{"id":30176320,"url":"https://github.com/casoon/auditmysite","last_synced_at":"2026-05-29T10:00:50.798Z","repository":{"id":305281956,"uuid":"1022497729","full_name":"casoon/auditmysite","owner":"casoon","description":"AuditMySite CLI - Lightning-fast WCAG accessibility auditing written in Rust. Real browser testing with Chrome DevTools Protocol, automated compliance checking, and detailed reports.","archived":false,"fork":false,"pushed_at":"2026-05-26T14:22:38.000Z","size":29000,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T16:37:14.035Z","etag":null,"topics":["a11y","accessibility","audit","automation","cargo","cdp","chromium","cli","compliance","developer-tools","rust","testing","wcag","web-development"],"latest_commit_sha":null,"homepage":"https://auditmysite.casoon.dev/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/casoon.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-19T07:43:13.000Z","updated_at":"2026-05-26T14:25:46.000Z","dependencies_parsed_at":"2026-05-10T08:05:00.514Z","dependency_job_id":"e56af660-206e-488f-9e43-86b33d4a55dc","html_url":"https://github.com/casoon/auditmysite","commit_stats":null,"previous_names":["casoon/auditmysite"],"tags_count":113,"template":false,"template_full_name":null,"purl":"pkg:github/casoon/auditmysite","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casoon%2Fauditmysite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casoon%2Fauditmysite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casoon%2Fauditmysite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casoon%2Fauditmysite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/casoon","download_url":"https://codeload.github.com/casoon/auditmysite/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casoon%2Fauditmysite/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33646428,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["a11y","accessibility","audit","automation","cargo","cdp","chromium","cli","compliance","developer-tools","rust","testing","wcag","web-development"],"created_at":"2025-08-12T02:45:18.722Z","updated_at":"2026-05-29T10:00:50.781Z","avatar_url":"https://github.com/casoon.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# auditmysite\n\n\u003e Accessibility audits for real rendered pages, built for CI and modern frontend stacks\n\n[![CI](https://github.com/casoon/auditmysite/actions/workflows/ci.yml/badge.svg)](https://github.com/casoon/auditmysite/actions/workflows/ci.yml)\n[![Release](https://github.com/casoon/auditmysite/actions/workflows/release.yml/badge.svg)](https://github.com/casoon/auditmysite/actions/workflows/release.yml)\n[![Rust](https://img.shields.io/badge/rust-1.75%2B-orange.svg)](https://www.rust-lang.org/)\n[![License](https://img.shields.io/badge/license-BSL--1.1-blue.svg)](LICENSE)\n\n## Overview\n\n`auditmysite` is a Rust CLI that audits accessibility against fully rendered pages in Chrome. Instead of scanning raw HTML only, it uses Chrome DevTools Protocol (CDP) and the browser's native Accessibility Tree, so it can evaluate dynamic DOM, computed styles, and JavaScript-heavy applications more realistically.\n\nIt is designed for teams that want a fast local check, stable JSON for automation, and a single binary that can be dropped into CI.\n\n## Why use it\n\n- Real browser signals instead of static guesses\n- Works for single pages, sitemaps, URL lists, and same-domain crawl discovery\n- Outputs as terminal table, JSON, PDF, AI-optimized task list, or compact summary JSON for dashboards\n- JSON output is schema-backed and tested for release stability\n- Ships as a Rust binary instead of a Node-based toolchain\n\n## Why this approach\n\nMost accessibility CLIs either depend on static parsing or require a heavier runtime stack around browser automation. `auditmysite` is opinionated in a different direction:\n\n- Chrome-native accessibility data first\n- CLI-first workflow for local use and CI\n- Small operational surface: install a binary, point it at a URL, get a report\n- Optional modules for performance, SEO, security, and mobile without changing tools\n\n## Quick Example\n\n```bash\nauditmysite https://example.com\n```\n\nBy default, a single URL audit runs the full analysis set, prints a compact terminal summary, and writes report artifacts into the current working directory:\n\n- `./example-com-YYYY-MM-DD-single-report.pdf`\n- `./example-com-YYYY-MM-DD-single-report.json`\n- `./example-com-YYYY-MM-DD-single-report-screen-reader-audit.json`\n\nFor CI or machine-readable output:\n\n```bash\nauditmysite https://example.com -f json -o report.json --quiet\n```\n\n## Install\n\n### curl installer (macOS/Linux)\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/casoon/auditmysite/main/install.sh | bash\n```\n\nThe installer downloads the latest GitHub Release asset for your platform and verifies it against the published `.sha256` checksum before installing it.