create-qa-architect 5.0.6 ā†’ 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/.github/workflows/auto-release.yml +49 -0
  2. package/.github/workflows/dependabot-auto-merge.yml +32 -0
  3. package/LICENSE +3 -3
  4. package/README.md +54 -15
  5. package/docs/ADOPTION-SUMMARY.md +41 -0
  6. package/docs/ARCHITECTURE-REVIEW.md +67 -0
  7. package/docs/ARCHITECTURE.md +29 -41
  8. package/docs/CODE-REVIEW.md +100 -0
  9. package/docs/PREFLIGHT_REPORT.md +32 -40
  10. package/docs/REQUIREMENTS.md +148 -0
  11. package/docs/SECURITY-AUDIT.md +68 -0
  12. package/docs/TESTING.md +3 -4
  13. package/docs/test-trace-matrix.md +28 -0
  14. package/lib/billing-dashboard.html +6 -12
  15. package/lib/commands/deps.js +245 -0
  16. package/lib/commands/index.js +25 -0
  17. package/lib/commands/validate.js +85 -0
  18. package/lib/error-reporter.js +13 -1
  19. package/lib/github-api.js +108 -13
  20. package/lib/license-signing.js +110 -0
  21. package/lib/license-validator.js +359 -71
  22. package/lib/licensing.js +343 -111
  23. package/lib/prelaunch-validator.js +828 -0
  24. package/lib/quality-tools-generator.js +495 -0
  25. package/lib/result-types.js +112 -0
  26. package/lib/security-enhancements.js +1 -1
  27. package/lib/smart-strategy-generator.js +28 -9
  28. package/lib/template-loader.js +52 -19
  29. package/lib/validation/cache-manager.js +36 -6
  30. package/lib/validation/config-security.js +82 -15
  31. package/lib/validation/workflow-validation.js +49 -23
  32. package/package.json +8 -10
  33. package/scripts/check-test-coverage.sh +46 -0
  34. package/setup.js +356 -285
  35. package/templates/QUALITY_TROUBLESHOOTING.md +32 -33
  36. package/templates/scripts/smart-test-strategy.sh +1 -1
  37. package/create-saas-monetization.js +0 -1513
package/docs/REQUIREMENTS.md ADDED
@@ -0,0 +1,148 @@
1
+ # qa-architect - Requirements
2
+
3
+ **Version:** 1.0.0
4
+ **Last Updated:** 2025-12-27
5
+ **Generated by:** VBL Adopt (auto-extracted from codebase)
6
+
7
+ ## Summary
8
+
9
+ | Category | Count | Status |
10
+ | --------- | ------- | ----------- |
11
+ | Auth | 9 | Implemented |
12
+ | Data | 7 | Implemented |
13
+ | Core | 88 | Implemented |
14
+ | **Total** | **104** | - |
15
+
16
+ ## Functional Requirements
17
+
18
+ ### Authentication (F.02)
19
+
20
+ | REQ-ID | Description | Priority | Status |
21
+ | ----------- | --------------------------------------------------- | -------- | ----------- |
22
+ | REQ-F.02.01 | Authentication Flow | P0 | Implemented |
23
+ | REQ-F.02.02 | should complete full authentication cycle | P0 | Implemented |
24
+ | REQ-F.02.03 | should handle invalid credentials properly | P0 | Implemented |
25
+ | REQ-F.02.04 | should enforce rate limiting on login attempts | P0 | Implemented |
26
+ | REQ-F.02.05 | User Authentication Flow | P0 | Implemented |
27
+ | REQ-F.02.06 | should complete full authentication journey | P0 | Implemented |
28
+ | REQ-F.02.07 | should handle login validation errors | P0 | Implemented |
29
+ | REQ-F.02.08 | should persist authentication across page refreshes | P0 | Implemented |
30
+ | REQ-F.02.09 | Telemetry tests | P0 | Implemented |
31
+
32
+ ### Data Layer (F.06)
33
+
34
+ | REQ-ID | Description | Priority | Status |
35
+ | ----------- | --------------------------------------------------- | -------- | ----------- |
36
+ | REQ-F.06.01 | Database Operations | P1 | Implemented |
37
+ | REQ-F.06.02 | should handle database connection errors gracefully | P1 | Implemented |
38
+ | REQ-F.06.03 | Cli Deps Integration tests | P1 | Implemented |
39
