command-verify.md

verify

verify answers one question: can this repository work right now?

It is stricter than audit.

• audit checks whether a repo matches the standard.
• verify checks whether the repo is runnable and releasable enough for day-to-day development.

Command

oss-bootstrap verify --target <path> [--json]

Behavior

verify runs in three phases:

1. Load repo metadata
2. Validate required structure
3. Execute core scripts

Required structure checks

These checks must pass for verify to return PASS:

• package.json exists and is valid JSON
• README.md exists
• LICENSE exists
• AGENTS.md exists
• tsconfig.json exists
• .github/workflows/ci.yml exists
• required scripts exist in package.json
  • build
  • lint
  • test
  • typecheck

Metadata warnings

These do not fail verify by themselves, but they should be reported:

• missing repository
• missing exports
• missing files
• missing packageManager

Script execution

If required scripts are present, verify attempts to run:

1. lint
2. test
3. build
4. typecheck

The package manager is detected in this order:

1. package.json.packageManager
2. lockfile (pnpm-lock.yaml, package-lock.json, yarn.lock)
3. fallback to pnpm

If any script exits non-zero, verify returns FAIL.

Output contract

Human-readable output must include:

• final status: PASS or FAIL
• target path
• failed checks
• warnings
• executed commands

JSON output must include:

• status
• target
• packageManager
• failures
• warnings
• commands

Exit behavior

• exit 0: PASS
• exit 1: FAIL

Non-goals for v1

• auto-install dependencies
• auto-fix missing scripts
• starter-specific deep semantic checks