JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 72
  • Score
    100M100P100Q101709F
  • License UNLICENSED

Portfolio-wide post-deployment web QA/QC runner. Locked manifest/report contract, Playwright-driven checks, Vantage-integrated incidents.

Package Exports

  • @eleetai/verify
  • @eleetai/verify/schemas/manifest
  • @eleetai/verify/schemas/report

Readme

verify

Portfolio-wide post-deployment web QA/QC. One manifest. One report. Zero manual checks.

verify is the hard gate between deploy and done. Drop a .verify.json manifest into any project, run verify run, and get back a machine-readable report covering console errors, GA4/Ads firing, broken links, unrendered template tokens, SEO metadata, accessibility, Lighthouse budgets, visual regressions, form submissions, authenticated flows, and more. On failure, verify auto-raises a Vantage incident in the calling project with fingerprint-based deduplication. On the next PASS, it resolves itself.

5-Minute Onboarding

# In any project you want to QA:
cd ~/projects/your-project
npx @eleetai/verify init           # scaffolds .verify.json with sensible defaults
verify run --env prod              # run against production
# → writes runs/<project>/<timestamp>/report.json, exits 0 on PASS

That's it. If anything failed, the report tells you what, where, and how to fix it. A Vantage incident is opened in your project until you redeploy and rerun.

What it checks

Universal (every consumer gets these for free)

  • Console errors & pageerror events — with manifest-declared suppressions
  • Network 4xx/5xx on main document and same-origin
  • Resource 404s — images, CSS, JS, favicons
  • Unrendered template tokens{{var}}, ${...}, literal undefined leaking into visible text
  • Mixed contenthttp:// on https://
  • SEO metadata — title, description, canonical, OG tags, JSON-LD schema
  • Broken links — same-origin crawl at declared rate limit
  • Canonical host — canonical URL host matches manifest allowlist
  • CSP violations — surfaced from console
  • robots.txt + sitemap.xml — present and well-formed

Expectation-driven (declared per-project in .verify.json)

  • GA4 firing — intercepts /collect?v=2, compares tid to manifest
  • Google Ads firingAW- tag verification
  • Forbidden text — regex scan for strings that must NOT appear (old brand names, unset template tokens)
  • Required text — strings that MUST appear (USPs, compliance disclaimers)
  • Form submissions — fill + submit + assert post-submit state
  • Authenticated flows — Cognito or form login via Vantage-vault secrets
  • Lighthouse budgets — LCP, CLS, TBT, a11y, SEO, performance scores

Orchestrator-level (automatic)

  • Multi-viewport — desktop (1280×720) + mobile (390×844) for every route
  • Visual regression.verify/baselines/ comparison per route × viewport, diff PNG on failure
  • Regression detection — tags the run regression: true when previous PASS becomes current FAIL
  • JUnit XML output--junit report.xml for CI consumption

Invocation modes

  • CLIverify run [--env prod|staging] [--junit PATH] [--dry-run]
  • MCP — drop templates/mcp/verify.mcp.json into any project's .mcp.json; Claude Code agents invoke verify_run, verify_get_latest_report, verify_list_runs, verify_update_baselines
  • Scheduledverify schedule --project NAME --cron "0 2 * * *" registers a Vantage cron-script agent for nightly runs

The contract

Both schemas are frozen at v1. Breaking changes are major-version events.

  • Manifest: schemas/manifest.schema.json — the public API
  • Report: schemas/report.schema.json — the wire protocol
  • Examples: examples/nc.verify.json, examples/eleetai.verify.json

See docs/PLAYBOOKS.md for per-site-type cookbooks (static Next.js, Astro marketing, SPA with Cognito auth, landing pages optimized for ads).

Vantage integration

When .verify.json has vantage.enabled: true and project_id set:

Event verify action Vantage effect
FAIL (first) POST /api/v1/incidents with fingerprint Incident opened in calling project, severity per manifest
FAIL (repeat) Same POST, same fingerprint Vantage dedupes: increments count, updates last_seen_at
PASS after FAIL PATCH /api/v1/incidents/{id} Auto-resolves with "rerun passed"
Auth flow GET /api/v1/secrets/{label} + X-Vantage-Project: {caller} 200 if bound, 403 if not
verify itself errors Incident raised against verify project_id (never the caller) Isolates runner bugs from consumer noise

No Vantage code changes required — uses shipped endpoints. See docs/SYSTEM_ARCHITECTURE.md for wire details.

Philosophy

Read ~/projects/zeos-apps/verify/VERIFY_SOUL.md for the full doctrine. In brief:

  1. Schema is scripture. The manifest and report are the product.
  2. Hard gate, not suggestion. No bypass flags. Suppressions are explicit, dated, auditable.
  3. Checks are pure. One file, one function, one result.
  4. Evidence or it didn't happen. Every check ships artifacts.
  5. AI-native first. The report is designed for agents to parse and act on.
  6. Platform, not product. Adding a check benefits every consumer immediately.

Status

Phase 0 — zeos scaffold complete. Schemas locking. Runner in progress.

See docs/MASTER_ROADMAP.md for current phase and open work.

verify is an eleet.ai service offering. Part of the zeos venture factory control plane.