bmad-plus 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/CHANGELOG.md +450 -425
  2. package/LICENSE +21 -21
  3. package/README.md +555 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +576 -426
  31. package/readme-international/README.es.md +578 -518
  32. package/readme-international/README.fr.md +576 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
  46. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
  47. package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
  48. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
  49. package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
  50. package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
  51. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
  52. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
  53. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
  54. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
  55. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
  56. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
  57. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
  58. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
  59. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
  60. package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
  61. package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
  62. package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
  63. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
  64. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  65. package/src/bmad-plus/module-help.csv +10 -10
  66. package/src/bmad-plus/module.yaml +283 -280
  67. package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
  68. package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
  69. package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
  70. package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
  71. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  111. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  112. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  113. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  114. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  115. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  116. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  117. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  118. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  119. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  120. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  121. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  122. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  123. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  124. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  125. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  126. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  127. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  128. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  129. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  130. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  131. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  132. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  133. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  134. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  135. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  136. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  137. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  138. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  139. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  140. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  141. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  142. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  143. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  144. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  145. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  146. package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
  147. package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
  148. package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
  149. package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
  150. package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
  151. package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
  152. package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
  153. package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
  154. package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
  155. package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
  156. package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
  157. package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
  158. package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
  159. package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
  160. package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
  161. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  162. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  163. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  164. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  165. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  166. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  167. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  168. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  169. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  170. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  171. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  172. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  173. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  174. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  175. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  176. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  177. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  178. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  179. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  180. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  181. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  182. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  183. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  184. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  185. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  186. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  187. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  188. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  189. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  190. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  191. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  192. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  193. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  194. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  195. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  196. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  197. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  198. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  199. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  200. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  201. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  202. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  203. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  204. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  205. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  206. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  207. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  208. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  209. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  210. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  211. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  212. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  213. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  214. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  215. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  216. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  217. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  218. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  219. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  220. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  221. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  222. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  223. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  224. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  225. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  226. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  227. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  228. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  229. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  230. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  231. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  232. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  233. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  234. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  235. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  236. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  237. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  238. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  239. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  240. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  241. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  242. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  243. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  244. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  245. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  246. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  247. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  248. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  249. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  250. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  251. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  252. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  253. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  254. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  255. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  256. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  257. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  258. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  259. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  260. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  261. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  262. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  263. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  264. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  265. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  266. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  267. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  268. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  269. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  270. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  271. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  272. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  273. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  274. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  275. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  276. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  277. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  278. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  279. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  280. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  281. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  282. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  283. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  284. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  285. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  286. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  287. package/tools/cli/commands/autoconfig.js +498 -489
  288. package/tools/cli/commands/doctor.js +222 -222
  289. package/tools/cli/commands/install.js +739 -739
  290. package/tools/cli/commands/memory.js +194 -194
  291. package/tools/cli/commands/scan.js +360 -350
  292. package/tools/cli/commands/uninstall.js +96 -96
  293. package/tools/cli/commands/update.js +174 -174
  294. package/tools/cli/i18n.js +763 -763
@@ -1,510 +1,510 @@
1
- # WCAG 2.2 Success Criteria — Detailed Reference
2
-
3
- This file provides detailed guidance for all WCAG 2.2 Level A and AA success criteria. Read only the sections relevant to the current task.
4
-
5
- ## Table of Contents
6
-
7
- - [1.1 Text Alternatives](#11-text-alternatives)
8
- - [1.2 Time-based Media](#12-time-based-media)
9
- - [1.3 Adaptable](#13-adaptable)
10
- - [1.4 Distinguishable](#14-distinguishable)
11
- - [2.1 Keyboard Accessible](#21-keyboard-accessible)
12
- - [2.2 Enough Time](#22-enough-time)
13
- - [2.3 Seizures and Physical Reactions](#23-seizures-and-physical-reactions)
14
- - [2.4 Navigable](#24-navigable)
15
- - [2.5 Input Modalities](#25-input-modalities)
16
- - [3.1 Readable](#31-readable)
17
- - [3.2 Predictable](#32-predictable)
18
- - [3.3 Input Assistance](#33-input-assistance)
19
- - [4.1 Compatible](#41-compatible)
20
- - [WCAG 2.2 New Criteria Summary](#wcag-22-new-criteria-summary)
21
- - [Testing Tools Reference](#testing-tools-reference)
22
-
23
- ---
24
-
25
- ## 1.1 Text Alternatives
26
-
27
- ### SC 1.1.1 Non-text Content (Level A)
28
-
29
- **Requirement:** All non-text content has a text alternative that serves the equivalent purpose.
30
-
31
- **Sufficient techniques:**
32
- - `G94`: Providing short text alternative for non-text content that serves the same purpose
33
- - `H37`: Using `alt` attributes on `<img>` elements
34
- - `H36`: Using `alt` attributes on images used as submit buttons
35
- - `ARIA6`: Using `aria-label` to provide labels for objects
36
- - `H67`: Using null alt text and no title attribute on img for images that AT should ignore
37
-
38
- **Common failures:**
39
- - F3: Using CSS background images to convey information with no text equivalent
40
- - F13: Using text alternatives that do not include information conveyed by color or position in an image
41
- - F20: Not updating text alternatives when non-text content changes
42
- - F30: Using text alternatives that are not alternatives (same as filename, placeholder text, etc.)
43
- - F38: Not marking up decorative images so they can be ignored by AT
44
- - F65: Omitting the alt attribute or text alternative on img elements, area elements, or input elements of type "image"
45
-
46
- **Scope:**
47
- - Informative images → meaningful alt text
48
- - Decorative images → `alt=""` with no title
49
- - Functional images (buttons, links) → alt describes function, not appearance
50
- - Complex images (charts, diagrams) → short alt + long description via `aria-describedby`, `longdesc`, or adjacent text
51
- - Captchas → provide audio captcha or text alternative explaining what captcha is for
52
- - Purely decorative text or text part of a logo → may be treated as decorative
53
-
54
- ---
55
-
56
- ## 1.2 Time-based Media
57
-
58
- ### SC 1.2.1 Audio-only and Video-only — Pre-recorded (Level A)
59
- Provide a text transcript for pre-recorded audio-only. Provide a text alternative or audio track for pre-recorded video-only.
60
-
61
- ### SC 1.2.2 Captions — Pre-recorded (Level A)
62
- All pre-recorded audio content in synchronised media has captions. Auto-generated captions alone do not satisfy this unless they are accurate and reviewed.
63
-
64
- **Key requirements for captions:**
65
- - Synchronised with the audio
66
- - Verbatim (or close equivalent for edited captions)
67
- - Identify speakers
68
- - Include relevant sound effects [applause], [laughter] when they convey meaning
69
-
70
- ### SC 1.2.3 Audio Description or Media Alternative — Pre-recorded (Level A)
71
- An alternative for time-based media or audio description of the prerecorded video content in synchronized media is provided, except where the media is a media alternative for text and is clearly labeled as such.
72
-
73
- ### SC 1.2.4 Captions — Live (Level AA)
74
- Captions are provided for all live audio content in synchronised media. Live captions may be provided by CART (Communication Access Realtime Translation) services.
75
-
76
- ### SC 1.2.5 Audio Description — Pre-recorded (Level AA)
77
- Audio description is provided for all prerecorded video content in synchronised media. Describes visual information not conveyed in the audio track: actions, scene changes, on-screen text.
78
-
79
- ---
80
-
81
- ## 1.3 Adaptable
82
-
83
- ### SC 1.3.1 Info and Relationships (Level A)
84
-
85
- **Requirement:** Information, structure, and relationships conveyed through presentation can be programmatically determined or are available in text.
86
-
87
- **Key patterns:**
88
- - Use `<h1>`–`<h6>` for headings — not styled `<div>` or `<p>` elements
89
- - Use `<table>` with `<th scope="col|row">` for data tables; use `<caption>` for table title
90
- - Use `<label for="id">` to associate form labels, or `aria-labelledby`/`aria-label`
91
- - Use `<fieldset>` and `<legend>` for groups of related inputs (radio buttons, checkboxes)
92
- - Use `<ul>`, `<ol>`, `<dl>` for lists; don't fake lists with dashes and line breaks
93
- - Required fields: mark with `aria-required="true"` or `required`; don't rely on colour alone
94
-
95
- **Common failures:**
96
- - F2: Using changes in text presentation to convey information without using the appropriate markup
97
- - F17: Relying on CSS visual placement to associate labels with form controls
98
- - F33: Using white space characters to create multiple columns in plain text
99
- - F34: Using white space characters to format tables in plain text
100
- - F42: Using scripting events to emulate links without appropriate semantic markup
101
- - F43: Using structural markup in a way that does not represent relationships in the content
102
- - F46: Using `summary` attribute on layout table (misrepresents it as data table)
103
- - F48: Using the `pre` element to markup tabular information
104
- - F68: Association between a label and control not programmatically determined
105
- - F87: Inserting spacer images with no alt text into tables used for layout
106
- - F91: Not marking up table headers correctly
107
-
108
- ### SC 1.3.2 Meaningful Sequence (Level A)
109
- The reading sequence can be determined programmatically when the presentation sequence affects meaning. DOM order should match visual reading order; CSS positioning must not reorder meaningful content.
110
-
111
- ### SC 1.3.3 Sensory Characteristics (Level A)
112
- Instructions do not rely solely on sensory characteristics such as shape, colour, size, visual location, orientation, or sound. Example failure: "click the round button" or "see the form in the right column."
113
-
114
- ### SC 1.3.4 Orientation (Level AA — WCAG 2.1)
115
- Content does not restrict its view and operation to a single display orientation unless essential. Mobile sites should support both portrait and landscape unless orientation is essential (e.g., piano app).
116
-
117
- ### SC 1.3.5 Identify Input Purpose (Level AA — WCAG 2.1)
118
- The purpose of each input field collecting information about the user can be programmatically determined using the HTML `autocomplete` attribute with defined token values.
119
-
120
- **Key autocomplete tokens:**
121
- - `name`, `given-name`, `family-name`
122
- - `email`, `tel`
123
- - `street-address`, `address-line1`, `address-line2`, `postal-code`, `country`
124
- - `bday`, `sex`
125
- - `current-password`, `new-password`
126
- - `cc-name`, `cc-number`, `cc-exp`
127
-
128
- ---
129
-
130
- ## 1.4 Distinguishable
131
-
132
- ### SC 1.4.1 Use of Colour (Level A)
133
- Colour is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.
134
-
135
- **Fixes:** Add text labels, icons, patterns, or other non-colour differentiators alongside colour.
136
-
137
- ### SC 1.4.2 Audio Control (Level A)
138
- Auto-playing audio longer than 3 seconds can be paused or stopped by the user, or the volume can be adjusted independently from the system volume.
139
-
140
- ### SC 1.4.3 Contrast — Minimum (Level AA)
141
- - Normal text (below 18pt or 14pt bold): **4.5:1** minimum contrast ratio
142
- - Large text (18pt/24px+ regular OR 14pt/18.67px+ bold): **3:1** minimum
143
- - Logotypes, inactive UI components, decorative text: exempt
144
-
145
- **Formula:** Contrast ratio = (L1 + 0.05) / (L2 + 0.05) where L1 is the lighter luminance and L2 is the darker relative luminance. Relative luminance uses the sRGB colour model.
146
-
147
- **Tools:** WebAIM Contrast Checker, Colour Contrast Analyser (desktop app), browser DevTools > Accessibility > Contrast.
148
-
149
- **Edge cases:**
150
- - Placeholder text in inputs: often fails — must meet 4.5:1 if it's the only content visible
151
- - Text in images: must meet contrast requirements
152
- - Text over gradient/image backgrounds: check at the worst-case overlap area
153
-
154
- ### SC 1.4.4 Resize Text (Level AA)
155
- Text can be resized without assistive technology up to 200 percent without loss of content or functionality. Use relative units (`rem`, `em`, `%`) rather than `px` for font sizes and container heights. Test at 200% browser zoom with no horizontal scrollbar for single-column content.
156
-
157
- ### SC 1.4.5 Images of Text (Level AA)
158
- Text is used to convey information rather than images of text, except for logotypes or where the image of text is essential to the information conveyed.
159
-
160
- ### SC 1.4.10 Reflow (Level AA — WCAG 2.1)
161
- Content can be presented without loss of information or functionality, and without requiring scrolling in two dimensions for:
162
- - Vertical-scrolling content at a width equivalent to 320 CSS pixels
163
- - Horizontal-scrolling content at a height equivalent to 256 CSS pixels
164
-
165
- **Exception:** Content that requires two-dimensional layout for its usage or meaning (data tables, maps, diagrams, videos, games).
166
-
167
- **Test method:** Set browser viewport to 320px width (or zoom to 400% on 1280px display) and verify no horizontal scrollbar appears.
168
-
169
- ### SC 1.4.11 Non-text Contrast (Level AA — WCAG 2.1)
170
- UI components (form fields, buttons, focus indicators) and informational graphics have a contrast ratio of at least **3:1** against adjacent colours.
171
-
172
- **Scope:**
173
- - Input borders against background
174
- - Checkbox/radio outlines
175
- - Focus indicators (custom)
176
- - Chart lines, graph bars, data points
177
- - Icons that convey meaning (not decorative)
178
-
179
- **Exempt:** Inactive/disabled components; logotypes; purely decorative graphics.
180
-
181
- ### SC 1.4.12 Text Spacing (Level AA — WCAG 2.1)
182
- No loss of content or functionality when all the following text spacing properties are overridden simultaneously:
183
- - Line height ≥ 1.5 × font size
184
- - Letter spacing ≥ 0.12 × font size
185
- - Word spacing ≥ 0.16 × font size
186
- - Spacing following paragraphs ≥ 2 × font size
187
-
188
- **Test:** Use the Text Spacing bookmarklet to apply all four properties at once and check for clipped/overlapping text.
189
-
190
- ### SC 1.4.13 Content on Hover or Focus (Level AA — WCAG 2.1)
191
- Additional content that appears on hover or keyboard focus must be:
192
- 1. **Dismissable** — user can dismiss it without moving the pointer or focus (typically via Escape)
193
- 2. **Hoverable** — if the trigger is hover, the pointer can move over the additional content without it disappearing
194
- 3. **Persistent** — the content stays visible until the user dismisses it, moves focus/pointer away, or the information is no longer valid
195
-
196
- **Common failures:** Tooltips that disappear when pointer moves toward them; tooltips with no way to dismiss.
197
-
198
- ---
199
-
200
- ## 2.1 Keyboard Accessible
201
-
202
- ### SC 2.1.1 Keyboard (Level A)
203
- All functionality is available via keyboard without requiring specific timings for individual keystrokes.
204
-
205
- **Required keyboard patterns (ARIA Authoring Practices Guide):**
206
- - Dropdown menus: Arrow keys to navigate, Enter/Space to activate, Escape to close
207
- - Dialogs/modals: Tab within modal, Escape to close, focus returns to trigger on close
208
- - Tabs: Arrow keys between tabs, Tab into tabpanel content
209
- - Sliders: Arrow keys to change value, Home/End for min/max
210
- - Date pickers: Arrow keys for day navigation, Page Up/Down for month/year
211
- - Tree views: Arrow keys, Enter to activate
212
- - Autocomplete: Arrow keys, Enter to select, Escape to close
213
-
214
- **Common failures:** Mouse-only `onclick`, `onmouseover` handlers on non-focusable elements; drag-and-drop without keyboard alternative; inaccessible custom widgets.
215
-
216
- ### SC 2.1.2 No Keyboard Trap (Level A)
217
- Keyboard focus can be moved from any component using standard keys (Tab, Shift+Tab, arrow keys). If non-standard keys are needed, the user is informed.
218
-
219
- **Modal dialogs:** Focus may be intentionally constrained to the modal, but there must be a way to close and return focus to the trigger.
220
-
221
- ### SC 2.1.4 Character Key Shortcuts (Level A — WCAG 2.1)
222
- If single-character key shortcuts are implemented, at least one of: the shortcut can be turned off, remapped, or only active on focus.
223
-
224
- ---
225
-
226
- ## 2.2 Enough Time
227
-
228
- ### SC 2.2.1 Timing Adjustable (Level A)
229
- For time limits set by the content: the user can turn off, adjust, or extend the limit. Exception: real-time events (auctions), essential time limits, >20 hours.
230
-
231
- **Best practice:** Warn users 20 seconds before session timeout with an option to extend.
232
-
233
- ### SC 2.2.2 Pause, Stop, Hide (Level A)
234
- For moving, blinking, scrolling, or auto-updating information that starts automatically and lasts more than 5 seconds: provide controls to pause, stop, or hide it. Exception: essential movement.
