@appfire-ux/audit-agent 0.20260708.1 → 0.20260708.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@appfire-ux/audit-agent",
3
- "version": "0.20260708.1",
3
+ "version": "0.20260708.2",
4
4
  "description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), a11y-auditor (/a11y-audit: WCAG 2.2 + axe-core scan feeding the Appfire VPAT/ACR process), /full-audit parallel orchestration. Confluence-ready MD+HTML+PNG output, runtime capture & scan scripts.",
5
5
  "license": "MIT",
6
6
  "publishConfig": {
@@ -1,6 +1,6 @@
1
1
  ---
2
- description: Run ux-auditor, ui-auditor and a11y-auditor in parallel — guideline compliance + UI/usability + accessibility/VPAT audit
3
- argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
2
+ description: Run ux-auditor, ui-auditor and a11y-auditor in parallel — optional VPAT post-sequence with repo-audit + ACR draft
3
+ argument-hint: [scope-path] [--agents ux,ui,a11y] [--critique hard|balanced] [--with-vpat] [--static-only] [--lang pl|en] [--out-dir <path>] [--prod]
4
4
  ---
5
5
 
6
6
  Run **all three** audit agents on this repository **in parallel**: **ux-auditor** (guideline compliance), **ui-auditor** (UI & usability) and **a11y-auditor** (accessibility / VPAT readiness).
@@ -12,6 +12,7 @@ Arguments passed by the user: `$ARGUMENTS`
12
12
  - **Scope path** — optional directory (default: whole repo).
13
13
  - `--agents ux,ui,a11y` — subset of agents to run (default: all three).
14
14
  - `--critique hard|balanced` — critique intensity for UX/UI (default: `hard`).
15
+ - `--with-vpat` — after full audit completes, run two VPAT agents in sequence: repository readiness auditor, then ACR drafting agent.
15
16
  - `--static-only` — skip runtime/screenshots/scans for all agents; warn the user that the UI audit will be much weaker and most a11y criteria become NEEDS_MANUAL_REVIEW.
16
17
  - `--lang pl|en` — report language for all agents (default: English; a11y JSON/criterion map stays English).
17
18
  - `--out-dir <path>` — parent folder for outputs (default: `docs/audits`).
@@ -64,6 +65,9 @@ Hard fail gate:
64
65
  ├── RECOMMENDATIONS-TABLE-<date>[-prod].md
65
66
  ├── RECOMMENDATIONS-TABLE-<date>[-prod].html
66
67
  ├── RECOMMENDATIONS-TABLE-<date>[-prod].json
68
+ ├── VPAT-REPO-AUDIT-<date>[-prod].md # only when --with-vpat
69
+ ├── VPAT-REPO-AUDIT-<date>[-prod].json # only when --with-vpat
70
+ ├── ACR-DRAFT-<date>[-prod].md # only when --with-vpat
67
71
  ├── prod-assets/ # only when orchestrator shares PNG captures across agents
68
72
  ├── ux-audit/
69
73
  │ ├── UX-AUDIT-<date>[-prod].md
@@ -166,6 +170,8 @@ Required JSON format:
166
170
  | **ux-auditor** | Guideline compliance: tokens, a11y, copy, messaging, personas | STOP & ASK, MD+HTML+PNG, Definition of done |
167
171
  | **ui-auditor** | IA, consistency, layout, interaction, responsiveness | STOP & ASK, MD+HTML+PNG, Definition of done |
168
172
  | **a11y-auditor** | Deep accessibility: WCAG 2.2 A/AA, axe-core scan, VPAT/ACR datapoints | STOP & ASK, MD+HTML+PNG+JSON, no over-claiming |
173
+ | **vpat-repo-auditor** (optional) | Evidence-gap pre-audit for VPAT/ACR readiness | read-only, strict non-overclaiming, MD+JSON |
174
+ | **vpat-acr-drafter** (optional) | Human-reviewable ACR draft body from evidence package | output only ACR body, conservative conformance language |
169
175
 
170
176
  - Each agent writes to its own `ux-audit/`, `ui-audit/` or `a11y-audit/` subfolder with its own `assets/`.
171
177
  - Use `prod-assets/` **only** when orchestrator captures once and agents reuse identical PNGs — each agent copies into local `assets/` for Confluence-relative paths.
@@ -216,7 +222,7 @@ Follow Shared deliverables: MD+HTML+PNG, Definition of done.
216
222
  If STOP & ASK triggers mid-run, pause and ask user — do not fake verified-runtime.
217
223
  ```
218
224
 
219
- ## Step 3 — Combined summary + HTML (after all agents finish)
225
+ ## Step 3 — Combined summary + HTML (after UX/UI/A11Y finish)
220
226
 
221
227
  Before writing AUDIT-SUMMARY:
222
228
  - validate coverage matrix
@@ -252,6 +258,34 @@ Before writing AUDIT-SUMMARY:
252
258
  (or repo-local `docs/audits/build-html-reports.mjs` if present)
253
259
  5. Optionally serve preview: `npx --yes serve <out-dir> -p 4173` and give user links to `*.html`.
254
260
 
261
+ ## Step 4 — Optional VPAT post-sequence (`--with-vpat`)
262
+
263
+ Run this only when `--with-vpat` is set. This is strictly sequential:
264
+ 1. `vpat-repo-auditor` runs first, consuming:
265
+ - `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
266
+ - `a11y-audit/A11Y-AUDIT-<date>[-prod].json`
267
+ - `AUDIT-SUMMARY-<date>[-prod].md`
268
+ - coverage + recommendations artifacts
269
+ Output:
270
+ - `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].md`
271
+ - `<out-dir>/VPAT-REPO-AUDIT-<date>[-prod].json`
272
+ 2. `vpat-acr-drafter` runs second, consuming the full evidence package including `VPAT-REPO-AUDIT`.
273
+ Output:
274
+ - `<out-dir>/ACR-DRAFT-<date>[-prod].md`
275
+
276
+ VPAT sequence rules:
277
+ - Assume a11y audit already exists; if missing, stop and instruct to run/repair a11y audit first.
278
+ - Both VPAT agents are read-only and must never over-claim conformance.
279
+ - `vpat-acr-drafter` output must be only the ACR document body and start with:
280
+ `Appfire Accessibility Conformance Report`
281
+ - Missing evidence must be represented conservatively inside report notes/remarks/disclaimer/follow-up sections, not fabricated.
282
+
283
+ ## Step 5 — Final relay (base audit + optional VPAT)
284
+
285
+ When `--with-vpat` is enabled, include VPAT artifact paths and:
286
+ - one-line VPAT readiness status
287
+ - one-line ACR draft status (draft for human review, not final conformance claim)
288
+
255
289
  ## Definition of done extension
256
290
 
257
291
  `/full-audit` is complete only if all are true:
@@ -259,6 +293,7 @@ Before writing AUDIT-SUMMARY:
259
293
  2. Recommendations table artifacts exist (MD + HTML + JSON).
260
294
  3. Table has required columns and minimum row coverage.
261
295
  4. Priorities are assigned and justified from audit evidence.
296
+ 5. If `--with-vpat`: VPAT repo-audit MD+JSON and ACR draft MD exist.
262
297
 
263
298
  ## Relay to the user
264
299
 
@@ -268,4 +303,4 @@ Always include:
268
303
  - paths to recommendations table `.md`, `.html`, `.json`
269
304
  - one-line summary of highest-priority (`P0`) recommendation themes
270
305
 
271
- Remind the user the a11y `.json` feeds "AI Agent: VPAT Document" (Confluence, CRUX) for the ACR draft.
306
+ If `--with-vpat`, also return VPAT artifact paths and confirm the ACR draft is conservative and requires human compliance/legal review before publication.