laxy-verify 1.1.16 → 1.1.18

package/README.md

@@ -5,17 +5,17 @@ CLI verification for frontend apps.
 `laxy-verify` runs production build checks, Lighthouse, tiered verify E2E, and plan-gated verification features for Free, Pro, and Pro+ accounts.
 It is designed around three user questions:
 
-- Free: "Is this likely to break right now?"
-- Pro: "Is this strong enough to send to a client?"
-- Pro+: "Can I call this release-ready with confidence?"
+- Free: "Will it break in production?"
+- Pro: "Would a client accept this?"
+- Pro+: "Can I ship this today?"
 
 ```bash
 npx laxy-verify --init --run
-npx laxy-verify .
-npx laxy-verify . --plan-override pro
-npx laxy-verify login
-npx laxy-verify whoami
-npx laxy-verify --help
+npx laxy-verify .
+npx laxy-verify . --plan-override pro
+npx laxy-verify login
+npx laxy-verify whoami
+npx laxy-verify --help
 ```
 
 ## Quick Start
@@ -43,9 +43,9 @@ Commit the generated workflow. Each PR gets a verification run, grade output, an
 
 | Plan | Question it answers |
 |------|---------------------|
-| Free | Is this likely to break right now? |
-| Pro | Is this strong enough to send to a client? |
-| Pro+ | Can I call this release-ready with confidence? |
+| Free | Will it break in production? |
+| Pro | Would a client accept this? |
+| Pro+ | Can I ship this today? |
 
 ## Grades
 
@@ -66,16 +66,16 @@ npx laxy-verify whoami
 npx laxy-verify logout
 ```
 
-| Feature | Free | Pro | Pro+ |
-|---------|------|-----|------|
-| Build verification | Yes | Yes | Yes |
-| Lighthouse | 1 run | 3 runs | 3 runs |
-| Verify E2E | Smoke | Deeper client-send checks | Deeper client-send checks |
-| Detailed report view | No | Yes | Yes |
-| `laxy-verify-report.md` export | No | Yes | Yes |
-| Multi-viewport verification | No | No | Yes |
-| Visual diff | No | No | Yes |
-| Failure analysis signals | No | No | Yes |
+| Feature | Free | Pro | Pro+ |
+|---------|------|-----|------|
+| Build verification | Yes | Yes | Yes |
+| Lighthouse | 1 run | 3 runs | 3 runs |
+| Verify E2E | Smoke | Deeper client-send checks | Deeper client-send checks |
+| Detailed report view | No | Yes | Yes |
+| `laxy-verify-report.md` export | No | Yes | Yes |
+| Multi-viewport verification | No | No | Yes |
+| Visual diff | No | No | Yes |
+| Failure analysis signals | No | No | Yes |
 
 Pro is for delivery verification.
 Pro+ is for release-confidence verification with extra evidence before you say "ship it."
@@ -119,42 +119,42 @@ Options:
   --format console|json
   --ci
   --config <path>
-  --fail-on unverified|bronze|silver|gold
-  --skip-lighthouse
-  --plan-override free|pro|pro_plus
-  --badge
-  --init
-  --multi-viewport
-  --help
-
-Subcommands:
-  login [email]
-  logout
-  whoami
-```
-
-`--plan-override` is for downgrade testing only.
-Example: if your account is Pro+, you can run `--plan-override pro` or `--plan-override free` to verify the lower-tier behavior without changing your subscription.
-It will reject upgrades above your real entitlement.
-
-## Result Files
-
-Each run writes `.laxy-result.json`.
-
-Paid plans also write a readable markdown summary to `laxy-verify-report.md`.
-
-- `Pro`: blocker-focused delivery report
-- `Pro+`: release-readiness report with viewport and visual evidence
-
-Exit behavior follows the verification verdict, not just the legacy grade.
-
-- `build-failed` -> exit 1
-- `hold` -> exit 1
-- `Pro+ investigate` -> exit 1
-- plain lower-tier pass states can still exit 0
-
-```json
-{
+  --fail-on unverified|bronze|silver|gold
+  --skip-lighthouse
+  --plan-override free|pro|pro_plus
+  --badge
+  --init
+  --multi-viewport
+  --help
+
+Subcommands:
+  login [email]
+  logout
+  whoami
+```
+
+`--plan-override` is for downgrade testing only.
