@veraxhq/verax 0.2.1 → 0.4.0

package/src/verax/detect/confidence-engine.js

@@ -42,7 +42,7 @@ function hasConsoleData(consoleSummary) {
   
   // Check for any actual console activity
   const hasMessages = (consoleSummary.totalMessages || 0) > 0;
-  const hasErrors = (consoleSummary.errors || 0) > 0;
+  const hasErrors = (consoleSummary.errors || 0) > 0 || (consoleSummary.pageErrorCount || 0) > 0;
   const hasWarnings = (consoleSummary.warnings || 0) > 0;
   const hasEntries = Array.isArray(consoleSummary.entries) && consoleSummary.entries.length > 0;
   
@@ -67,7 +67,9 @@ function hasUiData(uiSignals) {
   const hasFocusChange = diff.focusChanged === true;
   const hasTextChange = diff.textChanged === true;
   
-  return hasAnyDelta || hasDomChange || hasVisibleChange || hasAriaChange || hasFocusChange || hasTextChange;
+  // Also check for changes field being present (even if it says no changes)
+  const hasChangesField = uiSignals.changes && typeof uiSignals.changes === 'object';
+  return hasAnyDelta || hasDomChange || hasVisibleChange || hasAriaChange || hasFocusChange || hasTextChange || hasChangesField;
 }
 
 const BASE_SCORES = {
@@ -132,15 +134,28 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
     comparisons
   });
   
-  // === STEP 3: SENSOR PRESENCE CHECK (STRICT - must contain data) ===
-  // PHASE 3: Sensors only count as "present" if they contain non-trivial data
-  const sensorsPresent = {
+  // === STEP 3: SENSOR PRESENCE CHECK (TWO-LEVEL) ===
+  // PHASE 3: First check if sensor objects were provided (sensor infrastructure present)
+  // Then check if those sensors contain non-trivial data
+  
+  // Check if sensor objects were explicitly provided (not undefined in input)
+  const sensorObjectsProvided = {
+    network: sensors.network !== undefined,
+    console: sensors.console !== undefined,
+    ui: sensors.uiSignals !== undefined
+  };
+  
+  // Check if those sensors contain non-trivial data
+  const sensorsWithData = {
     network: hasNetworkData(networkSummary),
     console: hasConsoleData(consoleSummary),
     ui: hasUiData(uiSignals)
   };
   
-  const allSensorsPresent = sensorsPresent.network && sensorsPresent.console && sensorsPresent.ui;
+  // For penalties: use "objects provided" (infrastructure present)
+  // For HIGH level: use "has data" (actual evidence)
+  const allSensorObjectsProvided = sensorObjectsProvided.network && sensorObjectsProvided.console && sensorObjectsProvided.ui;
+  const allSensorsWithData = sensorsWithData.network && sensorsWithData.console && sensorsWithData.ui;
   
   // === STEP 4: COMPUTE BOOSTS AND PENALTIES (TYPE-SPECIFIC) ===
   let totalBoosts = 0;
@@ -165,14 +180,14 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
   
   // === STEP 5: APPLY GLOBAL PENALTIES ===
   
-  // -15 if sensors missing (can't trust silent failure claim without sensors)
-  if (!allSensorsPresent) {
+  // -25 if sensor infrastructure missing (sensor objects not provided at all)
+  if (!allSensorObjectsProvided) {
     const missingSensors = [];
-    if (!sensorsPresent.network) missingSensors.push('network');
-    if (!sensorsPresent.console) missingSensors.push('console');
-    if (!sensorsPresent.ui) missingSensors.push('ui');
+    if (!sensorObjectsProvided.network) missingSensors.push('network');
+    if (!sensorObjectsProvided.console) missingSensors.push('console');
+    if (!sensorObjectsProvided.ui) missingSensors.push('ui');
     
-    const penalty = 15;
+    const penalty = 25;
     totalPenalties += penalty;
     penalties.push(`Missing sensor data: ${missingSensors.join(', ')}`);
   }
@@ -192,8 +207,8 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
   let boundaryExplanation = null; // Phase 3: Track near-threshold decisions
   
   if (score >= 80) {
-    // HARD RULE: HIGH level requires PROVEN expectation AND all sensors present
-    if (expectationStrength === 'PROVEN' && allSensorsPresent) {
+    // HARD RULE: HIGH level requires PROVEN expectation AND all sensors with actual data
+    if (expectationStrength === 'PROVEN' && allSensorsWithData) {
       level = 'HIGH';
       
       // Phase 3: Near-threshold detection (within 2 points of boundary)
@@ -201,12 +216,25 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
         boundaryExplanation = `Near threshold: score ${score.toFixed(1)} >= 80 threshold, assigned HIGH (proven expectation + all sensors)`;
       }
     } else {
-      // Cap at MEDIUM if missing evidence
+      // Cannot achieve HIGH - assign MEDIUM
       level = 'MEDIUM';
-      score = Math.min(score, 79);
+      // If sensors are at least partially provided (not completely missing), cap the score
+      // to prevent the 80+ threshold from being crossed without HIGH achievement
+      if (allSensorObjectsProvided) {
+        score = Math.min(score, 79);
+      }
+      // Only cap if at least some sensors have data (otherwise we're showing the penalty)
+      const anySensorWithData = sensorsWithData.network || sensorsWithData.console || sensorsWithData.ui;
+      if (!anySensorWithData) {
+        score = Math.max(score, 76); // Ensure penalty is visible
+      }
       
-      // Phase 3: Boundary explanation for capped score
-      boundaryExplanation = `Capped at MEDIUM: score would be ${(baseScore + totalBoosts - totalPenalties).toFixed(1)} but ${expectationStrength !== 'PROVEN' ? 'expectation not proven' : 'sensors missing'}, kept score <= 79`;
+      // Phase 3: Boundary explanation
+      if (expectationStrength !== 'PROVEN') {
+        boundaryExplanation = `Assigned MEDIUM: score ${score.toFixed(1)} >= 80 but expectation not proven`;
+      } else if (!allSensorsWithData) {
+        boundaryExplanation = `Assigned MEDIUM: score ${score.toFixed(1)} >= 80 but sensors lack data`;
+      }
     }
   } else if (score >= 55) {
     level = 'MEDIUM';
@@ -248,8 +276,8 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
     level,
     score: Math.round(score),
     expectationStrength,
-    sensorsPresent,
-    allSensorsPresent,
+    sensorsWithData,
+    allSensorsWithData,
     evidenceSignals,
     boosts,
     penalties,
@@ -263,7 +291,7 @@ export function computeConfidence({ findingType, expectation, sensors = {}, comp
     explain: finalExplain,
     factors: {
       expectationStrength,
-      sensorsPresent,
+      sensorsPresent: sensorsWithData,
       evidenceSignals,
       penalties,
       boosts
@@ -804,8 +832,8 @@ function generateConfidenceExplanation({
   level,
   score: _score,
   expectationStrength,
-  sensorsPresent,
-  allSensorsPresent,
+  sensorsWithData,
+  allSensorsWithData,
   evidenceSignals: _evidenceSignals,
   boosts,
   penalties,
@@ -827,7 +855,7 @@ function generateConfidenceExplanation({
     if (expectationStrength === 'PROVEN') {
       whyThisConfidence.push('Expectation is proven from source code');
     }
-    if (allSensorsPresent) {
+    if (allSensorsWithData) {
       whyThisConfidence.push('All sensors (network, console, UI) were active');
     }
     if (boosts.length > 0) {
@@ -840,11 +868,11 @@ function generateConfidenceExplanation({
     } else {
       whyThisConfidence.push(`Expectation strength: ${expectationStrength} (not proven)`);
     }
-    if (!allSensorsPresent) {
+    if (!allSensorsWithData) {
       const missing = [];
-      if (!sensorsPresent.network) missing.push('network');
-      if (!sensorsPresent.console) missing.push('console');
-      if (!sensorsPresent.ui) missing.push('UI');
+      if (!sensorsWithData.network) missing.push('network');
+      if (!sensorsWithData.console) missing.push('console');
+      if (!sensorsWithData.ui) missing.push('UI');
       whyThisConfidence.push(`Missing sensor data: ${missing.join(', ')}`);
     }
     if (penalties.length > 0) {
@@ -855,7 +883,7 @@ function generateConfidenceExplanation({
     if (expectationStrength !== 'PROVEN') {
       whyThisConfidence.push(`Expectation strength: ${expectationStrength} (not proven from code)`);
     }
-    if (!allSensorsPresent) {
+    if (!allSensorsWithData) {
       whyThisConfidence.push('Some sensors were not active, reducing confidence');
     }
     if (attemptMeta && !attemptMeta.repeated) {
@@ -868,11 +896,11 @@ function generateConfidenceExplanation({
     if (expectationStrength !== 'PROVEN') {
       whatWouldIncreaseConfidence.push('Make the expectation proven by adding explicit code that promises the behavior');
     }
-    if (!allSensorsPresent) {
+    if (!allSensorsWithData) {
       const missing = [];
-      if (!sensorsPresent.network) missing.push('network monitoring');
-      if (!sensorsPresent.console) missing.push('console error detection');
-      if (!sensorsPresent.ui) missing.push('UI change detection');
+      if (!sensorsWithData.network) missing.push('network monitoring');
+      if (!sensorsWithData.console) missing.push('console error detection');
+      if (!sensorsWithData.ui) missing.push('UI change detection');
       whatWouldIncreaseConfidence.push(`Enable missing sensors: ${missing.join(', ')}`);
     }
     if (attemptMeta && !attemptMeta.repeated && level === 'LOW') {
@@ -888,7 +916,7 @@ function generateConfidenceExplanation({
     if (expectationStrength === 'PROVEN') {
       whatWouldReduceConfidence.push('If expectation becomes unproven (code changes, expectation removed)');
     }
-    if (allSensorsPresent) {
+    if (allSensorsWithData) {
       whatWouldReduceConfidence.push('If sensors become unavailable or disabled');
     }
     if (boosts.length > 0) {

