AllyProof Documentation

AllyProof is a WCAG 2.2 AA accessibility scanning platform for web agencies. It combines three scanning engines, AI-powered fix suggestions, and draft VPAT generation into one dashboard for managing client sites at scale.

Guides

• Quick StartAdd a site, verify ownership, and run your first scan in under 5 minutes.
• Scanning EnginesHow axe-core, HTML_CodeSniffer, and APCA work together for ~70% coverage.
• CLICross-platform CLI for triggering scans, fetching history, and gating CI/CD.
• CI/CD IntegrationAdd accessibility checks to GitHub Actions, GitLab CI, or Jenkins pipelines.
• API ReferenceComplete REST API documentation for all endpoints.
• NotificationsEmail alerts for scan results, critical violations, and weekly digests.
• VPAT ReportsGenerate draft VPAT 2.5 documents referencing all 56 WCAG 2.2 AA criteria.
• Litigation RiskUnderstand risk scoring based on violations commonly cited in ADA lawsuits.
• How It WorksScan pipeline, data security, integrations, and coverage limitations.
• Team & PermissionsMulti-org support, role-based access, audit logs, and team collaboration.
• Sharing & BadgesShared reports, embeddable badges, certificates, and AI fix export.
• WebhooksReceive scan events in your own systems with HMAC-signed payloads.
• Jira CloudPer-site routing to multiple Jira projects, bulk push, optional auto-push; closed tickets auto-resolve in AllyProof.
• Billing & PlansPlan tiers, upgrades and downgrades, cancellation, and invoices.

Key Concepts

Multi-Engine Scanning

AllyProof runs three engines on every page: axe-core (91 rules, zero false positives), HTML_CodeSniffer (~200 rules, catches additional issues), and APCA (WCAG 3.0 draft contrast analysis). Results are deduplicated and merged into a single violation list with source attribution. Element screenshots are captured as visual evidence for each violation.

Accessibility Score

Each site gets a 0–100 score based on open violation counts. Each critical deducts 10 (cap 50), each serious 5 (cap 30), each moderate 2 (cap 15), each minor 0.5 (cap 5). A score of 100 means no automated violations were found — still not a claim of full conformance, because automated scanning only covers ~57–70% of WCAG 2.2 AA criteria. See Scoring for the worked formula.

Remediation Workflow

Each violation can be assigned to a team member, tracked through a workflow (open → in progress → resolved), and verified automatically on subsequent scans. Violations can also be moved sideways to suppressed (with a reason code — false positive, accepted risk, third-party, will fix later, not applicable) or accepted exception. Bulk actions apply the same change to many rows at once, always with a short reason for the audit trail. Threaded comments allow team discussion on each issue.

VPAT Generation

AllyProof generates draft VPAT 2.5 documents referencing all 56 WCAG 2.2 AA criteria. Criteria are automatically classified as Supports, Partially Supports, Does Not Support, or Not Evaluated based on scan results. VPATs can be downloaded as HTML, PDF, DOCX, or JSON. All VPATs are labeled DRAFT — manual expert review is required for final conformance assessment.

Litigation Risk

The litigation risk scorer maps violations against the axe-core rules most commonly cited in ADA website accessibility lawsuits (missing alt text, form labels, color contrast, link purpose, language, bypass blocks, name-role-value). Sites with these violations get a High/Medium/Low risk rating. This is not legal advice.

AI Fix Suggestions

AI-powered fix suggestions are generated for each violation with before/after code examples and WCAG technique references. Fix instructions can be exported as a framework-agnostic Markdown file compatible with coding agents like Claude Code, Cursor, and GitHub Copilot. Individual issues also expose a Copy for AI agent button that builds a structured prompt ready to paste into a chat.

Ongoing Monitoring Signals

Issues that reappear after being resolved fire a dedicated violation.regressedwebhook and a regression digest email — distinct from the standard new/resolved events so "we fixed it, why is it back?" is visible immediately. The Accessibility Seal and verify card both surface the active scan cadence (checked daily / weekly), so visitors can tell ongoing monitoring apart from a one-off snapshot.

Multi-site dashboard

The dashboard renders every managed site as a single sortable table — score, critical and serious counts, new-this-week delta, last-scan timestamp, and a trend arrow against the previous scan. Sorted by urgency so the sites that need attention surface to the top, suited for a weekly client-status check-in without drilling into each site in turn.