laxy-verify 1.2.2 → 1.2.3

package/dist/security-audit.js

@@ -1,15 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.auditSecurityHeaders = auditSecurityHeaders;
 exports.runSecurityAudit = runSecurityAudit;
 /**
- * npm audit wrapper for Pro/Pro+ security scanning.
+ * npm audit wrapper plus runtime security-header checks.
  *
- * Runs `npm audit --json` in the project directory and extracts
- * severity counts + a short summary for the verification report.
+ * The package audit catches known dependency vulnerabilities.
+ * The header audit adds shallow runtime coverage for common missing
+ * browser-enforced protections on the running app.
  */
 const node_child_process_1 = require("node:child_process");
-async function runSecurityAudit(cwd, timeoutMs = 30000) {
-    console.log("  Running security audit (npm audit)...");
+async function runNpmAudit(cwd, timeoutMs) {
     return new Promise((resolve) => {
         const chunks = [];
         const proc = process.platform === "win32"
@@ -27,38 +28,100 @@ async function runSecurityAudit(cwd, timeoutMs = 30000) {
                 proc.kill();
             }
             catch { }
-            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit timed out" });
+            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
         }, timeoutMs);
         proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
-        proc.stderr?.on("data", () => { }); // ignore stderr
+        proc.stderr?.on("data", () => { });
         proc.on("exit", () => {
             clearTimeout(timer);
-            const raw = chunks.join("");
             try {
-                const json = JSON.parse(raw);
-                // npm audit v2 format
+                const json = JSON.parse(chunks.join(""));
                 const meta = json.metadata?.vulnerabilities ?? json.vulnerabilities ?? {};
                 const critical = meta.critical ?? 0;
                 const high = meta.high ?? 0;
                 const moderate = meta.moderate ?? 0;
                 const low = meta.low ?? 0;
-                const total = critical + high + moderate + low;
-                const parts = [];
-                if (critical > 0)
-                    parts.push(`${critical} critical`);
-                if (high > 0)
-                    parts.push(`${high} high`);
-                if (moderate > 0)
-                    parts.push(`${moderate} moderate`);
-                if (low > 0)
-                    parts.push(`${low} low`);
-                const summary = total === 0 ? "No known vulnerabilities" : parts.join(", ");
-                console.log(`  Security: ${summary}`);
-                resolve({ totalVulnerabilities: total, critical, high, moderate, low, summary });
+                resolve({
+                    totalVulnerabilities: critical + high + moderate + low,
+                    critical,
+                    high,
+                    moderate,
+                    low,
+                });
             }
             catch {
-                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit parse failed" });
+                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
             }
         });
     });
 }
+async function auditSecurityHeaders(url) {
+    const requiredHeaders = ["X-Frame-Options", "Content-Security-Policy"];
+    const urlObj = new URL(url);
+    if (urlObj.protocol === "https:") {
+        requiredHeaders.push("Strict-Transport-Security");
+    }
+    let response;
+    try {
+        response = await fetch(url, {
+            method: "HEAD",
+            redirect: "follow",
+            signal: AbortSignal.timeout(5000),
+        });
+    }
+    catch {
+        try {
+            response = await fetch(url, {
+                method: "GET",
+                redirect: "follow",
+                signal: AbortSignal.timeout(5000),
+            });
+        }
+        catch (error) {
+            return {
+                missingHeaders: [],
+                checkedUrl: url,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    const missingHeaders = requiredHeaders.filter((headerName) => !response.headers.get(headerName));
+    return {
+        missingHeaders,
+        checkedUrl: response.url || url,
+    };
+}
+async function runSecurityAudit(cwd, appUrl, timeoutMs = 30000) {
+    console.log("  Running security audit (npm audit + runtime headers)...");
+    const [npmAudit, headerAudit] = await Promise.all([
+        runNpmAudit(cwd, timeoutMs),
+        appUrl ? auditSecurityHeaders(appUrl) : Promise.resolve(null),
+    ]);
+    const parts = [];
+    if (npmAudit.critical > 0)
+        parts.push(`${npmAudit.critical} critical`);
+    if (npmAudit.high > 0)
+        parts.push(`${npmAudit.high} high`);
+    if (npmAudit.moderate > 0)
+        parts.push(`${npmAudit.moderate} moderate`);
+    if (npmAudit.low > 0)
+        parts.push(`${npmAudit.low} low`);
+    const missingHeaders = headerAudit?.missingHeaders ?? [];
+    if (missingHeaders.length > 0) {
+        parts.push(`missing headers: ${missingHeaders.join(", ")}`);
+    }
+    if (headerAudit?.error) {
+        parts.push(`header check skipped: ${headerAudit.error}`);
+    }
+    const summary = parts.length > 0
+        ? parts.join(" | ")
+        : "No known vulnerabilities or missing security headers";
+    console.log(`  Security: ${summary}`);
+    return {
+        ...npmAudit,
+        summary,
+        missingHeaders,
+        headerCheckUrl: headerAudit?.checkedUrl,
+        headerCheckError: headerAudit?.error,
+    };
+}

