npm - @veraxhq/verax - Versions diffs - 0.2.1 → 0.4.0 - Mend

@veraxhq/verax 0.2.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/README.md +10 -6
package/bin/verax.js +11 -11
package/package.json +29 -8
package/src/cli/commands/baseline.js +103 -0
package/src/cli/commands/default.js +51 -6
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +246 -0
package/src/cli/commands/gates.js +95 -0
package/src/cli/commands/inspect.js +4 -2
package/src/cli/commands/release-check.js +215 -0
package/src/cli/commands/run.js +45 -6
package/src/cli/commands/security-check.js +212 -0
package/src/cli/commands/truth.js +113 -0
package/src/cli/entry.js +30 -20
package/src/cli/util/angular-component-extractor.js +179 -0
package/src/cli/util/angular-navigation-detector.js +141 -0
package/src/cli/util/angular-network-detector.js +161 -0
package/src/cli/util/angular-state-detector.js +162 -0
package/src/cli/util/ast-interactive-detector.js +544 -0
package/src/cli/util/ast-network-detector.js +603 -0
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +602 -0
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/bootstrap-guard.js +86 -0
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +124 -0
package/src/cli/util/determinism-writer.js +129 -0
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +151 -5
package/src/cli/util/findings-writer.js +3 -0
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -0
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -0
package/src/cli/util/project-discovery.js +284 -0
package/src/cli/util/project-writer.js +2 -0
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-resolver.js +64 -0
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/source-requirement.js +55 -0
package/src/cli/util/summary-writer.js +2 -0
package/src/cli/util/svelte-navigation-detector.js +163 -0
package/src/cli/util/svelte-network-detector.js +80 -0
package/src/cli/util/svelte-sfc-extractor.js +146 -0
package/src/cli/util/svelte-state-detector.js +242 -0
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +178 -0
package/src/cli/util/vue-sfc-extractor.js +161 -0
package/src/cli/util/vue-state-detector.js +215 -0
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +139 -0
package/src/verax/core/artifacts/verifier.js +990 -0
package/src/verax/core/baseline/baseline.enforcer.js +137 -0
package/src/verax/core/baseline/baseline.snapshot.js +233 -0
package/src/verax/core/capabilities/gates.js +505 -0
package/src/verax/core/capabilities/registry.js +475 -0
package/src/verax/core/confidence/confidence-compute.js +144 -0
package/src/verax/core/confidence/confidence-invariants.js +234 -0
package/src/verax/core/confidence/confidence-report-writer.js +112 -0
package/src/verax/core/confidence/confidence-weights.js +44 -0
package/src/verax/core/confidence/confidence.defaults.js +65 -0
package/src/verax/core/confidence/confidence.loader.js +80 -0
package/src/verax/core/confidence/confidence.schema.js +94 -0
package/src/verax/core/confidence-engine-refactor.js +489 -0
package/src/verax/core/confidence-engine.js +625 -0
package/src/verax/core/contracts/index.js +29 -0
package/src/verax/core/contracts/types.js +186 -0
package/src/verax/core/contracts/validators.js +456 -0
package/src/verax/core/decisions/decision.trace.js +278 -0
package/src/verax/core/determinism/contract-writer.js +89 -0
package/src/verax/core/determinism/contract.js +139 -0
package/src/verax/core/determinism/diff.js +405 -0
package/src/verax/core/determinism/engine.js +222 -0
package/src/verax/core/determinism/finding-identity.js +149 -0
package/src/verax/core/determinism/normalize.js +466 -0
package/src/verax/core/determinism/report-writer.js +93 -0
package/src/verax/core/determinism/run-fingerprint.js +123 -0
package/src/verax/core/dynamic-route-intelligence.js +529 -0
package/src/verax/core/evidence/evidence-capture-service.js +308 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +166 -0
package/src/verax/core/evidence-builder.js +487 -0
package/src/verax/core/execution-mode-context.js +77 -0
package/src/verax/core/execution-mode-detector.js +192 -0
package/src/verax/core/failures/exit-codes.js +88 -0
package/src/verax/core/failures/failure-summary.js +76 -0
package/src/verax/core/failures/failure.factory.js +225 -0
