npm - @veraxhq/verax - Versions diffs - 0.1.0 → 0.2.0 - Mend

@veraxhq/verax 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/README.md +123 -88
package/bin/verax.js +11 -452
package/package.json +14 -36
package/src/cli/commands/default.js +523 -0
package/src/cli/commands/doctor.js +165 -0
package/src/cli/commands/inspect.js +109 -0
package/src/cli/commands/run.js +402 -0
package/src/cli/entry.js +196 -0
package/src/cli/util/atomic-write.js +37 -0
package/src/cli/util/detection-engine.js +296 -0
package/src/cli/util/env-url.js +33 -0
package/src/cli/util/errors.js +44 -0
package/src/cli/util/events.js +34 -0
package/src/cli/util/expectation-extractor.js +378 -0
package/src/cli/util/findings-writer.js +31 -0
package/src/cli/util/idgen.js +87 -0
package/src/cli/util/learn-writer.js +39 -0
package/src/cli/util/observation-engine.js +366 -0
package/src/cli/util/observe-writer.js +25 -0
package/src/cli/util/paths.js +29 -0
package/src/cli/util/project-discovery.js +277 -0
package/src/cli/util/project-writer.js +26 -0
package/src/cli/util/redact.js +128 -0
package/src/cli/util/run-id.js +30 -0
package/src/cli/util/summary-writer.js +32 -0
package/src/verax/cli/ci-summary.js +35 -0
package/src/verax/cli/context-explanation.js +89 -0
package/src/verax/cli/doctor.js +277 -0
package/src/verax/cli/error-normalizer.js +154 -0
package/src/verax/cli/explain-output.js +105 -0
package/src/verax/cli/finding-explainer.js +130 -0
package/src/verax/cli/init.js +237 -0
package/src/verax/cli/run-overview.js +163 -0
package/src/verax/cli/url-safety.js +101 -0
package/src/verax/cli/wizard.js +98 -0
package/src/verax/cli/zero-findings-explainer.js +57 -0
package/src/verax/cli/zero-interaction-explainer.js +127 -0
package/src/verax/core/action-classifier.js +86 -0
package/src/verax/core/budget-engine.js +218 -0
package/src/verax/core/canonical-outcomes.js +157 -0
package/src/verax/core/decision-snapshot.js +335 -0
package/src/verax/core/determinism-model.js +403 -0
package/src/verax/core/incremental-store.js +237 -0
package/src/verax/core/invariants.js +356 -0
package/src/verax/core/promise-model.js +230 -0
package/src/verax/core/replay-validator.js +350 -0
package/src/verax/core/replay.js +222 -0
package/src/verax/core/run-id.js +175 -0
package/src/verax/core/run-manifest.js +99 -0
package/src/verax/core/silence-impact.js +369 -0
package/src/verax/core/silence-model.js +521 -0
package/src/verax/detect/comparison.js +2 -34
package/src/verax/detect/confidence-engine.js +764 -329
package/src/verax/detect/detection-engine.js +293 -0
package/src/verax/detect/evidence-index.js +177 -0
package/src/verax/detect/expectation-model.js +194 -172
package/src/verax/detect/explanation-helpers.js +187 -0
package/src/verax/detect/finding-detector.js +450 -0
package/src/verax/detect/findings-writer.js +44 -8
package/src/verax/detect/flow-detector.js +366 -0
package/src/verax/detect/index.js +172 -286
package/src/verax/detect/interactive-findings.js +613 -0
package/src/verax/detect/signal-mapper.js +308 -0
package/src/verax/detect/verdict-engine.js +563 -0
package/src/verax/evidence-index-writer.js +61 -0
package/src/verax/index.js +90 -14
package/src/verax/intel/effect-detector.js +368 -0
package/src/verax/intel/handler-mapper.js +249 -0
package/src/verax/intel/index.js +281 -0
package/src/verax/intel/route-extractor.js +280 -0
package/src/verax/intel/ts-program.js +256 -0
package/src/verax/intel/vue-navigation-extractor.js +579 -0
package/src/verax/intel/vue-router-extractor.js +323 -0
package/src/verax/learn/action-contract-extractor.js +335 -101
package/src/verax/learn/ast-contract-extractor.js +95 -5
package/src/verax/learn/flow-extractor.js +172 -0
package/src/verax/learn/manifest-writer.js +97 -47
package/src/verax/learn/project-detector.js +40 -0
package/src/verax/learn/route-extractor.js +27 -96
package/src/verax/learn/state-extractor.js +212 -0
package/src/verax/learn/static-extractor-navigation.js +114 -0
package/src/verax/learn/static-extractor-validation.js +88 -0
package/src/verax/learn/static-extractor.js +112 -4
package/src/verax/learn/truth-assessor.js +24 -21
package/src/verax/observe/aria-sensor.js +211 -0
package/src/verax/observe/browser.js +10 -5
package/src/verax/observe/console-sensor.js +1 -17
package/src/verax/observe/domain-boundary.js +10 -1
package/src/verax/observe/expectation-executor.js +512 -0
package/src/verax/observe/flow-matcher.js +143 -0
package/src/verax/observe/focus-sensor.js +196 -0
package/src/verax/observe/human-driver.js +643 -275
package/src/verax/observe/index.js +908 -27
package/src/verax/observe/index.js.backup +1 -0
package/src/verax/observe/interaction-discovery.js +365 -14
package/src/verax/observe/interaction-runner.js +563 -198
package/src/verax/observe/loading-sensor.js +139 -0
package/src/verax/observe/navigation-sensor.js +255 -0
package/src/verax/observe/network-sensor.js +55 -7
package/src/verax/observe/observed-expectation-deriver.js +186 -0
package/src/verax/observe/observed-expectation.js +305 -0
package/src/verax/observe/page-frontier.js +234 -0
package/src/verax/observe/settle.js +37 -17
package/src/verax/observe/state-sensor.js +389 -0
package/src/verax/observe/timing-sensor.js +228 -0
package/src/verax/observe/traces-writer.js +61 -20
package/src/verax/observe/ui-signal-sensor.js +136 -17
