@mcptoolshop/accessibility-suite 0.1.0

package/.github/workflows/ci.yml

@@ -0,0 +1,63 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  # Python projects: a11y-assist, a11y-ci, a11y-lint
+  python:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        project:
+          - a11y-assist
+          - a11y-ci
+          - a11y-lint
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        working-directory: src/${{ matrix.project }}
+        run: |
+          pip install -e .
+          pip install pytest
+
+      - name: Run tests
+        working-directory: src/${{ matrix.project }}
+        run: pytest -v || echo "No tests or tests failed"
+
+  # Node.js projects: a11y-evidence-engine, a11y-mcp-tools
+  nodejs:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        project:
+          - a11y-evidence-engine
+          - a11y-mcp-tools
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        working-directory: src/${{ matrix.project }}
+        run: npm ci
+
+      - name: Run tests
+        working-directory: src/${{ matrix.project }}
+        run: npm test || echo "No tests or tests failed"

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025-2026 mcp-tool-shop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,37 @@
+# accessibility-suite
+
+Unified monorepo for accessibility testing, evidence generation, and compliance tooling.
+
+## Projects
+
+| Project | Description | Tech |
+|---------|-------------|------|
+| `src/a11y-assist/` | Accessibility testing assistant | Python |
+| `src/a11y-ci/` | CI/CD integration for accessibility checks | Python |
+| `src/a11y-lint/` | Accessibility linter | Python |
+| `src/a11y-evidence-engine/` | Evidence generation and reporting | Node.js |
+| `src/a11y-mcp-tools/` | MCP server tools for accessibility | Node.js |
+| `examples/a11y-demo-site/` | Demo site for testing | HTML |
+| `docs/prov-spec/` | Provenance specification | Spec |
+
+## Quick Start
+
+```bash
+# Clone
+git clone https://github.com/mcp-tool-shop-org/accessibility-suite.git
+cd accessibility-suite
+
+# Python tools (a11y-assist, a11y-ci, a11y-lint)
+cd src/a11y-lint
+pip install -e .
+a11y-lint --help
+
+# Node.js tools (a11y-evidence-engine, a11y-mcp-tools)
+cd src/a11y-evidence-engine
+npm install
+npm test
+```
+
+## License
+
+MIT

package/docs/prov-spec/.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Verify validator runs
+      run: python tools/python/prov_validator.py --help
+
+    - name: List known methods
+      run: python tools/python/prov_validator.py list-methods
+
+    - name: Run test vector - integrity.digest.sha256
+      run: python tools/python/prov_validator.py check-vector spec/vectors/integrity.digest.sha256
+
+    - name: Run test vector - adapter.wrap.envelope_v0_1
+      run: python tools/python/prov_validator.py check-vector spec/vectors/adapter.wrap.envelope_v0_1
+
+  spec-validation:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Validate JSON schemas
+      run: |
+        python3 -c "
+        import json, sys
+        from pathlib import Path
+        
+        schemas = Path('spec/schemas').glob('*.json')
+        for schema_file in schemas:
+            try:
+                with open(schema_file) as f:
+                    json.load(f)
+                print(f'✓ {schema_file.name} is valid JSON')
+            except json.JSONDecodeError as e:
+                print(f'✗ {schema_file.name} failed: {e}')
+                sys.exit(1)
+        "
+
+    - name: Validate methods catalog
+      run: |
+        python3 -c "
+        import json
+        with open('spec/methods.json') as f:
+            methods = json.load(f)
+        print(f'✓ methods.json is valid JSON')
+        print(f'  Found {len(methods.get(\"methods\", []))} methods')
+        "

package/docs/prov-spec/CHANGELOG.md

@@ -0,0 +1,69 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2025-01
+
+### Added
+
+- **PROV_METHODS_SPEC.md** — Normative specification for provenance method IDs
+  - Method ID grammar (ABNF + regex)
+  - Semantic contracts for all namespaces
+  - Canonicalization rules (JCS-subset)
+  - Versioning and compatibility policy
+  - Conformance levels
+
+- **Method Catalog** — 19 stable method IDs across 4 namespaces
+  - `adapter.*` (5 methods) — envelope wrapping, transport
+  - `engine.*` (6 methods) — evidence extraction, provenance construction
+  - `integrity.*` (6 methods) — hashing, signatures, verification
+  - `lineage.*` (2 methods) — parent linking, graph operations
+
+- **Reserved Namespaces** — 4 namespaces reserved for future use
+  - `policy.*`, `attestation.*`, `execution.*`, `audit.*`
+
+- **JSON Schemas**
+  - `prov.record.schema.v0.1.json` — Provenance record
+  - `artifact.schema.v0.1.json` — Artifact metadata
+  - `artifact.ref.schema.v0.1.json` — Artifact references
+  - `evidence.schema.v0.1.json` — Evidence anchors
+  - `mcp.envelope.schema.v0.1.json` — MCP envelope wrapper
+  - `mcp.request.schema.v0.1.json` — MCP request format
+  - `prov-capabilities.schema.json` — Capability manifest
+  - `methods.schema.json` — Method catalog format
+
+- **Test Vectors**
+  - `integrity.digest.sha256` — Digest computation
+  - `adapter.wrap.envelope_v0_1` — Envelope wrapping
+  - `engine.extract.evidence.json_pointer` — Evidence extraction
+  - `method_id_syntax` — Grammar validation
+  - Negative vectors for must-fail cases
+
+- **Conformance Levels**
+  - Level 1: Integrity
+  - Level 2: Engine
+  - Level 3: Lineage
+
+- **Reference Tools**
+  - Python validator (`prov_validator`)
+
+- **Documentation**
+  - CONFORMANCE_LEVELS.md
+  - MCP_COMPATIBILITY.md
+  - PROV_METHODS_CATALOG.md
+
+### Security
+
+- All method IDs are stable and append-only
+- No semantic changes without major version bump
+- Canonicalization prevents hash ambiguity
+
+---
+
+## Stability Guarantee
+
+> Method IDs marked `stable` are append-only and will never change semantics.
+> Compatibility is guaranteed within a major version.

