npm - @veraxhq/verax - Versions diffs - 0.4.0 → 0.4.5 - Mend

@veraxhq/verax 0.4.0 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (557) hide show

package/README.md +194 -165
package/bin/verax.js +5 -1
package/package.json +14 -5
package/src/cli/commands/inspect.js +95 -56
package/src/cli/commands/run.js +1375 -534
package/src/cli/config/cli-contract.js +182 -0
package/src/cli/config/enterprise-policy.js +264 -0
package/src/cli/entry.js +567 -142
package/src/cli/phases/detect-phase.js +91 -0
package/src/cli/phases/execute-phase.js +56 -0
package/src/cli/phases/finalize-phase.js +125 -0
package/src/cli/phases/initialize-phase.js +75 -0
package/src/cli/phases/learn-phase.js +15 -0
package/src/cli/phases/observe-phase.js +23 -0
package/src/cli/run/error-writer.js +82 -0
package/src/cli/run/failure-matrix.js +22 -0
package/src/cli/run/output-summary.js +120 -0
package/src/cli/run/timeout-handler.js +85 -0
package/src/cli/run/validation-simple.js +45 -0
package/src/cli/run-helpers/print-console-summary.js +35 -0
package/src/cli/run-helpers/validate-inputs.js +30 -0
package/src/cli/run-helpers/write-error-artifacts.js +83 -0
package/src/cli/run-helpers/write-final-artifacts.js +102 -0
package/src/cli/run-helpers/write-initial-artifacts.js +50 -0
package/src/cli/util/atomic-write.js +171 -36
package/src/cli/util/auth/auth-applier.js +153 -0
package/src/cli/util/auth/auth-config.js +63 -0
package/src/cli/util/auth/auth-utils.js +252 -0
package/src/cli/util/auth/auth-verifier.js +101 -0
package/src/cli/util/bounded-collections.js +241 -0
package/src/cli/util/ci/artifact-pack.js +184 -0
package/src/cli/util/config/defaults.js +136 -0
package/src/cli/util/{env-url.js → config/env-url.js} +3 -0
package/src/cli/util/config/load-config.js +127 -0
package/src/cli/util/{monorepo-resolver.js → config/monorepo-resolver.js} +4 -1
package/src/cli/util/{project-discovery.js → config/project-discovery.js} +111 -98
package/src/cli/util/config/project-shape.js +114 -0
package/src/cli/util/config/redaction-config.js +103 -0
package/src/cli/util/config/source-discovery.js +241 -0
package/src/cli/util/{source-requirement.js → config/source-requirement.js} +6 -3
package/src/cli/util/config/src-resolver.js +33 -0
package/src/cli/util/{url-validation.js → config/url-validation.js} +8 -0
package/src/cli/util/contracts/output-contract.js +332 -0
package/src/cli/util/{angular-component-extractor.js → detection/angular-component-extractor.js} +3 -0
package/src/cli/util/detection/angular-extractor.js +314 -0
package/src/cli/util/{angular-navigation-detector.js → detection/angular-navigation-detector.js} +20 -0
package/src/cli/util/{angular-network-detector.js → detection/angular-network-detector.js} +21 -0
package/src/cli/util/{angular-state-detector.js → detection/angular-state-detector.js} +20 -0
package/src/cli/util/{ast-interactive-detector.js → detection/ast-interactive-detector.js} +10 -11
package/src/cli/util/{ast-network-detector.js → detection/ast-network-detector.js} +7 -16
package/src/cli/util/{ast-promise-extractor.js → detection/ast-promise-extractor.js} +3 -0
package/src/cli/util/{ast-usestate-detector.js → detection/ast-usestate-detector.js} +13 -29
package/src/cli/util/detection/base-detector.js +25 -0
package/src/cli/util/detection/client-side-routing-detector.js +117 -0
package/src/cli/util/detection/detection-engine.js +373 -0
package/src/cli/util/detection/detector-registry.js +99 -0
package/src/cli/util/detection/evidence-law.js +82 -0
package/src/cli/util/detection/finding-explanation.js +101 -0
package/src/cli/util/{framework-detector.js → detection/framework-detector.js} +6 -3
package/src/cli/util/detection/loading-resolution-detector.js +127 -0
package/src/cli/util/detection/nextjs-observable-detector.js +179 -0
package/src/cli/util/detection/promise-extractor-2.js +859 -0
package/src/cli/util/detection/react-observable-detector.js +211 -0
package/src/cli/util/detection/risk-framing.js +99 -0
package/src/cli/util/detection/silent-failure-classifier.js +607 -0
package/src/cli/util/detection/silent-failure-intelligence.js +89 -0
package/src/cli/util/detection/static-string-resolver.js +333 -0
package/src/cli/util/{svelte-navigation-detector.js → detection/svelte-navigation-detector.js} +20 -0
package/src/cli/util/{svelte-network-detector.js → detection/svelte-network-detector.js} +21 -0
package/src/cli/util/{svelte-sfc-extractor.js → detection/svelte-sfc-extractor.js} +3 -0
package/src/cli/util/{svelte-state-detector.js → detection/svelte-state-detector.js} +21 -0
package/src/cli/util/detection/sveltekit-extractor.js +247 -0
package/src/cli/util/detection/test-silent-failure-contract.js +674 -0
package/src/cli/util/detection/ui-feedback-pattern-detector.js +192 -0
package/src/cli/util/detection/vue-extractor.js +151 -0
package/src/cli/util/detection/vue-navigation-detector.js +154 -0
package/src/cli/util/detection/vue-observable-detector.js +162 -0
package/src/cli/util/{vue-sfc-extractor.js → detection/vue-sfc-extractor.js} +3 -0
package/src/cli/util/detection/vue-state-detector.js +160 -0
package/src/cli/util/detection-engine.js +492 -308
package/src/cli/util/diagnostics/diagnostics-engine.js +379 -0
package/src/cli/util/evidence/coverage-writer.js +58 -0
package/src/cli/util/{digest-engine.js → evidence/digest-engine.js} +37 -9
package/src/cli/util/evidence/dom-redactor.js +172 -0
package/src/cli/util/evidence/evidence-attribution.js +356 -0
package/src/cli/util/evidence/evidence-budget.js +167 -0
package/src/cli/util/evidence/evidence-deduplication.js +378 -0
package/src/cli/util/{evidence-engine.js → evidence/evidence-engine.js} +90 -16
package/src/cli/util/evidence/evidence-integrity.js +114 -0
package/src/cli/util/evidence/evidence-manifest.js +109 -0
package/src/cli/util/evidence/evidence-size-tracker.js +170 -0
package/src/cli/util/evidence/evidence-stream-writer.js +221 -0
package/src/cli/util/evidence/evidence-validator.js +381 -0
package/src/cli/util/evidence/findings-writer.js +48 -0
package/src/cli/util/evidence/human-summary-writer.js +75 -0
package/src/cli/util/evidence/integrity-manifest.js +199 -0
package/src/cli/util/evidence/interaction-intent-record.js +175 -0
package/src/cli/util/evidence/judgments-writer.js +81 -0
package/src/cli/util/evidence/learn-writer.js +67 -0
package/src/cli/util/{ledger-writer.js → evidence/ledger-writer.js} +9 -17
package/src/cli/util/{redact.js → evidence/redact.js} +83 -13
package/src/cli/util/evidence/screenshot-redactor.js +298 -0
package/src/cli/util/evidence/summary-writer.js +143 -0
package/src/cli/util/explain/explain-engine.js +550 -0
package/src/cli/util/integrity-validator.js +248 -0
package/src/cli/util/internals/diagnose/artifact-writer.js +22 -0
package/src/cli/util/internals/diagnose/diagnostics-generator.js +29 -0
package/src/cli/util/internals/diagnose/output-formatter.js +223 -0
package/src/cli/util/internals/diagnose/run-id-resolver.js +41 -0
package/src/cli/util/internals/stability-run/batch-executor.js +47 -0
package/src/cli/util/internals/stability-run/batch-utils.js +38 -0
package/src/cli/util/internals/stability-run/output-formatter.js +115 -0
package/src/cli/util/internals/stability-run/report-generator.js +38 -0
package/src/cli/util/observation/action-dispatcher.js +133 -0
package/src/cli/util/observation/alignment-guard.js +182 -0
package/src/cli/util/observation/anti-false-green.js +255 -0
package/src/cli/util/observation/diagnostics-collector.js +171 -0
package/src/cli/util/observation/diagnostics-summary.js +77 -0
package/src/cli/util/observation/dom-diff.js +386 -0
package/src/cli/util/observation/evidence-capture-service.js +222 -0
package/src/cli/util/{expectation-extractor.js → observation/expectation-extractor.js} +231 -19
package/src/cli/util/observation/feedback-scope.js +513 -0
package/src/cli/util/observation/interaction-intent-engine.js +218 -0
package/src/cli/util/observation/interaction-planner.js +827 -0
package/src/cli/util/observation/observation-engine.js +582 -0
package/src/cli/util/observation/observation-profile.js +334 -0
package/src/cli/util/observation/observe-writer.js +56 -0
package/src/cli/util/observation/outcome-evaluator.js +224 -0
package/src/cli/util/observation/outcome-truth-matrix.js +436 -0
package/src/cli/util/observation/outcome-watcher.js +245 -0
package/src/cli/util/observation/progressive-acknowledgment.js +158 -0
package/src/cli/util/observation/route-sensor.js +266 -0
package/src/cli/util/{runtime-budget.js → observation/runtime-budget.js} +6 -12
package/src/cli/util/observation/runtime-micro-crawl.js +248 -0
package/src/cli/util/observation/runtime-navigation-discovery.js +352 -0
package/src/cli/util/observation/runtime-readiness.js +128 -0
package/src/cli/util/{selector-resolver.js → observation/selector-resolver.js} +93 -28
package/src/cli/util/observation/silence-classifier.js +369 -0
package/src/cli/util/observation/test-mode-budget.js +28 -0
package/src/cli/util/observation/test-mode-stub.js +108 -0
package/src/cli/util/{trust-activation-integration.js → observation/trust-activation-integration.js} +13 -9
package/src/cli/util/{trust-activation-wrapper.js → observation/trust-activation-wrapper.js} +3 -0
package/src/cli/util/{trust-integration-hooks.js → observation/trust-integration-hooks.js} +2 -10
package/src/cli/util/observation/ui-mutation-tracker.js +212 -0
package/src/cli/util/output/cli-ux-formatter.js +300 -0
package/src/cli/util/output/human-summary-generator.js +358 -0
package/src/cli/util/output/judgment-ux.js +345 -0
package/src/cli/util/output/product-seal.js +279 -0
package/src/cli/util/performance-hooks.js +93 -0
package/src/cli/util/policy/policy-loader.js +288 -0
package/src/cli/util/profiles/profile-loader.js +150 -0
package/src/cli/util/run-artifact-validation.js +343 -0
package/src/cli/util/run-cache.js +255 -0
package/src/cli/util/run-completion-sentinel.js +148 -0
package/src/cli/util/stability/stability-engine.js +522 -0
package/src/cli/util/support/atomic-write.js +51 -0
package/src/cli/util/{bootstrap-guard.js → support/bootstrap-guard.js} +3 -0
package/src/cli/util/support/canonical-naming.js +273 -0
package/src/cli/util/support/cleanup-logger.js +67 -0
package/src/cli/util/support/console-formatters.js +127 -0
package/src/cli/util/{console-reporter.js → support/console-reporter.js} +12 -4
package/src/cli/util/support/decision-snapshot.js +220 -0
package/src/cli/util/support/deprecation.js +111 -0
package/src/cli/util/support/determinism-normalizer.js +168 -0
package/src/cli/util/{determinism-runner.js → support/determinism-runner.js} +9 -12
package/src/cli/util/{determinism-writer.js → support/determinism-writer.js} +16 -21
package/src/cli/util/support/error-contract.js +182 -0
package/src/cli/util/support/errors.js +54 -0
package/src/cli/util/{events.js → support/events.js} +10 -5
package/src/cli/util/support/first-run-detection.js +79 -0
package/src/cli/util/{idgen.js → support/idgen.js} +3 -0
package/src/cli/util/support/normalize-path.js +24 -0
package/src/cli/util/support/paths.js +84 -0
package/src/cli/util/{project-writer.js → support/project-writer.js} +4 -1
package/src/cli/util/support/retention.js +155 -0
package/src/cli/util/support/run-dir-resolver.js +179 -0
package/src/cli/util/support/run-id.js +88 -0
package/src/cli/util/support/run-manifest.js +148 -0
package/src/cli/util/{run-resolver.js → support/run-resolver.js} +5 -0
package/src/cli/util/{run-result.js → support/run-result.js} +53 -80
package/src/cli/util/support/run-sequence.js +96 -0
package/src/cli/util/support/scan-index.js +75 -0
package/src/cli/util/support/src-auto-discovery.js +143 -0
package/src/cli/util/support/time-provider.js +137 -0
package/src/cli/util/{types.js → support/types.js} +7 -4
