enhancement: add CI smoke tests and cross-platform gating before release

[BraedenBDev]

Summary

crawl-sim has a publish workflow, but it does not currently have CI that gates merges on test, smoke, and cross-platform script validation.

That gap is directly related to several defects found in the public-release audit:

• macOS-only robots.txt regression
• broken compare report generation on the happy path
• report-generator security regression

These are exactly the kinds of failures that a lightweight CI matrix should catch before release tags are cut.

Current state

• tests exist and pass locally (npm test)
• publish workflow exists
• branch protection on main is effectively off
• no mandatory CI status check is present for release-critical paths

Suggested improvements

1. Add a CI workflow that runs on push and pull_request.
2. Run at least:
   • npm test
   • a compare-report smoke test
   • an HTML-report generation smoke test
3. Add a small OS matrix for shell portability:
   • ubuntu-latest
   • macos-latest
4. Wire branch protection to require the CI workflow before merging.

Why this matters

This repo is positioning itself as a public OSS tool and npm/plugin install target. Release confidence should come from automation, not just local verification.

Acceptance criteria

• A CI workflow runs on pushes and PRs.
• npm test is part of CI.
• CI includes at least one compare-report smoke test.
• CI includes at least one HTML-report generation smoke test.
• CI runs on both Linux and macOS.
• main is protected by required CI status checks.

[BraedenBDev]

A substantial part of this landed on \ in commit 4061b5b: a new CI workflow now runs on pushes and PRs across Ubuntu and macOS, and it exercises the regression suite plus package smoke checks. The remaining open item here is branch-protection enforcement / required status checks.

[BraedenBDev]

A substantial part of this landed on main in commit 4061b5b: a new CI workflow now runs on pushes and PRs across Ubuntu and macOS, and it exercises the regression suite plus package smoke checks. The remaining open item here is branch-protection enforcement / required status checks.

[BraedenBDev]

Status after v1.5.0 shipped:

• ✅ CI workflow runs on push + PR (.github/workflows/ci.yml)
• ✅ npm test is part of CI
• ✅ CI includes compare-report + report-generation + sitemap/robots/llms smoke tests (covered by test/run-scoring-tests.sh)
• ✅ CI runs on both ubuntu-latest and macos-latest (matrix)
• ⬜ main protected by required CI status checks — single remaining AC, requires a GitHub UI toggle at Settings → Branches → Branch protection rules, adding verify (ubuntu-latest) and verify (macos-latest) as required checks

Ready to close once the required-check toggle is flipped.