@appfire-ux/audit-agent 0.20260708.0 → 0.20260708.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@appfire-ux/audit-agent",
3
- "version": "0.20260708.0",
3
+ "version": "0.20260708.2",
4
4
  "description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), a11y-auditor (/a11y-audit: WCAG 2.2 + axe-core scan feeding the Appfire VPAT/ACR process), /full-audit parallel orchestration. Confluence-ready MD+HTML+PNG output, runtime capture & scan scripts.",
5
5
  "license": "MIT",
6
6
  "publishConfig": {
@@ -1,6 +1,6 @@
1
1
  ---
2
- description: Run ux-auditor, ui-auditor and a11y-auditor in parallel — guideline compliance + UI/usability + accessibility/VPAT audit
3
- argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
2
+ description: Run ux-auditor, ui-auditor and a11y-auditor in parallel — optional VPAT post-sequence with repo-audit + ACR draft
3
+ argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--with-vpat] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
4
4
  ---
5
5
 
6
6
  Run **all three** audit agents on this repository **in parallel**: **ux-auditor** (guideline compliance), **ui-auditor** (UI & usability) and **a11y-auditor** (accessibility / VPAT readiness).
@@ -12,6 +12,7 @@ Arguments passed by the user: `$ARGUMENTS`
12
12
  - **Scope path** — optional directory (default: whole repo).
13
13
  - `--agents ux,ui,a11y` — subset of agents to run (default: all three).
14
14
  - `--critique hard|balanced` — critique intensity for UX/UI (default: `hard`).
15
+ - `--with-vpat` — after full audit completes, run two VPAT agents in sequence: repository readiness auditor, then ACR drafting agent.
15
16
  - `--static-only` — skip runtime/screenshots/scans for all agents; warn the user that the UI audit will be much weaker and most a11y criteria become NEEDS_MANUAL_REVIEW.
16
17
  - `--lang pl|en` — report language for all agents (default: English; a11y JSON/criterion map stays English).
17
18
  - `--out-dir <path>` — parent folder for outputs (default: `docs/audits`).
@@ -61,6 +62,12 @@ Hard fail gate:
61
62
  <out-dir>/
62
63
  ├── AUDIT-SUMMARY-<date>[-prod].md
63
64
  ├── AUDIT-SUMMARY-<date>[-prod].html
65
+ ├── RECOMMENDATIONS-TABLE-<date>[-prod].md
66
+ ├── RECOMMENDATIONS-TABLE-<date>[-prod].html
67
+ ├── RECOMMENDATIONS-TABLE-<date>[-prod].json
68
+ ├── VPAT-REPO-AUDIT-<date>[-prod].md # only when --with-vpat
69
+ ├── VPAT-REPO-AUDIT-<date>[-prod].json # only when --with-vpat
70
+ ├── ACR-DRAFT-<date>[-prod].md # only when --with-vpat
64
71
  ├── prod-assets/ # only when orchestrator shares PNG captures across agents
65
72
  ├── ux-audit/
66
73
  │ ├── UX-AUDIT-<date>[-prod].md
@@ -78,6 +85,84 @@ Hard fail gate:
78
85
 
79
86
  Relative image paths in MD/HTML: `assets/<file>.png` — never base64, never `../prod-assets/`.
80
87
 