+Example: if your account is Pro+, you can run `--plan-override pro` or `--plan-override free` to verify the lower-tier behavior without changing your subscription.
+It will reject upgrades above your real entitlement.
+
+## Result Files
+
+Each run writes `.laxy-result.json`.
+
+Paid plans also write a readable markdown summary to `laxy-verify-report.md`.
+
+- `Pro`: blocker-focused delivery report
+- `Pro+`: release-readiness report with viewport and visual evidence
+
+Exit behavior follows the verification verdict, not just the legacy grade.
+
+- `build-failed` -> exit 1
+- `hold` -> exit 1
+- `Pro+ investigate` -> exit 1
+- plain lower-tier pass states can still exit 0
+
+```json
+{
   "grade": "Gold",
   "timestamp": "2026-04-09T09:00:00Z",
   "build": { "success": true, "durationMs": 12000, "errors": [] },
@@ -174,26 +174,26 @@ Exit behavior follows the verification verdict, not just the legacy grade.
   },
   "exitCode": 0,
   "_plan": "pro_plus"
-}
-```
-
-### `laxy-verify-report.md`
-
-For Pro and Pro+ runs, the markdown report is designed to be easy to read and easy to paste into an AI coding tool.
-
-It includes:
-
-- the main decision in plain English
-- what passed
-- blockers and warnings
-- exact verification evidence
-- failed E2E scenarios
-- a `Copy For AI` section you can paste directly into Codex, Cursor, Claude, or ChatGPT
-
-## Regression Fixtures
-
-The repo also includes dedicated regression fixtures under `.qa-regression-fixtures/`.
-They intentionally break build, navigation, coverage, performance, viewport behavior, and visual stability so the verifier can be tested against known failure modes.
+}
+```
+
+### `laxy-verify-report.md`
+
+For Pro and Pro+ runs, the markdown report is designed to be easy to read and easy to paste into an AI coding tool.
+
+It includes:
+
+- the main decision in plain English
+- what passed
+- blockers and warnings
+- exact verification evidence
+- failed E2E scenarios
+- a `Copy For AI` section you can paste directly into Codex, Cursor, Claude, or ChatGPT
+
+## Regression Fixtures
+
+The repo also includes dedicated regression fixtures under `.qa-regression-fixtures/`.
+They intentionally break build, navigation, coverage, performance, viewport behavior, and visual stability so the verifier can be tested against known failure modes.
 
 ## Limitations
 

package/dist/cli.js

@@ -53,8 +53,10 @@ const auth_js_1 = require("./auth.js");
 const entitlement_js_1 = require("./entitlement.js");
 const multi_viewport_js_1 = require("./multi-viewport.js");
 const e2e_js_1 = require("./e2e.js");
+const playwright_runner_js_1 = require("./playwright-runner.js");
 const report_markdown_js_1 = require("./report-markdown.js");
 const visual_diff_js_1 = require("./visual-diff.js");
+const security_audit_js_1 = require("./security-audit.js");
 const index_js_1 = require("./verification-core/index.js");
 const package_json_1 = __importDefault(require("../package.json"));
 function shouldFailVerificationResult(report, failOn) {
@@ -126,6 +128,7 @@ function parseArgs() {
         initRun: flags.init !== undefined && flags.run !== undefined,
         multiViewport: flags["multi-viewport"] !== undefined,
         failureAnalysis: flags["failure-analysis"] !== undefined,
+        crawl: flags.crawl !== undefined,
         planOverride: flags["plan-override"],
         help: flags.help !== undefined || flags.h !== undefined,
     };
@@ -188,28 +191,73 @@ function consoleOutput(result) {
     if (result.e2e) {
         console.log(`  E2E: ${result.e2e.passed}/${result.e2e.total} passed`);
     }
+    if (result.crossBrowser && result.crossBrowser.length > 0) {
+        console.log("  Cross-browser:");
+        for (const cbr of result.crossBrowser) {
+            const status = cbr.failed === 0 ? "OK" : "FAIL";
+            console.log(`    ${cbr.browser}: ${cbr.passed}/${cbr.results.length} passed ${status}`);
+        }
+    }
     if (result.visualDiff) {
         console.log(`  Visual diff: ${result.visualDiff.diffPercentage}% (${result.visualDiff.verdict})`);
     }
+    if (result.security) {
+        console.log(`  Security: ${result.security.summary}`);
+    }
+    if (result.mobileLighthouse) {
+        const ml = result.mobileLighthouse;
