tessera-learn 0.0.10 → 0.0.13

package/dist/{validation-BxWAMMnJ.js → validation-B-xTvM9B.js}

@@ -57,6 +57,37 @@ function extractDefaultExportObjectLiteral(source) {
 	return extractObjectLiteral(source, startIndex);
 }
 /**
+* Read and JSON5-parse the `export default { ... }` literal from a project's
+* course.config.js. Shared by the build plugin and the validator so the read,
+* cache, and parse rules live in one place. The discriminated `reason` lets
+* callers that care (export, validation) emit precise errors while callers
+* that just need a value can fall back on `!ok`.
+*/
+function readCourseConfig(projectRoot) {
+	const configPath = resolve(projectRoot, "course.config.js");
+	if (!existsSync(configPath)) return {
+		ok: false,
+		reason: "missing"
+	};
+	const objectStr = extractDefaultExportObjectLiteral(readSourceFileCached(configPath));
+	if (!objectStr) return {
+		ok: false,
+		reason: "no-export"
+	};
+	try {
+		return {
+			ok: true,
+			config: JSON5.parse(objectStr)
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			reason: "parse-error",
+			error
+		};
+	}
+}
+/**
 * Read a _meta.js file and extract its default export object.
 * Uses the same JSON5 approach as pageConfig extraction — find the object literal
 * after `export default` and parse it.
@@ -100,11 +131,14 @@ function extractPageConfig(filePath) {
 	return {};
 }
 /**
-* Extract an object literal from source starting at the opening brace.
-* Tracks brace depth to find the matching closing brace.
+* Extract a balanced `{...}` or `[...]` span starting at the opening bracket,
+* skipping strings and comments. Returns the substring (inclusive) or null if
+* the open char is wrong or no matching close is found. Shared by manifest
+* extraction, _meta/pageConfig parsing, and the validator's tag-prop parser.
 */
 function extractObjectLiteral(source, startIndex) {
-	if (source[startIndex] !== "{") return null;
+	const open = source[startIndex];
+	if (open !== "{" && open !== "[") return null;
 	let depth = 0;
 	let inString = null;
 	let escaped = false;
@@ -136,8 +170,8 @@ function extractObjectLiteral(source, startIndex) {
 			i = end === -1 ? source.length : end + 1;
 			continue;
 		}
-		if (char === "{") depth++;
-		if (char === "}") {
+		if (char === "{" || char === "[") depth++;
+		if (char === "}" || char === "]") {
 			depth--;
 			if (depth === 0) return source.slice(startIndex, i + 1);
 		}
@@ -240,6 +274,10 @@ function orderPageFiles(allFiles, pagesArray) {
 * (build-time validation of static `course.config.js` actor / auth).
 * Keeping the rules in one place prevents the two callsites from drifting.
 */
+/** Join a field label with a validator suffix: `.foo` chains, others get `: `. */
+function joinFieldError(label, suffix) {
+	return suffix.startsWith(".") ? `${label}${suffix}` : `${label}: ${suffix}`;
+}
 /**
 * Validate that a candidate is an Identified Agent per xAPI 1.0.3.
 * Returns null on success or a human-readable error suffix on failure.
@@ -286,21 +324,215 @@ function validateAgent(actor) {
 	}
 	return null;
 }
+/**
+* Validate a Basic-auth credential string (the value after "Basic ").
+* v1 supports Basic only. Bearer is a hard error so OAuth users see the
+* non-goal explicitly.
+*/
+function validateAuthCredential(auth) {
+	if (typeof auth !== "string" || !auth) return "must be a non-empty string";
+	if (/^basic\s/i.test(auth)) return "must be the Basic credential value only, not the full header. Drop the 'Basic ' prefix.";
+	if (/^bearer\s/i.test(auth)) return "Bearer/OAuth credentials are not supported in v1. Use Basic auth, or wrap your token-exchange in an auth function that returns a Basic credential.";
+	return null;
+}
+//#endregion
+//#region src/runtime/interaction-format.ts
+/**
+* SCORM `short_identifier_type` / `CMIIdentifier`: alphanumerics +
+* underscore, max 250 chars. Strict validators (SCORM Cloud) reject raw
+* option labels with spaces or punctuation with error 405/406.
+*/
+function shortIdentifier(value) {
+	return value.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").slice(0, 250) || "_";
+}
+//#endregion
+//#region src/runtime/types.ts
+/**
+* Quiz enum domains as runtime tuples. The unions below derive from these, and
+* the build-time validator imports them too — so the accepted value set has a
+* single source and can't drift between the types and the validator.
+*/
+const FEEDBACK_MODES = [
+	"review",
+	"immediate",
+	"never"
+];
+const RETRY_MODES = ["full", "incorrect-only"];
+//#endregion
+//#region src/plugin/a11y/contrast.ts
+/**
+* Pure-JS WCAG contrast helpers. App.svelte's parseColor is canvas-based and
+* browser-only; this runs at build time in the linter (rule 1.7). Only opaque
+* #hex (3/4/6/8) is parsed — other CSS color forms and translucent hex return
+* null and fall through to the Tier-2 axe audit, which uses the browser's own
+* parser.
