laxy-verify 1.2.1 → 1.2.3

package/dist/init-analysis.js

@@ -0,0 +1,302 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeProjectForInit = analyzeProjectForInit;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const SOURCE_EXTENSIONS = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
+const IGNORED_DIRS = new Set([
+    ".git",
+    ".next",
+    ".turbo",
+    ".vercel",
+    ".output",
+    ".laxy-verify",
+    "coverage",
+    "dist",
+    "build",
+    "node_modules",
+]);
+function isSourceFile(filePath) {
+    return SOURCE_EXTENSIONS.has(path.extname(filePath).toLowerCase());
+}
+function normalizeRoute(route) {
+    const cleaned = route
+        .replace(/\\u002F/gi, "/")
+        .replace(/\\\//g, "/")
+        .trim();
+    if (!cleaned.startsWith("/"))
+        return null;
+    const normalized = cleaned.split("?")[0]?.split("#")[0]?.replace(/\/+/g, "/") ?? "/";
+    if (!normalized || normalized === "/")
+        return "/";
+    if (normalized.startsWith("/_next/") || normalized.startsWith("/api/"))
+        return null;
+    if (/[.*:[\]]/.test(normalized))
+        return null;
+    if (/\.[a-z0-9]{2,8}$/i.test(normalized))
+        return null;
+    if (/\s/.test(normalized))
+        return null;
+    return normalized.endsWith("/") && normalized !== "/" ? normalized.slice(0, -1) : normalized;
+}
+function collectSourceFiles(rootDir, currentDir = rootDir, acc = []) {
+    const entries = fs.readdirSync(currentDir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = path.join(currentDir, entry.name);
+        if (entry.isDirectory()) {
+            if (IGNORED_DIRS.has(entry.name))
+                continue;
+            collectSourceFiles(rootDir, fullPath, acc);
+            continue;
+        }
+        if (entry.isFile() && isSourceFile(fullPath)) {
+            acc.push(fullPath);
+        }
+    }
+    return acc;
+}
+function readFileSafe(filePath) {
+    try {
+        return fs.readFileSync(filePath, "utf-8");
+    }
+    catch {
+        return "";
+    }
+}
+function routeFromNextAppFile(filePath, baseDir) {
+    const relative = path.relative(baseDir, filePath).replace(/\\/g, "/");
+    if (!relative.startsWith("app/"))
+        return null;
+    if (!/\/page\.(t|j)sx?$/.test(relative) && !relative.endsWith("/page.mdx"))
+        return null;
+    const segments = relative
+        .replace(/^app\//, "")
+        .replace(/\/page\.(t|j)sx?$/, "")
+        .replace(/\/page\.mdx$/, "")
+        .split("/")
+        .filter(Boolean)
+        .filter((segment) => !segment.startsWith("("))
+        .filter((segment) => !segment.startsWith("@"))
+        .filter((segment) => segment !== "page")
+        .flatMap((segment) => {
+        if (segment === "index")
+            return [];
+        const cleaned = segment.replace(/\.(t|j)sx?$/, "");
+        if (cleaned.startsWith("(") || cleaned.startsWith("[["))
+            return [];
+        if (cleaned.startsWith("["))
+            return [];
+        return cleaned ? [cleaned] : [];
+    });
+    const route = `/${segments.join("/")}`;
+    return normalizeRoute(route);
+}
+function routeFromNextPagesFile(filePath, baseDir) {
+    const relative = path.relative(baseDir, filePath).replace(/\\/g, "/");
+    if (!relative.startsWith("pages/"))
+        return null;
+    if (!/\.(t|j)sx?$/.test(relative))
+        return null;
+    if (/^pages\/api\//.test(relative))
+        return null;
+    const withoutExt = relative.replace(/^pages\//, "").replace(/\.(t|j)sx?$/, "");
+    const segments = withoutExt
+        .split("/")
+        .filter(Boolean)
+        .filter((segment) => segment !== "index")
+        .filter((segment) => !segment.startsWith("["));
+    const route = `/${segments.join("/")}`;
+    return normalizeRoute(route);
+}
+function collectRoutesFromFiles(rootDir, files) {
+    const routes = new Map();
+    for (const filePath of files) {
+        const nextAppRoute = routeFromNextAppFile(filePath, rootDir);
+        if (nextAppRoute)
+            routes.set(nextAppRoute, filePath);
+        const nextPagesRoute = routeFromNextPagesFile(filePath, rootDir);
+        if (nextPagesRoute)
+            routes.set(nextPagesRoute, filePath);
+        const content = readFileSafe(filePath);
+        if (!content)
+            continue;
+        const routeRegexes = [
+            /(?:path|to|href|router\.push|navigate)\s*\(?\s*[:=]?\s*["'`]((?:\/(?!\/)[^"'`?#]+))["'`]/g,
+            /<Route[^>]*path=["'`]((?:\/(?!\/)[^"'`?#]+))["'`]/g,
+        ];
+        for (const regex of routeRegexes) {
+            for (const match of content.matchAll(regex)) {
+                const route = normalizeRoute(match[1] ?? "");
+                if (route)
+                    routes.set(route, filePath);
+            }
+        }
+    }
+    return Array.from(routes.entries())
+        .map(([route, source]) => ({ route, source }))
+        .sort((a, b) => a.route.localeCompare(b.route));
+}
+function buildSelectorHints(files) {
+    const contents = files.map(readFileSafe).join("\n");
+    const has = (pattern) => pattern.test(contents);
