@mcptoolshop/accessibility-suite 0.1.0

package/examples/a11y-demo-site/CODE_OF_CONDUCT.md

@@ -0,0 +1,129 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

package/examples/a11y-demo-site/CONTRIBUTING.md

@@ -0,0 +1,83 @@
+# Contributing to a11y-demo-site
+
+Thank you for your interest in contributing to a11y-demo-site! This repository demonstrates accessibility testing with provenance verification.
+
+## How to Contribute
+
+### Reporting Issues
+
+If you find a problem or have a suggestion:
+
+1. Check if the issue already exists in [GitHub Issues](https://github.com/mcp-tool-shop-org/a11y-demo-site/issues)
+2. If not, create a new issue with:
+   - A clear, descriptive title
+   - Steps to reproduce (for bugs)
+   - Expected vs. actual behavior
+   - Your environment details
+
+### Contributing Code
+
+1. **Fork the repository** and create a branch from `main`
+2. **Make your changes**
+   - Add or modify HTML examples
+   - Update scripts if needed
+   - Update documentation
+3. **Test locally**
+   ```bash
+   ./scripts/a11y.sh
+   ```
+4. **Commit your changes**
+   - Use clear, descriptive commit messages
+   - Reference issue numbers when applicable
+5. **Submit a pull request**
+   - Describe what your PR does and why
+   - Link to related issues
+
+### Local Testing
+
+**Prerequisites:**
+- `npm install -g a11y-evidence-engine`
+- `pip install a11y-assist`
+
+**Run the demo:**
+```bash
+./scripts/a11y.sh
+```
+
+Results will be in `results/`:
+- `findings.json` - Accessibility findings
+- `provenance/` - Provenance bundles
+- `a11y-assist/` - Fix advisories
+
+### Adding HTML Examples
+
+To add new accessibility test cases:
+
+1. Create or modify HTML files in `html/`
+2. Add intentional accessibility issues for demonstration
+3. Document the issues in README.md
+4. Run `./scripts/a11y.sh` to verify findings are detected
+
+### CI Workflow
+
+The GitHub Actions workflow:
+- Runs accessibility scans on all HTML files
+- Verifies provenance integrity
+- Uploads results as artifacts
+- Fails on accessibility errors (by design, to demonstrate detection)
+
+## Project Purpose
+
+This demo site intentionally contains accessibility issues to demonstrate:
+- Evidence-based accessibility testing
+- Provenance tracking with SHA-256 integrity
+- Fix-oriented advisory generation
+- CI integration with artifact uploads
+
+## Code of Conduct
+
+Please note that this project is released with a [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to abide by its terms.
+
+## Questions?
+
+Open an issue or start a discussion. We're here to help!

package/examples/a11y-demo-site/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 mcp-tool-shop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/examples/a11y-demo-site/README.md

@@ -0,0 +1,155 @@
+# a11y-demo-site
+
+A tiny end-to-end demo showing:
+
+- `a11y-evidence-engine` produces accessibility findings + provenance bundles
+- `a11y-assist ingest` generates fix-oriented advisories
+- `--verify-provenance` recomputes SHA-256 over canonical evidence
+- CI fails on accessibility errors **with Provenance: VERIFIED**
+
+---
+
+## One-command run (local)
+
+**Prereqs:**
+- `npm install -g a11y-evidence-engine`
+- `pip install a11y-assist`
+
+**Run:**
+
+```bash
+./scripts/a11y.sh
+```
+
+**Outputs:**
+
+```
+results/
+├── findings.json
+├── provenance/...
+└── a11y-assist/
+    ├── ingest-summary.json
+    └── advisories.json
+```
+
+---
+
+## CI behavior
+
+GitHub Actions runs the same script and fails if any findings exist at/above `--fail-on error`.
+
+When provenance verification succeeds, logs include:
+
+```
+Provenance: VERIFIED
+```
+
+---
+
+## Inspecting results in GitHub Actions (artifacts)
+
+This repo's CI uploads the full `results/` directory as a GitHub Actions artifact on every run (even when the job fails because the HTML is intentionally broken).
+
+### Where to download the artifact
+
+1. Go to the **Actions** tab in GitHub.
+2. Click the most recent workflow run:
+   - **"A11y (upload results)"** (recommended for inspection)
+3. Scroll to the bottom of the run page.
+4. Under **Artifacts**, download:
+   - **`a11y-results`**
+
+Unzip it locally. You'll see:
+
+```
+results/
+├── findings.json
+├── provenance/
+│   └── finding-0001/
+│       ├── record.json
+│       ├── digest.json
+│       └── envelope.json
+└── a11y-assist/
+    ├── ingest-summary.json
+    └── advisories.json
+```
+
+### What to open first (recommended order)
+
+1. **`results/a11y-assist/ingest-summary.json`**
+   Quick overview of counts, top rules, and top files.
+
+2. **`results/a11y-assist/advisories.json`**
+   The fix-oriented task list. Each advisory includes `instances[]` with `evidence_ref` links.
+
+3. **`results/provenance/finding-*/digest.json`**
+   The stored `integrity.digest.sha256` record.
+
+4. **`results/provenance/finding-*/record.json`**
+   The evidence record (`engine.extract.evidence.json_pointer`) showing what was captured.
+
+### What "Provenance: VERIFIED" means
+
+When `a11y-assist ingest --verify-provenance` runs, it recomputes the SHA-256 digest from the canonicalized evidence and compares it to the stored digest.
+
+If they match, CI prints:
+
+```
+Provenance: VERIFIED
+```
+
+This proves the captured evidence has not been tampered with since it was produced by the scan (**integrity**).
+It does not, by itself, prove the original scan environment was trustworthy.
+
+---
+
+## The intentional bugs (for demo purposes)
+
+**html/index.html:**
+- `<html>` missing `lang` attribute
+- `<img>` missing `alt` attribute
+- `<button>` missing accessible name
+- `<a>` (empty link) missing accessible name
+
+**html/contact.html:**
+- `<html lang="">` (empty lang)
+- `<input>` missing associated label
+
+---
+
+## Fixing the demo (optional)
+
+To make CI pass, fix the HTML:
+
+```html
+<!-- index.html -->
+<html lang="en">
+  ...
+  <img src="hero.png" alt="Hero image">
+  <button>Click me</button>
+  <a href="/contact.html">Contact us</a>
+```
+
+```html
+<!-- contact.html -->
+<html lang="en">
+  ...
+  <label for="email">Email</label>
+  <input type="email" id="email" />
+```
+
+---
+
+## Related repos
+
+| Repo | Description |
+|------|-------------|
+| [prov-spec](https://github.com/mcp-tool-shop-org/prov-spec) | Formal provenance specification |
+| [a11y-evidence-engine](https://github.com/mcp-tool-shop-org/a11y-evidence-engine) | Accessibility scanner with provenance |
+| [a11y-assist](https://github.com/mcp-tool-shop-org/a11y-assist) | Fix advisor with provenance verification |
+
+---
+
+## License
+
+MIT

package/examples/a11y-demo-site/html/contact.html

@@ -0,0 +1,15 @@
+<!doctype html>
+<html lang="">
+  <head>
+    <meta charset="utf-8" />
+    <title>Contact</title>
+  </head>
+  <body>
+    <h1>Contact</h1>
+
+    <!-- Missing label -->
+    <input type="email" id="email" />
+
+    <p><a href="/index.html">Back</a></p>
+  </body>
+</html>

package/examples/a11y-demo-site/html/index.html

@@ -0,0 +1,20 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>A11y Demo Site</title>
+  </head>
+  <body>
+    <h1>Welcome</h1>
+
+    <!-- Missing alt -->
+    <img src="hero.png">
+
+    <!-- Interactive missing name -->
+    <button></button>
+
+    <p>
+      <a href="/contact.html"></a>
+    </p>
+  </body>
+</html>

package/examples/a11y-demo-site/scripts/a11y.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+OUT="${1:-results}"
+
+rm -rf "$OUT"
+mkdir -p "$OUT"
+
+echo "==> Scan (a11y-evidence-engine)"
+a11y-engine scan ./html --out "$OUT"
+
+echo "==> Ingest + verify provenance (a11y-assist)"
+# Fail CI if any errors exist (default fail-on error)
+a11y-assist ingest "$OUT/findings.json" \
+  --out "$OUT/a11y-assist" \
+  --verify-provenance \
+  --strict \
+  --format text
+
+echo "==> Done"

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@mcptoolshop/accessibility-suite",
+  "version": "0.1.0",
+  "description": "Unified monorepo for accessibility testing, evidence generation, and compliance tooling",
+  "keywords": [
+    "accessibility",
+    "a11y",
+    "wcag",
+    "testing",
+    "evidence",
+    "provenance",
+    "compliance",
+    "mcp"
+  ],
+  "author": "mcp-tool-shop <64996768+mcp-tool-shop@users.noreply.github.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mcp-tool-shop-org/accessibility-suite.git"
+  },
+  "homepage": "https://github.com/mcp-tool-shop-org/accessibility-suite#readme",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  }
+}

package/src/a11y-assist/.github/workflows/publish.yml

@@ -0,0 +1,52 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install build tools
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Check package
+        run: twine check dist/*
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

package/src/a11y-assist/.github/workflows/test.yml

@@ -0,0 +1,30 @@
+name: Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run tests
+        run: pytest tests/ -v --tb=short

package/src/a11y-assist/A11Y_ASSIST_TEST_COVERAGE_REQUIREMENTS.md

@@ -0,0 +1,104 @@
+# A11y-Assist Test Coverage Requirements
+
+**Goal:** Reach 100% coverage across CLI parsing, error ingestion, rendering, and storage.
+
+**Current State:**
+- Source modules: a11y_assist/*
+- Tests exist but edge cases remain
+
+---
+
+## 1) a11y_assist/cli.py
+**Priority: CRITICAL**
+- `test_cli_main_help`
+- `test_cli_parse_arguments`
+- `test_cli_invalid_arguments`
+- `test_cli_profile_selection`
+- `test_cli_error_handling`
+
+## 2) a11y_assist/from_cli_error.py
+**Priority: HIGH**
+- `test_parse_cli_error_basic`
+- `test_parse_cli_error_multiline`
+- `test_parse_cli_error_unknown_format`
+- `test_extract_command_from_error`
+- `test_extract_exit_code`
+
+## 3) a11y_assist/ingest.py
+**Priority: HIGH**
+- `test_ingest_error_message`
+- `test_ingest_handles_ansi_codes`
+- `test_ingest_sanitizes_input`
+- `test_ingest_batch_errors`
+- `test_ingest_large_error_messages`
+
+## 4) a11y_assist/guard.py
+**Priority: CRITICAL**
+- `test_guard_validates_schemas`
+- `test_guard_rejects_invalid_data`
+- `test_guard_handles_missing_fields`
+- `test_guard_type_checking`
+- `test_guard_nested_validation`
+
+## 5) a11y_assist/render.py
+**Priority: HIGH**
+- `test_render_basic_output`
+- `test_render_with_profile`
+- `test_render_color_coding`
+- `test_render_low_vision_mode`
+- `test_render_unicode_content`
+- `test_render_long_messages`
+
+## 6) a11y_assist/storage.py
+**Priority: MEDIUM**
+- `test_storage_save_error`
+- `test_storage_load_error`
+- `test_storage_update_error`
+- `test_storage_delete_error`
+- `test_storage_persistence`
+
+## 7) a11y_assist/parse_raw.py
+**Priority: MEDIUM**
+- `test_parse_raw_text`
+- `test_parse_raw_handles_encoding`
+- `test_parse_raw_binary_data`
+- `test_parse_raw_empty_input`
+
+## 8) a11y_assist/methods.py
+**Priority: HIGH**
+- `test_methods_suggest_fixes`
+- `test_methods_analyze_error`
+- `test_methods_format_recommendation`
+- `test_methods_priority_ranking`
+
+## 9) Integration Tests
+**Priority: CRITICAL**
+- `test_end_to_end_error_flow`
+- `test_cli_to_render_pipeline`
+- `test_profile_switching`
+- `test_error_persistence_and_retrieval`
+
+---
+
+## Suggested Test Layout
+```
+accessibility/a11y-assist/tests/
+  test_cli.py
+  test_from_cli_error.py
+  test_ingest.py
+  test_guard.py
+  test_render.py
+  test_storage.py
+  test_parse_raw.py
+  test_methods.py
+  test_integration.py
+```
+
+---
+
+## Notes
+- Test with various terminal emulator outputs
+- Include ANSI escape code handling
+- Test low-vision profiles thoroughly
+- Mock file system operations for storage tests
+- Test with real CLI error examples