\n\n**Upgrading:** run the same command again. The installer detects where your current binary lives and replaces it in place — no PATH conflicts, no leftover old version.\n\n\u003e **Note:** If you previously installed via `cargo install auditmysite`, remove that binary first so the script installs to the right location:\n\u003e ```bash\n\u003e rm ~/.cargo/bin/auditmysite\n\u003e curl -fsSL https://raw.githubusercontent.com/casoon/auditmysite/main/install.sh | bash\n\u003e ```\n\nVerify the installation:\n\n```bash\nauditmysite --version\nauditmysite --help\nauditmysite https://example.com\n```\n\nThat default command writes report artifacts into the current directory, for example:\n\n- `./example-com-YYYY-MM-DD-single-report.pdf`\n- `./example-com-YYYY-MM-DD-single-report.json`\n- `./example-com-YYYY-MM-DD-single-report-screen-reader-audit.json`\n\n### cargo install (crates.io)\n\n```bash\ncargo install auditmysite\n```\n\nRequires Rust 1.75+. Builds and installs the binary from source.\n\n### Prebuilt binaries\n\nDownload from [Releases](https://github.com/casoon/auditmysite/releases).\n\n- macOS/Linux: `.tar.gz`\n- Windows: `.zip`\n\n### Build from source\n\n```bash\ngit clone https://github.com/casoon/auditmysite.git\ncd auditmysite\ncargo build --release\n./target/release/auditmysite --version\n```\n\n**Optional Cargo features:**\n\n| Feature | What it adds | Build command |\n|---------|-------------|---------------|\n| `pdf` | PDF report generation via the `renderreport`/Typst engine | `cargo build --release --features pdf` |\n| `pdf_test` | PDF rendering integration tests | `cargo test --features pdf_test` |\n| `semantic-eval` | Fastembed local embedding for semantic link-text analysis (requires `--semantic-eval` flag at runtime) | `cargo build --release --features semantic-eval` |\n\n## Requirements\n\n- Rust 1.75+ for local builds\n- Chrome, Chromium, or a managed browser install (`auditmysite browser install`)\n- macOS, Linux, or Windows for released binaries\n\n`auditmysite` requires a browser to be present at run time. It does **not** download or install one automatically — it reports an error and exits if none is found. To install a managed Chrome for Testing into `~/.auditmysite/browsers/`:\n\n```bash\nauditmysite browser detect   # show what's found\nauditmysite browser install  # download Chrome for Testing (opt-in)\n```\n\n## Quick Start\n\nThe fastest way to validate your setup:\n\n```bash\nauditmysite https://example.com\n```\n\nThat creates the default report set in the current directory. For machine-readable output only:\n\n```bash\nauditmysite https://example.com -f json -o report.json\n```\n\n### Single page\n\n```bash\n# default: full audit + terminal summary + PDF/JSON in current directory\nauditmysite https://example.com\n\n# JSON\nauditmysite https://example.com -f json -o report.json\n\n# PDF with explicit path\nauditmysite https://example.com -f pdf -o report.pdf\n\n# stricter WCAG level\nauditmysite https://example.com -l AAA\n```\n\n### Batch audits\n\n```bash\n# explicit sitemap\nauditmysite --sitemap https://example.com/sitemap.xml\n\n# crawl from a base URL and discover same-domain pages automatically\nauditmysite https://example.com --crawl --crawl-depth 2\n\n# base URL: probe robots.txt / common sitemap locations first\nauditmysite https://example.com\n\n# prefer sitemap automatically if one is found\nauditmysite https://example.com --prefer-sitemap\n\n# suppress sitemap suggestion and stay on the single page\nauditmysite https://example.com --no-sitemap-suggest\n\n# URL file\nauditmysite --url-file urls.txt\n\n# per-page reports: scan a list/sitemap but write one PDF per URL instead of an aggregated batch report\nauditmysite --url-file urls.txt --per-page-reports --output reports/per-page/\nauditmysite --sitemap