@veraxhq/verax 0.2.1 → 0.4.0

package/src/cli/util/vue-state-detector.js

@@ -0,0 +1,215 @@
+/**
+ * PHASE 20 — Vue State Promise Detection
+ * 
+ * Detects ref/reactive mutations that are UI-bound:
+ * - ref declarations: const count = ref(0);
+ * - reactive: const state = reactive({ x: 1 });
+ * - Only emit if identifiers are used in template bindings
+ */
+
+import { parse } from '@babel/parser';
+import _traverse from '@babel/traverse';
+
+const traverse = _traverse.default || _traverse;
+
+/**
+ * PHASE 20: Detect Vue state promises
+ * 
+ * @param {string} scriptContent - Script block content
+ * @param {string} filePath - File path
+ * @param {string} relPath - Relative path
+ * @param {Object} scriptBlock - Script block metadata
+ * @param {Object} templateBindings - Template bindings
+ * @returns {Array} State promises
+ */
+export function detectVueStatePromises(scriptContent, filePath, relPath, scriptBlock, templateBindings) {
+  const promises = [];
+  const templateVars = new Set(templateBindings.bindings || []);
+  
+  if (templateVars.size === 0) {
+    return promises; // No template bindings, skip
+  }
+  
+  try {
+    const ast = parse(scriptContent, {
+      sourceType: 'module',
+      plugins: [
+        'typescript',
+        'classProperties',
+        'optionalChaining',
+        'nullishCoalescingOperator',
+        'dynamicImport',
+        'topLevelAwait',
+        'objectRestSpread',
+      ],
+      errorRecovery: true,
+    });
+    
+    const lines = scriptContent.split('\n');
+    const refDeclarations = new Map(); // varName -> { loc, astSource }
+    const reactiveDeclarations = new Map();
+    
+    traverse(ast, {
+      // Detect ref() declarations
+      VariableDeclarator(path) {
+        const node = path.node;
+        const init = node.init;
+        
+        if (init && init.type === 'CallExpression') {
+          const callee = init.callee;
+          
+          // ref(0) or ref({})
+          if (callee.type === 'Identifier' && callee.name === 'ref') {
+            const varName = node.id.name;
+            if (templateVars.has(varName)) {
+              const loc = node.loc;
+              const line = loc ? loc.start.line : 1;
+              const astSource = lines.slice(line - 1, loc ? loc.end.line : line)
+                .join('\n')
+                .substring(0, 200);
+              
+              refDeclarations.set(varName, {
+                loc,
+                astSource,
+                line,
+              });
+            }
+          }
+          
+          // reactive({})
+          if (callee.type === 'Identifier' && callee.name === 'reactive') {
+            const varName = node.id.name;
+            if (templateVars.has(varName)) {
+              const loc = node.loc;
+              const line = loc ? loc.start.line : 1;
+              const astSource = lines.slice(line - 1, loc ? loc.end.line : line)
+                .join('\n')
+                .substring(0, 200);
+              
+              reactiveDeclarations.set(varName, {
+                loc,
+                astSource,
+                line,
+              });
+            }
+          }
+        }
+      },
+      
+      // Detect mutations: count.value = ... or state.x = ...
+      AssignmentExpression(path) {
+        const node = path.node;
+        const left = node.left;
+        
+        // count.value = ...
+        if (left.type === 'MemberExpression' && 
+            left.property.name === 'value' &&
+            left.object.type === 'Identifier') {
+          const varName = left.object.name;
+          
+          if (refDeclarations.has(varName) && templateVars.has(varName)) {
+            const _decl = refDeclarations.get(varName);
+            const loc = node.loc;
+            const line = loc ? loc.start.line : 1;
+            const column = loc ? loc.start.column : 0;
+            
+            const astSource = lines.slice(line - 1, loc ? loc.end.line : line)
+              .join('\n')
+              .substring(0, 200);
+            
+            const context = buildContext(path);
+            
+            promises.push({
+              type: 'state',
+              promise: {
+                kind: 'state-change',
+                value: `${varName}.value`,
+                stateVar: varName,
+              },
+              source: {
+                file: relPath,
+                line,
+                column,
+                context,
+                astSource,
+              },
+              confidence: 0.9,
+            });
+          }
+        }
+        
+        // state.x = ...
+        if (left.type === 'MemberExpression' &&
+            left.object.type === 'Identifier') {
+          const varName = left.object.name;
+          
+          if (reactiveDeclarations.has(varName) && templateVars.has(varName)) {
+            const loc = node.loc;
+            const line = loc ? loc.start.line : 1;
+            const column = loc ? loc.start.column : 0;
+            
+            const astSource = lines.slice(line - 1, loc ? loc.end.line : line)
+              .join('\n')
+              .substring(0, 200);
+            
+            const context = buildContext(path);
+            const propName = left.property.name || '<property>';
+            
+            promises.push({
+              type: 'state',
+              promise: {
+                kind: 'state-change',
+                value: `${varName}.${propName}`,
+                stateVar: varName,
+              },
+              source: {
+                file: relPath,
+                line,
+                column,
+                context,
+                astSource,
+              },
+              confidence: 0.9,
+            });
+          }
+        }
+      },
+    });
+  } catch (error) {
+    // Parse error - skip
+  }
+  
+  return promises;
+}
+
+/**
+ * Build context chain from AST path
+ */
+function buildContext(path) {
+  const context = [];
+  let current = path;
+  
+  while (current) {
+    if (current.isFunctionDeclaration()) {
+      context.push({
+        type: 'function',
+        name: current.node.id?.name || '<anonymous>',
+      });
+    } else if (current.isArrowFunctionExpression()) {
+      context.push({
+        type: 'arrow-function',
+        name: '<arrow>',
+      });
+    } else if (current.isMethodDefinition()) {
+      context.push({
+        type: 'method',
+        name: current.node.key?.name || '<method>',
+      });
+    }
+    
+    current = current.parentPath;
+  }
+  
+  return context.reverse().map(c => `${c.type}:${c.name}`).join(' > ');
+}
+

