bmad-plus 0.9.0 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (192) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/LICENSE +21 -21
  3. package/README.md +106 -86
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  21. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  22. package/package.json +30 -3
  23. package/readme-international/README.de.md +8 -3
  24. package/readme-international/README.es.md +8 -3
  25. package/readme-international/README.fr.md +8 -3
  26. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  27. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  28. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  29. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  30. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  31. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  32. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  33. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  34. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  35. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  36. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  37. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  38. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  39. package/src/bmad-plus/module-help.csv +10 -10
  40. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  41. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  42. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  43. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  44. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  45. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  46. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  47. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  48. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  49. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  50. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  51. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -13
  52. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  53. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -82
  54. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
  55. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
  56. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
  57. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
  58. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
  59. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
  60. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
  61. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
  62. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
  63. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
  64. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
  65. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
  66. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  67. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  68. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  69. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  70. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  71. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
  72. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
  73. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
  74. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
  75. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
  76. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
  77. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
  78. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
  79. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
  80. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
  81. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  82. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  83. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  84. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  85. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  86. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  87. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  88. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  89. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  90. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  91. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  92. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  93. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  94. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  95. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  96. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  97. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  98. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  99. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  100. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  101. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  102. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  103. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  104. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  105. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  106. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  107. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  108. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  109. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  110. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  111. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  112. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  113. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  114. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  115. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  116. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  117. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  118. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  119. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  120. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  121. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  122. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  123. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  124. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  125. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  126. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  127. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  128. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  129. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  130. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  131. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  132. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  133. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  134. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  135. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  136. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  137. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  138. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  139. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  140. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  141. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  142. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  143. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  144. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  145. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  146. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  147. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  148. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  149. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  150. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  151. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  152. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  153. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  154. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  155. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  156. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  157. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  158. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  159. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  160. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  161. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  162. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  163. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  164. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  165. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  166. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  167. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  168. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  169. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  170. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  171. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  172. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  173. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  174. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  175. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  176. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  177. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  178. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  179. package/tools/cli/bmad-plus-cli.js +5 -3
  180. package/tools/cli/commands/autoconfig.js +23 -59
  181. package/tools/cli/commands/doctor.js +14 -0
  182. package/tools/cli/commands/install.js +29 -128
  183. package/tools/cli/commands/memory.js +1 -0
  184. package/tools/cli/commands/scan.js +44 -42
  185. package/tools/cli/commands/uninstall.js +10 -5
  186. package/tools/cli/commands/update.js +21 -3
  187. package/tools/cli/lib/ide-config.js +259 -0
  188. package/tools/cli/lib/memory-init.js +0 -1
  189. package/tools/cli/lib/pack-copy.js +84 -84
  190. package/tools/cli/lib/packs.js +16 -8
  191. package/tools/cli/lib/stack-detect.js +102 -0
  192. package/tools/cli/lib/validate.js +50 -0
@@ -1,160 +1,160 @@
1
- # Section 508 / WCAG 2.0 AA — Detailed Reference
2
-
3
- ## Section 508 Provision Map
4
-
5
- | 508 Provision | Scope | WCAG Equivalent |
6
- |---------------|-------|-----------------|
7
- | E205.2 | Web content | WCAG 2.0 Level A and AA |
8
- | E205.3 | Electronic documents | WCAG 2.0 Level A and AA (as applicable) |
9
- | E205.4 | Software (user interface) | WCAG 2.0 Level A and AA |
10
- | E204 | Authoring tools | WCAG 2.0 Level A and AA |
11
- | Chapter 3 | Functional Performance Criteria | Without visual, colour, hearing, speech, fine motor, cognitive limitations |
12
- | Chapter 4 | Hardware | Physical ICT accessible controls, display, clearance |
13
- | Chapter 6 | Support docs and services | Documentation and help in accessible formats |
14
-
15
- ---
16
-
17
- ## WCAG 2.0 Level A Success Criteria — Common Failures
18
-
19
- ### 1.1.1 Non-text Content
20
- - **Failure:** `<img>` missing `alt` attribute, or `alt=""` on informative image
21
- - **Failure:** Icon buttons with no accessible name (`aria-label` or `aria-labelledby`)
22
- - **Failure:** Charts and graphs with no text alternative describing data
23
- - **Testing:** Automated (axe, WAVE) + manual screen reader review
24
- - **Fix:** Add meaningful `alt` text; use `alt=""` only for decorative images; use `aria-label` on icon-only buttons
25
-
26
- ### 1.3.1 Info and Relationships
27
- - **Failure:** Visual headings not marked up with `<h1>`–`<h6>` (styled `<div>` or `<span>` used instead)
28
- - **Failure:** Data tables with no `<th>` or `scope` attributes
29
- - **Failure:** Form fields with visual label not programmatically associated (missing `<label for="">` or `aria-labelledby`)
30
- - **Failure:** Required fields indicated only by colour or asterisk with no screen-reader-accessible text
31
- - **Testing:** DOM inspection, NVDA/JAWS, automated (partial)
32
- - **Fix:** Semantic HTML first; `aria-*` attributes only when semantic HTML insufficient
33
-
34
- ### 2.1.1 Keyboard
35
- - **Failure:** Custom dropdowns, date pickers, modal dialogs not operable by keyboard
36
- - **Failure:** Mouse-only event handlers (`onclick` on non-interactive elements, `mouseover` without `focus` equivalent)
37
- - **Failure:** Drag-and-drop with no keyboard alternative
38
- - **Failure:** Keyboard trap in modal — Tab cycles only within modal but no way to close it
39
- - **Testing:** Tab through entire page; activate all controls; open/close modals
40
- - **Fix:** Use native HTML controls where possible; for custom widgets, implement ARIA keyboard patterns (ARIA Authoring Practices Guide)
41
-
42
- ### 1.4.1 Use of Colour
43
- - **Failure:** Form validation errors shown only by red border with no text or icon
44
- - **Failure:** Required field indicator is colour-only (red asterisk with no "required" text)
45
- - **Failure:** Link text colour is the only differentiator from surrounding body text (no underline or other visual cue)
46
-
47
- ### 4.1.2 Name, Role, Value
48
