create-qa-architect 5.0.6 → 5.0.7

package/.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,32 @@
+name: Dependabot Auto-Merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Enable auto-merge for patch and minor updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/LICENSE

@@ -17,17 +17,17 @@ TERMS OF USE:
    - Standard pre-commit hooks
 
 2. PAID TIERS
-   - Pro: $59/month or $590/year
+   - Pro: $19/month or $190/year
      - Security scanning (Gitleaks + ESLint security)
      - Smart Test Strategy
      - Multi-language support
      - Unlimited repos
-   - Team: $15/user/month (5-seat minimum)
+   - Team: Contact us (coming soon)
      - All Pro features
      - RBAC and team policies
      - Slack alerts
      - Multi-repo dashboard
-   - Enterprise: $249/month + $499 onboarding
+   - Enterprise: Contact us (coming soon)
      - All Team features
      - SSO/SAML integration
      - Custom policies

package/README.md

@@ -2,7 +2,7 @@
 
 Quality automation CLI for JavaScript/TypeScript and Python projects. One command adds ESLint, Prettier, Husky, lint-staged, and GitHub Actions. Pro tiers add security scanning (Gitleaks), Smart Test Strategy, and multi-language support.
 
-**This repo = the free CLI.** For the Pro dashboard with repo analytics, CI integration, and automation workflows, see [QA Architect Pro](https://vibebuildlab.com/tools/qa-architect) (included in VBL Starter Kit).
+**This repo = the free CLI.** For the Pro dashboard with repo analytics, CI integration, and automation workflows, see [QA Architect Pro](https://vibebuildlab.com/qa-architect) (included in VBL Starter Kit).
 
 ---
 
@@ -41,12 +41,12 @@ npx create-qa-architect@latest
 
 ## Pricing
 
-| Tier           | Price                     | What You Get                                                                                       |
-| -------------- | ------------------------- | -------------------------------------------------------------------------------------------------- |
-| **Free**       | $0                        | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
-| **Pro**        | $59/mo or $590/yr         | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
-| **Team**       | $15/user/mo (5-seat min)  | + RBAC, Slack alerts, multi-repo dashboard, team audit log                                         |
-| **Enterprise** | $249/mo + $499 onboarding | + SSO/SAML, custom policies, compliance pack, dedicated TAM                                        |
+| Tier           | Price             | What You Get                                                                                       |
+| -------------- | ----------------- | -------------------------------------------------------------------------------------------------- |
+| **Free**       | $0                | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
+| **Pro**        | $19/mo or $190/yr | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
+| **Team**       | Contact us        | + RBAC, Slack alerts, multi-repo dashboard, team audit log _(coming soon)_                         |
+| **Enterprise** | Contact us        | + SSO/SAML, custom policies, compliance pack, dedicated TAM _(coming soon)_                        |
 
 > **Pro included in [VBL Starter Kit](https://vibebuildlab.com/starter-kit)** — Team/Enterprise are standalone purchases.
 
@@ -188,13 +188,7 @@ npm run validate:pre-push   # Pre-push validation
 
 ## Roadmap
 
-- [x] ESLint 9 flat config support
-- [x] Progressive quality (maturity detection)
-- [x] Python toolchain support
-- [x] Smart test strategy (Pro)
-- [x] Monorepo support (Nx, Turborepo, Lerna, Rush, npm/pnpm/yarn workspaces)
-- [ ] Rust and Go support
-- [ ] VS Code extension
+See [ROADMAP.md](ROADMAP.md) for planned features and strategic direction.
 
