How Reverter works

Three surfaces. One @ariada-org/core-engine. Every fix request answers four questions: deterministic? cached? adaptive context? validated?

Where Reverter sits

The Ariada family covers eight scanner layers (L0 axe-core baseline through L7 governance). Reverter owns Layer 4 — Remediation. The Ariadne purple thread between layers is the shared @ariada-org/core engine.

  1. Governance & dashboards ariada.ai
  2. Visualisation & comms Visual Character Scanner
  3. CI gate clamper.ai
  4. Remediation reverter.ai
  5. Attribution blamer.ai
  6. Cross-domain mapping shared in core
  7. Single-pass DOM iteration ariada engine
  8. axe-core baseline shared in core

The remediation pipeline

DETECT -> CLASSIFY -> FETCH/GENERATE -> VALIDATE -> DIFF

  Finding (from axe-core via @ariada-org/core scan)
    -> Tier 1 deterministic rule engine        (zero LLM cost)
      -> Tier 2 signature cache lookup        (~$0.0001 / Redis)
        -> Cache miss: adaptive context -> LLM (Claude / GPT-4 class)
          -> PII layer: detect, swap placeholders, restore
            -> Validate: parser must accept patched text
              -> Unified diff or in-IDE applyEdits
                -> Source code changes (NOT runtime overlay)
    

Tiered remediation

Tier What it does Cost per fix Coverage target
Tier 1 — deterministic lang="en", decorative alt="", for/id, aria-required-attr, duplicate-id, meta-viewport $0 (pure code) 35–50% of axe findings
Tier 2 cache hit Signature key matches a prior remediation; reuse the diff template ~$0.0001 (Redis lookup) 80–90% of Tier 2 calls after warm-up
Tier 2 cache miss Adaptive context window → LLM → candidate fix → validate $0.005–$0.05 per fix residual ~5–10% of all violations
Tier 2 needs-review LLM produces a TODO marker plus diff; human reviews semantic content (alt text, link text, headings) same as cache miss 10–15% of all violations

Reverter's core capability is the cascade itself: identified accessibility violations are classified by complexity into processing tiers, with deterministic violations remediated by a rule-based engine before any generative language model is invoked. Cost figures are per-fix order-of-magnitude estimates.

MVP codemod library

Top-10 axe rules by real-world frequency. Phase 2 expands to 30 rules; Phase 3 to the full axe rule set.

# axe rule Tier Risk Remediation capability
1color-contrastTier 2needs-reviewcascade + cache + adaptive context
2image-altTier 2needs-reviewcascade + cache + adaptive context
3labelTier 1safecascade + source-code apply
4html-has-langTier 1safecascade + source-code apply
5link-nameTier 2needs-reviewcascade + cache + adaptive context
6button-nameTier 2needs-reviewcascade + cache + adaptive context
7heading-orderTier 2needs-reviewcascade + cache + adaptive context
8duplicate-idTier 1safecascade + source-code apply
9aria-required-attrTier 1safecascade + source-code apply
10meta-viewportTier 1safecascade + source-code apply

Three delivery surfaces

1. VS Code Extension

Microsoft Marketplace install. Squiggly underlines on violation locations; severity mapping critical/serious → Error, moderate → Warning, minor → Info. Lightbulb code-action proposes a unified diff the developer accepts or rejects.

  • Activation: TS/JS/JSX/TSX/HTML/CSS/SCSS/Vue/Svelte/Astro
  • Triggers: command palette / optional onSave opt-in via .ariada.yml
  • Local mode by default; cloud LLM is workspace-opt-in
  • Bundle target < 5 MB VSIX (chromium lazy-installed, not bundled)
  • Telemetry: zero by default; opt-in PostHog records crash + activation only (never code or scan data)
  • Full remediation capabilities: cascade, multi-tool with confidence, version-aware, source-code apply

2. MCP Server (@ariada-org/mcp)

npx @ariada-org/mcp — STDIO transport (default) or --transport sse --port 8765. Two-line config in Claude Desktop, Cursor, Claude Code, or any other MCP-aware agent.

{
  "mcpServers": {
    "ariada": {
      "command": "npx",
      "args": ["-y", "@ariada-org/mcp"]
    }
  }
}

Tool surface (P0):

  • scan_url — run @ariada-org/core scan against a URL
  • scan_local — serve and scan a local static-files directory
  • get_fix_suggestion — propose without applying
  • apply_fix — apply codemod to source file (supports dry_run)
  • explain_rule — WCAG criterion + plain-language explanation
  • list_supported_codemods — enumerate codemod IDs with risk levels

All tool inputs validated via zod; logs to stderr only (STDIO transport reserves stdout for JSON-RPC); rate-limited via in-process LRU.

3. CLI (ariada fix)

Local + CI/CD invocation; SARIF input/output for pipeline integration.

npx @ariada-org/cli fix ./src
npx @ariada-org/cli fix --input nightly.sarif --severity moderate-up
npx @ariada-org/cli fix --dry-run
  • Output formats: unified diff (default), JSON, applied-files summary
  • Exit codes: 0 = all fixes applied cleanly, 1 = some rejected, 2 = scan error
  • GitHub Action wrapper ariada/fix-action@v1 (planned)
  • PII layer always on for cloud LLM; bypassed for self-host LLM
  • Full remediation capabilities: source-code apply + PII-safe preprocessing

Installation

Reverter is in early access. Public packages will publish to npm and the Microsoft Marketplace once the early-access programme closes. Contact us for the early-access list.

PII-safe preprocessing

Input DOM
  v
Microsoft Presidio + spaCy NER scan
  v
For each PII span: replace with type-preserving placeholder
  (Erik Andersson -> [NAME_1], erik@example.com -> [EMAIL_1], ...)
  v
Sanitised DOM -> adaptive context window -> LLM
  v
LLM returns remediation referencing placeholders (or none)
  v
Restore: every [NAME_N] / [EMAIL_N] / [ADDRESS_N] swapped back
  v
Audit log: { prompt_redacted, restored_count, leakage_check: pass | fail }

Round-trip non-PII byte-diff is zero by construction; PII never enters the LLM prompt (verified via prompt audit-log assertion). The leakage bound is expressible as a function of the PII detector's false-negative rate.

Validation evidence

Reverter's design is grounded in a pre-filing prior-art search across prior-art and academic literature; the methodology and findings are available under NDA.

End-to-end Reverter accuracy on production customer code is pending the initial PoC pilot wave — the industrial-scale validation runs against AccessGuru 3,500-pair corpus, the WebAIM Million 5K subset, and ACT Rules. We do not claim "validated on N customer sites".

See pricing →