create-qa-architect 5.12.0 → 5.13.2

package/docs/dev_guide/CONVENTIONS.md

@@ -0,0 +1,132 @@
+# Dev Guide — QA Architect
+
+> Load at session start. Replaces blind codebase exploration.
+> **Last updated:** 2026-03-08
+
+## What This Project Does
+
+QA Architect (`create-qa-architect`) is a CLI tool that bootstraps quality automation for JavaScript/TypeScript, Python, and shell script projects. One command installs ESLint, Prettier, Husky, lint-staged, and GitHub Actions. Pro tier adds Gitleaks security scanning, Smart Test Strategy, and multi-language support.
+
+**Tech stack:** Node.js (CommonJS, no build step) · Vanilla JS (no framework) · GitHub Actions templates · c8 for coverage · Playwright for E2E
+
+**Entry point:** `setup.js` — CLI argument parsing and orchestration. Run as `npx create-qa-architect` or `node setup.js`.
+
+**npm package:** `create-qa-architect` v5.13.2 (published via GitHub trusted publishing)
+
+## Directory Structure
+
+```
+qa-architect/
+├── setup.js               # Main CLI entry — arg parsing + orchestration
+├── lib/                   # Business logic modules
+│   ├── licensing.js       # Freemium tier system (FREE/PRO), feature gates, usage caps
+│   ├── project-maturity.js# Detects project maturity stage (minimal → production-ready)
+│   ├── workflow-config.js  # CI workflow generation + tier transformations
+│   ├── smart-strategy-generator.js  # Risk-based test selection (Pro feature)
+│   ├── template-loader.js # Custom template merging
+│   ├── commands/          # Command handlers (validate, deps, analyze-ci)
+│   ├── validation/        # Validators (security, docs, config)
+│   └── interactive/       # TTY prompt system
+├── templates/             # Config file templates deployed to consumer repos
+│   ├── ci/                # GitHub Actions workflow templates
+│   └── scripts/           # Helper scripts deployed to consumers
+├── config/                # Language-specific configs (Python, Shell)
+├── scripts/               # Dev/ops scripts (deploy-consumers, e2e tests, etc.)
+├── tests/                 # 40+ test files (Node's assert module, no test runner)
+├── docs/                  # Dev guides and plans
+│   ├── dev_guide/         # This file and other dev references
+│   └── plans/             # Agent planning docs (/bs:plan output)
+└── .claude/               # Claude Code workspace metadata
+```
+
+## Key Files
+
+| File                                          | Role                                                        |
+| --------------------------------------------- | ----------------------------------------------------------- |
+| `setup.js:390-500`                            | Main entry — arg parsing, interactive mode, command routing |
+| `setup.js:985-2143`                           | `runMainSetup()` — core setup flow                          |
+| `lib/licensing.js`                            | All tier logic, usage caps, feature gates                   |
+| `lib/project-maturity.js`                     | Maturity detection algorithm                                |
+| `lib/workflow-config.js`                      | CI workflow generation, mode detection, matrix injection    |
+| `lib/template-loader.js`                      | Custom template merging                                     |
+| `config/defaults.js`                          | Default scripts, dependencies, lint-staged config           |
+| `scripts/deploy-consumers.sh`                 | Auto-discovers + deploys to all consumer repos              |
+| `tests/consumer-workflow-integration.test.js` | Gates what can appear in consumer CI output                 |
+
+## Conventions
+
+**Language:** Plain JavaScript (CommonJS). No TypeScript in the main source. `QAA_DEVELOPER=true` env var bypasses license checks in tests.
+
+**Naming:** kebab-case files, camelCase functions/vars. Test files: `tests/[feature].test.js`.
+
+**Feature addition pattern:**
+
+1. Add feature gate check in `lib/licensing.js` if Pro-only
+2. Implement in appropriate `lib/` module
+3. Wire into `setup.js` argument parsing if it needs a CLI flag
+4. Add test file: `tests/[feature].test.js` using Node `assert` module
+5. Add to the `npm test` chain in `package.json`
+
+**Template-as-Product contract** — `quality.yml` is BOTH qa-architect's own CI AND the template deployed to 15+ consumer repos. Rules:
+
+- Never reference `node_modules/create-qa-architect` in templates — consumers use `npx @latest`
+- Never use `\s*` in YAML cleanup regexes — use `[ \t]*` (avoids newline collapse)
+- Conditional content uses `# {{NAME_BEGIN/END}}` section markers, stripped by `stripSection()`
+- `CONSUMER_FORBIDDEN_CONTENT` in `consumer-workflow-integration.test.js` is a hard gate
+
+**Workflow tiers:**
+
+- Minimal (default): single Node 22, weekly security, path filters (~$0-5/mo)
+- Standard: single Node 22, tests on main only (~$5-10/mo)
+- Comprehensive: matrix every commit (~$100-350/mo)
+
+**Testing approach:** Tests use real filesystem with temp directories (no mocks). `createTempGitRepo()` is the standard test setup helper.
+
+**Publishing:** Never run `npm publish` manually. GitHub Actions handles publishing via trusted publishing when `package.json` version changes on `main`.
+
+## Running the Project
+
+```bash
+# Install dependencies
+npm install
+
+# Run all tests (40+ files, ~2-3 min)
+QAA_DEVELOPER=true npm test
+
+# Fast unit tests only
+npm run test:unit
+
+# Single test file
+QAA_DEVELOPER=true node tests/licensing.test.js
+
+# CLI smoke test (dry run — no changes)
+node setup.js --dry-run
+
+# Validate before release
+npm run prerelease
+
+# Deploy to consumer repos (after publishing)
+./scripts/deploy-consumers.sh           # validate only
+./scripts/deploy-consumers.sh --push    # regenerate + commit + push
+```
+
+## Agent Gotchas
+
+- **`QAA_DEVELOPER=true`** must be set for most tests — it bypasses license checks. Without it, tests fail with license errors.
+- **Never `npm publish` manually** — GitHub trusted publishing only. Use `npm version patch/minor/major` + push tags.
+- **Template changes affect 15+ consumer repos** — always run `tests/consumer-workflow-integration.test.js` after template edits.
+- **`\s` in YAML regexes will collapse newlines** — use `[ \t]*` for any whitespace-trimming regex on YAML content.
+- **Coverage thresholds:** 75% lines, 70% functions, 65% branches (enforced by `c8`).
+- **No Vitest/Jest** — tests use Node's built-in `assert` module and are run directly with `node tests/*.test.js`.
+- **Pre-push hook** runs `test:patterns`, `test:commands`, `test:changed` — these must all pass before push.
+- **`.claude` directory** already exists (has prior workspace data) — do not overwrite its contents.
+
+## Active Development Areas
+
+From recent git log:
+
+- Dependency updates (Dependabot active)
+- CI cost optimization (minute budget guardrails, monthly vs weekly security scans)
+- Staged rollout / canary deployment for consumer updates
+- Vercel Blob integration for webhook handler (replacing filesystem storage)
+- Documentation consistency improvements

