From c991011d534dd5066b3d0174185b60feb73e46fd Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:35:00 -0400
Subject: [PATCH 01/25] feat: add axe-core WCAG 2.2 AA accessibility tests to
 CI

- Add __tests__/a11y.test.mjs: Node built-in test runner + @axe-core/playwright
  against a minimal static server on the Docusaurus build output
- Add .github/workflows/a11y.yml: dedicated Accessibility CI job on every PR
- Add test:a11y npm script
- Install @axe-core/playwright and playwright as devDependencies

Closes #404

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/workflows/a11y.yml |  43 ++++++++++++++++
 __tests__/a11y.test.mjs    | 102 +++++++++++++++++++++++++++++++++++++
 package-lock.json          |  72 ++++++++++++++++++++++++++
 package.json               |   3 ++
 4 files changed, 220 insertions(+)
 create mode 100644 .github/workflows/a11y.yml
 create mode 100644 __tests__/a11y.test.mjs

diff --git a/.github/workflows/a11y.yml b/.github/workflows/a11y.yml
new file mode 100644
index 00000000..0b9f2292
--- /dev/null
+++ b/.github/workflows/a11y.yml
@@ -0,0 +1,43 @@
+---
+name: Accessibility
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: a11y-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  a11y:
+    name: WCAG 2.2 AA
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+
+      - name: Configure sustainable npm
+        uses: lowlydba/sustainable-npm@31d51025884f424f58f22e4e6578178bb4e79632 # v3.0.0
+
+      - name: Install NPM dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Install Playwright browser
+        run: npx playwright install chromium --with-deps
+
+      - name: Run accessibility tests
+        run: npm run test:a11y
diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
new file mode 100644
index 00000000..df614e12
--- /dev/null
+++ b/__tests__/a11y.test.mjs
@@ -0,0 +1,102 @@
+/**
+ * WCAG 2.2 AA accessibility tests using Node's built-in test runner.
+ * Requires a built `build/` directory — run `npm run build` first.
+ * Run with: npm run test:a11y
+ */
+
+import { test, before, after } from 'node:test';
+import assert from 'node:assert/strict';
+import { createServer } from 'node:http';
+import { readFile, access } from 'node:fs/promises';
+import { extname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { chromium } from 'playwright';
+import AxeBuilder from '@axe-core/playwright';
+
+const __dirname = fileURLToPath(new URL('.', import.meta.url));
+const BUILD_DIR = join(__dirname, '..', 'build');
+const PORT = 3778;
+const BASE_URL = `http://localhost:${PORT}`;
+
+const MIME = {
+  '.html': 'text/html',
+  '.js': 'application/javascript',
+  '.mjs': 'application/javascript',
+  '.css': 'text/css',
+  '.png': 'image/png',
+  '.svg': 'image/svg+xml',
+  '.woff2': 'font/woff2',
+  '.json': 'application/json',
+};
+
+let server, browser;
+
+before(async () => {
+  await access(join(BUILD_DIR, 'index.html')).catch(() => {
+    throw new Error(`build/index.html not found — run 'npm run build' before running accessibility tests`);
+  });
+
+  // ponytail: minimal static file server, falls back to index.html for Docusaurus client-side routing
+  server = createServer(async (req, res) => {
+    const urlPath = req.url.split('?')[0];
+    const filePath = join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath);
+    try {
+      const data = await readFile(filePath);
+      res.writeHead(200, { 'Content-Type': MIME[extname(filePath)] ?? 'application/octet-stream' });
+      res.end(data);
+    } catch {
+      try {
+        const data = await readFile(join(BUILD_DIR, 'index.html'));
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(data);
+      } catch {
+        res.writeHead(404);
+        res.end('Not found');
+      }
+    }
+  });
+  await new Promise((resolve) => server.listen(PORT, resolve));
+  browser = await chromium.launch();
+});
+
+after(async () => {
+  await browser?.close();
+  await new Promise((resolve) => server.close(resolve));
+});
+
+function formatViolations(violations, label) {
+  if (violations.length === 0) return;
+  const detail = violations
+    .map((v) =>
+      `[${v.impact}] ${v.id}: ${v.description}\n` +
+      v.nodes.map((n) => `  • ${n.target}`).join('\n')
+    )
+    .join('\n\n');
+  assert.fail(`${violations.length} WCAG 2.2 AA violation(s) — ${label}:\n\n${detail}`);
+}
+
+async function runAxe(url) {
+  const context = await browser.newContext();
+  const page = await context.newPage();
+  try {
+    await page.goto(`${BASE_URL}${url}`, { waitUntil: 'domcontentloaded' });
+    await page.waitForSelector('main', { timeout: 10000 });
+    const { violations } = await new AxeBuilder({ page })
+      .withTags(['wcag2a', 'wcag2aa', 'wcag21a', 'wcag21aa', 'wcag22aa'])
+      .analyze();
+    return violations;
+  } finally {
+    await context.close();
+  }
+}
+
+const PAGES = [
+  { path: '/', label: 'homepage' },
+  { path: '/docs/', label: 'docs index' },
+];
+
+for (const { path, label } of PAGES) {
+  test(`${label} passes WCAG 2.2 AA`, async () => {
+    formatViolations(await runAxe(path), label);
+  });
+}
diff --git a/package-lock.json b/package-lock.json
index 9f28f54b..abd5e23c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,6 +24,7 @@
         "react-dom": "^19.2.7"
       },
       "devDependencies": {
+        "@axe-core/playwright": "^4.11.3",
         "@docusaurus/module-type-aliases": "^3.10.0",
         "@docusaurus/types": "^3.10.0",
         "@eslint/js": "^10.0.0",
@@ -36,6 +37,7 @@
         "globals": "^17.6.0",
         "jsdom": "^29.1.1",
         "markdownlint-cli": "^0.48.0",
+        "playwright": "^1.61.0",
         "prettier": "^3.8.4",
         "typescript": "^6.0.3",
         "vitest": "^4.1.8"
@@ -471,6 +473,19 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@axe-core/playwright": {
+      "version": "4.11.3",
+      "resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.11.3.tgz",
+      "integrity": "sha512-h/kfksv4F0cVIDlKpT4700OehdRgpvuVskuQ2nb7/JmtWUXpe9ftHAPtwyXGvVSsa6SJ64A9ER7Zrzc/sIvC4w==",
+      "dev": true,
+      "license": "MPL-2.0",
+      "dependencies": {
+        "axe-core": "~4.11.4"
+      },
+      "peerDependencies": {
+        "playwright-core": ">= 1.0.0"
+      }
+    },
     "node_modules/@babel/code-frame": {
       "version": "7.29.0",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
@@ -8179,6 +8194,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/axe-core": {
+      "version": "4.11.4",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.4.tgz",
+      "integrity": "sha512-KunSNx+TVpkAw/6ULfhnx+HWRecjqZGTOyquAoWHYLRSdK1tB5Ihce1ZW+UY3fj33bYAFWPu7W/GRSmmrCGuxA==",
+      "dev": true,
+      "license": "MPL-2.0",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/babel-loader": {
       "version": "9.2.1",
       "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-9.2.1.tgz",
@@ -17949,6 +17974,53 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/playwright": {
+      "version": "1.61.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.61.0.tgz",
+      "integrity": "sha512-Z+7BeeqQPRRzklHsVFP4KTGIyMxKUmfeRA4WisM6G3/XW6nwGeX6fX9qYaDa+CiUqpOkb2f6X3nar05R3kSuJQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.61.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.61.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.61.0.tgz",
+      "integrity": "sha512-caX7TrY3Ml6egyDX0WUcTHDxodl/b51y5wJOdCEA36QviK/s2g081hvmGs8eaE3DWb6NYZQ6BjO/QkNRPenoPA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/playwright/node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
     "node_modules/pmtiles": {
       "version": "4.4.1",
       "resolved": "https://registry.npmjs.org/pmtiles/-/pmtiles-4.4.1.tgz",
diff --git a/package.json b/package.json
index e63d3f72..4b2074d5 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,7 @@
     "format": "prettier --write .",
     "format:check": "prettier --check .",
     "test": "vitest run",
+    "test:a11y": "node --test --test-reporter=spec __tests__/a11y.test.mjs",
     "test:watch": "vitest",
     "typecheck": "tsc --noEmit"
   },
@@ -40,6 +41,7 @@
     "react-dom": "^19.2.7"
   },
   "devDependencies": {
+    "@axe-core/playwright": "^4.11.3",
     "@docusaurus/module-type-aliases": "^3.10.0",
     "@docusaurus/types": "^3.10.0",
     "@eslint/js": "^10.0.0",
@@ -52,6 +54,7 @@
     "globals": "^17.6.0",
     "jsdom": "^29.1.1",
     "markdownlint-cli": "^0.48.0",
+    "playwright": "^1.61.0",
     "prettier": "^3.8.4",
     "typescript": "^6.0.3",
     "vitest": "^4.1.8"

From 28f85f86c6a73c858264d4c662e046f45ed96d6c Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:36:37 -0400
Subject: [PATCH 02/25] docs: add WCAG 2.2 AA badge to README

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index edb45b31..d8ca86d6 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Overture Documentation
 
+[![WCAG 2.2 AA](https://img.shields.io/badge/WCAG_2.2-AA-green)](https://www.w3.org/WAI/WCAG22/quickref/)
+
 This repository uses [Docusaurus](https://docusaurus.io/) to publish the documentation pages seen at [docs.overturemaps.org](https://docs.overturemaps.org)
 
 ## Structure

From 1b9b2d9c3913a03bd8ea5366396e2807367c0180 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:40:35 -0400
Subject: [PATCH 03/25] fix: resolve 3 WCAG 2.2 AA violations caught by axe CI

