npm - @veraxhq/verax - Versions diffs - 0.1.0 → 0.2.0 - Mend

@veraxhq/verax 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/README.md +123 -88
package/bin/verax.js +11 -452
package/package.json +14 -36
package/src/cli/commands/default.js +523 -0
package/src/cli/commands/doctor.js +165 -0
package/src/cli/commands/inspect.js +109 -0
package/src/cli/commands/run.js +402 -0
package/src/cli/entry.js +196 -0
package/src/cli/util/atomic-write.js +37 -0
package/src/cli/util/detection-engine.js +296 -0
package/src/cli/util/env-url.js +33 -0
package/src/cli/util/errors.js +44 -0
package/src/cli/util/events.js +34 -0
package/src/cli/util/expectation-extractor.js +378 -0
package/src/cli/util/findings-writer.js +31 -0
package/src/cli/util/idgen.js +87 -0
package/src/cli/util/learn-writer.js +39 -0
package/src/cli/util/observation-engine.js +366 -0
package/src/cli/util/observe-writer.js +25 -0
package/src/cli/util/paths.js +29 -0
package/src/cli/util/project-discovery.js +277 -0
package/src/cli/util/project-writer.js +26 -0
package/src/cli/util/redact.js +128 -0
package/src/cli/util/run-id.js +30 -0
package/src/cli/util/summary-writer.js +32 -0
package/src/verax/cli/ci-summary.js +35 -0
package/src/verax/cli/context-explanation.js +89 -0
package/src/verax/cli/doctor.js +277 -0
package/src/verax/cli/error-normalizer.js +154 -0
package/src/verax/cli/explain-output.js +105 -0
package/src/verax/cli/finding-explainer.js +130 -0
package/src/verax/cli/init.js +237 -0
package/src/verax/cli/run-overview.js +163 -0
package/src/verax/cli/url-safety.js +101 -0
package/src/verax/cli/wizard.js +98 -0
package/src/verax/cli/zero-findings-explainer.js +57 -0
package/src/verax/cli/zero-interaction-explainer.js +127 -0
package/src/verax/core/action-classifier.js +86 -0
package/src/verax/core/budget-engine.js +218 -0
package/src/verax/core/canonical-outcomes.js +157 -0
package/src/verax/core/decision-snapshot.js +335 -0
package/src/verax/core/determinism-model.js +403 -0
package/src/verax/core/incremental-store.js +237 -0
package/src/verax/core/invariants.js +356 -0
package/src/verax/core/promise-model.js +230 -0
package/src/verax/core/replay-validator.js +350 -0
package/src/verax/core/replay.js +222 -0
package/src/verax/core/run-id.js +175 -0
package/src/verax/core/run-manifest.js +99 -0
package/src/verax/core/silence-impact.js +369 -0
package/src/verax/core/silence-model.js +521 -0
package/src/verax/detect/comparison.js +2 -34
package/src/verax/detect/confidence-engine.js +764 -329
package/src/verax/detect/detection-engine.js +293 -0
package/src/verax/detect/evidence-index.js +177 -0
package/src/verax/detect/expectation-model.js +194 -172
package/src/verax/detect/explanation-helpers.js +187 -0
package/src/verax/detect/finding-detector.js +450 -0
package/src/verax/detect/findings-writer.js +44 -8
package/src/verax/detect/flow-detector.js +366 -0
package/src/verax/detect/index.js +172 -286
package/src/verax/detect/interactive-findings.js +613 -0
package/src/verax/detect/signal-mapper.js +308 -0
package/src/verax/detect/verdict-engine.js +563 -0
package/src/verax/evidence-index-writer.js +61 -0
package/src/verax/index.js +90 -14