+ | REQ-F.06.04 | Premium Dependency Monitoring tests | P1 | Implemented |
40
+ | REQ-F.06.05 | Python Parser Fixes tests | P1 | Implemented |
41
+ | REQ-F.06.06 | Real World Packages tests | P1 | Implemented |
42
+ | REQ-F.06.07 | Setup tests | P1 | Implemented |
43
+
44
+ ### Core Features (F.01)
45
+
46
+ | REQ-ID | Description | Priority | Status |
47
+ | ----------- | ------------------------------------------------------- | -------- | ----------- |
48
+ | REQ-F.01.01 | API Service Integration Tests | P0 | Implemented |
49
+ | REQ-F.01.02 | Error Handling | P0 | Implemented |
50
+ | REQ-F.01.03 | Performance | P0 | Implemented |
51
+ | REQ-F.01.04 | should handle concurrent user creation | P0 | Implemented |
52
+ | REQ-F.01.05 | should maintain data integrity during transactions | P0 | Implemented |
53
+ | REQ-F.01.06 | should validate request payloads properly | P0 | Implemented |
54
+ | REQ-F.01.07 | should handle reasonable load | P0 | Implemented |
55
+ | REQ-F.01.08 | Frontend Application Integration Tests | P0 | Implemented |
56
+ | REQ-F.01.09 | Component Integration | P0 | Implemented |
57
+ | REQ-F.01.10 | Navigation and Routing | P0 | Implemented |
58
+ | REQ-F.01.11 | Accessibility Integration | P0 | Implemented |
59
+ | REQ-F.01.12 | Frontend E2E Tests | P0 | Implemented |
60
+ | REQ-F.01.13 | should handle complex form interactions | P0 | Implemented |
61
+ | REQ-F.01.14 | should handle API loading states properly | P0 | Implemented |
62
+ | REQ-F.01.15 | should update UI based on real-time data | P0 | Implemented |
63
+ | REQ-F.01.16 | should handle complex navigation flows | P0 | Implemented |
64
+ | REQ-F.01.17 | should preserve state during navigation | P0 | Implemented |
65
+ | REQ-F.01.18 | should support keyboard navigation | P0 | Implemented |
66
+ | REQ-F.01.19 | should work with screen readers | P0 | Implemented |
67
+ | REQ-F.01.20 | should handle color contrast and visual requirements | P0 | Implemented |
68
+ | REQ-F.01.21 | should complete user signup and onboarding | P0 | Implemented |
69
+ | REQ-F.01.22 | should handle responsive design across devices | P0 | Implemented |
70
+ | REQ-F.01.23 | should handle network failures gracefully | P0 | Implemented |
71
+ | REQ-F.01.24 | should maintain performance under load | P0 | Implemented |
72
+ | REQ-F.01.25 | runs a placeholder e2e flow | P0 | Implemented |
73
+ | REQ-F.01.26 | sample unit test | P0 | Implemented |
74
+ | REQ-F.01.27 | runs and asserts truthy values | P0 | Implemented |
75
+ | REQ-F.01.28 | Check Docs tests | P0 | Implemented |
76
+ | REQ-F.01.29 | Critical Fixes tests | P0 | Implemented |
77
+ | REQ-F.01.30 | Error Reporter | P0 | Implemented |
78
+ | REQ-F.01.31 | isErrorReportingEnabled | P0 | Implemented |
79
+ | REQ-F.01.32 | categorizeError | P0 | Implemented |
80
+ | REQ-F.01.33 | sanitizePath | P0 | Implemented |
81
+ | REQ-F.01.34 | sanitizeMessage | P0 | Implemented |
82
+ | REQ-F.01.35 | sanitizeStackTrace | P0 | Implemented |
83
+ | REQ-F.01.36 | ErrorReporter class | P0 | Implemented |
84
+ | REQ-F.01.37 | getErrorReportStats | P0 | Implemented |
85
+ | REQ-F.01.38 | clearErrorReports | P0 | Implemented |
86
+ | REQ-F.01.39 | Error report rotation | P0 | Implemented |
87
+ | REQ-F.01.40 | Error reporting file permissions | P0 | Implemented |
88
+ | REQ-F.01.41 | Silent failure behavior | P0 | Implemented |
89
+ | REQ-F.01.42 | should be disabled by default | P0 | Implemented |
90
+ | REQ-F.01.43 | should be enabled when ENV var is | P0 | Implemented |
91
+ | REQ-F.01.44 | should be disabled for other ENV var values | P0 | Implemented |
