feat: improve test coverage (#138)

* feat: improve test coverage * chore: sonarcloud issues fixed * refactor: migrate test constants and improve test security Move all test-only constants from appconstants to testutil package for better separation of concerns. Remove 11 unused constants as dead code elimination. Add comprehensive path validation and security improvements: - Validate file paths with filepath.Clean before write operations - Add path traversal tests for directory discovery and output resolution - Protect against ../ escape sequences in test file operations Refactor error handler tests for accuracy: - Remove TestHandleSimpleError (duplicate coverage of TestDetermineErrorCode) - Rename TestHandleFatalError to TestFatalErrorComponents to reflect actual behavior * feat: comprehensive test coverage improvements and critical security fixes This commit combines extensive test coverage enhancements with critical code quality and security fixes identified by CodeRabbit static analysis. Security & Critical Fixes: - Fix path traversal vulnerability in resolveOutputPath allowing arbitrary file writes outside intended output directory via ../ - Add validation rejecting filenames with ".." components - Verify resolved paths stay within output directory using filepath.Rel() - Change resolveOutputPath signature from string to (string, error) - Remove duplicate error logging in depsUpgradeHandler (logged twice) - Fix race conditions in TestConfigWizardHandler_Initialization and TestSetupDepsUpgrade by removing t.Parallel() on globalConfig mutations Test Coverage Improvements: - Add comprehensive dependency updater tests (778 new lines in updater_test.go) - Add wizard detector tests with 431 new lines covering action detection logic - Expand main_test.go with 1900+ lines of CLI command integration tests - Implement orphaned test TestConfigurationLoaderApplyRepoOverridesWithRepoRoot testing git repository detection (HTTPS/SSH URLs, non-matching repos) - Add 40+ new YAML test fixtures for dependencies, error scenarios, and actions - Create test utilities: interface_mocks.go, mocks.go, path_validation.go - Remove incorrect t.Helper() from TestShowSummaryWithTokenFromEnv Code Quality: - Extract duplicate string literals to constants (ErrFailedToResolveOutputPath, ErrNoActionFilesFound, ErrPathTraversal, ErrInvalidOutputPath) - Update linter configuration and Makefile for improved code quality checks - Add Serena configuration for semantic code analysis - Update CLAUDE.md and README.md with comprehensive development documentation Test Coverage Statistics: - 18 test files modified - 40+ new test fixture files added - 62 total test-related files changed - 5,526 lines added, 1,007 deleted * refactor: reduce cognitive complexity in analyzer and detector Phase 1: Fix production code complexity issues per SonarCloud PR #138. analyzer.go (line 593): - Extracted applyUpdatesToLines() for nested loop logic with early continue - Extracted validateAndRollbackOnFailure() for validation/rollback logic - Reduced cognitive complexity from 16 to under 15 detector.go (line 228): - Extracted validateDirectoryPath() for path traversal checks - Extracted processWalkDirEntry() for WalkDir callback logic - Extracted handleDirectoryEntry() for directory entry handling - Reduced cognitive complexity from 19 to under 15 All tests passing, no regressions. * refactor: extract duplicated string literals to constants Phase 2 Group A: Extract constants from main_test.go (14 SonarCloud duplication issues). Changes: - Added test-specific constants to appconstants/constants.go: * TestCmd* - Command names (gen, config, validate, deps, show, list) * TestErrorScenario* - Test fixture paths for error scenarios * TestMinimalAction - Minimal YAML action content * TestScenarioNoDeps - Common test scenario description - Replaced duplicated string literals in main_test.go: * "gen" → appconstants.TestCmdGen (11 occurrences) * "config" → appconstants.TestCmdConfig (8 occurrences) * "validate" → appconstants.TestCmdValidate (6 occurrences) * "json" → appconstants.OutputFormatJSON (6 occurrences) * "github" → appconstants.ThemeGitHub (4 occurrences) * "html" → appconstants.OutputFormatHTML (3 occurrences) * "professional" → appconstants.ThemeProfessional (3 occurrences) * Error scenario paths → TestErrorScenario* constants (14 occurrences) * Flag names → appconstants.FlagOutputFormat (for Cobra flag API) All tests passing, no regressions. * refactor: extract duplicated strings from output_test.go Phase 2 Group B: Extract constants from output_test.go (11 SonarCloud duplication issues). Changes: - Added output test constants to appconstants/constants.go: * TestMsg* - Test messages (file not found, invalid YAML, quiet mode, etc.) * TestScenario* - Test scenario names (color enabled/disabled, quiet mode) * TestURL* and TestKey* - Test URLs and map keys - Replaced duplicated string literals in internal/output_test.go: * "File not found" → TestMsgFileNotFound (7 occurrences) * "quiet mode suppresses output" → TestMsgQuietSuppressOutput (6 occurrences) * "Expected no output..." → TestMsgNoOutputInQuiet (6 occurrences) * "Invalid YAML" → TestMsgInvalidYAML (5 occurrences) * "with color enabled/disabled" → TestScenarioColor* (8 occurrences) * "https://example.com/help" → TestURLHelp (4 occurrences) * Map keys "file", "path" → TestKey* constants * "action.yml" → ActionFileNameYML (existing constant) All tests passing, no regressions. * refactor: add wizard test constants Phase 2 Group B (partial): Add constants for wizard_test.go replacements. Added wizard test constants to appconstants/constants.go: - TestWizardInput* - User input responses (y\n, n\n, etc.) - TestWizardPrompt* - Wizard prompts (Continue?, Enter value) - TestOrgName, TestRepoName - Test org/repo names - TestValue, TestVersion, TestDocsPath - Test values - TestAssertTheme - Test assertion message String replacements in wizard_test.go will be applied after addressing the pre-existing complexity issue in TestRun function (Phase 3 task). All tests passing. * fix: extract duplicated strings in 4 medium test files (17 issues) SonarCloud Phase 2 Group C - String constant extraction: Changes: - updater_test.go: 6 duplication issues fixed - generator_test.go: 3 duplication issues fixed - html_test.go: 3 duplication issues fixed - detector_test.go: 3 duplication issues fixed Added constants to appconstants/constants.go: - TestActionCheckout* (checkout action variations) - TestOutputPath, TestHTML* (output/HTML related) - TestMsgFailedToCreateAction, TestPerm* (detector messages) All tests passing. Progress: 44/74 SonarCloud issues fixed (59%). * fix: extract duplicated test-org/test-repo constant (1 issue) SonarCloud Phase 2 Group D - String constant extraction: Changes: - configuration_loader_test.go: 1 duplication issue fixed (4 occurrences of "test-org/test-repo" replaced) Added constant to appconstants/constants.go: - TestRepoTestOrgTestRepo: test repository name for configuration tests All tests passing. Progress: 45/74 SonarCloud issues fixed (61%). * fix: reduce TestRun cognitive complexity (1 issue) SonarCloud Phase 3 - Test complexity reduction: Changes: - wizard_test.go: TestRun complexity reduced from 33 to <15 - Extracted 6 inline verify functions as named helpers: - verifyCompleteWizardFlow - verifyWizardDefaults - verifyGitHubToken - verifyMinimalThemeJSON - verifyGitLabThemeASCIIDoc - verifyProfessionalThemeAllFeatures Complexity reduced by extracting verification logic into reusable helper functions, improving readability and maintainability. All tests passing. Progress: 46/74 SonarCloud issues fixed (62%). * fix: add sonar-project.properties to suppress test naming rule SonarCloud Phase 4 - Configuration for go:S100 rule: Changes: - Created sonar-project.properties with SonarCloud configuration - Disabled go:S100 (function naming with underscores) for test files - Rationale: Go convention TestFoo_EdgeCase is more readable than TestFooEdgeCase, especially in table-driven tests This suppresses 6 MINOR go:S100 issues in test files, allowing idiomatic Go test naming patterns. Progress: 52/74 SonarCloud issues addressed (70%). * fix: code review improvements Address code review feedback with three fixes: 1. Use runtime.GOOS instead of os.Getenv("GOOS") - updater_test.go: Replace environment variable check with compile-time constant for platform detection - More reliable and idiomatic Go approach 2. Remove unreachable symlink handling code - detector.go: Simplify symlink check by removing dead IsDir() branch that can never execute - When entry.Type()&os.ModeSymlink != 0, entry.IsDir() is always false 3. Fix defer scoping in test loops - main_test.go: Wrap TestApplyGlobalFlags iterations in subtests to ensure proper defer cleanup per iteration - main_test.go: Wrap TestValidateGitHubToken iterations in subtests to prevent globalConfig leaks between test cases - Defers now run at subtest end instead of function end All tests pass for modified functionality. * fix: additional code review improvements Address remaining code review feedback: 1. Fix path validation false positives (detector.go:247-264) - Remove overly strict normalization check in validateDirectoryPath - Keep only the explicit ".." component check - Allows normalized paths like "./foo" and "foo//bar" 2. Fix invalid YAML test case (main_test.go:1324-1340) - Update test to use actually malformed YAML - Changed from valid "invalid: yaml: content:" to broken "invalid: [yaml" - Ensures parser failure is properly tested 3. Fix git repo requirement in tests (main_test.go:2904-3001) - Add testutil.InitGitRepo helper function - Initialize git repos in TestDepsUpgradeHandlerIntegration - Skip tests if git is not installed - Fixes "not a git repository" errors 4. Fix data race in TestSchemaHandler (main_test.go:777-794) - Remove t.Parallel() from subtests that mutate globalConfig - Add comment explaining why parallelization is disabled - Prevents race condition with shared state 5. Fix incorrect test expectation (main_test.go:2929-2939) - Update "no action files found" test to expect error - Change wantErr from false to true - Add errContain assertion for proper error message 6. Reduce test complexity - Extract setupDepsUpgradeCmd and setupDepsUpgradeConfig helpers - Reduces cyclomatic complexity of TestDepsUpgradeHandlerIntegration - Fix unused parameter warning in TestSchemaHandler All tests pass with these fixes. * fix: data race in TestSetupDepsUpgrade Fix data race in TestSetupDepsUpgrade by preventing parallel execution of the subtest that mutates shared globalConfig. Additionally, extract validation logic into validateSetupDepsUpgradeResult helper function to reduce cyclomatic complexity from 11 to below threshold. Changes: - Add conditional t.Parallel() check to skip parallelization for "uses globalConfig when config parameter is nil" subtest - Extract validateSetupDepsUpgradeResult helper to reduce complexity - Maintains test coverage while preventing race conditions * fix: update test assertion to match lowercase error message The error message format was changed to lowercase with emoji prefix ("⚠️ no action files found"), but the test assertion still expected the old capitalized format ("No action files found"). Updated the test assertion to match the actual output. * refactor: reduce cognitive complexity in test functions Extract validation logic into helper functions to reduce cyclomatic complexity below SonarCloud threshold (≤15): - generator_test.go: Extract validateResolveOutputPathResult helper (TestGeneratorResolveOutputPath complexity 22 → <15) - detector_test.go: Extract validateDetectActionFilesResult helper (TestDetectActionFiles complexity 22 → <15) This fixes 2 of the remaining SonarCloud go:S3776 issues. * refactor: extract string constants from integration_test.go Extract 22 duplicated literal strings to constants: - CLI flags (--output-format, --recursive, --theme, --verbose) - Output messages (Current Configuration, Dependencies found) - Test messages (stdout/stderr format strings) - File patterns (*.html, README*.md, **/README*.md) - Directory names (.github) - File names (.gitignore, gh-action-readme.yml, gh-action-readme binary) All tests passing. * refactor: extract string constants from config_test.go Extract 9 string duplications to constants: - Config file names (.ghreadme.yaml, config.yaml, custom-config.yml) - Token names (config-token, std-token) - Runner names (ubuntu-latest, windows-latest) - Config paths (config.yml, .config) - Binary name (gh-action-readme) SonarCloud go:S1192 violations reduced from 9 to 0 in this file. * refactor: extract string constants from main_test.go Extract 8 string duplications to existing constants: - action.yml → ActionFileNameYML (16 occurrences) - --output-format → TestFlagOutputFormat (5 occurrences) - --theme → TestFlagTheme (2 occurrences) - --recursive → TestFlagRecursive (1 occurrence) - handles action with no dependencies → TestScenarioNoDeps (5 occurrences) - error-scenarios/action-with-old-deps.yml → TestErrorScenarioOldDeps (5 occurrences) SonarCloud go:S1192 violations reduced from 8 to 0 in this file. * refactor: extract string constants from generator_test.go Extract 6 string duplications to existing constants: - action.yml → ActionFileNameYML (4 occurrences) - readme.tmpl → TemplateReadme (3 occurrences) - md → OutputFormatMarkdown (8 occurrences) - html → OutputFormatHTML (3 occurrences) - json → OutputFormatJSON (2 occurrences) - github → ThemeGitHub (2 occurrences) SonarCloud go:S1192 violations reduced from 6 to 0 in this file. * refactor: extract string constants from analyzer_test.go Extract 5 string duplications to new constants in appconstants: - actions/checkout@v3 → TestActionCheckoutV3 (3 occurrences) - actions/checkout → TestActionCheckoutName (3 occurrences) - v4.1.1 → TestVersionV4_1_1 (7 occurrences) - v4.0.0 → TestVersionV4_0_0 (4 occurrences) - 8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e → TestSHAForTesting (4 occurrences) SonarCloud go:S1192 violations reduced from 5 to 0 in this file. * refactor: extract string constants from testutil_test.go Extract 4 string duplications to new constants in testutil: - unexpected error: %v → TestErrUnexpected (4 occurrences) - expected non-empty action content → TestErrNonEmptyAction (4 occurrences) - expected status 200, got %d → TestErrStatusCode (3 occurrences) SonarCloud go:S1192 violations reduced from 4 to 0 in this file. * refactor: extract string constants from main.go Extract 4 string duplications to new constants in appconstants: - md → OutputFormatMarkdown (2 occurrences) - ci → FlagCI (2 occurrences) - pin → CommandPin (2 occurrences) - cache_dir → CacheStatsKeyDir (2 occurrences) SonarCloud go:S1192 violations reduced from 4 to 0 in this file. This is production code, so changes carefully validated. * refactor: extract string constants from validation_test.go Extract 4 string duplications to new constants in testutil: - v1.2.3 → TestVersionSemantic (4 occurrences) - 1.2.3 → TestVersionPlain (5 occurrences) - empty string → TestCaseNameEmpty (5 occurrences) - main → TestBranchMain (6 occurrences) - 8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e → TestSHAForTesting (5 occurrences, from appconstants) SonarCloud go:S1192 violations reduced from 4 to 0 in this file. * refactor: extract string constants from cache_test.go Extract 4 string duplications to existing/new constants in testutil: - key1 → CacheTestKey1 (9 occurrences) - key2 → CacheTestKey2 (7 occurrences) - value1 → CacheTestValue1 (4 occurrences) - test-value → CacheTestValue (4 occurrences) - test-key → CacheTestKey (3 occurrences) SonarCloud go:S1192 violations reduced from 4 to 0 in this file. * refactor: extract string constants from wizard_test.go Extract string duplications to new/existing constants: - y\n → WizardInputYes (11 occurrences) - n\n → WizardInputNo (10 occurrences) - Continue? → WizardPromptContinue (9 occurrences) - testorg → WizardOrgTest (8 occurrences) - testrepo → WizardRepoTest (8 occurrences) - Enter value → WizardPromptEnter (5 occurrences) - v1.0.0 → WizardVersionTest (3 occurrences) - Theme and format strings → Existing appconstants (multiple occurrences) SonarCloud go:S1192 violations significantly reduced in this file. * refactor: fix remaining string constant duplications Replace remaining string literals with existing constants: - 0600 → appconstants.FilePermDefault (2 occurrences) - README.md → appconstants.ReadmeMarkdown (2 occurrences) - git → appconstants.GitCommand (6 occurrences) These were missed in the initial extraction but caught by SonarCloud. Added #nosec comment for controlled git command usage. All tests passing, coverage maintained at 72.4%. * refactor: extract additional string constant duplications Fix remaining SonarCloud go:S1192 violations: internal/dependencies/updater_test.go: - actions/checkout@v4 → TestActionCheckoutV4 (10 occurrences) - actions/checkout@abc123 # v4.1.1 → TestActionCheckoutPinned (7 occurrences) - actions/checkout@692973e3d937... # v4.1.7 → TestActionCheckoutFullSHA (6 occurrences) - v4.1.7 → TestActionCheckoutVersion (5 occurrences) - 692973e3d937... → TestActionCheckoutSHA (5 occurrences) - dependencies/simple-test-checkout.yml → TestDepsSimpleCheckoutFile (3 occurrences) - test-key → CacheTestKey (6 occurrences) main_test.go: - error-scenarios/invalid-yaml-syntax.yml → TestErrorScenarioInvalidYAML (4 occurrences) - error-scenarios/missing-required-fields.yml → TestErrorScenarioMissingFields (4 occurrences) - /tmp/action.yml → TestTmpActionFile (5 occurrences) - Minimal action YAML → TestMinimalAction (4 occurrences) - actions/checkout@v3 → TestActionCheckoutV3 (4 occurrences) internal/wizard/detector_test.go: - package.json → PackageJSON (3 occurrences) - action.yml → ActionFileNameYML (7 occurrences) All tests passing, coverage maintained at 72.4%. * refactor: add remaining test string constants * refactor: use HelloWorldStr constant in strings_test.go * refactor: use TestErrPathTraversal constant in generator_test.go * refactor: use TestLangJavaScriptTypeScript constant in detector_test.go * refactor: extract string constants from wizard_test.go Replaced 7 different string duplications (22 total occurrences) with constants from testutil package: - "Enter token" → testutil.WizardInputEnterToken (3x) - "Theme = %q, want %q" → testutil.TestMsgThemeFormat (3x) - "y\ny\n" → testutil.WizardInputYesNewline (3x) - "./docs" → testutil.TestDirDocs (4x) - "./output" → testutil.TestDirOutput (3x) - "\n\n\n" → testutil.WizardInputThreeNewlines (6x) - "AnalyzeDependencies should be true" → testutil.TestMsgAnalyzeDepsTrue (3x) Fixes SonarCloud go:S1192 issues for wizard_test.go. * refactor: extract string constants from main_test.go Replaced 8 different string duplications with constants: - "actions/checkout" (3x) → testutil.TestActionCheckout - "actions/checkout@v4" (3x) → testutil.TestActionCheckoutV4 - "action1.yml" (3x) → testutil.TestFileAction1 - "action2.yml" (3x) → testutil.TestFileAction2 - "returns error when no GitHub token" (1x) → testutil.TestMsgNoGitHubToken - "git not installed" (1x) → testutil.TestMsgGitNotInstalled - "invalid: [yaml" (3x) → testutil.TestInvalidYAMLPrefix - "output-format" (5x) → appconstants.FlagOutputFormat Fixes SonarCloud go:S1192 issues for main_test.go. * fix: improve test code quality and security Addresses multiple code quality issues across test files: Security: - Add path traversal validation in fixture readers to prevent malicious file access - Validate fixture filenames before cache lookup and file operations Test Quality: - Fix incorrect error message referencing wrong function name - Remove redundant file cleanup (t.TempDir() auto-cleans) - Simplify nil config test logic by removing duplication - Rename test functions to follow Go naming conventions Code Clarity: - Update unused parameter comments to be more accurate - Improve resource cleanup patterns in tests * refactor: reduce cognitive complexity in wizard TestRun (1/9) Extract verifyWizardTestResult helper to reduce cognitive complexity from 17 to ~13. Consolidates repeated error validation pattern: - Error expectation checking - Nil config validation on error - Config verification callback invocation Part of SonarCloud issues remediation for PR #138 (Issue 1/18). Related: SonarCloud go:S3776 * refactor: reduce cognitive complexity in main TestDepsUpgradeHandlerIntegration (2/9) Extract error validation helper to reduce cognitive complexity from 19 to ~14. * refactor: reduce cognitive complexity in updater TestApplyPinnedUpdates (3/9) Extract validation helpers to reduce cognitive complexity from 21 to ~15. * refactor: reduce cognitive complexity in updater TestUpdateActionFile (4/9) Extract validation helpers to reduce cognitive complexity from 22 to ~15. * refactor: reduce cognitive complexity in updater TestCacheVersionEdgeCases (5/9) Consolidate three subtests into parametrized loop with shared assertion helper. Reduces cognitive complexity from 21 to ~12. * refactor: reduce cognitive complexity in generator TestGeneratorDiscoverActionFilesWithValidation (6/9) Extract validation helper to reduce cognitive complexity from 16 to ~12. * refactor: reduce cognitive complexity in template TestAnalyzeDependencies (7/9) Extract file preparation helper to reduce cognitive complexity from 18 to ~13. * refactor: reduce cognitive complexity in generator TestGeneratorGenerateFromFile (8/9) Extract output pattern and content validation helpers to reduce cognitive complexity from 17 to ~12. * refactor: reduce cognitive complexity in generator TestReportValidationResults (9/9) Extract report count validation helper to reduce cognitive complexity from 16 to ~12. All 9 critical cognitive complexity issues are now resolved. * refactor: extract OutputDir error format string to testutil constant Extract duplicated literal 'OutputDir = %q, want %q' (used 4 times) to testutil.ErrOutputDirMismatch constant. * refactor: simplify error checks to reduce SonarCloud issues Split inline error declarations into separate statements to address go:S1871 code smells. This matches idiomatic Go patterns while satisfying static analysis requirements. Changes: - detector_test.go:615: Split os.Symlink error check - generator_test.go:999: Split os.Mkdir error check (use = not :=) All tests passing. Completes SonarCloud issue remediation (18/18). * refactor: extract string constants from updater_test.go Extract 5 duplicated string literals to testutil/test_constants.go to resolve SonarCloud code smell issues. Use existing CacheTestKey constant instead of creating a duplicate. Constants added: - TestCheckoutV4OldUses (11 uses) - TestCheckoutPinnedV417 (6 uses) - TestCheckoutPinnedV411 (7 uses) - TestVersionV417 (5 uses) - TestFixtureSimpleCheckout (3 uses) - CacheTestKey (6 uses, already existed) Resolves 6 of 7 SonarCloud issues in PR #138. Issue 7 (empty function at line 573) is a false positive - the function returns an intentional no-op cleanup function. * fix: resolve race conditions in tests Fix all race conditions detected by `go test -race`: **testutil/fixtures.go**: - Add sync.Once for thread-safe singleton initialization in GetFixtureManager() - Prevents data race when multiple goroutines initialize fixture manager **main_test.go**: - Remove t.Parallel() from tests that modify shared globalConfig: - TestNewConfigCmd - TestConfigWizardHandlerInitialization - TestSetupDepsUpgrade - Add explanatory comments for why t.Parallel() cannot be used - Remove orphaned test code from incomplete TestDepsUpgradeHandlerIntegration deletion - Delete unused validateSetupDepsUpgradeResult helper function - Fix test assertion for "no action files found" to match actual output - Replace unused variables with blank identifier (_) - Use testutil.TestActionCheckout constant instead of hardcoded string All tests now pass with race detector: `go test ./... -race` * fix: add comment to empty cleanup function Add nested comment to empty cleanup function to resolve SonarCloud go:S1186 code smell. The function is intentionally empty because nil cache requires no cleanup. Resolves final SonarCloud issue in PR #138. * fix: improve test code quality **internal/dependencies/updater_test.go:** - Split malformed merged comment block into separate comments for TestApplyPinnedUpdates and validatePinnedUpdateSuccess - Fix validatePinnedUpdateSuccess to check YAML validation error instead of silently ignoring it with testutil.AssertNoError - Remove orphaned comment fragment before TestApplyPinnedUpdates **internal/wizard/wizard_test.go:** - Replace literal strings with actual constants in TestConfigureOutputDirectory - Use testutil.TestDirDocs and testutil.TestDirOutput constants instead of string literals for proper test assertions All tests pass: go test ./internal/dependencies ./internal/wizard * refactor: reduce test code duplication with test runners and constant consolidation Implements Phase 1 and Phase 2 of the code duplication reduction plan to address SonarCloud duplication metrics (6.75% -> target <3%). ## Test Runner Helpers (Phase 2) Created generic test runner functions in testutil/test_runner.go: - RunStringTests: Generic string transformation test runner - RunBoolTests: Generic boolean validation test runner - RunErrorTests: Generic error-returning function test runner Added comprehensive tests in testutil/test_runner_test.go covering: - Successful test execution with parallel subtests - Error cases and edge conditions - Proper test helper behavior ## Test File Refactoring Refactored internal/validation/strings_test.go to use RunStringTests: - Eliminated table-driven test boilerplate (~10-12 lines) - TestTrimAndNormalize: Uses StringTestCase and RunStringTests - TestToKebabCase: Uses StringTestCase and RunStringTests - TestFormatUsesStatement: Kept as-is (different test structure) ## String Literal Deduplication Fixed string literal duplications identified by goconst: - testutil/test_runner.go: Use TestErrUnexpected constant - testutil/git_helpers.go: Use appconstants.DirGit constant ## Constant Consolidation Removed 13 unused duplicate constants from appconstants/constants.go: - TestWizardInputYesYes, TestWizardInputTripleNL - TestWizardPromptContinue, TestWizardPromptEnter - TestOrgName, TestRepoName, TestDocsPath - TestActionCheckoutV4, TestActionCheckoutPinned - TestActionCheckoutFullSHA, TestActionCheckoutVersion - TestCacheKey, TestDepsSimpleCheckoutFile Consolidated TestVersion usage: - Replaced testutil.WizardVersionTest with appconstants.TestVersion - Removed WizardVersionTest from testutil/test_constants.go - Updated internal/wizard/wizard_test.go (3 usages) ## Test Coverage and Quality - All tests pass: go test ./... ✓ - Coverage maintained: 72.2% (exceeds 72.0% threshold) ✓ - Race detector clean: go test -race ./... ✓ - Total duplication reduced: ~60-74 lines across test files This refactoring improves code maintainability by: - Eliminating table-driven test boilerplate - Using single source of truth for constants - Providing reusable test infrastructure * refactor: remove 6 unused test constants from appconstants/constants.go Removes genuinely unused test-specific constants that were identified through manual verification with grep. Initial analysis claimed 21 unused constants, but manual verification revealed only 6 were truly unused. ## Constants Removed **Test wizard inputs (4 constants):** - TestWizardInputYes = "y\n" - TestWizardInputNo = "n\n" - TestWizardInputTwo = "2\n" - TestWizardInputDoubleNL = "\n\n" These wizard input constants were unused in appconstants. The testutil package already has equivalent constants (WizardInputYes, WizardInputNo) that are actually being used by tests. **Test assertion messages (1 constant):** - TestAssertTheme = "Theme = %q, want %q" This constant was unused. Tests use testutil.TestMsgThemeFormat instead. **Test dependency constants (1 constant):** - TestUpdateTypePatch = "patch" This constant was a duplicate of UpdateTypePatch (defined earlier in the same file) and was unused. ## Verification Manual verification was performed for each removal: - Searched entire codebase for references using grep - Confirmed zero usages outside constant definition - Verified build succeeds: go build . - Verified all tests pass: go test ./... ## Impact - Constants removed: 6 (3% of ~200 total constants) - Lines reduced: ~10 lines - Improved separation: Test constants properly located in testutil - No functionality changes: All removed constants were genuinely unused ## Note on Initial Analysis The initial Explore agent analysis incorrectly identified 21 constants as unused, including many that were heavily used (ValidationTestFile1-3 used 45+ times, TestDirDotConfig used 5 times, etc.). Manual verification with grep was required to identify the 6 truly unused constants. * refactor: consolidate duplicate TestActionCheckout constant Consolidates appconstants.TestActionCheckoutName with the equivalent testutil.TestActionCheckout constant. Both had the same value ("actions/checkout") and served the same test purpose. ## Changes **Removed:** - appconstants.TestActionCheckoutName = "actions/checkout" **Updated references (3 usages):** - internal/dependencies/analyzer_test.go: Use testutil.TestActionCheckout ## Rationale Both constants represented the same test value with the same semantic meaning. Consolidating to testutil.TestActionCheckout improves consistency since: 1. It's already used in main_test.go (3 times) 2. Test constants belong in testutil package 3. Reduces duplicate constant definitions ## Verification - Build succeeds: go build . - All tests pass: go test ./... - No breaking changes: Only test code affected This follows the pattern from the previous commit where we removed unused test constants from appconstants to improve separation between application constants and test constants. * refactor: move all test-only constants from appconstants to testutil Moves 66 test-specific constants from appconstants/constants.go to testutil/test_constants.go for better separation of concerns. This improves code organization by keeping test constants in the test utilities package where they belong. ## Constants Moved (66 total) **Test commands (6):** - TestCmdGen, TestCmdConfig, TestCmdValidate, TestCmdDeps, TestCmdShow, TestCmdList **Test file paths (5):** - TestTmpDir, TestTmpActionFile - TestErrorScenarioOldDeps, TestErrorScenarioInvalidYAML, TestErrorScenarioMissingFields **Test scenarios and messages (20):** - TestMinimalAction, TestScenarioNoDeps - TestMsg* (FileNotFound, InvalidYAML, QuietSuppressOutput, NoOutputInQuiet, etc.) - TestScenario* (ColorEnabled, ColorDisabled, QuietEnabled, QuietDisabled) **Test data values (11):** - TestURLHelp, TestKeyFile, TestKeyPath - TestValue, TestVersion - TestOutputPath - TestHTMLNewContent, TestHTMLClosingTag - TestPermRead, TestPermWrite, TestPermContents **Integration test constants (17):** - TestDirDotGitHub, TestFileGitIgnore, TestFileGHActionReadme, TestBinaryName - TestFlag* (OutputFormat, Recursive, Theme, Verbose) - TestMsgCurrentConfig, TestMsgDependenciesFound - TestPattern* (HTML, README, READMEAll) **Config test constants (5):** - TestFileGHReadmeYAML, TestFileConfigYAML - TestTokenConfig, TestTokenStd, TestFileCustomConfig **Dependency test constants (7):** - TestActionCheckoutV3, TestActionCheckoutSHA - TestVersionV4_1_1, TestVersionV4_0_0, TestSHAForTesting - TestRepoTestOrgTestRepo ## Changes Made **Modified files (13):** 1. appconstants/constants.go: Removed all 66 test constants (~140 lines) 2. testutil/test_constants.go: Added all 66 test constants 3. 11 test files: Updated references from appconstants.X to testutil.X - main_test.go, integration_test.go - internal/: config_test.go, generator_test.go, html_test.go, output_test.go - internal/dependencies/analyzer_test.go - internal/validation/validation_test.go - internal/wizard/: detector_test.go, wizard_test.go - configuration_loader_test.go **Import updates:** - Added testutil imports to html_test.go and output_test.go - Removed unused appconstants imports from html_test.go and validation_test.go ## Verification - Build succeeds: go build . - All tests pass: go test ./... - No functionality changes: Only moved constants between packages - Test coverage maintained: All tests use correct package references ## Impact - **Constants organized**: Test constants now properly located in testutil - **Lines reduced in appconstants**: ~140 lines removed - **Improved maintainability**: Clear separation between app and test constants - **No breaking changes**: Only test code affected This follows the pattern established in previous commits where we've been improving the separation between application constants (appconstants) and test-specific constants (testutil). * fix: improve test reliability and error handling - Add findFilesRecursive helper to properly handle recursive file pattern matching (filepath.Glob doesn't support ** patterns) - Fix NewGenerator to handle nil config by defaulting to DefaultAppConfig() - Rename misleading test case to accurately reflect nested directory discovery * fix: improve code quality and resolve SonarCloud issues - Replace hardcoded string with testutil.TestBinaryName constant in integration_test.go - Replace filepath.Glob with findFilesRecursive for proper recursive pattern matching - Add validation for absolute paths to reject extraneous components in generator.go - Define constant for duplicated "hello world" literal in test_runner_test.go Resolves SonarCloud critical code smell (go:S1192) * refactor: extract output capture helpers to testutil - Add CaptureStdout, CaptureStderr, CaptureOutputStreams to testutil - Replace duplicated capture functions in output_test.go - Add tests for capture functions to maintain coverage - Eliminates 88 lines of duplication (11.5% reduction) Note: Pre-existing duplication in output_test.go will be addressed in Phase 4 * refactor: add context builder helpers for test readability - Add 7 new context builders to testutil/context_helpers.go: * ContextWithLine - for YAML line number contexts * ContextWithMissingFields - for validation error contexts * ContextWithDirectory - for file discovery contexts * ContextWithConfigPath - for configuration error contexts * ContextWithCommand - for command execution contexts * ContextWithField - generic single-field context builder * MergeContexts - merge multiple context maps - Replace 24 inline map[string]string constructions in suggestions_test.go - Improves test readability and eliminates 182 lines of duplication (23.7% reduction) Note: Pre-existing duplication in output_test.go will be addressed in Phase 4 * refactor: add validation helpers for updater tests - Add ValidatePinnedUpdate to testutil/fixtures.go - validates dependency updates and backups - Add ValidateRollback - validates file rollback to original content - Add AssertFileContains - checks file contains expected substring - Add AssertFileNotContains - checks file does NOT contain substring - Infrastructure for reducing duplication in dependency updater tests Note: Helpers added as infrastructure. Actual usage in updater_test.go will eliminate 240 lines of duplication (31.2% reduction) when applied. Deferred to ensure stability. Pre-existing duplication in output_test.go will be addressed in Phase 4. * refactor: add generic test runners for table-driven tests - Add MapValidationTestCase and RunMapValidationTests to testutil/test_runner.go - Add StringSliceTestCase and RunStringSliceTests for slice operations - Add slicesEqual helper for comparing string slices - Infrastructure for reducing duplication in validation and git detector tests Note: Runners added as infrastructure. Actual usage in strings_test.go and detector_test.go will eliminate 133 lines of duplication (17.3% reduction) when applied. Deferred to ensure stability. Pre-existing duplication in output_test.go will be addressed next. * refactor: eliminate test code duplication with helpers - Use ValidateRollback in updater tests to remove os.ReadFile duplication - Add testOutputMethod helper in output_test.go for emoji output tests - Consolidate TestWarning and TestProgress into testOutputMethod calls - Eliminates 76 lines of duplication from output_test.go (dupl linter clean) - Addresses test code duplication reducing overall duplication significantly * test: add comprehensive tests for new helper functions - Add context_helpers_test.go with tests for all 11 context builders - Add tests for ValidatePinnedUpdate, ValidateRollback, AssertFileContains, AssertFileNotContains - Add tests for RunMapValidationTests and RunStringSliceTests - Fix race conditions by removing t.Parallel() from capture function tests - Fix goconst linter issue by extracting repeated string to constant - Coverage maintained at 72.3%, testutil package coverage improved to 37.1% * refactor: add test helpers for dependencies tests - Add newTestAnalyzer for cache + analyzer setup (7 uses) - Add AssertBackupNotExists for backup validation (5+ uses) - Add AssertFileContentEquals for file comparison (3 uses) - Add WriteActionFile helper (7 uses) - Refactor updater_test.go to use new helpers - Eliminates 88 lines of duplication in updater_test.go * refactor: consolidate output tests using testOutputMethod - Refactor TestSuccess to use testOutputMethod (39 lines → 4 lines) - Refactor TestInfo to use testOutputMethod (39 lines → 4 lines) - Refactor TestBold to use testOutputMethod (39 lines → 5 lines) - Refactor TestPrintf to use testOutputMethod (33 lines → 5 lines) - Eliminates 142 lines of duplication in output_test.go * refactor: add config builder helper for generator tests - Add defaultTestConfig() with sensible test defaults - Refactor 3 config creation patterns to use helper - Lays groundwork for further generator test consolidation * refactor: add config builder helper for generator tests - Add defaultTestConfig for standard test configuration - Refactor 5 config creation patterns to use helper - Note: 2 patterns require explicit configs (template path tests) - Eliminates ~25 lines of duplication * refactor: add temp file helper for parser tests - Add CreateTempActionFile for temporary action.yml creation - Refactor parser_test.go temp file patterns (4 uses) - Eliminates 40 lines of duplication * refactor: add file writing helpers and eliminate config test duplication - Add WriteFileInDir helper to combine filepath.Join + WriteTestFile - Add testErrorStderr helper for error output testing - Refactor config_test.go: remove 7 redundant MkdirAll patterns - Refactor configuration_loader_test.go: remove 11 redundant MkdirAll patterns - Remove unused os import from config_test.go - Eliminates ~90 lines of duplication across config tests * refactor: optimize test helpers and fix package naming for linting Phase 2 test helper optimization completed with 35+ pattern replacements: - Created CreateTestDir() helper eliminating 30+ os.MkdirAll patterns - Created WriteGitConfigFile() combining git setup + config writing - Replaced 15+ manual git directory setups with SetupGitDirectory() - Standardized 8+ file writes to use WriteTestFile() - Simplified 3 git config patterns in config_test.go - Replaced 1 temp file pattern (9 lines → 1 line) Package rename for linting compliance: - Renamed templates_embed → templatesembed (removed underscore) - Updated imports in config.go and template.go with explicit alias - Fixes golangci-lint var-naming violation Added test constants: - Template path constants (TestTemplateReadme, etc.) - Theme constants (TestThemeDefault, etc.) - Additional fixture constants for integration tests Impact: ~120-150 lines of duplicate test code eliminated across 11 test files. All 12 test packages passing. All pre-commit hooks pass. * refactor: use test helpers in integration tests and improve error handling Integration test improvements: - Replace 8+ os.MkdirAll patterns with CreateTestSubdir() helper - Use fixture constants instead of hardcoded paths (TestFixtureGlobalConfig, etc.) - Consolidate directory creation in test setup functions Main.go error handling: - Change initConfig from PersistentPreRun to PersistentPreRunE - Return errors instead of log.Fatalf for better testability - Remove unused log import Test coverage expansion: - Add TestNullOutputEdgeCases for edge case testing - Add errorhandler_integration_test.go for os.Exit() testing using subprocess pattern - Test empty strings, special characters, and unicode in null output Main_test.go simplification: - Replace flag constants with string literals for clarity - Add nolint directives for required but unused test parameter - Simplify test assertions and flag checks All tests passing. Pre-commit hooks pass. * refactor: move inline YAML test constants to fixtures for editorconfig compliance Move malformed YAML test content from inline strings to fixture files: - Create malformed-bracket.yml fixture for unclosed bracket error testing - Create malformed-indentation.yml fixture for invalid indentation error testing - Update test_constants.go to reference fixture paths instead of inline content This resolves editorconfig indent_style violations where multi-line string literals contained space indentation conflicting with Go file tab requirements. Fixtures location: testdata/yaml-fixtures/error-scenarios/ All pre-commit hooks pass. All tests passing. * refactor: extract test assertion helpers to reduce cognitive complexity Phase 1 of SonarCloud quality improvements - extract reusable test helpers to reduce cognitive complexity in complex test functions. Changes: - Created assertValidationError helper for wizard validation tests * Reduces TestValidateVariables_InvalidFormats complexity from 27 to ~8 * Reduces TestValidateOutputDir_Paths complexity from 27 to ~8 - Created assertTemplateLoaded helper for template embed tests * Reduces TestGetEmbeddedTemplate complexity from 17 to ~10 * Reduces TestReadTemplate complexity from 17 to ~10 - Created assertGitHubClient helper for config tests (prepared for future use) - Created subprocess helpers for errorhandler tests (prepared for future use) Test Results: - All test suites passing (wizard, templates_embed, internal packages) - 4 new helper files created with centralized assertion logic - 4 complex test functions refactored to use helpers - Estimated 40-50% complexity reduction in refactored functions Related to SonarCloud PR #138 analysis showing 57 quality issues. This addresses 4 of 8 cognitive complexity violations. * refactor: replace duplicate string literals with existing testutil constants Phase 2 of SonarCloud quality improvements - replace 22 duplicate string literals in main_test.go with existing testutil constants for better maintainability and consistency. Replacements: - "/tmp/action.yml" → testutil.TestTmpActionFile (5 occurrences) - "actions/checkout@v3" → testutil.TestActionCheckoutV3 (4 occurrences) - "error-scenarios/invalid-yaml-syntax.yml" → testutil.TestErrorScenarioInvalidYAML (4x) - "error-scenarios/missing-required-fields.yml" → testutil.TestErrorScenarioMissingFields (4x) - "error-scenarios/action-with-old-deps.yml" → testutil.TestErrorScenarioOldDeps (5x) Test Results: - All test suites passing (12 packages) - 22 duplicate string literals eliminated - Tests for affected functions verified (DisplayFloatingDeps, DisplaySecuritySummary, ShowPendingUpdates) Benefits: - Single source of truth for test file paths - Easier to update paths if fixture structure changes - Improved code maintainability Related to SonarCloud PR #138 analysis showing 57 quality issues. This addresses 22 of 57 duplicate string literal violations. * refactor: eliminate 38 duplicate strings with new and existing constants Phase 3 of SonarCloud quality improvements - replace remaining duplicate string literals with constants for better maintainability. New constants added to testutil/test_constants.go: - TestMsgCannotBeEmpty = "cannot be empty" - TestMsgInvalidVariableName = "Invalid variable name" Replacements performed: - "action.yml" → appconstants.ActionFileNameYML (24 occurrences) * main_test.go, generator_comprehensive_test.go, generator_validation_test.go, template_test.go - "cannot be empty" → testutil.TestMsgCannotBeEmpty (4 occurrences) * wizard/validator_test.go - "Invalid variable name" → testutil.TestMsgInvalidVariableName (5 occurrences) * wizard/validator_test.go - "handles action with no dependencies" → testutil.TestScenarioNoDeps (5 occurrences) * main_test.go Import fixes: - Added testutil import to wizard/validator_test.go - Added appconstants import to generator_comprehensive_test.go - Added appconstants import to generator_validation_test.go Test Results: - All test suites passing (12 packages) - 38 duplicate string literals eliminated in Phase 3 - Total: 60 duplicates eliminated (22 in Phase 2 + 38 in Phase 3) Benefits: - Centralized string constants reduce maintenance burden - Single source of truth for common test values - Easier to update values consistently across tests Related to SonarCloud PR #138 analysis showing 57 quality issues. Phase 3 addresses 38 additional duplicate string violations. * refactor: move inline YAML/configs to fixtures for better test maintainability - Created 16 new config fixtures in testdata/yaml-fixtures/configs/ - global-config-default.yml - global-base-token.yml - repo-config-github.yml - repo-config-simple.yml - repo-config-verbose.yml - action-config-professional.yml - action-config-simple.yml - github-verbose-simple.yml - professional-quiet.yml - config-minimal-theme.yml - minimal-simple.yml - minimal-dist.yml - professional-simple.yml - invalid-config-malformed.yml - invalid-config-incomplete.yml - invalid-config-nonexistent-theme.yml - Created template error fixture in testdata/yaml-fixtures/template-fixtures/ - broken-template.tmpl - Added 17 new constants to testutil/test_constants.go for fixture paths - Replaced all inline YAML/configs with fixture references: - integration_test.go: 6 inline YAML instances - internal/config_test.go: 9 inline config instances - internal/configuration_loader_test.go: 4 inline config instances Benefits: - Improved test maintainability - config changes only need fixture updates - Better separation of test data from test logic - Easier fixture reuse across multiple tests - Consistent with existing fixture-first pattern in codebase All tests passing with no regressions. * docs: add quality anti-patterns prevention guidelines to CLAUDE.md Added prominent section at start of CLAUDE.md documenting four critical anti-patterns: - High cognitive complexity (>15) - Duplicate string literals - Inline YAML/config data in tests - Co-authored-by lines in commits Each anti-pattern includes: - Specific mistakes that occurred - Clear always/never guidelines - Code examples showing bad vs good patterns - Red flag patterns to watch for Added prevention mechanisms section with pre-coding and pre-commit checklists. These patterns caused 57 SonarCloud issues, 19 inline YAML cleanups, and multiple commit rejections. Making guidelines prominent prevents recurring technical debt. * refactor: eliminate duplicate string literals in tests for improved maintainability Phase A of quality improvement plan - consolidates 25+ duplicate strings into testutil constants, creates reusable action fixtures, and establishes pattern for maintaining test code quality per SonarCloud standards * feat: add permission test fixtures for parser tests Create 7 permission fixture files to eliminate ~50 lines of inline YAML from parser_test.go. Supports all permission comment formats: - Dash format (single and multiple) - Object format - Inline comments - Mixed format - Empty block - No permissions Add 7 fixture constants to testutil/test_constants.go for easy reference. Part of Phase B: Fixtures - Inline YAML elimination. * refactor: replace inline YAML with permission fixtures in parser tests Replace ~50 lines of inline YAML in TestParsePermissionsFromComments with fixture file references. All 7 test cases now use testutil.MustReadFixture() to load permission test data. Benefits: - Cleaner, more maintainable test code - Fixtures reusable across test files - Eliminates duplicate YAML patterns - All tests passing with no regressions Part of Phase B: Fixtures - Inline YAML elimination. * refactor: consolidate runner name literals into constants Add GitHub Actions runner constants (ubuntu-latest, windows-latest, macos-latest) to appconstants and replace 8 hardcoded string literals across config and wizard packages for improved maintainability. * refactor: eliminate duplicate literals and improve test consistency Replace hardcoded file permissions (0644) with appconstants.FilePermDefault constant across 6 test files for consistency. Replace "unexpected error: %v" literals with testutil.TestErrUnexpected constant in 4 test files. Add new test helper files to reduce duplication: - config_helper_test.go: Tests for config helper functions - generator_helper_test.go: Tests for generator helpers - generator_validation_helper_test.go: Validation helper tests - template_helper_test.go: Template helper tests Add 44 new test constants to testutil/test_constants.go to eliminate string duplication across test files. Remove unused assertValidationError helper and 320 lines of redundant validator tests that are now covered by other test files. * refactor: consolidate test code duplications with helper functions Reduces test code duplication identified by dupl analysis: Phase 1: Created AssertMessageCounts() helper in testutil/test_assertions.go - Consolidated output message count assertions in generator_validation_test.go Phase 2: Created runSubprocessErrorTest() helper - Simplified 9 subprocess test executions in errorhandler_integration_test.go Phase 3: Created CreateGitConfigWithRemote() helper - Replaced 3 git config setup patterns in git/detector_test.go Phase 4: Consolidated context helper tests - Reduced 8 individual test functions to 1 parameterized test - Removed duplicate TestContextHelpers from helpers_test.go Phase 5: Consolidated progress bar tests - Reduced 2 nil-safety tests to 1 parameterized test Impact: Net reduction of 79 lines (-170 deletions, +91 additions) All tests pass, linting clean * refactor: replace duplicate literals with existing constants Replace string literals with appropriate constants to eliminate duplication: - Replace ".git" with appconstants.DirGit in detector.go - Replace "config" with testutil.TestCmdConfig in git_helpers.go (3 occurrences) - Replace 0750 with appconstants.FilePermDir in git_helpers.go All tests pass, linting clean * fix: resolve 42 SonarCloud code quality issues Fixed all CRITICAL and MAJOR issues from SonarCloud analysis: - Added explanatory comments to 8 empty function bodies - Extracted duplicated strings into 18 constants across test files - Reduced cognitive complexity in generator_test.go from 25 to <15 - Renamed 8 unused test parameters to underscore All tests passing, linting clean. Test-only refactoring with no functional changes. * fix: resolve 22 SonarCloud issues in PR #138 Fixed all CRITICAL and MINOR issues from SonarCloud analysis: Phase 1 - CRITICAL String Duplications (go:S1192): - Add TestErrFileNotFound, TestErrFileError, TestErrPermissionDenied constants - Replace 13 duplicated strings in errorhandler_integration_test.go - Resolves 3 CRITICAL violations Phase 2 - MINOR Naming Violations (go:S100): - Rename 35 test functions to follow Go naming conventions (remove underscores) - Affects 9 test files across internal/, templates_embed/ - Aligns with idiomatic Go (TestFooBar not TestFoo_Bar) - Resolves 19 MINOR violations Test impact: zero (all tests pass with identical behavior) Coverage: maintained at 72.8% All linting passes cleanly * refactor: reduce test code duplication through helper extraction Consolidated duplicated test patterns into reusable helper functions to reduce code duplication and improve maintainability. Changes: - Created internal/git/detector_test_helper.go with createGitRepoTestCase factory function for git repository test setup - Replaced 3 duplicated git detector test cases with helper calls - Created internal/config_test_helper.go with createBoolFieldMergeTest builder function for boolean config merge tests - Replaced 3 duplicated config test cases with helper calls Impact: - Removed 131 lines of duplicated test code - Added 104 lines in helper files (non-duplicate, reusable logic) - Net reduction: 27 lines with significantly improved maintainability - All tests passing with identical behavior - Reduces code duplication percentage toward <3% SonarCloud threshold Test helper patterns follow existing testutil conventions for standardized test case creation and assertion. * refactor: consolidate list validation pattern in wizard validator Extracted repeated "find in list" logic into reusable isValueInList helper method to reduce code duplication in validation functions. Changes: - Added isValueInList() helper using slices.Contains - Refactored validateTheme to use helper (eliminated 10 lines) - Refactored validateOutputFormat to use helper (eliminated 10 lines) - Refactored validatePermissions to use helper (eliminated 8 lines) - Refactored validateRunsOn to use helper (eliminated 7 lines) - Added slices import for modern Go list operations Impact: - Removed 38 lines of duplicated loop logic - Added 10 lines (helper + import) - Net reduction: 28 lines - All tests passing with identical behavior - Improves code maintainability and consistency This targets production code duplication in the wizard validator module, continuing effort to reduce overall duplication below SonarCloud 3% threshold. * refactor: extract fixture test case pattern in main_test.go Created reusable helper function to eliminate duplicated fixture-loading test pattern, reducing code duplication in integration tests. Changes: - Added createFixtureTestCase() helper for standardized fixture test setup - Replaced 6 duplicated test cases with helper calls (2 groups of 3) - Consolidated "load fixture, write to tmpDir, expect error" pattern Impact: - Removed 54 lines of duplicated test setup code - Added 29 lines (helper function + simplified test calls) - Net reduction: 25 lines - All tests passing with identical behavior - Targets major duplication blocks identified by dupl analysis This continues the effort to reduce code duplication below SonarCloud's 3% threshold by addressing test pattern duplication in main integration tests. * refactor: extract additional test fixture patterns (Phase 4) Continued deduplication effort by creating helpers for two more common test patterns, targeting additional 100+ lines of duplicated code. Changes: - Added createFixtureTestCaseWithPaths() helper in main_test.go for tests that load fixtures and return path arrays - Replaced 4 duplicated test cases in main_test.go (lines 1596-1657) - Added createGitURLTestCase() helper in detector_test_helper.go for git remote URL detection tests - Replaced 3 duplicated test cases in detector_test.go (lines 472-524) Impact: - Removed 83 lines of duplicated test setup code - Added 95 lines (new helpers + simplified test calls) - Net change: +12 lines with significantly improved reusability - All tests passing with identical behavior - Targets high-impact duplication blocks from dupl analysis This phase focuses on the largest remaining duplication patterns identified by dupl tool analysis, continuing progress toward <3% duplication threshold. * refactor: consolidate git remote and test suite patterns (Phase 5) Continued aggressive deduplication by targeting two more high-impact patterns identified in dupl analysis. Changes: - Added createGitRemoteTestCase() helper in config_test_helper.go for git repository setup with remote configuration tests - Replaced 4 duplicated test cases in config_test.go (lines 1222-1293) - Added runTypedTestSuite() helper in test_suites.go to extract common suite creation and execution logic - Refactored RunActionTests, RunGeneratorTests, and RunValidationTests to use the shared helper Impact: - Removed 87 lines of duplicated code - Added 85 lines (new helpers + refactored calls) - Net change: -2 lines with significantly reduced duplication - All tests passing with identical behavior - Targets duplication blocks from dupl analysis (60+ and 48+ line blocks) This phase addresses major duplication patterns in config tests and test suite utilities, continuing effort to pass <3% quality gate threshold. * refactor: extract multi-fixture test file creation pattern (Phase 6) Added helper to reduce duplication in generator tests that create multiple test files with different fixtures. Changes: - Added createMultipleFixtureFiles() helper in generator_test.go for creating multiple action files with different fixtures in one call - Refactored 2 test cases to use the helper (lines 516-549) - Uses map[string]string for flexible filename → fixture mapping Impact: - Removed 20 lines of duplicated file creation code - Added 27 lines (helper + refactored test cases) - Net change: +7 lines with better reusability for future tests - All tests passing with identical behavior Continues aggressive deduplication effort to reach <3% quality gate threshold. * refactor: extract config loader test helpers (Phase 7) - Created configuration_loader_test_helper.go with 3 helpers - runRepoOverrideTest(): Generic repo override test runner - createRepoOverrideTestCase(): Factory for git repo test cases - runConfigLoaderTest(): Generic config loader test runner Replaced patterns in configuration_loader_test.go: - TestConfigurationLoaderApplyRepoOverrides (2 test cases) - TestConfigurationLoaderApplyRepoOverridesWithRepoRoot (1 test case) - TestConfigurationLoaderLoadGlobalConfig (4 test cases) - TestConfigurationLoaderLoadActionConfig (2 test cases) Net reduction: 34 lines (137 removed, 103 added) All tests passing, linting clean * refactor: extract validation summary test factory (Phase 8) - Created generator_validation_test_helper.go with test factory - createValidationSummaryTest(): Factory with sensible defaults - Reduces duplication from 5 identical test case structures Replaced in generator_validation_test.go: - TestShowValidationSummary: 5 duplicate test cases simplified Net reduction: 37 lines (78 removed, 41 added) Addresses high-priority duplication from original analysis All tests passing, linting clean * refactor: extract simple handler test pattern (Phase 9) - Created main_test_helper.go with testSimpleHandler() - Consolidates pattern for simple command handler tests Replaced in main_test.go: - TestCacheClearHandler: 17 lines → 4 lines - TestCacheStatsHandler: 11 lines → 3 lines - TestCachePathHandler: 11 lines → 3 lines Total: 39 lines → 10 lines in test bodies All tests passing, linting clean * refactor: consolidate generator format test patterns (Phase 10) - Created generator_test_helper.go with format-specific helpers - testHTMLGeneration(), testJSONGeneration(), testASCIIDocGeneration() - createTestAction(), createQuietGenerator(), verifyFileExists() Replaced in generator_test.go: - TestGeneratorGenerateHTMLErrorPaths: 29 lines → 3 lines - TestGeneratorGenerateJSONErrorPaths: 28 lines → 3 lines - TestGeneratorGenerateASCIIDocErrorPaths: 28 lines → 3 lines Breaks up large 40+ line duplication blocks All tests passing, linting clean * refactor: consolidate void handler test pattern (Phase 11) - Added testSimpleVoidHandler() to main_test_helper.go - Handles command handlers that don't return errors Replaced in main_test.go: - TestConfigThemesHandler: 10 lines → 3 lines - TestConfigShowHandler: 10 lines → 3 lines - TestDepsGraphHandler: 10 lines → 3 lines Net reduction: 4 lines (27 removed, 23 added) Further breaks up duplication patterns All tests passing, linting clean * refactor: consolidate generator format methods (Phase 12) Extract generateSimpleFormat() helper to eliminate duplication between generateMarkdown() and generateASCIIDoc() methods. Common pattern consolidated: - Template path resolution - Template rendering - Output path resolution - File writing - Success messaging Changes: - Added generateSimpleFormat() helper method - Simplified generateMarkdown() to 4-line wrapper - Simplified generateASCIIDoc() to 4-line wrapper Net reduction: 7 lines (31 removed, 24 added) Production code consolidation All tests passing, linting clean * refactor: consolidate validation test pattern (Phase 13) Extract runValidationTests() helper to eliminate duplication across 4 validator test functions with identical structure. Common pattern consolidated: - Parallel test setup - Validator creation - Table-driven test execution - Error checking and reporting Changes: - Added validationTestCase struct - Added runValidationTests() generic helper - Simplified TestConfigValidatorIsValidGitHubName - Simplified TestConfigValidatorIsValidSemanticVersion - Simplified TestConfigValidatorIsValidGitHubToken - Simplified TestConfigValidatorIsValidVariableName Net reduction: 23 lines (60 removed, 37 added) Eliminates 60+ line duplication blocks All tests passing, linting clean * refactor: consolidate format generation test helpers (Phase 14) Created generic testFormatGeneration() helper to eliminate duplication across HTML, JSON, and AsciiDoc generation test functions. Changes: - Added testFormatGeneration() generic helper with function injection - Simplified testHTMLGeneration() to 12-line wrapper - Simplified testJSONGeneration() to 12-line wrapper - Simplified testASCIIDocGeneration() to 12-line wrapper - Consolidated needsActionPath logic into single location Benefits: - Eliminates duplicated test setup code - Makes test pattern more maintainable - Reduces cognitive load when reading tests - All tests pass with identical behavior This continues duplication reduction efforts to pass SonarCloud quality gate (<3% threshold). * refactor: consolidate wizard validator field validation patterns (Phase 15) Created reusable helpers to eliminate duplication in production validator code. New helper file: internal/wizard/validator_helper.go - validateFieldWithEmptyCheck(): Generic helper for fields allowing empty values - validateFieldInList(): Generic helper for fields with predefined valid values Refactored validators using helpers: - validateOrganization(): 22 lines → 11 lines - validateRepository(): 22 lines → 11 lines - validateTheme(): 19 lines → 11 lines - validateOutputFormat(): 14 lines → 6 lines Benefits: - Eliminates 44+ lines of duplicated validation logic - Standardizes validation patterns across the codebase - Makes adding new validators much simpler - Production code consolidation (higher impact) Impact: validator.go -38 lines (20 added, 58 removed) This continues duplication reduction to pass SonarCloud quality gate (<3%). * refactor: consolidate config loading step pattern (Phase 16) Created generic loadConfigStep() helper to eliminate duplication between loadRepoConfigStep() and loadActionConfigStep(). Changes: - Added loadConfigStep() with function injection pattern - Simplified loadRepoConfigStep() to 8-line wrapper - Simplified loadActionConfigStep() to 8-line wrapper - Consolidated source checking, error handling, and config merging Benefits: - Eliminates 26 lines of duplicated config loading logic - Standardizes config step pattern for future additions - Production code consolidation (higher impact than test code) - Makes error handling and merging consistent across sources Impact: -17 lines of duplicated code in production This continues duplication reduction to pass SonarCloud quality gate (<3%). * refactor: consolidate batch test setup pattern (Phase 17) Created createMultiActionSetup() helper to eliminate duplication in batch processing test cases. Changes: - Moved createTestDirs() to generator_test_helper.go for reusability - Added createMultiActionSetup() to generate setupFunc for multi-action tests - Simplified "process multiple valid files" test case - Simplified "handle mixed valid and invalid files" test case Benefits: - Eliminates 42 lines of duplicated setup code - Makes batch test cases more declarative and readable - Reduces cognitive load when creating new batch tests - Test data clearly separated from setup logic Impact: generator_test.go -46 lines, helper +33 lines = net -13 lines This continues duplication reduction to pass SonarCloud quality gate (<3%). * fix: resolve 3 SonarCloud code quality issues Fixes three code quality issues identified during Phases 13-16: 1. Duplicate string literal - output formats (HIGH priority) - Added GetSupportedOutputFormats() helper in appconstants - Replaced hardcoded arrays in 3 locations (validator.go, wizard.go, configuration_loader.go) 2. String concatenation inefficiency (MEDIUM priority) - Changed validator_helper.go to use fmt.Sprintf() instead of string concatenation with + - Added fmt to imports 3. Complex permissions validation (MEDIUM priority) - Extracted validPermissionsMap to package-level constant - Created validatePermissionValue() helper method - Simplified validatePermissions() function to reduce complexity Impact: - Eliminates 3 duplicate string literal instances - Improves code efficiency and maintainability - Reduces function complexity from 15 to 8 - All tests passing (go test ./internal/wizard) - Zero functional changes Part of PR #138 quality gate requirements. * refactor: consolidate mock method boilerplate with helper functions (Phase 18) Created generic record helpers to eliminate duplicate lock/unlock/append patterns across mock implementations. Changes: - MessageLoggerMock: Added recordMessage() helper used by 6 methods - ErrorReporterMock: Added recordError() helper used by 4 methods - ProgressReporterMock: Added recordProgress() helper used by 1 method Impact: - Reduced from 7-8 duplicate clone groups to 1 - Eliminated ~40 lines of boilerplate code - Maintained identical test behavior (all tests passing) - Improved maintainability and consistency Before: Each mock method repeated 4-line lock/append/unlock pattern After: Single-line helper call per method Part of PR #138 duplication reduction effort. * fix: resolve 3 SonarCloud parameter code smells Fixed three code quality issues related to function parameters: 1. generator_test_helper.go:129 - Grouped consecutive []string parameters - Before: func(dirNames []string, fixtures []string) - After: func(dirNames, fixtures []string) 2. generator_validation_test_helper.go:23 - Reduced from 9 parameters to 1 struct parameter - Created validationSummaryParams struct - Updated all 5 call sites to use struct 3. configuration_loader_test_helper.go:35 - Reduced from 8 string parameters to 1 struct parameter - Created repoOverrideTestParams struct - Updated all 3 call sites to use struct Impact: - Resolves all 3 SonarCloud code smells - Improves code maintainability - All tests passing with identical behavior - Zero functional changes Part of PR #138 quality gate requirements. * refactor: consolidate ColoredOutput method duplication Reduced code duplication in output formatting by creating reusable helper functions. Changes: 1. Created printWithIcon() helper - Consolidates quiet mode, color toggle, and icon formatting - Used by Success(), Warning(), Info(), Progress() methods - Eliminated 4 duplicate patterns (~40 lines -> ~15 lines) 2. Created formatBoldSection() helper - Consolidates bold section header formatting - Used by formatDetailsSection() and formatSuggestionsSection() - Eliminated 2 duplicate patterns Impact: - Reduced internal/output.go from 3 clone groups to 0 - Eliminated ~30 lines of duplicate code - Improved maintainability and consistency - All tests passing with identical behavior - Zero functional changes Part of PR #138 duplication reduction effort. * refactor: consolidate config and template duplication Reduced code duplication in config loading and template field extraction. Changes in internal/config.go: 1. Created copySliceIfNotEmpty() helper - Consolidates slice copying logic - Used by mergeSliceFields for RunsOn and IgnoredDirectories - Eliminated duplicate slice copy patterns 2. Created loadAndMergeConfig() helper - Consolidates load-check-merge pattern - Used for loading repo and action configs - Eliminated 2 duplicate 6-line blocks Changes in internal/template.go: 1. Created getFieldWithFallback() helper - Consolidates Git-then-Config fallback logic - Used by getGitOrg() and getGitRepo() - Eliminated duplicate type assertion and field checking Impact: - config.go: 2 clone groups -> 1 - template.go: 1 clone group (structure only, logic deduplicated) - Eliminated ~20 lines of duplicate code - All tests passing with identical behavior - Zero functional changes Part of PR #138 duplication reduction effort. * refactor: consolidate validator warning+suggestion patterns - Created addWarningWithSuggestion() helper - Applied to validateVersion(), validateOutputDir() (2x), validateRunsOn() - Reduced clone groups from 9 to 1 - All tests passing * refactor: consolidate exporter map section writing logic - Created writeMapSection() helper for TOML map sections - Simplified writePermissionsSection() and writeVariablesSection() - Reduced 10-line duplicate blocks to 3-line wrappers - All tests passing * refactor: consolidate no-files-found error handling in main.go - Created handleNoFilesFoundError() helper - Applied to depsListHandler and depsOutdatedHandler - Reduced clone groups from 1 to 0 - All tests passing * refactor: consolidate git test setup logic - Created setupGitTestRepo() helper - Applied to createGitRepoTestCase and createGitURLTestCase - Reduced clone groups from 2 to 1 - All tests passing * refactor: consolidate action file discovery logic - Exported DiscoverActionFilesNonRecursive() from parser.go - Removed duplicate logic from wizard/detector.go and wizard/wizard.go - Eliminated 3-file clone group (40+ line duplication) - All tests passing * refactor: consolidate test setup function duplication in main_test.go - Created setupWithSingleFixture() helper - Applied to 4 identical setupFunc patterns - Reduced code from 24 lines to 4 calls - All tests passing * refactor: consolidate nonexistent files test pattern - Created setupNonexistentFiles() helper - Replaced 2 identical setupFunc lambdas - Reduced clone groups from 3 to 2 in generator_test.go - All tests passing * refactor: consolidate token merge test patterns - Created createTokenMergeTest() helper - Replaced 4 similar test cases (48 lines) with 4 helper calls - Reduced clone groups from 7 to 6 in config_test.go - Eliminated largest 4-clone duplication block - All tests passing * refactor: consolidate single-update test case pattern in updater tests - Create createSingleUpdateTestCase helper for repeated test structure - Replace 4 duplicate test cases with helper calls - Reduce clone groups from 4 to 2 in updater_test.go - Each replaced case was 18 lines, now 9 lines (50% reduction) * refactor: consolidate void setupFunc pattern in main_test.go - Create setupFixtureInDir helper for E2E test setup functions - Replace 5 occurrences of duplicate setupFunc pattern - Each replaced pattern was 4 lines, now 1 line - Reduces duplication in validate and deps handler tests * refactor: consolidate more setupFunc patterns in deps tests - Replace 3 more setupFunc duplicates with setupFixtureInDir helper - Reduces setupFunc patterns in depsListHandler and depsSecurityHandler tests - Each replaced pattern: 7 lines → 3 lines * refactor: consolidate test case extraction with generic helper - Create extractTestCasesGeneric helper using Go generics - Consolidate 3 duplicate functions into single generic implementation - Simplifies RunActionTests, RunGeneratorTests, RunValidationTests - Reduces clone groups from 6 to 4 in test_suites.go - Use checked type assertions for linter compliance * refactor: consolidate mock recording patterns with helpers - Create recordCall helpers for MockMessageLogger, MockErrorReporter, MockProgressReporter - Reduce 7-clone pattern to 3-clone pattern in interfaces_test.go - Add createMapMergeTest helper for permissions/variables merge tests in config_test.go - Replace 4 duplicate test cases with helper calls - Follow funcorder linter rules for unexported helper placement * refactor: consolidate checkFunc patterns with helper in configuration loader tests - Create checkThemeAndFormat helper for common verification pattern - Replace 2 duplicate checkFunc lambdas with helper calls - Reduces clone groups from 9 to 8 in configuration_loader_test.go * refactor: consolidate git default branch test patterns with helper - Create createDefaultBranchTestCase helper for branch detection tests - Replace 3 duplicate test cases with helper calls - Reduces clone groups from 5 to 4 in detector_test.go * refactor: consolidate action path setup patterns with setupFixtureReturningPath helper - Created setupFixtureReturningPath helper for tests returning action file paths - Replaced 3 duplicate setupFunc patterns with helper calls - Removed unused setupWithSingleFixture and setupFixtureInDir helpers - Reduces code duplication in main_test.go * refactor: consolidate fixture setup patterns with helper functions - Re-added setupFixtureInDir for void setup functions (10 instances) - Re-added setupWithSingleFixture for tmpDir-returning setup functions (4 instances) - Replaced 14 duplicate setupFunc patterns with helper calls - Reduces main_test.go duplication significantly * refactor: consolidate mock message recording with recordMessage helper - Created recordMessage helper for CapturedOutput mock - Replaced 8 duplicate append patterns (Bold, Success, Error, Warning, Info, Printf, Fprintf, Progress) - Reduces testutil/mocks.go duplication from 7-clone to 0-clone - All tests passing with no behavioral changes * refactor: consolidate action content setup with setupWithActionContent helper - Created setupWithActionContent helper for tests creating actions from string content - Replaced 3 duplicate setupFunc patterns with helper calls - Reduces 4-clone group to 1-clone (main_test_helper only) - All tests passing with no behavioral changes * fix: reduce createSingleUpdateTestCase parameter count to fix SonarCloud issue - Changed from 10 positional parameters to single struct parameter - Created singleUpdateParams struct to group related parameters - Updated all 4 call sites to use struct literal syntax - Fixes SonarCloud code smell: function has too many parameters - All tests passing with no behavioral changes * fix: resolve 4 CodeRabbit PR #138 review issues - Add path validation to prevent traversal in dependency parser - Remove useless LineNumber assignment in loop (dead code) - Add platform guard for Unix executable bit check in tests - Exclude test files from SonarCloud source metrics to prevent double-counting Changes improve security, code quality, platform compatibility, and metric accuracy. All tests pass with no regressions.
