mt4110 · mt4110 · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   verify-lite:
-    if: ${{ vars.SELF_HOSTED_OWNER != '' && github.repository_owner == vars.SELF_HOSTED_OWNER && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) }}
+    if: ${{ github.event.act == true || (vars.SELF_HOSTED_OWNER != '' && github.repository_owner == vars.SELF_HOSTED_OWNER && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) }}
     runs-on:
       - self-hosted
       - mac-mini
@@ -23,44 +23,72 @@ jobs:
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
 
       - name: Setup Go
+        if: ${{ !env.ACT }}
         uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff
         with:
           go-version-file: go.mod
 
+      - name: Setup Go For act
+        if: ${{ env.ACT }}
+        shell: bash
+        run: |
+          if command -v go >/dev/null 2>&1; then
+            go version
+          elif command -v mise >/dev/null 2>&1; then
+            mise x -- go version
+          else
+            echo "ERROR: go or mise is required for local act runs"
+            exit 1
+          fi
+
       - name: Verify Lite
-        run: go run ./cmd/verify-lite
+        shell: bash
+        run: |
+          run_go() {
+            if command -v go >/dev/null 2>&1; then
+              go "$@"
+            elif command -v mise >/dev/null 2>&1; then
+              mise x -- go "$@"
+            else
+              echo "ERROR: go or mise is required"
+              return 127
+            fi
+          }
+          run_go run ./cmd/verify-lite
 
       - name: Append Verify Lite Status To Job Summary
         if: always()
         run: |
+          if [[ -z "${GITHUB_STEP_SUMMARY:-}" ]]; then
+            echo "SKIP: step_summary reason=missing_env"
+            exit 0
+          fi
           echo "## verify-lite.status" >> "$GITHUB_STEP_SUMMARY"
           cat out/verify-lite.status >> "$GITHUB_STEP_SUMMARY" || echo "(missing: out/verify-lite.status)" >> "$GITHUB_STEP_SUMMARY"
 
       - name: Evaluate Verify Lite Status
         if: always()
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b
-        with:
-          script: |
-            const fs = require('fs');
-            const path = 'out/verify-lite.status';
-            if (!fs.existsSync(path)) {
-              core.setFailed('verify-lite.status missing');
-            } else {
-              const content = fs.readFileSync(path, 'utf8');
-              if (content.includes('ERROR:') || content.includes('status=ERROR')) {
-                core.setFailed('verify-lite reported ERROR');
-              }
-            }
+        shell: bash
+        run: |
+          path='out/verify-lite.status'
+          if [[ ! -f "$path" ]]; then
+            echo "verify-lite.status missing"
+            exit 1
+          fi
+          if grep -Eq 'ERROR:|status=ERROR' "$path"; then
+            echo "verify-lite reported ERROR"
+            exit 1
+          fi
 
       - name: Notify Discord (CI Alerts)
-        if: always()
+        if: ${{ always() && !env.ACT }}
         continue-on-error: true
         env:
           DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
         run: go run ./cmd/notify_discord --status out/verify-lite.status --title "verify-lite" --webhook-env DISCORD_WEBHOOK_URL --min-level ERROR
 
   verify-full-dryrun:
-    if: ${{ vars.SELF_HOSTED_OWNER != '' && github.repository_owner == vars.SELF_HOSTED_OWNER && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) }}
+    if: ${{ github.event.act == true || (vars.SELF_HOSTED_OWNER != '' && github.repository_owner == vars.SELF_HOSTED_OWNER && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) }}
     needs: verify-lite
     runs-on:
       - self-hosted
@@ -82,11 +110,15 @@ jobs:
       - name: Append Verify Full Status To Job Summary
         if: always()
         run: |
+          if [[ -z "${GITHUB_STEP_SUMMARY:-}" ]]; then
+            echo "SKIP: step_summary reason=missing_env"
+            exit 0
+          fi
           echo "## verify-full.status" >> "$GITHUB_STEP_SUMMARY"
           cat out/verify-full.status >> "$GITHUB_STEP_SUMMARY" || echo "(missing: out/verify-full.status)" >> "$GITHUB_STEP_SUMMARY"
 
       - name: Upload Verify Full Artifacts
-        if: always()
+        if: ${{ always() && !env.ACT }}
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: verify-full-dryrun-${{ github.run_id }}
@@ -98,22 +130,20 @@ jobs:
 
       - name: Evaluate Verify Full Status
         if: always()
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b
-        with:
-          script: |
-            const fs = require('fs');
-            const path = 'out/verify-full.status';
-            if (!fs.existsSync(path)) {
-              core.setFailed('verify-full.status missing');
-            } else {
-              const content = fs.readFileSync(path, 'utf8');
-              if (content.includes('ERROR:') || content.includes('status=ERROR')) {
-                core.setFailed('verify-full reported ERROR');
-              }
-            }
+        shell: bash
+        run: |
+          path='out/verify-full.status'
+          if [[ ! -f "$path" ]]; then
+            echo "verify-full.status missing"
+            exit 1
+          fi
+          if grep -Eq 'ERROR:|status=ERROR' "$path"; then
+            echo "verify-full reported ERROR"
+            exit 1
+          fi
 
       - name: Notify Discord (CI Alerts)
-        if: always()
+        if: ${{ always() && !env.ACT }}
         continue-on-error: true
         env:
           DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}

diff --git a/README.md b/README.md
@@ -18,6 +18,8 @@ cd ~/dev/<target-repo>
 ci-self up
 ```
 
+`ci-self act` で局所の概算時間を測る場合は、先に `brew install act` が必要です。
+
 - `ci-self up` は `register + run-focus` を連続実行
 - `verify.yml` / PRテンプレートが無ければ自動雛形を生成
 - 雛形の生成はローカルファイル変更のみ（GitHub反映には commit/push が必要）
@@ -192,9 +194,48 @@ CI_SELF_PR_BASE=main
 
 以後はオプションを減らして実行できます。
 
+## GitHub権限なしで verify を絞って計測する
+
+`gh workflow run` を使わず、ローカルで選んだ job だけを回して、局所の概算時間を見たいときは `act` 導線を使えます。
+
+```bash
+brew install act
+cd ~/dev/<target-repo>
+ci-self act
+ci-self act --list
+ci-self act --job <job-id>
+
+# どこからでも明示指定できる
+ci-self act --project-dir ~/dev/<target-repo> --job <job-id>
+```
+
+**この計測値はローカルでの概算です。実際の GitHub Actions / `remote-ci` / 実機 self-hosted runner の所要時間とは異なる場合があります。**
+
+ポイント:
+
+- `ci-self act` は対象 repo の `.github/workflows/*.yml|*.yaml` を見る
+- `--workflow` を省略すると、対象 repo の `.github/workflows/*.yml|*.yaml` を見て、複数ある場合は `> どのworkflowを、actで実行したいですか？` と対話選択する
+- 選択画面では `q` で抜けられる
+- まず `ci-self act --list` で job id を確認してから、`--job <job-id>` を付ける
+- workflow 選択画面の番号と `--job` は別物。`--job` には基本的に `verify` / `verify-lite` のような job id を渡す
+- `~/dev/maakie-brainlab` なら `ci-self act --project-dir ~/dev/maakie-brainlab --list` のあと、`ci-self act --project-dir ~/dev/maakie-brainlab --job verify`
+- 実行時間は `elapsed_sec` に加えて `benchmark_started_at` / `benchmark_finished_at` も出し、artifact は `out/act-artifacts/` に出す
+- 実行中ログは左端に `[YYYY MM/DD HH:MM:SS]` を付けて流す
+- `SELF_HOSTED_OWNER` や `gh auth` が無くても回せる
+- workflow が1つも無い repo では、まず `.github/workflows/*.yml` を用意する必要がある
+- 既存 workflow が古い場合は `bash ops/ci/scaffold_verify_workflow.sh --repo <target> --apply --force` で act 互換の verify.yml に更新する
+- TTY から `scaffold_verify_workflow.sh --apply` を実行した場合は、`verify.yml` の新規作成/上書き前に `[y/N]` 確認が入る
+
+注意:
+
+- `act` は GitHub Actions の完全再現ではない。局所の概算時間測定と早い失敗検出には向くが、最終判定は `remote-ci` / 実機 self-hosted runner を優先する
+- 既存 workflow に `github.event.act == true` の逃がしが無い場合、owner guard で job が skip されることがある
+- `verify-full-dryrun` は手元の Docker/Colima 到達性が前提
+
 ## 主要コマンド
 
 - `ci-self up`: ローカル最短（register + run-focus）
+- `ci-self act`: `act` で verify workflow/job をローカル実行し、対象を絞って概算時間を測る
 - `ci-self focus`: run-focus 後、PR未作成なら自動作成し checks を監視
 - `ci-self remote-ci`: 鍵必須・同期・別端末での verify 実行・結果回収を1コマンドで実行
 - `ci-self doctor --fix`: 依存/gh auth/colima/docker/runner_health を診断し可能な範囲で修復

diff --git a/README_EN.md b/README_EN.md
@@ -18,6 +18,8 @@ cd ~/dev/<target-repo>
 ci-self up
 ```
 
+If you want to use `ci-self act` for rough local timing, install it first with `brew install act`.
+
 `ci-self up` runs `register + run-focus` in sequence.
 
 ## Use A Remote CI Runner In One Command
@@ -145,9 +147,47 @@ CI_SELF_REMOTE_IDENTITY=/Users/<you>/.ssh/id_ed25519_for_ci_runner
 CI_SELF_PR_BASE=main
 ```
 
+## Run Targeted Verify Jobs Locally With act
+
+If you want to run only selected jobs locally without `gh workflow run` and get rough local timing, use the `act` path.
+
+```bash
+brew install act
+cd ~/dev/<target-repo>
+ci-self act
+ci-self act --list
+ci-self act --job <job-id>
+
+# Or point at the repo explicitly from anywhere
+ci-self act --project-dir ~/dev/<target-repo> --job <job-id>
+```
+
+**These timings are local estimates only. Actual duration on GitHub Actions, `remote-ci`, or a real self-hosted runner may differ.**
+
+Notes:
+
+- `ci-self act` looks at `.github/workflows/*.yml|*.yaml` inside the target repo
+- If you omit `--workflow` and the repo has multiple workflows, it opens a shell prompt asking which workflow to run; press `q` to quit
+- Start with `ci-self act --list`, then run `--job <job-id>`
+- The workflow menu number is separate from `--job`; pass a real job id such as `verify` or `verify-lite`
+- For `~/dev/maakie-brainlab`, use `ci-self act --project-dir ~/dev/maakie-brainlab --list` and then `ci-self act --project-dir ~/dev/maakie-brainlab --job verify`
+- It prints `elapsed_sec` plus `benchmark_started_at` / `benchmark_finished_at`, and stores artifacts under `out/act-artifacts/`
+- Live log lines are prefixed with `[YYYY MM/DD HH:MM:SS]`
+- It does not require `SELF_HOSTED_OWNER` or `gh auth`
+- If the repo has no workflow files yet, add `.github/workflows/*.yml` first
+- If your existing workflow is old, refresh it with `bash ops/ci/scaffold_verify_workflow.sh --repo <target> --apply --force`
+- When `scaffold_verify_workflow.sh --apply` runs from a TTY, it asks for `[y/N]` confirmation before creating or overwriting `verify.yml`
+
+Keep in mind:
+
+- `act` is useful for rough local timing and early failure detection, but it is not a full GitHub Actions replica
+- If your workflow does not include a `github.event.act == true` bypass, owner guards may skip the job locally
+- `verify-full-dryrun` still depends on local Docker/Colima reachability
+
 ## Main Commands
 
 - `ci-self up`: fastest local path (`register + run-focus`)
+- `ci-self act`: run a selected verify workflow/job locally via `act` for rough timing
 - `ci-self focus`: runs `run-focus`, creates a PR if missing, then watches checks
 - `ci-self remote-ci`: SSH-required sync + remote verify + result collection in one command
 - `ci-self doctor --fix`: checks dependencies, `gh auth`, Colima, Docker, and runner health

diff --git a/docs/ci/FLOW.md b/docs/ci/FLOW.md
@@ -8,7 +8,7 @@
 
 ## 推奨フロー
 
-1) MacBook: 編集 + verify-lite（速い）
+1) MacBook: 編集 + `ci-self act --job verify-lite` で局所の概算時間を見る、または verify-lite（速い）
 2) MacBook → Mac mini: verify-full（重い）
 3) Mac mini: `verify-full` 実行後に `review-pack` で証拠bundle生成
 4) MacBook: gh で PR 作成（1回だけ）
@@ -20,6 +20,7 @@
 
 - 実行場所: Workstation（MacBook）
 - 標準入口: `ops/ci/run_verify_lite.sh`
+- 局所計測入口: `ci-self act --job verify-lite`（概算時間）
 - 目的: 早い失敗検出（公式推奨lint + 単体テスト）
 - Go公式推奨: `gofmt -l .` / `go vet ./...` / `go test ./...`
 - 出力: `out/verify-lite.status` と `OK:/SKIP:/ERROR:` ログ

diff --git a/docs/ci/QUICKSTART.md b/docs/ci/QUICKSTART.md
@@ -19,6 +19,35 @@ ci-self up
 1. `register`（runner登録・health・owner変数・workflow/template雛形）
 2. `run-focus`（verify実行/監視・PR checks監視・PRテンプレ同期）
 
+## 2.5) GitHub権限なしで対象jobだけ計測する
+
+```bash
+brew install act
+cd ~/dev/<target-repo>
+ci-self act
+ci-self act --list
+ci-self act --job <job-id>
+
+# どこからでも明示指定できる
+ci-self act --project-dir ~/dev/<target-repo> --job <job-id>
+```
+
+**この計測値はローカルでの概算です。実際の GitHub Actions / `remote-ci` / 実機 self-hosted runner の所要時間とは異なる場合があります。**
+
+- `ci-self act` は対象 repo の `.github/workflows/*.yml|*.yaml` を見る
+- `--workflow` を省略すると、repo の `.github/workflows/*.yml|*.yaml` から選ぶ。複数ある場合は対話選択、`q` で終了
+- まず `ci-self act --list` で job id を確認してから `--job <job-id>` を付ける
+- workflow 選択画面の番号と `--job` は別物。`--job` には `verify` のような job id を入れる
+- `~/dev/maakie-brainlab` なら `ci-self act --project-dir ~/dev/maakie-brainlab --list` のあと `ci-self act --project-dir ~/dev/maakie-brainlab --job verify`
+- `gh auth` や `SELF_HOSTED_OWNER` が無くても回せる
+- 実行時間は `elapsed_sec` に加えて `benchmark_started_at` / `benchmark_finished_at` を出し、artifact は `out/act-artifacts/` に出す
+- 実行中ログは左端に `[YYYY MM/DD HH:MM:SS]` を付ける
+- `verify-full-dryrun` は Docker/Colima が必要
+- workflow が1つも無い repo では、まず `.github/workflows/*.yml` を置く
+- 既存 workflow が古い場合は `bash ops/ci/scaffold_verify_workflow.sh --repo <target> --apply --force` で更新する
+- workflow に `github.event.act == true` が無い場合、owner guard で job が skip されることがある
+- TTY から `scaffold_verify_workflow.sh --apply` を叩くと、`verify.yml` の作成/上書き前に `[y/N]` を聞く
+
 ## 設定ファイルで毎回のオプションを省略
 
 ```bash