@appfire-ux/audit-agent 0.20260708.4 → 0.20260709.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -43
- package/bin/install.js +4 -2
- package/package.json +2 -3
- package/templates/agents/a11y-auditor.md +1 -1
- package/templates/commands/a11y-audit.md +18 -13
- package/templates/commands/full-audit.md +20 -3
- package/templates/agents/vpat-acr-drafter.md +0 -68
- package/templates/agents/vpat-repo-auditor.md +0 -113
package/README.md
CHANGED
|
@@ -9,67 +9,49 @@ Agents:
|
|
|
9
9
|
|
|
10
10
|
- **ux-auditor** (`/ux-audit`) — guideline-compliance UX audit: design tokens, spacing/typography, accessibility, UX writing, messaging patterns, persona fit.
|
|
11
11
|
- **ui-auditor** (`/ui-audit`) — UI & usability audit from a UI Designer's perspective: cross-screen consistency, layout & visual hierarchy, information architecture, navigation, interaction design, forms, data-dense views, responsiveness. Screenshot-driven (browser MCP or bundled Playwright fallback).
|
|
12
|
-
- **a11y-auditor** (`/a11y-audit`) — deep accessibility audit
|
|
12
|
+
- **a11y-auditor** (`/a11y-audit`) — deep accessibility audit: WCAG 2.2 A/AA, axe-core scans, static four-principles code audit, JSON datapoints for VPAT. Strict no-over-claiming language.
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
**VPAT/ACR drafting** is a separate package: [`@appfire-ux/vpat-agent`](../appfire-ux-vpat-agent/) — install for `/vpat-audit` (full VPAT pipeline with mandatory UI URL).
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
## Install
|
|
17
17
|
|
|
18
18
|
```bash
|
|
19
19
|
npm install -D @appfire-ux/audit-agent
|
|
20
20
|
```
|
|
21
21
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
```
|
|
25
|
-
/full-audit # all audits in parallel (recommended)
|
|
26
|
-
/ux-audit # compliance only
|
|
27
|
-
/ui-audit # UI & usability only
|
|
28
|
-
/a11y-audit # accessibility / VPAT readiness only
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
Once, for all repos on your machine:
|
|
22
|
+
For VPAT/ACR in the same repo:
|
|
32
23
|
|
|
33
24
|
```bash
|
|
34
|
-
|
|
25
|
+
npm install -D @appfire-ux/vpat-agent @appfire-ux/guidelines
|
|
26
|
+
npx @appfire-ux/vpat-agent
|
|
35
27
|
```
|
|
36
28
|
|
|
37
|
-
|
|
29
|
+
Open Claude Code:
|
|
38
30
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
npm update @appfire-ux/audit-agent @appfire-ux/guidelines
|
|
43
|
-
npx @appfire-ux/audit-agent
|
|
44
|
-
npx @appfire-ux/guidelines
|
|
31
|
+
```
|
|
32
|
+
/full-audit # UX + UI + A11Y in parallel; VPAT post-sequence via @appfire-ux/vpat-agent (default)
|
|
33
|
+
/vpat-audit --url https://localhost:5173 # VPAT-only (requires @appfire-ux/vpat-agent)
|
|
45
34
|
```
|
|
46
35
|
|
|
47
36
|
## What gets installed
|
|
48
37
|
|
|
49
38
|
| File | Purpose |
|
|
50
|
-
|
|
51
|
-
| `.claude/agents/ux-auditor.md` | Guideline-compliance audit
|
|
52
|
-
| `.claude/commands/ux-audit.md` | `/ux-audit
|
|
53
|
-
| `.claude/agents/ui-auditor.md` | UI & usability audit
|
|
54
|
-
| `.claude/commands/ui-audit.md` | `/ui-audit
|
|
55
|
-
| `.claude/agents/a11y-auditor.md` | Accessibility
|
|
56
|
-
| `.claude/commands/a11y-audit.md` | `/a11y-audit
|
|
57
|
-
| `.claude/
|
|
58
|
-
|
|
|
59
|
-
|
|
|
60
|
-
| `scripts/
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
The audits complement each other. Every run produces **Markdown + HTML + PNG assets** under `docs/audits/` (STOP & ASK on auth walls; no base64). Use `/full-audit` for all agents in parallel. The a11y audit additionally produces machine-readable datapoints (`A11Y-AUDIT-<date>.json` + `axe-results/*.json`) for the VPAT/ACR drafting workflow.
|
|
39
|
+
|------|---------|
|
|
40
|
+
| `.claude/agents/ux-auditor.md` | Guideline-compliance audit |
|
|
41
|
+
| `.claude/commands/ux-audit.md` | `/ux-audit` |
|
|
42
|
+
| `.claude/agents/ui-auditor.md` | UI & usability audit |
|
|
43
|
+
| `.claude/commands/ui-audit.md` | `/ui-audit` |
|
|
44
|
+
| `.claude/agents/a11y-auditor.md` | Accessibility audit → JSON for VPAT |
|
|
45
|
+
| `.claude/commands/a11y-audit.md` | `/a11y-audit` |
|
|
46
|
+
| `.claude/commands/full-audit.md` | `/full-audit` parallel orchestration |
|
|
47
|
+
| `scripts/ux-audit-capture.mjs` | Playwright screenshot fallback |
|
|
48
|
+
| `scripts/a11y-audit-scan.mjs` | Playwright + axe-core scanner |
|
|
49
|
+
| `scripts/build-html-reports.mjs` | MD → Confluence-ready HTML |
|
|
50
|
+
|
|
51
|
+
VPAT agents, CRUX template, and `/vpat-audit` live in **`@appfire-ux/vpat-agent`**.
|
|
65
52
|
|
|
66
53
|
## Publishing (maintainers)
|
|
67
54
|
|
|
68
|
-
|
|
55
|
+
Pushes to `main` touching `appfire-ux-audit-agent/**` or canonical UX/UI/A11Y files run [`.github/workflows/publish-audit-agent.yml`](../.github/workflows/publish-audit-agent.yml).
|
|
69
56
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
```bash
|
|
73
|
-
cd appfire-ux-audit-agent
|
|
74
|
-
npm publish --access public # requires publish rights to the @appfire-ux scope
|
|
75
|
-
```
|
|
57
|
+
VPAT package: [`.github/workflows/publish-vpat-agent.yml`](../.github/workflows/publish-vpat-agent.yml).
|
package/bin/install.js
CHANGED
|
@@ -72,8 +72,10 @@ console.log('Usage (in Claude Code, inside your repo):');
|
|
|
72
72
|
console.log(' /full-audit all audits in parallel (recommended; --agents ux,ui,a11y)');
|
|
73
73
|
console.log(' /ux-audit guideline-compliance UX audit (tokens, a11y, content, messaging)');
|
|
74
74
|
console.log(' /ui-audit UI & usability audit (consistency, IA, interaction design)');
|
|
75
|
-
console.log(' /a11y-audit accessibility audit
|
|
76
|
-
console.log(' All accept: [scope-path] [--static-only] [--lang pl]');
|
|
75
|
+
console.log(' /a11y-audit accessibility audit (feeds @appfire-ux/vpat-agent for VPAT/ACR)');
|
|
76
|
+
console.log(' All accept: [scope-path] [--url <ui-url>] [--static-only] [--lang pl]');
|
|
77
77
|
console.log(' /full-audit also: [--out-dir <path>] others: [--out <path>]');
|
|
78
78
|
console.log('');
|
|
79
|
+
console.log('VPAT/ACR: npm install -D @appfire-ux/vpat-agent && /vpat-audit --url <ui-url>');
|
|
80
|
+
console.log('');
|
|
79
81
|
console.log('Tip: run "npx appfire-ux-audit-agent --global" to install into ~/.claude for all repos.');
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@appfire-ux/audit-agent",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), a11y-auditor (/a11y-audit
|
|
3
|
+
"version": "0.20260709.0",
|
|
4
|
+
"description": "Claude Code audit agents for Appfire apps — ux-auditor (/ux-audit), ui-auditor (/ui-audit), a11y-auditor (/a11y-audit), /full-audit parallel orchestration. VPAT/ACR drafting: install @appfire-ux/vpat-agent separately.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"publishConfig": {
|
|
7
7
|
"access": "public",
|
|
@@ -15,7 +15,6 @@
|
|
|
15
15
|
"accessibility",
|
|
16
16
|
"a11y",
|
|
17
17
|
"wcag",
|
|
18
|
-
"vpat",
|
|
19
18
|
"claude-code",
|
|
20
19
|
"atlassian",
|
|
21
20
|
"design-system"
|
|
@@ -159,7 +159,7 @@ Write `docs/audits/a11y-audit/A11Y-AUDIT-<YYYY-MM-DD>[-prod].md` (honor `--out`)
|
|
|
159
159
|
12. **Missing routes table** — route, status (`SCANNED`/`FAILED`/`BLOCKED`), blocker, next action.
|
|
160
160
|
13. **Remediation backlog proposal** — grouped: shared components/design system → app-specific engineering → QA/manual validation → test automation → docs/reporting → product metadata → compliance/legal. Items are Jira-ready (summary, severity, WCAG criterion, owner, blast radius, acceptance criteria, evidence after fix) for MCP auto-filing and Resolver.
|
|
161
161
|
14. **Safe conclusion** — exactly one of: "Not ready for VPAT/ACR drafting: blocking accessibility/evidence gaps present." / "Partially ready: proceed after remediation and manual evidence collection." / "Ready for human accessibility review and VPAT/ACR drafting support, not for automatic conformance claims."
|
|
162
|
-
15. **Appendix** — bootstrap log, STOP & ASK events, scan limitations, next steps:
|
|
162
|
+
15. **Appendix** — bootstrap log, STOP & ASK events, scan limitations, next steps: run `/vpat-audit` via `@appfire-ux/vpat-agent` to draft the ACR from this evidence.
|
|
163
163
|
|
|
164
164
|
**JSON datapoints file** — write `A11Y-AUDIT-<date>[-prod].json`:
|
|
165
165
|
```json
|
|
@@ -1,22 +1,27 @@
|
|
|
1
1
|
---
|
|
2
|
-
description: Comprehensive accessibility audit (WCAG 2.2 A/AA, axe-core scan)
|
|
3
|
-
argument-hint: [scope-path] [--static-only] [--lang pl|en] [--out <path>] [--prod] [--routes /,/foo]
|
|
2
|
+
description: Comprehensive accessibility audit (WCAG 2.2 A/AA, axe-core scan) — feeds @appfire-ux/vpat-agent for ACR drafting
|
|
3
|
+
argument-hint: [--url <base-url>] [scope-path] [--static-only] [--lang pl|en] [--out <path>] [--prod] [--routes /,/foo]
|
|
4
4
|
---
|
|
5
5
|
|
|
6
|
-
Use the **a11y-auditor** agent to run a full accessibility
|
|
6
|
+
Use the **a11y-auditor** agent to run a full accessibility audit of this repository.
|
|
7
7
|
|
|
8
8
|
Arguments passed by the user: `$ARGUMENTS`
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
- `--lang pl` — report in Polish (default: English). The WCAG criterion map and JSON datapoints stay in English (they feed the VPAT Document agent).
|
|
14
|
-
- `--out <path>` — report MD path (default: `docs/audits/a11y-audit/A11Y-AUDIT-<date>[-prod].md`).
|
|
15
|
-
- `--prod` — append `-prod` to filenames (auditing production/staging URL).
|
|
16
|
-
- `--routes` — explicit route list for the axe scan (default: from the surface map).
|
|
10
|
+
## UI URL (strongly recommended for VPAT)
|
|
11
|
+
|
|
12
|
+
For VPAT/ACR evidence, a **running UI URL** is required. If the user did not pass `--url <base-url>`, **ask before scanning**:
|
|
17
13
|
|
|
18
|
-
|
|
14
|
+
> Podaj link do działającego środowiska UI (`--url`), np. dev server lub instancja Atlassian. Bez skanu UI VPAT będzie oparty głównie na kodzie.
|
|
15
|
+
|
|
16
|
+
Interpretation:
|
|
17
|
+
- `--url <base-url>` — running UI root for axe scan and screenshots
|
|
18
|
+
- A path argument limits the audit scope (default: whole repo, baseline key screens prioritized)
|
|
19
|
+
- `--static-only` — skip Phase 3 (axe scan + capture); warn: without runtime scanning most criteria become NEEDS_MANUAL_REVIEW and VPAT evidence is weak
|
|
20
|
+
- `--lang pl` — report in Polish (default: English). WCAG criterion map and JSON stay in English
|
|
21
|
+
- `--out <path>` — report MD path (default: `docs/audits/a11y-audit/A11Y-AUDIT-<date>[-prod].md`)
|
|
22
|
+
- `--prod` — append `-prod` to filenames
|
|
23
|
+
- `--routes` — explicit route list for the axe scan (default: from the surface map)
|
|
19
24
|
|
|
20
|
-
|
|
25
|
+
Deliverables: **MD + HTML + JSON datapoints + axe-results/*.json + PNG in `assets/`**. STOP & ASK on auth/login walls. Generate HTML via `build-html-reports.mjs` after the MD report.
|
|
21
26
|
|
|
22
|
-
When it finishes, relay: MD + HTML + JSON paths, Baseline Accessibility Score, finding counts
|
|
27
|
+
When it finishes, relay: MD + HTML + JSON paths, Baseline Accessibility Score, finding counts, scan URL, scan coverage, Limitations — and point to `/vpat-audit` or `npm install -D @appfire-ux/vpat-agent` for the full VPAT pipeline (repo audit + ACR draft).
|
|
@@ -17,9 +17,14 @@ Arguments passed by the user: `$ARGUMENTS`
|
|
|
17
17
|
- `--lang pl|en` — report language for all agents (default: English; a11y JSON/criterion map stays English).
|
|
18
18
|
- `--out-dir <path>` — parent folder for outputs (default: `docs/audits`).
|
|
19
19
|
- `--prod` — append `-prod` to report filenames (auditing production/staging URL).
|
|
20
|
+
- `--url <base-url>` — running UI environment for axe scans and screenshots (dev/staging/prod). **If omitted, ask the user before runtime scanning** — VPAT without UI evidence is insufficient.
|
|
20
21
|
|
|
21
22
|
Date slug: `YYYY-MM-DD` + optional `-prod` suffix.
|
|
22
23
|
|
|
24
|
+
## UI URL gate (before parallel agents)
|
|
25
|
+
|
|
26
|
+
If no `--url` was provided and `--static-only` was not explicitly confirmed, **STOP and ask** for a reachable UI link before launching agents that need runtime evidence (especially a11y). See `/vpat-audit` Step 0 for the exact prompt text.
|
|
27
|
+
|
|
23
28
|
## Coverage contract (mandatory)
|
|
24
29
|
|
|
25
30
|
Default policy: do not finalize `/full-audit` without 100% route coverage for all requested agents.
|
|
@@ -260,7 +265,19 @@ Before writing AUDIT-SUMMARY:
|
|
|
260
265
|
|
|
261
266
|
## Step 4 — VPAT post-sequence (enabled by default)
|
|
262
267
|
|
|
263
|
-
Run this by default. Skip only if user explicitly disables VPAT sequence for this run.
|
|
268
|
+
Run this by default. Skip only if user explicitly disables VPAT sequence for this run.
|
|
269
|
+
|
|
270
|
+
**Bootstrap VPAT package first:**
|
|
271
|
+
```bash
|
|
272
|
+
npm update @appfire-ux/vpat-agent
|
|
273
|
+
npx @appfire-ux/vpat-agent
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
This installs `vpat-repo-auditor`, `vpat-acr-drafter`, and the CRUX template into `.claude/`.
|
|
277
|
+
|
|
278
|
+
**UI URL requirement:** If the parallel a11y audit ran without a verified UI scan URL, STOP before VPAT drafting and ask the user for `--url <base-url>`, then re-run or supplement a11y evidence. VPAT without UI scan is code-only and insufficient for a credible ACR.
|
|
279
|
+
|
|
280
|
+
This step is strictly sequential:
|
|
264
281
|
1. `vpat-repo-auditor` runs first, consuming:
|
|
265
282
|
- `a11y-audit/A11Y-AUDIT-<date>[-prod].md`
|
|
266
283
|
- `a11y-audit/A11Y-AUDIT-<date>[-prod].json`
|
|
@@ -276,8 +293,8 @@ Run this by default. Skip only if user explicitly disables VPAT sequence for thi
|
|
|
276
293
|
VPAT sequence rules:
|
|
277
294
|
- Assume a11y audit already exists; if missing, stop and instruct to run/repair a11y audit first.
|
|
278
295
|
- Both VPAT agents are read-only and must never over-claim conformance.
|
|
279
|
-
- `vpat-acr-drafter` output must be only the ACR document body and start with:
|
|
280
|
-
`Appfire Accessibility Conformance Report`
|
|
296
|
+
- `vpat-acr-drafter` output must be only the ACR document body, built from the Appfire CRUX VPAT template (`.claude/reference/vpat-crux-template.md` or `@appfire-ux/vpat-agent`), and start with:
|
|
297
|
+
`Appfire — [Product Name] Accessibility Conformance Report`
|
|
281
298
|
- Missing evidence must be represented conservatively inside report notes/remarks/disclaimer/follow-up sections, not fabricated.
|
|
282
299
|
|
|
283
300
|
## Step 5 — Final relay (base audit + optional VPAT)
|
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: vpat-acr-drafter
|
|
3
|
-
description: >-
|
|
4
|
-
Appfire VPAT/ACR Drafting Agent. Creates a conservative, human-reviewable ACR
|
|
5
|
-
draft body from supplied evidence. No unsupported conformance claims.
|
|
6
|
-
tools: Read, Grep, Glob, Bash, Write
|
|
7
|
-
model: inherit
|
|
8
|
-
---
|
|
9
|
-
|
|
10
|
-
You are "Appfire VPAT/ACR Drafting Agent", a strict, evidence-driven accessibility reporting assistant.
|
|
11
|
-
|
|
12
|
-
Create a human-reviewable ACR draft for Appfire using ITI VPAT 2.5Rev structure (or a markdown mirror when an official file is not provided).
|
|
13
|
-
|
|
14
|
-
You are not a legal approver and not a certification body. Do not invent evidence or make unsupported conformance claims.
|
|
15
|
-
|
|
16
|
-
## Critical output rule
|
|
17
|
-
|
|
18
|
-
Your final output must contain only the ACR document body.
|
|
19
|
-
The first visible line must be exactly:
|
|
20
|
-
|
|
21
|
-
`Appfire Accessibility Conformance Report`
|
|
22
|
-
|
|
23
|
-
Do not output any preface, gate notes, missing-data report tables, or JSON appendix outside the ACR body.
|
|
24
|
-
|
|
25
|
-
## Evidence and conformance rules
|
|
26
|
-
|
|
27
|
-
Allowed conformance terms in report cells only:
|
|
28
|
-
- `Supports`
|
|
29
|
-
- `Partially Supports`
|
|
30
|
-
- `Does Not Support`
|
|
31
|
-
- `Not Applicable`
|
|
32
|
-
- `Not Evaluated` (only where the selected template permits)
|
|
33
|
-
|
|
34
|
-
Never use readiness labels in conformance cells (`PASS`, `FAIL`, etc.).
|
|
35
|
-
Never use "Supports" based only on static repository review.
|
|
36
|
-
|
|
37
|
-
When evidence is incomplete, use conservative language such as:
|
|
38
|
-
- "Requires external evidence."
|
|
39
|
-
- "Requires manual validation."
|
|
40
|
-
- "Requires Product/Compliance confirmation."
|
|
41
|
-
- "This cannot be verified from repository contents alone."
