npm - @veraxhq/verax - Versions diffs - 0.3.0 → 0.4.0 - Mend

@veraxhq/verax 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +28 -20
package/bin/verax.js +11 -18
package/package.json +28 -7
package/src/cli/commands/baseline.js +1 -2
package/src/cli/commands/default.js +72 -81
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +3 -0
package/src/cli/commands/gates.js +1 -1
package/src/cli/commands/inspect.js +6 -133
package/src/cli/commands/release-check.js +2 -0
package/src/cli/commands/run.js +74 -246
package/src/cli/commands/security-check.js +2 -1
package/src/cli/commands/truth.js +0 -1
package/src/cli/entry.js +82 -309
package/src/cli/util/angular-component-extractor.js +2 -2
package/src/cli/util/angular-navigation-detector.js +2 -2
package/src/cli/util/ast-interactive-detector.js +4 -6
package/src/cli/util/ast-network-detector.js +3 -3
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +3 -3
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +2 -1
package/src/cli/util/determinism-writer.js +1 -1
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/env-url.js +0 -4
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +217 -367
package/src/cli/util/findings-writer.js +19 -126
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -2
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -2
package/src/cli/util/paths.js +12 -3
package/src/cli/util/project-discovery.js +284 -3
package/src/cli/util/project-writer.js +2 -2
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/summary-writer.js +2 -1
package/src/cli/util/svelte-navigation-detector.js +3 -3
package/src/cli/util/svelte-sfc-extractor.js +0 -1
package/src/cli/util/svelte-state-detector.js +1 -2
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +4 -3
package/src/cli/util/vue-sfc-extractor.js +1 -2
package/src/cli/util/vue-state-detector.js +1 -1
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/finding-explainer.js +3 -56
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +0 -15
package/src/verax/core/artifacts/verifier.js +18 -8
package/src/verax/core/baseline/baseline.snapshot.js +2 -0
package/src/verax/core/capabilities/gates.js +7 -1
package/src/verax/core/confidence/confidence-compute.js +14 -7
package/src/verax/core/confidence/confidence.loader.js +1 -0
package/src/verax/core/confidence-engine-refactor.js +8 -3
package/src/verax/core/confidence-engine.js +162 -23
package/src/verax/core/contracts/types.js +1 -0
package/src/verax/core/contracts/validators.js +79 -4
package/src/verax/core/decision-snapshot.js +3 -30
package/src/verax/core/decisions/decision.trace.js +2 -0
package/src/verax/core/determinism/contract-writer.js +2 -2
package/src/verax/core/determinism/contract.js +1 -1
package/src/verax/core/determinism/diff.js +42 -1
package/src/verax/core/determinism/engine.js +7 -6
package/src/verax/core/determinism/finding-identity.js +3 -2
package/src/verax/core/determinism/normalize.js +32 -4
package/src/verax/core/determinism/report-writer.js +1 -0
package/src/verax/core/determinism/run-fingerprint.js +7 -2
package/src/verax/core/dynamic-route-intelligence.js +8 -7
package/src/verax/core/evidence/evidence-capture-service.js +1 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +2 -1
package/src/verax/core/evidence-builder.js +2 -2
package/src/verax/core/execution-mode-context.js +1 -1
package/src/verax/core/execution-mode-detector.js +5 -3
package/src/verax/core/failures/exit-codes.js +39 -37
package/src/verax/core/failures/failure-summary.js +1 -1
package/src/verax/core/failures/failure.factory.js +3 -3
package/src/verax/core/failures/failure.ledger.js +3 -2
package/src/verax/core/ga/ga.artifact.js +1 -1
package/src/verax/core/ga/ga.contract.js +3 -2
package/src/verax/core/ga/ga.enforcer.js +1 -0
package/src/verax/core/guardrails/policy.loader.js +1 -0
package/src/verax/core/guardrails/truth-reconciliation.js +1 -1
package/src/verax/core/guardrails-engine.js +2 -2
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +2 -0
package/src/verax/core/perf/perf.report.js +2 -0
package/src/verax/core/pipeline-tracker.js +5 -0
package/src/verax/core/release/provenance.builder.js +73 -214
package/src/verax/core/release/release.enforcer.js +14 -9
package/src/verax/core/release/reproducibility.check.js +1 -0
package/src/verax/core/release/sbom.builder.js +32 -23
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +6 -3
package/src/verax/core/report/human-summary.js +141 -1
package/src/verax/core/route-intelligence.js +4 -3
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +10 -7
package/src/verax/core/security/security.enforcer.js +4 -0
package/src/verax/core/security/supplychain.policy.js +9 -1
package/src/verax/core/security/vuln.scan.js +2 -2
package/src/verax/core/truth/truth.certificate.js +3 -1
package/src/verax/core/ui-feedback-intelligence.js +12 -46
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +100 -660
package/src/verax/detect/confidence-helper.js +1 -0
package/src/verax/detect/detection-engine.js +1 -18
package/src/verax/detect/dynamic-route-findings.js +17 -14
package/src/verax/detect/expectation-chain-detector.js +1 -1
package/src/verax/detect/expectation-model.js +3 -5
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +126 -166
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +51 -234
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +4 -4
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +7 -6
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +18 -18
package/src/verax/detect/verdict-engine.js +3 -57
package/src/verax/detect/view-switch-correlator.js +2 -2
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +48 -412
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +67 -682
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/route-validator.js +1 -4
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +735 -84
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -530
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +1 -1
package/src/verax/observe/observe-helpers.js +2 -1
package/src/verax/observe/observe-runner.js +28 -24
package/src/verax/observe/observers/budget-observer.js +3 -3
package/src/verax/observe/observers/console-observer.js +4 -4
package/src/verax/observe/observers/coverage-observer.js +4 -4
package/src/verax/observe/observers/interaction-observer.js +3 -3
package/src/verax/observe/observers/navigation-observer.js +4 -4
package/src/verax/observe/observers/network-observer.js +4 -4
package/src/verax/observe/observers/safety-observer.js +1 -1
package/src/verax/observe/observers/ui-feedback-observer.js +4 -4
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-signal-sensor.js +2 -148
package/src/verax/scan-summary-writer.js +10 -42
package/src/verax/shared/artifact-manager.js +30 -13
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/core/confidence-engine.js.backup +0 -471
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/verax/index.js CHANGED Viewed

@@ -9,93 +9,40 @@ import SilenceTracker from './core/silence-model.js';
 import { generateRunId, getRunArtifactDir, getArtifactPath } from './core/run-id.js';
 import { createRunManifest, updateRunManifestHashes } from './core/run-manifest.js';
 import { computeArtifactHashes } from './core/run-id.js';
-import { FailureLedger } from './core/failures/failure.ledger.js';
-import { errorToFailure, createIOFailure, createInternalFailure } from './core/failures/failure.factory.js';
-import { FAILURE_CODE, EXECUTION_PHASE } from './core/failures/failure.types.js';