+*/
+function parseHex(input) {
+	const v = input.trim();
+	const m = /^#([0-9a-fA-F]{3,8})$/.exec(v);
+	if (!m) return null;
+	const h = m[1];
+	let r, g, b, a = 255;
+	if (h.length === 3 || h.length === 4) {
+		r = parseInt(h[0] + h[0], 16);
+		g = parseInt(h[1] + h[1], 16);
+		b = parseInt(h[2] + h[2], 16);
+		if (h.length === 4) a = parseInt(h[3] + h[3], 16);
+	} else if (h.length === 6 || h.length === 8) {
+		r = parseInt(h.slice(0, 2), 16);
+		g = parseInt(h.slice(2, 4), 16);
+		b = parseInt(h.slice(4, 6), 16);
+		if (h.length === 8) a = parseInt(h.slice(6, 8), 16);
+	} else return null;
+	return {
+		r,
+		g,
+		b,
+		a
+	};
+}
+function linearize(channel) {
+	const c = channel / 255;
+	return c <= .03928 ? c / 12.92 : Math.pow((c + .055) / 1.055, 2.4);
+}
+/** sRGB hex → relative luminance (0–1), or null if not a parseable opaque hex. */
+function relativeLuminance(hex) {
+	const rgb = parseHex(hex);
+	if (!rgb) return null;
+	if (rgb.a !== 255) return null;
+	return .2126 * linearize(rgb.r) + .7152 * linearize(rgb.g) + .0722 * linearize(rgb.b);
+}
+/**
+* WCAG contrast ratio between two colors. Order-independent — the lighter/darker
+* ordering is handled internally, so callers may pass the colors in any order.
+* Returns null if either color isn't a parseable hex.
+*/
+function contrastRatio(a, b) {
+	const la = relativeLuminance(a);
+	const lb = relativeLuminance(b);
+	if (la === null || lb === null) return null;
+	const lighter = Math.max(la, lb);
+	const darker = Math.min(la, lb);
+	return (lighter + .05) / (darker + .05);
+}
+//#endregion
+//#region src/components/video-embed.ts
+/**
+* Shared YouTube/Vimeo embed detection. Used by Video.svelte to pick the iframe
+* vs native-<video> render path, and by the Tier-1b linter (rule 1.4) so its
+* caption/transcript guidance matches what the component actually renders.
+*/
+const YOUTUBE_RE = /(?:youtube\.com\/(?:watch\?v=|embed\/)|youtu\.be\/)([a-zA-Z0-9_-]{11})/;
+const VIMEO_RE = /vimeo\.com\/(?:video\/)?(\d+)/;
+/** Resolve a source URL to its embed URL, or null if it's not a known embed. */
+function resolveVideoEmbedUrl(src) {
+	const yt = src.match(YOUTUBE_RE);
+	if (yt) return `https://www.youtube.com/embed/${yt[1]}`;
+	const vimeo = src.match(VIMEO_RE);
+	if (vimeo) return `https://player.vimeo.com/video/${vimeo[1]}`;
+	return null;
+}
+/** True when the component will render an iframe embed rather than <video>. */
+function isVideoEmbed(src) {
+	return resolveVideoEmbedUrl(src) !== null;
+}
 //#endregion
 //#region src/plugin/validation.ts
+/** Tier-1b rule IDs. `a11y.ignore` matches these literally. */
+const A11Y_IDS = {
+	imageAlt: "tessera/image-alt",
+	mediaTitle: "tessera/media-title",
+	mediaTranscript: "tessera/media-transcript",
+	mediaCaptions: "tessera/media-captions",
+	questionLabel: "tessera/question-label",
+	headingOrder: "tessera/heading-order",
+	primaryContrast: "tessera/primary-contrast",
+	lang: "tessera/lang"
+};
+/** Promotable by `a11y.level: 'error'`; the rest are hard contract errors. */
+const PROMOTABLE_A11Y_IDS = new Set([
+	A11Y_IDS.mediaTranscript,
+	A11Y_IDS.mediaCaptions,
+	A11Y_IDS.questionLabel,
+	A11Y_IDS.headingOrder,
+	A11Y_IDS.primaryContrast,
+	A11Y_IDS.lang
+]);
+/** Prefix a diagnostic with its rule ID so `a11y.ignore` / `level` can match it. */
+function tag(id, message) {
+	return `[${id}] ${message}`;
+}
+function diagnosticId(message) {
+	const m = /^\[([^\]]+)\] /.exec(message);
+	return m ? m[1] : null;
+}
+/** True when a tagged diagnostic's rule ID is in the ignore set. */
+function isIgnored(message, ignore) {
+	const id = diagnosticId(message);
+	return id !== null && ignore.has(id);
+}
+const VALID_A11Y_LEVELS = ["warn", "error"];
+const VALID_A11Y_STANDARDS = [
+	"wcag2a",
+	"wcag2aa",
+	"wcag21aa"
+];
+/** Normalize the raw `a11y` config to defaults, ignoring malformed pieces. */
+function normalizeA11y(raw) {
+	const a11y = raw && typeof raw === "object" ? raw : {};
+	return {
+		level: a11y.level === "error" ? "error" : "warn",
+		standard: VALID_A11Y_STANDARDS.includes(a11y.standard) ? a11y.standard : "wcag2aa",
+		ignore: Array.isArray(a11y.ignore) ? a11y.ignore.filter((x) => typeof x === "string") : []
+	};
+}
+/**
+* Apply `a11y.ignore` (drop tagged diagnostics) and `a11y.level` (promote the
+* promotable a11y warnings to errors) to a result in place. `ignore` suppresses
+* at any severity, including hard contract errors; `level` only re-rates.