package/src/types/fs-augment.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Type augmentation for Node.js fs module
+ * Provides more precise return types for readFileSync with encoding
+ */
+
+declare module 'fs' {
+  import { PathLike } from 'fs';
+  
+  /**
+   * Augment readFileSync to return string when encoding is specified
+   */
+  export function readFileSync(
+    path: PathLike | number,
+    options?: { encoding?: null; flag?: string } | null
+  ): Buffer;
+  
+  export function readFileSync(
+    path: PathLike | number,
+    options: { encoding: BufferEncoding; flag?: string } | BufferEncoding
+  ): string;
+}
+
+export {};

package/src/types/global.d.ts

@@ -24,5 +24,142 @@ import type { Page as PlaywrightPage } from 'playwright';
 // Re-export for use in JS files
 export type Page = PlaywrightPage;
 
+// Node.js built-in module declarations
+declare module 'fs' {
+  export interface Stats {
+    isDirectory(): boolean;
+    isFile(): boolean;
+    size: number;
+    mtime: Date;
+  }
+
+  export interface WriteFileOptions {
+    encoding?: BufferEncoding;
+    mode?: number;
+    flag?: string;
+  }
+
+  export interface ReadFileOptions {
+    encoding?: BufferEncoding | string;
+    flag?: string;
+  }
+
+  export interface RmOptions {
+    force?: boolean;
+    recursive?: boolean;
+    maxRetries?: number;
+  }
+
+  export interface MkdirOptions {
+    recursive?: boolean;
+    mode?: number;
+  }
+
+  export interface ReaddirOptions {
+    encoding?: BufferEncoding | string;
+    withFileTypes?: boolean;
+  }
+
+  export function readFileSync(path: string | Buffer, encoding?: string | ReadFileOptions): string | Buffer;
+  export function writeFileSync(path: string, data: string | Buffer, options?: WriteFileOptions | string): void;
+  export function existsSync(path: string | Buffer): boolean;
+  export function mkdirSync(path: string, options?: MkdirOptions): string | undefined;
+  export function rmSync(path: string, options?: RmOptions): void;
+  export function readdirSync(path: string, options?: ReaddirOptions | string): string[] | any[];
+  export function statSync(path: string): Stats;
+  export function renameSync(oldPath: string, newPath: string): void;
+  export function unlinkSync(path: string): void;
+  export function mkdtempSync(prefix: string): string;
+  export function appendFileSync(path: string, data: string | Buffer, options?: WriteFileOptions | string): void;
+  export function createWriteStream(path: string, options?: any): any;
+}
+
+declare module 'path' {
+  export function resolve(...paths: string[]): string;
+  export function join(...paths: string[]): string;
+  export function dirname(p: string): string;
+  export function basename(p: string, ext?: string): string;
+  export function extname(p: string): string;
+  export function relative(from: string, to: string): string;
+  export function normalize(p: string): string;
+  export const sep: string;
+  export const delimiter: string;
+  export const posix: {
+    resolve: typeof resolve;
+    join: typeof join;
+    dirname: typeof dirname;
