npm - @veraxhq/verax - Versions diffs - 0.3.0 → 0.4.0 - Mend

@veraxhq/verax 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +28 -20
package/bin/verax.js +11 -18
package/package.json +28 -7
package/src/cli/commands/baseline.js +1 -2
package/src/cli/commands/default.js +72 -81
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +3 -0
package/src/cli/commands/gates.js +1 -1
package/src/cli/commands/inspect.js +6 -133
package/src/cli/commands/release-check.js +2 -0
package/src/cli/commands/run.js +74 -246
package/src/cli/commands/security-check.js +2 -1
package/src/cli/commands/truth.js +0 -1
package/src/cli/entry.js +82 -309
package/src/cli/util/angular-component-extractor.js +2 -2
package/src/cli/util/angular-navigation-detector.js +2 -2
package/src/cli/util/ast-interactive-detector.js +4 -6
package/src/cli/util/ast-network-detector.js +3 -3
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +3 -3
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +2 -1
package/src/cli/util/determinism-writer.js +1 -1
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/env-url.js +0 -4
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +217 -367
package/src/cli/util/findings-writer.js +19 -126
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -2
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -2
package/src/cli/util/paths.js +12 -3
package/src/cli/util/project-discovery.js +284 -3
package/src/cli/util/project-writer.js +2 -2
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/summary-writer.js +2 -1
package/src/cli/util/svelte-navigation-detector.js +3 -3
package/src/cli/util/svelte-sfc-extractor.js +0 -1
package/src/cli/util/svelte-state-detector.js +1 -2
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +4 -3
package/src/cli/util/vue-sfc-extractor.js +1 -2
package/src/cli/util/vue-state-detector.js +1 -1
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/finding-explainer.js +3 -56
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +0 -15
package/src/verax/core/artifacts/verifier.js +18 -8
package/src/verax/core/baseline/baseline.snapshot.js +2 -0
package/src/verax/core/capabilities/gates.js +7 -1
package/src/verax/core/confidence/confidence-compute.js +14 -7
package/src/verax/core/confidence/confidence.loader.js +1 -0
package/src/verax/core/confidence-engine-refactor.js +8 -3
package/src/verax/core/confidence-engine.js +162 -23
package/src/verax/core/contracts/types.js +1 -0
package/src/verax/core/contracts/validators.js +79 -4
package/src/verax/core/decision-snapshot.js +3 -30
package/src/verax/core/decisions/decision.trace.js +2 -0
package/src/verax/core/determinism/contract-writer.js +2 -2
package/src/verax/core/determinism/contract.js +1 -1
package/src/verax/core/determinism/diff.js +42 -1
package/src/verax/core/determinism/engine.js +7 -6
package/src/verax/core/determinism/finding-identity.js +3 -2
package/src/verax/core/determinism/normalize.js +32 -4
package/src/verax/core/determinism/report-writer.js +1 -0
package/src/verax/core/determinism/run-fingerprint.js +7 -2
package/src/verax/core/dynamic-route-intelligence.js +8 -7
package/src/verax/core/evidence/evidence-capture-service.js +1 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +2 -1
package/src/verax/core/evidence-builder.js +2 -2
package/src/verax/core/execution-mode-context.js +1 -1
package/src/verax/core/execution-mode-detector.js +5 -3
package/src/verax/core/failures/exit-codes.js +39 -37
package/src/verax/core/failures/failure-summary.js +1 -1
package/src/verax/core/failures/failure.factory.js +3 -3
package/src/verax/core/failures/failure.ledger.js +3 -2
package/src/verax/core/ga/ga.artifact.js +1 -1
package/src/verax/core/ga/ga.contract.js +3 -2
package/src/verax/core/ga/ga.enforcer.js +1 -0
package/src/verax/core/guardrails/policy.loader.js +1 -0
package/src/verax/core/guardrails/truth-reconciliation.js +1 -1
package/src/verax/core/guardrails-engine.js +2 -2
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +2 -0
package/src/verax/core/perf/perf.report.js +2 -0
package/src/verax/core/pipeline-tracker.js +5 -0
package/src/verax/core/release/provenance.builder.js +73 -214
package/src/verax/core/release/release.enforcer.js +14 -9
package/src/verax/core/release/reproducibility.check.js +1 -0
package/src/verax/core/release/sbom.builder.js +32 -23
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +6 -3
package/src/verax/core/report/human-summary.js +141 -1
package/src/verax/core/route-intelligence.js +4 -3
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +10 -7
package/src/verax/core/security/security.enforcer.js +4 -0
package/src/verax/core/security/supplychain.policy.js +9 -1
package/src/verax/core/security/vuln.scan.js +2 -2
package/src/verax/core/truth/truth.certificate.js +3 -1
package/src/verax/core/ui-feedback-intelligence.js +12 -46
