@veraxhq/verax 0.3.0 → 0.4.0

package/src/verax/core/confidence-engine.js

@@ -62,6 +62,102 @@ export const CONFIDENCE_REASON = {
   SENSOR_MISSING: 'SENSOR_MISSING',
 };
 
+// === PHASE 26: CONFIDENCE ENGINE SIMPLIFICATION ===
+// 7 Core Buckets for scoring (Damage Control)
+export const CONFIDENCE_BUCKET = {
+  CRITICAL_EVIDENCE: 'critical_evidence',
+  MULTI_SOURCE: 'multi_source_corroboration',
+  ASSET_CRITICAL: 'asset_criticality',
+  ABUSE_KNOWN: 'known_abuse_indicators',
+  EXPLOITABLE: 'exploitability_indicator',
+  PRIV_ESCALATION: 'privilege_escalation_path',
+  IMPACT_RADIUS: 'impact_radius',
+};
+
+const CORE_BUCKETS = new Set(Object.values(CONFIDENCE_BUCKET));
+
+/**
+ * Classify confidence reason codes into buckets.
+ * Only CORE_BUCKETS contribute to score01.
+ * All other reasons become ADVISORY (tracked, not scored).
+ */
+const CORE_BUCKET_CLASSIFICATION = {
+  // === CRITICAL_EVIDENCE (Reason codes that prove the finding) ===
+  [CONFIDENCE_REASON.PROMISE_PROVEN]: CONFIDENCE_BUCKET.CRITICAL_EVIDENCE,
+  [CONFIDENCE_REASON.OBS_UI_FEEDBACK_CONFIRMED]: CONFIDENCE_BUCKET.CRITICAL_EVIDENCE,
+  [CONFIDENCE_REASON.OBS_NETWORK_FAILURE]: CONFIDENCE_BUCKET.CRITICAL_EVIDENCE,
+  
+  // === MULTI_SOURCE (Multiple independent signals align) ===
+  [CONFIDENCE_REASON.CORR_TIMING_ALIGNED]: CONFIDENCE_BUCKET.MULTI_SOURCE,
+  [CONFIDENCE_REASON.CORR_ROUTE_MATCHED]: CONFIDENCE_BUCKET.MULTI_SOURCE,
+  [CONFIDENCE_REASON.CORR_REQUEST_MATCHED]: CONFIDENCE_BUCKET.MULTI_SOURCE,
+  
+  // === ASSET_CRITICAL (Critical asset/flow) ===
+  [CONFIDENCE_REASON.GUARD_SHALLOW_ROUTING]: CONFIDENCE_BUCKET.ASSET_CRITICAL,
+  [CONFIDENCE_REASON.EVIDENCE_TRACES]: CONFIDENCE_BUCKET.ASSET_CRITICAL,
+  
+  // === ABUSE_KNOWN (Known abuse patterns) ===
+  [CONFIDENCE_REASON.GUARD_ANALYTICS_FILTERED]: CONFIDENCE_BUCKET.ABUSE_KNOWN,
+  [CONFIDENCE_REASON.OBS_NETWORK_SUCCESS]: CONFIDENCE_BUCKET.ABUSE_KNOWN,
+  
+  // === EXPLOITABLE (Finding is actionable) ===
+  [CONFIDENCE_REASON.OBS_DOM_CHANGED]: CONFIDENCE_BUCKET.EXPLOITABLE,
+  [CONFIDENCE_REASON.OBS_CONSOLE_ERRORS]: CONFIDENCE_BUCKET.EXPLOITABLE,
+  
+  // === PRIV_ESCALATION (Access/privilege changes) ===
+  [CONFIDENCE_REASON.OBS_URL_CHANGED]: CONFIDENCE_BUCKET.PRIV_ESCALATION,
+  [CONFIDENCE_REASON.CORR_TRACE_LINKED]: CONFIDENCE_BUCKET.PRIV_ESCALATION,
+  
+  // === IMPACT_RADIUS (Scope/impact evidence) ===
+  [CONFIDENCE_REASON.EVIDENCE_SCREENSHOTS]: CONFIDENCE_BUCKET.IMPACT_RADIUS,
+  [CONFIDENCE_REASON.EVIDENCE_SNIPPETS]: CONFIDENCE_BUCKET.IMPACT_RADIUS,
+  
+  // === ADVISORY (Non-core signals, tracked but not scored) ===
+  [CONFIDENCE_REASON.PROMISE_OBSERVED]: null,
+  [CONFIDENCE_REASON.PROMISE_WEAK]: null,
+  [CONFIDENCE_REASON.PROMISE_UNKNOWN]: null,
+  [CONFIDENCE_REASON.PROMISE_AST_BASED]: null,
+  [CONFIDENCE_REASON.OBS_NO_SIGNALS]: null,
+  [CONFIDENCE_REASON.CORR_WEAK_CORRELATION]: null,
+  [CONFIDENCE_REASON.GUARD_UI_FEEDBACK_PRESENT]: null,
+  [CONFIDENCE_REASON.GUARD_CONTRADICTION_DETECTED]: null,
+  [CONFIDENCE_REASON.GUARD_NETWORK_SUCCESS_NO_UI]: null,
+  [CONFIDENCE_REASON.EVIDENCE_SIGNALS]: null,
+  [CONFIDENCE_REASON.EVIDENCE_INCOMPLETE]: null,
+  [CONFIDENCE_REASON.SENSOR_NETWORK_PRESENT]: null,
+  [CONFIDENCE_REASON.SENSOR_CONSOLE_PRESENT]: null,
+  [CONFIDENCE_REASON.SENSOR_UI_PRESENT]: null,
+  [CONFIDENCE_REASON.SENSOR_UI_FEEDBACK_PRESENT]: null,
+  [CONFIDENCE_REASON.SENSOR_MISSING]: null,
+};
+
+/**
+ * Get bucket for a confidence reason. Returns null if advisory.
+ */
+function getReasonBucket(reasonCode) {
+  return CORE_BUCKET_CLASSIFICATION[reasonCode] || null;
+}
+
+/**
+ * Filter reasons to only core bucket reasons.
+ */
+function filterCoreReasons(reasons) {
+  return reasons.filter(reason => {
+    const bucket = getReasonBucket(reason);
+    return bucket !== null && CORE_BUCKETS.has(bucket);
+  });
+}
+
+/**
+ * Extract advisory reasons (non-core).
+ */
+function extractAdvisoryReasons(reasons) {
+  return reasons.filter(reason => {
+    const bucket = getReasonBucket(reason);
+    return bucket === null;
+  });
+}
+
 // Global policy cache
 let cachedPolicy = null;
 
