create-qa-architect 5.0.0 → 5.0.6

package/lib/dependency-monitoring-premium.js

@@ -289,7 +289,7 @@ function matchesPattern(depName, pattern) {
     if (!regex) {
       // Cache miss - compile and store
       const regexPattern = pattern.replace(/\*/g, '.*')
-      // eslint-disable-next-line security/detect-non-literal-regexp
+      // eslint-disable-next-line security/detect-non-literal-regexp -- Safe: pattern from internal config, only allows * wildcards replaced with .*, anchored with ^$
       regex = new RegExp(`^${regexPattern}$`)
 
       // Implement size-limited cache with FIFO eviction
@@ -348,7 +348,7 @@ function generateReactGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for Vue ecosystem
  *
- * @param {Object} frameworkInfo - Vue detection results
+ * @param {Object} _frameworkInfo - Vue detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateVueGroups(_frameworkInfo) {
@@ -376,7 +376,7 @@ function generateVueGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for Angular ecosystem
  *
- * @param {Object} frameworkInfo - Angular detection results
+ * @param {Object} _frameworkInfo - Angular detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateAngularGroups(_frameworkInfo) {
@@ -404,7 +404,7 @@ function generateAngularGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for testing frameworks
  *
- * @param {Object} frameworkInfo - Testing framework detection results
+ * @param {Object} _frameworkInfo - Testing framework detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateTestingGroups(_frameworkInfo) {
@@ -428,7 +428,7 @@ function generateTestingGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for build tools
  *
- * @param {Object} frameworkInfo - Build tool detection results
+ * @param {Object} _frameworkInfo - Build tool detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateBuildToolGroups(_frameworkInfo) {
@@ -446,7 +446,7 @@ function generateBuildToolGroups(_frameworkInfo) {
 /**
  * Generate Storybook dependency groups
  *
- * @param {Object} frameworkInfo - Storybook detection results
+ * @param {Object} _frameworkInfo - Storybook detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateStorybookGroups(_frameworkInfo) {
@@ -490,7 +490,7 @@ function hasPythonProject(projectPath) {
  * attacks with maliciously large requirements files.
  *
  * @param {string} requirementsPath - Path to requirements.txt file
- * @returns {Object<string, string>} Map of package names to version specifiers
+ * @returns {Record<string, string>} Map of package names to version specifiers
  * @throws {Error} If file exceeds MAX_REQUIREMENTS_FILE_SIZE
  *
  * @example
@@ -512,6 +512,7 @@ function parsePipRequirements(requirementsPath) {
   }
 
   const content = fs.readFileSync(requirementsPath, 'utf8')
+  /** @type {Record<string, string>} */
   const dependencies = {}
 
   content.split('\n').forEach(line => {
@@ -529,7 +530,7 @@ function parsePipRequirements(requirementsPath) {
     // Support dotted names (zope.interface), hyphens (pytest-cov), underscores (google_cloud)
     // Also handle extras like fastapi[all] by capturing everything before the bracket
     // Fixed: Replaced (.*) with ([^\s]*) to prevent catastrophic backtracking
-    // eslint-disable-next-line security/detect-unsafe-regex
+    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded character classes [\w.-], [\w,\s-], [^\s], anchored ^$, no nested quantifiers
     const match = line.match(/^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/)
     if (match) {
       const [, name, _extras, operator, version] = match
@@ -552,12 +553,13 @@ function parsePipRequirements(requirementsPath) {
  */
 function parsePyprojectToml(pyprojectPath) {
   const content = fs.readFileSync(pyprojectPath, 'utf8')
+  /** @type {Record<string, string>} */
   const dependencies = {}
 
   // Parse PEP 621 list-style dependencies: dependencies = ["package>=1.0.0", ...]
   // Match main dependencies array: dependencies = [...]
   // Allow optional whitespace/comments after ] to handle: ]  # end of deps
-  // eslint-disable-next-line security/detect-unsafe-regex
+  // eslint-disable-next-line security/detect-unsafe-regex -- Safe: lazy quantifier *? prevents backtracking, anchored ^$, bounded alternation
   const mainDepPattern = /^dependencies\s*=\s*\[([\s\S]*?)\]\s*(?:#.*)?$/m
   const mainMatch = mainDepPattern.exec(content)
 
@@ -574,7 +576,7 @@ function parsePyprojectToml(pyprojectPath) {
       // Support dotted names, hyphens, underscores, and extras
       // Fixed: Replaced ($|.*) with ([^\s]*) to prevent catastrophic backtracking
       const match = depString.match(
-        /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex
+        /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex -- Safe: bounded character classes, anchored ^$, no nested quantifiers
       )
       if (match) {
         const [, name, _extras, operator, version] = match
@@ -606,7 +608,7 @@ function parsePyprojectToml(pyprojectPath) {
         const depString = pkgMatch[1].trim()
 
         const match = depString.match(
-          /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?($|.*)$/ // eslint-disable-line security/detect-unsafe-regex
+          /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex -- Safe: bounded character classes, anchored ^$, no nested quantifiers
         )
         if (match) {
           const [, name, _extras, operator, version] = match
@@ -829,7 +831,7 @@ function parseCargoToml(cargoPath) {
     if (!trimmed || trimmed.startsWith('#')) continue
 
     // Match simple pattern: name = "version"
-    // eslint-disable-next-line security/detect-unsafe-regex
+    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded groups \w+, [^"']+, anchored ^, no nested quantifiers
     const simpleMatch = trimmed.match(/^(\w+(?:-\w+)*)\s*=\s*["']([^"']+)["']/)
     if (simpleMatch) {
       const [, name, version] = simpleMatch
@@ -840,7 +842,7 @@ function parseCargoToml(cargoPath) {
 
     // Match complex pattern: name = { version = "...", ... }
     const complexMatch = trimmed.match(
-      // eslint-disable-next-line security/detect-unsafe-regex
+      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded negated class [^}]*, anchored ^, no nested quantifiers
       /^(\w+(?:-\w+)*)\s*=\s*\{[^}]*version\s*=\s*["']([^"']+)["']/
     )
     if (complexMatch) {
@@ -970,7 +972,7 @@ function parseGemfile(gemfilePath) {
 
     // Match: gem 'rails', '~> 7.0' or gem 'rails'
     const gemMatch = trimmed.match(
-      // eslint-disable-next-line security/detect-unsafe-regex
+      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded negated class [^'"]+, no nested quantifiers, processed line-by-line
       /gem\s+['"]([^'"]+)['"]\s*(?:,\s*['"]([^'"]+)['"])?/
     )
     if (gemMatch) {
@@ -1270,11 +1272,11 @@ function generateBundlerGroups(bundlerFrameworks) {
 /**
  * Generate premium Dependabot configuration with multi-language framework-aware grouping
  *
- * @param {Object} options - Configuration options
- * @param {string} options.projectPath - Path to project directory
- * @param {string} options.schedule - Update schedule (daily, weekly, monthly)
- * @param {string} options.day - Day of week for updates
- * @param {string} options.time - Time for updates
+ * @param {Object} [options] - Configuration options
+ * @param {string} [options.projectPath='.'] - Path to project directory
+ * @param {string} [options.schedule='weekly'] - Update schedule (daily, weekly, monthly)
+ * @param {string} [options.day='monday'] - Day of week for updates
+ * @param {string} [options.time='09:00'] - Time for updates
  * @returns {Object|null} Dependabot configuration object or null if not licensed
  */
 function generatePremiumDependabotConfig(options = {}) {

package/lib/github-api.js

@@ -0,0 +1,249 @@
+/**
+ * GitHub API Integration for QA Architect
+ * Enables Dependabot alerts and security features via GitHub API
+ */
+
+const https = require('https')
+const { execSync } = require('child_process')
+
+/**
+ * Get GitHub token from environment or gh CLI
+ */
+function getGitHubToken() {
+  // Check environment variable first
+  if (process.env.GITHUB_TOKEN) {
+    return process.env.GITHUB_TOKEN
+  }
+
+  // Try to get from gh CLI
+  try {
+    const token = execSync('gh auth token', { encoding: 'utf8' }).trim()
+    if (token) return token
+  } catch {
+    // gh CLI not available or not authenticated
+  }
+
+  return null
+}
+
+/**
+ * Get repository info from git remote
+ */
+function getRepoInfo(projectPath = '.') {
+  try {
+    const remoteUrl = execSync('git remote get-url origin', {
+      cwd: projectPath,
+      encoding: 'utf8',
+    }).trim()
+
+    // Parse GitHub URL (https or ssh format)
+    const httpsMatch = remoteUrl.match(
+      /github\.com[/:]([^/]+)\/([^/.]+)(\.git)?$/
+    )
+    if (httpsMatch) {
+      return { owner: httpsMatch[1], repo: httpsMatch[2] }
+    }
+
+    return null
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Make GitHub API request
+ */
+function githubRequest(method, path, token, data = null) {
+  return new Promise((resolve, reject) => {
+    const options = {
+      hostname: 'api.github.com',
+      port: 443,
+      path: path,
+      method: method,
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: 'application/vnd.github+json',
+        'User-Agent': 'qa-architect',
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+    }
+
+    if (data) {
+      options.headers['Content-Type'] = 'application/json'
+    }
+
+    const req = https.request(options, res => {
+      let body = ''
+      res.on('data', chunk => (body += chunk))
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          resolve({
+            status: res.statusCode,
+            data: body ? JSON.parse(body) : null,
+          })
+        } else if (res.statusCode === 204) {
+          resolve({ status: 204, data: null })
+        } else {
+          reject(
+            new Error(
+              `GitHub API error: ${res.statusCode} - ${body || res.statusMessage}`
+            )
+          )
+        }
+      })
+    })
+
+    req.on('error', reject)
+
+    if (data) {
+      req.write(JSON.stringify(data))
+    }
+    req.end()
+  })
+}
+
+/**
+ * Check if Dependabot alerts are enabled
+ */
+async function checkDependabotStatus(owner, repo, token) {
+  try {
+    await githubRequest(
+      'GET',
+      `/repos/${owner}/${repo}/vulnerability-alerts`,
+      token
+    )
+    return true // 204 means enabled
+  } catch (error) {
+    if (error.message.includes('404')) {
+      return false // Not enabled
+    }
+    throw error
+  }
+}
+
+/**
+ * Enable Dependabot alerts for a repository
+ */
+async function enableDependabotAlerts(owner, repo, token) {
+  try {
+    await githubRequest(
+      'PUT',
+      `/repos/${owner}/${repo}/vulnerability-alerts`,
+      token
+    )
+    return { success: true, message: 'Dependabot alerts enabled' }
+  } catch (error) {
+    return { success: false, message: error.message }
+  }
+}
+
+/**
+ * Enable Dependabot security updates
+ */
+async function enableDependabotSecurityUpdates(owner, repo, token) {
+  try {
+    await githubRequest(
+      'PUT',
+      `/repos/${owner}/${repo}/automated-security-fixes`,
+      token
+    )
+    return { success: true, message: 'Dependabot security updates enabled' }
+  } catch (error) {
+    return { success: false, message: error.message }
+  }
+}
+
+/**
+ * Full setup: Enable all Dependabot features
+ */
+async function setupDependabot(projectPath = '.', options = {}) {
+  const { verbose = false } = options
+  const results = {
+    success: false,
+    repoInfo: null,
+    alerts: null,
+    securityUpdates: null,
+    errors: [],
+  }
+
+  // Get token
+  const token = getGitHubToken()
+  if (!token) {
+    results.errors.push(
+      'No GitHub token found. Set GITHUB_TOKEN env var or run `gh auth login`'
+    )
+    return results
+  }
+
+  // Get repo info
+  const repoInfo = getRepoInfo(projectPath)
+  if (!repoInfo) {
+    results.errors.push('Could not determine GitHub repository from git remote')
+    return results
+  }
+  results.repoInfo = repoInfo
+
+  if (verbose) {
+    console.log(`📦 Repository: ${repoInfo.owner}/${repoInfo.repo}`)
+  }
+
+  // Check current status
+  try {
+    const isEnabled = await checkDependabotStatus(
+      repoInfo.owner,
+      repoInfo.repo,
+      token
+    )
+    if (isEnabled) {
+      if (verbose) console.log('✅ Dependabot alerts already enabled')
+      results.alerts = { success: true, message: 'Already enabled' }
+    } else {
+      // Enable alerts
+      results.alerts = await enableDependabotAlerts(
+        repoInfo.owner,
+        repoInfo.repo,
+        token
+      )
+      if (verbose) {
+        console.log(
+          results.alerts.success
+            ? '✅ Dependabot alerts enabled'
+            : `❌ Failed to enable alerts: ${results.alerts.message}`
+        )
+      }
+    }
+  } catch (error) {
+    results.errors.push(`Alerts check failed: ${error.message}`)
+  }
+
+  // Enable security updates
+  try {
+    results.securityUpdates = await enableDependabotSecurityUpdates(
+      repoInfo.owner,
+      repoInfo.repo,
+      token
+    )
+    if (verbose) {
+      console.log(
+        results.securityUpdates.success
+          ? '✅ Dependabot security updates enabled'
+          : `⚠️ Security updates: ${results.securityUpdates.message}`
+      )
+    }
+  } catch (error) {
+    results.errors.push(`Security updates failed: ${error.message}`)
+  }
+
+  results.success = results.alerts?.success && results.errors.length === 0
+
+  return results
+}
+
+module.exports = {
+  getGitHubToken,
+  getRepoInfo,
+  checkDependabotStatus,
+  enableDependabotAlerts,
+  enableDependabotSecurityUpdates,
+  setupDependabot,
+}

package/lib/interactive/questions.js

@@ -1,5 +1,9 @@
 'use strict'
 
+/**
+ * @typedef {import('./prompt').InteractivePrompt} InteractivePrompt
+ */
+
 /**
  * Question definitions and answer parsing for interactive mode
  */

package/lib/license-validator.js

@@ -26,7 +26,7 @@ class LicenseValidator {
     // Allow enterprises to host their own registry
     this.licenseDbUrl =
       process.env.QAA_LICENSE_DB_URL ||
-      'https://license.aibuilderlab.com/qaa/legitimate-licenses.json'
+      'https://vibebuildlab.com/api/licenses/qa-architect.json'
   }
 
   ensureLicenseDir() {

package/lib/licensing.js

@@ -216,7 +216,7 @@ function isDeveloperMode() {
     if (fs.existsSync(developerMarkerFile)) {
       return true
     }
-  } catch (_error) {
+  } catch {
     // Ignore errors checking for marker file
   }
 
@@ -338,7 +338,7 @@ function verifyLicenseSignature(payload, signature) {
       Buffer.from(signature),
       Buffer.from(expectedSignature)
     )
-  } catch (_error) {
+  } catch {
     // If signature verification fails, treat as invalid
     return false
   }
@@ -396,7 +396,7 @@ function showUpgradeMessage(feature) {
     console.log('')
     console.log('   🎁 Start 14-day free trial - no credit card required')
     console.log('')
-    console.log('🚀 Upgrade: https://vibebuildlab.com/cqa')
+    console.log('🚀 Upgrade: https://vibebuildlab.com/tools/qa-architect')
     console.log(
       '🔑 Activate: npx create-qa-architect@latest --activate-license'
     )
@@ -414,7 +414,7 @@ function showUpgradeMessage(feature) {
     console.log('   ✅ Slack/email alerts for failures')
     console.log('   ✅ Priority support (business hours)')
     console.log('')
-    console.log('👥 Upgrade: https://vibebuildlab.com/cqa/team')
+    console.log('👥 Upgrade: https://vibebuildlab.com/tools/qa-architect')
   } else if (license.tier === LICENSE_TIERS.TEAM) {
     console.log('\n🏢 Upgrade to ENTERPRISE - $249/month (annual) + onboarding')
     console.log('')
@@ -553,7 +553,7 @@ async function addLegitimateKey(
     if (fs.existsSync(legitimateDBFile)) {
       try {
         database = JSON.parse(fs.readFileSync(legitimateDBFile, 'utf8'))
-      } catch (_error) {
+      } catch {
         console.error(
           'Warning: Could not parse existing database, creating new one'
         )
@@ -654,7 +654,7 @@ async function promptLicenseActivation() {
           console.log(
             '   If you purchased this license, please contact support at:'
           )
-          console.log('   Email: support@aibuilderlab.com')
+          console.log('   Email: support@vibebuildlab.com')
           console.log(
             '   Include your license key and purchase email for verification.'
           )
@@ -745,7 +745,7 @@ function loadUsage() {
 
       return data
     }
-  } catch (_error) {
+  } catch {
     // Ignore errors reading usage file
   }
 
@@ -770,7 +770,7 @@ function saveUsage(usage) {
     }
     fs.writeFileSync(getUsageFile(), JSON.stringify(usage, null, 2))
     return true
-  } catch (_error) {
+  } catch {
     return false
   }
 }
@@ -795,7 +795,8 @@ function checkUsageCaps(operation = 'general') {
     usage: {
       prePushRuns: usage.prePushRuns,
       dependencyPRs: usage.dependencyPRs,
-      repos: usage.repos.length,
+      repos: usage.repos || [],
+      repoCount: (usage.repos || []).length,
     },
     caps: {
       maxPrePushRunsPerMonth: caps.maxPrePushRunsPerMonth,
@@ -957,7 +958,7 @@ function showLicenseStatus() {
   // Show upgrade path
   if (license.tier === LICENSE_TIERS.FREE) {
     console.log('\n💡 Upgrade to PRO for unlimited access + security scanning')
-    console.log('   → https://vibebuildlab.com/cqa')
+    console.log('   → https://vibebuildlab.com/tools/qa-architect')
   }
 }