@byh3071/vhk 1.6.6 → 1.7.1

package/dist/{chunk-HLUFOT2T.js → chunk-GXFZ7JXX.js}

@@ -2987,6 +2987,7 @@ export {
   ko,
   t,
   localDate,
+  ensureVhkIgnored,
   listBackups,
   restoreBackup,
   detectExistingRuleFiles,

package/dist/index.js

@@ -13,6 +13,7 @@ import {
   deploy,
   detectExistingRuleFiles,
   ensureInteractive,
+  ensureVhkIgnored,
   env,
   envCheck,
   filterSevereFindings,
@@ -42,7 +43,7 @@ import {
   stripBom,
   sync,
   t
-} from "./chunk-HLUFOT2T.js";
+} from "./chunk-GXFZ7JXX.js";
 
 // src/index.ts
 import { Command, Help } from "commander";
@@ -2660,7 +2661,9 @@ function generateGateScript(id) {
     "  process.exit(1)",
     "}",
     "",
-    "const pkg = existsSync('package.json') ? JSON.parse(readFileSync('package.json', 'utf-8')) : {}",
+    "// BOM-safe \uC77D\uAE30: PowerShell Set-Content -Encoding utf8 \uC758 UTF-8 BOM \uC81C\uAC70(\uC5C6\uC73C\uBA74 throw).",
+    "const readJson = (p) => { const t = readFileSync(p, 'utf-8'); return JSON.parse(t.charCodeAt(0) === 0xfeff ? t.slice(1) : t) }",
+    "const pkg = existsSync('package.json') ? readJson('package.json') : {}",
     "const scripts = pkg.scripts ?? {}",
     "const pm = existsSync('pnpm-lock.yaml') ? 'pnpm' : existsSync('yarn.lock') ? 'yarn' : 'npm'",
     "const skipDeep = process.env.VHK_GATES_SKIP_DEEP === '1'",
@@ -5029,7 +5032,7 @@ function readCloudConfig(rootDir) {
   const p = path12.join(rootDir, VHK_DIR2, CLOUD_CONFIG_FILE);
   if (!fs11.existsSync(p)) return null;
   try {
-    const parsed = JSON.parse(fs11.readFileSync(p, "utf-8"));
+    const parsed = readJsonFile(p);
     if (parsed && typeof parsed.gistId === "string" && parsed.gistId) {
       return { gistId: parsed.gistId };
     }
@@ -5359,30 +5362,373 @@ async function mode(target) {
 }
 
 // src/commands/verify.ts
+import { execFileSync as execFileSync4 } from "child_process";
+import { existsSync as existsSync16, mkdirSync as mkdirSync11, writeFileSync as writeFileSync11 } from "fs";
+import { join as join10 } from "path";
 import chalk30 from "chalk";
-function verificationChecklist() {
-  return [
-    "\uD0C0\uC785 \uCCB4\uD06C \u2014 pnpm exec tsc --noEmit",
-    "\uD14C\uC2A4\uD2B8 \u2014 pnpm run test:run",
-    "\uBE4C\uB4DC \u2014 pnpm run build",
-    "\uBCF4\uC548 \uC2A4\uCE94 \u2014 vhk secure scan"
-  ];
+
+// src/commands/verify-report.ts
+function escapeHtml(text) {
+  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+var STATUS_COLOR = {
+  PASS: { bg: "#16a34a", fg: "#ffffff", label: "PASS" },
+  WARN: { bg: "#d97706", fg: "#ffffff", label: "WARN" },
+  FAIL: { bg: "#dc2626", fg: "#ffffff", label: "FAIL" }
+};
+var GATE_STATUS = {
+  pass: { color: "#16a34a", label: "\uD1B5\uACFC" },
+  fail: { color: "#dc2626", label: "\uC2E4\uD328" },
+  skip: { color: "#d97706", label: "\uAC74\uB108\uB700" }
+};
+function renderGateRow(g) {
+  const s = GATE_STATUS[g.status];
+  const exit = g.exitCode === null ? "\u2014" : String(g.exitCode);
+  const detail = g.detail ? escapeHtml(g.detail) : "";
+  return `      <tr>
+        <td class="gate-label">${escapeHtml(g.label)}</td>
+        <td><span class="gate-status" style="color:${s.color}">${s.label}</span></td>
+        <td class="gate-exit">${escapeHtml(exit)}</td>