package/src/verax/scan-summary-writer.js +77 -15
package/src/verax/shared/artifact-manager.js +110 -8
package/src/verax/shared/budget-profiles.js +136 -0
package/src/verax/shared/ci-detection.js +39 -0
package/src/verax/shared/config-loader.js +170 -0
package/src/verax/shared/dynamic-route-utils.js +218 -0
package/src/verax/shared/expectation-coverage.js +44 -0
package/src/verax/shared/expectation-prover.js +81 -0
package/src/verax/shared/expectation-tracker.js +201 -0
package/src/verax/shared/expectations-writer.js +60 -0
package/src/verax/shared/first-run.js +44 -0
package/src/verax/shared/progress-reporter.js +171 -0
package/src/verax/shared/retry-policy.js +14 -1
package/src/verax/shared/root-artifacts.js +49 -0
package/src/verax/shared/scan-budget.js +86 -0
package/src/verax/shared/url-normalizer.js +162 -0
package/src/verax/shared/zip-artifacts.js +65 -0
package/src/verax/validate/context-validator.js +244 -0
package/src/verax/validate/context-validator.js.bak +0 -0

package/src/verax/observe/interaction-runner.js CHANGED Viewed

@@ -2,30 +2,44 @@ import { resolve } from 'path';
 import { captureScreenshot } from './evidence-capture.js';
 import { isExternalUrl } from './domain-boundary.js';
 import { captureDomSignature } from './dom-signature.js';
-import { waitForSettle } from './settle.js';
 import { NetworkSensor } from './network-sensor.js';
 import { ConsoleSensor } from './console-sensor.js';
 import { UISignalSensor } from './ui-signal-sensor.js';
-import { StateUISensor } from './state-ui-sensor.js';
+import { StateSensor } from './state-sensor.js';
+import { NavigationSensor } from './navigation-sensor.js';
+import { LoadingSensor } from './loading-sensor.js';
+import { FocusSensor } from './focus-sensor.js';
+import { AriaSensor } from './aria-sensor.js';
+import { TimingSensor } from './timing-sensor.js';
+import { HumanBehaviorDriver } from './human-driver.js';
+import { DEFAULT_SCAN_BUDGET } from '../shared/scan-budget.js';
-const INTERACTION_TIMEOUT_MS = 10000;
-const NAVIGATION_TIMEOUT_MS = 15000;
-const STABILIZATION_SAMPLE_MID_MS = 500;
-const STABILIZATION_SAMPLE_END_MS = 1500;
-// Runtime truth sensors for silent failure detection
-const networkSensor = new NetworkSensor();
-const consoleSensor = new ConsoleSensor();
-const uiSignalSensor = new UISignalSensor();
-const stateUISensor = new StateUISensor();
-function markTimeoutPolicy(trace, phase) {
+/**
+ * SILENCE TRACKING: Mark timeout and record to silence tracker.
+ * Timeouts are a form of silence - interaction attempted but outcome unknown.
+ */
+function markTimeoutPolicy(trace, phase, silenceTracker = null) {
   trace.policy = {
     ...(trace.policy || {}),
     timeout: true,
     reason: 'interaction_timeout',
     phase
   };
+  // Track timeout as silence if tracker provided
+  if (silenceTracker) {
+    silenceTracker.record({
+      scope: 'interaction',
+      reason: phase === 'navigation' ? 'navigation_timeout' : 'interaction_timeout',
+      description: `Timeout during ${phase} - outcome unknown`,
+      context: {
+        interaction: trace.interaction,
+        phase,
+        url: trace.before?.url
+      },
+      impact: 'unknown_behavior'
+    });
+  }
 }
 function computeDomChangedDuringSettle(samples) {
@@ -35,7 +49,7 @@ function computeDomChangedDuringSettle(samples) {
   return samples[0] !== samples[1] || samples[1] !== samples[2];
 }
-async function captureSettledDom(page) {
+async function captureSettledDom(page, scanBudget) {
   const samples = [];
   const sampleDom = async () => {
@@ -43,11 +57,22 @@ async function captureSettledDom(page) {
     samples.push(hash);
   };
+  // Use shorter stabilization for file:// fixtures but preserve async capture (700ms)
+  const isFile = (() => {
+    try { return (page.url() || '').startsWith('file:'); } catch { return false; }
+  })();
+  const midDelay = isFile ? 200 : Math.min(300, scanBudget.stabilizationSampleMidMs);
+  const endDelay = isFile ? 800 : Math.min(900, scanBudget.stabilizationSampleEndMs);
+  const networkDelay = isFile ? 100 : Math.min(400, scanBudget.networkWaitMs);
   await sampleDom();
-  await page.waitForTimeout(STABILIZATION_SAMPLE_MID_MS);
+  await page.waitForTimeout(midDelay);
   await sampleDom();
-  await page.waitForTimeout(STABILIZATION_SAMPLE_END_MS - STABILIZATION_SAMPLE_MID_MS);
+  await page.waitForTimeout(Math.max(0, endDelay - midDelay));
   await sampleDom();
+  // NETWORK INTELLIGENCE: Wait a bit longer to ensure slow requests complete
+  await page.waitForTimeout(networkDelay);
   const domChangedDuringSettle = computeDomChangedDuringSettle(samples);
@@ -58,12 +83,16 @@ async function captureSettledDom(page) {
   };
 }
-export async function runInteraction(page, interaction, timestamp, i, screenshotsDir, baseOrigin, startTime, maxDurationMs) {
+export async function runInteraction(page, interaction, timestamp, i, screenshotsDir, baseOrigin, startTime, scanBudget, flowContext = null, silenceTracker = null) {
   const trace = {
     interaction: {
       type: interaction.type,
       selector: interaction.selector,
-      label: interaction.label
+      label: interaction.label,
+      href: interaction.href || null,
+      dataHref: interaction.dataHref || null,
+      text: interaction.text || null,
+      formAction: interaction.formAction || null
     },
     before: {
       url: '',
@@ -72,18 +101,61 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
     after: {
       url: '',
       screenshot: ''
-    }
+    },
+    sensors: {},
+    humanDriver: true // Flag indicating human driver was used
   };
-  // Declare window IDs outside try block so they're available in catch
+  // Add flow context if provided
+  if (flowContext) {
+    trace.flow = {
+      flowId: flowContext.flowId,
+      stepIndex: flowContext.stepIndex,
+      startedAtInteraction: flowContext.startedAtInteraction,
+      startedAt: flowContext.startedAt,
+      interactionId: i
+    };
+  }
+  const networkSensor = new NetworkSensor();
+  const consoleSensor = new ConsoleSensor();
+  const uiSignalSensor = new UISignalSensor();
+  const stateSensor = new StateSensor();
+  const navigationSensor = new NavigationSensor();
+  const loadingSensor = new LoadingSensor({ loadingTimeout: 5000 });
+  const focusSensor = new FocusSensor();
+  const ariaSensor = new AriaSensor();
+  const timingSensor = new TimingSensor({
+    feedbackGapThresholdMs: 1500,
+    freezeLikeThresholdMs: 3000
+  });
+  const humanDriver = new HumanBehaviorDriver({}, scanBudget);
   let networkWindowId = null;
   let consoleWindowId = null;
-  let uiSignalsBefore = null;
-  let stateUiBefore = null;
+  let stateSensorActive = false;
+  let loadingWindowData = null;
+  let uiBefore = {};
+  let stateBefore = null;
+  let sessionStateBefore = null;
   try {
-    if (Date.now() - startTime > maxDurationMs) {
+    // Capture session state before interaction for auth-aware interactions
+    if (interaction.type === 'login' || interaction.type === 'logout') {
+      sessionStateBefore = await humanDriver.captureSessionState(page);
+    }
+    if (Date.now() - startTime > scanBudget.maxScanDurationMs) {
       trace.policy = { timeout: true, reason: 'max_scan_duration_exceeded' };
+      trace.sensors = {
+        network: networkSensor.getEmptySummary(),
+        console: consoleSensor.getEmptySummary(),
+        uiSignals: {
+          before: {},
+          after: {},
+          diff: { changed: false, explanation: '', summary: {} }
+        }
+      };
       return trace;
     }
@@ -91,75 +163,46 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
     const beforeScreenshot = resolve(screenshotsDir, `before-${timestamp}-${i}.png`);
     await captureScreenshot(page, beforeScreenshot);
     const beforeDomHash = await captureDomSignature(page);
-    // Capture UI signals before interaction
-    try {
-      uiSignalsBefore = await uiSignalSensor.snapshot(page);
-    } catch (e) {
-      // If snapshot fails (e.g., page mock incomplete), use empty object
-      uiSignalsBefore = {
-        hasLoadingIndicator: false,
-        hasDialog: false,
-        hasErrorSignal: false,
-        explanation: []
-      };
-    }
-    // Capture state UI signals before interaction (Wave 8)
-    try {
-      stateUiBefore = await stateUISensor.snapshot(page);
-    } catch (e) {
-      // If snapshot fails, use empty object
-      stateUiBefore = {
-        signals: {
-          dialogs: [],
-          expandedElements: [],
-          selectedTabs: [],
-          checkedElements: [],
-          alerts: []
-        },
-        rawSnapshot: {}
-      };
-    }
+    const beforeTitle = typeof page.title === 'function' ? await page.title().catch(() => null) : (page.title || null);
     trace.before.url = beforeUrl;
     trace.before.screenshot = `screenshots/before-${timestamp}-${i}.png`;
     if (beforeDomHash) {
       trace.dom = { beforeHash: beforeDomHash };
     }
-     // Capture sourceRef and handlerRef if present (Wave 5/6 — Action Contracts)
-     let sourceRef = null;
-     let handlerRef = null;
-     try {
-       sourceRef = await interaction.element.getAttribute('data-verax-source');
-     } catch (e) {
-       // Element may not have the attribute
-     }
-     try {
-       handlerRef = await interaction.element.getAttribute('data-verax-handler');
-     } catch (e) {
-       // Element may not have the attribute
-     }
-     if (sourceRef || handlerRef) {
-       trace.meta = {
-         ...(trace.meta || {}),
-         ...(sourceRef ? { sourceRef } : {}),
-         ...(handlerRef ? { handlerRef } : {})
-       };
-     }
+    if (!trace.page) {
+      trace.page = {};
+    }
+    trace.page.beforeTitle = beforeTitle;
-    // Initialize sensors for this interaction
-    try {
-      networkWindowId = networkSensor.startWindow(page);
-      consoleWindowId = consoleSensor.startWindow(page);
-    } catch (e) {
-      // If sensors fail to initialize (e.g., in test environments with incomplete mocks),
-      // continue without them - they'll be gracefully handled with null checks
-      networkWindowId = null;
-      consoleWindowId = null;
+    uiBefore = await uiSignalSensor.snapshot(page).catch(() => ({}));
+    // A11Y INTELLIGENCE: Capture focus and ARIA state before interaction
+    await focusSensor.captureBefore(page);
+    await ariaSensor.captureBefore(page);
+    // PERFORMANCE INTELLIGENCE: Start timing sensor
+    timingSensor.startTiming();
+    // NAVIGATION INTELLIGENCE v2: Inject tracking script and start navigation sensor
+    await navigationSensor.injectTrackingScript(page);