package/docs/prov-spec/CODE_OF_CONDUCT.md

@@ -0,0 +1,129 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

package/docs/prov-spec/CONFORMANCE_LEVELS.md

@@ -0,0 +1,223 @@
+# Conformance Levels
+
+**Spec Version:** v0.1.0
+
+This document defines testable conformance tiers for prov-spec implementations.
+
+---
+
+## Overview
+
+Conformance is incremental. Each level builds on the previous.
+
+| Level | Name | Badge | Requirements |
+|-------|------|-------|--------------|
+| **1** | Integrity | ![Level 1](https://img.shields.io/badge/prov--spec-L1%20Integrity-blue) | Correct hashing and canonicalization |
+| **2** | Engine | ![Level 2](https://img.shields.io/badge/prov--spec-L2%20Engine-green) | Level 1 + provenance record construction |
+| **3** | Lineage | ![Level 3](https://img.shields.io/badge/prov--spec-L3%20Lineage-purple) | Level 2 + parent linking and graph operations |
+
+---
+
+## Level 1: Integrity
+
+**Focus:** Cryptographic correctness
+
+### Required Methods
+
+- `integrity.digest.sha256` (or `sha512` or `blake3`)
+
+### Requirements
+
+1. **Canonicalization:** JSON content MUST be canonicalized per spec Section 6
+2. **Digest format:** `{ "alg": "<algorithm>", "value": "<lowercase-hex>" }`
+3. **Determinism:** Same input MUST produce same digest
+
+### Test Vectors
+
+- `spec/vectors/integrity.digest.sha256/`
+
+### How to Claim
+
+```json
+{
+  "conformance_level": "L1-integrity",
+  "implements": ["integrity.digest.sha256"]
+}
+```
+
+---
+
+## Level 2: Engine
+
+**Focus:** Provenance record construction
+
+### Required Methods
+
+All of Level 1, plus:
+
+- `adapter.wrap.envelope_v0_1`
+- `adapter.provenance.attach_record_v0_1`
+- `engine.prov.artifact.register_output`
+
+### Requirements
+
+1. **Envelope structure:** Valid `mcp.envelope.v0.1`
+2. **Record structure:** Valid `prov.record.v0.1`
+3. **No double-wrap:** Existing envelopes pass through unchanged
+4. **Method claims:** Only claim methods actually applied
+
+### Test Vectors
+
+- `spec/vectors/adapter.wrap.envelope_v0_1/`
+- `spec/vectors/engine.prov.artifact.register_output/`
+
+### How to Claim
+
+```json
+{
+  "conformance_level": "L2-engine",
+  "implements": [
+    "integrity.digest.sha256",
+    "adapter.wrap.envelope_v0_1",
+    "adapter.provenance.attach_record_v0_1",
+    "engine.prov.artifact.register_output"
+  ]
+}
+```
+
+---
+
+## Level 3: Lineage
+
+**Focus:** Provenance chains and graphs
+
+### Required Methods
+
+All of Level 2, plus:
+
+- `lineage.parent.link`
+
+### Requirements
+
+1. **Parent references:** `parents[]` contains valid `run_id` values
+2. **Retrievability:** Parent records SHOULD be retrievable
+3. **Acyclicity:** Lineage graph MUST be a DAG (no cycles)
+
+### Test Vectors
+
+- `spec/vectors/lineage.parent.link/`
+
+### How to Claim
+
+```json
+{
+  "conformance_level": "L3-lineage",
+  "implements": [
+    "integrity.digest.sha256",
+    "adapter.wrap.envelope_v0_1",
+    "adapter.provenance.attach_record_v0_1",
+    "engine.prov.artifact.register_output",
+    "lineage.parent.link"
+  ]
+}
+```
+
+---
+
+## Optional Methods
+
+These methods enhance conformance but are not required for any level:
+
+| Method | Purpose |
+|--------|---------|
+| `engine.prov.artifact.register_input` | Track input artifacts |
+| `engine.extract.evidence.json_pointer` | JSON pointer evidence anchors |
+| `engine.extract.evidence.text_lines` | Text line evidence anchors |
+| `integrity.signature.create` | Sign provenance records |
+| `integrity.signature.verify` | Verify signatures |
+
+Declare optional methods in `prov-capabilities.json`:
+
+```json
+{
+  "optional": [
+    "engine.prov.artifact.register_input",
+    "integrity.signature.create"
+  ]
+}
+```
+
+---
+
+## Validation Process
+
+### Self-Declaration
+
+1. Create `prov-capabilities.json` in your project root
+2. List implemented methods
+3. Declare conformance level
+4. Document any known deviations
+
+### Automated Validation
+
+```bash
+# Validate your manifest
+python -m prov_validator validate-manifest prov-capabilities.json
+
+# Run all applicable test vectors
+python -m prov_validator check-vector integrity.digest.sha256
+python -m prov_validator check-vector adapter.wrap.envelope_v0_1
+```
+
+### Conformance Report
+
+Generate a report for auditors:
+
+```bash
+python -m prov_validator conformance-report prov-capabilities.json -o report.json
+```
+
+---
+
+## Badge Usage
+
+Add a conformance badge to your README:
+
+```markdown
+[![prov-spec L2](https://img.shields.io/badge/prov--spec-L2%20Engine-green)](https://github.com/prov-spec/prov-spec)
+```
+
+Renders as: ![prov-spec L2](https://img.shields.io/badge/prov--spec-L2%20Engine-green)
+
+---
+
+## Known Deviations
+
+If your implementation deviates from spec, document it:
+
+```json
+{
+  "known_deviations": [
+    {
+      "method_id": "integrity.digest.sha256",
+      "deviation": "Uses uppercase hex instead of lowercase",
+      "reason": "Legacy compatibility with existing system"
+    }
+  ]
+}
+```
+
+Deviations don't disqualify conformance claims but MUST be disclosed.
+
+---
+
+## Upgrading Conformance
+
+To move from Level 1 to Level 2:
+
+1. Implement required Level 2 methods
+2. Pass Level 2 test vectors
+3. Update `prov-capabilities.json`
+4. Update badge
+
+No breaking changes are required — conformance is additive.