create-qa-architect 5.10.3 → 5.11.1

package/.github/workflows/quality.yml

@@ -1,13 +1,13 @@
 name: Quality Checks
 
-# Progressive quality automation - adapts checks based on project maturity
-# Minimal projects: Only Prettier
-# Bootstrap projects: + ESLint
-# Development projects: + Tests + Security
-# Production-ready: All checks enabled
+# Industry best practice: "Fail fast locally, verify comprehensively remotely"
 #
-# Note: Core checks and tests run on Node.js 20 and 22 matrix to catch runtime differences
-# and ensure compatibility across Node.js versions
+# Local (pre-commit): Lint + format (staged files) - instant feedback
+# Local (pre-push): Type check + tests (changed files) - catches logic bugs
+# CI (this workflow): Full test suite + E2E + security - comprehensive verification
+#
+# Note: Lint/format NOT duplicated here - pre-commit already did it
+# This avoids redundant work and reduces CI costs
 
 on:
   push:
@@ -86,6 +86,21 @@ jobs:
             echo "turbo-prefix=" >> $GITHUB_OUTPUT
           fi
 
+      - name: Setup pnpm
+        if: steps.detect-pm.outputs.manager == 'pnpm'
+        uses: pnpm/action-setup@v4
+        with:
+          version: '8.15.0'
+
+      - name: Setup Bun
+        if: steps.detect-pm.outputs.manager == 'bun'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: '1.0.0'
+
+      - name: Install dependencies for maturity detection
+        run: ${{ steps.detect-pm.outputs.install-cmd }}
+
       - name: Detect Project Maturity
         id: detect
         run: |
@@ -109,63 +124,12 @@ jobs:
           echo "Has documentation: ${{ steps.detect.outputs.has-docs }}"
           echo "Has CSS files: ${{ steps.detect.outputs.has-css }}"
 
-  # Step 2: Core checks - ALWAYS run (all maturity levels)
-  # Note: Runs on Node 22 only - Prettier formatting is not sensitive to Node version
-  core-checks:
-    runs-on: ubuntu-latest
-    needs: detect-maturity
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '22'
-          cache: ${{ needs.detect-maturity.outputs.package-manager }}
-
-      - name: Install dependencies
-        run: ${{ needs.detect-maturity.outputs.install-cmd }}
-
-      - name: Prettier check
-        run: |
-          echo "✨ Running Prettier formatting check (required for all projects)"
-          npm run format:check
-
-  # Step 3: Linting - run if source files exist (bootstrap+)
-  # Note: Runs on Node 20 only - linting tools are less sensitive to Node version differences
-  # Core runtime compatibility is tested via matrix in tests job when enabled
-  linting:
-    runs-on: ubuntu-latest
-    needs: detect-maturity
-    if: fromJSON(needs.detect-maturity.outputs.source-count) > 0
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '20'
-          cache: ${{ needs.detect-maturity.outputs.package-manager }}
+  # Note: Lint/format jobs REMOVED - pre-commit already does this locally
+  # This follows industry best practice: "Each layer does unique work"
+  # Pre-commit = lint + format on staged files
+  # CI = full tests + E2E + security (things that can't be done locally)
 
-      - name: Install dependencies
-        run: ${{ needs.detect-maturity.outputs.install-cmd }}
-
-      - name: ESLint
-        run: |
-          echo "🔍 Linting ${{ needs.detect-maturity.outputs.source-count }} source files..."
-          npx eslint .
-
-      - name: Stylelint
-        if: needs.detect-maturity.outputs.has-css == 'true'
-        run: |
-          echo "🎨 Linting CSS files..."
-          npx stylelint "**/*.{css,scss,sass,less,pcss}" --allow-empty-input
-
-  # Step 4: Security checks - run if dependencies exist
+  # Step 2: Security checks - run if dependencies exist
   #
   # Optional Enhanced Token Configuration:
   # - GITLEAKS_TOKEN: Enhanced GitHub token for gitleaks (fallback: GITHUB_TOKEN)
@@ -189,6 +153,18 @@ jobs:
           node-version: '20'
           cache: ${{ needs.detect-maturity.outputs.package-manager }}
 
+      - name: Setup pnpm
+        if: needs.detect-maturity.outputs.package-manager == 'pnpm'
+        uses: pnpm/action-setup@v4
+        with:
+          version: '8.15.0'
+
+      - name: Setup Bun
+        if: needs.detect-maturity.outputs.package-manager == 'bun'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: '1.0.0'
+
       - name: Install dependencies
         run: ${{ needs.detect-maturity.outputs.install-cmd }}
 
@@ -291,11 +267,14 @@ jobs:
           SEMGREP_VERSION: '1.85.0'
           SEMGREP_ENABLE_VERSION_CHECK: 'false'
 
-  # Step 5: Tests - run if test files exist (development+)
+  # Step 3: Tests - run if test files exist (development+)
+  # Smart skip: Draft PRs skip tests (saves CI costs during WIP)
   tests:
     runs-on: ubuntu-latest
     needs: detect-maturity
-    if: fromJSON(needs.detect-maturity.outputs.test-count) > 0
+    if: |
+      fromJSON(needs.detect-maturity.outputs.test-count) > 0 &&
+      (github.event.pull_request.draft != true || github.event_name != 'pull_request')
     strategy:
       fail-fast: false
       matrix:
@@ -311,6 +290,18 @@ jobs:
           node-version: ${{ matrix.node-version }}
           cache: ${{ needs.detect-maturity.outputs.package-manager }}
 
+      - name: Setup pnpm
+        if: needs.detect-maturity.outputs.package-manager == 'pnpm'
+        uses: pnpm/action-setup@v4
+        with:
+          version: '8.15.0'
+
+      - name: Setup Bun
+        if: needs.detect-maturity.outputs.package-manager == 'bun'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: '1.0.0'
+
       - name: Install dependencies
         run: |
           echo "⏱️ Performance Budget: Dependency installation must complete within 2 minutes"
@@ -352,7 +343,7 @@ jobs:
           echo "🔐 Running real gitleaks binary verification test..."
           QAA_DEVELOPER=true RUN_REAL_BINARY_TEST=1 node tests/gitleaks-real-binary-test.js
 
-  # Step 6: Documentation - run for production-ready projects
+  # Step 4: Documentation - run for production-ready projects
   documentation:
     runs-on: ubuntu-latest
     needs: detect-maturity
@@ -368,6 +359,18 @@ jobs:
           node-version: '20'
           cache: ${{ needs.detect-maturity.outputs.package-manager }}
 
+      - name: Setup pnpm
+        if: needs.detect-maturity.outputs.package-manager == 'pnpm'
+        uses: pnpm/action-setup@v4
+        with:
+          version: '8.15.0'
+
+      - name: Setup Bun
+        if: needs.detect-maturity.outputs.package-manager == 'bun'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: '1.0.0'
+
       - name: Install dependencies
         run: ${{ needs.detect-maturity.outputs.install-cmd }}
 
@@ -438,42 +441,53 @@ jobs:
             echo "ℹ️ Not an npm package or no package.json found - skipping package validation"
           fi
 
+      - name: Detect web app
+        id: detect-webapp
+        run: |
+          # Only run Lighthouse for actual web apps, not CLI tools
+          IS_WEBAPP=false
+
+          # Check for web app indicators
+          if [ -f "index.html" ] || [ -f "public/index.html" ] || [ -f "src/index.html" ]; then
+            IS_WEBAPP=true
+          elif [ -d "dist" ] && [ -f "dist/index.html" ]; then
+            IS_WEBAPP=true
+          elif grep -q '"start".*"next\|vite\|react-scripts\|serve"' package.json 2>/dev/null; then
+            IS_WEBAPP=true
+          fi
+
+          echo "is-webapp=$IS_WEBAPP" >> $GITHUB_OUTPUT
+          echo "Web app detected: $IS_WEBAPP"
+
       - name: Lighthouse CI
-        if: hashFiles('.lighthouserc.js', '.lighthouserc.json', 'lighthouserc.js') != ''
+        if: hashFiles('.lighthouserc.js', '.lighthouserc.json', 'lighthouserc.js') != '' && steps.detect-webapp.outputs.is-webapp == 'true'
         id: lighthouse
         run: |
-          echo "🚢 Running Lighthouse CI..."
+          echo "Running Lighthouse CI..."
           npx lhci autorun
         continue-on-error: true
 
       - name: Report Lighthouse Failures
         if: steps.lighthouse.outcome == 'failure'
-        env:
-          MATURITY: ${{ needs.detect-maturity.outputs.maturity }}
         run: |
-          echo "::error::Lighthouse CI failed - performance budgets or quality thresholds violated"
+          echo "::warning::Lighthouse CI failed - performance budgets or quality thresholds violated"
           echo "Review the Lighthouse report to see which metrics failed."
           echo "Common failures: performance score, accessibility issues, SEO problems"
 
           # Add to job summary for visibility
-          echo "## ⚠️ Lighthouse CI Failed" >> $GITHUB_STEP_SUMMARY
+          echo "## Lighthouse CI Failed" >> $GITHUB_STEP_SUMMARY
           echo "Performance budgets or quality thresholds were violated." >> $GITHUB_STEP_SUMMARY
-          echo "This is currently a soft failure (continue-on-error: true)." >> $GITHUB_STEP_SUMMARY
           echo "Review the Lighthouse report in the Actions logs above." >> $GITHUB_STEP_SUMMARY
 
-          # Fail build for production-ready projects
-          if [ "$MATURITY" == "production-ready" ]; then
-            echo "::error::Production-ready projects must pass Lighthouse CI checks"
-            exit 1
-          fi
+          # Soft warning, not hard fail - Lighthouse issues shouldn't block releases
+          # Teams can enforce by adding 'error' level assertions in their lighthouserc
+          echo "::notice::Lighthouse failures are warnings. Add 'error' assertions in .lighthouserc.js to enforce."
 
-  # Step 7: Summary - report what checks ran
+  # Step 5: Summary - report what checks ran
   summary:
     runs-on: ubuntu-latest
     needs:
       - detect-maturity
-      - core-checks
-      - linting
       - security
       - tests
       - documentation
@@ -482,8 +496,6 @@ jobs:
     steps:
       - name: Generate Check Summary
         env:
-          CORE_RESULT: ${{ needs.core-checks.result }}
-          LINTING_RESULT: ${{ needs.linting.result }}
           SECURITY_RESULT: ${{ needs.security.result }}
           TESTS_RESULT: ${{ needs.tests.result }}
           DOCS_RESULT: ${{ needs.documentation.result }}
@@ -499,26 +511,9 @@ jobs:
           echo "- Has documentation: ${{ needs.detect-maturity.outputs.has-docs }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Checks Executed" >> $GITHUB_STEP_SUMMARY
-
-          # Core checks
-          if [ "$CORE_RESULT" == "success" ]; then
-            echo "- ✅ Core checks: Passed" >> $GITHUB_STEP_SUMMARY
-          elif [ "$CORE_RESULT" == "failure" ]; then
-            echo "- ❌ Core checks: Failed" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "- ⚠️ Core checks: $CORE_RESULT" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Linting
-          if [ "$LINTING_RESULT" == "success" ]; then
-            echo "- ✅ Linting: Passed" >> $GITHUB_STEP_SUMMARY
-          elif [ "$LINTING_RESULT" == "failure" ]; then
-            echo "- ❌ Linting: Failed" >> $GITHUB_STEP_SUMMARY
-          elif [ "$LINTING_RESULT" == "skipped" ]; then
-            echo "- ⏭️ Linting: Skipped (no source files)" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "- ⚠️ Linting: $LINTING_RESULT" >> $GITHUB_STEP_SUMMARY
-          fi
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Note: Lint/format checks run locally in pre-commit (not duplicated here)" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
 
           # Security
           if [ "$SECURITY_RESULT" == "success" ]; then
@@ -526,7 +521,7 @@ jobs:
           elif [ "$SECURITY_RESULT" == "failure" ]; then
             echo "- ❌ Security: Failed" >> $GITHUB_STEP_SUMMARY
           elif [ "$SECURITY_RESULT" == "skipped" ]; then
-            echo "- ⏭️ Security: Skipped (no dependencies)" >> $GITHUB_STEP_SUMMARY
+            echo "- ⏭️ Security: Skipped (runs on schedule/manual trigger)" >> $GITHUB_STEP_SUMMARY
           else
             echo "- ⚠️ Security: $SECURITY_RESULT" >> $GITHUB_STEP_SUMMARY
           fi

package/README.md

@@ -15,9 +15,9 @@ Quality automation CLI for JavaScript/TypeScript, Python, and shell script proje
 ## Features
 
 - **Prettier Code Formatting** - Consistent code style across your project
-- **Husky Git Hooks** - Pre-commit (lint-staged) and pre-push (validation)
-- **lint-staged Processing** - Only process changed files for speed
-- **Pre-push Validation** - Prevents broken code from reaching CI
+- **Husky Git Hooks** - Pre-commit (lint + format) and pre-push (type check + tests)
+- **lint-staged Processing** - Only process staged files for speed
+- **Delta Testing** - Pre-push runs tests on changed files only (fast feedback)
 - **GitHub Actions** - Automated quality checks in CI/CD
 - **TypeScript Smart** - Auto-detects and configures TypeScript projects
 - **Python Support** - Complete Python toolchain with Black, Ruff, isort, mypy, pytest
@@ -26,7 +26,7 @@ Quality automation CLI for JavaScript/TypeScript, Python, and shell script proje
 - **Progressive Quality** - Adaptive checks based on project maturity
 - **Smart Test Strategy** - Risk-based pre-push validation (Pro feature)
 
-### Quality Tools (v5.2.0+)
+### Quality Tools
 
 - **Lighthouse CI** - Performance, accessibility, SEO audits (Free: basic, Pro: thresholds)
 - **Bundle Size Limits** - Enforce bundle budgets with size-limit (Pro)
@@ -34,7 +34,7 @@ Quality automation CLI for JavaScript/TypeScript, Python, and shell script proje
 - **Conventional Commits** - commitlint with commit-msg hook (Free)
 - **Coverage Thresholds** - Enforce code coverage minimums (Pro)
 
-### Pre-Launch Validation (v5.3.0+)
+### Pre-Launch Validation
 
 - **SEO Validation** - Sitemap, robots.txt, meta tags validation (Free)
 - **Link Validation** - Broken link detection with linkinator (Free)
@@ -100,9 +100,42 @@ npx create-qa-architect@latest
 | ---------------------------- | ---- | ---- |
 | GitHub Actions cost analyzer | ❌   | ✅   |
 
+### Get Pro
+
+**Purchase:** [vibebuildlab.com/qa-architect](https://vibebuildlab.com/qa-architect)
+
+After purchase, you'll receive a license key via email (QAA-XXXX-XXXX-XXXX-XXXX).
+
+**Activate your license:**
+
+```bash
+npx create-qa-architect@latest --activate-license
+# Enter your license key when prompted
+```
+
+**Check license status:**
+
+```bash
+npx create-qa-architect@latest --license-status
+```
+
 ## Workflow Tiers (GitHub Actions Cost Optimization)
 
-qa-architect now defaults to **minimal CI** to avoid unexpected GitHub Actions bills. Choose the tier that matches your needs:
+qa-architect follows industry best practice: **"Fail fast locally, verify comprehensively remotely"**
+
+### The Testing Pyramid
+
+| Layer          | Time     | What Runs                          | Why                        |
+| -------------- | -------- | ---------------------------------- | -------------------------- |
+| **Pre-commit** | < 5s     | Lint + format (staged files)       | Instant feedback           |
+| **Pre-push**   | < 30s    | Type check + tests (changed files) | Catches bugs before push   |
+| **CI**         | 3-10 min | Full test suite + security         | Comprehensive verification |
+
+Note: CI does NOT re-run lint/format (pre-commit already did it). This avoids redundant work and reduces CI costs.
+
+### Workflow Tiers (GitHub Actions Cost)
+
+qa-architect defaults to **minimal CI** to avoid unexpected GitHub Actions bills. Choose the tier that matches your needs:
 
 ### Minimal (Default) - $0-5/month
 
@@ -148,6 +181,16 @@ npx create-qa-architect@latest --workflow-standard
 npx create-qa-architect@latest --workflow-comprehensive
 ```
 
+### Matrix Testing for Libraries
+
+**Publishing an npm package or CLI tool?** Use `--matrix` to test on multiple Node.js versions:
+
+```bash
+npx create-qa-architect@latest --matrix
+```
+
+This adds Node.js 20 + 22 matrix testing - recommended for published packages that support multiple runtime versions. Not needed for web apps you deploy (you control the Node version).
+
 ### Switching Between Tiers
 
 Already using qa-architect? Convert to minimal to reduce costs:

package/config/defaults.js

@@ -1,5 +1,4 @@
 'use strict'
-/* eslint-disable security/detect-object-injection */
 
 const STYLELINT_EXTENSIONS = ['css', 'scss', 'sass', 'less', 'pcss']
 const DEFAULT_STYLELINT_TARGET = `**/*.{${STYLELINT_EXTENSIONS.join(',')}}`
@@ -18,6 +17,7 @@ const baseScripts = {
   test: 'vitest run --passWithNoTests',
   'test:watch': 'vitest',
   'test:coverage': 'vitest run --coverage',
+  'test:changed': 'vitest run --changed HEAD~1 --passWithNoTests',
   'security:audit':
     '[ -f pnpm-lock.yaml ] && pnpm audit --audit-level high || [ -f yarn.lock ] && yarn audit || npm audit --audit-level high',
   'security:secrets':
@@ -29,7 +29,7 @@ const baseScripts = {
   'validate:comprehensive': 'npx create-qa-architect@latest --comprehensive',
   'validate:all': 'npm run validate:comprehensive && npm run security:audit',
   'validate:pre-push':
-    'npm run test:patterns --if-present && npm run lint && npm run format:check && npm run test:commands --if-present && npm test --if-present',
+    'npm run test:patterns --if-present && npm run test:commands --if-present && npm run test:changed --if-present || npm test --if-present',
 }
 
 const normalizeStylelintTargets = stylelintTargets => {

package/config/quality-python.yml

@@ -3,15 +3,33 @@ name: Python Quality Checks
 on:
   push:
     branches: [main, master, develop]
+    paths:
+      - '**.py'
+      - 'pyproject.toml'
+      - 'setup.py'
+      - 'requirements*.txt'
+      - 'poetry.lock'
+      - 'Pipfile*'
   pull_request:
     branches: [main, master, develop]
+    paths:
+      - '**.py'
+      - 'pyproject.toml'
+      - 'setup.py'
+      - 'requirements*.txt'
+      - 'poetry.lock'
+      - 'Pipfile*'
+
+concurrency:
+  group: python-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   quality:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+        python-version: ['3.12']
 
     steps:
       - name: Checkout code

package/config/shell-ci.yml

@@ -3,8 +3,20 @@ name: Shell Script CI
 on:
   push:
     branches: [main, master, develop]
+    paths:
+      - '**.sh'
+      - '**.bash'
+      - '**.bats'
   pull_request:
     branches: [main, master, develop]
+    paths:
+      - '**.sh'
+      - '**.bash'
+      - '**.bats'
+
+concurrency:
+  group: shell-ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   shellcheck:

package/config/shell-quality.yml

@@ -3,8 +3,20 @@ name: Shell Script Quality Checks
 on:
   push:
     branches: [main, master, develop]
+    paths:
+      - '**.sh'
+      - '**.bash'
+      - '**.bats'
   pull_request:
     branches: [main, master, develop]
+    paths:
+      - '**.sh'
+      - '**.bash'
+      - '**.bats'
+
+concurrency:
+  group: shell-quality-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   documentation: