@jrpool/kilotest 24.0.4

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Jonathan Pool
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,44 @@
+# Kilotest
+
+An ensemble testing service with a focus on accessibility
+
+## Features
+
+This application uses an ensemble of 10 tools to test public web pages for standards conformity, usability, and accessibility.
+
+The testing paradigm employed by Kilotest is discussed in these papers:
+
+- [How to run a thousand accessibility tests](https://medium.com/cvs-health-tech-blog/how-to-run-a-thousand-accessibility-tests-63692ad120c3)
+- [Testaro: Efficient Ensemble Testing for Web Accessibility](https://arxiv.org/abs/2309.10167)
+- [Accessibility Metatesting: Comparing Nine Testing Tools](https://arxiv.org/abs/2304.07591)
+
+Kilotest acts as a server with human users (such as you) and with one or more testing agents that obtain jobs from Kilotest and do the actual testing. Those agents are instances of the [Testaro](https://www.npmjs.com/package/testaro) package.
+
+An active production instance of Kilotest may require multiple testing agents to handle the load, because testing one web page typically takes about 3 minutes and agents test only one page at a time.
+
+## Getting started locally with 1 testing agent
+
+### Installation
+
+In the steps below, hosts `T` and `K` may be the same host or two different hosts. Host `T` can be a Debian stable, Ubuntu LTS, Windows, or macOS host. Host `K` can be any server host that can run the latest LTS version of Node.js. If hosts `T` and `K` differ, then they must be open to `https` traffic and host `K` must permit `https` requests from host `T`.
+
+1. Clone the [Testaro project](https://github.com/jrpool/testaro) into a new directory on host `T`.
+1. In that directory, install the Testaro dependencies: `npm install`.
+1. Update the Testaro dependencies and rebuild: `npm run deps`.
+1. Clone the Kilotest repository into a new directory on host `K`.
+1. In that directory, install the Kilotest dependencies: `npm install`.
+1. Copy the `env.testaro` file from the `kilotest` directory to `.env` in the `testaro` directory and replace the `__placeholder__` values in `.env` with actual values.
+1. Copy the `env.example` file in the `kilotest` directory to a new `.env` file in the same directory and replace the `__placeholder__` values in `.env` with actual values.
+
+### Usage
+
+1. In the `testaro` directory, make Testaro start listening for jobs: `node call netWatch true nn true`, where `nn` is the number of seconds to wait between checks for new jobs.
+1. In the `kilotest` directory, start the Kilotest service: `node index`.
+
+### Contributing
+
+Contributions are welcome! You can use GitHub issues to initiate discussions and propose changes. If you want to contribute code, please fork the repository and create a pull request.
+
+## Making Kilotest a service
+
+See the `SERVICE.md` file for instructions on how to make Kilotest a service.