88
+ ## New required artifact — UX Recommendations Table
89
+
90
+ In addition to existing reports, `/full-audit` MUST generate a consolidated recommendations table artifact in **English**.
91
+
92
+ Output files (required) under `<out-dir>/`:
93
+ - `RECOMMENDATIONS-TABLE-<date>[-prod].md`
94
+ - `RECOMMENDATIONS-TABLE-<date>[-prod].html`
95
+ - `RECOMMENDATIONS-TABLE-<date>[-prod].json` (machine-readable for npm/automation)
96
+
97
+ Purpose:
98
+ - planning-ready recommendations across UX/UI/A11Y with clear priority, implementation intent, justification, and expected user value.
99
+
100
+ Canonical table schema (required columns, exact order):
101
+ 1. `Area`
102
+ 2. `Priority` (P0/P1/P2)
103
+ 3. `Recommended UX Work`
104
+ 4. `Justification`
105
+ 5. `Expected Value (User Perspective)`
106
+
107
+ Row requirements:
108
+ - Minimum: 6 rows
109
+ - Must include at least:
110
+ - Empty/first-run states
111
+ - Navigation IA/wayfinding
112
+ - Feedback/confidence loops
113
+ - Destructive action safety
114
+ - Accessibility semantics/manual validation
115
+ - Responsive usability
116
+ - Every row must be actionable (not only diagnostic).
117
+ - Language: English only.
118
+ - Keep recommendations deduplicated and normalized across UX/UI/A11Y reports.
119
+
120
+ Priority mapping rules:
121
+ - `P0` = major user risk, activation blocker, or high operational risk
122
+ - `P1` = significant productivity/confidence/accessibility gain
123
+ - `P2` = meaningful optimization, lower urgency
124
+
125
+ Data source rules:
126
+ - Build from:
127
+ - `ux-audit/UX-AUDIT-<date>[-prod].md`
128
+ - `ui-audit/UI-AUDIT-<date>[-prod].md`
129
+ - `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
130
+ - `AUDIT-SUMMARY-<date>[-prod].md`
131
+ - Do not invent runtime evidence.
132
+ - If static-only mode is used, include a note that confidence is lower.
133
+
134
+ Required JSON format:
135
+ ```json
136
+ {
137
+ "meta": {
138
+ "date": "YYYY-MM-DD[-prod]",
139
+ "language": "en",
140
+ "sourceReports": [
141
+ "ux-audit/UX-AUDIT-...",
142
+ "ui-audit/UI-AUDIT-...",
143
+ "a11y-audit/A11Y-AUDIT-...",
144
+ "AUDIT-SUMMARY-..."
145
+ ]
146
+ },
147
+ "columns": [
148
+ "Area",
149
+ "Priority",
150
+ "Recommended UX Work",
151
+ "Justification",
152
+ "Expected Value (User Perspective)"
153
+ ],
154
+ "rows": [
155
+ {
156
+ "Area": "...",
157
+ "Priority": "P0|P1|P2",
158
+ "Recommended UX Work": "...",
159
+ "Justification": "...",
160
+ "Expected Value (User Perspective)": "..."
161
+ }
162
+ ]
163
+ }
164
+ ```
165
+
81
166
  ## Role division (/full-audit)
82
167
 
83
168
  | Agent | Owns | Same protocol |
@@ -85,6 +170,8 @@ Relative image paths in MD/HTML: `assets/<file>.png` — never base64, never `..
85
170
  | **ux-auditor** | Guideline compliance: tokens, a11y, copy, messaging, personas | STOP & ASK, MD+HTML+PNG, Definition of done |
86
171
  | **ui-auditor** | IA, consistency, layout, interaction, responsiveness | STOP & ASK, MD+HTML+PNG, Definition of done |
87
172
  | **a11y-auditor** | Deep accessibility: WCAG 2.2 A/AA, axe-core scan, VPAT/ACR datapoints | STOP & ASK, MD+HTML+PNG+JSON, no over-claiming |
173
+ | **vpat-repo-auditor** (optional) | Evidence-gap pre-audit for VPAT/ACR readiness | read-only, strict non-overclaiming, MD+JSON |
174
+ | **vpat-acr-drafter** (optional) | Human-reviewable ACR draft body from evidence package | output only ACR body, conservative conformance language |
88
175
 
89
176
  - Each agent writes to its own `ux-audit/`, `ui-audit/` or `a11y-audit/` subfolder with its own `assets/`.
90
177
  - Use `prod-assets/` **only** when orchestrator captures once and agents reuse identical PNGs — each agent copies into local `assets/` for Confluence-relative paths.
@@ -135,7 +222,7 @@ Follow Shared deliverables: MD+HTML+PNG, Definition of done.
135
222
  If STOP & ASK triggers mid-run, pause and ask user — do not fake verified-runtime.
136
223
  ```
137
224
 
138
- ## Step 3 — Combined summary + HTML (after all agents finish)
225
+ ## Step 3 — Combined summary + HTML (after UX/UI/A11Y finish)
139
226
 
140
227
  Before writing AUDIT-SUMMARY:
141
228
  - validate coverage matrix
@@ -159,13 +246,61 @@ Before writing AUDIT-SUMMARY:
159
246
  - Do not finalize `/full-audit` if UX+UI combined produce fewer than 6 MAJOR findings,
160
247
  unless runtime coverage is explicitly blocked and documented.
161
248
  - If `coverage_percent < 100`, mark the run `INCOMPLETE AUDIT` and do not present as finished.
162
- 3. Generate HTML for **all** reports:
249
+ 3. Build `RECOMMENDATIONS-TABLE-<date>[-prod].md|.json` from UX/UI/A11Y/SUMMARY reports:
250
+ - Use required columns in exact order.
251
+ - Ensure at least 6 actionable, deduplicated rows with required topic coverage.
252
+ - Force language to English.
253
+ - Include confidence-lower note if static-only mode was used.
254
+ 4. Generate HTML for **all** reports (including `RECOMMENDATIONS-TABLE-*.html`):
163
255
  ```bash
164
256
  node node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs --dir <out-dir>
165
257
  ```
166
258
  (or repo-local `docs/audits/build-html-reports.mjs` if present)
167
- 4. Optionally serve preview: `npx --yes serve <out-dir> -p 4173` and give user links to `*.html`.
259
+ 5. Optionally serve preview: `npx --yes serve <out-dir> -p 4173` and give user links to `*.html`.
260
+
261
+ ## Step 4 — Optional VPAT post-sequence (`--with-vpat`)
262
+
263
+ Run this only when `--with-vpat` is set. This is strictly sequential:
264
+ 1. `vpat-repo-auditor` runs first, consuming:
265
+ - `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
266
+ - `a11y-audit/A11Y-AUDIT-<date>[-prod].json`
267
+ - `AUDIT-SUMMARY-<date>[-prod].md`
268
+ - coverage + recommendations artifacts
269
+ Output:
270
+ - `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].md`
271
+ - `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].json`
272
+ 2. `vpat-acr-drafter` runs second, consuming the full evidence package including `VPAT-REPO-AUDIT`.
273
+ Output:
274
+ - `<out-dir>/ACR-DRAFT-<date>[-prod].md`
275
+
276
+ VPAT sequence rules:
277
+ - Assume a11y audit already exists; if missing, stop and instruct to run/repair a11y audit first.
278
+ - Both VPAT agents are read-only and must never over-claim conformance.
279
+ - `vpat-acr-drafter` output must be only the ACR document body and start with:
280
+ `Appfire Accessibility Conformance Report`
281
+ - Missing evidence must be represented conservatively inside report notes/remarks/disclaimer/follow-up sections, not fabricated.
282
+
283
+ ## Step 5 — Final relay (base audit + optional VPAT)
284
+
285
+ When `--with-vpat` is enabled, include VPAT artifact paths and:
286
+ - one-line VPAT readiness status
287
+ - one-line ACR draft status (draft for human review, not final conformance claim)
288
+
289
+ ## Definition of done extension
290
+
291
+ `/full-audit` is complete only if all are true:
292
+ 1. Existing UX/UI/A11Y/SUMMARY artifacts exist (MD + HTML + A11Y JSON).
293
+ 2. Recommendations table artifacts exist (MD + HTML + JSON).
294
+ 3. Table has required columns and minimum row coverage.
295
+ 4. Priorities are assigned and justified from audit evidence.
296
+ 5. If `--with-vpat`: VPAT repo-audit MD+JSON and ACR draft MD exist.
168
297
 
169
298
  ## Relay to the user
170
299
 
171
- MD + HTML paths (all reports), combined severity counts, Baseline Accessibility Score + safe conclusion (a11y), top 3 issues, capture coverage, Limitations, local preview URLs, whether parallel run and STOP & ASK occurred. Remind the user the a11y `.json` feeds "AI Agent: VPAT Document" (Confluence, CRUX) for the ACR draft.
300
+ MD + HTML paths (all reports), combined severity counts, Baseline Accessibility Score + safe conclusion (a11y), top 3 issues, capture coverage, Limitations, local preview URLs, whether parallel run and STOP & ASK occurred.
301
+
302
+ Always include:
303
+ - paths to recommendations table `.md`, `.html`, `.json`
304
+ - one-line summary of highest-priority (`P0`) recommendation themes
305
+
306
+ If `--with-vpat`, also return VPAT artifact paths and confirm the ACR draft is conservative and requires human compliance/legal review before publication.