WCAG 2.5.5 / Apple 44pt tap-target audit for the web. Collects every interactive element (a, button, [role=button], input[type=submit/button/checkbox/radio], select, summary, label[for], [onclick], [tabindex>=0]) and emits a PER-ELEMENT fix table for any whose rendered width or height is below th...
AI agents call audit_tap_targets to retrieve information from Raven without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
url | string | — | URL to render and measure. Requires headless chromium. |
minSize | number | — | Minimum tap-target size in px on each axis. Default 44. |
elements | array | — | Pre-collected interactive elements to score without rendering. |
Parameters from the server's own tool schema.
The tool performs read-only analysis: it inspects rendered UI elements, measures their bounding rectangles, and reports accessibility violations with suggested fixes. It does not modify any data, execute arbitrary code, or perform destructive actions. Rendering in headless Chromium is solely for measurement purposes. The output is a diagnostic report, making this a Read-category tool with low severity.
From the tool's definition 'audit_tap_targets' — collects and measures interactive elements, emits a fix table with measurements and recommendations; 'pass url (renders in headless chromium, measures real getBoundingClientRect) or pass elements[] snapshot (pure, no browser)'
Risk signalsAccepts URL/endpoint input (url) · High parameter count (10 properties) · Bulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
WCAG 2.5.5 / Apple 44pt tap-target audit for the web. Collects every interactive element (a, button, [role=button], input[type=submit/button/checkbox/radio], select, summary, label[for], [onclick], [tabindex>=0]) and emits a PER-ELEMENT fix table for any whose rendered width or height is below the minimum (default 44px): selector, role, visible text, measured w/h, pixel deficit per axis, and a concrete CSS fix. Sorted worst-first. Two modes: pass url (renders in headless chromium, measures real getBoundingClientRect) or pass elements[] snapshot (pure, no browser). It is categorised as a Read tool in the Raven MCP Server, which means it retrieves data without modifying state.
audit_tap_targets accepts 3 parameters: url, minSize, elements. The full parameter table on this page comes from the server's own tool schema.
Register the Raven MCP server in PolicyLayer and add a rule for audit_tap_targets: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Raven. Nothing to install.
audit_tap_targets is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the audit_tap_targets rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for audit_tap_targets. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
audit_tap_targets is provided by the Raven MCP server (raven-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
audit_tap_targets is one line of Raven's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →