@veraxhq/verax 0.2.0 → 0.3.0

package/src/verax/detect/findings-writer.js

@@ -1,11 +1,18 @@
-import { resolve, dirname } from 'path';
+import { resolve } from 'path';
 import { mkdirSync, writeFileSync } from 'fs';
-import { getArtifactPath } from '../core/run-id.js';
 import { CANONICAL_OUTCOMES } from '../core/canonical-outcomes.js';
+import { enforceContractsOnFindings, FINDING_STATUS } from '../core/contracts/index.js';
+import { ARTIFACT_REGISTRY, getArtifactVersions } from '../core/artifacts/registry.js';
+import { buildAndEnforceEvidencePackage, EvidenceBuildError, validateEvidencePackageStrict } from '../core/evidence-builder.js';
+import { writeEvidenceIntentLedger } from '../core/evidence/evidence-intent-ledger.js';
 
 /**
- * Write findings to canonical artifact root. If a runDir can be inferred,
- * write to .verax/runs/<runId>/findings.json; otherwise fall back to legacy path.
+ * Write findings to canonical artifact root.
+ * Writes to .verax/runs/<runId>/findings.json.
+ * 
+ * PHASE 0 ENFORCEMENT: Applies contracts enforcement
+ * - Downgrades findings without evidence from CONFIRMED to SUSPECTED
+ * - Drops findings that violate critical contracts
  * 
  * PHASE 2: Includes outcome classification summary.
  * PHASE 3: Includes promise type summary.
@@ -14,22 +21,119 @@ import { CANONICAL_OUTCOMES } from '../core/canonical-outcomes.js';
  * @param {string} url
  * @param {Array} findings
  * @param {Array} coverageGaps
- * @param {string|null} runDirOpt - Optional absolute run directory path
+ * @param {string} runDirOpt - Required absolute run directory path
+ * @returns {Object} findings report with enforcement metadata
  */
-export function writeFindings(projectDir, url, findings, coverageGaps = [], runDirOpt = null) {
-  let findingsPath;
-  if (runDirOpt) {
-    // Canonical location
-    mkdirSync(runDirOpt, { recursive: true });
-    findingsPath = resolve(runDirOpt, 'findings.json');
-  } else {
-    // Legacy location for backward compatibility (tests without runId)
-    const detectDir = resolve(projectDir, '.veraxverax', 'detect');
-    mkdirSync(detectDir, { recursive: true });
-    findingsPath = resolve(detectDir, 'findings.json');
+export function writeFindings(projectDir, url, findings, coverageGaps = [], runDirOpt) {
+  if (!runDirOpt) {
+    throw new Error('runDirOpt is required');
   }
+  mkdirSync(runDirOpt, { recursive: true });
+  const findingsPath = resolve(runDirOpt, ARTIFACT_REGISTRY.findings.filename);
 
-  // PHASE 2: Compute outcome summary
+  // ARCHITECTURAL HARDENING: Evidence capture failures downgrade findings, never drop them
+  // A finding must NEVER disappear. If evidence capture fails, downgrade explicitly.
+  const findingsWithEvidence = [];
+  const evidenceBuildFailures = [];
+  
+  for (const finding of (findings || [])) {
+    // If evidencePackage already exists, validate it strictly for CONFIRMED findings
+    if (finding.evidencePackage) {
+      const severity = finding.severity || finding.status || 'SUSPECTED';
+      if (severity === 'CONFIRMED') {
+        try {
+          validateEvidencePackageStrict(finding.evidencePackage, severity);
+          findingsWithEvidence.push(finding);
+        } catch (error) {
+          // CONFIRMED finding with incomplete evidencePackage → DOWNGRADE to SUSPECTED
+          const downgradedFinding = {
+            ...finding,
+            severity: 'SUSPECTED',
+            status: 'SUSPECTED',
+            evidenceCompleteness: {
+              downgraded: true,
+              reason: `Evidence package incomplete: ${error.message}`,
+              originalSeverity: 'CONFIRMED'
+            }
+          };
+          findingsWithEvidence.push(downgradedFinding);
+          evidenceBuildFailures.push({
+            finding: { type: finding.type || 'unknown', id: finding.findingId || finding.id },
+            reason: `EVIDENCE_VALIDATION_FAILED: ${error.message}`,
+            errorCode: error.code || 'EVIDENCE_VALIDATION_FAILED',
+            action: 'DOWNGRADED'
+          });
+        }
+      } else {
+        findingsWithEvidence.push(finding);
+      }
+      continue;
+    }
+    
+    // Build evidence package from finding data
+    // If building fails → DOWNGRADE finding (never drop)
+    try {
+      const findingWithEvidence = buildAndEnforceEvidencePackage(finding, {
+        expectation: finding.expectation || null,
+        trace: {
+          interaction: finding.interaction || {},
+          before: finding.evidence?.before ? { screenshot: finding.evidence.before, url: finding.evidence.beforeUrl } : null,
+          after: finding.evidence?.after ? { screenshot: finding.evidence.after, url: finding.evidence.afterUrl } : null,
+          sensors: finding.evidence?.sensors || {},
+          dom: finding.evidence?.dom || {},
+        },
+        evidence: finding.evidence || {},
+        confidence: finding.confidenceLevel ? {
+          level: finding.confidenceLevel,
+          score: finding.confidence,
+          reasons: finding.confidenceReasons || [],
+        } : null,
+      });
+      findingsWithEvidence.push(findingWithEvidence);
+    } catch (error) {
+      // Evidence building failure → DOWNGRADE finding (never drop)
+      const originalSeverity = finding.severity || finding.status || 'SUSPECTED';
+      const downgradedFinding = {
+        ...finding,
+        severity: 'SUSPECTED',
+        status: 'SUSPECTED',
+        evidenceCompleteness: {
+          downgraded: true,
+          reason: `Evidence capture failed: ${error.message}`,
+          originalSeverity: originalSeverity,
+          errorCode: error.code || 'EVIDENCE_BUILD_FAILED',
+          missingFields: error.missingFields || []
+        }
+      };
+      findingsWithEvidence.push(downgradedFinding);
+      
+      if (error instanceof EvidenceBuildError) {
+        evidenceBuildFailures.push({
+          finding: { type: finding.type || 'unknown', id: finding.findingId || finding.id },
+          reason: `EVIDENCE_BUILD_FAILED: ${error.message}`,
+          errorCode: error.code || 'EVIDENCE_BUILD_FAILED',
+          missingFields: error.missingFields || [],
+          action: 'DOWNGRADED'
+        });
+      } else {
+        evidenceBuildFailures.push({
+          finding: { type: finding.type || 'unknown', id: finding.findingId || finding.id },
+          reason: `EVIDENCE_BUILD_FAILED: Unexpected error: ${error.message}`,
+          errorCode: 'EVIDENCE_BUILD_FAILED',
+          action: 'DOWNGRADED'
+        });
+      }
+    }
+  }
+  
+  // PHASE 0: Enforce contracts on all findings (Evidence Law)
+  const { valid: enforcedFindings, dropped, downgrades } = enforceContractsOnFindings(findingsWithEvidence);
+  
+  // ARCHITECTURAL HARDENING: Track evidence build failures separately (they result in downgrades, not drops)
+  // Only contract violations result in drops
+  const allDropped = dropped;
+  
+  // PHASE 2: Compute outcome summary (using enforced findings)
   const outcomeSummary = {};
   Object.values(CANONICAL_OUTCOMES).forEach(outcome => {
     outcomeSummary[outcome] = 0;
@@ -38,7 +142,7 @@ export function writeFindings(projectDir, url, findings, coverageGaps = [], runD
   // PHASE 3: Compute promise summary
   const promiseSummary = {};
   
-  for (const finding of (findings || [])) {
+  for (const finding of enforcedFindings) {
     const outcome = finding.outcome || CANONICAL_OUTCOMES.SILENT_FAILURE;
     outcomeSummary[outcome] = (outcomeSummary[outcome] || 0) + 1;
     
@@ -48,20 +152,45 @@ export function writeFindings(projectDir, url, findings, coverageGaps = [], runD
 
   const findingsReport = {
     version: 1,
+    contractVersion: 1,  // Track schema changes from contracts enforcement
+    artifactVersions: getArtifactVersions(),
     detectedAt: new Date().toISOString(),
     url: url,
     outcomeSummary: outcomeSummary,  // PHASE 2
     promiseSummary: promiseSummary,  // PHASE 3
-    findings: findings,
+    findings: enforcedFindings,
     coverageGaps: coverageGaps,
+    // PHASE 0: Enforcement metadata
+    // PHASE 21.1: Include evidence build failures in dropped count
+    enforcement: {
+      droppedCount: allDropped.length,
+      downgradedCount: downgrades.length,
+      downgrades: downgrades.map(d => ({
+        reason: d.reason,
+        originalStatus: d.original.status,
+        downgradeToStatus: d.downgraded.status
+      })),
+      evidenceBuildFailures: evidenceBuildFailures.map(f => ({
+        reason: f.reason,
+        errorCode: f.errorCode,
+        findingType: f.finding.type || 'unknown',
+        findingId: f.finding.id || null,
+        missingFields: f.missingFields || [],
+        action: f.action || 'DOWNGRADED'
+      }))
+    },
     notes: []
   };
 
   writeFileSync(findingsPath, JSON.stringify(findingsReport, null, 2) + '\n');
 
+  // PHASE 22: Write evidence intent ledger
+  const evidenceIntentPath = writeEvidenceIntentLedger(runDirOpt, enforcedFindings, captureFailuresMap);
+
   return {
     ...findingsReport,
-    findingsPath: findingsPath
+    findingsPath: findingsPath,
+    evidenceIntentPath: evidenceIntentPath
   };
 }
 

package/src/verax/detect/flow-detector.js

@@ -133,9 +133,9 @@ export function detectFlowSilentFailures(traces, manifest, findings, coverageGap
     }
 
     // Look for silent failures followed by lack of recovery
-    let hasSilentFailure = false;
+    const _hasSilentFailure = false;
     let failedStepIndex = -1;
-    let failedExpectation = null;
+    const _failedExpectation = null;
 
     for (let i = 0; i < flowTraces.length; i++) {
       const trace = flowTraces[i];
@@ -248,9 +248,9 @@ export function detectFlowSilentFailures(traces, manifest, findings, coverageGap
 
       if (isSilentFailure && matchedExpectation) {
         // Silent failure detected at this step
-        hasSilentFailure = true;
+        const _hasSilentFailure = true;
         failedStepIndex = i;
-        failedExpectation = matchedExpectation;
+        const _failedExpectation = matchedExpectation;
 
         // Check if subsequent steps show UI recovery
         let hasSubsequentRecovery = false;

package/src/verax/detect/index.js

@@ -1,13 +1,29 @@
 import { readFileSync, existsSync } from 'fs';
-import { dirname } from 'path';
+import { dirname, basename, join } from 'path';
 import { expectsNavigation } from './expectation-model.js';
 import { hasMeaningfulUrlChange, hasVisibleChange, hasDomChange } from './comparison.js';
 import { writeFindings } from './findings-writer.js';
 import { getUrlPath } from './evidence-validator.js';
 import { classifySkipReason, collectSkipReasons } from './skip-classifier.js';
 import { detectInteractiveFindings } from './interactive-findings.js';
+import { detectRouteFindings } from './route-findings.js';
+import { detectUIFeedbackFindings } from './ui-feedback-findings.js';
+import { detectDynamicRouteFindings } from './dynamic-route-findings.js';
+import { addUnifiedConfidence } from './confidence-helper.js';
+import { applyGuardrails } from '../core/guardrails-engine.js';
+import { finalizeFindingTruth } from '../core/guardrails/truth-reconciliation.js';
+import { writeGuardrailsReport } from '../core/guardrails/guardrails-report-writer.js';
+import { computeFinalConfidence } from '../core/confidence/confidence-compute.js';
+import { enforceConfidenceInvariants } from '../core/confidence/confidence-invariants.js';
+import { writeConfidenceReport } from '../core/confidence/confidence-report-writer.js';
 
