npm - @veraxhq/verax - Versions diffs - 0.2.1 → 0.3.0 - Mend

@veraxhq/verax 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

package/README.md +14 -18
package/bin/verax.js +7 -0
package/package.json +3 -3
package/src/cli/commands/baseline.js +104 -0
package/src/cli/commands/default.js +79 -25
package/src/cli/commands/ga.js +243 -0
package/src/cli/commands/gates.js +95 -0
package/src/cli/commands/inspect.js +131 -2
package/src/cli/commands/release-check.js +213 -0
package/src/cli/commands/run.js +246 -35
package/src/cli/commands/security-check.js +211 -0
package/src/cli/commands/truth.js +114 -0
package/src/cli/entry.js +304 -67
package/src/cli/util/angular-component-extractor.js +179 -0
package/src/cli/util/angular-navigation-detector.js +141 -0
package/src/cli/util/angular-network-detector.js +161 -0
package/src/cli/util/angular-state-detector.js +162 -0
package/src/cli/util/ast-interactive-detector.js +546 -0
package/src/cli/util/ast-network-detector.js +603 -0
package/src/cli/util/ast-usestate-detector.js +602 -0
package/src/cli/util/bootstrap-guard.js +86 -0
package/src/cli/util/determinism-runner.js +123 -0
package/src/cli/util/determinism-writer.js +129 -0
package/src/cli/util/env-url.js +4 -0
package/src/cli/util/expectation-extractor.js +369 -73
package/src/cli/util/findings-writer.js +126 -16
package/src/cli/util/learn-writer.js +3 -1
package/src/cli/util/observe-writer.js +3 -1
package/src/cli/util/paths.js +3 -12
package/src/cli/util/project-discovery.js +3 -0
package/src/cli/util/project-writer.js +3 -1
package/src/cli/util/run-resolver.js +64 -0
package/src/cli/util/source-requirement.js +55 -0
package/src/cli/util/summary-writer.js +1 -0
package/src/cli/util/svelte-navigation-detector.js +163 -0
package/src/cli/util/svelte-network-detector.js +80 -0
package/src/cli/util/svelte-sfc-extractor.js +147 -0
package/src/cli/util/svelte-state-detector.js +243 -0
package/src/cli/util/vue-navigation-detector.js +177 -0
package/src/cli/util/vue-sfc-extractor.js +162 -0
package/src/cli/util/vue-state-detector.js +215 -0
package/src/verax/cli/finding-explainer.js +56 -3
package/src/verax/core/artifacts/registry.js +154 -0
package/src/verax/core/artifacts/verifier.js +980 -0
package/src/verax/core/baseline/baseline.enforcer.js +137 -0
package/src/verax/core/baseline/baseline.snapshot.js +231 -0
package/src/verax/core/capabilities/gates.js +499 -0
package/src/verax/core/capabilities/registry.js +475 -0
package/src/verax/core/confidence/confidence-compute.js +137 -0
package/src/verax/core/confidence/confidence-invariants.js +234 -0
package/src/verax/core/confidence/confidence-report-writer.js +112 -0
package/src/verax/core/confidence/confidence-weights.js +44 -0
package/src/verax/core/confidence/confidence.defaults.js +65 -0
package/src/verax/core/confidence/confidence.loader.js +79 -0
package/src/verax/core/confidence/confidence.schema.js +94 -0
package/src/verax/core/confidence-engine-refactor.js +484 -0
package/src/verax/core/confidence-engine.js +486 -0
package/src/verax/core/confidence-engine.js.backup +471 -0
package/src/verax/core/contracts/index.js +29 -0
package/src/verax/core/contracts/types.js +185 -0
package/src/verax/core/contracts/validators.js +381 -0
package/src/verax/core/decision-snapshot.js +30 -3
package/src/verax/core/decisions/decision.trace.js +276 -0
package/src/verax/core/determinism/contract-writer.js +89 -0
package/src/verax/core/determinism/contract.js +139 -0
package/src/verax/core/determinism/diff.js +364 -0
package/src/verax/core/determinism/engine.js +221 -0
package/src/verax/core/determinism/finding-identity.js +148 -0
package/src/verax/core/determinism/normalize.js +438 -0
package/src/verax/core/determinism/report-writer.js +92 -0
package/src/verax/core/determinism/run-fingerprint.js +118 -0
package/src/verax/core/dynamic-route-intelligence.js +528 -0
package/src/verax/core/evidence/evidence-capture-service.js +307 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +165 -0
