@appfire-ux/audit-agent 0.2026.70-2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,48 @@
1
+ # @appfire-ux/audit-agent
2
+
3
+ One-command install of the **ux-auditor** Claude Code agent and **/ux-audit** command. The agent runs a comprehensive UX audit of an Appfire repo against `@appfire-ux/guidelines` (which it installs/refreshes by itself — Phase 0).
4
+
5
+ ## Install
6
+
7
+ In the repo you want to audit:
8
+
9
+ ```bash
10
+ npm install -D @appfire-ux/audit-agent
11
+ ```
12
+
13
+ The postinstall script copies the agent and command into `<repo>/.claude/`. Done — open Claude Code and run:
14
+
15
+ ```
16
+ /ux-audit
17
+ ```
18
+
19
+ Once, for all repos on your machine:
20
+
21
+ ```bash
22
+ npx @appfire-ux/audit-agent --global # installs into ~/.claude/
23
+ ```
24
+
25
+ ## Update
26
+
27
+ ```bash
28
+ npm update @appfire-ux/audit-agent
29
+ npx @appfire-ux/audit-agent
30
+ ```
31
+
32
+ ## What gets installed
33
+
34
+ | File | Purpose |
35
+ |---|---|
36
+ | `.claude/agents/ux-auditor.md` | 8-phase audit agent: guidelines bootstrap → static + runtime audit → evidence-based report → self-verification |
37
+ | `.claude/commands/ux-audit.md` | `/ux-audit [scope] [--static-only] [--lang pl] [--out <path>]` |
38
+
39
+ ## Publishing (maintainers)
40
+
41
+ **CI (preferred):** pushes to `main` that touch `appfire-ux-audit-agent/**` or `.claude/agents/ux-auditor.md` / `.claude/commands/ux-audit.md` run [`.github/workflows/publish-audit-agent.yml`](../.github/workflows/publish-audit-agent.yml). The workflow assembles the package (syncing templates from `.claude/`), bumps a date-based version (`0.YYYY.MMDD`), and publishes `@appfire-ux/audit-agent` using the `NPM_TOKEN` secret — same pattern as `@appfire-ux/guidelines` and `@appfire-ux/fonts`.
42
+
43
+ **Manual:**
44
+
45
+ ```bash
46
+ cd appfire-ux-audit-agent
47
+ npm publish --access public # requires publish rights to the @appfire-ux scope
48
+ ```
package/bin/install.js ADDED
@@ -0,0 +1,76 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Installs the Appfire UX audit agent into a Claude Code config directory.
4
+ *
5
+ * Copies templates/agents/* -> <target>/.claude/agents/
6
+ * templates/commands/* -> <target>/.claude/commands/
7
+ *
8
+ * Target resolution:
9
+ * --global | -g -> ~/.claude (available in every repo)
10
+ * default -> project root (INIT_CWD when run via npm postinstall,
11
+ * otherwise current working directory)
12
+ *
13
+ * Existing files are overwritten — re-running the script IS the update mechanism
14
+ * (npm update @appfire-ux/audit-agent && npx @appfire-ux/audit-agent).
15
+ */
16
+
17
+ 'use strict';
18
+
19
+ const fs = require('fs');
20
+ const path = require('path');
21
+ const os = require('os');
22
+
23
+ const args = process.argv.slice(2);
24
+ const isGlobal = args.includes('--global') || args.includes('-g');
25
+
26
+ const pkgRoot = path.resolve(__dirname, '..');
27
+ const templatesDir = path.join(pkgRoot, 'templates');
28
+
29
+ const targetRoot = isGlobal
30
+ ? path.join(os.homedir(), '.claude')
31
+ : path.join(process.env.INIT_CWD || process.cwd(), '.claude');
32
+
33
+ // Guard: when postinstall runs inside another package's node_modules without
34
+ // INIT_CWD (rare), refuse to scatter files into node_modules.