package/eslint.config.cjs

@@ -37,6 +37,11 @@ if (security) {
 
 // Base rules configuration
 const baseRules = {
+  // Complexity gates (AI quality)
+  complexity: ['warn', 15],
+  'max-depth': ['warn', 4],
+  'max-params': ['warn', 5],
+
   // XSS Prevention patterns - critical for web applications
   'no-eval': 'error',
   'no-implied-eval': 'error',
@@ -112,4 +117,24 @@ if (tsPlugin && tsParser) {
   })
 }
 
+// Import verification (eslint-plugin-n)
+let nPlugin = null
+try {
+  nPlugin = require('eslint-plugin-n')
+} catch {
+  // eslint-plugin-n not installed
+}
+
+if (nPlugin) {
+  configs.push({
+    files: ['**/*.{js,mjs,cjs}'],
+    plugins: { n: nPlugin },
+    rules: {
+      'n/no-missing-require': 'error',
+      'n/no-missing-import': 'off', // Often handled by bundlers
+      'n/no-unpublished-require': 'off',
+    },
+  })
+}
+
 module.exports = configs

package/lib/blob-storage.js

@@ -0,0 +1,57 @@
+'use strict'
+
+const { put, head } = require('@vercel/blob')
+
+const BLOB_PREFIX = 'licenses/'
+
+const BLOB_PATHS = {
+  private: `${BLOB_PREFIX}legitimate-licenses.json`,
+  public: `${BLOB_PREFIX}legitimate-licenses.public.json`,
+}
+
+/**
+ * Load JSON from a Vercel Blob path.
+ * Returns null ONLY if the blob does not exist (first-run).
+ * Throws on infrastructure errors so callers can distinguish
+ * "empty" from "broken".
+ */
+async function loadBlob(blobPath) {
+  let metadata
+  try {
+    metadata = await head(blobPath)
+  } catch (error) {
+    if (error.code === 'blob_not_found' || error.name === 'BlobNotFoundError') {
+      return null
+    }
+    throw new Error(`Blob head failed for ${blobPath}: ${error.message}`)
+  }
+
+  const response = await fetch(metadata.url)
+  if (!response.ok) {
+    throw new Error(
+      `Blob fetch failed for ${blobPath}: HTTP ${response.status}`
+    )
+  }
+
+  try {
+    return await response.json()
+  } catch (error) {
+    throw new Error(`Blob JSON parse failed for ${blobPath}: ${error.message}`)
+  }
+}
+
+/**
+ * Save JSON to a Vercel Blob path.
+ * Throws on failure so callers know the write did not persist.
+ */
+async function saveBlob(blobPath, data) {
+  const content = JSON.stringify(data, null, 2)
+  return put(blobPath, content, {
+    access: /** @type {const} */ ('public'),
+    addRandomSuffix: false,
+    allowOverwrite: true,
+    contentType: 'application/json',
+  })
+}
+
+module.exports = { loadBlob, saveBlob, BLOB_PATHS }

package/lib/commands/analyze-ci.js

@@ -13,6 +13,11 @@ const { execSync } = require('child_process')
 const yaml = require('js-yaml')
 const { showProgress } = require('../ui-helpers')
 
+const DAYS_PER_MONTH = 30
+const DEFAULT_PULL_REQUEST_FACTOR = 0.8
+const DEFAULT_MANUAL_RUNS_PER_MONTH = 1
+const DEFAULT_RELEASE_RUNS_PER_MONTH = 1
+
 /**
  * Discover all GitHub Actions workflow files in the project
  * @param {string} projectPath - Root path of the project
@@ -151,25 +156,238 @@ function getCommitFrequency(projectPath, days = 30) {
   }
 }
 
+/**
+ * Normalize a GitHub Actions `on` declaration into a trigger object.
+ * @param {string|string[]|object} onConfig - Workflow `on` section
+ * @returns {object} Normalized trigger object
+ */
+function normalizeTriggers(onConfig) {
+  if (!onConfig) return {}
+  if (typeof onConfig === 'string') return { [onConfig]: true }
+  if (Array.isArray(onConfig)) {
+    return onConfig.reduce((acc, eventName) => {
+      if (typeof eventName === 'string') {
+        acc[eventName] = true
+      }
+      return acc
+    }, {})
+  }
+  if (typeof onConfig === 'object') return onConfig
+  return {}
+}
+
+/**
+ * Count cron field slots for rough monthly frequency estimation.
+ * @param {string} field - Cron field expression
+ * @param {number} maxSlots - Max slots in field (minute=60, hour=24)
+ * @returns {number} Estimated slot count
+ */
+function countCronFieldSlots(field, maxSlots) {
+  if (!field || field === '*') return 1
+
+  if (field.includes(',')) {
+    return field
+      .split(',')
+      .map(part => part.trim())
+      .reduce((sum, part) => sum + countCronFieldSlots(part, maxSlots), 0)
+  }
+
+  if (field.includes('/')) {
+    const [base, stepRaw] = field.split('/')
+    const step = Number(stepRaw)
+    if (!Number.isFinite(step) || step <= 0) return 1
+
+    if (!base || base === '*') {
+      return Math.max(1, Math.ceil(maxSlots / step))
+    }
+
+    if (base.includes('-')) {
+      const [startRaw, endRaw] = base.split('-')
+      const start = Number(startRaw)
+      const end = Number(endRaw)
+      if (!Number.isFinite(start) || !Number.isFinite(end) || end < start) {
+        return 1
+      }
+      return Math.max(1, Math.ceil((end - start + 1) / step))
+    }
+  }
+
+  if (field.includes('-')) {
+    const [startRaw, endRaw] = field.split('-')
+    const start = Number(startRaw)
+    const end = Number(endRaw)
+    if (!Number.isFinite(start) || !Number.isFinite(end) || end < start) {
+      return 1
+    }
+    return Math.max(1, end - start + 1)
+  }
+
+  return 1
+}
+
+/**
+ * Estimate monthly runs from schedule cron expressions.
+ * @param {Array|object} scheduleConfig - Workflow schedule config
+ * @returns {number} Estimated runs per month
+ */
+function estimateScheduleRunsPerMonth(scheduleConfig) {
+  const schedules = Array.isArray(scheduleConfig)
+    ? scheduleConfig
+    : scheduleConfig
+      ? [scheduleConfig]
+      : []
+
+  if (schedules.length === 0) return 0
+
+  return schedules.reduce((total, entry) => {
+    const cron =
+      entry && typeof entry.cron === 'string' ? entry.cron.trim() : ''
+    const parts = cron.split(/\s+/)
+    if (parts.length !== 5) {
+      return total + 4
+    }
+
+    const [
+      minuteField,
+      hourField,
+      dayOfMonthField,
+      monthField,
+      dayOfWeekField,
+    ] = parts
+
+    const minuteSlots = countCronFieldSlots(minuteField, 60)
+    const hourSlots = countCronFieldSlots(hourField, 24)
+    const timeSlots = Math.max(1, minuteSlots * hourSlots)
+
+    let baseRuns = DAYS_PER_MONTH
+    if (dayOfWeekField !== '*') {
+      const dowSlots = countCronFieldSlots(dayOfWeekField, 7)
+      baseRuns = Math.ceil(dowSlots * 4.3) // ~4.3 weeks/month
+    } else if (dayOfMonthField !== '*') {
+      baseRuns = 1
+    } else if (monthField !== '*') {
+      baseRuns = 1
+    }
+
+    return total + Math.max(1, Math.ceil(baseRuns * timeSlots))
+  }, 0)
+}
+
+/**
+ * Estimate workflow runs/month from trigger type.
+ * @param {object} workflow - Parsed workflow object
+ * @param {number} commitsPerDay - Average commits/day
+ * @param {object} [options={}] - Estimation tuning
+ * @returns {number} Estimated runs per month
