feat(compile): add --force flag to bypass GitHub-remote guard

docs/cli.md

@@ -13,6 +13,7 @@ Global flags (apply to all subcommands): `--verbose, -v` (enable info-level logg
   - The agent auto-downloads the ado-aw compiler and handles the full lifecycle (create → compile → check)
 - `compile [<path>]` - Compile a markdown file to Azure DevOps pipeline YAML. If no path is given, auto-discovers and recompiles all detected agentic pipelines in the current directory.
   - `--output, -o <path>` - Optional output path for the generated YAML (only valid when a path is provided). If the path is an existing directory, the compiled YAML is written inside that directory using the default filename derived from the markdown source (e.g. `foo.md` → `<dir>/foo.lock.yml`).
+  - `--force` - Bypass the GitHub-remote guard (use when running inside a GitHub-hosted repository like `githubnext/ado-aw` itself)
   - `--skip-integrity` - *(debug builds only)* Omit the "Verify pipeline integrity" step from the generated pipeline. Useful during local development when the compiled output won't match a released compiler version. This flag is not available in release builds. OR-ed with `ado-aw-debug.skip-integrity:` in front matter — either is sufficient. See [`docs/ado-aw-debug.md`](ado-aw-debug.md).
   - `--debug-pipeline` - *(debug builds only)* Include MCPG debug diagnostics in the generated pipeline: `DEBUG=*` environment variable for verbose MCPG logging, stderr streaming to log files, and a "Verify MCP backends" step that probes each backend with MCP initialize + tools/list before the agent runs. This flag is not available in release builds.
   - For `target: job` and `target: stage`, the output is an ADO YAML template (not a complete pipeline). Job names are prefixed with the agent name for uniqueness. Triggers configured via `on:` are ignored with a warning.

src/main.rs

@@ -35,6 +35,10 @@ enum Commands {
         /// the input markdown (e.g. `foo.md` -> `<dir>/foo.lock.yml`).
         #[arg(short, long)]
         output: Option<String>,
+        /// Bypass the GitHub-remote guard (use when running inside a
+        /// GitHub-hosted repository like `githubnext/ado-aw` itself).
+        #[arg(long)]
+        force: bool,
         /// Omit the "Verify pipeline integrity" step from the generated pipeline.
         /// Only available in debug builds.
         #[cfg(debug_assertions)]
@@ -207,7 +211,10 @@ async fn ensure_non_github_remote_for_ado_aw(command_name: &str, repo_path: &Pat
         anyhow::bail!(
             "Cannot run `ado-aw {}` in a GitHub repository (origin: {}). \
              `ado-aw` is for Azure DevOps repositories. \
-             For GitHub repositories, use gh-aw instead: https://github.com/github/gh-aw",
+             For GitHub repositories, use gh-aw instead: https://github.com/github/gh-aw\n\
+             \n\
+             If you are working inside `githubnext/ado-aw` itself (or a fork), \
+             pass `--force` to bypass this check.",
             command_name,
             remote_url
         );
@@ -499,6 +506,7 @@ async fn main() -> Result<()> {
         Commands::Compile {
             path,
             output,
+            force,
             #[cfg(debug_assertions)]
             skip_integrity,
             #[cfg(debug_assertions)]
@@ -509,7 +517,12 @@ async fn main() -> Result<()> {
             #[cfg(not(debug_assertions))]
             let debug_pipeline = false;
 
-            ensure_non_github_remote_for_ado_aw("compile", Path::new(".")).await?;
+            // `--force` bypasses the GitHub-remote guard so maintainers can
+            // run `ado-aw compile` inside this repository (or other
+            // GitHub-hosted forks) for development and example regeneration.
+            if !force {
+                ensure_non_github_remote_for_ado_aw("compile", Path::new(".")).await?;
+            }
             run_compile(path, output, skip_integrity, debug_pipeline).await?;
         }
         Commands::Check { pipeline } => {