Skip to content

feat: Add accessibility-remediation-copilot kit#244

Merged
akshatvirmani merged 6 commits into
Lamatic:mainfrom
amananurag20:feat/accessibility-remediation-copilot
Jul 15, 2026
Merged

feat: Add accessibility-remediation-copilot kit#244
akshatvirmani merged 6 commits into
Lamatic:mainfrom
amananurag20:feat/accessibility-remediation-copilot

Conversation

@amananurag20

@amananurag20 amananurag20 commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds AccessFix, an accessibility remediation copilot built with Lamatic AgentKit.

AccessFix converts public webpage evidence or pasted HTML into prioritized,
evidence-grounded WCAG 2.2 findings, framework-aware code fixes, manual
verification plans, quick wins, and explicit audit limitations.

Problem

Accessibility reports often stop at detection. Development teams still need to:

  • Understand the impact on disabled users
  • Prioritize findings by severity and confidence
  • Map supported findings to WCAG 2.2
  • Produce framework-appropriate remediation code
  • Separate confirmed findings from conditions requiring human verification

Solution

This kit includes:

  • A deployed synchronous Lamatic accessibility-audit flow
  • Structured JSON generation with evidence-grounding rules
  • Prompt-injection protection for untrusted webpage content
  • WCAG 2.2 criterion and principle mapping
  • Severity and confidence classification
  • HTML, React, and Next.js remediation examples
  • Manual accessibility test plans
  • Public URL and pasted HTML input modes
  • JSON and Markdown report downloads
  • A responsive Next.js application
  • Server-side URL validation and private-network protection

Responsible-use boundaries

AccessFix is an evidence-limited engineering assistant.

It does not claim WCAG conformance, legal compliance, certification, or complete
accessibility. Runtime behavior, keyboard interaction, screen-reader output,
focus management, contrast, zoom/reflow, and usability must be verified manually
when the supplied evidence is insufficient.

Contribution checklist

Type

  • Kit
  • Located at kits/accessibility-remediation-copilot/
  • Contains one deployed Lamatic flow and a runnable Next.js application

Structure

  • lamatic.config.ts contains valid metadata
  • agent.md is present
  • README.md documents purpose, setup, usage, security, and limitations
  • flows/accessibility-audit.ts matches the configured mandatory step
  • constitutions/default.md is present
  • Prompts and model configuration are externalized using @references
  • Root and application .env.example files contain placeholders only
  • All @reference paths resolve
  • Vercel deploy link uses kits/accessibility-remediation-copilot/apps
  • No .env, .env.local, API keys, or credentials are committed
  • No existing kits or unrelated repository files are modified

Validation

  • Lamatic flow tested successfully
  • Lamatic project deployed successfully
  • Public URL audit tested
  • Pasted HTML audit tested
  • npm run typecheck passes
  • npm run build passes
  • npm audit --omit=dev reports 0 vulnerabilities
  • GitHub Actions pass
  • CodeRabbit feedback is addressed

Testing notes

The audit was tested with:

  1. A server-rendered public webpage containing directly inspectable markup
  2. A client-rendered webpage where uncertain conditions were moved to manual checks
  3. Pasted HTML containing an unlabeled input, an image without alternative text,
    and an unnamed icon-only button

The application correctly rejects malformed or empty upstream structured responses
instead of displaying incomplete accessibility reports.

