npm - @veraxhq/verax - Versions diffs - 0.2.1 → 0.4.0 - Mend

@veraxhq/verax 0.2.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/README.md +10 -6
package/bin/verax.js +11 -11
package/package.json +29 -8
package/src/cli/commands/baseline.js +103 -0
package/src/cli/commands/default.js +51 -6
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +246 -0
package/src/cli/commands/gates.js +95 -0
package/src/cli/commands/inspect.js +4 -2
package/src/cli/commands/release-check.js +215 -0
package/src/cli/commands/run.js +45 -6
package/src/cli/commands/security-check.js +212 -0
package/src/cli/commands/truth.js +113 -0
package/src/cli/entry.js +30 -20
package/src/cli/util/angular-component-extractor.js +179 -0
package/src/cli/util/angular-navigation-detector.js +141 -0
package/src/cli/util/angular-network-detector.js +161 -0
package/src/cli/util/angular-state-detector.js +162 -0
package/src/cli/util/ast-interactive-detector.js +544 -0
package/src/cli/util/ast-network-detector.js +603 -0
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +602 -0
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/bootstrap-guard.js +86 -0
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +124 -0
package/src/cli/util/determinism-writer.js +129 -0
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +151 -5
package/src/cli/util/findings-writer.js +3 -0
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -0
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -0
package/src/cli/util/project-discovery.js +284 -0
package/src/cli/util/project-writer.js +2 -0
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-resolver.js +64 -0
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/source-requirement.js +55 -0
package/src/cli/util/summary-writer.js +2 -0
package/src/cli/util/svelte-navigation-detector.js +163 -0
package/src/cli/util/svelte-network-detector.js +80 -0
package/src/cli/util/svelte-sfc-extractor.js +146 -0
package/src/cli/util/svelte-state-detector.js +242 -0
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +178 -0
package/src/cli/util/vue-sfc-extractor.js +161 -0
package/src/cli/util/vue-state-detector.js +215 -0
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +139 -0
package/src/verax/core/artifacts/verifier.js +990 -0
package/src/verax/core/baseline/baseline.enforcer.js +137 -0
package/src/verax/core/baseline/baseline.snapshot.js +233 -0
package/src/verax/core/capabilities/gates.js +505 -0
package/src/verax/core/capabilities/registry.js +475 -0
package/src/verax/core/confidence/confidence-compute.js +144 -0
package/src/verax/core/confidence/confidence-invariants.js +234 -0
package/src/verax/core/confidence/confidence-report-writer.js +112 -0
package/src/verax/core/confidence/confidence-weights.js +44 -0
package/src/verax/core/confidence/confidence.defaults.js +65 -0
package/src/verax/core/confidence/confidence.loader.js +80 -0
package/src/verax/core/confidence/confidence.schema.js +94 -0
package/src/verax/core/confidence-engine-refactor.js +489 -0
package/src/verax/core/confidence-engine.js +625 -0
package/src/verax/core/contracts/index.js +29 -0
package/src/verax/core/contracts/types.js +186 -0
package/src/verax/core/contracts/validators.js +456 -0
package/src/verax/core/decisions/decision.trace.js +278 -0
package/src/verax/core/determinism/contract-writer.js +89 -0
package/src/verax/core/determinism/contract.js +139 -0
package/src/verax/core/determinism/diff.js +405 -0
package/src/verax/core/determinism/engine.js +222 -0
package/src/verax/core/determinism/finding-identity.js +149 -0
package/src/verax/core/determinism/normalize.js +466 -0
package/src/verax/core/determinism/report-writer.js +93 -0
package/src/verax/core/determinism/run-fingerprint.js +123 -0
package/src/verax/core/dynamic-route-intelligence.js +529 -0
package/src/verax/core/evidence/evidence-capture-service.js +308 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +166 -0
package/src/verax/core/evidence-builder.js +487 -0
package/src/verax/core/execution-mode-context.js +77 -0
package/src/verax/core/execution-mode-detector.js +192 -0
package/src/verax/core/failures/exit-codes.js +88 -0
package/src/verax/core/failures/failure-summary.js +76 -0
package/src/verax/core/failures/failure.factory.js +225 -0
package/src/verax/core/failures/failure.ledger.js +133 -0
package/src/verax/core/failures/failure.types.js +196 -0
