npm - @veraxhq/verax - Versions diffs - 0.3.0 → 0.4.0 - Mend

@veraxhq/verax 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +28 -20
package/bin/verax.js +11 -18
package/package.json +28 -7
package/src/cli/commands/baseline.js +1 -2
package/src/cli/commands/default.js +72 -81
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +3 -0
package/src/cli/commands/gates.js +1 -1
package/src/cli/commands/inspect.js +6 -133
package/src/cli/commands/release-check.js +2 -0
package/src/cli/commands/run.js +74 -246
package/src/cli/commands/security-check.js +2 -1
package/src/cli/commands/truth.js +0 -1
package/src/cli/entry.js +82 -309
package/src/cli/util/angular-component-extractor.js +2 -2
package/src/cli/util/angular-navigation-detector.js +2 -2
package/src/cli/util/ast-interactive-detector.js +4 -6
package/src/cli/util/ast-network-detector.js +3 -3
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +3 -3
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +2 -1
package/src/cli/util/determinism-writer.js +1 -1
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/env-url.js +0 -4
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +217 -367
package/src/cli/util/findings-writer.js +19 -126
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -2
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -2
package/src/cli/util/paths.js +12 -3
package/src/cli/util/project-discovery.js +284 -3
package/src/cli/util/project-writer.js +2 -2
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/summary-writer.js +2 -1
package/src/cli/util/svelte-navigation-detector.js +3 -3
package/src/cli/util/svelte-sfc-extractor.js +0 -1
package/src/cli/util/svelte-state-detector.js +1 -2
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +4 -3
package/src/cli/util/vue-sfc-extractor.js +1 -2
package/src/cli/util/vue-state-detector.js +1 -1
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/finding-explainer.js +3 -56
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +0 -15
package/src/verax/core/artifacts/verifier.js +18 -8
package/src/verax/core/baseline/baseline.snapshot.js +2 -0
package/src/verax/core/capabilities/gates.js +7 -1
package/src/verax/core/confidence/confidence-compute.js +14 -7
package/src/verax/core/confidence/confidence.loader.js +1 -0
package/src/verax/core/confidence-engine-refactor.js +8 -3
package/src/verax/core/confidence-engine.js +162 -23
package/src/verax/core/contracts/types.js +1 -0
package/src/verax/core/contracts/validators.js +79 -4
package/src/verax/core/decision-snapshot.js +3 -30
package/src/verax/core/decisions/decision.trace.js +2 -0
package/src/verax/core/determinism/contract-writer.js +2 -2
package/src/verax/core/determinism/contract.js +1 -1
package/src/verax/core/determinism/diff.js +42 -1
package/src/verax/core/determinism/engine.js +7 -6
package/src/verax/core/determinism/finding-identity.js +3 -2
package/src/verax/core/determinism/normalize.js +32 -4
package/src/verax/core/determinism/report-writer.js +1 -0
package/src/verax/core/determinism/run-fingerprint.js +7 -2
package/src/verax/core/dynamic-route-intelligence.js +8 -7
package/src/verax/core/evidence/evidence-capture-service.js +1 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +2 -1
package/src/verax/core/evidence-builder.js +2 -2
package/src/verax/core/execution-mode-context.js +1 -1
package/src/verax/core/execution-mode-detector.js +5 -3
package/src/verax/core/failures/exit-codes.js +39 -37
package/src/verax/core/failures/failure-summary.js +1 -1
package/src/verax/core/failures/failure.factory.js +3 -3
package/src/verax/core/failures/failure.ledger.js +3 -2
package/src/verax/core/ga/ga.artifact.js +1 -1
package/src/verax/core/ga/ga.contract.js +3 -2
package/src/verax/core/ga/ga.enforcer.js +1 -0
package/src/verax/core/guardrails/policy.loader.js +1 -0
package/src/verax/core/guardrails/truth-reconciliation.js +1 -1
package/src/verax/core/guardrails-engine.js +2 -2
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +2 -0
package/src/verax/core/perf/perf.report.js +2 -0
package/src/verax/core/pipeline-tracker.js +5 -0
package/src/verax/core/release/provenance.builder.js +73 -214
package/src/verax/core/release/release.enforcer.js +14 -9
package/src/verax/core/release/reproducibility.check.js +1 -0
