laxy-verify 1.1.33 → 1.2.1

package/README.md

@@ -1,304 +1,322 @@
-# laxy-verify
-
-`laxy-verify` is a deployment blocker gate for frontend apps.
-
-Every verification run includes the same build, Lighthouse, E2E, multi-viewport, security, visual diff, and stability coverage regardless of plan.
-
-## Quick start
-
-Run it on a frontend app:
-
-```bash
-cd your-project
-npx laxy-verify .
-```
-
-Generate config plus GitHub Actions workflow:
-
-```bash
-npx laxy-verify --init
-```
-
-That creates:
-
-- `.laxy.yml`
-- `.github/workflows/laxy-verify.yml`
-
-Optional: log in to connect the CLI to your Laxy account:
-
-```bash
-npx laxy-verify login
-npx laxy-verify whoami
-```
-
-For CI, set `LAXY_TOKEN` instead of interactive login:
-
-```yaml
-env:
-  LAXY_TOKEN: ${{ secrets.LAXY_TOKEN }}
-```
-
-## Why laxy-verify?
-
-Most teams already have some mix of:
-
-- `npm run build`
-- Lighthouse
-- Playwright or smoke checks
-- CI status rules
-
-The gap is not "can these tools exist together?" The gap is "who turns that pile of output into a safe merge or release decision?"
-
-`laxy-verify` gives you:
-
-- one command instead of a custom build plus audit plus smoke-check script stack
-- one result file instead of scattered logs
-- one blocker-first decision instead of "build passed, but do we actually trust this release?"
-- optional account-linked automation on top of the same verification run
-
-This is most useful if you ship frontend apps and want a practical gate before:
-
-- merge
-- client review
-- QA handoff
-- production release
-
-## The failures it is meant to catch
-
-Use `laxy-verify` when you want to catch things like:
-
-- the production build passes locally but fails in CI
-- the app opens, but a key button or form flow is broken
-- desktop looks fine, but a mobile CTA is pushed out of view
-- Lighthouse looks acceptable, but the user-visible path is still not safe to ship
-- a PR needs a clear hold reason instead of a vague "something failed"
-
-## What it actually checks
-
-A standard run includes:
-
-- production build success
-- Lighthouse thresholds (3 runs for stable evidence)
-- E2E scenarios for user-visible flows
-- multi-viewport checks (desktop, tablet, mobile)
-- blocker-aware reporting and release decisions
-
-Every run includes:
-
-- security audit
-- visual diff evidence
-- stability pass (second E2E run)
-
-## What you get from one run
-
-- a release decision such as `quick-pass`, `client-ready`, `release-ready`, `hold`, or `investigate`
-- a verification grade: `Gold`, `Silver`, `Bronze`, or `Unverified`
-- `.laxy-result.json` for CI and automation
-- `laxy-verify-report.md` for human review and AI handoff
-
-Grades still exist, but they are not the main point. The main point is whether the run found blockers you should stop on.
-
-## Quick start
-
-Run it on a frontend app:
-
-```bash
-cd your-project
-npx laxy-verify .
-```
-
-Generate config plus CI workflow:
-
-```bash
-npx laxy-verify --init
-```
-
-That creates:
-
-- `.laxy.yml`
-- `.github/workflows/laxy-verify.yml`
-
-Optional: log in to connect the CLI to your Laxy account:
-
-```bash
-npx laxy-verify login
-npx laxy-verify whoami
-```
-
-For CI, set `LAXY_TOKEN` instead of interactive login:
-
-```yaml
-env:
-  LAXY_TOKEN: ${{ secrets.LAXY_TOKEN }}
-```
-
-## Example workflow
-
-1. Run `npx laxy-verify .` locally before opening or merging a PR.
-2. Fix broken builds, broken flows, and visible regressions.
-3. Commit `.laxy.yml`.
-4. Run `npx laxy-verify --init`.
-5. Let the GitHub Action apply the same gate on every PR.
-
-## Example output
-
-```text
-Decision: client-ready
-Grade: Gold
-
-Passed:
-- production build
-- Lighthouse thresholds
-- core user flows
-- desktop, tablet, and mobile viewport checks
-
-Artifacts:
-- .laxy-result.json
-- laxy-verify-report.md
-```
-
-## The decision it helps you make
-
-`laxy-verify` answers a delivery decision, not just a score:
-
-- Would this break for real users right now?
-- What would block a client demo or QA handoff?
-- Is there enough evidence to merge or release with confidence?
-
-All verification checks already run without a paid plan gate.
-
-## Grades
-
-| Grade | Meaning |
-|---|---|
-| Gold | Build passed, E2E passed, Lighthouse passed, and release-level evidence passed |
-| Silver | Build passed and E2E passed |
-| Bronze | Build passed |
-| Unverified | Build failed |
-
-Default Lighthouse thresholds:
-
-- Performance `>= 70`
-- Accessibility `>= 85`
-- SEO `>= 80`
-- Best Practices `>= 80`
-
-## Config
-
-All fields in `.laxy.yml` are optional.
-
-```yaml
-framework: auto
-build_command: ""
-dev_command: ""
-package_manager: auto
-port: 3000
-build_timeout: 300
-dev_timeout: 60
-lighthouse_runs: 1
-fail_on: bronze
-
-thresholds:
-  performance: 70
-  accessibility: 85
-  seo: 80
-  best_practices: 80
-
-crawl: false
-max_crawl_depth: 3
-max_crawl_pages: 10
-browsers:
-  - chromium
-```
-
-Useful adjustments:
-
-- raise `fail_on` in CI when you want stricter gates
-- set `build_command` or `dev_command` if auto-detection is not enough
-- increase `lighthouse_runs` for more stable performance evidence
-- point the CLI at the actual app directory in a monorepo