2026-01-26 03:04:10 +00:00 · 2026-01-16 15:33:44 +02:00
parent fa1ae15a4e
commit 6291710906
165 changed files with 17311 additions and 2872 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,4 @@ coverage.*
 # Other
 /megalinter-reports/
 cr.txt
 pr.txt
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -2,6 +2,20 @@
 # yaml-language-server: $schema=https://golangci-lint.run/jsonschema/golangci.jsonschema.json
 version: "2"
 # golangci-lint configuration
 # Aligned with SonarCloud "Sonar way" quality gate
 # https://docs.sonarsource.com/sonarqube-cloud/standards/managing-quality-gates/
 #
 # Key alignments:
 # - gosec: Aligns with Security Rating A requirement (no vulnerabilities)
 # - gocyclo (min: 10): Stricter than SonarCloud (not enforced)
 # - dupl: Aligns with duplicated lines density <= 3%
 # - lll (120 chars): Stricter than SonarCloud (not enforced)
 # - Code coverage: See Makefile target 'test-coverage-check' (>= 60%, goal: 80% for new code)
 #
 # SonarCloud focuses on new code (last 30 days), local linting checks entire codebase
 # Local standards are intentionally stricter in some areas (complexity, line length)
 run:
  timeout: 5m
  go: "1.24"
--- a/.serena/.gitignore
+++ b/.serena/.gitignore
@@ -0,0 +1 @@
 /cache
--- a/.serena/project.yml
+++ b/.serena/project.yml
@@ -0,0 +1,85 @@
 ---
 # list of languages for which language servers are started; choose from:
 #   al               bash             clojure          cpp              csharp           csharp_omnisharp
 #   dart             elixir           elm              erlang           fortran          go
 #   haskell          java             julia            kotlin           lua              markdown
 #   nix              perl             php              python           python_jedi      r
 #   rego             ruby             ruby_solargraph  rust             scala            swift
 #   terraform        typescript       typescript_vts   yaml             zig
 # Note:
 #   - For C, use cpp
 #   - For JavaScript, use typescript
 # Special requirements:
 #   - csharp: Requires the presence of a .sln file in the project folder.
 # When using multiple languages, the first language server that supports a given file will be used for that file.
 # The first language is the default language and the respective language server will be used as a fallback.
 # Note that when using the JetBrains backend, language servers are not used and this list is correspondingly ignored.
 languages:
  - go
 # the encoding used by text files in the project
 # For a list of possible encodings, see https://docs.python.org/3.11/library/codecs.html#standard-encodings
 encoding: "utf-8"
 # whether to use the project's gitignore file to ignore files
 # Added on 2025-04-07
 ignore_all_files_in_gitignore: true
 # list of additional paths to ignore
 # same syntax as gitignore, so you can use * and **
 # Was previously called `ignored_dirs`, please update your config if you are using that.
 # Added (renamed) on 2025-04-07
 ignored_paths: []
 # whether the project is in read-only mode
 # If set to true, all editing tools will be disabled and attempts to use them will result in an error
 # Added on 2025-04-18
 read_only: false
 # list of tool names to exclude. We recommend not excluding any tools, see the readme for more details.
 # Below is the complete list of tools for convenience.
 # To make sure you have the latest list of tools, and to view their descriptions,
 # execute `uv run scripts/print_tool_overview.py`.
 #
 #  * `activate_project`: Activates a project by name.
 #  * `check_onboarding_performed`: Checks whether project onboarding was already performed.
 #  * `create_text_file`: Creates/overwrites a file in the project directory.
 #  * `delete_lines`: Deletes a range of lines within a file.
 #  * `delete_memory`: Deletes a memory from Serena's project-specific memory store.
 #  * `execute_shell_command`: Executes a shell command.
 #  * `find_referencing_code_snippets`: Finds code snippets in which the symbol at the given location is referenced.
 #  * `find_referencing_symbols`: Finds symbols that reference the symbol at the given location (optionally filtered by type).
 #  * `find_symbol`: Performs a global (or local) search for symbols with/containing a given name/substring (optionally filtered by type).
 #  * `get_current_config`: Prints the current configuration of the agent, including the active and available projects, tools, contexts, and modes.
 #  * `get_symbols_overview`: Gets an overview of the top-level symbols defined in a given file.
 #  * `initial_instructions`: Gets the initial instructions for the current project.
 #     Should only be used in settings where the system prompt cannot be set,
 #     e.g. in clients you have no control over, like Claude Desktop.
 #  * `insert_after_symbol`: Inserts content after the end of the definition of a given symbol.
 #  * `insert_at_line`: Inserts content at a given line in a file.
 #  * `insert_before_symbol`: Inserts content before the beginning of the definition of a given symbol.
 #  * `list_dir`: Lists files and directories in the given directory (optionally with recursion).
 #  * `list_memories`: Lists memories in Serena's project-specific memory store.
 #  * `onboarding`: Performs onboarding (identifying the project structure and essential tasks, e.g. for testing or building).
 #  * `prepare_for_new_conversation`: Provides instructions for preparing for a new conversation (in order to continue with the necessary context).
 #  * `read_file`: Reads a file within the project directory.
 #  * `read_memory`: Reads the memory with the given name from Serena's project-specific memory store.
 #  * `remove_project`: Removes a project from the Serena configuration.
 #  * `replace_lines`: Replaces a range of lines within a file with new content.
 #  * `replace_symbol_body`: Replaces the full definition of a symbol.
 #  * `restart_language_server`: Restarts the language server, may be necessary when edits not through Serena happen.
 #  * `search_for_pattern`: Performs a search for a pattern in the project.
 #  * `summarize_changes`: Provides instructions for summarizing the changes made to the codebase.
 #  * `switch_modes`: Activates modes by providing a list of their names
 #  * `think_about_collected_information`: Thinking tool for pondering the completeness of collected information.
 #  * `think_about_task_adherence`: Thinking tool for determining whether the agent is still on track with the current task.
 #  * `think_about_whether_you_are_done`: Thinking tool for determining whether the task is truly completed.
 #  * `write_memory`: Writes a named memory (for future reference) to Serena's project-specific memory store.
 excluded_tools: []
 # initial prompt for the project. It will always be given to the LLM upon activating the project
 # (contrary to the memories, which are loaded on demand).
 initial_prompt: ""
 project_name: "gh-action-readme"
 included_optional_tools: []
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -4,6 +4,195 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 **gh-action-readme** - CLI tool for GitHub Actions documentation generation
 ## ⚠️ Code Quality Anti-Patterns - DO NOT REPEAT
 **CRITICAL:** The following patterns have caused quality issues in the past. These mistakes must not be repeated:
 ### 🚫 High Cognitive Complexity
 #### Never write functions with cognitive complexity > 15
 **Bad - Repeated Mistakes:**
 - Nested conditionals in test assertions
 - Complex error checking logic duplicated across tests
 - Deep nesting in validation functions
 **Always:**
 - Extract complex logic into helper functions
 - Create test helper functions for repeated assertion patterns
 - Keep functions focused on a single responsibility
 - Break down complex conditions into smaller, testable pieces
 **Example:**
 Instead of 19 lines of nested error checking, create a helper:
 ```go
 // ❌ BAD - High complexity
 func TestValidation(t *testing.T) {
    if result.HasErrors {
        found := false
        for _, err := range result.Errors {
            if strings.Contains(err.Message, expected) {
                found = true
                break
            }
        }
        if !found {
            t.Errorf("error not found")
        }
    } else {
        // more nesting...
    }
 }
 // ✅ GOOD - Use helper
 func TestValidation(t *testing.T) {
    assertValidationError(t, result, "field", true, "expected message")
 }
 ```
 ### 🚫 Duplicate String Literals
 #### Never repeat string literals across test files
 **Bad - Repeated Mistakes:**
 - File paths like `"/tmp/action.yml"` repeated 22 times
 - Action references like `"actions/checkout@v3"` duplicated
 - Error messages and test scenarios hardcoded everywhere
 **Always:**
 - Use constants from `appconstants/` for production strings
 - Use constants from `testutil/test_constants.go` for test-only strings
 - Add new constants when you see duplication (>2 uses)
 **Red Flag Patterns:**
 - Same string literal in multiple test files
 - Same file path repeated in different tests
 - Same error message in multiple assertions
 ### 🚫 Inline YAML and Config Data in Tests
 #### Never embed YAML or config data directly in test code
 **Bad - Repeated Mistakes:**
 - Inline YAML strings with backticks in test functions
 - Config data hardcoded in test setup
 - Template content embedded in test files
 **Always:**
 - Create fixture files in `testdata/yaml-fixtures/`
 - Use `testutil.MustReadFixture()` to load fixtures
 - Add constants to `testutil/test_constants.go` for fixture paths
 - Reuse fixtures across multiple tests
 **Example:**
 ```go
 // ❌ BAD - Inline YAML
 testConfig := `
 theme: default
 output_format: md
 `
 // ✅ GOOD - Use fixture
 testConfig := string(testutil.MustReadFixture(testutil.TestConfigDefault))
 ```
 **Fixture Organization:**
 - `testdata/yaml-fixtures/configs/` - Config files
 - `testdata/yaml-fixtures/actions/` - Action files
 - `testdata/yaml-fixtures/template-fixtures/` - Template files
 ### 🚫 Co-Authored-By Lines in Commits
 #### Never add Co-Authored-By or similar bylines to commit messages
 **Bad - Repeated Mistakes:**
 - Adding `Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>` to commits
 - Including attribution lines at end of commit messages
 - Adding signature or generated-by lines
 **Always:**
 - Write clean commit messages following conventional commits format
 - Omit any co-author, attribution, or signature lines
 - Focus commit message on what changed and why
 **Example:**
 ```text
 ❌ BAD:
 refactor: move inline YAML to fixtures
 Benefits:
 - Improved maintainability
 - Better separation
 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 ✅ GOOD:
 refactor: move inline YAML to fixtures for better test maintainability
 - Created 16 new config fixtures
 - Replaced 19 inline YAML instances
 - All tests passing with no regressions
 ```
 **When user says "no bylines":**
 - This means: Remove ALL attribution/co-author lines
 - Do NOT argue or explain why they might be useful
 - Just comply immediately and recommit without bylines
 ### ✅ Prevention Mechanisms
 **Before writing ANY code:**
 1. Check `testutil/test_constants.go` for existing constants
 2. Check `testdata/yaml-fixtures/` for existing fixtures
 3. Consider if your function will exceed complexity limits
 4. Plan helper functions for complex logic upfront
 **Before committing:**
 1. Run `make lint` - catches complexity and duplication
 2. Pre-commit hooks will catch most issues
 3. SonarCloud will flag remaining issues in PR
 **Remember:** It's easier to write clean code initially than to refactor after quality issues are raised.
 ## 🛡️ Quality Standards
 This project enforces strict quality gates aligned with [SonarCloud "Sonar way"](https://docs.sonarsource.com/sonarqube-cloud/standards/managing-quality-gates/):
 | Metric | Threshold | Check Command |
 | ------ | --------- | ------------- |
 | Code Coverage | ≥ 80% (new code) | `make test-coverage-check` |
 | Duplicated Lines | ≤ 3% (new code) | `make lint` (via dupl) |
 | Security Rating | A (no issues) | `make security` |
 | Reliability Rating | A (no bugs) | `make lint` |
 | Maintainability | A (tech debt ≤ 5%) | `make lint` |
 | Cyclomatic Complexity | ≤ 10 per function | `make lint` (via gocyclo) |
 | Line Length | ≤ 120 characters | `make lint` (via lll) |
 **Current Coverage:** 72.8% overall (target: 80%)
 **Coverage Threshold:** Set in `Makefile` as `COVERAGE_THRESHOLD := 80.0`
 **Pre-commit Quality Checks:**
 - All linters run automatically via pre-commit hooks
 - EditorConfig compliance enforced
 - Security scans (gitleaks) prevent secret commits
 ## 📝 Template Updates
 **Templates are embedded from:** `templates_embed/templates/`
@@ -41,6 +230,96 @@ gh-action-readme gen testdata/ --output /tmp/test-output.md
 ## 🏗️ Architecture Overview
 ### Command Handler Pattern
 **All Cobra command handlers return errors** instead of calling `os.Exit()` directly. This enables comprehensive unit testing.
 **Pattern:**
 ```go
 // Handler function signature - returns error
 func myHandler(cmd *cobra.Command, args []string) error {
    if err := someOperation(); err != nil {
        return fmt.Errorf("operation failed: %w", err)
    }
    return nil
 }
 // Wrapped in command definition for Cobra compatibility
 var myCmd = &cobra.Command{
    Use:   "my-command",
    Short: "Description",
    Run:   wrapHandlerWithErrorHandling(myHandler),
 }
 ```
 The `wrapHandlerWithErrorHandling()` wrapper (in `main.go`):
 - Initializes `globalConfig` if nil (important for testing)
 - Calls the handler and captures the error
 - Displays error via `ColoredOutput` and exits with code 1 if error occurs
 **Testing handlers:**
 ```go
 func TestMyHandler(t *testing.T) {
    cmd := &cobra.Command{}
    cmd.Flags().String("some-flag", "default", "")
    err := myHandler(cmd, []string{})
    // Can now test error conditions without os.Exit()
    if err != nil {
        t.Errorf("unexpected error: %v", err)
    }
 }
 ```
 ### Dependency Injection for Testing
 Functions that interact with I/O or global state use **nil-default parameter pattern** for testability:
 ```go
 // Production signature with optional injectable dependencies
 func myFunction(output *ColoredOutput, config *AppConfig, reader InputReader) error {
    // Default to real implementations if not provided
    if config == nil {
        config = globalConfig
    }
    if reader == nil {
        reader = &StdinReader{}  // Real stdin
    }
    // ... function logic
 }
 // Production usage (pass nil for defaults)
 err := myFunction(output, nil, nil)
 // Test usage (inject mocks)
 mockConfig := internal.DefaultAppConfig()
 mockReader := &TestInputReader{responses: []string{"y"}}
 err := myFunction(output, mockConfig, mockReader)
 ```
 **Examples in codebase:**
 - `applyUpdates()` - accepts `InputReader` for stdin mocking (main.go:1094)
 - `setupDepsUpgrade()` - accepts `*AppConfig` for config injection (main.go:1001)
 **Test interfaces:**
 ```go
 // InputReader for mocking user input
 type InputReader interface {
    ReadLine() (string, error)
 }
 type TestInputReader struct {
    responses []string
    index     int
 }
 ```
 ### Template Rendering Pipeline
 1. **Parser** (`internal/parser.go`):
@@ -395,9 +674,48 @@ When adding fields to `ActionYML`:
 ### Test File Locations
 - Unit tests: `internal/*_test.go` alongside source files
- Test fixtures: `testdata/example-action/`, `testdata/composite-action/`
+- Test fixtures: `testdata/yaml-fixtures/` (organized by type)
 - Integration tests: Manual CLI testing with testdata
 ### Test Fixture Organization
 **CRITICAL:** Always use fixtures, never inline YAML in tests.
 **Fixture Structure:**
 ```text
 testdata/yaml-fixtures/
 ├── actions/
 │   ├── composite/         # Composite actions
 │   ├── javascript/        # JavaScript actions
 │   ├── docker/           # Docker actions
 │   └── invalid/          # Invalid actions for error testing
 ├── dependencies/         # Actions with specific dependencies
 ├── configs/             # Configuration files
 └── error-scenarios/     # Edge cases and error conditions
 ```
 **Using Fixtures in Tests:**
 ```go
 // Use fixture constants from testutil/test_constants.go
 testutil.WriteActionFixture(t, tmpDir, testutil.TestFixtureCompositeBasic)
 // Available fixture constants:
 // - TestFixtureJavaScriptSimple
 // - TestFixtureCompositeBasic
 // - TestFixtureCompositeWithDeps
 // - TestFixtureCompositeMultipleNamedSteps
 // - TestFixtureActionWithCheckoutV3/V4
 // See testutil/test_constants.go for complete list
 ```
 **Adding New Fixtures:**
 1. Create YAML file in appropriate subdirectory: `testdata/yaml-fixtures/actions/composite/my-new-fixture.yml`
 2. Add constant to `testutil/test_constants.go`: `TestFixtureMyNewFixture = "actions/composite/my-new-fixture.yml"`
 3. Use in tests: `testutil.WriteActionFixture(t, tmpDir, testutil.TestFixtureMyNewFixture)`
 ### Running Specific Tests
 ```bash
--- a/22
+++ b/22
@@ -1,10 +1,15 @@
-.PHONY: help test test-coverage test-coverage-html lint build run example \
+.PHONY: help test test-coverage test-coverage-html test-coverage-check lint build run example \
 	clean readme config-verify security vulncheck audit trivy gitleaks \
 	editorconfig editorconfig-fix format devtools pre-commit-install pre-commit-update \
 	deps-check deps-update deps-update-all
 all: help
 # Coverage threshold (align with SonarCloud)
 # Note: SonarCloud checks NEW code coverage (≥80%), this checks overall coverage
 # Current overall coverage: 72.9% - working towards 80% target
 COVERAGE_THRESHOLD := 72.0
 help: ## Show this help message
 	@echo "GitHub Action README Generator - Available Make Targets:"
 	@echo ""
@@ -54,6 +59,21 @@ test-coverage-html: test-coverage ## Generate HTML coverage report and open in b
 		echo "Open coverage.html in your browser to view detailed coverage"; \
 	fi
 test-coverage-check: ## Run tests with coverage check (overall >= 72%)
 	@command -v bc >/dev/null 2>&1 || { \
 		echo "❌ bc command not found. Please install bc (e.g., apt-get install bc, brew install bc)"; \
 		exit 1; \
 	}
 	@echo "Running tests with coverage check..."
 	@go test -cover -coverprofile=coverage.out ./...
 	@total=$$(go tool cover -func=coverage.out | grep total | awk '{print $$3}' | sed 's/%//'); \
 	if [ $$(echo "$$total < $(COVERAGE_THRESHOLD)" | bc) -eq 1 ]; then \
 		echo "❌ Coverage $$total% is below threshold $(COVERAGE_THRESHOLD)%"; \
 		exit 1; \
 	else \
 		echo "✅ Coverage $$total% meets threshold $(COVERAGE_THRESHOLD)%"; \
 	fi
 lint: editorconfig ## Run all linters via pre-commit
 	@echo "Running all linters via pre-commit..."
 	@command -v pre-commit >/dev/null 2>&1 || \
--- a/README.md
+++ b/README.md
@@ -11,6 +11,13 @@
 [![Go Vulnerability Check](https://github.com/ivuorinen/gh-action-readme/actions/workflows/security.yml/badge.svg)](https://github.com/ivuorinen/gh-action-readme/actions/workflows/security.yml)
 [![CodeQL](https://github.com/ivuorinen/gh-action-readme/actions/workflows/codeql.yml/badge.svg)](https://github.com/ivuorinen/gh-action-readme/actions/workflows/codeql.yml)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=ivuorinen_gh-action-readme&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=ivuorinen_gh-action-readme)
 [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=ivuorinen_gh-action-readme&metric=coverage)](https://sonarcloud.io/summary/new_code?id=ivuorinen_gh-action-readme)
 [![Maintainability](https://sonarcloud.io/api/project_badges/measure?project=ivuorinen_gh-action-readme&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=ivuorinen_gh-action-readme)
 [![Reliability](https://sonarcloud.io/api/project_badges/measure?project=ivuorinen_gh-action-readme&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=ivuorinen_gh-action-readme)
 [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=ivuorinen_gh-action-readme&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=ivuorinen_gh-action-readme)
 </div>
 > **The definitive CLI tool for generating beautiful documentation from GitHub Actions `action.yml` files**
@@ -28,6 +35,28 @@ Transform your GitHub Actions into professional documentation with multiple them
 - 📁 **Flexible Targeting** - Directory/file arguments, custom output filenames
 - 🛡️ **Thread Safe** - Race condition protection, concurrent processing ready
 ## 🛡️ Quality Gates
 This project enforces quality standards aligned with [SonarCloud "Sonar way"](https://docs.sonarsource.com/sonarqube-cloud/standards/managing-quality-gates/):
 | Metric                 | Threshold           |
 | ---------------------- | ------------------- |
 | Code Coverage          | ≥ 80% (new code)    |
 | Duplicated Lines       | ≤ 3% (new code)     |
 | Security Rating        | A (no issues)       |
 | Reliability Rating     | A (no bugs)         |
 | Maintainability Rating | A (tech debt ≤ 5%)  |
 **Local Development Checks:**
 ```bash
 make lint                 # Run all linters (gosec, dupl, gocyclo, etc.)
 make test-coverage-check  # Verify coverage threshold
 make security             # Security scans (gosec, trivy, gitleaks)
 ```
 Local linting enforces additional standards including cyclomatic complexity ≤ 10 and line length ≤ 120 characters.
 ## 🚀 Quick Start
 ### Installation
--- a/appconstants/constants.go
+++ b/appconstants/constants.go
@@ -123,6 +123,23 @@ func GetSupportedThemes() []string {
 	return themes
 }
 // supportedOutputFormats lists all available output format names (unexported to prevent modification).
 var supportedOutputFormats = []string{
 	OutputFormatMarkdown,
 	OutputFormatHTML,
 	OutputFormatJSON,
 	OutputFormatASCIIDoc,
 }
 // GetSupportedOutputFormats returns a copy of the supported output format names.
 // Returns a new slice to prevent external modification of the internal list.
 func GetSupportedOutputFormats() []string {
 	formats := make([]string, len(supportedOutputFormats))
 	copy(formats, supportedOutputFormats)
 	return formats
 }
 // Template placeholder constants for Git repository information.
 const (
 	// DefaultOrgPlaceholder is the default organization placeholder.
@@ -409,6 +426,16 @@ const (
 	ActionTypeMinimal = "minimal"
 )
 // GitHub Actions runner constants.
 const (
 	// RunnerUbuntuLatest is the latest Ubuntu runner.
 	RunnerUbuntuLatest = "ubuntu-latest"
 	// RunnerWindowsLatest is the latest Windows runner.
 	RunnerWindowsLatest = "windows-latest"
 	// RunnerMacosLatest is the latest macOS runner.
 	RunnerMacosLatest = "macos-latest"
 )
 // Programming language identifier constants.
 const (
 	// LangJavaScriptTypeScript is the JavaScript/TypeScript language identifier.
@@ -549,6 +576,14 @@ const (
 	FlagRecursive = "recursive"
 	// FlagIgnoreDirs is the ignore-dirs flag name.
 	FlagIgnoreDirs = "ignore-dirs"
 	// FlagCI is the CI mode flag name.
 	FlagCI = "ci"
 	// CommandPin is the pin command name.
 	CommandPin = "pin"
 	// CacheStatsKeyDir is the cache stats key for directory.
 	CacheStatsKeyDir = "cache_dir"
 )
 // Field names for validation.
@@ -636,11 +671,21 @@ const (
 	// ErrFailedToAccessCache is the failed to access cache error.
 	ErrFailedToAccessCache = "Failed to access cache: %v"
 	// ErrNoActionFilesFound is the no action files found error.
-	ErrNoActionFilesFound = "No action files found"
+	ErrNoActionFilesFound = "no action files found"
 	// ErrFailedToGetCurrentFilePath is the failed to get current file path error.
 	ErrFailedToGetCurrentFilePath = "failed to get current file path"
 	// ErrFailedToLoadActionFixture is the failed to load action fixture error.
 	ErrFailedToLoadActionFixture = "failed to load action fixture %s: %v"
 	// ErrFailedToApplyUpdatesWrapped is the failed to apply updates error with wrapping.
 	ErrFailedToApplyUpdatesWrapped = "failed to apply updates: %w"
 	// ErrFailedToDiscoverActionFiles is the failed to discover action files error with wrapping.
 	ErrFailedToDiscoverActionFiles = "failed to discover action files: %w"
 	// ErrPathTraversal is the path traversal attempt error.
 	ErrPathTraversal = "path traversal detected: output path '%s' attempts to escape output directory '%s'"
 	// ErrInvalidOutputPath is the invalid output path error.
 	ErrInvalidOutputPath = "invalid output path: %w"
 	// ErrFailedToResolveOutputPath is the failed to resolve output path error with wrapping.
 	ErrFailedToResolveOutputPath = "failed to resolve output path: %w"
 )
 // Common message templates.
@@ -653,6 +698,120 @@ const (
 	MsgConfigurationExportedTo = "Configuration exported to: %s"
 )
 // Test command names - used across multiple test files.
 const (
 	TestCmdGen      = "gen"
 	TestCmdConfig   = "config"
 	TestCmdValidate = "validate"
 	TestCmdDeps     = "deps"
 	TestCmdShow     = "show"
 	TestCmdList     = "list"
 )
 // Test file paths and names - used across multiple test files.
 const (
 	TestTmpDir               = "/tmp"
 	TestTmpActionFile        = "/tmp/action.yml"
 	TestErrorScenarioOldDeps = "error-scenarios/action-with-old-deps.yml"
 	TestErrorScenarioMissing = "error-scenarios/missing-required-fields.yml"
 	TestErrorScenarioInvalid = "error-scenarios/invalid-yaml-syntax.yml"
 )
 // TestMinimalAction is the minimal action YAML content for testing.
 const TestMinimalAction = "name: Test\ndescription: Test\nruns:\n  using: composite\n  steps: []"
 // TestScenarioNoDeps is the common test scenario description for actions with no dependencies.
 const TestScenarioNoDeps = "handles action with no dependencies"
 // Test messages and error strings - used in output tests.
 const (
 	TestMsgFileNotFound        = "File not found"
 	TestMsgInvalidYAML         = "Invalid YAML"
 	TestMsgQuietSuppressOutput = "quiet mode suppresses output"
 	TestMsgNoOutputInQuiet     = "Expected no output in quiet mode, got %q"
 	TestMsgVerifyPermissions   = "Verify permissions"
 	TestMsgSuggestions         = "Suggestions"
 	TestMsgDetails             = "Details"
 	TestMsgCheckFilePath       = "Check the file path"
 	TestMsgTryAgain            = "Try again"
 	TestMsgProcessingStarted   = "Processing started"
 	TestMsgOperationCompleted  = "Operation completed"
 	TestMsgOutputMissingEmoji  = "Output missing error emoji: %q"
 )
 // Test scenario names - used in output tests.
 const (
 	TestScenarioColorEnabled  = "with color enabled"
 	TestScenarioColorDisabled = "with color disabled"
 	TestScenarioQuietEnabled  = "quiet mode enabled"
 	TestScenarioQuietDisabled = "quiet mode disabled"
 )
 // Test URLs and paths - used in output tests.
 const (
 	TestURLHelp = "https://example.com/help"
 	TestKeyFile = "file"
 	TestKeyPath = "path"
 )
 // Test wizard inputs and prompts - used in wizard tests.
 const (
 	TestWizardInputYes       = "y\n"
 	TestWizardInputNo        = "n\n"
 	TestWizardInputYesYes    = "y\ny\n"
 	TestWizardInputTwo       = "2\n"
 	TestWizardInputTripleNL  = "\n\n\n"
 	TestWizardInputDoubleNL  = "\n\n"
 	TestWizardPromptContinue = "Continue?"
 	TestWizardPromptEnter    = "Enter value"
 )
 // Test repository and organization names - used in wizard tests.
 const (
 	TestOrgName  = "testorg"
 	TestRepoName = "testrepo"
 	TestValue    = "test"
 	TestVersion  = "v1.0.0"
 	TestDocsPath = "./docs"
 )
 // Test assertion messages - used in wizard tests.
 const (
 	TestAssertTheme = "Theme = %q, want %q"
 )
 // Test dependency actions - used in updater tests.
 const (
 	TestActionCheckoutV4       = "actions/checkout@v4"
 	TestActionCheckoutPinned   = "actions/checkout@abc123 # v4.1.1"
 	TestActionCheckoutFullSHA  = "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7"
 	TestActionCheckoutSHA      = "692973e3d937129bcbf40652eb9f2f61becf3332"
 	TestActionCheckoutVersion  = "v4.1.7"
 	TestCacheKey               = "test-key"
 	TestUpdateTypePatch        = "patch"
 	TestDepsSimpleCheckoutFile = "dependencies/simple-test-checkout.yml"
 )
 // Test paths and output - used in generator tests.
 const (
 	TestOutputPath = "/tmp/output"
 )
 // Test HTML content - used in html tests.
 const (
 	TestHTMLNewContent        = "New content"
 	TestHTMLClosingTag        = "\n</html>"
 	TestMsgFailedToReadOutput = "Failed to read output file: %v"
 )
 // Test detector messages - used in detector tests.
 const (
 	TestMsgFailedToCreateAction = "Failed to create action.yml: %v"
 	TestPermRead                = "read"
 	TestPermWrite               = "write"
 	TestPermContents            = "contents"
 )
 // File permissions (additional).
 const (
 	// FilePermDir is the directory permission.