-export async function detect(manifestPath, tracesPath, validation = null) {
+/**
+ * @param {string} manifestPath
+ * @param {string} tracesPath
+ * @param {Object} [validation]
+ * @returns {Promise<any>}
+ */
+export async function detect(manifestPath, tracesPath, validation = null, _expectationCoverageGaps = null, _silenceTracker = null) {
   if (!existsSync(manifestPath)) {
     throw new Error(`Manifest not found: ${manifestPath}`);
   }
@@ -25,8 +41,21 @@ export async function detect(manifestPath, tracesPath, validation = null) {
   const projectDir = manifest.projectDir;
   const findings = [];
   
+  // Extract runId from tracesPath: .verax/runs/<runId>/observation-traces.json
+  let runId = null;
+  try {
+    const runDir = dirname(tracesPath);
+    const runDirBasename = basename(runDir);
+    // Check if runDir is in .verax/runs/<runId> structure
+    const parentDir = dirname(runDir);
+    if (basename(parentDir) === 'runs' && basename(dirname(parentDir)) === '.verax') {
+      runId = runDirBasename;
+    }
+  } catch {
+    // Ignore path parsing errors
+  }
+  
   let interactionsAnalyzed = 0;
-  let interactionsSkippedNoExpectation = 0;
   const skips = [];
   
   for (const trace of observation.traces) {
@@ -39,7 +68,6 @@ export async function detect(manifestPath, tracesPath, validation = null) {
     const expectsNav = expectsNavigation(manifest, interaction, beforeUrl);
     
     if (!expectsNav) {
-      interactionsSkippedNoExpectation++;
       const skipReason = classifySkipReason(manifest, interaction, beforeUrl, validation);
       if (skipReason) {
         skips.push({
@@ -73,8 +101,8 @@ export async function detect(manifestPath, tracesPath, validation = null) {
             const interactionSelector = interaction.selector || '';
             
             if (selectorHint && interactionSelector) {
-              const normalizedSelectorHint = selectorHint.replace(/[\[\]()]/g, '');
-              const normalizedInteractionSelector = interactionSelector.replace(/[\[\]()]/g, '');
+              const normalizedSelectorHint = selectorHint.replace(/[[\]()]/g, '');
+              const normalizedInteractionSelector = interactionSelector.replace(/[[\]()]/g, '');
               
               if (selectorHint === interactionSelector || 
                   selectorHint.includes(interactionSelector) || 
@@ -117,7 +145,6 @@ export async function detect(manifestPath, tracesPath, validation = null) {
               label: interaction.label
             }
           });
-          interactionsSkippedNoExpectation++;
           continue;
         }
       }
@@ -161,7 +188,6 @@ export async function detect(manifestPath, tracesPath, validation = null) {
               label: interaction.label
             }
           });
-          interactionsSkippedNoExpectation++;
           continue;
         } else if (matchingRoutes.length === 1) {
           expectedTargetPath = matchingRoutes[0];
@@ -180,14 +206,22 @@ export async function detect(manifestPath, tracesPath, validation = null) {
           label: interaction.label
         }
       });
-      interactionsSkippedNoExpectation++;
       continue;
     }
     
     interactionsAnalyzed++;
     
     const hasUrlChange = hasMeaningfulUrlChange(beforeUrl, afterUrl);
-    const hasVisibleChangeResult = hasVisibleChange(beforeScreenshot, afterScreenshot, projectDir);
+    // hasVisibleChange requires runId, skip comparison if runId unavailable
+    let hasVisibleChangeResult = false;
+    if (runId) {
+      try {
+        hasVisibleChangeResult = hasVisibleChange(beforeScreenshot, afterScreenshot, projectDir, runId);
+      } catch (e) {
+        // If screenshot comparison fails, treat as no visible change
+        hasVisibleChangeResult = false;
+      }
+    }
     const hasDomChangeResult = hasDomChange(trace);
     
     if (expectedTargetPath) {
@@ -197,7 +231,7 @@ export async function detect(manifestPath, tracesPath, validation = null) {
       
       if (expectationType === 'form_submission') {
         if (normalizedAfter !== normalizedTarget && !hasUrlChange && !hasDomChangeResult) {
-          findings.push({
+          const finding = {
             type: 'silent_failure',
             interaction: {
               type: interaction.type,
@@ -211,7 +245,27 @@ export async function detect(manifestPath, tracesPath, validation = null) {
               beforeUrl: beforeUrl,
               afterUrl: afterUrl
             }
+          };
+          
+          // PHASE 15: Add unified confidence
+          const findingWithConfidence = addUnifiedConfidence(finding, {
+            expectation: { targetPath: expectedTargetPath, type: expectationType },
+            sensors: trace.sensors || {},
+            comparisons: {
+              urlChanged: hasUrlChange,
+              domChanged: hasDomChangeResult,
+            },
+            evidence: {
+              beforeAfter: {
+                beforeScreenshot,
+                afterScreenshot,
+                beforeUrl,
+                afterUrl,
+              },
+            },
           });
+          
+          findings.push(findingWithConfidence);
         }
       } else if (expectationType === 'navigation') {
         const urlMatchesTarget = normalizedAfter === normalizedTarget;
@@ -237,7 +291,7 @@ export async function detect(manifestPath, tracesPath, validation = null) {
       }
     } else {
       if (!hasUrlChange && !hasVisibleChangeResult && !hasDomChangeResult) {
-        findings.push({
+        const finding = {
           type: 'silent_failure',
           interaction: {
             type: interaction.type,
@@ -251,7 +305,28 @@ export async function detect(manifestPath, tracesPath, validation = null) {
             beforeUrl: beforeUrl,
             afterUrl: afterUrl
           }
+        };
+        
+        // PHASE 15: Add unified confidence
+        const findingWithConfidence = addUnifiedConfidence(finding, {
+          expectation: null,
+          sensors: trace.sensors || {},
+          comparisons: {
+            urlChanged: hasUrlChange,
+            domChanged: hasDomChangeResult,
+            visibleChanged: hasVisibleChangeResult,
+          },
+          evidence: {
+            beforeAfter: {
+              beforeScreenshot,
+              afterScreenshot,
+              beforeUrl,
+              afterUrl,
+            },
+          },
         });
+        
+        findings.push(findingWithConfidence);
       }
     }
   }
@@ -259,14 +334,187 @@ export async function detect(manifestPath, tracesPath, validation = null) {
   // Interactive and accessibility intelligence
   detectInteractiveFindings(observation.traces, manifest, findings);
   