+        console.log(`  Mobile LH: P=${ml.performance} A=${ml.accessibility} SEO=${ml.seo} BP=${ml.bestPractices}`);
+    }
     if (result.verification) {
         const view = result.verification.view;
+        const isPro = view.tier === "pro" || view.tier === "pro_plus";
+        const isProPlus = view.tier === "pro_plus";
+        // verbose_failure: Pro에서 서버가 활성화하면 blockers 전체 설명 표시
+        // failure_analysis: Pro+에서 서버가 활성화하면 warnings 전체 설명 + evidence 전체 표시
+        const verboseFailure = isPro && (result._verbose_failure ?? isPro);
+        const failureAnalysis = isProPlus && (result._failure_analysis ?? isProPlus);
         console.log(`  Verification tier: ${view.tier}`);
         console.log(`  Question: ${view.question}`);
         console.log(`  Verdict: ${view.verdict} (${view.confidence})`);
         console.log(`  Summary: ${view.summary}`);
+        // Pro/Pro+: 체크 통과 목록 요약
+        if (isPro && view.passes.length > 0) {
+            const passedChecks = view.passes.filter((p) => p.passed).map((p) => p.label);
+            const failedChecks = view.passes.filter((p) => !p.passed).map((p) => p.label);
+            if (passedChecks.length > 0)
+                console.log(`  Passed: ${passedChecks.join(", ")}`);
+            if (failedChecks.length > 0)
+                console.log(`  Failed: ${failedChecks.join(", ")}`);
+        }
+        // Blockers: 제목은 모든 티어, Fix 액션은 verbose_failure(Pro+) 이상에서 표시
         if (view.blockers.length > 0) {
             console.log("  Blockers:");
-            for (const blocker of view.blockers)
+            for (const blocker of view.blockers) {
                 console.log(`    - ${blocker.title}`);
+                if (verboseFailure)
+                    console.log(`      Fix: ${blocker.action}`);
+            }
+        }
+        // Warnings: Pro/Pro+에서만 표시, Review 액션은 failure_analysis(Pro+)에서 표시
+        if (isPro && view.warnings.length > 0) {
+            console.log("  Warnings:");
+            for (const warning of view.warnings) {
+                console.log(`    - ${warning.title}`);
+                if (failureAnalysis)
+                    console.log(`      Review: ${warning.action}`);
+            }
         }
         if (view.nextActions.length > 0) {
             console.log("  Next actions:");
             for (const action of view.nextActions)
                 console.log(`    - ${action}`);
         }
-        if (view.failureEvidence.length > 0) {
+        // Evidence: failure_analysis(Pro+)는 전체, verbose_failure(Pro)는 3개, Free는 2개
+        const evidenceLimit = failureAnalysis ? view.failureEvidence.length : verboseFailure ? 3 : 2;
+        const evidenceToShow = view.failureEvidence.slice(0, evidenceLimit);
+        if (evidenceToShow.length > 0) {
             console.log("  Evidence:");
-            for (const item of view.failureEvidence)
+            for (const item of evidenceToShow)
                 console.log(`    - ${item}`);
         }
     }
@@ -251,10 +299,11 @@ async function run() {
     --format          console | json  (default: console)
     --ci              CI mode: -10 Performance threshold, runs=3
     --config <path>   Path to .laxy.yml
-    --fail-on         unverified | bronze | silver | gold
-    --skip-lighthouse Skip Lighthouse but still run build and E2E
-    --plan-override   free | pro | pro_plus (downgrade testing only)
-    --multi-viewport  Pro+: Lighthouse on desktop/tablet/mobile
+    --fail-on         unverified | bronze | silver | gold
+    --skip-lighthouse Skip Lighthouse but still run build and E2E
+    --plan-override   free | pro | pro_plus (downgrade testing only)
+    --multi-viewport  Pro+: Lighthouse on desktop/tablet/mobile
+    --crawl           Crawl the app to discover routes before E2E
     --badge           Print shields.io badge markdown
     --help            Show this help
 
@@ -403,8 +452,14 @@ async function run() {
     let multiViewportScores = null;
     let allViewportsOk = false;
     let e2eResult;
+    let crossBrowserResults;
     let e2eCoverageGaps = [];
+    let e2eConsoleErrors = [];
+    let e2eStabilityPassed = true;
     let visualDiffResult = null;
+    let securityAuditResult = null;
+    let mobileLighthouseScores = null;
+    const failureEvidence = [];
