npm - @veraxhq/verax - Versions diffs - 0.1.0 → 0.2.0 - Mend

@veraxhq/verax 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/README.md +123 -88
package/bin/verax.js +11 -452
package/package.json +14 -36
package/src/cli/commands/default.js +523 -0
package/src/cli/commands/doctor.js +165 -0
package/src/cli/commands/inspect.js +109 -0
package/src/cli/commands/run.js +402 -0
package/src/cli/entry.js +196 -0
package/src/cli/util/atomic-write.js +37 -0
package/src/cli/util/detection-engine.js +296 -0
package/src/cli/util/env-url.js +33 -0
package/src/cli/util/errors.js +44 -0
package/src/cli/util/events.js +34 -0
package/src/cli/util/expectation-extractor.js +378 -0
package/src/cli/util/findings-writer.js +31 -0
package/src/cli/util/idgen.js +87 -0
package/src/cli/util/learn-writer.js +39 -0
package/src/cli/util/observation-engine.js +366 -0
package/src/cli/util/observe-writer.js +25 -0
package/src/cli/util/paths.js +29 -0
package/src/cli/util/project-discovery.js +277 -0
package/src/cli/util/project-writer.js +26 -0
package/src/cli/util/redact.js +128 -0
package/src/cli/util/run-id.js +30 -0
package/src/cli/util/summary-writer.js +32 -0
package/src/verax/cli/ci-summary.js +35 -0
package/src/verax/cli/context-explanation.js +89 -0
package/src/verax/cli/doctor.js +277 -0
package/src/verax/cli/error-normalizer.js +154 -0
package/src/verax/cli/explain-output.js +105 -0
package/src/verax/cli/finding-explainer.js +130 -0
package/src/verax/cli/init.js +237 -0
package/src/verax/cli/run-overview.js +163 -0
package/src/verax/cli/url-safety.js +101 -0
package/src/verax/cli/wizard.js +98 -0
package/src/verax/cli/zero-findings-explainer.js +57 -0
package/src/verax/cli/zero-interaction-explainer.js +127 -0
package/src/verax/core/action-classifier.js +86 -0
package/src/verax/core/budget-engine.js +218 -0
package/src/verax/core/canonical-outcomes.js +157 -0
package/src/verax/core/decision-snapshot.js +335 -0
package/src/verax/core/determinism-model.js +403 -0
package/src/verax/core/incremental-store.js +237 -0
package/src/verax/core/invariants.js +356 -0
package/src/verax/core/promise-model.js +230 -0
package/src/verax/core/replay-validator.js +350 -0
package/src/verax/core/replay.js +222 -0
package/src/verax/core/run-id.js +175 -0
package/src/verax/core/run-manifest.js +99 -0
package/src/verax/core/silence-impact.js +369 -0
package/src/verax/core/silence-model.js +521 -0
package/src/verax/detect/comparison.js +2 -34
package/src/verax/detect/confidence-engine.js +764 -329
package/src/verax/detect/detection-engine.js +293 -0
package/src/verax/detect/evidence-index.js +177 -0
package/src/verax/detect/expectation-model.js +194 -172
package/src/verax/detect/explanation-helpers.js +187 -0
package/src/verax/detect/finding-detector.js +450 -0
package/src/verax/detect/findings-writer.js +44 -8
package/src/verax/detect/flow-detector.js +366 -0
package/src/verax/detect/index.js +172 -286
package/src/verax/detect/interactive-findings.js +613 -0
package/src/verax/detect/signal-mapper.js +308 -0
package/src/verax/detect/verdict-engine.js +563 -0
package/src/verax/evidence-index-writer.js +61 -0
package/src/verax/index.js +90 -14
package/src/verax/intel/effect-detector.js +368 -0
package/src/verax/intel/handler-mapper.js +249 -0
package/src/verax/intel/index.js +281 -0
package/src/verax/intel/route-extractor.js +280 -0
package/src/verax/intel/ts-program.js +256 -0
package/src/verax/intel/vue-navigation-extractor.js +579 -0
package/src/verax/intel/vue-router-extractor.js +323 -0
package/src/verax/learn/action-contract-extractor.js +335 -101
package/src/verax/learn/ast-contract-extractor.js +95 -5
package/src/verax/learn/flow-extractor.js +172 -0
package/src/verax/learn/manifest-writer.js +97 -47
package/src/verax/learn/project-detector.js +40 -0
package/src/verax/learn/route-extractor.js +27 -96
package/src/verax/learn/state-extractor.js +212 -0
package/src/verax/learn/static-extractor-navigation.js +114 -0
package/src/verax/learn/static-extractor-validation.js +88 -0
package/src/verax/learn/static-extractor.js +112 -4
package/src/verax/learn/truth-assessor.js +24 -21
package/src/verax/observe/aria-sensor.js +211 -0
package/src/verax/observe/browser.js +10 -5
package/src/verax/observe/console-sensor.js +1 -17
package/src/verax/observe/domain-boundary.js +10 -1
package/src/verax/observe/expectation-executor.js +512 -0
package/src/verax/observe/flow-matcher.js +143 -0
package/src/verax/observe/focus-sensor.js +196 -0
package/src/verax/observe/human-driver.js +643 -275
package/src/verax/observe/index.js +908 -27
package/src/verax/observe/index.js.backup +1 -0
package/src/verax/observe/interaction-discovery.js +365 -14
package/src/verax/observe/interaction-runner.js +563 -198
package/src/verax/observe/loading-sensor.js +139 -0
package/src/verax/observe/navigation-sensor.js +255 -0
package/src/verax/observe/network-sensor.js +55 -7
package/src/verax/observe/observed-expectation-deriver.js +186 -0
package/src/verax/observe/observed-expectation.js +305 -0
package/src/verax/observe/page-frontier.js +234 -0
package/src/verax/observe/settle.js +37 -17
package/src/verax/observe/state-sensor.js +389 -0
package/src/verax/observe/timing-sensor.js +228 -0
package/src/verax/observe/traces-writer.js +61 -20
package/src/verax/observe/ui-signal-sensor.js +136 -17
package/src/verax/scan-summary-writer.js +77 -15
package/src/verax/shared/artifact-manager.js +110 -8
package/src/verax/shared/budget-profiles.js +136 -0
package/src/verax/shared/ci-detection.js +39 -0
package/src/verax/shared/config-loader.js +170 -0
package/src/verax/shared/dynamic-route-utils.js +218 -0
package/src/verax/shared/expectation-coverage.js +44 -0
package/src/verax/shared/expectation-prover.js +81 -0
package/src/verax/shared/expectation-tracker.js +201 -0
package/src/verax/shared/expectations-writer.js +60 -0
package/src/verax/shared/first-run.js +44 -0
package/src/verax/shared/progress-reporter.js +171 -0
package/src/verax/shared/retry-policy.js +14 -1
package/src/verax/shared/root-artifacts.js +49 -0
package/src/verax/shared/scan-budget.js +86 -0
package/src/verax/shared/url-normalizer.js +162 -0
package/src/verax/shared/zip-artifacts.js +65 -0
package/src/verax/validate/context-validator.js +244 -0
package/src/verax/validate/context-validator.js.bak +0 -0

package/src/verax/detect/signal-mapper.js ADDED Viewed

@@ -0,0 +1,308 @@
+/**
+ * Signal Mapper
+ * Enriches findings with decision-ready signals:
+ * - Impact Level (LOW | MEDIUM | HIGH)
+ * - User Risk (BLOCKS | CONFUSES | DEGRADES)
+ * - Ownership Hint (FRONTEND | BACKEND | INTEGRATION | ACCESSIBILITY | PERFORMANCE)
+ * - Grouping Metadata
+ *
+ * Deterministic mapping only, no heuristics.