package/src/verax/core/failures/index.js +10 -0
package/src/verax/core/ga/ga-report-writer.js +43 -0
package/src/verax/core/ga/ga.artifact.js +49 -0
package/src/verax/core/ga/ga.contract.js +435 -0
package/src/verax/core/ga/ga.enforcer.js +87 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +109 -0
package/src/verax/core/guardrails/policy.defaults.js +210 -0
package/src/verax/core/guardrails/policy.loader.js +84 -0
package/src/verax/core/guardrails/policy.schema.js +110 -0
package/src/verax/core/guardrails/truth-reconciliation.js +136 -0
package/src/verax/core/guardrails-engine.js +505 -0
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +318 -0
package/src/verax/core/perf/perf.contract.js +186 -0
package/src/verax/core/perf/perf.display.js +65 -0
package/src/verax/core/perf/perf.enforcer.js +91 -0
package/src/verax/core/perf/perf.monitor.js +209 -0
package/src/verax/core/perf/perf.report.js +200 -0
package/src/verax/core/pipeline-tracker.js +243 -0
package/src/verax/core/product-definition.js +127 -0
package/src/verax/core/release/provenance.builder.js +130 -0
package/src/verax/core/release/release-report-writer.js +40 -0
package/src/verax/core/release/release.enforcer.js +164 -0
package/src/verax/core/release/reproducibility.check.js +222 -0
package/src/verax/core/release/sbom.builder.js +292 -0
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +195 -0
package/src/verax/core/report/human-summary.js +362 -0
package/src/verax/core/route-intelligence.js +420 -0
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +329 -0
package/src/verax/core/security/security-report.js +50 -0
package/src/verax/core/security/security.enforcer.js +128 -0
package/src/verax/core/security/supplychain.defaults.json +38 -0
package/src/verax/core/security/supplychain.policy.js +334 -0
package/src/verax/core/security/vuln.scan.js +265 -0
package/src/verax/core/truth/truth.certificate.js +252 -0
package/src/verax/core/ui-feedback-intelligence.js +481 -0
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +62 -34
package/src/verax/detect/confidence-helper.js +34 -0
package/src/verax/detect/dynamic-route-findings.js +338 -0
package/src/verax/detect/expectation-chain-detector.js +417 -0
package/src/verax/detect/expectation-model.js +2 -2
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +131 -35
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +46 -5
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +558 -0
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +219 -0
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +207 -0
package/src/verax/detect/view-switch-correlator.js +242 -0
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +4 -0
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +3 -0
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +51 -155
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -513
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +205 -0
package/src/verax/observe/observe-helpers.js +192 -0
package/src/verax/observe/observe-runner.js +230 -0
package/src/verax/observe/observers/budget-observer.js +185 -0
package/src/verax/observe/observers/console-observer.js +102 -0
package/src/verax/observe/observers/coverage-observer.js +107 -0
package/src/verax/observe/observers/interaction-observer.js +471 -0
package/src/verax/observe/observers/navigation-observer.js +132 -0
package/src/verax/observe/observers/network-observer.js +87 -0
package/src/verax/observe/observers/safety-observer.js +82 -0
package/src/verax/observe/observers/ui-feedback-observer.js +99 -0
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-feedback-detector.js +742 -0
package/src/verax/scan-summary-writer.js +2 -0
package/src/verax/shared/artifact-manager.js +25 -5
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/css-spinner-rules.js +204 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/view-switch-rules.js +208 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/verax/detect/test-failure-cause-inference.js ADDED Viewed

@@ -0,0 +1,314 @@
+#!/usr/bin/env node
+/**
+ * Test: Failure Cause Inference (FCI)
+ *
+ * Tests:
+ * 1. No evidence -> no causes (Evidence Law enforcement)
+ * 2. Determinism: same input -> same causes, same ordering, same wording
+ * 3. Cause inference for C2 (state mutation no UI)
+ * 4. Cause inference for C3 (dead click)
+ * 5. Cause inference for C7 (network silent)
+ */
+import {
+  inferCauses,