+    const navigationWindowId = navigationSensor.startWindow(page);
+    // STATE INTELLIGENCE: Detect and activate state sensor if supported stores found
+    const stateDetection = await stateSensor.detect(page);
+    stateSensorActive = stateDetection.detected;
+    if (stateSensorActive) {
+      await stateSensor.captureBefore(page);
     }
+    networkWindowId = networkSensor.startWindow(page);
+    consoleWindowId = consoleSensor.startWindow(page);
+    // ASYNC INTELLIGENCE: Start loading sensor for async detection
+    loadingWindowData = loadingSensor.startWindow(page);
+    const loadingWindowId = loadingWindowData.windowId;
+    const loadingState = loadingWindowData.state;
     if (interaction.isExternal && interaction.type === 'link') {
       const href = await interaction.element.getAttribute('href');
       const resolvedUrl = href.startsWith('http') ? href : new URL(href, beforeUrl).href;
@@ -169,17 +212,7 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
         blockedUrl: resolvedUrl
       };
-      // Stop sensors even on external navigation
-      let networkSummary = null;
-      let consoleSummary = null;
-      if (networkWindowId !== null) {
-        networkSummary = networkSensor.stopWindow(networkWindowId);
-      }
-      if (consoleWindowId !== null) {
-        consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
-      }
-      const { settleResult, afterUrl } = await captureAfterState(page, screenshotsDir, timestamp, i, trace);
+      const { settleResult, afterUrl } = await captureAfterState(page, screenshotsDir, timestamp, i, trace, scanBudget);
       trace.after.url = afterUrl;
       trace.after.screenshot = `screenshots/after-${timestamp}-${i}.png`;
       if (!trace.dom) {
@@ -193,56 +226,286 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
         domChangedDuringSettle: settleResult.domChangedDuringSettle
       };
-      // Add sensor evidence to trace
+      const networkSummary = networkSensor.stopWindow(networkWindowId);
+      const consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
+      const uiAfter = await uiSignalSensor.snapshot(page);
+      const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
+      // STATE INTELLIGENCE: Capture after state and compute diff
+      let stateDiff = { changed: [], available: false };
+      let storeType = null;
+      if (stateSensorActive) {
+        await stateSensor.captureAfter(page);
+        stateDiff = stateSensor.getDiff();
+        storeType = stateSensor.activeType; // Store before cleanup
+        stateSensor.cleanup();
+      }
       trace.sensors = {
         network: networkSummary,
-        console: consoleSummary
+        console: consoleSummary,
+        uiSignals: {
+          before: uiBefore,
+          after: uiAfter,
+          diff: uiDiff
+        },
+        state: {
+          available: stateDiff.available,
+          changed: stateDiff.changed,
+          storeType: storeType
+        }
       };
       return trace;
     }
-    const clickPromise = interaction.element.click({ timeout: INTERACTION_TIMEOUT_MS });
-    const shouldWaitForNavigation = interaction.type === 'link' || interaction.type === 'form';
-    const navigationPromise = shouldWaitForNavigation
-      ? page.waitForNavigation({ timeout: NAVIGATION_TIMEOUT_MS, waitUntil: 'domcontentloaded' })
+    // REAL USER SIMULATION: Use human driver for all interactions
+    const locator = interaction.element;
+    // On file:// origins, avoid long navigation waits for simple link clicks
+    const isFileOrigin = baseOrigin && baseOrigin.startsWith('file:');
+    const shouldWaitForNavigation = (interaction.type === 'link' || interaction.type === 'form') && !isFileOrigin;
+    let navigationResult = null;
+    try {
+      if (shouldWaitForNavigation) {
+        navigationResult = page.waitForNavigation({ timeout: scanBudget.navigationTimeoutMs, waitUntil: 'domcontentloaded' })
           .catch((error) => {
             if (error && error.name === 'TimeoutError') {
-              markTimeoutPolicy(trace, 'navigation');
+              markTimeoutPolicy(trace, 'navigation', silenceTracker);
             }
             return null;
-          })
-      : null;
+          });
+      }
-    try {
-      await Promise.race([
-        clickPromise,
-        new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')),
-          INTERACTION_TIMEOUT_MS))
-      ]);
+      if (interaction.type === 'login') {
+        // Login form submission: fill with deterministic credentials and submit
+        const loginResult = await humanDriver.executeLogin(page, locator);
+        const sessionStateAfter = await humanDriver.captureSessionState(page);
+        trace.login = {
+          submitted: loginResult.submitted,
+          found: loginResult.found !== false,
+          redirected: loginResult.redirected,
+          url: loginResult.url,
+          storageChanged: loginResult.storageChanged,
+          cookiesChanged: loginResult.cookiesChanged,
+          beforeStorage: loginResult.beforeStorage || [],
+          afterStorage: loginResult.afterStorage || []
+        };
+        trace.session = sessionStateAfter;
+        trace.interactionType = 'login';
+        shouldWaitForNavigation = loginResult.redirected && !isFileOrigin;
+        if (shouldWaitForNavigation && !navigationResult) {
+          navigationResult = page.waitForNavigation({ timeout: scanBudget.navigationTimeoutMs, waitUntil: 'domcontentloaded' })
+            .catch(() => null);
+        }
+      } else if (interaction.type === 'logout') {
+        // Logout action: click logout and observe session changes
+        const logoutResult = await humanDriver.executeLogout(page, locator);
+        const sessionStateAfter = await humanDriver.captureSessionState(page);
+        trace.logout = {
+          clicked: logoutResult.clicked,
+          found: logoutResult.found !== false,
+          redirected: logoutResult.redirected,
+          url: logoutResult.url,
+          storageChanged: logoutResult.storageChanged,
+          cookiesChanged: logoutResult.cookiesChanged,
+          beforeStorage: logoutResult.beforeStorage || [],
+          afterStorage: logoutResult.afterStorage || []
+        };
+        trace.session = sessionStateAfter;
+        trace.interactionType = 'logout';
+        shouldWaitForNavigation = logoutResult.redirected && !isFileOrigin;
+        if (shouldWaitForNavigation && !navigationResult) {
+          navigationResult = page.waitForNavigation({ timeout: scanBudget.navigationTimeoutMs, waitUntil: 'domcontentloaded' })
+            .catch(() => null);
+        }
+      } else if (interaction.type === 'form') {
+        // Form submission: fill fields first, then submit
+        const fillResult = await humanDriver.fillFormFields(page, locator);
+        if (fillResult.filled && fillResult.filled.length > 0) {
+          trace.humanDriverFilled = fillResult.filled;
+        }
+        if (fillResult.reason) {
+          trace.humanDriverSkipReason = fillResult.reason;
+        }
+        // Submit form using human driver
+        const submitResult = await humanDriver.submitForm(page, locator);
+        trace.humanDriverSubmitted = submitResult.submitted;
+        trace.humanDriverAttempts = submitResult.attempts;
+      } else if (interaction.type === 'keyboard') {
+        // Keyboard navigation: perform full keyboard sweep
+        const keyboardResult = await humanDriver.performKeyboardNavigation(page, 12);
+        trace.keyboard = {
+          focusOrder: keyboardResult.focusOrder,
+          actions: keyboardResult.actions,
+          attemptedTabs: keyboardResult.attemptedTabs
+        };
+        trace.interactionType = 'keyboard';
+      } else if (interaction.type === 'hover') {
+        // Hover interaction: hover and observe DOM changes
+        const hoverResult = await humanDriver.hoverAndObserve(page, locator);
+        // Capture DOM before/after for hover
+        const beforeDom = await page.evaluate(() => document.body ? document.body.innerHTML.length : 0);
+        await page.waitForTimeout(200);
+        const afterDom = await page.evaluate(() => document.body ? document.body.innerHTML.length : 0);
+        const visiblePopups = await page.evaluate(() => {
+          const popups = Array.from(document.querySelectorAll('[role="menu"], [role="dialog"], .dropdown, .popup, [aria-haspopup]'));
+          return popups.filter(el => {
+            const style = window.getComputedStyle(el);
+            return style.display !== 'none' && style.visibility !== 'hidden';
+          }).length;
+        }).catch(() => 0);
+        trace.hover = {
+          selector: hoverResult.selector,
+          revealed: hoverResult.revealed,
+          domChanged: beforeDom !== afterDom,
+          popupsRevealed: visiblePopups
+        };
+        trace.interactionType = 'hover';
+      } else if (interaction.type === 'file_upload') {
+        // File upload: attach test file using ensureUploadFixture
+        const uploadResult = await humanDriver.uploadFile(page, locator);
+        trace.fileUpload = uploadResult;
+        trace.interactionType = 'file_upload';
+      } else if (interaction.type === 'auth_guard') {
+        // Auth guard: check protected route access
+        const href = interaction.href || (await locator.getAttribute('href').catch(() => null));
+        if (href) {
+          const currentUrl = page.url();
+          const fullUrl = href.startsWith('http') ? href : new URL(href, currentUrl).href;
+          const guardResult = await humanDriver.checkProtectedRoute(page, fullUrl);
+          const sessionStateAfter = await humanDriver.captureSessionState(page);
+          trace.authGuard = {
+            url: guardResult.url,
+            isProtected: guardResult.isProtected,
+            redirectedToLogin: guardResult.redirectedToLogin,
+            hasAccessDenied: guardResult.hasAccessDenied,
+            httpStatus: guardResult.httpStatus,
+            beforeUrl: guardResult.beforeUrl,
+            afterUrl: guardResult.afterUrl
+          };
+          trace.session = sessionStateAfter;
+          trace.interactionType = 'auth_guard';
+          // Navigate back to original page if redirected
+          if (guardResult.afterUrl !== guardResult.beforeUrl) {
+            await page.goto(beforeUrl, { waitUntil: 'domcontentloaded', timeout: CLICK_TIMEOUT_MS }).catch(() => null);
+          }
+        }
+      } else {
+        // Click/link: use human driver click
+        const clickResult = await humanDriver.clickElement(page, locator);