+    basename: typeof basename;
+  };
+  export const win32: {
+    resolve: typeof resolve;
+    join: typeof join;
+    dirname: typeof dirname;
+    basename: typeof basename;
+  };
+}
+
+declare module 'crypto' {
+  export interface Hash {
+    update(data: string | Buffer, encoding?: string): Hash;
+    digest(encoding?: string): string | Buffer;
+  }
+
+  export function createHash(algorithm: string): Hash;
+  export function randomBytes(size: number): Buffer;
+  export function createHmac(algorithm: string, key: string | Buffer): {
+    update(data: string | Buffer, encoding?: string): any;
+    digest(encoding?: string): string;
+  };
+}
+
+declare module 'os' {
+  export function tmpdir(): string;
+  export function cwd(): string;
+}
+
+declare module 'url' {
+  export function fileURLToPath(url: string | URL): string;
+  export class URL {
+    constructor(input: string, base?: string | URL);
+    href: string;
+    protocol: string;
+    host: string;
+    pathname: string;
+  }
+}
+
+declare module 'http' {
+  export interface Server {
+    close(callback?: () => void): void;
+    listen(port?: number, host?: string, callback?: () => void): void;
+  }
+
+  export function createServer(requestListener?: (req: any, res: any) => void): Server;
+}
+
+declare global {
+  class Buffer {
+    static from(data: string, encoding?: string): Buffer;
+    static isBuffer(obj: any): obj is Buffer;
+    toString(encoding?: string): string;
+  }
+
+  namespace NodeJS {
+    interface ProcessEnv {
+      [key: string]: string | undefined;
+    }
+
+    interface Process {
+      env: ProcessEnv;
+      argv: string[];
+      cwd(): string;
+      exit(code?: number): never;
+      on(event: string, listener: (...args: any[]) => void): void;
+    }
+  }
+
+  const process: NodeJS.Process;
+}
+
 export {};
 

package/src/types/internal-types.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Internal type definitions for VERAX
+ * Minimal types to satisfy TypeScript checking
+ * 
+ * @typedef {Object} ObserveContext
+ * @property {string} url
+ * @property {string} projectDir
+ * @property {string} runId
+ * @property {SilenceTracker} silenceTracker
+ * @property {*} decisionRecorder
+ * @property {*} scanBudget
+ * 
+ * @typedef {Object} RunState
+ * @property {number} totalInteractions
+ * @property {number} totalPages
+ * @property {number} startTime
+ * 
+ * @typedef {Object} SilenceTracker
+ * @property {function(*): void} record
+ * @property {function(): *} getSilenceReport
+ * 
+ * @typedef {Object} PageFrontier
+ * @property {function(string, *=): void} addPage
+ * @property {function(): *} getNextPage
+ * @property {function(): boolean} hasPages
+ * 
+ * @typedef {Object} Observation
+ * @property {string} type
+ * @property {*} data
+ * @property {number=} timestamp
+ */
+
+// Export as module
+export {};
+

package/src/verax/cli/init.js

@@ -6,7 +6,6 @@
 
 import { existsSync, writeFileSync, mkdirSync } from 'fs';
 import { resolve } from 'path';
-import { getDefaultConfig } from '../shared/config-loader.js';
 