Screenshots

image image image image
  • Added .gitignore entries for the copilot kit and Next app to exclude build artifacts, env files, and npm debug logs.
  • Added documentation for the overall “AccessFix” workflow, setup/validation commands, security/privacy and limitations (kits/accessibility-remediation-copilot/README.md), plus a dedicated “AccessFix Agent” doc (kits/accessibility-remediation-copilot/agent.md).
  • Added environment templates: kit root .env.example and Next app apps/.env.example.
  • Added Next.js app scaffolding and styling: apps/package.json, apps/tsconfig.json, apps/next.config.ts, apps/next-env.d.ts, apps/components.json, and a full apps/app/globals.css.
  • Added the audit UI shell and workspace rendering:
    • apps/app/layout.tsx (fonts + metadata + global CSS)
    • apps/app/page.tsx (renders AuditWorkspace)
    • apps/components/audit-workspace.tsx (URL vs pasted-HTML evidence input, submit handling, results rendering, exports to JSON/Markdown, severity filter, findings expand/collapse, manual verification plan, quick wins, limitations/disclaimer).
    • UI primitives: apps/components/ui/button.tsx, input.tsx, select.tsx, textarea.tsx and utility apps/lib/utils.ts (cn).
  • Added server-side API integration and hardening:
    • apps/app/api/audit/route.ts (POST /api/audit): request validation, per-client rate limiting, evidence acquisition (URL fetch vs HTML prep), Lamatic flow execution, response normalization and schema validation, truncation limitation messaging, and safe error mapping.
    • apps/lib/rate-limit.ts (in-memory per-client limiter based on x-forwarded-for/x-real-ip).
    • apps/lib/safe-page-fetch.ts (HTTP(S)-only URL validation, DNS resolution pinning, redirects/timeout/size bounds, content-type checks, script/style/comment stripping, evidence compaction/truncation, private-network/loopback rejection; throws PageEvidenceError).
    • apps/lib/lamatic-client.ts (Lamatic config resolution from env + client creation).
    • apps/lib/audit-schema.ts (Zod schemas + TS types for audit requests/results, severity/confidence/WCAG metadata mapping, and derived summary counts).
  • Added Lamatic kit configuration and agent behavior documents:
    • lamatic.config.ts (kit metadata + required audit step wired to ACCESSIBILITY_AUDIT_FLOW_ID)
    • constitutions/default.md (“AccessFix Constitution” guardrails and boundaries)
    • flows/accessibility-audit.ts (sync evidence→findings flow definition)
    • prompts + model config for the instructor node:
      • prompts/accessibility-audit_instructor-llmnode-284_system_0.md
      • prompts/accessibility-audit_instructor-llmnode-284_user_1.md
      • model-configs/accessibility-audit_instructor-llmnode-284_generative-model-name.ts
  • Flow check / how the Lamatic flow works (flows/accessibility-audit.ts):
    • Uses node types: triggerNode (API request), dynamicNode (Generate JSON via the instructor/LLM with the embedded structured output schema), and responseNode (maps instructor output into API response).
    • Edges: defaultEdge from triggerNode_1 -> InstructorLLMNode_284 and InstructorLLMNode_284 -> responseNode_triggerNode_1, plus a responseEdge for trigger→response wiring.
    • High level: the server supplies sanitized evidence (URL-fetched or HTML-prepped) + framework + target WCAG level → the instructor produces evidence-grounded WCAG 2.2-mapped findings (bounded counts) including user impact, recommendations with framework-aware code, manual verification tasks, quick wins, limitations, and disclaimer → the response node returns { auditSummary, findings, manualChecks, quickWins, limitations, disclaimer } as JSON.
  • Notes on “flow.json”:
    • No flow.json file exists in the repo; the flow is defined in kits/accessibility-remediation-copilot/flows/accessibility-audit.ts.

@github-actions

github-actions Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

:robot_face: AgentKit Structural Validation

New Contributions Detected

  • Kit: kits/accessibility-remediation-copilot

Check Results

Check Status
No edits to existing kits ✅ Pass
Required root files present ✅ Pass
Flow .ts files present ✅ Pass
lamatic.config.ts valid ✅ Pass
No changes outside kits/ ✅ Pass

🎉 All checks passed! This contribution follows the AgentKit structure.

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: a0893efe-72dc-4aee-8933-c20ab2d38568

📥 Commits

Reviewing files that changed from the base of the PR and between c69dace and 9411e0e.

📒 Files selected for processing (1)
  • kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts

Walkthrough

Changes

AccessFix adds a Next.js accessibility audit application that accepts URLs or HTML, safely prepares evidence, executes a Lamatic flow, validates structured WCAG-mapped results, and presents findings with filtering and export options.

Audit backend

Layer / File(s) Summary
Audit contracts and backend execution
kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts, apps/lib/safe-page-fetch.ts, apps/lib/rate-limit.ts, apps/lib/lamatic-client.ts, apps/app/api/audit/route.ts
Defines bounded audit request/result schemas, SSRF-resistant evidence retrieval, rate limiting, Lamatic client configuration, response normalization, and API error handling.

Lamatic generation

Layer / File(s) Summary
Lamatic flow and evidence-based generation
kits/accessibility-remediation-copilot/flows/accessibility-audit.ts, constitutions/default.md, prompts/*, model-configs/*, agent.md
Defines the audit graph, model configuration, evidence constraints, structured output requirements, WCAG mapping rules, and manual-verification boundaries.

Audit interface

Layer / File(s) Summary
Audit workspace and results interface
kits/accessibility-remediation-copilot/apps/app/*, apps/components/audit-workspace.tsx, apps/components/ui/*, apps/lib/utils.ts, apps/components.json
Adds the audit form, URL/HTML modes, submission handling, findings display, severity filtering, report downloads, reusable controls, accessibility-focused styling, and responsive layouts.

Application setup

Layer / File(s) Summary
Application packaging and setup
kits/accessibility-remediation-copilot/README.md, apps/package.json, apps/tsconfig.json, apps/next.config.ts, apps/postcss.config.mjs, .env.example, apps/.env.example, *.gitignore, lamatic.config.ts, apps/next-env.d.ts
Adds kit metadata, environment templates, package and compiler configuration, Next.js generated type references, ignore rules, PostCSS setup, deployment instructions, and validation guidance.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and clearly names the main change: adding the accessibility-remediation-copilot kit.
Description check ✅ Passed The description is well-structured and covers summary, purpose, solution, checklist, validation, testing notes, and limitations.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 9

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
kits/accessibility-remediation-copilot/apps/next.config.ts (1)

1-8: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Rename configuration file to next.config.mjs.

Good morning, agent. We have a strict naming convention to uphold. Your mission, should you choose to accept it, is to rename this configuration file to next.config.mjs and adjust the TypeScript syntax to JSDoc to maintain type safety. As per coding guidelines, the Next.js app must be located in the apps/ directory with its own package.json, next.config.mjs, tsconfig.json, and .env.example.

🕵️ Proposed `.mjs` syntax adaptation

Once the file is renamed to next.config.mjs, apply this adjustment:

-import type { NextConfig } from "next";
-
-const nextConfig: NextConfig = {
+/** `@type` {import('next').NextConfig} */
+const nextConfig = {
   poweredByHeader: false,
 };
 
 export default nextConfig;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/accessibility-remediation-copilot/apps/next.config.ts` around lines 1 -
8, Rename the Next.js configuration file represented by nextConfig to
next.config.mjs, convert its TypeScript type annotation to JSDoc-based type
checking compatible with ESM, and preserve poweredByHeader: false and the
default export. Verify the app remains under apps/ with its own package.json,
next.config.mjs, tsconfig.json, and .env.example.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/accessibility-remediation-copilot/apps/app/api/audit/route.ts`:
- Around line 37-39: Protect the POST handler in audit route with per-IP or
per-session rate limiting before parsing and processing the request, enforcing a
quota that bounds outbound fetches and LLM flow invocations. Reuse the project’s
existing throttling mechanism if available, and return the established
rate-limit response when the quota is exceeded.
- Around line 61-78: Update the validation failures raised by fetchPublicPage
and prepareHtmlEvidence to use a dedicated error type or status property,
replacing their plain user-input-related Error throws. In the audit route catch
block, detect that validation marker before the configuration/authentication
checks and return the corresponding client-error status instead of 502; preserve
the existing handling for ZodError, server configuration, authentication, and
unexpected failures.

In `@kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx`:
- Around line 134-135: Update the post-setResult scrolling flow to use
setTimeout instead of requestAnimationFrame, ensuring React commits
`#audit-results` before querySelector and scrollIntoView execute. Preserve the
existing smooth scrolling behavior and target selector.

In `@kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts`:
- Around line 5-47: Update auditResultSchema to reuse the existing A/AA/AAA enum
for auditSummary.targetLevel and findings[].wcagLevel, and constrain overallRisk
with the appropriate existing risk-label schema if available. Add a superRefine
on the root schema that derives totalFindings and
critical/serious/moderate/minor counts from findings and rejects any mismatched
auditSummary values.

In `@kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts`:
- Around line 81-96: Update compactHtml, prepareHtmlEvidence, and
fetchPublicPage to preserve whether the cleaned HTML exceeded
MAX_EVIDENCE_CHARS, then propagate that truncation flag into the audit result.
When truncation occurs, append a clear limitation indicating the audit used
partial evidence; retain the existing evidence validation and behavior when no
truncation occurs.
- Around line 47-79: Update assertPublicUrl and the request flow around
fetch(current, ...) to retain the validated DNS address and pin that address for
the entire request, including redirects. Use a custom Undici
dispatcher/connector so socket connections use the approved IP instead of
re-resolving the hostname, while preserving the existing rejection of private
addresses and URL validation.
- Line 68: Add one shared wall-clock deadline to the fetch flow, creating it in
fetchPublicPage() and threading it through each redirect validation call to
assertPublicUrl(). Ensure DNS lookup, fetch attempts, and redirect handling
honor the remaining time and fail immediately once the deadline expires, rather
than resetting a timeout per attempt.