+  inferCausesForFindings,
+  findingsWithCauses,
+  attachCausesToFinding
+} from './failure-cause-inference.js';
+let testCount = 0;
+let passCount = 0;
+function test(name, fn) {
+  testCount++;
+  try {
+    fn();
+    console.log(`✓ Test ${testCount}: ${name}`);
+    passCount++;
+  } catch (e) {
+    console.error(`✗ Test ${testCount}: ${name}`);
+    console.error(`  ${e.message}`);
+  }
+}
+function assert(condition, message) {
+  if (!condition) {
+    throw new Error(message);
+  }
+}
+// Test 1: No evidence -> no causes
+test('No evidence => no causes (Evidence Law)', () => {
+  const finding = {
+    id: 'test-1',
+    type: 'silent_failure',
+    evidence: {}
+  };
+  const causes = inferCauses(finding);
+  assert(Array.isArray(causes), 'Should return array');
+  assert(causes.length === 0, `Expected 0 causes, got ${causes.length}`);
+});
+// Test 2: Null/undefined finding
+test('Null finding => no causes', () => {
+  const causes = inferCauses(null);
+  assert(causes.length === 0, 'Should return empty array for null');
+});
+// Test 3: Missing evidence field
+test('Missing evidence field => no causes', () => {
+  const finding = {
+    id: 'test-2',
+    type: 'silent_failure'
+  };
+  const causes = inferCauses(finding);
+  assert(causes.length === 0, 'Should return empty array');
+});
+// Test 4: Determinism - run twice, get identical output
+test('Determinism: same finding => same causes', () => {
+  const finding = {
+    id: 'test-det-1',
+    type: 'silent_failure',
+    evidence: {
+      stateMutation: true,
+      domChanged: false,
+      navigationOccurred: false,
+      uiFeedback: false
+    }
+  };
+  const run1 = inferCauses(finding);
+  const run2 = inferCauses(finding);
+  assert(JSON.stringify(run1) === JSON.stringify(run2), 'Runs should be identical');
+  assert(run1.length > 0, 'Should detect C2 cause');
+  assert(run1[0].id === 'C2_STATE_MUTATION_NO_UI', 'Should detect C2');
+});
+// Test 5: Determinism - ordering
+test('Determinism: causes ordered by id', () => {
+  const finding = {
+    id: 'test-ord-1',
+    type: 'silent_failure',
+    evidence: {
+      stateMutation: true,
+      domChanged: false,
+      navigationOccurred: false,
+      uiFeedback: false,
+      interactionPerformed: true,
+      networkActivity: false,
+      userFeedback: false
+    }
+  };
+  const causes = inferCauses(finding);
+  // Should have both C2 and C3
+  assert(causes.length >= 1, 'Should detect at least 1 cause');
+  // Check ordering
+  for (let i = 1; i < causes.length; i++) {
+    assert(
+      causes[i].id.localeCompare(causes[i-1].id) > 0,
+      `Causes not ordered: ${causes[i].id} should come after ${causes[i-1].id}`
+    );
+  }
+});
+// Test 6: C2 inference - state mutation no UI
+test('C2: State mutation + no DOM change + no feedback', () => {
+  const finding = {
+    id: 'c2-test',
+    type: 'state_action',
+    evidence: {
+      stateMutation: true,
+      domChanged: false,
+      navigationOccurred: false,
+      uiFeedback: false
+    }
+  };
+  const causes = inferCauses(finding);
+  assert(causes.length >= 1, 'Should find at least one cause');
+  assert(causes.some(c => c.id === 'C2_STATE_MUTATION_NO_UI'), 'Should find C2');
+  const c2 = causes.find(c => c.id === 'C2_STATE_MUTATION_NO_UI');
+  assert(c2.statement.includes('Likely cause:'), 'Should start with "Likely cause:"');
+  assert(c2.confidence === 'MEDIUM', 'Should be MEDIUM confidence');
+  assert(Array.isArray(c2.evidence_refs), 'Should have evidence_refs array');
+  assert(c2.evidence_refs.length > 0, 'Should have evidence references');
+});
+// Test 7: C3 inference - dead click
+test('C3: Interaction but no network/nav/DOM/feedback', () => {
+  const finding = {
+    id: 'c3-test',
+    type: 'silent_failure',
+    evidence: {
+      interactionPerformed: true,
+      networkActivity: false,
+      navigationOccurred: false,
+      domChanged: false,
+      userFeedback: false
+    }
+  };
+  const causes = inferCauses(finding);
+  assert(causes.some(c => c.id === 'C3_DEAD_CLICK'), 'Should find C3');
+  const c3 = causes.find(c => c.id === 'C3_DEAD_CLICK');
+  assert(c3.title.includes('dead'), 'Title should mention dead');
+  assert(c3.confidence === 'MEDIUM', 'Should be MEDIUM confidence');
+});
+// Test 8: C7 inference - network silent
+test('C7: Network failure + no feedback', () => {