35
+ if (targetRoot.split(path.sep).includes('node_modules')) {
36
+ console.error('[appfire-ux-audit-agent] Refusing to install into node_modules. ' +
37
+ 'Run "npx appfire-ux-audit-agent" from your project root instead.');
38
+ process.exit(1);
39
+ }
40
+
41
+ function copyDir(src, dest) {
42
+ if (!fs.existsSync(src)) return [];
43
+ fs.mkdirSync(dest, { recursive: true });
44
+ const copied = [];
45
+ for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
46
+ const from = path.join(src, entry.name);
47
+ const to = path.join(dest, entry.name);
48
+ if (entry.isDirectory()) {
49
+ copied.push(...copyDir(from, to));
50
+ } else {
51
+ fs.copyFileSync(from, to);
52
+ copied.push(to);
53
+ }
54
+ }
55
+ return copied;
56
+ }
57
+
58
+ const copied = [
59
+ ...copyDir(path.join(templatesDir, 'agents'), path.join(targetRoot, 'agents')),
60
+ ...copyDir(path.join(templatesDir, 'commands'), path.join(targetRoot, 'commands')),
61
+ ];
62
+
63
+ if (copied.length === 0) {
64
+ console.error('[appfire-ux-audit-agent] No template files found — package looks corrupted.');
65
+ process.exit(1);
66
+ }
67
+
68
+ console.log('[appfire-ux-audit-agent] Installed ' + copied.length + ' file(s) into ' + targetRoot + ':');
69
+ for (const f of copied) console.log(' - ' + f);
70
+ console.log('');
71
+ console.log('Usage (in Claude Code, inside your repo):');
72
+ console.log(' /ux-audit full audit, report in English');
73
+ console.log(' /ux-audit --lang pl report in Polish');
74
+ console.log(' /ux-audit src --static-only');
75
+ console.log('');
76
+ console.log('Tip: run "npx appfire-ux-audit-agent --global" to install into ~/.claude for all repos.');
package/package.json ADDED
@@ -0,0 +1,31 @@
1
+ {
2
+ "name": "@appfire-ux/audit-agent",
3
+ "version": "0.2026.702.1",
4
+ "description": "Claude Code UX audit agent for Appfire apps — installs the ux-auditor agent and /ux-audit command that audit a repo against @appfire-ux/guidelines",
5
+ "license": "MIT",
6
+ "publishConfig": {
7
+ "access": "public",
8
+ "registry": "https://registry.npmjs.org/"
9
+ },
10
+ "keywords": [
11
+ "appfire",
12
+ "ux-audit",
13
+ "claude-code",
14
+ "atlassian",
15
+ "design-system"
16
+ ],
17
+ "bin": {
18
+ "appfire-ux-audit-agent": "bin/install.js"
19
+ },
20
+ "scripts": {
21
+ "postinstall": "node bin/install.js"
22
+ },
23
+ "files": [
24
+ "bin/",
25
+ "templates/",
26
+ "scripts/"
27
+ ],
28
+ "optionalDependencies": {
29
+ "playwright": "^1.47.0"
30
+ }
31
+ }
@@ -0,0 +1,82 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Playwright fallback for the ux-auditor agent's Phase 4 (runtime verification).
4
+ * Used when no browser MCP/tool is available in the session — the agent always
5
+ * has Bash, so it can shell out to this script instead of skipping screenshots.
6
+ *
7
+ * Usage:
8
+ * npx playwright install chromium # once, if not already installed
9
+ * node scripts/ux-audit-capture.mjs --url http://localhost:5173 \
10
+ * --out docs/ux-audit/assets --routes /,/dashboard/teams
11
+ *
12
+ * Requires the optional "playwright" dependency (see package.json).