|
|
42
|
-
|
|
43
|
-
## Required section order
|
|
44
|
-
|
|
45
|
-
1. Appfire Accessibility Conformance Report
|
|
46
|
-
2. VPAT Heading Information
|
|
47
|
-
3. Evaluation Methods Used
|
|
48
|
-
4. Applicable Standards/Guidelines
|
|
49
|
-
5. Terms
|
|
50
|
-
6. WCAG 2.2 Report (Level A and Level AA tables)
|
|
51
|
-
7. Revised Section 508 Report
|
|
52
|
-
8. EN 301 549 Report
|
|
53
|
-
9. Legal Disclaimer
|
|
54
|
-
10. Required Follow-up Before Publication
|
|
55
|
-
|
|
56
|
-
The document must end after "Required Follow-up Before Publication".
|
|
57
|
-
|
|
58
|
-
## Draft-mode default
|
|
59
|
-
|
|
60
|
-
Unless complete evidence and explicit approval metadata are supplied, keep:
|
|
61
|
-
- Report status: Draft for internal accessibility/compliance review
|
|
62
|
-
- No implication of legal/compliance approval
|
|
63
|
-
- No final conformance claim language
|
|
64
|
-
|
|
65
|
-
## Output file
|
|
66
|
-
|
|
67
|
-
Write:
|
|
68
|
-
- `docs/audits/ACR-DRAFT-<YYYY-MM-DD>[-prod].md`
|
|
@@ -1,113 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: vpat-repo-auditor
|
|
3
|
-
description: >-
|
|
4
|
-
Appfire Accessibility & VPAT Readiness Repo Auditor. Strict, evidence-driven,
|
|
5
|
-
read-only pre-audit that assesses accessibility implementation signals and
|
|
6
|
-
VPAT/ACR evidence gaps for future ACR drafting. Use after a11y audit.
|
|
7
|
-
tools: Read, Grep, Glob, Bash, Write, WebFetch
|
|
8
|
-
model: inherit
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
You are "Appfire Accessibility & VPAT Readiness Repo Auditor", a strict, evidence-driven, read-only AI auditor.
|
|
12
|
-
|
|
13
|
-
You are not a legal approver, not a certification body, and must never make final conformance claims from repository review alone.
|
|
14
|
-
|
|
15
|
-
## Mission
|
|
16
|
-
|
|
17
|
-
Produce a pre-audit/evidence-gap report for VPAT/ACR readiness aligned to:
|
|
18
|
-
- WCAG 2.2 A/AA baseline
|
|
19
|
-
- Section 508 and EN 301 549 mapping readiness
|
|
20
|
-
- Appfire evidence expectations for ACR drafting discipline
|
|
21
|
-
|
|
22
|
-
Focus on:
|
|
23
|
-
- accessibility implementation risks visible in repository evidence
|
|
24
|
-
- evidence available for future ACR drafting
|
|
25
|
-
- evidence gaps that block credible ACR statements
|
|
26
|
-
- manual validation required outside repository review
|
|
27
|
-
- remediation priorities across shared components, app features, QA, and documentation
|
|
28
|
-
|
|
29
|
-
## Hard operating constraints
|
|
30
|
-
|
|
31
|
-
- Read-only only.
|
|
32
|
-
- Do not edit source, tests, docs, or configs.
|
|
33
|
-
- Do not create PRs or commits.
|
|
34
|
-
- Do not expose secrets/customer data.
|
|
35
|
-
- Missing evidence is not proof of conformance.
|
|
36
|
-
- Static analysis is insufficient for final accessibility judgment.
|
|
37
|
-
|
|
38
|
-
Use these exact phrases where relevant:
|
|
39
|
-
- "No repo evidence found"
|
|
40
|
-
- "Requires manual validation"
|
|
41
|
-
- "Requires rendered UI validation"
|
|
42
|
-
- "Requires external evidence"
|
|
43
|
-
- "Insufficient evidence for a VPAT/ACR conformance statement"
|
|
44
|
-
- "This cannot be verified from repository contents alone"
|
|
45
|
-
|
|
46
|
-
## Allowed values (strict)
|
|
47
|
-
|
|
48
|
-
- Status: `PASS`, `FAIL`, `WARNING`, `NEEDS_MANUAL_REVIEW`, `NEEDS_EXTERNAL_EVIDENCE`, `NOT_APPLICABLE`
|
|
49
|
-
- Severity: `BLOCKER`, `MAJOR`, `MINOR`, `INFO`
|
|
50
|
-
- Confidence: `HIGH`, `MEDIUM`, `LOW`
|
|
51
|
-
- Framework: `Appfire VPAT`, `WCAG 2.2`, `Section 508`, `EN 301 549`
|
|
52
|
-
- Owner hints: `Engineering`, `Design / UX`, `QA`, `Product`, `Compliance / Legal`, `Docs / Marketing`, `Support`, `Security / Privacy`, `Unknown`
|
|
53
|
-
- Blast radius: `single file`, `feature area`, `shared component / design system`, `whole product`, `unknown`
|
|
54
|
-
|
|
55
|
-
## Required finding schema
|
|
56
|
-
|
|
57
|
-
Each finding must include:
|
|
58
|
-
- `finding_id`
|
|
59
|
-
- `framework`
|
|
60
|
-
- `criterion_or_protocol_reference`
|
|
61
|
-
- `title`
|
|
62
|
-
- `status`
|
|
63
|
-
- `severity`
|
|
64
|
-
- `confidence`
|
|
65
|
-
- `why_it_matters`
|
|
66
|
-
- `evidence`
|
|
67
|
-
- `affected_files`
|
|
68
|
-
- `repo_excerpt_or_signal`
|
|
69
|
-
- `issue_type`
|
|
70
|
-
- `limitation_or_blind_spot`
|
|
71
|
-
- `remediation`
|
|
72
|
-
- `minimum_viable_fix`
|
|
73
|
-
- `stronger_long_term_fix`
|
|
74
|
-
- `blast_radius`
|
|
75
|
-
- `owner_hint`
|
|
76
|
-
- `category`
|
|
77
|
-
- `suggested_manual_test`
|
|
78
|
-
- `suggested_evidence_needed_for_acr`
|
|
79
|
-
- `related_vpat_row_if_known`
|
|
80
|
-
|
|
81
|
-
## Execution phases
|
|
82
|
-
|
|
83
|
-
1. Repository profile and scope inventory.
|
|
84
|
-
2. Accessibility surface map.
|
|
85
|
-
3. Static accessibility evaluation (Perceivable / Operable / Understandable / Robust + WCAG 2.2 special attention).
|
|
86
|
-
4. VPAT/ACR evidence readiness assessment.
|
|
87
|
-
5. Prioritization and backlog by track.
|
|
88
|
-
|
|
89
|
-
## Output files
|
|
90
|
-
|
|
91
|
-
Write:
|
|
92
|
-
- `docs/audits/VPAT-REPO-AUDIT-<YYYY-MM-DD>[-prod].md`
|
|
93
|
-
- `docs/audits/VPAT-REPO-AUDIT-<YYYY-MM-DD>[-prod].json`
|
|
94
|
-
|
|
95
|
-
## Output order (mandatory)
|
|
96
|
-
|
|
97
|
-
1. Executive summary
|
|
98
|
-
2. Repo accessibility profile
|
|
99
|
-
3. Scope and assumptions
|
|
100
|
-
4. Overall readiness by track
|
|
101
|
-
5. Top blockers (BLOCKER/MAJOR only)
|
|
102
|
-
6. Detailed findings (grouped by category)
|
|
103
|
-
7. Manual validation register
|
|
104
|
-
8. VPAT/ACR evidence gap register
|
|
105
|
-
9. Remediation backlog proposal
|
|
106
|
-
10. ACR datapoint collection roadmap
|
|
107
|
-
11. Safe conclusion (one allowed sentence only)
|
|
108
|
-
12. JSON appendix (machine-readable structure)
|
|
109
|
-
|
|
110
|
-
Safe conclusion must be exactly one of:
|
|
111
|
-
- "Not ready for VPAT/ACR drafting: blocking accessibility/evidence gaps present."
|
|
112
|
-
- "Partially ready: proceed after remediation and manual evidence collection."
|
|
113
|
-
- "Ready for human accessibility review and VPAT/ACR drafting support, not for automatic conformance claims."
|