+  const finding = {
+    id: 'c7-test',
+    type: 'network_silent_failure',
+    evidence: {
+      networkFailure: true,
+      uiFeedback: false,
+      domChanged: false
+    }
+  };
+  const causes = inferCauses(finding);
+  assert(causes.some(c => c.id === 'C7_NETWORK_SILENT'), 'Should find C7');
+  const c7 = causes.find(c => c.id === 'C7_NETWORK_SILENT');
+  assert(c7.statement.includes('network'), 'Should mention network');
+  assert(c7.confidence === 'MEDIUM', 'Should be MEDIUM confidence');
+});
+// Test 9: Batch inference
+test('Batch inference on multiple findings', () => {
+  const findings = [
+    {
+      id: 'batch-1',
+      type: 'silent_failure',
+      evidence: { }
+    },
+    {
+      id: 'batch-2',
+      type: 'state_action',
+      evidence: {
+        stateMutation: true,
+        domChanged: false,
+        navigationOccurred: false,
+        uiFeedback: false
+      }
+    }
+  ];
+  const causesMap = inferCausesForFindings(findings);
+  assert('batch-1' in causesMap === false, 'batch-1 has no evidence, should not be in map');
+  assert('batch-2' in causesMap, 'batch-2 should be in map');
+  assert(causesMap['batch-2'].some(c => c.id === 'C2_STATE_MUTATION_NO_UI'), 'batch-2 should have C2');
+});
+// Test 10: findingsWithCauses filter
+test('findingsWithCauses filters correctly', () => {
+  const findings = [
+    {
+      id: 'with-evidence',
+      type: 'state_action',
+      evidence: {
+        stateMutation: true,
+        domChanged: false,
+        navigationOccurred: false,
+        uiFeedback: false
+      }
+    },
+    {
+      id: 'no-evidence',
+      type: 'silent_failure',
+      evidence: { }
+    }
+  ];
+  const filtered = findingsWithCauses(findings);
+  assert(filtered.length === 1, `Expected 1 finding with causes, got ${filtered.length}`);
+  assert(filtered[0].id === 'with-evidence', 'Should only include finding with causes');
+});
+// Test 11: attachCausesToFinding mutation
+test('attachCausesToFinding mutates finding', () => {
+  const finding = {
+    id: 'mutate-test',
+    type: 'state_action',
+    evidence: {
+      stateMutation: true,
+      domChanged: false,
+      navigationOccurred: false,
+      uiFeedback: false
+    }
+  };
+  assert(!('causes' in finding), 'Should not have causes before');
+  attachCausesToFinding(finding);
+  assert('causes' in finding, 'Should have causes after');
+  assert(finding.causes.length > 0, 'Should have non-empty causes array');
+});
+// Test 12: Cause statement format
+test('Cause statements start with "Likely cause:"', () => {
+  const finding = {
+    id: 'format-test',
+    type: 'state_action',
+    evidence: {
+      stateMutation: true,
+      domChanged: false,
+      navigationOccurred: false,
+      uiFeedback: false
+    }
+  };
+  const causes = inferCauses(finding);
+  causes.forEach(cause => {
+    assert(
+      cause.statement.startsWith('Likely cause:'),
+      `Statement should start with "Likely cause:", got: ${cause.statement}`
+    );
+  });
+});
+// Test 13: Confidence never HIGH
+test('Confidence is never HIGH', () => {
+  const findings = [
+    {
+      id: 't1',
+      type: 'state_action',
+      evidence: {
+        stateMutation: true,
+        domChanged: false,
+        navigationOccurred: false,
+        uiFeedback: false
+      }
+    },
+    {
+      id: 't2',
+      type: 'silent_failure',
+      evidence: {
+        interactionPerformed: true,
+        networkActivity: false,
+        navigationOccurred: false,
+        domChanged: false,
+        userFeedback: false
+      }
+    }
+  ];
+  findings.forEach(finding => {
+    const causes = inferCauses(finding);
+    causes.forEach(cause => {
+      assert(
+        cause.confidence === 'LOW' || cause.confidence === 'MEDIUM',
+        `Confidence should be LOW or MEDIUM, got ${cause.confidence}`
+      );
+    });
+  });
+});
+// Results
+console.log(`\n${passCount}/${testCount} tests passed`);
+if (passCount === testCount) {
+  console.log('✓ All tests passed');
+  process.exit(0);
+} else {
+  console.log(`✗ ${testCount - passCount} test(s) failed`);
+  process.exit(1);
+}

package/src/verax/detect/ui-feedback-findings.js ADDED Viewed

@@ -0,0 +1,207 @@
+/**
+ * PHASE 13 — UI Feedback Findings Detector
+ *
+ * Detects UI feedback-related silent failures by correlating promises
+ * with feedback signals and evaluating outcomes.