 ## Contributing
 

package/docs/ARCHITECTURE.md

@@ -9,18 +9,18 @@ QA Architect is a CLI tool that bootstraps quality automation in JavaScript/Type
 ```
 create-qa-architect/
 ├── setup.js              # Main CLI entry point
-├── lib/
-│   ├── smart-strategy-generator.js    # Smart test strategy (Pro)
-│   ├── dependency-monitoring-*.js     # Dependency monitoring
-│   └── validation/                    # Validation utilities
+├── lib/                  # Core logic (validation, licensing, maturity, telemetry, dependency monitoring)
 ├── templates/            # Project templates
-│   ├── eslint.config.cjs
-│   ├── .prettierrc
-│   ├── .husky/
-│   └── scripts/
-└── config/               # Language-specific configs
-    ├── pyproject.toml
-    └── quality-python.yml
+│   ├── ci/               # GitHub Actions + CircleCI/GitLab samples
+│   ├── scripts/          # Helper scripts (smart test strategy, etc.)
+│   ├── integration-tests/# Starter integration tests
+│   ├── test-stubs/       # Unit/E2E placeholders
+│   ├── python/           # Python quality config
+│   └── QUALITY_TROUBLESHOOTING.md
+├── config/               # Defaults and language-specific configs
+│   ├── pyproject.toml
+│   └── quality-python.yml
+└── docs/                 # Architecture/testing/SLA/security docs
 ```
 
 ## Data Flow
@@ -50,4 +50,8 @@ Risk-based pre-push validation that adapts to change context:
 - `--deps` - Dependency monitoring only
 - `--security-config` - Security validation
 - `--check-maturity` - Project maturity report
-- `--comprehensive` - Full validation suite
+- `--validate` / `--comprehensive` - Full validation suite
+- `--validate-docs` - Documentation validation only
+- `--validate-config` - Validate `.qualityrc.json`
+- `--alerts-slack` / `--pr-comments` - Collaboration hooks
+- `--license-status` - Show current tier/features

package/docs/PREFLIGHT_REPORT.md

@@ -1,14 +1,14 @@
 # Preflight Review: QA Architect (create-qa-architect)
 
 **Depth**: standard
-**Date**: 2025-12-09
-**Version**: 5.0.2
+**Date**: 2025-12-13
+**Version**: 5.0.7
 
 ---
 
-## Overall Status: ✅ PASS
+## Overall Status: ✅ PASS (prerelease suite)
 
-All critical launch blockers pass. Minor issues documented below are acceptable for npm package release.
+Prerelease (`npm run prerelease`) executed for 5.0.7, including docs check, command patterns, full test suite, command tests, and e2e package validation.
 
 ---
 
@@ -22,44 +22,44 @@ All critical launch blockers pass. Minor issues documented below are acceptable
 
 ## Important Issues (P1) - Should Fix
 
-| Issue                    | Category | Location         | Recommendation                                                                                                                 |
-| ------------------------ | -------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------ |
-| Gitleaks false positives | Security | tests/\*.test.js | Test fixtures use fake API key patterns (QAA-XXXX format); not real secrets. Consider adding `.gitleaksignore` for test files. |
-| npm version mismatch     | Release  | package.json     | Local 5.0.2, npm shows 5.0.1. Publish pending or recently published.                                                           |
+| Issue                    | Category | Location         | Recommendation                                                                                               |
+| ------------------------ | -------- | ---------------- | ------------------------------------------------------------------------------------------------------------ |
+| Gitleaks false positives | Security | tests/\*.test.js | Test fixtures use fake API key patterns (QAA-XXXX format); consider a scoped `.gitleaksignore` for fixtures. |
+| Publish verification     | Release  | package.json     | Confirm npm shows 5.0.7 after publishing; update if propagation is pending.                                  |
 
 ---
 
 ## P0 Functional Checks
 
-| Check             | Status | Notes                  |
-| ----------------- | ------ | ---------------------- |
-| All tests passing | ✅     | Full test suite passes |
-| npm audit         | ✅     | 0 vulnerabilities      |
-| ESLint            | ✅     | No errors              |
-| Build/validation  | ✅     | Core validation passes |
+| Check             | Status | Notes                                                              |
+| ----------------- | ------ | ------------------------------------------------------------------ |
+| All tests passing | ✅     | `npm run prerelease` (includes full test suite)                    |
+| npm audit         | ⚠️     | Not run in prerelease; run `npm run security:audit` before publish |
+| ESLint            | ⚠️     | Not run in prerelease; run `npm run lint` if desired               |
+| Build/validation  | ✅     | Covered via prerelease command + e2e package test                  |
 
