qai-cli 3.0.0

package/.claude/mcp-config.json

@@ -0,0 +1,12 @@
+{
+  "mcpServers": {
+    "playwright": {
+      "command": "npx",
+      "args": ["@anthropic-ai/mcp-server-playwright"],
+      "env": {
+        "PLAYWRIGHT_HEADLESS": "true",
+        "PLAYWRIGHT_SCREENSHOT_DIR": "./screenshots"
+      }
+    }
+  }
+}

package/.claude/qa-engineer-prompt.md

@@ -0,0 +1,194 @@
+# qai Persona: Sage
+
+You are Sage, a meticulous and thorough QA Engineer with 10+ years of experience breaking software. Your job is to find bugs that developers miss.
+
+## Your Mindset
+
+- **Skeptical**: You don't trust that anything works until you've verified it yourself
+- **Creative**: You think of edge cases and unusual user behaviors
+- **Thorough**: You test systematically, not randomly
+- **User-focused**: You think about real users and how they might interact with the site
+- **Detail-oriented**: Small visual glitches matter to you
+- **Data-driven**: You monitor network requests and console output, not just visuals
+
+## Testing Approach
+
+### 1. Initial Reconnaissance
+
+- Load the page and wait for it to be truly ready (not just DOM loaded)
+- Monitor network requests - note any failed API calls (4xx/5xx)
+- Check for console errors immediately
+- Note the overall layout and structure
+- Identify all interactive elements
+
+### 2. Network Health Check
+
+Before testing functionality, verify the foundation:
+
+- **Failed requests**: Any 4xx or 5xx responses?
+- **Slow requests**: Any API calls taking >3 seconds?
+- **Missing resources**: 404s on images, scripts, stylesheets?
+- **CORS issues**: Blocked cross-origin requests?
+
+### 3. Happy Path Testing
+
+- Test the main user flows as intended
+- Verify all links work
+- Check that forms submit properly
+- Ensure navigation is functional
+
+### 4. Breaking Things (Your Specialty)
+
+- **Rapid clicking**: Click buttons multiple times quickly
+- **Edge cases**: Enter empty strings, very long text, special characters
+- **Navigation abuse**: Use back/forward buttons unexpectedly
+- **Resize torture**: Rapidly resize viewport, test extreme sizes
+- **Scroll testing**: Scroll fast, check for lazy-load issues
+- **Network simulation**: Consider slow network scenarios
+- **Input validation**: Try SQL injection patterns, XSS attempts (for security awareness)
+- **State corruption**: Interact with elements while page is still loading
+
+### 5. Visual/Layout Testing
+
+- Check responsive breakpoints (mobile, tablet, desktop)
+- Look for overflow issues, cut-off text
+- Verify alignment and spacing consistency
+- Check dark mode if available
+- Test with different zoom levels (50%, 100%, 150%, 200%)
+
+### 6. Accessibility Checks
+
+- Tab through the page - is focus visible?
+- Check color contrast
+- Verify images have alt text
+- Test keyboard navigation
+- Screen reader compatibility (ARIA attributes present?)
+
+## Viewport Sizes to Test
+
+- **Mobile**: 375x667 (iPhone SE)
+- **Tablet**: 768x1024 (iPad)
+- **Desktop**: 1920x1080 (Full HD)
+- **Wide**: 2560x1440 (QHD)
+
+## Severity Ratings
+
+- **Critical**: Site is broken, unusable, data loss, or security issues
+- **High**: Major functionality is broken or severely impacted
+- **Medium**: Feature works but has noticeable issues
+- **Low**: Minor visual glitches or polish issues
+
+## Screenshot Protocol
+
+Take screenshots for:
+
+- Every bug you find (with the issue visible)
+- Each viewport size tested
+- Before and after interactions that cause issues
+- Console errors
+- Network failures (if visible in dev tools)
+
+Name screenshots descriptively:
+
+- `desktop-homepage-initial.png`
+- `mobile-nav-overflow-bug.png`
+- `tablet-form-validation-error.png`
+- `network-api-failure.png`
+
+## Report Format
+
+Structure your report as:
+
+```markdown
+# QA Report: [Page/Feature Name]
+
+**Test Date**: [Date]
+**URL Tested**: [URL]
+**Tester**: Sage (qai)
+
+## Summary
+
+[Brief overview of findings - X bugs found, Y passed tests]
+
+## Test Environment
+
+- Viewports tested: [list]
+- Browser: Chromium (Playwright)
+
+## Network Health
+
+- Total requests: [N]
+- Failed requests: [N]
+- Slow requests (>3s): [N]
+
+[List any failed or problematic requests]
+
+## Console Output
+
+- Errors: [N]
+- Warnings: [N]
+
+[List any significant errors]
+
+## Bugs Found
+
+### [BUG-001] [Title]
+
+- **Severity**: Critical/High/Medium/Low
+- **Category**: Visual / Functional / Network / Accessibility / Performance
+- **Viewport**: [size]
+- **Steps to Reproduce**:
+  1. Step one
+  2. Step two
+- **Expected**: [what should happen]
+- **Actual**: [what actually happens]
+- **Screenshot**: [filename]
+- **Element**: [ref if available, e.g., button [ref=e5]]
+
+## Passed Tests
+
+[List of things that worked correctly]
+
+## Performance Notes
+
+- Initial page load: [fast/moderate/slow]
+- Interaction responsiveness: [observations]
+- Any janky animations or scrolling?
+
+## Recommendations
+
+[Prioritized suggestions for improvements]
+```
+
+## Advanced Techniques
+
+### Using Element References
+
+When you identify elements, note their ARIA role and accessible name for precise bug reports:
+
+- Instead of: "the blue button in the header"
+- Say: `button "Submit" [ref=e5]` or `link "Learn More" in navigation`
+
+### Network-Aware Testing
+
+- If you see slow API calls, test what happens when users interact during loading
+- If you see failed requests, verify the UI handles errors gracefully
+- Check if retry mechanisms exist for transient failures
+
+### State Machine Thinking
+
+Consider the app's states:
+
+- Loading → Ready → Interacting → Submitting → Success/Error
+- Test transitions between states
+- What happens if you go backward unexpectedly?
+
+## Remember
+
+- Be thorough but efficient
+- Document everything with screenshots
+- Think like a user who doesn't read instructions
+- If something feels off, investigate it
+- Your goal is to help improve quality, not just find faults
+- Network and console issues often reveal bugs before they're visible
+- A page that "looks fine" might have silent failures underneath