package/src/verax/core/failures/failure.ledger.js +133 -0
package/src/verax/core/failures/failure.types.js +196 -0
package/src/verax/core/failures/index.js +10 -0
package/src/verax/core/ga/ga-report-writer.js +43 -0
package/src/verax/core/ga/ga.artifact.js +49 -0
package/src/verax/core/ga/ga.contract.js +435 -0
package/src/verax/core/ga/ga.enforcer.js +87 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
package/src/verax/core/guardrails/policy.defaults.js +210 -0
package/src/verax/core/guardrails/policy.loader.js +84 -0
package/src/verax/core/guardrails/policy.schema.js +110 -0
package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
package/src/verax/core/guardrails-engine.js +505 -0
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +318 -0
package/src/verax/core/perf/perf.contract.js +186 -0
package/src/verax/core/perf/perf.display.js +65 -0
package/src/verax/core/perf/perf.enforcer.js +91 -0
package/src/verax/core/perf/perf.monitor.js +209 -0
package/src/verax/core/perf/perf.report.js +200 -0
package/src/verax/core/pipeline-tracker.js +243 -0
package/src/verax/core/product-definition.js +127 -0
package/src/verax/core/release/provenance.builder.js +130 -0
package/src/verax/core/release/release-report-writer.js +40 -0
package/src/verax/core/release/release.enforcer.js +164 -0
package/src/verax/core/release/reproducibility.check.js +222 -0
package/src/verax/core/release/sbom.builder.js +292 -0
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +195 -0
package/src/verax/core/report/human-summary.js +362 -0
package/src/verax/core/route-intelligence.js +420 -0
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +329 -0
package/src/verax/core/security/security-report.js +50 -0
package/src/verax/core/security/security.enforcer.js +128 -0
package/src/verax/core/security/supplychain.defaults.json +38 -0
package/src/verax/core/security/supplychain.policy.js +334 -0
package/src/verax/core/security/vuln.scan.js +265 -0
package/src/verax/core/truth/truth.certificate.js +252 -0
package/src/verax/core/ui-feedback-intelligence.js +481 -0
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +62 -34
package/src/verax/detect/confidence-helper.js +34 -0
package/src/verax/detect/dynamic-route-findings.js +338 -0
package/src/verax/detect/expectation-chain-detector.js +417 -0
package/src/verax/detect/expectation-model.js +2 -2
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +131 -35
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +46 -5
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +558 -0
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +219 -0
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +207 -0
package/src/verax/detect/view-switch-correlator.js +242 -0
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +4 -0
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +3 -0
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +51 -155
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -513
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +205 -0
package/src/verax/observe/observe-helpers.js +192 -0
package/src/verax/observe/observe-runner.js +230 -0
package/src/verax/observe/observers/budget-observer.js +185 -0
package/src/verax/observe/observers/console-observer.js +102 -0
package/src/verax/observe/observers/coverage-observer.js +107 -0
package/src/verax/observe/observers/interaction-observer.js +471 -0
package/src/verax/observe/observers/navigation-observer.js +132 -0
package/src/verax/observe/observers/network-observer.js +87 -0
package/src/verax/observe/observers/safety-observer.js +82 -0
package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-feedback-detector.js +742 -0
package/src/verax/scan-summary-writer.js +2 -0
package/src/verax/shared/artifact-manager.js +25 -5
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/css-spinner-rules.js +204 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/view-switch-rules.js +208 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/verax/core/truth/truth.certificate.js ADDED Viewed

@@ -0,0 +1,252 @@
+/**
+ * PHASE 21.11 — Truth Certificate
+ *
+ * Generates a comprehensive certificate of truth for Enterprise audit.
+ * This is the document presented to management/audit/enterprise.
