@veraxhq/verax 0.1.0 → 0.2.0

package/bin/verax.js

@@ -1,452 +1,11 @@
-#!/usr/bin/env node
-
-import { fileURLToPath } from 'url';
-import { dirname, resolve } from 'path';
-import { existsSync, readFileSync, writeFileSync, mkdirSync, appendFileSync } from 'fs';
-import inquirer from 'inquirer';
-import { learn } from '../src/verax/index.js';
-import { resolveWorkspaceRoot } from '../src/verax/resolve-workspace-root.js';
-import { initArtifactPaths, writeSummary, writeFindings, appendTrace } from '../src/verax/shared/artifact-manager.js';
-import { redactFinding, redactTrace } from '../src/verax/shared/redaction.js';
-import { initMetrics, recordMetric, getMetrics } from '../src/verax/shared/timing-metrics.js';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-
-async function main() {
-  const args = process.argv.slice(2);
-  const command = args[0];
-
-  // Handle Wave 9 CLI commands
-  if (command === 'scan') {
-    await handleScan(args.slice(1));
-    return;
-  }
-
-  if (command === 'flow') {
-    await handleFlow(args.slice(1));
-    return;
-  }
-
-  if (['--help', '-h', 'help'].includes(command)) {
-    printHelp();
-    process.exit(0);
-  }
-
-  // Default: interactive mode (existing behavior)
-  console.log('VERAX\n');
-
-  // Reuse parsed args from above for optional flags
-  let projectDir = null;
-  let url = null;
-  let manifestPath = null;
-  
-  const projectDirIndex = args.indexOf('--project-dir');
-  const projectDirArg = projectDirIndex !== -1 && args[projectDirIndex + 1] ? args[projectDirIndex + 1] : null;
-  
-  const urlIndex = args.indexOf('--url');
-  if (urlIndex !== -1 && urlIndex + 1 < args.length) {
-    url = args[urlIndex + 1];
-  }
-  
-  const manifestIndex = args.indexOf('--manifest');
-  if (manifestIndex !== -1 && manifestIndex + 1 < args.length) {
-    manifestPath = resolve(args[manifestIndex + 1]);
-  }
-
-  // Resolve workspace root using the new function
-  try {
-    const resolved = resolveWorkspaceRoot(projectDirArg, process.cwd());
-    projectDir = resolved.workspaceRoot;
-    
-    if (resolved.isRepoRoot) {
-      console.error(
-        'VERAX: Refusing to write artifacts in repository root.\n' +
-        'Use --project-dir to specify the target project directory.'
-      );
-      process.exit(2);
-    }
-  } catch (error) {
-    console.error(`Error: ${error.message}`);
-    process.exit(2);
-  }
-
-  const actions = ['Scan my website'];
-  let action;
-  
-  if (actions.length === 1) {
-    action = actions[0];
-  } else {
-    const result = await inquirer.prompt([
-      {
-        type: 'list',
-        name: 'action',
-        message: 'What would you like to do?',
-        choices: actions,
-        default: actions[0]
-      }
-    ]);
-    action = result.action;
-  }
-
-  if (action === 'Scan my website') {
-    try {
-      console.log('Understanding your website...');
-      const manifest = await learn(projectDir);
-      
-      console.log(`\nProject type: ${manifest.projectType}`);
-      console.log(`Total routes: ${manifest.routes.length}`);
-      console.log(`Public routes: ${manifest.publicRoutes.length}`);
-      console.log(`Internal routes: ${manifest.internalRoutes.length}`);
-      
-      if (url) {
-        const { scan } = await import('../src/verax/index.js');
-        const result = await scan(projectDir, url, manifestPath);
-        const { observation, findings, scanSummary } = result;
-        
-        console.log('\nObserving real user interactions...');
-        console.log('Comparing expectations with reality...');
-        
-        console.log('\nScan complete.\n');
