From 55bb69ebe85f1f183538682c1cb7421321e702b6 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Tue, 21 Oct 2025 16:17:20 +0800
Subject: [PATCH 01/15] Updated files for 1.12.3 release

---
 CHANGELOG.MD      | 7 +++++++
 README.md         | 8 ++++----
 trcli/__init__.py | 2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.MD b/CHANGELOG.MD
index 0749997..499b899 100644
--- a/CHANGELOG.MD
+++ b/CHANGELOG.MD
@@ -6,6 +6,13 @@ This project adheres to [Semantic Versioning](https://semver.org/). Version numb
 - **MINOR**: New features that are backward-compatible.
 - **PATCH**: Bug fixes or minor changes that do not affect backward compatibility.
 
+## [1.12.3]
+
+_released 11-03-2025
+
+### Added
+ - Improve instrumentation/analytics for all API requests
+
 ## [1.12.2]
 
 _released 10-16-2025
diff --git a/README.md b/README.md
index f192822..2bb0ab4 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ trcli
 ```
 You should get something like this:
 ```
-TestRail CLI v1.12.2
+TestRail CLI v1.12.3
 Copyright 2025 Gurock Software GmbH - www.gurock.com
 Supported and loaded modules:
     - parse_junit: JUnit XML Files (& Similar)
@@ -47,7 +47,7 @@ CLI general reference
 --------
 ```shell
 $ trcli --help
-TestRail CLI v1.12.1
+TestRail CLI v1.12.3
 Copyright 2025 Gurock Software GmbH - www.gurock.com
 Usage: trcli [OPTIONS] COMMAND [ARGS]...
 
@@ -1094,7 +1094,7 @@ Options:
 ### Reference
 ```shell
 $ trcli add_run --help
-TestRail CLI v1.12.1
+TestRail CLI v1.12.3
 Copyright 2025 Gurock Software GmbH - www.gurock.com
 Usage: trcli add_run [OPTIONS]
 
