SKIP TO CONTENT

CASE STUDY

LIVE PRODUCT

Headless Dashboard Audit Loop

Hardening loop for a live quant trading platform's ~55 production routes — a Playwright audit → fix → re-audit SDLC cycle.

Topology: a session minter issues real JWTs to a headless Playwright driver that walks about 55 authenticated routes; a scorer checks console, network, and axe-core, and failures flow to triage-and-fix, which loops back into re-audit — three cycles drove the live dashboard from 92 to 99.6, guarded by a no-fake-data CI ratchet. The mock twin is explicitly excluded as an audit target.

PROBLEM

A ~55-route authenticated dashboard "looked done," but nobody knew which routes threw console errors or shipped accessibility violations.

BUILT

A headless Playwright loop mints real JWT sessions, drives and scores every production route, then feeds failures into a triage → fix → re-audit cycle.

route score average, 3 iterations
92→99.6
authenticated production routes
~55
console errors at final pass
0
axe violations at final pass
0
FAILURE MODES
  • Login page scored as pass
  • Auditing the mock twin
  • Fixed routes regressing later
  • Throwaway harness needs rebuild

EVIDENCE — REAL ARTIFACTS, CAPTURED FROM DISK

axe-core 0-violations output (requires harness rebuild to re-run) · PENDING
T3
PlaywrightTypeScriptaxe-coreJWT session mintingGitHub Actions

IMPROVE NEXT: Rebuild the audit harness as a committed, re-runnable package — the results were real, but re-verification currently requires reconstructing the tooling from spec.