create-qa-architect 5.6.1 → 5.9.1

package/.github/workflows/quality.yml

@@ -69,8 +69,12 @@ jobs:
       - name: Detect Project Maturity
         id: detect
         run: |
-          # Use the project maturity detector
-          node node_modules/create-qa-architect/lib/project-maturity.js --github-actions >> $GITHUB_OUTPUT
+          # Use the project maturity detector (local for qa-architect itself, node_modules for other projects)
+          if [ -f lib/project-maturity.js ]; then
+            node lib/project-maturity.js --github-actions >> $GITHUB_OUTPUT
+          else
+            node node_modules/create-qa-architect/lib/project-maturity.js --github-actions >> $GITHUB_OUTPUT
+          fi
 
       - name: Display Detection Report
         run: |
@@ -245,7 +249,11 @@ jobs:
           echo "🔍 Running gitleaks secret scanning..."
           # Use setup.js security scan which manages gitleaks binary internally
           # This avoids the commercial license requirement of the gitleaks-action
-          node setup.js --security-config
+          if [ -f setup.js ]; then
+            node setup.js --security-config
+          else
+            node node_modules/create-qa-architect/setup.js --security-config
+          fi
 
       - name: Security pattern detection
         uses: semgrep/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d # v1
@@ -348,18 +356,30 @@ jobs:
       - name: Configuration security check
         run: |
           echo "🔍 Running configuration security validation..."
-          node setup.js --security-config
+          if [ -f setup.js ]; then
+            node setup.js --security-config
+          else
+            node node_modules/create-qa-architect/setup.js --security-config
+          fi
 
       - name: Documentation validation
         run: |
           echo "📖 Running documentation validation..."
-          node setup.js --validate-docs
+          if [ -f setup.js ]; then
+            node setup.js --validate-docs
+          else
+            node node_modules/create-qa-architect/setup.js --validate-docs
+          fi
 
       - name: Documentation consistency and security audit freshness
         run: |
           echo "🔐 Running comprehensive documentation validation..."
           # This includes security audit freshness check with proper git-based validation
-          bash scripts/check-docs.sh
+          if [ -f scripts/check-docs.sh ]; then
+            bash scripts/check-docs.sh
+          else
+            bash node_modules/create-qa-architect/scripts/check-docs.sh
+          fi
 
       - name: Package size and contents validation
         if: hashFiles('package.json') != ''
@@ -402,11 +422,33 @@ jobs:
 
       - name: Lighthouse CI
         if: hashFiles('.lighthouserc.js', '.lighthouserc.json', 'lighthouserc.js') != ''
+        id: lighthouse
         run: |
           echo "🚢 Running Lighthouse CI..."
           npx lhci autorun
         continue-on-error: true
 
+      - name: Report Lighthouse Failures
+        if: steps.lighthouse.outcome == 'failure'
+        env:
+          MATURITY: ${{ needs.detect-maturity.outputs.maturity }}
+        run: |
+          echo "::error::Lighthouse CI failed - performance budgets or quality thresholds violated"
+          echo "Review the Lighthouse report to see which metrics failed."
+          echo "Common failures: performance score, accessibility issues, SEO problems"
+
+          # Add to job summary for visibility
+          echo "## ⚠️ Lighthouse CI Failed" >> $GITHUB_STEP_SUMMARY
+          echo "Performance budgets or quality thresholds were violated." >> $GITHUB_STEP_SUMMARY
+          echo "This is currently a soft failure (continue-on-error: true)." >> $GITHUB_STEP_SUMMARY
+          echo "Review the Lighthouse report in the Actions logs above." >> $GITHUB_STEP_SUMMARY
+
+          # Fail build for production-ready projects
+          if [ "$MATURITY" == "production-ready" ]; then
+            echo "::error::Production-ready projects must pass Lighthouse CI checks"
+            exit 1
+          fi
+
   # Step 7: Summary - report what checks ran
   summary:
     runs-on: ubuntu-latest
@@ -421,6 +463,12 @@ jobs:
 