@@ -77,6 +173,10 @@ function getConfidencePolicy(policyPath = null, projectDir = null) {
 
 /**
  * PHASE 21.4: Compute unified confidence using policy
+ * PHASE 26: Bucket-gated scoring (Confidence Simplification Contract v1)
+ * 
+ * Note: For backward compatibility, ALL reasons are returned in `reasons` array.
+ * Use `advisoryReasons` to identify which ones didn't contribute to score01.
  * 
  * @param {Object} params - Confidence computation parameters
  * @param {string} params.findingType - Type of finding
@@ -85,7 +185,7 @@ function getConfidencePolicy(policyPath = null, projectDir = null) {
  * @param {Object} params.comparisons - Comparison data
  * @param {Object} params.evidence - Evidence data (optional)
  * @param {Object} params.options - Options { policyPath, projectDir, determinismVerdict, evidencePackage }
- * @returns {Object} { score, level, reasons[], policyReport }
+ * @returns {Object} { score, level, reasons[], advisoryReasons[], policyReport }
  */
 export function computeUnifiedConfidence({ findingType, expectation, sensors = {}, comparisons = {}, evidence = {}, options = {} }) {
   // Backward compatibility: options is optional
@@ -107,6 +207,10 @@ export function computeUnifiedConfidence({ findingType, expectation, sensors = {
   // === PILLAR E: Evidence Completeness ===
   const evidenceCompleteness = assessEvidenceCompleteness(evidence, sensors, reasons, policy);
   
+  // === PHASE 26: Identify core vs advisory reasons ===
+  const coreReasons = filterCoreReasons(reasons);
+  const advisoryReasons = extractAdvisoryReasons(reasons);
+  
   // === COMPUTE BASE SCORE using policy weights ===
   const baseScore = (
     promiseStrength * policy.weights.promiseStrength +
@@ -115,16 +219,27 @@ export function computeUnifiedConfidence({ findingType, expectation, sensors = {
     guardrails * policy.weights.guardrails +
     evidenceCompleteness * policy.weights.evidenceCompleteness
   );
-  
+
+  // === APPLY MISSING SENSORS PENALTY ===
+  // Legacy rule: -15 penalty when any core sensor object is missing (network, console, uiSignals)
+  const requiredSensors = ['network', 'console', 'uiSignals'];
+  const missingSensors = requiredSensors.filter(key => sensors[key] === undefined);
+  // Increase penalty so missing core sensors are clearly visible in score100
+  const missingSensorsPenalty = missingSensors.length > 0 ? 0.25 : 0; // -25 in 0..1 scale
+  if (missingSensorsPenalty > 0) {
+    reasons.push(CONFIDENCE_REASON.SENSOR_MISSING);
+  }
+
   // === APPLY CONTRADICTIONS using policy ===
+  // Apply contradiction penalty only when guardrails are materially degraded
   const contradictionPenalty = guardrails < 0.5 ? policy.truthLocks.contradictionPenalty : 0;
-  let finalScore = Math.max(0, Math.min(1, baseScore - contradictionPenalty));
+  let finalScore = Math.max(0, Math.min(1, baseScore - contradictionPenalty - missingSensorsPenalty));
   
   // === TRUTH LOCKS: Apply determinism cap ===
   if (options?.determinismVerdict === 'NON_DETERMINISTIC') {
     const maxConfidence = policy.truthLocks.nonDeterministicMaxConfidence;
     if (finalScore > maxConfidence) {
-      reasons.push('TRUTH_LOCK_NON_DETERMINISTIC_CAP');
+      coreReasons.push('TRUTH_LOCK_NON_DETERMINISTIC_CAP');
       finalScore = Math.min(finalScore, maxConfidence);
     }
   }
@@ -133,21 +248,28 @@ export function computeUnifiedConfidence({ findingType, expectation, sensors = {
   const evidencePackage = options?.evidencePackage || evidence?.evidencePackage || {};
   if (evidencePackage?.severity === 'CONFIRMED' || evidencePackage?.status === 'CONFIRMED') {
     if (policy.truthLocks.evidenceCompleteRequired && !evidencePackage.isComplete) {
-      reasons.push('TRUTH_LOCK_EVIDENCE_INCOMPLETE');
+      coreReasons.push('TRUTH_LOCK_EVIDENCE_INCOMPLETE');
       // Force downgrade from CONFIRMED
       finalScore = Math.min(finalScore, 0.6); // Cap at MEDIUM
     }
   }
   
-  // === DETERMINE LEVEL using policy thresholds ===
+  // === DETERMINE LEVEL using Contract v1 thresholds ===
   const level = determineConfidenceLevel(finalScore, promiseStrength, evidenceCompleteness, policy);
   
   const policyReport = getPolicyReport(policy);
   
+  // Contract v1: score01 is canonical, derive score100 and topReasons (core only)
+  const topReasons = coreReasons.slice(0, 4);
+  
   return {
-    score: finalScore,
+    score: finalScore, // alias for score01 for backward compatibility
+    score01: finalScore,
+    score100: Math.round(finalScore * 100),
     level,
-    reasons: reasons.slice(0, 10),
+    reasons: reasons.slice(0, 10), // ALL reasons for backward compat (core + advisory)
+    advisoryReasons: advisoryReasons.slice(0, 10), // Advisory reasons (for analyst/context)
+    topReasons,
     policyReport: {
       version: policyReport.version,
       source: policyReport.source,
@@ -284,7 +406,7 @@ function assessCorrelationQuality(expectation, sensors, comparisons, evidence, r
 /**
  * Assess guardrails & contradictions (Pillar D) using policy
  */
-function assessGuardrails(sensors, comparisons, findingType, reasons, policy) {
+function assessGuardrails(sensors, comparisons, findingType, reasons, _policy) {
   let guardrailScore = 1.0;
   
   const networkSensor = sensors.network || {};
@@ -355,23 +477,20 @@ function assessEvidenceCompleteness(evidence, sensors, reasons, policy) {
 }
 
 /**
- * Determine confidence level using policy thresholds
+ * Determine confidence level using Contract v1 thresholds
+ * HIGH: score01 >= 0.85
+ * MEDIUM: 0.60 <= score01 < 0.85  
+ * UNPROVEN: score01 < 0.60
  */
-function determineConfidenceLevel(score, promiseStrength, evidenceCompleteness, policy) {
-  const thresholds = policy.thresholds;
-  
-  if (score >= thresholds.high && promiseStrength >= 0.9 && evidenceCompleteness >= 0.7) {
+function determineConfidenceLevel(score, _promiseStrength, _evidenceCompleteness, _policy) {
+  if (score >= 0.85) {
     return CONFIDENCE_LEVEL.HIGH;
   }
   
-  if (score >= thresholds.medium || (score >= 0.5 && promiseStrength >= 0.7)) {
+  if (score >= 0.60) {
     return CONFIDENCE_LEVEL.MEDIUM;
   }
   
-  if (score >= thresholds.low) {
-    return CONFIDENCE_LEVEL.LOW;
-  }
-  
   return CONFIDENCE_LEVEL.UNPROVEN;
 }
 
@@ -379,6 +498,11 @@ function determineConfidenceLevel(score, promiseStrength, evidenceCompleteness,
  * PHASE 21.4: Compute confidence for finding (wrapper with policy support)
  * 
  * @param {Object} params - Confidence computation parameters
+ * @param {string} params.findingType - Type of finding
+ * @param {Object} params.expectation - Promise/expectation
+ * @param {Object} params.sensors - Sensor data
+ * @param {Object} params.comparisons - Comparison data
+ * @param {Object} params.evidence - Evidence data
  * @param {Object} params.options - Options { policyPath, projectDir, determinismVerdict, evidencePackage }
  * @returns {Object} { score, level, reasons[] }
  */
@@ -387,10 +511,19 @@ export function computeConfidenceForFinding(params) {
   const options = params.options || {};
   
   // Use legacy system for base computation
-  const legacyResult = computeConfidenceLegacy(params);
+  const legacyParams = {
+    findingType: params.findingType,
+    expectation: params.expectation,
+    sensors: params.sensors,
+    comparisons: params.comparisons,
+    attemptMeta: params['attemptMeta'] || {},
+    executionModeCeiling: options.executionModeCeiling || 1.0
+  };
+  const legacyResult = computeConfidenceLegacy(legacyParams);
   
-  // Normalize score from 0-100 to 0-1
+  // Legacy returns score in 0-100; normalize to 0-1 for unified engine
   let normalizedScore = (legacyResult.score || 0) / 100;
+  normalizedScore = Math.max(0, Math.min(1, normalizedScore));
   
   // Extract reasons from legacy explain/factors
   const reasons = extractReasonsFromLegacy(legacyResult, params);
@@ -408,7 +541,7 @@ export function computeConfidenceForFinding(params) {
   }
   
   // === TRUTH LOCKS: Evidence Law cap ===
-  const evidencePackage = options?.evidencePackage || params.evidence?.evidencePackage || {};
+  const evidencePackage = options?.evidencePackage || (params.evidence && params.evidence.evidencePackage) || {};
   if (evidencePackage?.severity === 'CONFIRMED' || evidencePackage?.status === 'CONFIRMED') {
     if (policy.truthLocks.evidenceCompleteRequired && !evidencePackage.isComplete) {
       reasons.push('TRUTH_LOCK_EVIDENCE_INCOMPLETE');
@@ -424,10 +557,16 @@ export function computeConfidenceForFinding(params) {
     policy
   );
   
+  // Contract v1: Return score01, score100, level, and topReasons
+  const topReasons = reasons.slice(0, 4);
+  
   return {
-    score: normalizedScore,
+    score01: normalizedScore,
+    score100: Math.round(normalizedScore * 100),
+    score: normalizedScore, // Backward compat - should be 0..1
     level,
     reasons,
+    topReasons,
   };
 }
 

package/src/verax/core/contracts/types.js

@@ -25,6 +25,7 @@ export const FINDING_STATUS = {
   CONFIRMED: 'CONFIRMED',      // Evidence law satisfied: sufficient evidence exists
   SUSPECTED: 'SUSPECTED',      // Needs evidence: signal observed but evidence incomplete
   INFORMATIONAL: 'INFORMATIONAL', // Observation recorded, no claim of failure
+  UNPROVEN: 'UNPROVEN',        // Evidence Law v1: insufficient evidence to support claim
   DROPPED: 'DROPPED'           // Violated contracts, removed from report
 };
 

package/src/verax/core/contracts/validators.js

@@ -97,7 +97,23 @@ export function validateFinding(finding) {
   // *** EVIDENCE LAW ENFORCEMENT ***
   // PHASE 16: Check evidencePackage completeness for CONFIRMED findings
   // PHASE 21.1: HARD LOCK - CONFIRMED without complete evidencePackage is IMPOSSIBLE
+  // PHASE 21: Evidence Law validation for CONFIRMED findings
   if (finding.status === FINDING_STATUS.CONFIRMED || finding.severity === 'CONFIRMED') {
+    // EVIDENCE LAW v1: Check evidence structure first (context anchor + effect evidence)
+    const evidenceLawResult = enforceEvidenceLawV1(finding.evidence);
+    if (!evidenceLawResult.ok && evidenceLawResult.downgrade) {
+      console.log(
+        `EVIDENCE_LAW v1: downgraded CONFIRMED -> ${evidenceLawResult.downgrade} ` +
+        `(missing: ${evidenceLawResult.missing.join(', ')})`
+      );
+      return {
+        ok: true,
+        errors: [],
+        shouldDowngrade: true,
+        suggestedStatus: evidenceLawResult.downgrade
+      };
+    }
+
     // PHASE 21.1: Strict invariant - CONFIRMED findings MUST have complete evidencePackage
     if (finding.evidencePackage) {
       const missingFields = finding.evidencePackage.missingEvidence || [];
@@ -222,10 +238,17 @@ export function validateConfidence(confidence) {
     );
   }
 
-  if (confidence.score === undefined || confidence.score === null) {
-    errors.push('Missing required field: confidence.score');
-  } else if (typeof confidence.score !== 'number' || confidence.score < 0 || confidence.score > 100) {
-    errors.push(`Invalid confidence.score: ${confidence.score}. Must be a number 0-100`);
+  // Contract v1: Accept both score01 (0-1) and legacy score (0-100) for backward compat
+  if (confidence.score01 !== undefined) {
+    if (typeof confidence.score01 !== 'number' || confidence.score01 < 0 || confidence.score01 > 1) {
+      errors.push(`Invalid confidence.score01: ${confidence.score01}. Must be a number 0-1`);
+    }
+  } else if (confidence.score !== undefined) {
+    if (typeof confidence.score !== 'number' || confidence.score < 0 || confidence.score > 100) {
+      errors.push(`Invalid confidence.score: ${confidence.score}. Must be a number 0-100`);
+    }
+  } else {
+    errors.push('Missing required field: confidence.score01 or confidence.score');
   }
 
   return {
@@ -285,6 +308,57 @@ export function validateSignals(signals) {
   };
 }
 