+ */
+import { readFileSync, existsSync, writeFileSync } from 'fs';
+import { resolve } from 'path';
+import { loadBaselineSnapshot } from '../baseline/baseline.snapshot.js';
+/**
+ * Load artifact JSON
+ */
+function loadArtifact(runDir, filename) {
+  const path = resolve(runDir, filename);
+  if (!existsSync(path)) {
+    return null;
+  }
+  try {
+  // @ts-expect-error - readFileSync with encoding returns string
+    return JSON.parse(readFileSync(path, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+/**
+ * Generate truth certificate
+ *
+ * @param {string} projectDir - Project directory
+ * @param {string} runId - Run ID
+ * @returns {Promise<Object>} Truth certificate
+ */
+export async function generateTruthCertificate(projectDir, runId) {
+  const runDir = resolve(projectDir, '.verax', 'runs', runId);
+  if (!existsSync(runDir)) {
+    return null;
+  }
+  // Load all relevant artifacts
+  const summary = loadArtifact(runDir, 'summary.json');
+  const findings = loadArtifact(runDir, 'findings.json');
+  const failureLedger = loadArtifact(runDir, 'failure.ledger.json');
+  const performanceReport = loadArtifact(runDir, 'performance.report.json');
+  const gaStatus = loadArtifact(runDir, 'ga.status.json');
+  const decisions = loadArtifact(runDir, 'decisions.json');
+  // Security reports
+  const releaseDir = resolve(projectDir, 'release');
+  const securitySecrets = loadArtifact(releaseDir, 'security.secrets.report.json');
+  const securityVuln = loadArtifact(releaseDir, 'security.vuln.report.json');
+  // Release provenance
+  const provenance = loadArtifact(releaseDir, 'release.provenance.json');
+  // Baseline snapshot
+  const baseline = loadBaselineSnapshot(projectDir);
+  // Evidence Law status
+  let evidenceLawStatus = 'UNKNOWN';
+  let evidenceLawViolated = false;
+  if (findings?.findings) {
+    for (const finding of findings.findings) {
+      if ((finding.severity === 'CONFIRMED' || finding.status === 'CONFIRMED') &&
+          finding.evidencePackage && !finding.evidencePackage.isComplete) {
+        evidenceLawViolated = true;
+        break;
+      }
+    }
+  }
+  evidenceLawStatus = evidenceLawViolated ? 'VIOLATED' : 'ENFORCED';
+  // Determinism verdict
+  let determinismVerdict = 'UNKNOWN';
+  if (decisions) {
+    try {
+      const { DecisionRecorder } = await import('../../core/determinism-model.js');
+      const recorder = DecisionRecorder.fromExport(decisions);
+      const { computeDeterminismVerdict } = await import('../../core/determinism/contract.js');
+      const verdict = computeDeterminismVerdict(recorder);
+      determinismVerdict = verdict.verdict;
+    } catch {
+      determinismVerdict = summary?.determinism?.verdict || 'UNKNOWN';
+    }
+  } else if (summary?.determinism) {
+    determinismVerdict = summary.determinism.verdict || 'UNKNOWN';
+  }
+  // Failure summary
+  const failureSummary = failureLedger?.summary || {
+    total: 0,
+    bySeverity: {},
+    byCategory: {}
+  };
+  // GA verdict
+  const gaVerdict = gaStatus?.gaReady === true ? 'GA-READY' : (gaStatus ? 'GA-BLOCKED' : 'UNKNOWN');
+  const gaBlockers = gaStatus?.blockers || [];
+  const gaWarnings = gaStatus?.warnings || [];
+  // Security verdict
+  const securityVerdict = {
+    secrets: securitySecrets?.hasSecrets ? 'BLOCKED' : (securitySecrets ? 'OK' : 'NOT_CHECKED'),
+    vulnerabilities: securityVuln?.blocking ? 'BLOCKED' : (securityVuln ? 'OK' : 'NOT_CHECKED'),
+    overall: (securitySecrets?.hasSecrets || securityVuln?.blocking) ? 'BLOCKED' :
+             (securitySecrets || securityVuln) ? 'OK' : 'NOT_CHECKED'
+  };
+  // Performance verdict
+  const performanceVerdict = performanceReport?.verdict || 'UNKNOWN';
+  const performanceOk = performanceReport?.ok !== false;
+  const performanceViolations = performanceReport?.violations || [];
+  // Baseline hash
+  const baselineHash = baseline?.baselineHash || null;
+  // Release provenance hash
+  const provenanceHash = provenance?.hashes?.dist || null;
+  const certificate = {
+    version: 1,
+    runId,
+    generatedAt: new Date().toISOString(),
+    url: summary?.url || null,
+    // Evidence Law
+    evidenceLaw: {
+      status: evidenceLawStatus,
+      violated: evidenceLawViolated,
+      statement: 'A finding cannot be marked CONFIRMED without sufficient evidence.'
+    },
+    // Determinism
+    determinism: {
+      verdict: determinismVerdict,
+      message: determinismVerdict === 'DETERMINISTIC'
+        ? 'Run was reproducible (same inputs = same outputs)'
+        : determinismVerdict === 'NON_DETERMINISTIC'
+        ? 'Run was not reproducible (adaptive events detected)'
+        : 'Determinism not evaluated'
+    },
+    // Failures
+    failures: {
+      total: failureSummary.total,
+      bySeverity: failureSummary.bySeverity || {},
+      byCategory: failureSummary.byCategory || {},
+      blocking: (failureSummary.bySeverity?.BLOCKING || 0) > 0,
+      degraded: (failureSummary.bySeverity?.DEGRADED || 0) > 0
+    },
+    // GA
+    ga: {
+      verdict: gaVerdict,
+      ready: gaStatus?.gaReady === true,
+      blockers: gaBlockers.length,
+      warnings: gaWarnings.length,
+      details: {
+        blockers: gaBlockers.map(b => ({ code: b.code, message: b.message })),
+        warnings: gaWarnings.map(w => ({ code: w.code, message: w.message }))
+      }
+    },
+    // Security
+    security: securityVerdict,
+    // Performance
+    performance: {
+      verdict: performanceVerdict,
+      ok: performanceOk,
+      violations: performanceViolations.length,
+      details: performanceViolations.map(v => ({
+        type: v.type,
+        actual: v.actual,
+        budget: v.budget
+      }))
+    },
+    // Baseline
+    baseline: {
+      hash: baselineHash,
+      frozen: baseline?.frozen || false,
+      version: baseline?.veraxVersion || null,
+      commit: baseline?.gitCommit || null
+    },
+    // Release provenance
+    provenance: {
+      hash: provenanceHash,
+      version: provenance?.version || null,
+      commit: provenance?.git?.commit || null
+    },
+    // Overall verdict
+    overallVerdict: {
+      status: (gaVerdict === 'GA-READY' &&
+               evidenceLawStatus === 'ENFORCED' &&
+               securityVerdict.overall === 'OK' &&
+               performanceOk) ? 'CERTIFIED' : 'NOT_CERTIFIED',
+      reasons: [
+        evidenceLawViolated ? 'Evidence Law violated' : null,
+        gaVerdict !== 'GA-READY' ? 'GA not ready' : null,
+        securityVerdict.overall !== 'OK' ? 'Security blocked' : null,
+        !performanceOk ? 'Performance violations' : null
+      ].filter(Boolean)
+    }
+  };
+  return certificate;
+}
+/**
+ * Write truth certificate to file
+ *
+ * @param {string} projectDir - Project directory
+ * @param {string} runId - Run ID
+ * @param {Object} certificate - Truth certificate
+ * @returns {string} Path to written file
+ */
+export function writeTruthCertificate(projectDir, runId, certificate) {
+  const runDir = resolve(projectDir, '.verax', 'runs', runId);
+  const outputPath = resolve(runDir, 'truth.certificate.json');
+  writeFileSync(outputPath, JSON.stringify(certificate, null, 2), 'utf-8');
+  return outputPath;
+}
+/**
+ * Load truth certificate from file
+ *
+ * @param {string} projectDir - Project directory
+ * @param {string} runId - Run ID
+ * @returns {Object|null} Truth certificate or null
+ */
+export function loadTruthCertificate(projectDir, runId) {
+  const runDir = resolve(projectDir, '.verax', 'runs', runId);
+  const certPath = resolve(runDir, 'truth.certificate.json');
+  if (!existsSync(certPath)) {
+    return null;
+  }
+  try {
+  // @ts-expect-error - readFileSync with encoding returns string
+    return JSON.parse(readFileSync(certPath, 'utf-8'));
+  } catch {
+    return null;
+  }
+}