npm - @veraxhq/verax - Versions diffs - 0.3.0 → 0.4.0 - Mend

@veraxhq/verax 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +28 -20
package/bin/verax.js +11 -18
package/package.json +28 -7
package/src/cli/commands/baseline.js +1 -2
package/src/cli/commands/default.js +72 -81
package/src/cli/commands/doctor.js +29 -0
package/src/cli/commands/ga.js +3 -0
package/src/cli/commands/gates.js +1 -1
package/src/cli/commands/inspect.js +6 -133
package/src/cli/commands/release-check.js +2 -0
package/src/cli/commands/run.js +74 -246
package/src/cli/commands/security-check.js +2 -1
package/src/cli/commands/truth.js +0 -1
package/src/cli/entry.js +82 -309
package/src/cli/util/angular-component-extractor.js +2 -2
package/src/cli/util/angular-navigation-detector.js +2 -2
package/src/cli/util/ast-interactive-detector.js +4 -6
package/src/cli/util/ast-network-detector.js +3 -3
package/src/cli/util/ast-promise-extractor.js +581 -0
package/src/cli/util/ast-usestate-detector.js +3 -3
package/src/cli/util/atomic-write.js +12 -1
package/src/cli/util/console-reporter.js +72 -0
package/src/cli/util/detection-engine.js +105 -41
package/src/cli/util/determinism-runner.js +2 -1
package/src/cli/util/determinism-writer.js +1 -1
package/src/cli/util/digest-engine.js +359 -0
package/src/cli/util/dom-diff.js +226 -0
package/src/cli/util/env-url.js +0 -4
package/src/cli/util/evidence-engine.js +287 -0
package/src/cli/util/expectation-extractor.js +217 -367
package/src/cli/util/findings-writer.js +19 -126
package/src/cli/util/framework-detector.js +572 -0
package/src/cli/util/idgen.js +1 -1
package/src/cli/util/interaction-planner.js +529 -0
package/src/cli/util/learn-writer.js +2 -2
package/src/cli/util/ledger-writer.js +110 -0
package/src/cli/util/monorepo-resolver.js +162 -0
package/src/cli/util/observation-engine.js +127 -278
package/src/cli/util/observe-writer.js +2 -2
package/src/cli/util/paths.js +12 -3
package/src/cli/util/project-discovery.js +284 -3
package/src/cli/util/project-writer.js +2 -2
package/src/cli/util/run-id.js +23 -27
package/src/cli/util/run-result.js +778 -0
package/src/cli/util/selector-resolver.js +235 -0
package/src/cli/util/summary-writer.js +2 -1
package/src/cli/util/svelte-navigation-detector.js +3 -3
package/src/cli/util/svelte-sfc-extractor.js +0 -1
package/src/cli/util/svelte-state-detector.js +1 -2
package/src/cli/util/trust-activation-integration.js +496 -0
package/src/cli/util/trust-activation-wrapper.js +85 -0
package/src/cli/util/trust-integration-hooks.js +164 -0
package/src/cli/util/types.js +153 -0
package/src/cli/util/url-validation.js +40 -0
package/src/cli/util/vue-navigation-detector.js +4 -3
package/src/cli/util/vue-sfc-extractor.js +1 -2
package/src/cli/util/vue-state-detector.js +1 -1
package/src/types/fs-augment.d.ts +23 -0
package/src/types/global.d.ts +137 -0
package/src/types/internal-types.d.ts +35 -0
package/src/verax/cli/finding-explainer.js +3 -56
package/src/verax/cli/init.js +4 -18
package/src/verax/core/action-classifier.js +4 -3
package/src/verax/core/artifacts/registry.js +0 -15
package/src/verax/core/artifacts/verifier.js +18 -8
package/src/verax/core/baseline/baseline.snapshot.js +2 -0
package/src/verax/core/capabilities/gates.js +7 -1
package/src/verax/core/confidence/confidence-compute.js +14 -7
package/src/verax/core/confidence/confidence.loader.js +1 -0
package/src/verax/core/confidence-engine-refactor.js +8 -3
package/src/verax/core/confidence-engine.js +162 -23
package/src/verax/core/contracts/types.js +1 -0
package/src/verax/core/contracts/validators.js +79 -4
package/src/verax/core/decision-snapshot.js +3 -30
package/src/verax/core/decisions/decision.trace.js +2 -0
package/src/verax/core/determinism/contract-writer.js +2 -2
package/src/verax/core/determinism/contract.js +1 -1
package/src/verax/core/determinism/diff.js +42 -1
package/src/verax/core/determinism/engine.js +7 -6
package/src/verax/core/determinism/finding-identity.js +3 -2
package/src/verax/core/determinism/normalize.js +32 -4
package/src/verax/core/determinism/report-writer.js +1 -0
package/src/verax/core/determinism/run-fingerprint.js +7 -2
package/src/verax/core/dynamic-route-intelligence.js +8 -7
package/src/verax/core/evidence/evidence-capture-service.js +1 -0
package/src/verax/core/evidence/evidence-intent-ledger.js +2 -1
package/src/verax/core/evidence-builder.js +2 -2
package/src/verax/core/execution-mode-context.js +1 -1
package/src/verax/core/execution-mode-detector.js +5 -3
package/src/verax/core/failures/exit-codes.js +39 -37
package/src/verax/core/failures/failure-summary.js +1 -1
package/src/verax/core/failures/failure.factory.js +3 -3
package/src/verax/core/failures/failure.ledger.js +3 -2
package/src/verax/core/ga/ga.artifact.js +1 -1
package/src/verax/core/ga/ga.contract.js +3 -2
package/src/verax/core/ga/ga.enforcer.js +1 -0
package/src/verax/core/guardrails/policy.loader.js +1 -0
package/src/verax/core/guardrails/truth-reconciliation.js +1 -1
package/src/verax/core/guardrails-engine.js +2 -2
package/src/verax/core/incremental-store.js +1 -0
package/src/verax/core/integrity/budget.js +138 -0
package/src/verax/core/integrity/determinism.js +342 -0
package/src/verax/core/integrity/integrity.js +208 -0
package/src/verax/core/integrity/poisoning.js +108 -0
package/src/verax/core/integrity/transaction.js +140 -0
package/src/verax/core/observe/run-timeline.js +2 -0
package/src/verax/core/perf/perf.report.js +2 -0
package/src/verax/core/pipeline-tracker.js +5 -0
package/src/verax/core/release/provenance.builder.js +73 -214
package/src/verax/core/release/release.enforcer.js +14 -9
package/src/verax/core/release/reproducibility.check.js +1 -0
package/src/verax/core/release/sbom.builder.js +32 -23
package/src/verax/core/replay-validator.js +2 -0
package/src/verax/core/replay.js +4 -0
package/src/verax/core/report/cross-index.js +6 -3
package/src/verax/core/report/human-summary.js +141 -1
package/src/verax/core/route-intelligence.js +4 -3
package/src/verax/core/run-id.js +6 -3
package/src/verax/core/run-manifest.js +4 -3
package/src/verax/core/security/secrets.scan.js +10 -7
package/src/verax/core/security/security.enforcer.js +4 -0
package/src/verax/core/security/supplychain.policy.js +9 -1
package/src/verax/core/security/vuln.scan.js +2 -2
package/src/verax/core/truth/truth.certificate.js +3 -1
package/src/verax/core/ui-feedback-intelligence.js +12 -46
package/src/verax/detect/conditional-ui-silent-failure.js +84 -0
package/src/verax/detect/confidence-engine.js +100 -660
package/src/verax/detect/confidence-helper.js +1 -0
package/src/verax/detect/detection-engine.js +1 -18
package/src/verax/detect/dynamic-route-findings.js +17 -14
package/src/verax/detect/expectation-chain-detector.js +1 -1
package/src/verax/detect/expectation-model.js +3 -5
package/src/verax/detect/failure-cause-inference.js +293 -0
package/src/verax/detect/findings-writer.js +126 -166
package/src/verax/detect/flow-detector.js +2 -2
package/src/verax/detect/form-silent-failure.js +98 -0
package/src/verax/detect/index.js +51 -234
package/src/verax/detect/invariants-enforcer.js +147 -0
package/src/verax/detect/journey-stall-detector.js +4 -4
package/src/verax/detect/navigation-silent-failure.js +82 -0
package/src/verax/detect/problem-aggregator.js +361 -0
package/src/verax/detect/route-findings.js +7 -6
package/src/verax/detect/summary-writer.js +477 -0
package/src/verax/detect/test-failure-cause-inference.js +314 -0
package/src/verax/detect/ui-feedback-findings.js +18 -18
package/src/verax/detect/verdict-engine.js +3 -57
package/src/verax/detect/view-switch-correlator.js +2 -2
package/src/verax/flow/flow-engine.js +2 -1
package/src/verax/flow/flow-spec.js +0 -6
package/src/verax/index.js +48 -412
package/src/verax/intel/ts-program.js +1 -0
package/src/verax/intel/vue-navigation-extractor.js +3 -0
package/src/verax/learn/action-contract-extractor.js +67 -682
package/src/verax/learn/ast-contract-extractor.js +1 -1
package/src/verax/learn/flow-extractor.js +1 -0
package/src/verax/learn/project-detector.js +5 -0
package/src/verax/learn/react-router-extractor.js +2 -0
package/src/verax/learn/route-validator.js +1 -4
package/src/verax/learn/source-instrumenter.js +1 -0
package/src/verax/learn/state-extractor.js +2 -1
package/src/verax/learn/static-extractor.js +1 -0
package/src/verax/observe/coverage-gaps.js +132 -0
package/src/verax/observe/expectation-handler.js +126 -0
package/src/verax/observe/incremental-skip.js +46 -0
package/src/verax/observe/index.js +735 -84
package/src/verax/observe/interaction-executor.js +192 -0
package/src/verax/observe/interaction-runner.js +782 -530
package/src/verax/observe/network-firewall.js +86 -0
package/src/verax/observe/observation-builder.js +169 -0
package/src/verax/observe/observe-context.js +1 -1
package/src/verax/observe/observe-helpers.js +2 -1
package/src/verax/observe/observe-runner.js +28 -24
package/src/verax/observe/observers/budget-observer.js +3 -3
package/src/verax/observe/observers/console-observer.js +4 -4
package/src/verax/observe/observers/coverage-observer.js +4 -4
package/src/verax/observe/observers/interaction-observer.js +3 -3
package/src/verax/observe/observers/navigation-observer.js +4 -4
package/src/verax/observe/observers/network-observer.js +4 -4
package/src/verax/observe/observers/safety-observer.js +1 -1
package/src/verax/observe/observers/ui-feedback-observer.js +4 -4
package/src/verax/observe/page-traversal.js +138 -0
package/src/verax/observe/snapshot-ops.js +94 -0
package/src/verax/observe/ui-signal-sensor.js +2 -148
package/src/verax/scan-summary-writer.js +10 -42
package/src/verax/shared/artifact-manager.js +30 -13
package/src/verax/shared/caching.js +1 -0
package/src/verax/shared/expectation-tracker.js +1 -0
package/src/verax/shared/zip-artifacts.js +6 -0
package/src/verax/core/confidence-engine.js.backup +0 -471
package/src/verax/shared/config-loader.js +0 -169
/package/src/verax/shared/{expectation-proof.js → expectation-validation.js} +0 -0

package/src/cli/util/findings-writer.js CHANGED Viewed

@@ -1,142 +1,35 @@
 import { atomicWriteJson } from './atomic-write.js';
 import { resolve } from 'path';
 import { findingIdFromExpectationId } from './idgen.js';
-import {
-  enforceContractsOnFindings,
-  FINDING_STATUS,
-  CONFIDENCE_LEVEL,
-  IMPACT,
-  USER_RISK,
-  OWNERSHIP,
-} from '../../verax/core/contracts/index.js';
-import { ARTIFACT_REGISTRY, getArtifactVersions } from '../../verax/core/artifacts/registry.js';
+import { ARTIFACT_REGISTRY } from '../../verax/core/artifacts/registry.js';
 /**
- * Write findings.json artifact with deterministic IDs and contract enforcement
+ * Write findings.json artifact with deterministic IDs
  */
 export function writeFindingsJson(runDir, findingsData) {
-  const findingsPath = resolve(runDir, ARTIFACT_REGISTRY.findings.filename);
-  const normalizedFindings = normalizeFindings(findingsData?.findings || []);
-  const enforcement = enforceContractsOnFindings(normalizedFindings);
-  const findingsWithIds = enforcement.valid.map((finding) => ({
+  const findingsPath = resolve(runDir, 'findings.json');
+  // Add deterministic finding IDs based on expectation IDs
+  const findingsWithIds = (findingsData.findings || []).map(finding => ({
     ...finding,
-    findingId: findingIdFromExpectationId(finding.id || finding.expectationId || ''),
+    findingId: findingIdFromExpectationId(finding.id),
   }));
-  const stats = findingsData?.stats || {};
   const payload = {
-    contractVersion: 1,
-    artifactVersions: getArtifactVersions(),
+    contractVersion: ARTIFACT_REGISTRY.findings.contractVersion,
     findings: findingsWithIds,
-    total: findingsWithIds.length,
+    total: findingsData.stats?.total || 0,
     stats: {
-      total: findingsWithIds.length,
-      silentFailures: stats.silentFailures || 0,
-      observed: stats.observed || 0,
-      coverageGaps: stats.coverageGaps || 0,
-      unproven: stats.unproven || 0,
-      informational: stats.informational || 0,
-    },
-    detectedAt: findingsData?.detectedAt || new Date().toISOString(),
-    enforcement: {
-      droppedCount: enforcement.dropped.length,
-      downgradedCount: enforcement.downgrades.length,
-      downgrades: enforcement.downgrades.map((entry) => ({
-        reason: entry.reason,
-        originalStatus: entry.original?.status,
-        downgradeToStatus: entry.downgraded?.status,
-      })),
-      dropped: enforcement.dropped.map((entry) => ({
-        reason: entry.reason,
-      })),
+      total: findingsData.stats?.total || 0,
+      silentFailures: findingsData.stats?.silentFailures || 0,
+      observed: findingsData.stats?.observed || 0,
+      coverageGaps: findingsData.stats?.coverageGaps || 0,
+      unproven: findingsData.stats?.unproven || 0,
+      informational: findingsData.stats?.informational || 0,
     },
+    detectedAt: findingsData.detectedAt || new Date().toISOString(),
+    enforcement: findingsData.enforcement || null,
   };
   atomicWriteJson(findingsPath, payload);
-  return { path: findingsPath, payload };
-}
-function normalizeFindings(findings) {
-  return findings.map((finding) => normalizeFinding(finding));
-}
-function normalizeFinding(finding) {
-  const status = finding.status || mapClassificationToStatus(finding.classification);
-  const evidence = normalizeEvidence(finding.evidence);
-  const confidence = normalizeConfidence(finding.confidence);
-  const signals = normalizeSignals(finding);
-  const interaction = finding.interaction || {
-    type: finding.type || 'unknown',
-    selector: finding.promise?.selector || finding.promise?.value || finding.source?.file || 'unknown',
-  };
-  return {
-    ...finding,
-    status,
-    evidence,
-    confidence,
-    signals,
-    interaction,
-    what_happened: finding.what_happened || finding.reason || 'Expectation was exercised during scan.',
-    what_was_expected: finding.what_was_expected || finding.promise?.value || 'Expectation derived from source code.',
-    what_was_observed: finding.what_was_observed || finding.reason || 'Observation recorded for expectation.',
-    why_it_matters: finding.why_it_matters || 'Potential silent failure identified by expectation vs observation.',
-  };
-}
-function mapClassificationToStatus(classification) {
-  if (classification === 'observed') return FINDING_STATUS.CONFIRMED;
-  if (classification === 'silent-failure') return FINDING_STATUS.SUSPECTED;
-  if (classification === 'coverage-gap' || classification === 'unproven') return FINDING_STATUS.SUSPECTED;
-  return FINDING_STATUS.INFORMATIONAL;
-}
-function normalizeConfidence(confidence) {
-  if (confidence && typeof confidence === 'object' && confidence.level && confidence.score !== undefined) {
-    return confidence;
-  }
-  const numeric = typeof confidence === 'number' ? Math.max(0, Math.min(1, confidence)) : 0;
-  const score = Math.round(numeric * 100);
-  let level = CONFIDENCE_LEVEL.UNPROVEN;
-  if (score >= 80) level = CONFIDENCE_LEVEL.HIGH;
-  else if (score >= 60) level = CONFIDENCE_LEVEL.MEDIUM;
-  else if (score > 0) level = CONFIDENCE_LEVEL.LOW;
-  return { level, score };
-}
-function normalizeEvidence(evidenceArray) {
-  const items = Array.isArray(evidenceArray) ? evidenceArray : [];
-  const hasNetworkActivity = items.some((item) => item?.type === 'network-log');
-  const hasDomChange = items.some((item) => item?.type === 'screenshot');
-  return {
-    type: hasNetworkActivity ? 'network_activity' : undefined,
-    hasDomChange,
-    hasUrlChange: false,
-    hasNetworkActivity,
-    hasStateChange: false,
-    networkRequests: items.filter((item) => item?.type === 'network-log'),
-    before: items.find((item) => item?.type === 'screenshot')?.path,
-    after: undefined,
-  };
-}
-function normalizeSignals(finding) {
-  if (finding.signals && typeof finding.signals === 'object') {
-    return finding.signals;
-  }
-  const impact = (finding.impact && IMPACT[finding.impact]) ? finding.impact : IMPACT.MEDIUM;
-  return {
-    impact,
-    userRisk: USER_RISK.CONFUSES,
-    ownership: OWNERSHIP.FRONTEND,
-    grouping: {
-      expectationType: finding.type || 'unknown',
-    },
-  };
 }