npm - @triedotdev/mcp - Versions diffs - 1.0.38 → 1.0.39 - Mend

@triedotdev/mcp 1.0.38 → 1.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +171 -15
package/dist/{chunk-HRNBSXN2.js → chunk-B3MBKB2U.js} +915 -64
package/dist/chunk-B3MBKB2U.js.map +1 -0
package/dist/{chunk-TGEI55FP.js → chunk-HG5AWUH7.js} +2 -2
package/dist/cli/yolo-daemon.js +2 -2
package/dist/index.js +2 -2
package/dist/workers/agent-worker.js +1 -1
package/package.json +1 -1
package/dist/chunk-HRNBSXN2.js.map +0 -1
/package/dist/{chunk-TGEI55FP.js.map → chunk-HG5AWUH7.js.map} +0 -0

package/README.md CHANGED Viewed

@@ -12,6 +12,8 @@ The last mile of shipping is where things break—not because your code doesn't
 ## What's New (latest updates)
+- **Accessibility Agent (v2.0)**: Comprehensive WCAG 2.1 AA compliance. Detects icon-only buttons, touch targets, skipped headings, positive tabIndex, ARIA validation, color-only indicators, and 20+ more checks with WCAG criterion references.
 - **Health Score Triaging**: Your health score (0-100) now actively controls what agents run. Below 50%? All agents run automatically. Agents that found issues before get boosted priority in future scans.
 - **Moneybags Agent**: Estimates dollar cost of bugs using IBM/NIST research. Costs scale with your user count—use `--users 10000` to match your scale (default: 250 users).
@@ -28,6 +30,7 @@ The last mile of shipping is where things break—not because your code doesn't
 - [MCP Tools](#mcp-tools)
 - [CLI](#cli)
 - [Built-in Agents](#built-in-agents)
+- [Accessibility Agent (v2.0)](#accessibility-agent-v20)
 - [Moneybags Agent (v1.1)](#moneybags-agent-v11)
 - [Legal Agent (v2.0)](#legal-agent-v20)
 - [Design Engineer (v2.0)](#design-engineer-v20)
@@ -37,7 +40,7 @@ The last mile of shipping is where things break—not because your code doesn't
 - [CI/CD Integration](#cicd-integration)
 - [VS Code Extension](#vs-code-extension)
 - [Agent Context System](#agent-context-system)
-- [Production Shipping](#production-shipping)
+- [Production Shipping](#production-shipping) (Production Ready Agent)
 - [Configuration](#configuration)
 - [License](#license)
@@ -402,7 +405,7 @@ Run a specific agent directly:
 | `trie_privacy` | GDPR/CCPA/PCI-DSS compliance, PII exposure, logging sensitive data |
 | `trie_soc2` | Access control gaps, missing audit logs, encryption issues |
 | `trie_legal` | Licensing, ToS, accessibility, IP, GDPR/CCPA, e-commerce, marketing, COPPA |
-| `trie_accessibility` | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
+| `trie_accessibility` | WCAG 2.1 AA: icon-only buttons, touch targets, heading levels, ARIA validation, focus management, 20+ checks |
 | `trie_architecture` | Code organization, SOLID principles, N+1 queries, scalability |
 | `trie_bugs` | Null safety, edge cases, async issues, common bugs |
 | `trie_types` | Type errors, missing annotations, null checks |
@@ -483,7 +486,7 @@ trie-agent agents
 | Agent | Description |
 |-------|-------------|
-| **Accessibility** | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
+| **Accessibility** | WCAG 2.1 AA compliance: icon-only buttons, touch targets, heading levels, ARIA validation, color-only indicators, keyboard nav, focus management, 20+ checks |
 | **Design Engineer** | AI slop detection, verified token systems, contrast validation, design health scoring, domain-aware recommendations |
 | **User Testing** | Simulate happy path, security tester, confused user, impatient user |
 | **Visual QA** | Visual regression, responsive design, cross-browser issues |
@@ -501,6 +504,128 @@ trie-agent agents
 ---
+## Accessibility Agent (v2.0)
+The Accessibility Agent has been completely rebuilt to provide comprehensive WCAG 2.1 AA compliance checking—matching and exceeding tools like rams.ai, axe-core, and Lighthouse.