+/**
+ * EVIDENCE LAW v1: Check if CONFIRMED finding has complete evidence structure
+ * 
+ * Rule A (Context Anchor): Must have beforeUrl OR beforeScreenshot OR before
+ * Rule B (Effect Evidence): Must have afterUrl OR after OR flags OR quantitative indicators
+ * 
+ * @param {Object} evidence - Evidence object to validate
+ * @returns {Object} { ok: boolean, downgrade: 'UNPROVEN'|'SUSPECTED'|null, missing: string[] }
+ */
+export function enforceEvidenceLawV1(evidence) {
+  if (!evidence || typeof evidence !== 'object' || Object.keys(evidence).length === 0) {
+    return { ok: false, downgrade: 'UNPROVEN', missing: ['evidence object'] };
+  }
+
+  const missing = [];
+
+  // Rule A: Context anchor (before state)
+  const hasContextAnchor = evidence.beforeUrl || evidence.beforeScreenshot || evidence.before;
+  if (!hasContextAnchor) {
+    missing.push('context anchor (beforeUrl/beforeScreenshot/before)');
+  }
+
+  // Rule B: Effect evidence (after state or change indicators)
+  const hasEffectEvidence = 
+    evidence.afterUrl || 
+    evidence.afterScreenshot || 
+    evidence.after ||
+    evidence.urlChanged === true ||
+    evidence.domChanged === true ||
+    evidence.uiChanged === true ||
+    (typeof evidence.networkRequests === 'number' && evidence.networkRequests > 0) ||
+    (Array.isArray(evidence.networkRequests) && evidence.networkRequests.length > 0) ||
+    (typeof evidence.consoleErrors === 'number' && evidence.consoleErrors > 0) ||
+    (Array.isArray(evidence.consoleErrors) && evidence.consoleErrors.length > 0) ||
+    evidence.timingBreakdown;
+
+  if (!hasEffectEvidence) {
+    missing.push('effect evidence (after/flags/quantitative)');
+  }
+
+  // Downgrade logic
+  if (!hasContextAnchor && !hasEffectEvidence) {
+    return { ok: false, downgrade: 'UNPROVEN', missing };
+  }
+  if (!hasContextAnchor || !hasEffectEvidence) {
+    return { ok: false, downgrade: 'SUSPECTED', missing };
+  }
+
+  return { ok: true, downgrade: null, missing: [] };
+}
+
 /**
  * EVIDENCE LAW: Determine if evidence is sufficient for CONFIRMED status
  * 
@@ -377,5 +451,6 @@ export default {
   validateConfidence,
   validateSignals,
   isEvidenceSubstantive,
+  enforceEvidenceLawV1,
   enforceContractsOnFindings
 };

package/src/verax/core/decision-snapshot.js

@@ -176,11 +176,9 @@ function extractUnverified(detectTruth, observeTruth) {
  * @param {Object} detectTruth - Detect phase truth
  * @param {Object} observeTruth - Observe phase truth
  * @param {Object} _silences - Silence data (unused parameter, kept for API compatibility)
- * @param {Object} options - Additional options { executionMode, executionModeCeiling }
- * @returns {Object} - Decision snapshot answering 6 mandatory questions + execution mode info
+ * @returns {Object} - Decision snapshot answering 6 mandatory questions
  */
-export function computeDecisionSnapshot(findings, detectTruth, observeTruth, _silences, options = {}) {
-  const { executionMode = null, executionModeCeiling = 1.0 } = options;
+export function computeDecisionSnapshot(findings, detectTruth, observeTruth, _silences) {
   // Question 1: Do we have confirmed SILENT FAILURES?
   const confirmedFailures = findings.filter(f => 
     f.outcome === 'broken' || f.type === 'silent_failure'
@@ -266,35 +264,10 @@ export function computeDecisionSnapshot(findings, detectTruth, observeTruth, _si
       score: confidence.score,
       coverageRatio: confidence.coverageRatio,
       factors: confidence.factors
-    },
-    
-    // EXECUTION MODE
-    executionMode: executionMode,
-    executionModeCeiling: executionModeCeiling,
-    executionModeExplanation: generateExecutionModeExplanation(executionMode, executionModeCeiling)
+    }
   };
 }
 
-/**
- * Generate explanation for execution mode awareness
- * @param {string} mode - Execution mode (PROJECT_SCAN or WEB_SCAN_LIMITED)
- * @param {number} ceiling - Confidence ceiling (0..1)
- * @returns {string} - Human-readable explanation
- */
-function generateExecutionModeExplanation(mode, ceiling) {
-  if (!mode) {
-    return null;
-  }
-  
-  if (mode === 'WEB_SCAN_LIMITED') {
-    return `Analysis limited to runtime behavior observation (no source code). Confidence capped at ${Math.round(ceiling * 100)}%. Use source code scanning for fuller analysis.`;
-  } else if (mode === 'PROJECT_SCAN') {
-    return `Full project analysis with source code. Confidence unrestricted based on evidence quality.`;
-  }
-  
-  return null;
-}
-
 /**
  * Format decision snapshot for human reading
  * @param {Object} snapshot - Decision snapshot

package/src/verax/core/decisions/decision.trace.js

@@ -27,6 +27,7 @@ export function buildDecisionTrace(projectDir, runId) {
     return null;
   }
   