package/src/verax/core/release/sbom.builder.js +32 -23
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +6 -3
package/src/verax/core/report/human-summary.js +141 -1
package/src/verax/core/route-intelligence.js +4 -3
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +10 -7
package/src/verax/core/security/security.enforcer.js +4 -0
package/src/verax/core/security/supplychain.policy.js +9 -1
package/src/verax/core/security/vuln.scan.js +2 -2
package/src/verax/core/truth/truth.certificate.js +3 -1
package/src/verax/core/ui-feedback-intelligence.js +12 -46
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +100 -660
package/src/verax/detect/confidence-helper.js +1 -0
package/src/verax/detect/detection-engine.js +1 -18
package/src/verax/detect/dynamic-route-findings.js +17 -14
package/src/verax/detect/expectation-chain-detector.js +1 -1
package/src/verax/detect/expectation-model.js +3 -5
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +126 -166
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +51 -234
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +4 -4
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +7 -6
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +18 -18
package/src/verax/detect/verdict-engine.js +3 -57
package/src/verax/detect/view-switch-correlator.js +2 -2
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +48 -412
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +67 -682
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/route-validator.js +1 -4
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +735 -84
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -530
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +1 -1
package/src/verax/observe/observe-helpers.js +2 -1
package/src/verax/observe/observe-runner.js +28 -24
package/src/verax/observe/observers/budget-observer.js +3 -3
package/src/verax/observe/observers/console-observer.js +4 -4
package/src/verax/observe/observers/coverage-observer.js +4 -4
package/src/verax/observe/observers/interaction-observer.js +3 -3
package/src/verax/observe/observers/navigation-observer.js +4 -4
package/src/verax/observe/observers/network-observer.js +4 -4
package/src/verax/observe/observers/safety-observer.js +1 -1
package/src/verax/observe/observers/ui-feedback-observer.js +4 -4
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-signal-sensor.js +2 -148
package/src/verax/scan-summary-writer.js +10 -42
package/src/verax/shared/artifact-manager.js +30 -13
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/core/confidence-engine.js.backup +0 -471
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/verax/observe/interaction-executor.js ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * INTERACTION EXECUTION ENGINE
+ *
+ * Handles execution of interactions on pages, evidence capture, and tracing.
+ */
+import { runInteraction } from './interaction-runner.js';
+import { deriveObservedExpectation, shouldAttemptRepeatObservedExpectation, evaluateObservedExpectation } from './observed-expectation.js';
+import { isExternalUrl } from './domain-boundary.js';
+/**
+ * Execute a single interaction and capture results
+ *
+ * @param {Object} page - Playwright page
+ * @param {Object} interaction - Interaction to execute
+ * @param {number} timestamp - Execution timestamp
+ * @param {number} interactionIndex - Index in execution sequence
+ * @param {string} screenshotsDir - Directory for screenshots
+ * @param {string} baseOrigin - Base origin for URL checking
+ * @param {number} startTime - Scan start time
+ * @param {Object} routeBudget - Route-specific budget
+ * @param {Object} expectationResults - Results from proven expectations
+ * @param {Object} silenceTracker - Silence tracker
+ * @returns {Promise<{trace: Object, totalExecuted: number, navigatedToNewPage: boolean, newPageUrl: string|null}>}
+ */
+export async function executeInteraction(
+  page,
+  interaction,
+  timestamp,
+  interactionIndex,
+  screenshotsDir,
+  baseOrigin,
+  startTime,
+  routeBudget,
+  expectationResults,
+  silenceTracker
+) {
+  const beforeUrl = page.url();
+  const trace = await runInteraction(
+    page,
+    interaction,
+    timestamp,
+    interactionIndex,
+    screenshotsDir,
+    baseOrigin,
+    startTime,
+    routeBudget,
+    null,
+    silenceTracker
+  );
+  let totalExecuted = 1;
+  if (trace) {
+    // Check if this matched a proven expectation
+    const matchingExpectation = expectationResults?.results?.find(
+      r => r.trace?.interaction?.selector === trace.interaction.selector
+    );
+    if (matchingExpectation) {
+      trace.expectationDriven = true;
+      trace.expectationId = matchingExpectation.expectationId;
+      trace.expectationOutcome = matchingExpectation.outcome;
+    } else {
+      // Derive observed expectation from trace
+      const observedExpectation = deriveObservedExpectation(interaction, trace, baseOrigin);
+      if (observedExpectation) {
+        trace.observedExpectation = observedExpectation;
+        trace.resultType = 'OBSERVED_EXPECTATION';
+        // Attempt repeat if eligible and budget allows
+        const repeatEligible = shouldAttemptRepeatObservedExpectation(observedExpectation, trace);
+        const budgetAllowsRepeat = repeatEligible &&
+          (Date.now() - startTime) < routeBudget.maxScanDurationMs;
+        if (budgetAllowsRepeat) {
+          const repeatIndex = interactionIndex + 1;
+          const repeatResult = await repeatObservedInteraction(
+            page,
+            interaction,
+            observedExpectation,
+            timestamp,
+            repeatIndex,
+            screenshotsDir,
+            baseOrigin,
+            startTime,
+            routeBudget
+          );
+          if (repeatResult) {
+            const repeatEvaluation = repeatResult.repeatEvaluation;
+            trace.observedExpectation.repeatAttempted = true;
+            trace.observedExpectation.repeated = repeatEvaluation.outcome === 'VERIFIED';
+            trace.observedExpectation.repeatOutcome = repeatEvaluation.outcome;
+            trace.observedExpectation.repeatReason = repeatEvaluation.reason;
+            if (repeatEvaluation.outcome === 'OBSERVED_BREAK') {
+              trace.observedExpectation.outcome = 'OBSERVED_BREAK';
+              trace.observedExpectation.reason = 'inconsistent_on_repeat';
+              trace.observedExpectation.confidenceLevel = 'LOW';
+            } else if (trace.observedExpectation.repeated && trace.observedExpectation.outcome === 'VERIFIED') {
+              trace.observedExpectation.confidenceLevel = 'MEDIUM';
+            }
+            totalExecuted = 2;
+          }
+        }
+      } else {
+        trace.unprovenResult = true;
+        trace.resultType = 'UNPROVEN_RESULT';
+      }
+    }
+  }
+  // Check for same-origin navigation
+  let navigatedToNewPage = false;
+  let newPageUrl = null;
+  if (trace) {
+    const afterUrl = trace.after?.url || page.url();
+    const navigatedSameOrigin = afterUrl && afterUrl !== beforeUrl && !isExternalUrl(afterUrl, baseOrigin);
+    if (navigatedSameOrigin && interaction.type === 'link') {
+      navigatedToNewPage = true;
+      newPageUrl = afterUrl;
+    }
+  }
+  return {
+    trace,
+    totalExecuted,
+    navigatedToNewPage,
+    newPageUrl
+  };
+}
+/**
+ * Repeat an observed interaction to verify consistency
+ */
+async function repeatObservedInteraction(
+  page,
+  interaction,
+  observedExpectation,
+  timestamp,
+  interactionIndex,
+  screenshotsDir,
+  baseOrigin,
+  startTime,
+  scanBudget
+) {
+  const selector = observedExpectation.evidence?.selector || interaction.selector;
+  if (!selector) return null;
+  const locator = page.locator(selector).first();
+  const count = await locator.count();
+  if (count === 0) {
+    return null;
+  }
+  const repeatInteraction = {
+    ...interaction,
+    element: locator
+  };
+  const repeatTrace = await runInteraction(
+    page,
+    repeatInteraction,
+    timestamp,
+    interactionIndex,
+    screenshotsDir,
+    baseOrigin,
+    startTime,
+    scanBudget,
+    null,
+    null // No silence tracker for repeat executions
+  );
+  if (!repeatTrace) {
+    return null;
+  }
+  repeatTrace.repeatExecution = true;
+  repeatTrace.repeatOfObservedExpectationId = observedExpectation.id;
+  repeatTrace.resultType = 'OBSERVED_EXPECTATION_REPEAT';
+  const repeatEvaluation = evaluateObservedExpectation(observedExpectation, repeatTrace);
+  return {
+    repeatTrace,
+    repeatEvaluation
+  };
+}