package/src/verax/core/evidence-builder.js +487 -0
package/src/verax/core/execution-mode-context.js +77 -0
package/src/verax/core/execution-mode-detector.js +190 -0
package/src/verax/core/failures/exit-codes.js +86 -0
package/src/verax/core/failures/failure-summary.js +76 -0
package/src/verax/core/failures/failure.factory.js +225 -0
package/src/verax/core/failures/failure.ledger.js +132 -0
package/src/verax/core/failures/failure.types.js +196 -0
package/src/verax/core/failures/index.js +10 -0
package/src/verax/core/ga/ga-report-writer.js +43 -0
package/src/verax/core/ga/ga.artifact.js +49 -0
package/src/verax/core/ga/ga.contract.js +434 -0
package/src/verax/core/ga/ga.enforcer.js +86 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
package/src/verax/core/guardrails/policy.defaults.js +210 -0
package/src/verax/core/guardrails/policy.loader.js +83 -0
package/src/verax/core/guardrails/policy.schema.js +110 -0
package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
package/src/verax/core/guardrails-engine.js +505 -0
package/src/verax/core/observe/run-timeline.js +316 -0
package/src/verax/core/perf/perf.contract.js +186 -0
package/src/verax/core/perf/perf.display.js +65 -0
package/src/verax/core/perf/perf.enforcer.js +91 -0
package/src/verax/core/perf/perf.monitor.js +209 -0
package/src/verax/core/perf/perf.report.js +198 -0
package/src/verax/core/pipeline-tracker.js +238 -0
package/src/verax/core/product-definition.js +127 -0
package/src/verax/core/release/provenance.builder.js +271 -0
package/src/verax/core/release/release-report-writer.js +40 -0
package/src/verax/core/release/release.enforcer.js +159 -0
package/src/verax/core/release/reproducibility.check.js +221 -0
package/src/verax/core/release/sbom.builder.js +283 -0
package/src/verax/core/report/cross-index.js +192 -0
package/src/verax/core/report/human-summary.js +222 -0
package/src/verax/core/route-intelligence.js +419 -0
package/src/verax/core/security/secrets.scan.js +326 -0
package/src/verax/core/security/security-report.js +50 -0
package/src/verax/core/security/security.enforcer.js +124 -0
package/src/verax/core/security/supplychain.defaults.json +38 -0
package/src/verax/core/security/supplychain.policy.js +326 -0
package/src/verax/core/security/vuln.scan.js +265 -0
package/src/verax/core/truth/truth.certificate.js +250 -0
package/src/verax/core/ui-feedback-intelligence.js +515 -0
package/src/verax/detect/confidence-engine.js +628 -40
package/src/verax/detect/confidence-helper.js +33 -0
package/src/verax/detect/detection-engine.js +18 -1
package/src/verax/detect/dynamic-route-findings.js +335 -0
package/src/verax/detect/expectation-chain-detector.js +417 -0
package/src/verax/detect/expectation-model.js +3 -1
package/src/verax/detect/findings-writer.js +141 -5
package/src/verax/detect/index.js +229 -5
package/src/verax/detect/journey-stall-detector.js +558 -0
package/src/verax/detect/route-findings.js +218 -0
package/src/verax/detect/ui-feedback-findings.js +207 -0
package/src/verax/detect/verdict-engine.js +57 -3
package/src/verax/detect/view-switch-correlator.js +242 -0
package/src/verax/index.js +413 -45
package/src/verax/learn/action-contract-extractor.js +682 -64
package/src/verax/learn/route-validator.js +4 -1
package/src/verax/observe/index.js +88 -843
package/src/verax/observe/interaction-runner.js +25 -8
package/src/verax/observe/observe-context.js +205 -0
package/src/verax/observe/observe-helpers.js +191 -0
package/src/verax/observe/observe-runner.js +226 -0
package/src/verax/observe/observers/budget-observer.js +185 -0
package/src/verax/observe/observers/console-observer.js +102 -0
package/src/verax/observe/observers/coverage-observer.js +107 -0
package/src/verax/observe/observers/interaction-observer.js +471 -0
package/src/verax/observe/observers/navigation-observer.js +132 -0
package/src/verax/observe/observers/network-observer.js +87 -0
package/src/verax/observe/observers/safety-observer.js +82 -0
package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
package/src/verax/observe/ui-feedback-detector.js +742 -0
package/src/verax/observe/ui-signal-sensor.js +148 -2
package/src/verax/scan-summary-writer.js +42 -8
package/src/verax/shared/artifact-manager.js +8 -5
package/src/verax/shared/css-spinner-rules.js +204 -0
package/src/verax/shared/view-switch-rules.js +208 -0

package/src/verax/observe/interaction-runner.js CHANGED Viewed

@@ -12,6 +12,7 @@ import { FocusSensor } from './focus-sensor.js';
 import { AriaSensor } from './aria-sensor.js';
 import { TimingSensor } from './timing-sensor.js';
 import { HumanBehaviorDriver } from './human-driver.js';
+import { UIFeedbackDetector } from './ui-feedback-detector.js';
 // Import CLICK_TIMEOUT_MS from human-driver (re-export needed)
 const CLICK_TIMEOUT_MS = 2000;
@@ -131,6 +132,7 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
     freezeLikeThresholdMs: 3000
   });
   const humanDriver = new HumanBehaviorDriver({}, scanBudget);
+  const uiFeedbackDetector = new UIFeedbackDetector();
   let networkWindowId = null;
   let consoleWindowId = null;
@@ -175,7 +177,11 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
     }
     trace.page.beforeTitle = beforeTitle;
-    uiBefore = await uiSignalSensor.snapshot(page).catch(() => ({}));
+    const interactionTimestamp = timestamp || Date.now();
+    uiBefore = await uiSignalSensor.snapshot(page, interactionTimestamp, null).catch(() => ({}));
+    // UI FEEDBACK INTELLIGENCE: Capture before state for feedback detection
+    await uiFeedbackDetector.captureBefore(page, { targetSelector: interaction.selector });
     // A11Y INTELLIGENCE: Capture focus and ARIA state before interaction
     await focusSensor.captureBefore(page);
@@ -228,7 +234,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
       const networkSummary = networkSensor.stopWindow(networkWindowId);
       const consoleSummary = consoleSensor.stopWindow(consoleWindowId, page);
-      const uiAfter = await uiSignalSensor.snapshot(page);
+      const interactionTimestamp = timestamp || Date.now();
+      const uiAfter = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore);
       const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
       // STATE INTELLIGENCE: Capture after state and compute diff
@@ -417,7 +424,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
         // Record UI change if detected
         if (uiSignalSensor) {
-          const currentUi = await uiSignalSensor.snapshot(page).catch(() => ({}));
+          const interactionTimestamp = timestamp || Date.now();
+          const currentUi = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore).catch(() => ({}));
           const currentDiff = uiSignalSensor.diff(uiBefore, currentUi);
           if (currentDiff.changed) {
             timingSensor.recordUiChange();
@@ -473,7 +481,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
           }
         }
-        const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+        const interactionTimestamp = timestamp || Date.now();
+        const uiAfter = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore).catch(() => ({}));
         const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
         // STATE INTELLIGENCE: Capture after state and compute diff
@@ -597,9 +606,14 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
       }
     }
-    const uiAfter = await uiSignalSensor.snapshot(page);
+    const interactionTimestamp = timestamp || Date.now();
+    const uiAfter = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore);
     const uiDiff = uiSignalSensor.diff(uiBefore, uiAfter);
+    // UI FEEDBACK INTELLIGENCE: Capture after state and compute feedback signals
+    await uiFeedbackDetector.captureAfter(page);
+    const uiFeedbackSignals = uiFeedbackDetector.computeFeedbackSignals();