     steps:
       - name: Generate Check Summary
+        env:
+          CORE_RESULT: ${{ needs.core-checks.result }}
+          LINTING_RESULT: ${{ needs.linting.result }}
+          SECURITY_RESULT: ${{ needs.security.result }}
+          TESTS_RESULT: ${{ needs.tests.result }}
+          DOCS_RESULT: ${{ needs.documentation.result }}
         run: |
           echo "## Quality Checks Summary 📊" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
@@ -433,11 +481,59 @@ jobs:
           echo "- Has documentation: ${{ needs.detect-maturity.outputs.has-docs }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Checks Executed" >> $GITHUB_STEP_SUMMARY
-          echo "- ✅ Core checks: Always run" >> $GITHUB_STEP_SUMMARY
-          echo "- ${{ needs.detect-maturity.outputs.source-count > 0 && '✅' || '⏭️' }} Linting: ${{ needs.detect-maturity.outputs.source-count > 0 && 'Enabled' || 'Skipped (no source files)' }}" >> $GITHUB_STEP_SUMMARY
-          echo "- ${{ needs.detect-maturity.outputs.has-deps == 'true' && '✅' || '⏭️' }} Security: ${{ needs.detect-maturity.outputs.has-deps == 'true' && 'Enabled' || 'Skipped (no dependencies)' }}" >> $GITHUB_STEP_SUMMARY
-          echo "- ${{ needs.detect-maturity.outputs.test-count > 0 && '✅' || '⏭️' }} Tests: ${{ needs.detect-maturity.outputs.test-count > 0 && 'Enabled' || 'Skipped (no test files)' }}" >> $GITHUB_STEP_SUMMARY
-          echo "- ${{ needs.detect-maturity.outputs.maturity == 'production-ready' && '✅' || '⏭️' }} Documentation: ${{ needs.detect-maturity.outputs.maturity == 'production-ready' && 'Enabled' || 'Skipped (not production-ready)' }}" >> $GITHUB_STEP_SUMMARY
+
+          # Core checks
+          if [ "$CORE_RESULT" == "success" ]; then
+            echo "- ✅ Core checks: Passed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$CORE_RESULT" == "failure" ]; then
+            echo "- ❌ Core checks: Failed" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Core checks: $CORE_RESULT" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # Linting
+          if [ "$LINTING_RESULT" == "success" ]; then
+            echo "- ✅ Linting: Passed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$LINTING_RESULT" == "failure" ]; then
+            echo "- ❌ Linting: Failed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$LINTING_RESULT" == "skipped" ]; then
+            echo "- ⏭️ Linting: Skipped (no source files)" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Linting: $LINTING_RESULT" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # Security
+          if [ "$SECURITY_RESULT" == "success" ]; then
+            echo "- ✅ Security: Passed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$SECURITY_RESULT" == "failure" ]; then
+            echo "- ❌ Security: Failed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$SECURITY_RESULT" == "skipped" ]; then
+            echo "- ⏭️ Security: Skipped (no dependencies)" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Security: $SECURITY_RESULT" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # Tests
+          if [ "$TESTS_RESULT" == "success" ]; then
+            echo "- ✅ Tests: Passed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$TESTS_RESULT" == "failure" ]; then
+            echo "- ❌ Tests: Failed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$TESTS_RESULT" == "skipped" ]; then
+            echo "- ⏭️ Tests: Skipped (no test files)" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Tests: $TESTS_RESULT" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # Documentation
+          if [ "$DOCS_RESULT" == "success" ]; then
+            echo "- ✅ Documentation: Passed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$DOCS_RESULT" == "failure" ]; then
+            echo "- ❌ Documentation: Failed" >> $GITHUB_STEP_SUMMARY
+          elif [ "$DOCS_RESULT" == "skipped" ]; then
+            echo "- ⏭️ Documentation: Skipped (not production-ready)" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- ⚠️ Documentation: $DOCS_RESULT" >> $GITHUB_STEP_SUMMARY
+          fi
       # PR_COMMENTS_PLACEHOLDER
 
 # ALERTS_PLACEHOLDER

package/README.md

@@ -58,14 +58,12 @@ npx create-qa-architect@latest
 
 ## Pricing
 
-| Tier           | Price             | What You Get                                                                                       |
-| -------------- | ----------------- | -------------------------------------------------------------------------------------------------- |
-| **Free**       | $0                | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
-| **Pro**        | $19/mo or $190/yr | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
-| **Team**       | Contact us        | + RBAC, Slack alerts, multi-repo dashboard, team audit log _(coming soon)_                         |
-| **Enterprise** | Contact us        | + SSO/SAML, custom policies, compliance pack, dedicated TAM _(coming soon)_                        |
+| Tier     | Price             | What You Get                                                                                       |
+| -------- | ----------------- | -------------------------------------------------------------------------------------------------- |
+| **Free** | $0                | CLI tool, basic linting/formatting, npm audit (capped: 1 private repo, 50 runs/mo)                 |
+| **Pro**  | $19/mo or $190/yr | **Security scanning (Gitleaks + ESLint security)**, Smart Test Strategy, multi-language, unlimited |
 
-> **Pro included in [VBL Starter Kit](https://vibebuildlab.com/starter-kit)** — Team/Enterprise are standalone purchases.
+> **Pro included in [VBL Starter Kit](https://vibebuildlab.com/starter-kit)**
 
 ### Security Features by Tier
 
@@ -138,7 +136,7 @@ npx create-qa-architect@latest --workflow-standard
 
 ### Comprehensive - $100-350/month
 
-**Best for:** Enterprise teams, high-compliance projects, large teams
+**Best for:** High-compliance projects, large teams
 
 - Matrix testing (Node 20 + 22) on **every commit**
 - Security scans inline (every commit)
@@ -188,7 +186,7 @@ Shows estimated GitHub Actions usage and provides optimization recommendations.
 
 ### License
 
-**Commercial License (freemium)** — free tier covers the basic CLI; Pro/Team/Enterprise features require a paid subscription. See [LICENSE](LICENSE).
+**Commercial License (freemium)** — free tier covers the basic CLI; Pro features require a paid subscription. See [LICENSE](LICENSE).
 
 ## Tech Stack
 
@@ -381,7 +379,7 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
 
 ## License
 
-Commercial freemium license — the base CLI is free to use; Pro/Team/Enterprise features require a paid subscription. See [LICENSE](LICENSE) for details.
+Commercial freemium license — the base CLI is free to use; Pro features require a paid subscription. See [LICENSE](LICENSE) for details.
 
 ## Legal
 

package/docs/ARCHITECTURE-REVIEW-2026-01-08.md

@@ -113,7 +113,7 @@ CLI (setup.js) → Commands → Business Logic → Utilities
 - ✅ config/constants.js for all magic numbers
 - ✅ config/defaults.js for default scripts/dependencies
 - ✅ Environment variables: QAA_LICENSE_DIR, QAA_ERROR_DIR, QAA_TELEMETRY_DIR
-- ✅ Feature flags via tier system (FREE/PRO/TEAM/ENTERPRISE)
+- ✅ Feature flags via tier system (FREE/PRO)
 
 #### Upgrade/Migration Path
 
@@ -402,7 +402,7 @@ Remaining low-priority items in BACKLOG.md:
    - Extensible linter/formatter support
    - Community plugins for new languages
 
-2. **Cloud Sync (Team/Enterprise)**
+2. **Cloud Sync (Future)**
    - Shared policies across teams
    - Centralized dashboard
 

package/docs/CI-COST-ANALYSIS.md

@@ -255,7 +255,7 @@ if: github.event.pull_request.draft == false
 
 **Current Default** (what qa-architect creates):
 
-- ❌ Enterprise-grade CI for solo devs
+- ❌ Comprehensive CI for solo devs
 - ❌ Costs $100-350/mo for typical projects
 - ❌ Over-engineering: Gitleaks + Semgrep on every commit
 

package/docs/MIGRATION-5.8.0.md

@@ -0,0 +1,157 @@
+# Migration Guide: v5.8.0
+
+## Overview
+
+Version 5.8.0 fixes critical silent failure bugs in the GitHub Actions workflow template that could allow broken code to merge:
+
+1. **Lighthouse CI failures** were silently ignored (now fails production builds)
+2. **Job summaries** always showed ✅ even when checks failed (now shows actual results)
+
+## Who Should Upgrade?
+
+**All projects using qa-architect** - especially production-ready projects that rely on Lighthouse CI for performance gates.
+
+## Quick Migration (Recommended)
+
+Update your workflow in one command:
+
+```bash
+npx create-qa-architect@latest
+```
+
+This will:
+
+- Detect your existing workflow mode (minimal/standard/comprehensive)
+- Preserve your current configuration
+- Apply the bug fixes to `.github/workflows/quality.yml`
+
+## What Changes?
+
+### 1. Lighthouse CI - Now Fails Production Builds
+
+**Before (v5.7.0):**
+
+```yaml
+- name: Lighthouse CI
+  run: npx lhci autorun
+  continue-on-error: true # ⚠️ Failures silently ignored
+```
+
+**After (v5.8.0):**
+
+```yaml
+- name: Lighthouse CI
+  id: lighthouse
+  run: npx lhci autorun
+  continue-on-error: true
+
+- name: Report Lighthouse Failures
+  if: steps.lighthouse.outcome == 'failure'
+  env:
+    MATURITY: ${{ needs.detect-maturity.outputs.maturity }}
+  run: |
+    echo "::error::Lighthouse CI failed"
+    # Fail build for production-ready projects
+    if [ "$MATURITY" == "production-ready" ]; then
+      exit 1
+    fi
+```
+
+**Impact:**
+
+- **Production-ready projects**: Lighthouse failures now block merges (hard gate)
+- **Other projects**: Lighthouse failures show warnings but don't block (soft gate)
+
+### 2. Job Summary - Shows Actual Results
+
+**Before (v5.7.0):**
+
+```yaml
+# Always showed ✅ if enabled, regardless of pass/fail
+echo "- ✅ Tests: Enabled" >> $GITHUB_STEP_SUMMARY
+```
+
+**After (v5.8.0):**
+
+```yaml
+# Shows actual result: ✅ success, ❌ failure, ⏭️ skipped
+if [ "$TESTS_RESULT" == "success" ]; then
+  echo "- ✅ Tests: Passed" >> $GITHUB_STEP_SUMMARY
+elif [ "$TESTS_RESULT" == "failure" ]; then
+  echo "- ❌ Tests: Failed" >> $GITHUB_STEP_SUMMARY
+fi
+```
+
+**Impact:**
+
+- Summaries now accurately reflect job outcomes
+- Failures are immediately visible in PR checks
+
+## Verification
+
+After upgrading, verify the changes:
+
+```bash
+# Check workflow mode marker
+grep "WORKFLOW_MODE:" .github/workflows/quality.yml
+
+# Verify Lighthouse failure handler exists
+grep -A 10 "Report Lighthouse Failures" .github/workflows/quality.yml
+
+# Verify summary uses actual results
+grep "CORE_RESULT" .github/workflows/quality.yml
+```
+
+## Rollback (If Needed)
+
+If you need to rollback to v5.7.0:
+
+```bash
+npx create-qa-architect@5.7.0
+```
+
+## Breaking Changes
+
+None - these are backwards-compatible bug fixes.
+
+**Exception:** If you have production-ready maturity and currently have Lighthouse failures that are being ignored, they will now block your builds. This is the intended behavior to prevent quality regressions.
+
+## FAQ
+
+### Q: Will this affect my CI minutes?
+
+No - the changes only add a conditional failure reporting step. No new jobs or scans.
+
+### Q: What if I want to keep Lighthouse as a soft failure?
+
+Remove the production-ready check from the "Report Lighthouse Failures" step:
+
+```yaml
+# Remove this block:
+if [ "$MATURITY" == "production-ready" ]; then
+exit 1
+fi
+```
+
+### Q: How do I know my maturity level?
+
+Check your workflow or run:
+
+```bash
+npx create-qa-architect --check-maturity
+```
+
+Maturity levels: minimal → bootstrap → development → production-ready
+
+### Q: Can I update manually instead of re-running the tool?
+
+Yes, but not recommended. The template changes are extensive. If you must:
+
+1. Copy the new steps from `.github/workflows/quality.yml` in this repo
+2. Add Lighthouse failure handler (lines 411-430)
+3. Update summary step to use `needs.<job>.result` (lines 445-516)
+
+## Support
+
+- Issues: https://github.com/anthropics/qa-architect/issues
+- Docs: https://github.com/anthropics/qa-architect/blob/main/README.md