- home.module.css: darken .featuredIcon from #f97316 (2.8:1) to #c2410c
  (5.1:1 on white) to pass the 4.5:1 AA contrast threshold
- home.module.css: underline inline links in .featuredDesc paragraphs
  so they're distinguishable without relying on color (WCAG 1.4.1)
- docusaurus.config.js: add aria-label to github-link navbar icon so
  the link has discernible text (WCAG 4.1.2)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 docusaurus.config.js           | 1 +
 src/components/home.module.css | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docusaurus.config.js b/docusaurus.config.js
index f12b2ce2..bfd801fa 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -225,6 +225,7 @@ const config = {
             position: 'right',
             target: '_blank',
             className: 'github-link',
+            'aria-label': 'View source on GitHub',
           },
         ],
       },
diff --git a/src/components/home.module.css b/src/components/home.module.css
index ce496ef2..9016411c 100644
--- a/src/components/home.module.css
+++ b/src/components/home.module.css
@@ -32,7 +32,8 @@
 
 .featuredIcon {
   display: inline-block;
-  color: #f97316;
+  /* ponytail: #c2410c is orange-700, 5.1:1 on white — passes WCAG AA (4.5:1) */
+  color: #c2410c;
   margin-right: 0.4em;
   font-style: normal;
 }
@@ -50,6 +51,12 @@
   line-height: 1.6;
 }
 
+/* Underline inline links so they're distinguishable without relying on color (WCAG 1.4.1) */
+.featuredDesc p a {
+  text-decoration: underline;
+  text-underline-offset: 2px;
+}
+
 /* ── SECTIONS ── */
 .docSection {
   max-width: 760px;

From e0939427fa73738a62ef17776b27be167ab1d763 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:43:06 -0400
Subject: [PATCH 04/25] fix: prevent path traversal in a11y test static server
 (CodeQL js/path-injection)

Resolve req.url against BUILD_DIR and reject any path that escapes it
before passing it to readFile.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 __tests__/a11y.test.mjs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
index df614e12..dc6b0831 100644
--- a/__tests__/a11y.test.mjs
+++ b/__tests__/a11y.test.mjs
@@ -8,7 +8,7 @@ import { test, before, after } from 'node:test';
 import assert from 'node:assert/strict';
 import { createServer } from 'node:http';
 import { readFile, access } from 'node:fs/promises';
-import { extname, join } from 'node:path';
+import { extname, join, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import { chromium } from 'playwright';
 import AxeBuilder from '@axe-core/playwright';
@@ -39,7 +39,12 @@ before(async () => {
   // ponytail: minimal static file server, falls back to index.html for Docusaurus client-side routing
   server = createServer(async (req, res) => {
     const urlPath = req.url.split('?')[0];
-    const filePath = join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath);
+    const filePath = resolve(join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath));
+    if (!filePath.startsWith(BUILD_DIR + '/') && filePath !== BUILD_DIR) {
+      res.writeHead(403);
+      res.end('Forbidden');
+      return;
+    }
     try {
       const data = await readFile(filePath);
       res.writeHead(200, { 'Content-Type': MIME[extname(filePath)] ?? 'application/octet-stream' });

From 81c1e824b0ae10b7acdbe5cc0e01de9fb0dc2a9c Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:45:40 -0400
Subject: [PATCH 05/25] chore: move CODEOWNERS and SECURITY.md to .github/

GitHub recognizes both files in root, .github/, or docs/.
No functional change.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 CODEOWNERS => .github/CODEOWNERS   | 0
 SECURITY.md => .github/SECURITY.md | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename CODEOWNERS => .github/CODEOWNERS (100%)
 rename SECURITY.md => .github/SECURITY.md (100%)

diff --git a/CODEOWNERS b/.github/CODEOWNERS
similarity index 100%
rename from CODEOWNERS
rename to .github/CODEOWNERS
diff --git a/SECURITY.md b/.github/SECURITY.md
similarity index 100%
rename from SECURITY.md
rename to .github/SECURITY.md

From bce69b725c9db658acc37886773d074c62e9a846 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 09:54:14 -0400
Subject: [PATCH 06/25] feat: add DuckDB query smoke tests to CI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces the stale root test_queries.py (which only linted and had a
broken release-version regex) with a proper execution test.

scripts/test_queries.py:
- Fetches current release from the STAC catalog (falls back to a
  hardcoded version on failure)
- Walks src/queries/duckdb/*.sql
- Single-statement / COPY-wrapper queries: runs as
  SELECT * FROM (...) LIMIT 1 to validate S3 paths and schema with
  minimal data transfer
- Multi-statement scripts (SET VARIABLE / CREATE TABLE chains): runs
  in full inside a temp directory so any COPY...TO output is cleaned up
- Exits non-zero on any failure

.github/workflows/query-tests.yml:
- Runs on every PR and on a Monday 06:00 UTC schedule (catches
  data-side breakage between releases without a code change)

Athena/Synapse/Snowflake queries are intentionally excluded — they
require credentials that live outside this repo and are already
covered by sqlfluff linting in lint.yml.

Relates to: https://github.com/OvertureMaps/tf-data-platform/issues/256

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/workflows/query-tests.yml |  36 ++++++++
 scripts/test_queries.py           | 144 ++++++++++++++++++++++++++++++
 test_queries.py                   |  32 -------
 3 files changed, 180 insertions(+), 32 deletions(-)
 create mode 100644 .github/workflows/query-tests.yml
 create mode 100644 scripts/test_queries.py
 delete mode 100644 test_queries.py

diff --git a/.github/workflows/query-tests.yml b/.github/workflows/query-tests.yml
new file mode 100644
index 00000000..6f590618
--- /dev/null
+++ b/.github/workflows/query-tests.yml
@@ -0,0 +1,36 @@
+---
+name: Query Tests
+
+on:
+  pull_request:
+  schedule:
+    - cron: '0 6 * * 1' # Monday 06:00 UTC — catches data-side breakage between releases
+  workflow_dispatch:
+
+concurrency:
+  group: query-tests-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  duckdb:
+    name: DuckDB query smoke tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v6.2.0
+        with:
+          python-version: '3.12'
+
+      - name: Install duckdb
+        run: pip install duckdb
+
+      - name: Run query smoke tests
+        run: python scripts/test_queries.py
diff --git a/scripts/test_queries.py b/scripts/test_queries.py
new file mode 100644
index 00000000..9fb74f71
--- /dev/null
+++ b/scripts/test_queries.py
@@ -0,0 +1,144 @@
+#!/usr/bin/env python3
+"""
+Execute every DuckDB query in src/queries/duckdb/ against live Overture S3 data.
+
+Single-statement queries (SELECT / COPY wrappers) run as SELECT * FROM (...) LIMIT 1
+to validate paths and schema with minimal data transfer.
+
+Multi-statement scripts (SET VARIABLE, CREATE TABLE chains) run in full inside a
+temporary directory so any COPY ... TO 'file' output is cleaned up automatically.
+
+Exits non-zero on any failure.
+
+Usage:
+    pip install duckdb
+    python scripts/test_queries.py
+"""
+
+import json
+import os
+import re
+import sys
+import tempfile
+from pathlib import Path
+from urllib.request import urlopen
+
+import duckdb
+
+STAC_URL = "https://stac.overturemaps.org/catalog.json"
+FALLBACK_RELEASE = "2026-05-20.0"
+QUERIES_DIR = Path(__file__).parent.parent / "src" / "queries" / "duckdb"
+
+# Lines handled by the shared connection setup — strip before classification
+_PREAMBLE = re.compile(
+    r"^\s*(LOAD|INSTALL)\s+\S+\s*;?\s*$"
+    r"|^\s*SET\s+s3_region\s*=\s*[^;]+;\s*$",
+    re.IGNORECASE | re.MULTILINE,
+)
+
+# COPY(<select>) TO '<file>' [WITH (...)] — unwrap to just the inner SELECT
+_COPY_WRAP = re.compile(
+    r"\ACOPY\s*\((.+)\)\s+TO\s+'[^']+?'[^;]*\Z",
+    re.DOTALL | re.IGNORECASE,
+)
+
+
+def fetch_release() -> str:
+    try:
+        with urlopen(STAC_URL, timeout=10) as r:
+            return json.loads(r.read())["latest"]
+    except Exception as exc:
+        print(f"  STAC fetch failed ({exc}), falling back to {FALLBACK_RELEASE}")
+        return FALLBACK_RELEASE
+
+
+def split_statements(sql: str) -> list[str]:
+    """Naive semicolon split — sufficient for S3-path SQL with no semicolons in strings."""
+    return [s.strip() for s in sql.split(";") if s.strip()]
+
+
+def prepare(raw: str, release: str) -> tuple[str, bool]:
+    """
+    Returns (sql, is_multi).
+
+    Substitutes release token, strips connection-preamble lines, then decides:
+    - Single COPY wrapper → unwrap inner SELECT, is_multi=False
+    - Single SELECT/other → as-is, is_multi=False
+    - Multiple statements  → full cleaned SQL, is_multi=True
+    """
+    sql = raw.replace("__OVERTURE_RELEASE", release)
+    sql = _PREAMBLE.sub("", sql).strip()
+
+    stmts = split_statements(sql)
+    if not stmts:
+        return "", False
+
+    if len(stmts) == 1:
+        m = _COPY_WRAP.match(stmts[0])
+        return (m.group(1).strip() if m else stmts[0].rstrip(";")), False
+
+    return sql, True
+
+
+def run_single(con: duckdb.DuckDBPyConnection, sql: str) -> None:
+    con.execute(f"SELECT * FROM (\n{sql}\n) _q LIMIT 1")
+
+
+def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
+    # ponytail: chdir into tmpdir so COPY...TO writes go to scratch space
+    prev = os.getcwd()
+    with tempfile.TemporaryDirectory() as tmpdir:
+        os.chdir(tmpdir)
+        try:
+            for stmt in split_statements(sql):
+                con.execute(stmt)
+        finally:
+            os.chdir(prev)
+
+
+def main() -> None:
+    release = fetch_release()
+    print(f"Release: {release}\n")
+
+    con = duckdb.connect()
+    for stmt in [
+        "INSTALL httpfs", "LOAD httpfs",
+        "INSTALL spatial", "LOAD spatial",
+        "SET s3_region='us-west-2'",
+    ]:
+        con.execute(stmt)
+
+    queries = sorted(QUERIES_DIR.glob("*.sql"))
+    failures: list[tuple[str, str]] = []
+
+    for path in queries:
+        sql, is_multi = prepare(path.read_text(), release)
+        if not sql:
+            print(f"  skip   {path.name}")
+            continue
+
+        label = "script" if is_multi else "query "
+        print(f"  {label} {path.name} ... ", end="", flush=True)
+        try:
+            if is_multi:
+                run_multi(con, sql)
+            else:
+                run_single(con, sql)
+            print("ok")
+        except Exception as exc:
+            print("FAIL")
+            print(f"         {exc}")
+            failures.append((path.name, str(exc)))
+
+    print()
+    if failures:
+        print(f"{len(failures)} failure(s):")
+        for name, err in failures:
+            print(f"  {name}: {err}")
+        sys.exit(1)
+
+    print(f"All {len(queries)} DuckDB queries passed.")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/test_queries.py b/test_queries.py
deleted file mode 100644
index 202e1c05..00000000
--- a/test_queries.py
+++ /dev/null
@@ -1,32 +0,0 @@
-# Run the DuckDB Queries
-import duckdb, re, sqlfluff
-from os import walk, path
-
-cursor = duckdb.connect()
-cursor.execute("INSTALL httpfs;")
-cursor.execute("INSTALL azure;")
-
-# Current version?
-search = re.compile(r"overtureRelease: '(.*)'")
-
-with open('docusaurus.config.js', 'r') as f:
-    for line in f:
-        if search.search(line):
-            overture_release = search.search(line).group(1)
-
-print(f"Using Overture release: {overture_release}")
-
-def format_query(query):
-    return query.replace('__OVERTURE_RELEASE', overture_release)
-    
-# Read and Fluff all queries
-for (dir, dirnames, queries) in walk("src/queries/duckdb"):
-
-    for idx, q in enumerate(sorted(queries)):
-        query = open(path.join(dir,q),'r').read()
-        query = format_query(query)
-        print(idx, q)
-
-        res = sqlfluff.lint(query)
-
-        print(res)

From 4f716873cd039c69c15d191e68a4eee9ac9f7689 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:02:28 -0400
Subject: [PATCH 07/25] fix: correct setup-python version comment (v5.6.0 not
 v6.2.0)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/workflows/query-tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/query-tests.yml b/.github/workflows/query-tests.yml
index 6f590618..63313a0a 100644
--- a/.github/workflows/query-tests.yml
+++ b/.github/workflows/query-tests.yml
@@ -25,7 +25,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v6.2.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: '3.12'
 

From 012b92596f0b0fe8c40d2f52a383ff951a680b0c Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:08:59 -0400
Subject: [PATCH 08/25] chore: consolidate CI into single workflow with
 are-we-good rollup

- ci.yml replaces test.yml and a11y.yml, adding query-tests as a
  called job. are-we-good rolls up all three into a single required
  check for branch protection.
- query-tests.yml gains workflow_call so ci.yml can reuse it without
  duplicating steps; schedule and workflow_dispatch kept for standalone
  data-side monitoring.

Branch protection needs just two checks:
  - are-we-good  (from ci.yml)
  - Super-Linter (from lint.yml)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/workflows/a11y.yml        | 43 ----------------
 .github/workflows/ci.yml          | 82 +++++++++++++++++++++++++++++++
 .github/workflows/query-tests.yml |  4 +-
 .github/workflows/test.yml        | 37 --------------
 4 files changed, 84 insertions(+), 82 deletions(-)
 delete mode 100644 .github/workflows/a11y.yml
 create mode 100644 .github/workflows/ci.yml
 delete mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/a11y.yml b/.github/workflows/a11y.yml
deleted file mode 100644
index 0b9f2292..00000000
--- a/.github/workflows/a11y.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-name: Accessibility
-
-on:
-  pull_request:
-  workflow_dispatch:
-
-concurrency:
-  group: a11y-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  a11y:
-    name: WCAG 2.2 AA
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version-file: package.json
-
-      - name: Configure sustainable npm
-        uses: lowlydba/sustainable-npm@31d51025884f424f58f22e4e6578178bb4e79632 # v3.0.0
-
-      - name: Install NPM dependencies
-        run: npm ci
-
-      - name: Build
-        run: npm run build
-
-      - name: Install Playwright browser
-        run: npx playwright install chromium --with-deps
-
-      - name: Run accessibility tests
-        run: npm run test:a11y
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..483bf7f4
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,82 @@
+---
+name: CI
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: ci-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  unit-tests:
+    name: Unit tests
+    runs-on: ubuntu-slim
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+
+      - name: Configure sustainable npm
+        uses: lowlydba/sustainable-npm@31d51025884f424f58f22e4e6578178bb4e79632 # v3.0.0
+
+      - name: Install NPM dependencies
+        run: npm ci
+
+      - name: Run tests
+        run: npm test
+
+  a11y:
+    name: Accessibility (WCAG 2.2 AA)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+
+      - name: Configure sustainable npm
+        uses: lowlydba/sustainable-npm@31d51025884f424f58f22e4e6578178bb4e79632 # v3.0.0
+
+      - name: Install NPM dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Install Playwright browser
+        run: npx playwright install chromium --with-deps
+
+      - name: Run accessibility tests
+        run: npm run test:a11y
+
+  query-tests:
+    name: DuckDB query smoke tests
+    uses: ./.github/workflows/query-tests.yml
+    permissions:
+      contents: read
+
+  are-we-good:
+    name: are-we-good
+    runs-on: ubuntu-slim
+    needs: [unit-tests, a11y, query-tests]
+    if: always()
+    steps:
+      - uses: lowlydba/are-we-good@bb8ee9e793e4233fac1992bb880e2a28bed7f42f # v1.0.3
+        with:
+          jobs: ${{ toJSON(needs) }}
diff --git a/.github/workflows/query-tests.yml b/.github/workflows/query-tests.yml
index 63313a0a..aa7681a6 100644
--- a/.github/workflows/query-tests.yml
+++ b/.github/workflows/query-tests.yml
@@ -2,13 +2,13 @@
 name: Query Tests
 
 on:
-  pull_request:
+  workflow_call: # reusable — called from ci.yml on PRs
   schedule:
     - cron: '0 6 * * 1' # Monday 06:00 UTC — catches data-side breakage between releases
   workflow_dispatch:
 
 concurrency:
-  group: query-tests-${{ github.event.number || github.ref }}
+  group: query-tests-${{ github.run_id }}
   cancel-in-progress: true
 
 permissions:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
deleted file mode 100644
index 6eef4def..00000000
--- a/.github/workflows/test.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-name: Test
-
-on:
-  pull_request:
-  workflow_dispatch:
-
-concurrency:
-  group: test-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    name: Unit tests
-    runs-on: ubuntu-slim
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version-file: package.json
-
-      - name: Configure sustainable npm
-        uses: lowlydba/sustainable-npm@31d51025884f424f58f22e4e6578178bb4e79632 # v3.0.0
-
-      - name: Install NPM dependencies
-        run: npm ci
-
-      - name: Run tests
-        run: npm test

From a79cc31b26085c59cd00a4cc337ea68b908e01a4 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:09:33 -0400
Subject: [PATCH 09/25] chore: add 15 minute timeout to DuckDB query tests job

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/workflows/query-tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/query-tests.yml b/.github/workflows/query-tests.yml
index aa7681a6..39205b18 100644
--- a/.github/workflows/query-tests.yml
+++ b/.github/workflows/query-tests.yml
@@ -18,6 +18,7 @@ jobs:
   duckdb:
     name: DuckDB query smoke tests
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - name: Checkout repo
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

From 380b07ba715ad97ba5b434bd37cf3a5dd70fa7d1 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:10:58 -0400
Subject: [PATCH 10/25] test: expand a11y coverage to 7 pages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds quickstart (QueryBuilder), guides index, examples index,
blog index, and community (CommunityTable) — covers the main
distinct templates and custom components in the site.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 __tests__/a11y.test.mjs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
index dc6b0831..d90e17f4 100644
--- a/__tests__/a11y.test.mjs
+++ b/__tests__/a11y.test.mjs
@@ -98,6 +98,11 @@ async function runAxe(url) {
 const PAGES = [
   { path: '/', label: 'homepage' },
   { path: '/docs/', label: 'docs index' },
+  { path: '/getting-data/', label: 'quickstart (QueryBuilder)' },
+  { path: '/guides/', label: 'guides index' },
+  { path: '/examples/', label: 'examples index' },
+  { path: '/blog/', label: 'blog index' },
+  { path: '/community/', label: 'community (custom table)' },
 ];
 
 for (const { path, label } of PAGES) {

From 58184925c18d39279861d9140a789161725a9edb Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:19:42 -0400
Subject: [PATCH 11/25] fix(a11y): fix WCAG AA violations on community page