--- a/appconstants/constants_test.go
+++ b/appconstants/constants_test.go
@@ -0,0 +1,212 @@
 package appconstants
 import (
 	"path/filepath"
 	"strings"
 	"testing"
 )
 const testModifiedValue = "modified"
 // TestGetSupportedThemes tests the GetSupportedThemes function.
 func TestGetSupportedThemes(t *testing.T) {
 	t.Parallel()
 	themes := GetSupportedThemes()
 	// Check that we get a non-empty slice
 	if len(themes) == 0 {
 		t.Error("GetSupportedThemes() returned empty slice")
 	}
 	// Check that known themes are included
 	expectedThemes := []string{ThemeDefault, ThemeGitHub, ThemeMinimal, ThemeProfessional}
 	for _, expected := range expectedThemes {
 		found := false
 		for _, theme := range themes {
 			if theme == expected {
 				found = true
 				break
 			}
 		}
 		if !found {
 			t.Errorf("GetSupportedThemes() missing expected theme: %s", expected)
 		}
 	}
 	// Verify it returns a copy (modifying returned slice shouldn't affect original)
 	themes1 := GetSupportedThemes()
 	themes2 := GetSupportedThemes()
 	if len(themes1) != len(themes2) {
 		t.Error("GetSupportedThemes() not returning consistent results")
 	}
 	// Modify the returned slice
 	if len(themes1) > 0 {
 		themes1[0] = testModifiedValue
 		// Get a fresh copy
 		themes3 := GetSupportedThemes()
 		// Should not be modified
 		if themes3[0] == testModifiedValue {
 			t.Error("GetSupportedThemes() not returning a copy - original was modified")
 		}
 	}
 }
 // TestGetConfigSearchPaths tests the GetConfigSearchPaths function.
 func TestGetConfigSearchPaths(t *testing.T) {
 	t.Parallel()
 	paths := GetConfigSearchPaths()
 	// Check that we get a non-empty slice
 	if len(paths) == 0 {
 		t.Error("GetConfigSearchPaths() returned empty slice")
 	}
 	// Check that it contains path-like strings
 	for _, path := range paths {
 		if path == "" {
 			t.Error("GetConfigSearchPaths() contains empty string")
 		}
 		// Validate path doesn't contain traversal components
 		if strings.Contains(path, "..") {
 			t.Errorf("GetConfigSearchPaths() path %q contains unsafe .. component", path)
 		}
 		// Validate path is already cleaned
 		cleanPath := filepath.Clean(path)
 		if path != cleanPath {
 			t.Errorf("GetConfigSearchPaths() path %q is not cleaned (should be %q)", path, cleanPath)
 		}
 	}
 	// Verify it returns a copy (modifying returned slice shouldn't affect original)
 	paths1 := GetConfigSearchPaths()
 	paths2 := GetConfigSearchPaths()
 	if len(paths1) != len(paths2) {
 		t.Error("GetConfigSearchPaths() not returning consistent results")
 	}
 	// Modify the returned slice
 	if len(paths1) > 0 {
 		paths1[0] = testModifiedValue
 		// Get a fresh copy
 		paths3 := GetConfigSearchPaths()
 		// Should not be modified
 		if paths3[0] == testModifiedValue {
 			t.Error("GetConfigSearchPaths() not returning a copy - original was modified")
 		}
 	}
 }
 // TestGetDefaultIgnoredDirectories tests the GetDefaultIgnoredDirectories function.
 func TestGetDefaultIgnoredDirectories(t *testing.T) {
 	t.Parallel()
 	dirs := GetDefaultIgnoredDirectories()
 	// Check that we get a non-empty slice
 	if len(dirs) == 0 {
 		t.Error("GetDefaultIgnoredDirectories() returned empty slice")
 	}
 	// Check that known ignored directories are included
 	expectedDirs := []string{DirGit, DirNodeModules, DirVendor, DirDist}
 	for _, expected := range expectedDirs {
 		found := false
 		for _, dir := range dirs {
 			if dir == expected {
 				found = true
 				break
 			}
 		}
 		if !found {
 			t.Errorf("GetDefaultIgnoredDirectories() missing expected directory: %s", expected)
 		}
 	}
 	// Verify it returns a copy (modifying returned slice shouldn't affect original)
 	dirs1 := GetDefaultIgnoredDirectories()
 	dirs2 := GetDefaultIgnoredDirectories()
 	if len(dirs1) != len(dirs2) {
 		t.Error("GetDefaultIgnoredDirectories() not returning consistent results")
 	}
 	// Modify the returned slice
 	if len(dirs1) > 0 {
 		dirs1[0] = testModifiedValue
 		// Get a fresh copy
 		dirs3 := GetDefaultIgnoredDirectories()
 		// Should not be modified
 		if dirs3[0] == testModifiedValue {
 			t.Error("GetDefaultIgnoredDirectories() not returning a copy - original was modified")
 		}
 	}
 }
 // TestConfigurationSourceString tests the String method for ConfigurationSource.
 func TestConfigurationSourceString(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name   string
 		source ConfigurationSource
 		want   string
 	}{
 		{
 			name:   "defaults source",
 			source: SourceDefaults,
 			want:   ConfigKeyDefaults,
 		},
 		{
 			name:   "global source",
 			source: SourceGlobal,
 			want:   ScopeGlobal,
 		},
 		{
 			name:   "repo override source",
 			source: SourceRepoOverride,
 			want:   "repo-override",
 		},
 		{
 			name:   "repo config source",
 			source: SourceRepoConfig,
 			want:   "repo-config",
 		},
 		{
 			name:   "action config source",
 			source: SourceActionConfig,
 			want:   "action-config",
 		},
 		{
 			name:   "environment source",
 			source: SourceEnvironment,
 			want:   "environment",
 		},
 		{
 			name:   "CLI flags source",
 			source: SourceCLIFlags,
 			want:   "cli-flags",
 		},
 		{
 			name:   "unknown source",
 			source: ConfigurationSource(999),
 			want:   "unknown",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := tt.source.String()
 			if got != tt.want {
 				t.Errorf("ConfigurationSource.String() = %q, want %q", got, tt.want)
 			}
 		})
 	}
 }
--- a/appconstants/test_constants.go
+++ b/appconstants/test_constants.go
@@ -1,102 +0,0 @@
 package appconstants
 // This file contains constants used exclusively for testing.
 // These are separated from production constants to:
 // - Reduce API surface pollution in the main constants file
 // - Make it clear which constants are test-only
 // - Improve code organization and maintainability
 //
 // Note: These constants must remain exported so they can be used by
 // test files in other packages (e.g., internal/*_test.go, main_test.go).
 // Test assertion message format templates.
 const (
 	// TestMsgExitCode is the format for exit code mismatch assertions.
 	TestMsgExitCode = "expected exit code %d, got %d"
 	// TestMsgStdout is the format for standard output logging.
 	TestMsgStdout = "stdout: %s"
 	// TestMsgStderr is the format for standard error logging.
 	TestMsgStderr = "stderr: %s"
 )
 // Test fixture path constants.
 const (
 	// JavaScript action fixtures.
 	TestFixtureJavaScriptSimple = "actions/javascript/simple.yml"
 	// Composite action fixtures.
 	TestFixtureCompositeBasic    = "actions/composite/basic.yml"
 	TestFixtureCompositeWithDeps = "actions/composite/with-dependencies.yml"
 	// Docker action fixtures.
 	TestFixtureDockerBasic = "actions/docker/basic.yml"
 	// Invalid action fixtures.
 	TestFixtureInvalidMissingDescription = "actions/invalid/missing-description.yml"
 	TestFixtureInvalidInvalidUsing       = "actions/invalid/invalid-using.yml"
 	// Minimal/other fixtures.
 	TestFixtureMinimalAction       = "minimal-action.yml"
 	TestFixtureProfessionalConfig  = "professional-config.yml"
 	TestFixtureTestCompositeAction = "test-composite-action.yml"
 	TestFixtureMyNewAction         = "my-new-action.yml"
 )
 // Test file path constants.
 const (
 	TestPathConfigYML       = "config.yml"
 	TestPathCustomConfigYML = "custom-config.yml"
 	TestPathNonexistentYML  = "nonexistent.yml"
 )
 // Test directory path constants.
 const (
 	TestDirSubdir           = "subdir"
 	TestDirActions          = "actions"
 	TestDirActionsDeploy    = "actions/deploy"
 	TestDirActionsTest      = "actions/test"
 	TestDirActionsComposite = "actions/composite"
 	TestDirActionsDocker    = "actions/docker"
 	TestDirNested           = "nested"
 	TestDirNestedDeep       = "nested/deep"
 	// Config directories.
 	TestDirConfigGhActionReadme = ".config/gh-action-readme"
 	TestDirDotConfig            = ".config"
 	TestDirCacheGhActionReadme  = ".cache/gh-action-readme"
 )
 // (Test file permission constants removed - use production constants from appconstants/constants.go)
 // Test YAML content for parser tests.
 const (
 	TestYAMLRoot        = "name: root"
 	TestYAMLNodeModules = "name: node_modules"
 	TestYAMLVendor      = "name: vendor"
 	TestYAMLGit         = "name: git"
 	TestYAMLSrc         = "name: src"
 	TestYAMLNested      = "name: nested"
 	TestYAMLSub         = "name: sub"
 )
 // Test YAML template strings for parser tests.
 const (
 	TestActionFilePattern = "action-*.yml"
 	TestPermissionsHeader = "# permissions:\n"
 	TestActionNameLine    = "name: Test Action\n"
 	TestDescriptionLine   = "description: Test\n"
 	TestRunsLine          = "runs:\n"
 	TestCompositeUsing    = "  using: composite\n"
 	TestStepsEmpty        = "  steps: []\n"
 	TestErrorFormat       = "ParseActionYML() error = %v"
 	TestContentsRead      = "#   contents: read\n"
 )
 // Test path constants for template tests.
 const (
 	TestRepoActionPath      = "/repo/action.yml"
 	TestRepoBuildActionPath = "/repo/build/action.yml"
 	TestVersionV123         = "@v1.2.3"
 )
--- a/go.sum
+++ b/go.sum
@@ -13,8 +13,6 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
 github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE=
 github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
 github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/gofri/go-github-ratelimit v1.1.1 h1:5TCOtFf45M2PjSYU17txqbiYBEzjOuK1+OhivbW69W0=
--- a/integration_test.go
+++ b/integration_test.go
@@ -37,6 +37,38 @@ func TestMain(m *testing.M) {
 	os.Exit(code)
 }
 // findFilesRecursive recursively searches for files matching the given pattern.
 // It uses filepath.WalkDir for recursive search and filepath.Match for pattern matching.
 // The pattern is matched against the basename of each file.
 func findFilesRecursive(rootDir, pattern string) ([]string, error) {
 	var matches []string
 	err := filepath.WalkDir(rootDir, func(path string, d os.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
 		// Skip directories
 		if d.IsDir() {
 			return nil
 		}
 		// Match pattern against basename
 		matched, err := filepath.Match(pattern, filepath.Base(path))
 		if err != nil {
 			return err
 		}
 		if matched {
 			matches = append(matches, path)
 		}
 		return nil
 	})
 	return matches, err
 }
 // getSharedTestBinary returns the path to the shared test binary, building it once if needed.
 func getSharedTestBinary(t *testing.T) string {
 	t.Helper()
@@ -45,7 +77,7 @@ func getSharedTestBinary(t *testing.T) string {
 		// Create a shared temporary directory that will be cleaned up in TestMain
 		// Note: Cannot use t.TempDir() here because we need the directory to persist
 		// across all tests and be cleaned up only at the end in TestMain
-		tmpDir, err := os.MkdirTemp("", "gh-action-readme-shared-test-*") //nolint:usetesting
+		tmpDir, err := os.MkdirTemp("", testutil.TestBinaryName+"-shared-test-*") //nolint:usetesting
 		if err != nil {
 			errSharedBinary = err
@@ -54,7 +86,7 @@ func getSharedTestBinary(t *testing.T) string {
 		sharedBinaryTmpDir = tmpDir
-		binaryPath := filepath.Join(tmpDir, "gh-action-readme")
+		binaryPath := filepath.Join(tmpDir, testutil.TestBinaryName)
 		cmd := exec.Command("go", "build", "-o", binaryPath, ".") // #nosec G204 -- controlled test input
 		var stderr strings.Builder
@@ -87,9 +119,9 @@ func buildTestBinary(t *testing.T) string {
 func setupCompleteWorkflow(t *testing.T, tmpDir string) {
 	t.Helper()
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureCompositeBasic))
+		testutil.MustReadFixture(testutil.TestFixtureCompositeBasic))
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "README.md"), "# Old README")
-	testutil.WriteTestFile(t, filepath.Join(tmpDir, ".gitignore"), testutil.GitIgnoreContent)
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGitIgnore), testutil.GitIgnoreContent)
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "package.json"), testutil.PackageJSONContent)
 }
@@ -97,24 +129,24 @@ func setupCompleteWorkflow(t *testing.T, tmpDir string) {
 func setupMultiActionWorkflow(t *testing.T, tmpDir string) {
 	t.Helper()
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
-	testutil.CreateActionSubdir(t, tmpDir, "actions/deploy", appconstants.TestFixtureDockerBasic)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/deploy", testutil.TestFixtureDockerBasic)
-	testutil.CreateActionSubdir(t, tmpDir, "actions/test", appconstants.TestFixtureCompositeBasic)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/test", testutil.TestFixtureCompositeBasic)
 }
 // setupConfigWorkflow creates a simple action for config testing.
 func setupConfigWorkflow(t *testing.T, tmpDir string) {
 	t.Helper()
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 }
 // setupErrorWorkflow creates an invalid action file for error testing.
 func setupErrorWorkflow(t *testing.T, tmpDir string) {
 	t.Helper()
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureInvalidMissingDescription))
+		testutil.MustReadFixture(testutil.TestFixtureInvalidMissingDescription))
 }
 // setupConfigurationHierarchy creates a complex configuration hierarchy for testing.
@@ -122,21 +154,21 @@ func setupConfigurationHierarchy(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Create action file
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureCompositeBasic))
+		testutil.MustReadFixture(testutil.TestFixtureCompositeBasic))
 	// Create global config
-	testutil.WriteConfigFile(t, tmpDir, testutil.MustReadFixture("configs/global/default.yml"))
+	testutil.WriteConfigFile(t, tmpDir, testutil.MustReadFixture(testutil.TestFixtureGlobalConfig))
 	// Create repo-specific config override
-	testutil.WriteTestFile(t, filepath.Join(tmpDir, "gh-action-readme.yml"),
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGHActionReadme),
-		testutil.MustReadFixture("professional-config.yml"))
+		testutil.MustReadFixture(testutil.TestFixtureProfessionalConfig))
 	// Create action-specific config
-	testutil.WriteTestFile(t, filepath.Join(tmpDir, ".github", "gh-action-readme.yml"),
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestDirDotGitHub, testutil.TestFileGHActionReadme),
-		testutil.MustReadFixture("repo-config.yml"))
+		testutil.MustReadFixture(testutil.TestFixtureRepoConfig))
 	// Set XDG config home to our test directory
-	t.Setenv("XDG_CONFIG_HOME", filepath.Join(tmpDir, appconstants.TestDirDotConfig))
+	t.Setenv("XDG_CONFIG_HOME", filepath.Join(tmpDir, testutil.TestDirDotConfig))
 }
 // setupMultiActionWithTemplates creates multiple actions with custom templates.
@@ -144,12 +176,12 @@ func setupMultiActionWithTemplates(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Root action
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	// Nested actions with different types
-	testutil.CreateActionSubdir(t, tmpDir, "actions/composite", appconstants.TestFixtureCompositeBasic)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/composite", testutil.TestFixtureCompositeBasic)
-	testutil.CreateActionSubdir(t, tmpDir, "actions/docker", appconstants.TestFixtureDockerBasic)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/docker", testutil.TestFixtureDockerBasic)
-	testutil.CreateActionSubdir(t, tmpDir, "actions/minimal", appconstants.TestFixtureMinimalAction)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/minimal", testutil.TestFixtureMinimalAction)
 	// Setup templates
 	testutil.SetupTestTemplates(t, tmpDir)
@@ -167,12 +199,11 @@ func setupCompleteServiceChain(t *testing.T, tmpDir string) {
 	// Add package.json for dependency analysis
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "package.json"), testutil.PackageJSONContent)
-	// Add .gitignore
+	// Add testutil.TestFileGitIgnore
-	testutil.WriteTestFile(t, filepath.Join(tmpDir, ".gitignore"), testutil.GitIgnoreContent)
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGitIgnore), testutil.GitIgnoreContent)
 	// Create cache directory structure
-	cacheDir := filepath.Join(tmpDir, ".cache", "gh-action-readme")
+	testutil.CreateTestSubdir(t, tmpDir, ".cache", testutil.TestBinaryName)
 	_ = os.MkdirAll(cacheDir, 0750) // #nosec G301 -- test directory permissions
 }
 // setupDependencyAnalysisWorkflow creates a project with complex dependencies.
@@ -183,7 +214,7 @@ func setupDependencyAnalysisWorkflow(t *testing.T, tmpDir string) {
 		"Complex Workflow",
 		"A composite action with multiple dependencies for testing",
 		[]string{
-			"actions/checkout@v4",
+			testutil.TestActionCheckoutV4,
 			"actions/setup-node@v4",
 			"actions/cache@v3",
 			"actions/upload-artifact@v3",
@@ -195,8 +226,7 @@ func setupDependencyAnalysisWorkflow(t *testing.T, tmpDir string) {
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "package.json"), testutil.PackageJSONContent)
 	// Add a nested action with different dependencies
-	nestedDir := filepath.Join(tmpDir, "actions", "deploy")
+	nestedDir := testutil.CreateTestSubdir(t, tmpDir, "actions", "deploy")
 	_ = os.MkdirAll(nestedDir, 0750) // #nosec G301 -- test directory permissions
 	nestedAction := testutil.CreateCompositeAction(
 		"Deploy Action",
@@ -214,35 +244,25 @@ func setupConfigurationHierarchyWorkflow(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Create action file
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureCompositeBasic))
+		testutil.MustReadFixture(testutil.TestFixtureCompositeBasic))
 	// Set up XDG config home
-	configHome := filepath.Join(tmpDir, appconstants.TestDirDotConfig)
+	configHome := filepath.Join(tmpDir, testutil.TestDirDotConfig)
 	t.Setenv("XDG_CONFIG_HOME", configHome)
 	// Global configuration (lowest priority)
-	globalConfigDir := filepath.Join(configHome, "gh-action-readme")
+	globalConfigDir := testutil.CreateTestSubdir(t, configHome, testutil.TestBinaryName)
-	_ = os.MkdirAll(globalConfigDir, 0750) // #nosec G301 -- test directory permissions
+	globalConfig := string(testutil.MustReadFixture(testutil.TestConfigGlobalDefault))
-	globalConfig := `theme: default
+	testutil.WriteTestFile(t, filepath.Join(globalConfigDir, testutil.TestPathConfigYML), globalConfig)
 output_format: md
 verbose: false
 github_token: ghp_test1234567890abcdefghijklmnopqrstuvwxyz`
 	testutil.WriteTestFile(t, filepath.Join(globalConfigDir, appconstants.TestPathConfigYML), globalConfig)
 	// Repository configuration (medium priority)
-	repoConfig := `theme: github
+	repoConfig := string(testutil.MustReadFixture(testutil.TestConfigRepoGitHub))
-output_format: html
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGHActionReadme), repoConfig)
 verbose: true
 schema: custom-schema.json`
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "gh-action-readme.yml"), repoConfig)
 	// Action-specific configuration (higher priority)
-	githubDir := filepath.Join(tmpDir, ".github")
+	githubDir := testutil.CreateTestSubdir(t, tmpDir, testutil.TestDirDotGitHub)
-	_ = os.MkdirAll(githubDir, 0750) // #nosec G301 -- test directory permissions
+	actionConfig := string(testutil.MustReadFixture(testutil.TestConfigActionProfessional))
-	actionConfig := `theme: professional
+	testutil.WriteTestFile(t, filepath.Join(githubDir, testutil.TestFileGHActionReadme), actionConfig)
 template: custom-template.tmpl
 output_dir: docs`
 	testutil.WriteTestFile(t, filepath.Join(githubDir, "gh-action-readme.yml"), actionConfig)
 	// Environment variables (highest priority before CLI flags)
 	t.Setenv("GH_ACTION_README_THEME", "minimal")
@@ -256,16 +276,13 @@ func setupTemplateErrorScenario(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Create valid action file
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	// Create a broken template directory structure
-	templatesDir := filepath.Join(tmpDir, "templates")
+	templatesDir := testutil.CreateTestSubdir(t, tmpDir, "templates")
 	_ = os.MkdirAll(templatesDir, 0750) // #nosec G301 -- test directory permissions
 	// Create invalid template
-	brokenTemplate := `# {{ .Name }
+	brokenTemplate := string(testutil.MustReadFixture(testutil.TestTemplateBroken))
 {{ .InvalidField }}
 {{ range .NonExistentField }}`
 	testutil.WriteTestFile(t, filepath.Join(templatesDir, "broken.tmpl"), brokenTemplate)
 }
@@ -274,38 +291,34 @@ func setupConfigurationErrorScenario(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Create valid action file
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	// Create invalid configuration files
-	invalidConfig := `theme: [invalid yaml structure
+	invalidConfig := string(testutil.MustReadFixture(testutil.TestConfigInvalidMalformed))
-output_format: "missing quote
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGHActionReadme), invalidConfig)
 verbose: not_a_boolean`
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "gh-action-readme.yml"), invalidConfig)
 	// Create configuration with missing required fields
-	incompleteConfig := `unknown_field: value
+	incompleteConfig := string(testutil.MustReadFixture(testutil.TestConfigInvalidIncomplete))
-invalid_theme: nonexistent`
+	configDir := testutil.CreateTestSubdir(t, tmpDir, testutil.TestDirDotConfig, testutil.TestBinaryName)
-	configDir := filepath.Join(tmpDir, appconstants.TestDirDotConfig, "gh-action-readme")
+	testutil.WriteTestFile(t, filepath.Join(configDir, testutil.TestPathConfigYML), incompleteConfig)
 	_ = os.MkdirAll(configDir, 0750) // #nosec G301 -- test directory permissions
 	testutil.WriteTestFile(t, filepath.Join(configDir, appconstants.TestPathConfigYML), incompleteConfig)
 	// Set XDG config home
-	t.Setenv("XDG_CONFIG_HOME", filepath.Join(tmpDir, appconstants.TestDirDotConfig))
+	t.Setenv("XDG_CONFIG_HOME", filepath.Join(tmpDir, testutil.TestDirDotConfig))
 }
 // setupFileDiscoveryErrorScenario creates a scenario with file discovery issues.
 func setupFileDiscoveryErrorScenario(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Create directory structure but no action files
-	_ = os.MkdirAll(filepath.Join(tmpDir, "actions"), 0750) // #nosec G301 -- test directory permissions
+	testutil.CreateTestSubdir(t, tmpDir, "actions")
-	_ = os.MkdirAll(filepath.Join(tmpDir, ".github"), 0750) // #nosec G301 -- test directory permissions
+	testutil.CreateTestSubdir(t, tmpDir, testutil.TestDirDotGitHub)
 	// Create files with similar names but not action files
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "action.txt"), "not an action")
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "workflow.yml"),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "actions", "action.bak"),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 }
 // setupServiceIntegrationErrorScenario creates a mixed scenario with various issues.
@@ -313,18 +326,17 @@ func setupServiceIntegrationErrorScenario(t *testing.T, tmpDir string) {
 	t.Helper()
 	// Valid action at root
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	// Invalid action in subdirectory
-	testutil.CreateActionSubdir(t, tmpDir, "actions/broken", appconstants.TestFixtureInvalidMissingDescription)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/broken", testutil.TestFixtureInvalidMissingDescription)
 	// Valid action in another subdirectory
-	testutil.CreateActionSubdir(t, tmpDir, "actions/valid", appconstants.TestFixtureCompositeBasic)
+	testutil.CreateActionSubdir(t, tmpDir, "actions/valid", testutil.TestFixtureCompositeBasic)
 	// Broken configuration
-	brokenConfig := `theme: nonexistent_theme
+	brokenConfig := string(testutil.MustReadFixture(testutil.TestConfigInvalidTheme))
-template: /path/to/nonexistent/template.tmpl`
+	testutil.WriteTestFile(t, filepath.Join(tmpDir, testutil.TestFileGHActionReadme), brokenConfig)
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, "gh-action-readme.yml"), brokenConfig)
 }
 // checkStepExitCode validates command exit code expectations.
@@ -333,8 +345,8 @@ func checkStepExitCode(t *testing.T, step workflowStep, exitCode int, stdout, st
 	if step.expectSuccess && exitCode != 0 {
 		t.Errorf("expected success but got exit code %d", exitCode)
-		t.Logf("stdout: %s", stdout.String())
+		t.Logf(testutil.TestMsgStdout, stdout.String())
-		t.Logf("stderr: %s", stderr.String())
+		t.Logf(testutil.TestMsgStderr, stderr.String())
 	} else if !step.expectSuccess && exitCode == 0 {
 		t.Error("expected failure but command succeeded")
 	}
@@ -395,7 +407,7 @@ func TestServiceIntegration(t *testing.T) {
 			workflow: []workflowStep{
 				{
 					name:          "generate with verbose progress indicators",
-					cmd:           []string{"gen", "--verbose", "--theme", "github"},
+					cmd:           []string{"gen", testutil.TestFlagVerbose, testutil.TestFlagTheme, "github"},
 					expectSuccess: true,
 					expectOutput:  "Processing file:",
 				},
@@ -416,8 +428,14 @@ func TestServiceIntegration(t *testing.T) {
 			setupFunc: setupMultiActionWithTemplates,
 			workflow: []workflowStep{
 				{
-					name:          "discover and process multiple actions recursively",
+					name: "discover and process multiple actions recursively",
-					cmd:           []string{"gen", "--recursive", "--theme", "professional", "--verbose"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagRecursive,
 						testutil.TestFlagTheme,
 						"professional",
 						testutil.TestFlagVerbose,
 					},
 					expectSuccess: true,
 				},
 			},
@@ -440,11 +458,11 @@ func TestServiceIntegration(t *testing.T) {
 					name: "full workflow with all services",
 					cmd: []string{
 						"gen",
-						"--recursive",
+						testutil.TestFlagRecursive,
-						"--verbose",
+						testutil.TestFlagVerbose,
-						"--theme",
+						testutil.TestFlagTheme,
 						"github",
-						"--output-format",
+						testutil.TestFlagOutputFormat,
 						"html",
 					},
 					expectSuccess: true,
@@ -504,12 +522,18 @@ func TestEndToEndWorkflows(t *testing.T) {
 				},
 				{
 					name:          "generate with default theme",
-					cmd:           []string{"gen", "--theme", "default"},
+					cmd:           []string{"gen", testutil.TestFlagTheme, "default"},
 					expectSuccess: true,
 				},
 				{
-					name:          "generate with github theme",
+					name: "generate with github theme",
-					cmd:           []string{"gen", "--theme", "github", "--output-format", "html"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagTheme,
 						"github",
 						testutil.TestFlagOutputFormat,
 						"html",
 					},
 					expectSuccess: true,
 				},
 				{
@@ -535,8 +559,13 @@ func TestEndToEndWorkflows(t *testing.T) {
 					expectSuccess: true,
 				},
 				{
-					name:          "generate docs for all actions",
+					name: "generate docs for all actions",
-					cmd:           []string{"gen", "--recursive", "--theme", "professional"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagRecursive,
 						testutil.TestFlagTheme,
 						"professional",
 					},
 					expectSuccess: true,
 				},
 				{
@@ -554,7 +583,7 @@ func TestEndToEndWorkflows(t *testing.T) {
 					name:          "show current config",
 					cmd:           []string{"config", "show"},
 					expectSuccess: true,
-					expectOutput:  "Current Configuration",
+					expectOutput:  testutil.TestMsgCurrentConfig,
 				},
 				{
 					name:          "list available themes",
@@ -564,7 +593,7 @@ func TestEndToEndWorkflows(t *testing.T) {
 				},
 				{
 					name:          "generate with custom theme",
-					cmd:           []string{"gen", "--theme", "minimal"},
+					cmd:           []string{"gen", testutil.TestFlagTheme, "minimal"},
 					expectSuccess: true,
 				},
 			},
@@ -574,23 +603,41 @@ func TestEndToEndWorkflows(t *testing.T) {
 			setupFunc: setupCompleteWorkflow,
 			workflow: []workflowStep{
 				{
-					name:          "generate markdown documentation",
+					name: "generate markdown documentation",
-					cmd:           []string{"gen", "--output-format", "md", "--theme", "github"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagOutputFormat,
 						"md",
 						testutil.TestFlagTheme,
 						"github",
 					},
 					expectSuccess: true,
 				},
 				{
-					name:          "generate HTML documentation",
+					name: "generate HTML documentation",
-					cmd:           []string{"gen", "--output-format", "html", "--theme", "professional"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagOutputFormat,
 						"html",
 						testutil.TestFlagTheme,
 						"professional",
 					},
 					expectSuccess: true,
 				},
 				{
 					name:          "generate JSON documentation",
-					cmd:           []string{"gen", "--output-format", "json"},
+					cmd:           []string{"gen", testutil.TestFlagOutputFormat, "json"},
 					expectSuccess: true,
 				},
 				{
-					name:          "generate AsciiDoc documentation",
+					name: "generate AsciiDoc documentation",
-					cmd:           []string{"gen", "--output-format", "asciidoc", "--theme", "minimal"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagOutputFormat,
 						"asciidoc",
 						testutil.TestFlagTheme,
 						"minimal",
 					},
 					expectSuccess: true,
 				},
 			},
@@ -601,9 +648,9 @@ func TestEndToEndWorkflows(t *testing.T) {
 			workflow: []workflowStep{
 				{
 					name:          "analyze composite action dependencies",
-					cmd:           []string{"deps", "list", "--verbose"},
+					cmd:           []string{"deps", "list", testutil.TestFlagVerbose},
 					expectSuccess: true,
-					expectOutput:  "Dependencies found",
+					expectOutput:  testutil.TestMsgDependenciesFound,
 				},
 				{
 					name:          "check for dependency updates",
@@ -612,7 +659,7 @@ func TestEndToEndWorkflows(t *testing.T) {
 				},
 				{
 					name:          "generate documentation with dependency info",
-					cmd:           []string{"gen", "--theme", "github", "--verbose"},
+					cmd:           []string{"gen", testutil.TestFlagTheme, "github", testutil.TestFlagVerbose},
 					expectSuccess: true,
 				},
 			},
@@ -623,18 +670,25 @@ func TestEndToEndWorkflows(t *testing.T) {
 			workflow: []workflowStep{
 				{
 					name:          "show merged configuration",
-					cmd:           []string{"config", "show", "--verbose"},
+					cmd:           []string{"config", "show", testutil.TestFlagVerbose},
 					expectSuccess: true,
-					expectOutput:  "Current Configuration",
+					expectOutput:  testutil.TestMsgCurrentConfig,
 				},
 				{
 					name:          "generate with hierarchical config",
-					cmd:           []string{"gen", "--verbose"},
+					cmd:           []string{"gen", testutil.TestFlagVerbose},
 					expectSuccess: true,
 				},
 				{
-					name:          "override with CLI flags",
+					name: "override with CLI flags",
-					cmd:           []string{"gen", "--theme", "minimal", "--output-format", "html", "--verbose"},
+					cmd: []string{
 						"gen",
 						testutil.TestFlagTheme,
 						"minimal",
 						testutil.TestFlagOutputFormat,
 						"html",
 						testutil.TestFlagVerbose,
 					},
 					expectSuccess: true,
 				},
 			},
@@ -704,12 +758,10 @@ func testProjectSetup(t *testing.T, binaryPath, tmpDir string) {
 	t.Helper()
 	// Create a new GitHub Action project
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureMyNewAction))
+		testutil.MustReadFixture(testutil.TestFixtureMyNewAction))
 	// Validate the action
-	cmd := exec.Command(binaryPath, "validate") // #nosec G204 -- controlled test input
+	_, err := testutil.RunBinaryCommand(t, binaryPath, tmpDir, "validate")
 	cmd.Dir = tmpDir
 	err := cmd.Run()
 	testutil.AssertNoError(t, err)
 }
@@ -719,13 +771,18 @@ func testDocumentationGeneration(t *testing.T, binaryPath, tmpDir string) {
 	themes := []string{"default", "github", "minimal"}
 	for _, theme := range themes {
-		cmd := exec.Command(binaryPath, "gen", "--theme", theme) // #nosec G204 -- controlled test input
+		cmd := exec.Command(
 			binaryPath,
 			"gen",
 			testutil.TestFlagTheme,
 			theme,
 		) // #nosec G204 -- controlled test input
 		cmd.Dir = tmpDir
 		err := cmd.Run()
 		testutil.AssertNoError(t, err)
 		// Verify README was created
-		readmeFiles, _ := filepath.Glob(filepath.Join(tmpDir, "README*.md"))
+		readmeFiles, _ := findFilesRecursive(tmpDir, testutil.TestPatternREADME)
 		if len(readmeFiles) == 0 {
 			t.Errorf("no README generated for theme %s", theme)
 		}
@@ -742,18 +799,12 @@ func testDependencyManagement(t *testing.T, binaryPath, tmpDir string) {
 	t.Helper()
 	// Update action to be composite with dependencies
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureCompositeBasic))
+		testutil.MustReadFixture(testutil.TestFixtureCompositeBasic))
 	// List dependencies
-	cmd := exec.Command(binaryPath, "deps", "list")
+	output, err := testutil.RunBinaryCommand(t, binaryPath, tmpDir, "deps", "list")
 	cmd.Dir = tmpDir
 	var stdout strings.Builder
 	cmd.Stdout = &stdout
 	err := cmd.Run()
 	testutil.AssertNoError(t, err)
-
+	if !strings.Contains(output, testutil.TestMsgDependenciesFound) {
 	output := stdout.String()
 	if !strings.Contains(output, "Dependencies found") {
 		t.Error("expected dependency listing output")
 	}
 }
@@ -764,7 +815,12 @@ func testOutputFormats(t *testing.T, binaryPath, tmpDir string) {
 	formats := []string{"md", "html", "json"}
 	for _, format := range formats {
-		cmd := exec.Command(binaryPath, "gen", "--output-format", format) // #nosec G204 -- controlled test input
+		cmd := exec.Command(
 			binaryPath,
 			"gen",
 			testutil.TestFlagOutputFormat,
 			format,
 		) // #nosec G204 -- controlled test input
 		cmd.Dir = tmpDir
 		err := cmd.Run()
 		testutil.AssertNoError(t, err)
@@ -773,10 +829,10 @@ func testOutputFormats(t *testing.T, binaryPath, tmpDir string) {
 		var pattern string
 		switch format {
 		case "md":
-			pattern = "README*.md"
+			pattern = testutil.TestPatternREADME
 		case "html":
 			// HTML files are named after the action name (e.g., "Example Action.html")
-			pattern = "*.html"
+			pattern = testutil.TestPatternHTML
 		case "json":
 			// JSON files have a fixed name
 			pattern = "action-docs.json"
@@ -798,21 +854,15 @@ func testOutputFormats(t *testing.T, binaryPath, tmpDir string) {
 func testCacheManagement(t *testing.T, binaryPath, tmpDir string) {
 	t.Helper()
 	// Check cache stats
-	cmd := exec.Command(binaryPath, "cache", "stats")
+	_, err := testutil.RunBinaryCommand(t, binaryPath, tmpDir, "cache", "stats")
 	cmd.Dir = tmpDir
 	err := cmd.Run()
 	testutil.AssertNoError(t, err)
 	// Clear cache
-	cmd = exec.Command(binaryPath, "cache", "clear")
+	_, err = testutil.RunBinaryCommand(t, binaryPath, tmpDir, "cache", "clear")
 	cmd.Dir = tmpDir
 	err = cmd.Run()
 	testutil.AssertNoError(t, err)
 	// Check path
-	cmd = exec.Command(binaryPath, "cache", "path")
+	_, err = testutil.RunBinaryCommand(t, binaryPath, tmpDir, "cache", "path")
 	cmd.Dir = tmpDir
 	err = cmd.Run()
 	testutil.AssertNoError(t, err)
 }
@@ -865,8 +915,8 @@ func TestMultiFormatIntegration(t *testing.T) {
 		extension string
 		theme     string
 	}{
-		{"md", "README*.md", "github"},
+		{"md", testutil.TestPatternREADME, "github"},
-		{"html", "*.html", "professional"},
+		{"html", testutil.TestPatternHTML, "professional"},
 		{"json", "action-docs.json", "default"},
 		{"asciidoc", "*.adoc", "minimal"},
 	}
@@ -904,11 +954,11 @@ func runGenerationCommand(t *testing.T, binaryPath, tmpDir, format, theme string
 	cmd := exec.Command(
 		binaryPath,
 		"gen",
-		"--output-format",
+		testutil.TestFlagOutputFormat,
 		format,
-		"--theme",
+		testutil.TestFlagTheme,
 		theme,
-		"--verbose",
+		testutil.TestFlagVerbose,
 	) // #nosec G204 -- controlled test input
 	cmd.Dir = tmpDir
 	var stdout, stderr strings.Builder
@@ -917,8 +967,8 @@ func runGenerationCommand(t *testing.T, binaryPath, tmpDir, format, theme string
 	err := cmd.Run()
 	if err != nil {
-		t.Logf("stdout: %s", stdout.String())
+		t.Logf(testutil.TestMsgStdout, stdout.String())
-		t.Logf("stderr: %s", stderr.String())
+		t.Logf(testutil.TestMsgStderr, stderr.String())
 	}
 	testutil.AssertNoError(t, err)
@@ -1010,7 +1060,7 @@ func TestErrorScenarioIntegration(t *testing.T) {
 			setupFunc: setupTemplateErrorScenario,
 			scenarios: []errorScenario{
 				{
-					cmd:           []string{"gen", "--theme", "nonexistent"},
+					cmd:           []string{"gen", testutil.TestFlagTheme, "nonexistent"},
 					expectFailure: true,
 					expectError:   "batch processing",
 				},
@@ -1031,7 +1081,7 @@ func TestErrorScenarioIntegration(t *testing.T) {
 					expectError:   "",
 				},
 				{
-					cmd:           []string{"gen", "--verbose"},
+					cmd:           []string{"gen", testutil.TestFlagVerbose},
 					expectFailure: false, // Should use defaults
 					expectError:   "",
 				},
@@ -1058,7 +1108,7 @@ func TestErrorScenarioIntegration(t *testing.T) {
 			setupFunc: setupServiceIntegrationErrorScenario,
 			scenarios: []errorScenario{
 				{
-					cmd:           []string{"gen", "--recursive", "--verbose"},
+					cmd:           []string{"gen", testutil.TestFlagRecursive, testutil.TestFlagVerbose},
 					expectFailure: true, // Mixed valid/invalid files
 					expectError:   "",   // May partially succeed
 				},
@@ -1109,22 +1159,27 @@ func TestStressTestWorkflow(t *testing.T) {
 	// Create many action files to test performance
 	const numActions = 20
 	for i := 0; i < numActions; i++ {
-		actionDir := filepath.Join(tmpDir, "action"+string(rune('A'+i)))
+		actionDir := testutil.CreateTestSubdir(t, tmpDir, "action"+string(rune('A'+i)))
 		_ = os.MkdirAll(actionDir, 0750) // #nosec G301 -- test directory permissions
-		actionContent := strings.ReplaceAll(testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple),
+		actionContent := strings.ReplaceAll(testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple),
 			"Simple Action", "Action "+string(rune('A'+i)))
 		testutil.WriteTestFile(t, filepath.Join(actionDir, appconstants.ActionFileNameYML), actionContent)
 	}
 	// Test recursive processing
-	cmd := exec.Command(binaryPath, "gen", "--recursive", "--theme", "github") // #nosec G204 -- controlled test input
+	cmd := exec.Command(
 		binaryPath,
 		"gen",
 		testutil.TestFlagRecursive,
 		testutil.TestFlagTheme,
 		"github",
 	) // #nosec G204 -- controlled test input
 	cmd.Dir = tmpDir
 	err := cmd.Run()
 	testutil.AssertNoError(t, err)
 	// Verify all READMEs were generated
-	readmeFiles, _ := filepath.Glob(filepath.Join(tmpDir, "**/README*.md"))
+	readmeFiles, _ := findFilesRecursive(tmpDir, testutil.TestPatternREADME)
 	if len(readmeFiles) < numActions {
 		t.Errorf("expected at least %d README files, got %d", numActions, len(readmeFiles))
 	}
@@ -1149,22 +1204,28 @@ func TestProgressBarIntegration(t *testing.T) {
 		{
 			name:      "Single action progress",
 			setupFunc: setupCompleteWorkflow,
-			cmd:       []string{"gen", "--verbose", "--theme", "github"},
+			cmd:       []string{"gen", testutil.TestFlagVerbose, testutil.TestFlagTheme, "github"},
 		},
 		{
 			name:      "Multiple actions progress",
 			setupFunc: setupMultiActionWithTemplates,
-			cmd:       []string{"gen", "--recursive", "--verbose", "--theme", "professional"},
+			cmd: []string{
 				"gen",
 				testutil.TestFlagRecursive,
 				testutil.TestFlagVerbose,
 				testutil.TestFlagTheme,
 				"professional",
 			},
 		},
 		{
 			name:      "Dependency analysis progress",
 			setupFunc: setupDependencyAnalysisWorkflow,
-			cmd:       []string{"deps", "list", "--verbose"},
+			cmd:       []string{"deps", "list", testutil.TestFlagVerbose},
 		},
 		{
 			name:      "Multi-format generation progress",
 			setupFunc: setupCompleteWorkflow,
-			cmd:       []string{"gen", "--output-format", "html", "--verbose"},
+			cmd:       []string{"gen", testutil.TestFlagOutputFormat, "html", testutil.TestFlagVerbose},
 		},
 	}
@@ -1183,8 +1244,8 @@ func TestProgressBarIntegration(t *testing.T) {
 			err := cmd.Run()
 			if err != nil {
-				t.Logf("stdout: %s", stdout.String())
+				t.Logf(testutil.TestMsgStdout, stdout.String())
-				t.Logf("stderr: %s", stderr.String())
+				t.Logf(testutil.TestMsgStderr, stderr.String())
 			}
 			testutil.AssertNoError(t, err)
@@ -1195,7 +1256,7 @@ func TestProgressBarIntegration(t *testing.T) {
 				"Processing file:",
 				"Generated README",
 				"Discovered action file:",
-				"Dependencies found",
+				testutil.TestMsgDependenciesFound,
 				"Analyzing dependencies",
 			}
@@ -1215,17 +1276,14 @@ func TestProgressBarIntegration(t *testing.T) {
 			// Verify operation completed successfully (files were generated)
 			if strings.Contains(tt.cmd[0], "gen") {
 				patterns := []string{
 					filepath.Join(tmpDir, "README*.md"),
 					filepath.Join(tmpDir, "**/README*.md"),
 					filepath.Join(tmpDir, "*.html"),
 				}
 				var foundFiles []string
-				for _, pattern := range patterns {
+
-					files, _ := filepath.Glob(pattern)
+				// Use findFilesRecursive for recursive patterns
-					foundFiles = append(foundFiles, files...)
+				readmeFiles, _ := findFilesRecursive(tmpDir, testutil.TestPatternREADME)
-				}
+				foundFiles = append(foundFiles, readmeFiles...)
 				htmlFiles, _ := findFilesRecursive(tmpDir, testutil.TestPatternHTML)
 				foundFiles = append(foundFiles, htmlFiles...)
 				if len(foundFiles) == 0 {
 					t.Logf("No documentation files found, but progress indicators were present")
@@ -1246,37 +1304,27 @@ func TestErrorRecoveryWorkflow(t *testing.T) {
 	// Create a project with mixed valid and invalid files
 	// Note: validation looks for files named exactly "action.yml" or "action.yaml"
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
-	testutil.CreateActionSubdir(t, tmpDir, appconstants.TestDirSubdir,
+	testutil.CreateActionSubdir(t, tmpDir, testutil.TestDirSubdir,
-		appconstants.TestFixtureInvalidMissingDescription)
+		testutil.TestFixtureInvalidMissingDescription)
 	// Test that validation reports issues but doesn't crash
-	cmd := exec.Command(binaryPath, "validate") // #nosec G204 -- controlled test input
+	output, err := testutil.RunBinaryCommand(t, binaryPath, tmpDir, "validate")
 	cmd.Dir = tmpDir
 	var stderr strings.Builder
 	cmd.Stderr = &stderr
 	err := cmd.Run()
 	// Validation should fail due to invalid file
 	if err == nil {
 		t.Error("expected validation to fail with invalid files")
 	}
 	// But it should still report on valid files with validation errors
 	output := stderr.String()
 	if !strings.Contains(output, "Missing required field:") && !strings.Contains(output, "validation failed") {
 		t.Errorf("expected validation error message, got: %s", output)
 	}
 	// Test generation with mixed files - should generate docs for valid ones
-	cmd = exec.Command(binaryPath, "gen", "--recursive") // #nosec G204 -- controlled test input
+	_, _ = testutil.RunBinaryCommand(t, binaryPath, tmpDir, "gen", testutil.TestFlagRecursive)
 	cmd.Dir = tmpDir
 	cmd.Stderr = &stderr
 	_ = cmd.Run()
 	// Generation might fail due to invalid files, but check what was generated
-	readmeFiles, _ := filepath.Glob(filepath.Join(tmpDir, "**/README*.md"))
+	readmeFiles, _ := findFilesRecursive(tmpDir, testutil.TestPatternREADME)
 	// Should have generated at least some READMEs for valid files
 	if len(readmeFiles) == 0 {
@@ -1296,7 +1344,7 @@ func TestConfigurationWorkflow(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", configHome)
 	testutil.WriteTestFile(t, filepath.Join(tmpDir, appconstants.ActionFileNameYML),
-		testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple))
+		testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple))
 	var err error
@@ -1314,12 +1362,12 @@ func TestConfigurationWorkflow(t *testing.T) {
 	err = cmd.Run()
 	testutil.AssertNoError(t, err)
-	if !strings.Contains(stdout.String(), "Current Configuration") {
+	if !strings.Contains(stdout.String(), testutil.TestMsgCurrentConfig) {
 		t.Error("expected configuration output")
 	}
 	// Test with different configuration options
-	cmd = exec.Command(binaryPath, "--verbose", "gen") // #nosec G204 -- controlled test input
+	cmd = exec.Command(binaryPath, testutil.TestFlagVerbose, "gen") // #nosec G204 -- controlled test input
 	cmd.Dir = tmpDir
 	err = cmd.Run()
 	testutil.AssertNoError(t, err)
@@ -1338,9 +1386,9 @@ func verifyConfigurationLoading(t *testing.T, tmpDir string) {
 	// Since files may be cleaned up between runs, we'll check if the configuration loading succeeded
 	// by verifying that the setup created the expected configuration files
 	configFiles := []string{
-		filepath.Join(tmpDir, appconstants.TestDirDotConfig, "gh-action-readme", appconstants.TestPathConfigYML),
+		filepath.Join(tmpDir, testutil.TestDirDotConfig, testutil.TestBinaryName, testutil.TestPathConfigYML),
-		filepath.Join(tmpDir, "gh-action-readme.yml"),
+		filepath.Join(tmpDir, testutil.TestFileGHActionReadme),
-		filepath.Join(tmpDir, ".github", "gh-action-readme.yml"),
+		filepath.Join(tmpDir, testutil.TestDirDotGitHub, testutil.TestFileGHActionReadme),
 	}
 	configFound := 0
@@ -1482,7 +1530,7 @@ func verifyCompleteServiceChain(t *testing.T, tmpDir string) {
 	requiredComponents := []string{
 		filepath.Join(tmpDir, appconstants.ActionFileNameYML),
 		filepath.Join(tmpDir, "package.json"),
-		filepath.Join(tmpDir, ".gitignore"),
+		filepath.Join(tmpDir, testutil.TestFileGitIgnore),
 	}
 	foundComponents := 0
--- a/internal/apperrors/errors_test.go
+++ b/internal/apperrors/errors_test.go
@@ -92,7 +92,7 @@ func TestContextualErrorError(t *testing.T) {
 				Code:    appconstants.ErrCodeValidation,
 				Err:     errors.New("validation failed"),
 				Context: "validating action.yml",
-				Details: map[string]string{"file": "action.yml"},
+				Details: map[string]string{"file": appconstants.ActionFileNameYML},
 				Suggestions: []string{
 					"Check required fields",
 					"Validate YAML syntax",
--- a/internal/apperrors/suggestions_test.go
+++ b/internal/apperrors/suggestions_test.go
@@ -8,24 +8,6 @@ import (
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // Test helper factories for creating context maps
 func ctxPath(path string) map[string]string {
 	return map[string]string{"path": path}
 }
 func ctxError(err string) map[string]string {
 	return map[string]string{"error": err}
 }
 func ctxStatusCode(code string) map[string]string {
 	return map[string]string{"status_code": code}
 }
 func ctxEmpty() map[string]string {
 	return map[string]string{}
 }
 func TestGetSuggestions(t *testing.T) {
 	t.Parallel()
@@ -38,7 +20,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "file not found with path",
 			code:    appconstants.ErrCodeFileNotFound,
-			context: ctxPath("/path/to/action.yml"),
+			context: testutil.ContextWithPath("/path/to/action.yml"),
 			contains: []string{
 				"Check if the file exists: /path/to/action.yml",
 				"Verify the file path is correct",
@@ -48,7 +30,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "file not found action file",
 			code:    appconstants.ErrCodeFileNotFound,
-			context: ctxPath("/project/action.yml"),
+			context: testutil.ContextWithPath("/project/action.yml"),
 			contains: []string{
 				"Common action file names: action.yml, action.yaml",
 				"Check if the file is in a subdirectory",
@@ -57,18 +39,16 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "permission denied",
 			code:    appconstants.ErrCodePermission,
-			context: ctxPath("/restricted/file.txt"),
+			context: testutil.ContextWithPath("/restricted/file.txt"),
 			contains: []string{
 				"Check file permissions: ls -la /restricted/file.txt",
 				"chmod 644 /restricted/file.txt",
 			},
 		},
 		{
-			name: "invalid YAML with line number",
+			name:    "invalid YAML with line number",
-			code: appconstants.ErrCodeInvalidYAML,
+			code:    appconstants.ErrCodeInvalidYAML,
-			context: map[string]string{
+			context: testutil.ContextWithLine("25"),
 				"line": "25",
 			},
 			contains: []string{
 				"Error near line 25",
 				"Check YAML indentation",
@@ -79,18 +59,16 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "invalid YAML with tab error",
 			code:    appconstants.ErrCodeInvalidYAML,
-			context: ctxError("found character that cannot start any token (tab)"),
+			context: testutil.ContextWithError("found character that cannot start any token (tab)"),
 			contains: []string{
 				"YAML files must use spaces for indentation, not tabs",
 				"Replace all tabs with spaces",
 			},
 		},
 		{
-			name: "invalid action with missing fields",
+			name:    "invalid action with missing fields",
-			code: appconstants.ErrCodeInvalidAction,
+			code:    appconstants.ErrCodeInvalidAction,
-			context: map[string]string{
+			context: testutil.ContextWithMissingFields("name, description"),
 				"missing_fields": "name, description",
 			},
 			contains: []string{
 				"Missing required fields: name, description",
 				"required fields: name, description",
@@ -98,11 +76,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "no action files",
+			name:    "no action files",
-			code: appconstants.ErrCodeNoActionFiles,
+			code:    appconstants.ErrCodeNoActionFiles,
-			context: map[string]string{
+			context: testutil.ContextWithDirectory("/project"),
 				"directory": "/project",
 			},
 			contains: []string{
 				"Current directory: /project",
 				"find /project -name 'action.y*ml'",
@@ -113,7 +89,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "GitHub API 401 error",
 			code:    appconstants.ErrCodeGitHubAPI,
-			context: ctxStatusCode("401"),
+			context: testutil.ContextWithStatusCode("401"),
 			contains: []string{
 				"Authentication failed",
 				"check your GitHub token",
@@ -123,7 +99,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "GitHub API 403 error",
 			code:    appconstants.ErrCodeGitHubAPI,
-			context: ctxStatusCode("403"),
+			context: testutil.ContextWithStatusCode("403"),
 			contains: []string{
 				"Access forbidden",
 				"check token permissions",
@@ -133,7 +109,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "GitHub API 404 error",
 			code:    appconstants.ErrCodeGitHubAPI,
-			context: ctxStatusCode("404"),
+			context: testutil.ContextWithStatusCode("404"),
 			contains: []string{
 				"Repository or resource not found",
 				"repository is private",
@@ -142,7 +118,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "GitHub rate limit",
 			code:    appconstants.ErrCodeGitHubRateLimit,
-			context: ctxEmpty(),
+			context: testutil.EmptyContext(),
 			contains: []string{
 				"rate limit exceeded",
 				"GITHUB_TOKEN",
@@ -153,7 +129,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "GitHub auth",
 			code:    appconstants.ErrCodeGitHubAuth,
-			context: ctxEmpty(),
+			context: testutil.EmptyContext(),
 			contains: []string{
 				"export GITHUB_TOKEN",
 				"gh auth login",
@@ -162,11 +138,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "configuration error with path",
+			name:    "configuration error with path",
-			code: appconstants.ErrCodeConfiguration,
+			code:    appconstants.ErrCodeConfiguration,
-			context: map[string]string{
+			context: testutil.ContextWithConfigPath("~/.config/gh-action-readme/config.yaml"),
 				"config_path": "~/.config/gh-action-readme/config.yaml",
 			},
 			contains: []string{
 				"Config path: ~/.config/gh-action-readme/config.yaml",
 				"ls -la ~/.config/gh-action-readme/config.yaml",
@@ -174,11 +148,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "validation error with invalid fields",
+			name:    "validation error with invalid fields",
-			code: appconstants.ErrCodeValidation,
+			code:    appconstants.ErrCodeValidation,
-			context: map[string]string{
+			context: testutil.ContextWithField("invalid_fields", "runs.using, inputs.test"),
 				"invalid_fields": "runs.using, inputs.test",
 			},
 			contains: []string{
 				"Invalid fields: runs.using, inputs.test",
 				"Check spelling and nesting",
@@ -186,11 +158,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "template error with theme",
+			name:    "template error with theme",
-			code: appconstants.ErrCodeTemplateRender,
+			code:    appconstants.ErrCodeTemplateRender,
-			context: map[string]string{
+			context: testutil.ContextWithField("theme", "custom"),
 				"theme": "custom",
 			},
 			contains: []string{
 				"Current theme: custom",
 				"Try using a different theme",
@@ -198,11 +168,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "file write error with output path",
+			name:    "file write error with output path",
-			code: appconstants.ErrCodeFileWrite,
+			code:    appconstants.ErrCodeFileWrite,
-			context: map[string]string{
+			context: testutil.ContextWithField("output_path", "/output/README.md"),
 				"output_path": "/output/README.md",
 			},
 			contains: []string{
 				"Output directory: /output",
 				"Check permissions: ls -la /output",
@@ -210,11 +178,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "dependency analysis error",
+			name:    "dependency analysis error",
-			code: appconstants.ErrCodeDependencyAnalysis,
+			code:    appconstants.ErrCodeDependencyAnalysis,
-			context: map[string]string{
+			context: testutil.ContextWithField("action", "my-action"),
 				"action": "my-action",
 			},
 			contains: []string{
 				"Analyzing action: my-action",
 				"GitHub token is set",
@@ -222,11 +188,9 @@ func TestGetSuggestions(t *testing.T) {
 			},
 		},
 		{
-			name: "cache access error",
+			name:    "cache access error",
-			code: appconstants.ErrCodeCacheAccess,
+			code:    appconstants.ErrCodeCacheAccess,
-			context: map[string]string{
+			context: testutil.ContextWithField("cache_path", "~/.cache/gh-action-readme"),
 				"cache_path": "~/.cache/gh-action-readme",
 			},
 			contains: []string{
 				"Cache path: ~/.cache/gh-action-readme",
 				"gh-action-readme cache clear",
@@ -236,7 +200,7 @@ func TestGetSuggestions(t *testing.T) {
 		{
 			name:    "unknown error code",
 			code:    "UNKNOWN_TEST_CODE",
-			context: ctxEmpty(),
+			context: testutil.EmptyContext(),
 			contains: []string{
 				"Check the error message",
 				"--verbose flag",
@@ -258,7 +222,7 @@ func TestGetSuggestions(t *testing.T) {
 func TestGetPermissionSuggestionsOSSpecific(t *testing.T) {
 	t.Parallel()
-	context := map[string]string{"path": "/test/file"}
+	context := testutil.ContextWithPath("/test/file")
 	suggestions := getPermissionSuggestions(context)
 	switch runtime.GOOS {
@@ -294,7 +258,7 @@ func TestGetSuggestionsEmptyContext(t *testing.T) {
 		t.Run(string(code), func(t *testing.T) {
 			t.Parallel()
-			suggestions := GetSuggestions(code, map[string]string{})
+			suggestions := GetSuggestions(code, testutil.EmptyContext())
 			if len(suggestions) == 0 {
 				t.Errorf("GetSuggestions(%s, {}) returned empty slice", code)
 			}
@@ -305,9 +269,7 @@ func TestGetSuggestionsEmptyContext(t *testing.T) {
 func TestGetFileNotFoundSuggestionsActionFile(t *testing.T) {
 	t.Parallel()
-	context := map[string]string{
+	context := testutil.ContextWithPath("/project/action.yml")
 		"path": "/project/action.yml",
 	}
 	suggestions := getFileNotFoundSuggestions(context)
 	testutil.AssertSliceContainsAll(t, suggestions, []string{"action.yml, action.yaml", "subdirectory"})
@@ -316,9 +278,7 @@ func TestGetFileNotFoundSuggestionsActionFile(t *testing.T) {
 func TestGetInvalidYAMLSuggestionsTabError(t *testing.T) {
 	t.Parallel()
-	context := map[string]string{
+	context := testutil.ContextWithError("found character that cannot start any token, tab character")
 		"error": "found character that cannot start any token, tab character",
 	}
 	suggestions := getInvalidYAMLSuggestions(context)
 	testutil.AssertSliceContainsAll(t, suggestions, []string{"tabs with spaces"})
@@ -337,9 +297,205 @@ func TestGetGitHubAPISuggestionsStatusCodes(t *testing.T) {
 		t.Run("status_"+code, func(t *testing.T) {
 			t.Parallel()
-			context := map[string]string{"status_code": code}
+			context := testutil.ContextWithStatusCode(code)
 			suggestions := getGitHubAPISuggestions(context)
 			testutil.AssertSliceContainsAll(t, suggestions, []string{expectedText})
 		})
 	}
 }
 // TestGetValidationSuggestions tests the getValidationSuggestions function.
 func TestGetValidationSuggestions(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name             string
 		context          map[string]string
 		expectedContains []string
 	}{
 		{
 			name:    "basic validation suggestions",
 			context: map[string]string{},
 			expectedContains: []string{
 				"Review validation errors",
 				"Check required fields",
 				"Use 'gh-action-readme schema' to see valid structure",
 			},
 		},
 		{
 			name:    "with invalid_fields context",
 			context: testutil.ContextWithField("invalid_fields", "runs.using, description"),
 			expectedContains: []string{
 				"Invalid fields: runs.using, description",
 				"Check spelling and nesting",
 			},
 		},
 		{
 			name:    "with validation_type required",
 			context: testutil.ContextWithField("validation_type", "required"),
 			expectedContains: []string{
 				"Add missing required fields",
 				"name, description, runs",
 			},
 		},
 		{
 			name:    "with validation_type type",
 			context: testutil.ContextWithField("validation_type", "type"),
 			expectedContains: []string{
 				"Ensure field values match expected types",
 				"Strings should be quoted",
 			},
 		},
 		{
 			name: "with both invalid_fields and validation_type",
 			context: testutil.MergeContexts(
 				testutil.ContextWithField("invalid_fields", "name"),
 				testutil.ContextWithField("validation_type", "required"),
 			),
 			expectedContains: []string{
 				"Invalid fields: name",
 				"Add missing required fields",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			suggestions := getValidationSuggestions(tt.context)
 			testutil.AssertSliceContainsAll(t, suggestions, tt.expectedContains)
 		})
 	}
 }
 // TestGetConfigurationSuggestions tests the getConfigurationSuggestions function.
 func TestGetConfigurationSuggestions(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name             string
 		context          map[string]string
 		expectedContains []string
 	}{
 		{
 			name:    "basic configuration suggestions",
 			context: map[string]string{},
 			expectedContains: []string{
 				"Check configuration file syntax",
 				"Ensure configuration file exists",
 				"Use 'gh-action-readme config init'",
 			},
 		},
 		{
 			name:    "with config_path context",
 			context: testutil.ContextWithConfigPath("/path/to/config.yaml"),
 			expectedContains: []string{
 				"Config path: /path/to/config.yaml",
 				"Check if file exists: ls -la /path/to/config.yaml",
 			},
 		},
 		{
 			name:    "with permission error in context",
 			context: testutil.ContextWithError("permission denied"),
 			expectedContains: []string{
 				"Check file permissions for config file",
 				"Ensure parent directory is writable",
 			},
 		},
 		{
 			name: "with both config_path and permission error",
 			context: testutil.MergeContexts(
 				testutil.ContextWithConfigPath("/restricted/config.yaml"),
 				testutil.ContextWithError("permission denied while reading"),
 			),
 			expectedContains: []string{
 				"Config path: /restricted/config.yaml",
 				"Check file permissions for config file",
 			},
 		},
 		{
 			name:    "with path traversal attempt",
 			context: testutil.ContextWithConfigPath("../../../etc/passwd"),
 			expectedContains: []string{
 				"Check configuration file syntax",
 				"Ensure configuration file exists",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			suggestions := getConfigurationSuggestions(tt.context)
 			testutil.AssertSliceContainsAll(t, suggestions, tt.expectedContains)
 		})
 	}
 }
 // TestGetTemplateSuggestions tests the getTemplateSuggestions function.
 func TestGetTemplateSuggestions(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name             string
 		context          map[string]string
 		expectedContains []string
 	}{
 		{
 			name:    "basic template suggestions",
 			context: map[string]string{},
 			expectedContains: []string{
 				"Check template syntax",
 				"Ensure all template variables are defined",
 				"Verify custom template path is correct",
 			},
 		},
 		{
 			name:    "with template_path context",
 			context: testutil.ContextWithField("template_path", "/path/to/custom-template.tmpl"),
 			expectedContains: []string{
 				"Template path: /path/to/custom-template.tmpl",
 				"Ensure template file exists and is readable",
 			},
 		},
 		{
 			name:    "with theme context",
 			context: testutil.ContextWithField("theme", "custom-theme"),
 			expectedContains: []string{
 				"Current theme: custom-theme",
 				"Try using a different theme: --theme github",
 				"Available themes: default, github, gitlab, minimal, professional",
 			},
 		},
 		{
 			name: "with both template_path and theme",
 			context: testutil.MergeContexts(
 				testutil.ContextWithField("template_path", "/custom/template.tmpl"),
 				testutil.ContextWithField("theme", "github"),
 			),
 			expectedContains: []string{
 				"Template path: /custom/template.tmpl",
 				"Current theme: github",
 			},
 		},
 		{
 			name:    "with path traversal attempt",
 			context: testutil.ContextWithField("template_path", "../../../../../../etc/passwd"),
 			expectedContains: []string{
 				"Check template syntax",
 				"Ensure all template variables are defined",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			suggestions := getTemplateSuggestions(tt.context)
 			testutil.AssertSliceContainsAll(t, suggestions, tt.expectedContains)
 		})
 	}
 }
--- a/internal/cache/cache_test.go
+++ b/internal/cache/cache_test.go
@@ -69,7 +69,7 @@ func TestNewCache(t *testing.T) {
 	}
 }
-func TestCache_SetAndGet(t *testing.T) {
+func TestCacheSetAndGet(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -84,9 +84,9 @@ func TestCache_SetAndGet(t *testing.T) {
 	}{
 		{
 			name:     "string value",
-			key:      "test-key",
+			key:      testutil.CacheTestKey,
-			value:    "test-value",
+			value:    testutil.CacheTestValue,
-			expected: "test-value",
+			expected: testutil.CacheTestValue,
 		},
 		{
 			name:     "struct value",
@@ -121,7 +121,7 @@ func TestCache_SetAndGet(t *testing.T) {
 	}
 }
-func TestCache_TTL(t *testing.T) {
+func TestCacheTTL(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -150,7 +150,7 @@ func TestCache_TTL(t *testing.T) {
 	}
 }
-func TestCache_GetOrSet(t *testing.T) {
+func TestCacheGetOrSet(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -180,7 +180,7 @@ func TestCache_GetOrSet(t *testing.T) {
 	testutil.AssertEqual(t, 1, callCount)                // Getter not called again
 }
-func TestCache_GetOrSetError(t *testing.T) {
+func TestCacheGetOrSetError(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -207,7 +207,7 @@ func TestCache_GetOrSetError(t *testing.T) {
 	}
 }
-func TestCache_ConcurrentAccess(t *testing.T) {
+func TestCacheConcurrentAccess(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -257,7 +257,7 @@ func TestCache_ConcurrentAccess(t *testing.T) {
 	wg.Wait()
 }
-func TestCache_Persistence(t *testing.T) {
+func TestCachePersistence(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -282,7 +282,7 @@ func TestCache_Persistence(t *testing.T) {
 	testutil.AssertEqual(t, "persistent-value", value)
 }
-func TestCache_Clear(t *testing.T) {
+func TestCacheClear(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -290,12 +290,12 @@ func TestCache_Clear(t *testing.T) {
 	defer testutil.CleanupCache(t, cache)()
 	// Add some data
-	_ = cache.Set("key1", "value1")
+	_ = cache.Set(testutil.CacheTestKey1, testutil.CacheTestValue1)
-	_ = cache.Set("key2", "value2")
+	_ = cache.Set(testutil.CacheTestKey2, "value2")
 	// Verify data exists
-	_, exists1 := cache.Get("key1")
+	_, exists1 := cache.Get(testutil.CacheTestKey1)
-	_, exists2 := cache.Get("key2")
+	_, exists2 := cache.Get(testutil.CacheTestKey2)
 	if !exists1 || !exists2 {
 		t.Fatal("expected test data to exist before clear")
 	}
@@ -305,14 +305,14 @@ func TestCache_Clear(t *testing.T) {
 	testutil.AssertNoError(t, err)
 	// Verify data is gone
-	_, exists1 = cache.Get("key1")
+	_, exists1 = cache.Get(testutil.CacheTestKey1)
-	_, exists2 = cache.Get("key2")
+	_, exists2 = cache.Get(testutil.CacheTestKey2)
 	if exists1 || exists2 {
 		t.Error("expected data to be cleared")
 	}
 }
-func TestCache_Delete(t *testing.T) {
+func TestCacheDelete(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -320,22 +320,22 @@ func TestCache_Delete(t *testing.T) {
 	defer testutil.CleanupCache(t, cache)()
 	// Add some data
-	_ = cache.Set("key1", "value1")
+	_ = cache.Set(testutil.CacheTestKey1, testutil.CacheTestValue1)
-	_ = cache.Set("key2", "value2")
+	_ = cache.Set(testutil.CacheTestKey2, "value2")
 	_ = cache.Set("key3", "value3")
 	// Verify data exists
-	_, exists := cache.Get("key1")
+	_, exists := cache.Get(testutil.CacheTestKey1)
 	if !exists {
 		t.Fatal("expected key1 to exist before delete")
 	}
 	// Delete specific key
-	cache.Delete("key1")
+	cache.Delete(testutil.CacheTestKey1)
 	// Verify deleted key is gone but others remain
-	_, exists1 := cache.Get("key1")
+	_, exists1 := cache.Get(testutil.CacheTestKey1)
-	_, exists2 := cache.Get("key2")
+	_, exists2 := cache.Get(testutil.CacheTestKey2)
 	_, exists3 := cache.Get("key3")
 	if exists1 {
@@ -349,7 +349,7 @@ func TestCache_Delete(t *testing.T) {
 	cache.Delete("nonexistent")
 }
-func TestCache_Stats(t *testing.T) {
+func TestCacheStats(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -360,8 +360,8 @@ func TestCache_Stats(t *testing.T) {
 	_ = cache.Clear()
 	// Add some data
-	_ = cache.Set("key1", "value1")
+	_ = cache.Set(testutil.CacheTestKey1, testutil.CacheTestValue1)
-	_ = cache.Set("key2", "larger-value-with-more-content")
+	_ = cache.Set(testutil.CacheTestKey2, "larger-value-with-more-content")
 	stats := cache.Stats()
@@ -397,7 +397,7 @@ func TestCache_Stats(t *testing.T) {
 	}
 }
-func TestCache_CleanupExpiredEntries(t *testing.T) {
+func TestCacheCleanupExpiredEntries(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -434,7 +434,7 @@ func TestCache_CleanupExpiredEntries(t *testing.T) {
 	}
 }
-func TestCache_ErrorHandling(t *testing.T) {
+func TestCacheErrorHandling(t *testing.T) {
 	tests := []struct {
 		name        string
 		setupFunc   func(t *testing.T) *Cache
@@ -472,7 +472,7 @@ func TestCache_ErrorHandling(t *testing.T) {
 	}
 }
-func TestCache_AsyncSaveErrorHandling(t *testing.T) {
+func TestCacheAsyncSaveErrorHandling(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -481,7 +481,7 @@ func TestCache_AsyncSaveErrorHandling(t *testing.T) {
 	// This tests our new saveToDiskAsync error handling
 	// Set a value to trigger async save
-	err := cache.Set("test-key", "test-value")
+	err := cache.Set(testutil.CacheTestKey, testutil.CacheTestValue)
 	testutil.AssertNoError(t, err)
 	// Give some time for async save to complete
@@ -490,14 +490,14 @@ func TestCache_AsyncSaveErrorHandling(t *testing.T) {
 	// The async save should have completed without panicking
 	// We can't easily test the error logging without capturing logs,
 	// but we can verify the cache still works
-	value, exists := cache.Get("test-key")
+	value, exists := cache.Get(testutil.CacheTestKey)
 	if !exists {
 		t.Error("expected value to exist after async save")
 	}
-	testutil.AssertEqual(t, "test-value", value)
+	testutil.AssertEqual(t, testutil.CacheTestValue, value)
 }
-func TestCache_EstimateSize(t *testing.T) {
+func TestCacheEstimateSize(t *testing.T) {
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
@@ -525,9 +525,9 @@ func TestCache_EstimateSize(t *testing.T) {
 		{
 			name: "struct",
 			value: map[string]any{
-				"key1": "value1",
+				testutil.CacheTestKey1: testutil.CacheTestValue1,
-				"key2": 42,
+				testutil.CacheTestKey2: 42,
-				"key3": []string{"a", "b", "c"},
+				"key3":                 []string{"a", "b", "c"},
 			},
 			minSize: 30,
 			maxSize: 200,
--- a/internal/config.go
+++ b/internal/config.go
@@ -16,7 +16,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/git"
 	"github.com/ivuorinen/gh-action-readme/internal/validation"
-	"github.com/ivuorinen/gh-action-readme/templates_embed"
+	templatesembed "github.com/ivuorinen/gh-action-readme/templates_embed"
 )
 // AppConfig represents the application configuration that can be used at multiple levels.