-
-## CLI
-
-```text
-npx laxy-verify [project-dir]
-
-Options:
-  --format console|json
-  --ci
-  --config <path>
-  --fail-on unverified|bronze|silver|gold
-  --skip-lighthouse
-  --plan-override free|pro|team
-  --badge
-  --init
-  --multi-viewport
-  --help
-
-Subcommands:
-  login [email]
-  logout
-  whoami
-```
-
-`--plan-override` is only for plan-label and automation testing. Verification coverage stays the same on every plan.
-
-## Result files
-
-Every run writes `.laxy-result.json`.
-
-When the run finds something worth reviewing, it also writes `laxy-verify-report.md`.
-
-Typical use:
-
-- `.laxy-result.json` for CI parsing and machine decisions
-- `laxy-verify-report.md` for human review, PR discussion, or AI-assisted fixes
-
-The markdown report is designed to be readable and easy to paste into coding tools.
-
-It includes:
-
-- the main stop-or-ship decision in plain English
-- what passed
-- blockers and warnings
-- exact verification evidence
-- failed scenarios
-- a `Copy For AI` section
-
-## What this is good at
-
-Use `laxy-verify` when you want:
-
-- a merge or release gate for frontend apps
-- one repeatable command for build plus audit plus visible-flow verification
-- a decision that non-authors can understand
-- JSON output for automation without building your own wrapper
-
-## What this is not
-
-`laxy-verify` is not trying to replace:
-
-- your full Playwright suite
-- deep visual QA by designers
-- production observability
-- manual exploratory testing
-
-It is a pre-merge and pre-release verification layer, not your entire quality system.
-
-## Limitations
-
-- monorepos should target the real app subdirectory
-- dev-server-based Lighthouse is not identical to production hosting
-- visual diff and viewport checks increase runtime
-- best stability is on current LTS Node releases
-
-## Requirements
-
-- Node `>=20.18.0 <25`
-- a frontend app with a runnable build flow
-- optional: `playwright` if your project already uses it
-
-## Links
-
-- GitHub: https://github.com/SUNgm24/Laxy/tree/main/laxy-verify
-- Issues: https://github.com/SUNgm24/Laxy/issues
+# laxy-verify
+
+`laxy-verify` is a deployment blocker gate for frontend apps.
+
+Every verification run includes the same build, Lighthouse, E2E, multi-viewport, security, visual diff, and stability coverage regardless of plan.
+
+## Quick start
+
+Run it on a frontend app:
+
+```bash
+cd your-project
+npx laxy-verify .
+```
+
+Generate config plus GitHub Actions workflow:
+
+```bash
+npx laxy-verify --init
+```
+
+That creates:
+
+- `.laxy.yml`
+- `.github/workflows/laxy-verify.yml`
+
+Optional: log in to connect the CLI to your Laxy account:
+
+```bash
+npx laxy-verify login
+npx laxy-verify whoami
+```
+
+For CI, set `LAXY_TOKEN` instead of interactive login:
+
+```yaml
+env:
+  LAXY_TOKEN: ${{ secrets.LAXY_TOKEN }}
+```
+
+## Why laxy-verify?
+
+Most teams already have some mix of:
+
+- `npm run build`
+- Lighthouse
+- Playwright or smoke checks
+- CI status rules
+
+The gap is not "can these tools exist together?" The gap is "who turns that pile of output into a safe merge or release decision?"
+
+`laxy-verify` gives you:
+
+- one command instead of a custom build plus audit plus smoke-check script stack
+- one result file instead of scattered logs
+- one blocker-first decision instead of "build passed, but do we actually trust this release?"
+- optional account-linked automation on top of the same verification run
+
+This is most useful if you ship frontend apps and want a practical gate before:
+
+- merge
+- client review
+- QA handoff
+- production release
+
+## vs other tools
+
+No single competitor covers this combination. Here is where each tool stops:
+
+|  | laxy-verify | LHCI | Checkly | Percy / Argos | Unlighthouse | QA Wolf |
+|--|--|--|--|--|--|--|
+| Build failure detection | yes | no | no | no | no | no |
+| Auto-generated E2E | yes | no | write your own | no | no | yes |
+| Security audit | yes | no | no | no | no | no |
+| Lighthouse (multi-run avg) | yes | yes | no | no | yes | no |
+| Visual diff | yes | no | no | yes | no | no |
+| Multi-viewport checks | yes | no | separate config | no | yes | no |
+| Ship/hold release decision | yes | score only | no | no | no | no |
+| Zero config to start | yes | no | no | no | partial | no |
+| Free full coverage | yes | yes | limited | limited | yes | enterprise |
+
+LHCI gives you Lighthouse. Percy gives you visual diffs. Checkly watches your production uptime. None of them produce a merge or release decision from one command.
+
+## The failures it is meant to catch
+
+Use `laxy-verify` when you want to catch things like:
+
+- the production build passes locally but fails in CI
+- the app opens, but a key button or form flow is broken
+- desktop looks fine, but a mobile CTA is pushed out of view
+- Lighthouse looks acceptable, but the user-visible path is still not safe to ship
+- a PR needs a clear hold reason instead of a vague "something failed"
+
+## What it actually checks
+
+A standard run includes:
+
+- production build success
+- Lighthouse thresholds (3 runs for stable evidence)
+- E2E scenarios for user-visible flows
+- multi-viewport checks (desktop, tablet, mobile)
+- blocker-aware reporting and release decisions
+
+Every run includes:
+
+- security audit
+- visual diff evidence
+- stability pass (second E2E run)
+
+## What you get from one run
+
+- a release decision such as `quick-pass`, `client-ready`, `release-ready`, `hold`, or `investigate`
+- a verification grade: `Gold`, `Silver`, `Bronze`, or `Unverified`
+- `.laxy-result.json` for CI and automation
+- `laxy-verify-report.md` for human review and AI handoff
+
+Grades still exist, but they are not the main point. The main point is whether the run found blockers you should stop on.
+
+## Quick start
+
+Run it on a frontend app:
+
+```bash
+cd your-project
+npx laxy-verify .
+```
+
+Generate config plus CI workflow:
+
+```bash
+npx laxy-verify --init
+```
+
+That creates:
+
+- `.laxy.yml`
+- `.github/workflows/laxy-verify.yml`
+
+Optional: log in to connect the CLI to your Laxy account:
+
+```bash
+npx laxy-verify login
+npx laxy-verify whoami
+```
+
+For CI, set `LAXY_TOKEN` instead of interactive login:
+
+```yaml
+env:
+  LAXY_TOKEN: ${{ secrets.LAXY_TOKEN }}
+```
+
+## Example workflow
+
+1. Run `npx laxy-verify .` locally before opening or merging a PR.
+2. Fix broken builds, broken flows, and visible regressions.
+3. Commit `.laxy.yml`.
+4. Run `npx laxy-verify --init`.
+5. Let the GitHub Action apply the same gate on every PR.
+
+## Example output
+
+```text
+Decision: client-ready
+Grade: Gold
+
+Passed:
+- production build
+- Lighthouse thresholds
+- core user flows
+- desktop, tablet, and mobile viewport checks
+
+Artifacts:
+- .laxy-result.json
+- laxy-verify-report.md
+```
+
+## The decision it helps you make
+
+`laxy-verify` answers a delivery decision, not just a score:
+
+- Would this break for real users right now?
+- What would block a client demo or QA handoff?
+- Is there enough evidence to merge or release with confidence?
+
+All verification checks already run without a paid plan gate.
+
+## Grades
+
+| Grade | Meaning |
+|---|---|
+| Gold | Build passed, E2E passed, Lighthouse passed, and release-level evidence passed |
+| Silver | Build passed and E2E passed |
+| Bronze | Build passed |
+| Unverified | Build failed |
+
+Default Lighthouse thresholds:
+
+- Performance `>= 70`
+- Accessibility `>= 85`
+- SEO `>= 80`
+- Best Practices `>= 80`
+
+## Config
+
+All fields in `.laxy.yml` are optional.
+
+```yaml
+framework: auto
+build_command: ""
+dev_command: ""
+package_manager: auto
+port: 3000
+build_timeout: 300
+dev_timeout: 60
+lighthouse_runs: 1
+fail_on: bronze
+
+thresholds:
+  performance: 70
+  accessibility: 85
+  seo: 80
+  best_practices: 80
+
+crawl: false
+max_crawl_depth: 3
+max_crawl_pages: 10
+browsers:
+  - chromium
+```
+
+Useful adjustments:
+
+- raise `fail_on` in CI when you want stricter gates
+- set `build_command` or `dev_command` if auto-detection is not enough
+- increase `lighthouse_runs` for more stable performance evidence
+- point the CLI at the actual app directory in a monorepo
+
+## CLI
+
+```text
+npx laxy-verify [project-dir]
+
+Options:
+  --format console|json
+  --ci
+  --config <path>
+  --fail-on unverified|bronze|silver|gold
+  --skip-lighthouse
+  --plan-override free|pro|team
+  --badge
+  --init
+  --multi-viewport
+  --help
+
+Subcommands:
+  login [email]
+  logout
+  whoami
+```
+
+`--plan-override` is only for plan-label and automation testing. Verification coverage stays the same on every plan.
+
+## Result files
+
+Every run writes `.laxy-result.json`.
+
+When the run finds something worth reviewing, it also writes `laxy-verify-report.md`.
+
+Typical use:
+
+- `.laxy-result.json` for CI parsing and machine decisions
+- `laxy-verify-report.md` for human review, PR discussion, or AI-assisted fixes
+
+The markdown report is designed to be readable and easy to paste into coding tools.
+
+It includes:
+
+- the main stop-or-ship decision in plain English
+- what passed
+- blockers and warnings
+- exact verification evidence
+- failed scenarios
+- a `Copy For AI` section
+
+## What this is good at
+
+Use `laxy-verify` when you want:
+
+- a merge or release gate for frontend apps
+- one repeatable command for build plus audit plus visible-flow verification
+- a decision that non-authors can understand
+- JSON output for automation without building your own wrapper
+
+## What this is not
+
+`laxy-verify` is not trying to replace:
+
+- your full Playwright suite
+- deep visual QA by designers
+- production observability
+- manual exploratory testing
+
+It is a pre-merge and pre-release verification layer, not your entire quality system.
+
+## Limitations
+
+- monorepos should target the real app subdirectory
+- dev-server-based Lighthouse is not identical to production hosting
+- visual diff and viewport checks increase runtime
+- best stability is on current LTS Node releases
+
+## Requirements
+
+- Node `>=20.18.0 <25`
+- a frontend app with a runnable build flow
+- optional: `playwright` if your project already uses it
+
+## Links
+
+- GitHub: https://github.com/SUNgm24/Laxy/tree/main/laxy-verify
+- Issues: https://github.com/SUNgm24/Laxy/issues

package/dist/auth.d.ts

@@ -3,4 +3,9 @@ export declare function loadToken(): string | null;
 export declare function saveToken(token: string, email: string, expiresInSec: number): void;
 export declare function clearToken(): void;
 export declare function whoami(): void;
+/**
+ * Get or create a stable repo_id for the given project directory.
+ * Stored in ~/.laxy/repos.json keyed by absolute project path.
+ */
+export declare function getOrCreateRepoId(projectDir: string): string;
 export declare function login(emailArg?: string): Promise<void>;

package/dist/auth.js

@@ -38,6 +38,7 @@ exports.loadToken = loadToken;
 exports.saveToken = saveToken;
 exports.clearToken = clearToken;
 exports.whoami = whoami;
+exports.getOrCreateRepoId = getOrCreateRepoId;
 exports.login = login;
 /**
  * CLI authentication helpers for laxy-verify.
@@ -49,8 +50,10 @@ exports.login = login;
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const os = __importStar(require("node:os"));
+const crypto = __importStar(require("node:crypto"));
 const CREDENTIALS_DIR = path.join(os.homedir(), ".laxy");
 const CREDENTIALS_PATH = path.join(CREDENTIALS_DIR, "credentials.json");
+const REPOS_PATH = path.join(CREDENTIALS_DIR, "repos.json");
 exports.LAXY_API_URL = process.env.LAXY_API_URL ?? "https://laxy-blue.vercel.app";
 function loadToken() {
     const envToken = process.env.LAXY_TOKEN;
@@ -123,6 +126,37 @@ function whoami() {
         console.log("  Saved CLI credentials could not be read.");
     }
 }
+/**
+ * Get or create a stable repo_id for the given project directory.
+ * Stored in ~/.laxy/repos.json keyed by absolute project path.
+ */
+function getOrCreateRepoId(projectDir) {
+    const absDir = path.resolve(projectDir);
+    let repos = {};
+    try {
+        if (fs.existsSync(REPOS_PATH)) {
+            repos = JSON.parse(fs.readFileSync(REPOS_PATH, "utf-8"));
+        }
+    }
+    catch {
+        repos = {};
+    }
+    if (repos[absDir])
+        return repos[absDir];
+    // Generate new repo_id
+    const newId = crypto.randomUUID();
+    repos[absDir] = newId;
+    try {
+        if (!fs.existsSync(CREDENTIALS_DIR)) {
+            fs.mkdirSync(CREDENTIALS_DIR, { recursive: true });
+        }
+        fs.writeFileSync(REPOS_PATH, JSON.stringify(repos, null, 2), { encoding: "utf-8", mode: 0o600 });
+    }
+    catch {
+        // If we can't save, still return the generated id for this run
+    }
+    return newId;
+}
 /**
  * Read a line from stdin without creating a readline interface.
  * This avoids the Windows UV_HANDLE_CLOSING assertion that can happen

package/dist/cli.js

@@ -158,6 +158,7 @@ function parseArgs() {
         failureAnalysis: flags["failure-analysis"] !== undefined,
         crawl: flags.crawl !== undefined,
         planOverride: flags["plan-override"],
+        port: flags.port !== undefined ? Number(flags.port) : undefined,
         help: flags.help !== undefined || flags.h !== undefined,
     };
 }
@@ -322,6 +323,7 @@ async function run() {
     --config <path>   Path to .laxy.yml
     --fail-on         unverified | bronze | silver | gold
     --skip-lighthouse Skip Lighthouse but still run build and E2E
+    --port <port>     Use an already-running dev server on this port (skip build & server start)
     --plan-override   free | pro | team (testing metadata only)
     --multi-viewport  Lighthouse on desktop/tablet/mobile
     --crawl           Crawl the app to discover routes before E2E
@@ -338,6 +340,7 @@ async function run() {
     npx laxy-verify .                   # Run in current directory
     npx laxy-verify . --ci              # CI mode
     npx laxy-verify . --fail-on silver  # Block Bronze or worse
+    npx laxy-verify . --port 3001       # Use existing dev server on port 3001
 