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +100 -660
package/src/verax/detect/confidence-helper.js +1 -0
package/src/verax/detect/detection-engine.js +1 -18
package/src/verax/detect/dynamic-route-findings.js +17 -14
package/src/verax/detect/expectation-chain-detector.js +1 -1
package/src/verax/detect/expectation-model.js +3 -5
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +126 -166
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +51 -234
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +4 -4
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +7 -6
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +18 -18
package/src/verax/detect/verdict-engine.js +3 -57
package/src/verax/detect/view-switch-correlator.js +2 -2
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +48 -412
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +67 -682
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/route-validator.js +1 -4
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +735 -84
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -530
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +1 -1
package/src/verax/observe/observe-helpers.js +2 -1
package/src/verax/observe/observe-runner.js +28 -24
package/src/verax/observe/observers/budget-observer.js +3 -3
package/src/verax/observe/observers/console-observer.js +4 -4
package/src/verax/observe/observers/coverage-observer.js +4 -4
package/src/verax/observe/observers/interaction-observer.js +3 -3
package/src/verax/observe/observers/navigation-observer.js +4 -4
package/src/verax/observe/observers/network-observer.js +4 -4
package/src/verax/observe/observers/safety-observer.js +1 -1
package/src/verax/observe/observers/ui-feedback-observer.js +4 -4
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-signal-sensor.js +2 -148
package/src/verax/scan-summary-writer.js +10 -42
package/src/verax/shared/artifact-manager.js +30 -13
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/core/confidence-engine.js.backup +0 -471
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/verax/core/ui-feedback-intelligence.js CHANGED Viewed

@@ -37,8 +37,8 @@ export function detectUIFeedbackSignals(trace) {
   const sensors = trace.sensors || {};
   const uiSignals = sensors.uiSignals || {};
   const uiFeedback = sensors.uiFeedback || {};
-  const before = trace.before || {};
-  const after = trace.after || {};
+  const _before = trace.before || {};
+  const _after = trace.after || {};
   const beforeSignals = uiSignals.before || {};
   const afterSignals = uiSignals.after || {};
@@ -169,8 +169,8 @@ export function scoreUIFeedback(signals, expectation, trace) {
   const networkSensor = sensors.network || {};
   const uiFeedback = sensors.uiFeedback || {};
-  // Determine expected feedback type based on expectation
-  const expectedFeedbackTypes = inferExpectedFeedbackTypes(expectation);
+  // Evidence-only: no inferred feedback expectations
+  const expectedFeedbackTypes = [];
   // Check if any expected feedback types are present
   const matchingSignals = signals.filter(s =>
@@ -190,7 +190,9 @@ export function scoreUIFeedback(signals, expectation, trace) {
   if (matchingSignals.length > 0 || overallScore > 0.5) {
     return {
       score: FEEDBACK_SCORE.CONFIRMED,
-      confidence: Math.max(...matchingSignals.map(s => s.confidence), overallScore),
+      confidence: matchingSignals.length > 0
+        ? Math.max(...matchingSignals.map(s => s.confidence))
+        : overallScore,
       explanation: buildFeedbackExplanation(matchingSignals, overallScore, 'confirmed'),
       signals: matchingSignals,
       topSignals: matchingSignals.slice(0, 3).map(s => ({
@@ -240,42 +242,6 @@ export function scoreUIFeedback(signals, expectation, trace) {
   };
 }
-/**
- * Infer expected feedback types from expectation
- */
-function inferExpectedFeedbackTypes(expectation) {
-  const types = [];
-  if (!expectation) return types;
-  // Network expectations → loading + toast/error
-  if (expectation.type === 'network_action' || expectation.type === 'network') {
-    types.push(FEEDBACK_TYPE.LOADING);
-    types.push(FEEDBACK_TYPE.TOAST);
-    types.push(FEEDBACK_TYPE.INLINE_MESSAGE);
-  }
-  // Navigation expectations → DOM change or modal
-  if (expectation.type === 'navigation' || expectation.type === 'spa_navigation') {
-    types.push(FEEDBACK_TYPE.DOM_CHANGE);
-    types.push(FEEDBACK_TYPE.MODAL);
-  }
-  // State expectations → DOM change or disabled state
-  if (expectation.type === 'state_action' || expectation.type === 'state') {
-    types.push(FEEDBACK_TYPE.DOM_CHANGE);
-    types.push(FEEDBACK_TYPE.DISABLED);
-  }
-  // Validation expectations → inline message
-  if (expectation.type === 'validation' || expectation.type === 'form_submission') {
-    types.push(FEEDBACK_TYPE.INLINE_MESSAGE);
-    types.push(FEEDBACK_TYPE.TOAST);
-  }
-  return types;
-}
 /**
  * Build explanation for feedback score
  */
@@ -313,24 +279,24 @@ function buildFeedbackExplanation(signals, overallScore, outcome, context = {})
 /**
  * Helper functions to find selectors
  */
-function findLoadingSelector(signals) {
+function findLoadingSelector(_signals) {
   // Return a generic selector hint
   return '[aria-busy="true"], [data-loading], [role="status"]';
 }
-function findDisabledSelector(signals) {
+function findDisabledSelector(_signals) {
   return '[disabled], [aria-disabled="true"]';
 }
-function findToastSelector(signals) {
+function findToastSelector(_signals) {
   return '[role="alert"], [role="status"], [aria-live], .toast, .snackbar';
 }
-function findDialogSelector(signals) {
+function findDialogSelector(_signals) {
   return '[role="dialog"], [aria-modal="true"]';
 }
-function findInlineMessageSelector(signals) {
+function findInlineMessageSelector(_signals) {
   return '[role="alert"], .error, .success, [class*="message"]';
 }

package/src/verax/detect/conditional-ui-silent-failure.js ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * Conditional UI Stale State Detection
+ *
+ * Detects UI elements that should update/disappear when state changes but don't:
+ * - State mutation observed (via state sensor or console logs)
+ * - Dependent UI element remains unchanged
+ * - Expected element missing or still visible
+ *
+ * CONFIDENCE: MEDIUM (heuristic-based)
+ * PARTIAL SUPPORT: Heuristic detection, not semantic analysis
+ *
+ * Note: Does NOT detect async race conditions (UNSUPPORTED - too many false positives)
+ */
+import { hasDomChange } from './comparison.js';
+import { enrichFindingWithExplanations } from './finding-detector.js';
+export function detectConditionalUiSilentFailures(traces, manifest, findings) {
+  // Parameters:
+  // traces - array of interaction traces from observation
+  // manifest - project manifest (contains expectations)
+  // findings - array to append new findings to (mutated in-place)
+  for (const trace of traces) {
+    const sensors = trace.sensors || {};
+    const stateSignals = sensors.state || {};
+    const uiSignals = sensors.uiSignals || {};
+    const uiDiff = uiSignals.diff || {};
+    const domChanged = hasDomChange(trace);
+    // Heuristic: State changed but UI didn't
+    // This suggests a stale UI or conditional rendering bug
+    const stateChanged = stateSignals.changed === true ||
+                        (stateSignals.changed && stateSignals.changed.length > 0);
+    const uiChanged = uiDiff.changed === true;
+    // Detection logic:
+    // State changed but UI did not
+    // This is a common pattern for stale UI bugs in React/Vue
+    if (stateChanged && !uiChanged && !domChanged) {
+      const interaction = trace.interaction || {};
+      // Skip if it's a form input (expected state-only change)
+      if (interaction.type === 'interaction' && interaction.category === 'button') {
+        const evidence = {
+          before: trace.before?.screenshot || trace.beforeScreenshot || '',
+          after: trace.after?.screenshot || trace.afterScreenshot || '',
+          beforeUrl: trace.before?.url || trace.beforeUrl || '',
+          afterUrl: trace.after?.url || trace.afterUrl || '',
+          stateChanged,
+          uiChanged,
+          domChanged,
+          reason: 'State updated but UI did not reflect the change (stale UI)'
+        };
+        const finding = {
+          type: 'conditional_ui_silent_failure',
+          description: `Conditional UI element did not update when state changed`,
+          summary: `Button/interaction caused state change but UI did not update (stale UI pattern)`,
+          explanation: `State mutation was detected but the UI elements dependent on that state did not update. This is a common pattern in React/Vue applications where conditional rendering or dynamic classes don't update properly.`,
+          evidence,
+          confidence: {
+            level: 0.60, // MEDIUM - heuristic-based
+            reasons: [
+              'State mutation observed',
+              'UI elements did not update to reflect new state',
+              'Likely stale UI or conditional rendering bug'
+            ]
+          },
+          promise: {
+            type: 'conditional_ui_update',
+            expected: 'State change triggers UI update (conditional render, class change, etc.)',
+            actual: 'State changed but UI remained unchanged'
+          },
+          capabilityNote: 'PARTIAL SUPPORT: Detection based on state sensor data and heuristics. Does not perform semantic analysis of UI logic. Async race conditions are UNSUPPORTED due to high false positive rate.'
+        };
+        // Enrich with explanations
+        enrichFindingWithExplanations(finding, trace);
+        findings.push(finding);
+      }
+    }
+  }
+}