How Reverter works
Three surfaces. One @ariada-org/core-engine. Every fix request
answers four questions: deterministic? cached? adaptive context? validated?
Where Reverter sits
The Ariada family covers eight scanner layers (L0 axe-core
baseline through L7 governance). Reverter owns
Layer 4 — Remediation. The Ariadne purple
thread between layers is the shared @ariada-org/core engine.
- L7 Governance & dashboards ariada.ai
- L6 Visualisation & comms Visual Character Scanner
- L5 CI gate clamper.ai
- L4 Remediation reverter.ai
- L3 Attribution blamer.ai
- L2 Cross-domain mapping shared in core
- L1 Single-pass DOM iteration ariada engine
- L0 axe-core baseline shared in core
The remediation pipeline
DETECT -> CLASSIFY -> FETCH/GENERATE -> VALIDATE -> DIFF
Finding (from axe-core via @ariada-org/core scan)
-> Tier 1 deterministic rule engine (zero LLM cost)
-> Tier 2 signature cache lookup (~$0.0001 / Redis)
-> Cache miss: adaptive context -> LLM (Claude / GPT-4 class)
-> PII layer: detect, swap placeholders, restore
-> Validate: parser must accept patched text
-> Unified diff or in-IDE applyEdits
-> Source code changes (NOT runtime overlay)
Tiered remediation
| Tier | What it does | Cost per fix | Coverage target |
| Tier 1 — deterministic | lang="en", decorative alt="", for/id, aria-required-attr, duplicate-id, meta-viewport | $0 (pure code) | 35–50% of axe findings |
| Tier 2 cache hit | Signature key matches a prior remediation; reuse the diff template | ~$0.0001 (Redis lookup) | 80–90% of Tier 2 calls after warm-up |
| Tier 2 cache miss | Adaptive context window → LLM → candidate fix → validate | $0.005–$0.05 per fix | residual ~5–10% of all violations |
| Tier 2 needs-review | LLM produces a TODO marker plus diff; human reviews semantic content (alt text, link text, headings) | same as cache miss | 10–15% of all violations |
Reverter's core capability is the cascade itself: identified
accessibility violations are classified by complexity into
processing tiers, with deterministic violations remediated by a
rule-based engine before any generative language model is
invoked. Cost figures are per-fix order-of-magnitude estimates.
MVP codemod library
Top-10 axe rules by real-world frequency. Phase 2 expands to
30 rules; Phase 3 to the full axe rule set.
| # | axe rule | Tier | Risk | Remediation capability |
| 1 | color-contrast | Tier 2 | needs-review | cascade + cache + adaptive context |
| 2 | image-alt | Tier 2 | needs-review | cascade + cache + adaptive context |
| 3 | label | Tier 1 | safe | cascade + source-code apply |
| 4 | html-has-lang | Tier 1 | safe | cascade + source-code apply |
| 5 | link-name | Tier 2 | needs-review | cascade + cache + adaptive context |
| 6 | button-name | Tier 2 | needs-review | cascade + cache + adaptive context |
| 7 | heading-order | Tier 2 | needs-review | cascade + cache + adaptive context |
| 8 | duplicate-id | Tier 1 | safe | cascade + source-code apply |
| 9 | aria-required-attr | Tier 1 | safe | cascade + source-code apply |
| 10 | meta-viewport | Tier 1 | safe | cascade + source-code apply |
Three delivery surfaces
1. VS Code Extension
Microsoft Marketplace install. Squiggly underlines on violation
locations; severity mapping
critical/serious → Error,
moderate → Warning,
minor → Info. Lightbulb code-action proposes a unified diff
the developer accepts or rejects.
- Activation: TS/JS/JSX/TSX/HTML/CSS/SCSS/Vue/Svelte/Astro
- Triggers: command palette / optional
onSave opt-in via .ariada.yml - Local mode by default; cloud LLM is workspace-opt-in
- Bundle target < 5 MB VSIX (chromium lazy-installed, not bundled)
- Telemetry: zero by default; opt-in PostHog records crash + activation only (never code or scan data)
- Full remediation capabilities: cascade, multi-tool with confidence, version-aware, source-code apply
2. MCP Server (@ariada-org/mcp)
npx @ariada-org/mcp — STDIO transport (default) or
--transport sse --port 8765. Two-line config in
Claude Desktop, Cursor, Claude Code, or any other MCP-aware
agent.
{
"mcpServers": {
"ariada": {
"command": "npx",
"args": ["-y", "@ariada-org/mcp"]
}
}
}
Tool surface (P0):
scan_url — run @ariada-org/core scan against a URL scan_local — serve and scan a local static-files directory get_fix_suggestion — propose without applying apply_fix — apply codemod to source file (supports dry_run) explain_rule — WCAG criterion + plain-language explanation list_supported_codemods — enumerate codemod IDs with risk levels
All tool inputs validated via zod; logs to stderr only
(STDIO transport reserves stdout for JSON-RPC); rate-limited via
in-process LRU.
3. CLI (ariada fix)
Local + CI/CD invocation; SARIF input/output for pipeline
integration.
npx @ariada-org/cli fix ./src
npx @ariada-org/cli fix --input nightly.sarif --severity moderate-up
npx @ariada-org/cli fix --dry-run
- Output formats: unified diff (default), JSON, applied-files summary
- Exit codes: 0 = all fixes applied cleanly, 1 = some rejected, 2 = scan error
- GitHub Action wrapper
ariada/fix-action@v1 (planned) - PII layer always on for cloud LLM; bypassed for self-host LLM
- Full remediation capabilities: source-code apply + PII-safe preprocessing
Installation
Reverter is in early access. Public packages will publish to npm
and the Microsoft Marketplace once the early-access programme
closes. Contact us for the early-access
list.
PII-safe preprocessing
Input DOM
v
Microsoft Presidio + spaCy NER scan
v
For each PII span: replace with type-preserving placeholder
(Erik Andersson -> [NAME_1], erik@example.com -> [EMAIL_1], ...)
v
Sanitised DOM -> adaptive context window -> LLM
v
LLM returns remediation referencing placeholders (or none)
v
Restore: every [NAME_N] / [EMAIL_N] / [ADDRESS_N] swapped back
v
Audit log: { prompt_redacted, restored_count, leakage_check: pass | fail }
Round-trip non-PII byte-diff is zero by construction; PII never
enters the LLM prompt (verified via prompt audit-log assertion).
The leakage bound is expressible as a function of the PII
detector's false-negative rate.
Validation evidence
Reverter's design is grounded in a pre-filing prior-art search
across prior-art and academic literature; the methodology and
findings are available under NDA.
End-to-end Reverter accuracy on production customer code is
pending the initial PoC pilot wave — the
industrial-scale validation runs against AccessGuru 3,500-pair
corpus, the WebAIM Million 5K subset, and ACT Rules. We do not
claim "validated on N customer sites".
See pricing →