+        <td class="gate-detail">${detail}</td>
+      </tr>`;
+}
+function renderReportHtml(report) {
+  const c = STATUS_COLOR[report.status];
+  const s = report.summary;
+  const rows = report.gates.map(renderGateRow).join("\n");
+  const actions = report.nextActions.map((a) => `        <li>${escapeHtml(a)}</li>`).join("\n");
+  return `<!DOCTYPE html>
+<html lang="ko">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>vhk verify \uB9AC\uD3EC\uD2B8 \u2014 ${c.label}</title>
+<style>
+  :root { color-scheme: light dark; }
+  * { box-sizing: border-box; }
+  body {
+    margin: 0; padding: 2rem 1rem;
+    font-family: system-ui, -apple-system, "Segoe UI", Roboto, "Noto Sans KR", sans-serif;
+    background: #f8fafc; color: #0f172a; line-height: 1.55;
+  }
+  .wrap { max-width: 760px; margin: 0 auto; }
+  header { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; margin-bottom: 0.5rem; }
+  h1 { font-size: 1.25rem; margin: 0; font-weight: 700; }
+  .badge {
+    display: inline-block; padding: 0.35rem 1rem; border-radius: 9999px;
+    font-weight: 800; font-size: 1rem; letter-spacing: 0.05em;
+    background: ${c.bg}; color: ${c.fg};
+  }
+  .summary { color: #475569; font-size: 0.95rem; margin: 0.25rem 0 1.5rem; }
+  .summary strong { color: #0f172a; }
+  table { width: 100%; border-collapse: collapse; margin-bottom: 1.75rem; font-size: 0.95rem; }
+  th, td { text-align: left; padding: 0.6rem 0.75rem; border-bottom: 1px solid #e2e8f0; }
+  th { font-size: 0.8rem; text-transform: uppercase; letter-spacing: 0.05em; color: #64748b; }
+  .gate-label { font-weight: 600; }
+  .gate-status { font-weight: 700; }
+  .gate-exit { font-variant-numeric: tabular-nums; color: #475569; }
+  .gate-detail { color: #64748b; font-size: 0.88rem; }
+  h2 { font-size: 1rem; margin: 0 0 0.5rem; }
+  ul { margin: 0 0 1.75rem; padding-left: 1.25rem; }
+  li { margin: 0.2rem 0; }
+  footer { color: #94a3b8; font-size: 0.8rem; border-top: 1px solid #e2e8f0; padding-top: 0.75rem; }
+  @media (prefers-color-scheme: dark) {
+    body { background: #0f172a; color: #e2e8f0; }
+    .summary { color: #94a3b8; } .summary strong { color: #e2e8f0; }
+    th { color: #94a3b8; } th, td { border-color: #1e293b; }
+    .gate-exit { color: #94a3b8; } .gate-detail { color: #94a3b8; }
+    footer { color: #64748b; border-color: #1e293b; }
+  }
+</style>
+</head>
+<body>
+  <div class="wrap">
+    <header>
+      <h1>\u{1F50E} vhk verify \uB9AC\uD3EC\uD2B8</h1>
+      <span class="badge">${c.label}</span>
+    </header>
+    <p class="summary">
+      \uAC8C\uC774\uD2B8 <strong>${s.total}</strong>\uAC1C \u2014 \uD1B5\uACFC ${s.pass} / \uC2E4\uD328 ${s.fail} / \uAC74\uB108\uB700 ${s.skip}
+    </p>
+    <table>
+      <thead>
+        <tr><th>\uAC8C\uC774\uD2B8</th><th>\uC0C1\uD0DC</th><th>\uC885\uB8CC\uCF54\uB4DC</th><th>\uBE44\uACE0</th></tr>
+      </thead>
+      <tbody>
+${rows}
+      </tbody>
+    </table>
+    <h2>\uB2E4\uC74C \uD589\uB3D9</h2>
+    <ul>
+${actions}
+    </ul>
+    <footer>
+      \uC0DD\uC131: ${escapeHtml(report.generatedAt)} \xB7 \uB0A0\uC9DC: ${escapeHtml(report.date)} \xB7 schema v${report.schemaVersion}
+    </footer>
+  </div>
+</body>
+</html>
+`;
+}
+
+// src/commands/verify.ts
+var REPORT_SCHEMA_VERSION = 1;