+        trace.humanDriverClicked = clickResult.clicked;
+      }
+      // PERFORMANCE INTELLIGENCE: Capture periodic timing snapshots after interaction
+      // Check for feedback signals at intervals
+      if (timingSensor && timingSensor.t0) {
+        // Capture snapshot immediately after interaction
+        await timingSensor.captureTimingSnapshot(page);
+        // Wait a bit and capture again to catch delayed feedback
+        await page.waitForTimeout(300);
+        await timingSensor.captureTimingSnapshot(page);
+        // Wait longer for slow feedback
+        await page.waitForTimeout(1200);
+        await timingSensor.captureTimingSnapshot(page);
+        // Record UI change if detected
+        if (uiSignalSensor) {
+          const currentUi = await uiSignalSensor.snapshot(page).catch(() => ({}));
+          const currentDiff = uiSignalSensor.diff(uiBefore, currentUi);
+          if (currentDiff.changed) {
+            timingSensor.recordUiChange();
+          }
+        }
+      }
+      if (navigationResult) {
+        navigationResult = await navigationResult;
+      }
     } catch (error) {
       if (error.message === 'timeout' || error.name === 'TimeoutError') {
-        // Stop sensors on timeout
+        markTimeoutPolicy(trace, 'click', silenceTracker);
+        await captureAfterOnly(page, screenshotsDir, timestamp, i, trace);
         if (networkWindowId !== null) {
-          networkSensor.stopWindow(networkWindowId);
+          const networkSummary = networkSensor.stopWindow(networkWindowId);
+          trace.sensors.network = networkSummary;
+        } else {
+          trace.sensors.network = networkSensor.getEmptySummary();
+          // Track sensor silence when empty summary is used
+          if (silenceTracker) {
+            silenceTracker.record({
+              scope: 'sensor',
+              reason: 'sensor_unavailable',
+              description: 'Network sensor data unavailable (window not started)',
+              context: {
+                interaction: trace.interaction,
+                sensor: 'network'
+              },
+              impact: 'incomplete_check'
+            });
+          }
         }
         if (consoleWindowId !== null) {
-          consoleSensor.stopWindow(consoleWindowId, page);
+          const consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
+          trace.sensors.console = consoleSummary;
+        } else {
+          trace.sensors.console = consoleSensor.getEmptySummary();
+          // Track sensor silence when empty summary is used
+          if (silenceTracker) {
+            silenceTracker.record({
+              scope: 'sensor',
+              reason: 'sensor_unavailable',
+              description: 'Console sensor data unavailable (window not started)',
+              context: {
+                interaction: trace.interaction,
+                sensor: 'console'
+              },
+              impact: 'incomplete_check'
+            });
+          }
         }
-        markTimeoutPolicy(trace, 'click');
-        await captureAfterOnly(page, screenshotsDir, timestamp, i, trace);
+        const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+        const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
+        // STATE INTELLIGENCE: Capture after state and compute diff
+        let stateDiff = { changed: [], available: false };
+        let storeType = null;
+        if (stateSensorActive) {
+          await stateSensor.captureAfter(page);
+          stateDiff = stateSensor.getDiff();
+          storeType = stateSensor.activeType;
+          stateSensor.cleanup();
+        }
+        trace.sensors.uiSignals = {
+          before: uiBefore,
+          after: uiAfter,
+          diff: uiDiff
+        };
+        trace.sensors.state = {
+          available: stateDiff.available,
+          changed: stateDiff.changed,
+          storeType: storeType
+        };
         return trace;
       }
       throw error;
     }
-    const navigationResult = navigationPromise ? await navigationPromise : null;
     if (navigationResult) {
       const afterUrl = page.url();
       if (isExternalUrl(afterUrl, baseOrigin)) {
-        await page.goBack({ timeout: NAVIGATION_TIMEOUT_MS }).catch(() => {});
+        await page.goBack({ timeout: scanBudget.navigationTimeoutMs }).catch(() => {});
         trace.policy = {
           ...(trace.policy || {}),
           externalNavigationBlocked: true,
@@ -251,47 +514,7 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
       }
     }
-    const { settleResult, afterUrl } = await captureAfterState(page, screenshotsDir, timestamp, i, trace);
-    // Stop sensors after interaction settled
-    const networkSummary = networkWindowId !== null ? networkSensor.stopWindow(networkWindowId) : null;
-    const consoleSummary = consoleWindowId !== null ? consoleSensor.stopWindow(consoleWindowId, page) : null;
-    let uiSignalsAfter = null;
-    let uiSignalChanges = null;
-    let stateUIAfter = null;
-    let stateUIChanges = null;
-    try {
-      uiSignalsAfter = await uiSignalSensor.snapshot(page);
-      uiSignalChanges = uiSignalSensor.diff(uiSignalsBefore, uiSignalsAfter);
-    } catch (e) {
-      // If snapshot fails, use empty objects
-      uiSignalsAfter = {
-        hasLoadingIndicator: false,
