Navable MCP

Part of navable.io — open-source accessibility tools for development teams.

A Model Context Protocol (MCP) server that gives AI coding agents real-browser accessibility scanning. Scans localhost pages with Playwright + axe-core (and optionally Pa11y/HTMLCS as a second engine), returns WCAG 2.1 Level A + AA violations with EN 301 549 mapping, and generates structured fix plans your agent can work through autonomously.

Quick Start

1. Add the MCP config for your editor (see below)

2. Start your dev server

3. Ask your agent: "scan http://localhost:3000 for accessibility issues"

Chromium installs automatically on the first scan (~150 MB one-time download). No extra step needed. If auto-install fails (e.g. restricted network), install manually:

npx playwright install chromium

MCP Configuration

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "navable": {
      "command": "npx",
      "args": ["-y", "@navable/mcp"],
      "env": {
        "NAVABLE_PROJECT_ROOT": "/absolute/path/to/your/project"
      }
    }
  }
}

NAVABLE_PROJECT_ROOT is optional. Set it if .navable-plan.json is written to the wrong directory (some IDE extension hosts use a different working directory). Omit env if auto-detection works.

VS Code (Copilot)

Add to .vscode/mcp.json:

{
  "servers": {
    "navable": {
      "command": "npx",
      "args": ["-y", "@navable/mcp"]
    }
  }
}

Claude Code

claude mcp add navable -- npx -y @navable/mcp

Available Tools

run_accessibility_scan

Scans a URL for WCAG 2.1 Level A + AA accessibility violations.

By default, only axe-core runs. Pa11y/HTMLCS is opt-in — see engines below.

Workflow: The response includes a scanId. Pass it to generate_fix_plan instead of pasting the full scan object — this avoids MCP client serialization issues and keeps chats smaller.

generate_fix_plan

Converts scan output into a structured AccessibilityFixPlan and writes .navable-plan.json when writeToDisk is true.

Returns planPath (absolute) when the file is written successfully. On write failure, returns an error with the attempted path; set NAVABLE_PROJECT_ROOT in the MCP server env if needed.

update_fix_status

Mark fix plan items as done, skipped, or in progress. Prefer this over hand-editing .navable-plan.json.

Returns updated progress summary (total, done, pending, skipped).

Available Resources

Resources use text/markdown. Prefer parameterized URIs during fix workflows to save context.

WCAG / compliance

Fix patterns (axe rule → before/after code)

ARIA (WAI-ARIA APG patterns)

Semantic HTML

Configuration

Create a .navable.json in your project root to customize behavior:

{
  "allowedHosts": ["localhost", "127.0.0.1", "[::1]"],
  "timeout": 15000,
  "waitUntil": "load",
  "axeTags": ["wcag2a", "wcag21a", "wcag2aa", "wcag21aa"],
  "axeDisableRules": [],
  "engines": ["axe"],
  "htmlcsIgnore": [],
  "wcagLevel": "AA"
}

Pa11y / HTMLCS as a second engine

Pa11y does not run by default. A plain run_accessibility_scan({ url }) call — and the default agent workflow — uses axe-core only. Pa11y/HTMLCS runs only when you opt in via the engines parameter or .navable.json.

When to use both engines

How to enable Pa11y

Per scan — pass engines to the tool:

run_accessibility_scan({ url: "http://localhost:3000", engines: ["axe", "htmlcs"] })

Always on — add to .navable.json in your project root:

{
  "engines": ["axe", "htmlcs"]
}

How results change with both engines

When engines includes "htmlcs", Pa11y runs in parallel with axe-core and shares Playwright's Chromium binary (no extra download). Crossover findings are deduped server-side with a deliberate bias toward false negatives over false positives — ambiguous matches are kept as separate entries rather than collapsed. The dedup uses a confidence ladder, all gated on same WCAG SC:

1. Full selector match (after normalizing html > body > prefixes and whitespace) + loose HTML compare (200-char prefix, whitespace-collapsed, lowercased).

2. Strict suffix match — one selector is the tail of the other, with > immediately before the boundary (e.g. axe section:nth-child(3) > p matches HTMLCS #root > main > section:nth-child(3) > p) + loose HTML compare.

3. Attribute-stripped suffix match (axe button[type="button"] vs HTMLCS button) + strict (full-string) HTML equality. Distinct elements like input[type="checkbox"] and input[type="radio"] collapse to the same stripped selector, so HTML must match exactly.

4. Last-3-segment fingerprint match + positional discriminator (:nth-, #id, .class, or […] somewhere in the fingerprint) + loose HTML compare. The discriminator gate prevents false merges in repeating layouts (ul > li > a lists, grids).

Survivors:

• Crossover-confirmed: kept as the axe entry, tagged with alsoFlaggedBy: ["htmlcs"].

• HTMLCS-only: kept with source: "htmlcs", plus helpUrl (WCAG Understanding doc) and a one-sentence developerNote to give agents enough context to act on the cryptic HTMLCS codes.

Same-element overlaps under different WCAG criteria are kept separate. axe and HTMLCS often map the same element to different success criteria (e.g. a <select> with no label may surface as SC 3.3.2 and SC 4.1.2 and SC 1.3.1). Each is a real audit finding and dedup never collapses across SCs — that would lose traceability for compliance reporting. The scan-accessibility and fix-accessibility skills include guidance to group plan items by DOM element so the agent applies one HTML edit per element, then marks all related fix IDs resolved at once. Without this grouping, an agent may edit the same element repeatedly and risk one fix undoing another.

HTMLCS often emits advisory "Check that…" warnings intended for human auditors. They aren't useful for an AI agent and inflate token cost. Suppress them via htmlcsIgnore. Common candidates:

{
  "engines": ["axe", "htmlcs"],
  "htmlcsIgnore": [
    "WCAG2AA.Principle1.Guideline1_3.1_3_1.H49.AlignAttr",
    "WCAG2AA.Principle2.Guideline2_4.2_4_1.H64.1",
    "WCAG2AA.Principle1.Guideline1_3.1_3_1.H42.2"
  ]
}

Find more codes to suppress in your scan output — any HTMLCS id whose help text starts with “Check that…” is a likely candidate.

Set NAVABLE_PROJECT_ROOT in the MCP server environment (see Cursor example above) so .navable-plan.json resolves to your app’s repo root when the server’s cwd is not the project.

Recommended: Agent Skills

For a deterministic, repeatable workflow, pair this MCP server with @navable/skills — pre-built agent skills that guide your AI agent through scanning, fixing, reviewing, and auditing accessibility issues step by step.

The skills ensure your agent follows a consistent process (scan → plan → fix → verify) instead of improvising. Copy them into your project's skills folder:

# VS Code (Copilot)
cp -r skills/* .github/skills/

# Cursor
cp -r skills/* .agents/skills/

# Claude Code
cp -r skills/* .claude/skills/

See the skills repository for details.

Requirements

• Node.js >= 20

• Playwright Chromium — downloaded automatically on first scan. If auto-install fails, run npx playwright install chromium manually.

Contributing / development

We love getting feedback and contributions. Found a bug? Have an idea for a new fix pattern or ARIA guide? Open an issue or send a PR — we'll review it quickly.

git clone https://github.com/web-DnA/navable-web-accessibility-mcp.git
cd navable-web-accessibility-mcp
npm install
npx playwright install chromium
npm run dev   # watch mode

License

MIT — navable.io