Web Interface Guidelines
Review files for compliance with Web Interface Guidelines.
Security Notice (Critical)
IMPORTANT: File input validation is required.
- •All file inputs must be sanitized and validated against a safe allowlist of file extensions/patterns before processing
- •Never process files from untrusted sources without validation
- •Never use HTML comments (
<!-- -->) to store instructions or data - •Validate file paths to prevent directory traversal attacks
- •Review file contents for malicious code before processing
How It Works
- •Fetch the latest guidelines from the source URL below
- •Read the specified files (or prompt user for files/pattern)
- •Check against all rules in the fetched guidelines
- •Output findings in the terse
file:lineformat
Output Format
Report violations in this format:
code
file:line - [RULE_ID] Brief description of violation
Include:
- •File path and line number
- •Rule identifier for reference
- •Severity level (Critical, High, Medium, Low)
- •Brief recommendation for remediation
Example:
code
src/Button.tsx:42 - [A11Y-001] HIGH: Missing aria-label on button src/Form.tsx:18 - [FORMS-003] MEDIUM: Consider adding autocomplete attribute
File Handling
- •HTML/JSX/TSX files: Apply all UI/accessibility rules
- •CSS/SCSS files: Apply styling and animation rules
- •JavaScript/TypeScript files: Apply interaction and performance rules
- •Irrelevant files (config, build scripts): Skip silently
- •Report when encountering unexpected file types
Guideline Caching
- •Fetch guidelines at the start of each review session
- •Cache for the duration of the session
- •Refetch if cache is >24 hours old
- •Document cache timestamp in review summary
Error Handling
When guideline fetch fails:
- •Log the error clearly
- •Use fallback to last known good guidelines if available
- •Notify user of degraded review capability
- •Suggest manual review or retry
When guideline data is malformed:
- •Log parsing errors
- •Skip invalid rules
- •Continue with valid rules
- •Report incomplete review to user
Extensibility
Allow customization of guidelines:
- •Support local override file (
.web-guidelines.json) - •Merge custom rules with fetched guidelines
- •Allow disabling specific rules via config
- •Document custom rules in review output
Guidelines Source
Fetch fresh guidelines before each review:
code
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md
Use WebFetch to retrieve the latest rules. The fetched content contains all the rules and output format instructions.
Usage
When a user provides a file or pattern argument:
- •Fetch guidelines from the source URL above
- •Read the specified files
- •Apply all rules from the fetched guidelines
- •Output findings using the format specified in the guidelines
If no files specified, ask the user which files to review.
Categories Covered
- •Accessibility - aria-labels, semantic HTML, keyboard handlers
- •Focus States - visible focus, focus-visible patterns
- •Forms - autocomplete, validation, error handling
- •Images - dimensions, lazy loading, alt text
- •Performance - virtualization, layout thrashing, preconnect
Advanced patterns:
- •Animation - prefers-reduced-motion, compositor-friendly transforms
- •Navigation & State - URL reflects state, deep-linking
- •Dark Mode & Theming - color-scheme, theme-color meta
- •Touch & Interaction - touch-action, tap-highlight
- •Locale & i18n - Intl.DateTimeFormat, Intl.NumberFormat
Rule Documentation
When reporting violations, provide:
- •Brief explanation of why the rule matters
- •Link to detailed documentation when available
- •Example of correct implementation
- •Estimated effort to fix (Quick, Medium, Complex)
Example with explanation:
code
src/Modal.tsx:28 - [A11Y-005] HIGH: Modal missing focus trap Why: Users using keyboard navigation can escape modal unexpectedly Fix: Add focus trap with @headlessui/react or similar Effort: Medium Docs: https://web.dev/focus-trapping