npm - @veraxhq/verax - Versions diffs - 0.2.1 → 0.3.0 - Mend

@veraxhq/verax 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

package/README.md +14 -18
package/bin/verax.js +7 -0
package/package.json +3 -3
package/src/cli/commands/baseline.js +104 -0
package/src/cli/commands/default.js +79 -25
package/src/cli/commands/ga.js +243 -0
package/src/cli/commands/gates.js +95 -0
package/src/cli/commands/inspect.js +131 -2
package/src/cli/commands/release-check.js +213 -0
package/src/cli/commands/run.js +246 -35
package/src/cli/commands/security-check.js +211 -0
package/src/cli/commands/truth.js +114 -0
package/src/cli/entry.js +304 -67
package/src/cli/util/angular-component-extractor.js +179 -0
package/src/cli/util/angular-navigation-detector.js +141 -0
package/src/cli/util/angular-network-detector.js +161 -0
package/src/cli/util/angular-state-detector.js +162 -0
package/src/cli/util/ast-interactive-detector.js +546 -0
package/src/cli/util/ast-network-detector.js +603 -0
package/src/cli/util/ast-usestate-detector.js +602 -0
package/src/cli/util/bootstrap-guard.js +86 -0
package/src/cli/util/determinism-runner.js +123 -0
package/src/cli/util/determinism-writer.js +129 -0
package/src/cli/util/env-url.js +4 -0
package/src/cli/util/expectation-extractor.js +369 -73
package/src/cli/util/findings-writer.js +126 -16
package/src/cli/util/learn-writer.js +3 -1
package/src/cli/util/observe-writer.js +3 -1
package/src/cli/util/paths.js +3 -12
package/src/cli/util/project-discovery.js +3 -0
package/src/cli/util/project-writer.js +3 -1
package/src/cli/util/run-resolver.js +64 -0
package/src/cli/util/source-requirement.js +55 -0
package/src/cli/util/summary-writer.js +1 -0
package/src/cli/util/svelte-navigation-detector.js +163 -0
package/src/cli/util/svelte-network-detector.js +80 -0
package/src/cli/util/svelte-sfc-extractor.js +147 -0
package/src/cli/util/svelte-state-detector.js +243 -0
package/src/cli/util/vue-navigation-detector.js +177 -0
package/src/cli/util/vue-sfc-extractor.js +162 -0
package/src/cli/util/vue-state-detector.js +215 -0
package/src/verax/cli/finding-explainer.js +56 -3
package/src/verax/core/artifacts/registry.js +154 -0
package/src/verax/core/artifacts/verifier.js +980 -0
package/src/verax/core/baseline/baseline.enforcer.js +137 -0
package/src/verax/core/baseline/baseline.snapshot.js +231 -0
package/src/verax/core/capabilities/gates.js +499 -0
package/src/verax/core/capabilities/registry.js +475 -0
package/src/verax/core/confidence/confidence-compute.js +137 -0
package/src/verax/core/confidence/confidence-invariants.js +234 -0
package/src/verax/core/confidence/confidence-report-writer.js +112 -0
package/src/verax/core/confidence/confidence-weights.js +44 -0
package/src/verax/core/confidence/confidence.defaults.js +65 -0
package/src/verax/core/confidence/confidence.loader.js +79 -0
package/src/verax/core/confidence/confidence.schema.js +94 -0
package/src/verax/core/confidence-engine-refactor.js +484 -0
package/src/verax/core/confidence-engine.js +486 -0
package/src/verax/core/confidence-engine.js.backup +471 -0
package/src/verax/core/contracts/index.js +29 -0
package/src/verax/core/contracts/types.js +185 -0
package/src/verax/core/contracts/validators.js +381 -0
package/src/verax/core/decision-snapshot.js +30 -3
package/src/verax/core/decisions/decision.trace.js +276 -0
package/src/verax/core/determinism/contract-writer.js +89 -0
package/src/verax/core/determinism/contract.js +139 -0
package/src/verax/core/determinism/diff.js +364 -0
package/src/verax/core/determinism/engine.js +221 -0
package/src/verax/core/determinism/finding-identity.js +148 -0
package/src/verax/core/determinism/normalize.js +438 -0
package/src/verax/core/determinism/report-writer.js +92 -0
package/src/verax/core/determinism/run-fingerprint.js +118 -0
package/src/verax/core/dynamic-route-intelligence.js +528 -0
package/src/verax/core/evidence/evidence-capture-service.js +307 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +165 -0
package/src/verax/core/evidence-builder.js +487 -0
package/src/verax/core/execution-mode-context.js +77 -0
package/src/verax/core/execution-mode-detector.js +190 -0
package/src/verax/core/failures/exit-codes.js +86 -0
package/src/verax/core/failures/failure-summary.js +76 -0