- Bump .groupLabel, .cardMeta, .cardRelease from emphasis-500/600 to
  emphasis-700 (previous values were below 4.5:1 ratio)
- Darken .pillTool pill-color from #05A5AF (2.5:1) to #056B73 (5.7:1)
  on light bg; also passes 6.3:1 for white-on-teal active state
- Add .markdown p a / article p a underline rule to fix
  link-in-text-block across all markdown content (WCAG 1.4.1)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 src/components/CommunityTable.module.css | 9 +++++----
 src/css/custom.css                       | 7 +++++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/components/CommunityTable.module.css b/src/components/CommunityTable.module.css
index 83ea7c6e..012d1b13 100644
--- a/src/components/CommunityTable.module.css
+++ b/src/components/CommunityTable.module.css
@@ -18,7 +18,7 @@
   font-size: 0.75rem;
   text-transform: uppercase;
   letter-spacing: 0.05em;
-  color: var(--ifm-color-emphasis-600);
+  color: var(--ifm-color-emphasis-700); /* ponytail: was 600 (~4.3:1), 700 (~9.7:1) passes AA */
   margin-right: 0.25rem;
   min-width: 5rem;
 }
@@ -57,7 +57,8 @@
 
 /* Per-group color tokens — Theme: navy, Tool: teal, Type: lime */
 .pillTheme  { --pill-color: var(--om-primary-navy);        --pill-bg-hover: rgba(44,46,127,0.08); }
-.pillTool   { --pill-color: var(--om-secondary-teal-dark); --pill-bg-hover: rgba(5,165,175,0.1);  }
+/* ponytail: #05A5AF was 2.5:1 on light bg; #056B73 gives 5.7:1 on #f1f3f5 and 6.3:1 white-on-teal */
+.pillTool   { --pill-color: #056B73;                       --pill-bg-hover: rgba(5,107,115,0.1);  }
 /* Type uses primary bright blue — distinct from navy and teal */
 .pillType   { --pill-color: var(--om-primary-blue); --pill-bg-hover: rgba(64,81,204,0.08); }
 
@@ -187,7 +188,7 @@
   flex-direction: column;
   gap: 0.15rem;
   font-size: 0.8rem;
-  color: var(--ifm-color-emphasis-600);
+  color: var(--ifm-color-emphasis-700); /* ponytail: was 600, fails AA; 700 passes */
   margin-top: auto;
 }
 
@@ -203,7 +204,7 @@
 
 .cardRelease {
   font-size: 0.75rem;
-  color: var(--ifm-color-emphasis-500);
+  color: var(--ifm-color-emphasis-700); /* ponytail: was 500, very low contrast; 700 passes AA */
 }
 
 .cardTags {
diff --git a/src/css/custom.css b/src/css/custom.css
index 4a9403ef..c3ab3072 100644
--- a/src/css/custom.css
+++ b/src/css/custom.css
@@ -209,6 +209,13 @@
   border-left: 3px solid var(--om-secondary-cyan);
 }
 
+/* Underline inline links so they pass link-in-text-block (WCAG 1.4.1) */
+.markdown p a,
+article p a {
+  text-decoration: underline;
+  text-underline-offset: 2px;
+}
+
 /* Landing page: remove empty title header and excess padding */
 .docs-doc-id-index .theme-doc-markdown > header {
   display: none;

From 397cde8d6c6b4e3753f28cfb4b4cec0a11d0a039 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:21:20 -0400
Subject: [PATCH 12/25] chore(query-tests): print query SQL and elapsed time
 per run

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 9fb74f71..7ceedb45 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -20,6 +20,7 @@
 import re
 import sys
 import tempfile
+import time
 from pathlib import Path
 from urllib.request import urlopen
 
@@ -118,16 +119,18 @@ def main() -> None:
             continue
 
         label = "script" if is_multi else "query "
-        print(f"  {label} {path.name} ... ", end="", flush=True)
+        print(f"\n  {label} {path.name}")
+        for line in sql.splitlines():
+            print(f"    {line}")
+        t0 = time.perf_counter()
         try:
             if is_multi:
                 run_multi(con, sql)
             else:
                 run_single(con, sql)
-            print("ok")
+            print(f"  → ok ({time.perf_counter() - t0:.2f}s)")
         except Exception as exc:
-            print("FAIL")
-            print(f"         {exc}")
+            print(f"  → FAIL ({time.perf_counter() - t0:.2f}s): {exc}")
             failures.append((path.name, str(exc)))
 
     print()

From abeb46670e2deb73f728a029b9e9379232ee6c2a Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:33:58 -0400
Subject: [PATCH 13/25] fix(a11y): resolve code-block, link, email, and iframe
 WCAG violations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Use nightOwl dark prism palette in both color modes — code blocks are
  forced to a dark bg in light mode, so the light palette's inline token
  colors failed contrast (function/string/number/boolean/parameter)
- Override .token.comment to #8b9d9d !important (nightOwl's #637777 is
  only 3.46:1; prism sets it inline so !important is required)
- Underline links in list items, not just paragraphs (link-in-text-block)
- Darken blog author email byline (#8d949e was 3.06:1 on white)
- Add title to the Explorer iframe (frame-title)
- Fix Windows path guard in a11y static server (relative() not startsWith)
  and surface axe failureSummary for precise diagnostics

All 7 pages pass WCAG 2.2 AA locally.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 __tests__/a11y.test.mjs                 | 11 ++++++++---
 blog/2026-03-12-explorer-got-pretty.mdx |  1 +
 docusaurus.config.js                    |  9 +++++----
 src/css/custom.css                      | 15 ++++++++++++++-
 4 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
index d90e17f4..de8f01d2 100644
--- a/__tests__/a11y.test.mjs
+++ b/__tests__/a11y.test.mjs
@@ -8,7 +8,7 @@ import { test, before, after } from 'node:test';
 import assert from 'node:assert/strict';
 import { createServer } from 'node:http';
 import { readFile, access } from 'node:fs/promises';
-import { extname, join, resolve } from 'node:path';
+import { extname, join, resolve, relative, isAbsolute } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import { chromium } from 'playwright';
 import AxeBuilder from '@axe-core/playwright';
@@ -40,7 +40,9 @@ before(async () => {
   server = createServer(async (req, res) => {
     const urlPath = req.url.split('?')[0];
     const filePath = resolve(join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath));
-    if (!filePath.startsWith(BUILD_DIR + '/') && filePath !== BUILD_DIR) {
+    // ponytail: relative() is cross-platform; startsWith(BUILD_DIR + '/') broke on Windows backslashes
+    const rel = relative(BUILD_DIR, filePath);
+    if (rel.startsWith('..') || isAbsolute(rel)) {
       res.writeHead(403);
       res.end('Forbidden');
       return;
@@ -74,7 +76,10 @@ function formatViolations(violations, label) {
   const detail = violations
     .map((v) =>
       `[${v.impact}] ${v.id}: ${v.description}\n` +
-      v.nodes.map((n) => `  • ${n.target}`).join('\n')
+      v.nodes.map((n) =>
+        `  • ${n.target}` +
+        (n.failureSummary ? `\n    ${n.failureSummary.replace(/\n/g, '\n    ')}` : '')
+      ).join('\n')
     )
     .join('\n\n');
   assert.fail(`${violations.length} WCAG 2.2 AA violation(s) — ${label}:\n\n${detail}`);
diff --git a/blog/2026-03-12-explorer-got-pretty.mdx b/blog/2026-03-12-explorer-got-pretty.mdx
index 8085d003..742db69d 100644
--- a/blog/2026-03-12-explorer-got-pretty.mdx
+++ b/blog/2026-03-12-explorer-got-pretty.mdx
@@ -17,6 +17,7 @@ That was the right call for a launch. But as Explorer has matured and more peopl
 <figure className="screenshot-frame">
   <iframe
     src="https://explore.overturemaps.org"
+    title="Overture Maps Explorer"
     width="100%"
     height="500"
     style={{ border: 'none', borderRadius: '8px' }}
diff --git a/docusaurus.config.js b/docusaurus.config.js
index bfd801fa..c690885a 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -3,8 +3,9 @@
 
 const { themes } = require('prism-react-renderer');
 
-const lightCodeTheme = themes.nightOwlLight;
-const darkCodeTheme = themes.nightOwl;
+// ponytail: both modes use the dark palette — code blocks are forced dark bg in
+// light mode too (see custom.css), so light-theme token colors fail contrast.
+const codeTheme = themes.nightOwl;
 
 const defaultUrl = 'https://docs.overturemaps.org';
 const defaultBaseUrl = '/';
@@ -250,8 +251,8 @@ const config = {
         copyright: `Copyright © ${new Date().getFullYear()} Overture Maps Foundation.`,
       },
       prism: {
-        theme: lightCodeTheme,
-        darkTheme: darkCodeTheme,
+        theme: codeTheme,
+        darkTheme: codeTheme,
         additionalLanguages: ['bash', 'diff', 'json', 'sql', 'python'],
       },
     }),
diff --git a/src/css/custom.css b/src/css/custom.css
index c3ab3072..9314e142 100644
--- a/src/css/custom.css
+++ b/src/css/custom.css
@@ -19,6 +19,12 @@
 [data-theme='light'] .token.prolog,
 [data-theme='light'] .token.doctype { color: #6c7086; font-style: italic; }
 
+/* nightOwl's #637777 comment is only 3.46:1 on the forced-dark bg; prism sets
+   it inline, so !important is required. Lighter gray passes AA in both themes. */
+.token.comment,
+.token.prolog,
+.token.doctype { color: #8b9d9d !important; }
+
 [data-theme='light'] .token.keyword,
 [data-theme='light'] .token.operator { color: #cba6f7; }
 
