create-qa-architect 5.0.0

package/eslint.config.cjs

@@ -0,0 +1,117 @@
+const js = require('@eslint/js')
+const globals = require('globals')
+
+let security = null
+try {
+  security = require('eslint-plugin-security')
+} catch {
+  // Security plugin not installed yet; fall back to basic config
+}
+
+const configs = [
+  {
+    ignores: [
+      // Dependencies
+      '**/node_modules/**',
+      // Build outputs
+      '**/dist/**',
+      '**/build/**',
+      '**/out/**',
+      '**/.next/**',
+      // Test coverage
+      '**/coverage/**',
+      '**/.nyc_output/**',
+      // Cache directories
+      '**/.cache/**',
+      '**/.eslintcache',
+      '**/.stylelintcache',
+      // Package artifacts
+      '**/*.tgz',
+      '**/package/**',
+      // Logs
+      '**/*.log',
+      '**/npm-debug.log*',
+      // Environment files
+      '**/.env',
+      '**/.env.*',
+      // IDE
+      '**/.vscode/**',
+      '**/.idea/**',
+      // OS files
+      '**/.DS_Store',
+      '**/Thumbs.db',
+      // HTML files
+      '**/*.html',
+    ],
+  },
+  js.configs.recommended,
+]
+
+// Add security config if available
+if (security) {
+  configs.push(security.configs.recommended)
+}
+
+// Base rules configuration
+const baseRules = {
+  // XSS Prevention patterns - critical for web applications
+  'no-eval': 'error',
+  'no-implied-eval': 'error',
+  'no-new-func': 'error',
+  'no-script-url': 'error',
+  // Allow intentionally unused variables prefixed with underscore
+  'no-unused-vars': [
+    'error',
+    {
+      argsIgnorePattern: '^_',
+      varsIgnorePattern: '^_',
+      caughtErrorsIgnorePattern: '^_',
+    },
+  ],
+}
+
+// Security rules only if plugin is loaded
+const securityRules = security
+  ? {
+      // Security rules from WFHroulette patterns - adjusted for build tools
+      'security/detect-object-injection': 'warn', // Build tools often use dynamic object access
+      'security/detect-non-literal-regexp': 'error',
+      'security/detect-unsafe-regex': 'error',
+      'security/detect-buffer-noassert': 'error',
+      'security/detect-child-process': 'warn', // Build tools may spawn processes
+      'security/detect-disable-mustache-escape': 'error',
+      'security/detect-eval-with-expression': 'error',
+      'security/detect-no-csrf-before-method-override': 'error',
+      'security/detect-non-literal-fs-filename': 'warn', // Build tools need dynamic file operations
+      'security/detect-non-literal-require': 'error',
+      'security/detect-possible-timing-attacks': 'error',
+      'security/detect-pseudoRandomBytes': 'error',
+    }
+  : {}
+
+configs.push({
+  files: ['**/*.{js,jsx,mjs,cjs,html}'],
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+    globals: {
+      ...globals.browser,
+      ...globals.node,
+    },
+  },
+  rules: {
+    ...baseRules,
+    ...securityRules,
+  },
+})
+
+// Override for test files - disable filesystem security warnings
+configs.push({
+  files: ['tests/**/*.js', 'scripts/**/*.js', 'lib/**/*.js', 'setup.js'],
+  rules: {
+    'security/detect-non-literal-fs-filename': 'off',
+    'security/detect-object-injection': 'off',
+  },
+})
+
+module.exports = configs

package/eslint.config.ts.cjs

@@ -0,0 +1,99 @@
+const js = require('@eslint/js')
+const globals = require('globals')
+
+let tsPlugin = null
+let tsParser = null
+let security = null
+try {
+  tsPlugin = require('@typescript-eslint/eslint-plugin')
+  tsParser = require('@typescript-eslint/parser')
+} catch {
+  // TypeScript tooling not installed yet; fall back to JS-only config.
+}
+
+try {
+  security = require('eslint-plugin-security')
+} catch {
+  // Security plugin not installed yet; fall back to basic config
+}
+
+const configs = [
+  {
+    ignores: ['**/node_modules/**', '**/dist/**', '**/build/**'],
+  },
+  js.configs.recommended,
+]
+
+// Add security config if available
+if (security) {
+  configs.push(security.configs.recommended)
+}
+
+// Base rules configuration
+const baseRules = {
+  // XSS Prevention patterns - critical for web applications
+  'no-eval': 'error',
+  'no-implied-eval': 'error',
+  'no-new-func': 'error',
+  'no-script-url': 'error',
+}
+
+// Security rules only if plugin is loaded
+const securityRules = security
+  ? {
+      // Security rules from WFHroulette patterns - adjusted for build tools
+      'security/detect-object-injection': 'warn', // Build tools often use dynamic object access
+      'security/detect-non-literal-regexp': 'error',
+      'security/detect-unsafe-regex': 'error',
+      'security/detect-buffer-noassert': 'error',
+      'security/detect-child-process': 'warn', // Build tools may spawn processes
+      'security/detect-disable-mustache-escape': 'error',
+      'security/detect-eval-with-expression': 'error',
+      'security/detect-no-csrf-before-method-override': 'error',
+      'security/detect-non-literal-fs-filename': 'warn', // Build tools need dynamic file operations
+      'security/detect-non-literal-require': 'error',
+      'security/detect-possible-timing-attacks': 'error',
+      'security/detect-pseudoRandomBytes': 'error',
+    }
+  : {}
+
+configs.push({
+  files: ['**/*.{js,jsx,mjs,cjs,html}'],
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+    globals: {
+      ...globals.browser,
+      ...globals.node,
+    },
+  },
+  rules: {
+    ...baseRules,
+    ...securityRules,
+  },
+})
+
+if (tsPlugin && tsParser) {
+  configs.push({
+    files: ['**/*.{ts,tsx}'],
+    languageOptions: {
+      parser: tsParser,
+      parserOptions: {
+        ecmaVersion: 2022,
+        sourceType: 'module',
+      },
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+      },
+    },
+    plugins: {
+      '@typescript-eslint': tsPlugin,
+    },
+    rules: {
+      ...tsPlugin.configs.recommended.rules,
+    },
+  })
+}
+
+module.exports = configs

package/legal/README.md

@@ -0,0 +1,106 @@
+# Legal Pages Index
+
+**Create Quality Automation - Legal Documentation**
+**Last Updated:** November 22, 2025
+
+## 📋 Legal Documents
+
+### 🔒 [Privacy Policy](./privacy-policy.md)
+
+**Required for LinkedIn, GDPR, CCPA compliance**
+
+- Data collection and usage practices
+- User privacy rights and controls
+- International data transfer information
+- Cookie and tracking policies
+
+### 📄 [Terms of Service](./terms-of-service.md)
+
+**Liability protection and usage terms**
+
+- Service license and restrictions
+- Subscription plans and payment terms
+- Limitation of liability clauses
+- User responsibilities and indemnification
+
+### ©️ [Copyright Notice](./copyright.md)
+
+**Intellectual property protection**
+
+- Software copyright and trademark information
+- Permitted and prohibited uses
+- DMCA compliance procedures
+- International copyright protection
+
+### ⚠️ [Disclaimer](./disclaimer.md)
+
+**Additional liability protection**
+
+- Software development tool limitations
+- Security scanning disclaimers
+- Service availability limitations
+- Professional advice disclaimers
+
+## 🌐 Web-Ready Versions
+
+For website integration and LinkedIn compliance, HTML versions are available:
+
+- **Privacy Policy URL:** `https://[your-domain]/legal/privacy-policy.html`
+- **Terms of Service URL:** `https://[your-domain]/legal/terms-of-service.html`
+
+## 🔗 Quick Links for Integration
+
+### For LinkedIn Business Profile
+
+```
+Privacy Policy: [Insert your privacy policy URL]
+```
+
+### For Website Footer
+
+```html
+<footer>
+  <a href="/legal/privacy-policy.html">Privacy Policy</a> |
+  <a href="/legal/terms-of-service.html">Terms of Service</a> |
+  <a href="/legal/disclaimer.html">Disclaimer</a> |
+  <a href="/legal/copyright.html">Copyright</a>
+</footer>
+```
+
+### For App/CLI About Section
+
+```
+Legal: https://[your-domain]/legal/
+Privacy: https://[your-domain]/legal/privacy-policy.html
+Terms: https://[your-domain]/legal/terms-of-service.html
+```
+
+## ⚖️ Legal Protection Summary
+
+These documents provide comprehensive protection against:
+
+- ✅ **Data Privacy Violations** - GDPR, CCPA compliant
+- ✅ **Software Liability Claims** - Tool malfunction disclaimers
+- ✅ **Copyright Infringement** - IP protection and DMCA compliance
+- ✅ **Service Disputes** - Clear terms and limitations
+- ✅ **Professional Liability** - Not professional advice disclaimers
+- ✅ **Security Breach Claims** - Reasonable efforts standard
+- ✅ **Financial Disputes** - Payment and refund terms
+
+## 📝 Next Steps
+
+1. **Host these pages** on your website/GitHub Pages
+2. **Add contact email** - Replace `[contact email needed]` placeholders
+3. **Add physical address** - Required for legal compliance
+4. **Add jurisdiction** - Specify governing law location
+5. **Review with attorney** - For high-risk scenarios or specific industry requirements
+
+## 🔄 Maintenance
+
+- **Review Schedule:** Quarterly or when service changes significantly
+- **Update Triggers:** New features, policy changes, legal requirement changes
+- **Version Control:** Keep dated versions for compliance audit trails
+
+---
+
+_These legal documents are designed to provide comprehensive protection for a SaaS development tool business. They follow industry best practices and compliance requirements as of November 2025._

package/legal/copyright.md

@@ -0,0 +1,76 @@
+# Copyright Notice
+
+**© 2025 Brett Stark. All rights reserved.**
+
+## Intellectual Property Protection
+
+### Software Copyright
+
+Create Quality Automation, including all source code, documentation, design, graphics, and related materials, is protected by copyright law and international treaties. All rights are reserved.
+
+### Trademarks
+
+- **"Create Quality Automation"** is a trademark of Brett Stark
+- All other trademarks, service marks, and trade names are the property of their respective owners
+
+### Open Source Components
+
+This software incorporates open source components. See `package.json` and individual component licenses for specific terms. Our use of open source software does not affect our copyright in the overall work.
+
+## Permitted Uses
+
+### What You May Do
+
+- Use the software in accordance with your subscription license
+- Create derivative configurations for your own projects
+- Reference our documentation in compliance discussions
+
+### What You May NOT Do
+
+- Copy, modify, or distribute our proprietary source code
+- Create competing products based on our software
+- Remove or modify copyright notices
+- Use our trademarks without written permission
+
+## DMCA Compliance
+
+### Copyright Infringement Claims
+
+If you believe our software infringes your copyright, send a DMCA notice to:
+
+**DMCA Agent:** Brett Stark
+**Email:** [contact email needed]
+**Subject:** "DMCA Takedown Notice"
+
+**Required Information:**
+
+1. Your physical or electronic signature
+2. Identification of copyrighted work claimed to be infringed
+3. Location of allegedly infringing material
+4. Your contact information
+5. Statement of good faith belief that use is unauthorized
+6. Statement that notice is accurate and you're authorized to act
+
+### Counter-Notification
+
+If you believe your content was wrongly removed, you may file a counter-notification with the same contact information.
+
+## International Copyright
+
+This work is protected under:
+
+- **United States:** Copyright Act of 1976
+- **International:** Berne Convention for the Protection of Literary and Artistic Works
+- **Digital:** WIPO Copyright Treaty
+- **Trade:** TRIPS Agreement
+
+## Contact for Licensing
+
+For licensing inquiries or permission to use copyrighted materials:
+
+- **Email:** [contact email needed]
+- **Subject:** "Copyright Licensing Inquiry"
+
+---
+
+_This copyright notice was last updated on November 22, 2025._

package/legal/disclaimer.md

@@ -0,0 +1,146 @@
+# Disclaimer
+
+**Last Updated:** November 22, 2025
+
+## IMPORTANT LEGAL NOTICE
+
+The information and software provided by Create Quality Automation is subject to the following disclaimers. By using our Service, you acknowledge and agree to these limitations.
+
+## 1. Software Development Tool Disclaimer
+
+### 1.1 No Guarantee of Results
+
+- **Code Quality:** While our tool aims to improve code quality, we make no guarantees about the effectiveness of our recommendations
+- **Project Outcomes:** We are not responsible for any project delays, failures, or issues that may arise from using our tool
+- **Compatibility:** We cannot guarantee compatibility with all development environments, frameworks, or tools
+
+### 1.2 User Responsibility
+
+- **Testing:** You are solely responsible for testing all changes made by our tool in your development environment
+- **Backup:** Always backup your code before running automated tools
+- **Review:** Carefully review all automated changes before committing to production
+
+## 2. Dependency Management Disclaimer
+
+### 2.1 Third-Party Dependencies
+
+- **Package Safety:** We do not vet or guarantee the safety of npm packages, Python packages, or other dependencies
+- **Vulnerability Responsibility:** You are responsible for security scanning and approval of all dependency updates
+- **Breaking Changes:** Dependency updates may introduce breaking changes to your application
+
+### 2.2 Automated Updates
+
+- **Risk Assessment:** Automated dependency updates carry inherent risks
+- **Testing Required:** All dependency updates should be thoroughly tested before deployment
+- **Rollback Capability:** Ensure you can rollback changes if issues arise
+
+## 3. Security Scanning Disclaimer
+
+### 3.1 Security Tool Limitations
+
+- **Detection Accuracy:** Security scanning tools may produce false positives and false negatives
+- **Coverage Limitations:** No security tool can detect 100% of potential vulnerabilities
+- **Evolving Threats:** New security threats emerge constantly that may not be detected by current tools
+
+### 3.2 Security Responsibility
+
+- **Professional Assessment:** Complex security issues require professional security assessment
+- **Regular Updates:** Security tools and databases must be regularly updated
+- **Defense in Depth:** Use multiple layers of security protection
+
+## 4. Service Availability Disclaimer
+
+### 4.1 Uptime and Reliability
+
+- **No Uptime Guarantee:** We make no guarantees about service availability or uptime
+- **Third-Party Dependencies:** Our service depends on external services (npm, GitHub, etc.) that may experience outages
+- **Maintenance Windows:** Scheduled maintenance may temporarily interrupt service
+
+### 4.2 Data and Backup
+
+- **No Backup Service:** We do not provide backup services for your project data
+- **Data Loss Risk:** Technical failures could result in loss of configuration or usage data
+- **Recovery Limitations:** Our ability to recover lost data is limited
+
+## 5. Professional Advice Disclaimer
+
+### 5.1 Not Professional Advice
+
+- **Development Practices:** Our recommendations are general guidance, not professional consulting
+- **Legal Compliance:** We do not provide legal advice regarding software licensing or compliance
+- **Business Decisions:** Tool recommendations should not be the sole basis for business-critical decisions
+
+### 5.2 Expert Consultation
+
+- **Complex Scenarios:** Consult with qualified professionals for complex development, security, or legal issues
+- **Industry Standards:** Verify that our recommendations align with your industry's specific standards
+- **Regulatory Compliance:** Ensure compliance with applicable regulations in your jurisdiction
+
+## 6. Third-Party Services Disclaimer
+
+### 6.1 External Integrations
+
+- **GitHub Actions:** We are not responsible for GitHub's service availability or policy changes
+- **Package Registries:** npm, PyPI, and other registries are outside our control
+- **Cloud Providers:** Our infrastructure depends on third-party cloud services
+
+### 6.2 Third-Party Changes
+
+- **API Changes:** Third-party services may change APIs without notice, affecting our functionality
+- **Policy Changes:** External services may change terms or policies that impact our service
+- **Service Discontinuation:** Third-party services may be discontinued at any time
+
+## 7. Financial and Business Disclaimer
+
+### 7.1 No Business Guarantees
+
+- **ROI Claims:** We make no guarantees about return on investment or cost savings
+- **Productivity Claims:** Individual results may vary regarding development productivity
+- **Business Outcomes:** We are not responsible for business decisions made based on our tool's output
+
+### 7.2 Subscription and Billing
+
+- **Service Changes:** We may modify features or pricing with appropriate notice
+- **Refund Limitations:** Refunds are limited as specified in our Terms of Service
+- **Tax Responsibility:** You are responsible for any applicable taxes on your subscription
+
+## 8. Legal and Compliance Disclaimer
+
+### 8.1 Jurisdiction Variations
+
+- **Local Laws:** Legal requirements vary by jurisdiction and industry
+- **Compliance Responsibility:** You are responsible for ensuring compliance with applicable laws and regulations
+- **Export Controls:** Use of our service may be subject to export control laws
+
+### 8.2 Industry Standards
+
+- **Standards Compliance:** We do not guarantee compliance with specific industry standards (SOX, HIPAA, PCI-DSS, etc.)
+- **Audit Requirements:** Professional audit may be required for compliance certification
+- **Regulatory Changes:** Compliance requirements may change over time
+
+## 9. Technical Limitations Disclaimer
+
+### 9.1 System Requirements
+
+- **Environment Compatibility:** Our tool may not work in all development environments
+- **Version Dependencies:** Specific versions of Node.js, Python, or other tools may be required
+- **Performance Variations:** Performance may vary based on project size and system specifications
+
+### 9.2 Technical Support Limitations
+
+- **Support Scope:** Support is limited to our software functionality
+- **Environment Issues:** We cannot provide support for general development environment issues
+- **Custom Configurations:** Support for highly customized setups may be limited
+
+## 10. Contact Information
+
+For questions about this disclaimer:
+
+- **Email:** [contact email needed]
+- **Subject:** "Disclaimer Inquiry"
+
+---
+
+**ACKNOWLEDGMENT:** By using Create Quality Automation, you acknowledge that you have read, understood, and agree to be bound by this Disclaimer and accept all associated risks and limitations.
+
+_This disclaimer provides comprehensive protection against various liability scenarios common to developer tools and SaaS services. Last reviewed on November 22, 2025._