+ */
+import {
+  detectUIFeedbackSignals,
+  scoreUIFeedback,
+  correlatePromiseWithFeedback,
+  buildUIFeedbackEvidence,
+  FEEDBACK_SCORE,
+} from '../core/ui-feedback-intelligence.js';
+import { computeConfidence } from './confidence-engine.js';
+import { computeConfidenceForFinding } from '../core/confidence-engine.js';
+import { buildAndEnforceEvidencePackage } from '../core/evidence-builder.js';
+import { applyGuardrails } from '../core/guardrails-engine.js';
+/**
+ * PHASE 13: Detect UI feedback-related findings
+ *
+ * @param {Array} traces - Interaction traces
+ * @param {Object} manifest - Project manifest with expectations
+ * @param {Array} _findings - Findings array to append to
+ * @ts-expect-error - JSDoc param documented but unused
+ * @returns {Array} UI feedback-related findings
+ */
+export function detectUIFeedbackFindings(traces, manifest, _findings) {
+  const feedbackFindings = [];
+  // Process each trace
+  for (const trace of traces) {
+    const interaction = trace.interaction || {};
+    // Find expectations for this interaction
+    const expectations = findExpectationsForInteraction(manifest, interaction, trace);
+    for (const expectation of expectations) {
+      // Detect UI feedback signals
+      const signals = detectUIFeedbackSignals(trace);
+      // Score feedback presence/absence
+      const feedbackScore = scoreUIFeedback(signals, expectation, trace);
+      // Correlate promise with feedback
+      const correlation = correlatePromiseWithFeedback(expectation, feedbackScore, trace);
+      // Generate finding if correlation indicates silent failure
+      if (correlation.outcome === 'CONFIRMED' || correlation.outcome === 'SUSPECTED') {
+        // Build evidence
+        const evidence = buildUIFeedbackEvidence(feedbackScore, correlation, trace, expectation);
+        // PHASE 13: Evidence Law - require sufficient evidence for CONFIRMED
+        const hasSufficientEvidence = evidence.beforeAfter.beforeScreenshot &&
+                                      evidence.beforeAfter.afterScreenshot &&
+                                      (evidence.feedback.signals.length > 0 ||
+                                       evidence.feedback.score === FEEDBACK_SCORE.MISSING);
+        // Determine finding type early (before use in confidence call)
+        let findingType = 'ui_feedback_silent_failure';
+        if (expectation.type === 'network_action' || expectation.type === 'network') {
+          findingType = 'network_feedback_missing';
+        } else if (expectation.type === 'navigation' || expectation.type === 'spa_navigation') {
+          findingType = 'navigation_feedback_missing';
+        } else if (expectation.type === 'validation' || expectation.type === 'form_submission') {
+          findingType = 'validation_feedback_missing';
+        }
+        // PHASE 15: Compute unified confidence
+        const unifiedConfidence = computeConfidenceForFinding({
+          findingType: findingType,
+          expectation,
+          sensors: trace.sensors || {},
+          comparisons: {},
+          evidence,
+          options: {}
+        });
+        // Legacy confidence for backward compatibility
+        const _confidence = computeConfidence({
+          findingType: 'ui_feedback_silent_failure',
+          expectation,
+          sensors: trace.sensors || {},
+          comparisons: {},
+          attemptMeta: {},
+        });
+        // Determine severity based on evidence
+        const severity = hasSufficientEvidence && correlation.outcome === 'CONFIRMED' && (unifiedConfidence.score01 || unifiedConfidence.score || 0) >= 0.8
+          ? 'CONFIRMED'
+          : 'SUSPECTED';
+        const finding = {
+          type: findingType,
+          severity,
+          confidence: unifiedConfidence.score01 || unifiedConfidence.score || 0, // Contract v1: score01 canonical