package/src/cli/util/timeout-manager.js +210 -0
package/src/cli/util/triage/triage-engine.js +414 -0
package/src/cli/util/ux-output-integration.js +168 -0
package/src/config/runtime-contract.js +27 -0
package/src/internal/future-gates/README.md +45 -0
package/src/internal/future-gates/commands/clean.js +142 -0
package/src/internal/future-gates/commands/diagnose.js +53 -0
package/src/{cli → internal/future-gates}/commands/doctor.js +23 -7
package/src/internal/future-gates/commands/explain.js +208 -0
package/src/internal/future-gates/commands/gate.js +113 -0
package/src/internal/future-gates/commands/stability-run.js +84 -0
package/src/internal/future-gates/commands/stability.js +164 -0
package/src/internal/future-gates/commands/triage.js +109 -0
package/src/{verax/core → internal/future-gates}/dynamic-route-intelligence.js +53 -10
package/src/internal/future-gates/ga/ga.contract.js +77 -0
package/src/internal/future-gates/ga/ga.enforcer.js +50 -0
package/src/internal/future-gates/release/provenance.builder.js +58 -0
package/src/internal/future-gates/release/release.enforcer.js +90 -0
package/src/internal/future-gates/security/security.enforcer.js +72 -0
package/src/{verax/core → internal/future-gates}/truth/truth.certificate.js +7 -2
package/src/internal/future-gates/v1-runtime-seal.js +119 -0
package/src/internal/future-gates/vision/compliance-engine.js +423 -0
package/src/internal/future-gates/vision/vision-checklist.js +119 -0
package/src/internal/future-gates/vision/vision-resolver.js +1040 -0
package/src/types/global.d.ts +27 -0
package/src/types/internal-types.d.ts +1 -1
package/src/types/node/index.d.ts +15 -0
package/src/types/node-process.d.ts +17 -0
package/src/util/bounded-collections.js +216 -0
package/src/util/run-cache.js +160 -0
package/src/verax/cleanup-engine.js +274 -0
package/src/verax/cli/ci-summary.js +3 -0
package/src/verax/cli/context-explanation.js +3 -0
package/src/verax/cli/doctor.js +68 -49
package/src/verax/cli/error-normalizer.js +3 -0
package/src/verax/cli/explain-output.js +3 -0
package/src/verax/cli/finding-explainer.js +3 -0
package/src/verax/cli/init.js +3 -0
package/src/verax/cli/run-overview.js +3 -0
package/src/verax/cli/url-safety.js +4 -0
package/src/verax/cli/wizard.js +4 -0
package/src/verax/cli/zero-findings-explainer.js +3 -0
package/src/verax/cli/zero-interaction-explainer.js +3 -0
package/src/verax/core/action-classifier.js +3 -0
package/src/verax/core/artifacts/registry.js +24 -0
package/src/verax/core/artifacts/verifier-validations.js +565 -0
package/src/verax/core/artifacts/verifier.js +396 -989
package/src/verax/core/baseline/baseline.enforcer.js +3 -0
package/src/verax/core/baseline/baseline.snapshot.js +8 -4
package/src/verax/core/budget-engine.js +3 -0
package/src/verax/core/budgets.js +126 -0
package/src/verax/core/canonical-artifacts-contract.js +306 -0
package/src/verax/core/canonical-outcomes.js +3 -0
package/src/verax/core/capabilities/gates.js +21 -10
package/src/verax/core/capabilities/registry.js +22 -19
package/src/verax/core/confidence/confidence-compute.js +200 -21
package/src/verax/core/confidence/confidence-invariants.js +3 -0
package/src/verax/core/confidence/confidence-report-writer.js +6 -1
package/src/verax/core/confidence/confidence-weights.js +3 -0
package/src/verax/core/confidence/confidence.defaults.js +3 -0
package/src/verax/core/confidence/confidence.loader.js +4 -1
package/src/verax/core/confidence/confidence.schema.js +3 -0
package/src/verax/core/confidence/explanation-helpers.js +281 -0
package/src/verax/core/confidence/index.js +233 -0
package/src/verax/core/confidence/policy-cache.js +85 -0
package/src/verax/core/confidence/reason-codes.js +257 -0
package/src/verax/core/confidence-engine.js +19 -4
package/src/verax/core/console-log-filter.js +199 -0
package/src/verax/core/contracts/index.js +3 -0
package/src/verax/core/contracts/types.js +3 -0
package/src/verax/core/contracts/validators.js +7 -15
package/src/verax/core/decision/evaluate-decision-usefulness.js +86 -0
package/src/verax/core/decision-snapshot.js +3 -0
package/src/verax/core/decisions/decision.trace.js +19 -5
package/src/verax/core/determinism/contract-writer.js +5 -1
package/src/verax/core/determinism/contract.js +3 -0
package/src/verax/core/determinism/diff.js +14 -5
package/src/verax/core/determinism/engine.js +12 -22
package/src/verax/core/determinism/finding-identity.js +4 -1
package/src/verax/core/determinism/normalize.js +6 -3
package/src/verax/core/determinism/output-serializer.js +184 -0
package/src/verax/core/determinism/report-writer.js +9 -14
package/src/verax/core/determinism/run-fingerprint.js +61 -15
package/src/verax/core/determinism-analyzer.js +118 -0
package/src/verax/core/determinism-model.js +15 -10
package/src/verax/core/evidence/evaluate-evidence-quality.js +145 -0
package/src/verax/core/evidence/evidence-capture-service.js +18 -4
package/src/verax/core/evidence/evidence-intent-ledger.js +10 -3
package/src/verax/core/evidence-builder/build-evidence.js +283 -0
package/src/verax/core/evidence-builder/enforce-evidence.js +117 -0
package/src/verax/core/evidence-builder/errors.js +13 -0
package/src/verax/core/evidence-builder/validate-evidence.js +92 -0
package/src/verax/core/evidence-builder.js +24 -380
package/src/verax/core/evidence-security-policy.js +443 -0
package/src/verax/core/execution-mode-context.js +3 -0
package/src/verax/core/execution-mode-detector.js +6 -1
package/src/verax/core/failures/exit-codes.js +34 -25
package/src/verax/core/failures/failure-mode-matrix.js +132 -0
package/src/verax/core/failures/failure-summary.js +3 -0
package/src/verax/core/failures/failure.factory.js +5 -1
package/src/verax/core/failures/failure.ledger.js +10 -4
package/src/verax/core/failures/failure.types.js +3 -0
package/src/verax/core/failures/index.js +3 -0
package/src/verax/core/framework-support.js +43 -0
package/src/verax/core/ga/ga-report-writer.js +8 -2
package/src/verax/core/ga/ga.artifact.js +4 -4
package/src/verax/core/ga/ga.contract.js +10 -8
package/src/verax/core/ga/ga.enforcer.js +7 -1
package/src/verax/core/gates/enforce-gate-outcome.js +178 -0
package/src/verax/core/gates/evaluate-gate-outcome.js +50 -0
package/src/verax/core/gates/format-gate-preview.js +73 -0
package/src/verax/core/gates/load-gate-policy.js +112 -0
package/src/verax/core/guardrails/guardrails-report-writer.js +7 -2
package/src/verax/core/guardrails/policy.defaults.js +3 -0
package/src/verax/core/guardrails/policy.loader.js +4 -1
package/src/verax/core/guardrails/policy.schema.js +3 -0
package/src/verax/core/guardrails/truth-reconciliation.js +3 -0
package/src/verax/core/guardrails-engine/apply-guardrails.js +87 -0
package/src/verax/core/guardrails-engine/evaluate-rule.js +310 -0
package/src/verax/core/guardrails-engine/policy-cache.js +14 -0
package/src/verax/core/guardrails-engine.js +18 -171
package/src/verax/core/incremental-store.js +8 -2
package/src/verax/core/integrity/budget.js +4 -1
package/src/verax/core/integrity/determinism.js +15 -10
package/src/verax/core/integrity/integrity.js +9 -3
package/src/verax/core/integrity/poisoning.js +8 -2
package/src/verax/core/integrity/transaction.js +4 -1
package/src/verax/core/invariants.js +3 -0
package/src/verax/core/network-trace-sanitizer.js +311 -0
package/src/verax/core/observe/run-timeline.js +24 -17
package/src/verax/core/perf/perf.contract.js +3 -0
package/src/verax/core/perf/perf.display.js +3 -0
package/src/verax/core/perf/perf.enforcer.js +3 -0
package/src/verax/core/perf/perf.monitor.js +12 -8
package/src/verax/core/perf/perf.report.js +13 -5
package/src/verax/core/pipeline-tracker.js +14 -14
package/src/verax/core/product-contract.js +440 -0
package/src/verax/core/product-definition.js +5 -1
package/src/verax/core/promise-model.js +3 -0
package/src/verax/core/release/provenance.builder.js +9 -2
package/src/verax/core/release/release-report-writer.js +7 -2
package/src/verax/core/release/release.enforcer.js +13 -6
package/src/verax/core/release/reproducibility.check.js +9 -4
package/src/verax/core/release/sbom.builder.js +18 -7
package/src/verax/core/report/cross-index.js +24 -9
package/src/verax/core/report/human-summary.js +7 -2
package/src/verax/core/route-intelligence/pattern-utils.js +78 -0
package/src/verax/core/route-intelligence.js +47 -77
package/src/verax/core/run-id.js +6 -14
package/src/verax/core/run-manifest.js +11 -5
package/src/verax/core/runtime-stability-contract.js +60 -0
package/src/verax/core/scope-policy.js +282 -0
package/src/verax/core/security/secrets.scan.js +16 -7
package/src/verax/core/security/security-report.js +7 -2
package/src/verax/core/security/security.enforcer.js +10 -4
package/src/verax/core/security/supplychain.policy.js +15 -8
package/src/verax/core/security/vuln.scan.js +15 -4
package/src/verax/core/silence-impact.js +3 -0
package/src/verax/core/silence-model.js +12 -18
package/src/verax/core/truth-classifier.js +354 -0
package/src/verax/core/ui-feedback-intelligence/build-evidence.js +50 -0
package/src/verax/core/ui-feedback-intelligence/correlate-promise.js +90 -0
package/src/verax/core/ui-feedback-intelligence/detect-signals.js +160 -0
package/src/verax/core/ui-feedback-intelligence/score-signals.js +101 -0
package/src/verax/core/ui-feedback-intelligence/types.js +18 -0
package/src/verax/core/ui-feedback-intelligence.js +11 -420
package/src/verax/detect/ci-integration.js +227 -0
package/src/verax/detect/comparison.js +3 -38
package/src/verax/detect/conditional-ui-silent-failure.js +13 -5
package/src/verax/detect/confidence/evidence-signals.js +15 -0
package/src/verax/detect/confidence/expectation-strength.js +38 -0
package/src/verax/detect/confidence/finalize.js +180 -0
package/src/verax/detect/confidence/index.js +236 -0
package/src/verax/detect/confidence/scoring/apply-rules.js +85 -0
package/src/verax/detect/confidence/scoring/flow_silent_failure.js +24 -0
package/src/verax/detect/confidence/scoring/index.js +81 -0
package/src/verax/detect/confidence/scoring/missing_feedback_failure.js +23 -0
package/src/verax/detect/confidence/scoring/missing_network_action.js +25 -0
package/src/verax/detect/confidence/scoring/missing_state_action.js +24 -0
package/src/verax/detect/confidence/scoring/navigation_silent_failure.js +23 -0
package/src/verax/detect/confidence/scoring/network_silent_failure.js +23 -0
package/src/verax/detect/confidence/scoring/no_effect_silent_failure.js +23 -0
package/src/verax/detect/confidence/scoring/observed_break.js +24 -0
package/src/verax/detect/confidence/scoring/partial_navigation_failure.js +23 -0
package/src/verax/detect/confidence/scoring/predicates.js +76 -0
package/src/verax/detect/confidence/scoring/rules-table.js +138 -0
package/src/verax/detect/confidence/scoring/validation_silent_failure.js +23 -0
package/src/verax/detect/confidence/sensor-presence.js +97 -0
package/src/verax/detect/confidence-calibrator.js +370 -0
package/src/verax/detect/confidence-engine.legacy.js +41 -0
package/src/verax/detect/confidence-helper.js +8 -5
package/src/verax/detect/constitution-validator.js +463 -0
package/src/verax/detect/coverage-enforcement.js +175 -0
package/src/verax/detect/coverage-truth.js +218 -0
package/src/verax/detect/deduplication.js +171 -0
package/src/verax/detect/detection-engine.js +5 -1
package/src/verax/detect/determinism-lock.js +253 -0
package/src/verax/detect/dynamic-route-findings.js +54 -141
package/src/verax/detect/evidence-index.js +6 -5
package/src/verax/detect/evidence-law-enforcer.js +378 -0
package/src/verax/detect/evidence-validator.js +3 -29
package/src/verax/detect/execution-judgment-consistency.js +233 -0
package/src/verax/detect/execution-record.js +234 -0
package/src/verax/detect/exit-code-mapper.js +207 -0
package/src/verax/detect/expectation-chain-detector.js +6 -3
package/src/verax/detect/expectation-model.js +4 -1
package/src/verax/detect/explanation-helpers.js +3 -0
package/src/verax/detect/{failure-cause-inference.js → failure-cause-derivation.js} +17 -9
package/src/verax/detect/{problem-aggregator.js → finding-aggregator.js} +13 -5
package/src/verax/detect/finding-contract.js +221 -0
package/src/verax/detect/finding-detector.js +16 -3
package/src/verax/detect/findings-writer.js +140 -99
package/src/verax/detect/flow-detector.js +12 -4
package/src/verax/detect/form-silent-failure.js +8 -0
package/src/verax/detect/index.js +69 -18
package/src/verax/detect/interactive-findings.js +91 -16
package/src/verax/detect/invariants-enforcer.js +118 -22
package/src/verax/detect/invisible-state-failure.js +103 -0
package/src/verax/detect/journey-stall-detector.js +6 -1
package/src/verax/detect/judgment-builder.js +307 -0
package/src/verax/detect/judgment-mapper.js +128 -0
package/src/verax/detect/loading-hang-detector.js +95 -0
package/src/verax/detect/navigation-silent-failure.js +9 -1
package/src/verax/detect/output-normalizer.js +353 -0
package/src/verax/detect/post-auth-findings.js +239 -0
package/src/verax/detect/render-failure.js +107 -0
package/src/verax/detect/route-findings.js +13 -18
package/src/verax/detect/severity-mapper.js +191 -0
package/src/verax/detect/signal-mapper.js +3 -0
package/src/verax/detect/silent-permission-wall.js +122 -0
package/src/verax/detect/skip-classifier.js +4 -1
package/src/verax/detect/summary-writer.js +24 -10
package/src/verax/detect/{test-failure-cause-inference.js → test-failure-cause-derivation.js} +32 -24
package/src/verax/detect/ui-feedback-findings.js +18 -19
package/src/verax/detect/verdict-engine.js +27 -51
package/src/verax/detect/view-switch-correlator.js +3 -0
package/src/verax/evidence-index-writer.js +6 -2
package/src/verax/flow/flow-engine.js +4 -1
package/src/verax/flow/flow-spec.js +3 -0
package/src/verax/flow/redaction.js +3 -0
package/src/verax/gate-engine.js +300 -0
package/src/verax/index.js +11 -14
package/src/verax/intel/effect-detector.js +4 -1
package/src/verax/intel/handler-mapper.js +3 -0
package/src/verax/intel/index.js +5 -2
package/src/verax/intel/route-extractor.js +7 -4
package/src/verax/intel/ts-program.js +5 -2
package/src/verax/learn/action-contract-extractor.js +9 -7
package/src/verax/learn/ast-contract-extractor.js +36 -9
package/src/verax/learn/flow-extractor.js +8 -2
package/src/verax/learn/index.js +37 -16
package/src/verax/learn/manifest-writer.js +25 -7
package/src/verax/learn/project-detector.js +15 -9
package/src/verax/learn/react-router-extractor.js +31 -9
package/src/verax/learn/route-extractor.js +10 -12
package/src/verax/learn/route-validator.js +3 -0
package/src/verax/learn/scan-roots.js +221 -0
package/src/verax/learn/source-instrumenter.js +4 -1
package/src/verax/learn/state-extractor.js +29 -9
package/src/verax/learn/static-extractor-navigation.js +3 -0
package/src/verax/learn/static-extractor-validation.js +3 -0
package/src/verax/learn/static-extractor.js +54 -18
package/src/verax/learn/truth-assessor.js +21 -6
package/src/verax/learn/ts-contract-resolver.js +33 -8
package/src/verax/observe/aria-sensor.js +3 -0
package/src/verax/observe/browser.js +3 -0
package/src/verax/observe/capture-outcome.js +35 -0
package/src/verax/observe/console-sensor.js +8 -1
package/src/verax/observe/coverage-gaps.js +3 -0
package/src/verax/observe/dom-signature.js +3 -0
package/src/verax/observe/domain-boundary.js +3 -0
package/src/verax/observe/evidence-capture.js +153 -2
package/src/verax/observe/expectation-executor.js +44 -10
package/src/verax/observe/expectation-handler.js +16 -22
package/src/verax/observe/flow-matcher.js +3 -0
package/src/verax/observe/focus-sensor.js +3 -0
package/src/verax/observe/human-driver.js +10 -4
package/src/verax/observe/incremental-skip.js +3 -0
package/src/verax/observe/index.js +67 -39
package/src/verax/observe/interaction-discovery.js +3 -0
package/src/verax/observe/interaction-driver.js +769 -0
package/src/verax/observe/interaction-executor.js +6 -1
package/src/verax/observe/interaction-runner-capture.js +130 -0
package/src/verax/observe/interaction-runner-evidence.js +226 -0
package/src/verax/observe/interaction-runner-sensors.js +122 -0
package/src/verax/observe/interaction-runner.js +60 -441
package/src/verax/observe/loading-sensor.js +15 -4
package/src/verax/observe/navigation-sensor.js +14 -5
package/src/verax/observe/network-firewall.js +8 -2
package/src/verax/observe/network-sensor.js +16 -8
package/src/verax/observe/observation-builder.js +5 -1
package/src/verax/observe/observe-context.js +3 -0
package/src/verax/observe/observe-helpers.js +4 -3
package/src/verax/observe/observe-runner.js +11 -26
package/src/verax/observe/observed-expectation-deriver.js +7 -3
package/src/verax/observe/observed-expectation.js +30 -5
package/src/verax/observe/observers/budget-observer.js +11 -13
package/src/verax/observe/observers/console-observer.js +3 -0
package/src/verax/observe/observers/coverage-observer.js +3 -0
package/src/verax/observe/observers/interaction-observer.js +8 -2
package/src/verax/observe/observers/navigation-observer.js +3 -0
package/src/verax/observe/observers/network-observer.js +3 -0
package/src/verax/observe/observers/safety-observer.js +8 -2
package/src/verax/observe/observers/ui-feedback-observer.js +3 -0
package/src/verax/observe/{page-frontier.js → page-reachability-tracker.js} +59 -9
package/src/verax/observe/page-traversal.js +3 -0
package/src/verax/observe/selector-generator.js +3 -0
package/src/verax/observe/{snapshot-ops.js → snapshot-operations.js} +3 -0
package/src/verax/observe/stable-id.js +86 -0
package/src/verax/observe/state-sensor.js +21 -10
package/src/verax/observe/state-ui-sensor.js +3 -0
package/src/verax/observe/timing-sensor.js +18 -7
package/src/verax/observe/traces-writer.js +108 -8
package/src/verax/observe/ui-feedback-detector.js +13 -5
package/src/verax/observe/ui-signal-sensor.js +3 -0
package/src/verax/observe/{settle.js → wait-for-settle.js} +82 -41
package/src/verax/resolve-workspace-root.js +3 -0
package/src/verax/scan-summary-writer.js +21 -13
package/src/verax/shared/artifact-manager.js +24 -15
package/src/verax/shared/budget-profiles.js +3 -0
package/src/verax/shared/caching.js +4 -1
package/src/verax/shared/ci-detection.js +3 -0
package/src/verax/shared/css-spinner-rules.js +3 -0
package/src/verax/shared/{dynamic-route-utils.js → dynamic-route-normalizer.js} +3 -0
package/src/verax/shared/evidence-capture-bridge.js +15 -0
package/src/verax/shared/expectation-coverage.js +3 -0
package/src/verax/shared/expectation-prover.js +3 -0
package/src/verax/shared/expectation-tracker.js +4 -1
package/src/verax/shared/expectation-validation.js +3 -0
package/src/verax/shared/expectations-writer.js +5 -2
package/src/verax/shared/first-run.js +3 -0
package/src/verax/shared/hash-id.js +12 -0
package/src/verax/shared/legacy-confidence-bridge.js +12 -0
package/src/verax/shared/observable-utilities.js +108 -0
package/src/verax/shared/progress-reporter.js +3 -0
package/src/verax/shared/redaction.js +3 -0
package/src/verax/shared/retry-policy.js +17 -22
package/src/verax/shared/scan-budget.js +44 -3
package/src/verax/shared/sensors/normalize-sensor-state.js +46 -0
package/src/verax/shared/timing-metrics.js +9 -3
package/src/verax/shared/url-normalizer.js +3 -0
package/src/verax/shared/view-switch-rules.js +3 -0
package/src/verax/shared/zip-artifacts.js +8 -2
package/src/verax/validate/context-validator.js +3 -0
package/src/verax/vue-extractors/vue/README.md +43 -0
package/src/verax/{intel → vue-extractors/vue}/vue-navigation-extractor.js +18 -7
package/src/verax/{intel → vue-extractors/vue}/vue-router-extractor.js +5 -2
package/src/version.js +63 -0
package/src/cli/commands/baseline.js +0 -103
package/src/cli/commands/default.js +0 -726
package/src/cli/commands/ga.js +0 -246
package/src/cli/commands/gates.js +0 -95
package/src/cli/commands/release-check.js +0 -215
package/src/cli/commands/security-check.js +0 -212
package/src/cli/commands/truth.js +0 -113
package/src/cli/util/dom-diff.js +0 -226
package/src/cli/util/errors.js +0 -44
package/src/cli/util/findings-writer.js +0 -35
package/src/cli/util/interaction-planner.js +0 -529
package/src/cli/util/learn-writer.js +0 -41
package/src/cli/util/observation-engine.js +0 -261
package/src/cli/util/observe-writer.js +0 -27
package/src/cli/util/paths.js +0 -30
package/src/cli/util/run-id.js +0 -26
package/src/cli/util/summary-writer.js +0 -45
package/src/cli/util/vue-navigation-detector.js +0 -178
package/src/cli/util/vue-state-detector.js +0 -215
package/src/verax/core/confidence-engine-refactor.js +0 -489
package/src/verax/core/replay-validator.js +0 -352
package/src/verax/core/replay.js +0 -226
package/src/verax/detect/confidence-engine.js +0 -961
package/src/verax/shared/root-artifacts.js +0 -49

package/README.md CHANGED Viewed

@@ -1,276 +1,305 @@
-# 🛡️ VERAX
+# VERAX v0.4.5
-A forensic observation engine for real user outcomes
+Catch buttons and forms that do nothing.
+No AI. No guessing. Just evidence.
-VERAX observes and reports gaps between what your code explicitly promises and what users can actually observe.
+Silent failure detection for public user flows (pre-authentication only)
-Silent user failures don’t crash your site.
-They don’t throw errors.
-They simply lose users quietly.
+The Problem
-VERAX exists to surface those gaps — with evidence, not guesses.
+Silent user failures don’t crash your app.
+They quietly make users leave.
-🤔 What is VERAX?
+Common examples:
-A silent user failure happens when your code clearly implies that something should happen —
-but from the user’s point of view, nothing meaningful does.
+A button looks clickable but does nothing
-Concrete examples:
+A form submits with no confirmation
-A button click that should navigate… but doesn’t.
+A link is clicked but navigation never happens
-A form submission that triggers an API call… but shows no feedback.
+Validation triggers, but feedback isn’t shown
-A state update that runs in code… but never reaches the UI.
+Your logs are clean.
+Your tests pass.
+Monitoring shows nothing.
-These issues are frustrating for users and notoriously hard for teams to notice.
+From the user’s perspective, the promise was broken.
-VERAX reads your source code to understand what is promised, then opens your site in a real browser and experiences it like a user.
-When expectations and reality don’t align, VERAX reports the gap clearly and honestly.
+VERAX exists to reveal these gaps — with evidence.
-VERAX does not guess intent.
-It only reports observations backed by explicit code promises.
+How VERAX Works
-🧠 Clarification: “Silent failure”
+VERAX compares what your code promises with what users actually experience.
-In VERAX, a silent failure is not a judgment about correctness.
+Learn Promises
+Parse source code to extract user-visible promises:
+navigation, forms, and feedback signals.
-It means:
+Observe Behavior
+Execute real interactions in a real browser
+(clicks, submits, typing).
-For a promised interaction (for example, a click expected to navigate or save),
-no observable, user-visible effect could be verified
-(no URL change, no network request, no feedback).
+Detect Gaps
+Compare promised outcomes vs observed results.
-This does not mean your code is wrong.
-It means the observation produced no verifiable effect for the promise being evaluated.
+Report Findings
+Produce evidence-backed findings:
+screenshots, DOM diffs, traces.
-✅ What VERAX does (today)
+Result: You see exactly where users get stuck — with reproducible proof.