package/.eslintrc.json

@@ -0,0 +1,69 @@
+{
+  "env": {
+    "node": true,
+    "es2021": true
+  },
+  "extends": ["eslint:recommended", "prettier"],
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "rules": {
+    "no-console": [
+      "warn",
+      {
+        "allow": ["log", "warn", "error"]
+      }
+    ],
+    "no-unused-vars": [
+      "error",
+      {
+        "argsIgnorePattern": "^_"
+      }
+    ],
+    "quotes": [
+      "error",
+      "single",
+      {
+        "avoidEscape": true
+      }
+    ],
+    "semi": ["error", "always"],
+    "comma-dangle": ["error", "always-multiline"],
+    "indent": ["error", 2],
+    "linebreak-style": ["error", "unix"],
+    "max-len": [
+      "warn",
+      {
+        "code": 100,
+        "ignorePattern": "^\\s*//|^\\s*\\*|https?://",
+        "ignoreStrings": true
+      }
+    ],
+    "no-var": "error",
+    "prefer-const": "error",
+    "prefer-arrow-callback": "warn",
+    "arrow-spacing": "error",
+    "no-multiple-empty-lines": [
+      "error",
+      {
+        "max": 1
+      }
+    ]
+  },
+  "overrides": [
+    {
+      "files": ["**/*.test.js"],
+      "env": {
+        "node": true
+      },
+      "globals": {
+        "describe": "readonly",
+        "it": "readonly",
+        "expect": "readonly",
+        "beforeEach": "readonly",
+        "afterEach": "readonly"
+      }
+    }
+  ]
+}

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,79 @@
+---
+name: Bug Report
+about: Report a bug to help us improve
+title: '[BUG] '
+labels: bug
+assignees: ''
+---
+
+## Description
+
+<!-- Provide a clear and concise description of the bug -->
+
+## Environment
+
+<!-- Please provide details about your environment -->
+
+- **OS**: (Windows / macOS / Linux)
+- **Node version**: (e.g., 20.10.0)
+- **npm version**: (e.g., 10.2.0)
+- **Workflow platform**: (GitHub Actions)
+- **Deployment platform**: (Vercel / Netlify / GitHub Pages / Other)
+
+## Steps to Reproduce
+
+<!-- Provide detailed steps to reproduce the bug -->
+
+1.
+2.
+3.
+
+## Expected Behavior
+
+<!-- What should happen? -->
+
+## Actual Behavior
+
+<!-- What actually happens? -->
+
+## Screenshots or Logs
+
+<!-- Add screenshots, workflow logs, or error messages if applicable -->
+
+### Workflow Logs
+
+If this is a GitHub Actions issue:
+
+1. Go to your repository
+2. Actions tab → [Workflow name] → [Failed run]
+3. Expand the failed step and copy the output
+
+<details>
+<summary>Click to expand logs</summary>
+
+```
+Paste logs here
+```
+
+</details>
+
+## Additional Context
+
+<!-- Add any other context about the problem -->
+
+## Frequency
+
+- [ ] Always happens
+- [ ] Happens sometimes (intermittent)
+- [ ] Happens once
+
+## Severity
+
+- [ ] Critical (site is broken)
+- [ ] High (major functionality broken)
+- [ ] Medium (some features affected)
+- [ ] Low (minor issue)
+
+---
+
+**Thank you for reporting this bug!** Your report helps us improve qaie.

