@veraxhq/verax 0.2.1 → 0.4.0

package/src/verax/core/confidence/confidence-invariants.js

@@ -0,0 +1,234 @@
+/**
+ * PHASE 24 — Confidence Invariants (Immutable Rules)
+ * 
+ * Formal confidence invariants that MUST be enforced.
+ * Violations trigger automatic downgrades and are recorded.
+ */
+
+/**
+ * Confidence invariant violation reason codes
+ */
+export const INVARIANT_VIOLATION = {
+  CONFIRMED_BELOW_MIN: 'INV_CONFIRMED_BELOW_MIN',
+  SUSPECTED_ABOVE_MAX: 'INV_SUSPECTED_ABOVE_MAX',
+  SUSPECTED_BELOW_MIN: 'INV_SUSPECTED_BELOW_MIN',
+  INFORMATIONAL_ABOVE_MAX: 'INV_INFORMATIONAL_ABOVE_MAX',
+  INFORMATIONAL_BELOW_MIN: 'INV_INFORMATIONAL_BELOW_MIN',
+  IGNORED_NON_ZERO: 'INV_IGNORED_NON_ZERO',
+  UNPROVEN_EXPECTATION_ABOVE_MAX: 'INV_UNPROVEN_EXPECTATION_ABOVE_MAX',
+  VERIFIED_WITH_ERRORS_ABOVE_MAX: 'INV_VERIFIED_WITH_ERRORS_ABOVE_MAX',
+  GUARDRAILS_DOWNGRADE_OVERRIDE: 'INV_GUARDRAILS_DOWNGRADE_OVERRIDE'
+};
+
+/**
+ * Confidence ranges by status (immutable)
+ */
+export const CONFIDENCE_RANGES = {
+  CONFIRMED: { min: 0.70, max: 1.00 },
+  SUSPECTED: { min: 0.30, max: 0.69 },
+  INFORMATIONAL: { min: 0.01, max: 0.29 },
+  IGNORED: { min: 0.00, max: 0.00 }
+};
+
+/**
+ * Special caps
+ */
+export const CONFIDENCE_CAPS = {
+  UNPROVEN_EXPECTATION: 0.39,
+  VERIFIED_WITH_ERRORS: 0.49
+};
+
+/**
+ * Check if confidence violates invariants for a given status
+ * 
+ * @param {number} confidence - Confidence score (0..1)
+ * @param {string} status - Finding status (CONFIRMED, SUSPECTED, etc.)
+ * @param {Object} context - Context { expectationProof, verificationStatus, guardrailsOutcome }
+ * @returns {Object} { violated: boolean, violations: [], correctedConfidence: number }
+ */
+export function checkConfidenceInvariants(confidence, status, context = {}) {
+  const violations = [];
+  let correctedConfidence = confidence;
+  
+  // Rule 1: CONFIRMED ⇒ confidence ∈ [0.70 – 1.00]
+  if (status === 'CONFIRMED') {
+    if (confidence < CONFIDENCE_RANGES.CONFIRMED.min) {
+      violations.push({
+        code: INVARIANT_VIOLATION.CONFIRMED_BELOW_MIN,
+        message: `CONFIRMED status requires confidence >= ${CONFIDENCE_RANGES.CONFIRMED.min}, got ${confidence}`,
+        corrected: CONFIDENCE_RANGES.CONFIRMED.min
+      });
+      correctedConfidence = CONFIDENCE_RANGES.CONFIRMED.min;
+    }
+    if (confidence > CONFIDENCE_RANGES.CONFIRMED.max) {
+      correctedConfidence = CONFIDENCE_RANGES.CONFIRMED.max;
+    }
+  }
+  
+  // Rule 2: SUSPECTED ⇒ confidence ∈ [0.30 – 0.69]
+  if (status === 'SUSPECTED') {
+    if (confidence > CONFIDENCE_RANGES.SUSPECTED.max) {
+      violations.push({
+        code: INVARIANT_VIOLATION.SUSPECTED_ABOVE_MAX,
+        message: `SUSPECTED status requires confidence <= ${CONFIDENCE_RANGES.SUSPECTED.max}, got ${confidence}`,
+        corrected: CONFIDENCE_RANGES.SUSPECTED.max
+      });
+      correctedConfidence = CONFIDENCE_RANGES.SUSPECTED.max;
+    }
+    if (confidence < CONFIDENCE_RANGES.SUSPECTED.min) {