+### Severity Levels
+| Level | Description | Examples |
+|-------|-------------|----------|
+| **Critical** | Blocks access entirely | Images without alt, icon-only buttons without labels, empty links |
+| **Serious** | Significantly impairs access | Focus outline removed, positive tabIndex, missing ARIA attributes |
+| **Moderate** | Creates barriers | Skipped headings, color-only indicators, small touch targets |
+| **Low** | Best practices | Missing semantic elements, external link warnings |
+### What It Detects
+#### Critical Issues
+| Issue | WCAG | Description |
+|-------|------|-------------|
+| Images without alt text | 1.1.1 | Screen readers cannot describe the image |
+| Icon-only buttons missing aria-label | 4.1.2 | Screen readers announce "button" with no purpose |
+| Non-semantic click handlers | 2.1.1 | `div onClick` without keyboard support blocks keyboard users |
+| Empty links | 2.4.4 | Links with no text content are unusable |
+| Links without href | 2.4.4 | Anchor elements must have destinations |
+#### Serious Issues
+| Issue | WCAG | Description |
+|-------|------|-------------|
+| Focus outline removed | 2.4.7 | `outline: none` without replacement hides keyboard focus |
+| Positive tabIndex values | 2.4.3 | `tabIndex={5}` disrupts natural tab order |
+| Role without required ARIA | 4.1.2 | `role="slider"` needs `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
+| Form inputs without labels | 1.3.1 | Inputs must have associated labels or aria-label |
+| Color-only status indicators | 1.4.1 | Red/green for error/success excludes colorblind users |
+| Placeholder as only label | 3.3.2 | Placeholder disappears when user types |
+| Modal without Escape key | 2.1.2 | Keyboard users may be trapped in modal |
+#### Moderate Issues
+| Issue | WCAG | Description |
+|-------|------|-------------|
+| Skipped heading levels | 2.4.6 | h1 → h3 confuses screen reader navigation |
+| First heading not h1 | 2.4.6 | Pages should start with h1 |
+| Touch targets under 24px | 2.5.8 | Minimum 24×24px for WCAG AA |
+| Missing autocomplete | 1.3.5 | Helps users fill forms faster |
+| Generic link text | 2.4.4 | "Click here" is meaningless out of context |
+| Missing prefers-reduced-motion | 2.3.3 | Animations can trigger vestibular disorders |
+| Status messages without aria-live | 4.1.3 | Toasts/alerts not announced to screen readers |
+#### Low Issues
+| Issue | WCAG | Description |
+|-------|------|-------------|
+| Touch targets under 44px | 2.5.5 | Recommended 44×44px for AAA |
+| Missing semantic elements | 1.3.1 | `<div class="nav">` should be `<nav>` |
+| External links without warning | 3.2.5 | `target="_blank"` should indicate new window |
+| Disabled elements without explanation | — | Users need to know why action is unavailable |
+### ARIA Validation
+The agent validates that ARIA roles have their required attributes:
+| Role | Required Attributes |
+|------|---------------------|
+| `checkbox` | `aria-checked` |
+| `slider` | `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
+| `combobox` | `aria-expanded`, `aria-controls` |
+| `progressbar` | `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
+| `tab` | `aria-selected` |
+| `switch` | `aria-checked` |
+### Accessibility Score
+Each scan produces an **Accessibility Score** (0-100) based on issue severity:
+```
+═══════════════════════════════════════════════════
+ACCESSIBILITY REVIEW: src/components/
+═══════════════════════════════════════════════════
+CRITICAL (2 issues)
+───────────────────
+[A11Y] Line 24: Icon-only button missing accessible name
+  <button><CloseIcon /></button>
+  Fix: Add aria-label="Close"
+  WCAG: 4.1.2 Name, Role, Value
+SERIOUS (1 issue)
+─────────────────
+[A11Y] Line 48: Focus outline removed without replacement
+  className="outline-none"
+  Fix: Add focus-visible:ring-2 focus-visible:ring-offset-2
+  WCAG: 2.4.7 Focus Visible
+MODERATE (2 issues)
+───────────────────
+[A11Y] Line 67: Skipped heading level: h1 to h3
+  <h3>Features</h3>
+  Fix: Use h2 after h1
+  WCAG: 2.4.6 Headings and Labels
+═══════════════════════════════════════════════════
+SUMMARY: 2 critical, 1 serious, 2 moderate
+Score: 55/100
+═══════════════════════════════════════════════════
+```
+### Usage
+```bash
+# Run accessibility scan
+trie scan --agents accessibility
+# Full UI scan (accessibility + design)
+trie scan --agents accessibility,design-engineer
+# MCP usage
+trie_accessibility
+```
+---
 ## Moneybags Agent
 The Moneybags agent answers the question every CFO asks: **"How much will this bug cost us?"**
@@ -933,6 +1058,33 @@ Every time you scan, Trie updates a file in your project (`.trie/AGENTS.md`) wit
 | Push to GitHub | CI/CD knows what to focus on |
 | Ask Trie "what should I fix?" | Gives prioritized answer based on your history |
+### File Size Management
+The context system uses automatic limits to prevent unbounded growth:
+| Limit | Value | What Happens |
+|-------|-------|--------------|
+| Max tracked issues | 500 | Oldest issues pruned when exceeded |
+| Locations per issue | 5 | Only most recent locations kept |
+| Scan history | 20 scans | Older scan records removed |
+| Hot files | 10 files | Only top 10 shown |
+| Issue age | 30 days | Stale resolved issues pruned |
+You don't need to manage this - Trie automatically prunes old data on each scan.
+### Multiple Projects
+Each project has its own isolated context:
+| Scenario | How It Works |
+|----------|--------------|
+| Switch between projects | Each project has its own `.trie/` folder |
+| Clone on new machine | Context restored from committed `.trie/` files |
+| Monorepo with workspaces | Each workspace can have its own `.trie/` |
+| Team collaboration | Same context when pulling changes |
+Trie auto-detects your project root by looking for `package.json`, `.git`, `Cargo.toml`, `go.mod`, or similar project indicators.
 ### For Developers: Technical Details
 <details>
@@ -955,27 +1107,31 @@ Files stored:
 ## Production Shipping
-Trie solves the "last mile" of shipping to production. See [PRODUCTION_SHIPPING.md](./PRODUCTION_SHIPPING.md) for the complete guide.
+Trie solves the "last mile" of shipping to production with the **Production Ready** agent.
 ### Quick Production Check
 ```bash
-# Full production readiness scan
-trie scan --agents security,privacy,bugs,performance --fail-on serious
+# Run production readiness scan
+trie scan --agents production-ready
-# Or via MCP
-trie_scan with agents: ["security", "privacy", "bugs", "performance"]
+# Full production scan with cost analysis
+trie scan --agents production-ready,moneybags,security --users 10000
 ```
-### What It Covers
+### What Production Ready Checks
 | Area | What's Checked |
 |------|----------------|
-| **Security Hardening** | SQL injection, XSS, auth bypass, secrets, dependencies |
-| **Scalability** | Connection pooling, stateless design, N+1 queries |
-| **Architecture** | Circular dependencies, god classes, coupling |
-| **Reliability** | Error handling, health checks, timeouts |
-| **Revenue Protection** | Payment security, data compliance, business logic |
+| **Health Endpoints** | `/health`, `/ready`, `/live` endpoints for orchestrators |
+| **Graceful Shutdown** | SIGTERM handling, connection draining |
+| **Connection Pooling** | Database pool configuration |
+| **Security Headers** | CSP, HSTS, X-Frame-Options, etc. |
+| **Rate Limiting** | API rate limiting configuration |
+| **Monitoring** | Error tracking, APM integration |
+| **Session Storage** | External session store (not in-memory) |
+| **Error Handling** | Global error handlers, no empty catch blocks |
+| **Anti-patterns** | console.log, localhost URLs, TODO comments |
 ### CI/CD Gate
@@ -984,7 +1140,7 @@ Add to your workflow:
 ```yaml
 - uses: triedotdev/trie-action@v1
   with:
-    agents: security,privacy,bugs,performance,architecture
+    agents: production-ready,security,privacy,moneybags
     fail-on: serious
     upload-sarif: true
 ```