   Docs: https://github.com/SUNgm24/Laxy/tree/main/laxy-verify
 `);
@@ -360,6 +363,23 @@ async function run() {
         return;
     }
     if (args.init) {
+        let initEntitlements = null;
+        try {
+            initEntitlements = await (0, entitlement_js_1.getEntitlements)();
+        }
+        catch {
+            // ignore fetch errors
+        }
+        const initPlan = initEntitlements?.plan ?? "free";
+        const hasProAccess = initPlan === "pro" || initPlan === "team";
+        if (!hasProAccess) {
+            console.log("\n  GitHub Actions integration is a Pro feature.");
+            console.log("  Log in and upgrade to Pro to use --init.");
+            console.log("  → laxy-verify login");
+            console.log("  → https://laxy.dev/pricing\n");
+            exitGracefully(1);
+            return;
+        }
         (0, init_js_1.runInit)(args.projectDir);
         if (!args.initRun) {
             console.log("\n  Next step: run npx laxy-verify .  (or use --init --run to continue immediately)");
@@ -376,8 +396,24 @@ async function run() {
             return;
         }
         const content = JSON.parse(fs.readFileSync(resultPath, "utf-8"));
-        const badge = (0, badge_js_1.generateBadge)(content.grade);
-        console.log(badge);
+        // Pro: 실시간 배지 URL (verify_runs 기반)
+        let badgeEntitlements = null;
+        try {
+            badgeEntitlements = await (0, entitlement_js_1.getEntitlements)();
+        }
+        catch { /* ignore */ }
+        const badgePlan = badgeEntitlements?.plan ?? "free";
+        const badgeIsPro = badgePlan === "pro" || badgePlan === "team";
+        if (badgeIsPro) {
+            const { LAXY_API_URL } = await Promise.resolve().then(() => __importStar(require("./auth.js")));
+            const repoId = (0, auth_js_1.getOrCreateRepoId)(args.projectDir);
+            const dynamicUrl = `${LAXY_API_URL}/api/badge/${repoId}`;
+            console.log(`![Laxy](${dynamicUrl})`);
+        }
+        else {
+            const badge = (0, badge_js_1.generateBadge)(content.grade);
+            console.log(badge);
+        }
         exitGracefully(0);
         return;
     }
@@ -409,25 +445,44 @@ async function run() {
     }
     const buildCmd = config.build_command || detected.buildCmd;
     const devCmd = config.dev_command || detected.devCmd;
-    const port = config.port;
-    try {
-        await ensurePortAvailableForVerification(port);
+    const port = args.port ?? config.port;
+    const useExistingServer = args.port !== undefined;
+    if (!useExistingServer) {
+        try {
+            await ensurePortAvailableForVerification(port);
+        }
+        catch (err) {
+            console.error(`Preflight error: ${err instanceof Error ? err.message : String(err)}`);
+            exitGracefully(2);
+            return;
+        }
     }
-    catch (err) {
-        console.error(`Preflight error: ${err instanceof Error ? err.message : String(err)}`);
-        exitGracefully(2);
-        return;
+    else {
+        // Verify the existing server is actually reachable
+        const status = await (0, serve_js_1.probeServerStatus)(port);
+        if (status === null) {
+            console.error(`Preflight error: No server responding on port ${port}. Make sure the dev server is running before using --port.`);
+            exitGracefully(2);
+            return;
+        }
+        console.log(`Using existing dev server on port ${port} (HTTP ${status})`);
     }
     let buildResult;
-    try {
-        buildResult = await (0, build_js_1.runBuild)(buildCmd, config.build_timeout, args.projectDir);
+    if (useExistingServer) {
+        // Skip build when using an external server
+        buildResult = { success: true, durationMs: 0, errors: [] };
     }
-    catch (err) {
-        buildResult = {
-            success: false,
-            durationMs: 0,
-            errors: err instanceof Error ? [err.message] : [String(err)],
-        };
+    else {
+        try {
+            buildResult = await (0, build_js_1.runBuild)(buildCmd, config.build_timeout, args.projectDir);
+        }
+        catch (err) {
+            buildResult = {
+                success: false,
+                durationMs: 0,
+                errors: err instanceof Error ? [err.message] : [String(err)],
+            };
+        }
     }
     let scores;
     let lighthouseResult = null;
@@ -485,9 +540,11 @@ async function run() {
     if (buildResult.success) {
         let servePid;
         try {
-            const serve = await (0, serve_js_1.startDevServer)(devCmd, port, config.dev_timeout, args.projectDir);
-            servePid = serve.pid;
-            activeDevServerPid = serve.pid;
+            if (!useExistingServer) {
+                const serve = await (0, serve_js_1.startDevServer)(devCmd, port, config.dev_timeout, args.projectDir);
+                servePid = serve.pid;
+                activeDevServerPid = serve.pid;
+            }
             const verifyUrl = `http://127.0.0.1:${port}/`;
             const verificationTier = (0, index_js_1.planToVerificationTier)(effectiveFeatures.plan);
             if (!args.skipLighthouse) {
@@ -552,7 +609,15 @@ async function run() {
                 };
                 e2eCoverageGaps = e2eRuns.coverageGaps;
                 e2eConsoleErrors = e2eRuns.consoleErrors;
-                // Broken links audit ??runs after E2E so we have the crawl result
+                // Merge console errors captured during crawl phase
+                if (e2eRuns.crawlResult) {
+                    const crawlConsoleErrors = e2eRuns.crawlResult.pages.flatMap((p) => p.consoleErrors);
+                    if (crawlConsoleErrors.length > 0) {
+                        const unique = crawlConsoleErrors.filter((e) => !e2eConsoleErrors.includes(e));
+                        e2eConsoleErrors = [...e2eConsoleErrors, ...unique];
+                    }
+                }
+                // Broken links audit — runs after E2E so we have the crawl result
                 if (e2eRuns.crawlResult && e2eRuns.crawlResult.totalLinks > 0) {
                     try {
                         brokenLinksResult = await (0, broken_links_js_1.auditBrokenLinks)(e2eRuns.crawlResult, verifyUrl);
@@ -746,6 +811,47 @@ async function run() {
         }
     }
     writeResultFile(args.projectDir, resultObj);
+    // Pro 이상: 결과를 서버에 저장 (배지, 공유 링크용)
+    const token = (0, auth_js_1.loadToken)();
+    const isPro = effectiveFeatures.plan === "pro" || effectiveFeatures.plan === "team";
+    if (token && isPro) {
+        try {
+            const repoId = (0, auth_js_1.getOrCreateRepoId)(args.projectDir);
+            const { LAXY_API_URL } = await Promise.resolve().then(() => __importStar(require("./auth.js")));
+            const saveRes = await fetch(`${LAXY_API_URL}/api/v1/cli-results`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    Authorization: `Bearer ${token}`,
+                },
+                body: JSON.stringify({
+                    repo_id: repoId,
+                    project_name: path.basename(path.resolve(args.projectDir)),
+                    grade: unifiedGrade,
+                    verdict: verificationReport.verdict,
+                    scores: {
+                        performance: scores?.performance,
+                        accessibility: scores?.accessibility,
+                        seo: scores?.seo,
+                        best_practices: scores?.bestPractices,
+                        e2e_passed: e2eResult?.passed,
+                        e2e_total: e2eResult?.total,
+                        security_critical: securityAuditResult?.critical,
+                        console_error_count: e2eConsoleErrors.length,
+                        broken_link_count: brokenLinksResult?.brokenLinks.length,
+                    },
+                    full_result: { framework: detected.framework },
+                }),
+            });
+            if (!saveRes.ok) {
+                const errBody = await saveRes.json().catch(() => ({}));
+                console.warn(`  [warn] Result save failed (${saveRes.status}): ${errBody.error ?? "unknown error"}`);
+            }
+        }
+        catch {
+            // 네트워크 오류는 검증 결과에 영향 없음
+        }
+    }
     if (args.format === "json") {
         console.log(JSON.stringify(resultObj, null, 2));
     }