+      violations.push({
+        code: INVARIANT_VIOLATION.SUSPECTED_BELOW_MIN,
+        message: `SUSPECTED status requires confidence >= ${CONFIDENCE_RANGES.SUSPECTED.min}, got ${confidence}`,
+        corrected: CONFIDENCE_RANGES.SUSPECTED.min
+      });
+      correctedConfidence = CONFIDENCE_RANGES.SUSPECTED.min;
+    }
+  }
+  
+  // Rule 3: INFORMATIONAL ⇒ confidence ∈ [0.01 – 0.29]
+  if (status === 'INFORMATIONAL') {
+    if (confidence > CONFIDENCE_RANGES.INFORMATIONAL.max) {
+      violations.push({
+        code: INVARIANT_VIOLATION.INFORMATIONAL_ABOVE_MAX,
+        message: `INFORMATIONAL status requires confidence <= ${CONFIDENCE_RANGES.INFORMATIONAL.max}, got ${confidence}`,
+        corrected: CONFIDENCE_RANGES.INFORMATIONAL.max
+      });
+      correctedConfidence = CONFIDENCE_RANGES.INFORMATIONAL.max;
+    }
+    if (confidence < CONFIDENCE_RANGES.INFORMATIONAL.min) {
+      violations.push({
+        code: INVARIANT_VIOLATION.INFORMATIONAL_BELOW_MIN,
+        message: `INFORMATIONAL status requires confidence >= ${CONFIDENCE_RANGES.INFORMATIONAL.min}, got ${confidence}`,
+        corrected: CONFIDENCE_RANGES.INFORMATIONAL.min
+      });
+      correctedConfidence = CONFIDENCE_RANGES.INFORMATIONAL.min;
+    }
+  }
+  
+  // Rule 4: IGNORED ⇒ confidence === 0
+  if (status === 'IGNORED') {
+    if (confidence !== 0) {
+      violations.push({
+        code: INVARIANT_VIOLATION.IGNORED_NON_ZERO,
+        message: `IGNORED status requires confidence === 0, got ${confidence}`,
+        corrected: 0
+      });
+      correctedConfidence = 0;
+    }
+  }
+  
+  // Rule 5: UNPROVEN_EXPECTATION ⇒ confidence ≤ 0.39
+  if (context.expectationProof === 'UNPROVEN_EXPECTATION') {
+    if (correctedConfidence > CONFIDENCE_CAPS.UNPROVEN_EXPECTATION) {
+      violations.push({
+        code: INVARIANT_VIOLATION.UNPROVEN_EXPECTATION_ABOVE_MAX,
+        message: `UNPROVEN_EXPECTATION requires confidence <= ${CONFIDENCE_CAPS.UNPROVEN_EXPECTATION}, got ${correctedConfidence}`,
+        corrected: CONFIDENCE_CAPS.UNPROVEN_EXPECTATION
+      });
+      correctedConfidence = CONFIDENCE_CAPS.UNPROVEN_EXPECTATION;
+    }
+  }
+  
+  // Rule 6: VERIFIED_WITH_ERRORS ⇒ confidence capped at 0.49
+  if (context.verificationStatus === 'VERIFIED_WITH_ERRORS') {
+    if (correctedConfidence > CONFIDENCE_CAPS.VERIFIED_WITH_ERRORS) {
+      violations.push({
+        code: INVARIANT_VIOLATION.VERIFIED_WITH_ERRORS_ABOVE_MAX,
+        message: `VERIFIED_WITH_ERRORS requires confidence <= ${CONFIDENCE_CAPS.VERIFIED_WITH_ERRORS}, got ${correctedConfidence}`,
+        corrected: CONFIDENCE_CAPS.VERIFIED_WITH_ERRORS
+      });
+      correctedConfidence = CONFIDENCE_CAPS.VERIFIED_WITH_ERRORS;
+    }
+  }
+  
+  // Rule 7: Guardrails downgrade ALWAYS overrides raw confidence
+  if (context.guardrailsOutcome && context.guardrailsOutcome.downgraded) {
+    const guardrailsFinalDecision = context.guardrailsOutcome.finalDecision || context.guardrailsOutcome.recommendedStatus;
+    if (guardrailsFinalDecision && guardrailsFinalDecision !== status) {
+      // Guardrails changed the status, confidence must match the new status
+      const range = CONFIDENCE_RANGES[guardrailsFinalDecision];
+      if (range) {
+        if (correctedConfidence > range.max) {
+          violations.push({
+            code: INVARIANT_VIOLATION.GUARDRAILS_DOWNGRADE_OVERRIDE,
+            message: `Guardrails downgrade to ${guardrailsFinalDecision} requires confidence <= ${range.max}, got ${correctedConfidence}`,
+            corrected: range.max
+          });
+          correctedConfidence = range.max;
+        }
+        if (correctedConfidence < range.min && guardrailsFinalDecision !== 'IGNORED') {
+          violations.push({
+            code: INVARIANT_VIOLATION.GUARDRAILS_DOWNGRADE_OVERRIDE,
+            message: `Guardrails downgrade to ${guardrailsFinalDecision} requires confidence >= ${range.min}, got ${correctedConfidence}`,
+            corrected: range.min
+          });
+          correctedConfidence = range.min;
+        }
+      }
+    }
+  }
+  
+  return {
+    violated: violations.length > 0,
+    violations,
+    correctedConfidence
+  };
+}
+
+/**
+ * Enforce confidence invariants (mutates finding if needed)
+ * 
+ * @param {Object} finding - Finding object
+ * @param {Object} context - Context for invariant checking
+ * @returns {Object} { finding: correctedFinding, violations: [] }
+ */
+export function enforceConfidenceInvariants(finding, context = {}) {
+  const status = finding.severity || finding.status || 'SUSPECTED';
+  const confidence = finding.confidence !== undefined ? finding.confidence : 0;
+  
+  const expectationProof = finding.expectation?.proof || context.expectationProof;
+  const verificationStatus = context.verificationStatus;
+  const guardrailsOutcome = finding.guardrails || context.guardrailsOutcome;
+  
+  const invariantCheck = checkConfidenceInvariants(confidence, status, {
+    expectationProof,
+    verificationStatus,
+    guardrailsOutcome
+  });
+  
+  if (invariantCheck.violated) {
+    // Apply corrections
+    const correctedFinding = {
+      ...finding,
+      confidence: invariantCheck.correctedConfidence,
+      confidenceLevel: determineConfidenceLevel(invariantCheck.correctedConfidence),
+      invariantViolations: invariantCheck.violations.map(v => ({
+        code: v.code,
+        message: v.message,
+        originalConfidence: confidence,
+        correctedConfidence: v.corrected
+      }))
+    };
+    
+    return {
+      finding: correctedFinding,
+      violations: invariantCheck.violations
+    };
+  }
+  
+  return {
+    finding,
+    violations: []
+  };
+}
+
+/**
+ * Determine confidence level from score
+ */
+function determineConfidenceLevel(score) {
+  if (score >= 0.80) return 'HIGH';
+  if (score >= 0.50) return 'MEDIUM';
+  if (score >= 0.20) return 'LOW';
+  return 'UNPROVEN';
+}
+

package/src/verax/core/confidence/confidence-report-writer.js

@@ -0,0 +1,112 @@
+/**
+ * PHASE 24 — Confidence Report Writer
+ * 
+ * Writes confidence.report.json artifact per run.
+ */
+
+import { writeFileSync } from 'fs';
+import { resolve } from 'path';
+import { ARTIFACT_REGISTRY } from '../artifacts/registry.js';
+
+/**
+ * Write confidence report to disk.
+ * 
+ * @param {string} runDir - Absolute run directory path
+ * @param {Array} findings - Array of findings with confidence data
+ * @param {Object} confidenceData - Map of findingIdentity -> confidence computation result
+ * @returns {string} Path to written report
+ */
+export function writeConfidenceReport(runDir, findings, confidenceData = {}) {
+  const reportPath = resolve(runDir, ARTIFACT_REGISTRY.confidenceReport.filename);
+  
+  // Build per-finding entries (deterministic ordering by findingIdentity)
+  const perFinding = {};
+  const summary = {
+    totalFindings: findings.length,
+    byConfidenceLevel: {
+      HIGH: 0,
+      MEDIUM: 0,
+      LOW: 0,
+      UNPROVEN: 0
+    },
+    byTruthStatus: {
+      CONFIRMED: 0,
+      SUSPECTED: 0,
+      INFORMATIONAL: 0,
+      IGNORED: 0
+    },
+    invariantViolationsCount: 0,
+    averageConfidenceBefore: 0,
+    averageConfidenceAfter: 0
+  };
+  
+  let totalConfidenceBefore = 0;
+  let totalConfidenceAfter = 0;
+  
+  for (const finding of findings) {
+    const findingIdentity = finding.findingId || finding.id || `finding-${findings.indexOf(finding)}`;
+    const confidenceResult = confidenceData[findingIdentity] || null;
+    const truthStatus = finding.severity || finding.status || 'SUSPECTED';
+    
+    const confidenceBefore = confidenceResult?.confidenceBefore || finding.confidence || 0;
+    const confidenceAfter = confidenceResult?.confidenceAfter || finding.confidence || 0;
+    const confidenceLevel = confidenceResult?.confidenceLevel || finding.confidenceLevel || 'UNPROVEN';
+    
+    totalConfidenceBefore += confidenceBefore;
+    totalConfidenceAfter += confidenceAfter;
+    
+    // Track by confidence level
+    if (summary.byConfidenceLevel[confidenceLevel] !== undefined) {
+      summary.byConfidenceLevel[confidenceLevel]++;
+    }
+    
+    // Track by truth status
+    if (summary.byTruthStatus[truthStatus] !== undefined) {
+      summary.byTruthStatus[truthStatus]++;
+    }
+    
+    // Track invariant violations
+    const violations = confidenceResult?.invariantViolations || finding.invariantViolations || [];
+    if (violations.length > 0) {
+      summary.invariantViolationsCount += violations.length;
+    }
+    
+    // Build per-finding entry
+    perFinding[findingIdentity] = {
+      confidenceBefore,
+      confidenceAfter,
+      confidenceLevel,
+      truthStatus,
+      appliedInvariants: confidenceResult?.appliedInvariants || [],
+      invariantViolations: violations.map(v => ({
+        code: v.code,
+        message: v.message,
+        originalConfidence: v.originalConfidence,
+        correctedConfidence: v.correctedConfidence || v.corrected
+      })),
+      explanation: confidenceResult?.explanation || finding.confidenceReasons || [],
+      expectationProof: confidenceResult?.expectationProof || finding.expectation?.proof || null,
+      verificationStatus: confidenceResult?.verificationStatus || null
+    };
+  }
+  
+  // Compute averages
+  if (findings.length > 0) {
+    summary.averageConfidenceBefore = totalConfidenceBefore / findings.length;
+    summary.averageConfidenceAfter = totalConfidenceAfter / findings.length;
+  }
+  
+  // Build report
+  const report = {
+    version: 1,
+    generatedAt: new Date().toISOString(),
+    summary,
+    perFinding
+  };
+  
+  // Write to disk
+  writeFileSync(reportPath, JSON.stringify(report, null, 2), 'utf8');
+  
+  return reportPath;
+}
+

package/src/verax/core/confidence/confidence-weights.js

@@ -0,0 +1,44 @@
+/**
+ * PHASE 24 — Confidence Weights (Canonical)
+ * 
+ * Canonical weights for evidence types.
+ * All capabilities MUST use these weights.
+ * No custom weighting allowed.
+ */
+
+/**
+ * Canonical evidence weights (normalized, sum to 1.0)
+ */
+export const CONFIDENCE_WEIGHTS = {
+  UI_EVIDENCE: 0.25,
+  NETWORK_EVIDENCE: 0.25,
+  STATE_EVIDENCE: 0.15,
+  ROUTE_EVIDENCE: 0.15,
+  CONSOLE_EVIDENCE: 0.10,
+  EVIDENCE_COMPLETENESS: 0.10
+};
+
+/**
+ * Validate that weights sum to 1.0
+ */
+export function validateWeights(weights = CONFIDENCE_WEIGHTS) {
+  const sum = Object.values(weights).reduce((a, b) => a + b, 0);
+  if (Math.abs(sum - 1.0) > 0.001) {
+    throw new Error(`Confidence weights must sum to 1.0, got ${sum}`);
+  }
+  return true;
+}
+
+/**
+ * Get weight for evidence type
+ * 
+ * @param {string} evidenceType - One of: UI_EVIDENCE, NETWORK_EVIDENCE, STATE_EVIDENCE, ROUTE_EVIDENCE, CONSOLE_EVIDENCE, EVIDENCE_COMPLETENESS
+ * @returns {number} Weight (0..1)
+ */
+export function getEvidenceWeight(evidenceType) {
+  return CONFIDENCE_WEIGHTS[evidenceType] || 0;
+}
+
+// Validate on module load
+validateWeights();
+

