Merge pull request #20 from meticulous/claude/1.1.0-rich-audit-output

1.1.0: inline suggestions + ASCII styling across all detectors

Author: jathayde

CHANGELOG.md

@@ -6,6 +6,57 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ## [Unreleased]
 
+## [1.1.0] - 2026-05-11
+
+Report-UX overhaul. The pre-1.1.0 audit output told you *what* it found but not *what to do about it* — suggestions only fired under `SUGGEST=1` (markdown file), and the inline text dump was a wall of categorical findings that took insider knowledge to triage. 1.1.0 inverts that: every finding now carries its own inline action; a top-of-report summary surfaces the shape of the work before you read details.
+
+No detector logic changes. Same 461 examples preserved, plus 35 new ones for the formatting work (496 total).
+
+### Added
+
+- **Top-of-report triage summary.** The audit now prints a severity-grouped rollup before any per-detector detail: errors first, then warnings, then suggestions; counts per category; auto-fix availability flagged inline; action hints for suggestions. Tells you in one glance what to triage vs. what's a refactor backlog item.
+
+- **Per-finding inline suggestions on every detector.** Every line in every detector's output now carries a `→` arrow with the action it implies. The `cross-codebase pattern: table(thead(...),tbody)` you previously had to interpret now reads with a literal "consider extracting into a shared partial" right next to it. `raw_color #0066ff` and `tailwind_arbitrary bg-[#fa3]` additionally surface the matched token inline when one exists in your `colors_file` — no need for `SUGGEST=1` to know what to replace each with.
+
+- **Framing intros per detector section.** Each category prints a 2-3 line paragraph before its findings that names what the rule catches and what action it implies. New users no longer need to learn the detector taxonomy by reverse-engineering the output.
+
+- **Severity tagging.** Every finding line is prefixed with `[error]` / `[warning]` / `[suggest]`. Easy to grep, easy to skim, easy to filter visually.
+
+- **ASCII styling with TTY auto-detection.** Output is colored when piped to a real terminal; plain text when piped to a file or `tee`. Respects `NO_COLOR=1` per the [no-color.org convention](https://no-color.org/). Box-drawing characters in the summary header degrade to ASCII (`+ - |`) when colors are off.
+
+- **`Guardrails::Report::Style`** module (~120 lines) — colorize, severity tagging, location dimming, box-drawing. Self-contained and unit-tested (20 specs).
+
+- **`Guardrails::Report::Summary`** class (~100 lines) — builds the top-of-report rollup from an `Entry` list contributed by each detector. Tested independently (13 specs) so new detectors only have to register an Entry to surface in the summary.
+
+### Severity assignments
+
+Each detector type carries an implicit severity that drives both summary grouping and per-line tagging:
+
+| Severity | Detectors |
+|---|---|
+| `error` | `raw_color`, `tailwind_arbitrary`, all 4 static `a11y` rules (`image_alt`, `button_name`, `link_name`, `input_label`), `visual_diff` (any mismatch above threshold) |
+| `warning` | `inline_style`, `helper_recommended`, `stimulus orphaned`, `stimulus dead`, `missing previews`, `orphan slots` |
+| `suggestion` | `similar partials`, `cross-codebase patterns`, `class-itis` |
+
+**`a11y_deep` is a special case:** its section heading is fixed (rendered as a single banner), but each finding is tagged at a severity derived from axe-core's `impact` field — `critical` and `serious` become `error`, `moderate` becomes `warning`, `minor` becomes `suggestion`. So a single `a11y_deep` section can contain a mix of severity tags. The summary entry for the section uses the strictest impact present (default: `:error` if any are present) so the rollup over-counts toward urgency rather than under-counts.
+
+This isn't yet exposed as a configurable filter (e.g. `SEVERITY=error` to mute suggestions) — see follow-ups below.
+
+### Unchanged
+
+- **JSON output (`FORMAT=json`)** has no ANSI codes and no styling; the JSON payload's shape is unchanged from 1.0.0.
+- **`SUGGEST=1` markdown writer** still produces `doc/guardrails-suggestions-{TIMESTAMP}.md` for users who want a per-finding markdown checklist they can paste into a PR description or issue.
+- **Exit codes** unchanged: any error or warning bumps to exit 1; suggestions don't.
+
+### Known follow-ups (not in 1.1.0)
+
+- **`SEVERITY=error`** env knob to mute warning/suggestion sections + their contribution to the exit code, for CI gates that only want to fail on errors.
+- **File-grouped view** as an alternative to category-grouped — sometimes more actionable when you're working through one file at a time.
+- **Per-finding markdown export** alongside the existing checklist, so suggestions can sync into a GitHub issue or PR comment per category.
+- **Lookbook panel finding density** — the auto-registered panel could surface findings in the new format too, currently still uses the older.
+
+[1.1.0]: https://github.com/meticulous/guardrails/releases/tag/v1.1.0
+
 ## [1.0.0] - 2026-05-11
 
 First release published to [RubyGems.org](https://rubygems.org/gems/ui_guardrails). The `1.0` jump from `0.8.0` recognizes that:

lib/guardrails/a11y_audit.rb

@@ -3,6 +3,7 @@
 require "pathname"
 require "set"
 require_relative "erb_parser"
+require_relative "report/style"
 
 module Guardrails
   # Static a11y checks that don't require a browser — element-level rules
@@ -23,9 +24,17 @@ def to_h
 
     NON_INTERACTIVE_INPUT_TYPES = %w[hidden submit button reset image].freeze
 
-    def initialize(root:, output: $stdout)
+    SUGGESTION_FOR_RULE = {
+      "image_alt" => "add an alt attribute (or alt=\"\" if decorative)",
+      "button_name" => "add text, aria-label, or aria-labelledby",
+      "link_name" => "add link text, aria-label, or aria-labelledby",
+      "input_label" => "add aria-label, aria-labelledby, or a matching <label for=...>"
+    }.freeze
+
+    def initialize(root:, output: $stdout, style: nil)
       @root = Pathname(root)
       @output = output
+      @style = style || Report::Style.new(io: output)
     end
 
     def run
@@ -237,12 +246,19 @@ def build_finding(rule, node, file, lines)
     def print_report(findings)
       return if findings.empty?
 
-      @output.puts ""
       noun = findings.length == 1 ? "issue" : "issues"
-      @output.puts "Guardrails a11y: #{findings.length} static #{noun} found"
+      @output.puts ""
+      @output.puts @style.section_heading(:error, "a11y (#{findings.length} static #{noun})")
+      @output.puts "  Element-level a11y rules answerable from view source — missing alt text,"
+      @output.puts "  unnamed buttons, unlabeled inputs, link without name. Full WCAG coverage"
+      @output.puts "  needs runtime checks; layer axe-core via AXE_JSON= for that."
+
       findings.each do |f|
-        @output.puts "  [#{f.rule}] #{f.file}:#{f.line}:#{f.column}"
-        @output.puts "    #{f.snippet}"
+        @output.puts ""
+        @output.puts "  #{@style.severity(:error, "#{f.rule}: #{f.snippet.to_s[0, 60]}")}"
+        suggestion = SUGGESTION_FOR_RULE[f.rule.to_s]
+        @output.puts "    #{@style.suggestion(suggestion)}" if suggestion
+        @output.puts "    #{@style.location("#{f.file}:#{f.line}:#{f.column}")}"
       end
     end
   end

lib/guardrails/a11y_deep.rb

@@ -3,6 +3,7 @@
 require "json"
 require "pathname"
 require "set"
+require_relative "report/style"
 
 module Guardrails
   # Consumes axe-core JSON output and folds the findings into Guardrails'
@@ -37,10 +38,11 @@ def to_h
     # `failing_impacts:` if your rule pack emits custom severities.
     DEFAULT_FAILING_IMPACTS = %w[minor moderate serious critical].freeze
 
-    def initialize(input:, output: $stdout, failing_impacts: DEFAULT_FAILING_IMPACTS)
+    def initialize(input:, output: $stdout, failing_impacts: DEFAULT_FAILING_IMPACTS, style: nil)
       @input = input
       @output = output
       @failing_impacts = Set.new(failing_impacts.map(&:to_s))
+      @style = style || Report::Style.new(io: output)
     end
 
     def run
@@ -101,19 +103,38 @@ def print_report(findings)
       return if findings.empty?
 
       grouped = findings.group_by(&:url)
+      noun = findings.length == 1 ? "finding" : "findings"
+
       @output.puts ""
-      @output.puts "Guardrails a11y (deep): #{findings.length} finding#{'s' if findings.length != 1} from axe-core"
+      @output.puts @style.section_heading(
+        :error,
+        "a11y deep (#{findings.length} #{noun} from axe-core)"
+      )
+      @output.puts "  Runtime accessibility issues axe-core caught against your live pages."
+      @output.puts "  Each links to dequeuniversity.com for the canonical remediation."
 
       grouped.each do |url, page_findings|
         @output.puts ""
-        @output.puts "  #{url || '(no url)'}"
+        @output.puts "  #{@style.location(url || '(no url)')}"
         page_findings.each do |f|
-          impact_label = f.impact ? "[#{f.impact}]" : "[unknown]"
-          selector = f.selector ? " (#{f.selector})" : ""
-          @output.puts "    #{impact_label} #{f.rule} — #{f.description}#{selector}"
-          @output.puts "      #{f.help_url}" if f.help_url
+          severity = impact_to_severity(f.impact)
+          impact_label = f.impact ? f.impact.to_s : "unknown"
+          selector_part = f.selector ? " (#{f.selector})" : ""
+          @output.puts "    #{@style.severity(severity, "[#{impact_label}] #{f.rule}: #{f.description}#{selector_part}")}"
+          @output.puts "      #{@style.suggestion("see #{f.help_url}")}" if f.help_url
         end
       end
     end
+
+    # Map axe-core's impact levels onto the report's three severities
+    # so they color-code consistently with static a11y findings.
+    def impact_to_severity(impact)
+      case impact.to_s
+      when "critical", "serious" then :error
+      when "moderate" then :warning
+      when "minor" then :suggestion
+      else :warning
+      end
+    end
   end
 end

lib/guardrails/audit.rb

@@ -5,6 +5,7 @@
 require "stringio"
 require "yaml"
 require_relative "erb_parser"
+require_relative "report/style"
 
 module Guardrails
   class Audit
@@ -69,13 +70,14 @@ class Audit
       flood-color lighting-color stop-color
     ].freeze
 
-    def initialize(root:, output: $stdout, suggest: false, format: :text, apply: false)
+    def initialize(root:, output: $stdout, suggest: false, format: :text, apply: false, style: nil)
       @root = Pathname(root)
       @output = output
       @suggest = suggest
       @format = format
       @apply = apply
       @config = load_audit_config
+      @style = style
     end
 
     def run
@@ -445,18 +447,170 @@ def print_report(violations)
 
     def print_text(violations)
       if violations.empty?
-        @output.puts "Guardrails audit: no violations found."
+        @output.puts ""
+        @output.puts "#{style.colorize("✓", :green)} Guardrails audit: no violations found."
         return
       end
 
-      noun = violations.length == 1 ? "violation" : "violations"
-      @output.puts "Guardrails audit: #{violations.length} #{noun} found"
+      # Group by type so each rule gets its own section with framing
+      # intro + tagged findings + inline suggestion arrows. The order
+      # mirrors what users care about: hex literals + inline styles +
+      # arbitrary Tailwind (real violations) before helper_recommended
+      # (a suggestion-shaped warning) and a11y (errors but grouped
+      # separately because A11yAudit owns them — the audit rake task
+      # threads them in via this same method).
+      type_order = %i[inline_style raw_color tailwind_arbitrary helper_recommended
+                      image_alt button_name link_name input_label]
+      by_type = violations.group_by(&:type)
+      ordered = type_order + (by_type.keys - type_order)
+
+      ordered.each do |type|
+        list = by_type[type] || []
+        next if list.empty?
+
+        print_violation_type(type, list)
+      end
+    end
+
+    SEVERITY_FOR_TYPE = {
+      inline_style: :warning,
+      raw_color: :error,
+      tailwind_arbitrary: :error,
+      helper_recommended: :warning,
+      image_alt: :error,
+      button_name: :error,
+      link_name: :error,
+      input_label: :error
+    }.freeze
+
+    FRAMING_FOR_TYPE = {
+      inline_style: "Inline style attributes bypass your design tokens. Extract these to a CSS class or component stylesheet that references defined tokens.",
+      raw_color: "Hex/rgb literals in color attributes bypass your design tokens. Run APPLY=1 to auto-fix where a token matches; SUGGEST=1 writes a markdown checklist.",
+      tailwind_arbitrary: "Arbitrary Tailwind values (bg-[#fa3] etc.) bypass your theme. Add the value to theme.colors / theme.fontSize and use the named utility, or APPLY=1 to auto-fix where a token matches.",
+      helper_recommended: "Literal <button>/<a> wrapping ERB output hides intent from static analysis and a11y tooling. Switch to tag.button / link_to / button_to so attributes flow through one place.",
+      image_alt: "Images need accessible alt text. Use alt=\"\" for purely decorative images.",
+      button_name: "Buttons need an accessible name — text content, aria-label, or aria-labelledby.",
+      link_name: "Links need an accessible name — text content, aria-label, or aria-labelledby.",
+      input_label: "Interactive inputs need a programmatic label — aria-label, aria-labelledby, or a matching <label for=...>."
+    }.freeze
+
+    AUTO_FIXABLE_TYPES = %i[raw_color tailwind_arbitrary].freeze
+
+    def print_violation_type(type, violations)
+      severity = SEVERITY_FOR_TYPE.fetch(type, :warning)
+      auto_fix_marker = AUTO_FIXABLE_TYPES.include?(type) ? ", auto-fix available" : ""
+
+      @output.puts ""
+      @output.puts style.section_heading(
+        severity,
+        "#{type} (#{violations.length} #{violations.length == 1 ? "finding" : "findings"}#{auto_fix_marker})"
+      )
+      framing = FRAMING_FOR_TYPE[type]
+      wrap_framing(framing).each { |line| @output.puts "  #{line}" } if framing
+
       violations.each do |v|
-        @output.puts "  [#{v.type}] #{v.file}:#{v.line}:#{v.column}"
-        @output.puts "    #{v.snippet}"
+        @output.puts ""
+        header = "#{type}: #{format_value(v)}"
+        @output.puts "  #{style.severity(severity, header)}"
+        suggestion = suggestion_for_violation(v)
+        @output.puts "    #{style.suggestion(suggestion)}" if suggestion
+        @output.puts "    #{style.location("#{v.file}:#{v.line}:#{v.column}")}"
+        @output.puts "    #{v.snippet}" if v.snippet
+      end
+    end
+
+    def format_value(violation)
+      case violation.type
+      when :raw_color, :tailwind_arbitrary
+        violation.value
+      when :inline_style
+        violation.value || "<inline style>"
+      else
+        violation.snippet.to_s[0, 60]
+      end
+    end
+
+    # Hard-wrap the framing-intro paragraph at ~72 chars so it doesn't
+    # run off the side of an 80-col terminal. Cheap word-wrap; nothing
+    # fancy needed for a 1-2 sentence paragraph.
+    def wrap_framing(text, width: 72)
+      lines = []
+      current = +""
+      text.split(/\s+/).each do |word|
+        if current.empty?
+          current << word
+        elsif current.length + 1 + word.length <= width
+          current << " " << word
+        else
+          lines << current
+          current = +word
+        end
+      end
+      lines << current unless current.empty?
+      lines
+    end
+
+    # Per-violation inline suggestion. For token-aware types
+    # (raw_color, tailwind_arbitrary), reuse load_tokens + TokenMatcher
+    # to surface exact matches inline. Anything more elaborate
+    # (near-match, replacement string, etc.) belongs in SUGGEST=1's
+    # markdown checklist.
+    def suggestion_for_violation(violation)
+      case violation.type
+      when :raw_color
+        matched_token_suggestion(violation, [:css_var])
+      when :tailwind_arbitrary
+        matched_token_suggestion(violation, [:tailwind]) ||
+          matched_token_suggestion(violation, [:css_var])
+      when :inline_style
+        "extract to a CSS class or component stylesheet"
+      when :helper_recommended
+        helper_recommended_suggestion(violation)
+      when :image_alt
+        "add an alt attribute (or alt=\"\" if decorative)"
+      when :button_name
+        "add text, aria-label, or aria-labelledby"
+      when :link_name
+        "add link text, aria-label, or aria-labelledby"
+      when :input_label
+        "add aria-label, aria-labelledby, or a matching <label for=...>"
+      end
+    end
+
+    def matched_token_suggestion(violation, allowed_syntaxes)
+      require_relative "token_matcher"
+      tokens = load_tokens.select { |t| allowed_syntaxes.include?(t.syntax) }
+      return nil if tokens.empty?
+
+      match = TokenMatcher.new(tokens).match(violation.value)
+      return nil unless match && match.kind == :exact
+
+      token = match.token
+      "replace with #{token_reference(token)} (exact match from #{token.file})"
+    end
+
+    def token_reference(token)
+      case token.syntax
+      when :css_var then "var(--#{token.name})"
+      when :scss_var then "$#{token.name}"
+      when :tailwind then token.name.to_s
+      else token.name.to_s
+      end
+    end
+
+    def helper_recommended_suggestion(violation)
+      tag = violation.snippet.to_s[/<(\w+)/, 1]
+      case tag
+      when "button" then "use tag.button(label, ...) or button_to(label, path)"
+      when "a" then "use link_to(label, path, ...)"
+      else "use the Rails helper for this element"
       end
     end
 
+    def style
+      @style ||= Report::Style.new(io: @output)
+    end
+
     def print_json(violations)
       require "json"
       payload = {