 /**
  * Initialize VERAX configuration
@@ -27,16 +26,8 @@ export async function runInit(options = {}) {
   // Create .verax directory if needed
   const veraxDir = resolve(projectRoot, '.verax');
   mkdirSync(veraxDir, { recursive: true });
-  
-  // Create config.json
-  const configPath = resolve(veraxDir, 'config.json');
-  if (existsSync(configPath) && !yes) {
-    skipped.push('config.json');
-  } else {
-    const defaultConfig = getDefaultConfig();
-    writeFileSync(configPath, JSON.stringify(defaultConfig, null, 2) + '\n');
-    created.push('config.json');
-  }
+
+  // Zero-config enforcement: do not scaffold config files
   
   // Create CI template if requested
   if (ciTemplate === 'github') {
@@ -75,7 +66,7 @@ jobs:
       - name: Start fixture server
         id: fixture-server
         run: |
-          node test/helpers/fixture-server.js &
+          node test/infrastructure/fixture-server.js &
           SERVER_PID=$!
           echo "SERVER_PID=$SERVER_PID" >> $GITHUB_ENV
           sleep 3
@@ -211,12 +202,7 @@ export function printInitResults(results) {
     });
   }
   
-  if (results.created.includes('config.json')) {
-    console.error('\n📝 Next Steps:');
-    console.error('  1. Review .verax/config.json and adjust settings');
-    console.error('  2. Run: verax doctor (to verify setup)');
-    console.error('  3. Run: verax run --url <your-url>');
-  }
+  // No config scaffolding in zero-config mode
   
   if (results.created.includes('.github/workflows/verax-ci.yml')) {
     console.error('\n🔧 CI Setup:');

package/src/verax/core/action-classifier.js

@@ -67,18 +67,19 @@ export function classifyAction(interaction) {
 /**
  * Check if action should be blocked based on safety mode and flags
  * @param {Object} interaction - Interaction to check
- * @param {Object} flags - Safety flags { allowWrites: boolean, allowRiskyActions: boolean }
+ * @param {Object} flags - Safety flags { allowRiskyActions: boolean }
  * @returns {Object} { shouldBlock: boolean, classification: string, reason: string }
  */
 export function shouldBlockAction(interaction, flags = {}) {
-  const { allowWrites = false, allowRiskyActions = false } = flags;
+  const { allowRiskyActions = false } = flags;
   const { classification, reason } = classifyAction(interaction);
 
   if (classification === 'RISKY' && !allowRiskyActions) {
     return { shouldBlock: true, classification, reason };
   }
 
-  if (classification === 'WRITE_INTENT' && !allowWrites) {
+  // CONSTITUTIONAL: Always block write intents (read-only mode enforced)
+  if (classification === 'WRITE_INTENT') {
     return { shouldBlock: true, classification, reason };
   }
 

package/src/verax/core/artifacts/registry.js

@@ -0,0 +1,139 @@
+import { join } from 'path';
+
+export const ARTIFACT_REGISTRY = {
+  runStatus: {
+    key: 'runStatus',
+    filename: 'run.status.json',
+    stage: 'init',
+    contractVersion: 1,
+    type: 'file'
+  },
+  runMeta: {
+    key: 'runMeta',
+    filename: 'run.meta.json',
+    stage: 'init',
+    contractVersion: 1,
+    type: 'file'
+  },
+  summary: {
+    key: 'summary',
+    filename: 'summary.json',
+    stage: 'finalize',
+    contractVersion: 1,
+    type: 'file'
+  },
+  findings: {
+    key: 'findings',
+    filename: 'findings.json',
+    stage: 'detect',
+    contractVersion: 1,
+    type: 'file'
+  },
+  learn: {
+    key: 'learn',
+    filename: 'learn.json',
+    stage: 'learn',
+    contractVersion: 1,
+    type: 'file'
+  },
+  observe: {
+    key: 'observe',
+    filename: 'observe.json',
+    stage: 'observe',
+    contractVersion: 1,
+    type: 'file'
+  },
+  project: {
+    key: 'project',
+    filename: 'project.json',
+    stage: 'init',
+    contractVersion: 1,
+    type: 'file'
+  },
+  traces: {
+    key: 'traces',
+    filename: 'traces.jsonl',
+    stage: 'finalize',
+    contractVersion: 1,
+    type: 'file'
+  },
+  evidence: {
+    key: 'evidence',
+    filename: 'evidence',
+    stage: 'observe',
+    contractVersion: 1,
+    type: 'directory'
+  },
+  scanSummary: {
+    key: 'scanSummary',
+    filename: 'scan-summary.json',
+    stage: 'finalize',
+    contractVersion: 1,
+    type: 'file'
+  },
+  determinismReport: {
+    key: 'determinismReport',
+    filename: 'determinism.report.json',
+    stage: 'finalize',
+    contractVersion: 1,
+    type: 'file'
+  },
+  evidenceIntent: {
+    key: 'evidenceIntent',
+    filename: 'evidence.intent.json',
+    stage: 'detect',
+    contractVersion: 1,
+    type: 'file'
+  },
+  guardrailsReport: {
+    key: 'guardrailsReport',
+    filename: 'guardrails.report.json',
+    stage: 'detect',
+    contractVersion: 1,
+    type: 'file'
+  },
+  confidenceReport: {
+    key: 'confidenceReport',
+    filename: 'confidence.report.json',
+    stage: 'detect',
+    contractVersion: 1,
+    type: 'file'
+  },
+  determinismContract: {
+    key: 'determinismContract',
+    filename: 'determinism.contract.json',
+    stage: 'observe',
+    contractVersion: 1,
+    type: 'file'
+  }
+};
+
+export function getArtifactVersions() {
+  const versions = {};
+  for (const [key, def] of Object.entries(ARTIFACT_REGISTRY)) {
+    versions[key] = def.contractVersion;
+  }
+  return versions;
+}
+
+export function buildRunArtifactPaths(baseDir) {
+  return {
+    baseDir,
+    runStatusJson: join(baseDir, ARTIFACT_REGISTRY.runStatus.filename),
+    runMetaJson: join(baseDir, ARTIFACT_REGISTRY.runMeta.filename),
+    summaryJson: join(baseDir, ARTIFACT_REGISTRY.summary.filename),
+    findingsJson: join(baseDir, ARTIFACT_REGISTRY.findings.filename),
+    tracesJsonl: join(baseDir, ARTIFACT_REGISTRY.traces.filename),
+    evidenceDir: join(baseDir, ARTIFACT_REGISTRY.evidence.filename),
+    learnJson: join(baseDir, ARTIFACT_REGISTRY.learn.filename),
+    observeJson: join(baseDir, ARTIFACT_REGISTRY.observe.filename),
+    projectJson: join(baseDir, ARTIFACT_REGISTRY.project.filename),
+    scanSummaryJson: join(baseDir, ARTIFACT_REGISTRY.scanSummary.filename),
+    evidenceIntentJson: join(baseDir, ARTIFACT_REGISTRY.evidenceIntent.filename),
+    guardrailsReportJson: join(baseDir, ARTIFACT_REGISTRY.guardrailsReport.filename),
+    confidenceReportJson: join(baseDir, ARTIFACT_REGISTRY.confidenceReport.filename),
+    determinismContractJson: join(baseDir, ARTIFACT_REGISTRY.determinismContract.filename),
+    determinismReportJson: join(baseDir, ARTIFACT_REGISTRY.determinismReport.filename),
+    artifactVersions: getArtifactVersions()
+  };
+}