+ */
+/**
+ * Map finding to impact level based on failure type, route criticality, and confidence
+ */
+export function mapImpactLevel(finding, manifest = {}) {
+  const findingType = finding.type || 'unknown';
+  const confidence = finding.confidence?.level || 'UNKNOWN';
+  const routePath = extractRouteFromFinding(finding, manifest);
+  const isCriticalRoute = isRouteCritical(routePath, manifest);
+  // HIGH impact: blocking failures on critical routes with high confidence
+  if (
+    (findingType.includes('navigation') || findingType.includes('auth') || findingType === 'observed_break') &&
+    isCriticalRoute &&
+    (confidence === 'HIGH' || confidence === 'MEDIUM')
+  ) {
+    return 'HIGH';
+  }
+  // HIGH impact: accessibility failures (always high impact)
+  if (
+    findingType.includes('focus') ||
+    findingType.includes('aria') ||
+    findingType.includes('keyboard_trap')
+  ) {
+    return 'HIGH';
+  }
+  // HIGH impact: loading stuck or freeze-like failures
+  if (
+    findingType.includes('loading_stuck') ||
+    findingType.includes('freeze_like')
+  ) {
+    return 'HIGH';
+  }
+  // MEDIUM impact: network failures on critical routes
+  if (
+    findingType.includes('network') ||
+    findingType.includes('partial_success') ||
+    findingType.includes('async_state')
+  ) {
+    return isCriticalRoute ? 'MEDIUM' : 'LOW';
+  }
+  // MEDIUM impact: feedback gap failures
+  if (findingType.includes('feedback_gap')) {
+    return 'MEDIUM';
+  }
+  // MEDIUM impact: validation failures
+  if (findingType.includes('validation')) {
+    return 'MEDIUM';
+  }
+  // MEDIUM impact: state failures
+  if (findingType.includes('state')) {
+    return isCriticalRoute ? 'MEDIUM' : 'LOW';
+  }
+  // LOW impact: hover, file upload failures (less critical)
+  if (
+    findingType.includes('hover') ||
+    findingType.includes('file_upload')
+  ) {
+    return 'LOW';
+  }
+  // LOW impact: low confidence on non-critical routes
+  if (confidence === 'LOW' && !isCriticalRoute) {
+    return 'LOW';
+  }
+  // Default: MEDIUM for other cases
+  return 'MEDIUM';
+}
+/**
+ * Map finding to user risk level
+ */
+export function mapUserRisk(finding) {
+  const findingType = finding.type || 'unknown';
+  const interactionType = finding.interaction?.type || '';
+  // BLOCKS: User cannot complete intended action
+  if (
+    findingType.includes('navigation') ||
+    findingType.includes('auth') ||
+    findingType.includes('loading_stuck') ||
+    findingType.includes('freeze_like') ||
+    findingType === 'observed_break' ||
+    (findingType.includes('network') && interactionType === 'form')
+  ) {
+    return 'BLOCKS';
+  }
+  // CONFUSES: User action appears to work but provides no feedback
+  if (
+    findingType.includes('feedback_gap') ||
+    findingType.includes('partial_success') ||
+    findingType.includes('async_state') ||
+    findingType.includes('validation')
+  ) {
+    return 'CONFUSES';
+  }
+  // DEGRADES: Functionality works but with reduced quality/accessibility
+  if (
+    findingType.includes('focus') ||
+    findingType.includes('aria') ||
+    findingType.includes('keyboard_trap') ||
+    findingType.includes('hover') ||
+    findingType.includes('file_upload')
+  ) {
+    return 'DEGRADES';
+  }
+  // Default: CONFUSES for unknown cases
+  return 'CONFUSES';
+}
+/**
+ * Map finding to ownership hint based on failure type and sensors
+ */
+export function mapOwnership(finding, trace = {}) {
+  const findingType = finding.type || 'unknown';
+  const sensors = trace.sensors || {};
+  const hasNetwork = (sensors.network?.totalRequests || 0) > 0;
+  const hasAria = sensors.aria !== undefined;
+  const hasFocus = sensors.focus !== undefined;
+  const hasTiming = sensors.timing !== undefined;
+  // ACCESSIBILITY: Focus, ARIA, keyboard trap failures
+  if (
+    findingType.includes('focus') ||
+    findingType.includes('aria') ||
+    findingType.includes('keyboard_trap')
+  ) {
+    return 'ACCESSIBILITY';
+  }
+  // PERFORMANCE: Timing-related failures
+  if (
+    findingType.includes('loading_stuck') ||
+    findingType.includes('freeze_like') ||
+    findingType.includes('feedback_gap') ||
+    hasTiming
+  ) {
+    return 'PERFORMANCE';
+  }
+  // BACKEND: Network failures without DOM/UI changes
+  if (
+    findingType.includes('network') ||
+    findingType.includes('partial_success') ||
+    findingType.includes('async_state')
+  ) {
+    // If network request occurred but no UI feedback, likely backend issue
+    if (hasNetwork && !sensors.uiSignals?.diff?.changed) {
+      return 'BACKEND';
+    }
+    // Otherwise integration issue
+    return 'INTEGRATION';
+  }
+  // BACKEND: Auth failures (typically backend-related)
+  if (findingType.includes('auth') || findingType.includes('logout')) {
+    return 'BACKEND';
+  }
+  // FRONTEND: UI-only failures (no network, no backend involvement)
+  if (
+    findingType.includes('navigation') ||
+    findingType.includes('validation') ||
+    findingType.includes('hover') ||
+    findingType.includes('file_upload') ||
+    findingType === 'observed_break'
+  ) {
+    if (!hasNetwork) {
+      return 'FRONTEND';
+    }
+    return 'INTEGRATION';
+  }
+  // INTEGRATION: Default for unclear cases
+  return 'INTEGRATION';
+}
+/**
+ * Generate grouping metadata for findings
+ */
+export function generateGroupingMetadata(finding, manifest = {}) {
+  const routePath = extractRouteFromFinding(finding, manifest);
+  const findingType = finding.type || 'unknown';
+  return {
+    groupByRoute: routePath || '*',
+    groupByFailureType: findingType,
+    groupByFeature: extractFeatureFromRoute(routePath)
+  };
+}
+/**
+ * Extract route path from finding
+ */
+function extractRouteFromFinding(finding, manifest) {
+  // Try to get route from evidence
+  const beforeUrl = finding.evidence?.beforeUrl || finding.evidence?.before?.url;
+  if (beforeUrl) {
+    try {
+      const url = new URL(beforeUrl);
+      return url.pathname;
+    } catch {
+      return extractPathFromUrl(beforeUrl);
+    }
+  }
+  // Try to get route from expectation
+  if (finding.expectationId) {
+    const expectation = manifest.staticExpectations?.find(e => e.id === finding.expectationId);
+    if (expectation?.fromPath) {
+      return expectation.fromPath;
+    }
+  }
+  return '*';
+}
+/**
+ * Extract path from URL string
+ */
+function extractPathFromUrl(url) {
+  if (!url) return '*';
+  try {
+    const urlObj = new URL(url);
+    return urlObj.pathname;
+  } catch {
+    // Try to extract pathname manually
+    const match = url.match(/\/[^?#]*/);
+    return match ? match[0] : '*';
+  }
+}
+/**
+ * Check if route is critical (has expectations)
+ */
+function isRouteCritical(routePath, manifest) {
+  if (!manifest.staticExpectations) return false;
+  const normalizedRoute = normalizePath(routePath);
+  return manifest.staticExpectations.some(exp => {
+    const expFromPath = normalizePath(exp.fromPath || '*');
+    return expFromPath === normalizedRoute || expFromPath === '*';
+  });
+}
+/**
+ * Normalize path for comparison
+ */
+function normalizePath(path) {
+  if (!path || path === '*') return '*';
+  return path.replace(/\/$/, '') || '/';
+}
+/**
+ * Extract feature name from route path
+ */
+function extractFeatureFromRoute(routePath) {
+  if (!routePath || routePath === '*') return 'unknown';
+  // Extract feature from common route patterns
+  const normalized = normalizePath(routePath);
+  // Common patterns: /users, /dashboard, /settings, etc.
+  const parts = normalized.split('/').filter(p => p);
+  if (parts.length > 0) {
+    return parts[0]; // First segment is typically the feature
+  }
+  return 'root';
+}
+/**
+ * Main function to enrich finding with all signals
+ */
+export function enrichFindingWithSignals(finding, trace = {}, manifest = {}) {
+  const signals = {
+    impact: mapImpactLevel(finding, manifest),
+    userRisk: mapUserRisk(finding),
+    ownership: mapOwnership(finding, trace),
+    grouping: generateGroupingMetadata(finding, manifest)
+  };
+  return {
+    ...finding,
+    signals
+  };
+}