-        hasDialog: false,
-        hasErrorSignal: false,
-        explanation: []
-      };
-      uiSignalChanges = { changed: false, explanation: '', summary: [] };
-    }
-    // Capture state UI after interaction (Wave 8)
-    try {
-      stateUIAfter = await stateUISensor.snapshot(page);
-      stateUIChanges = stateUISensor.diff(stateUiBefore, stateUIAfter);
-    } catch (e) {
-      stateUIAfter = {
-        signals: {
-          dialogs: [],
-          expandedElements: [],
-          selectedTabs: [],
-          checkedElements: [],
-          alerts: []
-        },
-        rawSnapshot: {}
-      };
-      stateUIChanges = { changed: false, reasons: [] };
-    }
+    const { settleResult, afterUrl } = await captureAfterState(page, screenshotsDir, timestamp, i, trace, scanBudget);
     trace.after.url = afterUrl;
     trace.after.screenshot = `screenshots/after-${timestamp}-${i}.png`;
     if (!trace.dom) {
@@ -305,69 +528,211 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
       domChangedDuringSettle: settleResult.domChangedDuringSettle
     };
-    // Add sensor evidence to trace
+    // Capture after page title
+    const afterTitle = typeof page.title === 'function' ? await page.title().catch(() => null) : (page.title || null);
+    if (!trace.page) {
+      trace.page = {};
+    }
+    trace.page.afterTitle = afterTitle;
+    const networkSummary = networkSensor.stopWindow(networkWindowId);
+    const consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
+    const navigationSummary = await navigationSensor.stopWindow(navigationWindowId, page);
+    const loadingSummary = await loadingSensor.stopWindow(loadingWindowId, loadingState);
+    // PERFORMANCE INTELLIGENCE: Analyze timing for feedback gaps
+    if (networkSummary && networkSummary.totalRequests > 0) {
+      timingSensor.analyzeNetworkSummary(networkSummary);
+    }
+    if (loadingSummary && loadingSummary.hasLoadingIndicators && loadingState) {
+      // Record loading start - use the timestamp when loading was detected
+      // loadingState.loadingStartTime is set when loading indicators first appear
+      if (loadingState.loadingStartTime) {
+        timingSensor.recordLoadingStart(loadingState.loadingStartTime);
+      } else {
+        // Fallback: estimate based on interaction start
+        timingSensor.recordLoadingStart();
+      }
+    }
+    const timingAnalysis = timingSensor.getTimingAnalysis();
+    // Capture HTTP status from network summary
+    // Network sensor summary doesn't include full requests Map, but provides:
+    // - failedRequests count
+    // - topFailedUrls array
+    // - totalRequests count
+    if (networkSummary) {
+      if (!trace.page) {
+        trace.page = {};
+      }
+      // If navigation completed and we have network activity, check for errors
+      if (networkSummary.topFailedUrls && networkSummary.topFailedUrls.length > 0) {
+        // Check if the failed URL matches our destination
+        const failedMatch = networkSummary.topFailedUrls.find(failed => {
+          try {
+            const failedUrl = new URL(failed.url);
+            const pageUrl = new URL(afterUrl);
+            return failedUrl.pathname === pageUrl.pathname && failedUrl.origin === pageUrl.origin;
+          } catch {
+            return false;
+          }
+        });
+        if (failedMatch) {
+          // Navigation target failed with HTTP error
+          trace.page.httpStatus = failedMatch.status || 500;
+        } else if (networkSummary.totalRequests > 0 && networkSummary.failedRequests === 0) {
+          // No failures, navigation likely succeeded with 200
+          trace.page.httpStatus = 200;
+        }
+      } else if (networkSummary.totalRequests > 0 && networkSummary.failedRequests === 0) {
+        // No failed requests, navigation likely succeeded with 200
+        trace.page.httpStatus = 200;
+      } else if (navigationSummary && navigationSummary.urlChanged && !navigationSummary.blockedNavigations) {
+        // Navigation completed successfully - assume HTTP 200
+        // This is safe because Playwright's waitForNavigation only resolves on successful navigation
+        trace.page.httpStatus = 200;
+      }
+    }
+    const uiAfter = await uiSignalSensor.snapshot(page);
+    const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
+    // PERFORMANCE INTELLIGENCE: Record UI change in timing sensor if detected
+    if (timingSensor && uiDiff.changed) {
+      timingSensor.recordUiChange();
+    }
+    // A11Y INTELLIGENCE: Capture focus and ARIA state after interaction
+    await focusSensor.captureAfter(page);
+    await ariaSensor.captureAfter(page);
+    const focusDiff = focusSensor.getFocusDiff();
+    const ariaDiff = ariaSensor.getAriaDiff();
+    // STATE INTELLIGENCE: Capture after state and compute diff
+    let stateDiff = { changed: [], available: false };
+    let storeType = null;
+    if (stateSensorActive) {
+      await stateSensor.captureAfter(page);
+      stateDiff = stateSensor.getDiff();
+      storeType = stateSensor.activeType;
+      stateSensor.cleanup();
+    }
     trace.sensors = {
       network: networkSummary,
       console: consoleSummary,
+      navigation: navigationSummary, // NAVIGATION INTELLIGENCE v2: Add navigation sensor data
+      loading: loadingSummary, // ASYNC INTELLIGENCE: Add loading sensor data
+      focus: focusDiff, // A11Y INTELLIGENCE: Add focus sensor data
+      aria: ariaDiff, // A11Y INTELLIGENCE: Add ARIA sensor data
+      timing: timingAnalysis, // PERFORMANCE INTELLIGENCE: Add timing analysis
       uiSignals: {
-        before: uiSignalsBefore,
-        after: uiSignalsAfter,
-        changes: uiSignalChanges
+        before: uiBefore,
+        after: uiAfter,
+        diff: uiDiff
       },
-      stateUI: {
-        before: stateUiBefore,
-        after: stateUIAfter,
-        changed: stateUIChanges.changed,
-        reasons: stateUIChanges.reasons
+      state: {
+        available: stateDiff.available,
+        changed: stateDiff.changed,
+        storeType: storeType
       }
     };
     return trace;
   } catch (error) {
     if (error.message === 'timeout' || error.name === 'TimeoutError') {
-      // Stop sensors on timeout
+      markTimeoutPolicy(trace, 'click');
+      await captureAfterOnly(page, screenshotsDir, timestamp, i, trace);
       if (networkWindowId !== null) {
-        try {
-          networkSensor.stopWindow(networkWindowId);
-        } catch (e) {
-          // Ignore sensor cleanup errors
-        }
+        const networkSummary = networkSensor.stopWindow(networkWindowId);
+        trace.sensors.network = networkSummary;
+      } else {
+        trace.sensors.network = networkSensor.getEmptySummary();
       }
       if (consoleWindowId !== null) {
-        try {
-          consoleSensor.stopWindow(consoleWindowId, page);
-        } catch (e) {
-          // Ignore sensor cleanup errors
-        }
+        const consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
+        trace.sensors.console = consoleSummary;
+      } else {
+        trace.sensors.console = consoleSensor.getEmptySummary();
       }
-      markTimeoutPolicy(trace, 'click');
-      await captureAfterOnly(page, screenshotsDir, timestamp, i, trace);
+      const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+      const uiDiff = uiSignalSensor.diff(uiBefore || {}, uiAfter);
+      // STATE INTELLIGENCE: Capture after state and compute diff
+      let stateDiff = { changed: [], available: false };
+      let storeType = null;
+      if (stateSensorActive) {
+        await stateSensor.captureAfter(page);
+        stateDiff = stateSensor.getDiff();
+        storeType = stateSensor.activeType;
+        stateSensor.cleanup();
+      }
+      trace.sensors.uiSignals = {
+        before: uiBefore || {},
+        after: uiAfter,
+        diff: uiDiff
+      };
+      trace.sensors.state = {
+        available: stateDiff.available,
+        changed: stateDiff.changed,
+        storeType: storeType
+      };
       return trace;
     }
-    // Stop sensors on unexpected error
+    // For non-timeout errors, capture as execution error trace instead of returning null
+    trace.policy = {
+      ...(trace.policy || {}),
+      executionError: true,
+      reason: error.message
+    };
     if (networkWindowId !== null) {
-      try {
-        networkSensor.stopWindow(networkWindowId);
-      } catch (e) {
-        // Ignore sensor cleanup errors
-      }
+      trace.sensors.network = networkSensor.stopWindow(networkWindowId);
+    } else {
+      trace.sensors.network = networkSensor.getEmptySummary();
     }
     if (consoleWindowId !== null) {
-      try {
-        consoleSensor.stopWindow(consoleWindowId, page);
-      } catch (e) {
-        // Ignore sensor cleanup errors
-      }
+      trace.sensors.console = consoleSensor.stopWindow(consoleWindowId, page);
+    } else {
+      trace.sensors.console = consoleSensor.getEmptySummary();
     }
-    return null;
+    if (stateSensorActive) {
+      stateSensor.cleanup();
+      const stateDiff = stateSensor.getDiff();
+      trace.sensors.state = {
+        available: stateDiff.available,
+        changed: stateDiff.changed,
+        storeType: stateSensor.activeType
+      };
+    } else {
+      trace.sensors.state = { available: false, changed: [], storeType: null };
+    }
+    const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+    const uiDiff = uiSignalSensor.diff(uiBefore || {}, uiAfter || {});
+    trace.sensors.uiSignals = {
+      before: uiBefore || {},
+      after: uiAfter || {},
+      diff: uiDiff
+    };
+    // Best-effort after state
+    await captureAfterOnly(page, screenshotsDir, timestamp, i, trace).catch(() => {});
+    return trace;
   }
 }
-async function captureAfterState(page, screenshotsDir, timestamp, interactionIndex, trace) {
-  // Note: We don't call waitForSettle here because captureSettledDom does its own
-  // sampling to capture async updates. Calling waitForSettle would interfere.
+async function captureAfterState(page, screenshotsDir, timestamp, interactionIndex, trace, scanBudget) {
   let settleResult = {
     samples: [],
     domChangedDuringSettle: false,
@@ -375,7 +740,7 @@ async function captureAfterState(page, screenshotsDir, timestamp, interactionInd
   };
   try {
-    settleResult = await captureSettledDom(page);
+    settleResult = await captureSettledDom(page, scanBudget);
   } catch (error) {
     if (error.message === 'timeout' || error.name === 'TimeoutError') {
       markTimeoutPolicy(trace, 'settle');