LLM remediation cascade

The LLM remediation cascade is the heart of ARIADA's Remediate tier. A cheap-to-expensive routing engine turns each finding from the Detect tier into a source-level pull request — deterministic codemod first, then Cerebras / Gemini Flash, then Claude Sonnet, then Claude Opus. Framework-aware diffs for React, Vue, Svelte, Astro, and plain HTML. Each suggestion is a PR to the client repo, not a runtime patch. Client merges; ARIADA re-scans; the loop closes.

What it does

Layer mapping

The remediation cascade consumes findings from the Detect tier and emits source-level diffs that flow back through the Foundation tier. The cascade is the connective tissue between scan output and shipped fixes.

Remediation cascade axis interactions. The cascade is fed by Detect-tier scanners and pushes patches that propagate to Foundation-tier source artifacts.
Axis Direction What flows
L1 Design Outbound — patch Token / palette / component-pattern updates surfaced for designer review.
L2 Dev Tools Outbound — patch Source diffs land in the repo; ESLint / IDE plugin annotations cite the cascade output.
L3 Testing (WCAG/EAA) Inbound — finding Each WCAG / EN 301 549 finding is a candidate cascade input.
Backlog optimizer Inbound — ordering The backlog optimizer decides which finding to remediate first; the cascade executes the chosen sequence.
CI/CD gate Outbound — PR Patches land as PRs; the CI/CD gate checks them against budget thresholds before merge.
AI authorship attribution Inbound — signal Attribution data feeds the cascade so AI-authored regions get differentiated review.

Filed IP

ARIADA holds filed-IP positions covering cost-tiered cascade routing, cache and similarity reuse, framework-aware diff emission, and the closed-loop re-scan signal underlying this module. Provisional application only; conversion to non-provisional and PCT national-phase decisions are pending within the 12-month window.

Application numbers, claim counts, and PCT deadlines are available for accredited-investor due diligence on the Legal & IP page.

Why source-level only — the anti-overlay stance

Runtime-overlay vendors (accessiBe, AudioEye, UserWay) inject JavaScript at page load to hide or rewrite findings on the live site. Detection and remediation collapse into one artifact. This is the pattern that drew the FTC v. accessiBe enforcement action ($1M settlement, 2024) and similar consumer complaints elsewhere.

This module ships source-level diffs only. Detection happens on the deployed surface; remediation lives in the pull request. They are physically separated by Git itself — no JavaScript runs on the client site to mask findings, and no runtime collapse is possible.

Tier escalation is cost-aware, not stealth-aware: the cheap codemod handles the routine 80%, the LLM cascade handles the tail. Suggestions are agentic; deployments are not. PRs require client merge before any change reaches production.

Cross-references

Book a demo See the integrated pipeline

Source-level remediation only — agentic suggestions are not autonomous deployments; pull requests require client merge. Not a legal certification body.