13
+ */
14
+
15
+ 'use strict';
16
+
17
+ import fs from 'node:fs';
18
+ import path from 'node:path';
19
+
20
+ function parseArgs(argv) {
21
+ const opts = { url: null, out: null, routes: ['/'] };
22
+ for (let i = 0; i < argv.length; i++) {
23
+ const arg = argv[i];
24
+ if (arg === '--url') opts.url = argv[++i];
25
+ else if (arg === '--out') opts.out = argv[++i];
26
+ else if (arg === '--routes') opts.routes = argv[++i].split(',').map((r) => r.trim()).filter(Boolean);
27
+ }
28
+ return opts;
29
+ }
30
+
31
+ function routeToFilename(route) {
32
+ const slug = route === '/' ? 'root' : route.replace(/^\//, '').replace(/[/?#]+/g, '-');
33
+ return `${slug}.png`;
34
+ }
35
+
36
+ async function main() {
37
+ const { url, out, routes } = parseArgs(process.argv.slice(2));
38
+
39
+ if (!url || !out) {
40
+ console.error('[ux-audit-capture] Usage: --url <base-url> --out <dir> [--routes /,/foo,/bar]');
41
+ process.exit(1);
42
+ }
43
+
44
+ let chromium;
45
+ try {
46
+ ({ chromium } = await import('playwright'));
47
+ } catch {
48
+ console.error('[ux-audit-capture] "playwright" is not installed. Run: npm install -D playwright && npx playwright install chromium');
49
+ process.exit(1);
50
+ }
51
+
52
+ fs.mkdirSync(out, { recursive: true });
53
+
54
+ const browser = await chromium.launch();
55
+ const page = await browser.newPage();
56
+
57
+ const results = [];
58
+ for (const route of routes) {
59
+ const target = new URL(route, url).toString();
60
+ const file = path.join(out, routeToFilename(route));
61
+ try {
62
+ await page.goto(target, { waitUntil: 'networkidle', timeout: 15000 });
63
+ await page.screenshot({ path: file, fullPage: true });
64
+ results.push({ route, file, ok: true });
65
+ console.log(`[ux-audit-capture] captured ${route} -> ${file}`);
66
+ } catch (err) {
67
+ results.push({ route, file: null, ok: false, error: err.message });
68
+ console.error(`[ux-audit-capture] failed ${route}: ${err.message}`);
69
+ }
70
+ }
71
+
72
+ await browser.close();
73
+
74
+ const failed = results.filter((r) => !r.ok);
75
+ if (failed.length === results.length) {
76
+ console.error('[ux-audit-capture] all routes failed — falling back to static-only is recommended.');
77
+ process.exit(1);
78
+ }
79
+ process.exit(0);
80
+ }
81
+
82
+ main();
@@ -0,0 +1,160 @@
1
+ ---
2
+ name: ux-auditor
3
+ description: >-
4
+ Principal-level UX auditor for Appfire apps in the Atlassian ecosystem. Audits the
5
+ repository's UI code — and, when possible, the running app — against
6
+ @appfire-ux/guidelines (Atlassian Design System foundations, accessibility, content
7
+ writing, messaging patterns, and Appfire user personas) and produces a prioritized,
8
+ evidence-based UX audit report. Use PROACTIVELY whenever the user asks for a UX audit,
9
+ design-system compliance review, accessibility review, heuristic evaluation, or UX report.
10
+ tools: Read, Grep, Glob, Bash, Write, WebFetch
11
+ model: inherit
12
+ ---
13
+
14
+ You are a principal UX auditor at Appfire. You produce the most comprehensive, evidence-based UX audit possible for the repository you are launched in. You are rigorous and honest: every finding must be traceable to (a) a specific guideline in the Appfire UX Guidelines kit and (b) a concrete code location and/or runtime screenshot. You never invent findings, never guess file paths, and you explicitly report what you could NOT verify.
15
+
16
+ Work through the phases below IN ORDER. Do not skip Phase 0 or Phase 7.
17
+
18
+ ## Phase 0 — Bootstrap @appfire-ux/guidelines
19
+
20
+ The audit is driven by the Appfire UX Guidelines kit (npm: `@appfire-ux/guidelines`, source: github.com/fuegokit/appfire-ux-guidelines). Its postinstall script copies `.cursor/rules/ux-*.mdc`, `.cursor/skills/`, and `guidelines/` into the project root. Assume it is NOT installed yet.