@@ -1218,7 +1218,7 @@ providing you with a solid base of test cases, which you can further expand on T
 ### Reference
 ```shell
 $ trcli parse_openapi --help
-TestRail CLI v1.12.1
+TestRail CLI v1.12.3
 Copyright 2025 Gurock Software GmbH - www.gurock.com
 Usage: trcli parse_openapi [OPTIONS]
 
diff --git a/trcli/__init__.py b/trcli/__init__.py
index 858085d..53d6006 100644
--- a/trcli/__init__.py
+++ b/trcli/__init__.py
@@ -1 +1 @@
-__version__ = "1.12.2"
+__version__ = "1.12.3"

From 378cb5efe95bed39032a9eb30bc4817f855e6928 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Tue, 21 Oct 2025 16:37:03 +0800
Subject: [PATCH 02/15] TRCLI-170 Added new header X-Uploader-Metadata for all
 API request in TRCLI

---
 trcli/api/api_client.py           | 47 +++++++++++++++++++++++++++++--
 trcli/api/project_based_client.py | 14 +++++++--
 2 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/trcli/api/api_client.py b/trcli/api/api_client.py
index 6a12538..251b06a 100644
--- a/trcli/api/api_client.py
+++ b/trcli/api/api_client.py
@@ -1,5 +1,9 @@
 import json
 from pathlib import Path
+import platform
+import os
+import base64
+import hashlib
 
 import requests
 from beartype.typing import Union, Callable, Dict, List
@@ -49,7 +53,8 @@ def __init__(
         verify: bool = True,
         proxy: str = None, #added proxy params
         proxy_user: str = None,
-        noproxy: str = None, 
+        noproxy: str = None,
+        uploader_metadata: str = None,
     ):
         self.username = ""
         self.password = ""
@@ -62,7 +67,8 @@ def __init__(
         self.__validate_and_set_timeout(timeout)
         self.proxy = proxy
         self.proxy_user = proxy_user
-        self.noproxy = noproxy.split(',') if noproxy else [] 
+        self.noproxy = noproxy.split(',') if noproxy else []
+        self.uploader_metadata = uploader_metadata 
         
         if not host_name.endswith("/"):
             host_name = host_name + "/"
@@ -99,6 +105,7 @@ def __send_request(self, method: str, uri: str, payload: dict, files: Dict[str,
         auth = HTTPBasicAuth(username=self.username, password=password)
         headers = {"User-Agent": self.USER_AGENT}
         headers.update(self.__get_proxy_headers())
+        headers.update(self.__get_uploader_metadata_headers())
         if files is None and not as_form_data:
             headers["Content-Type"] = "application/json"
         verbose_log_message = ""
@@ -209,6 +216,15 @@ def __get_proxy_headers(self) -> Dict[str, str]:
 
         return headers
 
+    def __get_uploader_metadata_headers(self) -> Dict[str, str]:
+        """
+        Returns headers for uploader metadata.
+        """
+        headers = {}
+        if self.uploader_metadata:
+            headers["X-Uploader-Metadata"] = self.uploader_metadata
+        return headers
+
     def _get_proxies_for_request(self, url: str) -> Dict[str, str]:
         """
         Returns the appropriate proxy dictionary for a given request URL.
@@ -276,6 +292,33 @@ def __validate_and_set_timeout(self, timeout):
             )
             self.timeout = DEFAULT_API_CALL_TIMEOUT
 
+    @staticmethod
+    def build_uploader_metadata(version: str, project_id: int = None) -> str:
+        """
+        Build uploader metadata as base64-encoded JSON.
+        
+        :param version: Application version
+        :param project_id: Project ID (optional)
+        :returns: Base64-encoded metadata string
+        """
+        user = os.getenv("USER_EMAIL", "unknown")
+        user_hash = hashlib.sha256(user.encode()).hexdigest()[:8]
+        
+        data = {
+            "app_name": "trcli",
+            "app_version": version,
+            "os": platform.system().lower(),
+            "arch": platform.machine(),
+            "run_mode": "ci" if os.getenv("CI") else "manual",
+            "container": os.path.exists("/.dockerenv"),
+            "user_hash": user_hash,
+        }
+        
+        if project_id is not None:
+            data["project_id"] = project_id
+            
+        return base64.b64encode(json.dumps(data).encode()).decode()
+
     @staticmethod
     def format_request_for_vlog(method: str, url: str, payload: dict):
         return (
diff --git a/trcli/api/project_based_client.py b/trcli/api/project_based_client.py
index fef7835..a7be0c2 100644
--- a/trcli/api/project_based_client.py
+++ b/trcli/api/project_based_client.py
@@ -6,6 +6,7 @@
 from trcli.constants import ProjectErrors, FAULT_MAPPING, SuiteModes, PROMPT_MESSAGES
 from trcli.data_classes.data_parsers import MatchersParser
 from trcli.data_classes.dataclass_testrail import TestRailSuite
+import trcli
 
 
 class ProjectBasedClient:
@@ -36,6 +37,13 @@ def instantiate_api_client(self) -> APIClient:
         proxy = self.environment.proxy  # Will be None if --proxy is not defined
         noproxy = self.environment.noproxy  # Will be None if --noproxy is not defined
         proxy_user = self.environment.proxy_user
+        
+        # Generate uploader metadata
+        uploader_metadata = APIClient.build_uploader_metadata(
+            version=trcli.__version__,
+            project_id=getattr(self.environment, 'project_id', None)
+        )
+        
         if self.environment.timeout:
             api_client = APIClient(
                 self.environment.host,
@@ -45,7 +53,8 @@ def instantiate_api_client(self) -> APIClient:
                 verify=not self.environment.insecure,
                 proxy=proxy,
                 proxy_user=proxy_user,
-                noproxy=noproxy
+                noproxy=noproxy,
+                uploader_metadata=uploader_metadata
             )
         else:
             api_client = APIClient(
@@ -55,7 +64,8 @@ def instantiate_api_client(self) -> APIClient:
                 verify=not self.environment.insecure,
                 proxy=proxy,
                 proxy_user=proxy_user,
-                noproxy=noproxy
+                noproxy=noproxy,
+                uploader_metadata=uploader_metadata
             )
         api_client.username = self.environment.username
         api_client.password = self.environment.password

From 91dea422033fb711b1b6b7d35955b03f8c1d26ad Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Fri, 24 Oct 2025 17:03:00 +0800
Subject: [PATCH 03/15] TRCLI-170 Updated final metadata contents to be passed
 to TestRail API

---
 trcli/api/api_client.py           | 15 +++--------
 trcli/api/project_based_client.py | 45 ++++++++++++-------------------
 2 files changed, 20 insertions(+), 40 deletions(-)

diff --git a/trcli/api/api_client.py b/trcli/api/api_client.py
index 251b06a..b3962fc 100644
--- a/trcli/api/api_client.py
+++ b/trcli/api/api_client.py
@@ -3,7 +3,6 @@
 import platform
 import os
 import base64
-import hashlib
 
 import requests
 from beartype.typing import Union, Callable, Dict, List
@@ -293,17 +292,13 @@ def __validate_and_set_timeout(self, timeout):
             self.timeout = DEFAULT_API_CALL_TIMEOUT
 
     @staticmethod
-    def build_uploader_metadata(version: str, project_id: int = None) -> str:
+    def build_uploader_metadata(version: str) -> str:
         """
         Build uploader metadata as base64-encoded JSON.
-        
+
         :param version: Application version
-        :param project_id: Project ID (optional)
         :returns: Base64-encoded metadata string
         """
-        user = os.getenv("USER_EMAIL", "unknown")
-        user_hash = hashlib.sha256(user.encode()).hexdigest()[:8]
-        
         data = {
             "app_name": "trcli",
             "app_version": version,
@@ -311,12 +306,8 @@ def build_uploader_metadata(version: str, project_id: int = None) -> str:
             "arch": platform.machine(),
             "run_mode": "ci" if os.getenv("CI") else "manual",
             "container": os.path.exists("/.dockerenv"),
-            "user_hash": user_hash,
         }
-        
-        if project_id is not None:
-            data["project_id"] = project_id
-            
+
         return base64.b64encode(json.dumps(data).encode()).decode()
 
     @staticmethod
diff --git a/trcli/api/project_based_client.py b/trcli/api/project_based_client.py
index a7be0c2..3d8cd7e 100644
--- a/trcli/api/project_based_client.py
+++ b/trcli/api/project_based_client.py
@@ -37,36 +37,25 @@ def instantiate_api_client(self) -> APIClient:
         proxy = self.environment.proxy  # Will be None if --proxy is not defined
         noproxy = self.environment.noproxy  # Will be None if --noproxy is not defined
         proxy_user = self.environment.proxy_user
-        
+
         # Generate uploader metadata
-        uploader_metadata = APIClient.build_uploader_metadata(
-            version=trcli.__version__,
-            project_id=getattr(self.environment, 'project_id', None)
-        )
-        
+        uploader_metadata = APIClient.build_uploader_metadata(version=trcli.__version__)
+
+        # Build client configuration
+        client_kwargs = {
+            "verbose_logging_function": verbose_logging_function,
+            "logging_function": logging_function,
+            "verify": not self.environment.insecure,
+            "proxy": proxy,
+            "proxy_user": proxy_user,
+            "noproxy": noproxy,
+            "uploader_metadata": uploader_metadata
+        }
+
         if self.environment.timeout:
-            api_client = APIClient(
-                self.environment.host,
-                verbose_logging_function=verbose_logging_function,
-                logging_function=logging_function,
-                timeout=self.environment.timeout,
-                verify=not self.environment.insecure,
-                proxy=proxy,
-                proxy_user=proxy_user,
-                noproxy=noproxy,
-                uploader_metadata=uploader_metadata
-            )
-        else:
-            api_client = APIClient(
-                self.environment.host,
-                logging_function=logging_function,
-                verbose_logging_function=verbose_logging_function,
-                verify=not self.environment.insecure,
-                proxy=proxy,
-                proxy_user=proxy_user,
-                noproxy=noproxy,
-                uploader_metadata=uploader_metadata
-            )
+            client_kwargs["timeout"] = self.environment.timeout
+
+        api_client = APIClient(self.environment.host, **client_kwargs)
         api_client.username = self.environment.username
         api_client.password = self.environment.password
         api_client.api_key = self.environment.key

From a45484bcb5674e2707a12cd48cf7976ab223a588 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 15:19:02 +0800
Subject: [PATCH 04/15] TRCLI-170 Added validations for invalid host or API
 requests

---
 trcli/api/api_client.py          | 6 +++++-
 trcli/api/api_request_handler.py | 6 ++++++
 trcli/constants.py               | 6 +++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/trcli/api/api_client.py b/trcli/api/api_client.py
index b3962fc..4b7c3a1 100644
--- a/trcli/api/api_client.py
+++ b/trcli/api/api_client.py
@@ -183,8 +183,12 @@ def __send_request(self, method: str, uri: str, payload: dict, files: Dict[str,
                         response_text = response.json()
                     error_message = response_text.get("error", "")
                 except (JSONDecodeError, ValueError):
+                    response_preview = response.content[:200].decode('utf-8', errors='ignore')
                     response_text = str(response.content)
-                    error_message = response.content
+                    error_message = FAULT_MAPPING["invalid_json_response"].format(
+                        status_code=status_code,
+                        response_preview=response_preview
+                    )
                 except AttributeError:
                     error_message = ""
                 verbose_log_message = (
diff --git a/trcli/api/api_request_handler.py b/trcli/api/api_request_handler.py
index 687f5ea..3dcd196 100644
--- a/trcli/api/api_request_handler.py
+++ b/trcli/api/api_request_handler.py
@@ -977,6 +977,12 @@ def __get_all_entities(self, entity: str, link=None, entities=[]) -> Tuple[List[
             # Endpoints without pagination (legacy)
             if isinstance(response.response_text, list):
                 return response.response_text, response.error_message
+            # Check if response is a string (JSON parse failed)
+            if isinstance(response.response_text, str):
+                error_msg = FAULT_MAPPING["invalid_api_response"].format(
+                    error_details=response.response_text[:200]
+                )
+                return [], error_msg
             # Endpoints with pagination
             entities = entities + response.response_text[entity]
             if response.response_text["_links"]["next"] is not None:
diff --git a/trcli/constants.py b/trcli/constants.py
index f9541c7..0dc9fec 100644
--- a/trcli/constants.py
+++ b/trcli/constants.py
@@ -65,7 +65,11 @@
     proxy_invalid_configuration= "The provided proxy configuration is invalid. Please check the proxy URL and format.",
     ssl_error_on_proxy= "SSL error encountered while using the HTTPS proxy. Please check the proxy's SSL certificate.",
     no_proxy_match_error= "The host {host} does not match any NO_PROXY rules. Ensure the correct domains or IP addresses are specified for bypassing the proxy.",
-    no_suites_found= "The project {project_id} does not have any suites."
+    no_suites_found= "The project {project_id} does not have any suites.",
+    invalid_json_response= "Received invalid response from TestRail server (HTTP {status_code}). "
+    "Please verify your TestRail host URL (-h) is correct and points to a valid TestRail instance. "
+    "Response preview: {response_preview}",
