create-qa-architect 5.0.0 → 5.0.6

package/lib/package-utils.js

@@ -50,17 +50,17 @@ function mergeDevDependencies(initialDevDeps = {}, defaultDevDeps) {
 
 /**
  * Merge lint-staged configuration, preserving existing patterns
- * @param {Object} existing - Existing lint-staged config
- * @param {Object} defaults - Default lint-staged config
- * @param {Object} options - Merge options
- * @param {Function} patternChecker - Function to check if a pattern matches certain criteria
- * @returns {Object} Merged lint-staged config
+ * @param {Record<string, string|string[]>} [existing] - Existing lint-staged config
+ * @param {Record<string, string|string[]>} defaults - Default lint-staged config
+ * @param {{stylelintTargets?: string[]}} [options] - Merge options
+ * @param {(pattern: string) => boolean} [patternChecker] - Function to check if a pattern matches certain criteria
+ * @returns {Record<string, string|string[]>} Merged lint-staged config
  */
 function mergeLintStaged(
+  defaults = {},
   existing = {},
-  defaults,
   options = {},
-  patternChecker = null
+  patternChecker = _pattern => false
 ) {
   const merged = { ...existing }
   const stylelintTargets = options.stylelintTargets || []
@@ -88,7 +88,8 @@ function mergeLintStaged(
       : [merged[pattern]]
 
     const newCommands = [...existingCommands]
-    commands.forEach(command => {
+    const commandList = Array.isArray(commands) ? commands : [commands]
+    commandList.forEach(command => {
       if (!newCommands.includes(command)) {
         newCommands.push(command)
       }
@@ -177,6 +178,219 @@ function getAuditCommand(packageManager) {
   return commands[packageManager] || 'npm audit'
 }
 
+/**
+ * Detect monorepo type and configuration
+ * @param {string} projectPath - Path to the project directory
+ * @returns {Object} Monorepo info: { type, isMonorepo, packages, tool }
+ */
+function detectMonorepoType(projectPath = process.cwd()) {
+  const fs = require('fs')
+  const path = require('path')
+
+  const result = {
+    isMonorepo: false,
+    type: null, // 'workspaces' | 'lerna' | 'nx' | 'turborepo' | 'rush'
+    tool: null, // Specific tool name
+    packages: [], // List of workspace package paths
+    packageManager: detectPackageManager(projectPath),
+  }
+
+  // Check for Nx (nx.json)
+  const nxJsonPath = path.join(projectPath, 'nx.json')
+  if (fs.existsSync(nxJsonPath)) {
+    result.isMonorepo = true
+    result.type = 'nx'
+    result.tool = 'nx'
+    try {
+      const nxJson = JSON.parse(fs.readFileSync(nxJsonPath, 'utf8'))
+      result.config = nxJson
+    } catch {
+      // Ignore parse errors
+    }
+  }
+
+  // Check for Turborepo (turbo.json)
+  const turboJsonPath = path.join(projectPath, 'turbo.json')
+  if (fs.existsSync(turboJsonPath)) {
+    result.isMonorepo = true
+    result.type = 'turborepo'
+    result.tool = 'turborepo'
+    try {
+      const turboJson = JSON.parse(fs.readFileSync(turboJsonPath, 'utf8'))
+      result.config = turboJson
+    } catch {
+      // Ignore parse errors
+    }
+  }
+
+  // Check for Rush (rush.json)
+  const rushJsonPath = path.join(projectPath, 'rush.json')
+  if (fs.existsSync(rushJsonPath)) {
+    result.isMonorepo = true
+    result.type = 'rush'
+    result.tool = 'rush'
+  }
+
+  // Check for Lerna (lerna.json)
+  const lernaJsonPath = path.join(projectPath, 'lerna.json')
+  if (fs.existsSync(lernaJsonPath)) {
+    result.isMonorepo = true
+    result.type = 'lerna'
+    result.tool = 'lerna'
+    try {
+      const lernaJson = JSON.parse(fs.readFileSync(lernaJsonPath, 'utf8'))
+      result.packages = lernaJson.packages || ['packages/*']
+    } catch {
+      result.packages = ['packages/*']
+    }
+  }
+
+  // Check for pnpm workspaces (pnpm-workspace.yaml)
+  const pnpmWorkspacePath = path.join(projectPath, 'pnpm-workspace.yaml')
+  if (fs.existsSync(pnpmWorkspacePath)) {
+    result.isMonorepo = true
+    result.type = result.type || 'workspaces'
+    result.tool = result.tool || 'pnpm'
+    try {
+      const yaml = fs.readFileSync(pnpmWorkspacePath, 'utf8')
+      // Simple line-by-line YAML parsing (safer than regex)
+      const lines = yaml.split('\n')
+      let inPackages = false
+      const packages = []
+      for (const line of lines) {
+        if (line.trim() === 'packages:') {
+          inPackages = true
+          continue
+        }
+        if (inPackages) {
+          // Check if line is a list item (starts with -)
+          const match = line.match(/^\s*-\s*['"]?([^'"]+)['"]?\s*$/)
+          if (match) {
+            packages.push(match[1])
+          } else if (
+            line.trim() &&
+            !line.startsWith(' ') &&
+            !line.startsWith('\t')
+          ) {
+            // New top-level key, stop parsing packages
+            break
+          }
+        }
+      }
+      if (packages.length > 0) {
+        result.packages = packages
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  }
+
+  // Check for npm/yarn workspaces in package.json
+  const packageJsonPath = path.join(projectPath, 'package.json')
+  if (fs.existsSync(packageJsonPath)) {
+    try {
+      const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'))
+      if (packageJson.workspaces) {
+        result.isMonorepo = true
+        result.type = result.type || 'workspaces'
+        // workspaces can be array or object with packages key
+        const workspaces = Array.isArray(packageJson.workspaces)
+          ? packageJson.workspaces
+          : packageJson.workspaces.packages || []
+        result.packages = result.packages.length ? result.packages : workspaces
+        if (!result.tool) {
+          result.tool =
+            result.packageManager === 'yarn' ? 'yarn' : result.packageManager
+        }
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  }
+
+  // Resolve workspace package paths to actual directories
+  if (result.isMonorepo && result.packages.length > 0) {
+    result.resolvedPackages = resolveWorkspacePackages(
+      projectPath,
+      result.packages
+    )
+  }
+
+  return result
+}
+
+/**
+ * Resolve workspace glob patterns to actual package directories
+ * @param {string} projectPath - Root project path
+ * @param {Array<string>} patterns - Workspace patterns (e.g., ['packages/*', 'apps/*'])
+ * @returns {Array<Object>} Resolved packages with name and path
+ */
+function resolveWorkspacePackages(projectPath, patterns) {
+  const fs = require('fs')
+  const path = require('path')
+  const packages = []
+
+  for (const pattern of patterns) {
+    // Handle simple glob patterns like 'packages/*'
+    if (pattern.endsWith('/*')) {
+      const baseDir = path.join(projectPath, pattern.slice(0, -2))
+      if (fs.existsSync(baseDir)) {
+        try {
+          const entries = fs.readdirSync(baseDir, { withFileTypes: true })
+          for (const entry of entries) {
+            if (entry.isDirectory()) {
+              const pkgPath = path.join(baseDir, entry.name)
+              const pkgJsonPath = path.join(pkgPath, 'package.json')
+              if (fs.existsSync(pkgJsonPath)) {
+                try {
+                  const pkgJson = JSON.parse(
+                    fs.readFileSync(pkgJsonPath, 'utf8')
+                  )
+                  packages.push({
+                    name: pkgJson.name || entry.name,
+                    path: pkgPath,
+                    relativePath: path.relative(projectPath, pkgPath),
+                  })
+                } catch {
+                  packages.push({
+                    name: entry.name,
+                    path: pkgPath,
+                    relativePath: path.relative(projectPath, pkgPath),
+                  })
+                }
+              }
+            }
+          }
+        } catch {
+          // Ignore read errors
+        }
+      }
+    } else if (!pattern.includes('*')) {
+      // Direct path without glob
+      const pkgPath = path.join(projectPath, pattern)
+      const pkgJsonPath = path.join(pkgPath, 'package.json')
+      if (fs.existsSync(pkgJsonPath)) {
+        try {
+          const pkgJson = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf8'))
+          packages.push({
+            name: pkgJson.name || path.basename(pkgPath),
+            path: pkgPath,
+            relativePath: pattern,
+          })
+        } catch {
+          packages.push({
+            name: path.basename(pkgPath),
+            path: pkgPath,
+            relativePath: pattern,
+          })
+        }
+      }
+    }
+  }
+
+  return packages
+}
+
 module.exports = {
   mergeScripts,
   mergeDevDependencies,
@@ -184,4 +398,6 @@ module.exports = {
   detectPackageManager,
   getInstallCommand,
   getAuditCommand,
+  detectMonorepoType,
+  resolveWorkspacePackages,
 }