-import { createPerformanceMonitor } from './core/perf/perf.monitor.js';
-import { generatePerformanceReport, writePerformanceReport } from './core/perf/perf.report.js';
-import { recordPerformanceViolations } from './core/perf/perf.enforcer.js';
-import { PipelineTracker, PIPELINE_STAGES } from './core/pipeline-tracker.js';
-import { verifyRun } from './core/artifacts/verifier.js';
-import { getArtifactVersions } from './core/artifacts/registry.js';
 export async function scan(projectDir, url, manifestPath = null, scanBudgetOverride = null, safetyFlags = {}) {
-  // PHASE 21.5: Initialize failure ledger (runId will be set after learn)
-  const scanBudget = scanBudgetOverride || createScanBudgetWithProfile();
-  const failureLedger = new FailureLedger(null, projectDir);
-  // PHASE 21.9: Initialize performance monitor
-  const perfMonitor = createPerformanceMonitor();
-  perfMonitor.startPhase('LEARN');
-  // ARCHITECTURAL HARDENING: Initialize pipeline tracker early (before runId is known)
-  // We'll set runId on the tracker once it's generated
-  let pipelineTracker = null;
+  // VISION ENFORCEMENT: Zero-configuration mode (config files ignored unless explicit --use-config flag)
+  // VERAX adapts to the project, never requires project to adapt to VERAX
   // If manifestPath is provided, read it first before learn() overwrites it
   let loadedManifest = null;
   if (manifestPath) {
     const { readFileSync } = await import('fs');
     try {
+  // @ts-expect-error - readFileSync with encoding returns string
       const manifestContent = JSON.parse(readFileSync(manifestPath, 'utf-8'));
       loadedManifest = manifestContent;
     } catch (e) {
-      // PHASE 21.5: Record I/O failure
-      const failure = createIOFailure(
-        FAILURE_CODE.IO_READ_FAILED,
-        `Failed to read manifest: ${e.message}`,
-        'scan',
-        { manifestPath, error: e.message },
-        true // Recoverable - will fall through to learn
-      );
-      failureLedger.record(failure);
+      // Fall through to learn if we can't read the manifest
     }
   }
-  // ARCHITECTURAL HARDENING: Track LEARN stage
-  // Note: We can't track LEARN yet because we don't have runId, but we'll track it retroactively
-  const learnStartTime = Date.now();
   const learnedManifest = await learn(projectDir);
-  const learnEndTime = Date.now();
-  perfMonitor.endPhase('LEARN');
-  // ARCHITECTURAL HARDENING: Explicit manifest merging with deterministic precedence
-  // Rule: Loaded manifest routes take precedence, but learned manifest provides truth and project type
+  // Merge: prefer loaded manifest for routes, but use learned for project type and truth
   let manifest;
   if (loadedManifest) {
-    // Explicit merge: loaded manifest routes override learned, but learned provides truth
     manifest = {
       ...learnedManifest,
-      // Routes from loaded manifest (if present) override learned routes
-      publicRoutes: loadedManifest.publicRoutes || learnedManifest.publicRoutes || [],
-      routes: loadedManifest.routes || learnedManifest.routes || [],
-      internalRoutes: loadedManifest.internalRoutes || learnedManifest.internalRoutes || [],
-      staticExpectations: loadedManifest.staticExpectations || learnedManifest.staticExpectations || [],
-      // Project type: prefer loaded, fallback to learned
       projectType: loadedManifest.projectType || learnedManifest.projectType,
-      // Always preserve learned truth (this is the source of truth)
-      learnTruth: learnedManifest.learnTruth || {},
-      // Track manifest source for auditability
-      manifestSource: 'merged',
-      manifestPath: manifestPath,
-      mergeMetadata: {
-        loadedManifestProvided: true,