package/src/verax/core/failures/failure.factory.js +225 -0
package/src/verax/core/failures/failure.ledger.js +132 -0
package/src/verax/core/failures/failure.types.js +196 -0
package/src/verax/core/failures/index.js +10 -0
package/src/verax/core/ga/ga-report-writer.js +43 -0
package/src/verax/core/ga/ga.artifact.js +49 -0
package/src/verax/core/ga/ga.contract.js +434 -0
package/src/verax/core/ga/ga.enforcer.js +86 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
package/src/verax/core/guardrails/policy.defaults.js +210 -0
package/src/verax/core/guardrails/policy.loader.js +83 -0
package/src/verax/core/guardrails/policy.schema.js +110 -0
package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
package/src/verax/core/guardrails-engine.js +505 -0
package/src/verax/core/observe/run-timeline.js +316 -0
package/src/verax/core/perf/perf.contract.js +186 -0
package/src/verax/core/perf/perf.display.js +65 -0
package/src/verax/core/perf/perf.enforcer.js +91 -0
package/src/verax/core/perf/perf.monitor.js +209 -0
package/src/verax/core/perf/perf.report.js +198 -0
package/src/verax/core/pipeline-tracker.js +238 -0
package/src/verax/core/product-definition.js +127 -0
package/src/verax/core/release/provenance.builder.js +271 -0
package/src/verax/core/release/release-report-writer.js +40 -0
package/src/verax/core/release/release.enforcer.js +159 -0
package/src/verax/core/release/reproducibility.check.js +221 -0
package/src/verax/core/release/sbom.builder.js +283 -0
package/src/verax/core/report/cross-index.js +192 -0
package/src/verax/core/report/human-summary.js +222 -0
package/src/verax/core/route-intelligence.js +419 -0
package/src/verax/core/security/secrets.scan.js +326 -0
package/src/verax/core/security/security-report.js +50 -0
package/src/verax/core/security/security.enforcer.js +124 -0
package/src/verax/core/security/supplychain.defaults.json +38 -0
package/src/verax/core/security/supplychain.policy.js +326 -0
package/src/verax/core/security/vuln.scan.js +265 -0
package/src/verax/core/truth/truth.certificate.js +250 -0
package/src/verax/core/ui-feedback-intelligence.js +515 -0
package/src/verax/detect/confidence-engine.js +628 -40
package/src/verax/detect/confidence-helper.js +33 -0
package/src/verax/detect/detection-engine.js +18 -1
package/src/verax/detect/dynamic-route-findings.js +335 -0
package/src/verax/detect/expectation-chain-detector.js +417 -0
package/src/verax/detect/expectation-model.js +3 -1
package/src/verax/detect/findings-writer.js +141 -5
package/src/verax/detect/index.js +229 -5
package/src/verax/detect/journey-stall-detector.js +558 -0
package/src/verax/detect/route-findings.js +218 -0
package/src/verax/detect/ui-feedback-findings.js +207 -0
package/src/verax/detect/verdict-engine.js +57 -3
package/src/verax/detect/view-switch-correlator.js +242 -0
package/src/verax/index.js +413 -45
package/src/verax/learn/action-contract-extractor.js +682 -64
package/src/verax/learn/route-validator.js +4 -1
package/src/verax/observe/index.js +88 -843
package/src/verax/observe/interaction-runner.js +25 -8
package/src/verax/observe/observe-context.js +205 -0
package/src/verax/observe/observe-helpers.js +191 -0
package/src/verax/observe/observe-runner.js +226 -0
package/src/verax/observe/observers/budget-observer.js +185 -0
package/src/verax/observe/observers/console-observer.js +102 -0
package/src/verax/observe/observers/coverage-observer.js +107 -0
package/src/verax/observe/observers/interaction-observer.js +471 -0
package/src/verax/observe/observers/navigation-observer.js +132 -0
package/src/verax/observe/observers/network-observer.js +87 -0
package/src/verax/observe/observers/safety-observer.js +82 -0
package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
package/src/verax/observe/ui-feedback-detector.js +742 -0
package/src/verax/observe/ui-signal-sensor.js +148 -2
package/src/verax/scan-summary-writer.js +42 -8
package/src/verax/shared/artifact-manager.js +8 -5
package/src/verax/shared/css-spinner-rules.js +204 -0
package/src/verax/shared/view-switch-rules.js +208 -0

package/src/verax/detect/view-switch-correlator.js ADDED Viewed

@@ -0,0 +1,242 @@
+/**
+ * VIEW SWITCH CORRELATOR
+ *
+ * Correlates view switch promises with observed UI changes (no URL change).