- - **Failure:** Custom checkboxes/radio buttons styled with CSS, no ARIA role or checked state
49
- - **Failure:** Tab panels with no `role="tab"`, `role="tablist"`, `aria-selected`
50
- - **Failure:** Toggle buttons with no `aria-pressed` attribute
51
- - **Failure:** Expanded/collapsed accordions with no `aria-expanded`
52
- - **Testing:** Inspect ARIA properties in browser accessibility tree; test with NVDA/JAWS
53
- - **Fix:** Follow WAI-ARIA Authoring Practices Guide patterns for each widget type
54
-
55
- ---
56
-
57
- ## WCAG 2.0 Level AA Success Criteria — Common Failures
58
-
59
- ### 1.4.3 Contrast (Minimum)
60
- - Normal text (< 18pt or < 14pt bold): **4.5:1** minimum contrast ratio against background
61
- - Large text (≥ 18pt or ≥ 14pt bold): **3:1** minimum
62
- - **Failure:** Light grey text on white background (e.g., #767676 on #FFFFFF = 4.48:1 — fails AA)
63
- - **Failure:** Placeholder text in input fields (often fails; placeholder is not a label substitute)
64
- - **Exception:** Text in logos, inactive UI components, decorative text
65
- - **Tool:** WebAIM Contrast Checker, Colour Contrast Analyser (desktop app), browser DevTools
66
-
67
- ### 1.4.4 Resize Text
68
- - **Failure:** Text rendered in `px` units inside CSS `@media` queries that prevent browser zoom from scaling text
69
- - **Failure:** Fixed-height containers that clip text when zoomed to 200%
70
- - **Fix:** Use relative units (`rem`, `em`) for font sizes and container heights; test at 200% browser zoom
71
-
72
- ### 2.4.5 Multiple Ways
73
- - **Requirement:** Provide at least two ways to find content: search + navigation, OR sitemap + navigation
74
- - **Exception:** Pages that are the result of a process (e.g., checkout confirmation page) are excluded
75
-
76
- ### 2.4.7 Focus Visible
77
- - **Failure:** CSS `outline: none` or `outline: 0` removing the default focus ring with no replacement
78
- - **Failure:** Focus ring present but invisible against background colour
79
- - **Fix:** Never remove focus styling without replacing it; use `focus-visible` CSS pseudo-class
80
-
81
- ### 3.3.3 Error Suggestion
82
- - **Failure:** Form validation says "invalid input" without specifying what is wrong or how to fix it
83
- - **Fix:** "Please enter a date in MM/DD/YYYY format" — specific, actionable suggestion
84
-
85
- ### 3.3.4 Error Prevention
86
- - **Requirement:** For legal, financial, or data deletion transactions: provide a review-and-confirm step, OR allow the submission to be reversed/cancelled
87
-
88
- ---
89
-
90
- ## Functional Performance Criteria (Chapter 3) — Section 508
91
-
92
- | Criterion | Requirement |
93
- |-----------|-------------|
94
- | 302.1 Without Vision | At least one mode operable without vision (screen reader support) |
95
- | 302.2 With Limited Vision | At least one mode with features that accommodate limited vision (zoom, high contrast) |
96
- | 302.3 Without Perception of Colour | Colour not the only means to convey information |
97
- | 302.4 Without Hearing | At least one mode operable without hearing (captions, transcripts, visual alerts) |
98
- | 302.5 With Limited Hearing | At least one mode with features for limited hearing (volume control, captioning) |
99
- | 302.6 Without Speech | At least one mode operable without speech |
100
- | 302.7 With Limited Manipulation | At least one mode operable without fine motor control (no simultaneous key presses, no timed actions) |
101
- | 302.8 With Limited Reach and Strength | At least one mode for limited reach (reachable controls) |
102
- | 302.9 With Limited Language, Cognitive, and Learning | At least one mode that accommodates limited cognitive ability |
103
-
104
- ---
105
-
106
- ## Assistive Technology Testing Matrix
107
-
108
- | AT + Browser | Primary Use Case | Notes |
109
- |--------------|-----------------|-------|
110
- | JAWS + Chrome | Federal agency standard; most common screen reader in US gov | Test all interactive widgets, form flows, dynamic content (ARIA live regions) |
111
- | NVDA + Chrome or Firefox | Open-source; widely used for testing; required for VPAT testing | Free; good for broad coverage |
112
- | VoiceOver + Safari (macOS) | Mac users; required if product targets Mac/iOS | Keyboard shortcut: Cmd+F5 |
113
- | VoiceOver + Safari (iOS) | Mobile web and native iOS apps | Swipe navigation; activate with triple-click Home/Side button |
114
- | TalkBack + Chrome (Android) | Android web and native apps | Swipe navigation; activate in Accessibility settings |
115
- | Dragon NaturallySpeaking | Voice control users | Test all link text and button labels are speakable |
116
- | Keyboard only | Most impactful test; catches most 2.1.x failures | Tab, Shift-Tab, Enter, Space, Arrow keys |
117
- | High Contrast Mode (Windows) | OS-level contrast override | Ensure no information lost; images must not disappear |
118
- | Browser Zoom 200% | SC 1.4.4 | Check for horizontal scroll, content overlap, clipped text |
119
- | ZoomText / Magnifier | Low-vision users | Test with 4x magnification |
120
-
121
- ---
122
-
123
- ## PDF Accessibility Checklist
124
-
125
- | Requirement | How to Verify | Tool |
126
- |-------------|---------------|------|
127
- | Document is tagged | File → Properties → Description tab: "Tagged PDF: Yes" | Acrobat Pro |
128
- | Tag tree structure correct | Accessibility → Reading Order; Tags panel | Acrobat Pro |
129
- | Reading order = visual order | View → Read Out Loud; or Articles panel | Acrobat Pro |
130
- | Images have Alt text | Right-click image tag → Properties → Alternate Text | Acrobat Pro |
131
- | Form fields have Tooltip/name | Open Form Editor; check Tooltip field for each control | Acrobat Pro |
132
- | Table tags with TH/Scope | Tags panel; Table Inspector | Acrobat Pro |
133
- | Document language set | File → Properties → Advanced → Reading Options | Acrobat Pro |
134
- | Document title set | File → Properties → Description → Title | Acrobat Pro |
135
- | No flicker/motion (if any) | Review any embedded multimedia | Manual |
136
- | Passes automated check | Accessibility → Full Check → Run | Acrobat Pro |
137
-
138
- ---
139
-
140
- ## Common Procurement Deficiencies in VPATs
141
-
142
- 1. **Outdated template** — using VPAT 1.x instead of VPAT 2.x (WCAG Edition). Reject and require resubmission.
143
- 2. **"Supports" without evidence** — vendor claims support with no remarks. Require explanation for each "Supports" claim.
144
- 3. **"Not Applicable" overuse** — vendor marks criteria N/A without justification. Challenge: almost no product has 100% N/A for interactive criteria.
145
- 4. **Missing functional performance criteria** — vendors skip Chapter 3 entirely. Required for all ICT.
146
- 5. **No testing methodology disclosed** — VPAT must state how testing was conducted (automated tools, AT + browser combinations, dates).
147
- 6. **Version mismatch** — VPAT covers version 1.0 but agency is procuring version 2.0. Require VPAT for the exact version being procured.
148
-
149
- ---
150
-
151
- ## Key Legal References
152
-
153
- - **29 U.S.C. § 794d** — Section 508 statutory text
154
- - **36 CFR Part 1194** — Access Board's Revised Section 508 Standards (effective 18 January 2018)
155
- - **FAR Subpart 39.2** — Federal Acquisition Regulation provisions on Section 508
156
- - **FAR clause 52.239-2** — Section 508 contract clause (mandatory for ICT procurement)
157
- - **OMB Memorandum M-24-08** — "Strengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act" (January 2024)
158
- - **Section508.gov** — GSA's official guidance, VPAT templates, testing resources
159
- - **WCAG 2.0** — W3C Recommendation (11 December 2008) — the incorporated technical standard
160
- - **WCAG 2.1** — W3C Recommendation (5 June 2018) — supersedes 2.0; additional mobile/cognitive criteria (not yet mandated by 508 but recommended)
1
+ # Section 508 / WCAG 2.0 AA — Detailed Reference
2
+
3
+ ## Section 508 Provision Map
4
+
5
+ | 508 Provision | Scope | WCAG Equivalent |
6
+ |---------------|-------|-----------------|
7
+ | E205.2 | Web content | WCAG 2.0 Level A and AA |
8
+ | E205.3 | Electronic documents | WCAG 2.0 Level A and AA (as applicable) |
9
+ | E205.4 | Software (user interface) | WCAG 2.0 Level A and AA |
10
+ | E204 | Authoring tools | WCAG 2.0 Level A and AA |
11
+ | Chapter 3 | Functional Performance Criteria | Without visual, colour, hearing, speech, fine motor, cognitive limitations |
12
+ | Chapter 4 | Hardware | Physical ICT accessible controls, display, clearance |
13
+ | Chapter 6 | Support docs and services | Documentation and help in accessible formats |
14
+
15
+ ---
16
+
17
+ ## WCAG 2.0 Level A Success Criteria — Common Failures
18
+
19
+ ### 1.1.1 Non-text Content
20
+ - **Failure:** `<img>` missing `alt` attribute, or `alt=""` on informative image
21
+ - **Failure:** Icon buttons with no accessible name (`aria-label` or `aria-labelledby`)
22
+ - **Failure:** Charts and graphs with no text alternative describing data
23
+ - **Testing:** Automated (axe, WAVE) + manual screen reader review
24
+ - **Fix:** Add meaningful `alt` text; use `alt=""` only for decorative images; use `aria-label` on icon-only buttons
25
+
26
+ ### 1.3.1 Info and Relationships
27
+ - **Failure:** Visual headings not marked up with `<h1>`–`<h6>` (styled `<div>` or `<span>` used instead)
28
+ - **Failure:** Data tables with no `<th>` or `scope` attributes
29
+ - **Failure:** Form fields with visual label not programmatically associated (missing `<label for="">` or `aria-labelledby`)
30
+ - **Failure:** Required fields indicated only by colour or asterisk with no screen-reader-accessible text
31
+ - **Testing:** DOM inspection, NVDA/JAWS, automated (partial)
32
+ - **Fix:** Semantic HTML first; `aria-*` attributes only when semantic HTML insufficient
33
+
34
+ ### 2.1.1 Keyboard
35
+ - **Failure:** Custom dropdowns, date pickers, modal dialogs not operable by keyboard
36
+ - **Failure:** Mouse-only event handlers (`onclick` on non-interactive elements, `mouseover` without `focus` equivalent)
37
+ - **Failure:** Drag-and-drop with no keyboard alternative
38
+ - **Failure:** Keyboard trap in modal — Tab cycles only within modal but no way to close it
39
+ - **Testing:** Tab through entire page; activate all controls; open/close modals
40
+ - **Fix:** Use native HTML controls where possible; for custom widgets, implement ARIA keyboard patterns (ARIA Authoring Practices Guide)
41
+
42
+ ### 1.4.1 Use of Colour
43
+ - **Failure:** Form validation errors shown only by red border with no text or icon
44
+ - **Failure:** Required field indicator is colour-only (red asterisk with no "required" text)
45
+ - **Failure:** Link text colour is the only differentiator from surrounding body text (no underline or other visual cue)
46
+
47
+ ### 4.1.2 Name, Role, Value
48
+ - **Failure:** Custom checkboxes/radio buttons styled with CSS, no ARIA role or checked state
49
+ - **Failure:** Tab panels with no `role="tab"`, `role="tablist"`, `aria-selected`
50
+ - **Failure:** Toggle buttons with no `aria-pressed` attribute
51
+ - **Failure:** Expanded/collapsed accordions with no `aria-expanded`
52
+ - **Testing:** Inspect ARIA properties in browser accessibility tree; test with NVDA/JAWS
53
+ - **Fix:** Follow WAI-ARIA Authoring Practices Guide patterns for each widget type
54
+
55
+ ---
56
+
57
+ ## WCAG 2.0 Level AA Success Criteria — Common Failures
58
+
59
+ ### 1.4.3 Contrast (Minimum)
60
+ - Normal text (< 18pt or < 14pt bold): **4.5:1** minimum contrast ratio against background
61
+ - Large text (≥ 18pt or ≥ 14pt bold): **3:1** minimum
62
+ - **Failure:** Light grey text on white background (e.g., #767676 on #FFFFFF = 4.48:1 — fails AA)
63
+ - **Failure:** Placeholder text in input fields (often fails; placeholder is not a label substitute)
64
+ - **Exception:** Text in logos, inactive UI components, decorative text
65
+ - **Tool:** WebAIM Contrast Checker, Colour Contrast Analyser (desktop app), browser DevTools
66
+
67
+ ### 1.4.4 Resize Text
68
+ - **Failure:** Text rendered in `px` units inside CSS `@media` queries that prevent browser zoom from scaling text
69
+ - **Failure:** Fixed-height containers that clip text when zoomed to 200%
70
+ - **Fix:** Use relative units (`rem`, `em`) for font sizes and container heights; test at 200% browser zoom
71
+
72
+ ### 2.4.5 Multiple Ways
73
+ - **Requirement:** Provide at least two ways to find content: search + navigation, OR sitemap + navigation
74
+ - **Exception:** Pages that are the result of a process (e.g., checkout confirmation page) are excluded
75
+
76
+ ### 2.4.7 Focus Visible
77
+ - **Failure:** CSS `outline: none` or `outline: 0` removing the default focus ring with no replacement
78
+ - **Failure:** Focus ring present but invisible against background colour
79
+ - **Fix:** Never remove focus styling without replacing it; use `focus-visible` CSS pseudo-class
80
+
81
+ ### 3.3.3 Error Suggestion
82
+ - **Failure:** Form validation says "invalid input" without specifying what is wrong or how to fix it
83
+ - **Fix:** "Please enter a date in MM/DD/YYYY format" — specific, actionable suggestion
84
+
85
+ ### 3.3.4 Error Prevention
86
+ - **Requirement:** For legal, financial, or data deletion transactions: provide a review-and-confirm step, OR allow the submission to be reversed/cancelled
87
+
88
+ ---
89
+
90
+ ## Functional Performance Criteria (Chapter 3) — Section 508
91
+
92
+ | Criterion | Requirement |
93
+ |-----------|-------------|
94
+ | 302.1 Without Vision | At least one mode operable without vision (screen reader support) |
95
+ | 302.2 With Limited Vision | At least one mode with features that accommodate limited vision (zoom, high contrast) |
96
+ | 302.3 Without Perception of Colour | Colour not the only means to convey information |
97
+ | 302.4 Without Hearing | At least one mode operable without hearing (captions, transcripts, visual alerts) |
98
+ | 302.5 With Limited Hearing | At least one mode with features for limited hearing (volume control, captioning) |
99
+ | 302.6 Without Speech | At least one mode operable without speech |
100
+ | 302.7 With Limited Manipulation | At least one mode operable without fine motor control (no simultaneous key presses, no timed actions) |
101
+ | 302.8 With Limited Reach and Strength | At least one mode for limited reach (reachable controls) |
102
+ | 302.9 With Limited Language, Cognitive, and Learning | At least one mode that accommodates limited cognitive ability |
103
+
104
+ ---
105
+
106
+ ## Assistive Technology Testing Matrix
107
+
108
+ | AT + Browser | Primary Use Case | Notes |
109
+ |--------------|-----------------|-------|
110
+ | JAWS + Chrome | Federal agency standard; most common screen reader in US gov | Test all interactive widgets, form flows, dynamic content (ARIA live regions) |
111
+ | NVDA + Chrome or Firefox | Open-source; widely used for testing; required for VPAT testing | Free; good for broad coverage |
112
+ | VoiceOver + Safari (macOS) | Mac users; required if product targets Mac/iOS | Keyboard shortcut: Cmd+F5 |
113
+ | VoiceOver + Safari (iOS) | Mobile web and native iOS apps | Swipe navigation; activate with triple-click Home/Side button |
114
+ | TalkBack + Chrome (Android) | Android web and native apps | Swipe navigation; activate in Accessibility settings |
115
+ | Dragon NaturallySpeaking | Voice control users | Test all link text and button labels are speakable |
116
+ | Keyboard only | Most impactful test; catches most 2.1.x failures | Tab, Shift-Tab, Enter, Space, Arrow keys |
117
+ | High Contrast Mode (Windows) | OS-level contrast override | Ensure no information lost; images must not disappear |
118
+ | Browser Zoom 200% | SC 1.4.4 | Check for horizontal scroll, content overlap, clipped text |
119
+ | ZoomText / Magnifier | Low-vision users | Test with 4x magnification |
120
+
121
+ ---
122
+
123
+ ## PDF Accessibility Checklist
124
+
125
+ | Requirement | How to Verify | Tool |
126
+ |-------------|---------------|------|
127
+ | Document is tagged | File → Properties → Description tab: "Tagged PDF: Yes" | Acrobat Pro |
128
+ | Tag tree structure correct | Accessibility → Reading Order; Tags panel | Acrobat Pro |
129
+ | Reading order = visual order | View → Read Out Loud; or Articles panel | Acrobat Pro |
130
+ | Images have Alt text | Right-click image tag → Properties → Alternate Text | Acrobat Pro |
131
+ | Form fields have Tooltip/name | Open Form Editor; check Tooltip field for each control | Acrobat Pro |
132
+ | Table tags with TH/Scope | Tags panel; Table Inspector | Acrobat Pro |
133
+ | Document language set | File → Properties → Advanced → Reading Options | Acrobat Pro |
134
+ | Document title set | File → Properties → Description → Title | Acrobat Pro |
135
+ | No flicker/motion (if any) | Review any embedded multimedia | Manual |
136
+ | Passes automated check | Accessibility → Full Check → Run | Acrobat Pro |
137
+
138
+ ---
139
+
140
+ ## Common Procurement Deficiencies in VPATs
141
+
142
+ 1. **Outdated template** — using VPAT 1.x instead of VPAT 2.x (WCAG Edition). Reject and require resubmission.
143
+ 2. **"Supports" without evidence** — vendor claims support with no remarks. Require explanation for each "Supports" claim.
144
+ 3. **"Not Applicable" overuse** — vendor marks criteria N/A without justification. Challenge: almost no product has 100% N/A for interactive criteria.
145
+ 4. **Missing functional performance criteria** — vendors skip Chapter 3 entirely. Required for all ICT.
146
+ 5. **No testing methodology disclosed** — VPAT must state how testing was conducted (automated tools, AT + browser combinations, dates).
147
+ 6. **Version mismatch** — VPAT covers version 1.0 but agency is procuring version 2.0. Require VPAT for the exact version being procured.
148
+
149
+ ---
150
+
151
+ ## Key Legal References
152
+
153
+ - **29 U.S.C. § 794d** — Section 508 statutory text
154
+ - **36 CFR Part 1194** — Access Board's Revised Section 508 Standards (effective 18 January 2018)
155
+ - **FAR Subpart 39.2** — Federal Acquisition Regulation provisions on Section 508
156
+ - **FAR clause 52.239-2** — Section 508 contract clause (mandatory for ICT procurement)
157
+ - **OMB Memorandum M-24-08** — "Strengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act" (January 2024)
158
+ - **Section508.gov** — GSA's official guidance, VPAT templates, testing resources
159
+ - **WCAG 2.0** — W3C Recommendation (11 December 2008) — the incorporated technical standard
160
+ - **WCAG 2.1** — W3C Recommendation (5 June 2018) — supersedes 2.0; additional mobile/cognitive criteria (not yet mandated by 508 but recommended)