{ "standard": "Bounded Systems Web-Build Conformance Standard", "version": "1.0.0", "results": [ { "id": "html.dom-author-requirements", "area": "html", "label": "HTML author requirements", "standard": "HTML Living Standard", "target": "DOM subtree meets HTML author requirements (valid semantics & structure).", "level": "author conformance", "evidence": "lone", "required": true, "loneCodes": [ "LONE_SEMANTIC_" ], "status": "met", "detail": "lone static checks clean (no findings)", "findings": [] }, { "id": "html.validator-clean", "area": "html", "label": "Nu HTML Checker errors", "standard": "Nu Html Checker", "target": "Zero HTML validator (Nu) errors over the rendered page.", "level": "zero errors", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no Nu HTML Checker report supplied" }, { "id": "a11y.aria-author", "area": "accessibility", "label": "WAI-ARIA author requirements", "standard": "WAI-ARIA 1.2", "target": "Valid roles/states/properties/relationships; prefer native HTML semantics.", "level": "author conformance", "evidence": "lone", "required": true, "loneCodes": [ "LONE_ARIA_" ], "status": "met", "detail": "lone static checks clean (no findings)", "findings": [] }, { "id": "a11y.wcag22-aa-auto", "area": "accessibility", "label": "WCAG 2.2 AA (automated subset)", "standard": "WCAG 2.2", "target": "Automatable WCAG 2.2 AA checks pass (names, text alternatives, contrast, keyboard, SR content).", "level": "AA (automated subset)", "evidence": "lone", "required": true, "loneCodes": [ "LONE_NAME_", "LONE_TEXT_", "LONE_SR_", "LONE_KEYBOARD_", "LONE_COLOR_", "LONE_READER_" ], "status": "met", "detail": "lone static checks clean (no findings)", "findings": [] }, { "id": "a11y.axe-serious-critical", "area": "accessibility", "label": "axe serious/critical violations", "standard": "axe-core", "target": "Zero serious/critical accessibility violations on the rendered page.", "level": "serious/critical", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no axe-core scan supplied" }, { "id": "a11y.wcag22-aa-manual", "area": "accessibility", "label": "WCAG 2.2 AA (manual audit)", "standard": "WCAG 2.2", "target": "Complete-flow manual audit incl. keyboard + screen-reader testing of critical flows.", "level": "AA (manual)", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no manual WCAG 2.2 AA audit supplied" }, { "id": "a11y.wcag22-aaa-selected", "area": "accessibility", "label": "WCAG 2.2 AAA (selected)", "standard": "WCAG 2.2", "target": "Selected AAA success criteria met.", "level": "AAA (selected)", "evidence": "external", "required": false, "status": "not-assessed", "detail": "no AAA attestation supplied (optional)" }, { "id": "security.asvs", "area": "security", "label": "OWASP ASVS Level 2", "standard": "OWASP ASVS 5.0.0", "target": "Verified to Level 2 (Level 3 for highly sensitive applications).", "level": "L2", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no OWASP ASVS attestation supplied" }, { "id": "security.no-critical-vulns", "area": "security", "label": "known critical/high vulns", "standard": "OWASP ASVS 5.0.0", "target": "Zero known critical/high exploitable vulnerabilities.", "level": "zero critical/high", "evidence": "external", "required": true, "status": "met", "detail": "0 known critical/high vulns" }, { "id": "performance.core-web-vitals", "area": "performance", "label": "Core Web Vitals (p75)", "standard": "Core Web Vitals", "target": "LCP ≤ 2.5s, INP ≤ 200ms, CLS ≤ 0.1 at p75 on mobile AND desktop (field data).", "level": "p75 mobile + desktop", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no Core Web Vitals field data supplied" }, { "id": "compatibility.baseline", "area": "compatibility", "label": "Baseline Widely Available", "standard": "Baseline", "target": "Baseline Widely Available (interoperable ≥30 months), or a tested fallback for newer features.", "level": "Widely Available", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no Baseline result supplied" }, { "id": "reliability.runtime", "area": "reliability", "label": "runtime reliability", "standard": "Bounded Systems reliability bar", "target": "No uncaught browser errors; no broken internal links; critical journeys covered by e2e tests.", "level": "—", "evidence": "external", "required": true, "status": "not-assessed", "detail": "no runtime reliability report supplied" }, { "id": "semantic.jsonld-shacl", "area": "semantic", "label": "JSON-LD 1.1 + SHACL conformance", "standard": "JSON-LD 1.1 / SHACL", "target": "Structured data parses as JSON-LD 1.1 and conforms to its SHACL shapes (zero violating blocks).", "level": "conforms", "evidence": "external", "required": true, "tier": 2, "status": "met", "detail": "JSON-LD 1.1 conforms to SHACL shapes (0 violating blocks)" }, { "id": "seo.technical", "area": "seo", "label": "Technical SEO", "standard": "Search-engine technical guidelines / RFC 9309", "target": "Canonical URLs correct, titles unique, robots.txt RFC 9309-valid, sitemap resolves, zero broken internal links.", "level": "clean", "evidence": "external", "required": true, "tier": 2, "status": "met", "detail": "canonical/titles/robots/sitemap clean, 0 broken internal links" }, { "id": "semantic.commonmark", "area": "semantic", "label": "CommonMark conformance", "standard": "CommonMark", "target": "Authored Markdown parses cleanly under the CommonMark spec.", "level": "conforms", "evidence": "external", "required": true, "tier": 2, "status": "not-assessed", "detail": "no CommonMark report supplied" }, { "id": "semantic.ai-readability", "area": "semantic", "label": "AI-readability", "standard": "llms.txt convention", "target": "llms.txt present, its links resolve, and HTML pages expose Markdown siblings for machine consumption.", "level": "recommended", "evidence": "external", "required": false, "tier": 2, "status": "met", "detail": "llms.txt present, links resolve, Markdown siblings exposed" }, { "id": "semantic.openapi", "area": "semantic", "label": "OpenAPI 3.2 + JSON Schema 2020-12", "standard": "OpenAPI 3.2 / JSON Schema 2020-12", "target": "Published OpenAPI document is valid and responses match their declared JSON Schemas. Only applies if an API is published.", "level": "conditional", "evidence": "external", "required": false, "tier": 2, "status": "not-assessed", "detail": "no OpenAPI report supplied (only applies if an API is published)" }, { "id": "semantic.feeds", "area": "semantic", "label": "Atom feed (RFC 4287)", "standard": "RFC 4287", "target": "Published feed is a valid Atom 1.0 document.", "level": "recommended", "evidence": "external", "required": false, "tier": 2, "status": "met", "detail": "Atom feed valid (RFC 4287)" }, { "id": "integrity.slsa-provenance", "area": "integrity", "label": "SLSA provenance + in-toto", "standard": "SLSA / in-toto", "target": "Build emits in-toto/SLSA provenance that is present, signed, and verifies against the artifact.", "level": "present + signed + verified", "evidence": "external", "required": true, "tier": 3, "status": "met", "detail": "SLSA/in-toto provenance present, signed, and verified" }, { "id": "integrity.reproducible-build", "area": "integrity", "label": "Reproducible build", "standard": "Reproducible Builds", "target": "Re-running the build from source yields byte-identical artifacts.", "level": "reproducible", "evidence": "external", "required": true, "tier": 3, "status": "met", "detail": "build is byte-reproducible" }, { "id": "integrity.sbom", "area": "integrity", "label": "SPDX SBOM", "standard": "SPDX", "target": "An SPDX SBOM is present, valid, complete (covers all components), and signed.", "level": "present + valid + complete + signed", "evidence": "external", "required": true, "tier": 3, "status": "met", "detail": "SPDX SBOM present, valid, complete, and signed" }, { "id": "integrity.content-digests", "area": "integrity", "label": "Content digests (RFC 9530)", "standard": "RFC 9530", "target": "Responses carry Repr-Digest (RFC 9530) representation digests.", "level": "recommended", "evidence": "external", "required": false, "tier": 3, "status": "met", "detail": "Repr-Digest headers present (RFC 9530)" }, { "id": "integrity.signed-release-manifest", "area": "integrity", "label": "Signed release manifest", "standard": "Bounded Systems release bar", "target": "Each release ships a manifest of artifact digests that is present and signed.", "level": "present + signed", "evidence": "external", "required": true, "tier": 3, "status": "met", "detail": "release manifest present and signed" }, { "id": "integrity.ipfs-cid", "area": "integrity", "label": "IPFS CID recorded", "standard": "IPFS / CIDv1", "target": "The release records a content-addressed IPFS CID for the artifact.", "level": "recommended", "evidence": "external", "required": false, "tier": 3, "status": "met", "detail": "IPFS CID recorded" }, { "id": "integrity.http-rfc9110", "area": "integrity", "label": "HTTP correctness (RFC 9110)", "standard": "RFC 9110", "target": "Responses are semantically correct per RFC 9110 HTTP semantics.", "level": "recommended", "evidence": "external", "required": false, "tier": 3, "status": "not-assessed", "detail": "no RFC 9110 HTTP report supplied (optional)" }, { "id": "cognitive.complexity-budget", "area": "cognitive", "label": "Interface-complexity budget (W3C COGA-derived)", "standard": "W3C COGA (derived)", "target": "Rendered DOM stays within an interface-complexity budget: choice density, primary-action count, heading depth, clear link purpose, interruptions, form/memory burden, motion, progressive disclosure. This is an interface-complexity budget, NOT a cognitive-load measurement.", "level": "budget (recommended)", "evidence": "lone", "required": false, "tier": "cognitive", "loneCodes": [ "LONE_COGA_" ], "status": "met", "detail": "lone static checks clean (no findings)", "findings": [] }, { "id": "cognitive.coga-usability-testing", "area": "cognitive", "label": "COGA usability testing", "standard": "W3C COGA", "target": "Usability testing conducted with people with cognitive disabilities; critical tasks pass.", "level": "manual (recommended)", "evidence": "external", "required": false, "tier": "cognitive", "status": "not-assessed", "detail": "no COGA usability testing supplied (optional)" } ], "summary": { "met": 15, "unmet": 0, "notAssessed": 12, "total": 27 }, "areaSummaries": [ { "area": "html", "met": 1, "unmet": 0, "notAssessed": 1, "total": 2, "summary": "html: 1/2 met (1 not assessed)" }, { "area": "accessibility", "met": 2, "unmet": 0, "notAssessed": 3, "total": 5, "summary": "accessibility: 2/5 met (3 not assessed)" }, { "area": "security", "met": 1, "unmet": 0, "notAssessed": 1, "total": 2, "summary": "security: 1/2 met (1 not assessed)" }, { "area": "performance", "met": 0, "unmet": 0, "notAssessed": 1, "total": 1, "summary": "performance: 0/1 met (1 not assessed)" }, { "area": "compatibility", "met": 0, "unmet": 0, "notAssessed": 1, "total": 1, "summary": "compatibility: 0/1 met (1 not assessed)" }, { "area": "reliability", "met": 0, "unmet": 0, "notAssessed": 1, "total": 1, "summary": "reliability: 0/1 met (1 not assessed)" }, { "area": "semantic", "met": 3, "unmet": 0, "notAssessed": 2, "total": 5, "summary": "semantic: 3/5 met (2 not assessed)" }, { "area": "seo", "met": 1, "unmet": 0, "notAssessed": 0, "total": 1, "summary": "seo: 1/1 met" }, { "area": "integrity", "met": 6, "unmet": 0, "notAssessed": 1, "total": 7, "summary": "integrity: 6/7 met (1 not assessed)" }, { "area": "cognitive", "met": 1, "unmet": 0, "notAssessed": 1, "total": 2, "summary": "cognitive: 1/2 met (1 not assessed)" } ], "conformant": false, "claim": "Partial conformance: automated DOM checks clean; Nu HTML Checker errors not supplied; axe serious/critical violations not supplied; WCAG 2.2 AA (manual audit) not supplied; OWASP ASVS Level 2 not supplied; Core Web Vitals (p75) not supplied; Baseline Widely Available not supplied; runtime reliability not supplied." }