+    const dataTestIds = Array.from(contents.matchAll(/data-testid=["'`]([^"'`]+)["'`]/g)).map((match) => match[1]);
+    const dashboardDataTestId = dataTestIds.find((id) => /(dashboard|workspace|overview|app)/i.test(id));
+    const authDataTestId = dataTestIds.find((id) => /(login|signin|auth|account)/i.test(id));
+    return {
+        email: has(/name=["'`]email["'`]/i)
+            ? "input[name=email]"
+            : has(/type=["'`]email["'`]/i)
+                ? "input[type=email]"
+                : "input[name=email]",
+        password: has(/name=["'`](password|passcode)["'`]/i)
+            ? "input[name=password]"
+            : has(/type=["'`]password["'`]/i)
+                ? "input[type=password]"
+                : "input[name=password]",
+        submit: has(/type=["'`]submit["'`]/i)
+            ? "button[type=submit]"
+            : has(/(sign in|login|continue|submit)/i)
+                ? "button"
+                : "button[type=submit]",
+        search: has(/name=["'`](q|query|search)["'`]/i)
+            ? "input[name=search]"
+            : has(/placeholder=["'`][^"'`]*(search|검색)[^"'`]*["'`]/i)
+                ? "input[type=search]"
+                : "input[type=search]",
+        primaryInput: has(/textarea/i) ? "textarea" : "input",
+        dashboardVisible: dashboardDataTestId ? `[data-testid=${dashboardDataTestId}]` : "main",
+        authVisible: authDataTestId ? `[data-testid=${authDataTestId}]` : "main",
+    };
+}
+function pickFirstRoute(routes, patterns) {
+    return routes.find((route) => patterns.some((pattern) => pattern.test(route)));
+}
+function uniqueRoutes(routes) {
+    const seen = new Set();
+    const result = [];
+    for (const route of routes) {
+        if (!route)
+            continue;
+        const normalized = normalizeRoute(route);
+        if (!normalized || normalized === "/" || seen.has(normalized))
+            continue;
+        seen.add(normalized);
+        result.push(normalized);
+    }
+    return result;
+}
+function analyzeProjectForInit(dir) {
+    const files = collectSourceFiles(dir);
+    const routeEntries = collectRoutesFromFiles(dir, files);
+    const routes = uniqueRoutes(routeEntries.map((entry) => entry.route));
+    const selectors = buildSelectorHints(files);
+    const loginRoute = pickFirstRoute(routes, [/\/login$/, /\/signin$/, /\/sign-in$/, /\/auth/]);
+    const dashboardRoute = pickFirstRoute(routes, [/\/dashboard$/, /\/app$/, /\/workspace$/, /\/overview$/, /\/home$/, /\/projects?$/]);
+    const signupRoute = pickFirstRoute(routes, [/\/signup$/, /\/register$/, /\/join$/, /\/sign-up$/]);
+    const searchRoute = pickFirstRoute(routes, [/\/search$/, /\/discover$/, /\/explore$/, /\/products$/, /\/items$/]);
+    const settingsRoute = pickFirstRoute(routes, [/\/settings$/, /\/profile$/, /\/account$/, /\/billing$/]);
+    const scenarios = [];
+    if (loginRoute) {
+        scenarios.push({
+            name: "로그인 후 보호 페이지 접근",
+            steps: [
+                { goto: loginRoute },
+                { fill: selectors.email, with: "test@example.com" },
+                { fill: selectors.password, with: "testpass123!" },
+                { click: selectors.submit },
+                dashboardRoute
+                    ? { goto: dashboardRoute }
+                    : { wait: 1200 },
+                { expect_visible: dashboardRoute ? selectors.dashboardVisible : "body" },
+            ],
+        });
+    }
+    if (signupRoute && scenarios.length < 3) {
+        scenarios.push({
+            name: "회원가입 주요 폼 제출",
+            steps: [
+                { goto: signupRoute },
+                { fill: selectors.email, with: "test@example.com" },
+                { fill: selectors.password, with: "testpass123!" },
+                { click: selectors.submit },
+                { expect_visible: selectors.authVisible || "body" },
+            ],
+        });
+    }
+    if (searchRoute && scenarios.length < 3) {
+        scenarios.push({
+            name: "핵심 탐색 흐름 확인",
+            steps: [
+                { goto: searchRoute },
+                { fill: selectors.search, with: "test query" },
+                { click: selectors.submit },
+                { expect_visible: "body" },
+            ],
+        });
+    }
+    if (settingsRoute && scenarios.length < 3) {
+        scenarios.push({
+            name: "설정 화면 렌더 확인",
+            steps: [
+                { goto: settingsRoute },
+                { expect_visible: "body" },
+            ],
+        });
+    }
+    if (dashboardRoute && scenarios.length < 3) {
+        scenarios.push({
+            name: "대시보드 기본 렌더",
+            steps: [
+                { goto: dashboardRoute },
+                { expect_visible: selectors.dashboardVisible || "main" },
+            ],
+        });
+    }
+    if (scenarios.length === 0) {
+        const firstRoute = routes[0] ?? "/";
+        scenarios.push({
+            name: "핵심 페이지 기본 렌더",
+            steps: [
+                { goto: firstRoute },
+                { expect_visible: "body" },
+            ],
+        });
+    }
+    return {
+        scenarios: scenarios.slice(0, 3),
+        extraRoutes: routes.slice(0, 10),
+    };
+}

package/dist/init.js

@@ -37,6 +37,22 @@ exports.runInit = runInit;
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const detect_js_1 = require("./detect.js");
+const init_analysis_js_1 = require("./init-analysis.js");
+function renderStringList(items, indent = "  ") {
+    return items.map((item) => `${indent}- ${item}`).join("\n");
+}
+function renderScenarios() {
+    return `scenarios:
+  - name: "로그인 후 대시보드 접근"
+    steps:
+      - goto: /login
+      - fill: input[name=email]
+        with: test@example.com
+      - fill: input[name=password]
+        with: testpass123!
+      - click: button[type=submit]
+      - expect_visible: main`;
+}
 function runInit(dir) {
     const laxyYmlPath = path.join(dir, ".laxy.yml");
     const workflowDir = path.join(dir, ".github", "workflows");
@@ -48,6 +64,7 @@ function runInit(dir) {
     else {
         let detectedFramework = null;
         let detectedPort = 3000;
+        const initAnalysis = (0, init_analysis_js_1.analyzeProjectForInit)(dir);
         try {
             const detected = (0, detect_js_1.detect)(dir);
             detectedFramework = detected.framework ?? "auto";
@@ -56,20 +73,69 @@ function runInit(dir) {
         catch {
             // Keep defaults when auto-detection fails.
         }
+        const extraRoutesBlock = initAnalysis.extraRoutes.length > 0
+            ? `extra_routes:\n${renderStringList(initAnalysis.extraRoutes)}\n\n`
+            : "";
+        const scenarioBlocks = initAnalysis.scenarios.length > 0
+            ? [
+                "scenarios:",
+                ...initAnalysis.scenarios.flatMap((scenario) => [
+                    `  - name: "${scenario.name.replace(/"/g, '\\"')}"`,
+                    "    steps:",
+                    ...scenario.steps.flatMap((step) => {
+                        if (step.goto)
+                            return [`      - goto: ${step.goto}`];
+                        if (step.fill && step.with !== undefined) {
+                            return [
+                                `      - fill: ${step.fill}`,
+                                `        with: ${step.with}`,
+                            ];
+                        }
+                        if (step.click)
+                            return [`      - click: ${step.click}`];
+                        if (step.expect_visible)
+                            return [`      - expect_visible: ${step.expect_visible}`];
+                        if (step.expect_text)
+                            return [`      - expect_text: ${step.expect_text}`];
+                        if (step.wait !== undefined)
+                            return [`      - wait: ${step.wait}`];
+                        return [];
+                    }),
+                ]),
+            ].join("\n")
+            : renderScenarios();
         const ymlContent = `# Generated by laxy-verify --init
 # See https://github.com/SUNgm24/Laxy/tree/main/laxy-verify for full docs
 framework: ${detectedFramework}   # auto-detected
 port: ${detectedPort}
 fail_on: bronze
+lighthouse_runs: 3
 
 thresholds:
   performance: 70
   accessibility: 85
   seo: 80
   best_practices: 80
+
+${extraRoutesBlock}visual_diff:
+  pixelmatch_threshold: 0.1
+  warn_threshold: 30
+  rollback_threshold: 60
+  disable_animations: true
+  ignore_selectors:
+    - "[data-dynamic]"
+    - "[data-ignore-diff]"
+
+${scenarioBlocks}
 `;
         fs.writeFileSync(laxyYmlPath, ymlContent, "utf-8");
         console.log("Created .laxy.yml");
+        if (initAnalysis.scenarios.length > 0) {
+            console.log(`Seeded ${initAnalysis.scenarios.length} draft E2E scenario(s) from your app structure.`);
+        }
+        if (initAnalysis.extraRoutes.length > 0) {
+            console.log(`Detected ${initAnalysis.extraRoutes.length} extra route(s) for SPA / multi-page coverage.`);
+        }
     }
     if (fs.existsSync(workflowPath)) {
         console.log(".github/workflows/laxy-verify.yml already exists. Skipping.");

package/dist/lighthouse.d.ts

@@ -3,5 +3,35 @@ interface LhResult {
     scores: LighthouseScores | null;
     errors: string[];
 }
-export declare function runLighthouse(port: number, runs: number): Promise<LhResult>;
+export interface RouteScoreResult {
+    route: string;
+    scores: LighthouseScores | null;
+    errors: string[];
+}
+export interface MultiRouteLhResult {
+    /** Weighted average: root (/) = 2x weight, other routes = 1x */
+    aggregated: LighthouseScores | null;
+    perRoute: RouteScoreResult[];
+    /** True if every route that produced scores individually passed all thresholds */
+    allRoutesPass(thresholds: {
+        performance: number;
+        accessibility: number;
+        seo: number;
+        bestPractices: number;
+    }): boolean;
+}
+export declare function runLighthouse(port: number, runs: number, routePath?: string): Promise<LhResult>;
+/** Run Lighthouse against an arbitrary external URL (Pro: compare-env feature). */
+export declare function runLighthouseOnUrl(fullUrl: string, runs: number): Promise<LhResult>;
+/**
+ * Run Lighthouse on multiple routes and aggregate results.
+ *
+ * Aggregation strategy (weighted average):
+ *   - Root route "/" receives weight 2 (most visible page)
+ *   - All other routes receive weight 1
+ *
+ * Gold eligibility: every route must individually pass all thresholds.
+ * Silver/Bronze eligibility: based on the weighted-average aggregate score.
+ */
+export declare function runLighthouseOnRoutes(port: number, runs: number, routes: string[]): Promise<MultiRouteLhResult>;
 export {};