 ---
 
 ## P0 Security Checks
 
-| Check                     | Status | Notes                                                                |
-| ------------------------- | ------ | -------------------------------------------------------------------- |
-| npm audit (high/critical) | ✅     | 0 vulnerabilities found                                              |
-| Hardcoded secrets scan    | ⚠️     | 4 findings - all in test files with fake keys (QAA-1234-XXXX format) |
-| No production secrets     | ✅     | No `.env` files, no real API keys                                    |
+| Check                     | Status | Notes                                                                                 |
+| ------------------------- | ------ | ------------------------------------------------------------------------------------- |
+| npm audit (high/critical) | ⚠️     | Not run in prerelease; run `npm run security:audit`                                   |
+| Hardcoded secrets scan    | ⚠️     | Re-run gitleaks/`npm run security:secrets`; expect fixture false positives (QAA-XXXX) |
+| No production secrets     | ✅     | No `.env` files, no real API keys committed                                           |
 
 ---
 
 ## Product Packaging
 
-| Item         | Status | Notes                   |
-| ------------ | ------ | ----------------------- |
-| CHANGELOG.md | ✅     | Present                 |
-| LICENSE      | ✅     | Present                 |
-| README.md    | ✅     | Present                 |
-| .env.example | N/A    | Not needed for CLI tool |
-| Version tags | ✅     | v4.3.0 - v5.0.2         |
-| Git status   | ✅     | Clean working tree      |
+| Item         | Status | Notes                          |
+| ------------ | ------ | ------------------------------ |
+| CHANGELOG.md | ✅     | Present                        |
+| LICENSE      | ✅     | Present                        |
+| README.md    | ✅     | Present                        |
+| .env.example | N/A    | Not needed for CLI tool        |
+| Version tags | ⚠️     | Confirm v5.0.7 tag pushed      |
+| Git status   | ⚠️     | Verify clean before publishing |
 
 ---
 
@@ -87,22 +87,14 @@ All critical launch blockers pass. Minor issues documented below are acceptable
 
 ## Next Steps
 
-1. **Optional**: Add `.gitleaksignore` to exclude test files with fake license keys
-2. **Verify**: Confirm npm publish completed for 5.0.2 (may be propagating)
-3. **Ready**: Proceed with launch/release announcement
+1. Run `npm run security:audit` (and optional gitleaks scan) before publish
+2. Confirm npm publish and tag for 5.0.7 are visible on npm/GitHub
+3. Add `.gitleaksignore` scoped to test fixtures if false positives remain
 
 ---
 
 ## Recommendation
 
-**✅ CLEARED FOR LAUNCH**
+**✅ Cleared for launch (5.0.7)**
 
-This is an npm CLI package, not a web application. All critical checks pass:
-
-- Tests passing
-- No security vulnerabilities
-- No real secrets
-- Clean git state
-- Proper versioning and packaging
-
-The gitleaks findings are false positives on intentional test fixtures using fake license key formats.
+Prerelease suite passed for 5.0.7. Run `npm run security:audit`, confirm publish/tag visibility, and handle fixture gitleaks ignores if needed; then proceed with release comms. This remains an npm CLI package (no web surface), so focus stays on docs/CI/security validation.

package/docs/TESTING.md

@@ -2,14 +2,13 @@
 
 ## Overview
 
-QA Architect uses Jest for testing with a focus on integration tests that validate real CLI workflows.
+QA Architect uses plain Node-based test runners (no Jest) with a heavy focus on integration tests that validate real CLI workflows end to end.
 
 ## Running Tests
 
 ```bash
-npm test                 # Run all tests
-npm run test:coverage    # Run with coverage report
-npm run test:watch       # Watch mode for development
+npm test                 # Run all tests (sequential Node scripts)
+npm run test:coverage    # Run with coverage report via c8
 ```
 
 ## Test Structure

package/lib/billing-dashboard.html

@@ -311,9 +311,9 @@
             onclick="selectTier('pro')"
           >
             <div class="tier-name">Pro</div>
-            <div class="tier-price">$59<span class="period">/month</span></div>
+            <div class="tier-price">$19<span class="period">/month</span></div>
             <div style="color: #22c55e; font-size: 0.9rem">
-              or $590/year (save $118)
+              or $190/year (save $38)
             </div>
 
             <ul class="tier-features">
@@ -329,12 +329,8 @@
           <!-- Team Tier -->
           <div class="tier-card" data-tier="team" onclick="selectTier('team')">
             <div class="tier-name">Team</div>
-            <div class="tier-price">
-              $15<span class="period">/user/month</span>
-            </div>
-            <div style="color: #666; font-size: 0.9rem">
-              5-seat minimum ($75/mo)
-            </div>
+            <div class="tier-price">Contact us</div>
+            <div style="color: #666; font-size: 0.9rem">Coming soon</div>
 
             <ul class="tier-features">
               <li>All PRO features included</li>
@@ -353,10 +349,8 @@
             onclick="selectTier('enterprise')"
           >
             <div class="tier-name">Enterprise</div>
-            <div class="tier-price">$249<span class="period">/month</span></div>
-            <div style="color: #666; font-size: 0.9rem">
-              annual + $499 onboarding
-            </div>
+            <div class="tier-price">Contact us</div>
+            <div style="color: #666; font-size: 0.9rem">Coming soon</div>
 
             <ul class="tier-features">
               <li>All TEAM features included</li>

package/lib/licensing.js

@@ -36,11 +36,11 @@ Object.defineProperty(exports, 'LICENSE_FILE', {
  * Standardized to use SCREAMING_SNAKE_CASE for both keys and values
  * for consistency with ErrorCategory and other enums in the codebase.
  *
- * Pricing (effective Jan 15, 2026 - founder pricing retired):
+ * Pricing:
  * - FREE: $0 (Hobby/OSS - capped)
- * - PRO: $59/mo or $590/yr (Solo Devs/Small Teams)
- * - TEAM: $15/user/mo, 5-seat minimum (Organizations)
- * - ENTERPRISE: $249/mo annual + $499 onboarding (Large Orgs)
+ * - PRO: $19/mo or $190/yr (Solo Devs/Small Teams)
+ * - TEAM: Contact us (Organizations) - coming soon
+ * - ENTERPRISE: Contact us (Large Orgs) - coming soon
  */
 const LICENSE_TIERS = {
   FREE: 'FREE',
@@ -384,7 +384,7 @@ function showUpgradeMessage(feature) {
   if (license.tier === LICENSE_TIERS.FREE) {
     console.log('\n🚀 Upgrade to PRO')
     console.log('')
-    console.log('   💰 $59/month  or  $590/year (save $118)')
+    console.log('   💰 $19/month  or  $190/year (save $38)')
     console.log('')
     console.log('   ✅ Unlimited repos, LOC, and runs')
     console.log('   ✅ Smart Test Strategy (70% faster pre-push)')
@@ -396,16 +396,14 @@ function showUpgradeMessage(feature) {
     console.log('')
     console.log('   🎁 Start 14-day free trial - no credit card required')
     console.log('')
-    console.log('🚀 Upgrade: https://vibebuildlab.com/tools/qa-architect')
+    console.log('🚀 Upgrade: https://vibebuildlab.com/qa-architect')
     console.log(
       '🔑 Activate: npx create-qa-architect@latest --activate-license'
     )
   } else if (license.tier === LICENSE_TIERS.PRO) {
     console.log('\n👥 Upgrade to TEAM')
     console.log('')
-    console.log(
-      '   💰 $15/user/month (5-seat min)  or  $150/user/year (save $30/user)'
-    )
+    console.log('   💰 Contact us for Team pricing')
     console.log('')
     console.log('   ✅ All PRO features included')
     console.log('   ✅ Per-seat licensing for your org')
@@ -414,9 +412,9 @@ function showUpgradeMessage(feature) {
     console.log('   ✅ Slack/email alerts for failures')
     console.log('   ✅ Priority support (business hours)')
     console.log('')
-    console.log('👥 Upgrade: https://vibebuildlab.com/tools/qa-architect')
+    console.log('👥 Upgrade: https://vibebuildlab.com/qa-architect')
   } else if (license.tier === LICENSE_TIERS.TEAM) {
-    console.log('\n🏢 Upgrade to ENTERPRISE - $249/month (annual) + onboarding')
+    console.log('\n🏢 Upgrade to ENTERPRISE - Contact us for pricing')
     console.log('')
     console.log('   ✅ All TEAM features included')
     console.log('   ✅ SSO/SAML integration')
@@ -958,7 +956,7 @@ function showLicenseStatus() {
   // Show upgrade path
   if (license.tier === LICENSE_TIERS.FREE) {
     console.log('\n💡 Upgrade to PRO for unlimited access + security scanning')
-    console.log('   → https://vibebuildlab.com/tools/qa-architect')
+    console.log('   → https://vibebuildlab.com/qa-architect')
   }
 }
 

package/lib/validation/config-security.js

@@ -15,6 +15,8 @@ const GITLEAKS_VERSION = '8.28.0'
 const GITLEAKS_CHECKSUMS = {
   'linux-x64':
     '5fd1b3b0073269484d40078662e921d07427340ab9e6ed526ccd215a565b3298',
+  'linux-arm64':
+    '3770c7ebeb625e3e96c183525ca18285a01aedef2d75a2c41ceb3e141af2e8b7',
   'darwin-x64':
     'cf09ad7a85683d90221db8324f036f23c8c29107145e1fc4a0dffbfa9e89c09a',
   'darwin-arm64':
@@ -200,6 +202,7 @@ class ConfigSecurityScanner {
       'darwin-x64': 'darwin_x64',
       'darwin-arm64': 'darwin_arm64',
       'linux-x64': 'linux_x64',
+      'linux-arm64': 'linux_arm64',
       'win32-x64': 'windows_x64',
     }
 
@@ -350,6 +353,7 @@ class ConfigSecurityScanner {
         timeout: 60000, // 60 second timeout for audit operations
         encoding: 'utf8',
       })
+      spinner.succeed('npm audit completed - no high/critical vulnerabilities')
     } catch (error) {
       if (error.signal === 'SIGTERM') {
         // Timeout occurred

package/lib/validation/workflow-validation.js

@@ -2,7 +2,6 @@
 
 const fs = require('fs')
 const path = require('path')
-const { execSync } = require('child_process')
 const { showProgress } = require('../ui-helpers')
 
 /**
@@ -85,32 +84,38 @@ class WorkflowValidator {
     const spinner = showProgress('Running actionlint on workflow files...')
 
     try {
-      // Run actionlint via npx (works with local and global installs, cross-platform)
-      execSync('npx actionlint', { stdio: 'pipe', cwd: process.cwd() })
-      spinner.succeed('actionlint validation passed')
-    } catch (error) {
-      if (error.stdout || error.stderr) {
-        const output = error.stdout
-          ? error.stdout.toString()
-          : error.stderr.toString()
-        const lines = output
-          .trim()
-          .split('\n')
-          .filter(line => line.trim())
-
-        if (lines.length > 0) {
-          spinner.fail(`actionlint found ${lines.length} issue(s)`)
-          lines.forEach(line => {
-            if (line.trim()) {
-              this.issues.push(`actionlint: ${line.trim()}`)
-            }
+      const { createLinter } = require('actionlint')
+      const workflowFiles = fs
+        .readdirSync(workflowDir)
+        .filter(file => file.endsWith('.yml') || file.endsWith('.yaml'))
+
+      const linter = await createLinter()
+      let issueCount = 0
+
+      for (const file of workflowFiles) {
+        const filePath = path.join(workflowDir, file)
+        const content = fs.readFileSync(filePath, 'utf8')
+        const results = linter(content, filePath) || []
+
+        if (Array.isArray(results) && results.length > 0) {
+          issueCount += results.length
+          results.forEach(result => {
+            this.issues.push(
+              `actionlint: ${result.file}:${result.line}:${result.column} ${result.kind} - ${result.message}`
+            )
           })
-        } else {
-          spinner.succeed('actionlint validation passed')
         }
+      }
+
+      if (issueCount > 0) {
+        spinner.fail(`actionlint found ${issueCount} issue(s)`)
       } else {
         spinner.succeed('actionlint validation passed')
       }
+    } catch (error) {
+      spinner.fail('actionlint failed to run')
+      const reason = error?.message || 'Unknown error'
+      this.issues.push(`actionlint: Failed to run - ${reason}`)
     }
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-qa-architect",
-  "version": "5.0.6",
+  "version": "5.0.7",
   "description": "QA Architect - Bootstrap quality automation for JavaScript/TypeScript and Python projects with GitHub Actions, pre-commit hooks, linting, formatting, and smart test strategy",
   "main": "setup.js",
   "bin": {
@@ -91,7 +91,7 @@
   "bugs": {
     "url": "https://github.com/vibebuildlab/qa-architect/issues"
   },
-  "homepage": "https://vibebuildlab.com/tools/qa-architect",
+  "homepage": "https://vibebuildlab.com/qa-architect",
   "engines": {
     "node": ">=20"
   },
@@ -110,13 +110,13 @@
     "actionlint": "^2.0.6",
     "typescript": "^5",
     "c8": "^10.1.2",
-    "eslint": "^9.12.0",
+    "eslint": "^9.39.2",
     "eslint-plugin-security": "^3.0.1",
     "globals": "^15.9.0",
     "husky": "^9.1.4",
     "lint-staged": "^15.2.10",
-    "prettier": "^3.3.3",
-    "stylelint": "^16.8.0",
+    "prettier": "^3.7.4",
+    "stylelint": "^16.26.1",
     "stylelint-config-standard": "^37.0.0"
   },
   "volta": {
@@ -159,11 +159,11 @@
     ]
   },
   "dependencies": {
-    "@npmcli/package-json": "^7.0.1",
+    "@npmcli/package-json": "^7.0.4",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "js-yaml": "^4.1.0",
-    "markdownlint-cli2": "^0.19.0",
+    "markdownlint-cli2": "^0.20.0",
     "ora": "^8.1.1",
     "tar": "^7.4.3"
   }

package/setup.js

@@ -355,6 +355,7 @@ function parseArguments(rawArgs) {
   const disableActionlint = sanitizedArgs.includes('--no-actionlint')
   const disableMarkdownlint = sanitizedArgs.includes('--no-markdownlint')
   const disableEslintSecurity = sanitizedArgs.includes('--no-eslint-security')
+  const allowLatestGitleaks = sanitizedArgs.includes('--allow-latest-gitleaks')
 
   return {
     sanitizedArgs,
@@ -381,6 +382,7 @@ function parseArguments(rawArgs) {
     disableActionlint,
     disableMarkdownlint,
     disableEslintSecurity,
+    allowLatestGitleaks,
   }
 }
 
@@ -418,6 +420,7 @@ function parseArguments(rawArgs) {
     disableActionlint,
     disableMarkdownlint,
     disableEslintSecurity,
+    allowLatestGitleaks,
   } = parsedConfig
 
   // Initialize telemetry session (opt-in only, fails silently)
@@ -490,6 +493,7 @@ function parseArguments(rawArgs) {
       disableActionlint,
       disableMarkdownlint,
       disableEslintSecurity,
+      allowLatestGitleaks,
     } = parsedConfig)
 
     console.log('📋 Configuration after interactive selections applied\n')
@@ -652,6 +656,7 @@ HELP:
       disableActionlint,
       disableMarkdownlint,
       disableEslintSecurity,
+      allowLatestGitleaks,
     }
     const validator = new ValidationRunner(validationOptions)
 
@@ -741,7 +746,7 @@ HELP:
       if (!capCheck.allowed) {
         console.error(`❌ ${capCheck.reason}`)
         console.error(
-          '   Upgrade to Pro, Team, or Enterprise for unlimited runs: https://vibebuildlab.com/tools/qa-architect'
+          '   Upgrade to Pro, Team, or Enterprise for unlimited runs: https://vibebuildlab.com/qa-architect'
         )
         process.exit(1)
       }
@@ -1027,7 +1032,7 @@ HELP:
           if (!repoCheck.allowed) {
             console.error(`\n❌ ${repoCheck.reason}`)
             console.error(
-              '   Upgrade to Pro for unlimited repos: https://vibebuildlab.com/tools/qa-architect'
+              '   Upgrade to Pro for unlimited repos: https://vibebuildlab.com/qa-architect'
             )
             process.exit(1)
           }
@@ -1714,7 +1719,7 @@ try {
 const CAP = 50
 if (usage.prePushRuns >= CAP) {
 console.error('❌ Free tier limit reached: ' + usage.prePushRuns + '/' + CAP + ' pre-push runs this month')
-  console.error('   Upgrade to Pro, Team, or Enterprise: https://vibebuildlab.com/tools/qa-architect')
+  console.error('   Upgrade to Pro, Team, or Enterprise: https://vibebuildlab.com/qa-architect')
   process.exit(1)
 }
 

package/templates/QUALITY_TROUBLESHOOTING.md

@@ -11,7 +11,7 @@
 
 ```bash
 # Check if tests are TypeScript validated
-npm run type-check:tests
+npm run type-check:tests || npx tsc --noEmit --project tests/tsconfig.json
 
 # If command doesn't exist, add to package.json:
 {
@@ -29,13 +29,13 @@ npm run type-check:tests
   "compilerOptions": {
     "rootDir": "..",
     "noEmit": true,
-    "types": ["vitest/globals", "node"]
+    "types": ["node"] // add your test runner types (jest/vitest) if used
   },
   "include": ["../src/**/*", "../tests/**/*"]
 }
 ```
 
-**Prevention**: Run `npm run quality:check` before commits
+**Prevention**: Run `npm run lint && npm test` (or `npm run validate:pre-push` if available) before commits
 
 ### Pre-commit Hooks Too Narrow
 
@@ -47,7 +47,8 @@ npm run type-check:tests
 cat .husky/pre-commit
 
 # Should run comprehensive checks:
-npx lint-staged && npm run type-check:all && npm test
+npx lint-staged && npm run lint && npm test
+# If your project has TypeScript, add: npm run type-check || npm run type-check:all
 ```
 
 **Fix**: Enhance `.husky/pre-commit`:
@@ -55,8 +56,9 @@ npx lint-staged && npm run type-check:all && npm test
 ```bash
 #!/usr/bin/env sh
 npx lint-staged
-npm run type-check:all
-npm run test:fast
+npm run lint
+npm test
+# Optional: npm run type-check || npm run type-check:all
 ```
 
 ## 🔍 Diagnostic Commands
@@ -64,15 +66,15 @@ npm run test:fast
 ### Quick Health Check
 