In `@kits/accessibility-remediation-copilot/apps/package.json`:
- Around line 11-18: Adopt the designated UI toolchain across all three sites:
add react-hook-form, Tailwind CSS v4+, and the required shadcn/ui dependencies
in kits/accessibility-remediation-copilot/apps/package.json lines 11-18;
refactor the form and UI elements around audit-workspace.tsx lines 104-108 to
use react-hook-form and shadcn/ui components; initialize Tailwind CSS v4+ in
globals.css lines 1-15 with the required import or theme directives.

In `@kits/accessibility-remediation-copilot/README.md`:
- Around line 60-61: Update the runtime prerequisites in the README from Node.js
18 or later to Node.js 20 or later, keeping the existing npm 9 or later
requirement unchanged.

---

Outside diff comments:
In `@kits/accessibility-remediation-copilot/apps/next.config.ts`:
- Around line 1-8: Rename the Next.js configuration file represented by
nextConfig to next.config.mjs, convert its TypeScript type annotation to
JSDoc-based type checking compatible with ESM, and preserve poweredByHeader:
false and the default export. Verify the app remains under apps/ with its own
package.json, next.config.mjs, tsconfig.json, and .env.example.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: f940f8ea-6009-4fc0-9b87-960a39fa2782

📥 Commits

Reviewing files that changed from the base of the PR and between aabc909 and 6652a4d.

⛔ Files ignored due to path filters (1)
  • kits/accessibility-remediation-copilot/apps/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (23)
  • kits/accessibility-remediation-copilot/.gitignore
  • kits/accessibility-remediation-copilot/README.md
  • kits/accessibility-remediation-copilot/agent.md
  • kits/accessibility-remediation-copilot/apps/.env.example
  • kits/accessibility-remediation-copilot/apps/.gitignore
  • kits/accessibility-remediation-copilot/apps/app/api/audit/route.ts
  • kits/accessibility-remediation-copilot/apps/app/globals.css
  • kits/accessibility-remediation-copilot/apps/app/layout.tsx
  • kits/accessibility-remediation-copilot/apps/app/page.tsx
  • kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx
  • kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts
  • kits/accessibility-remediation-copilot/apps/lib/lamatic-client.ts
  • kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts
  • kits/accessibility-remediation-copilot/apps/next-env.d.ts
  • kits/accessibility-remediation-copilot/apps/next.config.ts
  • kits/accessibility-remediation-copilot/apps/package.json
  • kits/accessibility-remediation-copilot/apps/tsconfig.json
  • kits/accessibility-remediation-copilot/constitutions/default.md
  • kits/accessibility-remediation-copilot/flows/accessibility-audit.ts
  • kits/accessibility-remediation-copilot/lamatic.config.ts
  • kits/accessibility-remediation-copilot/model-configs/accessibility-audit_instructor-llmnode-284_generative-model-name.ts
  • kits/accessibility-remediation-copilot/prompts/accessibility-audit_instructor-llmnode-284_system_0.md
  • kits/accessibility-remediation-copilot/prompts/accessibility-audit_instructor-llmnode-284_user_1.md

Comment thread kits/accessibility-remediation-copilot/apps/app/api/audit/route.ts
Comment thread kits/accessibility-remediation-copilot/apps/app/api/audit/route.ts
Comment thread kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx Outdated
Comment thread kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts Outdated
Comment thread kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts Outdated
Comment thread kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts Outdated
Comment thread kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts
Comment thread kits/accessibility-remediation-copilot/apps/package.json
Comment thread kits/accessibility-remediation-copilot/README.md Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/accessibility-remediation-copilot/.env.example`:
- Around line 1-4: Reorder the keys in the environment template to satisfy
dotenv-linter: place ACCESSIBILITY_AUDIT_FLOW_ID first, followed by
LAMATIC_API_KEY, LAMATIC_API_URL, and LAMATIC_PROJECT_ID.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4531450-0094-423d-adf6-9c4de84f06ba

📥 Commits

Reviewing files that changed from the base of the PR and between 6652a4d and 5e43c1a.

📒 Files selected for processing (1)
  • kits/accessibility-remediation-copilot/.env.example

Comment thread kits/accessibility-remediation-copilot/.env.example Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts (1)

111-127: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win

Agent, the perimeter has a gap: nobody actually checks the URL is a URL.

auditRequestSchema.url only enforces non-emptiness, and the form disables native browser validation (noValidate) for the type="url" input, so a garbage string in "Public URL" mode sails past every client-side check and only meets its fate deep inside safe-page-fetch.ts (not in this review's file set) — where failure mode is unverified.

  • kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts#L111-L127: add .url() (or an equivalent explicit format check) to the url field so malformed URLs are rejected at the schema boundary with a clear message, not just checked for non-emptiness.
  • kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx#L206-L233: now that the schema will produce a proper validation error, ensure the rendered errors.url.message covers the "not a valid URL" case too (currently only "Enter a public webpage URL." is wired for the empty case).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts` around lines
111 - 127, The URL field accepts malformed values because auditRequestSchema
only checks presence; add explicit URL format validation with a clear error
while preserving the required-field check. Update
kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts lines 111-127 in
auditRequestSchema, and update
kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx lines
206-233 to render errors.url.message for invalid URLs as well as empty values.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx`:
- Around line 142-145: Update the result-handling useEffect to focus the
`#audit-results` section after locating it, while preserving the smooth scroll
behavior. Use the existing tabIndex={-1} target so keyboard and screen reader
focus moves to the newly available results.

In `@kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts`:
- Around line 64-106: Replace the rejecting derived-field checks in the audit
schema’s superRefine with a transform that recomputes
auditSummary.totalFindings, each severity count, and overallRisk from findings.
Preserve validation for the findings and auditSummary structure, but ensure
safeParse succeeds when only redundant summary values are inconsistent and
returns the normalized derived values.

In `@kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts`:
- Around line 142-185: Update requestPinnedPage’s response event setup to attach
an error listener that invokes clearDeadline, alongside the existing end and
close listeners, so IncomingMessage errors are handled without becoming uncaught
exceptions.

In `@kits/accessibility-remediation-copilot/apps/tsconfig.tsbuildinfo`:
- Line 1: Remove the committed tsconfig.tsbuildinfo generated cache, add
*.tsbuildinfo to the repository’s ignore rules, and leave regeneration to npm
run typecheck in local or CI environments. Do not modify source configuration or
preserve this generated artifact.

---

Outside diff comments:
In `@kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts`:
- Around line 111-127: The URL field accepts malformed values because
auditRequestSchema only checks presence; add explicit URL format validation with
a clear error while preserving the required-field check. Update
kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts lines 111-127 in
auditRequestSchema, and update
kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx lines
206-233 to render errors.url.message for invalid URLs as well as empty values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1646d69e-e832-423e-a195-b106df849858

📥 Commits

Reviewing files that changed from the base of the PR and between 5e43c1a and 1fd8a3d.

⛔ Files ignored due to path filters (1)
  • kits/accessibility-remediation-copilot/apps/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (19)
  • kits/accessibility-remediation-copilot/.env.example
  • kits/accessibility-remediation-copilot/README.md
  • kits/accessibility-remediation-copilot/apps/.env.example
  • kits/accessibility-remediation-copilot/apps/app/api/audit/route.ts
  • kits/accessibility-remediation-copilot/apps/app/globals.css
  • kits/accessibility-remediation-copilot/apps/components.json
  • kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx
  • kits/accessibility-remediation-copilot/apps/components/ui/button.tsx
  • kits/accessibility-remediation-copilot/apps/components/ui/input.tsx
  • kits/accessibility-remediation-copilot/apps/components/ui/select.tsx
  • kits/accessibility-remediation-copilot/apps/components/ui/textarea.tsx
  • kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts
  • kits/accessibility-remediation-copilot/apps/lib/rate-limit.ts
  • kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts
  • kits/accessibility-remediation-copilot/apps/lib/utils.ts
  • kits/accessibility-remediation-copilot/apps/next-env.d.ts
  • kits/accessibility-remediation-copilot/apps/package.json
  • kits/accessibility-remediation-copilot/apps/postcss.config.mjs
  • kits/accessibility-remediation-copilot/apps/tsconfig.tsbuildinfo

Comment thread kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts Outdated
Comment thread kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts
Comment thread kits/accessibility-remediation-copilot/apps/tsconfig.tsbuildinfo Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx (2)

305-327: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Use stable composite keys here. finding.id and the string items in affectedUsers, quickWins, limitations, and steps can repeat, which can trigger duplicate-key warnings and unstable DOM reuse.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx`
around lines 305 - 327, Replace the potentially non-unique React keys in the
finding list and mapped collections with stable composite keys. Update the keys
for findings, affectedUsers, quickWins, limitations, and steps using each item’s
relevant parent identifier plus its array index or another unique contextual
value, while preserving the existing rendering and content.