package/src/verax/core/confidence/confidence.defaults.js

@@ -0,0 +1,65 @@
+/**
+ * PHASE 21.4 — Confidence Policy Defaults
+ * 
+ * Default confidence policy matching current hardcoded behavior.
+ * Truth locks are enforced and cannot be configured away.
+ */
+
+/**
+ * Default confidence policy
+ * 
+ * This policy matches the current hardcoded behavior exactly.
+ */
+export const DEFAULT_CONFIDENCE_POLICY = {
+  version: '21.4.0',
+  source: 'default',
+  baseScores: {
+    promiseProven: 1.0,
+    promiseObserved: 0.7,
+    promiseWeak: 0.5,
+    promiseUnknown: 0.2,
+    urlChanged: 0.3,
+    domChanged: 0.2,
+    uiFeedbackConfirmed: 0.3,
+    consoleErrors: 0.2,
+    networkFailure: 0.3,
+    networkSuccess: 0.1,
+    timingAligned: 0.2,
+    routeMatched: 0.2,
+    requestMatched: 0.2,
+    traceLinked: 0.1,
+    screenshots: 0.3,
+    traces: 0.2,
+    signals: 0.2,
+    snippets: 0.3
+  },
+  thresholds: {
+    high: 0.8,
+    medium: 0.6,
+    low: 0.3
+  },
+  weights: {
+    promiseStrength: 0.25,
+    observationStrength: 0.30,
+    correlationQuality: 0.20,
+    guardrails: 0.15,
+    evidenceCompleteness: 0.10
+  },
+  truthLocks: {
+    // HARD LOCK: CONFIRMED requires evidencePackage.isComplete === true
+    evidenceCompleteRequired: true,
+    
+    // HARD LOCK: NON_DETERMINISTIC verdict caps confidence ≤ 0.6
+    nonDeterministicMaxConfidence: 0.6,
+    
+    // HARD LOCK: Guardrails confidence deltas are max-negative only (enforced in guardrails policy)
+    guardrailsMaxNegative: true,
+    
+    // HARD LOCK: Cannot upgrade SUSPECTED → CONFIRMED via policy
+    cannotUpgradeToConfirmed: true,
+    
+    // HARD LOCK: Contradiction penalty
+    contradictionPenalty: 0.3
+  }
+};
+

package/src/verax/core/confidence/confidence.loader.js

@@ -0,0 +1,80 @@
+/**
+ * PHASE 21.4 — Confidence Policy Loader
+ * 
+ * Loads confidence policies from files or uses defaults.
+ * Validates policies and enforces truth locks.
+ */
+
+import { readFileSync, existsSync } from 'fs';
+import { resolve } from 'path';
+import { validateConfidencePolicy } from './confidence.schema.js';
+import { DEFAULT_CONFIDENCE_POLICY } from './confidence.defaults.js';
+
+/**
+ * Load confidence policy
+ * 
+ * @param {string|null} policyPath - Path to custom policy file (optional)
+ * @param {string} projectDir - Project directory
+ * @returns {Object} Confidence policy
+ * @throws {Error} If policy is invalid
+ */
+export function loadConfidencePolicy(policyPath = null, projectDir = null) {
+  // If no custom policy path, use defaults
+  if (!policyPath) {
+    return DEFAULT_CONFIDENCE_POLICY;
+  }
+  
+  // Resolve policy path
+  const resolvedPath = projectDir ? resolve(projectDir, policyPath) : resolve(policyPath);
+  
+  // Check if file exists
+  if (!existsSync(resolvedPath)) {
+    throw new Error(`Confidence policy file not found: ${resolvedPath}`);
+  }
+  
+  // Read and parse policy
+  let policy;
+  try {
+    const policyContent = readFileSync(resolvedPath, 'utf-8');
+  // @ts-expect-error - readFileSync with encoding returns string
+    policy = JSON.parse(policyContent);
+  } catch (error) {
+    throw new Error(`Failed to load confidence policy: ${error.message}`);
+  }
+  
+  // Validate policy
+  try {
+    validateConfidencePolicy(policy);
+  } catch (error) {
+    throw new Error(`Invalid confidence policy: ${error.message}`);
+  }
+  
+  // HARD LOCK: Enforce truth locks from defaults (cannot be overridden)
+  // Defaults override any custom values
+  policy.truthLocks = {
+    ...policy.truthLocks,
+    ...DEFAULT_CONFIDENCE_POLICY.truthLocks  // Defaults take precedence
+  };
+  
+  // Mark as custom
+  policy.source = 'custom';
+  
+  return policy;
+}
+
+/**
+ * Get policy report metadata
+ * 
+ * @param {Object} policy - Confidence policy
+ * @returns {Object} Policy report metadata
+ */
+export function getPolicyReport(policy) {
+  return {
+    version: policy.version,
+    source: policy.source,
+    thresholds: policy.thresholds,
+    weights: policy.weights,
+    truthLocks: Object.keys(policy.truthLocks)
+  };
+}
+

package/src/verax/core/confidence/confidence.schema.js

@@ -0,0 +1,94 @@
+/**
+ * PHASE 21.4 — Confidence Policy Schema
+ * 
+ * Defines the structure for confidence policies.
+ * Truth locks are enforced and cannot be configured away.
+ */
+
+/**
+ * Confidence Policy Schema
+ * 
+ * @typedef {Object} ConfidencePolicy
+ * @property {string} version - Policy version
+ * @property {string} source - 'default' | 'custom'
+ * @property {Object} baseScores - Base score configuration
+ * @property {Object} thresholds - Threshold configuration
+ * @property {Object} weights - Weight configuration for pillars
+ * @property {Object} truthLocks - Truth locks (cannot be overridden)
+ */
+
+/**
+ * Validate confidence policy
+ * 
+ * @param {Object} policy - Policy to validate
+ * @throws {Error} If policy is invalid
+ */
+export function validateConfidencePolicy(policy) {
+  if (!policy) {
+    throw new Error('Confidence policy is required');
+  }
+  
+  if (!policy.version || typeof policy.version !== 'string') {
+    throw new Error('Confidence policy must have a version string');
+  }
+  
+  // Validate base scores
+  if (!policy.baseScores || typeof policy.baseScores !== 'object') {
+    throw new Error('Confidence policy must have baseScores object');
+  }
+  
+  // Validate thresholds
+  if (!policy.thresholds || typeof policy.thresholds !== 'object') {
+    throw new Error('Confidence policy must have thresholds object');
+  }
+  
+  // Validate weights
+  if (!policy.weights || typeof policy.weights !== 'object') {
+    throw new Error('Confidence policy must have weights object');
+  }
+  
+  // Validate truth locks
+  if (!policy.truthLocks || typeof policy.truthLocks !== 'object') {
+    throw new Error('Confidence policy must have truthLocks object');
+  }
+  
+  // HARD LOCK: Truth locks cannot be overridden
+  const requiredTruthLocks = [
+    'evidenceCompleteRequired',
+    'nonDeterministicMaxConfidence',
+    'guardrailsMaxNegative'
+  ];
+  
+  for (const lock of requiredTruthLocks) {
+    if (!(lock in policy.truthLocks)) {
+      throw new Error(`Confidence policy must have truth lock: ${lock}`);
+    }
+  }
+  
+  // Validate threshold values
+  const thresholds = policy.thresholds;
+  if (typeof thresholds.high !== 'number' || thresholds.high < 0 || thresholds.high > 1) {
+    throw new Error('Confidence policy threshold.high must be a number between 0 and 1');
+  }
+  
+  if (typeof thresholds.medium !== 'number' || thresholds.medium < 0 || thresholds.medium > 1) {
+    throw new Error('Confidence policy threshold.medium must be a number between 0 and 1');
+  }
+  
+  if (typeof thresholds.low !== 'number' || thresholds.low < 0 || thresholds.low > 1) {
+    throw new Error('Confidence policy threshold.low must be a number between 0 and 1');
+  }
+  
+  // Validate weights sum to reasonable range
+  const weights = policy.weights;
+  const weightSum = (weights.promiseStrength || 0) + 
+                    (weights.observationStrength || 0) + 
+                    (weights.correlationQuality || 0) + 
+                    (weights.guardrails || 0) + 
+                    (weights.evidenceCompleteness || 0);
+  
+  if (Math.abs(weightSum - 1.0) > 0.01) {
+    throw new Error(`Confidence policy weights must sum to approximately 1.0 (got ${weightSum})`);
+  }
+}
+