+    invalid_api_response= "Invalid response from TestRail API: {error_details}"
 )
 
 COMMAND_FAULT_MAPPING = dict(

From 12e9fbee9d8ea42b97b792fdf8e9d87af6c36333 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 16:31:34 +0800
Subject: [PATCH 05/15] TRCLI-TEST: Testing pre-commit hooks


From 5628259d08012740a5418671819ab690bf0fb6e4 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 16:40:37 +0800
Subject: [PATCH 06/15] TRCLI-TEST: Testing pre-commit hooks

---
 .pre-commit-config.yaml | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 60df378..3c19fcf 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,29 @@
+# Pre-commit hooks for code quality, security, and policy enforcement
+# Install: pip install pre-commit
+# Setup: pre-commit install && pre-commit install --hook-type commit-msg
+# Run manually: pre-commit run --all-files
+
 repos:
--   repo: https://github.com/psf/black
-    rev: stable
+  # Code formatting
+  - repo: https://github.com/psf/black
+    rev: 24.10.0
     hooks:
-    - id: black
-      language_version: python3.8
\ No newline at end of file
+      - id: black
+        language_version: python3.10
+        args: [--line-length=120]
+
+  # Linting and code quality
+  - repo: https://github.com/PyCQA/flake8
+    rev: 7.1.1
+    hooks:
+      - id: flake8
+        args: [--max-line-length=120, --extend-ignore=E203,W503]
+        additional_dependencies: [flake8-docstrings, flake8-bugbear]
+
+  # Security scanning
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.10
+    hooks:
+      - id: bandit
+        args: [-c, .bandit, -r]
+        exclude: ^tests/

From 0e0586a0bcc4191858500af3c96baef7894ca365 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 16:48:01 +0800
Subject: [PATCH 07/15] TRCLI-TEST: Testing pre-commit hooks


From b689c4b20bdd058a4c7538cd330b224658f3d2ed Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 16:55:54 +0800
Subject: [PATCH 08/15] TRCLI-TEST: Testing pre-commit hooks


From f4fa3297317158f9abf348f12360da77a7a88428 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 17:04:51 +0800
Subject: [PATCH 09/15] TRCLI-185 Added updates for enhanced development
 workflow

---
 .bandit                             |   8 +
 .github/PULL_REQUEST_TEMPLATE.md    |   6 +-
 .github/workflows/pr-checklist.yml  | 176 ++++++++++++
 .github/workflows/pr-validation.yml | 186 +++++++++++++
 .github/workflows/security-scan.yml | 203 ++++++++++++++
 .pre-commit-config.yaml             |   2 +-
 .pre-commit-hooks/commit-msg.py     | 103 +++++++
 DEVELOPMENT_WORKFLOW.md             | 402 ++++++++++++++++++++++++++++
 setup-dev-tools.sh                  |  49 ++++
 9 files changed, 1131 insertions(+), 4 deletions(-)
 create mode 100644 .bandit
 create mode 100644 .github/workflows/pr-checklist.yml
 create mode 100644 .github/workflows/pr-validation.yml
 create mode 100644 .github/workflows/security-scan.yml
 create mode 100755 .pre-commit-hooks/commit-msg.py
 create mode 100644 DEVELOPMENT_WORKFLOW.md
 create mode 100755 setup-dev-tools.sh

diff --git a/.bandit b/.bandit
new file mode 100644
index 0000000..aa259f8
--- /dev/null
+++ b/.bandit
@@ -0,0 +1,8 @@
+# Bandit security scanner configuration (YAML format)
+exclude_dirs:
+  - '/tests/'
+  - '/tests_e2e/'
+  - '/venv/'
+  - '/.venv/'
+  - '/build/'
+  - '/dist/'
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 9e86e68..c7ee1fc 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 Thanks for contributing!
 PLEASE:
 - Read our contributing guidelines: https://github.com/gurock/trcli/blob/main/CONTRIBUTING.md
@@ -11,10 +11,10 @@ PLEASE:
 How are we solving the problem?
 
 ### Changes
-What changes where made?
+What changes were made?
 
 ### Potential impacts
-What could potentially be affected by the implemented changes? 
+What could potentially be affected by the implemented changes?
 
 ### Steps to test
 Happy path to test implemented scenario
diff --git a/.github/workflows/pr-checklist.yml b/.github/workflows/pr-checklist.yml
new file mode 100644
index 0000000..d4cc0ed
--- /dev/null
+++ b/.github/workflows/pr-checklist.yml
@@ -0,0 +1,176 @@
+name: PR Checklist Enforcement
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+  pull_request_review:
+    types: [submitted]
+
+permissions:
+  pull-requests: write
+  contents: read
+  checks: write
+
+jobs:
+  check-pr-requirements:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check PR checklist completion
+        id: checklist
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const prBody = context.payload.pull_request.body || '';
+
+            // Count checked and unchecked items
+            const checkedItems = (prBody.match(/- \[x\]/gi) || []).length;
+            const uncheckedItems = (prBody.match(/- \[ \]/gi) || []).length;
+            const totalItems = checkedItems + uncheckedItems;
+
+            // Check specific required items
+            const hasIssueReference = /Issue being resolved.*https?:\/\//.test(prBody);
+            const hasSolutionDescription = /Solution description[\s\S]{20,}/.test(prBody);
+            const hasTestSteps = /Steps to test[\s\S]{20,}/.test(prBody);
+
+            // Check if PR Tasks are complete
+            const prTasksComplete = checkedItems === totalItems && totalItems > 0;
+
+            core.setOutput('checked_items', checkedItems);
+            core.setOutput('unchecked_items', uncheckedItems);
+            core.setOutput('total_items', totalItems);
+            core.setOutput('pr_tasks_complete', prTasksComplete);
+            core.setOutput('has_issue_reference', hasIssueReference);
+            core.setOutput('has_solution', hasSolutionDescription);
+            core.setOutput('has_test_steps', hasTestSteps);
+
+            return {
+              checkedItems,
+              uncheckedItems,
+              totalItems,
+              prTasksComplete,
+              hasIssueReference,
+              hasSolutionDescription,
+              hasTestSteps
+            };
+
+      - name: Check test coverage
+        id: coverage_check
+        continue-on-error: true
+        run: |
+          # This will be checked by the main build workflow
+          # We just verify that tests exist for this PR
+          echo "coverage_check=pending" >> $GITHUB_OUTPUT
+
+      - name: Create or update check run
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const checkedItems = parseInt('${{ steps.checklist.outputs.checked_items }}');
+            const uncheckedItems = parseInt('${{ steps.checklist.outputs.unchecked_items }}');
+            const totalItems = parseInt('${{ steps.checklist.outputs.total_items }}');
+            const prTasksComplete = '${{ steps.checklist.outputs.pr_tasks_complete }}' === 'true';
+            const hasIssueReference = '${{ steps.checklist.outputs.has_issue_reference }}' === 'true';
+            const hasSolution = '${{ steps.checklist.outputs.has_solution }}' === 'true';
+            const hasTestSteps = '${{ steps.checklist.outputs.has_test_steps }}' === 'true';
+
+            // Determine check status
+            let conclusion = 'success';
+            let summary = '✅ All PR requirements met!';
+
+            const issues = [];
+
+            if (!prTasksComplete && totalItems > 0) {
+              issues.push(`- ${uncheckedItems} checklist items remaining`);
+            }
+
+            if (!hasIssueReference) {
+              issues.push('- Missing issue reference link');
+            }
+
+            if (!hasSolution) {
+              issues.push('- Solution description needs more details (min 20 chars)');
+            }
+
+            if (!hasTestSteps) {
+              issues.push('- Test steps need more details (min 20 chars)');
+            }
+
+            if (issues.length > 0) {
+              conclusion = 'neutral';
+              summary = '⚠️ PR checklist incomplete:\n\n' + issues.join('\n');
+            }
+
+            // Create check run
+            const checkRun = await github.rest.checks.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              name: 'PR Checklist',
+              head_sha: context.payload.pull_request.head.sha,
+              status: 'completed',
+              conclusion: conclusion,
+              output: {
+                title: 'PR Requirements Check',
+                summary: summary,
+                text: `### Checklist Progress
+            - Checked items: ${checkedItems}
+            - Unchecked items: ${uncheckedItems}
+            - Total items: ${totalItems}
+
+            ### Required Sections
+            - Issue Reference: ${hasIssueReference ? '✅' : '❌'}
+            - Solution Description: ${hasSolution ? '✅' : '❌'}
+            - Test Steps: ${hasTestSteps ? '✅' : '❌'}
+
+            ${conclusion === 'neutral' ? '\n⚠️ **Note:** This is a soft requirement. You can still merge the PR, but completing these items improves code review quality.' : ''}
+            `
+              }
+            });
+
+      - name: Add label based on checklist status
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const prTasksComplete = '${{ steps.checklist.outputs.pr_tasks_complete }}' === 'true';
+            const hasIssueReference = '${{ steps.checklist.outputs.has_issue_reference }}' === 'true';
+            const hasSolution = '${{ steps.checklist.outputs.has_solution }}' === 'true';
+            const hasTestSteps = '${{ steps.checklist.outputs.has_test_steps }}' === 'true';
+
+            if (prTasksComplete && hasIssueReference && hasSolution && hasTestSteps) {
+              // Remove incomplete label if exists
+              try {
+                await github.rest.issues.removeLabel({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: context.issue.number,
+                  name: 'incomplete-pr'
+                });
+              } catch (e) {
+                // Label might not exist
+              }
+
+              // Add ready label
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: ['ready-for-review']
+              });
+            } else {
+              // Remove ready label if exists
+              try {
+                await github.rest.issues.removeLabel({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: context.issue.number,
+                  name: 'ready-for-review'
+                });
+              } catch (e) {
+                // Label might not exist
+              }
+            }
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
new file mode 100644
index 0000000..4622717
--- /dev/null
+++ b/.github/workflows/pr-validation.yml
@@ -0,0 +1,186 @@
+name: PR Validation
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+permissions:
+  pull-requests: write
+  contents: read
+  issues: write
+
+jobs:
+  validate-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Validate PR Title Format
+        id: validate_title
+        uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert
+          types: |
+            feat
+            fix
+            docs
+            style
+            refactor
+            perf
+            test
+            build
+            ci
+            chore
+            revert
+          requireScope: false
+          subjectPattern: ^(?![A-Z]).+$
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            doesn't start with an uppercase character.
+          wip: false
+          validateSingleCommit: false
+
+      - name: Check for Issue Reference
+        id: check_issue
+        run: |
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          PR_BODY="${{ github.event.pull_request.body }}"
+
+          # Check if PR title or body contains issue reference
+          # Accepts: TRCLI-### (JIRA), GIT-### (GitHub), #123 (GitHub), issues/123
+          if echo "$PR_TITLE $PR_BODY" | grep -qE "TRCLI-[0-9]+|GIT-[0-9]+|#[0-9]+|issues/[0-9]+"; then
+            echo "issue_found=true" >> $GITHUB_OUTPUT
+
+            # Extract the issue key/number
+            if echo "$PR_TITLE $PR_BODY" | grep -qE "TRCLI-[0-9]+"; then
+              ISSUE_KEY=$(echo "$PR_TITLE $PR_BODY" | grep -oE "TRCLI-[0-9]+" | head -1)
+              echo "issue_key=$ISSUE_KEY" >> $GITHUB_OUTPUT
+              echo "issue_type=JIRA" >> $GITHUB_OUTPUT
+            elif echo "$PR_TITLE $PR_BODY" | grep -qE "GIT-[0-9]+"; then
+              ISSUE_KEY=$(echo "$PR_TITLE $PR_BODY" | grep -oE "GIT-[0-9]+" | head -1)
+              echo "issue_key=$ISSUE_KEY" >> $GITHUB_OUTPUT
+              echo "issue_type=GitHub" >> $GITHUB_OUTPUT
+            elif echo "$PR_TITLE $PR_BODY" | grep -qE "#[0-9]+"; then
+              ISSUE_KEY=$(echo "$PR_TITLE $PR_BODY" | grep -oE "#[0-9]+" | head -1)
+              echo "issue_key=$ISSUE_KEY" >> $GITHUB_OUTPUT
+              echo "issue_type=GitHub" >> $GITHUB_OUTPUT
+            elif echo "$PR_BODY" | grep -qE "issues/[0-9]+"; then
+              ISSUE_KEY=$(echo "$PR_BODY" | grep -oE "issues/[0-9]+" | head -1)
+              echo "issue_key=$ISSUE_KEY" >> $GITHUB_OUTPUT
+              echo "issue_type=GitHub" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "issue_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Comment on PR if issue reference missing
+        if: steps.check_issue.outputs.issue_found == 'false'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `## ⚠️ Missing Issue Reference
+
+              This PR does not reference an issue. Please include a reference in either:
+
+              **JIRA tickets:**
+              - PR title: "feat(api): TRCLI-123 Add new endpoint"
+              - PR description: "Resolves TRCLI-123"
+
+              **GitHub issues:**
+              - PR title: "feat(api): GIT-123 Add new endpoint"
+              - PR description: "Resolves GIT-123" or "Fixes #123"
+              - Or link to the GitHub issue
+
+              This helps with tracking and project management. Thank you!`
+            })
+
+      - name: Auto-label PR based on type
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const title = context.payload.pull_request.title.toLowerCase();
+            const labels = [];
+
+            if (title.startsWith('feat')) labels.push('feature');
+            else if (title.startsWith('fix')) labels.push('bug');
+            else if (title.startsWith('docs')) labels.push('documentation');
+            else if (title.startsWith('refactor')) labels.push('refactoring');
+            else if (title.startsWith('test')) labels.push('testing');
+            else if (title.startsWith('perf')) labels.push('performance');
+            else if (title.startsWith('ci') || title.startsWith('build')) labels.push('ci/cd');
+
+            if (labels.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: labels
+              });
+            }
+
+      - name: Check PR Description Completeness
+        id: check_description
+        run: |
+          PR_BODY="${{ github.event.pull_request.body }}"
+
+          # Check for required sections
+          if echo "$PR_BODY" | grep -q "Issue being resolved"; then
+            echo "has_issue=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_issue=false" >> $GITHUB_OUTPUT
+          fi
+
+          if echo "$PR_BODY" | grep -q "Solution description"; then
+            echo "has_solution=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_solution=false" >> $GITHUB_OUTPUT
+          fi
+
+          if echo "$PR_BODY" | grep -q "Steps to test"; then
+            echo "has_test_steps=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_test_steps=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Generate PR Validation Summary
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const issueFound = '${{ steps.check_issue.outputs.issue_found }}' === 'true';
+            const issueKey = '${{ steps.check_issue.outputs.issue_key }}';
+            const issueType = '${{ steps.check_issue.outputs.issue_type }}';
+            const hasIssue = '${{ steps.check_description.outputs.has_issue }}' === 'true';
+            const hasSolution = '${{ steps.check_description.outputs.has_solution }}' === 'true';
+            const hasTestSteps = '${{ steps.check_description.outputs.has_test_steps }}' === 'true';
+
+            const issueStatus = issueFound
+              ? `✅ Found: ${issueKey} (${issueType})`
+              : '⚠️ Missing';
+
+            const summary = `## 📋 PR Validation Summary
+
+            | Check | Status |
+            |-------|--------|
+            | Semantic PR Title | ✅ Valid |
+            | Issue Reference | ${issueStatus} |
+            | Issue Section | ${hasIssue ? '✅ Present' : '⚠️ Missing'} |
+            | Solution Description | ${hasSolution ? '✅ Present' : '⚠️ Missing'} |
+            | Test Steps | ${hasTestSteps ? '✅ Present' : '⚠️ Missing'} |
+
+            ${issueFound && hasSolution && hasTestSteps ? '✅ All checks passed!' : '⚠️ Some optional sections are missing. Consider adding them for better review context.'}
+            `;
+
+            await core.summary
+              .addRaw(summary)
+              .write();
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 0000000..1a3ec13
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,203 @@
+name: Security Scanning
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - main
+      - 'release/**'
+  schedule:
+    # Run weekly on Mondays at 9 AM UTC
+    - cron: '0 9 * * 1'
+
+permissions:
+  contents: read
+  pull-requests: write
+  security-events: write
+  issues: write
+
+jobs:
+  dependency-security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pip-audit safety
+
+      - name: Run pip-audit
+        id: pip_audit
+        continue-on-error: true
+        run: |
+          echo "### Pip Audit Results" > pip_audit_report.txt
+          pip-audit --desc --format json > pip_audit.json || true
+          pip-audit --desc >> pip_audit_report.txt || true
+
+          if [ -s pip_audit.json ]; then
+            echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
+          else
+            echo "vulnerabilities_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Safety check
+        id: safety
+        continue-on-error: true
+        run: |
+          echo "### Safety Check Results" > safety_report.txt
+
+          # Check if requirements files exist
+          if [ -f requirements.txt ]; then
+            safety check --file requirements.txt --json > safety.json || true
+            safety check --file requirements.txt >> safety_report.txt || true
+          fi
+
+          if [ -f tests/requirements.txt ]; then
+            safety check --file tests/requirements.txt >> safety_report.txt || true
+          fi
+
+      - name: Run Bandit security scan
+        id: bandit
+        continue-on-error: true
+        run: |
+          pip install bandit
+          echo "### Bandit Security Scan" > bandit_report.txt
+          bandit -r trcli/ -f json -o bandit.json || true
+          bandit -r trcli/ -f txt >> bandit_report.txt || true
+
+          # Check for high severity issues
+          if [ -f bandit.json ]; then
+            HIGH_SEVERITY=$(cat bandit.json | grep -o '"issue_severity": "HIGH"' | wc -l)
+            echo "high_severity=$HIGH_SEVERITY" >> $GITHUB_OUTPUT
+          else
+            echo "high_severity=0" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Upload security reports as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-reports
+          path: |
+            *_report.txt
+            *.json
+          retention-days: 30
+
+      - name: Comment on PR with security findings
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require('fs');
+            let comment = `## 🔒 Security Scan Results\n\n`;
+
+            // Read pip-audit report
+            try {
+              if (fs.existsSync('pip_audit_report.txt')) {
+                const pipAudit = fs.readFileSync('pip_audit_report.txt', 'utf8');
+                comment += `<details><summary>📦 Dependency Vulnerabilities (pip-audit)</summary>\n\n\`\`\`\n${pipAudit}\n\`\`\`\n</details>\n\n`;
+              }
+            } catch (e) {
+              console.log('No pip-audit report');
+            }
+
+            // Read safety report
+            try {
+              if (fs.existsSync('safety_report.txt')) {
+                const safety = fs.readFileSync('safety_report.txt', 'utf8');
+                comment += `<details><summary>🛡️ Safety Check Results</summary>\n\n\`\`\`\n${safety}\n\`\`\`\n</details>\n\n`;
+              }
+            } catch (e) {
+              console.log('No safety report');
+            }
+
+            // Read bandit report
+            try {
+              if (fs.existsSync('bandit_report.txt')) {
+                const bandit = fs.readFileSync('bandit_report.txt', 'utf8');
+                const highSeverity = parseInt('${{ steps.bandit.outputs.high_severity }}');
+
+                if (highSeverity > 0) {
+                  comment += `### ⚠️ HIGH SEVERITY ISSUES FOUND: ${highSeverity}\n\n`;
+                }
+
+                comment += `<details><summary>🔍 Code Security Scan (Bandit)</summary>\n\n\`\`\`\n${bandit.substring(0, 50000)}\n\`\`\`\n</details>\n\n`;
+              }
+            } catch (e) {
+              console.log('No bandit report');
+            }
+
+            const vulnerabilitiesFound = '${{ steps.pip_audit.outputs.vulnerabilities_found }}' === 'true';
+            const highSeverity = parseInt('${{ steps.bandit.outputs.high_severity }}');
+
+            if (!vulnerabilitiesFound && highSeverity === 0) {
+              comment += `\n✅ **No critical security issues detected!**\n`;
+            } else {
+              comment += `\n⚠️ **Security issues detected. Please review and address.**\n`;
+            }
+
+            comment += `\n---\n*Security scan completed. Full reports available in workflow artifacts.*`;
+
+            await github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: comment
+            });
+
+      - name: Fail if critical vulnerabilities found
+        if: steps.bandit.outputs.high_severity > 0
+        run: |
+          echo "::error::High severity security issues found!"
+          echo "Please review the Bandit report and address security concerns."
+          exit 1
+
+  code-scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python
+          queries: security-extended
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:python"
+
+  secret-scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+
+      - name: TruffleHog Secret Scan
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --debug --only-verified
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3c19fcf..0e743bb 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -17,7 +17,7 @@ repos:
     rev: 7.1.1
     hooks:
       - id: flake8
-        args: [--max-line-length=120, --extend-ignore=E203,W503]
+        args: ['--max-line-length=120', '--extend-ignore=E203,W503']
         additional_dependencies: [flake8-docstrings, flake8-bugbear]
 
   # Security scanning
diff --git a/.pre-commit-hooks/commit-msg.py b/.pre-commit-hooks/commit-msg.py
new file mode 100755
index 0000000..d3aef5d
--- /dev/null
+++ b/.pre-commit-hooks/commit-msg.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python3
+"""Commit message validator for TRCLI project.
+
+Ensures commit messages start with a valid issue reference (JIRA or GitHub).
+
+Valid formats:
+  JIRA tickets:
+    - TRCLI-123: Add new feature
+    - TRCLI-456 Fix bug in parser
+    - [TRCLI-789] Update documentation
+
+  GitHub issues:
+    - GIT-123: Add new feature
+    - GIT-456 Fix bug in parser
+    - #123: Add new feature
+    - [#456] Fix bug in parser
+
+Special cases (allowed without issue reference):
+  - Merge commits
+  - Release commits (starting with "Release")
+  - Version bump commits (starting with "Bump version")
+  - Initial commits
+"""
+
+import re
+import sys
+
+
+def validate_commit_message(commit_msg_file):
+    """Validate that commit message follows TRCLI conventions."""
+    with open(commit_msg_file, "r") as f:
+        commit_msg = f.read().strip()
+
+    # Skip empty messages
+    if not commit_msg:
+        print("ERROR: Commit message is empty")
+        return False
+
+    # Allow merge commits
+    if commit_msg.startswith("Merge"):
+        return True
+
+    # Allow release commits
+    if commit_msg.startswith("Release") or commit_msg.startswith("Bump version"):
+        return True
+
+    # Allow revert commits
+    if commit_msg.startswith("Revert"):
+        return True
+
+    # Check for issue reference at the start
+    # JIRA patterns: TRCLI-123, [TRCLI-123], TRCLI-123:
+    # GitHub patterns: GIT-123, #123, [GIT-123], [#123]
+    issue_patterns = [
+        r"^(\[)?TRCLI-\d+(\])?[:\s]",  # JIRA: TRCLI-123 or [TRCLI-123]
+        r"^(\[)?GIT-\d+(\])?[:\s]",  # GitHub: GIT-123 or [GIT-123]
+        r"^(\[)?#\d+(\])?[:\s]",  # GitHub: #123 or [#123]
+    ]
+
+    # Check if commit message matches any valid pattern
+    for pattern in issue_patterns:
+        if re.match(pattern, commit_msg):
+            return True
+
+    # If we get here, the commit message is invalid
+    print("\n" + "=" * 70)
+    print("COMMIT MESSAGE VALIDATION FAILED")
+    print("=" * 70)
+    print("\nYour commit message must start with an issue reference.")
+    print("\nValid formats:")
+    print("\n  JIRA tickets:")
+    print("    - TRCLI-123: Add new feature")
+    print("    - TRCLI-456 Fix bug in parser")
+    print("    - [TRCLI-789] Update documentation")
+    print("\n  GitHub issues:")
+    print("    - GIT-123: Add new feature")
+    print("    - GIT-456 Fix bug in parser")
+    print("    - #123: Add new feature")
+    print("    - [#456] Fix bug in parser")
+    print("\nSpecial cases (no issue reference needed):")
+    print("  - Merge commits")
+    print("  - Release commits (start with 'Release')")
+    print("  - Version bumps (start with 'Bump version')")
+    print("  - Reverts (start with 'Revert')")
+    print("\nYour commit message:")
+    print(f"  {commit_msg}")
+    print("\nPlease update your commit message and try again.")
+    print("=" * 70 + "\n")
+
+    return False
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("ERROR: No commit message file provided")
+        sys.exit(1)
+
+    commit_msg_file = sys.argv[1]
+
+    if validate_commit_message(commit_msg_file):
+        sys.exit(0)
+    else:
+        sys.exit(1)
diff --git a/DEVELOPMENT_WORKFLOW.md b/DEVELOPMENT_WORKFLOW.md
new file mode 100644
index 0000000..359dc2d
--- /dev/null
+++ b/DEVELOPMENT_WORKFLOW.md
@@ -0,0 +1,402 @@
+# Development Workflow Guide
+
+This guide explains the automated quality checks and policy validation integrated into the TRCLI development workflow.
+
+## Table of Contents
+
+1. [Pre-Commit Setup](#pre-commit-setup)
+2. [Commit Message Format](#commit-message-format)
+3. [Pull Request Process](#pull-request-process)
+4. [Automated Checks](#automated-checks)
+5. [Troubleshooting](#troubleshooting)
+
+---
+
+## Pre-Commit Setup
+
+Pre-commit hooks ensure code quality before commits are made, catching issues early in development.
+
+### Installation
+
+```bash
+# Install pre-commit
+pip install pre-commit
+
+# Install the git hooks
+pre-commit install
+
+# Install commit-msg hook for JIRA validation
+pre-commit install --hook-type commit-msg
+
+# (Optional) Run hooks on all files
+pre-commit run --all-files
+```
+
+### What Gets Checked
+
+The pre-commit hooks run the following checks automatically:
+
+#### Code Formatting
+- **Black** - Python code formatter (line length: 120)
+
+#### Linting
+- **flake8** - PEP8 linting with docstrings and bugbear checks
+
+#### Security
+- **bandit** - Security vulnerability scanner (excludes tests)
+
+### Skipping Hooks (Use Sparingly)
+
+```bash
+# Skip all hooks (not recommended)
+git commit --no-verify -m "your message"
+
+# Skip specific hook
+SKIP=black git commit -m "your message"
+```
+
+---
+
+## Commit Message Format
+
+It's recommended to include an issue reference (JIRA ticket or GitHub issue) in your commit messages for better traceability.
+
+### Valid Formats
+
+**JIRA Tickets:**
+```bash
+# Format 1: JIRA key with colon
+git commit -m "TRCLI-123: Add new feature for XML parsing"
+
+# Format 2: JIRA key with space
+git commit -m "TRCLI-456 Fix bug in API request handler"
+
+# Format 3: JIRA key in brackets
+git commit -m "[TRCLI-789] Update documentation"
+```
+
+**GitHub Issues:**
+```bash
+# Format 1: GIT prefix with issue number
+git commit -m "GIT-123: Add new feature for XML parsing"
+
+# Format 2: Hash symbol with issue number
+git commit -m "#456: Fix bug in API request handler"
+
+# Format 3: Brackets with hash
+git commit -m "[#789] Update documentation"
+```
+
+### Special Cases (No Issue Reference Required)
+
+- Merge commits: `Merge branch 'feature/xyz' into main`
+- Release commits: `Release v1.2.3`
+- Version bumps: `Bump version to 1.2.3`
+- Reverts: `Revert "TRCLI-123: Add feature"` or `Revert "#123: Add feature"`
+
+### Why This Matters
+
+- **Traceability**: Links code changes to requirements/bugs
+- **Project Management**: Enables automatic issue tracking and updates
+- **Release Notes**: Simplifies changelog generation
+- **Code Review**: Provides context for reviewers
+- **Documentation**: Easy to find all commits related to a specific issue
+
+---
+
+## Pull Request Process
+
+### 1. Create Your Branch
+
+```bash
+# Feature branch
+git checkout -b feature/TRCLI-123-add-xml-parser
+
+# Bug fix branch
+git checkout -b fix/TRCLI-456-api-timeout
+
+# Documentation
+git checkout -b docs/TRCLI-789-update-readme
+```
+
+### 2. PR Title Format (Semantic Commits)
+
+Use [Conventional Commits](https://www.conventionalcommits.org/) format:
+
+```
+type(scope): description
+```
+
+**Valid Types:**
+- `feat`: New feature
+- `fix`: Bug fix
+- `docs`: Documentation changes
+- `style`: Code style changes (formatting, no logic change)
+- `refactor`: Code refactoring (no feature change)
+- `perf`: Performance improvements
+- `test`: Adding or updating tests
+- `build`: Build system changes
+- `ci`: CI/CD pipeline changes
+- `chore`: Maintenance tasks
+
+**Examples:**
+```
+feat(parser): add support for JUnit XML format
+fix(api): handle timeout errors gracefully
+docs(readme): update installation instructions
+refactor(cli): simplify argument parsing logic
+test(parser): add edge case tests for empty files
+```
+
+### 3. Fill Out PR Template
+
+The PR template includes required sections:
+- Issue reference (GitHub or JIRA)
+- Solution description
+- Changes made
+- Test steps
+- Checklist items
+
+**All checklist items must be completed** before requesting review.
+
+### 4. Automated PR Checks
+
+When you open a PR, the following checks run automatically:
+
+#### ✅ PR Validation
+- Validates semantic PR title format
+- Checks for issue reference (JIRA or GitHub)
+- Ensures PR description is complete
+- Auto-labels PR based on type
+
+#### 🔒 Security Scanning
+- Scans dependencies for vulnerabilities
+- Checks code for security issues (Bandit)
+- Runs CodeQL analysis
+- Detects secrets in code
+
+#### 📋 Checklist Enforcement
+- Verifies all checklist items are checked
+- Ensures required sections are filled
+- Adds/removes labels based on completion
+
+---
+
+## Automated Checks
+
+### Build & Test Workflow
+
+Runs on every PR and push to main:
+- Tests on Python 3.10, 3.11, 3.12, 3.13
+- Tests on Ubuntu and Windows
+- Code coverage must be ≥ 80%
+- All tests must pass
+
+### Security Scanning
+
+**Runs on:**
+- Every PR
+- Push to main/release branches
+- Weekly schedule (Mondays 9 AM UTC)
+
+**Tools Used:**
+- `pip-audit`: Dependency vulnerabilities
+- `safety`: Known security issues
+- `bandit`: Code security analysis
+- `CodeQL`: Advanced code scanning
+- `Gitleaks`: Secret detection
+- `TruffleHog`: Credential scanning
+
+### PR Validation
+
+**Checks:**
+- Semantic PR title format
+- Issue reference (JIRA ticket or GitHub issue)
+- PR description completeness
+- Auto-labeling by PR type
+
+### Checklist Enforcement
+
+**Validates:**
+- All checklist items are completed
+- Required sections have content
+- Issue reference exists
+- Test steps provided
+
+**Labels:**
+- `ready-for-review`: All checks passed
+- `incomplete-pr`: Missing required items
+
+---
+
+## Troubleshooting
+
+### Pre-Commit Hook Failures
+
+#### "Black would reformat"
+**Problem**: Code formatting doesn't match Black style.
+
+**Solution**:
+```bash
+# Let Black fix it automatically
+pre-commit run black --all-files
+
+# Then commit again
+git add .
+git commit -m "Your commit message"
+```
+
+#### "Bandit found security issues"
+**Problem**: Security vulnerability detected in code.
+
+**Solution**:
+1. Review the Bandit output
+2. Fix the security issue
+3. If false positive, add `# nosec` comment with justification
+
+```python
+# Example: Intentional use of assert in non-production code
+assert value is not None  # nosec B101 - Test code only
+```
+
+### PR Check Failures
+
+#### "Semantic PR validation failed"
+**Problem**: PR title doesn't follow format.
+
+**Solution**: Edit PR title to match:
+```
+feat(scope): description
+fix(scope): description
+docs(scope): description
+```
+
+#### "Issue reference missing"
+**Problem**: No issue reference in PR title or description.
+
+**Solution**: Add issue reference:
+
+**JIRA ticket:**
+- In PR title: `feat(api): TRCLI-123 Add endpoint`
+- In PR body: Link to JIRA or mention `TRCLI-123`
+
+**GitHub issue:**
+- In PR title: `feat(api): GIT-456 Add endpoint` or `feat(api): #789 Add endpoint`
+- In PR body: `Fixes #123` or `Resolves GIT-456` or link to GitHub issue
+
+#### "Checklist incomplete"
+**Problem**: Not all checklist items are checked.
+
+**Solution**: Complete all items or remove non-applicable ones.
+
+### Security Scan Failures
+
+#### "High severity issues found"
+**Problem**: Bandit detected high-severity security issue.
+
+**Solution**:
+1. Review the security report in PR comments
+2. Fix the vulnerability
+3. Re-run the security scan
+4. If false positive, configure Bandit to skip specific checks
+
+#### "Vulnerable dependencies detected"
+**Problem**: Dependencies have known CVEs.
+
+**Solution**:
+```bash
+# Update vulnerable package
+pip install --upgrade <package-name>
+
+# Update requirements file
+pip freeze > requirements.txt
+
+# Commit changes
+git add requirements.txt
+git commit -m "TRCLI-XXX: Update dependencies to fix CVE-YYYY-NNNN"
+```
+
+---
+
+## Best Practices
+
+### Commit Frequently
+- Make small, logical commits
+- Each commit should have a single purpose
+- Write descriptive commit messages
+
+### Run Pre-Commit Before Pushing
+```bash
+# Test your changes locally first
+pre-commit run --all-files
+pytest tests/
+```
+
+### Keep PRs Small
+- Aim for <400 lines changed per PR
+- Break large features into multiple PRs
+- Easier to review and less likely to introduce bugs
+
+### Security First
+- Never commit secrets/credentials
+- Review security scan results
+- Address high-severity issues before merging
+
+### Test Coverage
+- Maintain ≥80% code coverage
+- Test edge cases
+- Include integration tests where applicable
+
+---
+
+## Quick Reference
+
+### Pre-Commit Commands
+```bash
+pre-commit install                    # Initial setup
+pre-commit install --hook-type commit-msg
+pre-commit run --all-files           # Run on all files
+pre-commit run <hook-id>             # Run specific hook
+SKIP=<hook-id> git commit            # Skip specific hook
+```
+
+### Git Workflow
+```bash
+# Using JIRA ticket
+git checkout -b feature/TRCLI-123-description
+git add .
+git commit -m "TRCLI-123: Description"
+git push origin feature/TRCLI-123-description
+
+# Using GitHub issue
+git checkout -b feature/GIT-456-description
+git add .
+git commit -m "GIT-456: Description"
+# or
+git commit -m "#456: Description"
+git push origin feature/GIT-456-description
+
+# Open PR with semantic title
+```
+
+### Testing
+```bash
+pytest tests/                         # Run all tests
+pytest tests/test_xyz.py             # Run specific test
+pytest --cov=trcli --cov-report=html # Coverage report
+```
+
+### Useful Links
+- [Conventional Commits](https://www.conventionalcommits.org/)
+- [Pre-commit Framework](https://pre-commit.com/)
+- [Bandit Security Tool](https://bandit.readthedocs.io/)
+
+---
+
+## Getting Help
+
+- **Pre-commit issues**: Check `.pre-commit-config.yaml` configuration
+- **PR workflow issues**: Review `.github/workflows/` files
+- **General questions**: Open an issue or ask in team chat
+
+Happy coding! 🚀
diff --git a/setup-dev-tools.sh b/setup-dev-tools.sh
new file mode 100755
index 0000000..00016dd
--- /dev/null
+++ b/setup-dev-tools.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# TRCLI Development Tools Setup Script
+# This script sets up pre-commit hooks and development tools
+
+set -e
+
+echo "=========================================="
+echo "TRCLI Development Tools Setup"
+echo "=========================================="
+echo ""
+
+# Check Python version
+echo "Checking Python version..."
+python_version=$(python3 --version 2>&1 | awk '{print $2}')
+echo "✓ Python version: $python_version"
+echo ""
+
+# Install pre-commit
+echo "Installing pre-commit..."
+pip install pre-commit
+echo "✓ Pre-commit installed"
+echo ""
+
+# Install git hooks
+echo "Installing git hooks..."
+pre-commit install
+echo "✓ Git hooks installed"
+echo ""
+
+# Run pre-commit on all files (optional)
+echo "Would you like to run pre-commit checks on all files now? (y/n)"
+read -r response
+if [[ "$response" == "y" || "$response" == "Y" ]]; then
+    echo "Running pre-commit checks..."
+    pre-commit run --all-files || true
+    echo ""
+fi
+
+echo "=========================================="
+echo "Setup Complete! ✓"
+echo "=========================================="
+echo ""
+echo "Next steps:"
+echo "1. Read DEVELOPMENT_WORKFLOW.md for detailed guidelines"
+echo "2. Use semantic PR titles (e.g., feat(api): add new endpoint)"
+echo "3. Include issue references in commits for traceability (recommended)"
+echo ""
+echo "Happy coding! 🚀"

From 76e5dbc29bdde1eb78870c4c11a6cd0b5435e1bf Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 18:18:13 +0800
Subject: [PATCH 10/15] TRCLI-185 Updated workflow files

---
 .github/workflows/pr-validation.yml | 29 ------------------
 .github/workflows/security-scan.yml | 22 --------------
 .pre-commit-config.yaml             |  8 -----
 DEVELOPMENT_WORKFLOW.md             | 47 ++---------------------------
 4 files changed, 2 insertions(+), 104 deletions(-)

diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
index 4622717..f2c64f0 100644
--- a/.github/workflows/pr-validation.yml
+++ b/.github/workflows/pr-validation.yml
@@ -16,34 +16,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Validate PR Title Format
-        id: validate_title
-        uses: amannn/action-semantic-pull-request@v5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          # Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert
-          types: |
-            feat
-            fix
-            docs
-            style
-            refactor
-            perf
-            test
-            build
-            ci
-            chore
-            revert
-          requireScope: false
-          subjectPattern: ^(?![A-Z]).+$
-          subjectPatternError: |
-            The subject "{subject}" found in the pull request title "{title}"
-            didn't match the configured pattern. Please ensure that the subject
-            doesn't start with an uppercase character.
-          wip: false
-          validateSingleCommit: false
-
       - name: Check for Issue Reference
         id: check_issue
         run: |
@@ -172,7 +144,6 @@ jobs:
 
             | Check | Status |
             |-------|--------|
-            | Semantic PR Title | ✅ Valid |
             | Issue Reference | ${issueStatus} |
             | Issue Section | ${hasIssue ? '✅ Present' : '⚠️ Missing'} |
             | Solution Description | ${hasSolution ? '✅ Present' : '⚠️ Missing'} |
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 1a3ec13..b202764 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -179,25 +179,3 @@ jobs:
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:python"
-
-  secret-scanning:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Run Gitleaks
-        uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
-
-      - name: TruffleHog Secret Scan
-        uses: trufflesecurity/trufflehog@main
-        with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
-          extra_args: --debug --only-verified
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0e743bb..72f9385 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,11 +19,3 @@ repos:
       - id: flake8
         args: ['--max-line-length=120', '--extend-ignore=E203,W503']
         additional_dependencies: [flake8-docstrings, flake8-bugbear]
-
-  # Security scanning
-  - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.10
-    hooks:
-      - id: bandit
-        args: [-c, .bandit, -r]
-        exclude: ^tests/
diff --git a/DEVELOPMENT_WORKFLOW.md b/DEVELOPMENT_WORKFLOW.md
index 359dc2d..2640b6b 100644
--- a/DEVELOPMENT_WORKFLOW.md
+++ b/DEVELOPMENT_WORKFLOW.md
@@ -42,9 +42,6 @@ The pre-commit hooks run the following checks automatically:
 #### Linting
 - **flake8** - PEP8 linting with docstrings and bugbear checks
 
-#### Security
-- **bandit** - Security vulnerability scanner (excludes tests)
-
 ### Skipping Hooks (Use Sparingly)
 
 ```bash
@@ -119,9 +116,9 @@ git checkout -b fix/TRCLI-456-api-timeout
 git checkout -b docs/TRCLI-789-update-readme
 ```
 
-### 2. PR Title Format (Semantic Commits)
+### 2. PR Title Format (Recommended)
 
-Use [Conventional Commits](https://www.conventionalcommits.org/) format:
+It's recommended to use [Conventional Commits](https://www.conventionalcommits.org/) format for clarity:
 
 ```
 type(scope): description
@@ -164,16 +161,13 @@ The PR template includes required sections:
 When you open a PR, the following checks run automatically:
 
 #### ✅ PR Validation
-- Validates semantic PR title format
 - Checks for issue reference (JIRA or GitHub)
 - Ensures PR description is complete
 - Auto-labels PR based on type
 
 #### 🔒 Security Scanning
 - Scans dependencies for vulnerabilities
-- Checks code for security issues (Bandit)
 - Runs CodeQL analysis
-- Detects secrets in code
 
 #### 📋 Checklist Enforcement
 - Verifies all checklist items are checked
@@ -202,15 +196,11 @@ Runs on every PR and push to main:
 **Tools Used:**
 - `pip-audit`: Dependency vulnerabilities
 - `safety`: Known security issues
-- `bandit`: Code security analysis
 - `CodeQL`: Advanced code scanning
-- `Gitleaks`: Secret detection
-- `TruffleHog`: Credential scanning
 
 ### PR Validation
 
 **Checks:**
-- Semantic PR title format
 - Issue reference (JIRA ticket or GitHub issue)
 - PR description completeness
 - Auto-labeling by PR type
@@ -246,31 +236,8 @@ git add .
 git commit -m "Your commit message"
 ```
 
-#### "Bandit found security issues"
-**Problem**: Security vulnerability detected in code.
-
-**Solution**:
-1. Review the Bandit output
-2. Fix the security issue
-3. If false positive, add `# nosec` comment with justification
-
-```python
-# Example: Intentional use of assert in non-production code
-assert value is not None  # nosec B101 - Test code only
-```
-
 ### PR Check Failures
 
-#### "Semantic PR validation failed"
-**Problem**: PR title doesn't follow format.
-
-**Solution**: Edit PR title to match:
-```
-feat(scope): description
-fix(scope): description
-docs(scope): description
-```
-
 #### "Issue reference missing"
 **Problem**: No issue reference in PR title or description.
 
@@ -291,15 +258,6 @@ docs(scope): description
 
 ### Security Scan Failures
 
-#### "High severity issues found"
-**Problem**: Bandit detected high-severity security issue.
-
-**Solution**:
-1. Review the security report in PR comments
-2. Fix the vulnerability
-3. Re-run the security scan
-4. If false positive, configure Bandit to skip specific checks
-
 #### "Vulnerable dependencies detected"
 **Problem**: Dependencies have known CVEs.
 
@@ -389,7 +347,6 @@ pytest --cov=trcli --cov-report=html # Coverage report
 ### Useful Links
 - [Conventional Commits](https://www.conventionalcommits.org/)
 - [Pre-commit Framework](https://pre-commit.com/)
-- [Bandit Security Tool](https://bandit.readthedocs.io/)
 
 ---
 

From 5b79a0327e8982907a19199494eb93327e8f1837 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Mon, 27 Oct 2025 18:39:46 +0800
Subject: [PATCH 11/15] TRCLI-185 Updated workflow files

---
 .github/workflows/security-scan.yml | 43 +----------------------------
 1 file changed, 1 insertion(+), 42 deletions(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index b202764..f130815 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -64,23 +64,6 @@ jobs:
             safety check --file tests/requirements.txt >> safety_report.txt || true
           fi
 
-      - name: Run Bandit security scan
-        id: bandit
-        continue-on-error: true
-        run: |
-          pip install bandit
-          echo "### Bandit Security Scan" > bandit_report.txt
-          bandit -r trcli/ -f json -o bandit.json || true
-          bandit -r trcli/ -f txt >> bandit_report.txt || true
-
-          # Check for high severity issues
-          if [ -f bandit.json ]; then
-            HIGH_SEVERITY=$(cat bandit.json | grep -o '"issue_severity": "HIGH"' | wc -l)
-            echo "high_severity=$HIGH_SEVERITY" >> $GITHUB_OUTPUT
-          else
-            echo "high_severity=0" >> $GITHUB_OUTPUT
-          fi
-
       - name: Upload security reports as artifacts
         uses: actions/upload-artifact@v4
         with:
@@ -119,26 +102,9 @@ jobs:
               console.log('No safety report');
             }
 
-            // Read bandit report
-            try {
-              if (fs.existsSync('bandit_report.txt')) {
-                const bandit = fs.readFileSync('bandit_report.txt', 'utf8');
-                const highSeverity = parseInt('${{ steps.bandit.outputs.high_severity }}');
-
-                if (highSeverity > 0) {
-                  comment += `### ⚠️ HIGH SEVERITY ISSUES FOUND: ${highSeverity}\n\n`;
-                }
-
-                comment += `<details><summary>🔍 Code Security Scan (Bandit)</summary>\n\n\`\`\`\n${bandit.substring(0, 50000)}\n\`\`\`\n</details>\n\n`;
-              }
-            } catch (e) {
-              console.log('No bandit report');
-            }
-
             const vulnerabilitiesFound = '${{ steps.pip_audit.outputs.vulnerabilities_found }}' === 'true';
-            const highSeverity = parseInt('${{ steps.bandit.outputs.high_severity }}');
 
-            if (!vulnerabilitiesFound && highSeverity === 0) {
+            if (!vulnerabilitiesFound) {
               comment += `\n✅ **No critical security issues detected!**\n`;
             } else {
               comment += `\n⚠️ **Security issues detected. Please review and address.**\n`;
@@ -153,13 +119,6 @@ jobs:
               body: comment
             });
 
-      - name: Fail if critical vulnerabilities found
-        if: steps.bandit.outputs.high_severity > 0
-        run: |
-          echo "::error::High severity security issues found!"
-          echo "Please review the Bandit report and address security concerns."
-          exit 1
-
   code-scanning:
     runs-on: ubuntu-latest
     steps:

From eb4eaae227ba5cc6425933c6e52d3b9150a9f794 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Tue, 28 Oct 2025 17:19:05 +0800
Subject: [PATCH 12/15] TRCLI-170 Updated verbose logging and uploader metadata
 value

---
 trcli/api/api_client.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/trcli/api/api_client.py b/trcli/api/api_client.py
index 4b7c3a1..bc24248 100644
--- a/trcli/api/api_client.py
+++ b/trcli/api/api_client.py
@@ -113,7 +113,7 @@ def __send_request(self, method: str, uri: str, payload: dict, files: Dict[str,
             error_message = ""
             try:
                 verbose_log_message = APIClient.format_request_for_vlog(
-                    method=method, url=url, payload=payload
+                    method=method, url=url, payload=payload, headers=headers
                 )
                 if method == "POST":
                     request_kwargs = {
@@ -308,19 +308,26 @@ def build_uploader_metadata(version: str) -> str:
             "app_version": version,
             "os": platform.system().lower(),
             "arch": platform.machine(),
-            "run_mode": "ci" if os.getenv("CI") else "manual",
+            "run_mode": "ci" if os.getenv("CI") else "other",
             "container": os.path.exists("/.dockerenv"),
         }
 
         return base64.b64encode(json.dumps(data).encode()).decode()
 
     @staticmethod
-    def format_request_for_vlog(method: str, url: str, payload: dict):
-        return (
+    def format_request_for_vlog(method: str, url: str, payload: dict, headers: dict = None):
+        log_message = (
             f"\n**** API Call\n"
             f"method: {method}\n"
-            f"url: {url}\n" + (f"payload: {payload}\n" if payload else "")
+            f"url: {url}\n"
         )
+        if headers:
+            log_message += "headers:\n"
+            for key, value in headers.items():
+                log_message += f"  {key}: {value}\n"
+        if payload:
+            log_message += f"payload: {payload}\n"
+        return log_message
 
     @staticmethod
     def format_response_for_vlog(status_code, body):

From 9a8b8cd66d2f218c3b229fb0de4eebe807c89089 Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Wed, 29 Oct 2025 14:51:42 +0800
Subject: [PATCH 13/15] TRCLI-185 Revised workflow and simplified pr validation
 process

---
 .bandit                             |   8 --
 .github/workflows/pr-validation.yml |  25 -----
 .github/workflows/security-scan.yml | 140 ----------------------------
 .pre-commit-config.yaml             |   8 --
 DEVELOPMENT_WORKFLOW.md             |  44 ---------
 5 files changed, 225 deletions(-)
 delete mode 100644 .bandit
 delete mode 100644 .github/workflows/security-scan.yml

diff --git a/.bandit b/.bandit
deleted file mode 100644
index aa259f8..0000000
--- a/.bandit
+++ /dev/null
@@ -1,8 +0,0 @@
-# Bandit security scanner configuration (YAML format)
-exclude_dirs:
-  - '/tests/'
-  - '/tests_e2e/'
-  - '/venv/'
-  - '/.venv/'
-  - '/build/'
-  - '/dist/'
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
index f2c64f0..215d98a 100644
--- a/.github/workflows/pr-validation.yml
+++ b/.github/workflows/pr-validation.yml
@@ -75,31 +75,6 @@ jobs:
               This helps with tracking and project management. Thank you!`
             })
 
-      - name: Auto-label PR based on type
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const title = context.payload.pull_request.title.toLowerCase();
-            const labels = [];
-
-            if (title.startsWith('feat')) labels.push('feature');
-            else if (title.startsWith('fix')) labels.push('bug');
-            else if (title.startsWith('docs')) labels.push('documentation');
-            else if (title.startsWith('refactor')) labels.push('refactoring');
-            else if (title.startsWith('test')) labels.push('testing');
-            else if (title.startsWith('perf')) labels.push('performance');
-            else if (title.startsWith('ci') || title.startsWith('build')) labels.push('ci/cd');
-
-            if (labels.length > 0) {
-              await github.rest.issues.addLabels({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.issue.number,
-                labels: labels
-              });
-            }
-
       - name: Check PR Description Completeness
         id: check_description
         run: |
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
deleted file mode 100644
index f130815..0000000
--- a/.github/workflows/security-scan.yml
+++ /dev/null
@@ -1,140 +0,0 @@
-name: Security Scanning
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-  push:
-    branches:
-      - main
-      - 'release/**'
-  schedule:
-    # Run weekly on Mondays at 9 AM UTC
-    - cron: '0 9 * * 1'
-
-permissions:
-  contents: read
-  pull-requests: write
-  security-events: write
-  issues: write
-
-jobs:
-  dependency-security:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.10'
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install pip-audit safety
-
-      - name: Run pip-audit
-        id: pip_audit
-        continue-on-error: true
-        run: |
-          echo "### Pip Audit Results" > pip_audit_report.txt
-          pip-audit --desc --format json > pip_audit.json || true
-          pip-audit --desc >> pip_audit_report.txt || true
-
-          if [ -s pip_audit.json ]; then
-            echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
-          else
-            echo "vulnerabilities_found=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Run Safety check
-        id: safety
-        continue-on-error: true
-        run: |
-          echo "### Safety Check Results" > safety_report.txt
-
-          # Check if requirements files exist
-          if [ -f requirements.txt ]; then
-            safety check --file requirements.txt --json > safety.json || true
-            safety check --file requirements.txt >> safety_report.txt || true
-          fi
-
-          if [ -f tests/requirements.txt ]; then
-            safety check --file tests/requirements.txt >> safety_report.txt || true
-          fi
-
-      - name: Upload security reports as artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: security-reports
-          path: |
-            *_report.txt
-            *.json
-          retention-days: 30
-
-      - name: Comment on PR with security findings
-        if: github.event_name == 'pull_request'
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const fs = require('fs');
-            let comment = `## 🔒 Security Scan Results\n\n`;
-
-            // Read pip-audit report
-            try {
-              if (fs.existsSync('pip_audit_report.txt')) {
-                const pipAudit = fs.readFileSync('pip_audit_report.txt', 'utf8');
-                comment += `<details><summary>📦 Dependency Vulnerabilities (pip-audit)</summary>\n\n\`\`\`\n${pipAudit}\n\`\`\`\n</details>\n\n`;
-              }
-            } catch (e) {
-              console.log('No pip-audit report');
-            }
-
-            // Read safety report
-            try {
-              if (fs.existsSync('safety_report.txt')) {
-                const safety = fs.readFileSync('safety_report.txt', 'utf8');
-                comment += `<details><summary>🛡️ Safety Check Results</summary>\n\n\`\`\`\n${safety}\n\`\`\`\n</details>\n\n`;
-              }
-            } catch (e) {
-              console.log('No safety report');
-            }
-
-            const vulnerabilitiesFound = '${{ steps.pip_audit.outputs.vulnerabilities_found }}' === 'true';
-
-            if (!vulnerabilitiesFound) {
-              comment += `\n✅ **No critical security issues detected!**\n`;
-            } else {
-              comment += `\n⚠️ **Security issues detected. Please review and address.**\n`;
-            }
-
-            comment += `\n---\n*Security scan completed. Full reports available in workflow artifacts.*`;
-
-            await github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: comment
-            });
-
-  code-scanning:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: python
-          queries: security-extended
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:python"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 72f9385..ad5bc89 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -11,11 +11,3 @@ repos:
       - id: black
         language_version: python3.10
         args: [--line-length=120]
-
-  # Linting and code quality
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.1.1
-    hooks:
-      - id: flake8
-        args: ['--max-line-length=120', '--extend-ignore=E203,W503']
-        additional_dependencies: [flake8-docstrings, flake8-bugbear]
diff --git a/DEVELOPMENT_WORKFLOW.md b/DEVELOPMENT_WORKFLOW.md
index 2640b6b..36f2168 100644
--- a/DEVELOPMENT_WORKFLOW.md
+++ b/DEVELOPMENT_WORKFLOW.md
@@ -39,9 +39,6 @@ The pre-commit hooks run the following checks automatically:
 #### Code Formatting
 - **Black** - Python code formatter (line length: 120)
 
-#### Linting
-- **flake8** - PEP8 linting with docstrings and bugbear checks
-
 ### Skipping Hooks (Use Sparingly)
 
 ```bash
@@ -163,11 +160,6 @@ When you open a PR, the following checks run automatically:
 #### ✅ PR Validation
 - Checks for issue reference (JIRA or GitHub)
 - Ensures PR description is complete
-- Auto-labels PR based on type
-
-#### 🔒 Security Scanning
-- Scans dependencies for vulnerabilities
-- Runs CodeQL analysis
 
 #### 📋 Checklist Enforcement
 - Verifies all checklist items are checked
@@ -186,24 +178,11 @@ Runs on every PR and push to main:
 - Code coverage must be ≥ 80%
 - All tests must pass
 
-### Security Scanning
-
-**Runs on:**
-- Every PR
-- Push to main/release branches
-- Weekly schedule (Mondays 9 AM UTC)
-
-**Tools Used:**
-- `pip-audit`: Dependency vulnerabilities
-- `safety`: Known security issues
-- `CodeQL`: Advanced code scanning
-
 ### PR Validation
 
 **Checks:**
 - Issue reference (JIRA ticket or GitHub issue)
 - PR description completeness
-- Auto-labeling by PR type
 
 ### Checklist Enforcement
 
@@ -256,24 +235,6 @@ git commit -m "Your commit message"
 
 **Solution**: Complete all items or remove non-applicable ones.
 
-### Security Scan Failures
-
-#### "Vulnerable dependencies detected"
-**Problem**: Dependencies have known CVEs.
-
-**Solution**:
-```bash
-# Update vulnerable package
-pip install --upgrade <package-name>
-
-# Update requirements file
-pip freeze > requirements.txt
-
-# Commit changes
-git add requirements.txt
-git commit -m "TRCLI-XXX: Update dependencies to fix CVE-YYYY-NNNN"
-```
-
 ---
 
 ## Best Practices
@@ -295,11 +256,6 @@ pytest tests/
 - Break large features into multiple PRs
 - Easier to review and less likely to introduce bugs
 
-### Security First
-- Never commit secrets/credentials
-- Review security scan results
-- Address high-severity issues before merging
-
 ### Test Coverage
 - Maintain ≥80% code coverage
 - Test edge cases

From 0312e60eb61d5461cc37f0c5f106cfc5bbf5c0ba Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Fri, 31 Oct 2025 10:27:41 +0800
Subject: [PATCH 14/15] Update changelog for 1.12.3 release

---
 CHANGELOG.MD | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.MD b/CHANGELOG.MD
index 499b899..844310e 100644
--- a/CHANGELOG.MD
+++ b/CHANGELOG.MD
@@ -8,10 +8,11 @@ This project adheres to [Semantic Versioning](https://semver.org/). Version numb
 
 ## [1.12.3]
 
-_released 11-03-2025
+_released 10-31-2025
 
 ### Added
- - Improve instrumentation/analytics for all API requests
+ - Enhanced TRCLI analytics integration with TestRail API enabling better tracking and insight into usage patterns.
+ - Introduced new development workflow improvements to streamline the contributor and release process.
 
 ## [1.12.2]
 

From 94f82fdbda373583785156b3b062883852c6028c Mon Sep 17 00:00:00 2001
From: acuanico-tr-galt <arnel.cuanico@sembi.com>
Date: Fri, 31 Oct 2025 10:44:48 +0800
Subject: [PATCH 15/15] TRCLI-170 update affected unit tests due to change in
 verbose logging

---
 tests/test_api_client.py | 119 ++++++++++++++++++---------------------
 1 file changed, 55 insertions(+), 64 deletions(-)

diff --git a/tests/test_api_client.py b/tests/test_api_client.py
index 49e95a4..4f64f45 100644
--- a/tests/test_api_client.py
+++ b/tests/test_api_client.py
@@ -45,9 +45,7 @@ class TestAPIClient:
     def test_send_get_status_code_success(self, api_resources, requests_mock):
         """The purpose of this test is to check behaviour of send_get one receiving successful status code.
         Check that response was packed into APIClientResult, retry mechanism was not triggered."""
-        requests_mock.get(
-            create_url("get_projects"), status_code=200, json=FAKE_PROJECT_DATA
-        )
+        requests_mock.get(create_url("get_projects"), status_code=200, json=FAKE_PROJECT_DATA)
         api_client = api_resources
         response = api_client.send_get("get_projects")
 
@@ -58,9 +56,7 @@ def test_send_get_status_code_success(self, api_resources, requests_mock):
     def test_send_post_status_code_success(self, api_resources, requests_mock):
         """The purpose of this test is to check behaviour of send_post one receiving successful status code.
         Check that response was packed into APIClientResult, retry mechanism was not triggered."""
-        requests_mock.post(
-            create_url("add_project"), status_code=201, json=FAKE_PROJECT_DATA
-        )
+        requests_mock.post(create_url("add_project"), status_code=201, json=FAKE_PROJECT_DATA)
         api_client = api_resources
         response = api_client.send_post("add_project", FAKE_PROJECT_DATA)
 
@@ -82,17 +78,13 @@ def test_send_get_status_code_not_success(self, api_resources, requests_mock):
         )
 
         check_calls_count(requests_mock)
-        check_response(
-            400, INVALID_TEST_CASE_ERROR, INVALID_TEST_CASE_ERROR["error"], response
-        )
+        check_response(400, INVALID_TEST_CASE_ERROR, INVALID_TEST_CASE_ERROR["error"], response)
 
     @pytest.mark.api_client
     def test_send_post_status_code_not_success(self, api_resources, requests_mock):
         """The purpose of this test is to check behaviour of send_post one receiving not successful status code.
         Check that response was packed into APIClientResult, retry mechanism was not triggered."""
-        requests_mock.post(
-            create_url("add_project"), status_code=403, json=NO_PERMISSION_PROJECT_ERROR
-        )
+        requests_mock.post(create_url("add_project"), status_code=403, json=NO_PERMISSION_PROJECT_ERROR)
         api_client = api_resources
         response = api_client.send_post("add_project", {"fake_project_data": "data"})
 
@@ -106,9 +98,7 @@ def test_send_post_status_code_not_success(self, api_resources, requests_mock):
 
     @pytest.mark.api_client
     @pytest.mark.parametrize("retries, retry_after", [(4, "30"), (10, "60")])
-    def test_retry_mechanism_too_many_requests(
-        self, retries, retry_after, api_resources_maker, requests_mock, mocker
-    ):
+    def test_retry_mechanism_too_many_requests(self, retries, retry_after, api_resources_maker, requests_mock, mocker):
         """The purpose of this test is to check that retry mechanism will work as expected when
         429 - too many requests will be received as an answer on get request."""
         requests_mock.get(
@@ -161,6 +151,9 @@ def test_retry_mechanism_exceptions(
                 f"\n**** API Call\n"
                 f"method: GET\n"
                 f"url: https://FakeTestRail.io/index.php?/api/v2/get_projects\n"
+                f"headers:\n"
+                f"  User-Agent: TRCLI\n"
+                f"  Content-Type: application/json\n"
             ),
         ]
 
@@ -182,6 +175,9 @@ def test_request_exception(self, api_resources_maker, requests_mock, mocker):
                 f"\n**** API Call\n"
                 f"method: GET\n"
                 f"url: https://FakeTestRail.io/index.php?/api/v2/get_projects\n"
+                f"headers:\n"
+                f"  User-Agent: TRCLI\n"
+                f"  Content-Type: application/json\n"
             )
         ]
         response = api_client.send_get("get_projects")
@@ -190,9 +186,7 @@ def test_request_exception(self, api_resources_maker, requests_mock, mocker):
         check_response(
             -1,
             "",
-            FAULT_MAPPING["unexpected_error_during_request_send"].format(
-                request=request
-            ),
+            FAULT_MAPPING["unexpected_error_during_request_send"].format(request=request),
             response,
         )
         environment.vlog.assert_has_calls(expected_log_calls)
@@ -236,7 +230,8 @@ def test_not_json_response(self, api_resources, requests_mock, mocker):
         api_client = api_resources
         response = api_client.send_get("get_projects")
         check_calls_count(requests_mock)
-        check_response(200, content, content, response)
+        expected_error_message = FAULT_MAPPING["invalid_json_response"].format(status_code=200, response_preview="Test")
+        check_response(200, str(content), expected_error_message, response)
 
     @pytest.mark.api_client
     def test_api_calls_are_logged(self, api_resources_maker, requests_mock, mocker):
@@ -248,6 +243,9 @@ def test_api_calls_are_logged(self, api_resources_maker, requests_mock, mocker):
                 f"\n**** API Call\n"
                 f"method: GET\n"
                 f"url: https://FakeTestRail.io/index.php?/api/v2/get_projects\n"
+                f"headers:\n"
+                f"  User-Agent: TRCLI\n"
+                f"  Content-Type: application/json\n"
                 f"response status code: 200\n"
                 f"response body: ['test', 'list']\n"
                 "****"
@@ -270,9 +268,7 @@ def test_api_calls_are_logged(self, api_resources_maker, requests_mock, mocker):
         ],
         ids=["float", "int", "int as string", "float as string", "invalid value"],
     )
-    def test_timeout_is_parsed_and_validated(
-        self, timeout_value, expected_message, api_resources_maker, mocker
-    ):
+    def test_timeout_is_parsed_and_validated(self, timeout_value, expected_message, api_resources_maker, mocker):
         environment = mocker.patch("trcli.cli.Environment")
         api_client = api_resources_maker(environment=environment, timeout=timeout_value)
 
@@ -283,7 +279,7 @@ def test_timeout_is_parsed_and_validated(
                 environment.log.assert_has_calls([mocker.call(TIMEOUT_PARSE_ERROR)])
 
     @pytest.mark.api_client
-    @patch('requests.post')
+    @patch("requests.post")
     def test_send_post_with_json_default(self, mock_post, api_resources_maker):
         """Test that send_post uses JSON by default"""
         # Mock response
@@ -302,22 +298,22 @@ def test_send_post_with_json_default(self, mock_post, api_resources_maker):
         # Verify the result
         assert result.status_code == 200
         assert result.response_text == {"id": 1, "title": "Test"}
-        
+
         # Verify JSON was used
         mock_post.assert_called_once()
         call_args = mock_post.call_args
-        
+
         # Should use json parameter, not data
-        assert 'json' in call_args[1]
-        assert 'data' not in call_args[1]
-        assert call_args[1]['json'] == {":title": "Test Label"}
-        
+        assert "json" in call_args[1]
+        assert "data" not in call_args[1]
+        assert call_args[1]["json"] == {":title": "Test Label"}
+
         # Should have JSON content type header
-        headers = call_args[1]['headers']
-        assert headers.get('Content-Type') == 'application/json'
+        headers = call_args[1]["headers"]
+        assert headers.get("Content-Type") == "application/json"
 
     @pytest.mark.api_client
-    @patch('requests.post')
+    @patch("requests.post")
     def test_send_post_with_form_data_true(self, mock_post, api_resources_maker):
         """Test that send_post uses form-data when as_form_data=True"""
         # Mock response
@@ -340,21 +336,21 @@ def test_send_post_with_form_data_true(self, mock_post, api_resources_maker):
         # Verify form-data was used
         mock_post.assert_called_once()
         call_args = mock_post.call_args
-        
+
         # Should use data parameter, not json
-        assert 'data' in call_args[1]
-        assert 'json' not in call_args[1]
-        assert call_args[1]['data'] == {":title": "Test Label"}
-        
+        assert "data" in call_args[1]
+        assert "json" not in call_args[1]
+        assert call_args[1]["data"] == {":title": "Test Label"}
+
         # Should NOT have files parameter (uses application/x-www-form-urlencoded)
-        assert 'files' not in call_args[1] or call_args[1]['files'] is None
-        
+        assert "files" not in call_args[1] or call_args[1]["files"] is None
+
         # Should NOT have JSON content type header when using form-data
-        headers = call_args[1]['headers']
-        assert headers.get('Content-Type') != 'application/json'
+        headers = call_args[1]["headers"]
+        assert headers.get("Content-Type") != "application/json"
 
     @pytest.mark.api_client
-    @patch('requests.post')
+    @patch("requests.post")
     def test_send_post_with_form_data_false(self, mock_post, api_resources_maker):
         """Test that send_post uses JSON when as_form_data=False explicitly"""
         # Mock response
@@ -377,18 +373,18 @@ def test_send_post_with_form_data_false(self, mock_post, api_resources_maker):
         # Verify JSON was used
         mock_post.assert_called_once()
         call_args = mock_post.call_args
-        
+
         # Should use json parameter, not data
-        assert 'json' in call_args[1]
-        assert 'data' not in call_args[1]
-        assert call_args[1]['json'] == {":title": "Test Label"}
-        
+        assert "json" in call_args[1]
+        assert "data" not in call_args[1]
+        assert call_args[1]["json"] == {":title": "Test Label"}
+
         # Should have JSON content type header
-        headers = call_args[1]['headers']
-        assert headers.get('Content-Type') == 'application/json'
+        headers = call_args[1]["headers"]
+        assert headers.get("Content-Type") == "application/json"
 
     @pytest.mark.api_client
-    @patch('requests.post')
+    @patch("requests.post")
     def test_send_post_with_files_and_form_data(self, mock_post, api_resources_maker):
         """Test that send_post handles files parameter with form-data"""
         # Mock response
@@ -403,12 +399,7 @@ def test_send_post_with_files_and_form_data(self, mock_post, api_resources_maker
 
         # Call send_post with files and form-data
         files = {"file1": "/path/to/file"}
-        result = api_client.send_post(
-            "test_endpoint", 
-            {":title": "Test Label"}, 
-            files=files, 
-            as_form_data=True
-        )
+        result = api_client.send_post("test_endpoint", {":title": "Test Label"}, files=files, as_form_data=True)
 
         # Verify the result
         assert result.status_code == 200
@@ -417,14 +408,14 @@ def test_send_post_with_files_and_form_data(self, mock_post, api_resources_maker
         # Verify form-data was used
         mock_post.assert_called_once()
         call_args = mock_post.call_args
-        
+
         # Should use data parameter, not json
-        assert 'data' in call_args[1]
-        assert 'json' not in call_args[1]
-        assert call_args[1]['data'] == {":title": "Test Label"}
+        assert "data" in call_args[1]
+        assert "json" not in call_args[1]
+        assert call_args[1]["data"] == {":title": "Test Label"}
         # Files should be passed through as provided (not replaced with empty dict)
-        assert call_args[1]['files'] == files
-        
+        assert call_args[1]["files"] == files
+
         # Should NOT have JSON content type header when using files
-        headers = call_args[1]['headers']
-        assert headers.get('Content-Type') != 'application/json'
+        headers = call_args[1]["headers"]
+        assert headers.get("Content-Type") != "application/json"