Add accessibility workshop agent, governance instructions, and deployment workflow

Author: emmanuelknafo

.github/agents/accessibility-workshop-agent.agent.md

@@ -0,0 +1,29 @@
+---
+name: Accessibility Workshop Agent
+description: "Helps students navigate labs, debug scanner issues, explain findings, and troubleshoot tool configurations."
+tools:
+  - terminal
+  - file_reader
+---
+
+## Role
+
+You are an accessibility workshop assistant helping students work through 8 labs
+covering axe-core, IBM Equal Access, and custom Playwright checks for WCAG 2.2
+accessibility scanning.
+
+## Capabilities
+
+* Guide students through lab exercises step by step
+* Debug scanner tool errors and configuration issues
+* Explain SARIF output and accessibility governance findings
+* Help interpret WCAG 2.2 compliance results
+* Assist with GitHub Actions workflow troubleshooting
+* Explain remediation strategies for common accessibility violations
+
+## Context
+
+* Labs are in the `labs/` directory (lab-00-setup.md through lab-07.md)
+* The accessibility-scan-demo-app repository contains 5 intentionally inaccessible demo web apps
+* Demo apps are built in Rust, C#, Java, Python, and Go
+* Read `.github/instructions/accessibility-governance.instructions.md` for governance rules

.github/instructions/accessibility-governance.instructions.md

@@ -0,0 +1,61 @@
+---
+description: "WCAG 2.2 accessibility governance rules, compliance standards, and scan conventions for web application accessibility testing."
+applyTo: "**/*.html,**/*.tsx,**/*.jsx,**/*.vue,**/*.svelte"
+---
+
+# Accessibility Governance Rules
+
+## WCAG 2.2 Conformance Levels
+
+Every scanned web application must meet WCAG 2.2 Level AA conformance. Scan results are categorized by conformance level:
+
+| Level | Requirement | Action |
+|-------|-------------|--------|
+| A | Minimum accessibility | Must fix immediately |
+| AA | Standard conformance target | Must fix before release |
+| AAA | Enhanced accessibility | Recommended but not required |
+
+## Core Accessibility Principles (POUR)
+
+All accessibility violations map to one of the four POUR principles:
+
+| Principle | Description | Example Violations |
+|-----------|-------------|--------------------|
+| Perceivable | Content must be presentable to all users | Missing alt text, low contrast, no captions |
+| Operable | UI must be navigable by all users | Keyboard traps, no focus indicators, timing issues |
+| Understandable | Content and UI must be comprehensible | Missing form labels, unclear error messages, no language attribute |
+| Robust | Content must work with assistive technologies | Invalid ARIA, broken semantics, missing roles |
+
+## Required Scan Coverage
+
+Every demo application must be scanned for the following categories:
+
+| # | Category | Scanner | Rule Examples |
+|---|----------|---------|---------------|
+| 1 | Color Contrast | axe-core | `color-contrast`, `link-in-text-block` |
+| 2 | Image Alternatives | axe-core | `image-alt`, `input-image-alt`, `area-alt` |
+| 3 | Form Labels | axe-core, IBM Equal Access | `label`, `select-name`, `input-button-name` |
+| 4 | Keyboard Navigation | Custom Playwright | Focus order, keyboard traps, skip links |
+| 5 | ARIA Compliance | axe-core, IBM Equal Access | `aria-roles`, `aria-valid-attr`, `aria-required-attr` |
+| 6 | Document Structure | IBM Equal Access | Heading hierarchy, landmark regions, page title |
+| 7 | Dynamic Content | Custom Playwright | Live regions, status messages, modal focus management |
+
+## Severity Mapping
+
+Accessibility violations map to SARIF severity levels based on user impact:
+
+| Impact Level | SARIF Level | Description | Action |
+|--------------|-------------|-------------|--------|
+| Critical | `error` | Complete barrier preventing access | Immediate fix required |
+| Serious | `error` | Significant difficulty for users | Fix within current sprint |
+| Moderate | `warning` | Some difficulty for certain users | Plan remediation |
+| Minor | `note` | Cosmetic or best practice issue | Track for review |
+
+## SARIF Integration
+
+Accessibility scan findings use the following SARIF conventions:
+
+- **Category prefix:** `accessibility/`
+- **Rule ID prefix:** `A11Y-`
+- **Tool names:** `axe-core`, `IBMEqualAccess`, `CustomPlaywrightChecks`
+- **Security severity:** Mapped to WCAG conformance level and user impact

.github/instructions/ado-workflow.instructions.md

@@ -0,0 +1,120 @@
+---
+description: "Required workflow for Azure DevOps work item tracking, Git branching, pull requests, and branch cleanup in the AODA WCAG compliance project."
+applyTo: "**"
+maturity: stable
+---
+
+# Azure DevOps Workflow
+
+## ADO Organization and Project
+
+* Organization: `MngEnvMCAP675646`
+* Project: `AODA WCAG Compliance`
+
+All work items, boards, and test plans live in this project.
+
+## Work Item Hierarchy
+
+Follow this strict hierarchy for every piece of work:
+
+```text
+Epic
+ └── Feature
+      ├── User Story
+      └── Bug
+```
+
+* Every commit must trace back to a User Story or Bug.
+* Every User Story or Bug must belong to a Feature.
+* Every Feature must belong to an Epic.
+* Create the parent items first if they do not exist before creating child items.
+* Every work item (Epic, Feature, User Story, Bug) must include the tag `Agentic AI`.
+
+## Branching Strategy
+
+Create a feature branch for each work item using this naming convention:
+
+```text
+feature/{work-item-id}-short-description
+```
+
+Examples:
+
+```text
+feature/1234-axe-core-config
+feature/1235-fix-sarif-output
+```
+
+Rules:
+
+* One branch per User Story or Bug.
+* Use lowercase and hyphens for the description portion.
+* Keep the description concise (three to five words).
+* Branch from `main` unless otherwise specified.
+
+## Commit Messages
+
+Include the ADO work item ID in every commit message using the `AB#` linking syntax:
+
+```text
+feat: add axe-core scanning configuration AB#1234
+fix: correct SARIF severity mapping AB#1235
+```
+
+This links commits to ADO work items automatically through GitHub and Azure DevOps integration.
+
+To auto-close a work item when the PR merges, use `Fixes AB#{id}` in the commit message or PR description:
+
+```text
+feat: add axe-core scanning configuration Fixes AB#1234
+```
+
+## Pull Request Workflow
+
+1. Push the feature branch to the remote.
+2. Create a pull request targeting `main`.
+3. Reference the work item in the PR description using `Fixes AB#{work-item-id}` to auto-close the work item on merge.
+4. Complete code review and obtain required approvals.
+5. Merge the PR (squash merge preferred for a clean history).
+
+## Post-Merge Branch Cleanup
+
+After the pull request is merged and closed in GitHub:
+
+1. Switch to `main` locally:
+
+   ```bash
+   git checkout main
+   ```
+
+2. Pull the latest changes:
+
+   ```bash
+   git pull origin main
+   ```
+
+3. Delete the remote branch:
+
+   ```bash
+   git push origin --delete feature/{work-item-id}-short-description
+   ```
+
+4. Delete the local branch:
+
+   ```bash
+   git branch -d feature/{work-item-id}-short-description
+   ```
+
+Always delete both the remote and local feature branch after a successful merge. Do not keep stale branches.
+
+## Quick Reference
+
+| Step | Command or Action |
+|------|-------------------|
+| Create branch | `git checkout -b feature/{id}-description` |
+| Commit with link | `git commit -m "feat: description AB#{id}"` |
+| Push branch | `git push -u origin feature/{id}-description` |
+| Create PR | Target `main`, reference `AB#{id}` |
+| After merge: sync | `git checkout main && git pull origin main` |
+| After merge: delete remote | `git push origin --delete feature/{id}-description` |
+| After merge: delete local | `git branch -d feature/{id}-description` |

.github/prompts/accessibility-scan.prompt.md

@@ -0,0 +1,46 @@
+---
+description: "Run an accessibility scan against the demo web applications and analyze the results."
+---
+
+## Run Accessibility Scan
+
+Run the accessibility scanner against the demo app repositories and analyze the findings.
+
+### Steps
+
+1. **Run axe-core** against each demo app:
+
+   ```bash
+   npx @axe-core/cli http://localhost:3001 --save reports/axe-results.json
+   ```
+
+   Or using Playwright with axe-core:
+
+   ```bash
+   npx playwright test --project=axe-scan
+   ```
+
+2. **Run IBM Equal Access** against each demo app:
+
+   ```bash
+   npx accessibility-checker http://localhost:3001 --output reports/
+   ```
+
+3. **Run custom Playwright checks** for keyboard navigation and dynamic content:
+
+   ```bash
+   npx playwright test --project=custom-checks
+   ```
+
+4. **Convert results to SARIF** for GitHub Security tab integration:
+
+   ```bash
+   node src/converters/axe-to-sarif.js reports/axe-results.json reports/axe-results.sarif
+   node src/converters/ibm-to-sarif.js reports/ibm-results.json reports/ibm-results.sarif
+   ```
+
+5. **Analyze results**: Review the SARIF files in `reports/` and summarize:
+   - Total findings by tool and severity
+   - WCAG conformance level breakdown (A, AA, AAA)
+   - Top accessibility violations with affected user groups
+   - Recommended remediation priorities