- CLI Tool:
tools/cli/- TypeScript (Node.js based, using commander, chalk, ora) - Monitoring API:
tools/monitoring-api/- Express.js API with 6 route modules - GitHub Action:
tools/github-action/- GitHub Actions integration - Browser Extension:
tools/browser-extension/- Browser extension (archived) - WordPress Plugin:
tools/wordpress-plugin/- WordPress integration (archived) - Stale Packages:
tools/stale/- Archived code (NOT TESTED)
- Minimal FFI tests at
ffi/zig/test/integration_test.zig(Zig-based) - Fuzz testing stub at
tests/fuzz/(no files) - No Deno/TypeScript test files currently present
- CLI command parsing and validation
- GitHub Action input validation
- Monitoring API route handlers
- Badge SVG generation logic
- Server startup and health checks
- Route endpoint availability
- Database connection initialization
- All TypeScript compiles without errors
- No import resolution failures
- Type checking passes
- URL validation properties (any valid URL → valid report shape)
- Score invariants (always 0-100)
- Violation severity enumeration
- Determinism verification (same input → same violations)
- Complete scan workflow
- Badge generation end-to-end
- Statistics aggregation pipeline
- Error handling paths (invalid URLs, malformed requests)
- API response schema compliance
- Accessibility report structure validation
- API request/response contracts
- GitHub Action input/output contracts
- Database operation contracts
- SSRF prevention (blocking local IPs)
- XSS input sanitization
- Request size limits
- Error message clarity
- API request throughput
- Badge generation performance
- Statistics aggregation speed
- CLI tool execution time
- Should use Deno + Deno-compatible code
- Tests will be written in Deno (standard for hyperpolymath)
- All tests use Deno's built-in test runner and standard library
- Deno Test: Built-in test runner (
deno test) - No external test frameworks (keep Deno-native)
- Standard library asserts:
std/assert
- POST /v1/scan - Scan URL, store results
- GET /v1/scan/:scanId - Retrieve scan by ID
- POST /v1/violations - Report violation
- GET /v1/violations/common - Common violations list
- GET /v1/violations/site/:siteKey - Site violations
- PATCH /v1/violations/:violationId/fixed - Mark fixed
- GET /v1/badge/:domain - Get badge (JSON or SVG)
- GET /v1/stats - Global statistics
- GET /v1/stats/site/:siteKey - Site statistics
- GET /health - Health check
scan- Scan single URLci- CI/CD scan with thresholdsbatch- Batch scan from file--help- Usage information--version- Version string
- Input validation (url, wcag-level, fail-on-violations, etc.)
- Output generation (score, violations, passes, report-url)
- PR comment creation (if enabled)
- Job summary generation
tools/
├── cli/
│ ├── src/
│ │ └── cli.ts
│ └── tests/ [NEW]
│ └── cli_test.ts
├── monitoring-api/
│ ├── src/
│ │ └── routes/
│ └── tests/ [NEW]
│ ├── e2e/
│ │ └── api_test.ts
│ ├── property/
│ │ └── scanner_properties_test.ts
│ ├── aspect/
│ │ └── security_test.ts
│ └── benches/
│ └── api_bench.ts
└── github-action/
└── tests/ [NEW]
└── action_test.ts
✅ CRG C Grade Achieved When:
- All 7 test categories implemented (unit, smoke, build, P2P, E2E, reflexive, contract, aspect)
- All tests pass with
deno test tools/ - Benchmarks baseline established
- TEST-NEEDS.md updated with completion status
- STATE.a2ml updated with test coverage metrics
- Code commits with proper SPDX headers (PMPL-1.0-or-later)
- Mock the scanner to avoid real HTTP requests in tests
- SSRF blocking is CRITICAL for aspect tests
- No external URL scanning in test suite
- Tests should be deterministic and repeatable
- Use consistent error response format per API design