@appfire-ux/audit-agent 0.20260702.1 → 0.20260702.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,6 +1,11 @@
1
1
  # @appfire-ux/audit-agent
2
2
 
3
- One-command install of two Claude Code audit agents for Appfire repos. Both bootstrap/refresh `@appfire-ux/guidelines` by themselves (Phase 0):
3
+ One-command install of two Claude Code audit agents for Appfire repos. **Every audit run refreshes both npm packages to `@latest`** (Phase 0):
4
+
5
+ - **`@appfire-ux/audit-agent`** — agent/command definitions in `.claude/`
6
+ - **`@appfire-ux/guidelines`** — rules, skills, and `guidelines/` kit
7
+
8
+ Agents:
4
9
 
5
10
  - **ux-auditor** (`/ux-audit`) — guideline-compliance UX audit: design tokens, spacing/typography, accessibility, UX writing, messaging patterns, persona fit.
6
11
  - **ui-auditor** (`/ui-audit`) — UI & usability audit from a UI Designer's perspective: cross-screen consistency, layout & visual hierarchy, information architecture, navigation, interaction design, forms, data-dense views, responsiveness. Screenshot-driven (browser MCP or bundled Playwright fallback).
@@ -27,24 +32,29 @@ Once, for all repos on your machine:
27
32
  npx @appfire-ux/audit-agent --global # installs into ~/.claude/
28
33
  ```
29
34
 
30
- ## Update
35
+ ## Update (manual, optional)
36
+
37
+ Phase 0 on every `/ux-audit`, `/ui-audit`, or `/full-audit` run already calls `npm update` + `@latest` for both packages. Use this only when you want to refresh **without** running an audit:
31
38
 
32
39
  ```bash
33
- npm update @appfire-ux/audit-agent
40
+ npm update @appfire-ux/audit-agent @appfire-ux/guidelines
34
41
  npx @appfire-ux/audit-agent
42
+ npx @appfire-ux/guidelines
35
43
  ```
36
44
 
37
45
  ## What gets installed
38
46
 
39
47
  | File | Purpose |
40
48
  |---|---|
41
- | `.claude/agents/ux-auditor.md` | 8-phase compliance audit: guidelines bootstrap static + runtime audit evidence-based report → self-verification |
42
- | `.claude/commands/ux-audit.md` | `/ux-audit [scope] [--static-only] [--lang pl] [--out <path>]` |
43
- | `.claude/agents/ui-auditor.md` | 8-phase UI & usability audit: guidelines bootstrap screen/pattern inventory screenshot capture → consistency/IA/interaction passes → report → self-verification |
44
- | `.claude/commands/ui-audit.md` | `/ui-audit [scope] [--static-only] [--lang pl] [--out <path>]` |
45
- | `.claude/commands/full-audit.md` | `/full-audit [scope] [--static-only] [--lang pl] [--out-dir <path>]` — runs **ux-auditor** and **ui-auditor** in parallel with shared guidelines bootstrap and one dev server |
46
-
47
- The audits complement each other: `ux-audit` checks *compliance with the guidelines*, `ui-audit` checks *the interface as designed*. Use `/full-audit` when you want both at once; findings each agent notices outside its lane are handed off to the other's report section, and the combined summary deduplicates cross-cutting issues.
49
+ | `.claude/agents/ux-auditor.md` | Guideline-compliance audit → MD + HTML + `assets/*.png` (Confluence-ready) |
50
+ | `.claude/commands/ux-audit.md` | `/ux-audit [scope] [--static-only] [--lang pl] [--out <path>] [--prod]` |
51
+ | `.claude/agents/ui-auditor.md` | UI & usability audit → same deliverable format |
52
+ | `.claude/commands/ui-audit.md` | `/ui-audit [scope] [--static-only] [--lang pl] [--out <path>] [--prod]` |
53
+ | `.claude/commands/full-audit.md` | `/full-audit` — parallel run, shared capture, combined summary MD+HTML |
54
+ | `scripts/ux-audit-capture.mjs` | Playwright screenshot fallback (`--widths 1440,768`) |
55
+ | `scripts/build-html-reports.mjs` | MD Confluence-ready HTML with local `assets/` gallery |
56
+
57
+ The audits complement each other. Every run produces **Markdown + HTML + PNG assets** under `docs/audits/` (STOP & ASK on auth walls; no base64). Use `/full-audit` for both agents in parallel.
48
58
 
49
59
  ## Publishing (maintainers)
50
60
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@appfire-ux/audit-agent",
3
- "version": "0.20260702.1",
4
- "description": "Claude Code audit agents for Appfire apps — installs ux-auditor (/ux-audit: guideline compliance) and ui-auditor (/ui-audit: UI consistency, IA, interaction design), auditing against @appfire-ux/guidelines",
3
+ "version": "0.20260702.3",
4
+ "description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), /full-audit parallel orchestration. Confluence-ready MD+HTML+PNG output, runtime capture scripts.",
5
5
  "license": "MIT",
6
6
  "publishConfig": {
7
7
  "access": "public",
@@ -0,0 +1,243 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Convert audit Markdown reports to Confluence-ready HTML.
4
+ * Images stay as relative assets/*.png — never base64.
5
+ *
6
+ * Usage:
7
+ * node build-html-reports.mjs --file docs/audits/ux-audit/UX-AUDIT-2026-07-02.md
8
+ * node build-html-reports.mjs --dir docs/audits/ux-audit
9
+ * node build-html-reports.mjs --dir docs/audits
10
+ *
11
+ * Bundled path: node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs
12
+ */
13
+
14
+ 'use strict';
15
+
16
+ import fs from 'node:fs';
17
+ import path from 'node:path';
18
+
19
+ function parseArgs(argv) {
20
+ const opts = { files: [], dirs: [] };
21
+ for (let i = 0; i < argv.length; i++) {
22
+ const arg = argv[i];
23
+ if (arg === '--file') opts.files.push(argv[++i]);
24
+ else if (arg === '--dir') opts.dirs.push(argv[++i]);
25
+ }
26
+ return opts;
27
+ }
28
+
29
+ function escapeHtml(text) {
30
+ return text
31
+ .replace(/&/g, '&amp;')
32
+ .replace(/</g, '&lt;')
33
+ .replace(/>/g, '&gt;')
34
+ .replace(/"/g, '&quot;');
35
+ }
36
+
37
+ function inlineFormat(text) {
38
+ let out = escapeHtml(text);
39
+ out = out.replace(/`([^`]+)`/g, '<code>$1</code>');
40
+ out = out.replace(/\*\*([^*]+)\*\*/g, '<strong>$1</strong>');
41
+ out = out.replace(/\[([^\]]+)\]\(([^)]+)\)/g, '<a href="$2">$1</a>');
42
+ return out;
43
+ }
44
+
45
+ function mdToHtml(md) {
46
+ const lines = md.replace(/\r\n/g, '\n').split('\n');
47
+ const html = [];
48
+ let inCode = false;
49
+ let codeBuf = [];
50
+ let inTable = false;
51
+ let tableRows = [];
52
+
53
+ function flushTable() {
54
+ if (!tableRows.length) return;
55
+ html.push('<table>');
56
+ tableRows.forEach((row, idx) => {
57
+ const tag = idx === 0 ? 'th' : 'td';
58
+ const cells = row.split('|').map((c) => c.trim()).filter(Boolean);
59
+ if (cells.length === 0) return;
60
+ if (idx === 1 && cells.every((c) => /^[-:]+$/.test(c))) return;
61
+ html.push('<tr>' + cells.map((c) => `<${tag}>${inlineFormat(c)}</${tag}>`).join('') + '</tr>');
