Access Audit is a hosted accessibility audit workspace for teams that need more than a quick automated scan. It crawls real pages with Playwright, runs axe-core and custom checks, records keyboard and visual risks, organizes manual WCAG review, captures evidence, tracks remediation work, and turns the results into clear risk reports.
It is built to be honest about compliance: automated findings can reveal likely WCAG, ADA, and Section 508 blockers, but they do not prove legal conformance on their own. Access Audit helps organizations prepare better remediation evidence and expert review workflows without pretending software alone can certify accessibility.
- Production app:
https://access-audit-web-production.up.railway.app - Health check:
https://access-audit-web-production.up.railway.app/api/health - Static GitHub Pages demo:
https://subchibeats.github.io/access-audit/
- Dashboard with project scores, open critical issues, scan history, and trend charts.
- Project setup for single URL, bulk URLs, sitemap import, crawl depth, max pages, include/exclude patterns, and safe-crawling controls.
- WCAG 2.2 A/AA primary mode, WCAG 2.1 AA mode, Section 508 mode, and custom mode.
- Playwright Chromium scanner with rendered link discovery, desktop/mobile viewports, screenshots, DOM snapshots, raw axe JSON, and normalized findings.
- axe-core integration plus custom checks for headings, landmarks, skip links, media, PDFs, target size, CAPTCHA flags, and more.
- Keyboard explorer that records focus order, focus visibility risks, likely traps, and focus screenshots.
- Findings workspace with severity/status filters, WCAG mappings, selectors, snippets, reproduction steps, fix guidance, and status tracking.
- Manual POUR review workflow with notes, evidence metadata, assignees, priority, due dates, and remediation status.
- Explainable scoring: risk score, WCAG A/AA pass estimates, blockers, templates affected, manual review completion, and confidence.
- Reports: executive PDF, technical PDF, CSV, raw JSON, remediation checklist, and VPAT/ACR draft support.
- Demo data so reviewers can understand the product immediately.
- Supabase schema and RLS policies for production persistence.
- Static GitHub Pages demo in
/github-pagesso the project has a shareable mobile-friendly live link.
Add screenshots after the first local run:
docs/assets/dashboard.pngdocs/assets/findings.pngdocs/assets/manual-review.pngdocs/assets/report-export.pngdocs/assets/mobile-demo.png
The UI is built with demo data, so these screens are available immediately after pnpm dev.
- Next.js, React, TypeScript
- Tailwind CSS
- Playwright and axe-core
- Zod validation
- Supabase-ready PostgreSQL schema and Auth/RLS model
- Local JSON demo persistence
- Vitest and Playwright tests
pnpm install
pnpm exec playwright install chromium
cp .env.example .env
pnpm devOpen http://localhost:3000.
Local demo data is stored in .access-audit/data.json and artifacts are stored in .access-audit/artifacts.
This repo includes a mobile-friendly static demo that can be hosted directly by GitHub Pages:
https://YOUR_USERNAME.github.io/access-audit/
To publish it:
- Push this repository to GitHub.
- In repository Settings > Pages, set Build and deployment to GitHub Actions.
- Run the
Deploy GitHub Pages Demoworkflow or push tomain.
The GitHub Pages demo supports dashboard review, finding filters, status changes, manual checklist updates, and CSV/JSON exports in the browser. Real Playwright scans, API routes, Supabase Auth, evidence uploads, and PDF generation require the full server deployment.
Deploy the Next.js app to a Node host such as Vercel, Render, Fly.io, Railway, or a container platform. Use Supabase for auth/database/storage and a durable worker queue for Playwright scans. See docs/deployment.md.
Recommended hands-off path:
- Create a Supabase project.
- Connect this GitHub repo to Railway.
- Add a Railway Redis service.
- Deploy one Railway service as
webwithnpm run start:web. - Deploy one Railway service as
workerwithnpm run start:worker. - Paste the Supabase env vars into both services.
The app automatically uses BullMQ when REDIS_URL exists and falls back to an in-process queue for local demo mode.
See .env.example.
Important values:
NEXT_PUBLIC_DEMO_MODE=trueACCESS_AUDIT_ALLOW_PRIVATE_NETWORK=falseACCESS_AUDIT_MAX_PAGES=30ACCESS_AUDIT_SCAN_CONCURRENCY=1ACCESS_AUDIT_RATE_LIMIT_MS=750
Keep .env out of git.
- Create a Supabase project.
- Paste the contents of
outputs/access-audit-supabase-setup.txtinto Supabase SQL Editor. - Click Run and confirm Supabase reports success.
- Enable Supabase Auth providers.
- Create a private storage bucket for evidence and scan artifacts.
- Add environment variables:
NEXT_PUBLIC_SUPABASE_URL=...
NEXT_PUBLIC_SUPABASE_ANON_KEY=...
SUPABASE_SERVICE_ROLE_KEY=...The current app defaults to local JSON persistence. Swap the store implementation with Supabase queries for hosted production.
pnpm lint
pnpm typecheck
pnpm test
pnpm test:e2e
pnpm accessibility:self-checkThe test suite covers scoring, WCAG mappings, SSRF URL validation, scan normalization, dashboard flows, and axe self-checks.
- Open New Scan.
- Add a project URL or bulk list.
- Choose WCAG/ADA/Section 508 mode.
- Configure crawl depth, page limit, rate limit, and include/exclude patterns.
- Confirm you own or have permission to test the site.
- Start the scan from the project page.
- Local demo mode is not a hardened multi-tenant deployment.
- Use isolated scanner workers for production.
- Store credentials in a secret manager.
- Keep private-network scanning disabled except controlled local development.
- Add quotas and audit logs before offering scans to external users.
- Authenticated crawl recipes.
- Component/template fingerprinting improvements.
- Visual focus-order map overlay.
- PDF accessibility analyzer integration.
- Screen reader test protocol templates.
- GitHub issue/Jira export.
git init
git add .
git commit -m "Initial commit: Access Audit"
git branch -M main
git remote add origin git@github.com:YOUR_USERNAME/access-audit.git
git push -u origin mainHTTPS alternative:
git remote add origin https://github.com/YOUR_USERNAME/access-audit.git
git push -u origin mainAdd screenshots/GIFs, enable GitHub Actions, and use topics such as accessibility, wcag, ada-compliance, section508, axe-core, playwright, nextjs, and supabase.
MIT