@veraxhq/verax 0.1.0 → 0.2.1

package/src/verax/index.js

@@ -3,12 +3,14 @@ import { observe } from './observe/index.js';
 import { detect } from './detect/index.js';
 import { writeScanSummary } from './scan-summary-writer.js';
 import { validateRoutes } from './learn/route-validator.js';
-import { initArtifactPaths, generateRunId } from './shared/artifact-manager.js';
+import { createScanBudgetWithProfile } from './shared/budget-profiles.js';
+import { computeObservationSummary, writeEvidenceIndex } from './detect/verdict-engine.js';
+import SilenceTracker from './core/silence-model.js';
+import { generateRunId, getRunArtifactDir, getArtifactPath } from './core/run-id.js';
+import { createRunManifest, updateRunManifestHashes } from './core/run-manifest.js';
+import { computeArtifactHashes } from './core/run-id.js';
 
-export async function scan(projectDir, url, manifestPath = null, runId = null) {
-  // Generate runId for this scan if not provided
-  const scanRunId = runId || generateRunId();
-  const artifactPaths = initArtifactPaths(projectDir, scanRunId);
+export async function scan(projectDir, url, manifestPath = null, scanBudgetOverride = null, safetyFlags = {}) {
   // If manifestPath is provided, read it first before learn() overwrites it
   let loadedManifest = null;
   if (manifestPath) {
@@ -32,6 +34,7 @@ export async function scan(projectDir, url, manifestPath = null, runId = null) {
       publicRoutes: loadedManifest.publicRoutes || learnedManifest.publicRoutes,
       routes: loadedManifest.routes || learnedManifest.routes,
       internalRoutes: loadedManifest.internalRoutes || learnedManifest.internalRoutes,
+      staticExpectations: loadedManifest.staticExpectations || learnedManifest.staticExpectations,
       manifestPath: manifestPath
     };
   } else {
@@ -50,8 +53,18 @@ export async function scan(projectDir, url, manifestPath = null, runId = null) {
     manifestPath: manifest.manifestPath
   };
   
-  const validation = await validateRoutes(manifestForValidation, url);
+  let validation = await validateRoutes(manifestForValidation, url);
   
+  if (!validation) {
+    // validateRoutes might return null if routes cannot be validated
+    validation = { 
+      routesValidated: 0, 
+      routesReachable: 0, 
+      routesUnreachable: 0, 
+      details: [], 
+      warnings: []
+    };
+  }
   if (validation.warnings && validation.warnings.length > 0) {
     if (!manifest.learnTruth.warnings) {
       manifest.learnTruth.warnings = [];
@@ -59,22 +72,56 @@ export async function scan(projectDir, url, manifestPath = null, runId = null) {
     manifest.learnTruth.warnings.push(...validation.warnings);
   }
   
+  // Use budget profile if no override provided
+  const scanBudget = scanBudgetOverride || createScanBudgetWithProfile();
+  
+  // PHASE 5: Generate deterministic runId and create run manifest
+  const { getBaseOrigin } = await import('./observe/domain-boundary.js');
+  const baseOrigin = getBaseOrigin(url);
+  const runId = generateRunId({
+    url,
+    safetyFlags,
+    baseOrigin,
+    scanBudget,
+    manifestPath
+  });
+  
+  // Create run manifest at start of execution
+  const runManifest = createRunManifest(projectDir, runId, {
+    url,
+    safetyFlags,
+    baseOrigin,
+    scanBudget,
+    manifestPath,
+    argv: process.argv
+  });
+  
   const usedManifestPath = manifestPath || manifest.manifestPath;
-  const observation = await observe(url, usedManifestPath, artifactPaths);
+  const observation = await observe(url, usedManifestPath, scanBudget, safetyFlags, projectDir, runId);
+
+  // Write a copy of the manifest into canonical run directory for replay integrity
+  try {
+    const { writeFileSync } = await import('fs');
+    const manifestCopyPath = getArtifactPath(projectDir, runId, 'manifest.json');
+    writeFileSync(manifestCopyPath, JSON.stringify(manifest, null, 2));
+  } catch {
+    // Ignore write errors
+  }
   
-  // For detect, we need tracesPath - use observation.tracesPath if available, otherwise use artifact paths
-  let tracesPathForDetect = observation.tracesPath;
-  if (artifactPaths && !tracesPathForDetect) {
-    tracesPathForDetect = artifactPaths.traces;
+  // Create silence tracker from observation silences
+  const silenceTracker = new SilenceTracker();
+  if (observation.silences && observation.silences.entries) {
+    silenceTracker.recordBatch(observation.silences.entries);
   }
   
-  const findings = await detect(usedManifestPath, tracesPathForDetect, validation, artifactPaths);
+  const findings = await detect(usedManifestPath, observation.tracesPath, validation, observation.expectationCoverageGaps || [], silenceTracker);
   
   const learnTruthWithValidation = {
     ...manifest.learnTruth,
     validation: validation
   };
   
+  const runDir = getRunArtifactDir(projectDir, runId);
   const scanSummary = writeScanSummary(
     projectDir,
     url,
@@ -85,13 +132,54 @@ export async function scan(projectDir, url, manifestPath = null, runId = null) {
     manifest.manifestPath,
     observation.tracesPath,
     findings.findingsPath,
-    artifactPaths
+    runDir,
+    findings.findings // PHASE 7: Pass findings array for decision snapshot
+  );
+  
+  // Compute observation summary from scan results (not a verdict)
+  // Pass observation object (which includes traces) to observation engine
+  const observeTruthWithTraces = {
+    ...observation.observeTruth,
+    traces: observation.traces || []
+  };
+  const observationSummary = computeObservationSummary(
+    findings.findings || [],
+    observeTruthWithTraces,
+    manifest.learnTruth,
+    findings.coverageGaps || [],
+    observation.observeTruth?.budgetExceeded,
+    findings.detectTruth, // Pass detectTruth for silence data
+    projectDir, // Pass projectDir for evidence validation
+    silenceTracker // Pass silenceTracker for evidence integrity tracking
+  );
+
+  // Write evidence index
+  const evidenceIndexPath = await writeEvidenceIndex(
+    projectDir,
+    observationSummary.evidenceIndex || [],
+    observation.tracesPath,
+    findings.findingsPath,
+    runDir
   );
+  observationSummary.evidenceIndexPath = evidenceIndexPath;
   
-  return { manifest, observation, findings, scanSummary, validation };
+  // PHASE 5: Compute artifact hashes and update run manifest
+  const artifactHashes = computeArtifactHashes(projectDir, runId);
+  updateRunManifestHashes(projectDir, runId, artifactHashes);
+
+  return { 
+    manifest, 
+    observation, 
+    findings, 
+    scanSummary, 
+    validation, 
+    coverageGaps: findings.coverageGaps || [],
+    observationSummary,
+    runId,
+    runManifest
+  };
 }
 
 export { learn } from './learn/index.js';
 export { observe } from './observe/index.js';
 export { detect } from './detect/index.js';
-

package/src/verax/intel/effect-detector.js

@@ -0,0 +1,368 @@
+/**
+ * CODE INTELLIGENCE v1 — Effect Detector
+ * 
+ * Detects DIRECT effects in handler function bodies:
+ * - Navigation: navigate(), router.push(), router.replace()
+ * - Network: fetch(), axios.get/post/put/delete(), XMLHttpRequest
+ * - Validation: preventDefault() + return false, throw, setError
+ * 
+ * String literals ONLY. No template literals in v1.
+ */
+
+import ts from 'typescript';
+import { getFunctionBody, getStringLiteral, findNodes, getNodeLocation } from './ts-program.js';
+import { normalizeTemplateLiteral } from '../shared/dynamic-route-utils.js';
+
+/**
+ * Detect effects in handler function.
+ * 
+ * @param {ts.Node} handlerNode - Function node
+ * @param {ts.SourceFile} sourceFile - Source file
+ * @param {string} projectRoot - Project root
+ * @param {string} eventType - Event type (onSubmit, onClick, etc.) - VALIDATION INTELLIGENCE v1
+ * @returns {Array} - Array of effect objects
+ */
+export function detectEffects(handlerNode, sourceFile, projectRoot, eventType = null) {
+  const effects = [];
+  const statements = getFunctionBody(handlerNode);
+  
+  if (!statements) {
+    // Arrow function with expression body
+    if (ts.isArrowFunction(handlerNode) && ts.isExpression(handlerNode.body)) {
+      const effect = analyzeExpression(handlerNode.body, sourceFile, projectRoot, eventType);
+      if (effect) effects.push(effect);
+    }
+    return effects;
+  }
+  
+  // Walk all statements and expressions
+  for (const statement of statements) {
+    findNodes(statement, node => {
+      const effect = analyzeNode(node, sourceFile, projectRoot, eventType);
+      if (effect) effects.push(effect);
+      return false; // Continue walking
+    });
+  }
+  
+  return effects;
+}
+
+/**
+ * Analyze node for effects.
+ * 
+ * @param {ts.Node} node - AST node
+ * @param {ts.SourceFile} sourceFile - Source file
+ * @param {string} projectRoot - Project root
+ * @param {string} eventType - Event type (onSubmit, onClick, etc.) - VALIDATION INTELLIGENCE v1
+ * @returns {Object|null} - Effect object or null
+ */
+function analyzeNode(node, sourceFile, projectRoot, eventType = null) {
+  // Call expressions
+  if (ts.isCallExpression(node)) {
+    return analyzeCallExpression(node, sourceFile, projectRoot, eventType);
+  }
+  
+  // VALIDATION INTELLIGENCE v1: Check for return false in submit context
+  if (ts.isReturnStatement(node) && eventType === 'onSubmit') {
+    const expression = node.expression;
+    if (expression && expression.kind === ts.SyntaxKind.FalseKeyword) {
+      const location = getNodeLocation(sourceFile, node, projectRoot);
+      return {
+        type: 'validation_block',
+        method: 'return_false',
+        target: null,
+        sourceRef: location.sourceRef,
+        file: location.file,
+        line: location.line
+      };
+    }
+  }
+  
+  return null;
+}
+
+/**
+ * Analyze expression for effects.
+ * 
+ * @param {ts.Expression} expr - Expression node
+ * @param {ts.SourceFile} sourceFile - Source file
+ * @param {string} projectRoot - Project root
+ * @param {string} eventType - Event type (onSubmit, onClick, etc.) - VALIDATION INTELLIGENCE v1
+ * @returns {Object|null} - Effect object or null
+ */
+function analyzeExpression(expr, sourceFile, projectRoot, eventType = null) {
+  if (ts.isCallExpression(expr)) {
+    return analyzeCallExpression(expr, sourceFile, projectRoot, eventType);
+  }
+  return null;
+}
+
+/**
+ * Analyze call expression for effects.
+ * 
+ * @param {ts.CallExpression} call - Call expression
+ * @param {ts.SourceFile} sourceFile - Source file
+ * @param {string} projectRoot - Project root
+ * @param {string} eventType - Event type (onSubmit, onClick, etc.) - VALIDATION INTELLIGENCE v1
+ * @returns {Object|null} - Effect object or null
+ */
+function analyzeCallExpression(call, sourceFile, projectRoot, eventType = null) {
+  const expr = call.expression;
+  
+  // Navigation: navigate("/path")
+  if (ts.isIdentifier(expr) && expr.text === 'navigate') {
+    const target = getFirstStringArg(call);
+    if (target) {
+      const location = getNodeLocation(sourceFile, call, projectRoot);
+      return {
+        type: 'navigation',
+        method: 'navigate',
+        target,
+        sourceRef: location.sourceRef,
+        file: location.file,
+        line: location.line
+      };
+    }
+  }
+  
+  // Router: router.push("/path")
+  if (ts.isPropertyAccessExpression(expr)) {
+    const obj = expr.expression;
+    const prop = expr.name;
+    
+    if (ts.isIdentifier(obj) && ts.isIdentifier(prop)) {
+      const objName = obj.text;
+      const propName = prop.text;
+      
+      // router.push/replace/navigate
+      if ((objName === 'router' || objName === 'history') && 
+          ['push', 'replace', 'navigate'].includes(propName)) {
+        const target = getFirstStringArg(call);
+        if (target) {
+          const location = getNodeLocation(sourceFile, call, projectRoot);
+          return {
+            type: 'navigation',
+            method: `${objName}.${propName}`,
+            target,
+            sourceRef: location.sourceRef,
+            file: location.file,
+            line: location.line
+          };
+        }
+      }
+      
+      // axios.get/post/put/delete("/api/...")
+      if (objName === 'axios' && ['get', 'post', 'put', 'delete', 'patch'].includes(propName)) {
+        const target = getFirstStringArg(call);
+        if (target) {
+          const location = getNodeLocation(sourceFile, call, projectRoot);
+          return {
+            type: 'network',
+            method: propName.toUpperCase(),
+            target,
+            sourceRef: location.sourceRef,
+            file: location.file,
+            line: location.line
+          };
+        }
+      }
+    }
+  }
+  
+  // fetch("/api/...")
+  if (ts.isIdentifier(expr) && expr.text === 'fetch') {
+    const target = getFirstStringArg(call);
+    if (target) {
+      // Check for method in options
+      let method = 'GET';
+      if (call.arguments.length > 1) {
+        const options = call.arguments[1];
+        if (ts.isObjectLiteralExpression(options)) {
+          for (const prop of options.properties) {
+            if (ts.isPropertyAssignment(prop)) {
+              const name = prop.name;
+              if (ts.isIdentifier(name) && name.text === 'method') {
+                const value = getStringLiteral(prop.initializer);
+                if (value) method = value.toUpperCase();
+              }
+            }
+          }
+        }
+      }
+      
+      const location = getNodeLocation(sourceFile, call, projectRoot);
+      return {
+        type: 'network',
+        method,
+        target,
+        sourceRef: location.sourceRef,
+        file: location.file,
+        line: location.line
+      };
+    }
+  }
+  
+  // preventDefault() - VALIDATION INTELLIGENCE v1: validation_block in onSubmit context
+  if (ts.isPropertyAccessExpression(expr)) {
+    const prop = expr.name;
+    if (ts.isIdentifier(prop) && prop.text === 'preventDefault') {
+      const location = getNodeLocation(sourceFile, call, projectRoot);
+      // If in onSubmit context, emit validation_block; otherwise legacy validation type
+      if (eventType === 'onSubmit') {
+        return {
+          type: 'validation_block',
+          method: 'preventDefault',
+          target: null,
+          sourceRef: location.sourceRef,
+          file: location.file,
+          line: location.line
+        };
+      } else {
+        return {
+          type: 'validation',
+          method: 'preventDefault',
+          target: null,
+          sourceRef: location.sourceRef,
+          file: location.file,
+          line: location.line
+        };
+      }
+    }
+
+    // xhr.open('POST', '/api/foo')
+    if (ts.isIdentifier(prop) && prop.text === 'open') {
+      const args = call.arguments;
+      if (args.length >= 2) {
+        const methodLiteral = getStringLiteral(args[0]);
+        const urlLiteral = getStringLiteral(args[1]);
+        if (methodLiteral && urlLiteral) {
+          const location = getNodeLocation(sourceFile, call, projectRoot);
+          return {
+            type: 'network',
+            method: methodLiteral.toUpperCase(),
+            target: urlLiteral,
+            sourceRef: location.sourceRef,
+            file: location.file,
+            line: location.line
+          };
+        }
+      }
+    }
+  }
+  
+  // STATE INTELLIGENCE: Redux dispatch(action())
+  if (ts.isIdentifier(expr) && expr.text === 'dispatch') {
+    const firstArg = call.arguments[0];
+    if (firstArg && ts.isCallExpression(firstArg)) {
+      // dispatch(increment()) - action creator call
+      let actionName = null;
+      
+      // Simple action creator: increment()
+      if (ts.isIdentifier(firstArg.expression)) {
+        actionName = firstArg.expression.text;
+      }
+      // Slice action: counterSlice.actions.increment()
+      else if (ts.isPropertyAccessExpression(firstArg.expression)) {
+        const prop = firstArg.expression.name;
+        if (ts.isIdentifier(prop)) {
+          actionName = prop.text;
+        }
+      }
+      
+      if (actionName) {
+        const location = getNodeLocation(sourceFile, call, projectRoot);
+        return {
+          type: 'state',
+          method: 'dispatch',
+          target: actionName,
+          storeType: 'redux',
+          sourceRef: location.sourceRef,
+          file: location.file,
+          line: location.line
+        };
+      }
+    }
+  }
+  
+  // STATE INTELLIGENCE: Zustand set((state) => ({ key: value }))
+  if (ts.isIdentifier(expr) && expr.text === 'set') {
+    const firstArg = call.arguments[0];
+    if (firstArg && ts.isArrowFunction(firstArg)) {
+      // Extract keys from object literal in return
+      const body = firstArg.body;
+      if (ts.isObjectLiteralExpression(body)) {
+        const keys = [];
+        for (const prop of body.properties) {
+          if (ts.isPropertyAssignment(prop) && ts.isIdentifier(prop.name)) {
+            keys.push(prop.name.text);
+          }
+        }
+        
+        if (keys.length > 0) {
+          const location = getNodeLocation(sourceFile, call, projectRoot);
+          return {
+            type: 'state',
+            method: 'set',
+            target: keys.join(','), // Multiple keys possible
+            storeType: 'zustand',
+            sourceRef: location.sourceRef,
+            file: location.file,
+            line: location.line
+          };
+        }
+      }
+    }
+  }
+  
+  return null;
+}
+
+/**
+ * Get first string argument from call expression.
+ * 
+ * @param {ts.CallExpression} call - Call expression
+ * @returns {string|null} - String value or null
+ */
+function getFirstStringArg(call) {
+  if (call.arguments.length === 0) return null;
+  const firstArg = call.arguments[0];
+  
+  // Try string literal first
+  const stringLiteral = getStringLiteral(firstArg);
+  if (stringLiteral) return stringLiteral;
+  
+  // Try template literal (static only - no interpolations)
+  if (ts.isTemplateExpression(firstArg)) {
+    // Check if it's a static template (no expressions)
+    if (firstArg.templateSpans && firstArg.templateSpans.length === 0) {
+      // Pure template literal without ${} - treat as static
+      const text = firstArg.head?.text || '';
+      return text;
+    }
+    
+    // Template with expressions - extract pattern for normalization
+    let templateText = firstArg.head?.text || '';
+    for (const span of firstArg.templateSpans) {
+      // Check if expression is a simple identifier we can replace
+      const expr = span.expression;
+      if (ts.isIdentifier(expr)) {
+        templateText += '${' + expr.text + '}';
+      } else {
+        // Complex expression - cannot normalize safely
+        return null;
+      }
+      templateText += span.literal?.text || '';
+    }
+    
+    // Normalize template literal to example path
+    const normalized = normalizeTemplateLiteral(templateText);
+    return normalized ? normalized.examplePath : null;
+  }
+  
+  // Try NoSubstitutionTemplateLiteral (template literal without expressions)
+  if (ts.isNoSubstitutionTemplateLiteral(firstArg)) {
+    return firstArg.text;
+  }
+  
+  return null;
+}