-        learnedManifestProvided: true,
-        routesSource: loadedManifest.routes ? 'loaded' : 'learned',
-        projectTypeSource: loadedManifest.projectType ? 'loaded' : 'learned'
-      }
+      publicRoutes: loadedManifest.publicRoutes || learnedManifest.publicRoutes,
+      routes: loadedManifest.routes || learnedManifest.routes,
+      internalRoutes: loadedManifest.internalRoutes || learnedManifest.internalRoutes,
+      staticExpectations: loadedManifest.staticExpectations || learnedManifest.staticExpectations,
+      manifestPath: manifestPath
     };
   } else {
-    manifest = {
-      ...learnedManifest,
-      manifestSource: 'learned',
-      mergeMetadata: {
-        loadedManifestProvided: false,
-        learnedManifestProvided: true,
-        routesSource: 'learned',
-        projectTypeSource: 'learned'
-      }
-    };
+    manifest = learnedManifest;
   }
   if (!url) {
@@ -110,8 +57,18 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
     manifestPath: manifest.manifestPath
   };
-  // ARCHITECTURAL HARDENING: validateRoutes now always returns explicit validation object
-  const validation = await validateRoutes(manifestForValidation, url);
+  let validation = await validateRoutes(manifestForValidation, url);
+  if (!validation) {
+    // validateRoutes might return null if routes cannot be validated
+    validation = {
+      routesValidated: 0,
+      routesReachable: 0,
+      routesUnreachable: 0,
+      details: [],
+      warnings: []
+    };
+  }
   if (validation.warnings && validation.warnings.length > 0) {
     if (!manifest.learnTruth.warnings) {
       manifest.learnTruth.warnings = [];
@@ -119,6 +76,9 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
     manifest.learnTruth.warnings.push(...validation.warnings);
   }
+  // Use budget profile if no override provided
+  const scanBudget = scanBudgetOverride || createScanBudgetWithProfile();
   // PHASE 5: Generate deterministic runId and create run manifest
   const { getBaseOrigin } = await import('./observe/domain-boundary.js');
   const baseOrigin = getBaseOrigin(url);
@@ -130,41 +90,6 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
     manifestPath
   });
-  // PHASE 21.5: Set runId in failure ledger
-  failureLedger.runId = runId;
-  // ARCHITECTURAL HARDENING: Initialize pipeline tracker now that we have runId
-  // PHASE 25: Pass runFingerprint params to PipelineTracker
-  const runFingerprintParams = url ? {
-    url,
-    projectDir,
-    manifestPath: null,
-    fixtureId: null
-  } : null;
-  pipelineTracker = new PipelineTracker(projectDir, runId, runFingerprintParams);
-  // Record LEARN stage retroactively (it completed before we had runId)
-  try {
-    pipelineTracker.stages[PIPELINE_STAGES.LEARN] = {
-      name: PIPELINE_STAGES.LEARN,
-      startedAt: new Date(learnStartTime).toISOString(),
-      completedAt: new Date(learnEndTime).toISOString(),
-      durationMs: learnEndTime - learnStartTime,
-      status: 'COMPLETE'
-    };
-    pipelineTracker.completedStages.push(PIPELINE_STAGES.LEARN);
-    pipelineTracker._writeMeta();
-  } catch (error) {
-    const failure = createInternalFailure(
-      FAILURE_CODE.INTERNAL_UNEXPECTED_ERROR,
-      `Failed to record LEARN stage: ${error.message}`,
-      'scan',
-      { error: error.message },
-      error.stack
-    );
-    failureLedger.record(failure);
-  }
   // Create run manifest at start of execution
   const runManifest = createRunManifest(projectDir, runId, {
     url,
@@ -176,61 +101,15 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
   });
   const usedManifestPath = manifestPath || manifest.manifestPath;
-  // ARCHITECTURAL HARDENING: Track OBSERVE stage
-  pipelineTracker.startStage(PIPELINE_STAGES.OBSERVE);