+*/
+function applyA11ySettings(result, settings) {
+	if (settings.ignore.length > 0) {
+		const ignored = new Set(settings.ignore);
+		const keep = (msg) => !isIgnored(msg, ignored);
+		result.errors = result.errors.filter(keep);
+		result.warnings = result.warnings.filter(keep);
+	}
+	if (settings.level === "error") {
+		const remaining = [];
+		for (const msg of result.warnings) {
+			const id = diagnosticId(msg);
+			if (id !== null && PROMOTABLE_A11Y_IDS.has(id)) result.errors.push(msg);
+			else remaining.push(msg);
+		}
+		result.warnings = remaining;
+	}
+}
+/** Print validation warnings (yellow) then errors (red). Shared by the dev/build plugin and the CLI. */
+function reportValidationIssues({ errors, warnings }) {
+	for (const warning of warnings) console.warn(`\x1b[33m[tessera warning]\x1b[0m ${warning}`);
+	for (const error of errors) console.error(`\x1b[31m[tessera error]\x1b[0m ${error}`);
+}
 const KNOWN_CONFIG_FIELDS = new Set([
 	"title",
 	"description",
 	"author",
 	"version",
+	"language",
 	"branding",
 	"navigation",
 	"completion",
 	"scoring",
 	"export",
 	"chrome",
-	"xapi"
+	"xapi",
+	"a11y"
 ]);
+const BCP47_RE = /^[A-Za-z]{2,3}(-[A-Za-z0-9]{1,8})*$/;
+/** Plausible BCP-47 tag? Shared by the linter and the <html lang> emitter. */
+function isPlausibleLanguageTag(value) {
+	return typeof value === "string" && BCP47_RE.test(value);
+}
 const VALID_NAV_MODES = ["free", "sequential"];
 const VALID_COMPLETION_MODES = [
 	"quiz",
@@ -315,6 +547,8 @@ const VALID_EXPORT_STANDARDS = [
 ];
 const VALID_MANUAL_TRIGGERS = ["page"];
 const VALID_REQUIRE_SUCCESS_STATUS = ["passed", "failed"];
+const VALID_FEEDBACK_MODES = FEEDBACK_MODES;
+const VALID_RETRY_MODES = RETRY_MODES;
 /**
 * Validate a Tessera project at the given root.
 * Returns errors (block build) and warnings (informational).
@@ -322,16 +556,15 @@ const VALID_REQUIRE_SUCCESS_STATUS = ["passed", "failed"];
 function validateProject(projectRoot) {
 	const errors = [];
 	const warnings = [];
-	const configPath = resolve(projectRoot, "course.config.js");
-	if (!existsSync(configPath)) {
+	if (!existsSync(resolve(projectRoot, "course.config.js"))) {
 		errors.push("course.config.js not found in project root");
 		return {
 			errors,
 			warnings
 		};
 	}
-	const config = parseConfig(configPath, errors, warnings);
-	const pageResults = validatePages(resolve(projectRoot, "pages"), resolve(projectRoot, "assets"), projectRoot);
+	const config = parseConfig(projectRoot, errors, warnings);
+	const pageResults = validatePages(resolve(projectRoot, "pages"), resolve(projectRoot, "assets"), projectRoot, config?.export?.standard);
 	errors.push(...pageResults.errors);
 	warnings.push(...pageResults.warnings);
 	for (const shellFile of ["layout.svelte", "quiz.svelte"]) {
@@ -339,25 +572,29 @@ function validateProject(projectRoot) {
 		if (existsSync(shellPath)) validateContractBypass(readSourceFileCached(shellPath), shellFile, errors);
 	}
 	if (config) crossValidate(config, pageResults, errors, warnings);
-	return {
+	const result = {
 		errors,
 		warnings
 	};
+	applyA11ySettings(result, normalizeA11y(config?.a11y));
+	return result;
 }
-function parseConfig(configPath, errors, warnings) {
-	const objectStr = extractDefaultExportObjectLiteral(readSourceFileCached(configPath));
-	if (!objectStr) {
-		errors.push("course.config.js: could not parse — must use `export default { ... }` syntax");
-		return null;
-	}
-	let config;
-	try {
-		config = JSON5.parse(objectStr);
-	} catch {
-		errors.push("course.config.js: syntax error — must export a static object literal");
+function parseConfig(projectRoot, errors, warnings) {
+	const read = readCourseConfig(projectRoot);
+	if (!read.ok) {
+		if (read.reason === "no-export") errors.push("course.config.js: could not parse — must use `export default { ... }` syntax");
+		else if (read.reason === "parse-error") errors.push("course.config.js: syntax error — must export a static object literal");
 		return null;
 	}
+	const config = read.config;
 	for (const key of Object.keys(config)) if (!KNOWN_CONFIG_FIELDS.has(key)) warnings.push(`course.config.js: unknown field "${key}" — will be ignored`);
+	if (config.title !== void 0 && typeof config.title !== "string") errors.push(`course.config.js: "title" must be a string, got ${typeof config.title}`);
+	else if (config.title === void 0 || config.title === "") warnings.push("course.config.js: \"title\" is missing or empty — the course will ship as \"Untitled Course\"");
+	else if (config.title.trim() === "") warnings.push("course.config.js: \"title\" is only whitespace — it ships verbatim and will not fall back to \"Untitled Course\"");
+	if (config.branding !== void 0) validateBranding(config.branding, warnings);
+	if (config.language === void 0) warnings.push(tag(A11Y_IDS.lang, `course.config.js: "language" is not set — defaulting <html lang> to "en". Set it to the course's language (BCP-47, e.g. "en", "fr-CA") for WCAG 3.1.1.`));
+	else if (!isPlausibleLanguageTag(config.language)) warnings.push(tag(A11Y_IDS.lang, `course.config.js: "language" (${JSON.stringify(config.language)}) is not a plausible BCP-47 tag — use e.g. "en", "es", or "fr-CA"`));
+	if (config.a11y !== void 0) validateA11yConfig(config.a11y, errors);
 	if (config.navigation?.mode !== void 0) {
 		if (!VALID_NAV_MODES.includes(config.navigation.mode)) errors.push(`course.config.js: "navigation.mode" must be "free" or "sequential", got "${config.navigation.mode}"`);
 	}
@@ -386,6 +623,52 @@ function parseConfig(configPath, errors, warnings) {
 	if (config.xapi !== void 0) validateXAPIConfig(config.xapi, config.export?.standard ?? "web", errors, warnings);
 	return config;
 }
+const HEX_COLOR_RE = /^#(?:[0-9a-fA-F]{3,4}|[0-9a-fA-F]{6}|[0-9a-fA-F]{8})$/;
+const FUNC_COLOR_RE = /^(?:rgb|rgba|hsl|hsla|hwb|lab|lch|oklab|oklch|color)\(.*\)$/i;
+const NAMED_COLOR_RE = /^[a-zA-Z]+$/;
+function isPlausibleColor(value) {
+	const v = value.trim();
+	return HEX_COLOR_RE.test(v) || FUNC_COLOR_RE.test(v) || NAMED_COLOR_RE.test(v);
+}
+/**
+* Format checks on the branding block (advisory) plus rule 1.7's contrast check
+* on primaryColor. Runtime failures are mild: an unresolved logo ships a broken
+* <img src>, an unparseable color falls back to theme defaults.
+*/
+function validateBranding(raw, warnings) {
+	if (raw === null || typeof raw !== "object" || Array.isArray(raw)) {
+		warnings.push(`course.config.js: "branding" must be an object, got ${raw === null ? "null" : Array.isArray(raw) ? "array" : typeof raw} — will be ignored`);
+		return;
+	}
+	const branding = raw;
+	const logo = branding.logo;
+	if (logo !== void 0) {
+		if (typeof logo !== "string") warnings.push(`course.config.js: "branding.logo" must be a string, got ${typeof logo}`);
+		else if (logo.startsWith("$assets/")) warnings.push("course.config.js: \"branding.logo\" starts with \"$assets/\", but branding paths are not asset-resolved — it will ship as a literal, broken src. Use a URL or a path relative to the deployed root.");
+	}
+	const primaryColor = branding.primaryColor;
+	if (primaryColor !== void 0) if (typeof primaryColor !== "string") warnings.push(`course.config.js: "branding.primaryColor" must be a string, got ${typeof primaryColor}`);
+	else if (!isPlausibleColor(primaryColor)) warnings.push(`course.config.js: "branding.primaryColor" "${primaryColor}" does not look like a valid CSS color — the theme will fall back to its default shades if the browser can't parse it`);
+	else {
+		const ratio = contrastRatio(primaryColor, "#ffffff");
+		if (ratio !== null && ratio < 4.5) warnings.push(tag(A11Y_IDS.primaryContrast, `course.config.js: branding.primaryColor (${primaryColor}) is ${ratio.toFixed(2)}:1 against white — it's used both for links on the page background and as a button fill behind white text, and WCAG AA needs 4.5:1 for each`));
+	}
+	const fontFamily = branding.fontFamily;
+	if (fontFamily !== void 0 && typeof fontFamily !== "string") warnings.push(`course.config.js: "branding.fontFamily" must be a string, got ${typeof fontFamily}`);
+}
+/** Shape-check the `a11y` block. Malformed values can't be silenced by `ignore`. */
+function validateA11yConfig(raw, errors) {
+	if (raw === null || typeof raw !== "object" || Array.isArray(raw)) {
+		errors.push(`course.config.js: "a11y" must be an object, got ${raw === null ? "null" : Array.isArray(raw) ? "array" : typeof raw}`);
+		return;
+	}
+	const a11y = raw;
+	if (a11y.level !== void 0 && !VALID_A11Y_LEVELS.includes(a11y.level)) errors.push(`course.config.js: "a11y.level" must be "warn" or "error", got ${JSON.stringify(a11y.level)}`);
+	if (a11y.standard !== void 0 && !VALID_A11Y_STANDARDS.includes(a11y.standard)) errors.push(`course.config.js: "a11y.standard" must be "wcag2a", "wcag2aa", or "wcag21aa", got ${JSON.stringify(a11y.standard)}`);
+	if (a11y.ignore !== void 0) {
+		if (!Array.isArray(a11y.ignore) || a11y.ignore.some((x) => typeof x !== "string")) errors.push(`course.config.js: "a11y.ignore" must be an array of rule-ID strings`);
+	}
+}
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
 function validateXAPIConfig(raw, standard, errors, warnings) {
 	if (raw === void 0 || raw === null) return;
@@ -452,11 +735,11 @@ function validateSingleXAPIEntry(entry, label, standard, errors, warnings) {
 	if (!endpoint.endsWith("/")) warnings.push(`course.config.js: ${label}.endpoint should end with a slash to avoid concatenation surprises (e.g. 'https://lrs.example.com/xapi/' not 'https://lrs.example.com/xapi'). Runtime normalizes regardless.`);
 	const auth = entry.auth;
 	if (auth === void 0) errors.push(`course.config.js: ${label}.auth is required`);
-	else if (typeof auth === "string") if (!auth) errors.push(`course.config.js: ${label}.auth must be a non-empty string`);
-	else if (/^basic\s/i.test(auth)) errors.push(`course.config.js: ${label}.auth must be the Basic credential value only, not the full header. Drop the 'Basic ' prefix.`);
-	else if (/^bearer\s/i.test(auth)) errors.push(`course.config.js: ${label}.auth: Bearer/OAuth credentials are not supported in v1. Use Basic auth, or wrap your token-exchange in an auth function that returns a Basic credential.`);
-	else warnings.push(`course.config.js: ${label}.auth is a static string and will be embedded in the bundle. For production, pass a function that fetches a short-lived token from a server endpoint.`);
-	else if (typeof auth !== "function") errors.push(`course.config.js: ${label}.auth must be a string or a function, got ${typeof auth}`);
+	else if (typeof auth === "string") {
+		const authErr = validateAuthCredential(auth);
+		if (authErr) errors.push(`course.config.js: ${joinFieldError(`${label}.auth`, authErr)}`);
+		else warnings.push(`course.config.js: ${label}.auth is a static string and will be embedded in the bundle. For production, pass a function that fetches a short-lived token from a server endpoint.`);
+	} else if (typeof auth !== "function") errors.push(`course.config.js: ${label}.auth must be a string or a function, got ${typeof auth}`);
 	const activityId = entry.activityId;
 	if (activityId === void 0 || activityId === "") errors.push(`course.config.js: ${label}.activityId is required`);
 	else if (typeof activityId !== "string") errors.push(`course.config.js: ${label}.activityId must be a string`);
@@ -470,10 +753,7 @@ function validateSingleXAPIEntry(entry, label, standard, errors, warnings) {
 		if (standard === "web") errors.push(`course.config.js: ${label}.actor is required for web export — there is no LMS to derive a learner identity from. Provide either a static actor object or a function that resolves one (e.g. from your auth system).`);
 	} else if (typeof actor === "object" && actor !== null) {
 		const err = validateAgent(actor);
-		if (err) {
-			const joined = err.startsWith(".") ? `${label}.actor${err}` : `${label}.actor ${err}`;
-			errors.push(`course.config.js: ${joined}`);
-		}
+		if (err) errors.push(`course.config.js: ${joinFieldError(`${label}.actor`, err)}`);
 	} else if (typeof actor !== "function") errors.push(`course.config.js: ${label}.actor must be an object or function, got ${typeof actor}`);
 	const aahp = entry.actorAccountHomePage;
 	if (aahp !== void 0) {
@@ -487,7 +767,7 @@ function validateSingleXAPIEntry(entry, label, standard, errors, warnings) {
 		if (standard === "cmi5" || standard === "web") warnings.push(`course.config.js: ${label}.actorAccountHomePage is only used under scorm12/scorm2004 actor synthesis; ignored under "${standard}".`);
 	}
 	if (actor === void 0 && (standard === "scorm12" || standard === "scorm2004") && typeof activityId === "string") {
-		let isHttp = false;
+		let isHttp;
 		try {
 			const u = new URL(activityId);
 			isHttp = u.protocol === "http:" || u.protocol === "https:";
@@ -507,7 +787,7 @@ function validateSingleXAPIEntry(entry, label, standard, errors, warnings) {
 * lesson-level pages — the validation is identical, only the containing
 * directory differs.
 */
-function validatePageFile(filePath, projectRoot, assetsDir, navIndex, errors, warnings, assetExistsCache) {
+function validatePageFile(filePath, projectRoot, assetsDir, navIndex, errors, warnings, assetExistsCache, exportStandard) {
 	const fileRel = relative(projectRoot, filePath);
 	const content = readSourceFileCached(filePath);
 	const pageConfig = validatePageConfig(content, fileRel, errors);
@@ -519,7 +799,9 @@ function validatePageFile(filePath, projectRoot, assetsDir, navIndex, errors, wa
 	}
 	const completesOnView = validateCompletesOn(pageConfig, fileRel, errors);
 	validateAssetRefs(content, fileRel, assetsDir, warnings, assetExistsCache);
-	validateQuestionComponents(content, fileRel, errors);
+	validateQuestionComponents(content, fileRel, errors, warnings, exportStandard);
+	validateMediaComponents(content, fileRel, errors, warnings);
+	validateHeadingOrder(content, fileRel, warnings);
 	validateContractBypass(content, fileRel, errors);
 	if (pageConfig?.quiz && !HAS_USE_QUESTION_RE.test(content) && !HAS_QUESTION_TAG_RE.test(content) && !HAS_LOCAL_SVELTE_IMPORT_RE.test(content)) warnings.push(`${fileRel}: quiz page has no question components or useQuestion() calls — the quiz will have nothing to score`);
 	return {
@@ -534,7 +816,7 @@ function validatePageFile(filePath, projectRoot, assetsDir, navIndex, errors, wa
 		isGradedQuiz
 	};
 }
-function validatePages(pagesDir, assetsDir, projectRoot) {
+function validatePages(pagesDir, assetsDir, projectRoot, exportStandard) {
 	const errors = [];
 	const warnings = [];
 	const pages = [];
@@ -578,6 +860,7 @@ function validatePages(pagesDir, assetsDir, projectRoot) {
 	for (const sectionName of sectionDirs) {
 		const sectionPath = resolve(pagesDir, sectionName);
 		const sectionRel = relative(projectRoot, sectionPath);
+		const pagesBeforeSection = totalPages;
 		const sectionMeta = validateMetaFile(resolve(sectionPath, "_meta.js"), sectionRel, errors);
 		const sectionEntries = readdirSync(sectionPath);
 		const sectionSvelteFiles = sectionEntries.filter((name) => {
@@ -592,7 +875,7 @@ function validatePages(pagesDir, assetsDir, projectRoot) {
 			}
 		}
 		for (const fileName of sectionSvelteFiles) {
-			const result = validatePageFile(resolve(sectionPath, fileName), projectRoot, assetsDir, totalPages, errors, warnings, assetExistsCache);
+			const result = validatePageFile(resolve(sectionPath, fileName), projectRoot, assetsDir, totalPages, errors, warnings, assetExistsCache, exportStandard);
 			totalPages++;
 			if (result.isQuiz) totalQuizzes++;
 			if (result.isGradedQuiz) hasGradedQuiz = true;
@@ -621,13 +904,14 @@ function validatePages(pagesDir, assetsDir, projectRoot) {
 				}
 			}
 			for (const fileName of svelteFiles) {
-				const result = validatePageFile(resolve(lessonPath, fileName), projectRoot, assetsDir, totalPages, errors, warnings, assetExistsCache);
+				const result = validatePageFile(resolve(lessonPath, fileName), projectRoot, assetsDir, totalPages, errors, warnings, assetExistsCache, exportStandard);
 				totalPages++;
 				if (result.isQuiz) totalQuizzes++;
 				if (result.isGradedQuiz) hasGradedQuiz = true;
 				pages.push(result.page);
 			}
 		}
+		if (totalPages === pagesBeforeSection) warnings.push(`${sectionRel}: section contributed no pages and will be empty`);
 	}
 	if (totalPages === 0) errors.push("No pages found. Create at least one section with a lesson and page in pages/");
 	return {
@@ -677,6 +961,8 @@ function validateQuizConfig(quiz, fileRel, errors) {
 		if (val !== Infinity && (typeof val !== "number" || val <= 0 || !Number.isFinite(val))) errors.push(`${fileRel}: quiz.maxAttempts must be a positive number or Infinity, got ${String(val)}`);
 	}
 	for (const field of ["graded", "gatesProgress"]) if (cfg[field] !== void 0 && typeof cfg[field] !== "boolean") errors.push(`${fileRel}: quiz.${field} must be a boolean, got ${typeof cfg[field]}`);
+	if (cfg.feedbackMode !== void 0 && !VALID_FEEDBACK_MODES.includes(cfg.feedbackMode)) errors.push(`${fileRel}: quiz.feedbackMode must be "review", "immediate", or "never", got "${String(cfg.feedbackMode)}"`);
+	if (cfg.retryMode !== void 0 && !VALID_RETRY_MODES.includes(cfg.retryMode)) errors.push(`${fileRel}: quiz.retryMode must be "full" or "incorrect-only", got "${String(cfg.retryMode)}"`);
 }
 const QUESTION_COMPONENT_REQUIRED = {
 	MultipleChoice: [
@@ -693,39 +979,6 @@ const QUESTION_COMPONENT_REQUIRED = {
 		"correct"
 	]
 };
-/** Extract a balanced {...} or [...] span starting at startIndex, or null. */
-function extractBalanced(source, startIndex) {
-	const open = source[startIndex];
-	if (open !== "{" && open !== "[") return null;
-	let depth = 0;
-	let inString = null;
-	let escaped = false;
-	for (let i = startIndex; i < source.length; i++) {
-		const char = source[i];
-		if (escaped) {
-			escaped = false;
-			continue;
-		}
-		if (char === "\\" && inString) {
-			escaped = true;
-			continue;
-		}
-		if (inString) {
-			if (char === inString) inString = null;
-			continue;
-		}
-		if (char === "\"" || char === "'" || char === "`") {
-			inString = char;
-			continue;
-		}
-		if (char === "{" || char === "[") depth++;
-		if (char === "}" || char === "]") {
-			depth--;
-			if (depth === 0) return source.slice(startIndex, i + 1);
-		}
-	}
-	return null;
-}
 /**
 * Parse the props of an opening tag starting just after the component name.
 * Returns null if the tag can't be parsed cleanly — callers then skip it
@@ -733,16 +986,24 @@ function extractBalanced(source, startIndex) {
 */
 function parseTagProps(content, start) {
 	const props = /* @__PURE__ */ new Map();
+	let hasSpread = false;
 	let i = start;
 	while (i < content.length) {
 		while (i < content.length && /\s/.test(content[i])) i++;
 		if (i >= content.length) return null;
 		const c = content[i];
-		if (c === ">") return props;
-		if (c === "/" && content[i + 1] === ">") return props;
+		if (c === ">") return {
+			props,
+			hasSpread
+		};
+		if (c === "/" && content[i + 1] === ">") return {
+			props,
+			hasSpread
+		};
 		if (c === "{") {
-			const block = extractBalanced(content, i);
+			const block = extractObjectLiteral(content, i);
 			if (!block) return null;
+			hasSpread = true;
 			i += block.length;
 			continue;
 		}
@@ -767,7 +1028,7 @@ function parseTagProps(content, start) {
 			});
 			i = end + 1;
 		} else if (v === "{") {
-			const block = extractBalanced(content, i);
+			const block = extractObjectLiteral(content, i);
 			if (!block) return null;
 			props.set(propName, {
 				kind: "expr",
@@ -796,27 +1057,47 @@ function staticNumber(prop) {
 		return null;
 	}
 }
-function validateQuestionComponents(content, fileRel, errors) {
+function validateQuestionComponents(content, fileRel, errors, warnings, exportStandard) {
 	const names = Object.keys(QUESTION_COMPONENT_REQUIRED).join("|");
 	const tagStartRe = new RegExp(`<(${names})(?=[\\s/>])`, "g");
 	const seenIds = /* @__PURE__ */ new Set();
+	const seenSanitized = /* @__PURE__ */ new Set();
 	let m;
 	while ((m = tagStartRe.exec(content)) !== null) {
 		const name = m[1];
-		const props = parseTagProps(content, m.index + m[0].length);
-		if (!props) continue;
-		for (const req of QUESTION_COMPONENT_REQUIRED[name]) if (!props.has(req)) errors.push(`${fileRel}: <${name}> is missing required prop "${req}"`);
+		const parsed = parseTagProps(content, m.index + m[0].length);
+		if (!parsed) continue;
+		const { props, hasSpread } = parsed;
+		for (const req of QUESTION_COMPONENT_REQUIRED[name]) if (!hasSpread && !props.has(req)) errors.push(`${fileRel}: <${name}> is missing required prop "${req}"`);
+		for (const labelProp of ["options", "answers"]) if (staticArray(props.get(labelProp))?.some((e) => typeof e === "string" && e.trim() === "")) warnings.push(tag(A11Y_IDS.questionLabel, `${fileRel}: <${name}> has an empty ${labelProp === "options" ? "option" : "answer"} label`));
 		const idProp = props.get("id");
 		if (idProp?.kind === "string") {
 			if (seenIds.has(idProp.value)) errors.push(`${fileRel}: duplicate question id "${idProp.value}" — each question on a page needs a unique id`);
+			else if (exportStandard === "scorm12") {
+				const sane = shortIdentifier(idProp.value);
+				if (sane !== idProp.value) warnings.push(`${fileRel}: question id "${idProp.value}" will be rewritten to "${sane}" for SCORM 1.2 — use only letters and digits (underscores only between them)`);
+				if (seenSanitized.has(sane)) errors.push(`${fileRel}: question id "${idProp.value}" collides with a prior id after SCORM 1.2 sanitization ("${sane}")`);
+				seenSanitized.add(sane);
+			}
 			seenIds.add(idProp.value);
 		}
+		const weightProp = props.get("weight");
+		if (weightProp?.kind === "string") warnings.push(`${fileRel}: <${name}> weight="${weightProp.value}" is a string and is ignored (treated as 1) — pass a number: weight={${weightProp.value}}`);
+		else {
+			const weight = staticNumber(weightProp);
+			if (weight !== null) {
+				if (!Number.isFinite(weight)) errors.push(`${fileRel}: <${name}> weight must be finite — a non-finite weight makes the weighted score NaN, got ${weight}`);
+				else if (!(weight > 0)) warnings.push(`${fileRel}: <${name}> weight ${weight} is not positive and is ignored (treated as 1)`);
+			}
+		}
 		if (name === "MultipleChoice") {
 			const options = staticArray(props.get("options"));
 			const correct = staticNumber(props.get("correct"));
 			if (options && correct !== null) {
 				if (!Number.isInteger(correct) || correct < 0 || correct >= options.length) errors.push(`${fileRel}: <MultipleChoice> correct={${correct}} is out of range for ${options.length} options (valid: 0–${options.length - 1})`);
 			}
+			const optionFeedback = staticArray(props.get("optionFeedback"));
+			if (options && optionFeedback && optionFeedback.length > options.length) warnings.push(`${fileRel}: <MultipleChoice> optionFeedback has ${optionFeedback.length} entries but only ${options.length} options — the extra entries can never be shown`);
 		} else if (name === "Sorting") {
 			const items = staticArray(props.get("items"));
 			const targets = staticArray(props.get("targets"));
@@ -842,6 +1123,60 @@ function validateQuestionComponents(content, fileRel, errors) {
 		}
 	}
 }
+/** Remove HTML/Svelte comments so commented-out markup isn't scanned as live. */
+const HTML_COMMENT_RE = /<!--[\s\S]*?-->/g;
+/**
+* Sibling to validateQuestionComponents kept out of QUESTION_COMPONENT_REQUIRED
+* so media isn't treated as gradable questions. Declares `warnings` directly.
+* Non-static (kind 'expr') values are skipped, matching the rest of the linter.
+*/
+function validateMediaComponents(content, fileRel, errors, warnings) {
+	const scan = content.replace(HTML_COMMENT_RE, "");
+	const tagStartRe = /<(Image|Video|Audio)(?=[\s/>])/g;
+	let m;
+	while ((m = tagStartRe.exec(scan)) !== null) {
+		const name = m[1];
+		const parsed = parseTagProps(scan, m.index + m[0].length);
+		if (!parsed) continue;
+		const { props, hasSpread } = parsed;
+		if (name === "Image") {
+			const alt = props.get("alt");
+			const decorative = props.get("decorative");
+			if (decorative?.kind === "string") {
+				errors.push(tag(A11Y_IDS.imageAlt, `${fileRel}: <Image> "decorative" must be a boolean — use decorative or decorative={true}, not the string ${JSON.stringify(decorative.value)}`));
+				continue;
+			}
+			const hasDecorative = decorative?.kind === "bool" || decorative?.kind === "expr" && decorative.raw.trim() === "true";
+			const altIsEmpty = alt?.kind === "string" && alt.value.trim() === "";
+			if (!hasDecorative && !hasSpread && (alt === void 0 || altIsEmpty)) errors.push(tag(A11Y_IDS.imageAlt, `${fileRel}: <Image> needs alt text, or mark it decorative={true} if purely ornamental`));
+			if (hasDecorative && alt?.kind === "string" && alt.value.trim() !== "") warnings.push(tag(A11Y_IDS.imageAlt, `${fileRel}: <Image> is decorative but also has alt text — the alt will be dropped`));
+			continue;
+		}
+		const title = props.get("title");
+		const titleIsEmpty = title?.kind === "string" && title.value.trim() === "";
+		if (!hasSpread && (title === void 0 || titleIsEmpty)) errors.push(tag(A11Y_IDS.mediaTitle, `${fileRel}: <${name}> needs a title — it's the accessible name for the player`));
+		const src = props.get("src");
+		const isEmbed = src?.kind === "string" && isVideoEmbed(src.value);
+		if (name === "Video" && !hasSpread && isEmbed && props.get("transcript") === void 0) warnings.push(tag(A11Y_IDS.mediaTranscript, `${fileRel}: <Video> embeds can't carry caption tracks — provide a transcript for WCAG 1.2`));
+		if (name === "Video" && !hasSpread && src?.kind === "string" && !isEmbed && props.get("tracks") === void 0 && props.get("transcript") === void 0) warnings.push(tag(A11Y_IDS.mediaCaptions, `${fileRel}: native <Video> has no caption tracks or transcript — add tracks={[…]} or a transcript for WCAG 1.2.2`));
+		if (name === "Audio" && !hasSpread && props.get("transcript") === void 0) warnings.push(tag(A11Y_IDS.mediaTranscript, `${fileRel}: <Audio> has no transcript — required for WCAG 1.2.1`));
+	}
+}
+/**
+* Warn on a skipped heading level (e.g. h2 → h4). Scripts, styles, and comments
+* are stripped first so string literals, CSS, and commented-out markup can't be
+* miscounted. No "one h1 per page" check — the layout owns the page h1 and child
+* components emit headings a static scan can't see; that belongs to the Tier-2
+* audit.
+*/
+function validateHeadingOrder(content, fileRel, warnings) {
+	const levels = [...content.replace(/<(script|style)\b[\s\S]*?<\/\1>/gi, "").replace(HTML_COMMENT_RE, "").matchAll(/<h([1-6])\b/gi)].map((h) => Number(h[1]));
+	let prevSeen = null;
+	for (const level of levels) {
+		if (prevSeen !== null && level - prevSeen > 1) warnings.push(tag(A11Y_IDS.headingOrder, `${fileRel}: heading level jumps from h${prevSeen} to h${level} — don't skip levels (WCAG 1.3.1)`));
+		prevSeen = level;
+	}
+}
 const QUIZ_COMPLETE_DISPATCH_RE = /(?:new\s+CustomEvent\s*\(\s*['"]tessera-quiz-complete['"]|dispatchEvent\s*\([\s\S]{0,120}tessera-quiz-complete)/;
 const RUNTIME_INTERNAL_IMPORT_RE = /from\s+['"]tessera-learn\/runtime\//;
 const HAS_USE_QUESTION_RE = /\buseQuestion\s*\(/;
@@ -862,7 +1197,7 @@ function collectAssetRefs(content) {
 	const seen = /* @__PURE__ */ new Set();
 	let match;
 	ASSET_REF_RE.lastIndex = 0;
-	while ((match = ASSET_REF_RE.exec(content)) !== null) seen.add(match[1]);
+	while ((match = ASSET_REF_RE.exec(content)) !== null) seen.add(match[1].replace(/[?#].*$/, ""));
 	return [...seen];
 }
 function validateAssetRefs(content, fileRel, assetsDir, warnings, existsCache) {
@@ -878,6 +1213,7 @@ function validateAssetRefs(content, fileRel, assetsDir, warnings, existsCache) {
 }
 function crossValidate(config, pageResults, errors, warnings) {
 	if (config.completion?.mode === "quiz" && !pageResults.hasGradedQuiz) errors.push("completion.mode is \"quiz\" but no pages have quiz config with graded: true");
+	if (config.completion?.mode === "quiz" && config.scoring?.passingScore === void 0) warnings.push("completion.mode is \"quiz\" but scoring.passingScore is not set — defaulting to 70%. Set it explicitly to be sure.");
 	const isManual = config.completion?.mode === "manual";
 	const completesOnPages = pageResults.pages.filter((p) => p.completesOnView);
 	if (isManual && config.completion?.trigger === "page" && completesOnPages.length === 0) errors.push("completion.mode is \"manual\" with trigger: \"page\", but no page declares pageConfig.completesOn: \"view\". Either add a completesOn page or remove the trigger field to drop the static check.");
@@ -903,6 +1239,6 @@ function crossValidate(config, pageResults, errors, warnings) {
 	}
 }
 //#endregion
-export { extractDefaultExportObjectLiteral as n, generateManifest as r, validateProject as t };
+export { validateProject as a, reportValidationIssues as i, isPlausibleLanguageTag as n, generateManifest as o, normalizeA11y as r, readCourseConfig as s, isIgnored as t };
 
-//# sourceMappingURL=validation-BxWAMMnJ.js.map
+//# sourceMappingURL=validation-B-xTvM9B.js.map