npm - @veraxhq/verax - Versions diffs - 0.2.0 → 0.3.0 - Mend

@veraxhq/verax 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md +14 -18
package/bin/verax.js +7 -0
package/package.json +15 -5
package/src/cli/commands/baseline.js +104 -0
package/src/cli/commands/default.js +323 -111
package/src/cli/commands/doctor.js +36 -4
package/src/cli/commands/ga.js +243 -0
package/src/cli/commands/gates.js +95 -0
package/src/cli/commands/inspect.js +131 -2
package/src/cli/commands/release-check.js +213 -0
package/src/cli/commands/run.js +498 -103
package/src/cli/commands/security-check.js +211 -0
package/src/cli/commands/truth.js +114 -0
package/src/cli/entry.js +305 -68
package/src/cli/util/angular-component-extractor.js +179 -0
package/src/cli/util/angular-navigation-detector.js +141 -0
package/src/cli/util/angular-network-detector.js +161 -0
package/src/cli/util/angular-state-detector.js +162 -0
package/src/cli/util/ast-interactive-detector.js +546 -0
package/src/cli/util/ast-network-detector.js +603 -0
package/src/cli/util/ast-usestate-detector.js +602 -0
package/src/cli/util/bootstrap-guard.js +86 -0
package/src/cli/util/detection-engine.js +4 -3
package/src/cli/util/determinism-runner.js +123 -0
package/src/cli/util/determinism-writer.js +129 -0
package/src/cli/util/env-url.js +4 -0
package/src/cli/util/events.js +76 -0
package/src/cli/util/expectation-extractor.js +380 -74
package/src/cli/util/findings-writer.js +126 -15
package/src/cli/util/learn-writer.js +3 -1
package/src/cli/util/observation-engine.js +69 -23
package/src/cli/util/observe-writer.js +3 -1
package/src/cli/util/paths.js +6 -14
package/src/cli/util/project-discovery.js +23 -0
package/src/cli/util/project-writer.js +3 -1
package/src/cli/util/redact.js +2 -2
package/src/cli/util/run-resolver.js +64 -0
package/src/cli/util/runtime-budget.js +147 -0
package/src/cli/util/source-requirement.js +55 -0
package/src/cli/util/summary-writer.js +13 -1
package/src/cli/util/svelte-navigation-detector.js +163 -0
package/src/cli/util/svelte-network-detector.js +80 -0
package/src/cli/util/svelte-sfc-extractor.js +147 -0
package/src/cli/util/svelte-state-detector.js +243 -0
package/src/cli/util/vue-navigation-detector.js +177 -0
package/src/cli/util/vue-sfc-extractor.js +162 -0
package/src/cli/util/vue-state-detector.js +215 -0
package/src/types/global.d.ts +28 -0
package/src/types/ts-ast.d.ts +24 -0
package/src/verax/cli/doctor.js +2 -2
package/src/verax/cli/finding-explainer.js +56 -3
package/src/verax/cli/init.js +1 -1
package/src/verax/cli/url-safety.js +12 -2
package/src/verax/cli/wizard.js +13 -2
package/src/verax/core/artifacts/registry.js +154 -0
package/src/verax/core/artifacts/verifier.js +980 -0
package/src/verax/core/baseline/baseline.enforcer.js +137 -0
package/src/verax/core/baseline/baseline.snapshot.js +231 -0
package/src/verax/core/budget-engine.js +1 -1
package/src/verax/core/capabilities/gates.js +499 -0
package/src/verax/core/capabilities/registry.js +475 -0
package/src/verax/core/confidence/confidence-compute.js +137 -0
package/src/verax/core/confidence/confidence-invariants.js +234 -0
package/src/verax/core/confidence/confidence-report-writer.js +112 -0
package/src/verax/core/confidence/confidence-weights.js +44 -0
package/src/verax/core/confidence/confidence.defaults.js +65 -0
package/src/verax/core/confidence/confidence.loader.js +79 -0
package/src/verax/core/confidence/confidence.schema.js +94 -0
package/src/verax/core/confidence-engine-refactor.js +484 -0
package/src/verax/core/confidence-engine.js +486 -0
package/src/verax/core/confidence-engine.js.backup +471 -0
package/src/verax/core/contracts/index.js +29 -0
package/src/verax/core/contracts/types.js +185 -0
package/src/verax/core/contracts/validators.js +381 -0
package/src/verax/core/decision-snapshot.js +31 -4
package/src/verax/core/decisions/decision.trace.js +276 -0
package/src/verax/core/determinism/contract-writer.js +89 -0
package/src/verax/core/determinism/contract.js +139 -0
package/src/verax/core/determinism/diff.js +364 -0
package/src/verax/core/determinism/engine.js +221 -0
package/src/verax/core/determinism/finding-identity.js +148 -0
package/src/verax/core/determinism/normalize.js +438 -0
package/src/verax/core/determinism/report-writer.js +92 -0
package/src/verax/core/determinism/run-fingerprint.js +118 -0
package/src/verax/core/determinism-model.js +35 -6
package/src/verax/core/dynamic-route-intelligence.js +528 -0
package/src/verax/core/evidence/evidence-capture-service.js +307 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +165 -0
package/src/verax/core/evidence-builder.js +487 -0
package/src/verax/core/execution-mode-context.js +77 -0
package/src/verax/core/execution-mode-detector.js +190 -0
package/src/verax/core/failures/exit-codes.js +86 -0
package/src/verax/core/failures/failure-summary.js +76 -0
package/src/verax/core/failures/failure.factory.js +225 -0
package/src/verax/core/failures/failure.ledger.js +132 -0
package/src/verax/core/failures/failure.types.js +196 -0
package/src/verax/core/failures/index.js +10 -0
package/src/verax/core/ga/ga-report-writer.js +43 -0
package/src/verax/core/ga/ga.artifact.js +49 -0
package/src/verax/core/ga/ga.contract.js +434 -0
package/src/verax/core/ga/ga.enforcer.js +86 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
package/src/verax/core/guardrails/policy.defaults.js +210 -0
package/src/verax/core/guardrails/policy.loader.js +83 -0
package/src/verax/core/guardrails/policy.schema.js +110 -0
package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
package/src/verax/core/guardrails-engine.js +505 -0
package/src/verax/core/incremental-store.js +15 -7
package/src/verax/core/observe/run-timeline.js +316 -0
package/src/verax/core/perf/perf.contract.js +186 -0
package/src/verax/core/perf/perf.display.js +65 -0
package/src/verax/core/perf/perf.enforcer.js +91 -0
package/src/verax/core/perf/perf.monitor.js +209 -0
package/src/verax/core/perf/perf.report.js +198 -0
package/src/verax/core/pipeline-tracker.js +238 -0
package/src/verax/core/product-definition.js +127 -0
package/src/verax/core/release/provenance.builder.js +271 -0
package/src/verax/core/release/release-report-writer.js +40 -0
package/src/verax/core/release/release.enforcer.js +159 -0
package/src/verax/core/release/reproducibility.check.js +221 -0
package/src/verax/core/release/sbom.builder.js +283 -0
package/src/verax/core/replay-validator.js +4 -4
package/src/verax/core/replay.js +1 -1
package/src/verax/core/report/cross-index.js +192 -0
package/src/verax/core/report/human-summary.js +222 -0
package/src/verax/core/route-intelligence.js +419 -0
package/src/verax/core/security/secrets.scan.js +326 -0
package/src/verax/core/security/security-report.js +50 -0
package/src/verax/core/security/security.enforcer.js +124 -0
package/src/verax/core/security/supplychain.defaults.json +38 -0
package/src/verax/core/security/supplychain.policy.js +326 -0
package/src/verax/core/security/vuln.scan.js +265 -0
package/src/verax/core/silence-impact.js +1 -1
package/src/verax/core/silence-model.js +9 -7
package/src/verax/core/truth/truth.certificate.js +250 -0
package/src/verax/core/ui-feedback-intelligence.js +515 -0
package/src/verax/detect/comparison.js +8 -3
package/src/verax/detect/confidence-engine.js +645 -57
package/src/verax/detect/confidence-helper.js +33 -0
package/src/verax/detect/detection-engine.js +19 -2
package/src/verax/detect/dynamic-route-findings.js +335 -0
package/src/verax/detect/evidence-index.js +15 -65
package/src/verax/detect/expectation-chain-detector.js +417 -0
package/src/verax/detect/expectation-model.js +56 -3
package/src/verax/detect/explanation-helpers.js +1 -1
package/src/verax/detect/finding-detector.js +2 -2
package/src/verax/detect/findings-writer.js +149 -20
package/src/verax/detect/flow-detector.js +4 -4
package/src/verax/detect/index.js +265 -15
package/src/verax/detect/interactive-findings.js +3 -4
package/src/verax/detect/journey-stall-detector.js +558 -0
package/src/verax/detect/route-findings.js +218 -0
package/src/verax/detect/signal-mapper.js +2 -2
package/src/verax/detect/skip-classifier.js +4 -4
package/src/verax/detect/ui-feedback-findings.js +207 -0
package/src/verax/detect/verdict-engine.js +61 -9
package/src/verax/detect/view-switch-correlator.js +242 -0
package/src/verax/flow/flow-engine.js +3 -2
package/src/verax/flow/flow-spec.js +1 -2
package/src/verax/index.js +413 -33
package/src/verax/intel/effect-detector.js +1 -1
package/src/verax/intel/index.js +2 -2
package/src/verax/intel/route-extractor.js +3 -3
package/src/verax/intel/vue-navigation-extractor.js +81 -18
package/src/verax/intel/vue-router-extractor.js +4 -2
package/src/verax/learn/action-contract-extractor.js +684 -66
package/src/verax/learn/ast-contract-extractor.js +53 -1
package/src/verax/learn/index.js +36 -2
package/src/verax/learn/manifest-writer.js +28 -14
package/src/verax/learn/route-extractor.js +1 -1
package/src/verax/learn/route-validator.js +12 -8
package/src/verax/learn/state-extractor.js +1 -1
package/src/verax/learn/static-extractor-navigation.js +1 -1
package/src/verax/learn/static-extractor-validation.js +2 -2
package/src/verax/learn/static-extractor.js +8 -7
package/src/verax/learn/ts-contract-resolver.js +14 -12
package/src/verax/observe/browser.js +22 -3
package/src/verax/observe/console-sensor.js +2 -2
package/src/verax/observe/expectation-executor.js +2 -1
package/src/verax/observe/focus-sensor.js +1 -1
package/src/verax/observe/human-driver.js +29 -10
package/src/verax/observe/index.js +92 -844
package/src/verax/observe/interaction-discovery.js +27 -15
package/src/verax/observe/interaction-runner.js +31 -14
package/src/verax/observe/loading-sensor.js +6 -0
package/src/verax/observe/navigation-sensor.js +1 -1
package/src/verax/observe/observe-context.js +205 -0
package/src/verax/observe/observe-helpers.js +191 -0
package/src/verax/observe/observe-runner.js +226 -0
package/src/verax/observe/observers/budget-observer.js +185 -0
package/src/verax/observe/observers/console-observer.js +102 -0
package/src/verax/observe/observers/coverage-observer.js +107 -0
package/src/verax/observe/observers/interaction-observer.js +471 -0
package/src/verax/observe/observers/navigation-observer.js +132 -0
package/src/verax/observe/observers/network-observer.js +87 -0
package/src/verax/observe/observers/safety-observer.js +82 -0
package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
package/src/verax/observe/settle.js +1 -0
package/src/verax/observe/state-sensor.js +8 -4
package/src/verax/observe/state-ui-sensor.js +7 -1
package/src/verax/observe/traces-writer.js +27 -16
package/src/verax/observe/ui-feedback-detector.js +742 -0
package/src/verax/observe/ui-signal-sensor.js +155 -2
package/src/verax/scan-summary-writer.js +46 -9
package/src/verax/shared/artifact-manager.js +9 -6
package/src/verax/shared/budget-profiles.js +2 -2
package/src/verax/shared/caching.js +1 -1
package/src/verax/shared/config-loader.js +1 -2
package/src/verax/shared/css-spinner-rules.js +204 -0
package/src/verax/shared/dynamic-route-utils.js +12 -6
package/src/verax/shared/retry-policy.js +1 -6
package/src/verax/shared/root-artifacts.js +1 -1
package/src/verax/shared/view-switch-rules.js +208 -0
package/src/verax/shared/zip-artifacts.js +1 -0
package/src/verax/validate/context-validator.js +1 -1
package/src/verax/observe/index.js.backup +0 -1
package/src/verax/validate/context-validator.js.bak +0 -0

package/src/cli/commands/default.js CHANGED Viewed

@@ -3,7 +3,8 @@ import { existsSync, readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { dirname } from 'path';
 import inquirer from 'inquirer';
-import { UsageError, DataError, CrashError } from '../util/errors.js';
+import { assertExecutionBootstrapAllowed } from '../util/bootstrap-guard.js';
+import { DataError } from '../util/errors.js';
 import { generateRunId } from '../util/run-id.js';
 import { getRunPaths, ensureRunDirectories } from '../util/paths.js';
 import { atomicWriteJson, atomicWriteText } from '../util/atomic-write.js';
@@ -18,6 +19,8 @@ import { writeObserveJson } from '../util/observe-writer.js';
 import { detectFindings } from '../util/detection-engine.js';
 import { writeFindingsJson } from '../util/findings-writer.js';
 import { writeSummaryJson } from '../util/summary-writer.js';
+import { computeRuntimeBudget, withTimeout } from '../util/runtime-budget.js';
+import { assertHasLocalSource } from '../util/source-requirement.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -28,7 +31,7 @@ function getVersion() {
     const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
     return pkg.version;
   } catch {
-    return '0.2.0';
+    return '0.3.0';
   }
 }
@@ -43,6 +46,8 @@ export async function defaultCommand(options = {}) {
     url = null,
     json = false,
     verbose = false,
+    determinism = false,
+    determinismRuns = 2,
   } = options;
   const projectRoot = resolve(process.cwd());
@@ -52,6 +57,9 @@ export async function defaultCommand(options = {}) {
   if (!existsSync(srcPath)) {
     throw new DataError(`Source directory not found: ${srcPath}`);
   }
+  // Enforce local source availability (no URL-only scans)
+  assertHasLocalSource(srcPath);
   // Create event emitter
   const events = new RunEventEmitter();
@@ -72,6 +80,83 @@ export async function defaultCommand(options = {}) {
     });
   }
+  let runId = null;
+    /** @type {ReturnType<typeof getRunPaths> | null} */
+    let paths = null;
+  let startedAt = null;
+  let watchdogTimer = null;
+  let budget = null;
+  let timedOut = false;
+  // Graceful finalization function
+  const finalizeOnTimeout = async (reason) => {
+    if (timedOut) return; // Prevent double finalization
+    timedOut = true;
+    events.stopHeartbeat();
+    // TypeScript narrowing: paths is guaranteed to be non-null here due to control flow
+    if (paths && runId && startedAt) {
+      try {
+        const failedAt = new Date().toISOString();
+        atomicWriteJson(paths.runStatusJson, {
+          contractVersion: 1,
+          artifactVersions: paths.artifactVersions,
+          status: 'FAILED',
+          runId,
+          startedAt,
+          failedAt,
+          error: reason,
+        });
+        atomicWriteJson(paths.runMetaJson, {
+          contractVersion: 1,
+          artifactVersions: paths.artifactVersions,
+          veraxVersion: getVersion(),
+          nodeVersion: process.version,
+          platform: process.platform,
+          cwd: projectRoot,
+          command: 'default',
+          args: { url: url || null, src },
+          url: url || null,
+          src: srcPath,
+          startedAt,
+          completedAt: failedAt,
+          error: reason,
+        });
+        try {
+          writeSummaryJson(paths.summaryJson, {
+            runId,
+            status: 'FAILED',
+            startedAt,
+            completedAt: failedAt,
+            command: 'default',
+            url: url || null,
+            notes: `Run timed out: ${reason}`,
+          }, {
+            expectationsTotal: 0,
+            attempted: 0,
+            observed: 0,
+            silentFailures: 0,
+            coverageGaps: 0,
+            unproven: 0,
+            informational: 0,
+          });
+        } catch (summaryError) {
+          // Ignore summary write errors during timeout handling
+        }
+      } catch (statusError) {
+        // Ignore errors when writing failure status
+      }
+    }
+    events.emit('error', {
+      message: reason,
+      type: 'timeout',
+    });
+  };
   try {
     events.emit('phase:started', {
       phase: 'Detect Project',
@@ -155,6 +240,9 @@ export async function defaultCommand(options = {}) {
         console.log(''); // blank line
       }
+      // PHASE 21.6.1: Runtime guard - crash if called during inspection
+      assertExecutionBootstrapAllowed('inquirer.prompt');
       const answer = await inquirer.prompt([
         {
           type: 'input',
@@ -201,12 +289,16 @@ export async function defaultCommand(options = {}) {
     let startedAt = now.toISOString();
     atomicWriteJson(paths.runStatusJson, {
+      contractVersion: 1,
+      artifactVersions: paths.artifactVersions,
       status: 'RUNNING',
       runId,
       startedAt,
     });
     atomicWriteJson(paths.runMetaJson, {
+      contractVersion: 1,
+      artifactVersions: paths.artifactVersions,
       veraxVersion: getVersion(),
       nodeVersion: process.version,
       platform: process.platform,
@@ -231,8 +323,17 @@ export async function defaultCommand(options = {}) {
       message: 'Analyzing project structure...',
     });
-    // Extract expectations
-    const { expectations, skipped } = await extractExpectations(projectProfile, projectProfile.sourceRoot);
+    events.startHeartbeat('Learn', json);
+    let expectations, skipped;
+    try {
+      // Extract expectations
+      const result = await extractExpectations(projectProfile, projectProfile.sourceRoot);
+      expectations = result.expectations;
+      skipped = result.skipped;
+    } finally {
+      events.stopHeartbeat();
+    }
     if (!json) {
       console.log(`Found ${expectations.length} expectations`);
@@ -256,55 +357,109 @@ export async function defaultCommand(options = {}) {
       });
     }
+    // Compute runtime budget based on expectations count
+    budget = computeRuntimeBudget({
+      expectationsCount: expectations.length,
+      mode: 'default',
+      framework: projectProfile.framework,
+      fileCount: projectProfile.fileCount || expectations.length,
+    });
+    // Set up global watchdog timer
+    watchdogTimer = setTimeout(async () => {
+      await finalizeOnTimeout(`Global timeout exceeded: ${budget.totalMaxMs}ms`);
+      // Exit with code 0 (tool executed, just timed out)
+      process.exit(0);
+    }, budget.totalMaxMs);
+    // Wrap Learn phase with timeout
+    try {
+      await withTimeout(
+        budget.learnMaxMs,
+        Promise.resolve(), // Learn phase already completed
+        'Learn'
+      );
+    } catch (error) {
+      if (error.message.includes('timeout')) {
+        await finalizeOnTimeout(`Learn phase timeout: ${budget.learnMaxMs}ms`);
+        process.exit(0);
+      }
+      throw error;
+    }
     events.emit('phase:completed', {
       phase: 'Learn',
       message: 'Project analysis complete',
     });
-    // Observe phase
+    // Observe phase with timeout
     events.emit('phase:started', {
       phase: 'Observe',
       message: 'Launching browser and observing expectations...',
     });
+    events.startHeartbeat('Observe', json);
     let observeData = null;
-    if (expectations.length > 0) {
-      try {
-        observeData = await observeExpectations(
-          expectations,
-          resolvedUrl,
-          paths.evidenceDir,
-          (progress) => {
-            events.emit(progress.event, progress);
-            if (!json && progress.event === 'observe:result') {
-              const status = progress.observed ? '✓' : '✗';
-              console.log(`  ${status} ${progress.index}/${expectations.length}`);
+    try {
+      if (expectations.length > 0) {
+        try {
+          observeData = await withTimeout(
+            budget.observeMaxMs,
+            observeExpectations(
+              expectations,
+              resolvedUrl,
+              paths.evidenceDir,
+              (progress) => {
+                events.emit(progress.event, progress);
+                if (!json && progress.event === 'observe:result') {
+                  const status = progress.observed ? '✓' : '✗';
+                  console.log(`  ${status} ${progress.index}/${expectations.length}`);
+                }
+              }
+            ),
+            'Observe'
+          );
+          if (!json) {
+            console.log(`Observed: ${observeData.stats.observed}/${expectations.length}`);
+          }
+        } catch (error) {
+          if (error.message.includes('timeout')) {
+            if (!json) {
+              console.error(`Observe error: timeout after ${budget.observeMaxMs}ms`);
             }
+            events.emit('observe:error', {
+              message: `Observe phase timeout: ${budget.observeMaxMs}ms`,
+            });
+            observeData = {
+              observations: [],
+              stats: { attempted: 0, observed: 0, notObserved: 0 },
+              observedAt: new Date().toISOString(),
+            };
+          } else {
+            if (!json) {
+              console.error(`Observe error: ${error.message}`);
+            }
+            events.emit('observe:error', {
+              message: error.message,
+            });
+            observeData = {
+              observations: [],
+              stats: { attempted: 0, observed: 0, notObserved: 0 },
+              observedAt: new Date().toISOString(),
+            };
           }
-        );
-        if (!json) {
-          console.log(`Observed: ${observeData.stats.observed}/${expectations.length}`);
-        }
-      } catch (error) {
-        if (!json) {
-          console.error(`Observe error: ${error.message}`);
         }
-        events.emit('observe:error', {
-          message: error.message,
-        });
+      } else {
         observeData = {
           observations: [],
           stats: { attempted: 0, observed: 0, notObserved: 0 },
           observedAt: new Date().toISOString(),
         };
       }
-    } else {
-      observeData = {
-        observations: [],
-        stats: { attempted: 0, observed: 0, notObserved: 0 },
-        observedAt: new Date().toISOString(),
-      };
+    } finally {
+      events.stopHeartbeat();
     }
     events.emit('phase:completed', {
@@ -312,47 +467,71 @@ export async function defaultCommand(options = {}) {
       message: 'Browser observation complete',
     });
-      // Detect phase
+      // Detect phase with timeout
       events.emit('phase:started', {
         phase: 'Detect',
         message: 'Analyzing findings and detecting silent failures...',
       });
+      events.startHeartbeat('Detect', json);
       // Load learn and observe data for detection
       let learnData = { expectations: [] };
       let detectData = null;
       try {
-        learnData = {
-          expectations,
-          skipped,
-        };
-        detectData = await detectFindings(learnData, observeData, projectRoot, (progress) => {
-          events.emit(progress.event, progress);
-          if (!json && progress.event === 'detect:classified') {
-            const symbol = progress.classification === 'silent-failure' ? '✗' :
-                          progress.classification === 'observed' ? '✓' :
-                          progress.classification === 'coverage-gap' ? '⊘' : '⚠';
-            console.log(`  ${symbol} ${progress.index}/${learnData.expectations.length}`);
+        try {
+          learnData = {
+            expectations,
+            skipped,
+          };
+          detectData = await withTimeout(
+            budget.detectMaxMs,
+            detectFindings(learnData, observeData, projectRoot, (progress) => {
+              events.emit(progress.event, progress);
+              if (!json && progress.event === 'detect:classified') {
+                const symbol = progress.classification === 'silent-failure' ? '✗' :
+                              progress.classification === 'observed' ? '✓' :
+                              progress.classification === 'coverage-gap' ? '⊘' : '⚠';
+                console.log(`  ${symbol} ${progress.index}/${learnData.expectations.length}`);
+              }
+            }),
+            'Detect'
+          );
+          if (!json && detectData.stats.silentFailures > 0) {
+            console.log(`Silent failures detected: ${detectData.stats.silentFailures}`);
+          }
+        } catch (error) {
+          if (error.message.includes('timeout')) {
+            if (!json) {
+              console.error(`Detect error: timeout after ${budget.detectMaxMs}ms`);
+            }
+            events.emit('detect:error', {
+              message: `Detect phase timeout: ${budget.detectMaxMs}ms`,
+            });
+            detectData = {
+              findings: [],
+              stats: { total: 0, silentFailures: 0, observed: 0, coverageGaps: 0, unproven: 0, informational: 0 },
+              detectedAt: new Date().toISOString(),
+            };
+          } else {
+            if (!json) {
+              console.error(`Detect error: ${error.message}`);
+            }
+            events.emit('detect:error', {
+              message: error.message,
+            });
+            detectData = {
+              findings: [],
+              stats: { total: 0, silentFailures: 0, observed: 0, coverageGaps: 0, unproven: 0, informational: 0 },
+              detectedAt: new Date().toISOString(),
+            };
           }
-        });
-        if (!json && detectData.stats.silentFailures > 0) {
-          console.log(`Silent failures detected: ${detectData.stats.silentFailures}`);
-        }
-      } catch (error) {
-        if (!json) {
-          console.error(`Detect error: ${error.message}`);
         }
-        events.emit('detect:error', {
-          message: error.message,
-        });
-        detectData = {
-          findings: [],
-          stats: { total: 0, silentFailures: 0, observed: 0, coverageGaps: 0, unproven: 0, informational: 0 },
-          detectedAt: new Date().toISOString(),
-        };
+      } finally {
+        events.stopHeartbeat();
       }
       events.emit('phase:completed', {
@@ -360,35 +539,25 @@ export async function defaultCommand(options = {}) {
         message: 'Silent failure detection complete',
       });
+    // Clear watchdog timer on successful completion
+    if (watchdogTimer) {
+      clearTimeout(watchdogTimer);
+      watchdogTimer = null;
+    }
     // Finalize Artifacts
     events.emit('phase:started', {
       phase: 'Finalize Artifacts',
       message: 'Writing run results...',
     });
-    const completedAt = new Date().toISOString();
-    atomicWriteJson(paths.runStatusJson, {
-      status: 'COMPLETE',
-      runId,
-      startedAt,
-      completedAt,
-    });
+    events.stopHeartbeat();
-    atomicWriteJson(paths.runMetaJson, {
-      veraxVersion: getVersion(),
-      nodeVersion: process.version,
-      platform: process.platform,
-      cwd: projectRoot,
-      command: 'default',
-      args: { url: resolvedUrl, src },
-      url: resolvedUrl,
-      src: srcPath,
-      startedAt,
-      completedAt,
-      error: null,
-    });
+    const completedAt = new Date().toISOString();
+    // Write detect results (or empty if detection failed)
+    const findingsResult = writeFindingsJson(paths.baseDir, detectData);
     // Write summary with stable digest
     writeSummaryJson(paths.summaryJson, {
       runId,
@@ -408,33 +577,11 @@ export async function defaultCommand(options = {}) {
       informational: detectData.stats?.informational || 0,
     });
-    // Write detect results (or empty if detection failed)
-    writeFindingsJson(paths.baseDir, detectData);
-    const traces = [
-      {
-        type: 'phase:started',
-        timestamp: startedAt,
-        phase: 'Detect Project',
-      },
-      {
-        type: 'phase:completed',
-        timestamp: new Date().toISOString(),
-        phase: 'Detect Project',
-      },
-      {
-        type: 'phase:started',
-        timestamp: new Date().toISOString(),
-        phase: 'Learn',
-      },
-      {
-        type: 'phase:completed',
-        timestamp: completedAt,
-        phase: 'Learn',
-      },
-    ];
-    const tracesContent = traces.map(t => JSON.stringify(t)).join('\n') + '\n';
+    // Write traces (include all events including heartbeats)
+    const allEvents = events.getEvents();
+    const tracesContent = allEvents
+      .map(e => JSON.stringify(e))
+      .join('\n') + '\n';
     atomicWriteText(paths.tracesJsonl, tracesContent);
     // Write project profile
@@ -445,6 +592,53 @@ export async function defaultCommand(options = {}) {
     // Write observe results
     writeObserveJson(paths.baseDir, observeData);
+    // PHASE 6: Verify artifacts after all writers finish
+    const { verifyRun } = await import('../../verax/core/artifacts/verifier.js');
+    const verification = verifyRun(paths.baseDir, paths.artifactVersions);
+    // Determine final status based on verification
+    let finalStatus = 'COMPLETE';
+    if (!verification.ok) {
+      finalStatus = 'INVALID';
+    } else if (verification.warnings.length > 0) {
+      finalStatus = 'VALID_WITH_WARNINGS';
+    }
+    // Write completed status with contract + enforcement snapshot + verification
+    atomicWriteJson(paths.runStatusJson, {
+      contractVersion: 1,
+      artifactVersions: paths.artifactVersions,
+      status: finalStatus,
+      runId,
+      startedAt,
+      completedAt,
+      enforcement: findingsResult?.payload?.enforcement || null,
+      verification: {
+        ok: verification.ok,
+        status: finalStatus,
+        errorsCount: verification.errors.length,
+        warningsCount: verification.warnings.length,
+        verifiedAt: verification.verifiedAt
+      }
+    });
+    // Update metadata with completion time
+    atomicWriteJson(paths.runMetaJson, {
+      contractVersion: 1,
+      artifactVersions: paths.artifactVersions,
+      veraxVersion: getVersion(),
+      nodeVersion: process.version,
+      platform: process.platform,
+      cwd: projectRoot,
+      command: 'default',
+      args: { url: resolvedUrl, src },
+      url: resolvedUrl,
+      src: srcPath,
+      startedAt,
+      completedAt,
+      error: null,
+    });
     events.emit('phase:completed', {
       phase: 'Finalize Artifacts',
@@ -456,15 +650,31 @@ export async function defaultCommand(options = {}) {
       console.log('\nRun complete.');
       console.log(`Run ID: ${runId}`);
       console.log(`Artifacts: ${paths.baseDir}`);
+      // PHASE 6: Display verification results
+      const { formatVerificationOutput } = await import('../../verax/core/artifacts/verifier.js');
+      const verificationOutput = formatVerificationOutput(verification, verbose);
+      console.log('');
+      console.log(verificationOutput);
     }
     return { runId, paths, url: resolvedUrl, success: true };
   } catch (error) {
+    // Clear watchdog timer on error
+    if (watchdogTimer) {
+      clearTimeout(watchdogTimer);
+      watchdogTimer = null;
+    }
+    events.stopHeartbeat();
     // Mark run as FAILED if we have paths
-    if (paths && runId && startedAt) {
+    if (paths && runId && startedAt && typeof paths === 'object') {
       try {
         const failedAt = new Date().toISOString();
         atomicWriteJson(paths.runStatusJson, {
+          contractVersion: 1,
+          artifactVersions: paths.artifactVersions,
           status: 'FAILED',
           runId,
           startedAt,
@@ -474,6 +684,8 @@ export async function defaultCommand(options = {}) {
         // Update metadata
         atomicWriteJson(paths.runMetaJson, {
+          contractVersion: 1,
+          artifactVersions: paths.artifactVersions,
           veraxVersion: getVersion(),
           nodeVersion: process.version,
           platform: process.platform,

package/src/cli/commands/doctor.js CHANGED Viewed

@@ -92,11 +92,26 @@ export async function doctorCommand(options = {}) {
   // 4) Headless launch smoke test
   if (playwright && playwright.chromium && chromiumPath && existsSync(chromiumPath)) {
+    /** @type {any} */
+    let browser = null;
     try {
-      const browser = await playwright.chromium.launch({ headless: true });
-      const page = await browser.newPage();
-      await page.goto('about:blank');
-      await browser.close();
+      // Configurable timeout via env (default 5000ms, CI can override to 3000ms)
+      const smokeTimeoutMs = parseInt(process.env.VERAX_DOCTOR_SMOKE_TIMEOUT_MS || '5000', 10);
+      // Wrap entire smoke test in hard timeout
+      const smokeTestPromise = (async () => {
+        browser = await playwright.chromium.launch({ headless: true, timeout: smokeTimeoutMs });
+        const page = await browser.newPage();
+        await page.goto('about:blank', { timeout: smokeTimeoutMs });
+        return true;
+      })();
+      // Race against timeout
+      const timeoutPromise = new Promise((_, reject) => {
+        setTimeout(() => reject(new Error('Smoke test timed out')), smokeTimeoutMs);
+      });
+      await Promise.race([smokeTestPromise, timeoutPromise]);
       addCheck('Headless smoke test', 'pass', 'Chromium launched headless and closed successfully');
     } catch (error) {
       addCheck(
@@ -107,6 +122,23 @@ export async function doctorCommand(options = {}) {
           ? 'Try: npx playwright install --with-deps chromium && launch with --no-sandbox in constrained environments'
           : 'Reinstall playwright: npx playwright install --with-deps chromium'
       );
+    } finally {
+      // CRITICAL: Always close browser to prevent hanging processes
+      // Bound close operation too (max 2s)
+      if (browser) {
+        try {
+          const closePromise = browser.close();
+          const closeTimeout = new Promise((resolve) => setTimeout(resolve, 2000));
+          await Promise.race([closePromise, closeTimeout]);
+        } catch (closeError) {
+          // Ignore close errors - force kill if needed
+          try {
+            await browser.close();
+          } catch {
+            // Final attempt failed, process will clean up
+          }
+        }
+      }
     }
   } else {
     addCheck(