-  // Infer canonical run directory from tracesPath when available
+  // PHASE 12: Route intelligence findings
+  const routeFindings = detectRouteFindings(observation.traces, manifest, findings);
+  findings.push(...routeFindings);
+  
+  // PHASE 13: UI feedback findings
+  const uiFeedbackFindings = detectUIFeedbackFindings(observation.traces, manifest, findings);
+  findings.push(...uiFeedbackFindings);
+  
+  // PHASE 14: Dynamic route findings
+  const dynamicRouteResult = detectDynamicRouteFindings(observation.traces, manifest, findings);
+  findings.push(...dynamicRouteResult.findings);
+  // Note: skips are handled separately and should be included in skip summary
+  
+  // PHASE 23: Apply guardrails + truth reconciliation (AFTER evidence builder, BEFORE writing artifacts)
+  const guardrailsSummary = {
+    totalFindingsProcessed: 0,
+    preventedConfirmedCount: 0,
+    downgradedCount: 0,
+    informationalCount: 0,
+  };
+  
+  const truthDecisions = {}; // Map of findingIdentity -> truthDecision
+  
+  const findingsWithGuardrails = findings.map(finding => {
+    guardrailsSummary.totalFindingsProcessed++;
+    
+    // Capture initial confidence before guardrails
+    const initialConfidence = finding.confidence || 0;
+    const initialConfidenceLevel = finding.confidenceLevel || 
+      (initialConfidence >= 0.8 ? 'HIGH' : initialConfidence >= 0.5 ? 'MEDIUM' : initialConfidence >= 0.2 ? 'LOW' : 'UNPROVEN');
+    
+    // Build context for guardrails
+    const context = {
+      evidencePackage: finding.evidencePackage,
+      signals: finding.evidencePackage?.signals || finding.evidence || {},
+      confidenceReasons: finding.confidenceReasons || [],
+      promiseType: finding.expectation?.type || finding.promise?.type || null,
+    };
+    
+    // Apply guardrails
+    const guardrailsResult = applyGuardrails(finding, context);
+    
+    // Finalize truth (reconcile confidence with guardrails outcome)
+    const { finalFinding, truthDecision } = finalizeFindingTruth(
+      guardrailsResult.finding,
+      guardrailsResult,
+      {
+        initialConfidence,
+        initialConfidenceLevel
+      }
+    );
+    
+    // Store truth decision for report
+    const findingIdentity = finalFinding.findingId || finalFinding.id || `finding-${findings.indexOf(finding)}`;
+    truthDecisions[findingIdentity] = truthDecision;
+    
+    // Track guardrails impact
+    const originalSeverity = finding.severity || 'SUSPECTED';
+    const finalSeverity = truthDecision.finalStatus;
+    
+    if (finalSeverity !== originalSeverity && originalSeverity === 'CONFIRMED') {
+      guardrailsSummary.preventedConfirmedCount++;
+    }
+    if (finalSeverity === 'SUSPECTED' && originalSeverity === 'CONFIRMED') {
+      guardrailsSummary.downgradedCount++;
+    }
+    if (finalSeverity === 'INFORMATIONAL') {
+      guardrailsSummary.informationalCount++;
+    }
+    
+    return finalFinding;
+  });
+  
+  // Replace findings with guardrails-applied + truth-reconciled findings
+  findings.length = 0;
+  findings.push(...findingsWithGuardrails);
+  
+  // PHASE 24: Apply confidence invariants and compute final confidence
+  const confidenceData = {}; // Map of findingIdentity -> confidence computation result
+  
+  // Load evidence intent if available
+  let evidenceIntentLedger = null;
   let runDir = null;
   try {
     runDir = dirname(tracesPath);
-  } catch {}
+    const evidenceIntentPath = join(runDir, 'evidence.intent.json');
+    if (existsSync(evidenceIntentPath)) {
+      try {
+        const intentContent = readFileSync(evidenceIntentPath, 'utf-8');
+        evidenceIntentLedger = JSON.parse(intentContent);
+      } catch {
+        // Ignore parse errors
+      }
+    }
+  } catch {
+    // Ignore path parsing errors
+  }
+  
+  const findingsWithConfidence = findings.map(finding => {
+    const findingIdentity = finding.findingId || finding.id || `finding-${findings.indexOf(finding)}`;
+    
+    // Get evidence intent entry for this finding
+    const evidenceIntentEntry = evidenceIntentLedger?.entries?.find(e => e.findingIdentity === findingIdentity) || null;
+    
+    // Get guardrails outcome
+    const guardrailsOutcome = finding.guardrails || truthDecisions[findingIdentity] || null;
+    
+    // Compute final confidence
+    const confidenceResult = computeFinalConfidence({
+      findingType: finding.type || 'unknown',
+      rawSignals: finding.evidencePackage?.signals || finding.evidence || {},
+      evidenceIntent: evidenceIntentEntry,
+      guardrailsOutcome,
+      truthStatus: finding.severity || finding.status || 'SUSPECTED',
+      expectation: finding.expectation || null,
+      sensors: finding.evidencePackage?.signals || finding.evidence || {},
+      comparisons: {},
+      evidence: finding.evidence || {},
+      options: {
+        verificationStatus: null // Will be set by verifier
+      }
+    });
+    
+    // Store confidence data for report
+    confidenceData[findingIdentity] = confidenceResult;
+    
+    // Enforce invariants
+    const invariantResult = enforceConfidenceInvariants(finding, {
+      expectationProof: confidenceResult.expectationProof,
+      verificationStatus: confidenceResult.verificationStatus,
+      guardrailsOutcome
+    });
+    
+    // Update finding with final confidence
+    const finalFinding = {
+      ...invariantResult.finding,
+      confidence: confidenceResult.confidenceAfter,
+      confidenceLevel: confidenceResult.confidenceLevel,
+      confidenceReasons: confidenceResult.explanation
+    };
+    
+    return finalFinding;
+  });
+  
+  // Replace findings with confidence-enforced findings
+  findings.length = 0;
+  findings.push(...findingsWithConfidence);
+  
+  // Infer canonical run directory from tracesPath when available
+  if (!runDir) {
+    try {
+      runDir = dirname(tracesPath);
+    } catch {
+      // Ignore path parsing errors
+    }
+  }
 
   const findingsResult = writeFindings(projectDir, observation.url, findings, [], runDir);
   
+  // PHASE 23: Write guardrails report
+  let guardrailsReportPath = null;
+  if (runDir) {
+    try {
+      guardrailsReportPath = writeGuardrailsReport(runDir, findings, truthDecisions);
+    } catch (error) {
+      // Log but don't fail the run
+      console.error('Failed to write guardrails report:', error.message);
+    }
+  }
+  
+  // PHASE 24: Write confidence report
+  let confidenceReportPath = null;
+  if (runDir) {
+    try {
+      confidenceReportPath = writeConfidenceReport(runDir, findings, confidenceData);
+    } catch (error) {
+      // Log but don't fail the run
+      console.error('Failed to write confidence report:', error.message);
+    }
+  }
+  
   const skipSummary = collectSkipReasons(skips);
   
   const detectTruth = {
@@ -278,6 +526,8 @@ export async function detect(manifestPath, tracesPath, validation = null) {
   
   return {
     ...findingsResult,
-    detectTruth: detectTruth
+    detectTruth: detectTruth,
+    guardrailsSummary: guardrailsSummary,  // PHASE 17: Include guardrails summary
+    guardrailsReportPath: guardrailsReportPath  // PHASE 23: Include guardrails report path
   };
 }

package/src/verax/detect/interactive-findings.js

@@ -2,7 +2,7 @@
 // Handles keyboard, hover, file_upload, login, logout, auth_guard interactions
 // Plus accessibility detections: focus, ARIA, keyboard trap, feedback gap, freeze
 
-import { hasMeaningfulUrlChange, hasVisibleChange, hasDomChange } from './comparison.js';
+import { hasMeaningfulUrlChange, hasDomChange } from './comparison.js';
 import { computeConfidence } from './confidence-engine.js';
 import { enrichFindingWithExplanations } from './finding-detector.js';
 
@@ -14,10 +14,9 @@ import { enrichFindingWithExplanations } from './finding-detector.js';
  * @param {Array} traces - Interaction traces to analyze
  * @param {Object} manifest - Project manifest (not used currently)
  * @param {Array} findings - Findings array to append to
- * @param {Object} helpers - Helper functions (not used currently)
  * @returns {Array} Array of detected interactive findings
  */
-export function detectInteractiveFindings(traces, manifest, findings, helpers = {}) {
+export function detectInteractiveFindings(traces, manifest, findings, _helpers = {}) {
   const interactiveFindings = [];
 
   for (const trace of traces) {
@@ -165,7 +164,7 @@ export function detectInteractiveFindings(traces, manifest, findings, helpers =
       const domChanged = hasDomChange(trace);
       const urlChanged = hasMeaningfulUrlChange(beforeUrl, afterUrl);
       const network = sensors.network || {};
-      const hasNetwork = (network.totalRequests || 0) > 0;
+      const _hasNetwork = (network.totalRequests || 0) > 0;
       const loading = sensors.loading || {};
       const stateData = sensors.state || {};