create-qa-architect 5.0.1 → 5.0.7

package/create-saas-monetization.js

@@ -39,7 +39,7 @@ const FOUNDER_ENTERPRISE_PRICE = '74.50'
 
 class SaaSMonetizationBootstrap {
   constructor() {
-    this.projectRoot = process.cwd()
+    this.projectRoot = path.resolve(process.cwd())
     this.config = {}
     this.templates = {
       stripe: this.getStripeTemplate(),
@@ -50,6 +50,56 @@ class SaaSMonetizationBootstrap {
     }
   }
 
+  resolveProjectPath(relativePath) {
+    const normalizedRoot = this.projectRoot.endsWith(path.sep)
+      ? this.projectRoot
+      : `${this.projectRoot}${path.sep}`
+    const resolvedPath = path.resolve(this.projectRoot, relativePath)
+
+    if (
+      resolvedPath !== this.projectRoot &&
+      !resolvedPath.startsWith(normalizedRoot)
+    ) {
+      throw new Error(
+        `Refusing to access path outside project root: ${relativePath}`
+      )
+    }
+
+    return resolvedPath
+  }
+
+  ensureDir(relativePath) {
+    const target = this.resolveProjectPath(relativePath)
+    // Path is constrained to the project root before touching the filesystem
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
+    if (!fs.existsSync(target)) {
+      // eslint-disable-next-line security/detect-non-literal-fs-filename
+      fs.mkdirSync(target, { recursive: true })
+    }
+    return target
+  }
+
+  writeProjectFile(relativePath, content) {
+    const target = this.resolveProjectPath(relativePath)
+    // Path is constrained to the project root before touching the filesystem
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
+    fs.writeFileSync(target, content)
+  }
+
+  readProjectFile(relativePath) {
+    const target = this.resolveProjectPath(relativePath)
+    // Path is constrained to the project root before touching the filesystem
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
+    return fs.readFileSync(target, 'utf8')
+  }
+
+  projectFileExists(relativePath) {
+    const target = this.resolveProjectPath(relativePath)
+    // Path is constrained to the project root before touching the filesystem
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
+    return fs.existsSync(target)
+  }
+
   async run() {
     console.log('🚀 Create SaaS Monetization')
     console.log('═══════════════════════════════════')
@@ -159,10 +209,7 @@ class SaaSMonetizationBootstrap {
     const dirs = ['lib/monetization', 'legal', 'marketing', 'billing']
 
     dirs.forEach(dir => {
-      const fullPath = path.join(this.projectRoot, dir)
-      if (!fs.existsSync(fullPath)) {
-        fs.mkdirSync(fullPath, { recursive: true })
-      }
+      this.ensureDir(dir)
     })
   }
 
@@ -172,8 +219,8 @@ class SaaSMonetizationBootstrap {
       .replace(/{{PRO_PRICE}}/g, this.config.proPrice)
       .replace(/{{ENTERPRISE_PRICE}}/g, this.config.enterprisePrice)
 
-    fs.writeFileSync(
-      path.join(this.projectRoot, 'lib/monetization/stripe-integration.js'),
+    this.writeProjectFile(
+      path.join('lib/monetization', 'stripe-integration.js'),
       stripeCode
     )
   }
@@ -188,8 +235,8 @@ class SaaSMonetizationBootstrap {
       .replace(/{{FOUNDER_PRO_PRICE}}/g, this.config.founderProPrice)
       .replace(/{{DOMAIN}}/g, this.config.domain)
 
-    fs.writeFileSync(
-      path.join(this.projectRoot, 'lib/monetization/licensing.js'),
+    this.writeProjectFile(
+      path.join('lib/monetization', 'licensing.js'),
       licensingCode
     )
   }
@@ -204,7 +251,7 @@ class SaaSMonetizationBootstrap {
         .replace(/{{DESCRIPTION}}/g, this.config.description)
         .replace(/{{DATE}}/g, new Date().toISOString().split('T')[0])
 
-      fs.writeFileSync(path.join(this.projectRoot, 'legal', filename), content)
+      this.writeProjectFile(path.join('legal', filename), content)
     }
   }
 