package/lib/project-maturity.js

@@ -435,7 +435,7 @@ class ProjectMaturityDetector {
 
   /**
    * Generate GitHub Actions outputs for maturity detection
-   * @returns {string} GitHub Actions output format
+   * @returns {{maturity: string, sourceCount: number, testCount: number, hasDeps: boolean, hasDocs: boolean, hasCss: boolean, requiredChecks: string, optionalChecks: string, disabledChecks: string}} GitHub Actions output format
    */
   generateGitHubActionsOutput() {
     const maturity = this.detect()

package/lib/setup-enhancements.js

@@ -80,6 +80,10 @@ function applyProductionQualityFixes(projectPath = '.', options = {}) {
   copyIntegrationTestTemplates(projectPath, projectType)
   fixes.push(`✅ Added ${projectType} integration test templates`)
 
+  // Fix 6b: Add starter unit and e2e smoke test stubs
+  copyTestStubs(projectPath)
+  fixes.push('✅ Added unit and e2e smoke test stubs')
+
   // Fix 7: Apply security-first configuration
   const securityFixes = applySecurityFirstConfiguration(projectPath)
   fixes.push('✅ Applied security-first configuration:')
@@ -201,6 +205,35 @@ function getTestTypesDocumentation(projectType) {
   )
 }
 
+function copyTestStubs(projectPath) {
+  const stubDir = path.join(__dirname, '../templates/test-stubs')
+  if (!fs.existsSync(stubDir)) return
+
+  const targets = [
+    {
+      source: path.join(stubDir, 'unit.test.js'),
+      dest: path.join(projectPath, 'tests', 'unit', 'sample.test.js'),
+    },
+    {
+      source: path.join(stubDir, 'e2e.smoke.test.js'),
+      dest: path.join(projectPath, 'tests', 'e2e', 'smoke.test.js'),
+    },
+  ]
+
+  targets.forEach(({ source, dest }) => {
+    if (!fs.existsSync(source)) return
+
+    const destDir = path.dirname(dest)
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true })
+    }
+
+    if (!fs.existsSync(dest)) {
+      fs.copyFileSync(source, dest)
+    }
+  })
+}
+
 /**
  * Generate comprehensive pre-commit hook
  * This replaces the narrow CLAUDE.md-only validation

package/lib/template-loader.js

@@ -126,6 +126,7 @@ class TemplateLoader {
    * // Only loads from whitelisted dirs: config/, .github/, lib/
    */
   async loadTemplates(dir, baseDir = dir, isPackageDir = false) {
+    /** @type {Record<string, string>} */
     const templates = {}
 
     try {
@@ -177,6 +178,7 @@ class TemplateLoader {
    * @returns {Promise<Object>} Merged template map
    */
   async mergeTemplates(customDir, defaultsDir) {
+    /** @type {Record<string, string>} */
     const merged = {}
 
     // Load defaults first (from package directory - restrict to known template dirs)

package/lib/ui-helpers.js

@@ -55,7 +55,8 @@ function showProgress(message) {
 
   // Try to use ora for interactive terminals
   try {
-    const ora = require('ora')
+    const oraImport = require('ora')
+    const ora = /** @type {any} */ (oraImport.default || oraImport)
     return ora(message).start()
   } catch {
     // Fallback if ora not installed (graceful degradation)

package/lib/validation/base-validator.js

@@ -1,5 +1,9 @@
 'use strict'
 
+/**
+ * @typedef {Error & {code?: string}} ErrWithCode
+ */
+
 /**
  * Base Validator Class
  * Provides common error handling, state management, and validation patterns
@@ -81,7 +85,7 @@ class BaseValidator {
 
   /**
    * Format error message for user
-   * @param {Error} error - The error object
+   * @param {ErrWithCode} error - The error object
    * @param {string} context - The context
    * @returns {string} Formatted error message
    */

package/lib/validation/cache-manager.js

@@ -14,6 +14,7 @@ class CacheManager {
       options.cacheDir || path.join(process.cwd(), '.create-qa-architect-cache')
     this.ttl = options.ttl || 24 * 60 * 60 * 1000 // Default: 24 hours in milliseconds
     this.enabled = options.enabled !== false // Enable by default
+    this.verbose = Boolean(options.verbose)
 
     // Ensure cache directory exists
     if (this.enabled) {

package/lib/validation/config-security.js

@@ -10,16 +10,17 @@ const { showProgress } = require('../ui-helpers')
 
 // Pinned gitleaks version for reproducible security scanning
 const GITLEAKS_VERSION = '8.28.0'
-// Real SHA256 checksums from https://github.com/gitleaks/gitleaks/releases/tag/v8.28.0
+// SHA256 checksums of EXTRACTED BINARIES from gitleaks v8.28.0 release
+// Note: These are checksums of the binary itself, not the tarball/zip archives
 const GITLEAKS_CHECKSUMS = {
   'linux-x64':
-    'a65b5253807a68ac0cafa4414031fd740aeb55f54fb7e55f386acb52e6a840eb',
+    '5fd1b3b0073269484d40078662e921d07427340ab9e6ed526ccd215a565b3298',
   'darwin-x64':
-    'edf5a507008b0d2ef4959575772772770586409c1f6f74dabf19cbe7ec341ced',
+    'cf09ad7a85683d90221db8324f036f23c8c29107145e1fc4a0dffbfa9e89c09a',
   'darwin-arm64':
     '5588b5d942dffa048720f7e6e1d274283219fb5722a2c7564d22e83ba39087d7',
   'win32-x64':
-    'da6458e8864af553807de1c46a7a8eac0880bd6b99ba56288e87e86a45af884f',
+    '54230c22688d19939f316cd3e2e040cd067ece40a3a8c5b684e5110c62ecbf52',
 }
 
 /**

package/lib/validation/validation-factory.js

@@ -75,7 +75,7 @@ class ValidationFactory {
 
   /**
    * Run all validators
-   * @returns {object} Validation results
+   * @returns {Promise<object>} Validation results
    */
   async validateAll() {
     const results = {

package/lib/yaml-utils.js

@@ -82,17 +82,22 @@ function convertToYaml(obj, indent = 0) {
   if (Array.isArray(obj)) {
     obj.forEach(item => {
       if (typeof item === 'object' && item !== null) {
-        // For objects in arrays, handle first property inline with dash, rest indented
-        const itemYaml = convertToYaml(item, indent + 2)
-        const lines = itemYaml.split('\n').filter(line => line.trim())
-        if (lines.length > 0) {
-          // First property goes inline with the dash
-          yaml += `${spaces}- ${lines[0].trim()}\n`
-          // Additional properties are properly indented
-          for (let i = 1; i < lines.length; i++) {
-            yaml += `${spaces}  ${lines[i].trim()}\n`
+        // For objects in arrays, prefix first line with "- " and indent rest
+        const entries = Object.entries(item)
+        entries.forEach(([key, value], idx) => {
+          const safeKey = formatYamlValue(key)
+          const prefix = idx === 0 ? `${spaces}- ` : `${spaces}  `
+
+          if (Array.isArray(value)) {
+            yaml += `${prefix}${safeKey}:\n`
+            yaml += convertToYaml(value, indent + 4)
+          } else if (typeof value === 'object' && value !== null) {
+            yaml += `${prefix}${safeKey}:\n`
+            yaml += convertToYaml(value, indent + 4)
+          } else {
+            yaml += `${prefix}${safeKey}: ${formatYamlValue(value)}\n`
           }
-        }
+        })
       } else {
         yaml += `${spaces}- ${formatYamlValue(item)}\n`
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-qa-architect",
-  "version": "5.0.0",
+  "version": "5.0.6",
   "description": "QA Architect - Bootstrap quality automation for JavaScript/TypeScript and Python projects with GitHub Actions, pre-commit hooks, linting, formatting, and smart test strategy",
   "main": "setup.js",
   "bin": {
@@ -12,26 +12,26 @@
     "format": "prettier --write .",
     "format:check": "prettier --check .",
     "lint": "eslint . && stylelint \"**/*.{css,scss,sass,less,pcss}\" --allow-empty-input",
+    "type-check": "tsc --noEmit",
     "lint:fix": "eslint . --fix && stylelint \"**/*.{css,scss,sass,less,pcss}\" --fix --allow-empty-input",
     "security:audit": "npm audit --audit-level high",
     "security:secrets": "node -e \"const fs=require('fs');const content=fs.readFileSync('package.json','utf8');if(/[\\\"\\'][a-zA-Z0-9+/]{20,}[\\\"\\']/.test(content)){console.error('❌ Potential hardcoded secrets in package.json');process.exit(1)}else{console.log('✅ No secrets detected in package.json')}\"",
     "security:config": "node setup.js --security-config",
     "validate:docs": "node setup.js --validate-docs",
-    "validate:claude": "node scripts/validate-claude-md.js",
     "validate:comprehensive": "node setup.js --comprehensive --no-markdownlint",
-    "validate:all": "npm run validate:comprehensive && npm run security:audit && npm run validate:claude",
+    "validate:all": "npm run validate:comprehensive && npm run security:audit",
     "validate:pre-push": "npm run test:patterns --if-present && npm run lint && npm run format:check && npm run test:commands --if-present && npm test --if-present",
-    "test": "node tests/setup.test.js && node tests/integration.test.js && node tests/error-paths.test.js && node tests/error-messages.test.js && node tests/cache-manager.test.js && node tests/parallel-validation.test.js && node tests/python-integration.test.js && node tests/interactive.test.js && node tests/monorepo.test.js && node tests/template-loader.test.js && node tests/critical-fixes.test.js && node tests/interactive-routing-fix.test.js && node tests/telemetry.test.js && node tests/error-reporter.test.js && node tests/premium-dependency-monitoring.test.js && node tests/multi-language-dependency-monitoring.test.js && node tests/cli-deps-integration.test.js && node tests/real-world-packages.test.js && node tests/validation-factory.test.js && node tests/setup-error-coverage.test.js && node tests/python-detection-sensitivity.test.js && node tests/python-parser-fixes.test.js && node tests/licensing.test.js && node tests/security-licensing.test.js && node tests/real-purchase-flow.test.js && node tests/base-validator.test.js && node tests/dependency-monitoring-basic.test.js && node tests/workflow-validation.test.js && node tests/setup-critical-paths.test.js && node tests/project-maturity.test.js && node tests/project-maturity-cli.test.js && node tests/package-manager-detection.test.js && node tests/check-docs.test.js && node tests/validate-claude-md.test.js && node tests/validate-command-patterns.test.js && node tests/gitleaks-binary-resolution.test.js && node tests/gitleaks-production-checksums.test.js && node tests/gitleaks-checksum-verification.test.js && node tests/gitleaks-real-binary-test.js && node tests/tier-enforcement.test.js",
-    "test:unit": "node tests/setup.test.js && node tests/error-paths.test.js && node tests/error-messages.test.js && node tests/cache-manager.test.js && node tests/template-loader.test.js && node tests/telemetry.test.js && node tests/error-reporter.test.js && node tests/validation-factory.test.js && node tests/setup-error-coverage.test.js && node tests/licensing.test.js && node tests/security-licensing.test.js && node tests/base-validator.test.js && node tests/dependency-monitoring-basic.test.js && node tests/workflow-validation.test.js && node tests/setup-critical-paths.test.js && node tests/project-maturity.test.js && node tests/package-manager-detection.test.js && node tests/check-docs.test.js && node tests/validate-claude-md.test.js && node tests/validate-command-patterns.test.js && node tests/gitleaks-binary-resolution.test.js && node tests/gitleaks-production-checksums.test.js && node tests/gitleaks-checksum-verification.test.js",
+    "test": "export QAA_DEVELOPER=true && node tests/setup.test.js && node tests/integration.test.js && node tests/error-paths.test.js && node tests/error-messages.test.js && node tests/cache-manager.test.js && node tests/parallel-validation.test.js && node tests/python-integration.test.js && node tests/interactive.test.js && node tests/monorepo.test.js && node tests/template-loader.test.js && node tests/critical-fixes.test.js && node tests/interactive-routing-fix.test.js && node tests/telemetry.test.js && node tests/error-reporter.test.js && node tests/premium-dependency-monitoring.test.js && node tests/multi-language-dependency-monitoring.test.js && node tests/cli-deps-integration.test.js && node tests/real-world-packages.test.js && node tests/validation-factory.test.js && node tests/setup-error-coverage.test.js && node tests/python-detection-sensitivity.test.js && node tests/python-parser-fixes.test.js && node tests/licensing.test.js && node tests/security-licensing.test.js && node tests/real-purchase-flow.test.js && node tests/base-validator.test.js && node tests/dependency-monitoring-basic.test.js && node tests/workflow-validation.test.js && node tests/setup-critical-paths.test.js && node tests/project-maturity.test.js && node tests/project-maturity-cli.test.js && node tests/package-manager-detection.test.js && node tests/check-docs.test.js && node tests/validate-command-patterns.test.js && node tests/gitleaks-binary-resolution.test.js && node tests/gitleaks-production-checksums.test.js && node tests/gitleaks-checksum-verification.test.js && node tests/gitleaks-real-binary-test.js && node tests/tier-enforcement.test.js",
+    "test:unit": "export QAA_DEVELOPER=true && node tests/setup.test.js && node tests/error-paths.test.js && node tests/error-messages.test.js && node tests/cache-manager.test.js && node tests/template-loader.test.js && node tests/telemetry.test.js && node tests/error-reporter.test.js && node tests/validation-factory.test.js && node tests/setup-error-coverage.test.js && node tests/licensing.test.js && node tests/security-licensing.test.js && node tests/base-validator.test.js && node tests/dependency-monitoring-basic.test.js && node tests/workflow-validation.test.js && node tests/setup-critical-paths.test.js && node tests/project-maturity.test.js && node tests/package-manager-detection.test.js && node tests/check-docs.test.js && node tests/validate-command-patterns.test.js && node tests/gitleaks-binary-resolution.test.js && node tests/gitleaks-production-checksums.test.js && node tests/gitleaks-checksum-verification.test.js",
     "test:fast": "npm run test:unit",
     "test:medium": "npm run test:fast && npm run test:patterns && npm run test:commands",
-    "test:slow": "node tests/python-integration.test.js && node tests/interactive.test.js && node tests/monorepo.test.js && node tests/critical-fixes.test.js && node tests/interactive-routing-fix.test.js && node tests/premium-dependency-monitoring.test.js && node tests/multi-language-dependency-monitoring.test.js && node tests/cli-deps-integration.test.js && node tests/real-world-packages.test.js && node tests/python-detection-sensitivity.test.js && node tests/python-parser-fixes.test.js && node tests/real-purchase-flow.test.js && node tests/project-maturity-cli.test.js && node tests/gitleaks-real-binary-test.test.js && npm run test:e2e",
+    "test:slow": "export QAA_DEVELOPER=true && node tests/python-integration.test.js && node tests/interactive.test.js && node tests/monorepo.test.js && node tests/critical-fixes.test.js && node tests/interactive-routing-fix.test.js && node tests/premium-dependency-monitoring.test.js && node tests/multi-language-dependency-monitoring.test.js && node tests/cli-deps-integration.test.js && node tests/real-world-packages.test.js && node tests/python-detection-sensitivity.test.js && node tests/python-parser-fixes.test.js && node tests/real-purchase-flow.test.js && node tests/project-maturity-cli.test.js && node tests/gitleaks-real-binary-test.js && npm run test:e2e",
     "test:comprehensive": "npm run test:patterns && npm test && npm run test:commands && npm run test:e2e && npm run security:audit",
     "test:real-binary": "RUN_REAL_BINARY_TEST=1 node tests/gitleaks-real-binary-test.js",
-    "test:commands": "node tests/command-execution.test.js",
+    "test:commands": "export QAA_DEVELOPER=true && node tests/command-execution.test.js",
     "test:patterns": "node scripts/validate-command-patterns.js",
     "test:coverage": "c8 --reporter=html --reporter=text --reporter=lcov npm test",
-    "test:e2e": "bash scripts/test-e2e-package.sh",
+    "test:e2e": "export QAA_DEVELOPER=true && bash scripts/test-e2e-package.sh",
     "test:all": "npm run test:patterns && npm test && npm run test:commands && npm run test:e2e",
     "coverage": "npm run test:coverage && echo '\nCoverage report generated in coverage/index.html'",
     "docs:check": "bash scripts/check-docs.sh",
@@ -63,14 +63,18 @@
     "security-audit"
   ],
   "author": "Brett Stark",
-  "license": "MIT",
+  "license": "SEE LICENSE IN LICENSE",
   "files": [
     "setup.js",
     "create-saas-monetization.js",
     "config/",
+    "docs/",
     "lib/",
     "legal/",
     "marketing/",
+    "templates/",
+    "scripts/",
+    "LICENSE",
     ".github/",
     ".prettierrc",
     ".prettierignore",
@@ -82,12 +86,12 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/brettstark73/qa-architect.git"
+    "url": "git+https://github.com/vibebuildlab/qa-architect.git"
   },
   "bugs": {
-    "url": "https://github.com/brettstark73/qa-architect/issues"
+    "url": "https://github.com/vibebuildlab/qa-architect/issues"
   },
-  "homepage": "https://github.com/brettstark73/qa-architect#readme",
+  "homepage": "https://vibebuildlab.com/tools/qa-architect",
   "engines": {
     "node": ">=20"
   },
@@ -102,7 +106,9 @@
     }
   },
   "devDependencies": {
+    "@types/node": "^20",
     "actionlint": "^2.0.6",
+    "typescript": "^5",
     "c8": "^10.1.2",
     "eslint": "^9.12.0",
     "eslint-plugin-security": "^3.0.1",
@@ -119,7 +125,6 @@
   },
   "lint-staged": {
     "CLAUDE.md": [
-      "node scripts/validate-claude-md.js",
       "prettier --write"
     ],
     "config/defaults.js": [

package/scripts/check-docs.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Documentation consistency checker
+# Run before any release to catch documentation gaps
+
+set -e
+
+echo "🔍 Checking documentation consistency..."
+
+# Check version consistency
+PACKAGE_VERSION=$(node -p "require('./package.json').version")
+if ! grep -q "## \[$PACKAGE_VERSION\]" CHANGELOG.md; then
+    echo "❌ CHANGELOG.md missing entry for version $PACKAGE_VERSION"
+    exit 1
+fi
+
+# Check that setup.js file creation matches README documentation
+echo "📁 Verifying file inventory..."
+
+# Extract files created by setup.js
+SETUP_FILES=$(grep -E "writeFileSync.*Path" setup.js | sed -E 's/.*writeFileSync\([^,]+, [^)]+\)//' | wc -l)
+echo "Setup script creates approximately $SETUP_FILES files"
+
+# Check for common missing files in README
+MISSING_FILES=()
+
+if grep -q "\.nvmrc" setup.js && ! grep -q "\.nvmrc" README.md; then
+    MISSING_FILES+=(".nvmrc")
+fi
+
+if grep -q "\.npmrc" setup.js && ! grep -q "\.npmrc" README.md; then
+    MISSING_FILES+=(".npmrc")
+fi
+
+if grep -q "stylelintrc" setup.js && ! grep -q "stylelintrc" README.md; then
+    MISSING_FILES+=(".stylelintrc.json")
+fi
+
+if grep -q "lighthouserc" setup.js && ! grep -q "lighthouserc" README.md; then
+    MISSING_FILES+=(".lighthouserc.js")
+fi
+
+if [ ${#MISSING_FILES[@]} -gt 0 ]; then
+    echo "❌ README.md missing documentation for files:"
+    printf '   - %s\n' "${MISSING_FILES[@]}"
+    exit 1
+fi
+
+# Check for Python features if implemented
+if grep -q "Python" setup.js; then
+    if ! grep -q "Python" README.md; then
+        echo "❌ Python features implemented but not documented in README.md"
+        exit 1
+    fi
+fi
+
+# Security validation is now handled by:
+# - /bs:audit --security command
+# - security-auditor agent
+# - npm audit in CI workflows
+# - gitleaks in pre-push hooks
+echo "🔐 Security validation handled by automated tooling (npm audit, gitleaks, CI workflows)"
+
+echo "✅ Documentation consistency checks passed!"