-🔍 Observes and reports gaps between code promises and user-visible outcomes
-(by comparing code-derived expectations with real browser behavior)
+2-Minute Quick Start
+Option 1: Try the built-in demo
+git clone https://github.com/odavlstudio/verax.git
+cd verax
+npm install
-🧠 Extracts expectations from source code using static analysis:
+npm run demo         # Terminal 1: demo at http://127.0.0.1:4000
+npm run verax:demo   # Terminal 2: run VERAX against demo
-Navigation from HTML links, React Router, Vue Router, and Next.js routes
+Artifacts are written to:
-Network actions from fetch / axios calls with static URLs
+.verax/runs/<runId>/
-State mutations from React useState, Redux, Vuex, Pinia, Zustand set operations
+Option 2: Run on your own site
+npm install -g @veraxhq/verax
+verax run --url https://your-site.test --src /path/to/repo
-🖱️ Observes websites like a real user using Playwright
-(clicks, forms, navigation, scrolling)
+Important: LIMITED mode
-📊 Assigns confidence levels (HIGH / MEDIUM / LOW) based on evidence strength and coverage
+VERAX needs source code to extract promises.
-🧾 Provides concrete evidence for every reported discrepancy:
+If source code is not detected:
-Screenshots
+VERAX runs in LIMITED mode
-Network activity
+Result is always INCOMPLETE (exit code 30)
-Console logs
+This prevents false “green” CI signals
-DOM and state changes
+verax run --url https://your-site.test --src ./   # Full detection
+verax run --url https://your-site.test           # LIMITED mode only
-💻 Runs as a CLI tool via `verax run` (and inspects results with `verax inspect`)
+Inspect results
+verax inspect .verax/runs/<runId>
-🧱 Supports real-world projects:
+Key artifacts:
-**Fully verified (production-ready):**
-- Static HTML sites
-- React SPAs (with react-router-dom)
+verax-summary.md — Human-readable summary
-**Supported (learn-only / partial observation):**
-- Next.js (App Router & Pages Router)
-- Vue.js (with Vue Router)
-- Angular
-- SvelteKit
+summary.json — Verdict, coverage, counts
-🔐 Protects privacy by automatically redacting secrets and sensitive data
+findings.json — Evidence-backed findings
-🚫 What VERAX does NOT do
+evidence/ — Screenshots, DOM diffs, traces
-❌ Does not guess intent — no heuristics, no assumptions
+Understanding Results
+✅ SUCCESS (exit code 0)
-❌ Does not support dynamic routes (e.g. /user/${id} is intentionally skipped)
+All observable public flows were tested.
+No silent failures were detected within scope.
-❌ Does not replace QA or tests — it complements them
+Does NOT mean:
-❌ Does not monitor production traffic
+The app is bug-free
-❌ Does not work for every framework
+All edge cases are covered
-❌ Does not detect every bug — only gaps backed by explicit code promises
+Means:
-❌ Does not use AI — all results are deterministic and explainable
+No silent failures were observed
-🔄 How VERAX works (high-level)
+Evidence guarantees were satisfied
-VERAX runs three phases automatically:
+RESULT SUCCESS
+REASON Scanned 12 interactions; 12 completed; 0 silent failures
+ACTION Continue with other testing
-1) **Learn**
-Analyze source code to derive explicit, proven expectations
-(routes, static network actions, state changes).
+🔍 FINDINGS (exit code 20)
-2) **Observe**
-Open the site in a real browser and execute user interactions safely,
-recording what actually happens.
+One or more silent failures were confirmed with evidence.
-3) **Detect**
-Compare code-derived expectations with observed outcomes and report:
-- Discrepancies
-- Coverage gaps
-- Unknowns
-- Safety blocks
+Each finding includes:
-All with evidence.
+The promised behavior (from code)
-📦 Installation
+What actually happened (from browser)
-Requirements: Node.js 18+
+Before/after screenshots
-From npm:
+DOM and network evidence
-npm install -g @veraxhq/verax
+RESULT FINDINGS
+REASON 1 silent failure: “Sign up” button does nothing
+ACTION Fix the issue and re-run VERAX
-From source:
+⚠️ INCOMPLETE (exit code 30)
-git clone <repository-url>
-cd verax
-npm install
-npm link
+The run could not be trusted.
-## Commands
+Common reasons:
-VERAX provides these CLI commands:
+Source code not detected (LIMITED mode)
-- `verax` — Interactive mode (detects URL or prompts for it)
-- `verax run --url <url> [--src <path>] [--out <path>]` — Non-interactive CI mode (strict, explicit)
-- `verax inspect <runPath>` — Inspect results from a previous run
-- `verax doctor [--json]` — Verify environment (Node, Playwright, Chromium binary)
-- `verax --version` — Show CLI version
-- `verax --help` — Show help text
+Coverage below threshold
-## Examples
+Observation timeout
-Run a non-interactive scan (ideal for CI):
+Authenticated flows (out of scope)
-```bash
-verax run --url http://localhost:3000 --src . --out .verax
-```
+INCOMPLETE is not safe. Do not ignore it.
-Run interactive mode (default auto-detection):
+RESULT INCOMPLETE
+REASON Source code not detected (limited runtime-only mode)
+ACTION Provide --src <path>
-```bash
-verax
-```
+🚫 USAGE_ERROR (exit code 64)
-Check environment readiness:
+Invalid CLI usage:
-```bash
-verax doctor --json
-```
+Missing --url
-Inspect a previous run:
+Unknown flags
-```bash
-verax inspect .verax/runs/2026-01-11T12-34-56Z_abc123
-```
+Invalid --min-coverage
-📁 Output (CI-friendly)
+🔴 INVARIANT_VIOLATION (exit code 50)
-Run a scan:
+Internal error or artifact corruption
+(always investigate).
-```bash
-verax run --url http://localhost:3000 --src . --out .verax
-```
+Detection Scope
+✅ What VERAX Detects (Guaranteed)
-Artifacts are written to:
+Navigation
+Link clicks → route / URL changes
+Forms
+Submissions with user-visible feedback
+Validation messages
+Feedback signals
+aria-live
-`.verax/runs/<runId>/`
+role="alert" / role="status"
-Including:
+Stable text nodes
-- `summary.json` — overall observation summary with digest counts
-- `findings.json` — reported discrepancies with evidence
-- `learn.json` — code-derived expectations
-- `observe.json` — browser observations and outcomes
-- `evidence/` — screenshots and logs
+Attributes: disabled, aria-invalid, data-loading
-🚦 Exit codes (tool-only semantics)
+Observable outcomes
-Exit codes reflect tool execution status only.
-They do not represent site quality or correctness and must not be used as a pass/fail gate without explicit user logic.
+DOM changes
-0 — VERAX executed successfully (regardless of findings, gaps, or confidence)
+Network activity correlated to actions
-2 — Tool crashed or failed internally
+Navigation events
-64 — Invalid CLI usage (missing args, invalid flags)
+❌ Out of Scope (By Design)
-65 — Invalid input data (e.g. malformed JSON, unreadable manifest)
+Visual-only changes (spinners, colors, animations)
+→ Use visual regression tools
-📊 Reading results (observer-first)
+Ambiguous ARIA attributes (aria-expanded, etc.)
-Each reported discrepancy includes:
+Transient flashes < 100ms
-Promise context: navigation, network action, state change, feedback
+Authenticated flows
-Outcome classification: silent failure, coverage gap, unproven interaction, safety block, informational
+Backend-dependent dynamic routes
-Evidence: screenshots, network artifacts, console logs, trace references
+CLI Reference
+verax run
+verax run --url <url> [options]
-Confidence: coverage ratio and silence impact
+Options
-Confidence (observer truth)
+--url <url> (required)
-Confidence reflects the quality and completeness of observation,
-not the quality or correctness of the site.
+--src <path> — Source directory
-HIGH (≥80) — strong evidence and coverage; observations are reliable
+--out <path> — Output directory (default: .verax)
-MEDIUM (60–79) — likely discrepancy with some ambiguity
+--min-coverage <0.0-1.0> — Default: 0.50 first run, 0.90 after
-LOW (<60) — weak or partial evidence; interpret cautiously
+--force-post-auth — EXPERIMENTAL (always INCOMPLETE)
-🧭 When VERAX is a good fit
+--timeout <ms>
-SaaS signup and pricing flows
+--json
-React and Next.js projects
+--debug
-CI pipelines that need UX reality checks
+verax inspect
+verax inspect <runPath>
-Teams that value evidence over assumptions
+verax doctor
+verax doctor [--json]
+Checks Node.js, Playwright, and write permissions.
+Guarantees & Limitations
+Guarantees
+Read-only
+Deterministic
+Evidence-backed
+Conservative (uncertainty → INCOMPLETE)
+Limitations
+Pre-auth only
+Public flows only
+Not a test framework
+Not runtime monitoring
+CI/CD Usage
+verax run --url https://staging.example.com --src ./
+case $? in
+  0)  echo "✓ No silent failures"; exit 0 ;;
+  20) echo "✗ Silent failures detected"; exit 1 ;;
+  30) echo "⚠️ Incomplete coverage"; exit 1 ;;
+  *)  echo "✗ VERAX error"; exit 1 ;;
+esac
+Installation
+npm install -g @veraxhq/verax
-🚫 When VERAX is NOT a good fit
+Requirements
-Internal admin dashboards
+Node.js 18+
-Authentication-heavy systems
+Playwright (auto-installed)
-Apps built around highly dynamic routing
+Supported Frameworks
-Unsupported frameworks
+Full
-Teams expecting a full QA replacement
+React
-🧪 Project status
+Next.js
-VERAX is a production-grade CLI tool in active development.
-It is designed for early adopters and technical teams.
+Static HTML
-VERAX is not a SaaS product.
-It runs locally or in CI. There is no hosted service.
+Partial
-⚠ Important
+Vue 3
-VERAX does not certify correctness.
-Zero findings do not mean a site is safe.
+Angular
-VERAX exists to prevent false certainty, not to grant confidence.
-Use the Decision Snapshot and evidence to make a human judgment.
+SvelteKit
-📄 License
+License
-MIT
+MIT © VERAX

package/bin/verax.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 /**
  * VERAX CLI Shim
@@ -9,3 +9,7 @@ import('../src/cli/entry.js').catch((error) => {
   console.error(`Failed to load CLI: ${error.message}`);
   process.exit(2);
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@veraxhq/verax",
-  "version": "0.4.0",
+  "version": "0.4.5",
   "description": "Public Flow Sanity Guard — Trust-Locked, Deterministic, CI-Safe.",
   "keywords": [
     "public-flows",
@@ -15,11 +15,11 @@
   "license": "MIT",
   "type": "module",
   "bin": {
-    "verax": "bin/verax.js"
+    "verax": "./bin/verax.js"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/odavlstudio/verax.git"
+    "url": "https://github.com/odavlstudio/verax.git"
   },
   "bugs": {
     "url": "https://github.com/odavlstudio/verax/issues"
@@ -33,10 +33,17 @@
   ],
   "scripts": {
     "test": "node test/infrastructure/test-runner-wrapper.js",
+    "test:integration": "cross-env VERAX_TEST_INTEGRATION=1 node test/infrastructure/test-runner-wrapper.js",
+    "test:all": "npm test && npm run test:integration",
     "test:pack": "node test/infrastructure/test-pack.js",
     "verify-release": "node scripts/verify-release.js",
+    "prepublishOnly": "node scripts/prepublish-check.js",
     "lint": "eslint . --max-warnings 0",
-    "typecheck": "tsc -p tsconfig.json --noEmit"
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "clean": "node -e \"const fs = require('fs'); const path = require('path'); const dirs = ['.verax', 'tmp'].map(d => path.join(__dirname, d)); dirs.forEach(dir => { if (fs.existsSync(dir)) { fs.rmSync(dir, { recursive: true, force: true }); console.log('Cleaned:', dir); } });\"",
+    "demo": "cross-env VERAX_FIXTURE_DIR=./demos/hello-verax VERAX_FIXTURE_PORT=4000 node scripts/fixture-server.js",
+    "verax:demo": "cross-env VERAX_FIXTURE_DIR=./demos/hello-verax VERAX_FIXTURE_PORT=4000 node bin/verax.js run --url http://127.0.0.1:4000 --src demos/hello-verax --out .verax/demo --min-coverage 0.6",
+    "postpack": "node -e \"if (process.env.VERAX_SKIP_POSTPACK_CLEANUP !== '1') { const fs = require('fs'); const glob = require('glob'); glob.sync('*.tgz').forEach(f => { fs.unlinkSync(f); console.log('Auto-removed pack artifact:', f); }); } else { console.log('Postpack cleanup skipped (test mode)'); }\""
   },
   "dependencies": {
     "@babel/parser": "^7.28.5",
@@ -45,7 +52,8 @@
     "inquirer": "^9.2.15",
     "node-html-parser": "^7.0.1",
     "playwright": "^1.40.0",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.3",
+    "yaml": "^2.8.2"
   },
   "optionalDependencies": {
     "pngjs": "^7.0.0"
@@ -56,6 +64,7 @@
   "devDependencies": {
     "@reduxjs/toolkit": "^2.11.2",
     "@types/node": "^18.0.0",
+    "cross-env": "^7.0.3",
     "eslint": "^8.57.0",
     "next": "^16.1.1",
     "react": "^19.2.3",