+          confidenceLevel: unifiedConfidence.level, // PHASE 15: Add confidence level
+          confidenceReasons: unifiedConfidence.topReasons || unifiedConfidence.reasons || [], // Contract v1: topReasons
+          interaction: {
+            type: interaction.type,
+            selector: interaction.selector,
+            label: interaction.label,
+          },
+          reason: correlation.reason || feedbackScore.explanation,
+          evidence,
+          source: {
+            file: expectation.source?.file || null,
+            line: expectation.source?.line || null,
+            column: expectation.source?.column || null,
+            context: expectation.source?.context || null,
+            astSource: expectation.source?.astSource || null,
+          },
+        };
+        // PHASE 16: Build and enforce evidence package
+        const findingWithEvidence = buildAndEnforceEvidencePackage(finding, {
+          expectation,
+          trace,
+          evidence,
+          confidence: unifiedConfidence,
+        });
+        // PHASE 17: Apply guardrails (AFTER evidence builder)
+        const context = {
+          evidencePackage: findingWithEvidence.evidencePackage,
+          signals: findingWithEvidence.evidencePackage?.signals || evidence.signals || {},
+          confidenceReasons: unifiedConfidence.reasons || [],
+          promiseType: expectation?.type || null,
+        };
+        const { finding: findingWithGuardrails } = applyGuardrails(findingWithEvidence, context);
+        feedbackFindings.push(findingWithGuardrails);
+      }
+    }
+  }
+  return feedbackFindings;
+}
+/**
+ * Find expectations matching the interaction
+ */
+function findExpectationsForInteraction(manifest, interaction, trace) {
+  const expectations = [];
+  // Check static expectations
+  if (manifest.staticExpectations) {
+    const beforeUrl = trace.before?.url || trace.sensors?.navigation?.beforeUrl || '';
+    const beforePath = extractPathFromUrl(beforeUrl);
+    if (beforePath) {
+      const normalizedBefore = beforePath.replace(/\/$/, '') || '/';
+      for (const expectation of manifest.staticExpectations) {
+        const normalizedFrom = (expectation.fromPath || '').replace(/\/$/, '') || '/';
+        if (normalizedFrom === normalizedBefore) {
+          // Check selector match
+          const selectorHint = expectation.selectorHint || '';
+          const interactionSelector = interaction.selector || '';
+          if (!selectorHint || !interactionSelector ||
+              selectorHint === interactionSelector ||
+              selectorHint.includes(interactionSelector) ||
+              interactionSelector.includes(selectorHint)) {
+            expectations.push(expectation);
+          }
+        }
+      }
+    }
+  }
+  // Check expectations from intel (AST-based)
+  if (manifest.expectations) {
+    for (const expectation of manifest.expectations) {
+      // Match by selector or label
+      const selectorHint = expectation.selectorHint || '';
+      const interactionSelector = interaction.selector || '';
+      const interactionLabel = (interaction.label || '').toLowerCase();
+      const expectationLabel = (expectation.promise?.value || '').toLowerCase();
+      if (selectorHint === interactionSelector ||
+          (expectationLabel && interactionLabel && expectationLabel.includes(interactionLabel))) {
+        expectations.push(expectation);
+      }
+    }
+  }
+  return expectations;
+}
+/**
+ * Extract path from URL
+ */
+function extractPathFromUrl(url) {
+  if (!url || typeof url !== 'string') return '';
+  try {
+    const urlObj = new URL(url);
+    return urlObj.pathname;
+  } catch {
+    // Relative URL
+    const pathMatch = url.match(/^([^?#]+)/);
+    return pathMatch ? pathMatch[1] : url;
+  }
+}