235
-
236
- ---
237
-
238
- ## 2.3 Seizures and Physical Reactions
239
-
240
- ### SC 2.3.1 Three Flashes or Below (Level A)
241
- No content flashes more than three times per second OR the flash is below the general flash and red flash thresholds. Applies to video, animations, GIFs, and scripted effects.
242
-
243
- ---
244
-
245
- ## 2.4 Navigable
246
-
247
- ### SC 2.4.1 Bypass Blocks (Level A)
248
- A mechanism to skip blocks of content repeated on multiple pages. Typically implemented as a skip link ("Skip to main content") or via ARIA landmark regions (`main`, `nav`, `header`, `footer`, `aside`).
249
-
250
- **Best practice:** Provide both a visible skip link and proper landmark structure. Skip link should be the first focusable element and should become visible on focus.
251
-
252
- ### SC 2.4.2 Page Titled (Level A)
253
- Web pages have titles that describe topic or purpose. Titles should be unique across the site and follow the pattern "Page-specific title — Site name."
254
-
255
- ### SC 2.4.3 Focus Order (Level A)
256
- Focusable components receive focus in an order that preserves meaning and operability. DOM order should match visual reading order; avoid `tabindex` values greater than 0 which disrupt natural tab order.
257
-
258
- ### SC 2.4.4 Link Purpose — In Context (Level A)
259
- The purpose of each link can be determined from the link text alone, or from the link text plus its programmatic context (enclosing sentence, list item, table cell, or associated header).
260
-
261
- **Failures:** "Click here", "Read more", "Learn more" with no accessible context.
262
-
263
- **Fix:** Use descriptive link text ("Read our WCAG 2.2 guide") or supplement with `aria-label` or `aria-describedby`.
264
-
265
- ### SC 2.4.5 Multiple Ways (Level AA)
266
- More than one way to locate a page within a set of pages. At least two of: site navigation, site search, site map, table of contents, list of related pages. Exception: pages that are the result of a process (checkout confirmation).
267
-
268
- ### SC 2.4.6 Headings and Labels (Level AA)
269
- Headings and labels describe the topic or purpose of the content they apply to. Headings must be meaningful — not "Section 1" or "Content."
270
-
271
- ### SC 2.4.7 Focus Visible (Level AA)
272
- Any keyboard operable interface has a mode of operation where the keyboard focus indicator is visible. Do not use `outline: none` without a replacement focus style.
273
-
274
- **Best practice:** Use `focus-visible` CSS pseudo-class to show focus only for keyboard users (not mouse clicks).
275
-
276
- ### SC 2.4.11 Focus Not Obscured — Minimum (Level AA — WCAG 2.2)
277
- When a UI component receives keyboard focus, it is not entirely hidden due to author-created content (sticky headers, banners, cookie notices, chat bubbles). The component may be partially obscured; it just must not be completely hidden.
278
-
279
- **Fix:** Ensure `scroll-margin-top` or equivalent compensates for sticky header height; or use `position: sticky` with sufficient top offset.
280
-
281
- ### SC 2.4.12 Focus Not Obscured — Enhanced (Level AAA — WCAG 2.2)
282
- The focused component is not hidden by any author-created content. The entire component is fully visible when focused.
283
-
284
- ### SC 2.4.13 Focus Appearance (Level AAA — WCAG 2.2)
285
- The focus indicator area: (a) encloses the UI component or its text; (b) has a contrast ratio of at least 3:1 between focused and unfocused states; (c) has a contrast ratio of at least 3:1 against adjacent colours; and (d) is not entirely obscured.
286
-
287
- ---
288
-
289
- ## 2.5 Input Modalities
290
-
291
- ### SC 2.5.1 Pointer Gestures (Level A — WCAG 2.1)
292
- All functionality using multipoint (pinch/zoom) or path-based gestures (swipe) has a single-pointer alternative that doesn't require a specific path.
293
-
294
- ### SC 2.5.2 Pointer Cancellation (Level A — WCAG 2.1)
295
- For functionality activated with a single pointer: at least one of: no down-event activation; up-event can abort/undo; up-event reverses down-event; down-event essential.
296
-
297
- **Failure:** Click action fires on `mousedown` rather than `mouseup`, preventing users from cancelling by moving the pointer away.
298
-
299
- ### SC 2.5.3 Label in Name (Level A — WCAG 2.1)
300
- For UI components with visible text labels, the accessible name (computed name from `aria-label`, `aria-labelledby`, or native label) contains the visible label text.
301
-
302
- **Failure:** Button visually labelled "Submit form" but `aria-label="Send"` — voice control users saying "click Submit form" will not activate it.
303
-
304
- ### SC 2.5.4 Motion Actuation (Level A — WCAG 2.1)
305
- Functionality triggered by device motion (shaking, tilting) can also be operated via UI components and motion response can be disabled (except where motion is essential).
306
-
307
- ### SC 2.5.7 Dragging Movements (Level AA — WCAG 2.2)
308
- All functionality that uses a dragging movement for operation can also be achieved with a single pointer without dragging.
309
-
310
- **Examples:** Sortable list with drag handles — must have up/down buttons; range slider with drag — must have text input or increment buttons; kanban card drag-and-drop — must have a keyboard-accessible alternative.
311
-
312
- ### SC 2.5.8 Target Size — Minimum (Level AA — WCAG 2.2)
313
- The size of the target for pointer inputs is at least 24 by 24 CSS pixels, except where:
314
- - **Spacing:** Undersized targets are offset from other targets by at least 24px in all directions
315
- - **Equivalent:** The function can be achieved through an equivalent control that meets the criterion
316
- - **Inline:** Target is in a sentence or its size is constrained by the line-height of non-target text
317
- - **User agent:** The target size is determined by the user agent and not modified by the author
318
- - **Essential:** A particular presentation is essential to the information conveyed
319
-
320
- **Recommendation:** Aim for at least 44×44 CSS pixels for all touch targets (iOS/Android HIG recommendation).
321
-
322
- ---
323
-
324
- ## 3.1 Readable
325
-
326
- ### SC 3.1.1 Language of Page (Level A)
327
- The default human language of each web page can be programmatically determined. Set `lang` attribute on `<html>` element (e.g., `<html lang="en">`). Use valid BCP 47 language tags.
328
-
329
- ### SC 3.1.2 Language of Parts (Level AA)
330
- Human language of each passage or phrase in the content can be programmatically determined except for proper names, technical terms, indeterminate language, and words that have become part of the vernacular.
331
-
332
- **Fix:** `<span lang="fr">Bonjour</span>` for inline foreign language content.
333
-
334
- ---
335
-
336
- ## 3.2 Predictable
337
-
338
- ### SC 3.2.1 On Focus (Level A)
339
- When a UI component receives focus, it does not initiate a change of context (new window, form submission, significant page change).
340
-
341
- ### SC 3.2.2 On Input (Level A)
342
- Changing the setting of a UI component does not automatically cause a change of context unless the user has been advised before using the component.
343
-
344
- **Failure:** Selecting a radio button or option in a select element immediately navigates to a new page without a submit button.
345
-
346
- ### SC 3.2.3 Consistent Navigation (Level AA)
347
- Navigational mechanisms that are repeated on multiple pages appear in the same relative order each time they are repeated, unless a change is initiated by the user.
348
-
349
- ### SC 3.2.4 Consistent Identification (Level AA)
350
- Components that have the same functionality within a set of web pages are identified consistently.
351
-
352
- **Failure:** Search feature labelled "Search" on most pages but "Find" on others; or "Go" instead of "Submit" for the same form action.
353
-
354
- ### SC 3.2.6 Consistent Help (Level A — WCAG 2.2)
355
- If a web page provides help mechanisms (contact details, human contact, self-help option, automated contact mechanism), those mechanisms appear in the same location relative to other page content across a set of web pages, unless a change is initiated by the user.
356
-
357
- ---
358
-
359
- ## 3.3 Input Assistance
360
-
361
- ### SC 3.3.1 Error Identification (Level A)
362
- If an input error is automatically detected, the item in error is identified and the error is described to the user in text.
363
-
364
- **Requirements:**
365
- - Error messages must be in text (not just colour or icon)
366
- - Must identify which field is in error
367
- - Must describe the error
368
- - Must be programmatically associated with the field (`aria-describedby` or adjacent text)
369
-
370
- ### SC 3.3.2 Labels or Instructions (Level A)
371
- Labels or instructions are provided when content requires user input. Format hints (e.g., "MM/DD/YYYY") must be provided before or within the form field.
372
-
373
- ### SC 3.3.3 Error Suggestion (Level AA)
374
- If an input error is automatically detected and suggestions for correction are known, then the suggestion is provided to the user.
375
-
376
- **Not sufficient:** "Invalid input" — the error must explain what is wrong.
377
-
378
- **Sufficient:** "Please enter a date in MM/DD/YYYY format" or "Password must be at least 8 characters and include a number."
379
-
380
- ### SC 3.3.4 Error Prevention — Legal, Financial, Data (Level AA)
381
- For pages that cause legal commitments, financial transactions, modify/delete user-controlled data, or submit test responses, at least one of:
382
- 1. **Reversible** — submission is reversible
383
- 2. **Checked** — data entered is checked for errors and user is given opportunity to correct them
384
- 3. **Confirmed** — mechanism is available for reviewing, confirming, and correcting information before finalising
385
-
386
- ### SC 3.3.7 Redundant Entry (Level A — WCAG 2.2)
387
- Information previously entered by or provided to the user that is required again in the same process is either auto-populated or available for the user to select.
388
-
389
- **Exception:** Re-entering information essential for security reasons (e.g., password confirmation) or when the previously entered information is no longer valid.
390
-
391
- ### SC 3.3.8 Accessible Authentication — Minimum (Level AA — WCAG 2.2)
392
- A cognitive function test (remember a password, solve a puzzle, recognise objects) is not required for any step in an authentication process unless the step provides an alternative that does not rely on cognitive function test, a mechanism to assist the user in completing the cognitive function test, or the cognitive function test is to recognise objects.
393
-
394
- **Common failure:** CAPTCHA with no accessible alternative (audio CAPTCHA, support contact option, or single-use login link).
395
-
396
- **Passes:** Email magic link (no cognitive test); passkey/biometric authentication; CAPTCHA with audio alternative and support option.
397
-
398
- ---
399
-
400
- ## 4.1 Compatible
401
-
402
- ### SC 4.1.1 Parsing (Level A — Removed in WCAG 2.2)
403
- In WCAG 2.0 and 2.1, required valid markup (no duplicate IDs, complete start/end tags, proper nesting). Removed from WCAG 2.2 because modern browsers handle parsing errors gracefully. Still relevant for WCAG 2.0/2.1 conformance claims and Section 508 compliance.
404
-
405
- **Remaining concern:** Duplicate IDs still cause failures for `aria-labelledby` and `aria-describedby` associations.
406
-
407
- ### SC 4.1.2 Name, Role, Value (Level A)
408
- For all UI components, the name and role can be programmatically determined; states, properties, and values that can be set by the user can be programmatically determined; and notification of changes to these items is available to user agents, including assistive technologies.
409
-
410
- **Key ARIA patterns:**
411
-
412
- | Widget | Required ARIA |
413
- |--------|--------------|
414
- | Accordion | `role="button"`, `aria-expanded`, `aria-controls` |
415
- | Alert | `role="alert"` or `aria-live="assertive"` |
416
- | Autocomplete | `role="combobox"`, `aria-expanded`, `aria-autocomplete`, `aria-activedescendant` |
417
- | Button (toggle) | `role="button"`, `aria-pressed` |
418
- | Checkbox (custom) | `role="checkbox"`, `aria-checked` |
419
- | Dialog | `role="dialog"`, `aria-modal`, `aria-labelledby` |
420
- | Menu | `role="menu"`, `role="menuitem"`, `aria-haspopup`, `aria-expanded` |
421
- | Progressbar | `role="progressbar"`, `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
422
- | Radio (custom) | `role="radio"`, `aria-checked`, within `role="radiogroup"` |
423
- | Slider | `role="slider"`, `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
424
- | Tab/Tabpanel | `role="tablist"`, `role="tab"`, `role="tabpanel"`, `aria-selected`, `aria-controls` |
425
- | Tooltip | `role="tooltip"`, triggered by `aria-describedby` |
426
-
427
- ### SC 4.1.3 Status Messages (Level AA — WCAG 2.1)
428
- Status messages can be programmatically determined through role or properties so they can be presented by assistive technologies without receiving focus.
429
-
430
- **ARIA live region patterns:**
431
- - `aria-live="polite"`: non-urgent status messages (form saved, item added to cart)
432
- - `aria-live="assertive"`: urgent messages (error, session expiring soon) — use sparingly
433
- - `role="status"`: polite live region (same as `aria-live="polite"`)
434
- - `role="alert"`: assertive live region (same as `aria-live="assertive"`)
435
- - `role="log"`: chat, activity log — items added in order
436
- - `aria-atomic="true"`: announce entire region content when any change occurs
437
-
438
- **Common failures:**
439
- - Success banner injected into DOM without a live region role — screen readers don't announce it
440
- - Error summary appended to form without focus management or live region
441
- - "Loading…" spinner with no accessible live region update when loading completes
442
-
443
- ---
444
-
445
- ## WCAG 2.2 New Criteria Summary
446
-
447
- WCAG 2.2 (October 2023) added 9 new success criteria and removed SC 4.1.1 Parsing.
448
-
449
- | SC | Name | Level | Change |
450
- |----|------|-------|--------|
451
- | 2.4.11 | Focus Not Obscured (Minimum) | AA | New |
452
- | 2.4.12 | Focus Not Obscured (Enhanced) | AAA | New |
453
- | 2.4.13 | Focus Appearance | AAA | New |
454
- | 2.5.7 | Dragging Movements | AA | New |
455
- | 2.5.8 | Target Size (Minimum) | AA | New |
456
- | 3.2.6 | Consistent Help | A | New |
457
- | 3.3.7 | Redundant Entry | A | New |
458
- | 3.3.8 | Accessible Authentication (Minimum) | AA | New |
459
- | 3.3.9 | Accessible Authentication (Enhanced) | AAA | New |
460
- | 4.1.1 | Parsing | — | Removed |
461
-
462
- ---
463
-
464
- ## Testing Tools Reference
465
-
466
- ### Automated Testing Tools
467
-
468
- | Tool | Type | Catches | Notes |
469
- |------|------|---------|-------|
470
- | axe-core | Browser ext / CI | ~35% of WCAG 2.x | Zero false positives philosophy; use axe DevTools for browser |
471
- | Lighthouse | Browser (Chrome DevTools) | ~20–30% | Good for quick audits; part of PageSpeed Insights |
472
- | WAVE | Browser ext | ~30–35% | Good visual overlay; highlights structural issues |
473
- | IBM Equal Access Checker | Browser ext | ~40% | Strong for ARIA and dynamic content |
474
- | Deque aXe-cli | CLI | ~35% | Good for CI pipelines |
475
- | Pa11y | CLI | ~30% | Uses axe or htmlcs under the hood |
476
- | Colour Contrast Analyser | Desktop | Contrast only | Essential for SC 1.4.3 and 1.4.11 |
477
-
478
- Automated tools combined typically find 30–40% of all WCAG failures. Manual testing is essential.
479
-
480
- ### Manual Testing Checklist
481
-
482
- 1. **Keyboard navigation** — Tab through entire page; verify all interactive elements reachable; verify focus order is logical; verify no traps
483
- 2. **Screen reader** — NVDA+Chrome, JAWS+Chrome, VoiceOver+Safari (macOS), VoiceOver+Safari (iOS), TalkBack+Chrome (Android)
484
- 3. **Colour contrast** — Use Colour Contrast Analyser on all text, UI components, informational graphics
485
- 4. **Zoom/Reflow** — Browser zoom to 200% (SC 1.4.4); set viewport to 320px (SC 1.4.10)
486
- 5. **Text spacing** — Apply text spacing bookmarklet (SC 1.4.12)
487
- 6. **Forms** — Verify all inputs labelled; verify error messages associated; verify autocomplete attributes
488
- 7. **Dynamic content** — Verify live regions announce updates; verify modal focus management
489
- 8. **Images** — Check alt text quality; verify decorative images are hidden from AT
490
- 9. **Videos** — Verify captions; verify audio descriptions
491
- 10. **Touch/pointer** — Verify touch target sizes; verify no drag-only interactions
492
-
493
- ### Screen Reader + Browser Pairings
494
-
495
- | Screen Reader | Best Browser | Usage |
496
- |--------------|-------------|-------|
497
- | JAWS (Windows) | Chrome or Edge | Federal/enterprise standard; most used SR in US |
498
- | NVDA (Windows) | Chrome or Firefox | Free; widely used for testing; good coverage |
499
- | VoiceOver (macOS) | Safari | Required for Mac conformance testing |
500
- | VoiceOver (iOS) | Safari | Mobile web and native iOS |
501
- | TalkBack (Android) | Chrome | Android web and native apps |
502
- | Narrator (Windows) | Edge | Windows built-in; test if targeting Edge users |
503
-
504
- ### Bookmarklets and Extensions
505
-
506
- - **Text Spacing Bookmarklet** (by Steve Faulkner) — applies all SC 1.4.12 spacing properties simultaneously
507
- - **NoCoffee Vision Simulator** — simulates various visual impairments
508
- - **Landmarks browser extension** — shows ARIA landmark structure
509
- - **HeadingsMap** — shows heading hierarchy
510
- - **Accessibility Insights** (Microsoft) — guided manual testing workflows
1
+ # WCAG 2.2 Success Criteria — Detailed Reference
2
+
3
+ This file provides detailed guidance for all WCAG 2.2 Level A and AA success criteria. Read only the sections relevant to the current task.
4
+
5
+ ## Table of Contents
6
+
7
+ - [1.1 Text Alternatives](#11-text-alternatives)
8
+ - [1.2 Time-based Media](#12-time-based-media)
9
+ - [1.3 Adaptable](#13-adaptable)
10
+ - [1.4 Distinguishable](#14-distinguishable)
11
+ - [2.1 Keyboard Accessible](#21-keyboard-accessible)
12
+ - [2.2 Enough Time](#22-enough-time)
13
+ - [2.3 Seizures and Physical Reactions](#23-seizures-and-physical-reactions)
14
+ - [2.4 Navigable](#24-navigable)
15
+ - [2.5 Input Modalities](#25-input-modalities)
16
+ - [3.1 Readable](#31-readable)
17
+ - [3.2 Predictable](#32-predictable)
18
+ - [3.3 Input Assistance](#33-input-assistance)
19
+ - [4.1 Compatible](#41-compatible)
20
+ - [WCAG 2.2 New Criteria Summary](#wcag-22-new-criteria-summary)
21
+ - [Testing Tools Reference](#testing-tools-reference)
22
+
23
+ ---
24
+
25
+ ## 1.1 Text Alternatives
26
+
27
+ ### SC 1.1.1 Non-text Content (Level A)
28
+
29
+ **Requirement:** All non-text content has a text alternative that serves the equivalent purpose.
30
+
31
+ **Sufficient techniques:**
32
+ - `G94`: Providing short text alternative for non-text content that serves the same purpose
33
+ - `H37`: Using `alt` attributes on `<img>` elements
34
+ - `H36`: Using `alt` attributes on images used as submit buttons
35
+ - `ARIA6`: Using `aria-label` to provide labels for objects
36
+ - `H67`: Using null alt text and no title attribute on img for images that AT should ignore
37
+
38
+ **Common failures:**
39
+ - F3: Using CSS background images to convey information with no text equivalent
40
+ - F13: Using text alternatives that do not include information conveyed by color or position in an image
41
+ - F20: Not updating text alternatives when non-text content changes
42
+ - F30: Using text alternatives that are not alternatives (same as filename, placeholder text, etc.)
43
+ - F38: Not marking up decorative images so they can be ignored by AT
44
+ - F65: Omitting the alt attribute or text alternative on img elements, area elements, or input elements of type "image"
45
+
46
+ **Scope:**
47
+ - Informative images → meaningful alt text
48
+ - Decorative images → `alt=""` with no title
49
+ - Functional images (buttons, links) → alt describes function, not appearance
50
+ - Complex images (charts, diagrams) → short alt + long description via `aria-describedby`, `longdesc`, or adjacent text
51
+ - Captchas → provide audio captcha or text alternative explaining what captcha is for
52
+ - Purely decorative text or text part of a logo → may be treated as decorative
53
+
54
+ ---
55
+
56
+ ## 1.2 Time-based Media
57
+
58
+ ### SC 1.2.1 Audio-only and Video-only — Pre-recorded (Level A)
59
+ Provide a text transcript for pre-recorded audio-only. Provide a text alternative or audio track for pre-recorded video-only.
60
+
61
+ ### SC 1.2.2 Captions — Pre-recorded (Level A)
62
+ All pre-recorded audio content in synchronised media has captions. Auto-generated captions alone do not satisfy this unless they are accurate and reviewed.
63
+
64
+ **Key requirements for captions:**
65
+ - Synchronised with the audio
66
+ - Verbatim (or close equivalent for edited captions)
67
+ - Identify speakers
68
+ - Include relevant sound effects [applause], [laughter] when they convey meaning
69
+
70
+ ### SC 1.2.3 Audio Description or Media Alternative — Pre-recorded (Level A)
71
+ An alternative for time-based media or audio description of the prerecorded video content in synchronized media is provided, except where the media is a media alternative for text and is clearly labeled as such.
72
+
73
+ ### SC 1.2.4 Captions — Live (Level AA)
74
+ Captions are provided for all live audio content in synchronised media. Live captions may be provided by CART (Communication Access Realtime Translation) services.
75
+
76
+ ### SC 1.2.5 Audio Description — Pre-recorded (Level AA)
77
+ Audio description is provided for all prerecorded video content in synchronised media. Describes visual information not conveyed in the audio track: actions, scene changes, on-screen text.
78
+
79
+ ---
80
+
81
+ ## 1.3 Adaptable
82
+
83
+ ### SC 1.3.1 Info and Relationships (Level A)
84
+
85
+ **Requirement:** Information, structure, and relationships conveyed through presentation can be programmatically determined or are available in text.
86
+
87
+ **Key patterns:**
88
+ - Use `<h1>`–`<h6>` for headings — not styled `<div>` or `<p>` elements
89
+ - Use `<table>` with `<th scope="col|row">` for data tables; use `<caption>` for table title
90
+ - Use `<label for="id">` to associate form labels, or `aria-labelledby`/`aria-label`
91
+ - Use `<fieldset>` and `<legend>` for groups of related inputs (radio buttons, checkboxes)
92
+ - Use `<ul>`, `<ol>`, `<dl>` for lists; don't fake lists with dashes and line breaks
93
+ - Required fields: mark with `aria-required="true"` or `required`; don't rely on colour alone
94
+
95
+ **Common failures:**
96
+ - F2: Using changes in text presentation to convey information without using the appropriate markup
97
+ - F17: Relying on CSS visual placement to associate labels with form controls
98
+ - F33: Using white space characters to create multiple columns in plain text
99
+ - F34: Using white space characters to format tables in plain text
100
+ - F42: Using scripting events to emulate links without appropriate semantic markup
101
+ - F43: Using structural markup in a way that does not represent relationships in the content
102
+ - F46: Using `summary` attribute on layout table (misrepresents it as data table)
103
+ - F48: Using the `pre` element to markup tabular information
104
+ - F68: Association between a label and control not programmatically determined
105
+ - F87: Inserting spacer images with no alt text into tables used for layout
106
+ - F91: Not marking up table headers correctly
107
+
108
+ ### SC 1.3.2 Meaningful Sequence (Level A)
109
+ The reading sequence can be determined programmatically when the presentation sequence affects meaning. DOM order should match visual reading order; CSS positioning must not reorder meaningful content.
110
+
111
+ ### SC 1.3.3 Sensory Characteristics (Level A)
112
+ Instructions do not rely solely on sensory characteristics such as shape, colour, size, visual location, orientation, or sound. Example failure: "click the round button" or "see the form in the right column."
113
+
114
+ ### SC 1.3.4 Orientation (Level AA — WCAG 2.1)
115
+ Content does not restrict its view and operation to a single display orientation unless essential. Mobile sites should support both portrait and landscape unless orientation is essential (e.g., piano app).
116
+
117
+ ### SC 1.3.5 Identify Input Purpose (Level AA — WCAG 2.1)
118
+ The purpose of each input field collecting information about the user can be programmatically determined using the HTML `autocomplete` attribute with defined token values.
119
+
120
+ **Key autocomplete tokens:**
121
+ - `name`, `given-name`, `family-name`
122
+ - `email`, `tel`
123
+ - `street-address`, `address-line1`, `address-line2`, `postal-code`, `country`
124
+ - `bday`, `sex`
125
+ - `current-password`, `new-password`
126
+ - `cc-name`, `cc-number`, `cc-exp`
127
+
128
+ ---
129
+
130
+ ## 1.4 Distinguishable
131
+
132
+ ### SC 1.4.1 Use of Colour (Level A)
133
+ Colour is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.
134
+
135
+ **Fixes:** Add text labels, icons, patterns, or other non-colour differentiators alongside colour.
136
+
137
+ ### SC 1.4.2 Audio Control (Level A)
138
+ Auto-playing audio longer than 3 seconds can be paused or stopped by the user, or the volume can be adjusted independently from the system volume.
139
+
140
+ ### SC 1.4.3 Contrast — Minimum (Level AA)
141
+ - Normal text (below 18pt or 14pt bold): **4.5:1** minimum contrast ratio
142
+ - Large text (18pt/24px+ regular OR 14pt/18.67px+ bold): **3:1** minimum
143
+ - Logotypes, inactive UI components, decorative text: exempt
144
+
145
+ **Formula:** Contrast ratio = (L1 + 0.05) / (L2 + 0.05) where L1 is the lighter luminance and L2 is the darker relative luminance. Relative luminance uses the sRGB colour model.
146
+
147
+ **Tools:** WebAIM Contrast Checker, Colour Contrast Analyser (desktop app), browser DevTools > Accessibility > Contrast.
148
+
149
+ **Edge cases:**
150
+ - Placeholder text in inputs: often fails — must meet 4.5:1 if it's the only content visible
151
+ - Text in images: must meet contrast requirements
152
+ - Text over gradient/image backgrounds: check at the worst-case overlap area
153
+
154
+ ### SC 1.4.4 Resize Text (Level AA)
155
+ Text can be resized without assistive technology up to 200 percent without loss of content or functionality. Use relative units (`rem`, `em`, `%`) rather than `px` for font sizes and container heights. Test at 200% browser zoom with no horizontal scrollbar for single-column content.
156
+
157
+ ### SC 1.4.5 Images of Text (Level AA)
158
+ Text is used to convey information rather than images of text, except for logotypes or where the image of text is essential to the information conveyed.
159
+
160
+ ### SC 1.4.10 Reflow (Level AA — WCAG 2.1)
161
+ Content can be presented without loss of information or functionality, and without requiring scrolling in two dimensions for:
162
+ - Vertical-scrolling content at a width equivalent to 320 CSS pixels
163
+ - Horizontal-scrolling content at a height equivalent to 256 CSS pixels
164
+
165
+ **Exception:** Content that requires two-dimensional layout for its usage or meaning (data tables, maps, diagrams, videos, games).
166
+
167
+ **Test method:** Set browser viewport to 320px width (or zoom to 400% on 1280px display) and verify no horizontal scrollbar appears.
168
+
169
+ ### SC 1.4.11 Non-text Contrast (Level AA — WCAG 2.1)
170
+ UI components (form fields, buttons, focus indicators) and informational graphics have a contrast ratio of at least **3:1** against adjacent colours.
171
+
172
+ **Scope:**
173
+ - Input borders against background
174
+ - Checkbox/radio outlines
175
+ - Focus indicators (custom)
176
+ - Chart lines, graph bars, data points
177
+ - Icons that convey meaning (not decorative)
178
+
179
+ **Exempt:** Inactive/disabled components; logotypes; purely decorative graphics.
180
+
181
+ ### SC 1.4.12 Text Spacing (Level AA — WCAG 2.1)
182
+ No loss of content or functionality when all the following text spacing properties are overridden simultaneously:
183
+ - Line height ≥ 1.5 × font size
184
+ - Letter spacing ≥ 0.12 × font size
185
+ - Word spacing ≥ 0.16 × font size
186
+ - Spacing following paragraphs ≥ 2 × font size
187
+
188
+ **Test:** Use the Text Spacing bookmarklet to apply all four properties at once and check for clipped/overlapping text.
189
+
190
+ ### SC 1.4.13 Content on Hover or Focus (Level AA — WCAG 2.1)
191
+ Additional content that appears on hover or keyboard focus must be:
192
+ 1. **Dismissable** — user can dismiss it without moving the pointer or focus (typically via Escape)
193
+ 2. **Hoverable** — if the trigger is hover, the pointer can move over the additional content without it disappearing
194
+ 3. **Persistent** — the content stays visible until the user dismisses it, moves focus/pointer away, or the information is no longer valid
195
+
196
+ **Common failures:** Tooltips that disappear when pointer moves toward them; tooltips with no way to dismiss.
197
+
198
+ ---
199
+
200
+ ## 2.1 Keyboard Accessible
201
+
202
+ ### SC 2.1.1 Keyboard (Level A)
203
+ All functionality is available via keyboard without requiring specific timings for individual keystrokes.
204
+
205
+ **Required keyboard patterns (ARIA Authoring Practices Guide):**
206
+ - Dropdown menus: Arrow keys to navigate, Enter/Space to activate, Escape to close
207
+ - Dialogs/modals: Tab within modal, Escape to close, focus returns to trigger on close
208
+ - Tabs: Arrow keys between tabs, Tab into tabpanel content
209
+ - Sliders: Arrow keys to change value, Home/End for min/max
210
+ - Date pickers: Arrow keys for day navigation, Page Up/Down for month/year
211
+ - Tree views: Arrow keys, Enter to activate
212
+ - Autocomplete: Arrow keys, Enter to select, Escape to close
213
+
214
+ **Common failures:** Mouse-only `onclick`, `onmouseover` handlers on non-focusable elements; drag-and-drop without keyboard alternative; inaccessible custom widgets.
215
+
216
+ ### SC 2.1.2 No Keyboard Trap (Level A)
217
+ Keyboard focus can be moved from any component using standard keys (Tab, Shift+Tab, arrow keys). If non-standard keys are needed, the user is informed.
218
+
219
+ **Modal dialogs:** Focus may be intentionally constrained to the modal, but there must be a way to close and return focus to the trigger.
220
+
221
+ ### SC 2.1.4 Character Key Shortcuts (Level A — WCAG 2.1)
222
+ If single-character key shortcuts are implemented, at least one of: the shortcut can be turned off, remapped, or only active on focus.
223
+
224
+ ---
225
+
226
+ ## 2.2 Enough Time
227
+
228
+ ### SC 2.2.1 Timing Adjustable (Level A)
229
+ For time limits set by the content: the user can turn off, adjust, or extend the limit. Exception: real-time events (auctions), essential time limits, >20 hours.
230
+
231
+ **Best practice:** Warn users 20 seconds before session timeout with an option to extend.
232
+
233
+ ### SC 2.2.2 Pause, Stop, Hide (Level A)
234
+ For moving, blinking, scrolling, or auto-updating information that starts automatically and lasts more than 5 seconds: provide controls to pause, stop, or hide it. Exception: essential movement.
235
+
236
+ ---
237
+
238
+ ## 2.3 Seizures and Physical Reactions
239
+
240
+ ### SC 2.3.1 Three Flashes or Below (Level A)
241
+ No content flashes more than three times per second OR the flash is below the general flash and red flash thresholds. Applies to video, animations, GIFs, and scripted effects.
242
+
243
+ ---
244
+
245
+ ## 2.4 Navigable
246
+
247
+ ### SC 2.4.1 Bypass Blocks (Level A)
248
+ A mechanism to skip blocks of content repeated on multiple pages. Typically implemented as a skip link ("Skip to main content") or via ARIA landmark regions (`main`, `nav`, `header`, `footer`, `aside`).
249
+
250
+ **Best practice:** Provide both a visible skip link and proper landmark structure. Skip link should be the first focusable element and should become visible on focus.
251
+
252
+ ### SC 2.4.2 Page Titled (Level A)
253
+ Web pages have titles that describe topic or purpose. Titles should be unique across the site and follow the pattern "Page-specific title — Site name."
254
+
255
+ ### SC 2.4.3 Focus Order (Level A)
256
+ Focusable components receive focus in an order that preserves meaning and operability. DOM order should match visual reading order; avoid `tabindex` values greater than 0 which disrupt natural tab order.
257
+
258
+ ### SC 2.4.4 Link Purpose — In Context (Level A)
259
+ The purpose of each link can be determined from the link text alone, or from the link text plus its programmatic context (enclosing sentence, list item, table cell, or associated header).
260
+
261
+ **Failures:** "Click here", "Read more", "Learn more" with no accessible context.
262
+
263
+ **Fix:** Use descriptive link text ("Read our WCAG 2.2 guide") or supplement with `aria-label` or `aria-describedby`.
264
+
265
+ ### SC 2.4.5 Multiple Ways (Level AA)
266
+ More than one way to locate a page within a set of pages. At least two of: site navigation, site search, site map, table of contents, list of related pages. Exception: pages that are the result of a process (checkout confirmation).
267
+
268
+ ### SC 2.4.6 Headings and Labels (Level AA)
269
+ Headings and labels describe the topic or purpose of the content they apply to. Headings must be meaningful — not "Section 1" or "Content."
270
+
271
+ ### SC 2.4.7 Focus Visible (Level AA)
272
+ Any keyboard operable interface has a mode of operation where the keyboard focus indicator is visible. Do not use `outline: none` without a replacement focus style.
273
+
274
+ **Best practice:** Use `focus-visible` CSS pseudo-class to show focus only for keyboard users (not mouse clicks).
275
+
276
+ ### SC 2.4.11 Focus Not Obscured — Minimum (Level AA — WCAG 2.2)
277
+ When a UI component receives keyboard focus, it is not entirely hidden due to author-created content (sticky headers, banners, cookie notices, chat bubbles). The component may be partially obscured; it just must not be completely hidden.
278
+
279
+ **Fix:** Ensure `scroll-margin-top` or equivalent compensates for sticky header height; or use `position: sticky` with sufficient top offset.
280
+
281
+ ### SC 2.4.12 Focus Not Obscured — Enhanced (Level AAA — WCAG 2.2)
282
+ The focused component is not hidden by any author-created content. The entire component is fully visible when focused.
283
+
284
+ ### SC 2.4.13 Focus Appearance (Level AAA — WCAG 2.2)
285
+ The focus indicator area: (a) encloses the UI component or its text; (b) has a contrast ratio of at least 3:1 between focused and unfocused states; (c) has a contrast ratio of at least 3:1 against adjacent colours; and (d) is not entirely obscured.
286
+
287
+ ---
288
+
289
+ ## 2.5 Input Modalities
290
+
291
+ ### SC 2.5.1 Pointer Gestures (Level A — WCAG 2.1)
292
+ All functionality using multipoint (pinch/zoom) or path-based gestures (swipe) has a single-pointer alternative that doesn't require a specific path.
293
+
294
+ ### SC 2.5.2 Pointer Cancellation (Level A — WCAG 2.1)
295
+ For functionality activated with a single pointer: at least one of: no down-event activation; up-event can abort/undo; up-event reverses down-event; down-event essential.
296
+
297
+ **Failure:** Click action fires on `mousedown` rather than `mouseup`, preventing users from cancelling by moving the pointer away.
298
+
299
+ ### SC 2.5.3 Label in Name (Level A — WCAG 2.1)
300
+ For UI components with visible text labels, the accessible name (computed name from `aria-label`, `aria-labelledby`, or native label) contains the visible label text.
301
+
302
+ **Failure:** Button visually labelled "Submit form" but `aria-label="Send"` — voice control users saying "click Submit form" will not activate it.
303
+
304
+ ### SC 2.5.4 Motion Actuation (Level A — WCAG 2.1)
305
+ Functionality triggered by device motion (shaking, tilting) can also be operated via UI components and motion response can be disabled (except where motion is essential).
306
+
307
+ ### SC 2.5.7 Dragging Movements (Level AA — WCAG 2.2)
308
+ All functionality that uses a dragging movement for operation can also be achieved with a single pointer without dragging.
309
+
310
+ **Examples:** Sortable list with drag handles — must have up/down buttons; range slider with drag — must have text input or increment buttons; kanban card drag-and-drop — must have a keyboard-accessible alternative.
311
+
312
+ ### SC 2.5.8 Target Size — Minimum (Level AA — WCAG 2.2)
313
+ The size of the target for pointer inputs is at least 24 by 24 CSS pixels, except where:
314
+ - **Spacing:** Undersized targets are offset from other targets by at least 24px in all directions
315
+ - **Equivalent:** The function can be achieved through an equivalent control that meets the criterion
316
+ - **Inline:** Target is in a sentence or its size is constrained by the line-height of non-target text
317
+ - **User agent:** The target size is determined by the user agent and not modified by the author
318
+ - **Essential:** A particular presentation is essential to the information conveyed
319
+
320
+ **Recommendation:** Aim for at least 44×44 CSS pixels for all touch targets (iOS/Android HIG recommendation).
321
+
322
+ ---
323
+
324
+ ## 3.1 Readable
325
+
326
+ ### SC 3.1.1 Language of Page (Level A)
327
+ The default human language of each web page can be programmatically determined. Set `lang` attribute on `<html>` element (e.g., `<html lang="en">`). Use valid BCP 47 language tags.
328
+
329
+ ### SC 3.1.2 Language of Parts (Level AA)
330
+ Human language of each passage or phrase in the content can be programmatically determined except for proper names, technical terms, indeterminate language, and words that have become part of the vernacular.
331
+
332
+ **Fix:** `<span lang="fr">Bonjour</span>` for inline foreign language content.
333
+
334
+ ---
335
+
336
+ ## 3.2 Predictable
337
+
338
+ ### SC 3.2.1 On Focus (Level A)
339
+ When a UI component receives focus, it does not initiate a change of context (new window, form submission, significant page change).
340
+
341
+ ### SC 3.2.2 On Input (Level A)
342
+ Changing the setting of a UI component does not automatically cause a change of context unless the user has been advised before using the component.
343
+
344
+ **Failure:** Selecting a radio button or option in a select element immediately navigates to a new page without a submit button.
345
+
346
+ ### SC 3.2.3 Consistent Navigation (Level AA)
347
+ Navigational mechanisms that are repeated on multiple pages appear in the same relative order each time they are repeated, unless a change is initiated by the user.
348
+
349
+ ### SC 3.2.4 Consistent Identification (Level AA)
350
+ Components that have the same functionality within a set of web pages are identified consistently.
351
+
352
+ **Failure:** Search feature labelled "Search" on most pages but "Find" on others; or "Go" instead of "Submit" for the same form action.
353
+
354
+ ### SC 3.2.6 Consistent Help (Level A — WCAG 2.2)
355
+ If a web page provides help mechanisms (contact details, human contact, self-help option, automated contact mechanism), those mechanisms appear in the same location relative to other page content across a set of web pages, unless a change is initiated by the user.
356
+
357
+ ---
358
+
359
+ ## 3.3 Input Assistance
360
+
361
+ ### SC 3.3.1 Error Identification (Level A)
362
+ If an input error is automatically detected, the item in error is identified and the error is described to the user in text.
363
+
364
+ **Requirements:**
365
+ - Error messages must be in text (not just colour or icon)
366
+ - Must identify which field is in error
367
+ - Must describe the error
368
+ - Must be programmatically associated with the field (`aria-describedby` or adjacent text)
369
+
370
+ ### SC 3.3.2 Labels or Instructions (Level A)
371
+ Labels or instructions are provided when content requires user input. Format hints (e.g., "MM/DD/YYYY") must be provided before or within the form field.
372
+
373
+ ### SC 3.3.3 Error Suggestion (Level AA)
374
+ If an input error is automatically detected and suggestions for correction are known, then the suggestion is provided to the user.
375
+
376
+ **Not sufficient:** "Invalid input" — the error must explain what is wrong.
377
+
378
+ **Sufficient:** "Please enter a date in MM/DD/YYYY format" or "Password must be at least 8 characters and include a number."
379
+
380
+ ### SC 3.3.4 Error Prevention — Legal, Financial, Data (Level AA)
381
+ For pages that cause legal commitments, financial transactions, modify/delete user-controlled data, or submit test responses, at least one of:
382
+ 1. **Reversible** — submission is reversible
383
+ 2. **Checked** — data entered is checked for errors and user is given opportunity to correct them
384
+ 3. **Confirmed** — mechanism is available for reviewing, confirming, and correcting information before finalising
385
+
386
+ ### SC 3.3.7 Redundant Entry (Level A — WCAG 2.2)
387
+ Information previously entered by or provided to the user that is required again in the same process is either auto-populated or available for the user to select.
388
+
389
+ **Exception:** Re-entering information essential for security reasons (e.g., password confirmation) or when the previously entered information is no longer valid.
390
+
391
+ ### SC 3.3.8 Accessible Authentication — Minimum (Level AA — WCAG 2.2)
392
+ A cognitive function test (remember a password, solve a puzzle, recognise objects) is not required for any step in an authentication process unless the step provides an alternative that does not rely on cognitive function test, a mechanism to assist the user in completing the cognitive function test, or the cognitive function test is to recognise objects.
393
+
394
+ **Common failure:** CAPTCHA with no accessible alternative (audio CAPTCHA, support contact option, or single-use login link).
395
+
396
+ **Passes:** Email magic link (no cognitive test); passkey/biometric authentication; CAPTCHA with audio alternative and support option.
397
+
398
+ ---
399
+
400
+ ## 4.1 Compatible
401
+
402
+ ### SC 4.1.1 Parsing (Level A — Removed in WCAG 2.2)
403
+ In WCAG 2.0 and 2.1, required valid markup (no duplicate IDs, complete start/end tags, proper nesting). Removed from WCAG 2.2 because modern browsers handle parsing errors gracefully. Still relevant for WCAG 2.0/2.1 conformance claims and Section 508 compliance.
404
+
405
+ **Remaining concern:** Duplicate IDs still cause failures for `aria-labelledby` and `aria-describedby` associations.
406
+
407
+ ### SC 4.1.2 Name, Role, Value (Level A)
408
+ For all UI components, the name and role can be programmatically determined; states, properties, and values that can be set by the user can be programmatically determined; and notification of changes to these items is available to user agents, including assistive technologies.
409
+
410
+ **Key ARIA patterns:**
411
+
412
+ | Widget | Required ARIA |
413
+ |--------|--------------|
414
+ | Accordion | `role="button"`, `aria-expanded`, `aria-controls` |
415
+ | Alert | `role="alert"` or `aria-live="assertive"` |
416
+ | Autocomplete | `role="combobox"`, `aria-expanded`, `aria-autocomplete`, `aria-activedescendant` |
417
+ | Button (toggle) | `role="button"`, `aria-pressed` |
418
+ | Checkbox (custom) | `role="checkbox"`, `aria-checked` |
419
+ | Dialog | `role="dialog"`, `aria-modal`, `aria-labelledby` |
420
+ | Menu | `role="menu"`, `role="menuitem"`, `aria-haspopup`, `aria-expanded` |
421
+ | Progressbar | `role="progressbar"`, `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
422
+ | Radio (custom) | `role="radio"`, `aria-checked`, within `role="radiogroup"` |
423
+ | Slider | `role="slider"`, `aria-valuenow`, `aria-valuemin`, `aria-valuemax` |
424
+ | Tab/Tabpanel | `role="tablist"`, `role="tab"`, `role="tabpanel"`, `aria-selected`, `aria-controls` |
425
+ | Tooltip | `role="tooltip"`, triggered by `aria-describedby` |
426
+
427
+ ### SC 4.1.3 Status Messages (Level AA — WCAG 2.1)
428
+ Status messages can be programmatically determined through role or properties so they can be presented by assistive technologies without receiving focus.
429
+
430
+ **ARIA live region patterns:**
431
+ - `aria-live="polite"`: non-urgent status messages (form saved, item added to cart)
432
+ - `aria-live="assertive"`: urgent messages (error, session expiring soon) — use sparingly
433
+ - `role="status"`: polite live region (same as `aria-live="polite"`)
434
+ - `role="alert"`: assertive live region (same as `aria-live="assertive"`)
435
+ - `role="log"`: chat, activity log — items added in order
436
+ - `aria-atomic="true"`: announce entire region content when any change occurs
437
+
438
+ **Common failures:**
439
+ - Success banner injected into DOM without a live region role — screen readers don't announce it
440
+ - Error summary appended to form without focus management or live region
441
+ - "Loading…" spinner with no accessible live region update when loading completes
442
+
443
+ ---
444
+
445
+ ## WCAG 2.2 New Criteria Summary
446
+
447
+ WCAG 2.2 (October 2023) added 9 new success criteria and removed SC 4.1.1 Parsing.
448
+
449
+ | SC | Name | Level | Change |
450
+ |----|------|-------|--------|
451
+ | 2.4.11 | Focus Not Obscured (Minimum) | AA | New |
452
+ | 2.4.12 | Focus Not Obscured (Enhanced) | AAA | New |
453
+ | 2.4.13 | Focus Appearance | AAA | New |
454
+ | 2.5.7 | Dragging Movements | AA | New |
455
+ | 2.5.8 | Target Size (Minimum) | AA | New |
456
+ | 3.2.6 | Consistent Help | A | New |
457
+ | 3.3.7 | Redundant Entry | A | New |
458
+ | 3.3.8 | Accessible Authentication (Minimum) | AA | New |
459
+ | 3.3.9 | Accessible Authentication (Enhanced) | AAA | New |
460
+ | 4.1.1 | Parsing | — | Removed |
461
+
462
+ ---
463
+
464
+ ## Testing Tools Reference
465
+
466
+ ### Automated Testing Tools
467
+
468
+ | Tool | Type | Catches | Notes |
469
+ |------|------|---------|-------|
470
+ | axe-core | Browser ext / CI | ~35% of WCAG 2.x | Zero false positives philosophy; use axe DevTools for browser |
471
+ | Lighthouse | Browser (Chrome DevTools) | ~20–30% | Good for quick audits; part of PageSpeed Insights |
472
+ | WAVE | Browser ext | ~30–35% | Good visual overlay; highlights structural issues |
473
+ | IBM Equal Access Checker | Browser ext | ~40% | Strong for ARIA and dynamic content |
474
+ | Deque aXe-cli | CLI | ~35% | Good for CI pipelines |
475
+ | Pa11y | CLI | ~30% | Uses axe or htmlcs under the hood |
476
+ | Colour Contrast Analyser | Desktop | Contrast only | Essential for SC 1.4.3 and 1.4.11 |
477
+
478
+ Automated tools combined typically find 30–40% of all WCAG failures. Manual testing is essential.
479
+
480
+ ### Manual Testing Checklist
481
+
482
+ 1. **Keyboard navigation** — Tab through entire page; verify all interactive elements reachable; verify focus order is logical; verify no traps
483
+ 2. **Screen reader** — NVDA+Chrome, JAWS+Chrome, VoiceOver+Safari (macOS), VoiceOver+Safari (iOS), TalkBack+Chrome (Android)
484
+ 3. **Colour contrast** — Use Colour Contrast Analyser on all text, UI components, informational graphics
485
+ 4. **Zoom/Reflow** — Browser zoom to 200% (SC 1.4.4); set viewport to 320px (SC 1.4.10)
486
+ 5. **Text spacing** — Apply text spacing bookmarklet (SC 1.4.12)
487
+ 6. **Forms** — Verify all inputs labelled; verify error messages associated; verify autocomplete attributes
488
+ 7. **Dynamic content** — Verify live regions announce updates; verify modal focus management
489
+ 8. **Images** — Check alt text quality; verify decorative images are hidden from AT
490
+ 9. **Videos** — Verify captions; verify audio descriptions
491
+ 10. **Touch/pointer** — Verify touch target sizes; verify no drag-only interactions
492
+
493
+ ### Screen Reader + Browser Pairings
494
+
495
+ | Screen Reader | Best Browser | Usage |
496
+ |--------------|-------------|-------|
497
+ | JAWS (Windows) | Chrome or Edge | Federal/enterprise standard; most used SR in US |
498
+ | NVDA (Windows) | Chrome or Firefox | Free; widely used for testing; good coverage |
499
+ | VoiceOver (macOS) | Safari | Required for Mac conformance testing |
500
+ | VoiceOver (iOS) | Safari | Mobile web and native iOS |
501
+ | TalkBack (Android) | Chrome | Android web and native apps |
502
+ | Narrator (Windows) | Edge | Windows built-in; test if targeting Edge users |
503
+
504
+ ### Bookmarklets and Extensions
505
+
506
+ - **Text Spacing Bookmarklet** (by Steve Faulkner) — applies all SC 1.4.12 spacing properties simultaneously
507
+ - **NoCoffee Vision Simulator** — simulates various visual impairments
508
+ - **Landmarks browser extension** — shows ARIA landmark structure
509
+ - **HeadingsMap** — shows heading hierarchy
510
+ - **Accessibility Insights** (Microsoft) — guided manual testing workflows