package/src/verax/intel/effect-detector.js +368 -0
package/src/verax/intel/handler-mapper.js +249 -0
package/src/verax/intel/index.js +281 -0
package/src/verax/intel/route-extractor.js +280 -0
package/src/verax/intel/ts-program.js +256 -0
package/src/verax/intel/vue-navigation-extractor.js +579 -0
package/src/verax/intel/vue-router-extractor.js +323 -0
package/src/verax/learn/action-contract-extractor.js +335 -101
package/src/verax/learn/ast-contract-extractor.js +95 -5
package/src/verax/learn/flow-extractor.js +172 -0
package/src/verax/learn/manifest-writer.js +97 -47
package/src/verax/learn/project-detector.js +40 -0
package/src/verax/learn/route-extractor.js +27 -96
package/src/verax/learn/state-extractor.js +212 -0
package/src/verax/learn/static-extractor-navigation.js +114 -0
package/src/verax/learn/static-extractor-validation.js +88 -0
package/src/verax/learn/static-extractor.js +112 -4
package/src/verax/learn/truth-assessor.js +24 -21
package/src/verax/observe/aria-sensor.js +211 -0
package/src/verax/observe/browser.js +10 -5
package/src/verax/observe/console-sensor.js +1 -17
package/src/verax/observe/domain-boundary.js +10 -1
package/src/verax/observe/expectation-executor.js +512 -0
package/src/verax/observe/flow-matcher.js +143 -0
package/src/verax/observe/focus-sensor.js +196 -0
package/src/verax/observe/human-driver.js +643 -275
package/src/verax/observe/index.js +908 -27
package/src/verax/observe/index.js.backup +1 -0
package/src/verax/observe/interaction-discovery.js +365 -14
package/src/verax/observe/interaction-runner.js +563 -198
package/src/verax/observe/loading-sensor.js +139 -0
package/src/verax/observe/navigation-sensor.js +255 -0
package/src/verax/observe/network-sensor.js +55 -7
package/src/verax/observe/observed-expectation-deriver.js +186 -0
package/src/verax/observe/observed-expectation.js +305 -0
package/src/verax/observe/page-frontier.js +234 -0
package/src/verax/observe/settle.js +37 -17
package/src/verax/observe/state-sensor.js +389 -0
package/src/verax/observe/timing-sensor.js +228 -0
package/src/verax/observe/traces-writer.js +61 -20
package/src/verax/observe/ui-signal-sensor.js +136 -17
package/src/verax/scan-summary-writer.js +77 -15
package/src/verax/shared/artifact-manager.js +110 -8
package/src/verax/shared/budget-profiles.js +136 -0
package/src/verax/shared/ci-detection.js +39 -0
package/src/verax/shared/config-loader.js +170 -0
package/src/verax/shared/dynamic-route-utils.js +218 -0
package/src/verax/shared/expectation-coverage.js +44 -0
package/src/verax/shared/expectation-prover.js +81 -0
package/src/verax/shared/expectation-tracker.js +201 -0
package/src/verax/shared/expectations-writer.js +60 -0
package/src/verax/shared/first-run.js +44 -0
package/src/verax/shared/progress-reporter.js +171 -0
package/src/verax/shared/retry-policy.js +14 -1
package/src/verax/shared/root-artifacts.js +49 -0
package/src/verax/shared/scan-budget.js +86 -0
package/src/verax/shared/url-normalizer.js +162 -0
package/src/verax/shared/zip-artifacts.js +65 -0
package/src/verax/validate/context-validator.js +244 -0
package/src/verax/validate/context-validator.js.bak +0 -0

package/src/verax/observe/aria-sensor.js ADDED Viewed

@@ -0,0 +1,211 @@
+/**
+ * ARIA Announcement Sensor
+ * Tracks ARIA live regions, status/alert roles, and announcements
+ */
+export class AriaSensor {
+  constructor() {
+    this.ariaStateBefore = null;
+    this.ariaStateAfter = null;
+  }
+  /**
+   * Capture ARIA state before interaction
+   */
+  async captureBefore(page) {
+    const ariaData = await page.evaluate(() => {
+      const result = {
+        liveRegions: [],
+        statusRoles: [],
+        alerts: [],
+        ariaBusyElements: [],
+        ariaLive: [],
+        announcements: []
+      };
+      // Find all live regions
+      const liveRegions = document.querySelectorAll('[aria-live]');
+      liveRegions.forEach(el => {
+        result.liveRegions.push({
+          selector: generateSelector(el),
+          ariaLive: el.getAttribute('aria-live'),
+          text: el.textContent?.slice(0, 100) || '',
+          ariaAtomic: el.getAttribute('aria-atomic'),
+          ariaRelevant: el.getAttribute('aria-relevant')
+        });
+      });
+      // Find status and alert roles
+      const statusAlerts = document.querySelectorAll('[role="status"], [role="alert"]');
+      statusAlerts.forEach(el => {
+        result.statusRoles.push({
+          selector: generateSelector(el),
+          role: el.getAttribute('role'),
+          text: el.textContent?.slice(0, 100) || '',
+          ariaLive: el.getAttribute('aria-live')
+        });
+      });
+      // Find aria-busy elements
+      const busyElements = document.querySelectorAll('[aria-busy="true"]');
+      busyElements.forEach(el => {
+        result.ariaBusyElements.push({
+          selector: generateSelector(el),
+          ariaBusy: el.getAttribute('aria-busy')
+        });
+      });
+      return result;
+      function generateSelector(el) {
+        if (el.id) return `#${el.id}`;
+        if (el.className) {
+          const classes = Array.from(el.classList || []).slice(0, 2).join('.');
+          return el.tagName.toLowerCase() + (classes ? `.${classes}` : '');
+        }
+        return el.tagName.toLowerCase();
+      }
+    });
+    this.ariaStateBefore = ariaData;
+    return ariaData;
+  }
+  /**
+   * Capture ARIA state after interaction
+   */
+  async captureAfter(page) {
+    const ariaData = await page.evaluate(() => {
+      const result = {
+        liveRegions: [],
+        statusRoles: [],
+        alerts: [],
+        ariaBusyElements: [],
+        ariaLive: [],
+        announcements: []
+      };
+      // Find all live regions
+      const liveRegions = document.querySelectorAll('[aria-live]');
+      liveRegions.forEach(el => {
+        result.liveRegions.push({
+          selector: generateSelector(el),
+          ariaLive: el.getAttribute('aria-live'),
+          text: el.textContent?.slice(0, 100) || '',
+          ariaAtomic: el.getAttribute('aria-atomic'),
+          ariaRelevant: el.getAttribute('aria-relevant')
+        });
+      });
+      // Find status and alert roles
+      const statusAlerts = document.querySelectorAll('[role="status"], [role="alert"]');
+      statusAlerts.forEach(el => {
+        result.statusRoles.push({
+          selector: generateSelector(el),
+          role: el.getAttribute('role'),
+          text: el.textContent?.slice(0, 100) || '',
+          ariaLive: el.getAttribute('aria-live')
+        });
+      });
+      // Find aria-busy elements
+      const busyElements = document.querySelectorAll('[aria-busy="true"]');
+      busyElements.forEach(el => {
+        result.ariaBusyElements.push({
+          selector: generateSelector(el),
+          ariaBusy: el.getAttribute('aria-busy')
+        });
+      });
+      return result;
+      function generateSelector(el) {
+        if (el.id) return `#${el.id}`;
+        if (el.className) {
+          const classes = Array.from(el.classList || []).slice(0, 2).join('.');
+          return el.tagName.toLowerCase() + (classes ? `.${classes}` : '');
+        }
+        return el.tagName.toLowerCase();
+      }
+    });
+    this.ariaStateAfter = ariaData;
+    return ariaData;
+  }
+  /**
+   * Detect if ARIA state changed (live region updates, role changes, etc)
+   */
+  detectAriaChange() {
+    if (!this.ariaStateBefore || !this.ariaStateAfter) {
+      return false;
+    }
+    // Check if live region text changed
+    const beforeLiveText = this.ariaStateBefore.liveRegions.map(r => r.text).join('|');
+    const afterLiveText = this.ariaStateAfter.liveRegions.map(r => r.text).join('|');
+    if (beforeLiveText !== afterLiveText) {
+      return true;
+    }
+    // Check if status/alert role text changed
+    const beforeStatusText = this.ariaStateBefore.statusRoles.map(r => r.text).join('|');
+    const afterStatusText = this.ariaStateAfter.statusRoles.map(r => r.text).join('|');
+    if (beforeStatusText !== afterStatusText) {
+      return true;
+    }
+    // Check if aria-busy state changed
+    const beforeBusy = this.ariaStateBefore.ariaBusyElements.length;
+    const afterBusy = this.ariaStateAfter.ariaBusyElements.length;
+    if (beforeBusy !== afterBusy) {
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Check if ARIA announcement should have occurred but didn't
+   */
+  detectMissingAnnouncement(eventType) {
+    // eventType: 'submit', 'network_success', 'network_error', 'validation_error', etc
+    // These meaningful events should typically trigger ARIA announcements
+    if (!this.ariaStateBefore || !this.ariaStateAfter) {
+      return false;
+    }
+    // Check if any live region exists (at least one should for accessibility)
+    const hasLiveRegion = this.ariaStateAfter.liveRegions.length > 0;
+    const hasStatus = this.ariaStateAfter.statusRoles.length > 0;
+    if (!hasLiveRegion && !hasStatus) {
+      return true; // No ARIA announcement mechanism present
+    }
+    // Check if announcement actually changed
+    const ariaChanged = this.detectAriaChange();
+    // For meaningful events, ARIA should have changed
+    if (!ariaChanged && (eventType === 'submit' || eventType === 'network_success' || eventType === 'network_error')) {
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get ARIA diff for evidence
+   */
+  getAriaDiff() {
+    return {
+      before: this.ariaStateBefore,
+      after: this.ariaStateAfter,
+      changed: this.detectAriaChange()
+    };
+  }
+}

package/src/verax/observe/browser.js CHANGED Viewed

@@ -1,6 +1,5 @@
 import { chromium } from 'playwright';
-const STABLE_WAIT_MS = 2000;
+import { DEFAULT_SCAN_BUDGET } from '../shared/scan-budget.js';
 export async function createBrowser() {
   const browser = await chromium.launch({ headless: true });
@@ -11,9 +10,15 @@ export async function createBrowser() {
   return { browser, page };
 }
-export async function navigateToUrl(page, url) {
-  await page.goto(url, { waitUntil: 'networkidle', timeout: 30000 });
-  await page.waitForTimeout(STABLE_WAIT_MS);
+export async function navigateToUrl(page, url, scanBudget = DEFAULT_SCAN_BUDGET) {
+  let stableWait = scanBudget.navigationStableWaitMs;
+  try {
+    if (url.startsWith('file:') || url.includes('localhost:') || url.includes('127.0.0.1')) {
+      stableWait = 200; // Short wait for local fixtures
+    }
+  } catch {}
+  await page.goto(url, { waitUntil: 'networkidle', timeout: scanBudget.initialNavigationTimeoutMs });
+  await page.waitForTimeout(stableWait);
 }
 export async function closeBrowser(browser) {

package/src/verax/observe/console-sensor.js CHANGED Viewed

@@ -104,7 +104,7 @@ export class ConsoleSensor {
   /**
    * Stop monitoring and return a summary for the window.
    */
-  async stopWindow(windowId, page) {
+  stopWindow(windowId, page) {
     const state = this.windows.get(windowId);
     if (!state) {
       return this.getEmptySummary();
@@ -112,22 +112,6 @@ export class ConsoleSensor {
     state.cleanup();
-    // Collect any unhandled rejections that were captured
-    let capturedRejections = [];
-    try {
-      capturedRejections = await page.evaluate(() => {
-        return window.__unhandledRejections || [];
-      });
-    } catch {
-      // Page may not have this
-    }
-    // Merge captured rejections with ones we heard about
-    state.unhandledRejections = [
-      ...state.unhandledRejections,
-      ...capturedRejections
-    ].slice(0, this.maxErrorsToKeep);
     const summary = {
       windowId,
       errorCount: state.consoleErrors.length + state.pageErrors.length,

package/src/verax/observe/domain-boundary.js CHANGED Viewed

@@ -1,7 +1,10 @@
 export function getBaseOrigin(url) {
   try {
     const urlObj = new URL(url);
-    return `${urlObj.protocol}//${urlObj.host}${urlObj.port ? `:${urlObj.port}` : ''}`;
+    if (urlObj.protocol === 'file:') {
+      return 'file://';
+    }
+    return urlObj.origin;
   } catch (error) {
     return null;
   }
@@ -12,6 +15,12 @@ export function isExternalUrl(url, baseOrigin) {
   try {
     const urlObj = new URL(url);
+    // Special-case file protocol: treat all file:// URLs as same-origin
+    const isFileProtocol = urlObj.protocol === 'file:';
+    const baseIsFile = baseOrigin.startsWith('file:');
+    if (isFileProtocol && baseIsFile) {
+      return false;
+    }
     const urlOrigin = urlObj.origin;
     return urlOrigin !== baseOrigin;
   } catch (error) {