menú interactivo (equipo por defecto del JSON)`);
-  log(`  -t, --team <slug>  Equipo en komplian-team-repos.json`);
-  log(`  -i, --install      npm install en cada repo con package.json`);
-  log(`  --no-install       No ejecutar npm install`);
-  log(`  --all-repos        Todos los repos visibles (menos exclude_from_all)`);
-  log(`  --ssh              Clonar con git@github.com:…`);
-  log(`  --list-teams       Lista slugs de equipo (solo JSON) y sale`);
-  log(`  -h, --help`);
+  console.log(`Usage: komplian setup | onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
+  console.log(
+    `  ${c.bold}All-in-one:${c.reset} ${c.cyan}npx komplian setup${c.reset} ${c.dim}(onboard+postman+mcp+db+localhost; browser form if needed)${c.reset}`
+  );
+  console.log(`  ${c.bold}Step by step:${c.reset}`);
+  console.log(`  1. npx komplian onboard --yes`);
+  console.log(`  2. npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
+  console.log(`  3. npx komplian mcp-tools --yes`);
+  console.log(
+    `  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 dev URLs → ~/.komplian + .env.local)${c.reset}`
+  );
+  console.log(`  5. npx komplian localhost --yes`);
+  console.log(``);
+  console.log(`  npx komplian db:app:development  ${c.dim}(psql one DB)${c.reset}`);
+  console.log(``);
+  console.log(`  Once: gh auth login -h github.com -s repo -s read:org -w`);
+  console.log(`  Requires: Node 18+, git, GitHub CLI (gh)`);
+  console.log(``);
+  console.log(`  onboard implies --install unless --no-install`);
+  console.log(`  [folder]           Target (default: cwd, not ~/komplian)`);
+  console.log(`  -y, --yes          Non-interactive (default team from JSON)`);
+  console.log(`  -t, --team <slug>  Team in komplian-team-repos.json`);
+  console.log(`  -i, --install      npm install in each repo with package.json`);
+  console.log(`  --no-install       Skip npm install`);
+  console.log(`  --all-repos        All visible repos (minus exclude_from_all)`);
+  console.log(`  --ssh              Clone with git@github.com:…`);
+  console.log(`  --list-teams       Print team slugs (JSON only) and exit`);
+  console.log(`  -h, --help`);
 }
 
 function parseArgs(argv) {
@@ -459,8 +527,8 @@ function parseArgs(argv) {
     else if (a === "-h" || a === "--help") out.help = true;
     else if (a === "-t" || a === "--team") {
       out.team = argv[++i] || "";
-    } else if (a.startsWith("-")) {
-      log(`${c.red}✗${c.reset} Opción desconocida: ${a}`);
+    }     else if (a.startsWith("-")) {
+      console.error(`${c.red}✗${c.reset} Unknown option: ${a}`);
       usage();
       process.exit(1);
     } else rest.push(a);
@@ -560,20 +628,22 @@ async function main() {
   }
 
   if (!existsSync(configPath)) {
-    log(`${c.red}✗${c.reset} Falta la config: ${configPath}`);
+    console.error(`${c.red}✗${c.reset} Missing config: ${configPath}`);
     process.exit(1);
   }
 
   const cfg = loadConfig(configPath);
 
   if (args.listTeams) {
-    log(Object.keys(cfg.teams || {}).sort().join("\n"));
+    console.log(Object.keys(cfg.teams || {}).sort().join("\n"));
     return;
   }
 
   const nodeMajor = Number(process.versions.node.split(".")[0], 10);
   if (nodeMajor < 18) {
-    log(`${c.red}✗${c.reset} Hace falta Node 18+. Tienes ${process.versions.node}.`);
+    console.error(
+      `${c.red}✗${c.reset} Node 18+ required. You have ${process.versions.node}.`
+    );
     process.exit(1);
   }
 
@@ -593,18 +663,16 @@ async function main() {
       process.exit(1);
     }
   }
-  if (!process.env.KOMPLIAN_CLI_QUIET) {
-    log(`${c.green}✓${c.reset} GitHub CLI OK`);
-  }
+
+  banner();
+  ux(`${c.green}✓${c.reset} GitHub CLI`);
 
   const org = process.env.KOMPLIAN_ORG || cfg.org || "Komplian";
   verifyOrgMembership(org);
-  logGhIdentity();
-  log(
-    `${c.green}✓${c.reset} Org ${c.bold}${org}${c.reset}: ${c.dim}membresía activa${c.reset}`
-  );
-
-  banner();
+  if (!process.env.KOMPLIAN_CLI_QUIET) {
+    logGhIdentity();
+  }
+  ux(`${c.green}✓${c.reset} Org ${c.bold}${org}${c.reset}`);
 
   let team = args.team;
   if (!team && !args.yes && !args.allRepos) {
@@ -613,7 +681,9 @@ async function main() {
 
   const repos = resolveRepos(cfg, org, team, args.allRepos);
   if (repos.length === 0) {
-    log(`${c.red}✗${c.reset} No hay repos que clonar (permisos / equipo / org).`);
+    console.error(
+      `${c.red}✗${c.reset} No repositories to clone (permissions / team / org).`
+    );
     process.exit(1);
   }
 