+  // @ts-expect-error - readFileSync with encoding returns string
   const findings = JSON.parse(readFileSync(findingsPath, 'utf-8'));
   const traces = [];
   
@@ -268,6 +269,7 @@ export function loadDecisionTrace(projectDir, runId) {
   }
   
   try {
+  // @ts-expect-error - readFileSync with encoding returns string
     return JSON.parse(readFileSync(tracePath, 'utf-8'));
   } catch {
     return null;

package/src/verax/core/determinism/contract-writer.js

@@ -7,14 +7,14 @@
 
 import { writeFileSync } from 'fs';
 import { resolve } from 'path';
-import { DecisionRecorder } from '../determinism-model.js';
+import { DecisionRecorder as _DecisionRecorder } from '../determinism-model.js';
 import { ARTIFACT_REGISTRY } from '../artifacts/registry.js';
 
 /**
  * Write determinism contract artifact
  * 
  * @param {string} runDir - Absolute run directory path
- * @param {DecisionRecorder} decisionRecorder - Decision recorder instance
+ * @param {Object} decisionRecorder - Decision recorder instance
  * @returns {string} Path to written contract
  */
 export function writeDeterminismContract(runDir, decisionRecorder) {

package/src/verax/core/determinism/contract.js

@@ -71,7 +71,7 @@ export function isAdaptiveEventCategory(category) {
  * 
  * HARD RULE: If any adaptive event occurred → NON_DETERMINISTIC
  * 
- * @param {DecisionRecorder} decisionRecorder - Decision recorder instance
+ * @param {Object} decisionRecorder - Decision recorder instance
  * @returns {Object} { verdict, reasons, adaptiveEvents }
  */
 export function computeDeterminismVerdict(decisionRecorder) {

package/src/verax/core/determinism/diff.js

@@ -4,7 +4,7 @@
  * Generates structured diffs between normalized artifacts from different runs.
  */
 
-import { computeFindingIdentity } from './finding-identity.js';
+import { computeFindingIdentity as _computeFindingIdentity } from './finding-identity.js';
 
 /**
  * PHASE 18: Diff reason codes
@@ -48,6 +48,18 @@ export const DIFF_SEVERITY = {
   INFO: 'INFO',
 };
 
+function diffRunMeta(artifactA, artifactB) {
+  return diffGeneric(artifactA, artifactB, 'runMeta');
+}
+
+function diffDeterminismContract(artifactA, artifactB) {
+  return diffGeneric(artifactA, artifactB, 'determinismContract');
+}
+
+function diffReportArtifact(artifactA, artifactB, artifactName) {
+  return diffGeneric(artifactA, artifactB, artifactName);
+}
+
 /**
  * PHASE 18: Diff artifacts
  * 
@@ -320,6 +332,35 @@ function diffFinding(findingA, findingB, identity) {
       findingIdentity: identity,
       field: 'evidencePackage',
     });
+  } else if (evidencePackageA && evidencePackageB) {
+    if (evidencePackageA.isComplete !== evidencePackageB.isComplete) {
+      diffs.push({
+        category: DIFF_CATEGORY.EVIDENCE,
+        severity: DIFF_SEVERITY.BLOCKER,
+        reasonCode: DIFF_REASON.EVIDENCE_COMPLETENESS_CHANGED,
+        message: `Evidence completeness changed: ${evidencePackageA.isComplete} → ${evidencePackageB.isComplete}`,
+        artifact: 'findings',
+        findingIdentity: identity,
+        field: 'evidencePackage.isComplete',
+        oldValue: evidencePackageA.isComplete,
+        newValue: evidencePackageB.isComplete,
+      });
+    }
+    const missingA = Array.isArray(evidencePackageA.missingEvidence) ? evidencePackageA.missingEvidence.sort() : [];
+    const missingB = Array.isArray(evidencePackageB.missingEvidence) ? evidencePackageB.missingEvidence.sort() : [];
+    if (missingA.join('|') !== missingB.join('|')) {
+      diffs.push({
+        category: DIFF_CATEGORY.EVIDENCE,
+        severity: DIFF_SEVERITY.BLOCKER,
+        reasonCode: DIFF_REASON.EVIDENCE_MISSING,
+        message: `Missing evidence changed`,
+        artifact: 'findings',
+        findingIdentity: identity,
+        field: 'evidencePackage.missingEvidence',
+        oldValue: missingA,
+        newValue: missingB,
+      });
+    }
   }
   