package/dist/comment.js

@@ -36,14 +36,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.postPRComment = postPRComment;
 const fs = __importStar(require("node:fs"));
 const github_js_1 = require("./github.js");
+const trend_js_1 = require("./trend.js");
 function renderTrendTable(delta) {
     const lines = [
         "| Check | This PR | vs Base |",
         "|---|---|---|",
     ];
-    const gradeTrendStr = delta.grade.current !== delta.grade.base
-        ? ` (was ${delta.grade.base})`
-        : "";
+    const gradeUp = (0, trend_js_1.gradeIndex)(delta.grade.current) > (0, trend_js_1.gradeIndex)(delta.grade.base);
+    const gradeDown = (0, trend_js_1.gradeIndex)(delta.grade.current) < (0, trend_js_1.gradeIndex)(delta.grade.base);
+    const gradeTrendStr = gradeUp ? ` ↑ (was ${delta.grade.base})` :
+        gradeDown ? ` ↓ (was ${delta.grade.base})` :
+            "";
     lines.push(`| Grade | **${delta.grade.current}**${gradeTrendStr} | ${delta.grade.base} |`);
     function fmtDelta(d) {
         if (d === null)
@@ -98,15 +101,15 @@ async function postPRComment(result, trend) {
         : grade === "Unverified"
             ? "The production build failed or verification could not complete, so this PR should be held."
             : `This PR did not clear the current verification gate. Grade summary: **${grade}**.`;
-    const body = `## ${statusLabel} Laxy Verify: ${headline}
-
-${summary}
-
-${trendTable}${lhTable}**Fail-on threshold**: ${result.config_fail_on ?? "bronze"}
-
-Grade remains available for automation, but this check should be read first as a merge and release blocker gate.
-
----
+    const body = `## ${statusLabel} Laxy Verify: ${headline}
+
+${summary}
+
+${trendTable}${lhTable}**Fail-on threshold**: ${result.config_fail_on ?? "bronze"}
+
+Grade remains available for automation, but this check should be read first as a merge and release blocker gate.
+
+---
 [Open laxy-verify docs](https://github.com/SUNgm24/Laxy/tree/main/laxy-verify)`;
     const [owner, repo] = ctx.repository.split("/");
     const url = `https://api.github.com/repos/${owner}/${repo}/issues/${prNumber}/comments`;

package/dist/crawler.d.ts

@@ -8,6 +8,7 @@ export interface CrawlPage {
     buttons: string[];
     internalLinks: string[];
     hasConsoleErrors: boolean;
+    consoleErrors: string[];
 }
 export interface CrawlForm {
     selector: string;

package/dist/crawler.js

@@ -189,6 +189,7 @@ async function crawlApp(baseUrl, options) {
                     buttons: pageInfo.buttons.slice(0, 10),
                     internalLinks: Array.from(new Set(internalLinks)),
                     hasConsoleErrors: consoleErrors.length > 0,
+                    consoleErrors,
                 };
                 pages.push(crawlPage);
                 // Queue discovered internal links

package/dist/entitlement.js

@@ -65,12 +65,14 @@ function applyPlanOverride(features, overridePlan) {
     if (!overridePlan)
         return features;
     const isTeam = overridePlan === "team";
+    const isPro = overridePlan === "pro" || overridePlan === "team";
     return {
         ...features,
         plan: overridePlan,
         // All verification features run on every plan
-        // Automation features — Team only
-        github_actions: isTeam,
+        // github_actions — Pro and Team
+        github_actions: isPro,
+        // queue_priority, parallel_execution — Team only
         queue_priority: isTeam,
         parallel_execution: isTeam,
     };

package/dist/serve.js

@@ -87,59 +87,59 @@ function writeWindowsDevWrapper(command, port, cwd) {
     const wrapperDir = path.join(os.tmpdir(), "laxy-verify");
     fs.mkdirSync(wrapperDir, { recursive: true });
     const wrapperPath = path.join(wrapperDir, `dev-wrapper-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}.cjs`);
-    const source = `"use strict";
-const { spawn } = require("node:child_process");
-
-const parentPid = Number(process.env.LAXY_VERIFY_PARENT_PID || "0");
-const command = ${JSON.stringify(command)};
-const childCwd = ${JSON.stringify(cwd ?? null)};
-const port = ${JSON.stringify(String(port))};
-
-function killChildTree(pid) {
-  try {
-    const killer = spawn(process.env.ComSpec || "cmd.exe", ["/d", "/c", "taskkill /T /F /PID " + pid], {
-      stdio: "ignore",
-    });
-    killer.on("exit", () => process.exit(1));
-  } catch {
-    process.exit(1);
-  }
-}
-
-const child = spawn(process.env.ComSpec || "cmd.exe", ["/d", "/c", command], {
-  stdio: ["ignore", "pipe", "pipe"],
-  cwd: childCwd || undefined,
-  env: { ...process.env, PORT: port },
-});
-
-child.stdout?.on("data", (chunk) => process.stdout.write(chunk));
-child.stderr?.on("data", (chunk) => process.stderr.write(chunk));
-
-child.on("error", (err) => {
-  process.stderr.write((err && err.message ? err.message : String(err)) + "\\n");
-  process.exit(1);
-});
-
-child.on("exit", (code) => {
-  clearInterval(watchdog);
-  process.exit(code ?? 1);
-});
-
-const watchdog = setInterval(() => {
-  if (!parentPid) return;
-  try {
-    process.kill(parentPid, 0);
-  } catch {
-    clearInterval(watchdog);
-    if (child.pid) {
-      killChildTree(child.pid);
-      return;
-    }
-    process.exit(1);
-  }
-}, 1000);
-
-watchdog.unref?.();
+    const source = `"use strict";
+const { spawn } = require("node:child_process");
+
+const parentPid = Number(process.env.LAXY_VERIFY_PARENT_PID || "0");
+const command = ${JSON.stringify(command)};
+const childCwd = ${JSON.stringify(cwd ?? null)};
+const port = ${JSON.stringify(String(port))};
+
+function killChildTree(pid) {
+  try {
+    const killer = spawn(process.env.ComSpec || "cmd.exe", ["/d", "/c", "taskkill /T /F /PID " + pid], {
+      stdio: "ignore",
+    });
+    killer.on("exit", () => process.exit(1));
+  } catch {
+    process.exit(1);
+  }
+}
+
+const child = spawn(process.env.ComSpec || "cmd.exe", ["/d", "/c", command], {
+  stdio: ["ignore", "pipe", "pipe"],
+  cwd: childCwd || undefined,
+  env: { ...process.env, PORT: port },
+});
+
+child.stdout?.on("data", (chunk) => process.stdout.write(chunk));
+child.stderr?.on("data", (chunk) => process.stderr.write(chunk));
+
+child.on("error", (err) => {
+  process.stderr.write((err && err.message ? err.message : String(err)) + "\\n");
+  process.exit(1);
+});
+
+child.on("exit", (code) => {
+  clearInterval(watchdog);
+  process.exit(code ?? 1);
+});
+
+const watchdog = setInterval(() => {
+  if (!parentPid) return;
+  try {
+    process.kill(parentPid, 0);
+  } catch {
+    clearInterval(watchdog);
+    if (child.pid) {
+      killChildTree(child.pid);
+      return;
+    }
+    process.exit(1);
+  }
+}, 1000);
+
+watchdog.unref?.();
 `;
     fs.writeFileSync(wrapperPath, source, "utf-8");
     return wrapperPath;
@@ -219,6 +219,9 @@ async function startDevServer(command, port, timeoutSec, cwd) {
                 if (proc.pid) {
                     await killProcessTree(proc.pid);
                 }
+                if (wrapperPath) {
+                    fs.rmSync(wrapperPath, { force: true });
+                }
                 reject(new DevServerTimeoutError(port, timeoutSec));
                 return;
             }

package/dist/trend.d.ts

@@ -43,6 +43,7 @@ export interface TrendDelta {
         base: string | null;
     };
 }
+export declare function gradeIndex(grade: string): number;
 export declare function loadBaseSnapshot(baseResultPath: string): TrendSnapshot | null;
 export declare function computeTrendDelta(current: TrendSnapshot, base: TrendSnapshot): TrendDelta;
 export declare function renderTrendSection(delta: TrendDelta): string;

package/dist/trend.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.gradeIndex = gradeIndex;
 exports.loadBaseSnapshot = loadBaseSnapshot;
 exports.computeTrendDelta = computeTrendDelta;
 exports.renderTrendSection = renderTrendSection;
@@ -57,9 +58,9 @@ function gradeTrend(current, base) {
     const ci = gradeIndex(current);
     const bi = gradeIndex(base);
     if (ci > bi)
-        return ` (was ${base})`;
+        return ` ↑ (was ${base})`;
     if (ci < bi)
-        return ` (was ${base})`;
+        return ` ↓ (was ${base})`;
     return "";
 }
 function loadBaseSnapshot(baseResultPath) {

package/package.json

@@ -1,67 +1,67 @@
-{
-  "name": "laxy-verify",
-  "version": "1.1.33",
-  "description": "Frontend verification CLI for build checks, Lighthouse, E2E, and release readiness",
-  "license": "MIT",
-  "type": "commonjs",
-  "homepage": "https://github.com/SUNgm24/Laxy/tree/main/laxy-verify#readme",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/SUNgm24/Laxy.git",
-    "directory": "laxy-verify"
-  },
-  "bugs": {
-    "url": "https://github.com/SUNgm24/Laxy/issues"
-  },
-  "keywords": [
-    "frontend",
-    "verification",
-    "quality-gate",
-    "release-readiness",
-    "lighthouse",
-    "e2e",
-    "qa",
-    "cli",
-    "nextjs",
-    "vite"
-  ],
-  "engines": {
-    "node": ">=20.18.0"
-  },
-  "bin": {
-    "laxy-verify": "dist/cli.js"
-  },
-  "files": [
-    "dist/"
-  ],
-  "scripts": {
-    "build": "tsc",
-    "start": "node dist/cli.js",
-    "test": "vitest run",
-    "test:coverage": "vitest run --coverage"
-  },
-  "dependencies": {
-    "@lhci/cli": "^0.14.0",
-    "chrome-launcher": "^0.13.4",
-    "js-yaml": "^4.1.0",
-    "lighthouse": "^12.1.0",
-    "pixelmatch": "^7.1.0",
-    "pngjs": "^7.0.0",
-    "puppeteer": "^24.40.0",
-    "tree-kill": "^1.2.2"
-  },
-  "devDependencies": {
-    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^20.0.0",
-    "typescript": "^5.4.0",
-    "vitest": "^2.0.0"
-  },
-  "peerDependencies": {
-    "playwright": "^1.40.0"
-  },
-  "peerDependenciesMeta": {
-    "playwright": {
-      "optional": true
-    }
-  }
-}
+{
+  "name": "laxy-verify",
+  "version": "1.2.1",
+  "description": "Frontend verification CLI for build checks, Lighthouse, E2E, and release readiness",
+  "license": "MIT",
+  "type": "commonjs",
+  "homepage": "https://github.com/SUNgm24/Laxy/tree/main/laxy-verify#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/SUNgm24/Laxy.git",
+    "directory": "laxy-verify"
+  },
+  "bugs": {
+    "url": "https://github.com/SUNgm24/Laxy/issues"
+  },
+  "keywords": [
+    "frontend",
+    "verification",
+    "quality-gate",
+    "release-readiness",
+    "lighthouse",
+    "e2e",
+    "qa",
+    "cli",
+    "nextjs",
+    "vite"
+  ],
+  "engines": {
+    "node": ">=20.18.0"
+  },
+  "bin": {
+    "laxy-verify": "dist/cli.js"
+  },
+  "files": [
+    "dist/"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/cli.js",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage"
+  },
+  "dependencies": {
+    "@lhci/cli": "^0.14.0",
+    "chrome-launcher": "^0.13.4",
+    "js-yaml": "^4.1.0",
+    "lighthouse": "^12.1.0",
+    "pixelmatch": "^7.1.0",
+    "pngjs": "^7.0.0",
+    "puppeteer": "^24.40.0",
+    "tree-kill": "^1.2.2"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^2.0.0"
+  },
+  "peerDependencies": {
+    "playwright": "^1.40.0"
+  },
+  "peerDependenciesMeta": {
+    "playwright": {
+      "optional": true
+    }
+  }
+}