@@ -211,11 +217,18 @@
 
 /* Underline inline links so they pass link-in-text-block (WCAG 1.4.1) */
 .markdown p a,
-article p a {
+.markdown li a,
+article p a,
+article li a {
   text-decoration: underline;
   text-underline-offset: 2px;
 }
 
+/* Blog author email byline — default #8d949e is only 3.06:1 on white */
+[class*='authorEmail'] {
+  color: var(--ifm-color-emphasis-700) !important;
+}
+
 /* Landing page: remove empty title header and excess padding */
 .docs-doc-id-index .theme-doc-markdown > header {
   display: none;

From e67b6ae180b3c6e81834d5f59f699dfe35bb0a2b Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:35:49 -0400
Subject: [PATCH 14/25] chore: remove ponytail comment markers

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 __tests__/a11y.test.mjs                  | 4 ++--
 docusaurus.config.js                     | 2 +-
 scripts/test_queries.py                  | 2 +-
 src/components/CommunityTable.module.css | 8 ++++----
 src/components/home.module.css           | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
index de8f01d2..7822827c 100644
--- a/__tests__/a11y.test.mjs
+++ b/__tests__/a11y.test.mjs
@@ -36,11 +36,11 @@ before(async () => {
     throw new Error(`build/index.html not found — run 'npm run build' before running accessibility tests`);
   });
 
-  // ponytail: minimal static file server, falls back to index.html for Docusaurus client-side routing
+  // minimal static file server, falls back to index.html for Docusaurus client-side routing
   server = createServer(async (req, res) => {
     const urlPath = req.url.split('?')[0];
     const filePath = resolve(join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath));
-    // ponytail: relative() is cross-platform; startsWith(BUILD_DIR + '/') broke on Windows backslashes
+    // relative() is cross-platform; startsWith(BUILD_DIR + '/') broke on Windows backslashes
     const rel = relative(BUILD_DIR, filePath);
     if (rel.startsWith('..') || isAbsolute(rel)) {
       res.writeHead(403);
diff --git a/docusaurus.config.js b/docusaurus.config.js
index c690885a..58637639 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -3,7 +3,7 @@
 
 const { themes } = require('prism-react-renderer');
 
-// ponytail: both modes use the dark palette — code blocks are forced dark bg in
+// both modes use the dark palette — code blocks are forced dark bg in
 // light mode too (see custom.css), so light-theme token colors fail contrast.
 const codeTheme = themes.nightOwl;
 
diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 7ceedb45..fc921816 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -86,7 +86,7 @@ def run_single(con: duckdb.DuckDBPyConnection, sql: str) -> None:
 
 
 def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
-    # ponytail: chdir into tmpdir so COPY...TO writes go to scratch space
+    # chdir into tmpdir so COPY...TO writes go to scratch space
     prev = os.getcwd()
     with tempfile.TemporaryDirectory() as tmpdir:
         os.chdir(tmpdir)
diff --git a/src/components/CommunityTable.module.css b/src/components/CommunityTable.module.css
index 012d1b13..4d1a8f60 100644
--- a/src/components/CommunityTable.module.css
+++ b/src/components/CommunityTable.module.css
@@ -18,7 +18,7 @@
   font-size: 0.75rem;
   text-transform: uppercase;
   letter-spacing: 0.05em;
-  color: var(--ifm-color-emphasis-700); /* ponytail: was 600 (~4.3:1), 700 (~9.7:1) passes AA */
+  color: var(--ifm-color-emphasis-700); /* was 600 (~4.3:1), 700 (~9.7:1) passes AA */
   margin-right: 0.25rem;
   min-width: 5rem;
 }
@@ -57,7 +57,7 @@
 
 /* Per-group color tokens — Theme: navy, Tool: teal, Type: lime */
 .pillTheme  { --pill-color: var(--om-primary-navy);        --pill-bg-hover: rgba(44,46,127,0.08); }
-/* ponytail: #05A5AF was 2.5:1 on light bg; #056B73 gives 5.7:1 on #f1f3f5 and 6.3:1 white-on-teal */
+/* #05A5AF was 2.5:1 on light bg; #056B73 gives 5.7:1 on #f1f3f5 and 6.3:1 white-on-teal */
 .pillTool   { --pill-color: #056B73;                       --pill-bg-hover: rgba(5,107,115,0.1);  }
 /* Type uses primary bright blue — distinct from navy and teal */
 .pillType   { --pill-color: var(--om-primary-blue); --pill-bg-hover: rgba(64,81,204,0.08); }
@@ -188,7 +188,7 @@
   flex-direction: column;
   gap: 0.15rem;
   font-size: 0.8rem;
-  color: var(--ifm-color-emphasis-700); /* ponytail: was 600, fails AA; 700 passes */
+  color: var(--ifm-color-emphasis-700); /* was 600, fails AA; 700 passes */
   margin-top: auto;
 }
 
@@ -204,7 +204,7 @@
 
 .cardRelease {
   font-size: 0.75rem;
-  color: var(--ifm-color-emphasis-700); /* ponytail: was 500, very low contrast; 700 passes AA */
+  color: var(--ifm-color-emphasis-700); /* was 500, very low contrast; 700 passes AA */
 }
 
 .cardTags {
diff --git a/src/components/home.module.css b/src/components/home.module.css
index 9016411c..2fd7cb9b 100644
--- a/src/components/home.module.css
+++ b/src/components/home.module.css
@@ -32,7 +32,7 @@
 
 .featuredIcon {
   display: inline-block;
-  /* ponytail: #c2410c is orange-700, 5.1:1 on white — passes WCAG AA (4.5:1) */
+  /* #c2410c is orange-700, 5.1:1 on white — passes WCAG AA (4.5:1) */
   color: #c2410c;
   margin-right: 0.4em;
   font-style: normal;

From 40425b19d49224124d3b7b965b4bb21663ef47ee Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:44:26 -0400
Subject: [PATCH 15/25] fix(query-tests): stream output live and print setup
 timing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Line-buffer stdout so CI shows progress as it happens (block buffering
  hid all output until exit — a single slow query looked like a hang)
- Print each setup step (INSTALL/LOAD) with its elapsed time
- Use ASCII '->' instead of U+2192 to avoid Windows cp1252 encode errors

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index fc921816..4f2aeea3 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -98,6 +98,8 @@ def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
 
 
 def main() -> None:
+    sys.stdout.reconfigure(line_buffering=True)  # flush each line so CI shows live progress
+
     release = fetch_release()
     print(f"Release: {release}\n")
 
@@ -107,7 +109,11 @@ def main() -> None:
         "INSTALL spatial", "LOAD spatial",
         "SET s3_region='us-west-2'",
     ]:
+        print(f"  setup  {stmt} ... ", end="", flush=True)
+        t0 = time.perf_counter()
         con.execute(stmt)
+        print(f"ok ({time.perf_counter() - t0:.2f}s)")
+    print()
 
     queries = sorted(QUERIES_DIR.glob("*.sql"))
     failures: list[tuple[str, str]] = []
@@ -128,9 +134,9 @@ def main() -> None:
                 run_multi(con, sql)
             else:
                 run_single(con, sql)
-            print(f"  → ok ({time.perf_counter() - t0:.2f}s)")
+            print(f"  -> ok ({time.perf_counter() - t0:.2f}s)")
         except Exception as exc:
-            print(f"  → FAIL ({time.perf_counter() - t0:.2f}s): {exc}")
+            print(f"  -> FAIL ({time.perf_counter() - t0:.2f}s): {exc}")
             failures.append((path.name, str(exc)))
 
     print()

From 0beba9db98cafcc630263d1c363b5741110c7bea Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:47:28 -0400
Subject: [PATCH 16/25] feat(query-tests): colorize printed SQL to set it apart
 from log lines

Single ANSI cyan, no new dependency. Honors NO_COLOR and skips when piped
to a file; GitHub Actions renders the color in its log viewer.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 4f2aeea3..6dd40726 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -30,6 +30,14 @@
 FALLBACK_RELEASE = "2026-05-20.0"
 QUERIES_DIR = Path(__file__).parent.parent / "src" / "queries" / "duckdb"
 
+# Colorize SQL in the log to set it apart from status lines (GitHub Actions
+# renders ANSI; honor NO_COLOR and skip when piped to a file).
+_USE_COLOR = (sys.stdout.isatty() or bool(os.environ.get("CI"))) and not os.environ.get("NO_COLOR")
+
+
+def cyan(s: str) -> str:
+    return f"\033[36m{s}\033[0m" if _USE_COLOR else s
+
 # Lines handled by the shared connection setup — strip before classification
 _PREAMBLE = re.compile(
     r"^\s*(LOAD|INSTALL)\s+\S+\s*;?\s*$"
@@ -127,7 +135,7 @@ def main() -> None:
         label = "script" if is_multi else "query "
         print(f"\n  {label} {path.name}")
         for line in sql.splitlines():
-            print(f"    {line}")
+            print(f"    {cyan(line)}")
         t0 = time.perf_counter()
         try:
             if is_multi:

From 7c1beab28f4fb77dd978008adae011d5739c20ca Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 10:59:27 -0400
Subject: [PATCH 17/25] fix(query-tests): print the exact SQL that executes

Single statements run wrapped in 'SELECT * FROM (...) LIMIT 1'; the log now
shows that wrapper instead of the bare inner query, so the printout matches
what actually runs. Folds run_single into the loop (single source of truth).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 6dd40726..63255cb0 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -89,10 +89,6 @@ def prepare(raw: str, release: str) -> tuple[str, bool]:
     return sql, True
 
 
-def run_single(con: duckdb.DuckDBPyConnection, sql: str) -> None:
-    con.execute(f"SELECT * FROM (\n{sql}\n) _q LIMIT 1")
-
-
 def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
     # chdir into tmpdir so COPY...TO writes go to scratch space
     prev = os.getcwd()
@@ -132,16 +128,18 @@ def main() -> None:
             print(f"  skip   {path.name}")
             continue
 
+        # Print exactly what runs: single statements execute wrapped in a LIMIT 1
+        exec_sql = sql if is_multi else f"SELECT * FROM (\n{sql}\n) _q LIMIT 1"
         label = "script" if is_multi else "query "
         print(f"\n  {label} {path.name}")
-        for line in sql.splitlines():
+        for line in exec_sql.splitlines():
             print(f"    {cyan(line)}")
         t0 = time.perf_counter()
         try:
             if is_multi:
                 run_multi(con, sql)
             else:
-                run_single(con, sql)
+                con.execute(exec_sql)
             print(f"  -> ok ({time.perf_counter() - t0:.2f}s)")
         except Exception as exc:
             print(f"  -> FAIL ({time.perf_counter() - t0:.2f}s): {exc}")

From 3f0b94682017b3640589453a4eb4b1ba3de9dcd4 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:06:49 -0400
Subject: [PATCH 18/25] fix(query-tests): strip 'LOAD ...; --noqa' preamble so
 queries get LIMIT 1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The preamble regex was anchored at end-of-line, so 'LOAD spatial; --noqa'
(trailing comment) wasn't stripped. That left LOAD/LOAD/SELECT as three
statements, misclassifying 47 of 49 queries as multi-statement scripts that
ran UNWRAPPED full scans instead of 'SELECT * FROM (...) LIMIT 1'. Now 48
single (wrapped, fast) and 1 genuine multi.

Also bump vitest testTimeout to 20s — the render-heavy CommunityTable tests
flake against the 5s default on loaded CI runners (passes in <2s locally).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 7 ++++---
 vitest.config.js        | 3 +++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 63255cb0..7c6e0df5 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -38,10 +38,11 @@
 def cyan(s: str) -> str:
     return f"\033[36m{s}\033[0m" if _USE_COLOR else s
 
-# Lines handled by the shared connection setup — strip before classification
+# Lines handled by the shared connection setup — strip before classification.
+# Tolerates a trailing line comment (e.g. "LOAD spatial; --noqa").
 _PREAMBLE = re.compile(
-    r"^\s*(LOAD|INSTALL)\s+\S+\s*;?\s*$"
-    r"|^\s*SET\s+s3_region\s*=\s*[^;]+;\s*$",
+    r"^\s*(LOAD|INSTALL)\s+\S+\s*;?\s*(--[^\n]*)?$"
+    r"|^\s*SET\s+s3_region\s*=\s*[^;]+;\s*(--[^\n]*)?$",
     re.IGNORECASE | re.MULTILINE,
 )
 
diff --git a/vitest.config.js b/vitest.config.js
index 2e9805eb..4ece0d15 100644
--- a/vitest.config.js
+++ b/vitest.config.js
@@ -11,5 +11,8 @@ export default defineConfig({
   test: {
     include: ['src/**/__tests__/**/*.test.{js,jsx}'],
     setupFiles: ['./src/setupTests.js'],
+    // CI runners are slower under load; the render-heavy CommunityTable tests
+    // can exceed the 5s default and flake. 20s gives ample headroom.
+    testTimeout: 20000,
   },
 });

From 1bc9f03211f82e8ce976bf2ca32fcab9e249f111 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:13:02 -0400
Subject: [PATCH 19/25] perf(query-tests): use LIMIT 0 instead of LIMIT 1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Measured against live S3: LIMIT 1 takes ~7.3s per query because DuckDB
scans parquet row groups through the WHERE filter to find one matching
row. LIMIT 0 takes ~0.27s (~27x faster) and still resolves the S3 glob
and binds the schema, so it catches the failures a smoke test cares
about — bad release/path (IO Error) and column drift (Binder Error).

The subquery wrapper is not an optimization fence: wrapped vs direct
LIMIT 0 timed identically (0.27 vs 0.26s).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 7c6e0df5..6845c011 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -2,8 +2,8 @@
 """
 Execute every DuckDB query in src/queries/duckdb/ against live Overture S3 data.
 
-Single-statement queries (SELECT / COPY wrappers) run as SELECT * FROM (...) LIMIT 1
-to validate paths and schema with minimal data transfer.
+Single-statement queries (SELECT / COPY wrappers) run as SELECT * FROM (...) LIMIT 0
+to validate S3 paths and schema (parse + bind) with no row data transfer.
 
 Multi-statement scripts (SET VARIABLE, CREATE TABLE chains) run in full inside a
 temporary directory so any COPY ... TO 'file' output is cleaned up automatically.
@@ -129,8 +129,11 @@ def main() -> None:
             print(f"  skip   {path.name}")
             continue
 
-        # Print exactly what runs: single statements execute wrapped in a LIMIT 1
-        exec_sql = sql if is_multi else f"SELECT * FROM (\n{sql}\n) _q LIMIT 1"
+        # Print exactly what runs: single statements execute wrapped in LIMIT 0,
+        # which still resolves the S3 glob and binds the schema (catching bad
+        # releases and column drift) but skips reading row data — ~27x faster
+        # than LIMIT 1, which scans row groups to find a matching row.
+        exec_sql = sql if is_multi else f"SELECT * FROM (\n{sql}\n) _q LIMIT 0"
         label = "script" if is_multi else "query "
         print(f"\n  {label} {path.name}")
         for line in exec_sql.splitlines():

From 37e7f49bbe7b0891d7cb9e94e22d209173468b57 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:32:29 -0400
Subject: [PATCH 20/25] fix(query-tests): unwrap COPY queries with leading
 comments, add --dry-run
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- _COPY_WRAP now tolerates leading comment lines, so COPY(...) TO 'file'
  queries with a stray comment (left after the SET preamble is stripped)
  unwrap to their inner SELECT instead of being wrapped into invalid
  'SELECT * FROM (COPY ...)' SQL.
- Retry INSTALL statements: extensions.duckdb.org times out transiently.
- Add --dry-run/-n to print every resolved query without connecting or
  executing — inspecting the wrapped SQL no longer waits on a full run.
- Refresh two stale doc queries to the release token + current AWS
  divisions/division schema (were pinned to dead Azure/2024 releases).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py                       | 45 +++++++++++++------
 ...ivisions_denmark_locality_neighborhood.sql |  2 +-
 .../duckdb/seattle_placenames_for_map.sql     |  9 ++--
 3 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 6845c011..78d2744e 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -46,9 +46,10 @@ def cyan(s: str) -> str:
     re.IGNORECASE | re.MULTILINE,
 )
 
-# COPY(<select>) TO '<file>' [WITH (...)] — unwrap to just the inner SELECT
+# COPY(<select>) TO '<file>' [WITH (...)] — unwrap to just the inner SELECT.
+# Tolerates leading comment lines (left behind after the SET preamble is stripped).
 _COPY_WRAP = re.compile(
-    r"\ACOPY\s*\((.+)\)\s+TO\s+'[^']+?'[^;]*\Z",
+    r"\A(?:\s*--[^\n]*\n)*\s*COPY\s*\((.+)\)\s+TO\s+'[^']+?'[^;]*\Z",
     re.DOTALL | re.IGNORECASE,
 )
 
@@ -104,21 +105,34 @@ def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
 
 def main() -> None:
     sys.stdout.reconfigure(line_buffering=True)  # flush each line so CI shows live progress
+    dry_run = "--dry-run" in sys.argv or "-n" in sys.argv
 
     release = fetch_release()
     print(f"Release: {release}\n")
 
-    con = duckdb.connect()
-    for stmt in [
-        "INSTALL httpfs", "LOAD httpfs",
-        "INSTALL spatial", "LOAD spatial",
-        "SET s3_region='us-west-2'",
-    ]:
-        print(f"  setup  {stmt} ... ", end="", flush=True)
-        t0 = time.perf_counter()
-        con.execute(stmt)
-        print(f"ok ({time.perf_counter() - t0:.2f}s)")
-    print()
+    con = None
+    if not dry_run:
+        con = duckdb.connect()
+        for stmt in [
+            "INSTALL httpfs", "LOAD httpfs",
+            "INSTALL spatial", "LOAD spatial",
+            "SET s3_region='us-west-2'",
+        ]:
+            print(f"  setup  {stmt} ... ", end="", flush=True)
+            t0 = time.perf_counter()
+            # INSTALL hits extensions.duckdb.org and can time out transiently; retry it.
+            retries = 3 if stmt.upper().startswith("INSTALL") else 1
+            for attempt in range(1, retries + 1):
+                try:
+                    con.execute(stmt)
+                    break
+                except Exception as exc:
+                    if attempt == retries:
+                        raise
+                    print(f"retry {attempt} ({exc.__class__.__name__}) ", end="", flush=True)
+                    time.sleep(2 * attempt)
+            print(f"ok ({time.perf_counter() - t0:.2f}s)")
+        print()
 
     queries = sorted(QUERIES_DIR.glob("*.sql"))
     failures: list[tuple[str, str]] = []
@@ -138,6 +152,8 @@ def main() -> None:
         print(f"\n  {label} {path.name}")
         for line in exec_sql.splitlines():
             print(f"    {cyan(line)}")
+        if dry_run:
+            continue
         t0 = time.perf_counter()
         try:
             if is_multi:
@@ -150,6 +166,9 @@ def main() -> None:
             failures.append((path.name, str(exc)))
 
     print()
+    if dry_run:
+        print(f"Dry run: printed {len(queries)} queries (nothing executed).")
+        return
     if failures:
         print(f"{len(failures)} failure(s):")
         for name, err in failures:
diff --git a/src/queries/duckdb/divisions_denmark_locality_neighborhood.sql b/src/queries/duckdb/divisions_denmark_locality_neighborhood.sql
index f0e1b1a2..a362de98 100644
--- a/src/queries/duckdb/divisions_denmark_locality_neighborhood.sql
+++ b/src/queries/duckdb/divisions_denmark_locality_neighborhood.sql
@@ -10,7 +10,7 @@ COPY (
     subtype,
     geometry -- DuckDB v.1.1.0 will autoload this as a `geometry` type
   FROM
-    read_parquet('s3://overturemaps-us-west-2/release/2024-07-22.0/theme=divisions/type=division/*', filename=true, hive_partitioning=1)
+    read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=divisions/type=division/*', filename=true, hive_partitioning=1)
   WHERE
     country = 'DK'
     AND subtype IN ('locality','neighborhood')
diff --git a/src/queries/duckdb/seattle_placenames_for_map.sql b/src/queries/duckdb/seattle_placenames_for_map.sql
index 0acb4180..36b7b856 100644
--- a/src/queries/duckdb/seattle_placenames_for_map.sql
+++ b/src/queries/duckdb/seattle_placenames_for_map.sql
@@ -1,13 +1,16 @@
 LOAD spatial; -- noqa
+LOAD httpfs;  -- noqa
+-- Access the data on AWS in this example
+SET s3_region='us-west-2';
 
 COPY (
     SELECT
         subtype,
-        locality_type,
         names.primary as name,
         geometry -- DuckDB v.1.1.0 will autoload this as a `geometry` type
-    FROM read_parquet('az://overturemapswestus2.blob.core.windows.net/release/2024-04-16-beta.0/theme=admins/type=locality/*', hive_partitioning=1)
-    WHERE bbox.xmin > -122.679404 AND bbox.xmax < -121.978275
+    FROM read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=divisions/type=division/*', hive_partitioning=1)
+    WHERE subtype IN ('locality', 'neighborhood')
+    AND bbox.xmin > -122.679404 AND bbox.xmax < -121.978275
     AND bbox.ymin > 47.360619 AND bbox.ymax < 47.786336
 ) TO 'seattle_placenames.geojson'
 WITH (FORMAT GDAL, DRIVER 'GeoJSON', SRS 'EPSG:4326');

From 775da8073563806d23e439032a486062a2f3fd65 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:37:42 -0400
Subject: [PATCH 21/25] fix(divisions): wire up orphaned count queries, drop
 dead SQL fragments

The divisions guide imported CountsPerEntity and SubTypeCountsUSMXCA but
both pointed at divisions_border_usmx.sql and were never rendered, so
divisions_counts_per_entity.sql and divisions_subtype_counts_specific_countries.sql
sat unused. Repoint the imports at their real files and render them as
two tabs in the counts section.

Delete three SQL fragments referenced by no docs page:
boulder_co_duckdb.sql (also the slowest smoke-test query, a full
theme=*/type=* union scan), buildings_madrid.sql, confident_mountains.sql.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 docs/guides/divisions/index.mdx            | 12 ++++++++++--
 src/queries/duckdb/boulder_co_duckdb.sql   |  9 ---------
 src/queries/duckdb/buildings_madrid.sql    | 17 -----------------
 src/queries/duckdb/confident_mountains.sql | 17 -----------------
 4 files changed, 10 insertions(+), 45 deletions(-)
 delete mode 100644 src/queries/duckdb/boulder_co_duckdb.sql
 delete mode 100644 src/queries/duckdb/buildings_madrid.sql
 delete mode 100644 src/queries/duckdb/confident_mountains.sql

diff --git a/docs/guides/divisions/index.mdx b/docs/guides/divisions/index.mdx
index 06a38748..af71a511 100644
--- a/docs/guides/divisions/index.mdx
+++ b/docs/guides/divisions/index.mdx
@@ -16,8 +16,8 @@ import BoundaryCounts from '!!raw-loader!@site/src/queries/duckdb/divisions_boun
 import SpecificFeature from '!!raw-loader!@site/src/queries/duckdb/divisions_query_specific_feature.sql';
 import OSMLookUp from '!!raw-loader!@site/src/queries/duckdb/divisions_lookup_osm.sql';
 import BorderUSMX from '!!raw-loader!@site/src/queries/duckdb/divisions_border_usmx.sql';
-import CountsPerEntity from '!!raw-loader!@site/src/queries/duckdb/divisions_border_usmx.sql';
-import SubTypeCountsUSMXCA from '!!raw-loader!@site/src/queries/duckdb/divisions_border_usmx.sql';
+import CountsPerEntity from '!!raw-loader!@site/src/queries/duckdb/divisions_counts_per_entity.sql';
+import SubTypeCountsUSMXCA from '!!raw-loader!@site/src/queries/duckdb/divisions_subtype_counts_specific_countries.sql';
 import DenmarkLocalityNeighborhood from '!!raw-loader!@site/src/queries/duckdb/divisions_denmark_locality_neighborhood.sql';
 import PhillyPlaces from '!!raw-loader!@site/src/queries/duckdb/divisions_philly_places.sql';
 
@@ -273,6 +273,14 @@ Using these queries, you can get counts for each feature type in divisions.
 <QueryBuilder query={BoundaryCounts}></QueryBuilder>
 </TabItem>
 
+<TabItem value="division_area counts by subtype" label="division_area counts by subtype" default>
+<QueryBuilder query={CountsPerEntity}></QueryBuilder>
+</TabItem>
+
+<TabItem value="division_area subtype counts (US/MX/CA)" label="division_area subtype counts (US/MX/CA)" default>
+<QueryBuilder query={SubTypeCountsUSMXCA}></QueryBuilder>
+</TabItem>
+
 </Tabs>
 
 <Tabs>
diff --git a/src/queries/duckdb/boulder_co_duckdb.sql b/src/queries/duckdb/boulder_co_duckdb.sql
deleted file mode 100644
index 6a335ed2..00000000
--- a/src/queries/duckdb/boulder_co_duckdb.sql
+++ /dev/null
@@ -1,9 +0,0 @@
-COPY (
-    SELECT *
-    FROM read_parquet("s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=*/type=*/*", union_by_name = True)
-    WHERE
-        bbox.xmin >= -105.30
-        AND bbox.ymin >= 39.98
-        AND bbox.xmax <= -105.24
-        AND bbox.ymax <= 40.07
-) TO 'boulder_co_overture.parquet';
diff --git a/src/queries/duckdb/buildings_madrid.sql b/src/queries/duckdb/buildings_madrid.sql
deleted file mode 100644
index e1b534e0..00000000
--- a/src/queries/duckdb/buildings_madrid.sql
+++ /dev/null
@@ -1,17 +0,0 @@
-LOAD spatial; -- noqa
-
-SET s3_region='us-west-2';
-
-COPY(
-  SELECT
-    id,
-    names.primary as primary_name,
-    height,
-    geometry
-  FROM
-    read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=buildings/type=building/*', filename=true, hive_partitioning=1)
-  WHERE
-    names.primary IS NOT NULL
-    AND bbox.xmin BETWEEN -4.009 AND -3.455
-    AND bbox.ymin BETWEEN 40.211 AND 40.596
-) TO 'madrid_buildings.geojson' WITH (FORMAT GDAL, DRIVER 'GeoJSON');
diff --git a/src/queries/duckdb/confident_mountains.sql b/src/queries/duckdb/confident_mountains.sql
deleted file mode 100644
index c7d259c0..00000000
--- a/src/queries/duckdb/confident_mountains.sql
+++ /dev/null
@@ -1,17 +0,0 @@
-LOAD spatial; -- noqa
-LOAD httpfs;  -- noqa
-SET s3_region='us-west-2';
-
-COPY(
-    SELECT
-       id,
-       names.primary as primary_name,
-       geometry,    -- DuckDB v.1.1.0 will autoload this as a `geometry` type
-       categories.primary as primary_category,
-       sources[1].dataset AS primary_source,
-       confidence
-    FROM read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=places/type=*/*', filename=true, hive_partitioning=1)
-    WHERE categories.primary = 'mountain' AND confidence > .90
-    ORDER BY confidence DESC
-) TO 'overture_places_mountains_gt90.geojson'
-WITH (FORMAT GDAL, DRIVER 'GeoJSON');

From d112c54a30f8f829e94164eef49b92261d601024 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:49:37 -0400
Subject: [PATCH 22/25] fix(divisions): shorten new count-tab labels so they
 don't truncate

The two added division_area tabs had labels longer than every other tab,
overflowing the tab row and clipping the rightmost one. Trim the labels
(values unchanged) so all six fit.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 docs/guides/divisions/index.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/guides/divisions/index.mdx b/docs/guides/divisions/index.mdx
index af71a511..9a405cbe 100644
--- a/docs/guides/divisions/index.mdx
+++ b/docs/guides/divisions/index.mdx
@@ -273,11 +273,11 @@ Using these queries, you can get counts for each feature type in divisions.
 <QueryBuilder query={BoundaryCounts}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_area counts by subtype" label="division_area counts by subtype" default>
+<TabItem value="division_area counts by subtype" label="area counts by subtype" default>
 <QueryBuilder query={CountsPerEntity}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_area subtype counts (US/MX/CA)" label="division_area subtype counts (US/MX/CA)" default>
+<TabItem value="division_area subtype counts (US/MX/CA)" label="subtype counts (US/MX/CA)" default>
 <QueryBuilder query={SubTypeCountsUSMXCA}></QueryBuilder>
 </TabItem>
 