package/dist/lighthouse.js

@@ -34,6 +34,8 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runLighthouse = runLighthouse;
+exports.runLighthouseOnUrl = runLighthouseOnUrl;
+exports.runLighthouseOnRoutes = runLighthouseOnRoutes;
 const node_child_process_1 = require("node:child_process");
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
@@ -114,13 +116,13 @@ const [url, reportPath, chromeDir] = process.argv.slice(2);
     // .cjs 확장자로 저장해서 Node가 CommonJS로 실행하도록 함
     fs.writeFileSync(runnerPath, source, "utf-8");
 }
-async function runLighthouse(port, runs) {
+async function runLighthouseCore(fullUrl, runs, label) {
     const baseTmpDir = path.join(process.cwd(), ".laxy-tmp", `lighthouse-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`);
     const reportsDir = path.join(baseTmpDir, "reports");
     const runnerPath = path.join(baseTmpDir, "run-lighthouse.cjs");
     fs.mkdirSync(reportsDir, { recursive: true });
     writeRunnerScript(runnerPath);
-    console.log(`\n  Running Lighthouse (${runs} run${runs > 1 ? "s" : ""})...`);
+    console.log(`\n  Running Lighthouse on ${label} (${runs} run${runs > 1 ? "s" : ""})...`);
     const errors = [];
     const allScores = [];
     for (let runIndex = 0; runIndex < runs; runIndex++) {
@@ -129,7 +131,7 @@ async function runLighthouse(port, runs) {
         const chromeDir = path.join(baseTmpDir, `chrome-${runNumber}`);
         fs.mkdirSync(chromeDir, { recursive: true });
         console.log(`  [lh] Run ${runNumber}/${runs}`);
-        const child = (0, node_child_process_1.spawn)("node", [runnerPath, `http://127.0.0.1:${port}/`, reportPath, chromeDir], {
+        const child = (0, node_child_process_1.spawn)("node", [runnerPath, fullUrl, reportPath, chromeDir], {
             shell: false,
             stdio: ["ignore", "pipe", "pipe"],
             env: {
@@ -196,3 +198,74 @@ async function runLighthouse(port, runs) {
         await removeDirWithRetries(baseTmpDir);
     }
 }
+async function runLighthouse(port, runs, routePath = "/") {
+    const normalizedPath = routePath.startsWith("/") ? routePath : `/${routePath}`;
+    const label = normalizedPath === "/" ? "/" : normalizedPath;
+    return runLighthouseCore(`http://127.0.0.1:${port}${normalizedPath}`, runs, label);
+}
+/** Run Lighthouse against an arbitrary external URL (Pro: compare-env feature). */
+async function runLighthouseOnUrl(fullUrl, runs) {
+    return runLighthouseCore(fullUrl, runs, fullUrl);
+}
+/**
+ * Run Lighthouse on multiple routes and aggregate results.
+ *
+ * Aggregation strategy (weighted average):
+ *   - Root route "/" receives weight 2 (most visible page)
+ *   - All other routes receive weight 1
+ *
+ * Gold eligibility: every route must individually pass all thresholds.
+ * Silver/Bronze eligibility: based on the weighted-average aggregate score.
+ */
+async function runLighthouseOnRoutes(port, runs, routes) {
+    // Deduplicate and ensure "/" comes first
+    const seen = new Set();
+    const ordered = [];
+    for (const r of ["/", ...routes]) {
+        const normalized = r.startsWith("/") ? r : `/${r}`;
+        if (!seen.has(normalized)) {
+            seen.add(normalized);
+            ordered.push(normalized);
+        }
+    }
+    const perRoute = [];
+    for (const route of ordered) {
+        const result = await runLighthouse(port, runs, route);
+        perRoute.push({ route, scores: result.scores, errors: result.errors });
+    }
+    // Weighted average across routes that produced scores
+    const withScores = perRoute.filter((r) => r.scores !== null);
+    let aggregated = null;
+    if (withScores.length > 0) {
+        let totalWeight = 0;
+        let sumPerf = 0;
+        let sumA11y = 0;
+        let sumSeo = 0;
+        let sumBp = 0;
+        for (const r of withScores) {
+            const weight = r.route === "/" ? 2 : 1;
+            totalWeight += weight;
+            sumPerf += r.scores.performance * weight;
+            sumA11y += r.scores.accessibility * weight;
+            sumSeo += r.scores.seo * weight;
+            sumBp += r.scores.bestPractices * weight;
+        }
+        aggregated = {
+            performance: Math.round(sumPerf / totalWeight),
+            accessibility: Math.round(sumA11y / totalWeight),
+            seo: Math.round(sumSeo / totalWeight),
+            bestPractices: Math.round(sumBp / totalWeight),
+        };
+        console.log(`  Lighthouse aggregate (weighted avg): P=${aggregated.performance} A=${aggregated.accessibility} S=${aggregated.seo} BP=${aggregated.bestPractices}`);
+    }
+    return {
+        aggregated,
+        perRoute,
+        allRoutesPass(thresholds) {
+            return withScores.every((r) => r.scores.performance >= thresholds.performance &&
+                r.scores.accessibility >= thresholds.accessibility &&
+                r.scores.seo >= thresholds.seo &&
+                r.scores.bestPractices >= thresholds.bestPractices);
+        },
+    };
+}

package/dist/outdated-check.d.ts

@@ -0,0 +1,17 @@
+export interface OutdatedPackage {
+    name: string;
+    current: string;
+    wanted: string;
+    latest: string;
+    severity: "major" | "minor" | "patch";
+}
+export interface OutdatedCheckResult {
+    passed: boolean;
+    totalChecked: number;
+    outdatedCount: number;
+    majorOutdated: number;
+    packages: OutdatedPackage[];
+    advisory: string;
+    skipped: boolean;
+}
+export declare function runOutdatedCheck(projectDir: string, timeoutMs?: number): Promise<OutdatedCheckResult>;