+var REPORT_DIR_REL = join10(".vhk", "reports");
+var REPORT_PATH_REL = join10(REPORT_DIR_REL, "latest.json");
+var REPORT_HTML_PATH_REL = join10(REPORT_DIR_REL, "latest.html");
+var SHIM = /* @__PURE__ */ new Set(["pnpm", "npm", "npx", "yarn"]);
+function detectPm(cwd) {
+  if (existsSync16(join10(cwd, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync16(join10(cwd, "yarn.lock"))) return "yarn";
+  return "npm";
+}
+function execGate(cmd, args, cwd) {
+  let bin = cmd;
+  let argv = args;
+  if (process.platform === "win32" && SHIM.has(cmd)) {
+    bin = "cmd.exe";
+    argv = ["/d", "/s", "/c", `${cmd}.cmd`, ...args];
+  }
+  try {
+    execFileSync4(bin, argv, {
+      cwd,
+      stdio: ["pipe", "pipe", "pipe"],
+      encoding: "utf-8",
+      maxBuffer: 64 * 1024 * 1024,
+      timeout: 6e5,
+      killSignal: "SIGTERM"
+    });
+    return { exitCode: 0, out: "" };
+  } catch (e) {
+    const err = e;
+    const exitCode = typeof err.status === "number" ? err.status : 1;
+    const out = ((err.stdout?.toString?.() ?? "") + (err.stderr?.toString?.() ?? "")).trim();
+    return { exitCode, out };
+  }
 }
-async function verify() {
-  console.log(chalk30.bold("\n\u{1F50E} \uAC80\uC99D \uBB36\uC74C (verify \u2014 lite)"));
+function runScriptGate(id, label, cwd, pm, argvFor) {
+  const argv = argvFor(pm);
+  if (!argv) {
+    return { id, label, status: "skip", exitCode: null, skipped: true, detail: "\uD574\uB2F9 \uC2A4\uD06C\uB9BD\uD2B8/\uC124\uC815 \uC5C6\uC74C \u2014 skip(WARN)" };
+  }
+  const { exitCode } = execGate(pm, argv, cwd);
+  return {
+    id,
+    label,
+    status: exitCode === 0 ? "pass" : "fail",
+    exitCode,
+    skipped: false,
+    detail: exitCode === 0 ? void 0 : `\uC885\uB8CC\uCF54\uB4DC ${exitCode}`
+  };
+}
+function readPackageScripts(cwd) {
+  const pkgPath = join10(cwd, "package.json");
+  if (!existsSync16(pkgPath)) return {};
+  try {
+    const pkg = readJsonFile(pkgPath);
+    return pkg.scripts ?? {};
+  } catch {
+    return {};
+  }
+}
+function runGates(cwd) {
+  const scripts = readPackageScripts(cwd);
+  const pm = detectPm(cwd);
+  const gates = [];
+  gates.push(
+    runScriptGate("typecheck", "tsc --noEmit", cwd, pm, () => {
+      if (scripts.typecheck) return ["run", "typecheck"];
+      if (existsSync16(join10(cwd, "tsconfig.json"))) return pm === "npm" ? ["exec", "--", "tsc", "--noEmit"] : ["exec", "tsc", "--noEmit"];
+      return null;
+    })
+  );
+  gates.push(
+    runScriptGate("test", "test:run", cwd, pm, () => {
+      if (scripts["test:run"]) return ["run", "test:run"];
+      if (scripts.test && /vitest/.test(scripts.test)) return ["run", "test", "--", "--run"];
+      if (scripts.test) return ["run", "test"];
+      return null;
+    })
+  );
+  gates.push(
+    runScriptGate("build", "build", cwd, pm, () => scripts.build ? ["run", "build"] : null)
+  );
+  gates.push(runSecureGate(cwd));
+  return gates;
+}
+function runSecureGate(cwd) {
+  try {
+    const severe = filterSevereFindings(scanProjectForSecrets(cwd).findings);
+    const n = severe.length;
+    return {
+      id: "secure",
+      label: "secure scan",
+      status: n === 0 ? "pass" : "fail",
+      exitCode: n === 0 ? 0 : 1,
+      skipped: false,
+      detail: n === 0 ? void 0 : `severe \uC2DC\uD06C\uB9BF ${n}\uAC74 (\uAC12 \uBBF8\uAE30\uB85D \u2014 vhk secure scan \uC73C\uB85C \uD655\uC778)`
+    };
+  } catch (e) {
+    return {
+      id: "secure",
+      label: "secure scan",
+      status: "fail",
+      exitCode: 1,
+      skipped: false,
+      detail: `\uC2A4\uCE94 \uC2E4\uD589 \uC2E4\uD328: ${e instanceof Error ? e.message : String(e)}`
+    };
+  }
+}
+function aggregateStatus(gates) {
+  if (gates.some((g) => g.status === "fail")) return "FAIL";
+  if (gates.some((g) => g.status === "skip")) return "WARN";
+  return "PASS";
+}
+function buildNextActions(gates) {
+  const actions = [];
+  for (const g of gates) {
+    if (g.status === "fail") {
+      if (g.id === "secure") actions.push("\uC2DC\uD06C\uB9BF \uC81C\uAC70 \uD6C4 \uC7AC\uAC80\uC99D \u2014 vhk secure scan \uC73C\uB85C \uC704\uCE58 \uD655\uC778");
+      else actions.push(`${g.label} \uC2E4\uD328(\uC885\uB8CC\uCF54\uB4DC ${g.exitCode}) \u2014 \uB85C\uADF8 \uD655\uC778 \uD6C4 \uC218\uC815`);
+    } else if (g.status === "skip") {
+      actions.push(`${g.label} \uAC8C\uC774\uD2B8 \uC5C6\uC74C \u2014 package.json scripts \uC5D0 \uCD94\uAC00\uD558\uBA74 \uAC80\uC99D \uCEE4\uBC84\uB9AC\uC9C0 \u2191`);
+    }
+  }
+  if (actions.length === 0) actions.push("\uAC80\uC99D \uD1B5\uACFC \u2014 vhk save \uB85C \uC800\uC7A5\uD558\uC138\uC694.");
+  return actions;
+}
+function buildReport(gates, generatedAt, date) {
+  const summary = {
+    total: gates.length,
+    pass: gates.filter((g) => g.status === "pass").length,
+    fail: gates.filter((g) => g.status === "fail").length,
+    skip: gates.filter((g) => g.status === "skip").length
+  };
+  return {
+    schemaVersion: REPORT_SCHEMA_VERSION,
+    generatedAt,
+    date,
+    status: aggregateStatus(gates),
+    summary,
+    gates,
+    nextActions: buildNextActions(gates)
+  };
+}
+function verifyEvidence(cwd = process.cwd()) {
+  const gates = runGates(cwd);
+  const report = buildReport(gates, (/* @__PURE__ */ new Date()).toISOString(), localDate());
+  const dir = join10(cwd, REPORT_DIR_REL);
+  mkdirSync11(dir, { recursive: true });
+  const path14 = join10(cwd, REPORT_PATH_REL);
+  writeFileSync11(path14, JSON.stringify(report, null, 2) + "\n", "utf-8");
+  try {
+    ensureVhkIgnored(cwd, "reports/");
+  } catch {
+  }
+  return { report, path: REPORT_PATH_REL };
+}
+var STATUS_BADGE = {
+  PASS: chalk30.green.bold("PASS"),
+  WARN: chalk30.yellow.bold("WARN"),
+  FAIL: chalk30.red.bold("FAIL")
+};
+async function renderVerifyReport(cwd, opts) {
+  const jsonPath = join10(cwd, REPORT_PATH_REL);
+  let report;
+  if (existsSync16(jsonPath)) {
+    try {
+      report = readJsonFile(jsonPath);
+    } catch {
+      console.log(chalk30.yellow("  \u26A0\uFE0F  \uAE30\uC874 latest.json \uC190\uC0C1 \u2014 verify \uC7AC\uC2E4\uD589\uC73C\uB85C \uC99D\uAC70\uB97C \uB2E4\uC2DC \uB9CC\uB4ED\uB2C8\uB2E4."));
+      report = verifyEvidence(cwd).report;
+    }
+  } else {
+    console.log(chalk30.dim("  latest.json \uC5C6\uC74C \u2014 verify 1\uD68C \uC120\uC2E4\uD589\uC73C\uB85C \uC99D\uAC70\uB97C \uB9CC\uB4ED\uB2C8\uB2E4."));
+    report = verifyEvidence(cwd).report;
+  }
+  const html = renderReportHtml(report);
+  const htmlPath = join10(cwd, REPORT_HTML_PATH_REL);
+  try {
+    mkdirSync11(join10(cwd, REPORT_DIR_REL), { recursive: true });
+    writeFileSync11(htmlPath, html, "utf-8");
+  } catch (e) {
+    console.error(
+      chalk30.red(`  \u274C \uB9AC\uD3EC\uD2B8 HTML \uC744 \uC4F8 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4 (${REPORT_HTML_PATH_REL}): ${e instanceof Error ? e.message : String(e)}`)
+    );
+    console.error(chalk30.dim("     \uD574\uB2F9 \uACBD\uB85C\uC758 \uC4F0\uAE30 \uAD8C\uD55C\uC744 \uD655\uC778\uD558\uC138\uC694."));
+    process.exitCode = 1;
+    return;
+  }
+  console.log(chalk30.bold("\n\u{1F50E} \uAC80\uC99D \uB9AC\uD3EC\uD2B8 (verify --report)"));
+  console.log(`  \uACB0\uACFC: ${STATUS_BADGE[report.status]}`);
+  console.log(chalk30.dim(`  \u{1F4C4} HTML: ${REPORT_HTML_PATH_REL}`));
+  process.exitCode = report.status === "FAIL" ? 1 : 0;
+  if (opts.open) {
+    if (isInteractive()) openReportInBrowser(htmlPath);
+    else console.log(chalk30.dim("  (\uBE44\uB300\uD654\uD615/CI/MCP \u2014 --open \uC790\uB3D9 \uC2A4\uD0B5)"));
+    return;
+  }
+  printNextStep({
+    message: "\uB9AC\uD3EC\uD2B8 \uC0DD\uC131 \uC644\uB8CC. \uBE0C\uB77C\uC6B0\uC800\uB85C \uC5F4\uB824\uBA74:",
+    command: "vhk verify --report --open",
+    cursorHint: "\uB9AC\uD3EC\uD2B8 \uC5F4\uC5B4\uC918"
+  });
+}
+function openReportInBrowser(filePath) {
+  let result;
+  if (process.platform === "darwin") {
+    result = safeExecFile("open", [filePath]);
+  } else if (process.platform === "win32") {
+    result = safeExecFile("rundll32.exe", ["url.dll,FileProtocolHandler", filePath]);
+  } else {
+    result = safeExecFile("xdg-open", [filePath]);
+  }
+  if (result.ok) console.log(chalk30.green("  \u2705 \uBE0C\uB77C\uC6B0\uC800\uC5D0\uC11C \uC5F4\uC5C8\uC2B5\uB2C8\uB2E4."));
+  else console.log(chalk30.yellow("  \u26A0\uFE0F  \uBE0C\uB77C\uC6B0\uC800\uB97C \uC5F4 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uC704 \uD30C\uC77C\uC744 \uC9C1\uC811 \uC5EC\uC138\uC694."));
+}
+async function verify(opts = {}) {
+  if (!ensureNotHardStopped("verify")) return;
+  const cwd = process.cwd();
+  if (opts.report) {
+    await renderVerifyReport(cwd, opts);
+    return;
+  }
+  const { report, path: path14 } = verifyEvidence(cwd);
+  if (opts.json) {
+    console.log(JSON.stringify(report, null, 2));
+    process.exitCode = report.status === "FAIL" ? 1 : 0;
+    return;
+  }
+  console.log(chalk30.bold("\n\u{1F50E} \uAC80\uC99D \uBB36\uC74C (verify)"));
   console.log(chalk30.gray("\u2500".repeat(40)));
   const mode2 = readConfig().safetyMode;
   console.log(chalk30.dim(`  \uD604\uC7AC Safety Mode: ${mode2} \u2014 ${SAFETY_MODE_DESC[mode2]}`));
-  console.log(chalk30.cyan("\n  \uC704\uD5D8 \uC791\uC5C5/\uC800\uC7A5 \uC804 \uAD8C\uC7A5 \uAC80\uC99D:"));
-  for (const item of verificationChecklist()) {
-    console.log(`   \u2610 ${item}`);
+  const icon = (s2) => s2 === "pass" ? chalk30.green("\u2713") : s2 === "fail" ? chalk30.red("\u2717") : chalk30.yellow("\u2298");
+  for (const g of report.gates) {
+    const tail = g.detail ? chalk30.dim(` \u2014 ${g.detail}`) : "";
+    console.log(`   ${icon(g.status)} ${g.label}${tail}`);
+  }
+  const s = report.summary;
+  console.log(
+    `
+  \uACB0\uACFC: ${STATUS_BADGE[report.status]}  ` + chalk30.dim(`(pass ${s.pass} / fail ${s.fail} / skip ${s.skip}, \uCD1D ${s.total})`)
+  );
+  console.log(chalk30.dim(`  \u{1F4C4} \uC99D\uAC70: ${path14}`));
+  process.exitCode = report.status === "FAIL" ? 1 : 0;
+  if (report.status === "FAIL") {
+    printNextStep({
+      message: "\uAC80\uC99D \uC2E4\uD328 \u2014 \uC544\uB798\uB97C \uBA3C\uC800 \uACE0\uCE58\uC138\uC694:",
+      command: "vhk verify",
+      cursorHint: "\uAC80\uC99D \uB2E4\uC2DC \uB3CC\uB824\uC918",
+      alternative: report.nextActions[0]
+    });
+  } else {
+    printNextStep({
+      message: report.status === "WARN" ? "\uAC80\uC99D \uD1B5\uACFC(\uC77C\uBD80 \uAC8C\uC774\uD2B8 skip). \uC800\uC7A5\uD558\uB824\uBA74:" : "\uAC80\uC99D \uD1B5\uACFC! \uC800\uC7A5\uD558\uB824\uBA74:",
+      command: "vhk save",
+      cursorHint: "\uC800\uC7A5\uD574\uC918"
+    });
   }
-  console.log(chalk30.dim("\n  \u203B \uBA54\uD0C0\uB7EC\uB108(\uC790\uB3D9 \uC2E4\uD589) \uC790\uB9AC \u2014 \uD604\uC7AC\uB294 \uBB36\uC74C \uC548\uB0B4\uB9CC(lite)."));
-  printNextStep({
-    message: "\uAC80\uC99D \uD1B5\uACFC \uD6C4 \uC800\uC7A5\uD558\uC138\uC694:",
-    command: "vhk save",
-    cursorHint: "\uC800\uC7A5\uD574\uC918"
-  });
 }
 
 // src/lib/risk-policy.ts
@@ -5861,8 +6207,8 @@ program.command("context").alias("\uB9E5\uB77D").option("--compact", "\uD1A0\uD0
 program.command("mode [target]").alias("\uBAA8\uB4DC").description("Safety Mode \uC870\uD68C/\uBCC0\uACBD (lite|standard|strict) \u2014 \uC704\uD5D8 \uC791\uC5C5 \uAC00\uB4DC \uAC15\uB3C4").action(async (target) => {
   await mode(target);
 });
-program.command("verify").alias("\uC0AC\uC804\uC810\uAC80").description("\uC800\uC7A5/\uC704\uD5D8 \uC791\uC5C5 \uC804 \uAC80\uC99D \uBB36\uC74C \uC548\uB0B4 (lite)").action(async () => {
-  await verify();
+program.command("verify").alias("\uC0AC\uC804\uC810\uAC80").option("--json", "\uB9AC\uD3EC\uD2B8 JSON \uC744 stdout \uC73C\uB85C \uCD9C\uB825 (CI\uC6A9 \u2014 \uACBD\uB85C \uB300\uC2E0)").option("--report", "latest.json \uC744 \uC0AC\uB78C\uC6A9 \uC815\uC801 HTML(.vhk/reports/latest.html) \uB85C \uB80C\uB354 (\uC678\uBD80 \uC758\uC874 0)").option("--open", "\uB9AC\uD3EC\uD2B8 \uC0DD\uC131 \uD6C4 \uAE30\uBCF8 \uBE0C\uB77C\uC6B0\uC800\uB85C \uC5F4\uAE30 (\uBE44\uB300\uD654\uD615/CI/MCP \uC790\uB3D9 \uC2A4\uD0B5)").description("\uAC80\uC99D \uAC8C\uC774\uD2B8(tsc/test/build/secure) \uC2E4\uC81C \uC2E4\uD589 + \uC99D\uAC70 \uAE30\uB85D (.vhk/reports/latest.json)").action(async (opts) => {
+  await verify(opts);
 });
 program.command("context-show").alias("\uB9E5\uB77D\uBCF4\uAE30").description("\uD604\uC7AC \uCEE8\uD14D\uC2A4\uD2B8 \uD30C\uC77C \uB0B4\uC6A9 \uCD9C\uB825").action(async () => {
   await contextShow();

package/dist/mcp/index.js

@@ -2,7 +2,7 @@
 import {
   resolveVhkCliInvocation,
   startMcpServer
-} from "../chunk-HLUFOT2T.js";
+} from "../chunk-GXFZ7JXX.js";
 
 // src/mcp/index.ts
 var cli = resolveVhkCliInvocation();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@byh3071/vhk",
-  "version": "1.6.6",
+  "version": "1.7.1",
   "description": "Vibe Harness Kit — AI 코딩 도구·기기를 바꿔도 규칙·맥락이 따라가는 포터빌리티 CLI (sync: Cursor·Claude·Windsurf·Copilot·Antigravity / cloud 백업)",
   "bin": {
     "vhk": "dist/index.js",