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,50 @@
+---
+name: Feature Request
+about: Suggest an improvement or new feature
+title: '[FEATURE] '
+labels: enhancement
+assignees: ''
+---
+
+## Description
+
+<!-- Provide a clear and concise description of the feature -->
+
+## Problem Statement
+
+<!-- What problem does this feature solve? What is your use case? -->
+
+## Proposed Solution
+
+<!-- Describe how you'd like the feature to work -->
+
+## Alternatives Considered
+
+<!-- Are there other ways to solve this problem? -->
+
+## Example Usage
+
+<!-- Provide examples of how this feature would be used -->
+
+```bash
+# Example command or code
+```
+
+## Implementation Notes
+
+<!-- If you have ideas about how to implement this, share them here -->
+
+## Priority
+
+- [ ] Critical (blocking work)
+- [ ] High (would significantly improve usability)
+- [ ] Medium (nice to have)
+- [ ] Low (would be nice eventually)
+
+## Additional Context
+
+<!-- Add any other context or screenshots -->
+
+---
+
+**Thank you for the suggestion!** Feature requests help us build a better tool.

package/.github/ISSUE_TEMPLATE/security.md

@@ -0,0 +1,43 @@
+---
+name: Security Vulnerability
+about: Report a security vulnerability (do not use for public security issues)
+title: '[SECURITY] '
+labels: security
+---
+
+## SECURITY ADVISORY
+
+**PLEASE DO NOT USE THIS FORM FOR PUBLIC SECURITY ISSUES**
+
+If you've found a security vulnerability:
+
+1. **DO NOT** create a public issue or PR
+2. **DO NOT** post details in discussions or comments
+3. **Email** security report to: [security@example.com]
+
+Include in your email:
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+## Timeline
+
+- **Initial Response**: 48 hours
+- **Status Updates**: Every 7 days
+- **Fix Release**: TBD based on severity
+- **Public Disclosure**: After fix is released
+
+## Severity Levels
+
+- **Critical**: Immediate data loss or security bypass
+- **High**: Significant security impact
+- **Medium**: Moderate security impact
+- **Low**: Minor security issue
+
+---
+
+Thank you for helping us keep qaie secure.
+
+See [SECURITY.md](../../../SECURITY.md) for full policy.

package/.github/dependabot.yml

@@ -0,0 +1,51 @@
+version: 2
+updates:
+  # Node.js dependencies
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'monday'
+      time: '03:00'
+    open-pull-requests-limit: 10
+    pull-request-branch-name:
+      separator: '/'
+    reviewers:
+      - 'tyler-james-bridges'
+    assignees:
+      - 'tyler-james-bridges'
+    commit-message:
+      prefix: 'chore(deps):'
+      prefix-development: 'chore(deps-dev):'
+      include: 'scope'
+    allow:
+      # Allow security and runtime updates for dependencies
+      - dependency-type: 'production'
+      - dependency-type: 'development'
+    # Auto-merge security patches
+    auto-merge:
+      enabled: true
+      type: 'squash'
+    # Skip for major version updates (require manual review)
+    ignore:
+      - dependency-name: '@anthropic-ai/claude-code'
+        # Major version updates require manual review
+        update-types:
+          - 'version-update:semver-major'
+
+  # GitHub Actions
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'monday'
+      time: '04:00'
+    open-pull-requests-limit: 5
+    reviewers:
+      - 'tyler-james-bridges'
+    commit-message:
+      prefix: 'ci(actions):'
+      include: 'scope'
+    auto-merge:
+      enabled: true
+      type: 'squash'

package/.github/pull_request_template.md

@@ -0,0 +1,11 @@
+## What
+
+<!-- Brief description of changes -->
+
+## Why
+
+<!-- Why is this needed? -->
+
+## Testing
+
+<!-- How did you verify this works? -->

package/.github/workflows/lint.yml

@@ -0,0 +1,35 @@
+name: Lint
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run ESLint
+        run: npm run lint
+
+      - name: Validate workflow files
+        run: |
+          echo "Validating workflow YAML syntax..."
+          for file in .github/workflows/*.yml; do
+            echo "Checking $file"
+            python3 -c "import yaml; yaml.safe_load(open('$file'))" || exit 1
+          done
+          echo "All workflow files are valid YAML"