     // PERFORMANCE INTELLIGENCE: Record UI change in timing sensor if detected
     if (timingSensor && uiDiff.changed) {
       timingSensor.recordUiChange();
@@ -638,7 +652,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
         available: stateDiff.available,
         changed: stateDiff.changed,
         storeType: storeType
-      }
+      },
+      uiFeedback: uiFeedbackSignals // UI FEEDBACK INTELLIGENCE: Add feedback detection signals
     };
     return trace;
@@ -661,7 +676,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
         trace.sensors.console = consoleSensor.getEmptySummary();
       }
-      const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+      const interactionTimestamp = timestamp || Date.now();
+      const uiAfter = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore || {}).catch(() => ({}));
       const uiDiff = uiSignalSensor.diff(uiBefore || {}, uiAfter);
       // STATE INTELLIGENCE: Capture after state and compute diff
@@ -717,7 +733,8 @@ export async function runInteraction(page, interaction, timestamp, i, screenshot
       trace.sensors.state = { available: false, changed: [], storeType: null };
     }
-    const uiAfter = await uiSignalSensor.snapshot(page).catch(() => ({}));
+    const interactionTimestamp = timestamp || Date.now();
+    const uiAfter = await uiSignalSensor.snapshot(page, interactionTimestamp, uiBefore || {}).catch(() => ({}));
     const uiDiff = uiSignalSensor.diff(uiBefore || {}, uiAfter || {});
     trace.sensors.uiSignals = {
       before: uiBefore || {},

package/src/verax/observe/observe-context.js ADDED Viewed

@@ -0,0 +1,205 @@
+/**
+ * PHASE 21.3 — Observe Context Contract
+ *
+ * HARD CONTRACT: Defines the interface between observe-runner and observers
+ *
+ * RULES:
+ * - Observers MUST only access fields defined in this contract
+ * - Observers MUST NOT import from outside observe/*
+ * - Observers MUST NOT read files
+ * - Observers MUST NOT write artifacts directly
+ * - Observers MUST NOT mutate global state
+ * - Observers MUST propagate all errors (no silent catches)
+ *
+ * Runtime invariant checks enforce these rules.
+ */
+/**
+ * ObserveContext — The context passed to all observers
+ *
+ * @typedef {Object} ObserveContext
+ * @property {import('playwright').Page} page - Playwright page instance
+ * @property {string} baseOrigin - Base origin for same-origin checks
+ * @property {Object} scanBudget - Scan budget configuration
+ * @property {number} startTime - Start time of the scan (timestamp)
+ * @property {Object} frontier - PageFrontier instance
+ * @property {Object|null} manifest - Manifest object (if available)
+ * @property {Object|null} expectationResults - Expectation execution results
+ * @property {boolean} incrementalMode - Whether incremental mode is enabled
+ * @property {Object|null} oldSnapshot - Previous snapshot (if available)
+ * @property {Object|null} snapshotDiff - Snapshot diff (if available)
+ * @property {string} currentUrl - Current page URL
+ * @property {string} screenshotsDir - Directory for screenshots
+ * @property {number} timestamp - Timestamp for this observation
+ * @property {Object} decisionRecorder - DecisionRecorder instance
+ * @property {Object} silenceTracker - SilenceTracker instance
+ * @property {Object} safetyFlags - Safety flags { allowWrites, allowRiskyActions, allowCrossOrigin }
+ * @property {Object} routeBudget - Route-specific budget (computed)
+ */
+/**
+ * RunState — Mutable state passed between observers
+ *
+ * @typedef {Object} RunState
+ * @property {Array} traces - Array of interaction traces
+ * @property {Array} skippedInteractions - Array of skipped interactions
+ * @property {Array} observedExpectations - Array of observed expectations
+ * @property {number} totalInteractionsDiscovered - Total interactions discovered
+ * @property {number} totalInteractionsExecuted - Total interactions executed
+ * @property {Array} remainingInteractionsGaps - Remaining interaction gaps
+ * @property {boolean} navigatedToNewPage - Whether navigation occurred
+ * @property {string|null} navigatedPageUrl - URL of navigated page (if any)
+ */
+/**
+ * Observation — Result returned by an observer
+ *
+ * @typedef {Object} Observation
+ * @property {string} type - Type of observation (e.g., 'network_idle', 'console_error', 'ui_feedback')
+ * @property {string} scope - Scope of observation (e.g., 'page', 'interaction', 'navigation')
+ * @property {Object} data - Observation data
+ * @property {number} timestamp - Timestamp of observation
+ * @property {string} [url] - URL where observation occurred
+ */
+/**
+ * Forbidden imports that observers MUST NOT use
+ */
+const FORBIDDEN_IMPORTS = [
+  'fs',
+  'path',
+  '../core/determinism/report-writer',
+  '../core/scan-summary-writer',
+  './traces-writer',
+  './expectation-executor'
+];
+/**
+ * Forbidden context fields that observers MUST NOT access
+ */
+const FORBIDDEN_CONTEXT_FIELDS = [
+  'projectDir',
+  'runId',
+  'writeFileSync',
+  'readFileSync',
+  'mkdirSync'
+];
+/**
+ * Validate that an observer result is a valid Observation
+ *
+ * @param {Object} observation - Observation to validate
+ * @param {string} observerName - Name of observer for error messages
+ * @throws {Error} If observation is invalid
+ */
+export function validateObservation(observation, observerName) {
+  if (!observation) {
+    throw new Error(`${observerName}: Observer returned null/undefined observation`);
+  }
+  if (typeof observation !== 'object') {
+    throw new Error(`${observerName}: Observer returned non-object observation: ${typeof observation}`);
+  }
+  if (!observation.type || typeof observation.type !== 'string') {
+    throw new Error(`${observerName}: Observation missing or invalid 'type' field`);
+  }
+  if (!observation.scope || typeof observation.scope !== 'string') {
+    throw new Error(`${observerName}: Observation missing or invalid 'scope' field`);
+  }
+  if (!observation.data || typeof observation.data !== 'object') {
+    throw new Error(`${observerName}: Observation missing or invalid 'data' field`);
+  }
+  if (typeof observation.timestamp !== 'number') {
+    throw new Error(`${observerName}: Observation missing or invalid 'timestamp' field`);
+  }
+}
+/**
+ * Validate that context contains only allowed fields
+ *
+ * @param {Object} context - Context to validate
+ * @throws {Error} If context contains forbidden fields
+ */
+export function validateContext(context) {
+  for (const field of FORBIDDEN_CONTEXT_FIELDS) {
+    if (field in context) {
+      throw new Error(`ObserveContext contains forbidden field: ${field}. Observers must not access file I/O or project directories.`);
+    }
+  }
+}
+/**
+ * Create a safe context for observers (removes forbidden fields)
+ *
+ * @param {Object} rawContext - Raw context from observe-runner
+ * @returns {ObserveContext} Safe context for observers
+ */
+export function createObserveContext(rawContext) {
+  const {
+    page,
+    baseOrigin,
+    scanBudget,
+    startTime,
+    frontier,
+    manifest,
+    expectationResults,
+    incrementalMode,
+    oldSnapshot,
+    snapshotDiff,
+    currentUrl,
+    screenshotsDir,
+    timestamp,
+    decisionRecorder,
+    silenceTracker,
+    safetyFlags,
+    routeBudget
+  } = rawContext;
+  return {
+    page,
+    baseOrigin,
+    scanBudget,
+    startTime,
+    frontier,
+    manifest,
+    expectationResults,
+    incrementalMode,
+    oldSnapshot,
+    snapshotDiff,
+    currentUrl,
+    screenshotsDir,
+    timestamp,
+    decisionRecorder,
+    silenceTracker,
+    safetyFlags: safetyFlags || { allowWrites: false, allowRiskyActions: false, allowCrossOrigin: false },
+    routeBudget
+  };
+}
+/**
+ * Observer execution order (FIXED - must not change)
+ *
+ * This order is critical for determinism and correctness.
+ */
+export const OBSERVER_ORDER = [
+  'navigation-observer',  // 1. Navigation decisions first
+  'budget-observer',      // 2. Budget checks before interactions
+  'interaction-observer', // 3. Interaction discovery and execution
+  'network-observer',     // 4. Network state observation
+  'ui-feedback-observer', // 5. UI state observation
+  'console-observer',     // 6. Console error observation
+  'coverage-observer'     // 7. Coverage gap tracking
+];
+/**
+ * Get observer execution order
+ *
+ * @returns {Array<string>} Ordered list of observer names
+ */
+export function getObserverOrder() {
+  return [...OBSERVER_ORDER];
+}

package/src/verax/observe/observe-helpers.js ADDED Viewed

@@ -0,0 +1,191 @@
+/**
+ * PHASE 21.3 — Observe Helpers
+ *
+ * Helper functions extracted from observe/index.js to keep it slim
+ */
+import { resolve } from 'path';
+import { mkdirSync, writeFileSync } from 'fs';
+import { writeTraces } from './traces-writer.js';
+/**
+ * Setup manifest and expectations
+ */
+export async function setupManifestAndExpectations(manifestPath, projectDir, page, url, screenshotsDir, scanBudget, startTime, silenceTracker) {
+  const { readFileSync, existsSync } = await import('fs');
+  const { loadPreviousSnapshot, saveSnapshot, buildSnapshot, compareSnapshots } = await import('../core/incremental-store.js');
+  const { executeProvenExpectations } = await import('./expectation-executor.js');
+  const { isProvenExpectation } = await import('../shared/expectation-prover.js');
+  let manifest = null;
+  let expectationResults = null;
+  let expectationCoverageGaps = [];
+  let incrementalMode = false;
+  let snapshotDiff = null;
+  let oldSnapshot = null;
+  if (manifestPath && existsSync(manifestPath)) {
+    try {
+      const manifestContent = readFileSync(manifestPath, 'utf-8');
+      manifest = JSON.parse(manifestContent);
+      oldSnapshot = loadPreviousSnapshot(projectDir);
+      if (oldSnapshot) {
+        const currentSnapshot = buildSnapshot(manifest, []);
+        snapshotDiff = compareSnapshots(oldSnapshot, currentSnapshot);
+        incrementalMode = !snapshotDiff.hasChanges;
+      }
+      const provenCount = (manifest.staticExpectations || []).filter(exp => isProvenExpectation(exp)).length;
+      if (provenCount > 0) {
+        expectationResults = await executeProvenExpectations(page, manifest, url, screenshotsDir, scanBudget, startTime, projectDir);
+        expectationCoverageGaps = expectationResults.coverageGaps || [];
+      }
+    } catch (err) {
+      silenceTracker.record({
+        scope: 'discovery',
+        reason: 'discovery_error',
+        description: 'Manifest load or expectation execution failed',
+        context: { error: err?.message },
+        impact: 'incomplete_check'
+      });
+    }
+  }
+  return { manifest, expectationResults, expectationCoverageGaps, incrementalMode, snapshotDiff, oldSnapshot };
+}
+/**
+ * Process traversal results and build observation
+ */
+export async function processTraversalResults(traversalResult, expectationResults, expectationCoverageGaps, remainingInteractionsGaps, frontier, scanBudget, page, url, finalTraces, finalSkippedInteractions, finalObservedExpectations, silenceTracker, manifest, incrementalMode, snapshotDiff, projectDir, runId) {
+  // Combine all coverage gaps
+  const allCoverageGaps = [...expectationCoverageGaps];
+  if (remainingInteractionsGaps.length > 0) {
+    allCoverageGaps.push(...remainingInteractionsGaps.map(gap => ({
+      expectationId: null,
+      type: gap.interaction.type,
+      reason: gap.reason,
+      fromPath: gap.url,
+      source: null,
+      evidence: { interaction: gap.interaction }
+    })));
+  }
+  if (frontier.frontierCapped) {
+    allCoverageGaps.push({
+      expectationId: null,
+      type: 'navigation',
+      reason: 'frontier_capped',
+      fromPath: page.url(),
+      source: null,
+      evidence: { message: `Frontier capped at ${scanBudget.maxUniqueUrls || 'unlimited'} unique URLs` }
+    });
+  }
+  // Build coverage object
+  const coverage = {
+    candidatesDiscovered: traversalResult.totalInteractionsDiscovered,
+    candidatesSelected: traversalResult.totalInteractionsExecuted,
+    cap: scanBudget.maxTotalInteractions,
+    capped: traversalResult.totalInteractionsExecuted >= scanBudget.maxTotalInteractions || remainingInteractionsGaps.length > 0,
+    pagesVisited: frontier.pagesVisited,
+    pagesDiscovered: frontier.pagesDiscovered,
+    skippedInteractions: finalSkippedInteractions.length,
+    interactionsDiscovered: traversalResult.totalInteractionsDiscovered,
+    interactionsExecuted: traversalResult.totalInteractionsExecuted
+  };
+  // Build warnings
+  const observeWarnings = [];
+  if (coverage.capped) {
+    observeWarnings.push({
+      code: 'INTERACTIONS_CAPPED',
+      message: `Interaction execution capped. Visited ${coverage.pagesVisited} pages, discovered ${coverage.pagesDiscovered}, executed ${coverage.candidatesSelected} of ${coverage.candidatesDiscovered} interactions. Coverage incomplete.`
+    });
+  }
+  if (finalSkippedInteractions.length > 0) {
+    observeWarnings.push({
+      code: 'INTERACTIONS_SKIPPED',
+      message: `Skipped ${finalSkippedInteractions.length} dangerous interactions`,
+      details: finalSkippedInteractions
+    });
+  }
+  // Append expectation traces
+  if (expectationResults?.results) {
+    for (const result of expectationResults.results) {
+      if (result.trace) {
+        result.trace.expectationDriven = true;
+        result.trace.expectationId = result.expectationId;
+        result.trace.expectationOutcome = result.outcome;
+        finalTraces.push(result.trace);
+      }
+    }
+  }
+  // Write traces
+  const observation = writeTraces(projectDir, url, finalTraces, coverage, observeWarnings, finalObservedExpectations, silenceTracker, runId);
+  observation.silences = silenceTracker.getDetailedSummary();
+  // Add expectation execution results
+  if (expectationResults) {
+    observation.expectationExecution = {
+      totalProvenExpectations: expectationResults.totalProvenExpectations,
+      executedCount: expectationResults.executedCount,
+      coverageGapsCount: allCoverageGaps.length,
+      results: expectationResults.results.map(r => ({
+        expectationId: r.expectationId,
+        type: r.type,
+        fromPath: r.fromPath,
+        outcome: r.outcome,
+        reason: r.reason
+      }))
+    };
+    observation.expectationCoverageGaps = allCoverageGaps;
+  }
+  // Add incremental mode metadata
+  if (manifest) {
+    const { buildSnapshot, saveSnapshot } = await import('../core/incremental-store.js');
+    const observedInteractions = finalTraces
+      .filter(t => t.interaction && !t.incremental)
+      .map(t => ({
+        type: t.interaction?.type,
+        selector: t.interaction?.selector,
+        url: t.before?.url || url
+      }));
+    const currentSnapshot = buildSnapshot(manifest, observedInteractions);
+    saveSnapshot(projectDir, currentSnapshot, runId);
+    observation.incremental = {
+      enabled: incrementalMode,
+      snapshotDiff: snapshotDiff,
+      skippedInteractionsCount: finalSkippedInteractions.filter(s => s.reason === 'incremental_unchanged').length
+    };
+  }
+  return observation;
+}
+/**
+ * Write determinism artifacts
+ */
+export async function writeDeterminismArtifacts(projectDir, runId, decisionRecorder) {
+  // PHASE 25: Write determinism contract
+  const { writeDeterminismContract } = await import('../core/determinism/contract-writer.js');
+  const { getRunArtifactDir } = await import('../core/run-id.js');
+  const runDir = getRunArtifactDir(projectDir, runId);
+  writeDeterminismContract(runDir, decisionRecorder);
+  if (!runId || !projectDir) return;
+  const runsDir = resolve(projectDir, '.verax', 'runs', runId);
+  mkdirSync(runsDir, { recursive: true });
+  const decisionsPath = resolve(runsDir, 'decisions.json');
+  writeFileSync(decisionsPath, JSON.stringify(decisionRecorder.export(), null, 2), 'utf-8');
+  const { writeDeterminismReport } = await import('../core/determinism/report-writer.js');
+  writeDeterminismReport(runsDir, decisionRecorder);
+}