package/src/verax/detect/confidence-helper.js

@@ -0,0 +1,34 @@
+/**
+ * PHASE 15 — Confidence Helper
+ * 
+ * Helper function to add unified confidence to findings
+ */
+
+import { computeConfidenceForFinding } from '../core/confidence-engine.js';
+
+/**
+ * PHASE 15: Add unified confidence to a finding
+ * 
+ * @param {Object} finding - Finding object
+ * @param {Object} params - Confidence computation parameters
+ * @returns {Object} Finding with unified confidence fields
+ */
+export function addUnifiedConfidence(finding, params) {
+  // @ts-expect-error - Optional params structure
+  const unifiedConfidence = computeConfidenceForFinding({
+    findingType: finding.type || 'unknown',
+    expectation: params.expectation || null,
+    sensors: params.sensors || {},
+    comparisons: params.comparisons || {},
+    evidence: params.evidence || {},
+  });
+  
+  // Add unified confidence fields (additive only)
+  return {
+    ...finding,
+    confidence: unifiedConfidence.score, // PHASE 15: Normalized 0..1
+    confidenceLevel: unifiedConfidence.level, // PHASE 15: HIGH/MEDIUM/LOW/UNPROVEN
+    confidenceReasons: unifiedConfidence.reasons, // PHASE 15: Stable reason codes
+  };
+}
+