https://example.com/sitemap.xml --per-page-reports --output reports/per-page/\n```\n\n### Browser selection\n\n```bash\nauditmysite --browser-path /path/to/chrome https://example.com\n```\n\n## CLI\n\n```text\nauditmysite [OPTIONS] [URL] [COMMAND]\n```\n\nPrimary commands:\n- `auditmysite \u003curl\u003e`: run a full single-page audit and write PDF/JSON into the current directory\n- `auditmysite --sitemap \u003curl\u003e`: audit sitemap URLs\n- `auditmysite --url-file \u003cfile\u003e`: audit URLs from file\n- `auditmysite \u003curl\u003e --crawl`: discover same-domain pages from a seed URL and audit them as a batch\n- `auditmysite browser detect`: show available browsers\n- `auditmysite browser install`: download and install Chrome for Testing into `~/.auditmysite/browsers/` (opt-in, never automatic)\n- `auditmysite doctor`: run local diagnostics\n\nUseful flags:\n- `--prefer-sitemap`: if a sitemap is detected for a base URL, switch directly into batch mode\n- `--no-sitemap-suggest`: suppress sitemap probing/suggestion and keep the run on the single URL\n- `--crawl-depth \u003cn\u003e`: limit same-domain crawl discovery depth when using `--crawl`\n- `--per-page-reports`: scan a URL list or sitemap but write one individual report per URL instead of an aggregated batch report; `-o` is treated as a target directory\n- `--lang \u003cde|en\u003e`: set the language for PDF reports (default: `de`)\n- `--stack`: enable tech stack detection and stack-specific security probes (included automatically with `--full`)\n- `--interactive \u003coff|basic|full\u003e`: control the Accessibility Journey Layer for interactive checks — tab walk, skip-link, modal focus trap, SPA navigation, form-error announcement, link-text inventory (default: `full`; use `off` for fastest runs)\n\nFor the full current interface, use:\n\n```bash\nauditmysite --help\nauditmysite browser --help\n```\n\n## Output Contract\n\nJSON output is treated as an automation contract.\n\n- Contract documentation: [docs/OUTPUT_CONTRACT.md](docs/OUTPUT_CONTRACT.md)\n- Single report schema: [docs/json-report.schema.json](docs/json-report.schema.json)\n- Batch report schema: [docs/json-batch-report.schema.json](docs/json-batch-report.schema.json)\n\nKey top-level fields in a single-page report:\n- `findings` — static WCAG violations and SEO findings\n- `interactive_findings` — journey-phase results (link texts, landmarks, heading outline, focus order, modal traps …); present when `--interactive basic|full` was used\n- `accessibility_journey` — structured trace of each journey (steps, snapshots, durations); present when `--interactive basic|full` was used\n- `advisory_findings` — semantic AI evaluation results (fastembed + Mistral); present when `--semantic-eval` was used; explicitly advisory, never affects score or risk\n\nThe repository validates these contracts in automated tests.\n\n## Feature Scope\n\n### WCAG rules (Level A and AA)\n\nCore rules:\n- Non-text content (1.1.1)\n- Keyboard access (2.1.1)\n- Bypass blocks (2.4.1)\n- Language of page (3.1.1)\n- Name, role, value / form labeling (4.1.2)\n- Contrast minimum (1.4.3) and non-text contrast (1.4.11)\n- Headings and labels (2.4.6)\n- Labels or instructions (3.3.2)\n- Focus order (2.4.3) and focus visible (2.4.7)\n- Label in name (2.5.3)\n\nARIA and semantics:\n- ARIA role validation — invalid roles, required owned elements, required context\n- ARIA attribute checks — allowed attributes per role, required attributes, prohibited attributes\n- Accessible name checks — icon-only controls, empty aria-labelledby/describedby, name/description conflicts, naming by role type (command, input, meter, progressbar, toggle, dialog, treeitem)\n- ARIA relationship checks — aria-controls, aria-owns, aria-activedescendant, duplicate IDs\n- Landmark structure — main, navigation, banner, contentinfo (presence, uniqueness, top-level nesting, no-duplicate for banner/contentinfo/main, required parent for landmarks)\n- Content in landmarks — region rule ensuring body content lives inside landmark regions\n- Table rules — caption/name, header cells, presentational tables, cell placement\n- Form rules — fieldset/legend for grouped controls, required field indication, error description, label-title-only detection\n- List structure — listitem context, empty lists, definition list integrity\n- Dialog rules — accessible name, aria-modal, alert region labeling\n- Widget rules — tab/tabpanel pairing, selected state, combobox options, slider value, tree context, summary element naming\n- Media rules — application and image-role elements without accessible names\n- SVG rules — SVG image accessible names\n- Server-side image maps — detection and flagging\n- Meta viewport — large maximum-scale restrictions\n\n95+ rules with stable `rule_id`, `tags` (e.g. `wcag2a`, `wcag412`, `cat.aria`), and an `impact` field (`critical` / `serious` / `moderate` / `minor`).