From cc6276ab02848091ab40f289ee9509788987313b Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 11:53:42 -0400
Subject: [PATCH 23/25] fix(query-tests): use AWS S3 path for Detroit and
 Seattle building queries

Both pointed at the az:// Azure blob endpoint, which fails in CI with an
SSL CA cert error (and mismatched the SET s3_region='us-west-2' already
in the Detroit query). Switch to the s3:// bucket and add the LOAD httpfs
preamble so both run cleanly. Verified live against S3.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 src/queries/duckdb/buildings_detroit.sql         | 3 ++-
 src/queries/duckdb/seattle_buildings_for_map.sql | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/queries/duckdb/buildings_detroit.sql b/src/queries/duckdb/buildings_detroit.sql
index 23d49587..b8fb6839 100644
--- a/src/queries/duckdb/buildings_detroit.sql
+++ b/src/queries/duckdb/buildings_detroit.sql
@@ -1,4 +1,5 @@
 LOAD spatial; -- noqa
+LOAD httpfs;  -- noqa
 
 SET s3_region='us-west-2';
 
@@ -9,7 +10,7 @@ COPY(
     height,
     geometry
   FROM
-    read_parquet('az://overturemapswestus2.blob.core.windows.net/release/__OVERTURE_RELEASE/theme=buildings/type=building/*', filename=true, hive_partitioning=1)
+    read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=buildings/type=building/*', filename=true, hive_partitioning=1)
   WHERE
     names.primary IS NOT NULL
     AND bbox.xmin BETWEEN -84.36 AND -82.42
diff --git a/src/queries/duckdb/seattle_buildings_for_map.sql b/src/queries/duckdb/seattle_buildings_for_map.sql
index 89a27b67..e2f58220 100644
--- a/src/queries/duckdb/seattle_buildings_for_map.sql
+++ b/src/queries/duckdb/seattle_buildings_for_map.sql
@@ -1,4 +1,7 @@
 LOAD spatial; -- noqa
+LOAD httpfs;  -- noqa
+
+SET s3_region='us-west-2';
 
 COPY (
     SELECT
@@ -6,7 +9,7 @@ COPY (
         height,
         level,
         geometry -- DuckDB v.1.1.0 will autoload this as a `geometry` type
-    FROM read_parquet('az://overturemapswestus2.blob.core.windows.net/release/__OVERTURE_RELEASE/theme=buildings/type=building/*', filename=true, hive_partitioning=1)
+    FROM read_parquet('s3://overturemaps-us-west-2/release/__OVERTURE_RELEASE/theme=buildings/type=building/*', filename=true, hive_partitioning=1)
     WHERE bbox.xmin > -122.68 AND bbox.xmax < -121.98
     AND bbox.ymin > 47.36 AND bbox.ymax < 47.79
 ) TO 'seattle_buildings.geojsonseq' WITH (FORMAT GDAL, DRIVER 'GeoJSONSeq', SRS 'EPSG:4326');

From 100ed222e20dfbf080daa72dfd48553a48a4adeb Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 12:00:37 -0400
Subject: [PATCH 24/25] perf(query-tests): wrap COPY selects in LIMIT 0 for
 multi-statement scripts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The one genuine multi-statement script (buildings_in_division_area) ran
its buildings COPY in full — an ~86s S3 scan over a county bbox plus
ST_INTERSECTS. Inject LIMIT 0 into COPY inner SELECTs in run_multi so the
output file is still written (correct schema, zero rows) without scanning,
while SET/CREATE steps still execute for real to resolve variables and
validate the divisions schema. 86s -> ~16s, still a full end-to-end check.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 scripts/test_queries.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/scripts/test_queries.py b/scripts/test_queries.py
index 78d2744e..1cf4cffd 100644
--- a/scripts/test_queries.py
+++ b/scripts/test_queries.py
@@ -53,6 +53,26 @@ def cyan(s: str) -> str:
     re.DOTALL | re.IGNORECASE,
 )
 
+# COPY ( <select> ) TO <rest> — split into prefix / inner / suffix so the inner
+# SELECT can be wrapped in LIMIT 0. Greedy inner backtracks to the last ") TO".
+_COPY_STMT = re.compile(
+    r"\A((?:\s*--[^\n]*\n)*\s*COPY\s*\()(.+)(\)\s+TO\s+.+)\Z",
+    re.DOTALL | re.IGNORECASE,
+)
+
+
+def limit_copy(stmt: str) -> str:
+    """
+    Wrap a COPY's inner SELECT in LIMIT 0 so the file is still written (correct
+    schema, zero rows) without scanning S3. Non-COPY statements pass through, so
+    SET/CREATE steps that resolve variables still run for real.
+    """
+    m = _COPY_STMT.match(stmt)
+    if not m:
+        return stmt
+    prefix, inner, suffix = m.groups()
+    return f"{prefix}SELECT * FROM (\n{inner}\n) _q LIMIT 0{suffix}"
+
 
 def fetch_release() -> str:
     try:
@@ -98,7 +118,7 @@ def run_multi(con: duckdb.DuckDBPyConnection, sql: str) -> None:
         os.chdir(tmpdir)
         try:
             for stmt in split_statements(sql):
-                con.execute(stmt)
+                con.execute(limit_copy(stmt))
         finally:
             os.chdir(prev)
 

From eb46c7aa64b57d1dcb015f5e7d19a69120e2b303 Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Wed, 17 Jun 2026 12:10:26 -0400
Subject: [PATCH 25/25] fix(a11y): harden static server and dedupe Tabs default

Address Copilot review feedback:
- Guard req.url (can be undefined) before split.
- SPA-fallback to index.html only for route-like (extensionless) requests
  so missing JS/CSS/image assets return 404 instead of masking broken builds.
- Guard server.close() in after() so a failing before() hook surfaces its
  real error instead of crashing on an undefined server.
- Keep 'default' on only the first TabItem in the divisions counts block
  (Docusaurus expects at most one default tab).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
---
 __tests__/a11y.test.mjs         | 22 +++++++++++++---------
 docs/guides/divisions/index.mdx | 10 +++++-----
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/__tests__/a11y.test.mjs b/__tests__/a11y.test.mjs
index 7822827c..03bf94c1 100644
--- a/__tests__/a11y.test.mjs
+++ b/__tests__/a11y.test.mjs
@@ -38,7 +38,7 @@ before(async () => {
 
   // minimal static file server, falls back to index.html for Docusaurus client-side routing
   server = createServer(async (req, res) => {
-    const urlPath = req.url.split('?')[0];
+    const urlPath = (req.url ?? '/').split('?')[0];
     const filePath = resolve(join(BUILD_DIR, urlPath === '/' ? 'index.html' : urlPath));
     // relative() is cross-platform; startsWith(BUILD_DIR + '/') broke on Windows backslashes
     const rel = relative(BUILD_DIR, filePath);
@@ -52,14 +52,18 @@ before(async () => {
       res.writeHead(200, { 'Content-Type': MIME[extname(filePath)] ?? 'application/octet-stream' });
       res.end(data);
     } catch {
-      try {
-        const data = await readFile(join(BUILD_DIR, 'index.html'));
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end(data);
-      } catch {
-        res.writeHead(404);
-        res.end('Not found');
+      // SPA fallback only for route-like requests (no extension); a missing
+      // asset (.js/.css/.png) must 404 so broken builds aren't masked.
+      if (extname(filePath) === '') {
+        try {
+          const data = await readFile(join(BUILD_DIR, 'index.html'));
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end(data);
+          return;
+        } catch { /* fall through to 404 */ }
       }
+      res.writeHead(404);
+      res.end('Not found');
     }
   });
   await new Promise((resolve) => server.listen(PORT, resolve));
@@ -68,7 +72,7 @@ before(async () => {
 
 after(async () => {
   await browser?.close();
-  await new Promise((resolve) => server.close(resolve));
+  if (server) await new Promise((resolve) => server.close(resolve));
 });
 
 function formatViolations(violations, label) {
diff --git a/docs/guides/divisions/index.mdx b/docs/guides/divisions/index.mdx
index 9a405cbe..2eefdb37 100644
--- a/docs/guides/divisions/index.mdx
+++ b/docs/guides/divisions/index.mdx
@@ -261,23 +261,23 @@ Using these queries, you can get counts for each feature type in divisions.
 <QueryBuilder query={CountsPerType}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division counts" label="division counts" default>
+<TabItem value="division counts" label="division counts">
 <QueryBuilder query={DivCounts}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_area counts" label="division_area counts" default>
+<TabItem value="division_area counts" label="division_area counts">
 <QueryBuilder query={DivAreaCounts}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_boundary counts" label="division_boundary counts" default>
+<TabItem value="division_boundary counts" label="division_boundary counts">
 <QueryBuilder query={BoundaryCounts}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_area counts by subtype" label="area counts by subtype" default>
+<TabItem value="division_area counts by subtype" label="area counts by subtype">
 <QueryBuilder query={CountsPerEntity}></QueryBuilder>
 </TabItem>
 
-<TabItem value="division_area subtype counts (US/MX/CA)" label="subtype counts (US/MX/CA)" default>
+<TabItem value="division_area subtype counts (US/MX/CA)" label="subtype counts (US/MX/CA)">
 <QueryBuilder query={SubTypeCountsUSMXCA}></QueryBuilder>
 </TabItem>