+ */
+function estimateWorkflowRunsPerMonth(workflow, commitsPerDay, options = {}) {
+  const triggers = normalizeTriggers(workflow && workflow.on)
+  const commitsPerMonth = Math.ceil(commitsPerDay * DAYS_PER_MONTH)
+  const pullRequestFactor =
+    options.pullRequestFactor ?? DEFAULT_PULL_REQUEST_FACTOR
+  const manualRunsPerMonth =
+    options.manualRunsPerMonth ?? DEFAULT_MANUAL_RUNS_PER_MONTH
+  const releaseRunsPerMonth =
+    options.releaseRunsPerMonth ?? DEFAULT_RELEASE_RUNS_PER_MONTH
+
+  const hasPush = Object.prototype.hasOwnProperty.call(triggers, 'push')
+  const hasPullRequest = Object.prototype.hasOwnProperty.call(
+    triggers,
+    'pull_request'
+  )
+  const hasSchedule = Object.prototype.hasOwnProperty.call(triggers, 'schedule')
+  const hasWorkflowDispatch = Object.prototype.hasOwnProperty.call(
+    triggers,
+    'workflow_dispatch'
+  )
+  const hasRelease = Object.prototype.hasOwnProperty.call(triggers, 'release')
+  const hasCreate = Object.prototype.hasOwnProperty.call(triggers, 'create')
+
+  const pushConfig =
+    hasPush && typeof triggers.push === 'object' ? triggers.push : null
+  const pushIsTagOnly =
+    !!pushConfig &&
+    Array.isArray(pushConfig.tags) &&
+    pushConfig.tags.length > 0 &&
+    !pushConfig.branches &&
+    !pushConfig['branches-ignore']
+  const hasCommitPush = hasPush && !pushIsTagOnly
+  const hasTagPush = hasPush && pushIsTagOnly
+
+  let runsPerMonth = 0
+
+  if (hasCommitPush) {
+    runsPerMonth += commitsPerMonth
+  }
+  if (hasPullRequest) {
+    runsPerMonth += Math.ceil(commitsPerMonth * pullRequestFactor)
+  }
+  if (hasSchedule) {
+    runsPerMonth += estimateScheduleRunsPerMonth(triggers.schedule)
+  }
+  if (hasTagPush || hasRelease || hasCreate) {
+    runsPerMonth += releaseRunsPerMonth
+  }
+
+  const hasOnlyManualTrigger =
+    hasWorkflowDispatch &&
+    !hasCommitPush &&
+    !hasPullRequest &&
+    !hasSchedule &&
+    !hasTagPush &&
+    !hasRelease &&
+    !hasCreate
+  if (hasOnlyManualTrigger) {
+    runsPerMonth += manualRunsPerMonth
+  }
+
+  // Fallback for unusual trigger configurations.
+  if (runsPerMonth === 0) {
+    runsPerMonth = commitsPerMonth
+  }
+
+  return Math.max(1, Math.ceil(runsPerMonth))
+}
+
 /**
  * Calculate monthly CI costs based on workflow usage
  * @param {Array} workflows - Array of workflow analysis results
  * @param {number} commitsPerDay - Average commits per day
+ * @param {object} [options={}] - Estimation tuning options
  * @returns {object} Cost breakdown and recommendations
  */
-function calculateMonthlyCosts(workflows, commitsPerDay) {
-  const minutesPerWorkflow = workflows.reduce(
-    (total, wf) => total + wf.estimatedDuration,
+function calculateMonthlyCosts(workflows, commitsPerDay, options = {}) {
+  const enrichedWorkflows = workflows.map(wf => {
+    const runsPerMonth = estimateWorkflowRunsPerMonth(
+      wf.parsed || wf,
+      commitsPerDay,
+      options
+    )
+    const minutesPerMonth = Math.ceil(wf.estimatedDuration * runsPerMonth)
+    return {
+      ...wf,
+      runsPerMonth,
+      minutesPerMonth,
+    }
+  })
+
+  const totalWorkflowRunsPerMonth = enrichedWorkflows.reduce(
+    (total, wf) => total + wf.runsPerMonth,
+    0
+  )
+  const minutesPerMonth = enrichedWorkflows.reduce(
+    (total, wf) => total + wf.minutesPerMonth,
     0
   )
-  const workflowRunsPerDay = commitsPerDay * workflows.length
-  const minutesPerDay = minutesPerWorkflow * commitsPerDay
-  const minutesPerMonth = Math.ceil(minutesPerDay * 30)
+  const minutesPerDay = minutesPerMonth / DAYS_PER_MONTH
+  const workflowRunsPerDay = totalWorkflowRunsPerMonth / DAYS_PER_MONTH
 