@@ -233,10 +280,7 @@ class SaaSMonetizationBootstrap {
         )
         .replace(/{{SUPPORT_EMAIL}}/g, this.config.supportEmail)
 
-      fs.writeFileSync(
-        path.join(this.projectRoot, 'marketing', filename),
-        content
-      )
+      this.writeProjectFile(path.join('marketing', filename), content)
     }
   }
 
@@ -252,17 +296,14 @@ class SaaSMonetizationBootstrap {
       )
       .replace(/{{PREMIUM_FEATURES}}/g, this.config.premiumFeatures)
 
-    fs.writeFileSync(
-      path.join(this.projectRoot, 'billing/dashboard.html'),
-      billingCode
-    )
+    this.writeProjectFile(path.join('billing', 'dashboard.html'), billingCode)
   }
 
   async updatePackageJson() {
-    const packagePath = path.join(this.projectRoot, 'package.json')
+    const packagePath = 'package.json'
 
-    if (fs.existsSync(packagePath)) {
-      const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'))
+    if (this.projectFileExists(packagePath)) {
+      const pkg = JSON.parse(this.readProjectFile(packagePath))
 
       // Add monetization scripts
       pkg.scripts = pkg.scripts || {}
@@ -276,7 +317,7 @@ class SaaSMonetizationBootstrap {
       pkg.dependencies.stripe = '^14.15.0'
       pkg.dependencies.crypto = '^1.0.1'
 
-      fs.writeFileSync(packagePath, JSON.stringify(pkg, null, 2))
+      this.writeProjectFile(packagePath, JSON.stringify(pkg, null, 2))
     }
   }
 
@@ -307,7 +348,7 @@ COMPANY_NAME=${this.config.companyName}
 # STRIPE_PUBLISHABLE_KEY=pk_live_your_live_key_here
 `
 
-    fs.writeFileSync(path.join(this.projectRoot, '.env.template'), envTemplate)
+    this.writeProjectFile('.env.template', envTemplate)
   }
 
   async generateDeploymentGuide() {
@@ -483,10 +524,7 @@ For implementation questions:
 **Revenue Potential**: $1,500-5,000/month recurring
 `
 
-    fs.writeFileSync(
-      path.join(this.projectRoot, 'MONETIZATION_GUIDE.md'),
-      guide
-    )
+    this.writeProjectFile('MONETIZATION_GUIDE.md', guide)
   }
 
   // Template methods (condensed versions of our implementations)

package/docs/ARCHITECTURE.md

@@ -9,18 +9,18 @@ QA Architect is a CLI tool that bootstraps quality automation in JavaScript/Type
 ```
 create-qa-architect/
 ├── setup.js              # Main CLI entry point
-├── lib/
-│   ├── smart-strategy-generator.js    # Smart test strategy (Pro)
-│   ├── dependency-monitoring-*.js     # Dependency monitoring
-│   └── validation/                    # Validation utilities
+├── lib/                  # Core logic (validation, licensing, maturity, telemetry, dependency monitoring)
 ├── templates/            # Project templates
-│   ├── eslint.config.cjs
-│   ├── .prettierrc
-│   ├── .husky/
-│   └── scripts/
-└── config/               # Language-specific configs
-    ├── pyproject.toml
-    └── quality-python.yml
+│   ├── ci/               # GitHub Actions + CircleCI/GitLab samples
+│   ├── scripts/          # Helper scripts (smart test strategy, etc.)
+│   ├── integration-tests/# Starter integration tests
+│   ├── test-stubs/       # Unit/E2E placeholders
+│   ├── python/           # Python quality config
+│   └── QUALITY_TROUBLESHOOTING.md
+├── config/               # Defaults and language-specific configs
+│   ├── pyproject.toml
+│   └── quality-python.yml
+└── docs/                 # Architecture/testing/SLA/security docs
 ```
 
 ## Data Flow
@@ -50,5 +50,8 @@ Risk-based pre-push validation that adapts to change context:
 - `--deps` - Dependency monitoring only
 - `--security-config` - Security validation
 - `--check-maturity` - Project maturity report
-- `--comprehensive` - Full validation suite
-
+- `--validate` / `--comprehensive` - Full validation suite
+- `--validate-docs` - Documentation validation only
+- `--validate-config` - Validate `.qualityrc.json`
+- `--alerts-slack` / `--pr-comments` - Collaboration hooks
+- `--license-status` - Show current tier/features

package/docs/DEPLOYMENT.md

@@ -59,5 +59,4 @@ npm deprecate create-qa-architect@VERSION "Critical bug, use VERSION instead"
 ## npm Registry
 
 - Package: https://www.npmjs.com/package/create-qa-architect
-- Documentation: https://github.com/vibebuildlab/create-qa-architect
-
+- Documentation: https://github.com/vibebuildlab/qa-architect

package/docs/PREFLIGHT_REPORT.md

@@ -0,0 +1,100 @@
+# Preflight Review: QA Architect (create-qa-architect)
+
+**Depth**: standard
+**Date**: 2025-12-13
+**Version**: 5.0.7
+
+---
+
+## Overall Status: ✅ PASS (prerelease suite)
+
+Prerelease (`npm run prerelease`) executed for 5.0.7, including docs check, command patterns, full test suite, command tests, and e2e package validation.
+
+---
+
+## Critical Issues (P0) - Must Fix
+
+| Issue | Category | Location | Fix |
+| ----- | -------- | -------- | --- |
+| None  | -        | -        | -   |
+
+---
+
+## Important Issues (P1) - Should Fix
+
+| Issue                    | Category | Location         | Recommendation                                                                                               |
+| ------------------------ | -------- | ---------------- | ------------------------------------------------------------------------------------------------------------ |
+| Gitleaks false positives | Security | tests/\*.test.js | Test fixtures use fake API key patterns (QAA-XXXX format); consider a scoped `.gitleaksignore` for fixtures. |
+| Publish verification     | Release  | package.json     | Confirm npm shows 5.0.7 after publishing; update if propagation is pending.                                  |
+
+---
+
+## P0 Functional Checks
+
+| Check             | Status | Notes                                                              |
+| ----------------- | ------ | ------------------------------------------------------------------ |
+| All tests passing | ✅     | `npm run prerelease` (includes full test suite)                    |
+| npm audit         | ⚠️     | Not run in prerelease; run `npm run security:audit` before publish |
+| ESLint            | ⚠️     | Not run in prerelease; run `npm run lint` if desired               |
+| Build/validation  | ✅     | Covered via prerelease command + e2e package test                  |
+
+---
+
+## P0 Security Checks
+
+| Check                     | Status | Notes                                                                                 |
+| ------------------------- | ------ | ------------------------------------------------------------------------------------- |
+| npm audit (high/critical) | ⚠️     | Not run in prerelease; run `npm run security:audit`                                   |
+| Hardcoded secrets scan    | ⚠️     | Re-run gitleaks/`npm run security:secrets`; expect fixture false positives (QAA-XXXX) |
+| No production secrets     | ✅     | No `.env` files, no real API keys committed                                           |
+
+---
+
+## Product Packaging
+
+| Item         | Status | Notes                          |
+| ------------ | ------ | ------------------------------ |
+| CHANGELOG.md | ✅     | Present                        |
+| LICENSE      | ✅     | Present                        |
+| README.md    | ✅     | Present                        |
+| .env.example | N/A    | Not needed for CLI tool        |
+| Version tags | ⚠️     | Confirm v5.0.7 tag pushed      |
+| Git status   | ⚠️     | Verify clean before publishing |
+
+---
+
+## Quality Violations
+
+| Type                    | Count | Assessment                                                   |
+| ----------------------- | ----- | ------------------------------------------------------------ |
+| eslint-disable comments | 24    | All have security justification comments explaining why safe |
+| any types               | 0     | JavaScript project, N/A                                      |
+
+**Note**: The `eslint-disable` comments are all for security-related ESLint rules (detect-unsafe-regex, detect-non-literal-fs-filename, detect-object-injection) and each includes a detailed safety justification explaining why the pattern is safe in context.
+
+---
+
+## Silent Killer Check (N/A for npm package)
+
+| Integration     | Status | Notes                 |
+| --------------- | ------ | --------------------- |
+| Stripe webhooks | N/A    | CLI tool, no webhooks |
+| OAuth redirects | N/A    | CLI tool              |
+| API keys        | N/A    | CLI tool              |
+| CORS config     | N/A    | CLI tool              |
+
+---
+
+## Next Steps
+
+1. Run `npm run security:audit` (and optional gitleaks scan) before publish
+2. Confirm npm publish and tag for 5.0.7 are visible on npm/GitHub
+3. Add `.gitleaksignore` scoped to test fixtures if false positives remain
+
+---
+
+## Recommendation
+
+**✅ Cleared for launch (5.0.7)**
+
+Prerelease suite passed for 5.0.7. Run `npm run security:audit`, confirm publish/tag visibility, and handle fixture gitleaks ignores if needed; then proceed with release comms. This remains an npm CLI package (no web surface), so focus stays on docs/CI/security validation.

package/docs/TESTING.md

@@ -2,14 +2,13 @@
 
 ## Overview
 
-QA Architect uses Jest for testing with a focus on integration tests that validate real CLI workflows.
+QA Architect uses plain Node-based test runners (no Jest) with a heavy focus on integration tests that validate real CLI workflows end to end.
 
 ## Running Tests
 
 ```bash
-npm test                 # Run all tests
-npm run test:coverage    # Run with coverage report
-npm run test:watch       # Watch mode for development
+npm test                 # Run all tests (sequential Node scripts)
+npm run test:coverage    # Run with coverage report via c8
 ```
 
 ## Test Structure
@@ -48,7 +47,7 @@ Use real packages from the ecosystem, not toy examples:
 const TOP_PYTHON_PACKAGES = [
   'django-cors-headers',
   'scikit-learn',
-  'pytest-cov'
+  'pytest-cov',
 ]
 ```
 
@@ -59,4 +58,3 @@ Always run before release:
 ```bash
 npm run prerelease  # Runs docs:check + all tests
 ```
-

package/lib/billing-dashboard.html

@@ -311,9 +311,9 @@
             onclick="selectTier('pro')"
           >
             <div class="tier-name">Pro</div>
-            <div class="tier-price">$59<span class="period">/month</span></div>
+            <div class="tier-price">$19<span class="period">/month</span></div>
             <div style="color: #22c55e; font-size: 0.9rem">
-              or $590/year (save $118)
+              or $190/year (save $38)
             </div>
 
             <ul class="tier-features">
@@ -329,12 +329,8 @@
           <!-- Team Tier -->
           <div class="tier-card" data-tier="team" onclick="selectTier('team')">
             <div class="tier-name">Team</div>
-            <div class="tier-price">
-              $15<span class="period">/user/month</span>
-            </div>
-            <div style="color: #666; font-size: 0.9rem">
-              5-seat minimum ($75/mo)
-            </div>
+            <div class="tier-price">Contact us</div>
+            <div style="color: #666; font-size: 0.9rem">Coming soon</div>
 
             <ul class="tier-features">
               <li>All PRO features included</li>
@@ -353,10 +349,8 @@
             onclick="selectTier('enterprise')"
           >
             <div class="tier-name">Enterprise</div>
-            <div class="tier-price">$249<span class="period">/month</span></div>
-            <div style="color: #666; font-size: 0.9rem">
-              annual + $499 onboarding
-            </div>
+            <div class="tier-price">Contact us</div>
+            <div style="color: #666; font-size: 0.9rem">Coming soon</div>
 
             <ul class="tier-features">
               <li>All TEAM features included</li>

package/lib/config-validator.js

@@ -1,10 +1,16 @@
 'use strict'
 
-const Ajv = require('ajv')
-const addFormats = require('ajv-formats')
+const AjvImport = require('ajv')
+const addFormatsImport = require('ajv-formats')
 const fs = require('fs')
 const path = require('path')
 
+// Handle CJS/ESM interop for Ajv and ajv-formats in JS type-checking
+const Ajv = /** @type {any} */ (AjvImport.default || AjvImport)
+const addFormats = /** @type {(ajv: any) => void} */ (
+  addFormatsImport.default || addFormatsImport
+)
+
 function validateQualityConfig(configPath) {
   const result = {
     valid: false,

package/lib/dependency-monitoring-premium.js

@@ -289,7 +289,7 @@ function matchesPattern(depName, pattern) {
     if (!regex) {
       // Cache miss - compile and store
       const regexPattern = pattern.replace(/\*/g, '.*')
-      // eslint-disable-next-line security/detect-non-literal-regexp
+      // eslint-disable-next-line security/detect-non-literal-regexp -- Safe: pattern from internal config, only allows * wildcards replaced with .*, anchored with ^$
       regex = new RegExp(`^${regexPattern}$`)
 
       // Implement size-limited cache with FIFO eviction
@@ -348,7 +348,7 @@ function generateReactGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for Vue ecosystem
  *
- * @param {Object} frameworkInfo - Vue detection results
+ * @param {Object} _frameworkInfo - Vue detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateVueGroups(_frameworkInfo) {
@@ -376,7 +376,7 @@ function generateVueGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for Angular ecosystem
  *
- * @param {Object} frameworkInfo - Angular detection results
+ * @param {Object} _frameworkInfo - Angular detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateAngularGroups(_frameworkInfo) {
@@ -404,7 +404,7 @@ function generateAngularGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for testing frameworks
  *
- * @param {Object} frameworkInfo - Testing framework detection results
+ * @param {Object} _frameworkInfo - Testing framework detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateTestingGroups(_frameworkInfo) {
@@ -428,7 +428,7 @@ function generateTestingGroups(_frameworkInfo) {
 /**
  * Generate dependency groups for build tools
  *
- * @param {Object} frameworkInfo - Build tool detection results
+ * @param {Object} _frameworkInfo - Build tool detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateBuildToolGroups(_frameworkInfo) {
@@ -446,7 +446,7 @@ function generateBuildToolGroups(_frameworkInfo) {
 /**
  * Generate Storybook dependency groups
  *
- * @param {Object} frameworkInfo - Storybook detection results
+ * @param {Object} _frameworkInfo - Storybook detection results
  * @returns {Object} Dependabot groups configuration
  */
 function generateStorybookGroups(_frameworkInfo) {
@@ -490,7 +490,7 @@ function hasPythonProject(projectPath) {
  * attacks with maliciously large requirements files.
  *
  * @param {string} requirementsPath - Path to requirements.txt file
- * @returns {Object<string, string>} Map of package names to version specifiers
+ * @returns {Record<string, string>} Map of package names to version specifiers
  * @throws {Error} If file exceeds MAX_REQUIREMENTS_FILE_SIZE
  *
  * @example
@@ -512,6 +512,7 @@ function parsePipRequirements(requirementsPath) {
   }
 
   const content = fs.readFileSync(requirementsPath, 'utf8')
+  /** @type {Record<string, string>} */
   const dependencies = {}
 
   content.split('\n').forEach(line => {
@@ -529,7 +530,7 @@ function parsePipRequirements(requirementsPath) {
     // Support dotted names (zope.interface), hyphens (pytest-cov), underscores (google_cloud)
     // Also handle extras like fastapi[all] by capturing everything before the bracket
     // Fixed: Replaced (.*) with ([^\s]*) to prevent catastrophic backtracking
-    // eslint-disable-next-line security/detect-unsafe-regex
+    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded character classes [\w.-], [\w,\s-], [^\s], anchored ^$, no nested quantifiers
     const match = line.match(/^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/)
     if (match) {
       const [, name, _extras, operator, version] = match
@@ -552,12 +553,13 @@ function parsePipRequirements(requirementsPath) {
  */
 function parsePyprojectToml(pyprojectPath) {
   const content = fs.readFileSync(pyprojectPath, 'utf8')
+  /** @type {Record<string, string>} */
   const dependencies = {}
 
   // Parse PEP 621 list-style dependencies: dependencies = ["package>=1.0.0", ...]
   // Match main dependencies array: dependencies = [...]
   // Allow optional whitespace/comments after ] to handle: ]  # end of deps
-  // eslint-disable-next-line security/detect-unsafe-regex
+  // eslint-disable-next-line security/detect-unsafe-regex -- Safe: lazy quantifier *? prevents backtracking, anchored ^$, bounded alternation
   const mainDepPattern = /^dependencies\s*=\s*\[([\s\S]*?)\]\s*(?:#.*)?$/m
   const mainMatch = mainDepPattern.exec(content)
 
@@ -574,7 +576,7 @@ function parsePyprojectToml(pyprojectPath) {
       // Support dotted names, hyphens, underscores, and extras
       // Fixed: Replaced ($|.*) with ([^\s]*) to prevent catastrophic backtracking
       const match = depString.match(
-        /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex
+        /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex -- Safe: bounded character classes, anchored ^$, no nested quantifiers
       )
       if (match) {
         const [, name, _extras, operator, version] = match
@@ -606,7 +608,7 @@ function parsePyprojectToml(pyprojectPath) {
         const depString = pkgMatch[1].trim()
 
         const match = depString.match(
-          /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?($|.*)$/ // eslint-disable-line security/detect-unsafe-regex
+          /^([\w.-]+)(\[[\w,\s-]+\])?([><=!~]+)?([^\s]*)$/ // eslint-disable-line security/detect-unsafe-regex -- Safe: bounded character classes, anchored ^$, no nested quantifiers
         )
         if (match) {
           const [, name, _extras, operator, version] = match
@@ -829,7 +831,7 @@ function parseCargoToml(cargoPath) {
     if (!trimmed || trimmed.startsWith('#')) continue
 
     // Match simple pattern: name = "version"
-    // eslint-disable-next-line security/detect-unsafe-regex
+    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded groups \w+, [^"']+, anchored ^, no nested quantifiers
     const simpleMatch = trimmed.match(/^(\w+(?:-\w+)*)\s*=\s*["']([^"']+)["']/)
     if (simpleMatch) {
       const [, name, version] = simpleMatch
@@ -840,7 +842,7 @@ function parseCargoToml(cargoPath) {
 
     // Match complex pattern: name = { version = "...", ... }
     const complexMatch = trimmed.match(
-      // eslint-disable-next-line security/detect-unsafe-regex
+      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded negated class [^}]*, anchored ^, no nested quantifiers
       /^(\w+(?:-\w+)*)\s*=\s*\{[^}]*version\s*=\s*["']([^"']+)["']/
     )
     if (complexMatch) {
@@ -970,7 +972,7 @@ function parseGemfile(gemfilePath) {
 
     // Match: gem 'rails', '~> 7.0' or gem 'rails'
     const gemMatch = trimmed.match(
-      // eslint-disable-next-line security/detect-unsafe-regex
+      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded negated class [^'"]+, no nested quantifiers, processed line-by-line
       /gem\s+['"]([^'"]+)['"]\s*(?:,\s*['"]([^'"]+)['"])?/
     )
     if (gemMatch) {
@@ -1270,11 +1272,11 @@ function generateBundlerGroups(bundlerFrameworks) {
 /**
  * Generate premium Dependabot configuration with multi-language framework-aware grouping
  *
- * @param {Object} options - Configuration options
- * @param {string} options.projectPath - Path to project directory
- * @param {string} options.schedule - Update schedule (daily, weekly, monthly)
- * @param {string} options.day - Day of week for updates
- * @param {string} options.time - Time for updates
+ * @param {Object} [options] - Configuration options
+ * @param {string} [options.projectPath='.'] - Path to project directory
+ * @param {string} [options.schedule='weekly'] - Update schedule (daily, weekly, monthly)
+ * @param {string} [options.day='monday'] - Day of week for updates
+ * @param {string} [options.time='09:00'] - Time for updates
  * @returns {Object|null} Dependabot configuration object or null if not licensed
  */
 function generatePremiumDependabotConfig(options = {}) {