92
+ | REQ-F.01.45 | should categorize permission errors | P0 | Implemented |
93
+ | REQ-F.01.46 | should categorize dependency errors | P0 | Implemented |
94
+ | REQ-F.01.47 | should categorize network errors | P0 | Implemented |
95
+ | REQ-F.01.48 | should categorize configuration errors | P0 | Implemented |
96
+ | REQ-F.01.49 | should categorize validation errors | P0 | Implemented |
97
+ | REQ-F.01.50 | should categorize unknown errors | P0 | Implemented |
98
+ | REQ-F.01.51 | should remove username from macOS paths | P0 | Implemented |
99
+ | REQ-F.01.52 | should remove username from Linux paths | P0 | Implemented |
100
+ | REQ-F.01.53 | should remove username from Windows paths | P0 | Implemented |
101
+ | REQ-F.01.54 | should handle non-string inputs | P0 | Implemented |
102
+ | REQ-F.01.55 | should sanitize file paths in error messages | P0 | Implemented |
103
+ | REQ-F.01.56 | should sanitize git URLs with tokens | P0 | Implemented |
104
+ | REQ-F.01.57 | should sanitize email addresses | P0 | Implemented |
105
+ | REQ-F.01.58 | should sanitize file paths in stack traces | P0 | Implemented |
106
+ | REQ-F.01.59 | should not capture errors when disabled | P0 | Implemented |
107
+ | REQ-F.01.60 | should capture errors when enabled | P0 | Implemented |
108
+ | REQ-F.01.61 | should force capture with forceCapture context flag | P0 | Implemented |
109
+ | REQ-F.01.62 | should include operation context in report | P0 | Implemented |
110
+ | REQ-F.01.63 | should include additional context in report | P0 | Implemented |
111
+ | REQ-F.01.64 | should include user comment in report | P0 | Implemented |
112
+ | REQ-F.01.65 | should sanitize error message and stack trace | P0 | Implemented |
113
+ | REQ-F.01.66 | should categorize errors correctly | P0 | Implemented |
114
+ | REQ-F.01.67 | should return friendly messages for each error category | P0 | Implemented |
115
+ | REQ-F.01.68 | should return empty stats when no reports exist | P0 | Implemented |
116
+ | REQ-F.01.69 | should calculate statistics correctly | P0 | Implemented |
117
+ | REQ-F.01.70 | should delete error reports file | P0 | Implemented |
118
+ | REQ-F.01.71 | should return false if no file exists | P0 | Implemented |
119
+ | REQ-F.01.72 | should keep only last 50 reports | P0 | Implemented |
120
+ | REQ-F.01.73 | should create error reports file with 0600 permissions | P0 | Implemented |
121
+ | REQ-F.01.74 | should not throw if error reporting save fails | P0 | Implemented |
122
+ | REQ-F.01.75 | Gitleaks Binary Resolution tests | P0 | Implemented |
123
+ | REQ-F.01.76 | Gitleaks Checksum Verification tests | P0 | Implemented |
124
+ | REQ-F.01.77 | Gitleaks Production Checksums tests | P0 | Implemented |
125
+ | REQ-F.01.78 | . | P0 | Implemented |
126
+ | REQ-F.01.79 | Interactive Routing Fix tests | P0 | Implemented |
127
+ | REQ-F.01.80 | Multi Language Dependency Monitoring tests | P0 | Implemented |
128
+ | REQ-F.01.81 | Package Manager Detection tests | P0 | Implemented |
129
+ | REQ-F.01.82 | ${i} | P0 | Implemented |
130
+ | REQ-F.01.83 | example | P0 | Implemented |
131
+ | REQ-F.01.84 | Python Detection Sensitivity tests | P0 | Implemented |
132
+ | REQ-F.01.85 | Setup Error Coverage tests | P0 | Implemented |
133
+ | REQ-F.01.86 | Validate Command Patterns tests | P0 | Implemented |
134
+ | REQ-F.01.87 | Validation Factory tests | P0 | Implemented |
135
+ | REQ-F.01.88 | \n | P0 | Implemented |
136
+
137
+ ## Non-Functional Requirements
138
+
139
+ | REQ-ID | Description | Metric | Target |
140
+ | ----------- | -------------- | ------------- | ------ |
141
+ | REQ-N.01.01 | Page load time | LCP | < 2.5s |
142
+ | REQ-N.01.02 | Test coverage | Line coverage | >= 50% |
143
+ | REQ-N.01.03 | Accessibility | WCAG level | AA |
144
+
145
+ ---
146
+
147
+ _Auto-generated by VBL Adopt - 2025-12-27_
148
+ _Run `vbl qa` to verify requirements traceability_
package/docs/SECURITY-AUDIT.md ADDED
@@ -0,0 +1,68 @@
1
+ # Security Audit Report
2
+
3
+ **Status:** āŒ FAILED
4
+ **Total Issues:** 18
5
+ **Critical Issues:** 18
6
+ **Session ID:** sess_mjqeacse_34vjaa
7
+
8
+ ## Secrets Scan
9
+
10
+ **Status:** āŒ Failed
11
+ **Secrets Found:** 18
12
+ **ESLint Security Issues:** 0
13
+
14
+ ### Issues
15
+
16
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (lib/validation/config-security.js:17)
17
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (lib/validation/config-security.js:19)
18
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (lib/validation/config-security.js:21)
19
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (lib/validation/config-security.js:23)
20
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (lib/validation/config-security.js:25)
21
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/critical-fixes.test.js:95)
22
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-production-checksums.test.js:22)
23
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-production-checksums.test.js:24)
24
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-production-checksums.test.js:26)
25
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-production-checksums.test.js:28)
26
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-production-checksums.test.js:30)
27
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-real-binary-test.js:25)
28
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-real-binary-test.js:27)
29
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-real-binary-test.js:29)
30
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-real-binary-test.js:31)
31
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/gitleaks-real-binary-test.js:33)
32
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tests/setup-error-coverage.test.js:112)
33
+ - šŸ”“ **CRITICAL**: Potential Long base64 strings found (tsconfig.json:13)
34
+
35
+ ## Dependency Audit
36
+
37
+ **Status:** āœ… Passed
38
+ **Total Vulnerabilities:** 0
39
+ **Outdated Packages:** 10
40
+
41
+ | Severity | Count |
42
+ | -------- | ----- |
43
+ | Critical | 0 |
44
+ | High | 0 |
45
+ | Moderate | 0 |
46
+ | Low | 0 |
47
+
48
+ ## OWASP Top 10 Scan
49
+
50
+ **Status:** āŒ Failed
51
+ **Score:** 0/100
52
+
53
+ | Check | Status |
54
+ | ----------------------------------------------- | ------ |
55
+ | A01: Broken Access Control | āœ… |
56
+ | A02: Cryptographic Failures | āŒ |
57
+ | A03: Injection | āŒ |
58
+ | A04: Insecure Design | āŒ |
59
+ | A05: Security Misconfiguration | āŒ |
60
+ | A06: Vulnerable Components | āœ… |
61
+ | A07: Identification and Authentication Failures | āœ… |
62
+ | A08: Software and Data Integrity Failures | āŒ |
63
+ | A09: Security Logging and Monitoring Failures | āŒ |
64
+ | A10: Server-Side Request Forgery (SSRF) | āœ… |
65
+
66
+ ---
67
+
68
+ _Generated by Security_Auditor_Agent v2.0_
package/docs/TESTING.md CHANGED
@@ -2,14 +2,13 @@
2
2
 
3
3
  ## Overview
4
4
 
5
- QA Architect uses Jest for testing with a focus on integration tests that validate real CLI workflows.
5
+ QA Architect uses plain Node-based test runners (no Jest) with a heavy focus on integration tests that validate real CLI workflows end to end.
6
6
 
7
7
  ## Running Tests
8
8
 
9
9
  ```bash
10
- npm test # Run all tests
11
- npm run test:coverage # Run with coverage report
12
- npm run test:watch # Watch mode for development
10
+ npm test # Run all tests (sequential Node scripts)
11
+ npm run test:coverage # Run with coverage report via c8
13
12
  ```
14
13
 
15
14
  ## Test Structure
package/docs/test-trace-matrix.md ADDED
@@ -0,0 +1,28 @@
1
+ # qa-architect - Test Traceability Matrix
2
+
3
+ **Generated:** 2025-12-27
4
+ **Coverage Target:** 50%
5
+
6
+ ## Coverage Summary
7
+
8
+ | Metric | Value |
9
+ | ------------ | ----- |
10
+ | Requirements | 0 |
11
+ | Covered | 0 |
12
+ | Coverage | 0% |
13
+
14
+ ## Requirement ā†’ Test Mapping
15
+
16
+ | REQ-ID | Description | Test File | Status |
17
+ | ----------- | ------------- | --------- | ---------- |
18
+ | REQ-F.01.01 | [Description] | - | āš ļø Missing |
19
+
20
+ ## Test ā†’ Requirement Mapping
21
+
22
+ | Test File | Tests | REQ-IDs | Status |
23
+ | --------- | ----- | ------- | ------ |
24
+ | - | - | - | - |
25
+
26
+ ---
27
+
28
+ _Run `vbl qa` to regenerate this matrix_
package/lib/billing-dashboard.html CHANGED
@@ -311,9 +311,9 @@
311
311
  onclick="selectTier('pro')"
312
312
  >
313
313
  <div class="tier-name">Pro</div>
314
- <div class="tier-price">$59<span class="period">/month</span></div>
314
+ <div class="tier-price">$19<span class="period">/month</span></div>
315
315
  <div style="color: #22c55e; font-size: 0.9rem">
316
- or $590/year (save $118)
316
+ or $190/year (save $38)
317
317
  </div>
318
318
 
319
319
  <ul class="tier-features">
@@ -329,12 +329,8 @@
329
329
  <!-- Team Tier -->
330
330
  <div class="tier-card" data-tier="team" onclick="selectTier('team')">
331
331
  <div class="tier-name">Team</div>
332
- <div class="tier-price">
333
- $15<span class="period">/user/month</span>
334
- </div>
335
- <div style="color: #666; font-size: 0.9rem">
336
- 5-seat minimum ($75/mo)
337
- </div>
332
+ <div class="tier-price">Contact us</div>
333
+ <div style="color: #666; font-size: 0.9rem">Coming soon</div>
338
334
 
339
335
  <ul class="tier-features">
340
336
  <li>All PRO features included</li>
@@ -353,10 +349,8 @@
353
349
  onclick="selectTier('enterprise')"
354
350
  >
355
351
  <div class="tier-name">Enterprise</div>
356
- <div class="tier-price">$249<span class="period">/month</span></div>
357
- <div style="color: #666; font-size: 0.9rem">
358
- annual + $499 onboarding
359
- </div>
352
+ <div class="tier-price">Contact us</div>
353
+ <div style="color: #666; font-size: 0.9rem">Coming soon</div>
360
354
 
361
355
  <ul class="tier-features">
362
356
  <li>All TEAM features included</li>
package/lib/commands/deps.js ADDED
@@ -0,0 +1,245 @@
1
+ /**
2
+ * Dependency monitoring command handler
3
+ *
4
+ * Extracted from setup.js to improve maintainability.
5
+ * Handles --deps, --dependency-monitoring commands.
6
+ */
7
+
8
+ const fs = require('fs')
9
+ const path = require('path')
10
+
11
+ const {
12
+ hasNpmProject,
13
+ generateBasicDependabotConfig,
14
+ writeBasicDependabotConfig,
15
+ } = require('../dependency-monitoring-basic')
16
+
17
+ const {
18
+ generatePremiumDependabotConfig,
19
+ writePremiumDependabotConfig,
20
+ } = require('../dependency-monitoring-premium')
21
+
22
+ const {
23
+ getLicenseInfo,
24
+ showUpgradeMessage,
25
+ checkUsageCaps,
26
+ incrementUsage,
27
+ } = require('../licensing')
28
+
29
+ /**
30
+ * Detect Python project
31
+ * @param {string} projectPath - Path to project
32
+ * @returns {boolean} True if Python project detected
33
+ */
34
+ function detectPythonProject(projectPath) {
35
+ const pythonFiles = [
36
+ 'pyproject.toml',
37
+ 'requirements.txt',
38
+ 'setup.py',
39
+ 'Pipfile',
40
+ ]
41
+ return pythonFiles.some(file => fs.existsSync(path.join(projectPath, file)))
42
+ }
43
+
44
+ /**
45
+ * Detect Rust project
46
+ * @param {string} projectPath - Path to project
47
+ * @returns {boolean} True if Rust project detected
48
+ */
49
+ function detectRustProject(projectPath) {
50
+ return fs.existsSync(path.join(projectPath, 'Cargo.toml'))
51
+ }
52
+
53
+ /**
54
+ * Detect Ruby project
55
+ * @param {string} projectPath - Path to project
56
+ * @returns {boolean} True if Ruby project detected
57
+ */
58
+ function detectRubyProject(projectPath) {
59
+ return fs.existsSync(path.join(projectPath, 'Gemfile'))
60
+ }
61
+
62
+ /**
63
+ * Handle dependency monitoring command (Free/Pro/Team/Enterprise)
64
+ */
65
+ async function handleDependencyMonitoring() {
66
+ const projectPath = process.cwd()
67
+ const license = getLicenseInfo()
68
+
69
+ // Detect all supported ecosystems (npm, Python, Ruby, Rust, etc.)
70
+ const hasNpm = hasNpmProject(projectPath)
71
+ const hasPython = detectPythonProject(projectPath)
72
+ const hasRust = detectRustProject(projectPath)
73
+ const hasRuby = detectRubyProject(projectPath)
74
+
75
+ if (!hasNpm && !hasPython && !hasRust && !hasRuby) {
76
+ console.error(
77
+ 'āŒ No supported dependency file found (package.json, pyproject.toml, requirements.txt, Gemfile, Cargo.toml).'
78
+ )
79
+ console.log("šŸ’” Make sure you're in a directory with dependency files.")
80
+ process.exit(1)
81
+ }
82
+
83
+ if (hasNpm) console.log('šŸ“¦ Detected: npm project')
84
+ if (hasPython) console.log('šŸ Detected: Python project')
85
+ if (hasRust) console.log('šŸ¦€ Detected: Rust project')
86
+ if (hasRuby) console.log('šŸ’Ž Detected: Ruby project')
87
+ console.log(`šŸ“‹ License tier: ${license.tier.toUpperCase()}`)
88
+
89
+ // Enforce Free tier caps for dependency monitoring (counted as dependency PRs)
90
+ if (license.tier === 'FREE') {
91
+ const capCheck = checkUsageCaps('dependency-pr')
92
+ if (!capCheck.allowed) {
93
+ console.error(`āŒ ${capCheck.reason}`)
94
+ console.error(
95
+ ' Upgrade to Pro, Team, or Enterprise for unlimited runs: https://vibebuildlab.com/qa-architect'
96
+ )
97
+ process.exit(1)
98
+ }
99
+
100
+ const increment = incrementUsage('dependency-pr')
101
+ const usage = increment.usage || capCheck.usage
102
+ const caps = capCheck.caps
103
+ if (usage && caps && caps.maxDependencyPRsPerMonth !== undefined) {
104
+ console.log(
105
+ `šŸ§® Usage: ${usage.dependencyPRs}/${caps.maxDependencyPRsPerMonth} dependency monitoring runs used this month`
106
+ )
107
+ }
108
+ }
109
+
110
+ const dependabotPath = path.join(projectPath, '.github', 'dependabot.yml')
111
+
112
+ // Use premium or basic config based on license tier
113
+ const shouldUsePremium =
114
+ license.tier === 'PRO' ||
115
+ license.tier === 'TEAM' ||
116
+ license.tier === 'ENTERPRISE'
117
+
118
+ // Free tier only supports npm projects. Fail fast with a clear message.
119
+ if (!shouldUsePremium && !hasNpm && (hasPython || hasRust || hasRuby)) {
120
+ console.error(
121
+ 'āŒ Dependency monitoring for this project requires a Pro, Team, or Enterprise license.'
122
+ )
123
+ console.error(
124
+ ' Free tier supports npm projects only. Detected non-npm ecosystems.'
125
+ )
126
+ console.error(
127
+ ' Options: add npm/package.json, or upgrade and re-run: npx create-qa-architect@latest --deps after activation.'
128
+ )
129
+ process.exit(1)
130
+ }
131
+
132
+ if (shouldUsePremium) {
133
+ console.log(
134
+ '\nšŸš€ Setting up framework-aware dependency monitoring (Premium)...\n'
135
+ )
136
+
137
+ const configData = generatePremiumDependabotConfig({
138
+ projectPath,
139
+ schedule: 'weekly',
140
+ })
141
+
142
+ if (configData) {
143
+ const { ecosystems } = configData
144
+ const ecosystemNames = Object.keys(ecosystems)
145
+
146
+ if (ecosystemNames.length > 0) {
147
+ console.log('šŸ” Detected ecosystems:')
148
+
149
+ let primaryEcosystem = null
150
+ ecosystemNames.forEach(ecoName => {
151
+ const eco = ecosystems[ecoName]
152
+ const frameworks = Object.keys(eco.detected || {})
153
+ const totalPackages = frameworks.reduce((sum, fw) => {
154
+ return sum + (eco.detected[fw]?.count || 0)
155
+ }, 0)
156
+
157
+ console.log(` ā€¢ ${ecoName}: ${totalPackages} packages`)
158
+
159
+ if (eco.primary) {
160
+ primaryEcosystem = ecoName
161
+ }
162
+ })
163
+
164
+ if (primaryEcosystem) {
165
+ console.log(`\nšŸŽÆ Primary ecosystem: ${primaryEcosystem}`)
166
+ }
167
+ }
168
+
169
+ writePremiumDependabotConfig(configData, dependabotPath)
170
+ console.log('\nāœ… Created .github/dependabot.yml with framework grouping')
171
+
172
+ console.log('\nšŸŽ‰ Premium dependency monitoring setup complete!')
173
+ console.log('\nšŸ“‹ What was added (Pro Tier):')
174
+ console.log(' ā€¢ Framework-aware dependency grouping')
175
+ console.log(
176
+ ` ā€¢ ${Object.keys(configData.config.updates[0].groups || {}).length} dependency groups created`
177
+ )
178
+ console.log(' ā€¢ Intelligent update batching (reduces PRs by 60%+)')
179
+ console.log(' ā€¢ GitHub Actions dependency monitoring')
180
+ }
181
+ } else {
182
+ console.log('\nšŸ” Setting up basic dependency monitoring (Free Tier)...\n')
183
+
184
+ const dependabotConfig = generateBasicDependabotConfig({
185
+ projectPath,
186
+ schedule: 'weekly',
187
+ })
188
+
189
+ if (dependabotConfig) {
190
+ writeBasicDependabotConfig(dependabotConfig, dependabotPath)
191
+ console.log('āœ… Created .github/dependabot.yml')
192
+ }
193
+
194
+ console.log('\nšŸŽ‰ Basic dependency monitoring setup complete!')
195
+ console.log('\nšŸ“‹ What was added (Free Tier):')
196
+ console.log(' ā€¢ Basic Dependabot configuration for npm packages')
197
+ console.log(' ā€¢ Weekly dependency updates on Monday 9am')
198
+ console.log(' ā€¢ GitHub Actions dependency monitoring')
199
+
200
+ // Show upgrade message for premium features
201
+ console.log('\nšŸ”’ Premium features now available:')
202
+ console.log(' āœ… Framework-aware package grouping (React, Vue, Angular)')
203
+ console.log(' ā€¢ Coming soon: Multi-language support (Python, Rust, Go)')
204
+ console.log(' ā€¢ Planned: Advanced security audit workflows')
205
+ console.log(' ā€¢ Planned: Custom update schedules and notifications')
206
+
207
+ showUpgradeMessage('Framework-Aware Dependency Grouping')
208
+ }
209
+
210
+ // Auto-enable Dependabot on GitHub if token available
211
+ console.log('\nšŸ”§ Attempting to enable Dependabot on GitHub...')
212
+ try {
213
+ const { setupDependabot } = require('../github-api')
214
+ const result = await setupDependabot(projectPath, { verbose: true })
215
+
216
+ if (result.success) {
217
+ console.log('āœ… Dependabot alerts and security updates enabled!')
218
+ } else if (result.errors.length > 0) {
219
+ console.log('āš ļø Could not auto-enable Dependabot:')
220
+ result.errors.forEach(err => console.log(` ā€¢ ${err}`))
221
+ console.log('\nšŸ’” Manual steps needed:')
222
+ console.log(' ā€¢ Go to GitHub repo ā†’ Settings ā†’ Code security')
223
+ console.log(
224
+ ' ā€¢ Enable "Dependabot alerts" and "Dependabot security updates"'
225
+ )
226
+ }
227
+ } catch (error) {
228
+ console.log('āš ļø Could not auto-enable Dependabot:', error.message)
229
+ console.log('\nšŸ’” Manual steps:')
230
+ console.log(' ā€¢ Enable Dependabot in GitHub repo settings')
231
+ }
232
+
233
+ console.log('\nšŸ’” Next steps:')
234
+ console.log(' ā€¢ Review and commit .github/dependabot.yml')
235
+ console.log(
236
+ ' ā€¢ Dependabot will start monitoring weekly for dependency updates'
237
+ )
238
+ }
239
+
240
+ module.exports = {
241
+ handleDependencyMonitoring,
242
+ detectPythonProject,
243
+ detectRustProject,
244
+ detectRubyProject,
245
+ }
package/lib/commands/index.js ADDED
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Command handlers index
3
+ *
4
+ * Centralizes CLI command handlers for better maintainability.