62
+ });
63
+ html.push('</table>');
64
+ tableRows = [];
65
+ inTable = false;
66
+ }
67
+
68
+ for (const line of lines) {
69
+ if (line.startsWith('```')) {
70
+ if (inCode) {
71
+ html.push('<pre><code>' + escapeHtml(codeBuf.join('\n')) + '</code></pre>');
72
+ codeBuf = [];
73
+ inCode = false;
74
+ } else {
75
+ flushTable();
76
+ inCode = true;
77
+ }
78
+ continue;
79
+ }
80
+ if (inCode) {
81
+ codeBuf.push(line);
82
+ continue;
83
+ }
84
+
85
+ if (line.trim().startsWith('|')) {
86
+ inTable = true;
87
+ tableRows.push(line.trim());
88
+ continue;
89
+ }
90
+ if (inTable) flushTable();
91
+
92
+ const img = line.match(/^!\[([^\]]*)\]\(([^)]+)\)\s*$/);
93
+ if (img) {
94
+ html.push(`<figure><img src="${img[2]}" alt="${escapeHtml(img[1])}" /><figcaption>${escapeHtml(img[1])}</figcaption></figure>`);
95
+ continue;
96
+ }
97
+
98
+ if (/^#{1,6}\s/.test(line)) {
99
+ const level = line.match(/^#+/)[0].length;
100
+ const text = line.replace(/^#+\s*/, '');
101
+ html.push(`<h${level}>${inlineFormat(text)}</h${level}>`);
102
+ continue;
103
+ }
104
+
105
+ if (/^[-*]\s/.test(line)) {
106
+ html.push(`<li>${inlineFormat(line.replace(/^[-*]\s/, ''))}</li>`);
107
+ continue;
108
+ }
109
+
110
+ if (/^\d+\.\s/.test(line)) {
111
+ html.push(`<li>${inlineFormat(line.replace(/^\d+\.\s/, ''))}</li>`);
112
+ continue;
113
+ }
114
+
115
+ if (line.trim() === '---') {
116
+ html.push('<hr />');
117
+ continue;
118
+ }
119
+
120
+ if (line.trim() === '') {
121
+ html.push('');
122
+ continue;
123
+ }
124
+
125
+ html.push(`<p>${inlineFormat(line)}</p>`);
126
+ }
127
+
128
+ if (inTable) flushTable();
129
+ if (inCode && codeBuf.length) {
130
+ html.push('<pre><code>' + escapeHtml(codeBuf.join('\n')) + '</code></pre>');
131
+ }
132
+
133
+ return html.join('\n');
134
+ }
135
+
136
+ function listPngs(assetsDir) {
137
+ if (!fs.existsSync(assetsDir)) return [];
138
+ return fs
139
+ .readdirSync(assetsDir)
140
+ .filter((f) => f.endsWith('.png'))
141
+ .sort()
142
+ .map((f) => `assets/${f}`);
143
+ }
144
+
145
+ function buildGallery(assetsDir) {
146
+ const images = listPngs(assetsDir);
147
+ if (!images.length) return '';
148
+ const items = images
149
+ .map((src) => `<figure><img src="${src}" alt="${path.basename(src)}" /><figcaption>${escapeHtml(path.basename(src))}</figcaption></figure>`)
150
+ .join('\n');
151
+ return `<section class="gallery"><h2>Visual evidence gallery</h2>\n${items}\n</section>`;
152
+ }
153
+
154
+ function wrapHtml(title, body, gallery) {
155
+ return `<!DOCTYPE html>
156
+ <html lang="en">
157
+ <head>
158
+ <meta charset="utf-8" />
159
+ <meta name="viewport" content="width=device-width, initial-scale=1" />
160
+ <title>${escapeHtml(title)}</title>
161
+ <style>
162
+ body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; line-height: 1.5; max-width: 960px; margin: 0 auto; padding: 24px; color: #172b4d; }
163
+ .confluence-hint { background: #deebff; border-left: 4px solid #0052cc; padding: 12px 16px; margin-bottom: 24px; font-size: 14px; }
164
+ h1, h2, h3 { line-height: 1.25; }
165
+ table { border-collapse: collapse; width: 100%; margin: 16px 0; }
166
+ th, td { border: 1px solid #dfe1e6; padding: 8px 12px; text-align: left; vertical-align: top; }
167
+ th { background: #f4f5f7; }
168
+ img { max-width: 100%; height: auto; border: 1px solid #dfe1e6; border-radius: 3px; }
169
+ figure { margin: 16px 0; }
170
+ figcaption { font-size: 12px; color: #5e6c84; margin-top: 4px; }
171
+ pre { background: #f4f5f7; padding: 12px; overflow-x: auto; border-radius: 3px; }
172
+ code { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 0.9em; }
173
+ .gallery { margin-top: 48px; padding-top: 24px; border-top: 2px solid #dfe1e6; }
174
+ .gallery figure { display: inline-block; width: 48%; margin: 1%; vertical-align: top; }
175
+ </style>
176
+ </head>
177
+ <body>
178
+ <div class="confluence-hint">
179
+ <strong>Confluence:</strong> Open this file in a browser → <kbd>⌘A</kbd> / <kbd>Ctrl+A</kbd> → Copy → Paste into Confluence.
180
+ Images load from the local <code>assets/</code> folder — keep PNG files alongside this HTML when sharing.
181
+ </div>
182
+ <main>
183
+ ${body}
184
+ </main>
185
+ ${gallery}
186
+ </body>
187
+ </html>`;
188
+ }
189
+
190
+ function convertFile(mdPath) {
191
+ const abs = path.resolve(mdPath);
192
+ if (!fs.existsSync(abs)) {
193
+ console.error(`[build-html-reports] not found: ${abs}`);
194
+ return false;
195
+ }
196
+ const md = fs.readFileSync(abs, 'utf8');
197
+ const dir = path.dirname(abs);
198
+ const base = path.basename(abs, '.md');
199
+ const assetsDir = path.join(dir, 'assets');
200
+ const title = base;
201
+ const body = mdToHtml(md);
202
+ const gallery = buildGallery(assetsDir);
203
+ const html = wrapHtml(title, body, gallery);
204
+ const outPath = path.join(dir, `${base}.html`);
205
+ fs.writeFileSync(outPath, html);
206
+ console.log(`[build-html-reports] ${outPath}`);
207
+ return true;
208
+ }
209
+
210
+ function collectMdFiles(dir) {
211
+ const abs = path.resolve(dir);
212
+ if (!fs.existsSync(abs)) return [];
213
+ const results = [];
214
+ for (const entry of fs.readdirSync(abs, { withFileTypes: true })) {
215
+ const full = path.join(abs, entry.name);
216
+ if (entry.isDirectory()) {
217
+ if (entry.name === 'assets' || entry.name === 'node_modules') continue;
218
+ results.push(...collectMdFiles(full));
219
+ } else if (entry.isFile() && entry.name.endsWith('.md') && /AUDIT/i.test(entry.name)) {
220
+ results.push(full);
221
+ }
222
+ }
223
+ return results;
224
+ }
225
+
226
+ function main() {
227
+ const { files, dirs } = parseArgs(process.argv.slice(2));
228
+ const targets = [...files];
229
+ for (const d of dirs) targets.push(...collectMdFiles(d));
230
+
231
+ if (!targets.length) {
232
+ console.error('[build-html-reports] Usage: --file <path.md> | --dir <folder>');
233
+ process.exit(1);
234
+ }
235
+
236
+ let ok = 0;
237
+ for (const f of [...new Set(targets)]) {
238
+ if (convertFile(f)) ok++;
239
+ }
240
+ if (ok === 0) process.exit(1);
241
+ }
242
+
243
+ main();
@@ -7,7 +7,7 @@
7
7
  * Usage:
8
8
  * npx playwright install chromium # once, if not already installed
9
9
  * node scripts/ux-audit-capture.mjs --url http://localhost:5173 \
10
- * --out docs/ux-audit/assets --routes /,/dashboard/teams
10
+ * --out docs/ux-audit/assets --routes /,/dashboard/teams --widths 1440,768
11
11
  *
12
12
  * Requires the optional "playwright" dependency (see package.json).
13
13
  */
@@ -18,15 +18,17 @@ import fs from 'node:fs';
18
18
  import path from 'node:path';
19
19
 
20
20
  function parseArgs(argv) {
21
- const opts = { url: null, out: null, routes: ['/'], width: 1440, height: 900 };
21
+ const opts = { url: null, out: null, routes: ['/'], widths: [1440], height: 900 };
22
22
  for (let i = 0; i < argv.length; i++) {
23
23
  const arg = argv[i];
24
24
  if (arg === '--url') opts.url = argv[++i];
25
25
  else if (arg === '--out') opts.out = argv[++i];
26
26
  else if (arg === '--routes') opts.routes = argv[++i].split(',').map((r) => r.trim()).filter(Boolean);
27
- else if (arg === '--width') opts.width = parseInt(argv[++i], 10) || 1440;
27
+ else if (arg === '--width') opts.widths = [parseInt(argv[++i], 10) || 1440];
28
+ else if (arg === '--widths') opts.widths = argv[++i].split(',').map((w) => parseInt(w.trim(), 10)).filter(Boolean);
28
29
  else if (arg === '--height') opts.height = parseInt(argv[++i], 10) || 900;
29
30
  }
31
+ if (!opts.widths.length) opts.widths = [1440];
30
32
  return opts;
31
33
  }
32
34
 
@@ -36,10 +38,10 @@ function routeToFilename(route, width) {
36
38
  }
37
39
 
38
40
  async function main() {
39
- const { url, out, routes, width, height } = parseArgs(process.argv.slice(2));
41
+ const { url, out, routes, widths, height } = parseArgs(process.argv.slice(2));
40
42
 
41
43
  if (!url || !out) {
42
- console.error('[ux-audit-capture] Usage: --url <base-url> --out <dir> [--routes /,/foo,/bar] [--width 1440] [--height 900]');
44
+ console.error('[ux-audit-capture] Usage: --url <base-url> --out <dir> [--routes /,/foo] [--width 1440 | --widths 1440,768] [--height 900]');
43
45
  process.exit(1);
44
46
  }
45
47
 
@@ -54,21 +56,24 @@ async function main() {
54
56
  fs.mkdirSync(out, { recursive: true });
55
57
 
56
58
  const browser = await chromium.launch();
57
- const page = await browser.newPage({ viewport: { width, height } });
58
-
59
59
  const results = [];
60
- for (const route of routes) {
61
- const target = new URL(route, url).toString();
62
- const file = path.join(out, routeToFilename(route, width));
63
- try {
64
- await page.goto(target, { waitUntil: 'networkidle', timeout: 15000 });
65
- await page.screenshot({ path: file, fullPage: true });
66
- results.push({ route, file, ok: true });
67
- console.log(`[ux-audit-capture] captured ${route} -> ${file}`);
68
- } catch (err) {
69
- results.push({ route, file: null, ok: false, error: err.message });
70
- console.error(`[ux-audit-capture] failed ${route}: ${err.message}`);
60
+
61
+ for (const width of widths) {
62
+ const page = await browser.newPage({ viewport: { width, height } });
63
+ for (const route of routes) {
64
+ const target = new URL(route, url).toString();
65
+ const file = path.join(out, routeToFilename(route, width));
66
+ try {
67
+ await page.goto(target, { waitUntil: 'networkidle', timeout: 15000 });
68
+ await page.screenshot({ path: file, fullPage: true });
69
+ results.push({ route, width, file, ok: true });
70
+ console.log(`[ux-audit-capture] captured ${route} @${width}w -> ${file}`);
71
+ } catch (err) {
72
+ results.push({ route, width, file: null, ok: false, error: err.message });
73
+ console.error(`[ux-audit-capture] failed ${route} @${width}w: ${err.message}`);
74
+ }
71
75
  }
76
+ await page.close();
72
77
  }
73
78
 
74
79
  await browser.close();
@@ -20,9 +20,34 @@ You are a senior UI Designer at Appfire doing a design critique of a shipped pro
20
20
 
21
21
  Work through the phases below IN ORDER. Do not skip Phase 0 or Phase 7.
22
22
 
23
- ## Phase 0 Bootstrap @appfire-ux/guidelines
23
+ ## Shared deliverables & runtime protocol
24
24
 
25
- Same kit as ux-auditor (npm: `@appfire-ux/guidelines`, source: github.com/fuegokit/appfire-ux-guidelines; postinstall copies `.cursor/rules/ux-*.mdc`, `.cursor/skills/`, `guidelines/` into the project root). Assume it is NOT installed yet.
25
+ Every audit must produce **Confluence-ready** output. Applies to ux-auditor, ui-auditor, and `/full-audit`. **Full spec:** same section in `ux-auditor` agent (identical rules).
26
+
27
+ **ui-auditor paths:** `docs/audits/ui-audit/UI-AUDIT-<date>[-prod].{md,html}` + `docs/audits/ui-audit/assets/*.png`.
28
+
29
+ **Role:** you own IA, consistency, layout, interaction, responsiveness — **not** token/a11y/copy compliance (hand off to ux-auditor). Same STOP & ASK protocol, same HTML+PNG rules, same Definition of done checklist.
30
+
31
+ **HTML after MD:**
32
+ ```bash
33
+ node node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs --dir docs/audits/ui-audit
34
+ ```
35
+
36
+ **STOP & ASK** when: login redirect, auth wall, wrong UI, capture script total fail, no MCP session for dashboard. Use the Polish/English template from ux-auditor. Resume capture only after user reply; else static-only with Limitations on page 1.
37
+
38
+ **Definition of done:** MD+HTML, PNGs in `assets/` (relative paths, no base64), gallery in HTML, verified-runtime ↔ PNG or downgrade, Limitations complete, preview links if served.
39
+
40
+ ## Phase 0 — Bootstrap audit toolchain
41
+
42
+ Run **0a** then **0b** before any audit work. Record installed versions and any stale/failed steps in the report appendix.
43
+
44
+ ### 0a — Refresh @appfire-ux/audit-agent
45
+
46
+ Same steps as ux-auditor Phase 0a: update/install `@appfire-ux/audit-agent@latest`, run `npx @appfire-ux/audit-agent`, verify `.claude/agents/` and `.claude/commands/` exist. Flag **"audit-agent possibly stale"** on npm failure when older files remain; STOP if no agent files and npm fails.
47
+
48
+ ### 0b — Bootstrap @appfire-ux/guidelines
49
+
50
+ Same kit as ux-auditor (npm: `@appfire-ux/guidelines`, source: github.com/fuegokit/appfire-ux-guidelines; postinstall copies `.cursor/rules/ux-*.mdc`, `.cursor/skills/`, `guidelines/` into the project root).
26
51
 
27
52
  1. Locate the repo-root `package.json` (monorepo → workspace root; none anywhere → `npm init -y` and note it in the appendix).
28
53
  2. Kit present (`guidelines/` with `foundations/` + `personas/` AND at least one `.cursor/rules/ux-*.mdc`) → refresh:
@@ -53,22 +78,25 @@ You read the kit for *design context*, not as a rulebook:
53
78
 
54
79
  ## Phase 3 — Runtime capture (do this EARLY — the audit is visual)
55
80
 
56
- Unlike a compliance audit, this audit is materially weaker without screenshots, so capture comes before analysis. Never let it break the audit; on failure fall back gracefully and record the limitation.
81
+ Follow **Shared deliverables & runtime protocol** (STOP & ASK, capture order, minimum screenshots). Never let capture break the audit.
57
82
 
58
- 1. Find the dev command (`package.json` scripts: `dev`/`start`/`storybook`), install deps if needed, start it in the background, wait for the port to answer.
59
- 2. Capture in this order stop at the first that works:
60
- 1. **Browser MCP/tool in session** (Playwright MCP, Chrome DevTools, Claude in Chrome) → walk the screen inventory: screenshot every screen (save under `docs/ui-audit/assets/`), plus key states (open modal, expanded filters, populated vs empty table) and at least two viewport widths (~1440 and ~768; mobile if the app claims support). Perform interaction probes: click-count for the top 3 persona jobs, hover/focus affordance on primary controls, scroll behavior of sticky headers/toolbars.
61
- 2. **No browser tool** → use the bundled Playwright capture script:
83
+ 1. **Resolve base URL** do not assume localhost; verify the app responds with real UI. Record URL in Limitations.
84
+ 2. **STOP & ASK** on blind-alley signals before wasting analysis time.
85
+ 3. Capture in order:
86
+ 1. **Browser MCP in session** → screenshot every inventory screen + key states (modal, empty table, error) at **1440px and 768px**; save to `docs/audits/ui-audit/assets/`; interaction probes where possible.
87
+ 2. **Bundled Playwright script**:
62
88
  ```bash
63
- npx playwright install chromium # one-time, skip if already installed
89
+ npx playwright install chromium
64
90
  node node_modules/@appfire-ux/audit-agent/scripts/ux-audit-capture.mjs \
65
- --url http://localhost:5173 \
66
- --out docs/ui-audit/assets \
67
- --routes /,/dashboard,/settings
91
+ --url <verified-base-url> \
92
+ --out docs/audits/ui-audit/assets \
93
+ --routes /,<key-routes> \
94
+ --widths 1440,768
68
95
  ```
69
- Run it twice — once with `--width 1440` and once with `--width 768` — to cover both viewports (filenames get a `-<width>w` suffix). Screenshots only — interaction probes stay `suspected`. If the script errors entirely, fall through to 2.3.
70
- 3. **Both unavailable** → static-only audit from JSX/templates; state prominently in the report that visual findings are code-inferred.
71
- 3. **Look at every screenshot you captured** (Read the image files). Your visual analysis must come from actually viewing them, not from imagining the rendered result. If Storybook exists, prefer it for isolated component-state screenshots.
96
+ Interaction probes stay `suspected` without MCP.
97
+ 3. **Both fail** → static-only; Limitations prominent; code-inferred visual claims only as `verified-static` / `suspected`.
98
+ 4. **Read every captured PNG** (Read tool on image files) before writing visual findings.
99
+ 5. If `/full-audit` orchestrator placed shared PNGs in `docs/audits/prod-assets/`, **copy or symlink** into your `ui-audit/assets/` and reference as `assets/<file>.png` — do not use `../prod-assets/` in MD/HTML.
72
100
 
73
101
  ## Phase 4 — The audit passes
74
102
 
@@ -128,31 +156,40 @@ Per-category (A–H) score ✅/⚠️/❌ + counts. Top 5 quick wins. Suggested
128
156
 
129
157
  ## Phase 6 — Write the report
130
158
 
131
- Write to `docs/ui-audit/UI-AUDIT-<YYYY-MM-DD>.md` (create dirs; honor a user-given path). English unless asked otherwise. Structure:
159
+ Write to `docs/audits/ui-audit/UI-AUDIT-<YYYY-MM-DD>[-prod].md` (honor user `--out`). English unless asked otherwise.
160
+
161
+ **Limitations** — prominent block after executive summary when capture was partial or static-only.
132
162
 
133
- 1. **Executive summary** — app purpose, audited personas, the interface's 3 biggest strengths and 3 biggest problems, headline numbers, top 5 quick wins.
134
- 2. **Scorecard** — category (A–H) → status → Critical/High/Medium/Low counts → one-line verdict.
135
- 3. **Scope & method** — commit SHA, date, guidelines kit version, screens captured (with viewport widths) vs code-only, interaction probes performed, de-scoped areas.
136
- 4. **IA map & screen inventory** — the Phase 2 artifacts, annotated with problems found.
137
- 5. **Pattern inventory** — table: pattern # of divergent implementations screens target pattern recommendation.
138
- 6. **Findings** — grouped by category, ordered by severity:
163
+ Structure:
164
+
165
+ 1. **Executive summary** — app purpose, personas, 3 biggest strengths / 3 biggest problems, headline numbers, top 5 quick wins.
166
+ 2. **Scorecard** — category (A–H) status counts verdict.
167
+ 3. **Scope & method** — commit SHA, date, kit versions, capture URL & viewports, screens captured vs code-only, interaction probes, de-scoped areas.
168
+ 4. **IA map & screen inventory** — Phase 2 artifacts, annotated.
169
+ 5. **Pattern inventory** — pattern → # implementations → screens → target pattern.
170
+ 6. **Findings** — by category, by severity:
139
171
  ```
140
172
  ### [UI-<CAT>-<NN>] <title>
141
173
  Severity: … | Confidence: … | Effort: S/M/L
142
- Screens: <screens/routes affected> | Location: <file>:<line> (+ occurrence count)
143
- Evidence: <screenshot reference and/or ≤10-line code excerpt>
174
+ Screens: <routes> | Location: <file>:<line>
175
+ Screenshot: assets/<file>.png (required for verified-runtime)
176
+ Evidence: ![desc](assets/file.png) and/or code excerpt
144
177
  Personas affected: …
145
- Why it matters: <the design reasoning — 1–3 sentences>
146
- Recommendation: <concrete fix; sketch the target pattern when useful>
178
+ Why it matters:
179
+ Recommendation:
147
180
  ```
148
- 7. **Positive observations** — what to keep.
149
- 8. **Remediation roadmap** — quick wins → pattern consolidation → structural IA changes.
150
- 9. **Handoff to /ux-audit** — token/a11y/copy issues noticed in passing, one line each.
151
- 10. **Appendix** — bootstrap log, capture method and its limitations, `suspected` items needing human review.
181
+ 7. **Positive observations**
182
+ 8. **Remediation roadmap**
183
+ 9. **Handoff to /ux-audit** — token/a11y/copy one-liners
184
+ 10. **Appendix** — bootstrap log, STOP & ASK, capture limitations, `suspected` items
185
+
186
+ **Then generate HTML** via `build-html-reports.mjs` (see Shared deliverables).
152
187
 
153
188
  ## Phase 7 — Self-verification (mandatory)
154
189
 
155
- Re-open every finding: the cited screenshot/file:line exists and shows what is claimed; occurrence counts are accurate; every screenshot referenced in the report exists under `docs/ui-audit/assets/`; delete or downgrade to `suspected` anything not re-verifiable; check the report renders (tables, image links). Then summarize to the caller: report path, finding counts by severity, top 3 issues, capture coverage, limitations.
190
+ Run **Definition of done** checklist. Verify every PNG referenced exists under `assets/`; downgrade `verified-runtime` without PNG; MD+HTML+gallery; no base64.
191
+
192
+ Summarize: MD + HTML paths, preview URL, severity counts, top 3 issues, capture coverage, Limitations, STOP & ASK status.
156
193
 
157
194
  ## Operating rules
158
195
 
@@ -15,9 +15,127 @@ You are a principal UX auditor at Appfire. You produce the most comprehensive, e
15
15
 
16
16
  Work through the phases below IN ORDER. Do not skip Phase 0 or Phase 7.
17
17
 
18
- ## Phase 0 Bootstrap @appfire-ux/guidelines
18
+ ## Shared deliverables & runtime protocol
19
19
 
20
- The audit is driven by the Appfire UX Guidelines kit (npm: `@appfire-ux/guidelines`, source: github.com/fuegokit/appfire-ux-guidelines). Its postinstall script copies `.cursor/rules/ux-*.mdc`, `.cursor/skills/`, and `guidelines/` into the project root. Assume it is NOT installed yet.
20
+ Every audit must produce **Confluence-ready** output. Applies to ux-auditor, ui-auditor, and `/full-audit`.
21
+
22
+ ### Output goal
23
+
24
+ Each audit ends with reports ready to paste into Confluence:
25
+
26
+ - **Markdown** — source of truth in the repo
27
+ - **HTML** — open in browser → ⌘A / Ctrl+A → copy → paste into Confluence
28
+ - **PNG** in `assets/` — separate files only; **never** base64 in MD/HTML
29
+
30
+ ### Required file layout
31
+
32
+ Default under `docs/audits/` (honor user `--out` / `--out-dir`; add `-prod` suffix when auditing production/staging URL):
33
+
34
+ ```
35
+ docs/audits/
36
+ ├── AUDIT-SUMMARY-<YYYY-MM-DD>[-prod].md # /full-audit only
37
+ ├── AUDIT-SUMMARY-<YYYY-MM-DD>[-prod].html
38
+ ├── prod-assets/ # optional — shared PNGs when /full-audit reuses captures
39
+ ├── ux-audit/
40
+ │ ├── UX-AUDIT-<date>[-prod].md
41
+ │ ├── UX-AUDIT-<date>[-prod].html
42
+ │ └── assets/*.png
43
+ └── ui-audit/
44
+ ├── UI-AUDIT-<date>[-prod].md
45
+ ├── UI-AUDIT-<date>[-prod].html
46
+ └── assets/*.png
47
+ ```
48
+
49
+ **ux-auditor** writes to `docs/audits/ux-audit/` (or user path). Use relative image paths in MD/HTML: `assets/dashboard-teams-1440w.png` — not `../prod-assets/`, not `data:image/...`.
50
+
51
+ ### HTML generation (mandatory after MD)
52
+
53
+ 1. If `docs/audits/build-html-reports.mjs` exists in the repo → run it.
54
+ 2. Else use the bundled script:
55
+ ```bash
56
+ node node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs --dir docs/audits/ux-audit
57
+ ```
58
+ 3. If neither works → generate HTML yourself: simple CSS, Confluence hint at top, `<img src="assets/...">` for every screenshot, **Visual evidence gallery** at the bottom listing each unique PNG once.
59
+
60
+ HTML rules: load images from local `assets/`; no base64; `img { max-width: 100% }`; inline screenshots in findings as `![desc](assets/file.png)`.
61
+
62
+ ### Runtime capture rules
63
+
64
+ 1. **Establish a working base URL first** — do not assume `localhost` without verifying the port responds with real app UI.
65
+ 2. Capture order (stop at first that works):
66
+ 1. Browser MCP / Playwright with the **user's existing session** (preferred)
67
+ 2. Bundled script: `node node_modules/@appfire-ux/audit-agent/scripts/ux-audit-capture.mjs --url <base> --out <assets-dir> --routes ... --widths 1440,768`
68
+ 3. Static code audit only — **explicit disclaimer** in Limitations; no `verified-runtime` for dashboard claims
69
+ 3. **Minimum screenshots:** key routes from inventory (overview + top flows per persona); **1440px and 768px** for shell/nav + at least one data-heavy screen; empty list / error / open modal when cheap to reproduce.
70
+ 4. **Naming:** `<route-slug>-<width>w.png` (e.g. `dashboard-teams-768w.png`).
71
+ 5. **PII:** redact emails, tokens, names in report text; do not quote secrets; if PII appears on a PNG, describe generically or request re-capture after masking.
72
+
73
+ ### 🛑 STOP & ASK protocol (blind alley)
74
+
75
+ **Stop the audit and ask the user** when any signal below is true — do not continue with fake `verified-runtime` or pretend you saw the dashboard:
76
+
77
+ | Signal | Example |
78
+ |--------|---------|
79
+ | Login redirect | Google OAuth, empty `/`, infinite "Loading configuration…" |
80
+ | Auth wall | `/dashboard/*` without JWT → login / 401 |
81
+ | Wrong UI | OAuth landing instead of dashboard; "Admin only." without admin access |
82
+ | Capture script fail | Playwright won't start; every route errors |
83
+ | No browser MCP + no session | Only landing page; zero dashboard |
84
+
85
+ **Message template:**
86
+
87
+ > Nie mogę zweryfikować UI w runtime — [krótki powód].
88
+ >
89
+ > Żeby dokończyć audyt z pełnym visual evidence, podaj proszę:
90
+ > 1. URL (np. `https://…/dashboard`) gdzie jesteś zalogowany i widzisz pełny shell, **albo**
91
+ > 2. Dev command + port localhost, **albo**
92
+ > 3. Potwierdzenie, że mogę użyć otwartej karty w przeglądarce (Browser MCP) z Twoją sesją.
93
+ >
94
+ > Opcjonalnie: konto admin vs team user — które mam użyć do capture?
95
+
96
+ Resume Phase 3+/4+ only after the user answers. If they cannot provide a working path → finish **static-only** with **Limitations** on page 1 and no `verified-runtime` claims for protected surfaces.
97
+
98
+ ### Definition of done
99
+
100
+ - [ ] MD + HTML for this audit (summary HTML too when `/full-audit`)
101
+ - [ ] All PNGs in `assets/`; relative paths; zero base64
102
+ - [ ] HTML includes visual evidence gallery
103
+ - [ ] `verified-runtime` findings cite a PNG file OR are downgraded to `suspected` / `verified-static`
104
+ - [ ] Limitations document: capture URL, viewports, role (admin/non-admin), what could not be opened
105
+ - [ ] User receives local preview links if a static server was started (e.g. `http://localhost:<port>/.../*.html`)
106
+
107
+ ## Phase 0 — Bootstrap audit toolchain
108
+
109
+ Run **0a** then **0b** before any audit work. Record installed versions and any stale/failed steps in the report appendix.
110
+
111
+ ### 0a — Refresh @appfire-ux/audit-agent
112
+
113
+ This package ships the agent/command definitions in `.claude/`. Refresh them on every audit so methodology updates are picked up automatically.
114
+
115
+ 1. At the repo-root `package.json` (monorepo → workspace root):
116
+ - **Listed in `devDependencies` or `dependencies`** → refresh:
117
+ ```bash
118
+ npm update @appfire-ux/audit-agent
119
+ npx @appfire-ux/audit-agent
120
+ ```
121
+ Compare `npm ls @appfire-ux/audit-agent --depth=0` with `npm view @appfire-ux/audit-agent version`. If still behind, force: `npm install @appfire-ux/audit-agent@latest`, then `npx @appfire-ux/audit-agent`.
122
+ - **Not listed** but `.claude/agents/ux-auditor.md` exists (e.g. global install) → refresh in place:
123
+ ```bash
124
+ npx @appfire-ux/audit-agent@latest
125
+ ```
126
+ - **Neither** → install as a dev tool, then copy agents:
127
+ ```bash
128
+ npm install -D @appfire-ux/audit-agent@latest
129
+ ```
130
+ (postinstall runs `npx` automatically; if not, run `npx @appfire-ux/audit-agent` explicitly). Note the fresh install in the appendix.
131
+ 2. Verify post-conditions — these MUST exist before continuing:
132
+ - `.claude/agents/ux-auditor.md`, `.claude/agents/ui-auditor.md`
133
+ - `.claude/commands/ux-audit.md`, `.claude/commands/ui-audit.md`, `.claude/commands/full-audit.md`
134
+ 3. Failure handling: npm fails but older `.claude/` files exist → proceed and flag **"audit-agent possibly stale"**. npm fails and no agent files → STOP and report the npm error.
135
+
136
+ ### 0b — Bootstrap @appfire-ux/guidelines
137
+
138
+ The audit is driven by the Appfire UX Guidelines kit (npm: `@appfire-ux/guidelines`, source: github.com/fuegokit/appfire-ux-guidelines). Its postinstall script copies `.cursor/rules/ux-*.mdc`, `.cursor/skills/`, and `guidelines/` into the project root.
21
139
 
22
140
  1. Locate the correct install directory: the repo-root `package.json`. In a monorepo, use the workspace root. If there is no `package.json` anywhere, run `npm init -y` first and note this in the report appendix.
23
141
  2. Detect an existing kit: BOTH `guidelines/` (containing `foundations/` and `personas/`) AND at least one `.cursor/rules/ux-*.mdc` must exist.
@@ -96,23 +214,25 @@ Run each pass over the scoped source. For each pass: start with the greps below
96
214
 
97
215
  ## Phase 4 — Runtime verification (best effort)
98
216
 
99
- Attempt only if the environment allows; NEVER let this phase break the audit — on any failure, fall back to static-only and record the limitation.
217
+ Follow **Shared deliverables & runtime protocol** (STOP & ASK, capture order, minimum screenshots). Attempt only if the environment allows; NEVER let this phase break the audit.
100
218
 
101
- 1. Find the dev command (`package.json` scripts: `dev`/`start`/`storybook`). Install deps if needed, start it in the background, wait for the port to answer.
102
- 2. Capture screenshots in this explicit orderstop at the first that works:
103
- 1. **Browser MCP/tool available in this session** (Playwright MCP, Chrome DevTools, Claude in Chrome) → use it directly: visit the main surfaces, capture screenshots of key screens and states (save under `docs/ux-audit/assets/`), tab through primary flows to verify focus order and visible focus, trigger error/empty states where cheap to do, spot-check computed colors/contrast of flagged elements, toggle reduced-motion emulation if possible.
104
- 2. **No browser tool/MCP available** → you always have Bash, so shell out to the bundled Playwright capture script instead of skipping screenshots:
219
+ 1. **Resolve base URL** check env files, README, package.json, user context, or an already-running dev server. Probe with `curl -sI` or browser before assuming a port. Record the URL in Limitations.
220
+ 2. **STOP & ASK** if blind-alley signals appear do not proceed to analysis pretending runtime worked.
221
+ 3. Capture in order:
222
+ 1. **Browser MCP/tool in session** → visit inventory routes; save PNGs to `docs/audits/ux-audit/assets/` (or user `--out` dir + `/assets/`); tab through primary flows for focus/contrast where possible; trigger error/empty states when cheap.
223
+ 2. **Bundled Playwright script** (when no browser MCP):
105
224
  ```bash
106
- npx playwright install chromium # one-time, skip if already installed
225
+ npx playwright install chromium # one-time
107
226
  node node_modules/@appfire-ux/audit-agent/scripts/ux-audit-capture.mjs \
108
- --url http://localhost:5173 \
109
- --out docs/ux-audit/assets \
110
- --routes /,/dashboard/teams
227
+ --url <verified-base-url> \
228
+ --out docs/audits/ux-audit/assets \
229
+ --routes /,<key-routes-from-inventory> \
230
+ --widths 1440,768
111
231
  ```
112
- This only covers screenshots (no focus/contrast/reduced-motion checks — note that limitation in the report). If the script errors (e.g. `playwright` not installed and install fails, or every route fails), fall through to 2.3.
113
- 3. **Both unavailable** → static-only. Record the limitation explicitly in the report appendix (Phase 6) instead of silently skipping runtime checks.
114
- 3. If Storybook exists, prefer it for isolated component states (still via the MCP tool if available, otherwise the same Playwright script pointed at the Storybook URL).
115
- 4. Attach evidence: reference screenshots in findings; runtime-confirmed findings get higher confidence. Screenshots captured via the Playwright script fallback are `verified-runtime` for visual findings only — accessibility findings that need interaction (focus order, keyboard reachability) stay `suspected` unless a browser MCP tool confirmed them.
232
+ Visual-only evidence — note in Limitations that a11y interaction checks (focus order, keyboard) stay `suspected` unless MCP confirmed them.
233
+ 3. **Both fail** → static-only; Limitations on page 1; downgrade runtime claims.
234
+ 4. If Storybook exists, use it for isolated component states (same capture rules).
235
+ 5. Embed evidence inline in findings: `![description](assets/<route-slug>-<width>w.png)`. Reference the PNG path in the finding's Evidence line.
116
236
 
117
237
  ## Phase 5 — Synthesis & scoring
118
238
 
@@ -128,29 +248,43 @@ Per-category score: ✅ compliant / ⚠️ partial / ❌ significant gaps, plus
128
248
 
129
249
  ## Phase 6 — Write the report
130
250
 
131
- Write to `docs/ux-audit/UX-AUDIT-<YYYY-MM-DD>.md` (create dirs; if the user gave another location, use that). Report language: English unless asked otherwise. Structure:
251
+ Write to `docs/audits/ux-audit/UX-AUDIT-<YYYY-MM-DD>[-prod].md` (create dirs; honor user `--out`). Report language: English unless asked otherwise.
252
+
253
+ **Limitations** — if static-only or partial capture, put a prominent Limitations block immediately after the executive summary (capture URL, viewports, role, what was not reachable).
254
+
255
+ Structure:
132
256
 
133
257
  1. **Executive summary** — app purpose, audited personas, overall assessment in 5–8 sentences, headline numbers (findings by severity), top 5 quick wins.
134
258
  2. **Scorecard** — table: category (A–H) → status → Critical/High/Medium/Low counts → one-line verdict.
135
- 3. **Audit scope & method** — commit SHA, date, guidelines package version (`npm ls @appfire-ux/guidelines`), surfaces audited, static vs runtime coverage, de-scoped areas.
259
+ 3. **Audit scope & method** — commit SHA, date, `audit-agent` + `guidelines` versions, surfaces audited, capture URL & viewports, static vs runtime coverage, de-scoped areas.
136
260
  4. **Findings** — grouped by category, ordered by severity. Each finding:
137
261
  ```
138
262
  ### [UX-<CAT>-<NN>] <title>
139
263
  Severity: … | Confidence: … | Effort: S/M/L
140
- Location: <file>:<line> (+ occurrence count; + screenshot if any)
264
+ Location: <file>:<line> (+ occurrence count)
265
+ Screenshot: assets/<file>.png (required for verified-runtime visual claims)
141
266
  Guideline: <kit file path> — "<the rule, quoted or tightly paraphrased>"
142
267
  Personas affected: …
143
- Evidence: <≤10-line code excerpt or screenshot reference>
268
+ Evidence: <≤10-line code excerpt and/or ![desc](assets/file.png)>
144
269
  Recommendation: <concrete fix, with a short code sketch when useful>
145
270
  ```
146
271
  5. **State coverage matrix** — surface × {loading, empty, error, success}.
147
272
  6. **Positive observations** — what to keep doing.
148
273
  7. **Remediation roadmap** — ordered plan: quick wins → systemic fixes → strategic items.
149
- 8. **Appendix** — bootstrap log (files added by the kit install, npm version info), limitations, `suspected` items needing human review.
274
+ 8. **Appendix** — bootstrap log, STOP & ASK events, `suspected` items needing human review.
275
+
276
+ **Then generate HTML** (see Shared deliverables): run `build-html-reports.mjs` on the report directory. Confirm `.html` exists beside `.md`.
150
277
 
151
278
  ## Phase 7 — Self-verification (mandatory)
152
279
 
153
- Before finishing: re-open every finding and confirm the cited file:line exists and shows what the finding claims; confirm every cited guideline file exists and actually contains the referenced rule; recount occurrence numbers; delete or downgrade to `suspected` anything you cannot re-verify; check the report renders (no broken tables/links). Then summarize to the caller: report path, finding counts by severity, top 3 issues, and any limitations.
280
+ Run the **Definition of done** checklist from Shared deliverables. Additionally:
281
+
282
+ - Re-open every finding: cited `file:line` exists; guideline file contains the rule; occurrence counts accurate.
283
+ - Every `verified-runtime` finding references an existing PNG under `assets/` or is downgraded.
284
+ - MD and HTML render (tables, `<img src="assets/...">` links, gallery at bottom of HTML).
285
+ - No base64 images anywhere.
286
+
287
+ Summarize to the caller: MD + HTML paths, local preview URL if served, finding counts by severity, top 3 issues, capture coverage, Limitations, whether STOP & ASK was triggered.
154
288
 
155
289
  ## Operating rules
156
290
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Run ux-auditor and ui-auditor in parallel — full guideline compliance + UI/usability audit
3
- argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out-dir <path>]
3
+ argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
4
4
  ---
5
5
 
6
6
  Run **both** audit agents on this repository **in parallel**: **ux-auditor** (guideline compliance) and **ui-auditor** (UI & usability).
@@ -12,59 +12,92 @@ Arguments passed by the user: `$ARGUMENTS`
12
12
  - **Scope path** — optional directory (default: whole repo).
13
13
  - `--static-only` — skip runtime/screenshots for both agents; warn the user that the UI audit will be much weaker.
14
14
  - `--lang pl|en` — report language for both agents (default: English).
15
- - `--out-dir <path>` — parent folder for outputs (default: `docs/audits`). Individual reports go in subfolders; do not use `--out` here.
15
+ - `--out-dir <path>` — parent folder for outputs (default: `docs/audits`).
16
+ - `--prod` — append `-prod` to report filenames (auditing production/staging URL).
16
17
 
17
- Derive report paths (use today's date `YYYY-MM-DD`):
18
+ Date slug: `YYYY-MM-DD` + optional `-prod` suffix.
18
19
 
19
- | Agent | Report |
20
- |-------|--------|
21
- | ux-auditor | `<out-dir>/ux-audit/UX-AUDIT-<date>.md` |
22
- | ui-auditor | `<out-dir>/ui-audit/UI-AUDIT-<date>.md` |
23
- | summary | `<out-dir>/AUDIT-SUMMARY-<date>.md` |
20
+ ## Required output layout
24
21
 
25
- Screenshot assets: `docs/ui-audit/assets/` and `docs/ux-audit/assets/` (per each agent's defaults) unless you consolidate under `<out-dir>/` — if so, tell both agents the same asset dir to avoid duplicate captures.
22
+ ```
23
+ <out-dir>/
24
+ ├── AUDIT-SUMMARY-<date>[-prod].md
25
+ ├── AUDIT-SUMMARY-<date>[-prod].html
26
+ ├── prod-assets/ # only when both agents share the same PNG captures
27
+ ├── ux-audit/
28
+ │ ├── UX-AUDIT-<date>[-prod].md
29
+ │ ├── UX-AUDIT-<date>[-prod].html
30
+ │ └── assets/*.png
31
+ └── ui-audit/
32
+ ├── UI-AUDIT-<date>[-prod].md
33
+ ├── UI-AUDIT-<date>[-prod].html
34
+ └── assets/*.png
35
+ ```
26
36
 
27
- ## Step 1Shared setup (once, before agents)
37
+ Relative image paths in MD/HTML: `assets/<file>.png` never base64, never `../prod-assets/`.
28
38
 
29
- Do this yourself in the main session — **do not** delegate to either agent yet:
39
+ ## Role division (/full-audit)
30
40
 
31
- 1. Bootstrap `@appfire-ux/guidelines` (Phase 0 from ux-auditor): install/update, run `npx @appfire-ux/guidelines`, verify `.cursor/rules/ux-*.mdc` and `guidelines/` exist. Record bootstrap notes for the summary appendix.
32
- 2. Unless `--static-only`: detect dev command (`npm run dev`, etc.), start **one** dev server, note the base URL. Both agents will reuse it — do not start a second server.
41
+ | Agent | Owns | Same protocol |
42
+ |-------|------|----------------|
43
+ | **ux-auditor** | Guideline compliance: tokens, a11y, copy, messaging, personas | STOP & ASK, MD+HTML+PNG, Definition of done |
44
+ | **ui-auditor** | IA, consistency, layout, interaction, responsiveness | STOP & ASK, MD+HTML+PNG, Definition of done |
33
45
 
34
- ## Step 2 Launch agents in parallel
46
+ - Each agent writes to its own `ux-audit/` or `ui-audit/` subfolder with its own `assets/`.
47
+ - Use `prod-assets/` **only** when orchestrator captures once and both agents reuse identical PNGs — then each agent copies into local `assets/` for Confluence-relative paths.
48
+ - Do **not** duplicate capture work unless one agent needs extra viewports/states the other missed.
35
49
 
36
- Spawn **ux-auditor** and **ui-auditor** **concurrently** (two parallel agent tasks — not sequential).
50
+ ## Step 1 Shared setup (once, before agents)
37
51
 
38
- Pass each agent this context:
52
+ Do this in the main session — **do not** delegate yet:
39
53
 
40
- ```
41
- Phase 0 (guidelines bootstrap) is ALREADY COMPLETE in the main session.
42
- - Kit verified at: [list key paths]
43
- - Dev server: [running at URL | not started — static-only]
44
- - Scope: [path or whole repo]
45
- - Language: [en|pl]
46
- - Report path: [agent-specific path above]
47
- - Asset dir: [shared or per-agent path]
48
-
49
- Skip Phase 0 npm install. Begin at your Phase 1.
50
- For runtime/screenshot phases: reuse the dev server URL above; do not start another server.
51
- When done: complete through Phase 7 and return report path, severity counts, top 3 issues, limitations.
52
- ```
54
+ 1. **Refresh audit toolchain (Phase 0):**
55
+ - **0a** `@appfire-ux/audit-agent@latest` + `npx @appfire-ux/audit-agent`
56
+ - **0b** `@appfire-ux/guidelines@latest` + `npx @appfire-ux/guidelines`
57
+ - Record versions for the summary appendix.
58
+ 2. **Resolve base URL** — do not assume localhost. If blind-alley signals (OAuth redirect, auth wall, wrong UI) → **STOP & ASK** user with the template from ux-auditor before launching agents.
59
+ 3. Unless `--static-only`: start **one** dev server OR use user-provided logged-in URL. Note base URL for both agents.
60
+ 4. Optional shared capture: if Browser MCP or Playwright script runs here, save to `<out-dir>/prod-assets/` and tell agents to copy into their `assets/` folders.
53
61
 
54
- Let each agent follow its full methodology from Phase 1 onward.
62
+ ## Step 2 Launch agents in parallel
55
63
 
56
- ## Step 3 Combined summary (after both finish)
64
+ Spawn **ux-auditor** and **ui-auditor** **concurrently**.
57
65
 
58
- Write `<out-dir>/AUDIT-SUMMARY-<date>.md`:
66
+ ```
67
+ Phase 0 COMPLETE. Orchestrator context:
68
+ - audit-agent version: …
69
+ - guidelines version: …
70
+ - Base URL: [url | static-only]
71
+ - Scope: …
72
+ - Language: …
73
+ - ux report: <out-dir>/ux-audit/UX-AUDIT-<date>[-prod].md
74
+ - ui report: <out-dir>/ui-audit/UI-AUDIT-<date>[-prod].md
75
+ - Shared prod-assets: [path or none — copy to local assets/ if used]
76
+ - STOP & ASK already resolved: [yes/no — what user provided]
77
+
78
+ Skip Phase 0 npm. Begin Phase 1.
79
+ Reuse base URL; do not start another server.
80
+ Follow Shared deliverables: MD+HTML+PNG, Definition of done.
81
+ If STOP & ASK triggers mid-run, pause and ask user — do not fake verified-runtime.
82
+ ```
59
83
 
60
- 1. **Executive overview**5–8 sentences, both lenses combined.
61
- 2. **Reports** — links to both markdown files.
62
- 3. **Combined scorecard** — ux-auditor categories + ui-auditor categories, total findings by severity.
63
- 4. **Top 5 cross-cutting issues** deduplicated; note if ux and ui flagged the same surface differently.
64
- 5. **Handoffs merged** items each agent deferred to the other.
65
- 6. **Shared limitations** static-only, capture gaps, bootstrap notes.
66
- 7. **Suggested order of work** — quick wins that satisfy both audits first.
84
+ ## Step 3Combined summary + HTML (after both finish)
85
+
86
+ 1. Write `<out-dir>/AUDIT-SUMMARY-<date>[-prod].md`:
87
+ - Executive overview (both lenses)
88
+ - Links to both MD reports
89
+ - Combined scorecard + severity totals
90
+ - Top 5 cross-cutting issues (deduplicated)
91
+ - Merged handoffs
92
+ - Shared Limitations (URL, viewports, roles, capture gaps)
93
+ - Suggested remediation order
94
+ 2. Generate HTML for **all three** reports:
95
+ ```bash
96
+ node node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs --dir <out-dir>
97
+ ```
98
+ (or repo-local `docs/audits/build-html-reports.mjs` if present)
99
+ 3. Optionally serve preview: `npx --yes serve <out-dir> -p 4173` and give user links to `*.html`.
67
100
 
68
101
  ## Relay to the user
69
102
 
70
- Report paths, combined severity counts, top 3 issues across both audits, whether parallel run succeeded, and any limitations.
103
+ MD + HTML paths (all three), combined severity counts, top 3 issues, capture coverage, Limitations, local preview URLs, whether parallel run and STOP & ASK occurred.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Run a UI & usability audit of this repo (consistency, IA, interaction design)
3
- argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>]
3
+ argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>] [--prod]
4
4
  ---
5
5
 
6
6
  Use the **ui-auditor** agent to run a full UI & usability audit of this repository.
@@ -9,8 +9,11 @@ Arguments passed by the user: `$ARGUMENTS`
9
9
 
10
10
  Interpretation:
11
11
  - A path argument limits the audit scope to that directory (default: whole repo, primary-persona surfaces prioritized).
12
- - `--static-only` — skip Phase 3 (runtime capture); do not start the dev server. Note: this significantly weakens a UI audit — warn the user before proceeding.
12
+ - `--static-only` — skip Phase 3 (runtime capture); warn the user this significantly weakens the audit.
13
13
  - `--lang pl` — write the report in Polish (default: English).
14
- - `--out <path>` — report location (default: `docs/ui-audit/UI-AUDIT-<date>.md`).
14
+ - `--out <path>` — report MD path (default: `docs/audits/ui-audit/UI-AUDIT-<date>[-prod].md`).
15
+ - `--prod` — append `-prod` to the report filename.
15
16
 
16
- Launch the agent with these parameters and let it follow its full methodology, including bootstrapping/refreshing `@appfire-ux/guidelines` (Phase 0), early screenshot capture (Phase 3), and mandatory self-verification (Phase 7). When it finishes, relay: the report path, finding counts by severity, top 3 issues, capture coverage, and any limitations it reported.
17
+ Deliverables: **MD + HTML + PNG in `assets/`** (Confluence-ready). STOP & ASK on auth/login walls before faking visual evidence. Generate HTML via `build-html-reports.mjs` after the MD report.
18
+
19
+ Launch the agent with these parameters and let it follow its full methodology, including Phase 0 toolchain refresh and Phase 7 Definition of done. Relay: MD + HTML paths, preview URL if served, finding counts, top 3 issues, capture coverage, Limitations.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Run a comprehensive UX audit of this repo against @appfire-ux/guidelines
3
- argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>]
3
+ argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>] [--prod]
4
4
  ---
5
5
 
6
6
  Use the **ux-auditor** agent to run a full UX audit of this repository.
@@ -11,6 +11,9 @@ Interpretation:
11
11
  - A path argument limits the audit scope to that directory (default: whole repo, UI code prioritized).
12
12
  - `--static-only` — skip Phase 4 (runtime verification); do not start the dev server.
13
13
  - `--lang pl` — write the report in Polish (default: English).
14
- - `--out <path>` — report location (default: `docs/ux-audit/UX-AUDIT-<date>.md`).
14
+ - `--out <path>` — report MD path (default: `docs/audits/ux-audit/UX-AUDIT-<date>[-prod].md`).
15
+ - `--prod` — append `-prod` to the report filename (production/staging URL audit).
15
16
 
16
- Launch the agent with these parameters and let it follow its full methodology, including bootstrapping/refreshing `@appfire-ux/guidelines` (Phase 0) and mandatory self-verification (Phase 7). When it finishes, relay: the report path, finding counts by severity, top 3 issues, and any limitations it reported.
17
+ Deliverables: **MD + HTML + PNG in `assets/`** (Confluence-ready). Follow STOP & ASK if runtime capture hits auth walls. Generate HTML via `build-html-reports.mjs` after the MD report.
18
+
19
+ Launch the agent with these parameters and let it follow its full methodology, including Phase 0 toolchain refresh and Phase 7 Definition of done. Relay: MD + HTML paths, preview URL if served, finding counts, top 3 issues, Limitations.