Technology architecture
ARIADA is the agentic compliance architect for the modern web — multi-agent orchestration that architects compliant systems from L0 Mindset, detects drift continuously across eleven sequential scanner-axes, and remediates at source through autonomous pull-request generation. Instantiated through nine integrated pipeline modules; modules combine into products, products share a single engine, and the same engine scales across all eleven scanner-axes. Source-level remediation only — PRs require client merge; we are not a legal certification body. This page is the architectural overview for technical due diligence.
Agentic compliance architect — eleven scanner-axes
ARIADA is the agentic compliance architect for the modern web — multi-agent orchestration that architects compliant systems from L0 Mindset, detects drift continuously across eleven axes, and remediates at source through autonomous pull-request generation. L4 Runtime/Overlay is intentionally not built (anti-overlay strategy — conflated detection and runtime remediation is what fined accessiBe). Source-level fixes only — agentic suggestions are not autonomous deployments; PRs require client merge. We test, we control — for accredited certification, customers consult a notified body or registered auditor. Regulator-facing dossier preparation runs through our sibling partner Governancer.
Eleven sequential scanner-axes (L0 Mindset → L10 Legal), with L4 Runtime/Overlay intentionally not built (anti-overlay strategy — conflated detection and runtime remediation is what fined accessiBe). All axes connected by the Ariadne gold thread. We test, we control — agentic suggestions are not autonomous deployments; for accredited certification, customers consult a notified body or registered auditor.
Nine modules — one platform
Each module is a focused capability that snaps into the platform. Marketplace standalones (blamer.ai, clamper.ai, reverter.ai) ship one module each; the umbrella platform ships all nine under one contract. Application numbers, claim counts, and PCT deadlines are disclosed to accredited investors on request via the Legal & IP page.
| Module | Capability | Pipeline stage |
|---|---|---|
| Multi-domain scan | Single-pass multi-domain scan — emits evidence across WCAG, EAA, EN 301 549, Section 508, ADA, DOS-lagen in one pass | P1 Scanner |
| LLM remediation | Tiered LLM remediation — cheap-to-expensive cascade emits source-code patches with cache and reuse | P4 Remediation |
| CI/CD gate | Differential CI/CD gate with policy DSL — stricter thresholds for AI-authored code | P5 CI gate |
| Regression detection | Cross-deploy diff engine that clusters root causes and tracks per-component trends | P2 Diff |
| Canonical scoring | Cross-tool canonical scoring — normalizes axe / Lighthouse / Siteimprove / WAVE / Pa11y into one signed score | P3 Compliance |
| Backlog optimizer | PredOpt MIP + ML backlog optimizer — schedules fixes under sprint capacity, severity, and budget | P4 Remediation |
| AI authorship attribution | Multi-signal classifier identifying Copilot, Cursor, Claude Code, Windsurf, Devin and others | Pipeline-wide |
| AI artifact audit | AI artifact audit (HAES) — tamper-evident event ledger with EU AI Act Art. 50 evidence package | P7 Audit trail |
| Scan visualization | Real-time character-themed visualization for stakeholder reports — same engine as draculascan.com | P6 Visualization |
Integrated pipeline
Every ScanEvent emitted by the multi-domain scanner flows
downstream to attribution (who wrote it), canonical scoring, and the
AI artifact audit (EU AI Act compliance). The regression detector trends
violations across deploys; the CI/CD gate blocks non-compliant PRs; the
LLM remediation cascade suggests source patches; the backlog optimizer
schedules the fix queue under sprint capacity; the visualization module
turns the numeric report into stakeholder-comprehensible narrative.
Multi-domain scan ─▶ AI attribution ─▶ Scan visualization
│ │
▼ ▼
Canonical scoring AI artifact audit
(cross-tool score) (HAES / Art. 50)
│ │
▼ ▼
Regression detection CI/CD gate
(trend + cluster) (policy DSL)
│ │
└──────────┬─────────┘
▼
LLM remediation (tiered cascade)
│
▼
Backlog optimizer (MIP + ML)
Scanner-axis coverage
The same engine that scans web accessibility today scales across eleven sequential axes. Each axis adds a rules package and a domain-specific reporter; the scanner, attribution engine, scoring normalizer, and audit trail are reused unchanged.
- L3 Testing — WCAG 2.2, EN 301 549, EAA 2025. Active.
- L5 Security — OWASP, CWE/CVE, headers (CSP/HSTS), TLS, leak scan. Roadmap.
- L6 SEO / GEO / AIEO — visibility scanner (search + AI overviews). Roadmap.
- L7 Perf — Core Web Vitals, Lighthouse, RUM. Roadmap.
- L8 Sustainability — WSG 1.0, SWD model, GHG protocol. Roadmap.
- L9 AI Act — EU AI Act 2024/1689 Art. 5 + Art. 50, AIAS. Roadmap.
- L10 Legal — false-marking + content legality (35 USC §292, EU UCPD). In flight (
legalcheck.aiseed).
L0 Mindset, L1 Design, L2 Dev Tools are shipped foundation tier; L4 Runtime/Overlay is intentionally not built (anti-overlay strategy). Adjacent verticals (QMS, document compliance) sit outside the current scanner-axis set.
Engineering stack
- Rust scanner core (production stable, NATS-integrated).
- TypeScript reference implementation (
@ariada-org/core) on Apache-2.0. - Hetzner-resident infrastructure (EU residency by default; FSN1 + HEL1).
- Cloudflare Pages for marketing surfaces; Cloudflare Tunnel for backend exposure.
- Append-only audit ledger with tamper-evident hash chain (AI artifact audit module).
- Tiered LLM cascade (deterministic → Cerebras / Gemini Flash → Claude Sonnet → Claude Opus) for the remediation module.