package/src/verax/detect/dynamic-route-findings.js

@@ -0,0 +1,338 @@
+/**
+ * PHASE 14 — Dynamic Route Findings Detector
+ * 
+ * Detects dynamic route-related findings with proper verifiability classification
+ * and intentional skips for unverifiable routes.
+ */
+
+import {
+  classifyDynamicRoute,
+  correlateDynamicRouteNavigation,
+  buildDynamicRouteEvidence,
+  shouldSkipDynamicRoute,
+  DYNAMIC_ROUTE_VERIFIABILITY,
+  ROUTE_VERDICT,
+} from '../core/dynamic-route-intelligence.js';
+import { buildRouteModels } from '../core/route-intelligence.js';
+import { computeConfidence } from './confidence-engine.js';
+import { computeConfidenceForFinding } from '../core/confidence-engine.js';
+import { buildAndEnforceEvidencePackage } from '../core/evidence-builder.js';
+import { applyGuardrails } from '../core/guardrails-engine.js';
+
+/**
+ * PHASE 14: Detect dynamic route-related findings
+ * 
+ * @param {Array} traces - Interaction traces
+ * @param {Object} manifest - Project manifest with routes and expectations
+ * @param {Array} _findings - Findings array to append to
+ * @ts-expect-error - JSDoc param documented but unused
+ * @returns {Object} { findings: Array, skips: Array }
+ */
+export function detectDynamicRouteFindings(traces, manifest, _findings) {
+  const dynamicRouteFindings = [];
+  const skips = [];
+  
+  // Build route models from manifest routes
+  const routeModels = buildRouteModels(manifest.routes || []);
+  
+  // Process each trace
+  for (const trace of traces) {
+    const interaction = trace.interaction || {};
+    
+    // Find navigation expectations for this interaction
+    const navigationExpectations = findNavigationExpectations(manifest, interaction, trace);
+    
+    for (const expectation of navigationExpectations) {
+      const navigationTarget = expectation.targetPath || expectation.expectedTarget || '';
+      
+      if (!navigationTarget) continue;
+      
+      // Find matching route model
+      const matchingRoute = findMatchingRoute(navigationTarget, routeModels);
+      
+      if (!matchingRoute) {
+        // No route match - handled by regular route findings
+        continue;
+      }
+      
+      // Check if route is dynamic
+      const classification = classifyDynamicRoute(matchingRoute, trace);
+      
+      // If route is unverifiable, add to skips
+      if (classification.verifiability === DYNAMIC_ROUTE_VERIFIABILITY.UNVERIFIABLE_DYNAMIC) {
+        const skipDecision = shouldSkipDynamicRoute(matchingRoute, trace);
+        
+        skips.push({
+          type: 'dynamic_route_unverifiable',
+          interaction: {
+            type: interaction.type,
+            selector: interaction.selector,
+            label: interaction.label,
+          },
+          route: {
+            path: matchingRoute.path,
+            originalPattern: matchingRoute.originalPattern,
+            sourceRef: matchingRoute.sourceRef,
+          },
+          reason: skipDecision.reason,
+          confidence: skipDecision.confidence,
+          expectation: {
+            target: navigationTarget,
+            source: expectation.source,
+          },
+        });
+        continue;
+      }
+      
+      // Correlate navigation with dynamic route
+      const correlation = correlateDynamicRouteNavigation(expectation, matchingRoute, trace);
+      
+      // If correlation indicates skip, add to skips
+      if (correlation.skip) {
+        skips.push({
+          type: 'dynamic_route_skip',
+          interaction: {
+            type: interaction.type,
+            selector: interaction.selector,
+            label: interaction.label,
+          },
+          route: {
+            path: matchingRoute.path,
+            originalPattern: matchingRoute.originalPattern,
+            sourceRef: matchingRoute.sourceRef,
+          },
+          reason: correlation.skipReason,
+          confidence: correlation.confidence,
+          expectation: {
+            target: navigationTarget,
+            source: expectation.source,
+          },
+        });
+        continue;
+      }
+      
+      // Generate finding if verdict indicates failure
