@veraxhq/verax 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -18
- package/bin/verax.js +7 -0
- package/package.json +3 -3
- package/src/cli/commands/baseline.js +104 -0
- package/src/cli/commands/default.js +79 -25
- package/src/cli/commands/ga.js +243 -0
- package/src/cli/commands/gates.js +95 -0
- package/src/cli/commands/inspect.js +131 -2
- package/src/cli/commands/release-check.js +213 -0
- package/src/cli/commands/run.js +246 -35
- package/src/cli/commands/security-check.js +211 -0
- package/src/cli/commands/truth.js +114 -0
- package/src/cli/entry.js +304 -67
- package/src/cli/util/angular-component-extractor.js +179 -0
- package/src/cli/util/angular-navigation-detector.js +141 -0
- package/src/cli/util/angular-network-detector.js +161 -0
- package/src/cli/util/angular-state-detector.js +162 -0
- package/src/cli/util/ast-interactive-detector.js +546 -0
- package/src/cli/util/ast-network-detector.js +603 -0
- package/src/cli/util/ast-usestate-detector.js +602 -0
- package/src/cli/util/bootstrap-guard.js +86 -0
- package/src/cli/util/determinism-runner.js +123 -0
- package/src/cli/util/determinism-writer.js +129 -0
- package/src/cli/util/env-url.js +4 -0
- package/src/cli/util/expectation-extractor.js +369 -73
- package/src/cli/util/findings-writer.js +126 -16
- package/src/cli/util/learn-writer.js +3 -1
- package/src/cli/util/observe-writer.js +3 -1
- package/src/cli/util/paths.js +3 -12
- package/src/cli/util/project-discovery.js +3 -0
- package/src/cli/util/project-writer.js +3 -1
- package/src/cli/util/run-resolver.js +64 -0
- package/src/cli/util/source-requirement.js +55 -0
- package/src/cli/util/summary-writer.js +1 -0
- package/src/cli/util/svelte-navigation-detector.js +163 -0
- package/src/cli/util/svelte-network-detector.js +80 -0
- package/src/cli/util/svelte-sfc-extractor.js +147 -0
- package/src/cli/util/svelte-state-detector.js +243 -0
- package/src/cli/util/vue-navigation-detector.js +177 -0
- package/src/cli/util/vue-sfc-extractor.js +162 -0
- package/src/cli/util/vue-state-detector.js +215 -0
- package/src/verax/cli/finding-explainer.js +56 -3
- package/src/verax/core/artifacts/registry.js +154 -0
- package/src/verax/core/artifacts/verifier.js +980 -0
- package/src/verax/core/baseline/baseline.enforcer.js +137 -0
- package/src/verax/core/baseline/baseline.snapshot.js +231 -0
- package/src/verax/core/capabilities/gates.js +499 -0
- package/src/verax/core/capabilities/registry.js +475 -0
- package/src/verax/core/confidence/confidence-compute.js +137 -0
- package/src/verax/core/confidence/confidence-invariants.js +234 -0
- package/src/verax/core/confidence/confidence-report-writer.js +112 -0
- package/src/verax/core/confidence/confidence-weights.js +44 -0
- package/src/verax/core/confidence/confidence.defaults.js +65 -0
- package/src/verax/core/confidence/confidence.loader.js +79 -0
- package/src/verax/core/confidence/confidence.schema.js +94 -0
- package/src/verax/core/confidence-engine-refactor.js +484 -0
- package/src/verax/core/confidence-engine.js +486 -0
- package/src/verax/core/confidence-engine.js.backup +471 -0
- package/src/verax/core/contracts/index.js +29 -0
- package/src/verax/core/contracts/types.js +185 -0
- package/src/verax/core/contracts/validators.js +381 -0
- package/src/verax/core/decision-snapshot.js +30 -3
- package/src/verax/core/decisions/decision.trace.js +276 -0
- package/src/verax/core/determinism/contract-writer.js +89 -0
- package/src/verax/core/determinism/contract.js +139 -0
- package/src/verax/core/determinism/diff.js +364 -0
- package/src/verax/core/determinism/engine.js +221 -0
- package/src/verax/core/determinism/finding-identity.js +148 -0
- package/src/verax/core/determinism/normalize.js +438 -0
- package/src/verax/core/determinism/report-writer.js +92 -0
- package/src/verax/core/determinism/run-fingerprint.js +118 -0
- package/src/verax/core/dynamic-route-intelligence.js +528 -0
- package/src/verax/core/evidence/evidence-capture-service.js +307 -0
- package/src/verax/core/evidence/evidence-intent-ledger.js +165 -0
- package/src/verax/core/evidence-builder.js +487 -0
- package/src/verax/core/execution-mode-context.js +77 -0
- package/src/verax/core/execution-mode-detector.js +190 -0
- package/src/verax/core/failures/exit-codes.js +86 -0
- package/src/verax/core/failures/failure-summary.js +76 -0
- package/src/verax/core/failures/failure.factory.js +225 -0
- package/src/verax/core/failures/failure.ledger.js +132 -0
- package/src/verax/core/failures/failure.types.js +196 -0
- package/src/verax/core/failures/index.js +10 -0
- package/src/verax/core/ga/ga-report-writer.js +43 -0
- package/src/verax/core/ga/ga.artifact.js +49 -0
- package/src/verax/core/ga/ga.contract.js +434 -0
- package/src/verax/core/ga/ga.enforcer.js +86 -0
- package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
- package/src/verax/core/guardrails/policy.defaults.js +210 -0
- package/src/verax/core/guardrails/policy.loader.js +83 -0
- package/src/verax/core/guardrails/policy.schema.js +110 -0
- package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
- package/src/verax/core/guardrails-engine.js +505 -0
- package/src/verax/core/observe/run-timeline.js +316 -0
- package/src/verax/core/perf/perf.contract.js +186 -0
- package/src/verax/core/perf/perf.display.js +65 -0
- package/src/verax/core/perf/perf.enforcer.js +91 -0
- package/src/verax/core/perf/perf.monitor.js +209 -0
- package/src/verax/core/perf/perf.report.js +198 -0
- package/src/verax/core/pipeline-tracker.js +238 -0
- package/src/verax/core/product-definition.js +127 -0
- package/src/verax/core/release/provenance.builder.js +271 -0
- package/src/verax/core/release/release-report-writer.js +40 -0
- package/src/verax/core/release/release.enforcer.js +159 -0
- package/src/verax/core/release/reproducibility.check.js +221 -0
- package/src/verax/core/release/sbom.builder.js +283 -0
- package/src/verax/core/report/cross-index.js +192 -0
- package/src/verax/core/report/human-summary.js +222 -0
- package/src/verax/core/route-intelligence.js +419 -0
- package/src/verax/core/security/secrets.scan.js +326 -0
- package/src/verax/core/security/security-report.js +50 -0
- package/src/verax/core/security/security.enforcer.js +124 -0
- package/src/verax/core/security/supplychain.defaults.json +38 -0
- package/src/verax/core/security/supplychain.policy.js +326 -0
- package/src/verax/core/security/vuln.scan.js +265 -0
- package/src/verax/core/truth/truth.certificate.js +250 -0
- package/src/verax/core/ui-feedback-intelligence.js +515 -0
- package/src/verax/detect/confidence-engine.js +628 -40
- package/src/verax/detect/confidence-helper.js +33 -0
- package/src/verax/detect/detection-engine.js +18 -1
- package/src/verax/detect/dynamic-route-findings.js +335 -0
- package/src/verax/detect/expectation-chain-detector.js +417 -0
- package/src/verax/detect/expectation-model.js +3 -1
- package/src/verax/detect/findings-writer.js +141 -5
- package/src/verax/detect/index.js +229 -5
- package/src/verax/detect/journey-stall-detector.js +558 -0
- package/src/verax/detect/route-findings.js +218 -0
- package/src/verax/detect/ui-feedback-findings.js +207 -0
- package/src/verax/detect/verdict-engine.js +57 -3
- package/src/verax/detect/view-switch-correlator.js +242 -0
- package/src/verax/index.js +413 -45
- package/src/verax/learn/action-contract-extractor.js +682 -64
- package/src/verax/learn/route-validator.js +4 -1
- package/src/verax/observe/index.js +88 -843
- package/src/verax/observe/interaction-runner.js +25 -8
- package/src/verax/observe/observe-context.js +205 -0
- package/src/verax/observe/observe-helpers.js +191 -0
- package/src/verax/observe/observe-runner.js +226 -0
- package/src/verax/observe/observers/budget-observer.js +185 -0
- package/src/verax/observe/observers/console-observer.js +102 -0
- package/src/verax/observe/observers/coverage-observer.js +107 -0
- package/src/verax/observe/observers/interaction-observer.js +471 -0
- package/src/verax/observe/observers/navigation-observer.js +132 -0
- package/src/verax/observe/observers/network-observer.js +87 -0
- package/src/verax/observe/observers/safety-observer.js +82 -0
- package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
- package/src/verax/observe/ui-feedback-detector.js +742 -0
- package/src/verax/observe/ui-signal-sensor.js +148 -2
- package/src/verax/scan-summary-writer.js +42 -8
- package/src/verax/shared/artifact-manager.js +8 -5
- package/src/verax/shared/css-spinner-rules.js +204 -0
- package/src/verax/shared/view-switch-rules.js +208 -0
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PHASE 21.3 — Safety Observer
|
|
3
|
+
*
|
|
4
|
+
* Responsibilities:
|
|
5
|
+
* - Network interception (cross-origin blocking, write method blocking)
|
|
6
|
+
* - NO file I/O
|
|
7
|
+
* - NO side effects outside its scope
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
/**
|
|
11
|
+
* Setup network interception firewall
|
|
12
|
+
*
|
|
13
|
+
* @param {ObserveContext} context - Observe context
|
|
14
|
+
* @returns {Promise<void>}
|
|
15
|
+
*/
|
|
16
|
+
export async function setupNetworkInterception(context) {
|
|
17
|
+
const { page, baseOrigin, safetyFlags, silenceTracker, blockedNetworkWrites, blockedCrossOrigin } = context;
|
|
18
|
+
const { allowWrites = false, allowCrossOrigin = false } = safetyFlags;
|
|
19
|
+
|
|
20
|
+
await page.route('**/*', (route) => {
|
|
21
|
+
const request = route.request();
|
|
22
|
+
const method = request.method();
|
|
23
|
+
const requestUrl = request.url();
|
|
24
|
+
const resourceType = request.resourceType();
|
|
25
|
+
|
|
26
|
+
// Check cross-origin blocking (skip for file:// URLs)
|
|
27
|
+
if (!allowCrossOrigin && !requestUrl.startsWith('file://')) {
|
|
28
|
+
try {
|
|
29
|
+
const reqOrigin = new URL(requestUrl).origin;
|
|
30
|
+
if (reqOrigin !== baseOrigin) {
|
|
31
|
+
blockedCrossOrigin.push({
|
|
32
|
+
url: requestUrl,
|
|
33
|
+
origin: reqOrigin,
|
|
34
|
+
method,
|
|
35
|
+
resourceType,
|
|
36
|
+
timestamp: Date.now()
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
silenceTracker.record({
|
|
40
|
+
scope: 'safety',
|
|
41
|
+
reason: 'cross_origin_blocked',
|
|
42
|
+
description: `Cross-origin request blocked: ${method} ${requestUrl}`,
|
|
43
|
+
context: { url: requestUrl, origin: reqOrigin, method, baseOrigin },
|
|
44
|
+
impact: 'request_blocked'
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
return route.abort('blockedbyclient');
|
|
48
|
+
}
|
|
49
|
+
} catch (e) {
|
|
50
|
+
// Invalid URL, allow and let browser handle
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
// Check write method blocking
|
|
55
|
+
if (!allowWrites && ['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
|
|
56
|
+
// Check if it's a GraphQL mutation (best-effort)
|
|
57
|
+
const isGraphQLMutation = requestUrl.includes('/graphql') && method === 'POST';
|
|
58
|
+
|
|
59
|
+
blockedNetworkWrites.push({
|
|
60
|
+
url: requestUrl,
|
|
61
|
+
method,
|
|
62
|
+
resourceType,
|
|
63
|
+
isGraphQLMutation,
|
|
64
|
+
timestamp: Date.now()
|
|
65
|
+
});
|
|
66
|
+
|
|
67
|
+
silenceTracker.record({
|
|
68
|
+
scope: 'safety',
|
|
69
|
+
reason: 'blocked_network_write',
|
|
70
|
+
description: `Network write blocked: ${method} ${requestUrl}${isGraphQLMutation ? ' (GraphQL mutation)' : ''}`,
|
|
71
|
+
context: { url: requestUrl, method, resourceType, isGraphQLMutation },
|
|
72
|
+
impact: 'write_blocked'
