@mcptoolshop/accessibility-suite 0.1.0

package/src/a11y-lint/tests/test_validate.py

@@ -0,0 +1,257 @@
+"""Tests for validate module."""
+
+import json
+import pytest
+from pathlib import Path
+import tempfile
+
+from a11y_lint.validate import (
+    validate_dict,
+    validate_message,
+    is_valid,
+    validate_json_file,
+    validate_and_convert,
+    MessageValidator,
+    load_schema,
+)
+from a11y_lint.errors import A11yMessage, Level
+
+
+class TestLoadSchema:
+    """Tests for schema loading."""
+
+    def test_schema_loads(self) -> None:
+        schema = load_schema()
+        assert schema["title"] == "CLI Ground Truth Message"
+        assert "properties" in schema
+        assert "level" in schema["properties"]
+
+
+class TestValidateDict:
+    """Tests for validate_dict function."""
+
+    def test_valid_ok_message(self) -> None:
+        data = {
+            "level": "OK",
+            "code": "TST001",
+            "what": "Test passed",
+        }
+        errors = validate_dict(data)
+        assert errors == []
+
+    def test_valid_error_message(self) -> None:
+        data = {
+            "level": "ERROR",
+            "code": "TST001",
+            "what": "Test failed",
+            "why": "Reason",
+            "fix": "Fix it",
+        }
+        errors = validate_dict(data)
+        assert errors == []
+
+    def test_missing_required_field(self) -> None:
+        data = {
+            "level": "OK",
+            "what": "Test",
+        }
+        errors = validate_dict(data)
+        assert len(errors) > 0
+        assert any("code" in e for e in errors)
+
+    def test_invalid_level(self) -> None:
+        data = {
+            "level": "INVALID",
+            "code": "TST001",
+            "what": "Test",
+        }
+        errors = validate_dict(data)
+        assert len(errors) > 0
+        assert any("level" in e.lower() for e in errors)
+
+    def test_invalid_code_pattern(self) -> None:
+        data = {
+            "level": "OK",
+            "code": "invalid",
+            "what": "Test",
+        }
+        errors = validate_dict(data)
+        assert len(errors) > 0
+        assert any("code" in e for e in errors)
+
+    def test_what_too_long(self) -> None:
+        data = {
+            "level": "OK",
+            "code": "TST001",
+            "what": "x" * 300,  # Exceeds maxLength of 200
+        }
+        errors = validate_dict(data)
+        assert len(errors) > 0
+
+    def test_additional_properties_rejected(self) -> None:
+        data = {
+            "level": "OK",
+            "code": "TST001",
+            "what": "Test",
+            "unknown_field": "value",
+        }
+        errors = validate_dict(data)
+        assert len(errors) > 0
+
+
+class TestValidateMessage:
+    """Tests for validate_message function."""
+
+    def test_valid_message(self) -> None:
+        msg = A11yMessage.ok("TST001", "Test passed")
+        errors = validate_message(msg)
+        assert errors == []
+
+    def test_message_with_all_fields(self) -> None:
+        msg = A11yMessage.error(
+            "TST001",
+            "Test error",
+            "Why",
+            "Fix",
+            rule="test-rule",
+            metadata={"key": "value"},
+        )
+        errors = validate_message(msg)
+        assert errors == []
+
+
+class TestIsValid:
+    """Tests for is_valid function."""
+
+    def test_valid_dict(self) -> None:
+        data = {"level": "OK", "code": "TST001", "what": "Test"}
+        assert is_valid(data) is True
+
+    def test_invalid_dict(self) -> None:
+        data = {"level": "INVALID", "code": "TST001", "what": "Test"}
+        assert is_valid(data) is False
+
+    def test_valid_message(self) -> None:
+        msg = A11yMessage.ok("TST001", "Test")
+        assert is_valid(msg) is True
+
+
+class TestValidateJsonFile:
+    """Tests for validate_json_file function."""
+
+    def test_valid_single_message(self) -> None:
+        data = {"level": "OK", "code": "TST001", "what": "Test"}
+        with tempfile.NamedTemporaryFile(
+            mode="w", suffix=".json", delete=False
+        ) as f:
+            json.dump(data, f)
+            f.flush()
+            valid, errors = validate_json_file(f.name)
+            assert len(valid) == 1
+            assert errors == []
+        Path(f.name).unlink()
+
+    def test_valid_array_messages(self) -> None:
+        data = [
+            {"level": "OK", "code": "TST001", "what": "Test 1"},
+            {"level": "WARN", "code": "TST002", "what": "Test 2", "why": "Reason"},
+        ]
+        with tempfile.NamedTemporaryFile(
+            mode="w", suffix=".json", delete=False
+        ) as f:
+            json.dump(data, f)
+            f.flush()
+            valid, errors = validate_json_file(f.name)
+            assert len(valid) == 2
+            assert errors == []
+        Path(f.name).unlink()
+
+    def test_partial_valid_messages(self) -> None:
+        data = [
+            {"level": "OK", "code": "TST001", "what": "Test 1"},
+            {"level": "INVALID", "code": "TST002", "what": "Test 2"},
+        ]
+        with tempfile.NamedTemporaryFile(
+            mode="w", suffix=".json", delete=False
+        ) as f:
+            json.dump(data, f)
+            f.flush()
+            valid, errors = validate_json_file(f.name)
+            assert len(valid) == 1
+            assert len(errors) > 0
+        Path(f.name).unlink()
+
+    def test_invalid_json(self) -> None:
+        with tempfile.NamedTemporaryFile(
+            mode="w", suffix=".json", delete=False
+        ) as f:
+            f.write("not valid json")
+            f.flush()
+            valid, errors = validate_json_file(f.name)
+            assert valid == []
+            assert len(errors) == 1
+            assert "Invalid JSON" in errors[0]
+        Path(f.name).unlink()
+
+    def test_file_not_found(self) -> None:
+        valid, errors = validate_json_file("nonexistent.json")
+        assert valid == []
+        assert len(errors) == 1
+        assert "File not found" in errors[0]
+
+
+class TestValidateAndConvert:
+    """Tests for validate_and_convert function."""
+
+    def test_valid_returns_message(self) -> None:
+        data = {"level": "OK", "code": "TST001", "what": "Test"}
+        result = validate_and_convert(data)
+        assert isinstance(result, A11yMessage)
+        assert result.level == Level.OK
+        assert result.code == "TST001"
+
+    def test_invalid_returns_errors(self) -> None:
+        data = {"level": "INVALID", "code": "TST001", "what": "Test"}
+        result = validate_and_convert(data)
+        assert isinstance(result, list)
+        assert len(result) > 0
+
+
+class TestMessageValidator:
+    """Tests for MessageValidator class."""
+
+    def test_validate_batch(self) -> None:
+        messages = [
+            {"level": "OK", "code": "TST001", "what": "Test 1"},
+            {"level": "WARN", "code": "TST002", "what": "Test 2", "why": "Reason"},
+            {"level": "INVALID", "code": "TST003", "what": "Test 3"},
+        ]
+        validator = MessageValidator()
+        validator.validate_batch(messages)
+
+        assert validator.valid_count == 2
+        assert validator.invalid_count == 1
+        assert validator.total_count == 3
+        assert not validator.is_all_valid
+        assert len(validator.messages) == 2
+        assert len(validator.errors) == 1
+
+    def test_summary(self) -> None:
+        validator = MessageValidator()
+        assert validator.summary() == "No messages validated"
+
+        validator.validate({"level": "OK", "code": "TST001", "what": "Test"})
+        assert "All 1 messages valid" in validator.summary()
+
+        validator.validate({"level": "INVALID"}, index=1)
+        assert "1 valid" in validator.summary()
+        assert "1 invalid" in validator.summary()
+
+    def test_error_report(self) -> None:
+        validator = MessageValidator()
+        assert validator.error_report() == "No errors"
+
+        validator.validate({"level": "INVALID"}, index=0)
+        report = validator.error_report()
+        assert "1 invalid" in report
+        assert "Message 0" in report

package/src/a11y-mcp-tools/.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x, 22.x]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Run tests
+      run: npm test
+
+    - name: Verify CLI works
+      run: |
+        node bin/cli.js evidence --target fixtures/html/index.html --dom-snapshot --out test-output.json
+        test -f test-output.json
+
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20.x'
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Check for syntax errors
+      run: node --check bin/cli.js bin/server.js src/index.js

package/src/a11y-mcp-tools/CODE_OF_CONDUCT.md

@@ -0,0 +1,129 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

package/src/a11y-mcp-tools/CONTRIBUTING.md

@@ -0,0 +1,136 @@
+# Contributing to a11y-mcp-tools
+
+Thank you for your interest in contributing to a11y-mcp-tools! We appreciate your help in making web accessibility testing more robust and evidence-based.
+
+## How to Contribute
+
+### Reporting Issues
+
+If you find a bug or have a suggestion:
+
+1. Check if the issue already exists in [GitHub Issues](https://github.com/mcp-tool-shop-org/a11y-mcp-tools/issues)
+2. If not, create a new issue with:
+   - A clear, descriptive title
+   - Steps to reproduce (for bugs)
+   - Expected vs. actual behavior
+   - Your environment (Node version, OS)
+   - Sample HTML if relevant
+
+### Contributing Code
+
+1. **Fork the repository** and create a branch from `main`
+2. **Set up your development environment**
+   ```bash
+   npm install
+   ```
+3. **Make your changes**
+   - Follow the existing code style
+   - Add tests for new functionality
+   - Ensure all tests pass: `npm test`
+   - Update documentation as needed
+4. **Commit your changes**
+   - Use clear, descriptive commit messages
+   - Reference issue numbers when applicable
+5. **Submit a pull request**
+   - Describe what your PR does and why
+   - Link to related issues
+
+### Development Workflow
+
+```bash
+# Install dependencies
+npm install
+
+# Run tests
+npm test
+
+# Test CLI locally
+node bin/cli.js evidence --target fixtures/html/example.html --dom-snapshot
+
+# Test MCP server locally
+node bin/server.js
+```
+
+### Testing
+
+All new features should include tests. Tests are located in the `test/` directory and use Node's built-in test runner.
+
+```javascript
+// Example test structure
+import { test } from 'node:test';
+import assert from 'node:assert/strict';
+
+test('should detect accessibility issue', () => {
+  // Arrange
+  const html = '<img src="test.jpg">';
+  
+  // Act
+  const result = diagnose({ html });
+  
+  // Assert
+  assert.equal(result.findings.length, 1);
+  assert.equal(result.findings[0].rule, 'alt');
+});
+```
+
+### Adding New WCAG Rules
+
+1. Add rule implementation in `src/rules/`
+2. Add test cases in `test/*.test.js`
+3. Update README.md with rule documentation
+4. Add method ID to PROV_METHODS_CATALOG.md
+5. Update schemas if needed
+
+### Code Style
+
+- Use ES modules (`import`/`export`)
+- Prefer `const` over `let`
+- Use descriptive variable names
+- Add JSDoc comments for public APIs
+- Follow existing patterns for consistency
+
+### MCP Envelope Design Principles
+
+- **Tamper-evident** - All evidence includes integrity digests
+- **Traceable** - Provenance records for all operations
+- **Deterministic** - Same input produces same output
+- **Evidence-anchored** - Findings reference specific artifact locations
+- **SAFE guidance** - Fix suggestions describe intent, not direct code writes
+
+## Project Structure
+
+```
+a11y-mcp-tools/
+├── bin/               # CLI and server entry points
+├── src/               # Source code
+│   ├── tools/         # MCP tool implementations
+│   ├── rules/         # WCAG rule checkers
+│   ├── schemas/       # JSON schemas
+│   └── index.js       # Main exports
+├── test/              # Test suite
+├── fixtures/          # Test fixtures
+└── package.json       # Project configuration
+```
+
+## Schema Validation
+
+All requests and responses must validate against JSON schemas in `src/schemas/`:
+- `envelope.schema.v0.1.json` - MCP envelope format
+- `evidence.bundle.schema.v0.1.json` - Evidence bundle
+- `diagnosis.schema.v0.1.json` - Diagnosis output
+
+## Exit Codes
+
+Maintain CI-native exit codes:
+- `0` - Success (no findings at/above severity threshold)
+- `2` - Findings exist (operation succeeded, but issues found)
+- `3` - Capture/validation failure
+- `4` - Provenance verification failed
+
+## Code of Conduct
+
+Please note that this project is released with a [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to abide by its terms.
+
+## Questions?
+
+Open an issue or start a discussion. We're here to help!

package/src/a11y-mcp-tools/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 mcp-tool-shop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/src/a11y-mcp-tools/PROV_METHODS_CATALOG.md

@@ -0,0 +1,104 @@
+# Provenance Method ID Catalog (v0.1)
+
+Stable method IDs for provenance tracking in a11y-mcp-tools.
+
+These IDs are **locked** and MUST NOT change within a major version.
+See [prov-spec](https://github.com/mcp-tool-shop-org/prov-spec) for the full specification.
+
+## Envelope Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `adapter.wrap.envelope_v0_1` | Wrap request/response in MCP envelope |
+
+## Provenance Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `adapter.provenance.record_v0_1` | Create provenance record with inputs/outputs |
+
+## Integrity Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `adapter.integrity.sha256_v0_1` | SHA-256 digest for artifact integrity |
+
+## Evidence Capture Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `engine.capture.html_canonicalize_v0_1` | Capture HTML with canonicalization (sorted attrs, normalized whitespace) |
+| `engine.capture.dom_snapshot_v0_1` | Extract DOM snapshot as flat node array |
+| `engine.capture.file_v0_1` | Generic file capture (CLI logs, etc.) |
+
+## Diagnosis Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `engine.diagnose.wcag_rules_v0_1` | Evaluate WCAG accessibility rules |
+
+## Evidence Extraction Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `engine.extract.evidence.json_pointer_v0_1` | Extract evidence anchor via JSON Pointer (RFC 6901) |
+| `engine.extract.evidence.selector_v0_1` | Extract evidence anchor via CSS selector |
+
+## Fix Guidance Methods
+
+| Method ID | Description |
+|-----------|-------------|
+| `engine.generate.fix_guidance_v0_1` | Generate SAFE-only fix guidance (intent patches) |
+
+---
+
+## Method ID Naming Convention
+
+```
+<namespace>.<action>.<target>_v<major>_<minor>
+```
+
+**Namespaces:**
+- `adapter.*` - Data transformation, wrapping, integrity
+- `engine.*` - Core processing (capture, diagnose, extract)
+
+**Versioning:**
+- Method IDs include version suffix (e.g., `_v0_1`)
+- Breaking changes require new method ID
+- Minor changes (backwards-compatible) use same ID
+
+## Usage in Provenance Records
+
+```json
+{
+  "provenance": {
+    "record_id": "prov:record:abc123",
+    "methods": [
+      "adapter.wrap.envelope_v0_1",
+      "adapter.provenance.record_v0_1",
+      "adapter.integrity.sha256_v0_1",
+      "engine.capture.html_canonicalize_v0_1",
+      "engine.capture.dom_snapshot_v0_1"
+    ],
+    "inputs": ["html/index.html"],
+    "outputs": ["artifact:html:index", "artifact:dom:index"],
+    "verified": false,
+    "created_at": "2026-01-27T04:12:00Z"
+  }
+}
+```
+
+## Adding New Methods
+
+1. Choose appropriate namespace (`adapter.*` or `engine.*`)
+2. Use descriptive action + target naming
+3. Include version suffix
+4. Add to this catalog with description
+5. Update `src/schemas/provenance.js`
+
+## Related
+
+- [prov-spec](https://github.com/mcp-tool-shop-org/prov-spec) - Full provenance specification
+- [envelope.schema.v0.1.json](src/schemas/envelope.schema.v0.1.json) - MCP envelope schema
+- [evidence.bundle.schema.v0.1.json](src/schemas/evidence.bundle.schema.v0.1.json) - Bundle schema
+- [diagnosis.schema.v0.1.json](src/schemas/diagnosis.schema.v0.1.json) - Diagnosis schema