@@ -623,40 +693,85 @@ async function main() {
   }
   const abs = resolve(workspace.replace(/^~(?=$|[/\\])/, homedir()));
   if (!isSafeTargetDir(abs)) {
-    log(`${c.red}✗${c.reset} Carpeta destino no segura: ${abs}`);
+    console.error(`${c.red}✗${c.reset} Unsafe destination folder: ${abs}`);
     process.exit(1);
   }
 
   mkdirSync(abs, { recursive: true });
-  log("");
-  log(`${c.cyan}━━ Workspace ━━${c.reset} ${c.bold}${abs}${c.reset}`);
-  log(`${c.cyan}━━ Org ━━${c.reset} ${c.bold}${org}${c.reset}`);
-  if (team) log(`${c.cyan}━━ Equipo ━━${c.reset} ${c.bold}${team}${c.reset}`);
-  log(`${c.cyan}━━ Repos (${repos.length}) ━━${c.reset}`);
-  log("");
+  const q = process.env.KOMPLIAN_CLI_QUIET === "1";
+  ux("");
+  ux(`${c.dim}${abs}${c.reset}`);
+  if (team) ux(`${c.dim}team · ${team}${c.reset}`);
+  ux(`${c.dim}${repos.join(" · ")}${c.reset}`);
+  ux("");
+
+  const outcomes = new Map();
+  let spin = process.stdout.isTTY ? startBatchSpinner("Cloning repositories…") : null;
+  if (!spin) {
+    ux(`  ${c.blue}☁${c.reset} ${c.dim}Cloning repositories…${c.reset}`);
+  }
 
   let failed = 0;
-  for (const name of repos) {
-    const ok = cloneOne(org, name, abs, args.ssh);
-    if (!ok) failed += 1;
+  try {
+    for (const name of repos) {
+      const gitDir = join(abs, name, ".git");
+      if (existsSync(gitDir)) {
+        outcomes.set(name, "skip");
+        continue;
+      }
+      const cloneArgs = args.ssh
+        ? ["clone", `git@github.com:${org}/${name}.git`, name]
+        : ["repo", "clone", `${org}/${name}`, name];
+      const cmd = args.ssh ? "git" : "gh";
+      const r = await runSpawn(cmd, cloneArgs, abs);
+      if (r.status === 0) {
+        outcomes.set(name, "ok");
+      } else {
+        outcomes.set(name, "fail");
+        failed += 1;
+        const err = (r.stderr || "").trim();
+        if (err) console.error(`${c.dim}${err.slice(0, 500)}${c.reset}`);
+      }
+    }
+  } finally {
+    if (spin) spin.stop();
   }
 
+  ux(summarizeCloneLine(repos, outcomes));
+
   copyCursorPack(abs, process.env.KOMPLIAN_CURSOR_REPO);
 
   if (args.install) {
-    npmInstallEach(abs);
+    spin = process.stdout.isTTY ? startBatchSpinner("Installing dependencies…") : null;
+    if (!spin) {
+      ux(`  ${c.blue}☁${c.reset} ${c.dim}Installing dependencies…${c.reset}`);
+    }
+    let depResults = [];
+    try {
+      depResults = npmInstallBatch(abs);
+    } finally {
+      if (spin) spin.stop();
+    }
+    ux(summarizeDepsLine(depResults));
   }
 
-  log("");
-  log(`${c.cyan}━━ Listo ━━${c.reset}`);
+  ux("");
   if (failed > 0) {
-    log(`${c.yellow}○${c.reset} ${failed} repo(s) fallaron — revisa acceso y reintenta.`);
+    ux(
+      `${c.yellow}○${c.reset} ${failed} repo(s) failed — check access and retry.`
+    );
+  } else {
+    ux(`${c.green}✓${c.reset} ${c.dim}Repositories ready${c.reset}`);
+  }
+  ux(`${c.green}✓${c.reset} Open in Cursor: ${c.bold}File → Open Folder → ${abs}${c.reset}`);
+  if (!q) {
+    log(
+      `${c.dim}  package-lock: npm ci. No lock: npm install --no-package-lock. yarn/pnpm: frozen lockfile. KOMPLIAN_NPM_AUDIT=1 enables npm audit.${c.reset}`
+    );
+    log(
+      `${c.dim}  Copy .env.example → .env per project; secrets in 1Password — never commit.${c.reset}`
+    );
   }
-  log(`${c.green}✓${c.reset} Cursor: ${c.bold}File → Open Folder → ${abs}${c.reset}`);
-  log(
-    `${c.dim}  Con package-lock.json: npm ci (no retoca el lock). Sin lock: npm install --no-package-lock. yarn/pnpm: lock congelado. KOMPLIAN_NPM_AUDIT=1 activa auditoría en npm.${c.reset}`
-  );
-  log(`${c.dim}  .env.example → .env por proyecto; secretos en 1Password — nunca commit.${c.reset}`);
 }
 
 main().catch((e) => {

package/komplian-postman.mjs

@@ -46,6 +46,11 @@ function formatHomePath(absPath) {
   return absPath;
 }
 
+/** JSON exports never go into the monorepo root (avoids accidental commits). */
+function defaultPostmanExportDir() {
+  return join(homedir(), ".komplian", "postman-export");
+}
+
 function maskEmail(email) {
   if (!email || typeof email !== "string" || !email.includes("@")) {
     return "[sin email]";
@@ -855,7 +860,7 @@ function usage() {
   log(``);
   log(`  -y, --yes           Sin prompts extra (si falta API key y hay TTY, pide la clave una vez y guarda)`);
   log(`  --export-only       Solo escribe JSON en disco (no llama a la API de Postman)`);
-  log(`  --out <dir>         Carpeta para export (por defecto: ./komplian-postman)`);
+  log(`  --out <dir>         Export folder (default: ~/.komplian/postman-export)`);
   log(`  --dotenv <ruta>     .env extra (además de api/.env, .env, KOMPLIAN_DOTENV)`);
   log(`  -h, --help`);
   log(``);
@@ -965,23 +970,29 @@ export async function runPostman(argv) {
     apiKey,
     process.env.POSTMAN_WORKSPACE_ID
   );
-  log(
-    `${c.green}✓${c.reset} Workspace Postman: ${c.bold}${workspaceId}${c.reset}`
-  );
+  if (!process.env.KOMPLIAN_CLI_QUIET) {
+    log(`${c.green}✓${c.reset} Postman workspace: ${c.bold}${workspaceId}${c.reset}`);
+  }
 
-  const outBase = args.outDir
-    ? resolve(args.outDir)
-    : resolve(process.cwd(), "komplian-postman");
+  ensureSecureKomplianDir();
+  const outBase = args.outDir ? resolve(args.outDir) : defaultPostmanExportDir();
   mkdirSync(outBase, { recursive: true });
 
   const collPath = join(outBase, "Komplian-API.postman_collection.json");
   writeFileSync(collPath, JSON.stringify(collection, null, 2), "utf8");
-  log(`${c.green}✓${c.reset} Export: ${c.dim}${collPath}${c.reset}`);
+  const quiet = process.env.KOMPLIAN_CLI_QUIET === "1";
+  if (!quiet) {
+    log(`${c.green}✓${c.reset} Export: ${c.dim}${collPath}${c.reset}`);
+  }
 
   for (const env of envsForExport) {
     const safe = env.name.replace(/[\\/]/g, "-") + ".postman_environment.json";
     writeFileSync(join(outBase, safe), JSON.stringify({ ...env }, null, 2), "utf8");
-    log(`${c.green}✓${c.reset} Export: ${c.dim}${join(outBase, safe)}${c.reset} ${c.dim}(sin secretos; no commitear)${c.reset}`);
+    if (!quiet) {
+      log(
+        `${c.green}✓${c.reset} Export: ${c.dim}${join(outBase, safe)}${c.reset} ${c.dim}(no secrets)${c.reset}`
+      );
+    }
   }
 
   if (args.exportOnly) {

package/komplian-setup.mjs

@@ -583,7 +583,6 @@ export async function runSetup(argv) {
 
   mkdirSync(workspaceAbs, { recursive: true });
 
-  out(`${c.cyan}1/5${c.reset} repos`);
   const onboardArgs = ["--yes"];
   if (opts.team) onboardArgs.push("-t", opts.team);
   if (opts.allRepos) onboardArgs.push("--all-repos");
@@ -629,7 +628,6 @@ export async function runSetup(argv) {
   }
 
   if (useBrowser && (needsPostmanKey || needsDbUrls)) {
-    out(`${c.cyan}browser${c.reset} local form`);
     try {
       const lp = neonOAuth && needsDbUrls ? parseListenFromRedirectUri() : null;
       const form = await runSetupBrowserForm({
@@ -652,16 +650,12 @@ export async function runSetup(argv) {
     }
   }
 
-  out(`${c.cyan}2/5${c.reset} postman`);
   await runPostman(["--yes"]);
 
-  out(`${c.cyan}3/5${c.reset} mcp`);
   await runMcpTools(["--yes"]);
 
-  out(`${c.cyan}4/5${c.reset} databases`);
   await runDbAllDev(["--yes", "-w", monorepoRoot]);
 
-  out(`${c.cyan}5/5${c.reset} dev`);
   await runLocalhost(["--yes"]);
 
   out(`${c.green}✓${c.reset} ready`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "komplian",
-  "version": "0.7.1",
+  "version": "0.7.3",
   "description": "Komplian CLI: setup (all-in-one), onboard, Postman, localhost, mcp-tools, db (psql). Node 18+.",
   "type": "module",
   "engines": {