+ * Requires at least 2 independent signals for CONFIRMED.
+ *
+ * TRUTH BOUNDARY:
+ * - CONFIRMED: 2+ independent signals (DOM signature + landmark/focus/aria-live)
+ * - SUSPECTED: 1 signal only
+ * - INFORMATIONAL: Interaction blocked/disabled/prevented
+ */
+/**
+ * Reason codes for correlation decisions
+ */
+export const VIEW_SWITCH_REASON_CODES = {
+  CONFIRMED_TWO_SIGNALS: 'CONFIRMED_TWO_SIGNALS',
+  CONFIRMED_THREE_SIGNALS: 'CONFIRMED_THREE_SIGNALS',
+  SUSPECTED_ONE_SIGNAL: 'SUSPECTED_ONE_SIGNAL',
+  INFORMATIONAL_BLOCKED: 'INFORMATIONAL_BLOCKED',
+  INFORMATIONAL_DISABLED: 'INFORMATIONAL_DISABLED',
+  INFORMATIONAL_PREVENTED: 'INFORMATIONAL_PREVENTED',
+  NO_SIGNALS: 'NO_SIGNALS'
+};
+/**
+ * Correlate view switch promise with observed UI changes.
+ *
+ * @param {Object} expectation - View switch promise expectation
+ * @param {Object} trace - Interaction trace with sensors
+ * @param {string} beforeUrl - URL before interaction
+ * @param {string} afterUrl - URL after interaction
+ * @returns {Object} - { outcome, severity, reasonCode, signals }
+ */
+export function correlateViewSwitch(expectation, trace, beforeUrl, afterUrl) {
+  if (!expectation || expectation.kind !== 'VIEW_SWITCH_PROMISE') {
+    return { outcome: null, severity: null, reasonCode: null, signals: [] };
+  }
+  const sensors = trace.sensors || {};
+  const navigation = sensors.navigation || {};
+  const uiSignals = sensors.uiSignals || {};
+  const stateUi = sensors.stateUi || {};
+  const uiFeedback = sensors.uiFeedback || {};
+  // Check if URL changed (if so, this is not a state-driven navigation)
+  const urlChanged = navigation.urlChanged === true || (beforeUrl !== afterUrl);
+  if (urlChanged) {
+    return { outcome: null, severity: null, reasonCode: 'URL_CHANGED', signals: [] };
+  }
+  // Check if interaction was blocked/disabled/prevented
+  const interaction = trace.interaction || {};
+  const isDisabled = interaction.disabled === true;
+  const isBlocked = interaction.blocked === true;
+  const isPrevented = interaction.prevented === true;
+  if (isDisabled) {
+    return {
+      outcome: 'INFORMATIONAL',
+      severity: 'INFORMATIONAL',
+      reasonCode: VIEW_SWITCH_REASON_CODES.INFORMATIONAL_DISABLED,
+      signals: []
+    };
+  }
+  if (isBlocked) {
+    return {
+      outcome: 'INFORMATIONAL',
+      severity: 'INFORMATIONAL',
+      reasonCode: VIEW_SWITCH_REASON_CODES.INFORMATIONAL_BLOCKED,
+      signals: []
+    };
+  }
+  if (isPrevented) {
+    return {
+      outcome: 'INFORMATIONAL',
+      severity: 'INFORMATIONAL',
+      reasonCode: VIEW_SWITCH_REASON_CODES.INFORMATIONAL_PREVENTED,
+      signals: []
+    };
+  }
+  // Collect independent signals
+  const signals = [];
+  // Signal 1: DOM signature change (stable hash)
+  const beforeDom = trace.before?.domSignature || trace.before?.domHash;
+  const afterDom = trace.after?.domSignature || trace.after?.domHash;
+  if (beforeDom && afterDom && beforeDom !== afterDom) {
+    signals.push({
+      type: 'DOM_SIGNATURE_CHANGE',
+      before: beforeDom,
+      after: afterDom
+    });
+  }
+  // Signal 2: Visible landmark change (heading/main role change)
+  const beforeLandmarks = extractLandmarks(trace.before);
+  const afterLandmarks = extractLandmarks(trace.after);
+  if (beforeLandmarks.length > 0 && afterLandmarks.length > 0) {
+    const landmarksChanged = JSON.stringify(beforeLandmarks) !== JSON.stringify(afterLandmarks);
+    if (landmarksChanged) {
+      signals.push({
+        type: 'LANDMARK_CHANGE',
+        before: beforeLandmarks,
+        after: afterLandmarks