package/dist/outdated-check.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runOutdatedCheck = runOutdatedCheck;
+/**
+ * Outdated dependency checker.
+ *
+ * Runs `npm outdated --json` and reports packages that are behind
+ * their latest version. Advisory-only — does not block deployment.
+ */
+const node_child_process_1 = require("node:child_process");
+function classifySemverDiff(current, latest) {
+    const parseVer = (v) => {
+        const cleaned = v.replace(/^\^|~|>=?|v/g, "").split(".")[0] ?? "0";
+        return parseInt(cleaned, 10) || 0;
+    };
+    const parseMinor = (v) => {
+        const parts = v.replace(/^\^|~|>=?|v/g, "").split(".");
+        return parseInt(parts[1] ?? "0", 10) || 0;
+    };
+    const curMajor = parseVer(current);
+    const latMajor = parseVer(latest);
+    if (latMajor > curMajor)
+        return "major";
+    const curMinor = parseMinor(current);
+    const latMinor = parseMinor(latest);
+    if (latMinor > curMinor)
+        return "minor";
+    return "patch";
+}
+async function runOutdatedCheck(projectDir, timeoutMs = 30000) {
+    console.log("  Running outdated dependency check...");
+    return new Promise((resolve) => {
+        const chunks = [];
+        const proc = process.platform === "win32"
+            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npm outdated --json"], { stdio: ["ignore", "pipe", "pipe"], cwd: projectDir, shell: false })
+            : (0, node_child_process_1.spawn)("npm", ["outdated", "--json"], {
+                shell: true,
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd: projectDir,
+            });
+        const timer = setTimeout(() => {
+            try {
+                proc.kill();
+            }
+            catch { }
+            resolve({
+                passed: true,
+                totalChecked: 0,
+                outdatedCount: 0,
+                majorOutdated: 0,
+                packages: [],
+                advisory: "Outdated check timed out",
+                skipped: false,
+            });
+        }, timeoutMs);
+        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
+        proc.stderr?.on("data", () => { });
+        proc.on("exit", (code) => {
+            clearTimeout(timer);
+            const output = chunks.join("");
+            // npm outdated exits with code 1 when outdated packages exist
+            // and code 0 when everything is up to date
+            if (code === 0 || !output.trim()) {
+                console.log("  Outdated: all packages up to date");
+                resolve({
+                    passed: true,
+                    totalChecked: 0,
+                    outdatedCount: 0,
+                    majorOutdated: 0,
+                    packages: [],
+                    advisory: "All packages up to date",
+                    skipped: false,
+                });
+                return;
+            }
+            try {
+                const data = JSON.parse(output);
+                const packages = [];
+                for (const [name, info] of Object.entries(data)) {
+                    if (!info.current || !info.latest)
+                        continue;
+                    const severity = classifySemverDiff(info.current, info.latest);
+                    packages.push({
+                        name,
+                        current: info.current,
+                        wanted: info.wanted ?? info.current,
+                        latest: info.latest,
+                        severity,
+                    });
+                }
+                const majorOutdated = packages.filter((p) => p.severity === "major").length;
+                const outdatedCount = packages.length;
+                const advisory = majorOutdated > 0
+                    ? `${majorOutdated} major version(s) behind latest; ${outdatedCount} total outdated`
+                    : `${outdatedCount} package(s) behind latest (no major)`;
+                console.log(`  Outdated: ${advisory}`);
+                for (const pkg of packages.filter((p) => p.severity === "major").slice(0, 5)) {
+                    console.log(`    ${pkg.name}: ${pkg.current} → ${pkg.latest} (${pkg.severity})`);
+                }
+                resolve({
+                    passed: majorOutdated === 0,
+                    totalChecked: 0,
+                    outdatedCount,
+                    majorOutdated,
+                    packages,
+                    advisory,
+                    skipped: false,
+                });
+            }
+            catch {
+                resolve({
+                    passed: true,
+                    totalChecked: 0,
+                    outdatedCount: 0,
+                    majorOutdated: 0,
+                    packages: [],
+                    advisory: "Could not parse npm outdated output",
+                    skipped: false,
+                });
+            }
+        });
+    });
+}