 ```bash
-# Run all quality gates (should complete without errors)
-npm run quality:check
-
-# If this fails, debug individual components:
-npm run type-check:all      # TypeScript issues
-npm run lint               # ESLint issues
-npm run format:check       # Prettier issues
+# Run core quality gates (should complete without errors)
+npm run lint               # ESLint/Stylelint
+npm run format:check       # Prettier
 npm test                   # Test failures
 npm run security:audit     # Security vulnerabilities
+
+# If you use TypeScript:
+npm run type-check || npx tsc --noEmit
+npm run type-check:all  # when defined to cover src + tests
 ```
 
 ### TypeScript Troubleshooting
@@ -89,7 +91,7 @@ npx tsc --noEmit path/to/file.ts
 
 # Common issues:
 # 1. Missing type definitions: npm install --save-dev @types/package-name
-# 2. Test globals: Add "vitest/globals" to types in tsconfig
+# 2. Test globals: Add your test runner types (e.g., jest or vitest) to tsconfig
 # 3. Node types: Add "node" to types array
 ```
 
@@ -99,10 +101,12 @@ npx tsc --noEmit path/to/file.ts
 # Run tests with verbose output
 npm test -- --reporter=verbose
 
-# Run specific test file
-npx vitest path/to/test.test.js
+# Run specific test file (Node-based runner)
+node path/to/test.test.js
 
-# Debug integration tests
+# Debug integration tests (when scripts exist)
+DEBUG=* npm test
+# or
 DEBUG=* npm run test:integration
 
 # Common issues:
@@ -135,10 +139,10 @@ npx eslint . --ext .js,.ts --config eslint-security.config.js
 
 ```bash
 # Database connection tests
-npm run test:integration
+npm run test:integration  # if defined; otherwise run npm test
 
 # API endpoint tests
-npm run test:e2e
+npm run test:e2e          # if defined
 
 # Common issues:
 # 1. Database not running: docker-compose up db
@@ -150,13 +154,13 @@ npm run test:e2e
 
 ```bash
 # Component integration tests
-npm run test:component
+npm run test:component    # if defined
 
 # Browser E2E tests
-npm run test:e2e
+npm run test:e2e          # if defined
 
 # Accessibility checks
-npm run accessibility:check
+npm run accessibility:check  # if defined
 
 # Common issues:
 # 1. Build process: npm run build && npm run test:e2e
@@ -187,7 +191,7 @@ npm run type-check && tsc --noEmit --skipLibCheck
 # Profile test performance
 npm test -- --reporter=verbose --logHeapUsage
 
-# Run only fast tests for development
+# Run only fast tests for development (if defined)
 npm run test:fast
 
 # Optimize strategies:
@@ -316,14 +320,9 @@ npm audit --package=package-name
 # Generate coverage report
 npm run test:coverage
 
-# Check coverage thresholds
-npx vitest run --coverage --reporter=verbose
-
 # Common targets:
-# - Lines: >80%
-# - Functions: >80%
-# - Branches: >70%
-# - Statements: >80%
+# - Lines/Statements/Functions/Branches: >=75% overall
+# - Critical files (e.g., setup.js): >=80%
 ```
 
 ### Code Quality Metrics
@@ -382,7 +381,6 @@ npm run type-check:all  # Should pass
 
 - [ESLint Troubleshooting](https://eslint.org/docs/user-guide/troubleshooting)
 - [TypeScript Handbook](https://www.typescriptlang.org/docs/)
-- [Vitest Documentation](https://vitest.dev/guide/)
 - [Playwright Debugging](https://playwright.dev/docs/debug)
 
 ### Debug Environment Setup
@@ -392,10 +390,11 @@ npm run type-check:all  # Should pass
 export DEBUG=quality-automation:*
 
 # Run with verbose output
-npm run quality:check -- --verbose
+npm run lint -- --max-warnings=0
+npm test -- --reporter=verbose
 
 # Generate debug report
-npm run validate:comprehensive > debug-report.txt 2>&1
+npm run validate:pre-push > debug-report.txt 2>&1
 ```
 
 ---

package/templates/scripts/smart-test-strategy.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # Smart Test Strategy - {{PROJECT_NAME}}
 # Generated by create-qa-architect (Pro/Team/Enterprise feature)
-# https://vibebuildlab.com/tools/qa-architect
+# https://vibebuildlab.com/qa-architect
 set -e
 
 echo "🧠 Analyzing changes for optimal test strategy..."