210-216: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Complete the tab pattern or switch to button toggles.
These controls use role="tablist"/role="tab" but don’t provide the rest of the tabs pattern (aria-controls, tabpanel wiring, or arrow-key navigation). If this is just a mode switch, use plain buttons with aria-pressed; otherwise add the full tabs behavior.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx`
around lines 210 - 216, Update the mode switch around the mode-tabs container
and its Public URL/Paste HTML controls to use plain buttons with aria-pressed
instead of tablist/tab roles, since this is a mode toggle rather than a full
tabs widget. Preserve the existing mode selection, active styling, and
validation behavior while removing the incomplete tabs semantics.
kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts (1)

222-222: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Handle invalid redirect URLs.

Good evening, Agent. The DNS pinning and timeout enhancements have been executed flawlessly, but there is one loose end. If a rogue server returns a malformed Location header, new URL() will throw a TypeError. This bubbles up as an unhandled exception, blowing our cover and resulting in a generic 502 response instead of a clean 422 PageEvidenceError.

Your mission, should you choose to accept it: Wrap the URL parsing in a try-catch block to maintain total control over the operational footprint.

🕵️ Proposed fix for redirect parsing
-      target = await assertPublicUrl(new URL(location, target.url).toString(), deadline);
+      let nextUrl: string;
+      try {
+        nextUrl = new URL(location, target.url).toString();
+      } catch {
+        throw new PageEvidenceError("The webpage redirected to an invalid URL.", 422);
+      }
+      target = await assertPublicUrl(nextUrl, deadline);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts` at line
222, Update the redirect handling around assertPublicUrl and new URL in the safe
page-fetch flow to catch malformed Location header parsing errors. Convert the
URL construction failure into the established 422 PageEvidenceError path,
preserving the existing redirect validation and timeout behavior for valid URLs.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts`:
- Around line 64-70: Update the counts construction in the audit schema
transform to traverse audit.findings only once, incrementing the matching
critical, serious, moderate, and minor counters during that pass. Preserve the
existing severity-specific count results and output shape.

---

Outside diff comments:
In `@kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx`:
- Around line 305-327: Replace the potentially non-unique React keys in the
finding list and mapped collections with stable composite keys. Update the keys
for findings, affectedUsers, quickWins, limitations, and steps using each item’s
relevant parent identifier plus its array index or another unique contextual
value, while preserving the existing rendering and content.
- Around line 210-216: Update the mode switch around the mode-tabs container and
its Public URL/Paste HTML controls to use plain buttons with aria-pressed
instead of tablist/tab roles, since this is a mode toggle rather than a full
tabs widget. Preserve the existing mode selection, active styling, and
validation behavior while removing the incomplete tabs semantics.

In `@kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts`:
- Line 222: Update the redirect handling around assertPublicUrl and new URL in
the safe page-fetch flow to catch malformed Location header parsing errors.
Convert the URL construction failure into the established 422 PageEvidenceError
path, preserving the existing redirect validation and timeout behavior for valid
URLs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: ceec6ff3-9ba3-4288-a511-01e17a7ddc4a

📥 Commits

Reviewing files that changed from the base of the PR and between 1fd8a3d and c69dace.

📒 Files selected for processing (4)
  • kits/accessibility-remediation-copilot/apps/.gitignore
  • kits/accessibility-remediation-copilot/apps/components/audit-workspace.tsx
  • kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts
  • kits/accessibility-remediation-copilot/apps/lib/safe-page-fetch.ts

Comment thread kits/accessibility-remediation-copilot/apps/lib/audit-schema.ts
@akshatvirmani

Copy link
Copy Markdown
Contributor

/validate

@github-actions

Copy link
Copy Markdown
Contributor

📡 Running Studio validation — results will appear here shortly.

@github-actions

Copy link
Copy Markdown
Contributor

Studio Runtime Validation (Phase 2)

Studio validation passed. The kit loaded successfully in Lamatic Studio.

This PR is ready for final review and merge.

@akshatvirmani akshatvirmani added the tier-1 Strong label Jul 15, 2026
@akshatvirmani akshatvirmani merged commit 7f28ab5 into Lamatic:main Jul 15, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants