Feature/ci html budgets

.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - name: Install dependencies
+        run: npm ci
+      - name: Install Playwright browsers (chromium only)
+        run: npx playwright install chromium --with-deps
+      - name: Smoke run against example.com
+        run: npm run smoke
+      - name: Upload smoke artifacts (report + shots)
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: smoke-artifacts
+          path: |
+            /tmp/uxray-ci.json
+            /tmp/uxray-shots
+
+  publish:
+    needs: test
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org
+      - name: Install dependencies
+        run: npm ci
+      - name: Publish to npm
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --provenance

README.md

@@ -1,17 +1,10 @@
 # UXRay
 
-Audit any hosted web app for quick UI/UX health:
-
-- Layout issues: horizontal overflow offenders, scroll snapshots.
-- Touch ergonomics: finds tap targets smaller than 44px.
-- Accessibility: runs axe-core via Playwright.
-- Theme signals: samples top colors and fonts.
-- Stability: logs console errors/warnings and failed network requests.
-- Evidence: full-page + stepped viewport screenshots.
+Fast UI/UX audit CLI for live web apps. Produces a JSON report plus evidence screenshots, and can emit an HTML summary.
 
 ## Prereqs
-- Node.js 18+ (Playwright uses modern APIs).
-- One-time: download bundled browsers
+- Node.js 20+
+- One-time browser install:
 
 ```bash
 npx playwright install
@@ -23,10 +16,10 @@ npx playwright install
 npm install
 ```
 
-Or run directly after cloning with `npx` (no global install):
+Or run without installing (after cloning):
 
 ```bash
-npx ./ui-review.js --url https://example.com
+npx uxray --url https://example.com
 ```
 
 ## Usage
@@ -37,47 +30,42 @@ npm run review -- --url https://your-app.com \
   --viewport 1366x768 \
   --steps 4 \
   --wait 2000 \
+  --wait-until load \
+  --ready-selector '#app' \
+  --target-policy wcag22-aa \
+  --axe-tags wcag21aa,wcag2aa \
+  --html \
+  --max-a11y 5 \
+  --max-small-targets 10 \
+  --max-overflow 2 \
+  --max-console 3 \
+  --max-http-errors 0 \
+  --trace \
   --out ./reports/uxray-report.json \
   --shots ./reports/shots
 ```
 
-Short flags:
-- `--url` (required) target page.
-- `--mobile` also run an iPhone 12 emulation pass.
-- `--viewport` desktop viewport, e.g. `1440x900` (default 1280x720).
-- `--steps` number of viewport screenshots while scrolling (default 4).
-- `--wait` extra ms to settle after load (default 1500ms).
-- `--out` output report path (JSON).
-- `--shots` screenshots root folder.
-
-After a run you’ll see:
-- `reports/ui-report-<timestamp>.json` with counts and offenders.
-- `reports/shots-<timestamp>/desktop|mobile` PNGs.
+## CLI flags (high-value)
+- `--url` target page (required)
+- `--mobile` add iPhone 12 pass
+- `--viewport 1440x900`
+- `--steps` viewport screenshots while scrolling
+- `--wait` extra settle time (ms)
+- `--wait-until` load|domcontentloaded|networkidle|commit
+- `--ready-selector` wait for selector after navigation
+- `--target-policy` wcag22-aa | wcag21-aaa | lighthouse
+- `--axe-tags` comma tags for axe rules
+- `--html` emit HTML report (optional path)
+- `--trace` capture Playwright trace
+- Budget gates: `--max-a11y`, `--max-small-targets`, `--max-overflow`, `--max-console`, `--max-http-errors`
 
-## JSON report shape (excerpt)
-
-```json
-{
-  "url": "https://example.com",
-  "runAt": "2026-04-10T18:00:00.000Z",
-  "desktop": {
-    "viewport": "1280x720",
-    "navTimeMs": 2310,
-    "perf": { "domContentLoaded": 980, "load": 1500, "renderBlocking": 210 },
-    "overflow": { "hasOverflowX": false, "offenders": [] },
-    "tapTargets": { "smallTargetCount": 2, "samples": [...] },
-    "viewportMeta": true,
-    "styles": { "topColors": [...], "topFonts": [...] },
-    "axe": { "summary": { "violations": 3, "passes": 150, "incomplete": 0 }, "topViolations": [...] },
-    "screenshots": ["reports/shots.../desktop-full.png", "..."],
-    "networkIssues": [],
-    "consoleIssues": []
-  },
-  "mobile": { ... }
-}
-```
+## Outputs
+- JSON report: `reports/ui-report-<timestamp>.json`
+- Screenshots: `reports/shots-<timestamp>/desktop|mobile`
+- Optional HTML: `reports/ui-report-<timestamp>.html`
+- Optional trace: `reports/shots-<timestamp>/desktop|mobile-trace.zip`
+- Crops: `reports/shots-<timestamp>/desktop|mobile/crops/`
 
-## Notes
-- Tool runs headless; remove `headless: true` in `ui-review.js` if you want to watch it.
-- If Playwright can’t launch browsers on macOS due to permissions, try running outside sandboxed shells or re-run `npx playwright install`.
-- Reports and screenshots are git-ignored.
+## CI & release
+- GitHub Actions runs `npm run smoke` on PRs and publishes artifacts.
+- Tag `v*.*.*` to publish to npm (requires `NPM_TOKEN`).

package.json

@@ -8,7 +8,9 @@
     "uxray": "./ui-review.js"
   },
   "scripts": {
-    "review": "node ui-review.js"
+    "review": "node ui-review.js",
+    "smoke": "node scripts/smoke.js",
+    "ci": "npm run smoke"
   },
   "repository": {
     "type": "git",

scripts/smoke.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+const os = require('os');
+const path = require('path');
+const { spawnSync } = require('child_process');
+
+const outFile = path.join(os.tmpdir(), 'uxray-ci.json');
+const shotsDir = path.join(os.tmpdir(), 'uxray-shots');
+
+const args = [
+  path.join(__dirname, '..', 'ui-review.js'),
+  '--url', 'https://example.com',
+  '--steps', '1',
+  '--wait', '800',
+  '--wait-until', 'load',
+  '--target-policy', 'wcag21-aaa',
+  '--out', outFile,
+  '--shots', shotsDir,
+];
+
+const result = spawnSync('node', args, { stdio: 'inherit' });
+process.exit(result.status === null ? 1 : result.status);

src/audits/a11y.js

@@ -0,0 +1,27 @@
+const { AxeBuilder } = require('@axe-core/playwright');
+
+async function runAxe(page, { axeTags }) {
+  let builder = new AxeBuilder({ page });
+  if (axeTags && Array.isArray(axeTags) && axeTags.length) {
+    builder = builder.withTags(axeTags);
+  }
+  const results = await builder.analyze();
+  return {
+    summary: {
+      violations: results.violations.length,
+      passes: results.passes.length,
+      incomplete: results.incomplete.length,
+    },
+    topViolations: results.violations.slice(0, 10).map((v) => ({
+      id: v.id,
+      description: v.description,
+      impact: v.impact,
+      help: v.help,
+      nodes: v.nodes.slice(0, 4).map((n) => ({ target: n.target, summary: n.failureSummary })),
+    })),
+  };
+}
+
+module.exports = {
+  runAxe,
+};