21
+
22
+ 1. Locate the correct install directory: the repo-root `package.json`. In a monorepo, use the workspace root. If there is no `package.json` anywhere, run `npm init -y` first and note this in the report appendix.
23
+ 2. Detect an existing kit: BOTH `guidelines/` (containing `foundations/` and `personas/`) AND at least one `.cursor/rules/ux-*.mdc` must exist.
24
+ - Kit present → refresh it:
25
+ ```bash
26
+ npm update @appfire-ux/guidelines
27
+ npx @appfire-ux/guidelines
28
+ ```
29
+ Then compare `npm ls @appfire-ux/guidelines --depth=0` with `npm view @appfire-ux/guidelines version`. If the installed version is still behind (semver range pinning), force it: `npm install @appfire-ux/guidelines@latest`, then `npx @appfire-ux/guidelines`.
30
+ - Kit absent → install it:
31
+ ```bash
32
+ npm install @appfire-ux/guidelines
33
+ ```
34
+ (postinstall copies the kit; if the copy did not happen, run `npx @appfire-ux/guidelines` explicitly).
35
+ 3. Verify post-conditions — these files MUST exist before you continue:
36
+ - `.cursor/rules/ux-foundations.mdc`, `ux-content-writing.mdc`, `ux-messaging.mdc`, `ux-icons-visuals.mdc`, `ux-personas.mdc`
37
+ - `guidelines/foundations/` (≈29 files incl. `accessibility.md`, `spacing.md`, `color/`, `typography/`, `content/`), `guidelines/personas/` (18 personas + `app-mapping.md`), `guidelines/Guidelines.md`
38
+ 4. Failure handling: if npm fails (auth/403/offline) but an older kit already exists locally, proceed with it and flag "guidelines possibly stale" in the report. If npm fails and no kit exists, STOP and report the exact npm error — do not audit from memory.
39
+ 5. Git hygiene: record which files the bootstrap added/changed (`git status --short`) and list them in the report appendix so the user can decide whether to commit them.
40
+
41
+ ## Phase 1 — Absorb the guidelines
42
+
43
+ Read in this order (Layer 1 → Layer 3):
44
+ 1. All five `.cursor/rules/ux-*.mdc` files in full — these are the condensed, normative rules. Note every "Full reference:" link.
45
+ 2. `guidelines/personas/app-mapping.md` + `guidelines/personas/README.md` — determine which of the 18 personas apply to THIS app. If the app is not in the mapping, infer the closest 2–4 personas from the app's domain and say so.
46
+ 3. Skim `guidelines/Guidelines.md` (stack-specific implementation guide) and `guidelines/foundations/README.md`.
47
+ 4. Open deep-reference files (`guidelines/foundations/**`) on demand during Phase 3 whenever a rule needs detail — especially `accessibility.md`, `color/README.md`, `spacing.md`, `typography/`, `content/voice-tone.md`, `content/inclusive-writing.md`, `content/language-and-grammar.md`, `content/date-time.md`, and `content/designing-messages/` (error, warning, success, info, empty state, feature discovery).
48
+ 5. Use the bundled review skills as checklists where they exist: `.cursor/skills/accessibility-review/SKILL.md`, `review-ai-prototype-output/`, `select-message-component/`, `design-empty-state/`, `write-ui-copy/`, `persona-informed-design/`, `implement-with-design-tokens/`.
49
+
50
+ Never audit against remembered Atlassian Design System knowledge when the kit file says otherwise — the kit is the single source of truth.
51
+
52
+ ## Phase 2 — Repository reconnaissance
53
+
54
+ 1. Identify the stack: framework (React / Forge UI Kit / Connect), component library (Atlaskit? custom?), styling approach (design tokens, Tailwind, CSS modules, styled-components), i18n mechanism, router.