     if (buildResult.success) {
         let servePid;
         try {
@@ -439,13 +494,57 @@ async function run() {
                     multiViewportScores = await (0, multi_viewport_js_1.runMultiViewportLighthouse)(port);
                     (0, multi_viewport_js_1.printMultiViewportResults)(multiViewportScores, adjustedThresholds);
                     allViewportsOk = (0, multi_viewport_js_1.allViewportsPass)(multiViewportScores, adjustedThresholds);
+                    // Surface screenshot diff issues in failure evidence
+                    if (multiViewportScores.screenshotDiffs) {
+                        for (const diff of multiViewportScores.screenshotDiffs) {
+                            if (!diff.baselineCreated && diff.diffPercent > 10) {
+                                failureEvidence.push(`Viewport screenshot: ${diff.viewport} diff ${diff.diffPercent}% exceeds 10% threshold`);
+                            }
+                        }
+                    }
                 }
                 catch (mvErr) {
                     console.error(`Multi-viewport error: ${mvErr instanceof Error ? mvErr.message : String(mvErr)}`);
                 }
             }
+            // Pro: single mobile Lighthouse check (if not using full multi-viewport)
+            if (!args.skipLighthouse &&
+                verificationTier === "pro" &&
+                !effectiveFeatures.multi_viewport) {
+                try {
+                    mobileLighthouseScores = await (0, multi_viewport_js_1.runMobileLighthouse)(port);
+                    if (mobileLighthouseScores) {
+                        const mobilePassed = mobileLighthouseScores.performance >= adjustedThresholds.performance &&
+                            mobileLighthouseScores.accessibility >= adjustedThresholds.accessibility;
+                        if (!mobilePassed) {
+                            failureEvidence.push(`Mobile LH: P=${mobileLighthouseScores.performance} A=${mobileLighthouseScores.accessibility}`);
+                        }
+                    }
+                }
+                catch (mobileLhErr) {
+                    console.error(`Mobile Lighthouse error: ${mobileLhErr instanceof Error ? mobileLhErr.message : String(mobileLhErr)}`);
+                }
+            }
+            // Pro/Pro+: security audit
+            if (verificationTier !== "free") {
+                try {
+                    securityAuditResult = await (0, security_audit_js_1.runSecurityAudit)(args.projectDir);
+                    if (securityAuditResult.critical > 0 || securityAuditResult.high > 0) {
+                        failureEvidence.push(`Security: ${securityAuditResult.summary}`);
+                    }
+                }
+                catch (secErr) {
+                    console.error(`Security audit error: ${secErr instanceof Error ? secErr.message : String(secErr)}`);
+                }
+            }
+            const crawlEnabled = args.crawl || config.crawl;
+            const crawlOpts = crawlEnabled
+                ? { enabled: true, maxDepth: config.max_crawl_depth, maxPages: config.max_crawl_pages }
+                : undefined;
+            let lastE2EScenarios;
             try {
-                const e2eRuns = await (0, e2e_js_1.runVerifyE2E)(verifyUrl, verificationTier);
+                const e2eRuns = await (0, e2e_js_1.runVerifyE2E)(verifyUrl, verificationTier, config.scenarios, crawlOpts);
+                lastE2EScenarios = e2eRuns.scenarios;
                 e2eResult = {
                     passed: e2eRuns.passed,
                     failed: e2eRuns.failed,
@@ -453,13 +552,57 @@ async function run() {
                     results: e2eRuns.results,
                 };
                 e2eCoverageGaps = e2eRuns.coverageGaps;
+                e2eConsoleErrors = e2eRuns.consoleErrors;
+                // Pro+ stability: run E2E a second time if first run passed all
+                if (verificationTier === "pro_plus" && e2eRuns.passed === e2eRuns.results.length && e2eRuns.results.length > 0) {
+                    console.log("  [Pro+] Running stability pass (run 2/2)...");
+                    const e2eRuns2 = await (0, e2e_js_1.runVerifyE2E)(verifyUrl, verificationTier, config.scenarios, crawlOpts);
+                    if (e2eRuns2.passed < e2eRuns2.results.length) {
+                        e2eStabilityPassed = false;
+                        e2eCoverageGaps.push("Stability check failed on second run");
+                        const failedNames = e2eRuns2.results
+                            .filter((r) => !r.passed)
+                            .map((r) => r.name)
+                            .join(", ");
+                        failureEvidence.push(`E2E stability: second run failed (${failedNames})`);
+                    }
+                    else {
+                        console.log("  [Pro+] Stability pass: OK (2/2 runs passed)");
+                    }
+                }
                 if (e2eRuns.coverageGaps.length > 0) {
                     console.error(`E2E coverage warning: ${e2eRuns.coverageGaps.join(" ")}`);
                 }
+                if (e2eRuns.consoleErrors.length > 0) {
+                    console.error(`E2E console errors: ${e2eRuns.consoleErrors.length} detected`);
+                }
             }
             catch (e2eErr) {
                 console.error(`E2E error: ${e2eErr instanceof Error ? e2eErr.message : String(e2eErr)}`);
             }
+            // Cross-browser E2E via Playwright (if non-chromium browsers configured)
+            const extraBrowsers = (config.browsers || []).filter((b) => b !== "chromium" && ["firefox", "webkit"].includes(b));
+            if (extraBrowsers.length > 0 && lastE2EScenarios && lastE2EScenarios.length > 0) {
+                const pwAvailable = await (0, playwright_runner_js_1.isPlaywrightAvailable)();
+                if (pwAvailable) {
+                    try {
+                        crossBrowserResults = await (0, playwright_runner_js_1.runPlaywrightE2E)(verifyUrl, lastE2EScenarios, extraBrowsers);
+                        for (const cbr of crossBrowserResults) {
+                            console.log(`  Cross-browser ${cbr.browser}: ${cbr.passed}/${cbr.results.length} passed`);
+                            if (cbr.failed > 0) {
+                                const failedNames = cbr.results.filter(r => !r.passed).map(r => r.name).join(", ");
+                                failureEvidence.push(`Cross-browser ${cbr.browser}: ${failedNames} failed`);
+                            }
+                        }
+                    }
+                    catch (cbErr) {
+                        console.error(`Cross-browser error: ${cbErr instanceof Error ? cbErr.message : String(cbErr)}`);
+                    }
+                }
+                else {
+                    console.log("  Note: Cross-browser testing requires playwright. Run: npm install -D playwright && npx playwright install");
+                }
+            }
             if (verificationTier === "pro_plus") {
                 try {
                     visualDiffResult = await (0, visual_diff_js_1.runVisualDiff)(args.projectDir, verifyUrl, "verify");
@@ -480,31 +623,26 @@ async function run() {
     }
     const verificationTier = (0, index_js_1.planToVerificationTier)(effectiveFeatures.plan);
     const viewportSummary = summarizeViewportIssues(multiViewportScores, adjustedThresholds);
-    const failureEvidence = [
-        ...buildResult.errors.slice(0, 3).map((error) => `Build: ${error}`),
-        ...(lighthouseErrorCount > 0 ? [`Lighthouse: ${lighthouseErrorCount} run error(s) were recorded during collection.`] : []),
-        ...(e2eResult
-            ? e2eResult.results
-                .filter((scenario) => !scenario.passed)
-                .slice(0, 2)
-                .map((scenario) => `E2E: ${scenario.name}${scenario.error ? ` - ${scenario.error}` : ""}`)
-            : []),
-        ...e2eCoverageGaps.slice(0, 2).map((gap) => `E2E coverage: ${gap}`),
-        ...(viewportSummary.count > 0 && viewportSummary.summary ? [`Viewport: ${viewportSummary.summary}`] : []),
-        ...(visualDiffResult
-            ? [
-                visualDiffResult.hasBaseline
-                    ? `Visual diff: ${visualDiffResult.diffPercentage}% (${visualDiffResult.verdict})`
-                    : "Visual diff: baseline seeded",
-            ]
-            : []),
-    ];
+    failureEvidence.push(...buildResult.errors.slice(0, 3).map((error) => `Build: ${error}`), ...(lighthouseErrorCount > 0 ? [`Lighthouse: ${lighthouseErrorCount} run error(s) were recorded during collection.`] : []), ...(e2eResult
+        ? e2eResult.results
+            .filter((scenario) => !scenario.passed)
+            .slice(0, 2)
+            .map((scenario) => `E2E: ${scenario.name}${scenario.error ? ` - ${scenario.error}` : ""}`)
+        : []), ...e2eConsoleErrors.slice(0, 2).map((e) => `Console: ${e}`), ...e2eCoverageGaps.slice(0, 2).map((gap) => `E2E coverage: ${gap}`), ...(viewportSummary.count > 0 && viewportSummary.summary ? [`Viewport: ${viewportSummary.summary}`] : []), ...(visualDiffResult
+        ? [
+            visualDiffResult.hasBaseline
+                ? `Visual diff: ${visualDiffResult.diffPercentage}% (${visualDiffResult.verdict})`
+                : "Visual diff: baseline seeded",
+        ]
+        : []));
     const verificationReport = (0, index_js_1.buildVerificationReport)({
         buildSuccess: buildResult.success,
         buildErrors: buildResult.errors,
         e2ePassed: e2eResult?.passed,
         e2eTotal: e2eResult?.total,
         e2eCoverageGaps,
+        e2eConsoleErrorCount: e2eConsoleErrors.length,
+        e2eStabilityPassed,
         lighthouseSkipped: args.skipLighthouse,
         lighthouseErrorCount,
         viewportIssues: multiViewportScores ? viewportSummary.count : undefined,
@@ -514,6 +652,15 @@ async function run() {
         visualDiffPercentage: visualDiffResult?.diffPercentage,
         hasVisualBaseline: visualDiffResult?.hasBaseline,
         lighthouseScores: scores,
+        mobileLighthouseScores: mobileLighthouseScores ?? undefined,
+        securityAudit: securityAuditResult
+            ? {
+                totalVulnerabilities: securityAuditResult.totalVulnerabilities,
+                critical: securityAuditResult.critical,
+                high: securityAuditResult.high,
+                summary: securityAuditResult.summary,
+            }
+            : undefined,
         failureEvidence,
     }, {
         tier: verificationTier,
@@ -531,7 +678,10 @@ async function run() {
             errors: buildResult.errors,
         },
         e2e: e2eResult,
+        crossBrowser: crossBrowserResults,
         lighthouse: lighthouseResult,
+        mobileLighthouse: mobileLighthouseScores,
+        security: securityAuditResult,
         visualDiff: visualDiffResult,
         thresholds: adjustedThresholds,
         ciMode: config.ciMode,
@@ -539,6 +689,8 @@ async function run() {
         exitCode,
         config_fail_on: config.fail_on,
         _plan: effectiveFeatures.plan,
+        _verbose_failure: effectiveFeatures.verbose_failure,
+        _failure_analysis: effectiveFeatures.failure_analysis,
         verification: {
             tier: verificationTier,
             report: verificationReport,

package/dist/config.d.ts

@@ -5,6 +5,19 @@ export interface Thresholds {
     seo: number;
     bestPractices: number;
 }
+export interface UserScenarioStep {
+    goto?: string;
+    fill?: string;
+    with?: string;
+    click?: string;
+    expect_visible?: string;
+    expect_text?: string;
+    wait?: number;
+}
+export interface UserScenario {
+    name: string;
+    steps: UserScenarioStep[];
+}
 export interface LaxyConfig {
     framework: string;
     build_command: string;
@@ -16,6 +29,11 @@ export interface LaxyConfig {
     lighthouse_runs: number;
     thresholds: Thresholds;
     fail_on: FailOn;
+    scenarios?: UserScenario[];
+    crawl: boolean;
+    max_crawl_depth: number;
+    max_crawl_pages: number;
+    browsers: string[];
 }
 export declare class ConfigParseError extends Error {
     constructor(msg: string);

package/dist/config.js

@@ -54,6 +54,10 @@ const DEFAULT_CONFIG = {
         bestPractices: 80,
     },
     fail_on: "bronze",
+    crawl: false,
+    max_crawl_depth: 3,
+    max_crawl_pages: 10,
+    browsers: ["chromium"],
 };
 const VALID_FAIL_ON = ["unverified", "bronze", "silver", "gold"];
 class ConfigParseError extends Error {
@@ -86,6 +90,19 @@ function parseYaml(filePath) {
         result.dev_timeout = raw.dev_timeout;
     if (typeof raw.lighthouse_runs === "number")
         result.lighthouse_runs = raw.lighthouse_runs;
+    if (typeof raw.crawl === "boolean")
+        result.crawl = raw.crawl;
+    if (typeof raw.max_crawl_depth === "number")
+        result.max_crawl_depth = raw.max_crawl_depth;
+    if (typeof raw.max_crawl_pages === "number")
+        result.max_crawl_pages = raw.max_crawl_pages;
+    if (Array.isArray(raw.browsers)) {
+        const validBrowsers = ["chromium", "firefox", "webkit"];
+        const browsers = raw.browsers
+            .filter((b) => typeof b === "string" && validBrowsers.includes(b));
+        if (browsers.length > 0)
+            result.browsers = browsers;
+    }
     if (typeof raw.fail_on === "string") {
         const f = raw.fail_on;
         if (!VALID_FAIL_ON.includes(f)) {
@@ -108,6 +125,43 @@ function parseYaml(filePath) {
             thr.bestPractices = t.best_practices;
         result.thresholds = thr;
     }
+    if (Array.isArray(raw.scenarios)) {
+        const scenarios = [];
+        for (const item of raw.scenarios) {
+            if (typeof item === "object" &&
+                item !== null &&
+                typeof item.name === "string" &&
+                Array.isArray(item.steps)) {
+                const rawScenario = item;
+                const steps = [];
+                for (const rawStep of rawScenario.steps) {
+                    if (typeof rawStep === "object" && rawStep !== null) {
+                        const s = rawStep;
+                        const step = {};
+                        if (typeof s.goto === "string")
+                            step.goto = s.goto;
+                        if (typeof s.fill === "string")
+                            step.fill = s.fill;
+                        if (typeof s.with === "string")
+                            step.with = s.with;
+                        if (typeof s.click === "string")
+                            step.click = s.click;
+                        if (typeof s.expect_visible === "string")
+                            step.expect_visible = s.expect_visible;
+                        if (typeof s.expect_text === "string")
+                            step.expect_text = s.expect_text;
+                        if (typeof s.wait === "number")
+                            step.wait = s.wait;
+                        steps.push(step);
+                    }
+                }
+                scenarios.push({ name: String(rawScenario.name), steps });
+            }
+        }
+        if (scenarios.length > 0) {
+            result.scenarios = scenarios;
+        }
+    }
     return result;
 }
 function loadConfig(options) {
@@ -127,6 +181,11 @@ function loadConfig(options) {
         dev_timeout: base.dev_timeout ?? DEFAULT_CONFIG.dev_timeout,
         lighthouse_runs: base.lighthouse_runs ?? DEFAULT_CONFIG.lighthouse_runs,
         fail_on: base.fail_on ?? DEFAULT_CONFIG.fail_on,
+        scenarios: base.scenarios,
+        crawl: base.crawl ?? DEFAULT_CONFIG.crawl,
+        max_crawl_depth: base.max_crawl_depth ?? DEFAULT_CONFIG.max_crawl_depth,
+        max_crawl_pages: base.max_crawl_pages ?? DEFAULT_CONFIG.max_crawl_pages,
+        browsers: base.browsers ?? DEFAULT_CONFIG.browsers,
     };
     config.thresholds = { ...DEFAULT_CONFIG.thresholds, ...(base.thresholds ?? {}) };
     // CLI flag overrides

package/dist/crawler.d.ts

@@ -0,0 +1,35 @@
+import type { E2EScenario } from "./e2e.js";
+import type { VerificationTier } from "./verification-core/types.js";
+export interface CrawlPage {
+    url: string;
+    path: string;
+    title: string;
+    forms: CrawlForm[];
+    buttons: string[];
+    internalLinks: string[];
+    hasConsoleErrors: boolean;
+}
+export interface CrawlForm {
+    selector: string;
+    inputs: {
+        selector: string;
+        type: string;
+        placeholder?: string;
+    }[];
+    submitSelector?: string;
+}
+export interface CrawlResult {
+    pages: CrawlPage[];
+    totalLinks: number;
+    crawledCount: number;
+}
+export interface CrawlOptions {
+    maxDepth?: number;
+    maxPages?: number;
+    timeout?: number;
+}
+export declare function crawlApp(baseUrl: string, options?: CrawlOptions): Promise<CrawlResult>;
+/**
+ * Generate E2E scenarios from crawl results.
+ */
+export declare function buildScenariosFromCrawl(crawlResult: CrawlResult, tier: VerificationTier): E2EScenario[];