@appfire-ux/audit-agent 0.20260708.0 → 0.20260708.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/templates/commands/full-audit.md +141 -6
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@appfire-ux/audit-agent",
|
|
3
|
-
"version": "0.20260708.
|
|
3
|
+
"version": "0.20260708.2",
|
|
4
4
|
"description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), a11y-auditor (/a11y-audit: WCAG 2.2 + axe-core scan feeding the Appfire VPAT/ACR process), /full-audit parallel orchestration. Confluence-ready MD+HTML+PNG output, runtime capture & scan scripts.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"publishConfig": {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
|
-
description: Run ux-auditor, ui-auditor and a11y-auditor in parallel —
|
|
3
|
-
argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
|
|
2
|
+
description: Run ux-auditor, ui-auditor and a11y-auditor in parallel — optional VPAT post-sequence with repo-audit + ACR draft
|
|
3
|
+
argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--with-vpat] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
Run **all three** audit agents on this repository **in parallel**: **ux-auditor** (guideline compliance), **ui-auditor** (UI & usability) and **a11y-auditor** (accessibility / VPAT readiness).
|
|
@@ -12,6 +12,7 @@ Arguments passed by the user: `$ARGUMENTS`
|
|
|
12
12
|
- **Scope path** — optional directory (default: whole repo).
|
|
13
13
|
- `--agents ux,ui,a11y` — subset of agents to run (default: all three).
|
|
14
14
|
- `--critique hard|balanced` — critique intensity for UX/UI (default: `hard`).
|
|
15
|
+
- `--with-vpat` — after full audit completes, run two VPAT agents in sequence: repository readiness auditor, then ACR drafting agent.
|
|
15
16
|
- `--static-only` — skip runtime/screenshots/scans for all agents; warn the user that the UI audit will be much weaker and most a11y criteria become NEEDS_MANUAL_REVIEW.
|
|
16
17
|
- `--lang pl|en` — report language for all agents (default: English; a11y JSON/criterion map stays English).
|
|
17
18
|
- `--out-dir <path>` — parent folder for outputs (default: `docs/audits`).
|
|
@@ -61,6 +62,12 @@ Hard fail gate:
|
|
|
61
62
|
<out-dir>/
|
|
62
63
|
├── AUDIT-SUMMARY-<date>[-prod].md
|
|
63
64
|
├── AUDIT-SUMMARY-<date>[-prod].html
|
|
65
|
+
├── RECOMMENDATIONS-TABLE-<date>[-prod].md
|
|
66
|
+
├── RECOMMENDATIONS-TABLE-<date>[-prod].html
|
|
67
|
+
├── RECOMMENDATIONS-TABLE-<date>[-prod].json
|
|
68
|
+
├── VPAT-REPO-AUDIT-<date>[-prod].md # only when --with-vpat
|
|
69
|
+
├── VPAT-REPO-AUDIT-<date>[-prod].json # only when --with-vpat
|
|
70
|
+
├── ACR-DRAFT-<date>[-prod].md # only when --with-vpat
|
|
64
71
|
├── prod-assets/ # only when orchestrator shares PNG captures across agents
|
|
65
72
|
├── ux-audit/
|
|
66
73
|
│ ├── UX-AUDIT-<date>[-prod].md
|
|
@@ -78,6 +85,84 @@ Hard fail gate:
|
|
|
78
85
|
|
|
79
86
|
Relative image paths in MD/HTML: `assets/<file>.png` — never base64, never `../prod-assets/`.
|
|
80
87
|
|
|
88
|
+
## New required artifact — UX Recommendations Table
|
|
89
|
+
|
|
90
|
+
In addition to existing reports, `/full-audit` MUST generate a consolidated recommendations table artifact in **English**.
|
|
91
|
+
|
|
92
|
+
Output files (required) under `<out-dir>/`:
|
|
93
|
+
- `RECOMMENDATIONS-TABLE-<date>[-prod].md`
|
|
94
|
+
- `RECOMMENDATIONS-TABLE-<date>[-prod].html`
|
|
95
|
+
- `RECOMMENDATIONS-TABLE-<date>[-prod].json` (machine-readable for npm/automation)
|
|
96
|
+
|
|
97
|
+
Purpose:
|
|
98
|
+
- planning-ready recommendations across UX/UI/A11Y with clear priority, implementation intent, justification, and expected user value.
|
|
99
|
+
|
|
100
|
+
Canonical table schema (required columns, exact order):
|
|
101
|
+
1. `Area`
|
|
102
|
+
2. `Priority` (P0/P1/P2)
|
|
103
|
+
3. `Recommended UX Work`
|
|
104
|
+
4. `Justification`
|
|
105
|
+
5. `Expected Value (User Perspective)`
|
|
106
|
+
|
|
107
|
+
Row requirements:
|
|
108
|
+
- Minimum: 6 rows
|
|
109
|
+
- Must include at least:
|
|
110
|
+
- Empty/first-run states
|
|
111
|
+
- Navigation IA/wayfinding
|
|
112
|
+
- Feedback/confidence loops
|
|
113
|
+
- Destructive action safety
|
|
114
|
+
- Accessibility semantics/manual validation
|
|
115
|
+
- Responsive usability
|
|
116
|
+
- Every row must be actionable (not only diagnostic).
|
|
117
|
+
- Language: English only.
|
|
118
|
+
- Keep recommendations deduplicated and normalized across UX/UI/A11Y reports.
|
|
119
|
+
|
|
120
|
+
Priority mapping rules:
|
|
121
|
+
- `P0` = major user risk, activation blocker, or high operational risk
|
|
122
|
+
- `P1` = significant productivity/confidence/accessibility gain
|
|
123
|
+
- `P2` = meaningful optimization, lower urgency
|
|
124
|
+
|
|
125
|
+
Data source rules:
|
|
126
|
+
- Build from:
|
|
127
|
+
- `ux-audit/UX-AUDIT-<date>[-prod].md`
|
|
128
|
+
- `ui-audit/UI-AUDIT-<date>[-prod].md`
|
|
129
|
+
- `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
|
|
130
|
+
- `AUDIT-SUMMARY-<date>[-prod].md`
|
|
131
|
+
- Do not invent runtime evidence.
|
|
132
|
+
- If static-only mode is used, include a note that confidence is lower.
|
|
133
|
+
|
|
134
|
+
Required JSON format:
|
|
135
|
+
```json
|
|
136
|
+
{
|
|
137
|
+
"meta": {
|
|
138
|
+
"date": "YYYY-MM-DD[-prod]",
|
|
139
|
+
"language": "en",
|
|
140
|
+
"sourceReports": [
|
|
141
|
+
"ux-audit/UX-AUDIT-...",
|
|
142
|
+
"ui-audit/UI-AUDIT-...",
|
|
143
|
+
"a11y-audit/A11Y-AUDIT-...",
|
|
144
|
+
"AUDIT-SUMMARY-..."
|
|
145
|
+
]
|
|
146
|
+
},
|
|
147
|
+
"columns": [
|
|
148
|
+
"Area",
|
|
149
|
+
"Priority",
|
|
150
|
+
"Recommended UX Work",
|
|
151
|
+
"Justification",
|
|
152
|
+
"Expected Value (User Perspective)"
|
|
153
|
+
],
|
|
154
|
+
"rows": [
|
|
155
|
+
{
|
|
156
|
+
"Area": "...",
|
|
157
|
+
"Priority": "P0|P1|P2",
|
|
158
|
+
"Recommended UX Work": "...",
|
|
159
|
+
"Justification": "...",
|
|
160
|
+
"Expected Value (User Perspective)": "..."
|
|
161
|
+
}
|
|
162
|
+
]
|
|
163
|
+
}
|
|
164
|
+
```
|
|
165
|
+
|
|
81
166
|
## Role division (/full-audit)
|
|
82
167
|
|
|
83
168
|
| Agent | Owns | Same protocol |
|
|
@@ -85,6 +170,8 @@ Relative image paths in MD/HTML: `assets/<file>.png` — never base64, never `..
|
|
|
85
170
|
| **ux-auditor** | Guideline compliance: tokens, a11y, copy, messaging, personas | STOP & ASK, MD+HTML+PNG, Definition of done |
|
|
86
171
|
| **ui-auditor** | IA, consistency, layout, interaction, responsiveness | STOP & ASK, MD+HTML+PNG, Definition of done |
|
|
87
172
|
| **a11y-auditor** | Deep accessibility: WCAG 2.2 A/AA, axe-core scan, VPAT/ACR datapoints | STOP & ASK, MD+HTML+PNG+JSON, no over-claiming |
|
|
173
|
+
| **vpat-repo-auditor** (optional) | Evidence-gap pre-audit for VPAT/ACR readiness | read-only, strict non-overclaiming, MD+JSON |
|
|
174
|
+
| **vpat-acr-drafter** (optional) | Human-reviewable ACR draft body from evidence package | output only ACR body, conservative conformance language |
|
|
88
175
|
|
|
89
176
|
- Each agent writes to its own `ux-audit/`, `ui-audit/` or `a11y-audit/` subfolder with its own `assets/`.
|
|
90
177
|
- Use `prod-assets/` **only** when orchestrator captures once and agents reuse identical PNGs — each agent copies into local `assets/` for Confluence-relative paths.
|
|
@@ -135,7 +222,7 @@ Follow Shared deliverables: MD+HTML+PNG, Definition of done.
|
|
|
135
222
|
If STOP & ASK triggers mid-run, pause and ask user — do not fake verified-runtime.
|
|
136
223
|
```
|
|
137
224
|
|
|
138
|
-
## Step 3 — Combined summary + HTML (after
|
|
225
|
+
## Step 3 — Combined summary + HTML (after UX/UI/A11Y finish)
|
|
139
226
|
|
|
140
227
|
Before writing AUDIT-SUMMARY:
|
|
141
228
|
- validate coverage matrix
|
|
@@ -159,13 +246,61 @@ Before writing AUDIT-SUMMARY:
|
|
|
159
246
|
- Do not finalize `/full-audit` if UX+UI combined produce fewer than 6 MAJOR findings,
|
|
160
247
|
unless runtime coverage is explicitly blocked and documented.
|
|
161
248
|
- If `coverage_percent < 100`, mark the run `INCOMPLETE AUDIT` and do not present as finished.
|
|
162
|
-
3.
|
|
249
|
+
3. Build `RECOMMENDATIONS-TABLE-<date>[-prod].md|.json` from UX/UI/A11Y/SUMMARY reports:
|
|
250
|
+
- Use required columns in exact order.
|
|
251
|
+
- Ensure at least 6 actionable, deduplicated rows with required topic coverage.
|
|
252
|
+
- Force language to English.
|
|
253
|
+
- Include confidence-lower note if static-only mode was used.
|
|
254
|
+
4. Generate HTML for **all** reports (including `RECOMMENDATIONS-TABLE-*.html`):
|
|
163
255
|
```bash
|
|
164
256
|
node node_modules/@appfire-ux/audit-agent/scripts/build-html-reports.mjs --dir <out-dir>
|
|
165
257
|
```
|
|
166
258
|
(or repo-local `docs/audits/build-html-reports.mjs` if present)
|
|
167
|
-
|
|
259
|
+
5. Optionally serve preview: `npx --yes serve <out-dir> -p 4173` and give user links to `*.html`.
|
|
260
|
+
|
|
261
|
+
## Step 4 — Optional VPAT post-sequence (`--with-vpat`)
|
|
262
|
+
|
|
263
|
+
Run this only when `--with-vpat` is set. This is strictly sequential:
|
|
264
|
+
1. `vpat-repo-auditor` runs first, consuming:
|
|
265
|
+
- `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
|
|
266
|
+
- `a11y-audit/A11Y-AUDIT-<date>[-prod].json`
|
|
267
|
+
- `AUDIT-SUMMARY-<date>[-prod].md`
|
|
268
|
+
- coverage + recommendations artifacts
|
|
269
|
+
Output:
|
|
270
|
+
- `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].md`
|
|
271
|
+
- `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].json`
|
|
272
|
+
2. `vpat-acr-drafter` runs second, consuming the full evidence package including `VPAT-REPO-AUDIT`.
|
|
273
|
+
Output:
|
|
274
|
+
- `<out-dir>/ACR-DRAFT-<date>[-prod].md`
|
|
275
|
+
|
|
276
|
+
VPAT sequence rules:
|
|
277
|
+
- Assume a11y audit already exists; if missing, stop and instruct to run/repair a11y audit first.
|
|
278
|
+
- Both VPAT agents are read-only and must never over-claim conformance.
|
|
279
|
+
- `vpat-acr-drafter` output must be only the ACR document body and start with:
|
|
280
|
+
`Appfire Accessibility Conformance Report`
|
|
281
|
+
- Missing evidence must be represented conservatively inside report notes/remarks/disclaimer/follow-up sections, not fabricated.
|
|
282
|
+
|
|
283
|
+
## Step 5 — Final relay (base audit + optional VPAT)
|
|
284
|
+
|
|
285
|
+
When `--with-vpat` is enabled, include VPAT artifact paths and:
|
|
286
|
+
- one-line VPAT readiness status
|
|
287
|
+
- one-line ACR draft status (draft for human review, not final conformance claim)
|
|
288
|
+
|
|
289
|
+
## Definition of done extension
|
|
290
|
+
|
|
291
|
+
`/full-audit` is complete only if all are true:
|
|
292
|
+
1. Existing UX/UI/A11Y/SUMMARY artifacts exist (MD + HTML + A11Y JSON).
|
|
293
|
+
2. Recommendations table artifacts exist (MD + HTML + JSON).
|
|
294
|
+
3. Table has required columns and minimum row coverage.
|
|
295
|
+
4. Priorities are assigned and justified from audit evidence.
|
|
296
|
+
5. If `--with-vpat`: VPAT repo-audit MD+JSON and ACR draft MD exist.
|
|
168
297
|
|
|
169
298
|
## Relay to the user
|
|
170
299
|
|
|
171
|
-
MD + HTML paths (all reports), combined severity counts, Baseline Accessibility Score + safe conclusion (a11y), top 3 issues, capture coverage, Limitations, local preview URLs, whether parallel run and STOP & ASK occurred.
|
|
300
|
+
MD + HTML paths (all reports), combined severity counts, Baseline Accessibility Score + safe conclusion (a11y), top 3 issues, capture coverage, Limitations, local preview URLs, whether parallel run and STOP & ASK occurred.
|
|
301
|
+
|
|
302
|
+
Always include:
|
|
303
|
+
- paths to recommendations table `.md`, `.html`, `.json`
|
|
304
|
+
- one-line summary of highest-priority (`P0`) recommendation themes
|
|
305
|
+
|
|
306
|
+
If `--with-vpat`, also return VPAT artifact paths and confirm the ACR draft is conservative and requires human compliance/legal review before publication.
|