# Implementation Proof

Captured on 2026-06-13 in a local AccessPatch workspace.

## Local toolchain

- Node.js: `v24.16.0`
- npm/npx: `11.13.0`
- pnpm: `10.12.1`
- Git: `2.54.0.windows.1`
- Codex CLI: `0.138.0`

`pnpm` was initially missing from PATH during the first MVP setup. Installing `pnpm@10.12.1` with npm's user global prefix fixed the PATH command.

## Commands run for this sales-ready demo pass

```bash
pnpm test packages/fixers/src/fixers.test.ts packages/reporters/src/html.test.ts packages/reporters/src/markdown.test.ts
pnpm test packages/cli/src/cli.test.ts
pnpm accesspatch init-ci
pnpm demo:proof
pnpm accesspatch fix --repo <temp-copy-of-demo> --report reports/latest.json --apply-safe
pnpm accesspatch scan --url controlled safe-apply demo page --out <temp-copy-of-demo>/apply-safe-after.json
pnpm accesspatch scan --url controlled fixed demo page --out reports/fixed-after.json
pnpm accesspatch report --input reports/latest.json --format all
pnpm test
pnpm build
pnpm lint
```

Additional proof checks:

```bash
rg -n "fully compliant|guaranteed compliance|automatic compliance|legal compliance guaranteed|WCAG compliant automatically|one-click legal compliance|automatically fixes all WCAG|No human review needed|make.*compliant|prove.*compliance" . -g "!node_modules" -g "!dist"
```

The claim scan only returned disclaimers, forbidden example claims, or negative research context. It did not find a positive product promise that AccessPatch automatically proves compliance.

## Fresh command output excerpts

```text
pnpm demo:proof
AccessPatch scanned 1 page(s), found 30 issue(s).
Dry run: generated 4 safe edit group(s).
Rendered reports/latest.md, reports/latest.html
```

```text
pnpm accesspatch fix --repo <temp-copy-of-demo> --report reports/latest.json --apply-safe
Applied 4 safe edit group(s).
```

```text
pnpm accesspatch scan --url controlled safe-apply demo page --out <temp-copy-of-demo>/apply-safe-after.json
AccessPatch scanned 1 page(s), found 22 issue(s).
```

```text
pnpm accesspatch scan --url controlled fixed demo page --out reports/fixed-after.json
AccessPatch scanned 1 page(s), found 0 issue(s).
```

```text
pnpm test
Test Files 6 passed (6)
Tests 16 passed (16)
```

```text
pnpm build
tsc -p tsconfig.build.json
```

```text
pnpm lint
All matched files use Prettier code style!
```

## Running local servers

- Broken demo: local proof server, HTTP 200.
- Fixed demo: local proof server, HTTP 200.
- Report preview: local proof server, HTTP 200.
- Temporary apply-safe demo: local proof server, HTTP 200.

## Scan proof

The broken demo scan produced:

- `reports/latest.json`
- `reports/latest.raw.json`
- `reports/latest.md`
- `reports/latest.html`
- `reports/client-demo.html`
- `reports/client-demo.md`
- `reports/sample.html`
- `reports/sample.md`
- `reports/wcag-map.md`
- `reports/manual-review-checklist.md`
- `reports/apply-safe-summary.md`
- `reports/apply-safe-after.json`
- `reports/fixed-after.json`

Report totals:

- Total issues: `30`
- Critical: `16`
- Serious: `14`
- Safe: `8`
- Review-required: `1`
- Manual-only: `21`
- Source guesses: `22`

Rules detected:

- `button-name`
- `color-contrast`
- `document-title`
- `html-has-lang`
- `image-alt`
- `link-name`

## Before/after proof

`reports/before-after-summary.md` was generated from the real JSON reports:

- Broken demo total issues: `30`
- Fixed demo total issues: `0`
- Broken safe fixes classified: `8`
- Broken review-required: `1`
- Broken manual-only: `21`

The fixed demo scan is a controlled demo proof, not a compliance certificate. Manual WCAG review remains required for real customer sites.

## Apply-safe temporary demo proof

`reports/apply-safe-summary.md` was generated from a temporary copy of `examples/static-html-demo`.

- Temporary source path: private local copy, path intentionally omitted.
- `--apply-safe` applied `4` safe edit groups.
- Confirmed changes in the temporary copy:
  - `html lang`: `true`
  - document title: `true`
  - menu `aria-label`: `true`
  - button `type="button"`: `true`
  - `:focus-visible`: `true`
- Apply-safe demo scan total issues: `22`
- Safe issues remaining after apply-safe: `0`
- Review-required remaining after apply-safe: `1`
- Manual-only remaining after apply-safe: `21`

This proves the safe patcher runs against a copied codebase and leaves semantic/manual work unguessed.

## Fix proof

Dry-run fix command wrote:

- `patches/suggested-fixes.patch`
- `patches/review-required.md`

Dry-run generated `4` safe edit groups. The suggested patch contains concrete safe additions for:

- `<html lang="en">`
- `<title>AccessPatch Review</title>`
- `aria-label` values from existing `data-accesspatch-label` data.
- `type="button"` for buttons outside forms.
- A `:focus-visible` keyboard focus fallback.

No source file in `examples/static-html-demo` was modified by the dry run.

## Browser proof

The in-app browser opened:

```text
reviewed public demo report
```

DOM proof returned:

- Title: `AccessPatch Accessibility Report`
- H1: `AccessPatch Accessibility Report`
- Issue cards: `30`
- Filter present: `true`
- Source guess text present: `true`
- Sections: `Executive summary`, `Safe Patches`, `Manual Review`, `WCAG Map`, `Disclaimer`, `Developer Details`

## Final verification proof

- `pnpm test`: 6 test files passed, 16 tests passed.
- `pnpm build`: TypeScript strict build passed.
- `pnpm lint`: Prettier check passed.
- ASCII check: passed.
- False-claim scan: no AccessPatch sales or product text claims automatic legal/WCAG/EAA compliance.