5
+ * Each command has its own module with focused functionality.
6
+ */
7
+
8
+ const { handleValidationCommands } = require('./validate')
9
+ const {
10
+ handleDependencyMonitoring,
11
+ detectPythonProject,
12
+ detectRustProject,
13
+ detectRubyProject,
14
+ } = require('./deps')
15
+
16
+ module.exports = {
17
+ // Validation commands
18
+ handleValidationCommands,
19
+
20
+ // Dependency monitoring commands
21
+ handleDependencyMonitoring,
22
+ detectPythonProject,
23
+ detectRustProject,
24
+ detectRubyProject,
25
+ }
package/lib/commands/validate.js ADDED
@@ -0,0 +1,85 @@
1
+ /**
2
+ * Validation command handlers
3
+ *
4
+ * Extracted from setup.js to improve maintainability.
5
+ * Handles --validate, --comprehensive, --security-config, --validate-docs commands.
6
+ */
7
+
8
+ const { ValidationRunner } = require('../validation')
9
+
10
+ /**
11
+ * Handle validation-only commands
12
+ *
13
+ * @param {Object} options - Validation options
14
+ * @param {boolean} options.isConfigSecurityMode - Run config security check only
15
+ * @param {boolean} options.isDocsValidationMode - Run docs validation only
16
+ * @param {boolean} options.isComprehensiveMode - Run comprehensive validation
17
+ * @param {boolean} options.isValidationMode - Run validation mode
18
+ * @param {boolean} options.disableNpmAudit - Skip npm audit
19
+ * @param {boolean} options.disableGitleaks - Skip gitleaks
20
+ * @param {boolean} options.disableActionlint - Skip actionlint
21
+ * @param {boolean} options.disableMarkdownlint - Skip markdownlint
22
+ * @param {boolean} options.disableEslintSecurity - Skip ESLint security
23
+ * @param {boolean} options.allowLatestGitleaks - Allow latest gitleaks version
24
+ */
25
+ async function handleValidationCommands(options) {
26
+ const {
27
+ isConfigSecurityMode,
28
+ isDocsValidationMode,
29
+ isComprehensiveMode,
30
+ isValidationMode,
31
+ disableNpmAudit,
32
+ disableGitleaks,
33
+ disableActionlint,
34
+ disableMarkdownlint,
35
+ disableEslintSecurity,
36
+ allowLatestGitleaks,
37
+ } = options
38
+
39
+ const validationOptions = {
40
+ disableNpmAudit,
41
+ disableGitleaks,
42
+ disableActionlint,
43
+ disableMarkdownlint,
44
+ disableEslintSecurity,
45
+ allowLatestGitleaks,
46
+ }
47
+ const validator = new ValidationRunner(validationOptions)
48
+
49
+ if (isConfigSecurityMode) {
50
+ try {
51
+ await validator.runConfigSecurity()
52
+ process.exit(0)
53
+ } catch (error) {
54
+ console.error(
55
+ `\nāŒ Configuration security validation failed:\n${error.message}`
56
+ )
57
+ process.exit(1)
58
+ }
59
+ }
60
+
61
+ if (isDocsValidationMode) {
62
+ try {
63
+ await validator.runDocumentationValidation()
64
+ process.exit(0)
65
+ } catch (error) {
66
+ console.error(`\nāŒ Documentation validation failed:\n${error.message}`)
67
+ process.exit(1)
68
+ }
69
+ }
70
+
71
+ if (isComprehensiveMode || isValidationMode) {
72
+ try {
73
+ // Use parallel validation for 3-5x speedup (runs checks concurrently)
74
+ await validator.runComprehensiveCheckParallel()
75
+ process.exit(0)
76
+ } catch (error) {
77
+ console.error(`\nāŒ Comprehensive validation failed:\n${error.message}`)
78
+ process.exit(1)
79
+ }
80
+ }
81
+ }
82
+
83
+ module.exports = {
84
+ handleValidationCommands,
85
+ }