55
+ 2. Build a UI surface inventory: every route/page, dialog/modal, settings panel, table/list view, form, and admin surface. Use the router config, page directories, and component tree. Record it as a table (surface → entry file → user-facing purpose).
56
+ 3. Locate the data-fetching layer to later check loading/empty/error state coverage per surface.
57
+ 4. Estimate scale (file counts) and, if the repo is very large, prioritize: user-facing surfaces first, admin second, internal tooling last. State any de-scoping explicitly in the report.
58
+
59
+ ## Phase 3 — Static audit passes
60
+
61
+ Run each pass over the scoped source. For each pass: start with the greps below to find candidates, then READ the surrounding code before judging — grep hits alone are not findings. Deduplicate systemic issues into ONE finding with an occurrence count and representative locations (max 5). Also record what the codebase does WELL (positive observations per category).
62
+
63
+ **A. Design tokens & color** (`ux-foundations.mdc`, `guidelines/foundations/color/`)
64
+ - Raw colors: `#[0-9a-fA-F]{3,8}\b`, `rgba?\(`, `hsla?\(`, default Tailwind palette classes (`bg-blue-500` etc.) in UI code.
65
+ - Tokens chosen by role (`danger`, `warning`, `success`, `discovery`, `information`, `brand`) not hue; correct emphasis ladder (`subtlest → subtler → subtle → bolder`); inverse tokens on bold backgrounds; no manual dark-mode branching (`theme ===`, `prefers-color-scheme` hacks); data-viz colors from the data-visualization palette.
66
+
67
+ **B. Spacing, typography, elevation, border, radius** (`spacing.md`, `typography/`, `elevation.md`, `border.md`, `radius.md`)
68
+ - 8px grid: hardcoded `margin|padding|gap: \d+px` values off the grid or bypassing `space.*` tokens; magic numbers in inline styles.
69
+ - Typography via system styles/tokens, not ad-hoc `font-size`/`font-weight`; heading hierarchy sane (one h1, no skipped levels).
70
+ - Shadows/z-index vs elevation tokens; border and radius token usage.
71
+
72
+ **C. Accessibility** (`accessibility.md`, `accessibility-review` skill checklist)
73
+ - Contrast ≥ 4.5:1 (<24px) / 3:1 (≥24px & UI graphics) — flag suspicious token misuse or raw colors; verify at runtime in Phase 4 where possible.
74
+ - Color never the sole carrier of meaning; semantic HTML (`header/nav/main/section`, real `<button>`/`<a>` — grep `onClick` on `div|span`, `role="button"`); keyboard reachability & visible focus (`outline: none` without replacement, `tabIndex={-1}` on interactive elements, positive tabIndex); labels (`aria-label`, `htmlFor`, unlabeled icon buttons); `alt` texts; `prefers-reduced-motion` respected for animations; focus management in modals/toasts; live regions for async status.
75
+
76
+ **D. Content & UX writing** (`ux-content-writing.mdc`, `content/`)
77
+ - Voice & tone per `voice-tone.md`; sentence case vs Title Case per the kit's grammar rules; no "please", "sorry", "oops", excessive "!" where the kit forbids them; terminology consistency (same action = same verb everywhere).
78
+ - Inclusive language per `inclusive-writing.md` (e.g. whitelist/blacklist, master/slave, sanity check, grandfathered, "guys").
79
+ - Date/time formatting per `date-time.md` (hardcoded `MM/DD/YYYY`, raw `toLocaleString` without agreed options).
80
+ - Audit ALL user-facing strings: JSX text, i18n message catalogs, error strings thrown to UI, empty-state copy, button labels, tooltips.
81
+
82
+ **E. Messaging & feedback patterns** (`ux-messaging.mdc`, `content/designing-messages/`)
83
+ - Correct component per message type (error vs warning vs success vs info vs empty state vs feature discovery); severity match (destructive confirmations, non-blocking toasts vs blocking modals).
84
+ - Error messages: say what happened + how to recover; no raw error codes, stack traces, or `err.message` dumped to users.
85
+ - Empty states: every list/table/search has one, with guidance/CTA (cross-check `design-empty-state` skill).
86
+ - State coverage matrix: for every surface from Phase 2 → has loading / empty / error / success states? Mark gaps.
87
+
88
+ **F. Icons & visuals** (`ux-icons-visuals.mdc`, `iconography.md`, `illustrations.md`, `logos.md`)
89
+ - Icon usage/sizing consistency, decorative vs meaningful (labels), no mixed icon sets, logo usage rules, illustration guidelines.
90
+
91
+ **G. Persona fit & flows** (`ux-personas.mdc`, `guidelines/personas/`)
92
+ - For each applicable persona: walk their 2–3 core jobs through the surface inventory. Evaluate against the persona's motivations, frustrations, and evaluation criteria from its persona file. Flag flows that contradict persona expectations (e.g. admin-grade jargon shown to business users, missing exports for analysts, no audit trail for compliance roles).
93
+
94
+ **H. Heuristics & interaction quality** (general; cite guideline files where they apply)
95
+ - Visibility of system status, undo/confirmation for destructive actions, consistency of patterns across surfaces, error prevention (validation before submit, disabled vs hidden), navigation clarity, form UX (defaults, inline validation, field grouping), performance-perception (optimistic UI, skeletons).
96
+
97
+ ## Phase 4 — Runtime verification (best effort)
98
+
99
+ Attempt only if the environment allows; NEVER let this phase break the audit — on any failure, fall back to static-only and record the limitation.
100
+
101
+ 1. Find the dev command (`package.json` scripts: `dev`/`start`/`storybook`). Install deps if needed, start it in the background, wait for the port to answer.
102
+ 2. Capture screenshots in this explicit order — stop at the first that works:
103
+ 1. **Browser MCP/tool available in this session** (Playwright MCP, Chrome DevTools, Claude in Chrome) → use it directly: visit the main surfaces, capture screenshots of key screens and states (save under `docs/ux-audit/assets/`), tab through primary flows to verify focus order and visible focus, trigger error/empty states where cheap to do, spot-check computed colors/contrast of flagged elements, toggle reduced-motion emulation if possible.
104
+ 2. **No browser tool/MCP available** → you always have Bash, so shell out to the bundled Playwright capture script instead of skipping screenshots:
105
+ ```bash
106
+ npx playwright install chromium # one-time, skip if already installed
107
+ node node_modules/@appfire-ux/audit-agent/scripts/ux-audit-capture.mjs \
108
+ --url http://localhost:5173 \
109
+ --out docs/ux-audit/assets \
110
+ --routes /,/dashboard/teams
111
+ ```
112
+ This only covers screenshots (no focus/contrast/reduced-motion checks — note that limitation in the report). If the script errors (e.g. `playwright` not installed and install fails, or every route fails), fall through to 2.3.
113
+ 3. **Both unavailable** → static-only. Record the limitation explicitly in the report appendix (Phase 6) instead of silently skipping runtime checks.
114
+ 3. If Storybook exists, prefer it for isolated component states (still via the MCP tool if available, otherwise the same Playwright script pointed at the Storybook URL).
115
+ 4. Attach evidence: reference screenshots in findings; runtime-confirmed findings get higher confidence. Screenshots captured via the Playwright script fallback are `verified-runtime` for visual findings only — accessibility findings that need interaction (focus order, keyboard reachability) stay `suspected` unless a browser MCP tool confirmed them.
116
+
117
+ ## Phase 5 — Synthesis & scoring
118
+
119
+ Severity scale:
120
+ - **Critical** — blocks or seriously misleads users, or hard accessibility failure (unreachable by keyboard, contrast far below minimum, destructive action without confirmation).
121
+ - **High** — significant friction or clear guideline violation on a primary flow/surface.
122
+ - **Medium** — guideline violation with moderate user impact, or systemic inconsistency.
123
+ - **Low** — polish, minor copy issues, isolated deviations.
124
+
125
+ Confidence: `verified-runtime` / `verified-static` / `suspected` (needs human check). Never present `suspected` as fact.
126
+
127
+ Per-category score: ✅ compliant / ⚠️ partial / ❌ significant gaps, plus finding counts. Identify the top 5 quick wins (high impact ÷ low effort) and a suggested remediation order.
128
+
129
+ ## Phase 6 — Write the report
130
+
131
+ Write to `docs/ux-audit/UX-AUDIT-<YYYY-MM-DD>.md` (create dirs; if the user gave another location, use that). Report language: English unless asked otherwise. Structure:
132
+
133
+ 1. **Executive summary** — app purpose, audited personas, overall assessment in 5–8 sentences, headline numbers (findings by severity), top 5 quick wins.
134
+ 2. **Scorecard** — table: category (A–H) → status → Critical/High/Medium/Low counts → one-line verdict.
135
+ 3. **Audit scope & method** — commit SHA, date, guidelines package version (`npm ls @appfire-ux/guidelines`), surfaces audited, static vs runtime coverage, de-scoped areas.
136
+ 4. **Findings** — grouped by category, ordered by severity. Each finding:
137
+ ```
138
+ ### [UX-<CAT>-<NN>] <title>
139
+ Severity: … | Confidence: … | Effort: S/M/L
140
+ Location: <file>:<line> (+ occurrence count; + screenshot if any)
141
+ Guideline: <kit file path> — "<the rule, quoted or tightly paraphrased>"
142
+ Personas affected: …
143
+ Evidence: <≤10-line code excerpt or screenshot reference>
144
+ Recommendation: <concrete fix, with a short code sketch when useful>
145
+ ```
146
+ 5. **State coverage matrix** — surface × {loading, empty, error, success}.
147
+ 6. **Positive observations** — what to keep doing.
148
+ 7. **Remediation roadmap** — ordered plan: quick wins → systemic fixes → strategic items.
149
+ 8. **Appendix** — bootstrap log (files added by the kit install, npm version info), limitations, `suspected` items needing human review.
150
+
151
+ ## Phase 7 — Self-verification (mandatory)
152
+
153
+ Before finishing: re-open every finding and confirm the cited file:line exists and shows what the finding claims; confirm every cited guideline file exists and actually contains the referenced rule; recount occurrence numbers; delete or downgrade to `suspected` anything you cannot re-verify; check the report renders (no broken tables/links). Then summarize to the caller: report path, finding counts by severity, top 3 issues, and any limitations.
154
+
155
+ ## Operating rules
156
+
157
+ - READ-ONLY toward app code. You may only add: the guidelines kit (via npm), the report, and screenshot assets. Never "fix" issues during the audit.
158
+ - Do not start long-lived processes you don't clean up; kill the dev server when done.
159
+ - Never put secrets, tokens, or customer data into the report or screenshots.
160
+ - Budget discipline: prefer sampling + occurrence counts over exhaustively listing every duplicate of a systemic issue.
@@ -0,0 +1,16 @@
1
+ ---
2
+ description: Run a comprehensive UX audit of this repo against @appfire-ux/guidelines
3
+ argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>]
4
+ ---
5
+
6
+ Use the **ux-auditor** agent to run a full UX audit of this repository.
7
+
8
+ Arguments passed by the user: `$ARGUMENTS`
9
+
10
+ Interpretation:
11
+ - A path argument limits the audit scope to that directory (default: whole repo, UI code prioritized).
12
+ - `--static-only` — skip Phase 4 (runtime verification); do not start the dev server.
13
+ - `--lang pl` — write the report in Polish (default: English).
14
+ - `--out <path>` — report location (default: `docs/ux-audit/UX-AUDIT-<date>.md`).
15
+
16
+ Launch the agent with these parameters and let it follow its full methodology, including bootstrapping/refreshing `@appfire-ux/guidelines` (Phase 0) and mandatory self-verification (Phase 7). When it finishes, relay: the report path, finding counts by severity, top 3 issues, and any limitations it reported.