+      });
+    }
+  }
+  // Signal 3: Focus moved to new container
+  const beforeFocus = trace.before?.focus || {};
+  const afterFocus = trace.after?.focus || {};
+  if (beforeFocus.selector && afterFocus.selector && beforeFocus.selector !== afterFocus.selector) {
+    const beforeContainer = getContainerSelector(beforeFocus.selector);
+    const afterContainer = getContainerSelector(afterFocus.selector);
+    if (beforeContainer !== afterContainer) {
+      signals.push({
+        type: 'FOCUS_CONTAINER_CHANGE',
+        before: beforeContainer,
+        after: afterContainer
+      });
+    }
+  }
+  // Signal 4: aria-live message
+  const ariaLiveBefore = extractAriaLive(trace.before);
+  const ariaLiveAfter = extractAriaLive(trace.after);
+  if (ariaLiveAfter.length > ariaLiveBefore.length) {
+    signals.push({
+      type: 'ARIA_LIVE_MESSAGE',
+      messages: ariaLiveAfter.slice(ariaLiveBefore.length)
+    });
+  }
+  // Signal 5: UI feedback signals (optional but counts)
+  if (uiFeedback.signals) {
+    const feedbackSignals = uiFeedback.signals;
+    if (feedbackSignals.domChange?.happened === true) {
+      signals.push({
+        type: 'UI_FEEDBACK_DOM_CHANGE',
+        details: feedbackSignals.domChange
+      });
+    }
+    if (feedbackSignals.focusChange?.happened === true) {
+      signals.push({
+        type: 'UI_FEEDBACK_FOCUS_CHANGE',
+        details: feedbackSignals.focusChange
+      });
+    }
+  }
+  // Determine outcome based on signal count
+  if (signals.length >= 2) {
+    return {
+      outcome: 'CONFIRMED',
+      severity: 'CONFIRMED',
+      reasonCode: signals.length >= 3
+        ? VIEW_SWITCH_REASON_CODES.CONFIRMED_THREE_SIGNALS
+        : VIEW_SWITCH_REASON_CODES.CONFIRMED_TWO_SIGNALS,
+      signals
+    };
+  } else if (signals.length === 1) {
+    return {
+      outcome: 'SUSPECTED',
+      severity: 'SUSPECTED',
+      reasonCode: VIEW_SWITCH_REASON_CODES.SUSPECTED_ONE_SIGNAL,
+      signals
+    };
+  } else {
+    return {
+      outcome: 'NO_SIGNALS',
+      severity: 'SUSPECTED',
+      reasonCode: VIEW_SWITCH_REASON_CODES.NO_SIGNALS,
+      signals: []
+    };
+  }
+}
+/**
+ * Extract landmarks (headings, main role) from trace snapshot
+ */
+function extractLandmarks(snapshot) {
+  if (!snapshot) return [];
+  const landmarks = [];
+  // Extract headings (h1-h6)
+  if (snapshot.headings) {
+    landmarks.push(...snapshot.headings.map(h => ({ type: 'heading', level: h.level, text: h.text?.slice(0, 50) })));
+  }
+  // Extract main role elements
+  if (snapshot.mainElements) {
+    landmarks.push(...snapshot.mainElements.map(m => ({ type: 'main', text: m.text?.slice(0, 50) })));
+  }
+  return landmarks;
+}
+/**
+ * Get container selector from element selector
+ */
+function getContainerSelector(selector) {
+  if (!selector) return null;
+  // Extract parent container (simplified - assumes common patterns)
+  const parts = selector.split(' > ');
+  if (parts.length > 1) {
+    return parts[parts.length - 2]; // Second to last part
+  }
+  // Try to extract container from selector
+  const match = selector.match(/([^>]+) > [^>]+$/);
+  if (match) {
+    return match[1].trim();
+  }
+  return selector; // Fallback to full selector
+}
+/**
+ * Extract aria-live messages from trace snapshot
+ */
+function extractAriaLive(snapshot) {
+  if (!snapshot) return [];
+  const messages = [];
+  if (snapshot.ariaLiveRegions) {
+    snapshot.ariaLiveRegions.forEach(region => {
+      if (region.text) {
+        messages.push(region.text.slice(0, 100));
+      }
+    });
+  }
+  return messages;
+}