   return diffs;

package/src/verax/core/determinism/engine.js

@@ -7,12 +7,11 @@
  */
 
 import { readFileSync, existsSync } from 'fs';
-import { join, resolve } from 'path';
+import { join as _join, resolve } from 'path';
 import { normalizeArtifact } from './normalize.js';
 import { diffArtifacts } from './diff.js';
 import { computeFindingIdentity } from './finding-identity.js';
-import { ARTIFACT_REGISTRY } from '../artifacts/registry.js';
-import { computeDeterminismVerdict, DETERMINISM_VERDICT, DETERMINISM_REASON } from './contract.js';
+import { computeDeterminismVerdict, DETERMINISM_VERDICT } from './contract.js';
 import { DecisionRecorder } from '../determinism-model.js';
 
 /**
@@ -28,9 +27,9 @@ export { DETERMINISM_VERDICT, DETERMINISM_REASON } from './contract.js';
  * @param {number} options.runs - Number of runs (default: 2)
  * @param {Object} options.config - Configuration for runs
  * @param {boolean} options.normalize - Whether to normalize artifacts (default: true)
- * @returns {Object} { verdict, summary, diffs, runsMeta }
+ * @returns {Promise<Object>} { verdict, summary, diffs, runsMeta }
  */
-export async function runDeterminismCheck(runFn, options = {}) {
+export async function runDeterminismCheck(runFn, options = { runs: 2, config: {}, normalize: true }) {
   const { runs = 2, config = {}, normalize = true } = options;
   
   const runsMeta = [];
@@ -53,6 +52,7 @@ export async function runDeterminismCheck(runFn, options = {}) {
       for (const [key, path] of Object.entries(runResult.artifactPaths)) {
         try {
           const content = readFileSync(path, 'utf-8');
+  // @ts-expect-error - readFileSync with encoding returns string
           artifacts[key] = JSON.parse(content);
         } catch (error) {
           // Artifact not found or invalid
@@ -121,6 +121,7 @@ export async function runDeterminismCheck(runFn, options = {}) {
     
     if (existsSync(decisionsPath)) {
       try {
+  // @ts-expect-error - readFileSync with encoding returns string
         const decisionsData = JSON.parse(readFileSync(decisionsPath, 'utf-8'));
         const decisionRecorder = DecisionRecorder.fromExport(decisionsData);
         const adaptiveCheck = computeDeterminismVerdict(decisionRecorder);
@@ -187,7 +188,7 @@ function buildFindingIdentityMap(artifactA, artifactB) {
 /**
  * Build summary from diffs
  */
-function buildSummary(diffs, runsMeta) {
+function buildSummary(diffs, _runsMeta) {
   const blockerCount = diffs.filter(d => d.severity === 'BLOCKER').length;
   const warnCount = diffs.filter(d => d.severity === 'WARN').length;
   const infoCount = diffs.filter(d => d.severity === 'INFO').length;

package/src/verax/core/determinism/finding-identity.js

@@ -120,8 +120,8 @@ function normalizePath(path) {
   // Normalize separators
   let normalized = path.replace(/\\/g, '/');
   // Remove absolute path prefixes (keep relative structure)
-  normalized = normalized.replace(/^[A-Z]:\/[^\/]+/, '');
-  normalized = normalized.replace(/^\/[^\/]+/, '');
+  normalized = normalized.replace(/^[A-Z]:\/[^/]+/, '');
+  normalized = normalized.replace(/^\/[^/]+/, '');
   return normalized;
 }
 
@@ -143,6 +143,7 @@ function normalizeUrl(url) {
  * Hash string for stable identity
  */
 function hashString(str) {
+  // @ts-expect-error - digest returns string
   return createHash('sha256').update(str).digest('hex').substring(0, 16);
 }