package/SERVICE.md

@@ -0,0 +1,268 @@
+# Service
+
+This document describes one deployment of Kilotest as a web service.
+
+## Host
+
+The host of the service is a [Vultr](https://www.vultr.com) Cloud Compute High Frequency virtual machine named `jpdev` with the IPV4 address 149.28.208.106. The host has 1 vCPU, 2GB of RAM, and 64GB NVMe of storage.
+
+The server operating system is Ubuntu LTS 22.04.
+
+The server has a `sudo`-capable non-root user named `linuxuser`, which is the owner of the project directory and files.
+
+Connection to the host is made with `ssh linuxuser@kilotest.com`. Periodically the server requires password authentication in addition to public key authentication. The password is available in the server details on the Vultr web console, after the administrator logs in via GitHub.
+
+## Applications
+
+Kilotest is installed at `/opt/jpdev/kilotest` on the server.
+
+Any other application `xyz` can be installed at `/opt/jpdev/xyz` on the server.
+
+## Process management
+
+Kilotest is managed with [PM2](https://pm2.keymetrics.io) on the server (not on the local development host). The PM2 configuration is specified in the repository as `pm2.config.js`:
+
+```javascript
+module.exports = {
+  apps: [
+    {
+      name: 'kilotest',
+      script: 'index.js',
+      instances: 1,
+      autorestart: true,
+      watch: false,
+      max_memory_restart: '500M',
+      env: {
+        NODE_ENV: 'production',
+        BASE_PATH: '/',
+        DEMO_SSE_DELAY_MS: '100'
+      }
+    }
+  ]
+};
+```
+
+When the PM2 configuration or environment is changed, restart PM2 with:
+
+```text
+pm2 restart kilotest --time --update-env
+pm2 save
+```
+
+The server configuration has been tuned for improved performance. The file edited for this purpose is `/etc/default/zramswap`:
+
+```properties
+# Compression algorithm selection
+# speed: lz4 > zstd > lzo
+# compression: zstd > lzo > lz4
+# This is not inclusive of all that is available in latest kernels
+# See /sys/block/zram0/comp_algorithm (when zram module is loaded) to see
+# what is currently set and available for your kernel[1]
+# [1]  https://github.com/torvalds/linux/blob/master/Documentation/blockdev/zram.txt#L86
+ALGO=zstd
+
+# Specifies the amount of RAM that should be used for zram
+# based on a percentage the total amount of available memory
+# This takes precedence and overrides SIZE below
+PERCENT=75
+
+# Specifies a static amount of RAM that should be used for
+# the ZRAM devices, this is in MiB
+#SIZE=256
+
+# Specifies the priority for the swap devices. See swapon(2)
+# for more details. Higher number = higher priority
+# This should probably be higher than hdd/ssd swaps.
+#PRIORITY=100
+```
+
+This enables `zram` and decreases the amount of disk swapping.
+
+## Keepalive
+
+The SSH configuration on the local client is customized so that connections will be kept alive longer than the default. This customization is performed in the `~/.ssh/config` file:
+
+```ssh-config
+Host kilotest.com 149.28.208.106
+  HostName 149.28.208.106
+  User linuxuser
+  IdentityFile ~/.ssh/id_ed25519
+  IdentitiesOnly yes
+  ServerAliveInterval 60
+  ServerAliveCountMax 3
+  TCPKeepAlive yes
+```
+
+The corresponding server file `/etc/ssh/sshd_config` needs no customization.
+
+## Internet domain
+
+The domain name `kilotest.com` is registered with [Porkbun](https://porkbun.com) for use by this application.
+
+## DNS Configuration
+
+### kilotest.com
+
+The DNS records for `kilotest.com` are configured as follows. In each case, `TTL` is set to 3600 (1 hour). (The Porkbun interface uses `kilotest.com` as a name where some others use `@`.)
+
+1. **A**
+   - **Host**: kilotest.com
+   - **Answer**: 149.28.208.106
+
+2. **AAAA** (if IPv6 is used)
+   - **Host**: @
+   - **Answer**: IPv6 address
+
+3. **CNAME**
+   - **Host**: www
+   - **Answer**: kilotest.com
+
+4. **MX** (for email forwarding)
+   - **Host**: kilotest.com
+   - **Answer**: fwd1.porkbun.com or fwd2.porkbun.com
+   - **Priority**: 10 or 20, respectively
+
+5. **TXT** (domain validation)
+   - **Host**: _acme-challenge.kilotest.com
+   - **Answers**: validation tokens provided by Porkbun ACME client
+
+The DNS configuration as CSV:
+
+```csv
+DOMAIN,HOST,TYPE,ANSWER,TTL,PRIO
+kilotest.com,kilotest.com,A,149.28.208.106,3600,0
+kilotest.com,www.kilotest.com,CNAME,kilotest.com,3600,0
+kilotest.com,kilotest.com,MX,fwd1.porkbun.com,3600,10
+kilotest.com,kilotest.com,MX,fwd2.porkbun.com,3600,20
+kilotest.com,kilotest.com,TXT,"v=spf1 include:_spf.porkbun.com ~all",3600,0
+kilotest.com,_acme-challenge.kilotest.com,TXT,GIzAHOFW416fHp7cuTkg4gvJDsyuPZvsPlSsnyViFLQ,3600,0
+kilotest.com,_acme-challenge.kilotest.com,TXT,qQdIIiUSC76PvYuku-AxPsRPY-fJV7T7i3b8fimlFjU,3600,0
+```
+
+### Kilotest service
+
+Reliance on the default Vultr DNS resolvers has caused erratic failures. Therefore, the service has been configured to use specific DNS resolvers.
+
+These commands disabled `cloud-init` network management:
+
+```bash
+sudo mkdir -p /etc/cloud/cloud.cfg.d
+printf "network: {config: disabled}\n" | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+```
+
+The following `/etc/netplan/01-dns.yaml` file with `root` as owner and group was created and given permissions 600. It custom-configures network management and specifies the DNS resolvers of APNIC Research and Development and Google LLC.
+
+```yaml
+network:
+  version: 2
+  ethernets:
+    enp1s0:
+      dhcp4: true
+      dhcp6: true
+      nameservers:
+        addresses:
+          - 1.1.1.1
+          - 8.8.8.8
+          - 2606:4700:4700::1111
+          - 2001:4860:4860::8888
+```
+
+These commands applied and verified the configuration:
+
+```bash
+sudo netplan generate
+sudo netplan apply
+resolvectl status
+dig +short A example.com
+curl -sv https://example.com/ -o /dev/null
+```
+
+## Request management
+
+Requests to `https://kilotest.com` are received on port 443 and processed by [Caddy](https://caddyserver.com/), which forwards them via HTTP to the application at `localhost:3000`. Caddy manages, provisions, and renews a TLS certificate via Let’s Encrypt. Any request to `http://kilotest.com` is received on port 80, and Caddy redirects it to an `https` request. Caddy forwards `https` requests to the [local server](http://localhost:3000), where it is processed by the Kilotest service.
+
+The Caddy configuration is maintained and tracked in `/etc/caddy/Caddyfile`:
+
+```javascript
+kilotest.com {
+  # Enable Zstandard and Gzip compression of responses.
+  encode zstd gzip
+  # Reverse proxy all requests to localhost:3000.
+  reverse_proxy localhost:3000 {
+    # Improve SSE latency.
+    flush_interval -1
+  }
+}
+```
+
+This configuration prevents granular reporting by Testaro agents from being buffered, so the updates reach the browser without delay.
+
+## Version management
+
+When a new version of the `kilotest` package has been published, the service can be updated as follows:
+
+1. Connect to the server: `ssh linuxuser@kilotest.com`
+1. Navigate to the package root: `cd /opt/jpdev/kilotest`
+1. Discard any locally altered lockfile: `git stash`
+1. Delete the record of that discard: `git stash drop`
+1. Fetch and merge the new version: `git pull`
+1. Update the dependencies: `npm update`
+1. Update the Playwright browsers: `npx playwright install`
+1. Restart the service: `pm2 restart kilotest`
+
+## Performance
+
+The Cloud Compute host, in initial testing, took about 2.5 as long to process an example job as an Apple M2 Pro MacBook Pro with 16GB of memory. After tuning, the ratio was reduced to about 1.7.
+
+The performances of several alternative host architectures were evaluated, and it was decided to migrate the initial host to a High Frequency compute instance. Any subsequent migration is straightforward if the destination root volume is at least as large as the originating one (64GB). The process is:
+
+- Create a snapshot of `jpdev`.
+- Deploy the new host using the snapshot.
+
+To evaluate a new host before deciding to keep it, do this after deploying it:
+
+1. Connect to it via SSH (`ssh linuxuser@<IP address>`).
+1. Add a firewall rule permitting `http` connections to port 3000 (`sudo ufw allow 3000/tcp`).
+1. Navigate with a browser to `http://<IP address>:3000/`.
+1. Request the sample job.
+1. Observe the elapsed time reported in the result basics.
+
+Experimentation revealed that a high-frequency instance could decrease the elapsed-time ratio (compared with the MacBook Pro) to 1.3 to 1.5, and a dedicated instance could decrease it further to about 1.2. Swapping was found eliminated with 4GB of RAM, but that elimination had no significant impact on elapsed time.
+
+## Security
+
+### Possible future Testaro integration
+
+Kilotest uses Testaro to run jobs. In previous versions of Kilotest, Testaro was a dependency. It is currently not a dependenc. Instead, Testaro instances are installed on one or more other hosts, and each instance polls Kilotest to ask for jobs to run.
+
+In case Testaro again becomes a dependency of Kilotest, the notes below on security issues will be useful.
+
+### Browser privileges
+
+Testaro uses Playwright to launch and control headless browsers, often `chromium`. Those browsers navigate to web pages that are tested by the tools that Testaro integrates. The `qualWeb` tool launches its own browser via Puppeteer as a dependency to perform its tests.
+
+When either Playwright or Puppeteer launches a `chromium` browser, in most environments it is [sandboxed](https://www.geeksforgeeks.org/ethical-hacking/what-is-browser-sandboxing/). Sandboxing is a security feature that prevents the browser from accessing potentially unsafe system resources. But in the Ubuntu Linux operating system that was installed on the Vultr Cloud Compute host a sandboxed browser requires an [unprivileged user namespace](https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces), and when Ubuntu was installed its configuration disallowed such namespaces. The file `/etc/sysctl.d/99-kilotest-userns.conf` with the content `kernel.apparmor_restrict_unprivileged_userns = 1` prohibited unprivileged user namespaces and thereby made sandboxed browsers unlaunchable.
+
+### Potential modification
+
+One modification to cope with this prohibition on the Vultr Cloud Compute host would be to configure Playwright and Puppeteer to launch `chromium` non-sandboxed. In both cases, launch arguments `'--no-sandbox'` and `'--disable-setuid-sandbox'` are available to specify this.
+
+- For Playwright, `'--no-sandbox'` and `'--disable-setuid-sandbox'` would be added to the arguments of `browserOptionArgs.push` in the Testaro `run.js` file.
+- For the `qualWeb` tool, this would be done in the Testaro `tests/qualweb.js` file, where the `qualWeb.start` method is called with an options argument. Its `args` array property would include `'--no-sandbox'` and `'--disable-setuid-sandbox'`.
+- The `ibm` tool, too, could launch a Puppeteer `chromium` browser, if page content instead of a Playwright page were passed to the `accessibilityChecker.getCompliance` method, or if the implementation of the tool were changed in the future. For anticipation of such a case, the Testaro `aceconfig.js` file, of which a copy has been created at the root of the Kilotest project, would be modified. That file defines a `module.exports` object with a `puppeteerArgs` property, and, `--no-sandbox` and `--disable-setuid-sandbox` would be added to its array value.
+
+### Current modification
+
+However, non-sandboxed browsers are less secure than sandboxed ones, particularly when there is no restriction on who can use the service and what web pages they can test with it. Such restrictions are currently in place, but still permit testing of arbitrary web pages and may be relaxed in the future. Therefore, the potential modification described above would introduce nontrivial risk. An alternative solution was adopted instead. In it, the `chromium` configuration was left unchanged.
+
+This solution required configuring the operating system of the Vultr Cloud Compute host to permit a sandboxed browser to be launched. This reconfiguration was performed with:
+
+```bash
+sudo sysctl -w kernel.unprivileged_userns_clone=1
+sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+sudo tee /etc/sysctl.d/99-kilotest-userns.conf >/dev/null <<'EOF'
+kernel.unprivileged_userns_clone = 1
+kernel.apparmor_restrict_unprivileged_userns = 0
+EOF
+sudo sysctl --system
+```

package/aceconfig.js

@@ -0,0 +1,28 @@
+/*
+  © 2021–2025 CVS Health and/or one of its affiliates. All rights reserved.
+  © 2025 Jonathan Robert Pool.
+
+  Licensed under the MIT License. See LICENSE file at the project root or
+  https://opensource.org/license/mit/ for details.
+
+  SPDX-License-Identifier: MIT
+*/
+
+/*
+  aceconfig
+  Configuration for the ibm tool.
+*/
+
+const os = require('os');
+
+const tmpDir = os.tmpdir();
+
+module.exports = {
+  reportLevels: [
+    'violation',
+    'recommendation'
+  ],
+  cacheFolder: tmpDir,
+  outputFolder: tmpDir,
+  puppeteerArgs: ['--no-sandbox', '--disable-setuid-sandbox']
+};

package/ai0BalanceForm/index.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="publisher" content="Jonathan Robert Pool">
+    <meta name="creator" content="Jonathan Robert Pool">
+    <meta name="keywords" content="report,accessibility,a11y">
+    <title>Record AI service 0 balance | Kilotest</title>
+    <link rel="icon" href="/favicon.ico">
+    <link rel="stylesheet" href="/style.css">
+  </head>
+  <body>
+    <main>
+      <h1><a href="/">Kilotest</a>: Record AI service 0 balance</h1>
+      <p>__oldBalance__ recorded AI service 0 balance.</p>
+      <p>The current AI service 0 balance is available on the <a href="https://platform.claude.com/settings/billing">Claude Platform Billing page</a>.</p>
+      <form action="/ai0BalanceForm.html">
+        <p><label>
+          Balance (in $):
+          <input type="number" size="5" min="0" max="99.99" step="0.01" name="newBalance" required>
+        </label></p>
+        <p><label>
+          Authorization code: <input size="3" minLength="3" maxlength="3" name="authCode" required>
+        </label></p>
+        <p><button type="submit">Submit</button></p>
+      </form>
+    </main>
+  </body>
+</html>

package/ai0BalanceForm/index.js

@@ -0,0 +1,79 @@
+/*
+  index.js
+  Serves a form for deleting superseded reports.
+*/
+
+// IMPORTS
+
+const fs = require('fs/promises');
+const path = require('path');
+const {getJSON} = require('../util');
+
+// CONSTANTS
+
+const balancePath = path.join(__dirname, '../ai0Balance.json');
+
+// FUNCTIONS
+
+// Returns a form for recording the AI service 0 balance.
+exports.answer = async (_, search) => {
+  const searchParams = new URLSearchParams(search);
+  const authCode = searchParams?.get('authCode');
+  const newBalanceString = searchParams?.get('newBalance');
+  let oldBalance;
+  // If the form displayed itself:
+  if (newBalanceString) {
+    // If the authorization code is valid:
+    if (authCode === process.env.AUTH_CODE) {
+      const newBalance = Number.parseFloat(newBalanceString);
+      // If the new balance is valid:
+      if (
+        typeof newBalance === 'number'
+        && newBalance >= 0
+        && newBalance < 100
+        && Number.isInteger(100 * newBalance)
+      ) {
+        const balanceData = {
+          balance: newBalance
+        }
+        // Record it.
+        await fs.writeFile(balancePath, getJSON(balanceData));
+        // Make it the old balance.
+        oldBalance = `$${balanceData.balance} is the`;
+      }
+    }
+    // Otherwise, i.e. if the authorization code is invalid:
+    else {
+      // Report the error.
+      return {
+        status: 'error',
+        error: 'Invalid authorization code'
+      }
+    }
+  }
+  // Otherwise, i.e. if the form has not been displayed by itself:
+  else {
+    // Get the current balance from the balance file.
+    try {
+      const balanceDataJSON = await fs.readFile(balancePath, 'utf8');
+      const balanceData = JSON.parse(balanceDataJSON);
+      oldBalance = `$${balanceData.balance} is the`;
+    }
+    // If the balance file does not exist or is invalid:
+    catch (error) {
+      oldBalance = 'There is no';
+    }
+  }
+  const query = {oldBalance};
+  // Get the order form template.
+  let answerPage = await fs.readFile(path.join(__dirname, 'index.html'), 'utf8');
+  // Replace its placeholders.
+  Object.keys(query).forEach(param => {
+    answerPage = answerPage.replace(new RegExp(`__${param}__`, 'g'), query[param]);
+  });
+  // Return the populated page.
+  return {
+    status: 'ok',
+    answerPage
+  };
+};

package/alerts.js

@@ -0,0 +1,73 @@
+/*
+  alerts.js
+  Sends alert emails to a Kilotest manager when required.
+*/
+
+// IMPORTS
+
+const https = require('https');
+
+// CONSTANTS
+
+// Alert configuration.
+const MANAGER_EMAIL = process.env.MANAGER_EMAIL;
+const ALERT_API_HOST = process.env.ALERT_API_HOST;
+const ALERT_API_PATH = process.env.ALERT_API_PATH;
+const ALERT_API_KEY = process.env.ALERT_API_KEY;
+const ALERT_FROM = process.env.ALERT_FROM;
+
+// FUNCTIONS
+
+// Sends an email alert to a manager.
+exports.sendAlert = (subject, body) => new Promise((resolve, reject) => {
+  // If the alert configuration is complete:
+  if (MANAGER_EMAIL && ALERT_API_HOST && ALERT_API_PATH && ALERT_API_KEY && ALERT_FROM) {
+    const payload = JSON.stringify({
+      from: ALERT_FROM,
+      to: [MANAGER_EMAIL],
+      subject,
+      text: body
+    });
+    const req = https.request({
+      hostname: ALERT_API_HOST,
+      path: ALERT_API_PATH,
+      method: 'POST',
+      headers: {
+        'authorization': `Bearer ${ALERT_API_KEY}`,
+        'content-type': 'application/json',
+        'content-length': Buffer.byteLength(payload)
+      }
+    }, res => {
+      let data = '';
+      res.on('data', chunk => { data += chunk; });
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          console.log(`Alert sent (${subject})`);
+        }
+        else {
+          console.log(`ERROR: Alert API responded ${res.statusCode}: ${data}`);
+        }
+        resolve();
+      });
+    });
+    req.on('error', error => {
+      console.log(`ERROR: Alert API error: ${error.message}`);
+      resolve();
+    });
+    req.setTimeout(10000, () => {
+      req.destroy();
+      console.log('ERROR: Alert API timeout');
+      resolve();
+    });
+    req.write(payload);
+    req.end();
+  }
+  // Otherwise, i.e. if the alert configuration is incomplete:
+  else {
+    // Report this.
+    console.log(
+      `WARNING (${subject}): ${body}\nERROR: Alert configuration incomplete, so no alert sent`
+    );
+    resolve();
+  }
+});

package/diagnoses/index.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="publisher" content="Jonathan Robert Pool">
+    <meta name="creator" content="Jonathan Robert Pool">
+    <meta name="keywords" content="report,accessibility,a11y">
+    <title>HTML element __catalogIndex__ of __target__ for __issue__ issue | Kilotest</title>
+    <link rel="icon" href="/favicon.ico">
+    <link rel="stylesheet" href="/style.css">
+  </head>
+  <body>
+    <main>
+      <h1><a href="/">Kilotest</a>: Diagnoses of <q>__issue__</q> violation by HTML element __catalogIndex__ on __target__ page</h1>
+      <h2>Basics</h2>
+      <h3>About the __target__ page</h3>
+      <ul>
+        <li>URL: __urlLink__</li>
+        <li>__testInfo__</li>
+      </ul>
+      <h3>About HTML element __catalogIndex__</h3>
+      <ul>
+        <li>Tag name: <code>__tagName__</code></li>
+        <li>Text: __text__</li>
+        <li>Start tag: <code>__startTag__</code></li>
+        <li>XPath: <code>__pathID__</code></li>
+        <li>Bounding box: __box__</li>
+      </ul>
+      <ul class="nav">
+        __takeMeThere__
+      </ul>
+      <h3>About the <q>__issue__</q> issue</h3>
+      <ul>
+        <li>Why it matters: __why__</li>
+        <li>Priority: __priority__</li>
+        <li>Related WCAG standard: __wcag__</li>
+      </ul>
+      <h2>Diagnoses</h2>
+      <p>Here is how tools diagnose the <q>__issue__</q> issue for HTML element __catalogIndex__ of the __target__ page.</p>
+      <ol>
+        __diagnoses__
+      </ol>
+    </main>
+  </body>
+</html>