package/dist/seo-deep.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Deep SEO audit.
+ *
+ * Checks page-level SEO signals beyond Lighthouse's basic SEO category:
+ * title, meta description, canonical, robots, Open Graph, Twitter Card,
+ * JSON-LD structured data. Runs against the running dev server via HTTP.
+ */
+export interface SeoDeepResult {
+    passed: boolean;
+    checks: SeoCheck[];
+    warningCount: number;
+    errorCount: number;
+    url: string;
+    skipped: boolean;
+    summary: string;
+}
+export interface SeoCheck {
+    key: string;
+    label: string;
+    passed: boolean;
+    value: string | null;
+    severity: "error" | "warning";
+}
+export declare function runSeoDeep(url: string): Promise<SeoDeepResult>;

package/dist/seo-deep.js

@@ -0,0 +1,147 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runSeoDeep = runSeoDeep;
+async function fetchPageHtml(url) {
+    try {
+        const res = await fetch(url, {
+            signal: AbortSignal.timeout(10000),
+            headers: { "User-Agent": "laxy-verify/1.0" },
+        });
+        if (!res.ok)
+            return null;
+        return await res.text();
+    }
+    catch {
+        return null;
+    }
+}
+function extractMetaContent(html, nameAttr) {
+    // Match <meta name="..." content="..."> or <meta property="..." content="...">
+    const regex = new RegExp(`<meta\\s+(?:name|property)=["']${nameAttr}["']\\s+content=["']([^"']*)["']`, "i");
+    const match = html.match(regex);
+    if (match)
+        return match[1];
+    // Also try content before name/property
+    const regex2 = new RegExp(`<meta\\s+content=["']([^"']*)["']\\s+(?:name|property)=["']${nameAttr}["']`, "i");
+    const match2 = html.match(regex2);
+    return match2 ? match2[1] : null;
+}
+function extractTitle(html) {
+    const match = html.match(/<title[^>]*>([^<]*)<\/title>/i);
+    return match ? match[1].trim() : null;
+}
+function extractCanonical(html) {
+    const match = html.match(/<link[^>]+rel=["']canonical["'][^>]+href=["']([^"']*)["']/i);
+    return match ? match[1] : null;
+}
+function extractRobotsMeta(html) {
+    return extractMetaContent(html, "robots");
+}
+function hasJsonLd(html) {
+    return /<script[^>]+type=["']application\/ld\+json["']/i.test(html);
+}
+async function runSeoDeep(url) {
+    console.log("  Running deep SEO audit...");
+    const html = await fetchPageHtml(url);
+    if (!html) {
+        return {
+            passed: true,
+            checks: [],
+            warningCount: 0,
+            errorCount: 0,
+            url,
+            skipped: true,
+            summary: "Skipped (could not fetch page)",
+        };
+    }
+    const checks = [];
+    // Title
+    const title = extractTitle(html);
+    checks.push({
+        key: "title",
+        label: "Page title",
+        passed: !!title && title.length > 0 && title.length <= 60,
+        value: title,
+        severity: "error",
+    });
+    // Meta description
+    const description = extractMetaContent(html, "description");
+    checks.push({
+        key: "description",
+        label: "Meta description",
+        passed: !!description && description.length > 0 && description.length <= 160,
+        value: description,
+        severity: "warning",
+    });
+    // Canonical
+    const canonical = extractCanonical(html);
+    checks.push({
+        key: "canonical",
+        label: "Canonical URL",
+        passed: !!canonical,
+        value: canonical,
+        severity: "warning",
+    });
+    // Robots
+    const robots = extractRobotsMeta(html);
+    const robotsNoindex = robots?.includes("noindex") ?? false;
+    checks.push({
+        key: "robots",
+        label: "Robots meta",
+        passed: !robotsNoindex,
+        value: robots ?? "(not set — defaults to index)",
+        severity: "error",
+    });
+    // Open Graph
+    const ogTitle = extractMetaContent(html, "og:title");
+    const ogDescription = extractMetaContent(html, "og:description");
+    const ogImage = extractMetaContent(html, "og:image");
+    const hasOg = ogTitle || ogDescription || ogImage;
+    checks.push({
+        key: "og",
+        label: "Open Graph tags",
+        passed: !!hasOg,
+        value: hasOg
+            ? [ogTitle && "title", ogDescription && "desc", ogImage && "image"].filter(Boolean).join(", ")
+            : null,
+        severity: "warning",
+    });
+    // Twitter Card
+    const twitterCard = extractMetaContent(html, "twitter:card");
+    const twitterTitle = extractMetaContent(html, "twitter:title");
+    const hasTwitter = twitterCard || twitterTitle;
+    checks.push({
+        key: "twitter",
+        label: "Twitter Card tags",
+        passed: !!hasTwitter,
+        value: hasTwitter
+            ? [twitterCard && "card", twitterTitle && "title"].filter(Boolean).join(", ")
+            : null,
+        severity: "warning",
+    });
+    // JSON-LD
+    const jsonLd = hasJsonLd(html);
+    checks.push({
+        key: "jsonld",
+        label: "JSON-LD structured data",
+        passed: jsonLd,
+        value: jsonLd ? "present" : null,
+        severity: "warning",
+    });
+    const errorCount = checks.filter((c) => !c.passed && c.severity === "error").length;
+    const warningCount = checks.filter((c) => !c.passed && c.severity === "warning").length;
+    const passed = errorCount === 0;
+    const parts = [];
+    if (errorCount > 0)
+        parts.push(`${errorCount} error(s)`);
+    if (warningCount > 0)
+        parts.push(`${warningCount} warning(s)`);
+    const summary = parts.length > 0
+        ? parts.join(", ")
+        : "All SEO checks passed";
+    console.log(`  SEO deep: ${summary}`);
+    for (const check of checks.filter((c) => !c.passed)) {
+        console.error(`    [${check.severity}] ${check.label}: ${check.value ?? "missing"}`);
+    }
+    return { passed, checks, warningCount, errorCount, url, skipped: false, summary };
+}

package/dist/typecheck.d.ts

@@ -0,0 +1,8 @@
+export interface TypecheckResult {
+    passed: boolean;
+    errorCount: number;
+    errors: string[];
+    skipped: boolean;
+    durationMs: number;
+}
+export declare function runTypecheck(projectDir: string, timeoutMs?: number): Promise<TypecheckResult>;

package/dist/typecheck.js

@@ -0,0 +1,99 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runTypecheck = runTypecheck;
+/**
+ * TypeScript type-check verification.
+ *
+ * Runs `tsc --noEmit` to catch type errors that may slip through a
+ * lenient build pipeline. If no tsconfig.json is found the check is
+ * skipped gracefully.
+ */
+const node_child_process_1 = require("node:child_process");
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+async function runTypecheck(projectDir, timeoutMs = 60000) {
+    const tsconfigPath = path.join(projectDir, "tsconfig.json");
+    if (!fs.existsSync(tsconfigPath)) {
+        return { passed: true, errorCount: 0, errors: [], skipped: true, durationMs: 0 };
+    }
+    console.log("  Running TypeScript type check (tsc --noEmit)...");
+    const start = Date.now();
+    return new Promise((resolve) => {
+        const chunks = [];
+        const proc = process.platform === "win32"
+            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npx tsc --noEmit"], { stdio: ["ignore", "pipe", "pipe"], cwd: projectDir, shell: false })
+            : (0, node_child_process_1.spawn)("npx", ["tsc", "--noEmit"], {
+                shell: true,
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd: projectDir,
+            });
+        const timer = setTimeout(() => {
+            try {
+                proc.kill();
+            }
+            catch { }
+            resolve({
+                passed: false,
+                errorCount: -1,
+                errors: ["Typecheck timed out"],
+                skipped: false,
+                durationMs: Date.now() - start,
+            });
+        }, timeoutMs);
+        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
+        proc.stderr?.on("data", (chunk) => chunks.push(chunk.toString()));
+        proc.on("exit", (code) => {
+            clearTimeout(timer);
+            const durationMs = Date.now() - start;
+            const output = chunks.join("");
+            const passed = code === 0;
+            if (passed) {
+                console.log("  TypeScript: OK (no type errors)");
+                resolve({ passed: true, errorCount: 0, errors: [], skipped: false, durationMs });
+                return;
+            }
+            const lines = output.split("\n").filter((l) => l.trim().length > 0);
+            const errorLines = lines.filter((l) => /error TS\d+/i.test(l));
+            const errorCount = errorLines.length || lines.length;
+            const errors = errorLines.slice(0, 10);
+            console.log(`  TypeScript: ${errorCount} type error(s)`);
+            for (const err of errors.slice(0, 3)) {
+                console.error(`    ${err.trim()}`);
+            }
+            resolve({ passed: false, errorCount, errors, skipped: false, durationMs });
+        });
+    });
+}

package/dist/verification-core/report.js

@@ -72,6 +72,16 @@ function buildVerificationEvidence(input, thresholds = exports.DEFAULT_LH_THRESH
     const mobileLighthousePassed = hasMobileLighthouseData
         ? getLighthousePass(input.mobileLighthouseScores, thresholds)
         : false;
+    const hasTypecheckData = !!input.typecheck && !input.typecheck.skipped;
+    const typecheckPassed = hasTypecheckData ? input.typecheck.passed : true;
+    const hasSecretScanData = !!input.secretScan && !input.secretScan.skipped;
+    const secretScanPassed = hasSecretScanData ? input.secretScan.passed : true;
+    const hasA11yDeepData = !!input.a11yDeep && !input.a11yDeep.skipped;
+    const a11yDeepPassed = hasA11yDeepData ? input.a11yDeep.passed : true;
+    const hasSeoDeepData = !!input.seoDeep && !input.seoDeep.skipped;
+    const seoDeepPassed = hasSeoDeepData ? input.seoDeep.passed : true;
+    const hasVitalsBudgetData = !!input.vitalsBudget && !input.vitalsBudget.skipped;
+    const vitalsBudgetPassed = hasVitalsBudgetData ? input.vitalsBudget.passed : true;
     return {
         input,
         thresholds,
@@ -92,6 +102,16 @@ function buildVerificationEvidence(input, thresholds = exports.DEFAULT_LH_THRESH
         securityPassed,
         hasMobileLighthouseData,
         mobileLighthousePassed,
+        hasTypecheckData,
+        typecheckPassed,
+        hasSecretScanData,
+        secretScanPassed,
+        hasA11yDeepData,
+        a11yDeepPassed,
+        hasSeoDeepData,
+        seoDeepPassed,
+        hasVitalsBudgetData,
+        vitalsBudgetPassed,
     };
 }
 function getImprovementRecommendations(input, thresholds = exports.DEFAULT_LH_THRESHOLDS) {
@@ -279,6 +299,82 @@ function getImprovementRecommendations(input, thresholds = exports.DEFAULT_LH_TH
             action: "Rerun Lighthouse and inspect the failing run logs before trusting this result in CI.",
         });
     }
+    // TypeScript type errors — blocker-capable
+    if (input.typecheck && !input.typecheck.skipped && !input.typecheck.passed) {
+        findings.push({
+            category: "typecheck",
+            severity: input.typecheck.errorCount >= 5 ? "high" : "medium",
+            title: `TypeScript type errors (${input.typecheck.errorCount})`,
+            description: "Type errors indicate potential runtime bugs that the build pipeline may not catch.",
+            action: "Fix the TypeScript errors and rerun verification.",
+        });
+    }
+    // Secret scan — blocker-capable
+    if (input.secretScan && !input.secretScan.skipped && !input.secretScan.passed) {
+        findings.push({
+            category: "secrets",
+            severity: "high",
+            title: `Hardcoded secrets detected (${input.secretScan.findingsCount})`,
+            description: `Found ${input.secretScan.findingsCount} potential secret(s) in ${input.secretScan.filesScanned} scanned files. Leaked secrets are a deployment risk.`,
+            action: "Move secrets to environment variables and rotate any compromised credentials.",
+        });
+    }
+    // Deep accessibility — blocker-capable
+    if (input.a11yDeep && !input.a11yDeep.skipped && !input.a11yDeep.passed) {
+        const critical = input.a11yDeep.criticalCount;
+        const serious = input.a11yDeep.seriousCount;
+        findings.push({
+            category: "accessibility",
+            severity: critical > 0 ? "high" : "medium",
+            title: `WCAG violations found (${critical} critical, ${serious} serious)`,
+            description: input.a11yDeep.summary,
+            action: "Fix the critical and serious WCAG violations before release.",
+        });
+    }
+    // Deep SEO — advisory
+    if (input.seoDeep && !input.seoDeep.skipped && !input.seoDeep.passed) {
+        findings.push({
+            category: "seo",
+            severity: "medium",
+            title: `SEO issues detected (${input.seoDeep.errorCount} errors, ${input.seoDeep.warningCount} warnings)`,
+            description: input.seoDeep.summary,
+            action: "Fix missing or incorrect SEO meta tags.",
+        });
+    }
+    // Vitals budget — advisory
+    if (input.vitalsBudget && !input.vitalsBudget.skipped && !input.vitalsBudget.passed) {
+        findings.push({
+            category: "vitals",
+            severity: "medium",
+            title: `Core Web Vitals budget exceeded`,
+            description: input.vitalsBudget.summary,
+            action: "Optimize performance to meet the Core Web Vitals budget thresholds.",
+        });
+    }
+    // Outdated dependencies — advisory
+    if (input.outdatedCheck && !input.outdatedCheck.skipped && input.outdatedCheck.majorOutdated > 0) {
+        findings.push({
+            category: "bestPractices",
+            severity: "medium",
+            title: `${input.outdatedCheck.majorOutdated} major version(s) behind latest`,
+            description: input.outdatedCheck.advisory,
+            action: "Update outdated dependencies, especially those with major version gaps.",
+        });
+    }
+    // Bundle size — advisory (only if thresholds exceeded)
+    if (input.bundleSize && !input.bundleSize.skipped) {
+        const firstLoad = input.bundleSize.firstLoadJsKb;
+        const largest = input.bundleSize.largestChunkKb;
+        if ((firstLoad !== null && firstLoad > 200) || (largest !== null && largest > 300)) {
+            findings.push({
+                category: "performance",
+                severity: "medium",
+                title: `Bundle size advisory threshold exceeded`,
+                description: input.bundleSize.advisory,
+                action: "Reduce bundle size by code-splitting, tree-shaking, or lazy-loading large dependencies.",
+            });
+        }
+    }
     const lighthouseScores = input.lighthouseScores;
     if (!lighthouseScores) {
         return findings;
@@ -388,6 +484,27 @@ function buildVerificationReport(input, options) {
         ...(evidence.hasLighthouseData
             ? [{ key: "lighthouse", label: "Lighthouse thresholds", passed: evidence.lighthousePassed }]
             : []),
+        ...(evidence.hasTypecheckData
+            ? [{ key: "typecheck", label: `TypeScript (${input.typecheck?.errorCount ?? 0} errors)`, passed: evidence.typecheckPassed }]
+            : []),
+        ...(evidence.hasSecretScanData
+            ? [{ key: "secret-scan", label: `Secret scan (${input.secretScan?.findingsCount ?? 0} findings)`, passed: evidence.secretScanPassed }]
+            : []),
+        ...(evidence.hasA11yDeepData
+            ? [{ key: "a11y-deep", label: `WCAG deep (${input.a11yDeep?.criticalCount ?? 0} critical)`, passed: evidence.a11yDeepPassed }]
+            : []),
+        ...(evidence.hasSeoDeepData
+            ? [{ key: "seo-deep", label: `SEO deep (${input.seoDeep?.errorCount ?? 0} errors)`, passed: evidence.seoDeepPassed }]
+            : []),
+        ...(evidence.hasVitalsBudgetData
+            ? [{ key: "vitals-budget", label: "Core Web Vitals budget", passed: evidence.vitalsBudgetPassed }]
+            : []),
+        ...(input.bundleSize && !input.bundleSize.skipped
+            ? [{ key: "bundle-size", label: `Bundle size (${input.bundleSize.framework})`, passed: true }]
+            : []),
+        ...(input.outdatedCheck && !input.outdatedCheck.skipped
+            ? [{ key: "outdated-check", label: `Outdated deps (${input.outdatedCheck.outdatedCount} outdated)`, passed: input.outdatedCheck.majorOutdated === 0 }]
+            : []),
     ];
     const nextActions = [...blockers, ...warnings].slice(0, 4).map((finding) => finding.action);
     return {

package/dist/verification-core/types.d.ts

@@ -43,14 +43,60 @@ export interface VerificationInput {
         brokenCount: number;
         summary: string;
     };
+    typecheck?: {
+        passed: boolean;
+        errorCount: number;
+        skipped: boolean;
+    };
+    secretScan?: {
+        passed: boolean;
+        findingsCount: number;
+        filesScanned: number;
+        skipped: boolean;
+    };
+    a11yDeep?: {
+        passed: boolean;
+        criticalCount: number;
+        seriousCount: number;
+        summary: string;
+        skipped: boolean;
+    };
+    seoDeep?: {
+        passed: boolean;
+        errorCount: number;
+        warningCount: number;
+        summary: string;
+        skipped: boolean;
+    };
+    vitalsBudget?: {
+        passed: boolean;
+        lcp: number | null;
+        cls: number | null;
+        inp: number | null;
+        summary: string;
+        skipped: boolean;
+    };
+    bundleSize?: {
+        framework: string;
+        firstLoadJsKb: number | null;
+        largestChunkKb: number | null;
+        advisory: string;
+        skipped: boolean;
+    };
+    outdatedCheck?: {
+        outdatedCount: number;
+        majorOutdated: number;
+        advisory: string;
+        skipped: boolean;
+    };
 }
 export interface VerificationCheck {
-    key: "build" | "e2e" | "lighthouse" | "viewport" | "visual" | "security" | "mobile-lh" | "console-errors" | "broken-links";
+    key: "build" | "e2e" | "lighthouse" | "viewport" | "visual" | "security" | "mobile-lh" | "console-errors" | "broken-links" | "typecheck" | "secret-scan" | "a11y-deep" | "seo-deep" | "vitals-budget" | "bundle-size" | "outdated-check";
     label: string;
     passed: boolean;
 }
 export interface VerificationFinding {
-    category: "build" | "performance" | "accessibility" | "seo" | "bestPractices" | "e2e" | "viewport" | "visual" | "security" | "runtime";
+    category: "build" | "performance" | "accessibility" | "seo" | "bestPractices" | "e2e" | "viewport" | "visual" | "security" | "runtime" | "typecheck" | "secrets" | "vitals";
     severity: "critical" | "high" | "medium";
     title: string;
     description: string;
@@ -76,6 +122,16 @@ export interface VerificationEvidence {
     securityPassed: boolean;
     hasMobileLighthouseData: boolean;
     mobileLighthousePassed: boolean;
+    hasTypecheckData: boolean;
+    typecheckPassed: boolean;
+    hasSecretScanData: boolean;
+    secretScanPassed: boolean;
+    hasA11yDeepData: boolean;
+    a11yDeepPassed: boolean;
+    hasSeoDeepData: boolean;
+    seoDeepPassed: boolean;
+    hasVitalsBudgetData: boolean;
+    vitalsBudgetPassed: boolean;
 }
 export interface VerificationReport {
     tier: VerificationTier;

package/dist/visual-diff.d.ts

@@ -22,5 +22,12 @@ export interface VisualDiffResult {
     viewports: VisualDiffViewportResult[];
     summary: string;
 }
+export interface VisualDiffOptions {
+    pixelmatchThreshold?: number;
+    warnThreshold?: number;
+    rollbackThreshold?: number;
+    ignoreSelectors?: string[];
+    disableAnimations?: boolean;
+}
 export declare function formatVisualDiffSummary(result: VisualDiffResult): string;
-export declare function runVisualDiff(projectDir: string, url: string, label?: string): Promise<VisualDiffResult>;
+export declare function runVisualDiff(projectDir: string, url: string, label?: string, options?: VisualDiffOptions): Promise<VisualDiffResult>;