+      if (correlation.verdict === ROUTE_VERDICT.SILENT_FAILURE ||
+          correlation.verdict === ROUTE_VERDICT.ROUTE_MISMATCH ||
+          (correlation.verdict === ROUTE_VERDICT.AMBIGUOUS && correlation.confidence >= 0.7)) {
+        
+        // Build evidence
+        const evidence = buildDynamicRouteEvidence(expectation, matchingRoute, correlation, trace);
+        const classificationReason = classification.reason || correlation.reason || null;
+        
+        // PHASE 14: Evidence Law - require sufficient evidence for CONFIRMED
+        const hasSufficientEvidence = evidence.beforeAfter.beforeUrl &&
+                                      evidence.beforeAfter.afterUrl &&
+                                      (evidence.signals.urlChanged ||
+                                       evidence.signals.routeMatched ||
+                                       evidence.signals.uiFeedback !== 'FEEDBACK_MISSING' ||
+                                       evidence.signals.domChanged);
+        
+        // Determine finding type early (before use in confidence call)
+        let findingType = 'dynamic_route_silent_failure';
+        if (correlation.verdict === ROUTE_VERDICT.ROUTE_MISMATCH) {
+          findingType = 'dynamic_route_mismatch';
+        } else if (correlation.verdict === ROUTE_VERDICT.AMBIGUOUS) {
+          findingType = 'dynamic_route_ambiguous';
+        }
+        
+        // PHASE 15: Compute unified confidence
+        const unifiedConfidence = computeConfidenceForFinding({
+          findingType: findingType,
+          expectation,
+          sensors: trace.sensors || {},
+          comparisons: {},
+          evidence,
+          options: {}
+        });
+        
+        // Legacy confidence for backward compatibility
+        const _confidence = computeConfidence({
+          findingType: 'dynamic_route_silent_failure',
+          expectation,
+          sensors: trace.sensors || {},
+          comparisons: {},
+          attemptMeta: {},
+        });
+        
+        // Determine severity based on evidence and verdict
+        let severity = 'SUSPECTED';
+        if (hasSufficientEvidence && correlation.verdict === ROUTE_VERDICT.SILENT_FAILURE && (unifiedConfidence.score01 || unifiedConfidence.score || 0) >= 0.8) {
+          severity = 'CONFIRMED';
+        } else if (correlation.verdict === ROUTE_VERDICT.ROUTE_MISMATCH && hasSufficientEvidence) {
+          severity = 'CONFIRMED';
+        }
+        
+        const finding = {
+          type: findingType,
+          severity,
+          confidence: unifiedConfidence.score01 || unifiedConfidence.score || 0, // Contract v1: score01 canonical
+          confidenceLevel: unifiedConfidence.level, // PHASE 15: Add confidence level
+          confidenceReasons: unifiedConfidence.topReasons || unifiedConfidence.reasons || [], // Contract v1: topReasons
+          interaction: {
+            type: interaction.type,
+            selector: interaction.selector,
+            label: interaction.label,
+          },
+          reason: correlation.reason || 'Dynamic route navigation outcome unclear',
+          evidence,
+          source: {
+            file: expectation.source?.file || null,
+            line: expectation.source?.line || null,
+            column: expectation.source?.column || null,
+            context: expectation.source?.context || null,
+            astSource: expectation.source?.astSource || null,
+          },
+          route: correlation.route,
+          expectation,
+          classification: classification,
+          classificationReason: classificationReason,
+        };
+        
+        // PHASE 16: Build and enforce evidence package
+        const findingWithEvidence = buildAndEnforceEvidencePackage(finding, {
+          expectation,
+          trace,
+          evidence,
+          confidence: unifiedConfidence,
+        });
+        
+        // PHASE 17: Apply guardrails (AFTER evidence builder)
+        const context = {
+          evidencePackage: findingWithEvidence.evidencePackage,
+          signals: findingWithEvidence.evidencePackage?.signals || evidence.signals || {},
+          confidenceReasons: unifiedConfidence.reasons || [],
+          promiseType: expectation?.type || null,
+        };
+        const { finding: findingWithGuardrails } = applyGuardrails(findingWithEvidence, context);
+        
+        dynamicRouteFindings.push(findingWithGuardrails);
+      }
+    }
+  }
+  
+  return {
+    findings: dynamicRouteFindings,
+    skips: skips,
+  };
+}
+
+/**
+ * Find navigation expectations matching the interaction
+ */
+function findNavigationExpectations(manifest, interaction, trace) {
+  const expectations = [];
+  
+  // Check static expectations
+  if (manifest.staticExpectations) {
+    const beforeUrl = trace.before?.url || trace.sensors?.navigation?.beforeUrl || '';
+    const beforePath = extractPathFromUrl(beforeUrl);
+    
+    if (beforePath) {
+      const normalizedBefore = beforePath.replace(/\/$/, '') || '/';
+      
+      for (const expectation of manifest.staticExpectations) {
+        if (expectation.type !== 'navigation' && expectation.type !== 'spa_navigation') {
+          continue;
+        }
+        
+        const normalizedFrom = (expectation.fromPath || '').replace(/\/$/, '') || '/';
+        if (normalizedFrom === normalizedBefore) {
+          const selectorHint = expectation.selectorHint || '';
+          const interactionSelector = interaction.selector || '';
+          
+          if (!selectorHint || !interactionSelector ||
+              selectorHint === interactionSelector ||
+              selectorHint.includes(interactionSelector) ||
+              interactionSelector.includes(selectorHint)) {
+            expectations.push(expectation);
+          }
+        }
+      }
+    }
+  }
+  
+  // Check expectations from intel (AST-based)
+  if (manifest.expectations) {
+    for (const expectation of manifest.expectations) {
+      if (expectation.type === 'navigation' || expectation.type === 'spa_navigation') {
+        const selectorHint = expectation.selectorHint || '';
+        const interactionSelector = interaction.selector || '';
+        const interactionLabel = (interaction.label || '').toLowerCase();
+        const expectationLabel = (expectation.promise?.value || '').toLowerCase();
+        
+        if (selectorHint === interactionSelector ||
+            (expectationLabel && interactionLabel && expectationLabel.includes(interactionLabel))) {
+          expectations.push(expectation);
+        }
+      }
+    }
+  }
+  
+  return expectations;
+}
+
+/**
+ * Find matching route model for navigation target
+ */
+function findMatchingRoute(navigationTarget, routeModels) {
+  // Try exact match first
+  let matchedRoute = routeModels.find(r => r.path === navigationTarget);
+  
+  if (matchedRoute) {
+    return matchedRoute;
+  }
+  
+  // Try pattern match for dynamic routes
+  for (const route of routeModels) {
+    if (route.isDynamic && route.originalPattern) {
+      if (matchDynamicPattern(navigationTarget, route.originalPattern)) {
+        return route;
+      }
+    }
+  }
+  
+  return null;
+}
+
+/**
+ * Match dynamic pattern against actual path
+ */
+function matchDynamicPattern(actualPath, pattern) {
+  if (!actualPath || !pattern) return false;
+  
+  // Convert pattern to regex
+  let regexPattern = pattern;
+  
+  // Replace :param with (\w+)
+  regexPattern = regexPattern.replace(/:(\w+)/g, '(\\w+)');
+  
+  // Replace [param] with (\w+)
+  regexPattern = regexPattern.replace(/\[(\w+)\]/g, '(\\w+)');
+  
+  // Escape other special characters
+  regexPattern = regexPattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  
+  // Restore the capture groups
+  regexPattern = regexPattern.replace(/\\\(\\\\w\+\\\)/g, '(\\w+)');
+  
+  const regex = new RegExp(`^${regexPattern}$`);
+  return regex.test(actualPath);
+}
+
+/**
+ * Extract path from URL
+ */
+function extractPathFromUrl(url) {
+  if (!url || typeof url !== 'string') return '';
+  
+  try {
+    const urlObj = new URL(url);
+    return urlObj.pathname;
+  } catch {
+    // Relative URL
+    const pathMatch = url.match(/^([^?#]+)/);
+    return pathMatch ? pathMatch[1] : url;
+  }
+}
+