-        console.log(`Total interactions observed: ${observation.traces.length}`);
-        console.log(`Silent failures detected: ${findings.findings.length}`);
-        
-        if (findings.findings.length > 0) {
-          console.log(`\nFindings report: ${findings.findingsPath}\n`);
-        } else {
-          console.log('\nNo silent user failures were detected.');
-          console.log(`\nFindings report: ${findings.findingsPath}\n`);
-        }
-        
-        if (scanSummary) {
-          const truth = scanSummary.truth;
-          console.log('Truth Summary:');
-          console.log(`- Learn: routes=${truth.learn.routesDiscovered} (confidence: ${truth.learn.routesConfidence}, source: ${truth.learn.routesSource}), expectations=${truth.learn.expectationsDiscovered} (strong=${truth.learn.expectationsStrong}, weak=${truth.learn.expectationsWeak})`);
-          if (truth.learn.validation) {
-            console.log(`- Learn validation: validated=${truth.learn.validation.routesValidated}, reachable=${truth.learn.validation.routesReachable}, unreachable=${truth.learn.validation.routesUnreachable}`);
-          }
-          const coverage = truth.observe.coverage;
-          const coverageLine = coverage
-            ? `Coverage: selected=${coverage.candidatesSelected}/${coverage.candidatesDiscovered} (cap=${coverage.cap})${coverage.capped ? ' — capped' : ''}`
-            : null;
-          console.log(`- Observe: interactions=${truth.observe.interactionsObserved}, external-blocked=${truth.observe.externalNavigationBlockedCount}, timeouts=${truth.observe.timeoutsCount}`);
-          if (coverageLine) {
-            console.log(`  - ${coverageLine}`);
-          }
-          console.log(`- Detect: analyzed=${truth.detect.interactionsAnalyzed}, skipped(no expectation)=${truth.detect.interactionsSkippedNoExpectation}, findings=${truth.detect.findingsCount}`);
-          if (truth.detect.skips && truth.detect.skips.total > 0) {
-            const topReasons = truth.detect.skips.reasons.slice(0, 3).map(r => `${r.code}=${r.count}`).join(', ');
-            console.log(`- Detect skips: ${truth.detect.skips.total} (top: ${topReasons})`);
-          }
-          console.log(`- Scan summary: ${scanSummary.summaryPath}\n`);
-        }
-      } else {
-        console.log('\nNote: Provide --url to observe website interactions\n');
-      }
-      
-      process.exit(0);
-    } catch (error) {
-      console.error(`\nError: ${error.message}`);
-      if (error.stack && process.env.DEBUG) {
-        console.error(error.stack);
-      }
-      process.exit(2);
-    }
-  }
-}
-
-/**
- * Parse command-line arguments into key-value object
- */
-function parseArgs(argArray) {
-  const opts = {};
-  for (let i = 0; i < argArray.length; i++) {
-    if (argArray[i].startsWith('--')) {
-      const key = argArray[i].substring(2);
-      if (i + 1 < argArray.length && !argArray[i + 1].startsWith('--')) {
-        opts[key] = argArray[i + 1];
-        i++;
-      } else {
-        opts[key] = true;
-      }
-    }
-  }
-  return opts;
-}
-
-/**
- * Print help message
- */
-function printHelp() {
-  console.log(`
-VERAX — Web Application Verification Platform
-
-Usage:
-  verax [interactive]                           Interactive mode
-  verax scan --url <url> [--projectRoot <path>] [--json] [--out <dir>]
-  verax flow --flow <path> [--url <url>] [--json] [--out <dir>]
-  verax --help                                  Show this message
-
-Commands:
-  scan                Run full scan on a live URL
-  flow                Execute a user flow against a URL
-
-Options:
-  --url <url>         Target URL
-  --flow <path>       Path to flow definition file
-  --projectRoot <p>   Project root directory (defaults to cwd)
-  --json              Output machine-readable JSON
-  --out <dir>         Output directory (defaults to .verax/runs)
-  --help, -h          Show this help
-
-Exit Codes:
-  0                   No HIGH findings
-  1                   MEDIUM/LOW findings only
-  2                   At least one HIGH finding
-  3                   Fatal error
-`);
-}
-
-/**
- * Handle 'verax scan' command - integrated with main pipeline
- */
-async function handleScan(scanArgs) {
-  const opts = parseArgs(scanArgs);
-
-  if (!opts.url) {
-    console.error('Error: --url is required');
-    process.exit(3);
-  }
-
-  const projectRoot = opts.projectRoot || process.cwd();
-  const url = opts.url;
-  const jsonOutput = opts.json === true || opts.json === 'true';
-  const outDir = opts.out;
-
-  try {
-    initMetrics();
-    const startTime = Date.now();
-
-    // Initialize artifact paths
-    const artifactPaths = outDir 
-      ? { runDir: outDir, summary: `${outDir}/summary.json`, findings: `${outDir}/findings.json`, traces: `${outDir}/traces.jsonl` }
-      : initArtifactPaths(projectRoot);
-
-    // Ensure artifact directories exist
-    mkdirSync(artifactPaths.runDir, { recursive: true });
-
-    // Run the full VERAX pipeline using the scan() orchestrator
-    console.error(`[VERAX] Starting scan for ${url}`);
-    const resolvedRootResult = await resolveWorkspaceRoot(projectRoot);
-    const resolvedRoot = resolvedRootResult.workspaceRoot;
-
-    const scanStart = Date.now();
-    const { scan } = await import('../src/verax/index.js');
-    const result = await scan(resolvedRoot, url, null, artifactPaths.runId);
-    recordMetric('totalMs', Date.now() - scanStart);
-
-    const manifest = result.manifest;
-    const observation = result.observation;
-    const findings = result.findings;
-
-    const metrics = getMetrics();
-    metrics.totalMs = Date.now() - startTime;
-
-    // Count findings by level
-    const findingsList = findings?.findings || [];
-    const findingsCounts = {
-      HIGH: findingsList.filter(f => f.confidence?.level === 'HIGH').length,
-      MEDIUM: findingsList.filter(f => f.confidence?.level === 'MEDIUM').length,
-      LOW: findingsList.filter(f => f.confidence?.level === 'LOW').length,
-      UNKNOWN: findingsList.filter(f => !f.confidence?.level || f.confidence?.level === 'UNKNOWN').length
-    };
-
-    // Get top findings
-    const topFindings = findingsList
-      .slice(0, 3)
-      .map(f => ({
-        type: f.type,
-        reason: f.reason,
-        confidence: f.confidence?.score || 0
-      }));
-    
-    // Write summary with metrics to artifact paths
-        writeSummary(artifactPaths, {
-          url,
-          projectRoot: resolvedRoot,
-          metrics,
-          findingsCounts,
-          topFindings
-        });
-
-    // Determine exit code
-    const HIGH_COUNT = findingsCounts.HIGH;
-    const hasAny = Object.values(findingsCounts).reduce((a, b) => a + b, 0) > 0;
-
-    if (jsonOutput) {
-      const summary = {
-        runId: artifactPaths.runId,
-        url,
-        metrics,
-        findingsCounts,
-        topFindings,
-        total: findingsList.length
-      };
-      console.log(JSON.stringify(summary, null, 2));
-    } else {
-      console.error(`[VERAX] Scan complete in ${(metrics.totalMs / 1000).toFixed(2)}s`);
-      console.error(`[VERAX] Findings: HIGH=${HIGH_COUNT}, MEDIUM=${findingsCounts.MEDIUM}, LOW=${findingsCounts.LOW}`);
-      if (topFindings.length > 0) {
-        console.error(`[VERAX] Top findings:`);
-        topFindings.forEach(f => {
-          console.error(`  - [${f.confidence}%] ${f.type}: ${f.reason}`);
-        });
-      }
-    }
-
-    // Exit with appropriate code
-    if (HIGH_COUNT > 0) {
-      process.exit(2);
-    } else if (hasAny) {
-      process.exit(1);
-    } else {
-      process.exit(0);
-    }
-  } catch (error) {
-    if (!jsonOutput) {
-      console.error(`[VERAX] Scan failed: ${error.message}`);
-    }
-    process.exit(3);
-  }
-}
-
-/**
- * Handle 'verax flow' command - execute a user flow
- */
-async function handleFlow(flowArgs) {
-  const opts = parseArgs(flowArgs);
-
-  if (!opts.flow) {
-    console.error('Error: --flow is required');
-    process.exit(3);
-  }
-
-  const flowPath = resolve(opts.flow);
-  if (!existsSync(flowPath)) {
-    console.error(`Error: Flow file not found: ${flowPath}`);
-    process.exit(3);
-  }
-
-  const url = opts.url;
-
-  const jsonOutput = opts.json === true || opts.json === 'true';
-  const projectRoot = opts.projectRoot || process.cwd();
-  const outDir = opts.out;
-
-  try {
-    initMetrics();
-    const startTime = Date.now();
-
-    // Initialize artifact paths
-    const artifactPaths = outDir 
-      ? { runDir: outDir, flows: `${outDir}/flows` }
-      : initArtifactPaths(projectRoot);
-    mkdirSync(artifactPaths.runDir, { recursive: true });
-    if (artifactPaths.flows) {
-      mkdirSync(artifactPaths.flows, { recursive: true });
-    }
-
-    // Load and validate flow spec
-    const { readFileSync } = await import('fs');
-    const flowContent = readFileSync(flowPath, 'utf-8');
-    const flowSpec = JSON.parse(flowContent);
-    
-    // Override baseUrl with --url if provided
-    if (url) {
-      flowSpec.baseUrl = url;
-    }
-    
-    const { validateFlowSpec } = await import('../src/verax/flow/flow-spec.js');
-    const validatedSpec = validateFlowSpec(flowSpec);
-    
-    // Use baseUrl from spec for navigation
-    const targetUrl = validatedSpec.baseUrl;
-
-    // Create browser and sensors
-    const { createBrowser, navigateToUrl, closeBrowser } = await import('../src/verax/observe/browser.js');
-    const { NetworkSensor } = await import('../src/verax/observe/network-sensor.js');
-    const { ConsoleSensor } = await import('../src/verax/observe/console-sensor.js');
-    const { UISignalSensor } = await import('../src/verax/observe/ui-signal-sensor.js');
-    
-    const { browser, page } = await createBrowser();
-    const sensors = {
-      network: new NetworkSensor(),
-      console: new ConsoleSensor(),
-      uiSignals: new UISignalSensor()
-    };
-
-    try {
-      await navigateToUrl(page, targetUrl);
-      
-      // Execute flow
-      const { executeFlow } = await import('../src/verax/flow/flow-engine.js');
-      const flowResult = await executeFlow(page, validatedSpec, sensors);
-
-      await closeBrowser(browser);
-
-      recordMetric('totalMs', Date.now() - startTime);
-      const metrics = getMetrics();
-
-      // Write flow results
-      const flowResultsPath = resolve(artifactPaths.flows || artifactPaths.runDir, 'flow-results.json');
-      writeFileSync(flowResultsPath, JSON.stringify({
-        flow: validatedSpec.name,
-        url: targetUrl,
-        success: flowResult.success,
-        findings: flowResult.findings,
-        stepResults: flowResult.stepResults,
-        metrics
-      }, null, 2) + '\n');
-
-      if (jsonOutput) {
-        console.log(JSON.stringify({
-          flow: validatedSpec.name,
-          url: targetUrl,
-          success: flowResult.success,
-          findingsCount: flowResult.findings.length,
-          metrics
-        }, null, 2));
-      } else {
-        console.error(`[VERAX] Flow execution complete in ${(metrics.totalMs / 1000).toFixed(2)}s`);
-        console.error(`[VERAX] Flow: ${validatedSpec.name}`);
-        console.error(`[VERAX] Success: ${flowResult.success}`);
-        console.error(`[VERAX] Findings: ${flowResult.findings.length}`);
-        if (flowResult.findings.length > 0) {
-          flowResult.findings.forEach((f, i) => {
-            console.error(`  ${i + 1}. [Step ${f.stepIndex}] ${f.type}: ${f.reason}`);
-          });
-        }
-      }
-
-      // Exit code: 0 if success, 2 if findings, 3 if error
-      if (!flowResult.success) {
-        process.exit(2);
-      } else {
-        process.exit(0);
-      }
-    } catch (error) {
-      await closeBrowser(browser);
-      throw error;
-    }
-  } catch (error) {
-    if (!jsonOutput) {
-      console.error(`[VERAX] Flow execution failed: ${error.message}`);
-    }
-    process.exit(3);
-  }
-}
-
-main().catch((error) => {
-  console.error(`Fatal error: ${error.message}`);
-  process.exit(2);
-});
+#!/usr/bin/env node
+
+/**
+ * VERAX CLI Shim
+ * Delegates to src/cli/entry.js
+ */
+
+import('../src/cli/entry.js').catch((error) => {
+  console.error(`Failed to load CLI: ${error.message}`);
+  process.exit(2);
+});

package/package.json

@@ -1,57 +1,35 @@
 {
   "name": "@veraxhq/verax",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "VERAX - Silent failure detection for websites",
+  "license": "MIT",
   "type": "module",
-  "main": "./src/verax/index.js",
   "bin": {
-    "verax": "bin/verax.js"
+    "verax": "./bin/verax.js"
   },
   "files": [
-    "bin",
-    "src",
+    "bin/",
+    "src/",
+    "README.md",
     "LICENSE"
   ],
-  "exports": {
-    ".": {
-      "import": "./src/verax/index.js"
-    },
-    "./learn": {
-      "import": "./src/verax/learn/index.js"
-    },
-    "./observe": {
-      "import": "./src/verax/observe/index.js"
-    },
-    "./detect": {
-      "import": "./src/verax/detect/index.js"
-    }
-  },
-  "publishConfig": {
-    "access": "public"
-  },
   "scripts": {
-    "test": "node --test test/learn.test.js test/observe.test.js test/detect.test.js test/static-learn.test.js test/static-detect.test.js test/observe-boundary.test.js test/static-buttons-detect.test.js test/spa-support.test.js test/scan-summary.test.js test/route-validation.test.js test/skip-reasons.test.js test/observe-stabilization.test.js test/observe-coverage.test.js test/ast-extraction.test.js test/spa-ast-integration.test.js test/wave2-human-driver.test.js test/wave4-confidence.test.js test/wave5-action-contracts.test.js test/wave6-action-contracts.test.js test/wave7-auth-flows.test.js test/wave8-state-contracts.test.js test/wave9-hardening.test.js test/wave10-ci-summary.test.js test/cli-scan.test.js test/final-gate.test.js"
+    "test": "node --test",
+    "test:pack": "node scripts/test-pack.js"
   },
   "dependencies": {
-    "@babel/generator": "^7.28.5",
-    "@babel/parser": "^7.28.5",
-    "@babel/traverse": "^7.28.5",
-    "@babel/types": "^7.28.5",
     "glob": "^10.3.10",
     "inquirer": "^9.2.15",
     "node-html-parser": "^7.0.1",
     "playwright": "^1.40.0",
-    "typescript": "^5.4.0"
+    "typescript": "^5.9.3"
   },
   "engines": {
     "node": ">=18.0.0"
   },
-  "keywords": [
-    "testing",
-    "qa",
-    "website",
-    "silent-failures",
-    "verification"
-  ],
-  "license": "MIT"
+  "devDependencies": {
+    "@babel/parser": "^7.28.5",
+    "@babel/traverse": "^7.28.5",
+    "@veraxhq/verax": "file:veraxhq-verax-0.2.0.tgz"
+  }
 }