-  perfMonitor.startPhase('OBSERVE');
-  let observation;
-  try {
-    observation = await observe(url, usedManifestPath, scanBudget, safetyFlags, projectDir, runId);
-    perfMonitor.endPhase('OBSERVE');
-    pipelineTracker.completeStage(PIPELINE_STAGES.OBSERVE, {
-      pagesVisited: observation.observeTruth?.pagesVisited || 0,
-      interactionsExecuted: observation.observeTruth?.interactionsExecuted || 0
-    });
-  } catch (error) {
-    perfMonitor.endPhase('OBSERVE');
-    pipelineTracker.failStage(PIPELINE_STAGES.OBSERVE, error);
-    const failure = errorToFailure(
-      error,
-      FAILURE_CODE.OBSERVE_EXECUTION_FAILED,
-      'OBSERVE',
-      EXECUTION_PHASE.OBSERVE,
-      'observe',
-      { manifestPath: usedManifestPath }
-    );
-    failureLedger.record(failure);
-    throw error;
-  }
-  // Update performance monitor with observed metrics
-  if (observation.observeTruth) {
-    const pagesVisited = observation.observeTruth.pagesVisited || 0;
-    const interactionsExecuted = observation.observeTruth.interactionsExecuted || observation.observeTruth.candidatesSelected || 0;
-    for (let i = 0; i < pagesVisited; i++) {
-      perfMonitor.incrementPages();
-    }
-    for (let i = 0; i < interactionsExecuted; i++) {
-      perfMonitor.incrementInteractions();
-    }
-  }
+  const observation = await observe(url, usedManifestPath, scanBudget, safetyFlags, projectDir, runId);
   // Write a copy of the manifest into canonical run directory for replay integrity
   try {
     const { writeFileSync } = await import('fs');
     const manifestCopyPath = getArtifactPath(projectDir, runId, 'manifest.json');
     writeFileSync(manifestCopyPath, JSON.stringify(manifest, null, 2));
-  } catch (error) {
-    // PHASE 21.5: Record I/O failure (WARNING - recoverable)
-    const failure = createIOFailure(
-      FAILURE_CODE.IO_WRITE_FAILED,
-      `Failed to write manifest copy: ${error.message}`,
-      'scan',
-      { manifestPath, error: error.message },
-      true
-    );
-    failureLedger.record(failure);
+  } catch {
+    // Ignore write errors
   }
   // Create silence tracker from observation silences
@@ -239,69 +118,27 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
     silenceTracker.recordBatch(observation.silences.entries);
   }
-  // ARCHITECTURAL HARDENING: Track DETECT stage
-  pipelineTracker.startStage(PIPELINE_STAGES.DETECT);
-  perfMonitor.startPhase('DETECT');
-  let findings;
-  try {
-    findings = await detect(usedManifestPath, observation.tracesPath, validation, observation.expectationCoverageGaps || [], silenceTracker);
-    perfMonitor.endPhase('DETECT');
-    pipelineTracker.completeStage(PIPELINE_STAGES.DETECT, {
-      findingsCount: findings.findings?.length || 0,
-      coverageGapsCount: findings.coverageGaps?.length || 0
-    });
-  } catch (error) {
-    perfMonitor.endPhase('DETECT');
-    pipelineTracker.failStage(PIPELINE_STAGES.DETECT, error);
-    const failure = errorToFailure(
-      error,
-      FAILURE_CODE.DETECT_FINDING_PROCESSING_FAILED,
-      'DETECT',
-      EXECUTION_PHASE.DETECT,
-      'detect',
-      { manifestPath: usedManifestPath }
-    );
-    failureLedger.record(failure);
-    throw error; // Re-throw BLOCKING failures
-  }
+  const findings = await detect(usedManifestPath, observation.tracesPath, validation, observation.expectationCoverageGaps || [], silenceTracker);
   const learnTruthWithValidation = {
     ...manifest.learnTruth,
     validation: validation
   };
-  // ARCHITECTURAL HARDENING: Track WRITE stage
-  pipelineTracker.startStage(PIPELINE_STAGES.WRITE);
   const runDir = getRunArtifactDir(projectDir, runId);
-  let scanSummary;
-  try {
-    scanSummary = await writeScanSummary(
-      projectDir,
-      url,
-      manifest.projectType,
-      learnTruthWithValidation,
-      observation.observeTruth,
-      findings.detectTruth,
-      manifest.manifestPath,
-      observation.tracesPath,
-      findings.findingsPath,
-      runDir,
-      findings.findings // PHASE 7: Pass findings array for decision snapshot
-    );
-    pipelineTracker.completeStage(PIPELINE_STAGES.WRITE);
-  } catch (error) {
-    pipelineTracker.failStage(PIPELINE_STAGES.WRITE, error);
-    const failure = errorToFailure(
-      error,
-      FAILURE_CODE.IO_WRITE_FAILED,
-      'WRITE',
-      EXECUTION_PHASE.WRITE,
-      'writeScanSummary',
-      { runDir }
-    );
-    failureLedger.record(failure);
-    throw error;
-  }
+  const scanSummary = writeScanSummary(
+    projectDir,
+    url,
+    manifest.projectType,
+    learnTruthWithValidation,
+    observation.observeTruth,
+    findings.detectTruth,
+    manifest.manifestPath,
+    observation.tracesPath,
+    findings.findingsPath,
+    runDir,
+    findings.findings // PHASE 7: Pass findings array for decision snapshot
+  );
   // Compute observation summary from scan results (not a verdict)
   // Pass observation object (which includes traces) to observation engine
@@ -330,204 +167,9 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
   );
   observationSummary.evidenceIndexPath = evidenceIndexPath;
-  // PHASE 21.4: Write policy artifacts
-  try {
-    const { writeFileSync } = await import('fs');
-    const { loadGuardrailsPolicy, getPolicyReport: getGuardrailsPolicyReport } = await import('./core/guardrails/policy.loader.js');
-    const { loadConfidencePolicy, getPolicyReport: getConfidencePolicyReport } = await import('./core/confidence/confidence.loader.js');
-    const guardrailsPolicy = loadGuardrailsPolicy();
-    const confidencePolicy = loadConfidencePolicy();
-    const guardrailsPolicyPath = getArtifactPath(projectDir, failureLedger.runId, 'guardrails.policy.json');
-    const confidencePolicyPath = getArtifactPath(projectDir, failureLedger.runId, 'confidence.policy.json');
-    writeFileSync(guardrailsPolicyPath, JSON.stringify({
-      ...getGuardrailsPolicyReport(guardrailsPolicy),
-      rules: guardrailsPolicy.rules.map(r => ({
-        id: r.id,
-        category: r.category,
-        action: r.action,
-        mandatory: r.mandatory
-      }))
-    }, null, 2));
-    writeFileSync(confidencePolicyPath, JSON.stringify(getConfidencePolicyReport(confidencePolicy), null, 2));
-  } catch (error) {
-    // PHASE 21.5: Record I/O failure (WARNING - recoverable)
-    const failure = createIOFailure(
-      FAILURE_CODE.IO_WRITE_FAILED,
-      `Failed to write policy artifacts: ${error.message}`,
-      'scan',
-      { error: error.message },
-      true
-    );
-    failureLedger.record(failure);
-  }
-  // ARCHITECTURAL HARDENING: Write failure ledger with fallback to run.status.json
-  let ledgerPath;
-  try {
-    ledgerPath = failureLedger.write();
-  } catch (error) {
-    // If ledger write fails, write fallback entry to run.status.json
-    const failure = createInternalFailure(
-      FAILURE_CODE.INTERNAL_UNEXPECTED_ERROR,
-      `Failed to write failure ledger: ${error.message}`,
-      'scan',
-      { error: error.message },
-      error.stack
-    );
-    failureLedger.record(failure);
-    // Write fallback failure entry to run.status.json
-    try {
-      const { writeFileSync, readFileSync } = await import('fs');
-      const runStatusPath = getArtifactPath(projectDir, runId, 'run.status.json');
-      let runStatus = { status: 'FAILED', failures: [] };
-      try {
-        const existing = readFileSync(runStatusPath, 'utf-8');
-        runStatus = JSON.parse(existing);
-      } catch {
-        // File doesn't exist or is invalid, use defaults
-      }
-      runStatus.failures = runStatus.failures || [];
-      runStatus.failures.push({
-        code: FAILURE_CODE.INTERNAL_UNEXPECTED_ERROR,
-        message: `Failed to write failure ledger: ${error.message}`,
-        timestamp: new Date().toISOString(),
-        recoverable: false
-      });
-      runStatus.ledgerWriteFailed = true;
-      runStatus.ledgerWriteError = error.message;
-      writeFileSync(runStatusPath, JSON.stringify(runStatus, null, 2) + '\n', 'utf-8');
-    } catch (fallbackError) {
-      // Even fallback write failed - log only
-      console.error('CRITICAL: Failed to write failure ledger and fallback:', error.message, fallbackError.message);
-    }
-  }
-  // PHASE 21.9: Generate and write performance report
-  try {
-    perfMonitor.stop();
-    const monitorReport = perfMonitor.getFinalReport();
-    const profileName = process.env.VERAX_BUDGET_PROFILE || 'STANDARD';
-    const perfReport = generatePerformanceReport(projectDir, runId, monitorReport, profileName);
-    writePerformanceReport(projectDir, runId, perfReport);
-    // Record performance violations in failure ledger
-    recordPerformanceViolations(projectDir, runId, failureLedger);
-  } catch (error) {
-    // Record performance report failure (WARNING - recoverable)
-    const failure = createIOFailure(
-      FAILURE_CODE.IO_WRITE_FAILED,
-      `Failed to write performance report: ${error.message}`,
-      'scan',
-      { error: error.message },
-      true
-    );
-    failureLedger.record(failure);
-  }
-  // ARCHITECTURAL HARDENING: Track VERIFY stage
-  pipelineTracker.startStage(PIPELINE_STAGES.VERIFY);
-  let verification = null;
-  try {
-    const artifactVersions = getArtifactVersions();
-    verification = verifyRun(runDir, artifactVersions);
-    pipelineTracker.completeStage(PIPELINE_STAGES.VERIFY, {
-      ok: verification.ok,
-      errorsCount: verification.errors.length,
-      warningsCount: verification.warnings.length
-    });
-  } catch (error) {
-    pipelineTracker.failStage(PIPELINE_STAGES.VERIFY, error);
-    const failure = errorToFailure(
-      error,
-      FAILURE_CODE.VERIFICATION_FAILED,
-      'VERIFY',
-      EXECUTION_PHASE.VERIFY,
-      'verifyRun',
-      { runDir }
-    );
-    failureLedger.record(failure);
-    // Verification failure is not blocking, but we record it
-    verification = {
-      ok: false,
-      errors: [error.message],
-      warnings: [],
-      verifiedAt: new Date().toISOString()
-    };
-  }
-  // ARCHITECTURAL HARDENING: Track VERDICT stage (only after verification completes)
-  pipelineTracker.startStage(PIPELINE_STAGES.VERDICT);
-  try {
-    // PHASE 5: Compute artifact hashes and update run manifest
-    const artifactHashes = computeArtifactHashes(projectDir, runId);
-    updateRunManifestHashes(projectDir, runId, artifactHashes);
-    // Verdict computation (determinism and evidence law checks)
-    let determinismVerdict = null;
-    let evidenceLawViolated = false;
-    try {
-      const decisionsPath = getArtifactPath(projectDir, runId, 'decisions.json');
-      const { readFileSync, existsSync } = await import('fs');
-      if (existsSync(decisionsPath)) {
-        const decisions = JSON.parse(readFileSync(decisionsPath, 'utf-8'));
-        const { DecisionRecorder } = await import('./core/determinism-model.js');
-        const recorder = DecisionRecorder.fromExport(decisions);
-        const { computeDeterminismVerdict } = await import('./core/determinism/contract.js');
-        const verdict = computeDeterminismVerdict(recorder);
-        determinismVerdict = verdict.verdict;
-      }
-      // Check for Evidence Law violations (incomplete evidence with CONFIRMED findings)
-      if (findings.findings) {
-        for (const finding of findings.findings) {
-          if ((finding.severity === 'CONFIRMED' || finding.status === 'CONFIRMED') &&
-              finding.evidencePackage && !finding.evidencePackage.isComplete) {
-            evidenceLawViolated = true;
-            break;
-          }
-        }
-      }
-    } catch (error) {
-      // Record failure but don't block
-      const failure = createInternalFailure(
-        FAILURE_CODE.INTERNAL_UNEXPECTED_ERROR,
-        `Failed to compute determinism verdict: ${error.message}`,
-        'scan',
-        { error: error.message },
-        error.stack
-      );
-      failureLedger.record(failure);
-    }
-    pipelineTracker.completeStage(PIPELINE_STAGES.VERDICT, {
-      determinismVerdict,
-      evidenceLawViolated,
-      verificationOk: verification?.ok || false
-    });
-  } catch (error) {
-    pipelineTracker.failStage(PIPELINE_STAGES.VERDICT, error);
-    const failure = errorToFailure(
-      error,
-      FAILURE_CODE.VERDICT_COMPUTATION_FAILED,
-      'VERDICT',
-      EXECUTION_PHASE.VERDICT,
-      'computeVerdict',
-      {}
-    );
-    failureLedger.record(failure);
-    throw error;
-  }
-  // Extract verdict data from pipeline tracker
-  const verdictStage = pipelineTracker.getStage(PIPELINE_STAGES.VERDICT);
-  const determinismVerdict = verdictStage?.determinismVerdict || null;
-  const evidenceLawViolated = verdictStage?.evidenceLawViolated || false;
+  // PHASE 5: Compute artifact hashes and update run manifest
+  const artifactHashes = computeArtifactHashes(projectDir, runId);
+  updateRunManifestHashes(projectDir, runId, artifactHashes);
   return {
     manifest,
@@ -537,14 +179,8 @@ export async function scan(projectDir, url, manifestPath = null, scanBudgetOverr
     validation,
     coverageGaps: findings.coverageGaps || [],
     observationSummary,
-    runId: failureLedger.runId,
-    runManifest,
-    failureLedger: failureLedger.export(),
-    ledgerPath,
-    determinismVerdict,
-    evidenceLawViolated,
-    verification,
-    pipelineStages: pipelineTracker.getAllStages()
+    runId,
+    runManifest
   };
 }

package/src/verax/intel/ts-program.js CHANGED Viewed

@@ -245,6 +245,7 @@ export function parseFile(filePath, isJsx = false) {
     return ts.createSourceFile(
       filePath,
+  // @ts-expect-error - readFileSync with encoding returns string
       content,
       ts.ScriptTarget.ES2020,
       true,

package/src/verax/intel/vue-navigation-extractor.js CHANGED Viewed

@@ -85,6 +85,7 @@ function extractFromFile(filePath, projectRoot, _program) {
     // to handle template literals and complex navigation calls
     try {
       const content = readFileSync(filePath, 'utf-8');
+      // @ts-expect-error - readFileSync with encoding returns string
       const scriptMatch = content.match(/<script[^>]*>([\s\S]*?)<\/script>/);
       if (scriptMatch) {
         const scriptContent = scriptMatch[1];
@@ -162,6 +163,7 @@ function extractFromVueSFC(filePath, projectRoot) {
     const content = readFileSync(filePath, 'utf-8');
     // Extract template section
+    // @ts-expect-error - readFileSync with encoding returns string
     const templateMatch = content.match(/<template[^>]*>([\s\S]*?)<\/template>/);
     if (templateMatch) {
       const templateContent = templateMatch[1];
@@ -263,6 +265,7 @@ function extractFromVueSFC(filePath, projectRoot) {
     }
     // Extract script section for router.push/replace
+    // @ts-expect-error - readFileSync with encoding returns string
     const scriptMatch = content.match(/<script[^>]*>([\s\S]*?)<\/script>/);
     if (scriptMatch) {
       const scriptContent = scriptMatch[1];