Skip to content

AXE-3625: Add defaultCategory to Phase 2 bulk-review rules#244

Open
rajathmr2000 wants to merge 2 commits into
mainfrom
feat/AXE-3625-phase-2-bulk-review
Open

AXE-3625: Add defaultCategory to Phase 2 bulk-review rules#244
rajathmr2000 wants to merge 2 commits into
mainfrom
feat/AXE-3625-phase-2-bulk-review

Conversation

@rajathmr2000

Copy link
Copy Markdown
Collaborator

Wire seven axe-core rules to their Phase 2 bulk-review categories via metadata.defaultCategory (reference data only; no rule logic change):

aria-hidden-focus -> aria-hidden
aria-valid-attr-value -> aria-attributes
bypass -> bypass-blocks
css-orientation-lock -> orientation
duplicate-id-aria -> duplicate-ids
identical-links-same-purpose -> link-consistency
video-caption -> media-captions

<< Describe the changes >>

Closes:

Wire seven axe-core rules to their Phase 2 bulk-review categories via
metadata.defaultCategory (reference data only; no rule logic change):

  aria-hidden-focus            -> aria-hidden
  aria-valid-attr-value        -> aria-attributes
  bypass                       -> bypass-blocks
  css-orientation-lock         -> orientation
  duplicate-id-aria            -> duplicate-ids
  identical-links-same-purpose -> link-consistency
  video-caption                -> media-captions

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@rajathmr2000

Copy link
Copy Markdown
Collaborator Author

Claude Code PR Review

PR: #244Head: 7b2a6b3Reviewers: stack:code-reviewer

Summary

Adds a metadata.defaultCategory string to 7 axe-core rule definitions (aria-hidden-focus, aria-valid-attr-value, bypass, css-orientation-lock, duplicate-id-aria, identical-links-same-purpose, video-caption), routing each rule to a review category for the AXE-3625 Phase-2 bulk-review feature. Inert metadata only — no effect on scan correctness, evaluation, or in-flight version compatibility.

Review Table

Priority Category Check Status Notes
High Security No hardcoded secrets or credentials Pass Data-only JSON metadata.
High Security Authentication/authorization checks present N/A No auth surface touched.
High Security Input validation and sanitization N/A No runtime input handling.
High Security No IDOR — resource ownership validated N/A No resource access.
High Security No SQL injection (parameterized queries) N/A No DB.
High Correctness Logic is correct, handles edge cases Pass All 7 files parse cleanly; one defaultCategory key each, correct comma placement, no duplicate keys.
High Correctness Error handling is explicit, no swallowed exceptions N/A No code paths.
High Correctness No race conditions or concurrency issues N/A Static data.
Medium Testing New code has corresponding tests Pass Guard suite ip-protection/test/rules/bulk-review-categories.test.js (PHASE2_BATCH2) asserts this rule→slug map; 29/29 pass.
Medium Testing Error paths and edge cases tested N/A No new logic.
Medium Testing Existing tests still pass (no regressions) Pass 29/29 green with the diff applied.
Medium Performance No N+1 queries or unbounded data fetching N/A No data access.
Medium Performance Long-running tasks use background jobs N/A N/A.
Medium Quality Follows existing codebase patterns Pass defaultCategory already present on ~12 other rules; allowed in build validator schema (build/tasks/validate.js:237, metadata is additionalProperties:false).
Medium Quality Changes are focused (single concern) Pass Single concern: category metadata for Phase-2 batch.
Low Quality Meaningful names, no dead code Pass All 7 slugs resolve to existing keys in a11y-engine-core/review_category.json.
Low Quality Comments explain why, not what N/A JSON cannot hold comments; // [tag]: convention inapplicable to .json.
Low Quality No unnecessary dependencies added Pass None added.

Findings

No blocking findings.

Note: defaultCategory is inserted as the first metadata property (before description), whereas existing rules like color-contrast.json place it after needsReviewConfidence. Ordering is semantically irrelevant for JSON — cosmetic only, not worth blocking.

Note: The guarding tests live in the consuming ip-protection / a11y-engine-core repos, not in this submodule PR's diff (correctly out-of-scope here). The category keys in review_category.json and the bulk-review-categories.test.js map are already on main in the monorepo working tree, so the submodule bump can land together with or after them safely.


Verdict: PASS — clean, low-risk, test-backed metadata addition; every value resolves against the category registry and the guard suite is green.

Add reviewPayload.visualHelperData emits for aria-valid-attr-value,
aria-hidden-focus, identical-links-same-purpose and duplicate-id-aria
(dedicated evaluate/after), plus their unit specs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant