create-qa-architect 5.0.1 → 5.0.7

package/.github/RELEASE_CHECKLIST.md

@@ -27,14 +27,12 @@ Use this checklist before any version bump or npm publication.
 
 ### Security Audit Compliance
 
-- [ ] `KEYFLASH_INSPIRED_SECURITY_AUDIT.md` findings remain resolved
+- [ ] `npm audit` shows no high/critical vulnerabilities
+- [ ] `gitleaks detect --source . --redact` passes (no secrets)
 - [ ] **CRITICAL**: Gitleaks checksums are real SHA256 values, not placeholders
 - [ ] `lib/validation/config-security.js` GITLEAKS_CHECKSUMS contains verified hashes
 - [ ] No "PLACEHOLDER_CHECKSUM" strings exist in security validation code
 - [ ] Gitleaks pinned version in code matches documented security version
-- [ ] No new security vulnerabilities introduced since audit
-- [ ] All security fixes from audit still in place
-- [ ] Security audit document references current version (or base version for pre-releases like `4.0.1-rc.1`)
 
 ### Real Binary Verification
 

package/.github/workflows/daily-deploy-check.yml

@@ -0,0 +1,136 @@
+# Daily Deploy Check Workflow
+# Copy this to .github/workflows/daily-deploy-check.yml in each project
+#
+# Required secrets:
+#   AUDIT_WEBHOOK_SECRET - shared secret for authenticating with vibebuildlab API
+#
+# Required variables (set in repo settings):
+#   PRODUCTION_URL - the production URL to check (e.g., https://saas.vibebuildlab.com)
+#
+# This workflow:
+# 1. Runs daily at 6am UTC
+# 2. Checks if production URL responds and SSL is valid
+# 3. Reports deploy stage status to vibebuildlab dashboard
+
+name: Daily Deploy Check
+
+on:
+  schedule:
+    # Every day at 6am UTC
+    - cron: '0 6 * * *'
+  workflow_dispatch: # Manual trigger
+
+env:
+  VIBEBUILDLAB_API: https://dash.vibebuildlab.com/api/audit-results
+
+jobs:
+  deploy-check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Check URL responds
+        id: url_check
+        run: |
+          URL="${{ vars.PRODUCTION_URL }}"
+
+          if [ -z "$URL" ]; then
+            echo "::error::PRODUCTION_URL variable not set"
+            echo "responds=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$URL" --max-time 30 || echo "000")
+
+          echo "status_code=$STATUS" >> $GITHUB_OUTPUT
+
+          if [ "$STATUS" = "200" ] || [ "$STATUS" = "301" ] || [ "$STATUS" = "302" ]; then
+            echo "responds=true" >> $GITHUB_OUTPUT
+          else
+            echo "responds=false" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Check SSL certificate
+        id: ssl_check
+        run: |
+          URL="${{ vars.PRODUCTION_URL }}"
+
+          if [ -z "$URL" ]; then
+            echo "valid=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Extract domain from URL
+          DOMAIN=$(echo "$URL" | sed -E 's|https?://([^/]+).*|\1|')
+
+          # Check SSL expiry
+          EXPIRY=$(echo | openssl s_client -servername "$DOMAIN" -connect "$DOMAIN:443" 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2 || echo "")
+
+          if [ -n "$EXPIRY" ]; then
+            echo "valid=true" >> $GITHUB_OUTPUT
+            echo "expiry=$EXPIRY" >> $GITHUB_OUTPUT
+
+            # Check if expiring within 7 days
+            EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s 2>/dev/null || date -j -f "%b %d %H:%M:%S %Y %Z" "$EXPIRY" +%s 2>/dev/null || echo "0")
+            NOW_EPOCH=$(date +%s)
+            DAYS_LEFT=$(( (EXPIRY_EPOCH - NOW_EPOCH) / 86400 ))
+
+            echo "days_left=$DAYS_LEFT" >> $GITHUB_OUTPUT
+
+            if [ "$DAYS_LEFT" -lt 7 ]; then
+              echo "::warning::SSL certificate expires in $DAYS_LEFT days!"
+            fi
+          else
+            echo "valid=false" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Determine deploy status
+        id: result
+        run: |
+          if [ "${{ steps.url_check.outputs.responds }}" = "true" ]; then
+            echo "deploy=pass" >> $GITHUB_OUTPUT
+          else
+            echo "deploy=fail" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Report to vibebuildlab
+        if: always()
+        run: |
+          # Get project slug from repo name
+          PROJECT_SLUG="${{ github.event.repository.name }}"
+
+          curl -X POST "$VIBEBUILDLAB_API" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${{ secrets.AUDIT_WEBHOOK_SECRET }}" \
+            -d "{
+              \"project\": \"${PROJECT_SLUG}\",
+              \"stages\": {
+                \"deploy\": \"${{ steps.result.outputs.deploy }}\"
+              },
+              \"details\": {
+                \"url_responds\": ${{ steps.url_check.outputs.responds }},
+                \"ssl_valid\": ${{ steps.ssl_check.outputs.valid || false }},
+                \"status_code\": ${{ steps.url_check.outputs.status_code || 0 }}
+              },
+              \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"
+            }"
+        continue-on-error: true
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Deploy Check Results" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**URL:** ${{ vars.PRODUCTION_URL }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
+          echo "| URL Responds | ${{ steps.url_check.outputs.responds == 'true' && '✅' || '❌' }} (HTTP ${{ steps.url_check.outputs.status_code }}) |" >> $GITHUB_STEP_SUMMARY
+          echo "| SSL Valid | ${{ steps.ssl_check.outputs.valid == 'true' && '✅' || '❌' }} |" >> $GITHUB_STEP_SUMMARY
+          if [ -n "${{ steps.ssl_check.outputs.expiry }}" ]; then
+            echo "| SSL Expiry | ${{ steps.ssl_check.outputs.expiry }} (${{ steps.ssl_check.outputs.days_left }} days) |" >> $GITHUB_STEP_SUMMARY
+          fi
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Deploy Stage:** ${{ steps.result.outputs.deploy }}" >> $GITHUB_STEP_SUMMARY

package/.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,32 @@
+name: Dependabot Auto-Merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Enable auto-merge for patch and minor updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/nightly-gitleaks-verification.yml

@@ -42,7 +42,7 @@ jobs:
         run: |
           echo "🔐 Running REAL gitleaks download and verification test..."
           echo "Platform: $(uname -s)-$(uname -m)"
-          echo "Expected checksum: a65b5253807a68ac0cafa4414031fd740aeb55f54fb7e55f386acb52e6a840eb"
+          echo "Expected checksum: 5fd1b3b0073269484d40078662e921d07427340ab9e6ed526ccd215a565b3298"
 
           # Create a test script that downloads and verifies gitleaks
           cat > test-real-download.js << 'EOF'

package/.github/workflows/release.yml

@@ -4,6 +4,10 @@ on:
   push:
     tags: ['v*']
 
+permissions:
+  id-token: write # Required for OIDC trusted publishing to npm
+  contents: write # Required for creating GitHub releases
+
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -14,27 +18,25 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
+      - name: Upgrade npm for OIDC trusted publishing
+        run: npm install -g npm@latest
+
       - name: Install dependencies
         run: npm ci
 
       - name: Run pre-release checks
         run: npm run prerelease
 
-      - name: Publish to npm
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - name: Publish to npm with provenance
+        run: npm publish --provenance
 
       - name: Create GitHub Release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: softprops/action-gh-release@v2
         with:
-          tag_name: ${{ github.ref_name }}
-          release_name: Release ${{ github.ref_name }}
+          name: Release ${{ github.ref_name }}
           body: |
             ## Changes in ${{ github.ref_name }}
 

package/.github/workflows/weekly-audit.yml

@@ -0,0 +1,173 @@
+# Weekly Audit Workflow
+# Copy this to .github/workflows/weekly-audit.yml in each project
+#
+# Required secrets:
+#   AUDIT_WEBHOOK_SECRET - shared secret for authenticating with vibebuildlab API
+#
+# This workflow:
+# 1. Runs weekly (Sunday 2am UTC) and on manual trigger
+# 2. Checks build, tests, lint, typecheck, security
+# 3. Reports results to vibebuildlab dashboard
+
+name: Weekly Audit
+
+on:
+  schedule:
+    # Every Sunday at 2am UTC
+    - cron: '0 2 * * 0'
+  workflow_dispatch: # Manual trigger
+
+env:
+  VIBEBUILDLAB_API: https://dash.vibebuildlab.com/api/audit-results
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run build
+        id: build
+        run: |
+          if npm run build; then
+            echo "success=true" >> $GITHUB_OUTPUT
+          else
+            echo "success=false" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Run tests
+        id: tests
+        run: |
+          # Run tests and capture output
+          TEST_OUTPUT=$(npm test 2>&1) || true
+          echo "$TEST_OUTPUT"
+
+          # Parse results
+          PASSED=$(echo "$TEST_OUTPUT" | grep -oE '[0-9]+ passed' | tail -1 | awk '{print $1}' || echo "0")
+          FAILED=$(echo "$TEST_OUTPUT" | grep -oE '[0-9]+ failed' | tail -1 | awk '{print $1}' || echo "0")
+
+          echo "passed=${PASSED:-0}" >> $GITHUB_OUTPUT
+          echo "failed=${FAILED:-0}" >> $GITHUB_OUTPUT
+
+          if [ "${FAILED:-0}" = "0" ] && [ "${PASSED:-0}" != "0" ]; then
+            echo "success=true" >> $GITHUB_OUTPUT
+          else
+            echo "success=false" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Run lint
+        id: lint
+        run: |
+          LINT_OUTPUT=$(npm run lint 2>&1) || true
+          ERRORS=$(echo "$LINT_OUTPUT" | grep -cE '^\s+[0-9]+:[0-9]+\s+error' || echo "0")
+          echo "errors=${ERRORS:-0}" >> $GITHUB_OUTPUT
+
+          if [ "${ERRORS:-0}" = "0" ]; then
+            echo "success=true" >> $GITHUB_OUTPUT
+          else
+            echo "success=false" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Run typecheck
+        id: typecheck
+        run: |
+          if npm run typecheck 2>/dev/null || npx tsc --noEmit 2>/dev/null; then
+            echo "success=true" >> $GITHUB_OUTPUT
+            echo "errors=0" >> $GITHUB_OUTPUT
+          else
+            echo "success=false" >> $GITHUB_OUTPUT
+            echo "errors=1" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Security audit
+        id: security
+        run: |
+          AUDIT_OUTPUT=$(npm audit 2>&1) || true
+
+          if echo "$AUDIT_OUTPUT" | grep -qiE '[0-9]+ (high|critical)'; then
+            echo "vulnerabilities=1" >> $GITHUB_OUTPUT
+            echo "success=false" >> $GITHUB_OUTPUT
+          else
+            echo "vulnerabilities=0" >> $GITHUB_OUTPUT
+            echo "success=true" >> $GITHUB_OUTPUT
+          fi
+        continue-on-error: true
+
+      - name: Determine audit result
+        id: result
+        run: |
+          # execute stage: build must pass
+          if [ "${{ steps.build.outputs.success }}" = "true" ]; then
+            echo "execute=pass" >> $GITHUB_OUTPUT
+          else
+            echo "execute=fail" >> $GITHUB_OUTPUT
+          fi
+
+          # audit stage: tests + lint + typecheck + security
+          if [ "${{ steps.tests.outputs.success }}" = "true" ] && \
+             [ "${{ steps.lint.outputs.success }}" = "true" ] && \
+             [ "${{ steps.typecheck.outputs.success }}" = "true" ] && \
+             [ "${{ steps.security.outputs.success }}" = "true" ]; then
+            echo "audit=pass" >> $GITHUB_OUTPUT
+          else
+            echo "audit=fail" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Report to vibebuildlab
+        if: always()
+        run: |
+          # Get project slug from package.json name or repo name
+          PROJECT_SLUG=$(node -e "console.log(require('./package.json').name)" 2>/dev/null || echo "${{ github.event.repository.name }}")
+
+          curl -X POST "$VIBEBUILDLAB_API" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${{ secrets.AUDIT_WEBHOOK_SECRET }}" \
+            -d "{
+              \"project\": \"${PROJECT_SLUG}\",
+              \"stages\": {
+                \"execute\": \"${{ steps.result.outputs.execute }}\",
+                \"audit\": \"${{ steps.result.outputs.audit }}\"
+              },
+              \"details\": {
+                \"tests_passed\": ${{ steps.tests.outputs.passed || 0 }},
+                \"tests_failed\": ${{ steps.tests.outputs.failed || 0 }},
+                \"lint_errors\": ${{ steps.lint.outputs.errors || 0 }},
+                \"type_errors\": ${{ steps.typecheck.outputs.errors || 0 }},
+                \"vulnerabilities\": ${{ steps.security.outputs.vulnerabilities || 0 }},
+                \"build_success\": ${{ steps.build.outputs.success }}
+              },
+              \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"
+            }"
+        continue-on-error: true
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Audit Results" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Build | ${{ steps.build.outputs.success == 'true' && '✅' || '❌' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Tests | ${{ steps.tests.outputs.success == 'true' && '✅' || '❌' }} (${{ steps.tests.outputs.passed }} passed, ${{ steps.tests.outputs.failed }} failed) |" >> $GITHUB_STEP_SUMMARY
+          echo "| Lint | ${{ steps.lint.outputs.success == 'true' && '✅' || '❌' }} (${{ steps.lint.outputs.errors }} errors) |" >> $GITHUB_STEP_SUMMARY
+          echo "| TypeScript | ${{ steps.typecheck.outputs.success == 'true' && '✅' || '❌' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Security | ${{ steps.security.outputs.success == 'true' && '✅' || '❌' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Execute Stage:** ${{ steps.result.outputs.execute }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Audit Stage:** ${{ steps.result.outputs.audit }}" >> $GITHUB_STEP_SUMMARY

package/LICENSE

@@ -17,17 +17,17 @@ TERMS OF USE:
    - Standard pre-commit hooks
 
 2. PAID TIERS
-   - Pro: $59/month or $590/year
+   - Pro: $19/month or $190/year
      - Security scanning (Gitleaks + ESLint security)
      - Smart Test Strategy
      - Multi-language support
      - Unlimited repos
-   - Team: $15/user/month (5-seat minimum)
+   - Team: Contact us (coming soon)
      - All Pro features
      - RBAC and team policies
      - Slack alerts
      - Multi-repo dashboard
-   - Enterprise: $249/month + $499 onboarding
+   - Enterprise: Contact us (coming soon)
      - All Team features
      - SSO/SAML integration
      - Custom policies

package/README.md

@@ -2,7 +2,7 @@
 
 Quality automation CLI for JavaScript/TypeScript and Python projects. One command adds ESLint, Prettier, Husky, lint-staged, and GitHub Actions. Pro tiers add security scanning (Gitleaks), Smart Test Strategy, and multi-language support.
 
-**This repo = the free CLI.** For the Pro dashboard with repo analytics, CI integration, and automation workflows, see [QA Architect Pro](https://vibebuildlab.com/qa-architect-pro) (included in Vibe Lab Pro).
+**This repo = the free CLI.** For the Pro dashboard with repo analytics, CI integration, and automation workflows, see [QA Architect Pro](https://vibebuildlab.com/qa-architect) (included in VBL Starter Kit).
 
 ---
 
@@ -41,14 +41,14 @@ npx create-qa-architect@latest
 
 ## Pricing
 
-| Tier           | Price                     | What You Get                                                                                       |
-| -------------- | ------------------------- | -------------------------------------------------------------------------------------------------- |
-| **Free**       | $0                        | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
-| **Pro**        | $59/mo or $590/yr         | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
-| **Team**       | $15/user/mo (5-seat min)  | + RBAC, Slack alerts, multi-repo dashboard, team audit log                                         |
-| **Enterprise** | $249/mo + $499 onboarding | + SSO/SAML, custom policies, compliance pack, dedicated TAM                                        |
+| Tier           | Price             | What You Get                                                                                       |
+| -------------- | ----------------- | -------------------------------------------------------------------------------------------------- |
+| **Free**       | $0                | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
+| **Pro**        | $19/mo or $190/yr | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
+| **Team**       | Contact us        | + RBAC, Slack alerts, multi-repo dashboard, team audit log _(coming soon)_                         |
+| **Enterprise** | Contact us        | + SSO/SAML, custom policies, compliance pack, dedicated TAM _(coming soon)_                        |
 
-> **Pro included in [Vibe Lab Pro](https://vibebuildlab.com/pro)** — Team/Enterprise are standalone purchases.
+> **Pro included in [VBL Starter Kit](https://vibebuildlab.com/starter-kit)** — Team/Enterprise are standalone purchases.
 
 ### Security Features by Tier
 
@@ -60,7 +60,7 @@ npx create-qa-architect@latest
 
 ### License
 
-**MIT License** for the CLI (this repository). Pro features require a paid subscription or Vibe Lab Pro membership. See [LICENSE](LICENSE).
+**Commercial License (freemium)** — free tier covers the basic CLI; Pro/Team/Enterprise features require a paid subscription. See [LICENSE](LICENSE).
 
 ## Tech Stack
 
@@ -188,13 +188,7 @@ npm run validate:pre-push   # Pre-push validation
 
 ## Roadmap
 
-- [x] ESLint 9 flat config support
-- [x] Progressive quality (maturity detection)
-- [x] Python toolchain support
-- [x] Smart test strategy (Pro)
-- [x] Monorepo support (Nx, Turborepo, Lerna, Rush, npm/pnpm/yarn workspaces)
-- [ ] Rust and Go support
-- [ ] VS Code extension
+See [ROADMAP.md](ROADMAP.md) for planned features and strategic direction.
 
 ## Contributing
 
@@ -214,7 +208,7 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
 
 ## License
 
-MIT License - the CLI is free to use in any project. Pro/Team/Enterprise features require a paid subscription. See [LICENSE](LICENSE) for details.
+Commercial freemium license — the base CLI is free to use; Pro/Team/Enterprise features require a paid subscription. See [LICENSE](LICENSE) for details.
 
 ## Legal
 

package/config/defaults.js

@@ -4,6 +4,13 @@
 const STYLELINT_EXTENSIONS = ['css', 'scss', 'sass', 'less', 'pcss']
 const DEFAULT_STYLELINT_TARGET = `**/*.{${STYLELINT_EXTENSIONS.join(',')}}`
 
+/**
+ * @typedef {Object} DefaultsOptions
+ * @property {string[]=} stylelintTargets
+ * @property {boolean=} typescript
+ * @property {boolean=} python
+ */
+
 const baseScripts = {
   format: 'prettier --write .',
   'format:check': 'prettier --check .',
@@ -41,7 +48,12 @@ const stylelintBraceGroup = stylelintTargets => {
   return `{${targets.join(',')}}`
 }
 
-const baseLintScripts = ({ stylelintTargets }) => {
+/**
+ * @param {DefaultsOptions} [options]
+ * @returns {Record<string, string>}
+ */
+const baseLintScripts = (options = {}) => {
+  const { stylelintTargets } = options
   const stylelintTarget = stylelintBraceGroup(stylelintTargets)
   return {
     lint: `eslint . && stylelint "${stylelintTarget}" --allow-empty-input`,
@@ -96,6 +108,9 @@ const TS_LINT_STAGED_PATTERN = '**/*.{js,jsx,ts,tsx,mjs,cjs,html}'
 
 const clone = value => JSON.parse(JSON.stringify(value))
 
+/**
+ * @param {DefaultsOptions} [options]
+ */
 function getDefaultScripts({ stylelintTargets } = {}) {
   return {
     ...clone(baseScripts),
@@ -103,6 +118,9 @@ function getDefaultScripts({ stylelintTargets } = {}) {
   }
 }
 
+/**
+ * @param {DefaultsOptions} [options]
+ */
 function getDefaultDevDependencies({ typescript } = {}) {
   const devDeps = { ...clone(baseDevDependencies) }
   if (typescript) {
@@ -111,6 +129,9 @@ function getDefaultDevDependencies({ typescript } = {}) {
   return devDeps
 }
 
+/**
+ * @param {DefaultsOptions} [options]
+ */
 function getDefaultLintStaged({ typescript, stylelintTargets, python } = {}) {
   const pattern = typescript ? TS_LINT_STAGED_PATTERN : JS_LINT_STAGED_PATTERN
   return clone(baseLintStaged(pattern, stylelintTargets, python))

package/config/quality-config.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "https://github.com/brettstark73/create-qa-architect/blob/main/config/quality-config.schema.json",
+  "$id": "https://github.com/vibebuildlab/qa-architect/blob/main/config/quality-config.schema.json",
   "title": "Quality Automation Configuration",
   "description": "Configuration for create-qa-architect progressive quality checks",
   "type": "object",