\n\nSome criteria (keyboard trap behavior, timed content, captions) cannot be reliably verified by automated means. These are flagged as `not_testable` in the JSON output and listed in the report's audit scope section as requiring manual review.\n\nAAA is not fully implemented yet.\n\n### Additional modules\n\nModules are classified as **measured** (based on real browser data) or **heuristic** (structural-signal estimates, marked with `~` in reports).\n\nMeasured:\n- Performance: Core Web Vitals (FCP, LCP, TBT, CLS) and technical complexity (DOM size, render blocking, resource loading)\n- SEO: meta tags, headings, structured data, content profile, tracking/external services signals\n- Security: HTTPS, header checks, and CDN/WAF protection detection\n- Mobile: viewport, touch-target, readability checks, UX heuristics (cookie-banner, modal/overlay, CTA detection)\n\nHeuristic (indicator scores — tendency, not measurements):\n- UX: 5-dimension analysis (CTA clarity, visual hierarchy, content clarity, trust signals, cognitive load) with saturation curve scoring\n- Journey: user-flow analysis (entry clarity, orientation, navigation, interaction, conversion) with page-intent-aware weighting\n- AI Visibility: structural readiness for LLM indexing and citation (readability, citability, structured data, AI policy, chunk quality)\n- Source Quality: code hygiene signals (inline styles, deprecated elements, semantic structure, asset hygiene)\n- Dark Mode: detects dark mode support via `prefers-color-scheme` media queries and CSS custom properties\n- Tech Stack: detects CMS and frameworks (WordPress, Drupal, Joomla, Next.js, Astro, React, Vue, etc.) via in-page signals and runs stack-specific security probes (admin panel exposure, user enumeration, version disclosure)\n\n### Accessibility Journey Layer\n\nInteractive checks run a real browser session after the static AXTree phase. They run in `full` mode by default and can be reduced via `--interactive \u003coff|basic|full\u003e` or `mode` in `auditmysite.toml`.\n\n| Mode | What runs |\n|------|-----------|\n| `off` | No interactive phase — fastest, no browser interaction after initial load |\n| `basic` | Tab-walk (focus order, reverse jumps), skip-link verification, disclosure/accordion, modal focus trap, tab-list, menu journey |\n| `full` (default) | Everything in `basic`, plus: SPA-navigation detection, form-error announcement, link-text inventory (generic/duplicate texts, heading outline, landmark structure) |\n\nResults appear in `interactive_findings` and `accessibility_journey` in the JSON output. They do not affect the accessibility score or `legal_flags`; critical interactive findings can raise the risk level.\n\n**`auditmysite.toml` configuration:**\n\n```toml\n[interactive]\nmode = \"full\"             # off | basic | full\njourney_budget_ms = 8000  # wall-clock budget per URL in milliseconds (default: 6000)\n```\n\n### Risk assessment\n\nRisk level is computed independently from the score. A page scoring 81 can still carry \"Critical\" risk if it has Level A violations relevant under BFSG/EAA. Risk levels: Low, Medium, High, Critical — based on critical/high violations, legal flags, and blocking issues (4.1.2/2.1.1).\n\n### Configuration file\n\n`auditmysite.toml` is an optional project-level config file placed in the working directory. It supports `[audit]`, `[rules]`, `[interactive]`, `[semantic_eval]`, `[thresholds]`, and `[budget]` sections.\n\n\u003e **Security note:** If you store API keys (e.g. `mistral_api_key`) in `auditmysite.toml`, add the file to `.gitignore` to avoid accidentally committing secrets:\n\u003e ```\n\u003e echo \"auditmysite.toml\" \u003e\u003e .gitignore\n\u003e ```\n\n### Rule configuration\n\nRules can be selectively disabled or filtered via `auditmysite.toml`:\n\n```toml\n[rules]\ndisabled = [\"heading-order\", \"landmark-one-main\"]\n# enabled_only = [\"image-alt\", \"label\"]  # run only these rules\n```\n\n### Semantic AI evaluation\n\nAdds a semantic layer on top of the static and interactive checks. Two providers run when `--semantic-eval` is set:\n\n- **Fastembed** (local, no API key): embeds link texts using a multilingual model (`MultilingualE5Small`) and flags links that are semantically similar to known generic patterns (\"Mehr erfahren\", \"Read more\", …) — catches variations that string matching misses. Requires the `semantic-eval` Cargo feature: `cargo build --features semantic-eval`.\n- **Mistral** (API, optional): evaluates heading-outline plausibility and produces a brief \"blind user perspective\" for the page. Requires a Mistral API key.\n\nResults appear in `advisory_findings` in the JSON output. They are explicitly advisory — they never influence the accessibility score or risk level.\n\n**Usage:**\n\n```bash\n# Fastembed only (local, no key needed)\nauditmysite https://example.com --semantic-eval\n\n# Fastembed + Mistral via environment variable\nMISTRAL_API_KEY=sk-... auditmysite https://example.com --semantic-eval\n```\n\n**`auditmysite.toml` configuration:**\n\n```toml\n[semantic_eval]\nenabled = true\nmistral_model = \"mistral-small-latest\"   # or \"open-mistral-nemo\", \"mistral-medium-latest\"\nsimilarity_threshold = 0.62              # fastembed cosine threshold (0.0–1.0)\n\n# API key — omit this field and use the MISTRAL_API_KEY env var instead\n# to avoid storing secrets in a file that might be committed.\n# mistral_api_key = \"sk-...\"\n```\n\nKey priority: `MISTRAL_API_KEY` environment variable \u003e `mistral_api_key` in `auditmysite.toml` \u003e Mistral skipped (only Fastembed runs).\n\n\u003e **Security note:** If you add `mistral_api_key` to `auditmysite.toml`, make sure the file is listed in `.gitignore`.\n\n### AI / LLM output format\n\nExport findings as a task-oriented JSON list for direct LLM processing:\n\n```bash\nauditmysite https://example.com -f ai -o findings.json\n```\n\nEach entry is a task object with `task_id`, `rule_id`, `impact`, `wcag`, `tags`, `title`, `issue`, `fix`, `selector`, `node_id`, and `help_url` — sorted by impact severity. Suitable for direct use as context in AI-assisted code remediation.\n\n### Baseline and CI diff\n\nSave a baseline snapshot and compare future runs against it:\n\n```bash\n# Save baseline\nauditmysite https://example.com -f json -o baseline.json\n\n# Future CI runs can diff against the baseline programmatically via the Rust API\n```\n\nThe `Baseline` type in the `audit` module supports `from_violations`, `diff`, `load`, and `save`.\n\n## Report Modes\n\nSingle-page reports and sitemap/batch reports are intentionally different.\n\n**Single-page report** is structured in two layers:\n- Top (decision layer): hero block with score + risk level, top 3 problems, next 3 steps, overall assessment (UX/Accessibility, Technik/Sicherheit, SEO)\n- Bottom (implementation layer): task block (\"Was jetzt tun?\" with role, effort, impact, priority), module overview, key findings, technical implementation details, detailed metrics\n\n**Sitemap/batch report** is aggregated and domain-wide: averages, ranking, recurring issues, URL matrix, near-duplicate content, broken links, crawl diagnostics.\n\nBatch reports are not a stack of single-page reports.\n\n## Compared to typical setups\n\n- Better fit for JavaScript-heavy sites than static HTML-only checks\n- Easier to distribute than a multi-package browser toolchain\n- More automation-friendly than ad hoc console output because the JSON contract is explicit and tested\n- Broader reporting surface than a pure accessibility-only checker when you also want performance, SEO, security, and mobile signals\n- Violations carry stable `rule_id`, `tags`, and `impact` — easier to integrate with existing tooling or dashboards\n\n### Screen Reader Audit vs. axe-core / Pa11y\n\nStandard accessibility checkers verify individual rules in isolation. `auditmysite` additionally simulates the sequential experience of a screen reader user navigating the page — detecting problems that only emerge in context.\n\n| Capability | axe-core | Pa11y | auditmysite |\n|---|---|---|---|\n| Rule-based WCAG checks | ✓ | ✓ | ✓ |\n| Reading sequence simulation | — | — | ✓ |\n| Out-of-context link text analysis (duplicate \"Read more\" × 8) | — | — | ✓ |\n| Accessible name quality score (not just present/absent) | — | — | ✓ |\n| Landmark navigation strategy (can a SR user reach main content?) | — | — | ✓ |\n| BFSG / EN 301 549 legal mapping per finding | — | — | ✓ |\n\nWhen the screen reader module runs, a JSON sidecar is written automatically next to the primary report:\n\n```\nexample-com-YYYY-MM-DD-single-report.pdf\nexample-com-YYYY-MM-DD-single-report-screen-reader-audit.json  ← automatic sidecar\n```\n\nThe sidecar shows exactly what a screen reader would announce, node by node, including which announcements are ambiguous or missing — suitable as a developer reference and as evidence for BFSG compliance audits. No extra flag is required; the file is created whenever screen reader data is available in the audit result.\n\n## Typical Workflows\n\nExamples grouped by audience and goal.\n\n### Customer-facing report (PDF)\n\nSingle-URL audit with full module coverage and a custom logo on the cover.\n\n```bash\n# default: writes a PDF + JSON sidecar to the current directory\nauditmysite https://example.com --full\n\n# explicit branding and output path\nauditmysite https://example.com --full --logo ./assets/customer-logo.svg --output reports/customer.pdf\n\n# pick a report depth: executive (management), standard (default), technical (developers)\nauditmysite https://example.com --full --report-level executive --output reports/exec.pdf\n\n# PDF language (default: de)\nauditmysite https://example.com --full --lang en --output reports/report-en.pdf\n```\n\n### CI / automation (JSON)\n\nQuiet, machine-readable output for pipelines.\n\n```bash\n# exit code follows score thresholds; JSON report for downstream tooling\nauditmysite https://example.com -f json -o report.json --quiet\n\n# batch CI run on a sitemap\nauditmysite --sitemap https://example.com/sitemap.xml -f json -o sitemap-report.json --quiet\n```\n\n### AI fix list\n\nCompact, agent-friendly output that focuses on actionable fixes.\n\n```bash\nauditmysite https://example.com -f ai -o fixes.json\n```\n\n### Dashboard / ranking feed\n\nCompact summary JSON with score, grade, medal, issue counts, and top 10 findings — matches the `lastAudit` schema used by dashboard tools.\n\n```bash\nauditmysite https://example.com -f summary -o summary.json\n```\n\n### Sitemap / batch\n\nDomain-wide audits with cross-page aggregation.\n\n```bash\n# explicit sitemap\nauditmysite --sitemap https://example.com/sitemap.xml --full\n\n# crawl from a base URL\nauditmysite https://example.com --crawl --crawl-depth 2 --max-pages 50 --full\n\n# URL list from file\nauditmysite --url-file urls.txt --full\n\n# one PDF per URL instead of an aggregated batch report\nauditmysite --sitemap https://example.com/sitemap.xml --per-page-reports --output reports/per-page/\n```\n\n### Local development\n\n```bash\n# audit a local dev server with a system Chrome\nauditmysite https://localhost:3000 --browser-path /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome\n\n# quick CLI summary without writing files\nauditmysite https://example.com --format table\n```\n\n### Base URL with sitemap suggestion\n\n```bash\n# interactive: ask first if a sitemap is found\nauditmysite https://example.com\n\n# non-interactive: switch directly to sitemap mode\nauditmysite https://example.com --prefer-sitemap\n\n# stay on the single URL even when a sitemap exists\nauditmysite https://example.com --no-sitemap-suggest\n```\n\n## Architecture\n\n```text\nCLI -\u003e Browser Manager -\u003e Chrome/CDP -\u003e Accessibility Tree -\u003e WCAG Engine -\u003e Output\n```\n\nKey layers:\n- `browser/`: browser detection, resolution, explicit install (`browser install` command only — no auto-download), lifecycle, pooling\n- `audit/`: pipeline, normalization, scoring, batch processing\n- `wcag/`: rule engine and violations\n- `output/`: CLI, JSON, PDF, AI, summary format\n- `seo/`, `security/`, `performance/`, `mobile/`, `ux/`, `journey/`: optional analysis modules\n- `tech_stack/`, `source_quality/`, `ai_visibility/`, `dark_mode/`: heuristic indicator modules\n\nMore detail:\n- Current implementation: [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md)\n- Browser dependency details: [docs/chrome-dependency.md](docs/chrome-dependency.md)\n- Troubleshooting: [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md)\n\n## Development\n\n### Setup\n\n```bash\ngit clone https://github.com/casoon/auditmysite.git\ncd auditmysite\ncargo test\ncargo build --release\n./target/release/auditmysite https://example.com\n```\n\n### Pre-commit checks\n\nThis repository uses Git hooks with a fast local `pre-commit` gate and a full `pre-push` gate.\n\n`pre-commit` runs:\n\n- `nosecrets` on staged changes\n- `cargo fmt -- --check`\n- `cargo clippy --lib --bins --all-features -- -D warnings`\n\n`pre-push` runs:\n\n- `scripts/check-version-match.sh` for pushed `v*` tags\n- `cargo clippy --all-targets --all-features -- -D warnings`\n- `cargo test`\n\nEnable the repo hook path:\n\n```bash\ngit config core.hooksPath .githooks\n```\n\nInstall `nosecrets` as a real binary first:\n\n```bash\nnpm install -g @casoon/nosecrets\n# or\ncargo install nosecrets-cli\n```\n\nSkip the Rust checks only when you intentionally need to bypass them:\n\n```bash\nSKIP_RUST_CHECKS=1 git commit -m \"...\"\n```\n\nThe hook expects `nosecrets` to be available in `PATH`.\n\n### Debugging report content (hidden `--debug-typ`)\n\nPDF reports are rendered through the `renderreport`/Typst engine. To review report\n**completeness and wording** without opening the binary PDF, use the hidden\n`--debug-typ` flag together with `--format pdf`. It writes the intermediate Typst\nsource as a `.typ` sidecar next to the PDF, for both single and batch reports:\n\n```bash\n# Single report → reports/example-audit.pdf + reports/example-audit.typ\n./target/release/auditmysite https://example.com --full --format pdf \\\n  --output reports/example-audit.pdf --debug-typ\n\n# Batch report → reports/example-batch.pdf + reports/example-batch.typ\n./target/release/auditmysite --sitemap https://example.com/sitemap.xml --full \\\n  --format pdf --output reports/example-batch.pdf --debug-typ\n```\n\nThe `.typ` file is plain text and diff-friendly — useful for checking which audits\nland in the report and reviewing the exact wording of every section. The flag is\nintentionally hidden from `--help` (developer/debug use only).\n\n### Release checks\n\nRun the local release gate with:\n\n```bash\n./scripts/release-check.sh\n```\n\nIt validates:\n- `cargo test`\n- ignored browser integration tests\n- builds with and without PDF\n- current `--help` output\n- JSON contract tests\n- installer/release artifact consistency\n- stale docs references\n\n## Troubleshooting\n\n- Browser not found: run `auditmysite browser detect` or install a managed browser with `auditmysite browser install`\n- Running in Docker or as root: use `--no-sandbox`\n- Need raw output for scripts: prefer `-f json -o report.json`\n- Unsure about the full CLI surface: run `auditmysite --help`\n\n## Contributing\n\n## Library / Development\n\nFor library development or local work from the repository:\n\n```bash\ncargo build\ncargo test\n```\n\nIf you want the current local repository state as an installed binary while developing:\n\n```bash\ncargo install --path . --force\n```\n\nContributions are welcome. At minimum before opening a PR:\n\n```bash\ncargo test\n./scripts/release-check.sh\n```\n\n## License\n\n`auditmysite` is source available under the Business Source License 1.1\n(`BUSL-1.1`). You may view, copy, modify, redistribute, and make non-production\nuse of the source code. Limited internal production use is permitted under the\nAdditional Use Grant in [LICENSE](LICENSE).\n\nCommercial SaaS rehosting, paid third-party audit services based on the\nLicensed Work, and use for AI training, embeddings, dataset generation,\nautomated code ingestion, or other machine learning usage require a separate\ncommercial license from Casoon.\n\nEach version automatically converts to the Apache License, Version 2.0 on its\nChange Date. For version 0.26.0, the Change Date is 2030-05-21. Older versions\nreleased under AGPL-3.0-or-later remain under their original license terms.\n\n## Credits\n\n- Browser automation via [chromiumoxide](https://github.com/mattsse/chromiumoxide)\n- PDF reports via [renderreport](https://github.com/casoon/renderreport)\n- WCAG reference material from [W3C](https://www.w3.org/WAI/WCAG21/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasoon%2Fauditmysite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcasoon%2Fauditmysite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasoon%2Fauditmysite/lists"}