LLM remediation cascade
The LLM remediation cascade is the heart of ARIADA's Remediate tier. A cheap-to-expensive routing engine turns each finding from the Detect tier into a source-level pull request — deterministic codemod first, then Cerebras / Gemini Flash, then Claude Sonnet, then Claude Opus. Framework-aware diffs for React, Vue, Svelte, Astro, and plain HTML. Each suggestion is a PR to the client repo, not a runtime patch. Client merges; ARIADA re-scans; the loop closes.
What it does
-
Tiered cascade routing
Findings flow through escalating tiers. ~80% are resolved by a deterministic codemod for free; the LLM cascade only handles the long tail. Cost-aware routing means Opus runs on the cases that genuinely need it, not on every alt-text edit.
-
Framework-aware diffs
The patch generator understands React JSX, Vue SFCs, Svelte components, Astro islands, and plain HTML. Diffs respect formatter conventions and stay reviewable for the engineer who lands them.
-
Cache and similarity reuse
Repeated finding shapes hit the cache. Near-duplicate findings reuse a vetted patch through similarity matching. The cascade spends LLM tokens once per pattern, not once per occurrence.
-
Pull-request emission
Each suggestion lands as a GitHub / GitLab / Bitbucket PR with full provenance: the finding, the regulation cited, the tier that wrote the patch, and the cascade trail. Reviewers see evidence, not magic.
-
Client merge required
ARIADA never deploys to production. Every change reaches the deployed surface only when a human on the client side merges. This is GitOps-shaped independence, not autopilot.
-
Re-scan close-the-loop
After merge, the multi-domain scanner re-scans the deployed surface and confirms the finding is resolved. The cascade learns from merge / reject / amend signal — the routing improves per repo over time.
Layer mapping
The remediation cascade consumes findings from the Detect tier and emits source-level diffs that flow back through the Foundation tier. The cascade is the connective tissue between scan output and shipped fixes.
| Axis | Direction | What flows |
|---|---|---|
| L1 Design | Outbound — patch | Token / palette / component-pattern updates surfaced for designer review. |
| L2 Dev Tools | Outbound — patch | Source diffs land in the repo; ESLint / IDE plugin annotations cite the cascade output. |
| L3 Testing (WCAG/EAA) | Inbound — finding | Each WCAG / EN 301 549 finding is a candidate cascade input. |
| Backlog optimizer | Inbound — ordering | The backlog optimizer decides which finding to remediate first; the cascade executes the chosen sequence. |
| CI/CD gate | Outbound — PR | Patches land as PRs; the CI/CD gate checks them against budget thresholds before merge. |
| AI authorship attribution | Inbound — signal | Attribution data feeds the cascade so AI-authored regions get differentiated review. |
Filed IP
ARIADA holds filed-IP positions covering cost-tiered cascade routing, cache and similarity reuse, framework-aware diff emission, and the closed-loop re-scan signal underlying this module. Provisional application only; conversion to non-provisional and PCT national-phase decisions are pending within the 12-month window.
Application numbers, claim counts, and PCT deadlines are available for accredited-investor due diligence on the Legal & IP page.
Why source-level only — the anti-overlay stance
Runtime-overlay vendors (accessiBe, AudioEye, UserWay) inject JavaScript at page load to hide or rewrite findings on the live site. Detection and remediation collapse into one artifact. This is the pattern that drew the FTC v. accessiBe enforcement action ($1M settlement, 2024) and similar consumer complaints elsewhere.
This module ships source-level diffs only. Detection happens on the deployed surface; remediation lives in the pull request. They are physically separated by Git itself — no JavaScript runs on the client site to mask findings, and no runtime collapse is possible.
Tier escalation is cost-aware, not stealth-aware: the cheap codemod handles the routine 80%, the LLM cascade handles the tail. Suggestions are agentic; deployments are not. PRs require client merge before any change reaches production.
Cross-references
- Backlog optimizer: orders the cascade input queue under sprint capacity, severity, and dependency constraints. See the backlog optimizer →
- CI/CD gate: gates the cascade's PR output against differential AI-vs-human budgets. See the CI/CD gate →
- AI authorship attribution: identifies whether the violating region was AI-authored, feeding the differential gate. See AI authorship attribution →
- Standalone product: the cascade ships standalone as reverter.ai — LLM remediation as a marketplace product, same engine.
- Triad context: this is the Remediate tier's core; see the homepage triad for Architect · Detect · Remediate framing.
Source-level remediation only — agentic suggestions are not autonomous deployments; pull requests require client merge. Not a legal certification body.