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
return route.abort('blockedbyclient');
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
// Allow request
|
|
79
|
+
route.continue();
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PHASE 21.3 — UI Feedback Observer
|
|
3
|
+
*
|
|
4
|
+
* Responsibilities:
|
|
5
|
+
* - DOM mutation observation
|
|
6
|
+
* - Loading / disabled / feedback signals
|
|
7
|
+
* - UI settle signals (NO adaptive waiting - that's in settle.js)
|
|
8
|
+
*
|
|
9
|
+
* NO file I/O
|
|
10
|
+
* NO side effects outside its scope
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
import { UISignalSensor } from '../ui-signal-sensor.js';
|
|
14
|
+
import { captureDomSignature } from '../dom-signature.js';
|
|
15
|
+
|
|
16
|
+
/**
|
|
17
|
+
* Observe UI feedback and DOM state on current page
|
|
18
|
+
*
|
|
19
|
+
* @param {ObserveContext} context - Observe context
|
|
20
|
+
* @param {RunState} runState - Current run state
|
|
21
|
+
* @returns {Promise<Array<Observation>>} Array of UI feedback observations
|
|
22
|
+
*/
|
|
23
|
+
export async function observe(context, runState) {
|
|
24
|
+
const { page, currentUrl, timestamp } = context;
|
|
25
|
+
const observations = [];
|
|
26
|
+
|
|
27
|
+
try {
|
|
28
|
+
// Capture current UI signals
|
|
29
|
+
const uiSignalSensor = new UISignalSensor();
|
|
30
|
+
const uiSignals = await uiSignalSensor.snapshot(page);
|
|
31
|
+
|
|
32
|
+
// Capture DOM signature for mutation tracking
|
|
33
|
+
const domSignature = await captureDomSignature(page);
|
|
34
|
+
|
|
35
|
+
// Create observation for UI signals
|
|
36
|
+
observations.push({
|
|
37
|
+
type: 'ui_feedback',
|
|
38
|
+
scope: 'page',
|
|
39
|
+
data: {
|
|
40
|
+
hasLoadingIndicator: uiSignals.hasLoadingIndicator,
|
|
41
|
+
hasDialog: uiSignals.hasDialog,
|
|
42
|
+
hasErrorSignal: uiSignals.hasErrorSignal,
|
|
43
|
+
hasStatusSignal: uiSignals.hasStatusSignal,
|
|
44
|
+
hasLiveRegion: uiSignals.hasLiveRegion,
|
|
45
|
+
validationFeedbackDetected: uiSignals.validationFeedbackDetected,
|
|
46
|
+
disabledElementsCount: uiSignals.disabledElements?.length || 0,
|
|
47
|
+
explanation: uiSignals.explanation || []
|
|
48
|
+
},
|
|
49
|
+
timestamp,
|
|
50
|
+
url: currentUrl
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
// Create observation for DOM state
|
|
54
|
+
observations.push({
|
|
55
|
+
type: 'dom_state',
|
|
56
|
+
scope: 'page',
|
|
57
|
+
data: {
|
|
58
|
+
domHash: domSignature,
|
|
59
|
+
hasDom: !!domSignature
|
|
60
|
+
},
|
|
61
|
+
timestamp,
|
|
62
|
+
url: currentUrl
|
|
63
|
+
});
|
|
64
|
+
|
|
65
|
+
// If there are loading indicators, create specific observation
|
|
66
|
+
if (uiSignals.hasLoadingIndicator) {
|
|
67
|
+
observations.push({
|
|
68
|
+
type: 'ui_loading',
|
|
69
|
+
scope: 'page',
|
|
70
|
+
data: {
|
|
71
|
+
loading: true,
|
|
72
|
+
explanation: uiSignals.explanation?.filter(e => e.includes('loading') || e.includes('busy')) || []
|
|
73
|
+
},
|
|
74
|
+
timestamp,
|
|
75
|
+
url: currentUrl
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
// If there are disabled elements, create observation
|
|
80
|
+
if (uiSignals.disabledElements && uiSignals.disabledElements.length > 0) {
|
|
81
|
+
observations.push({
|
|
82
|
+
type: 'ui_disabled',
|
|
83
|
+
scope: 'page',
|
|
84
|
+
data: {
|
|
85
|
+
disabledCount: uiSignals.disabledElements.length,
|
|
86
|
+
disabledElements: uiSignals.disabledElements.slice(0, 10) // Limit to 10
|
|
87
|
+
},
|
|
88
|
+
timestamp,
|
|
89
|
+
url: currentUrl
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
} catch (error) {
|
|
93
|
+
// Propagate error - no silent catch
|
|
94
|
+
throw new Error(`UI feedback observer failed: ${error.message}`);
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
return observations;
|
|
98
|
+
}
|
|
99
|
+
|