   // GitHub Actions pricing (as of 2024)
   const FREE_TIER_MINUTES = 2000 // Free tier monthly limit
   const TEAM_TIER_MINUTES = 3000 // Team tier monthly limit
   const COST_PER_MINUTE = 0.008 // $0.008/min for private repos
+  const TARGET_BUDGET_MINUTES = 1000
+  const STRETCH_BUDGET_MINUTES = 1500
 
   const freeOverage = Math.max(0, minutesPerMonth - FREE_TIER_MINUTES)
   const teamOverage = Math.max(0, minutesPerMonth - TEAM_TIER_MINUTES)
@@ -181,12 +399,18 @@ function calculateMonthlyCosts(workflows, commitsPerDay) {
     minutesPerMonth,
     minutesPerDay,
     workflowRunsPerDay,
-    breakdown: workflows.map(wf => ({
+    breakdown: enrichedWorkflows.map(wf => ({
       name: wf.name,
       minutesPerRun: wf.estimatedDuration,
-      runsPerMonth: Math.ceil(commitsPerDay * 30),
-      minutesPerMonth: Math.ceil(wf.estimatedDuration * commitsPerDay * 30),
+      runsPerMonth: wf.runsPerMonth,
+      minutesPerMonth: wf.minutesPerMonth,
     })),
+    budgets: {
+      target: TARGET_BUDGET_MINUTES,
+      stretch: STRETCH_BUDGET_MINUTES,
+      withinTarget: minutesPerMonth <= TARGET_BUDGET_MINUTES,
+      withinStretch: minutesPerMonth <= STRETCH_BUDGET_MINUTES,
+    },
     tiers: {
       free: {
         limit: FREE_TIER_MINUTES,
@@ -217,6 +441,7 @@ function analyzeOptimizations(workflows, commitsPerDay) {
   for (const wf of workflows) {
     const workflow = wf.parsed
     const workflowName = wf.name
+    const runsPerMonth = estimateWorkflowRunsPerMonth(workflow, commitsPerDay)
 
     if (!workflow.jobs) continue
 
@@ -243,7 +468,7 @@ function analyzeOptimizations(workflows, commitsPerDay) {
         if (hasInstall && !hasCaching) {
           // Estimate 2-5 min savings per run
           const savingsPerRun = 3
-          const savingsPerMonth = Math.ceil(savingsPerRun * commitsPerDay * 30)
+          const savingsPerMonth = Math.ceil(savingsPerRun * runsPerMonth)
 
           recommendations.push({
             type: 'caching',
@@ -267,7 +492,7 @@ function analyzeOptimizations(workflows, commitsPerDay) {
           const currentMinutes = wf.estimatedDuration
           const reductionFactor = 0.5
           const savingsPerMonth = Math.ceil(
-            currentMinutes * reductionFactor * commitsPerDay * 30
+            currentMinutes * reductionFactor * runsPerMonth
           )
 
           recommendations.push({
@@ -287,14 +512,18 @@ function analyzeOptimizations(workflows, commitsPerDay) {
 
     // 3. Detect high-frequency scheduled workflows
     if (workflow.on) {
-      const triggers = Array.isArray(workflow.on) ? workflow.on : [workflow.on]
-      const hasSchedule =
-        triggers.includes('schedule') ||
-        (typeof workflow.on === 'object' && workflow.on.schedule)
-
-      if (hasSchedule && workflowName.includes('nightly')) {
-        const currentRuns = 30 // Daily = 30 runs/month
-        const proposedRuns = 4 // Weekly = 4 runs/month
+      const triggers = normalizeTriggers(workflow.on)
+      const hasSchedule = Object.prototype.hasOwnProperty.call(
+        triggers,
+        'schedule'
+      )
+      const scheduledRuns = hasSchedule
+        ? estimateScheduleRunsPerMonth(triggers.schedule)
+        : 0
+
+      if (scheduledRuns >= 20) {
+        const currentRuns = scheduledRuns
+        const proposedRuns = 4 // Weekly
         const savingsPerMonth = Math.ceil(
           wf.estimatedDuration * (currentRuns - proposedRuns)
         )
@@ -303,7 +532,7 @@ function analyzeOptimizations(workflows, commitsPerDay) {
           type: 'frequency',
           workflow: workflowName,
           title: 'Reduce schedule frequency',
-          description: `"${workflowName}" runs nightly (30x/month)`,
+          description: `"${workflowName}" runs about ${currentRuns}x/month`,
           action: 'Change to weekly schedule (4x/month)',
           potentialSavings: savingsPerMonth,
           savingsPerRun: 0,
@@ -311,8 +540,8 @@ function analyzeOptimizations(workflows, commitsPerDay) {
         })
       }
 
-      if (hasSchedule && workflowName.includes('weekly')) {
-        const currentRuns = 4 // Weekly = 4 runs/month
+      if (scheduledRuns >= 4 && scheduledRuns < 20) {
+        const currentRuns = scheduledRuns
         const proposedRuns = 1 // Monthly = 1 run/month
         const savingsPerMonth = Math.ceil(
           wf.estimatedDuration * (currentRuns - proposedRuns)
@@ -323,7 +552,7 @@ function analyzeOptimizations(workflows, commitsPerDay) {
             type: 'frequency',
             workflow: workflowName,
             title: 'Reduce schedule frequency',
-            description: `"${workflowName}" runs weekly (4x/month)`,
+            description: `"${workflowName}" runs about ${currentRuns}x/month`,
             action: 'Change to monthly schedule (1x/month)',
             potentialSavings: savingsPerMonth,
             savingsPerRun: 0,
@@ -337,12 +566,15 @@ function analyzeOptimizations(workflows, commitsPerDay) {
     if (workflow.on && typeof workflow.on === 'object') {
       const hasPush = workflow.on.push || workflow.on.pull_request
       const hasPathFilter =
-        (workflow.on.push && workflow.on.push.paths) ||
-        (workflow.on.pull_request && workflow.on.pull_request.paths)
+        (workflow.on.push &&
+          (workflow.on.push.paths || workflow.on.push['paths-ignore'])) ||
+        (workflow.on.pull_request &&
+          (workflow.on.pull_request.paths ||
+            workflow.on.pull_request['paths-ignore']))
 
       if (hasPush && !hasPathFilter && !workflowName.includes('release')) {
-        // Estimate 20% of commits are docs-only
-        const wastedRuns = commitsPerDay * 0.2 * 30
+        // Estimate 20% of runs are docs-only/config-only changes
+        const wastedRuns = runsPerMonth * 0.2
         const savingsPerMonth = Math.ceil(wf.estimatedDuration * wastedRuns)
 
         if (savingsPerMonth > 50) {
@@ -401,6 +633,12 @@ function generateReport(analysis) {
     `  Commit frequency: ~${commitStats.commitsPerDay.toFixed(1)} commits/day`
   )
   console.log(`  Workflows detected: ${workflows.length}`)
+  console.log(
+    `  Budget target (<${costs.budgets.target} min): ${costs.budgets.withinTarget ? '✅' : '⚠️'}`
+  )
+  console.log(
+    `  Stretch budget (<${costs.budgets.stretch} min): ${costs.budgets.withinStretch ? '✅' : '⚠️'}`
+  )
   console.log('')
 
   // Workflow breakdown
@@ -613,6 +851,8 @@ module.exports = {
   handleAnalyzeCi,
   discoverWorkflows,
   estimateWorkflowDuration,
+  estimateScheduleRunsPerMonth,
+  estimateWorkflowRunsPerMonth,
   getCommitFrequency,
   calculateMonthlyCosts,
   analyzeOptimizations,

package/lib/commands/deps.js

@@ -95,7 +95,7 @@ async function handleDependencyMonitoring() {
   if (!capCheck.allowed) {
     console.error(`❌ ${capCheck.reason}`)
     console.error(
-      '   Upgrade to Pro, Team, or Enterprise for unlimited runs: https://vibebuildlab.com/qa-architect'
+      '   Upgrade to Pro, Team, or Enterprise for unlimited runs: https://buildproven.ai/qa-architect'
     )
     process.exit(1)
   }
@@ -126,7 +126,7 @@ async function handleDependencyMonitoring() {
 
     const configData = generatePremiumDependabotConfig({
       projectPath,
-      schedule: 'weekly',
+      schedule: 'monthly',
     })
 
     if (configData) {
@@ -173,7 +173,7 @@ async function handleDependencyMonitoring() {
 
     const dependabotConfig = generateBasicDependabotConfig({
       projectPath,
-      schedule: 'weekly',
+      schedule: 'monthly',
     })
 
     if (dependabotConfig) {
@@ -184,7 +184,7 @@ async function handleDependencyMonitoring() {
     console.log('\n🎉 Basic dependency monitoring setup complete!')
     console.log('\n📋 What was added (Free Tier):')
     console.log('   • Basic Dependabot configuration for npm packages')
-    console.log('   • Weekly dependency updates on Monday 9am')
+    console.log('   • Monthly dependency updates')
     console.log('   • GitHub Actions dependency monitoring')
 
     // Show upgrade message for premium features
@@ -271,7 +271,7 @@ async function handleDependencyMonitoring() {
     console.log('   2. Enable "Dependabot alerts"')
     console.log('   3. Enable "Dependabot security updates"')
     console.log(
-      `\n   • Report issue: https://github.com/vibebuildlab/qa-architect/issues/new?title=${errorId}`
+      `\n   • Report issue: https://github.com/buildproven/qa-architect/issues/new?title=${errorId}`
     )
   }
 

package/lib/commands/license-commands.js

@@ -39,11 +39,11 @@ async function handleLicenseActivation() {
       console.log('\n❌ License activation failed.')
       console.log('• Check your license key format (QAA-XXXX-XXXX-XXXX-XXXX)')
       console.log('• Verify your email address')
-      console.log('• Contact support: support@vibebuildlab.com')
+      console.log('• Contact support: support@buildproven.ai')
     }
   } catch (error) {
     console.error('\n❌ License activation error:', error.message)
-    console.log('Contact support for assistance: support@vibebuildlab.com')
+    console.log('Contact support for assistance: support@buildproven.ai')
   }
 
   process.exit(0)