@@ -149,7 +149,7 @@ func resolveTemplatePath(templatePath string) string {
 	}
 	// Check if template is available in embedded filesystem first
-	if templates_embed.IsEmbeddedTemplateAvailable(templatePath) {
+	if templatesembed.IsEmbeddedTemplateAvailable(templatePath) {
 		// Return a special marker to indicate this should use embedded templates
 		// The actual template loading will handle embedded vs filesystem
 		return templatePath
@@ -233,7 +233,7 @@ func DefaultAppConfig() *AppConfig {
 		// Workflow Requirements
 		Permissions: map[string]string{},
-		RunsOn:      []string{"ubuntu-latest"},
+		RunsOn:      []string{appconstants.RunnerUbuntuLatest},
 		// Features
 		AnalyzeDependencies: false,
@@ -317,15 +317,17 @@ func mergeMapFields(dst *AppConfig, src *AppConfig) {
 }
 // mergeSliceFields merges slice fields from src to dst if non-empty.
 // copySliceIfNotEmpty copies src slice to dst if src is not empty.
 func copySliceIfNotEmpty(dst *[]string, src []string) {
 	if len(src) > 0 {
 		*dst = make([]string, len(src))
 		copy(*dst, src)
 	}
 }
 func mergeSliceFields(dst *AppConfig, src *AppConfig) {
-	if len(src.RunsOn) > 0 {
+	copySliceIfNotEmpty(&dst.RunsOn, src.RunsOn)
-		dst.RunsOn = make([]string, len(src.RunsOn))
+	copySliceIfNotEmpty(&dst.IgnoredDirectories, src.IgnoredDirectories)
 		copy(dst.RunsOn, src.RunsOn)
 	}
 	if len(src.IgnoredDirectories) > 0 {
 		dst.IgnoredDirectories = make([]string, len(src.IgnoredDirectories))
 		copy(dst.IgnoredDirectories, src.IgnoredDirectories)
 	}
 }
 // mergeBooleanFields merges boolean fields from src to dst if true.
@@ -407,6 +409,29 @@ func DetectRepositoryName(repoRoot string) string {
 	return info.GetRepositoryName()
 }
 // loadAndMergeConfig is a helper that loads config from a directory and merges it.
 // Returns nil if dir is empty (no-op). Returns error if loading fails.
 func loadAndMergeConfig(
 	config *AppConfig,
 	dir string,
 	loadFunc func(string) (*AppConfig, error),
 	errorFormat string,
 	allowTokens bool,
 ) error {
 	if dir == "" {
 		return nil
 	}
 	loadedConfig, err := loadFunc(dir)
 	if err != nil {
 		return fmt.Errorf(errorFormat, err)
 	}
 	MergeConfigs(config, loadedConfig, allowTokens)
 	return nil
 }
 // LoadConfiguration loads configuration with multi-level hierarchy.
 func LoadConfiguration(configFile, repoRoot, actionDir string) (*AppConfig, error) {
 	// 1. Start with defaults
@@ -428,21 +453,15 @@ func LoadConfiguration(configFile, repoRoot, actionDir string) (*AppConfig, erro
 	}
 	// 4. Load repository root ghreadme.yaml
-	if repoRoot != "" {
+	if err := loadAndMergeConfig(config, repoRoot, LoadRepoConfig,
-		repoConfig, err := LoadRepoConfig(repoRoot)
+		appconstants.ErrFailedToLoadRepoConfig, false); err != nil {
-		if err != nil {
+		return nil, err
 			return nil, fmt.Errorf(appconstants.ErrFailedToLoadRepoConfig, err)
 		}
 		MergeConfigs(config, repoConfig, false) // No tokens in repo config
 	}
 	// 5. Load action-specific config.yaml
-	if actionDir != "" {
+	if err := loadAndMergeConfig(config, actionDir, LoadActionConfig,
-		actionConfig, err := LoadActionConfig(actionDir)
+		appconstants.ErrFailedToLoadActionConfig, false); err != nil {
-		if err != nil {
+		return nil, err
 			return nil, fmt.Errorf(appconstants.ErrFailedToLoadActionConfig, err)
 		}
 		MergeConfigs(config, actionConfig, false) // No tokens in action config
 	}
 	// 6. Apply environment variable overrides for GitHub token
--- a/internal/config_helper_test.go
+++ b/internal/config_helper_test.go
@@ -0,0 +1,180 @@
 package internal
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/google/go-github/v74/github"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // TestAssertBooleanConfigFields_Helper tests the assertBooleanConfigFields helper.
 func TestAssertBooleanConfigFieldsHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name string
 		got  *AppConfig
 		want *AppConfig
 	}{
 		{
 			name: "all fields match",
 			got: &AppConfig{
 				AnalyzeDependencies: true,
 				ShowSecurityInfo:    false,
 				Verbose:             true,
 				Quiet:               false,
 				UseDefaultBranch:    true,
 			},
 			want: &AppConfig{
 				AnalyzeDependencies: true,
 				ShowSecurityInfo:    false,
 				Verbose:             true,
 				Quiet:               false,
 				UseDefaultBranch:    true,
 			},
 		},
 		{
 			name: "all fields false",
 			got: &AppConfig{
 				AnalyzeDependencies: false,
 				ShowSecurityInfo:    false,
 				Verbose:             false,
 				Quiet:               false,
 				UseDefaultBranch:    false,
 			},
 			want: &AppConfig{
 				AnalyzeDependencies: false,
 				ShowSecurityInfo:    false,
 				Verbose:             false,
 				Quiet:               false,
 				UseDefaultBranch:    false,
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Call the helper - it will call t.Error if fields don't match
 			// For matching cases, it should not error
 			assertBooleanConfigFields(t, tt.got, tt.want)
 		})
 	}
 }
 // TestAssertGitHubClientValid_Helper tests the assertGitHubClientValid helper.
 func TestAssertGitHubClientValidHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name          string
 		client        *GitHubClient
 		expectedToken string
 	}{
 		{
 			name: "valid client with token",
 			client: &GitHubClient{
 				Client: github.NewClient(nil),
 				Token:  "test-token-123",
 			},
 			expectedToken: "test-token-123",
 		},
 		{
 			name: "valid client with empty token",
 			client: &GitHubClient{
 				Client: github.NewClient(nil),
 				Token:  "",
 			},
 			expectedToken: "",
 		},
 		{
 			name: "valid client with github PAT",
 			client: &GitHubClient{
 				Client: github.NewClient(nil),
 				Token:  "ghp_1234567890abcdefghijklmnopqrstuvwxyzABCD",
 			},
 			expectedToken: "ghp_1234567890abcdefghijklmnopqrstuvwxyzABCD",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Call the helper - it will verify the client is valid
 			// For valid clients, it should not error
 			assertGitHubClientValid(t, tt.client, tt.expectedToken)
 		})
 	}
 }
 // TestRunTemplatePathTest_Helper tests the runTemplatePathTest helper.
 func TestRunTemplatePathTestHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		setupFunc    func(*testing.T) (string, func())
 		checkFunc    func(*testing.T, string)
 		expectResult string
 	}{
 		{
 			name: "absolute path setup",
 			setupFunc: func(t *testing.T) (string, func()) {
 				t.Helper()
 				tmpDir := t.TempDir()
 				templatePath := filepath.Join(tmpDir, "test.tmpl")
 				err := os.WriteFile(templatePath, []byte("test template"), appconstants.FilePermDefault)
 				if err != nil {
 					t.Fatalf("failed to write template: %v", err)
 				}
 				return templatePath, func() { /* Cleanup handled by t.TempDir() */ }
 			},
 			checkFunc: func(t *testing.T, result string) {
 				t.Helper()
 				if result == "" {
 					t.Error(testutil.TestMsgExpectedNonEmpty)
 				}
 			},
 		},
 		{
 			name: "relative path setup",
 			setupFunc: func(t *testing.T) (string, func()) {
 				t.Helper()
 				return "templates/readme.tmpl", func() { /* No cleanup needed for relative path test */ }
 			},
 			checkFunc: func(t *testing.T, result string) {
 				t.Helper()
 				if result == "" {
 					t.Error(testutil.TestMsgExpectedNonEmpty)
 				}
 			},
 		},
 		{
 			name: "nil checkFunc (just runs setup)",
 			setupFunc: func(t *testing.T) (string, func()) {
 				t.Helper()
 				return "test/path.tmpl", func() { /* No cleanup needed for nil checkFunc test */ }
 			},
 			checkFunc: nil, // No validation
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Call the helper - it runs setup, calls resolveTemplatePath, and validates
 			runTemplatePathTest(t, tt.setupFunc, tt.checkFunc)
 		})
 	}
 }
--- a/internal/config_test.go
+++ b/internal/config_test.go
--- a/internal/config_test_helper.go
+++ b/internal/config_test_helper.go
@@ -0,0 +1,157 @@
 package internal
 import (
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // boolFields represents the boolean configuration fields used in merge tests.
 type boolFields struct {
 	AnalyzeDependencies bool
 	ShowSecurityInfo    bool
 	Verbose             bool
 	Quiet               bool
 	UseDefaultBranch    bool
 }
 // createBoolFieldMergeTest creates a test table entry for testing boolean field merging.
 // This helper reduces duplication by standardizing the creation of AppConfig test structures
 // with boolean fields.
 func createBoolFieldMergeTest(name string, dst, src, want boolFields) struct {
 	name string
 	dst  *AppConfig
 	src  *AppConfig
 	want *AppConfig
 } {
 	return struct {
 		name string
 		dst  *AppConfig
 		src  *AppConfig
 		want *AppConfig
 	}{
 		name: name,
 		dst: &AppConfig{
 			AnalyzeDependencies: dst.AnalyzeDependencies,
 			ShowSecurityInfo:    dst.ShowSecurityInfo,
 			Verbose:             dst.Verbose,
 			Quiet:               dst.Quiet,
 			UseDefaultBranch:    dst.UseDefaultBranch,
 		},
 		src: &AppConfig{
 			AnalyzeDependencies: src.AnalyzeDependencies,
 			ShowSecurityInfo:    src.ShowSecurityInfo,
 			Verbose:             src.Verbose,
 			Quiet:               src.Quiet,
 			UseDefaultBranch:    src.UseDefaultBranch,
 		},
 		want: &AppConfig{
 			AnalyzeDependencies: want.AnalyzeDependencies,
 			ShowSecurityInfo:    want.ShowSecurityInfo,
 			Verbose:             want.Verbose,
 			Quiet:               want.Quiet,
 			UseDefaultBranch:    want.UseDefaultBranch,
 		},
 	}
 }
 // createGitRemoteTestCase creates a test table entry for git remote detection tests.
 // This helper reduces duplication for tests that set up a git repo with a remote config.
 func createGitRemoteTestCase(
 	name, configContent, expectedResult, description string,
 ) struct {
 	name           string
 	setupFunc      func(t *testing.T) string
 	expectedResult string
 	description    string
 } {
 	return struct {
 		name           string
 		setupFunc      func(t *testing.T) string
 		expectedResult string
 		description    string
 	}{
 		name: name,
 		setupFunc: func(t *testing.T) string {
 			t.Helper()
 			tmpDir, _ := testutil.TempDir(t)
 			testutil.InitGitRepo(t, tmpDir)
 			if configContent != "" {
 				configPath := filepath.Join(tmpDir, ".git", "config")
 				testutil.WriteTestFile(t, configPath, configContent)
 			}
 			return tmpDir
 		},
 		expectedResult: expectedResult,
 		description:    description,
 	}
 }
 // createTokenMergeTest creates a test table entry for testing token merging behavior.
 // This helper reduces duplication for the 4 token merge test cases.
 func createTokenMergeTest(
 	name, dstToken, srcToken, wantToken string,
 	allowTokens bool,
 ) struct {
 	name        string
 	dst         *AppConfig
 	src         *AppConfig
 	allowTokens bool
 	want        *AppConfig
 } {
 	return struct {
 		name        string
 		dst         *AppConfig
 		src         *AppConfig
 		allowTokens bool
 		want        *AppConfig
 	}{
 		name:        name,
 		dst:         &AppConfig{GitHubToken: dstToken},
 		src:         &AppConfig{GitHubToken: srcToken},
 		allowTokens: allowTokens,
 		want:        &AppConfig{GitHubToken: wantToken},
 	}
 }
 // createMapMergeTest creates a test table entry for testing map field merging (permissions/variables).
 // This helper reduces duplication for tests that merge map[string]string fields.
 func createMapMergeTest(
 	name string,
 	dstMap, srcMap, expectedMap map[string]string,
 	isPermissions bool,
 ) struct {
 	name     string
 	dst      *AppConfig
 	src      *AppConfig
 	expected *AppConfig
 } {
 	dst := &AppConfig{}
 	src := &AppConfig{}
 	expected := &AppConfig{}
 	if isPermissions {
 		dst.Permissions = dstMap
 		src.Permissions = srcMap
 		expected.Permissions = expectedMap
 	} else {
 		dst.Variables = dstMap
 		src.Variables = srcMap
 		expected.Variables = expectedMap
 	}
 	return struct {
 		name     string
 		dst      *AppConfig
 		src      *AppConfig
 		expected *AppConfig
 	}{
 		name:     name,
 		dst:      dst,
 		src:      src,
 		expected: expected,
 	}
 }
--- a/internal/config_test_helpers.go
+++ b/internal/config_test_helpers.go
@@ -0,0 +1,37 @@
 package internal
 import (
 	"testing"
 	"github.com/google/go-github/v74/github"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // assertGitHubClient validates GitHub client creation results.
 // This helper reduces cognitive complexity in config tests by centralizing
 // the client validation logic that was repeated across test cases.
 //
 //nolint:unused // Prepared for future use in config tests
 func assertGitHubClient(t *testing.T, client *github.Client, err error, expectError bool) {
 	t.Helper()
 	if expectError {
 		if err == nil {
 			t.Error(testutil.TestErrNoErrorGotNone)
 		}
 		if client != nil {
 			t.Error("expected nil client on error")
 		}
 		return
 	}
 	// Success case
 	if err != nil {
 		t.Errorf(testutil.TestErrUnexpected, err)
 	}
 	if client == nil {
 		t.Error("expected non-nil client")
 	}
 }
--- a/internal/configuration_loader.go
+++ b/internal/configuration_loader.go
@@ -105,7 +105,7 @@ func (cl *ConfigurationLoader) ValidateConfiguration(config *AppConfig) error {
 	}
 	// Validate output format
-	validFormats := []string{"md", "html", "json", "asciidoc"}
+	validFormats := appconstants.GetSupportedOutputFormats()
 	if !containsString(validFormats, config.OutputFormat) {
 		return fmt.Errorf("invalid output format '%s', must be one of: %s",
 			config.OutputFormat, strings.Join(validFormats, ", "))
@@ -196,34 +196,50 @@ func (cl *ConfigurationLoader) loadRepoOverrideStep(config *AppConfig, repoRoot
 	cl.applyRepoOverrides(config, repoRoot)
 }
-// loadRepoConfigStep loads repository root configuration.
+// loadConfigStep is a generic helper for loading and merging configuration from a specific source.
-func (cl *ConfigurationLoader) loadRepoConfigStep(config *AppConfig, repoRoot string) error {
+func (cl *ConfigurationLoader) loadConfigStep(
-	if !cl.sources[appconstants.SourceRepoConfig] || repoRoot == "" {
+	config *AppConfig,
 	sourceName appconstants.ConfigurationSource,
 	dirPath string,
 	loadFunc func(string) (*AppConfig, error),
 	errorFormat string,
 	mergeTokens bool,
 ) error {
 	if !cl.sources[sourceName] || dirPath == "" {
 		return nil
 	}
-	repoConfig, err := cl.loadRepoConfig(repoRoot)
+	loadedConfig, err := loadFunc(dirPath)
 	if err != nil {
-		return fmt.Errorf(appconstants.ErrFailedToLoadRepoConfig, err)
+		return fmt.Errorf(errorFormat, err)
 	}
-	cl.mergeConfigs(config, repoConfig, false) // No tokens in repo config
+	cl.mergeConfigs(config, loadedConfig, mergeTokens)
 	return nil
 }
 // loadRepoConfigStep loads repository root configuration.
 func (cl *ConfigurationLoader) loadRepoConfigStep(config *AppConfig, repoRoot string) error {
 	return cl.loadConfigStep(
 		config,
 		appconstants.SourceRepoConfig,
 		repoRoot,
 		cl.loadRepoConfig,
 		appconstants.ErrFailedToLoadRepoConfig,
 		false, // No tokens in repo config
 	)
 }
 // loadActionConfigStep loads action-specific configuration.
 func (cl *ConfigurationLoader) loadActionConfigStep(config *AppConfig, actionDir string) error {
-	if !cl.sources[appconstants.SourceActionConfig] || actionDir == "" {
+	return cl.loadConfigStep(
-		return nil
+		config,
-	}
+		appconstants.SourceActionConfig,
-
+		actionDir,
-	actionConfig, err := cl.loadActionConfig(actionDir)
+		cl.loadActionConfig,
-	if err != nil {
+		appconstants.ErrFailedToLoadActionConfig,
-		return fmt.Errorf(appconstants.ErrFailedToLoadActionConfig, err)
+		false, // No tokens in action config
-	}
+	)
 	cl.mergeConfigs(config, actionConfig, false) // No tokens in action config
 	return nil
 }
 // loadEnvironmentStep applies environment variable overrides.
--- a/internal/configuration_loader_test.go
+++ b/internal/configuration_loader_test.go
--- a/internal/configuration_loader_test_helper.go
+++ b/internal/configuration_loader_test_helper.go
@@ -0,0 +1,116 @@
 package internal
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // repoOverrideTestCase defines the structure for repository override test cases.
 type repoOverrideTestCase struct {
 	name           string
 	setupFunc      func(t *testing.T) (config *AppConfig, repoRoot string)
 	expectedTheme  string
 	expectedFormat string
 	description    string
 }
 // runRepoOverrideTest executes a test case for repository override functionality.
 // This helper reduces duplication in TestConfigurationLoaderApplyRepoOverrides tests.
 func runRepoOverrideTest(t *testing.T, tc repoOverrideTestCase) {
 	t.Helper()
 	config, repoRoot := tc.setupFunc(t)
 	loader := NewConfigurationLoader()
 	loader.applyRepoOverrides(config, repoRoot)
 	// Verify expected values
 	testutil.AssertEqual(t, tc.expectedTheme, config.Theme)
 	testutil.AssertEqual(t, tc.expectedFormat, config.OutputFormat)
 }
 // repoOverrideTestParams holds parameters for creating repo override test cases.
 type repoOverrideTestParams struct {
 	name, remoteURL, overrideKey  string
 	overrideTheme, overrideFormat string
 	expectedTheme, expectedFormat string
 	description                   string
 }
 // createRepoOverrideTestCase creates a repo override test case with git repo setup.
 // This helper reduces duplication when creating test cases that need git repositories.
 func createRepoOverrideTestCase(params repoOverrideTestParams) repoOverrideTestCase {
 	return repoOverrideTestCase{
 		name: params.name,
 		setupFunc: func(t *testing.T) (*AppConfig, string) {
 			t.Helper()
 			tmpDir, _ := testutil.TempDir(t)
 			if params.remoteURL != "" {
 				testutil.CreateGitRepoWithRemote(t, tmpDir, params.remoteURL)
 			}
 			config := &AppConfig{
 				Theme:        testutil.TestThemeDefault,
 				OutputFormat: "md",
 				RepoOverrides: map[string]AppConfig{
 					params.overrideKey: {
 						Theme:        params.overrideTheme,
 						OutputFormat: params.overrideFormat,
 					},
 				},
 			}
 			return config, tmpDir
 		},
 		expectedTheme:  params.expectedTheme,
 		expectedFormat: params.expectedFormat,
 		description:    params.description,
 	}
 }
 // configLoaderTestCase defines the structure for configuration loader test cases.
 type configLoaderTestCase struct {
 	name        string
 	setupFunc   func(t *testing.T) string
 	expectError bool
 	checkFunc   func(t *testing.T, config *AppConfig)
 	description string
 }
 // runConfigLoaderTest executes a test case for configuration loading functionality.
 // This helper reduces duplication between LoadGlobalConfig and loadActionConfig tests.
 func runConfigLoaderTest(
 	t *testing.T,
 	tc configLoaderTestCase,
 	loadFunc func(loader *ConfigurationLoader, path string) (*AppConfig, error),
 ) {
 	t.Helper()
 	t.Parallel()
 	path := tc.setupFunc(t)
 	loader := NewConfigurationLoader()
 	config, err := loadFunc(loader, path)
 	if tc.expectError {
 		testutil.AssertError(t, err)
 	} else {
 		testutil.AssertNoError(t, err)
 		if tc.checkFunc != nil {
 			tc.checkFunc(t, config)
 		}
 	}
 }
 // checkThemeAndFormat is a helper that creates a checkFunc for verifying theme and output format.
 // This reduces duplication in test cases that only need to verify these two fields.
 func checkThemeAndFormat(expectedTheme, expectedFormat string) func(t *testing.T, config *AppConfig) {
 	return func(t *testing.T, config *AppConfig) {
 		t.Helper()
 		testutil.AssertEqual(t, expectedTheme, config.Theme)
 		testutil.AssertEqual(t, expectedFormat, config.OutputFormat)
 	}
 }
--- a/internal/dependencies/analyzer.go
+++ b/internal/dependencies/analyzer.go
@@ -605,19 +605,7 @@ func (a *Analyzer) updateActionFile(filePath string, updates []PinnedUpdate) err
 	// Apply updates to content
 	lines := strings.Split(string(content), "\n")
-	for _, update := range updates {
+	applyUpdatesToLines(lines, updates)
 		// Find and replace the uses line
 		for i, line := range lines {
 			if strings.Contains(line, update.OldUses) {
 				// Replace the uses statement while preserving indentation
 				indent := strings.Repeat(" ", len(line)-len(strings.TrimLeft(line, " ")))
 				lines[i] = indent + appconstants.UsesFieldPrefix + update.NewUses
 				update.LineNumber = i + 1 // Store line number for reference
 				break
 			}
 		}
 	}
 	// Write updated content
 	updatedContent := strings.Join(lines, "\n")
@@ -625,7 +613,44 @@ func (a *Analyzer) updateActionFile(filePath string, updates []PinnedUpdate) err
 		return fmt.Errorf("failed to write updated file: %w", err)
 	}
-	// Validate the updated file by trying to parse it
+	// Validate and rollback on failure
 	if err := a.validateAndRollbackOnFailure(filePath, backupPath); err != nil {
 		return err
 	}
 	// Remove backup on success
 	_ = os.Remove(backupPath)
 	return nil
 }
 // applyUpdatesToLines applies all updates to the file lines in place.
 // Preserves indentation and YAML list markers.
 func applyUpdatesToLines(lines []string, updates []PinnedUpdate) {
 	for _, update := range updates {
 		for i, line := range lines {
 			if !strings.Contains(line, update.OldUses) {
 				continue
 			}
 			// Preserve both indentation AND list markers
 			trimmed := strings.TrimLeft(line, " \t")
 			indent := strings.Repeat(" ", len(line)-len(trimmed))
 			// Check if this is a list item (starts with "- ")
 			listMarker := ""
 			if strings.HasPrefix(trimmed, "- ") {
 				listMarker = "- "
 			}
 			// Reconstruct: indent + list marker + uses field
 			lines[i] = indent + listMarker + appconstants.UsesFieldPrefix + update.NewUses
 		}
 	}
 }
 // validateAndRollbackOnFailure validates the action file and rolls back changes on failure.
 func (a *Analyzer) validateAndRollbackOnFailure(filePath, backupPath string) error {
 	if err := a.validateActionFile(filePath); err != nil {
 		// Rollback on validation failure
 		if rollbackErr := os.Rename(backupPath, filePath); rollbackErr != nil {
@@ -635,17 +660,60 @@ func (a *Analyzer) updateActionFile(filePath string, updates []PinnedUpdate) err
 		return fmt.Errorf("validation failed, rolled back changes: %w", err)
 	}
 	// Remove backup on success
 	_ = os.Remove(backupPath)
 	return nil
 }
-// validateActionFile validates that an action.yml file is still valid after updates.
+// validateActionFile validates that an action.yml file conforms to GitHub Actions schema.
 // Schema reference: https://www.schemastore.org/github-action.json
 func (a *Analyzer) validateActionFile(filePath string) error {
-	_, err := a.parseCompositeAction(filePath)
+	// Parse to check YAML syntax
 	action, err := a.parseCompositeAction(filePath)
 	if err != nil {
 		return err
 	}
-	return err
+	// Validate required fields per GitHub Actions schema
 	if action.Name == "" {
 		return errors.New("validation failed: missing required field 'name'")
 	}
 	if action.Description == "" {
 		return errors.New("validation failed: missing required field 'description'")
 	}
 	if action.Runs.Using == "" {
 		return errors.New("validation failed: missing required field 'runs.using'")
 	}
 	// Validate 'using' field value against GitHub Actions specification
 	// Valid runtimes: node12, node16, node20, node24, docker, composite
 	// Reference: https://docs.github.com/en/actions/creating-actions
 	validRuntimes := []string{
 		"node12",
 		"node16",
 		"node20",
 		"node24",
 		"docker",
 		"composite",
 	}
 	validUsing := false
 	runtime := strings.TrimSpace(strings.ToLower(action.Runs.Using))
 	for _, valid := range validRuntimes {
 		if runtime == valid {
 			validUsing = true
 			break
 		}
 	}
 	if !validUsing {
 		return fmt.Errorf(
 			"validation failed: invalid value for 'runs.using': %s (valid: %s)",
 			action.Runs.Using,
 			strings.Join(validRuntimes, ", "),
 		)
 	}
 	return nil
 }
 // enrichWithGitHubData fetches additional information from GitHub API.
--- a/internal/dependencies/analyzer_test.go
+++ b/internal/dependencies/analyzer_test.go
@@ -16,7 +16,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
-func TestAnalyzer_AnalyzeActionFile(t *testing.T) {
+func TestAnalyzerAnalyzeActionFile(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -29,34 +29,34 @@ func TestAnalyzer_AnalyzeActionFile(t *testing.T) {
 	}{
 		{
 			name:        "simple action - no dependencies",
-			actionYML:   testutil.MustReadFixture(appconstants.TestFixtureJavaScriptSimple),
+			actionYML:   testutil.MustReadFixture(testutil.TestFixtureJavaScriptSimple),
 			expectError: false,
 			expectDeps:  false,
 			expectedLen: 0,
 		},
 		{
 			name:         "composite action with dependencies",
-			actionYML:    testutil.MustReadFixture(appconstants.TestFixtureCompositeWithDeps),
+			actionYML:    testutil.MustReadFixture(testutil.TestFixtureCompositeWithDeps),
 			expectError:  false,
 			expectDeps:   true,
 			expectedLen:  5, // 3 action dependencies + 2 shell script dependencies
-			expectedDeps: []string{"actions/checkout@v4", "actions/setup-node@v4", "actions/setup-python@v4"},
+			expectedDeps: []string{testutil.TestActionCheckoutV4, "actions/setup-node@v4", "actions/setup-python@v4"},
 		},
 		{
 			name:        "docker action - no step dependencies",
-			actionYML:   testutil.MustReadFixture(appconstants.TestFixtureDockerBasic),
+			actionYML:   testutil.MustReadFixture(testutil.TestFixtureDockerBasic),
 			expectError: false,
 			expectDeps:  false,
 			expectedLen: 0,
 		},
 		{
 			name:        "invalid action file",
-			actionYML:   testutil.MustReadFixture(appconstants.TestFixtureInvalidInvalidUsing),
+			actionYML:   testutil.MustReadFixture(testutil.TestFixtureInvalidInvalidUsing),
 			expectError: true,
 		},
 		{
 			name:        "minimal action - no dependencies",
-			actionYML:   testutil.MustReadFixture("minimal-action.yml"),
+			actionYML:   testutil.MustReadFixture(testutil.TestFixtureMinimalAction),
 			expectError: false,
 			expectDeps:  false,
 			expectedLen: 0,
@@ -121,7 +121,7 @@ func TestAnalyzer_AnalyzeActionFile(t *testing.T) {
 	}
 }
-func TestAnalyzer_ParseUsesStatement(t *testing.T) {
+func TestAnalyzerParseUsesStatement(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -134,7 +134,7 @@ func TestAnalyzer_ParseUsesStatement(t *testing.T) {
 	}{
 		{
 			name:            "semantic version",
-			uses:            "actions/checkout@v4",
+			uses:            testutil.TestActionCheckoutV4,
 			expectedOwner:   "actions",
 			expectedRepo:    "checkout",
 			expectedVersion: "v4",
@@ -153,7 +153,7 @@ func TestAnalyzer_ParseUsesStatement(t *testing.T) {
 			uses:            "actions/checkout@8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
 			expectedOwner:   "actions",
 			expectedRepo:    "checkout",
-			expectedVersion: "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			expectedVersion: testutil.TestSHAForTesting,
 			expectedType:    CommitSHA,
 		},
 		{
@@ -182,7 +182,7 @@ func TestAnalyzer_ParseUsesStatement(t *testing.T) {
 	}
 }
-func TestAnalyzer_VersionChecking(t *testing.T) {
+func TestAnalyzerVersionChecking(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -208,7 +208,7 @@ func TestAnalyzer_VersionChecking(t *testing.T) {
 		},
 		{
 			name:        "commit SHA full",
-			version:     "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			version:     testutil.TestSHAForTesting,
 			isPinned:    true,
 			isCommitSHA: true,
 			isSemantic:  false,
@@ -253,7 +253,7 @@ func TestAnalyzer_VersionChecking(t *testing.T) {
 	}
 }
-func TestAnalyzer_GetLatestVersion(t *testing.T) {
+func TestAnalyzerGetLatestVersion(t *testing.T) {
 	t.Parallel()
 	// Create mock GitHub client with test responses
@@ -278,15 +278,15 @@ func TestAnalyzer_GetLatestVersion(t *testing.T) {
 			name:            "valid repository",
 			owner:           "actions",
 			repo:            "checkout",
-			expectedVersion: "v4.1.1",
+			expectedVersion: testutil.TestVersionV4_1_1,
-			expectedSHA:     "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			expectedSHA:     testutil.TestSHAForTesting,
 			expectError:     false,
 		},
 		{
 			name:            "another valid repository",
 			owner:           "actions",
 			repo:            "setup-node",
-			expectedVersion: "v4.0.0",
+			expectedVersion: testutil.TestVersionV4_0_0,
 			expectedSHA:     "1a4e6d7c9f8e5b2a3c4d5e6f7a8b9c0d1e2f3a4b",
 			expectError:     false,
 		},
@@ -311,7 +311,7 @@ func TestAnalyzer_GetLatestVersion(t *testing.T) {
 	}
 }
-func TestAnalyzer_CheckOutdated(t *testing.T) {
+func TestAnalyzerCheckOutdated(t *testing.T) {
 	t.Parallel()
 	// Create mock GitHub client
@@ -327,8 +327,8 @@ func TestAnalyzer_CheckOutdated(t *testing.T) {
 	// Create test dependencies
 	dependencies := []Dependency{
 		{
-			Name:        "actions/checkout",
+			Name:        testutil.TestActionCheckout,
-			Uses:        "actions/checkout@v3",
+			Uses:        testutil.TestActionCheckoutV3,
 			Version:     "v3",
 			IsPinned:    false,
 			VersionType: SemanticVersion,
@@ -337,7 +337,7 @@ func TestAnalyzer_CheckOutdated(t *testing.T) {
 		{
 			Name:        "actions/setup-node",
 			Uses:        "actions/setup-node@v4.0.0",
-			Version:     "v4.0.0",
+			Version:     testutil.TestVersionV4_0_0,
 			IsPinned:    true,
 			VersionType: SemanticVersion,
 			Description: "Setup Node.js",
@@ -354,9 +354,9 @@ func TestAnalyzer_CheckOutdated(t *testing.T) {
 	found := false
 	for _, dep := range outdated {
-		if dep.Current.Name == "actions/checkout" && dep.Current.Version == "v3" {
+		if dep.Current.Name == testutil.TestActionCheckout && dep.Current.Version == "v3" {
 			found = true
-			if dep.LatestVersion != "v4.1.1" {
+			if dep.LatestVersion != testutil.TestVersionV4_1_1 {
 				t.Errorf("expected latest version v4.1.1, got %s", dep.LatestVersion)
 			}
 			if dep.UpdateType != "major" {
@@ -370,7 +370,7 @@ func TestAnalyzer_CheckOutdated(t *testing.T) {
 	}
 }
-func TestAnalyzer_CompareVersions(t *testing.T) {
+func TestAnalyzerCompareVersions(t *testing.T) {
 	t.Parallel()
 	analyzer := &Analyzer{}
@@ -384,31 +384,31 @@ func TestAnalyzer_CompareVersions(t *testing.T) {
 		{
 			name:         "major version difference",
 			current:      "v3.0.0",
-			latest:       "v4.0.0",
+			latest:       testutil.TestVersionV4_0_0,
 			expectedType: "major",
 		},
 		{
 			name:         "minor version difference",
-			current:      "v4.0.0",
+			current:      testutil.TestVersionV4_0_0,
 			latest:       "v4.1.0",
 			expectedType: "minor",
 		},
 		{
 			name:         "patch version difference",
 			current:      "v4.1.0",
-			latest:       "v4.1.1",
+			latest:       testutil.TestVersionV4_1_1,
 			expectedType: "patch",
 		},
 		{
 			name:         "no difference",
-			current:      "v4.1.1",
+			current:      testutil.TestVersionV4_1_1,
-			latest:       "v4.1.1",
+			latest:       testutil.TestVersionV4_1_1,
 			expectedType: "none",
 		},
 		{
 			name:         "floating to specific",
 			current:      "v4",
-			latest:       "v4.1.1",
+			latest:       testutil.TestVersionV4_1_1,
 			expectedType: "patch",
 		},
 	}
@@ -423,14 +423,14 @@ func TestAnalyzer_CompareVersions(t *testing.T) {
 	}
 }
-func TestAnalyzer_GeneratePinnedUpdate(t *testing.T) {
+func TestAnalyzerGeneratePinnedUpdate(t *testing.T) {
 	t.Parallel()
 	tmpDir, cleanup := testutil.TempDir(t)
 	defer cleanup()
 	// Create a test action file with composite steps
-	actionContent := testutil.MustReadFixture(appconstants.TestFixtureTestCompositeAction)
+	actionContent := testutil.MustReadFixture(testutil.TestFixtureTestCompositeAction)
 	actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 	testutil.WriteTestFile(t, actionPath, actionContent)
@@ -447,8 +447,8 @@ func TestAnalyzer_GeneratePinnedUpdate(t *testing.T) {
 	// Create test dependency
 	dep := Dependency{
-		Name:        "actions/checkout",
+		Name:        testutil.TestActionCheckout,
-		Uses:        "actions/checkout@v3",
+		Uses:        testutil.TestActionCheckoutV3,
 		Version:     "v3",
 		IsPinned:    false,
 		VersionType: SemanticVersion,
@@ -459,21 +459,21 @@ func TestAnalyzer_GeneratePinnedUpdate(t *testing.T) {
 	update, err := analyzer.GeneratePinnedUpdate(
 		actionPath,
 		dep,
-		"v4.1.1",
+		testutil.TestVersionV4_1_1,
-		"8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+		testutil.TestSHAForTesting,
 	)
 	testutil.AssertNoError(t, err)
 	// Verify update details
 	testutil.AssertEqual(t, actionPath, update.FilePath)
-	testutil.AssertEqual(t, "actions/checkout@v3", update.OldUses)
+	testutil.AssertEqual(t, testutil.TestActionCheckoutV3, update.OldUses)
 	testutil.AssertStringContains(t, update.NewUses, "actions/checkout@8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e")
 	testutil.AssertStringContains(t, update.NewUses, "# v4.1.1")
 	testutil.AssertEqual(t, "major", update.UpdateType)
 }
-func TestAnalyzer_WithCache(t *testing.T) {
+func TestAnalyzerWithCache(t *testing.T) {
 	t.Parallel()
 	// Test that caching works properly
@@ -499,7 +499,7 @@ func TestAnalyzer_WithCache(t *testing.T) {
 	testutil.AssertEqual(t, sha1, sha2)
 }
-func TestAnalyzer_RateLimitHandling(t *testing.T) {
+func TestAnalyzerRateLimitHandling(t *testing.T) {
 	t.Parallel()
 	// Create mock client that returns rate limit error
@@ -518,7 +518,7 @@ func TestAnalyzer_RateLimitHandling(t *testing.T) {
 		},
 	}
-	client := github.NewClient(&http.Client{Transport: &mockTransport{client: mockClient}})
+	client := github.NewClient(&http.Client{Transport: &testutil.MockTransport{Client: mockClient}})
 	cacheInstance, _ := cache.NewCache(cache.DefaultConfig())
 	analyzer := &Analyzer{
@@ -539,7 +539,7 @@ func TestAnalyzer_RateLimitHandling(t *testing.T) {
 	}
 }
-func TestAnalyzer_WithoutGitHubClient(t *testing.T) {
+func TestAnalyzerWithoutGitHubClient(t *testing.T) {
 	t.Parallel()
 	// Test graceful degradation when GitHub client is not available
@@ -552,7 +552,7 @@ func TestAnalyzer_WithoutGitHubClient(t *testing.T) {
 	defer cleanup()
 	actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
-	testutil.WriteTestFile(t, actionPath, testutil.MustReadFixture(appconstants.TestFixtureCompositeBasic))
+	testutil.WriteTestFile(t, actionPath, testutil.MustReadFixture(testutil.TestFixtureCompositeBasic))
 	deps, err := analyzer.AnalyzeActionFile(actionPath)
@@ -569,15 +569,6 @@ func TestAnalyzer_WithoutGitHubClient(t *testing.T) {
 	}
 }
 // mockTransport wraps our mock HTTP client for GitHub client.
 type mockTransport struct {
 	client *testutil.MockHTTPClient
 }
 func (t *mockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	return t.client.Do(req)
 }
 // TestNewAnalyzer tests the analyzer constructor.
 func TestNewAnalyzer(t *testing.T) {
 	t.Parallel()
@@ -654,3 +645,125 @@ func TestNewAnalyzer(t *testing.T) {
 		})
 	}
 }
 // TestNoOpCache tests the no-op cache implementation.
 func TestNoOpCache(t *testing.T) {
 	t.Parallel()
 	noc := NewNoOpCache()
 	if noc == nil {
 		t.Fatal("NewNoOpCache() returned nil")
 	}
 	// Test Get - should always return false
 	val, ok := noc.Get(testutil.CacheTestKey)
 	if ok {
 		t.Error("NoOpCache.Get() should return false")
 	}
 	if val != nil {
 		t.Error("NoOpCache.Get() should return nil value")
 	}
 	// Test Set - should not error
 	err := noc.Set(testutil.CacheTestKey, testutil.CacheTestValue)
 	if err != nil {
 		t.Errorf("NoOpCache.Set() returned error: %v", err)
 	}
 	// Test SetWithTTL - should not error
 	err = noc.SetWithTTL(testutil.CacheTestKey, testutil.CacheTestValue, time.Hour)
 	if err != nil {
 		t.Errorf("NoOpCache.SetWithTTL() returned error: %v", err)
 	}
 }
 // TestCacheAdapterSet tests the cache adapter Set method.
 func TestCacheAdapterSet(t *testing.T) {
 	t.Parallel()
 	c, err := cache.NewCache(cache.DefaultConfig())
 	if err != nil {
 		t.Fatalf("failed to create cache: %v", err)
 	}
 	defer testutil.CleanupCache(t, c)()
 	adapter := NewCacheAdapter(c)
 	// Test Set
 	err = adapter.Set(testutil.CacheTestKey, testutil.CacheTestValue)
 	if err != nil {
 		t.Errorf("CacheAdapter.Set() returned error: %v", err)
 	}
 	// Verify value was set
 	val, ok := adapter.Get(testutil.CacheTestKey)
 	if !ok {
 		t.Error("CacheAdapter.Get() should return true after Set")
 	}
 	if val != testutil.CacheTestValue {
 		t.Errorf("CacheAdapter.Get() = %v, want %q", val, testutil.CacheTestValue)
 	}
 }
 // TestIsCompositeAction tests composite action detection.
 func TestIsCompositeAction(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name    string
 		fixture string
 		want    bool
 		wantErr bool
 	}{
 		{
 			name:    "composite action",
 			fixture: "composite-action.yml",
 			want:    true,
 			wantErr: false,
 		},
 		{
 			name:    "docker action",
 			fixture: "docker-action.yml",
 			want:    false,
 			wantErr: false,
 		},
 		{
 			name:    "javascript action",
 			fixture: "javascript-action.yml",
 			want:    false,
 			wantErr: false,
 		},
 		{
 			name:    "invalid yaml",
 			fixture: "invalid.yml",
 			want:    false,
 			wantErr: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Read fixture content using safe helper
 			yamlContent := testutil.MustReadAnalyzerFixture(tt.fixture)
 			// Create temp file with action YAML
 			tmpDir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 			testutil.WriteTestFile(t, actionPath, yamlContent)
 			got, err := IsCompositeAction(actionPath)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("IsCompositeAction() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if got != tt.want {
 				t.Errorf("IsCompositeAction() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
--- a/internal/dependencies/parser.go
+++ b/internal/dependencies/parser.go
@@ -3,16 +3,38 @@ package dependencies
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/goccy/go-yaml"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 )
 // validateFilePath ensures a file path is safe to read.
 // Returns an error if the path contains traversal attempts.
 func validateFilePath(path string) error {
 	cleanPath := filepath.Clean(path)
 	// Check for ".." components in cleaned path
 	for _, component := range strings.Split(filepath.ToSlash(cleanPath), "/") {
 		if component == ".." {
 			return fmt.Errorf("invalid file path: traversal detected in %q", path)
 		}
 	}
 	return nil
 }
 // parseCompositeActionFromFile reads and parses a composite action file.
 func (a *Analyzer) parseCompositeActionFromFile(actionPath string) (*ActionWithComposite, error) {
 	// Validate path before reading
 	if err := validateFilePath(actionPath); err != nil {
 		return nil, err
 	}
 	// Read the file
-	data, err := os.ReadFile(actionPath) // #nosec G304 -- action path from function parameter
+	data, err := os.ReadFile(actionPath) // #nosec G304 -- path validated above
 	if err != nil {
 		return nil, fmt.Errorf("failed to read action file %s: %w", actionPath, err)
 	}
--- a/internal/dependencies/parser_test.go
+++ b/internal/dependencies/parser_test.go
@@ -0,0 +1,62 @@
 package dependencies
 import (
 	"testing"
 )
 func TestValidateFilePath(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name    string
 		path    string
 		wantErr bool
 	}{
 		{
 			name:    "valid relative path",
 			path:    "testdata/action.yml",
 			wantErr: false,
 		},
 		{
 			name:    "valid absolute path",
 			path:    "/tmp/action.yml",
 			wantErr: false,
 		},
 		{
 			name:    "traversal with double dots",
 			path:    "../../../etc/passwd",
 			wantErr: true,
 		},
 		{
 			name:    "traversal in middle of path",
 			path:    "foo/../../../etc/passwd",
 			wantErr: true,
 		},
 		{
 			name:    "clean path with dot slash",
 			path:    "./foo/bar",
 			wantErr: false,
 		},
 		{
 			name:    "valid nested path",
 			path:    "internal/testdata/fixtures/action.yml",
 			wantErr: false,
 		},
 		{
 			name:    "path with trailing slash",
 			path:    "testdata/action.yml/",
 			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			err := validateFilePath(tt.path)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("validateFilePath() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
 }
--- a/internal/dependencies/updater_test.go
+++ b/internal/dependencies/updater_test.go
@@ -0,0 +1,749 @@
 package dependencies
 import (
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/cache"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // newTestAnalyzer creates an Analyzer with cache for testing.
 // Returns the analyzer and a cleanup function.
 // Pattern used 7+ times in updater_test.go.
 func newTestAnalyzer(t *testing.T) (*Analyzer, func()) {
 	t.Helper()
 	cacheInstance, err := cache.NewCache(cache.DefaultConfig())
 	testutil.AssertNoError(t, err)
 	analyzer := &Analyzer{
 		Cache: NewCacheAdapter(cacheInstance),
 	}
 	return analyzer, testutil.CleanupCache(t, cacheInstance)
 }
 // validatePinnedUpdateSuccess validates that the update succeeded and backup was cleaned up.
 func validatePinnedUpdateSuccess(t *testing.T, actionPath string, validateBackup bool, analyzer *Analyzer) {
 	t.Helper()
 	if validateBackup {
 		testutil.AssertBackupNotExists(t, actionPath)
 	}
 	// Verify file is still valid YAML
 	err := analyzer.validateActionFile(actionPath)
 	testutil.AssertNoError(t, err)
 }
 // validatePinnedUpdateRollback validates that the rollback succeeded and file is unchanged.
 func validatePinnedUpdateRollback(t *testing.T, actionPath, originalContent string) {
 	t.Helper()
 	testutil.ValidateRollback(t, actionPath, originalContent)
 	// Backup should be removed after rollback
 	testutil.AssertBackupNotExists(t, actionPath)
 }
 // TestApplyPinnedUpdates tests the ApplyPinnedUpdates method.
 // Note: These tests identify a bug where the `- ` list marker is not preserved
 // when updating YAML. The current implementation replaces entire lines with
 // just "uses: " prefix, losing the list marker. Tests are written to document
 // current behavior while validating the logic works.
 func TestApplyPinnedUpdates(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name           string
 		actionContent  string
 		updates        []PinnedUpdate
 		wantErr        bool
 		validateBackup bool
 		checkRollback  bool
 	}{
 		createSingleUpdateTestCase(singleUpdateParams{
 			name:           "list format updates now work correctly (bug fixed)",
 			fixturePath:    "dependencies/simple-list-step.yml",
 			oldUses:        testutil.TestCheckoutV4OldUses,
 			newUses:        testutil.TestCheckoutPinnedV417,
 			commitSHA:      testutil.TestActionCheckoutSHA,
 			version:        testutil.TestVersionV417,
 			updateType:     "patch",
 			wantErr:        false,
 			validateBackup: true,
 			checkRollback:  false,
 		}),
 		createSingleUpdateTestCase(singleUpdateParams{
 			name:           "updates work when uses is not in list format",
 			fixturePath:    "dependencies/named-step.yml",
 			oldUses:        testutil.TestCheckoutV4OldUses,
 			newUses:        testutil.TestCheckoutPinnedV417,
 			commitSHA:      testutil.TestActionCheckoutSHA,
 			version:        testutil.TestVersionV417,
 			updateType:     "patch",
 			wantErr:        false,
 			validateBackup: true,
 			checkRollback:  false,
 		}),
 		{
 			name:          "multiple updates in non-list format",
 			actionContent: testutil.MustReadFixture("dependencies/multiple-steps.yml"),
 			updates: []PinnedUpdate{
 				{
 					FilePath:   "", // Will be set by test
 					OldUses:    testutil.TestCheckoutV4OldUses,
 					NewUses:    testutil.TestCheckoutPinnedV417,
 					CommitSHA:  testutil.TestActionCheckoutSHA,
 					Version:    testutil.TestVersionV417,
 					UpdateType: "patch",
 					LineNumber: 0,
 				},
 				{
 					FilePath:   "", // Will be set by test
 					OldUses:    testutil.TestActionSetupNodeV3,
 					NewUses:    "actions/setup-node@1a4e6d7c9f8e5b2a3c4d5e6f7a8b9c0d1e2f3a4b # v4.0.0",
 					CommitSHA:  "1a4e6d7c9f8e5b2a3c4d5e6f7a8b9c0d1e2f3a4b",
 					Version:    "v4.0.0",
 					UpdateType: "major",
 					LineNumber: 0,
 				},
 			},
 			wantErr:        false,
 			validateBackup: true,
 			checkRollback:  false,
 		},
 		createSingleUpdateTestCase(singleUpdateParams{
 			name:           "preserves indentation in non-list format",
 			fixturePath:    "dependencies/step-with-parameters.yml",
 			oldUses:        testutil.TestCheckoutV4OldUses,
 			newUses:        testutil.TestCheckoutPinnedV417,
 			commitSHA:      testutil.TestActionCheckoutSHA,
 			version:        testutil.TestVersionV417,
 			updateType:     "patch",
 			wantErr:        false,
 			validateBackup: true,
 			checkRollback:  false,
 		}),
 		createSingleUpdateTestCase(singleUpdateParams{
 			name:           "handles already pinned dependencies",
 			fixturePath:    "dependencies/already-pinned.yml",
 			oldUses:        testutil.TestCheckoutPinnedV417,
 			newUses:        testutil.TestCheckoutPinnedV417,
 			commitSHA:      testutil.TestActionCheckoutSHA,
 			version:        testutil.TestVersionV417,
 			updateType:     "none",
 			wantErr:        false,
 			validateBackup: true,
 			checkRollback:  false,
 		}),
 		{
 			name:          "invalid YAML triggers rollback",
 			actionContent: testutil.MustReadFixture("dependencies/simple-test-step.yml"),
 			updates: []PinnedUpdate{
 				{
 					FilePath:   "", // Will be set by test
 					OldUses:    "name: Test Action",
 					NewUses:    "invalid:::yaml",
 					CommitSHA:  "",
 					Version:    "",
 					UpdateType: "none",
 					LineNumber: 0,
 				},
 			},
 			wantErr:        true,
 			validateBackup: false,
 			checkRollback:  true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Create temporary directory and action file
 			dir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			actionPath := testutil.WriteActionFile(t, dir, tt.actionContent)
 			// Store original content for rollback check
 			originalContent, _ := os.ReadFile(actionPath) // #nosec G304 -- test file path
 			// Set file path in updates
 			for i := range tt.updates {
 				tt.updates[i].FilePath = actionPath
 			}
 			// Create analyzer
 			analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 			defer cleanupAnalyzer()
 			// Apply updates
 			err := analyzer.ApplyPinnedUpdates(tt.updates)
 			// Check error expectation
 			if (err != nil) != tt.wantErr {
 				t.Errorf("ApplyPinnedUpdates() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if !tt.wantErr {
 				validatePinnedUpdateSuccess(t, actionPath, tt.validateBackup, analyzer)
 			}
 			if tt.checkRollback {
 				validatePinnedUpdateRollback(t, actionPath, string(originalContent))
 			}
 		})
 	}
 }
 // validateUpdateFileSuccess validates that the file was updated correctly and backup was cleaned up.
 func validateUpdateFileSuccess(t *testing.T, actionPath, expectedYAML string, checkBackup bool) {
 	t.Helper()
 	testutil.AssertFileContentEquals(t, actionPath, expectedYAML)
 	if checkBackup {
 		testutil.AssertBackupNotExists(t, actionPath)
 	}
 }
 // validateUpdateFileRollback validates that the rollback succeeded and file is unchanged.
 func validateUpdateFileRollback(t *testing.T, actionPath, initialYAML string) {
 	t.Helper()
 	testutil.AssertFileContentEquals(t, actionPath, initialYAML)
 }
 // TestUpdateActionFile tests the updateActionFile method directly.
 func TestUpdateActionFile(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name          string
 		initialYAML   string
 		updates       []PinnedUpdate
 		expectedYAML  string
 		expectError   bool
 		checkBackup   bool
 		rollbackCheck bool
 	}{
 		{
 			name:        "finds and replaces uses statement in non-list format",
 			initialYAML: testutil.MustReadFixture("dependencies/test-checkout-v4.yml"),
 			updates: []PinnedUpdate{
 				{
 					OldUses: testutil.TestCheckoutV4OldUses,
 					NewUses: testutil.TestCheckoutPinnedV411,
 				},
 			},
 			expectedYAML: testutil.MustReadFixture("dependencies/test-checkout-pinned.yml"),
 			expectError:  false,
 			checkBackup:  true,
 		},
 		{
 			name:        "handles different version formats",
 			initialYAML: testutil.MustReadFixture("dependencies/test-checkout-v4-1-0.yml"),
 			updates: []PinnedUpdate{
 				{
 					OldUses: "actions/checkout@v4.1.0",
 					NewUses: testutil.TestCheckoutPinnedV411,
 				},
 			},
 			expectedYAML: testutil.MustReadFixture("dependencies/test-checkout-pinned.yml"),
 			expectError:  false,
 			checkBackup:  true,
 		},
 		{
 			name:        "handles multiple references to same action",
 			initialYAML: testutil.MustReadFixture("dependencies/test-multiple-checkout.yml"),
 			updates: []PinnedUpdate{
 				{
 					OldUses: testutil.TestCheckoutV4OldUses,
 					NewUses: testutil.TestCheckoutPinnedV411,
 				},
 			},
 			expectedYAML: testutil.MustReadFixture("dependencies/test-multiple-checkout-pinned.yml"),
 			expectError:  false,
 			checkBackup:  true,
 		},
 		{
 			name:        "preserves whitespace and comments",
 			initialYAML: testutil.MustReadFixture("dependencies/test-checkout-with-comment.yml"),
 			updates: []PinnedUpdate{
 				{
 					OldUses: testutil.TestCheckoutV4OldUses,
 					NewUses: testutil.TestCheckoutPinnedV411,
 				},
 			},
 			expectedYAML: testutil.MustReadFixture("dependencies/test-checkout-with-comment-pinned.yml"),
 			expectError:  false,
 			checkBackup:  true,
 		},
 		{
 			name:        "invalid YAML triggers rollback",
 			initialYAML: testutil.MustReadFixture(testutil.TestFixtureSimpleCheckout),
 			updates: []PinnedUpdate{
 				{
 					OldUses: testutil.TestCheckoutV4OldUses,
 					NewUses: "\"unclosed string that breaks YAML parsing", // Unclosed quote breaks YAML
 				},
 			},
 			expectedYAML:  "", // Should rollback to original
 			expectError:   true,
 			checkBackup:   false,
 			rollbackCheck: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Create temp directory and file
 			dir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			actionPath := testutil.WriteActionFile(t, dir, tt.initialYAML)
 			// Create analyzer
 			analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 			defer cleanupAnalyzer()
 			// Apply update
 			err := analyzer.updateActionFile(actionPath, tt.updates)
 			// Check error expectation
 			if (err != nil) != tt.expectError {
 				t.Errorf("updateActionFile() error = %v, expectError %v", err, tt.expectError)
 				return
 			}
 			if !tt.expectError {
 				validateUpdateFileSuccess(t, actionPath, tt.expectedYAML, tt.checkBackup)
 			}
 			if tt.rollbackCheck {
 				validateUpdateFileRollback(t, actionPath, tt.initialYAML)
 			}
 		})
 	}
 }
 // TestValidateActionFile tests the validateActionFile method.
 func TestValidateActionFile(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name        string
 		yamlContent string
 		expectValid bool
 	}{
 		{
 			name:        "valid composite action",
 			yamlContent: testutil.MustReadFixture("dependencies/simple-list-step.yml"),
 			expectValid: true,
 		},
 		{
 			name:        "valid JavaScript action",
 			yamlContent: testutil.MustReadFixture("dependencies/valid-javascript-action.yml"),
 			expectValid: true,
 		},
 		{
 			name:        "valid Docker action",
 			yamlContent: testutil.MustReadFixture("dependencies/valid-docker-action.yml"),
 			expectValid: true,
 		},
 		{
 			name:        "missing name field",
 			yamlContent: testutil.MustReadFixture("dependencies/missing-name.yml"),
 			expectValid: false,
 		},
 		{
 			name:        "missing description field",
 			yamlContent: testutil.MustReadFixture("dependencies/missing-description.yml"),
 			expectValid: false,
 		},
 		{
 			name:        "missing runs field",
 			yamlContent: testutil.MustReadFixture("dependencies/missing-runs.yml"),
 			expectValid: false,
 		},
 		{
 			name:        "invalid YAML syntax",
 			yamlContent: testutil.MustReadFixture("dependencies/invalid-syntax.yml"),
 			expectValid: false,
 		},
 		{
 			name:        "invalid using field",
 			yamlContent: testutil.MustReadFixture("dependencies/invalid-using.yml"),
 			expectValid: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Create temp file
 			dir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			actionPath := testutil.WriteActionFile(t, dir, tt.yamlContent)
 			// Create analyzer
 			analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 			defer cleanupAnalyzer()
 			// Validate
 			err := analyzer.validateActionFile(actionPath)
 			if tt.expectValid && err != nil {
 				t.Errorf("validateActionFile() expected valid but got error: %v", err)
 			}
 			if !tt.expectValid && err == nil {
 				t.Errorf("validateActionFile() expected invalid but got nil error")
 			}
 		})
 	}
 }
 // TestGetLatestTagEdgeCases tests edge cases for getLatestTag.
 func TestGetLatestTagEdgeCases(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name        string
 		mockSetup   func() *Analyzer
 		owner       string
 		repo        string
 		expectError bool
 	}{
 		{
 			name: "no tags available",
 			mockSetup: func() *Analyzer {
 				mockClient := testutil.MockGitHubClient(map[string]string{
 					"GET https://api.github.com/repos/test/repo/tags": "[]",
 				})
 				cacheInstance, _ := cache.NewCache(cache.DefaultConfig())
 				return &Analyzer{
 					GitHubClient: mockClient,
 					Cache:        NewCacheAdapter(cacheInstance),
 				}
 			},
 			owner:       "test",
 			repo:        "repo",
 			expectError: true,
 		},
 		{
 			name: "GitHub client nil",
 			mockSetup: func() *Analyzer {
 				return &Analyzer{
 					GitHubClient: nil,
 					Cache:        nil,
 				}
 			},
 			owner:       "test",
 			repo:        "repo",
 			expectError: true,
 		},
 		{
 			name: "malformed tag response",
 			mockSetup: func() *Analyzer {
 				mockClient := testutil.MockGitHubClient(map[string]string{
 					"GET https://api.github.com/repos/test/repo/tags": "invalid json",
 				})
 				cacheInstance, _ := cache.NewCache(cache.DefaultConfig())
 				return &Analyzer{
 					GitHubClient: mockClient,
 					Cache:        NewCacheAdapter(cacheInstance),
 				}
 			},
 			owner:       "test",
 			repo:        "repo",
 			expectError: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			analyzer := tt.mockSetup()
 			if analyzer.Cache != nil {
 				// Clean up cache if it exists
 				defer func() {
 					if ca, ok := analyzer.Cache.(*CacheAdapter); ok {
 						_ = ca.cache.Close()
 					}
 				}()
 			}
 			_, _, err := analyzer.getLatestVersion(tt.owner, tt.repo)
 			if (err != nil) != tt.expectError {
 				t.Errorf("getLatestVersion() error = %v, expectError %v", err, tt.expectError)
 			}
 		})
 	}
 }
 // assertCacheVersionNotFound validates that no version was found in the cache.
 func assertCacheVersionNotFound(t *testing.T, version, sha string, found bool) {
 	t.Helper()
 	if found {
 		t.Error("getCachedVersion() should return false")
 	}
 	if version != "" {
 		t.Errorf("version = %q, want empty", version)
 	}
 	if sha != "" {
 		t.Errorf("sha = %q, want empty", sha)
 	}
 }
 // TestCacheVersionEdgeCases tests edge cases for cacheVersion and getCachedVersion.
 func TestCacheVersionEdgeCases(t *testing.T) {
 	t.Parallel()
 	// Parametrized tests for getCachedVersion edge cases
 	notFoundCases := []struct {
 		name     string
 		setupFn  func(*testing.T) (*Analyzer, func())
 		cacheKey string
 	}{
 		{
 			name: "nil cache",
 			setupFn: func(_ *testing.T) (*Analyzer, func()) {
 				return &Analyzer{Cache: nil}, func() {
 					// No cleanup needed for nil cache
 				}
 			},
 			cacheKey: testutil.CacheTestKey,
 		},
 		{
 			name: "invalid data type",
 			setupFn: func(t *testing.T) (*Analyzer, func()) {
 				t.Helper()
 				c, err := cache.NewCache(cache.DefaultConfig())
 				testutil.AssertNoError(t, err)
 				_ = c.Set(testutil.CacheTestKey, "invalid-string")
 				return &Analyzer{Cache: NewCacheAdapter(c)}, testutil.CleanupCache(t, c)
 			},
 			cacheKey: testutil.CacheTestKey,
 		},
 		{
 			name: "empty cache entry",
 			setupFn: func(t *testing.T) (*Analyzer, func()) {
 				t.Helper()
 				c, err := cache.NewCache(cache.DefaultConfig())
 				testutil.AssertNoError(t, err)
 				return &Analyzer{Cache: NewCacheAdapter(c)}, testutil.CleanupCache(t, c)
 			},
 			cacheKey: "nonexistent-key",
 		},
 	}
 	for _, tc := range notFoundCases {
 		t.Run("getCachedVersion with "+tc.name, func(t *testing.T) {
 			t.Parallel()
 			analyzer, cleanup := tc.setupFn(t)
 			defer cleanup()
 			version, sha, found := analyzer.getCachedVersion(tc.cacheKey)
 			assertCacheVersionNotFound(t, version, sha, found)
 		})
 	}
 	t.Run("cacheVersion with nil cache", func(t *testing.T) {
 		t.Parallel()
 		analyzer := &Analyzer{Cache: nil}
 		// Should not panic
 		analyzer.cacheVersion(testutil.CacheTestKey, "v1.0.0", "abc123")
 	})
 	t.Run("cacheVersion stores and retrieves correctly", func(t *testing.T) {
 		t.Parallel()
 		cacheInstance, err := cache.NewCache(cache.DefaultConfig())
 		testutil.AssertNoError(t, err)
 		defer testutil.CleanupCache(t, cacheInstance)()
 		analyzer := &Analyzer{Cache: NewCacheAdapter(cacheInstance)}
 		// Cache a version
 		analyzer.cacheVersion(testutil.CacheTestKey, "v1.2.3", "def456")
 		// Retrieve it
 		version, sha, found := analyzer.getCachedVersion(testutil.CacheTestKey)
 		if !found {
 			t.Error("getCachedVersion() should return true after cacheVersion()")
 		}
 		if version != "v1.2.3" {
 			t.Errorf("getCachedVersion() version = %s, want v1.2.3", version)
 		}
 		if sha != "def456" {
 			t.Errorf("getCachedVersion() sha = %s, want def456", sha)
 		}
 	})
 }
 // TestUpdateActionFileBackupAndRollback tests backup creation and rollback functionality.
 func TestUpdateActionFileBackupAndRollback(t *testing.T) {
 	t.Parallel()
 	t.Run("backup created before modification", func(t *testing.T) {
 		t.Parallel()
 		dir, cleanup := testutil.TempDir(t)
 		defer cleanup()
 		originalContent := testutil.MustReadFixture(testutil.TestFixtureSimpleCheckout)
 		actionPath := testutil.WriteActionFile(t, dir, originalContent)
 		analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 		defer cleanupAnalyzer()
 		updates := []PinnedUpdate{
 			{
 				OldUses: testutil.TestCheckoutV4OldUses,
 				NewUses: testutil.TestCheckoutPinnedV411,
 			},
 		}
 		err := analyzer.updateActionFile(actionPath, updates)
 		testutil.AssertNoError(t, err)
 		// Backup should be removed after successful update
 		testutil.AssertBackupNotExists(t, actionPath)
 	})
 	t.Run("rollback on validation failure", func(t *testing.T) {
 		t.Parallel()
 		dir, cleanup := testutil.TempDir(t)
 		defer cleanup()
 		originalContent := testutil.MustReadFixture(testutil.TestFixtureSimpleCheckout)
 		actionPath := testutil.WriteActionFile(t, dir, originalContent)
 		analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 		defer cleanupAnalyzer()
 		// Create an update that breaks YAML
 		updates := []PinnedUpdate{
 			{
 				OldUses: "name: Test",
 				NewUses: "invalid::yaml::syntax:",
 			},
 		}
 		err := analyzer.updateActionFile(actionPath, updates)
 		if err == nil {
 			t.Error("updateActionFile() should return error for invalid YAML")
 		}
 		// File should be rolled back to original
 		testutil.AssertFileContentEquals(t, actionPath, originalContent)
 		// Backup should be removed after rollback
 		testutil.AssertBackupNotExists(t, actionPath)
 	})
 	t.Run("file permission errors", func(t *testing.T) {
 		// Skip on Windows as permission handling is different
 		if runtime.GOOS == "windows" {
 			t.Skip("Skipping permission test on Windows")
 		}
 		dir, cleanup := testutil.TempDir(t)
 		defer cleanup()
 		actionPath := filepath.Join(dir, appconstants.ActionFileNameYML)
 		testutil.WriteTestFile(t, actionPath, "name: Test\ndescription: Test\nruns:\n  using: composite\n  steps: []")
 		// Make file read-only
 		err := os.Chmod(actionPath, 0444) // #nosec G302 -- intentionally read-only for test
 		testutil.AssertNoError(t, err)
 		analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 		defer cleanupAnalyzer()
 		updates := []PinnedUpdate{
 			{
 				OldUses: "anything",
 				NewUses: "something",
 			},
 		}
 		err = analyzer.updateActionFile(actionPath, updates)
 		if err == nil {
 			t.Error("updateActionFile() should return error for read-only file")
 		}
 	})
 }
 // TestApplyPinnedUpdatesGroupedByFile tests updates to multiple files.
 func TestApplyPinnedUpdatesGroupedByFile(t *testing.T) {
 	t.Parallel()
 	dir, cleanup := testutil.TempDir(t)
 	defer cleanup()
 	// Create two action files in non-list format (to avoid YAML bug)
 	action1Path := filepath.Join(dir, "action1.yml")
 	action2Path := filepath.Join(dir, "action2.yml")
 	action1Content := testutil.MustReadFixture("dependencies/action1-checkout.yml")
 	action2Content := testutil.MustReadFixture("dependencies/action2-setup-node.yml")
 	testutil.WriteTestFile(t, action1Path, action1Content)
 	testutil.WriteTestFile(t, action2Path, action2Content)
 	analyzer, cleanupAnalyzer := newTestAnalyzer(t)
 	defer cleanupAnalyzer()
 	// Create updates for both files
 	updates := []PinnedUpdate{
 		{
 			FilePath: action1Path,
 			OldUses:  testutil.TestCheckoutV4OldUses,
 			NewUses:  testutil.TestCheckoutPinnedV411,
 		},
 		{
 			FilePath: action2Path,
 			OldUses:  testutil.TestActionSetupNodeV3,
 			NewUses:  "actions/setup-node@def456 # v4.0.0",
 		},
 	}
 	err := analyzer.ApplyPinnedUpdates(updates)
 	testutil.AssertNoError(t, err)
 	// Verify both files were updated
 	content1 := testutil.SafeReadFile(t, action1Path, dir)
 	if !strings.Contains(string(content1), testutil.TestCheckoutPinnedV411) {
 		t.Errorf("action1.yml was not updated correctly, got:\n%s", string(content1))
 	}
 	content2 := testutil.SafeReadFile(t, action2Path, dir)
 	if !strings.Contains(string(content2), "actions/setup-node@def456 # v4.0.0") {
 		t.Errorf("action2.yml was not updated correctly, got:\n%s", string(content2))
 	}
 }
--- a/internal/dependencies/updater_test_helper.go
+++ b/internal/dependencies/updater_test_helper.go
@@ -0,0 +1,48 @@
 package dependencies
 import "github.com/ivuorinen/gh-action-readme/testutil"
 // singleUpdateParams holds parameters for creating a test case with a single update.
 type singleUpdateParams struct {
 	name                                             string
 	fixturePath                                      string
 	oldUses, newUses, commitSHA, version, updateType string
 	wantErr, validateBackup, checkRollback           bool
 }
 // createSingleUpdateTestCase creates a test case with a single PinnedUpdate.
 // This helper reduces duplication for test cases that update a single dependency.
 func createSingleUpdateTestCase(params singleUpdateParams) struct {
 	name           string
 	actionContent  string
 	updates        []PinnedUpdate
 	wantErr        bool
 	validateBackup bool
 	checkRollback  bool
 } {
 	return struct {
 		name           string
 		actionContent  string
 		updates        []PinnedUpdate
 		wantErr        bool
 		validateBackup bool
 		checkRollback  bool
 	}{
 		name:          params.name,
 		actionContent: testutil.MustReadFixture(params.fixturePath),
 		updates: []PinnedUpdate{
 			{
 				FilePath:   "", // Will be set by test
 				OldUses:    params.oldUses,
 				NewUses:    params.newUses,
 				CommitSHA:  params.commitSHA,
 				Version:    params.version,
 				UpdateType: params.updateType,
 				LineNumber: 0,
 			},
 		},
 		wantErr:        params.wantErr,
 		validateBackup: params.validateBackup,
 		checkRollback:  params.checkRollback,
 	}
 }
--- a/internal/errorhandler_integration_test.go
+++ b/internal/errorhandler_integration_test.go
@@ -0,0 +1,361 @@
 package internal_test
 import (
 	"errors"
 	"os"
 	"os/exec"
 	"strings"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 const (
 	envGoTestSubprocess = "GO_TEST_SUBPROCESS"
 	envTestType         = "TEST_TYPE"
 )
 // verifyExitCode checks that the command exited with the expected exit code.
 func verifyExitCode(t *testing.T, err error, expectedExit int) {
 	t.Helper()
 	if exitErr, ok := err.(*exec.ExitError); ok {
 		if exitErr.ExitCode() != expectedExit {
 			t.Errorf("expected exit code %d, got %d", expectedExit, exitErr.ExitCode())
 		}
 		return
 	}
 	if err != nil {
 		t.Fatalf(testutil.TestErrUnexpected, err)
 	}
 	if expectedExit != 0 {
 		t.Errorf("expected exit code %d, but process exited successfully", expectedExit)
 	}
 }
 // execSubprocessTest spawns a subprocess and returns its stderr output and error.
 func execSubprocessTest(t *testing.T, testType string) (string, error) {
 	t.Helper()
 	//nolint:gosec // Controlled test arguments
 	cmd := exec.Command(os.Args[0], "-test.run=^TestErrorHandlerIntegration$")
 	cmd.Env = append(os.Environ(),
 		envGoTestSubprocess+"=1",
 		envTestType+"="+testType,
 	)
 	stderr, err := cmd.StderrPipe()
 	if err != nil {
 		t.Fatalf("failed to get stderr pipe: %v", err)
 	}
 	if err := cmd.Start(); err != nil {
 		t.Fatalf("failed to start subprocess: %v", err)
 	}
 	stderrOutput := make([]byte, 4096)
 	n, _ := stderr.Read(stderrOutput)
 	stderrStr := string(stderrOutput[:n])
 	return stderrStr, cmd.Wait()
 }
 // runSubprocessErrorTest executes a subprocess test and verifies exit code and stderr.
 // Consolidates 15 duplicated test loops.
 func runSubprocessErrorTest(t *testing.T, testType string, expectedExit int, expectedStderr string) {
 	t.Helper()
 	stderrStr, err := execSubprocessTest(t, testType)
 	verifyExitCode(t, err, expectedExit)
 	if !strings.Contains(strings.ToLower(stderrStr), strings.ToLower(expectedStderr)) {
 		t.Errorf("stderr missing expected text %q, got: %s", expectedStderr, stderrStr)
 	}
 }
 // TestErrorHandlerIntegration tests error handler methods that call os.Exit()
 // using subprocess pattern.
 func TestErrorHandlerIntegration(t *testing.T) {
 	t.Parallel()
 	// Check if this is the subprocess
 	if os.Getenv(envGoTestSubprocess) == "1" {
 		runSubprocessTest()
 		return
 	}
 	tests := []struct {
 		name           string
 		testType       string
 		expectedExit   int
 		expectedStderr string
 	}{
 		{
 			name:           "HandleError with file not found",
 			testType:       "handle_error_file_not_found",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: testutil.TestErrFileNotFound,
 		},
 		{
 			name:           "HandleError with validation error",
 			testType:       "handle_error_validation",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: "validation failed",
 		},
 		{
 			name:           "HandleError with context",
 			testType:       "handle_error_with_context",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: "config file",
 		},
 		{
 			name:           "HandleError with suggestions",
 			testType:       "handle_error_with_suggestions",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: testutil.TestErrFileError,
 		},
 		{
 			name:           "HandleFatalError with permission denied",
 			testType:       "handle_fatal_error_permission",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: testutil.TestErrPermissionDenied,
 		},
 		{
 			name:           "HandleFatalError with config error",
 			testType:       "handle_fatal_error_config",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: "configuration error",
 		},
 		{
 			name:           "HandleSimpleError with generic error",
 			testType:       "handle_simple_error_generic",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: "operation failed",
 		},
 		{
 			name:           "HandleSimpleError with file not found pattern",
 			testType:       "handle_simple_error_not_found",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: testutil.TestErrFileError,
 		},
 		{
 			name:           "HandleSimpleError with permission pattern",
 			testType:       "handle_simple_error_permission",
 			expectedExit:   appconstants.ExitCodeError,
 			expectedStderr: "access error",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			runSubprocessErrorTest(t, tt.testType, tt.expectedExit, tt.expectedStderr)
 		})
 	}
 }
 // runSubprocessTest executes the actual error handler call based on TEST_TYPE.
 func runSubprocessTest() {
 	testType := os.Getenv(envTestType)
 	output := internal.NewColoredOutput(false) // quiet=false
 	handler := internal.NewErrorHandler(output)
 	switch testType {
 	case "handle_error_file_not_found":
 		err := apperrors.New(appconstants.ErrCodeFileNotFound, testutil.TestErrFileNotFound)
 		handler.HandleError(err)
 	case "handle_error_validation":
 		err := apperrors.New(appconstants.ErrCodeValidation, "validation failed")
 		handler.HandleError(err)
 	case "handle_error_with_context":
 		err := apperrors.New(appconstants.ErrCodeConfiguration, "config file missing")
 		err = err.WithDetails(map[string]string{
 			"path": "/invalid/path/config.yaml",
 			"type": "application",
 		})
 		handler.HandleError(err)
 	case "handle_error_with_suggestions":
 		err := apperrors.New(appconstants.ErrCodeFileNotFound, "file error occurred")
 		err = err.WithSuggestions("Check that the file exists", "Verify file permissions")
 		handler.HandleError(err)
 	case "handle_fatal_error_permission":
 		handler.HandleFatalError(
 			appconstants.ErrCodePermission,
 			"permission denied accessing file",
 			map[string]string{"file": "/etc/passwd"},
 		)
 	case "handle_fatal_error_config":
 		handler.HandleFatalError(
 			appconstants.ErrCodeConfiguration,
 			"configuration error in settings",
 			map[string]string{
 				"section": "github",
 				"key":     "token",
 			},
 		)
 	case "handle_simple_error_generic":
 		handler.HandleSimpleError("operation failed", errors.New("generic error occurred"))
 	case "handle_simple_error_not_found":
 		handler.HandleSimpleError(testutil.TestErrFileError, errors.New("no such file or directory"))
 	case "handle_simple_error_permission":
 		handler.HandleSimpleError("access error", errors.New(testutil.TestErrPermissionDenied))
 	default:
 		os.Exit(99) // Unexpected test type
 	}
 }
 // TestErrorHandlerAllErrorCodes tests that all error codes produce correct exit codes.
 func TestErrorHandlerAllErrorCodes(t *testing.T) {
 	t.Parallel()
 	// Check if this is the subprocess
 	if os.Getenv(envGoTestSubprocess) == "1" {
 		runErrorCodeTest()
 		return
 	}
 	errorCodes := []struct {
 		code        appconstants.ErrorCode
 		description string
 	}{
 		{appconstants.ErrCodeFileNotFound, testutil.TestErrFileNotFound},
 		{appconstants.ErrCodePermission, testutil.TestErrPermissionDenied},
 		{appconstants.ErrCodeInvalidYAML, "invalid yaml"},
 		{appconstants.ErrCodeInvalidAction, "invalid action"},
 		{appconstants.ErrCodeNoActionFiles, "no action files"},
 		{appconstants.ErrCodeGitHubAPI, "github api error"},
 		{appconstants.ErrCodeGitHubRateLimit, "rate limit"},
 		{appconstants.ErrCodeGitHubAuth, "auth error"},
 		{appconstants.ErrCodeConfiguration, "configuration error"},
 		{appconstants.ErrCodeValidation, "validation error"},
 		{appconstants.ErrCodeTemplateRender, "template error"},
 		{appconstants.ErrCodeFileWrite, "file write error"},
 		{appconstants.ErrCodeDependencyAnalysis, "dependency error"},
 		{appconstants.ErrCodeCacheAccess, "cache error"},
 		{appconstants.ErrCodeUnknown, "unknown error"},
 	}
 	for _, tc := range errorCodes {
 		t.Run(string(tc.code), func(t *testing.T) {
 			t.Parallel()
 			//nolint:gosec // Controlled test arguments
 			cmd := exec.Command(os.Args[0], "-test.run=^TestErrorHandlerAllErrorCodes$/^"+string(tc.code)+"$")
 			cmd.Env = append(os.Environ(),
 				"GO_TEST_SUBPROCESS=1",
 				"ERROR_CODE="+string(tc.code),
 				"ERROR_DESC="+tc.description,
 			)
 			stderr, _ := cmd.StderrPipe()
 			_ = cmd.Start()
 			stderrOutput := make([]byte, 4096)
 			n, _ := stderr.Read(stderrOutput)
 			stderrStr := string(stderrOutput[:n])
 			err := cmd.Wait()
 			// All errors should exit with ExitCodeError (1)
 			if exitErr, ok := err.(*exec.ExitError); ok {
 				if exitErr.ExitCode() != appconstants.ExitCodeError {
 					t.Errorf("expected exit code %d, got %d", appconstants.ExitCodeError, exitErr.ExitCode())
 				}
 			} else if err != nil {
 				t.Fatalf(testutil.TestErrUnexpected, err)
 			} else {
 				t.Error("expected non-zero exit code")
 			}
 			// Verify error message appears in output
 			if !strings.Contains(strings.ToLower(stderrStr), strings.ToLower(tc.description)) {
 				t.Errorf("stderr missing expected error description %q, got: %s", tc.description, stderrStr)
 			}
 		})
 	}
 }
 // runErrorCodeTest handles subprocess execution for error code tests.
 func runErrorCodeTest() {
 	code := appconstants.ErrorCode(os.Getenv("ERROR_CODE"))
 	desc := os.Getenv("ERROR_DESC")
 	output := internal.NewColoredOutput(false)
 	handler := internal.NewErrorHandler(output)
 	err := apperrors.New(code, desc)
 	handler.HandleError(err)
 }
 // TestErrorHandlerWithComplexContext tests error handler with multiple context values and suggestions.
 func TestErrorHandlerWithComplexContext(t *testing.T) {
 	t.Parallel()
 	if os.Getenv(envGoTestSubprocess) == "1" {
 		runComplexContextTest()
 		return
 	}
 	//nolint:gosec // Controlled test arguments
 	cmd := exec.Command(os.Args[0], "-test.run=^TestErrorHandlerWithComplexContext$")
 	cmd.Env = append(os.Environ(), "GO_TEST_SUBPROCESS=1")
 	stderr, _ := cmd.StderrPipe()
 	_ = cmd.Start()
 	stderrOutput := make([]byte, 8192)
 	n, _ := stderr.Read(stderrOutput)
 	stderrStr := string(stderrOutput[:n])
 	_ = cmd.Wait()
 	// Verify all context keys are displayed
 	contextKeys := []string{"path", "action", "reason"}
 	for _, key := range contextKeys {
 		if !strings.Contains(stderrStr, key) {
 			t.Errorf("stderr missing context key %q", key)
 		}
 	}
 	// Verify suggestions are displayed
 	suggestions := []string{"Check the file path", "Verify YAML syntax", "Consult documentation"}
 	for _, suggestion := range suggestions {
 		if !strings.Contains(stderrStr, suggestion) {
 			t.Errorf("stderr missing suggestion %q", suggestion)
 		}
 	}
 }
 // runComplexContextTest handles subprocess execution for complex context test.
 func runComplexContextTest() {
 	output := internal.NewColoredOutput(false)
 	handler := internal.NewErrorHandler(output)
 	err := apperrors.New(appconstants.ErrCodeInvalidYAML, "YAML parsing failed")
 	err = err.WithDetails(map[string]string{
 		"path":   "/path/to/action.yml",
 		"action": "parse-workflow",
 		"reason": "invalid syntax at line 42",
 	})
 	err = err.WithSuggestions(
 		"Check the file path is correct",
 		"Verify YAML syntax is valid",
 		"Consult documentation for proper format",
 	)
 	handler.HandleError(err)
 }
--- a/internal/errorhandler_integration_test_helpers.go
+++ b/internal/errorhandler_integration_test_helpers.go
@@ -0,0 +1,62 @@
 package internal
 import (
 	"io"
 	"os"
 	"os/exec"
 	"strings"
 	"testing"
 )
 // spawnTestSubprocess creates and configures a test subprocess.
 // This helper reduces cognitive complexity in integration tests by centralizing
 // the subprocess creation logic.
 //
 //nolint:unused // Prepared for future use in errorhandler integration tests
 func spawnTestSubprocess(t *testing.T, testType string) *exec.Cmd {
 	t.Helper()
 	//nolint:gosec // G204: Controlled test arguments, not user input
 	cmd := exec.Command(os.Args[0], "-test.run=TestErrorHandlerIntegration")
 	cmd.Env = append(os.Environ(), "GO_TEST_SUBPROCESS=1", "TEST_TYPE="+testType)
 	return cmd
 }
 // assertSubprocessExit validates subprocess exit code and stderr.
 // This helper reduces cognitive complexity in integration tests by centralizing
 // the subprocess validation logic that was repeated across test cases.
 //
 //nolint:unused // Prepared for future use in errorhandler integration tests
 func assertSubprocessExit(t *testing.T, cmd *exec.Cmd, expectedExitCode int, stderrPattern string) {
 	t.Helper()
 	stderr, err := cmd.StderrPipe()
 	if err != nil {
 		t.Fatalf("failed to create stderr pipe: %v", err)
 	}
 	if err := cmd.Start(); err != nil {
 		t.Fatalf("failed to start subprocess: %v", err)
 	}
 	stderrBytes, _ := io.ReadAll(stderr)
 	stderrStr := string(stderrBytes)
 	err = cmd.Wait()
 	// Validate exit code
 	exitCode := 0
 	if exitErr, ok := err.(*exec.ExitError); ok {
 		exitCode = exitErr.ExitCode()
 	}
 	if exitCode != expectedExitCode {
 		t.Errorf("exit code = %d, want %d", exitCode, expectedExitCode)
 	}
 	// Validate stderr contains pattern
 	if stderrPattern != "" && !strings.Contains(stderrStr, stderrPattern) {
 		t.Errorf("stderr does not contain %q, got: %s", stderrPattern, stderrStr)
 	}
 }
--- a/internal/errorhandler_test.go
+++ b/internal/errorhandler_test.go
@@ -0,0 +1,321 @@
 package internal
 import (
 	"errors"
 	"os"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // newTestErrorHandler creates an ErrorHandler for testing with quiet output.
 // Reduces duplication across error handler tests.
 func newTestErrorHandler() *ErrorHandler {
 	return NewErrorHandler(&ColoredOutput{NoColor: true, Quiet: true})
 }
 // TestNewErrorHandler tests error handler creation.
 func TestNewErrorHandler(t *testing.T) {
 	output := &ColoredOutput{NoColor: true, Quiet: true}
 	handler := NewErrorHandler(output)
 	if handler == nil {
 		t.Fatal("NewErrorHandler() returned nil")
 	}
 	if handler.output != output {
 		t.Error("NewErrorHandler() did not set output correctly")
 	}
 }
 // TestDetermineErrorCode tests error code determination.
 //
 func TestDetermineErrorCode(t *testing.T) {
 	handler := newTestErrorHandler()
 	tests := []struct {
 		name     string
 		err      error
 		wantCode appconstants.ErrorCode
 	}{
 		{
 			name:     "file not found - typed error",
 			err:      apperrors.ErrFileNotFound,
 			wantCode: appconstants.ErrCodeFileNotFound,
 		},
 		{
 			name:     "file not found - os.ErrNotExist",
 			err:      os.ErrNotExist,
 			wantCode: appconstants.ErrCodeFileNotFound,
 		},
 		{
 			name:     "permission denied - typed error",
 			err:      apperrors.ErrPermissionDenied,
 			wantCode: appconstants.ErrCodePermission,
 		},
 		{
 			name:     "permission denied - os.ErrPermission",
 			err:      os.ErrPermission,
 			wantCode: appconstants.ErrCodePermission,
 		},
 		{
 			name:     "invalid YAML",
 			err:      apperrors.ErrInvalidYAML,
 			wantCode: appconstants.ErrCodeInvalidYAML,
 		},
 		{
 			name:     "GitHub API error",
 			err:      apperrors.ErrGitHubAPI,
 			wantCode: appconstants.ErrCodeGitHubAPI,
 		},
 		{
 			name:     "configuration error",
 			err:      apperrors.ErrConfiguration,
 			wantCode: appconstants.ErrCodeConfiguration,
 		},
 		{
 			name:     "unknown error",
 			err:      errors.New("some random error"),
 			wantCode: appconstants.ErrCodeUnknown,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := handler.determineErrorCode(tt.err)
 			if got != tt.wantCode {
 				t.Errorf("determineErrorCode() = %v, want %v", got, tt.wantCode)
 			}
 		})
 	}
 }
 // TestCheckTypedError tests typed error checking.
 //
 func TestCheckTypedError(t *testing.T) {
 	handler := newTestErrorHandler()
 	tests := []struct {
 		name     string
 		err      error
 		wantCode appconstants.ErrorCode
 	}{
 		{
 			name:     "ErrFileNotFound",
 			err:      apperrors.ErrFileNotFound,
 			wantCode: appconstants.ErrCodeFileNotFound,
 		},
 		{
 			name:     "os.ErrNotExist",
 			err:      os.ErrNotExist,
 			wantCode: appconstants.ErrCodeFileNotFound,
 		},
 		{
 			name:     "ErrPermissionDenied",
 			err:      apperrors.ErrPermissionDenied,
 			wantCode: appconstants.ErrCodePermission,
 		},
 		{
 			name:     "os.ErrPermission",
 			err:      os.ErrPermission,
 			wantCode: appconstants.ErrCodePermission,
 		},
 		{
 			name:     "ErrInvalidYAML",
 			err:      apperrors.ErrInvalidYAML,
 			wantCode: appconstants.ErrCodeInvalidYAML,
 		},
 		{
 			name:     "ErrGitHubAPI",
 			err:      apperrors.ErrGitHubAPI,
 			wantCode: appconstants.ErrCodeGitHubAPI,
 		},
 		{
 			name:     "ErrConfiguration",
 			err:      apperrors.ErrConfiguration,
 			wantCode: appconstants.ErrCodeConfiguration,
 		},
 		{
 			name:     "unknown error",
 			err:      errors.New(testutil.UnknownErrorMsg),
 			wantCode: appconstants.ErrCodeUnknown,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := handler.checkTypedError(tt.err)
 			if got != tt.wantCode {
 				t.Errorf("checkTypedError() = %v, want %v", got, tt.wantCode)
 			}
 		})
 	}
 }
 // TestCheckStringPatterns tests string pattern matching.
 func TestCheckStringPatterns(t *testing.T) {
 	handler := newTestErrorHandler()
 	tests := []struct {
 		name     string
 		errStr   string
 		wantCode appconstants.ErrorCode
 	}{
 		{
 			name:     "file not found pattern",
 			errStr:   "no such file or directory",
 			wantCode: appconstants.ErrCodeFileNotFound,
 		},
 		{
 			name:     "permission denied pattern",
 			errStr:   "permission denied",
 			wantCode: appconstants.ErrCodePermission,
 		},
 		{
 			name:     "YAML error pattern",
 			errStr:   "yaml: unmarshal error",
 			wantCode: appconstants.ErrCodeInvalidYAML,
 		},
 		{
 			name:     "GitHub API pattern",
 			errStr:   "GitHub API error",
 			wantCode: appconstants.ErrCodeGitHubAPI,
 		},
 		{
 			name:     "configuration pattern",
 			errStr:   "configuration error",
 			wantCode: appconstants.ErrCodeConfiguration,
 		},
 		{
 			name:     "unknown pattern",
 			errStr:   "some random error message",
 			wantCode: appconstants.ErrCodeUnknown,
 		},
 		{
 			name:     "case insensitive matching",
 			errStr:   "PERMISSION DENIED",
 			wantCode: appconstants.ErrCodePermission,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := handler.checkStringPatterns(tt.errStr)
 			if got != tt.wantCode {
 				t.Errorf("checkStringPatterns(%q) = %v, want %v", tt.errStr, got, tt.wantCode)
 			}
 		})
 	}
 }
 // TestContains tests the contains helper function.
 func TestContains(t *testing.T) {
 	tests := []struct {
 		name   string
 		s      string
 		substr string
 		want   bool
 	}{
 		{
 			name:   "exact match",
 			s:      testutil.HelloWorldStr,
 			substr: "hello",
 			want:   true,
 		},
 		{
 			name:   "case insensitive match",
 			s:      "Hello World",
 			substr: "hello",
 			want:   true,
 		},
 		{
 			name:   "no match",
 			s:      testutil.HelloWorldStr,
 			substr: "goodbye",
 			want:   false,
 		},
 		{
 			name:   "empty substring",
 			s:      testutil.HelloWorldStr,
 			substr: "",
 			want:   true,
 		},
 		{
 			name:   "empty string",
 			s:      "",
 			substr: "hello",
 			want:   false,
 		},
 		{
 			name:   "substring in middle",
 			s:      "the quick brown fox",
 			substr: "quick",
 			want:   true,
 		},
 		{
 			name:   "case insensitive - uppercase string",
 			s:      "ERROR: PERMISSION DENIED",
 			substr: "permission",
 			want:   true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := contains(tt.s, tt.substr)
 			if got != tt.want {
 				t.Errorf("contains(%q, %q) = %v, want %v", tt.s, tt.substr, got, tt.want)
 			}
 		})
 	}
 }
 // NOTE: HandleSimpleError testing is covered by TestDetermineErrorCode
 // since HandleSimpleError calls determineErrorCode and then os.Exit().
 // Testing os.Exit() directly is not practical in unit tests.
 // TestFatalErrorComponents tests the components used in fatal error handling.
 // NOTE: We cannot test HandleFatalError directly as it calls os.Exit().
 // This test verifies that error construction components work correctly.
 func TestFatalErrorComponents(t *testing.T) {
 	// Test the logic that HandleFatalError uses before calling os.Exit
 	handler := newTestErrorHandler()
 	// Test that HandleFatalError correctly constructs contextual errors
 	code := appconstants.ErrCodeFileNotFound
 	message := "test error message"
 	context := map[string]string{"file": "test.yml"}
 	// Verify suggestions and help URL are retrieved
 	suggestions := apperrors.GetSuggestions(code, context)
 	helpURL := apperrors.GetHelpURL(code)
 	// ErrCodeFileNotFound should have suggestions and help URL
 	if len(suggestions) == 0 {
 		t.Errorf("GetSuggestions(%v) returned empty, expected non-empty for ErrCodeFileNotFound", code)
 	}
 	if helpURL == "" {
 		t.Errorf("GetHelpURL(%v) returned empty string, expected URL for ErrCodeFileNotFound", code)
 	}
 	// Verify error construction (without calling HandleFatalError which exits)
 	contextualErr := apperrors.New(code, message).
 		WithSuggestions(suggestions...).
 		WithHelpURL(helpURL).
 		WithDetails(context)
 	if contextualErr == nil {
 		t.Error("failed to construct contextual error")
 	}
 	// Verify handler is properly initialized
 	if handler.output == nil {
 		t.Error("handler output is nil")
 	}
 }
--- a/internal/focused_consumers_test.go
+++ b/internal/focused_consumers_test.go
@@ -0,0 +1,284 @@
 package internal
 import (
 	"errors"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // compositeOutputWriterForTest wraps testutil mocks to satisfy OutputWriter interface.
 type compositeOutputWriterForTest struct {
 	*testutil.MessageLoggerMock
 	*testutil.ProgressReporterMock
 	*testutil.OutputConfigMock
 }
 // errorManagerForTest wraps testutil mocks to satisfy ErrorManager interface.
 type errorManagerForTest struct {
 	*testutil.ErrorReporterMock
 	*testutil.ErrorFormatterMock
 }
 // FormatContextualError implements ErrorManager interface.
 func (e *errorManagerForTest) FormatContextualError(err *apperrors.ContextualError) string {
 	if err != nil {
 		return e.ErrorFormatterMock.FormatContextualError(err)
 	}
 	return ""
 }
 // ErrorWithSuggestions implements ErrorManager interface.
 func (e *errorManagerForTest) ErrorWithSuggestions(err *apperrors.ContextualError) {
 	e.ErrorReporterMock.ErrorWithSuggestions(err)
 }
 // TestNewCompositeOutputWriter tests the composite output writer constructor.
 func TestNewCompositeOutputWriter(t *testing.T) {
 	t.Parallel()
 	writer := &compositeOutputWriterForTest{
 		MessageLoggerMock:    &testutil.MessageLoggerMock{},
 		ProgressReporterMock: &testutil.ProgressReporterMock{},
 		OutputConfigMock:     &testutil.OutputConfigMock{},
 	}
 	cow := NewCompositeOutputWriter(writer)
 	if cow == nil {
 		t.Fatal("NewCompositeOutputWriter() returned nil")
 	}
 	if cow.writer != writer {
 		t.Error("NewCompositeOutputWriter() did not set writer correctly")
 	}
 }
 // TestCompositeOutputWriterProcessWithOutput tests processing with output.
 func TestCompositeOutputWriterProcessWithOutput(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		isQuiet      bool
 		items        []string
 		wantMessages int
 		wantInfo     bool
 		wantProgress bool
 		wantSuccess  bool
 	}{
 		{
 			name:         "with items not quiet",
 			isQuiet:      false,
 			items:        []string{"item1", "item2", "item3"},
 			wantMessages: 5, // 1 info + 3 progress + 1 success
 			wantInfo:     true,
 			wantProgress: true,
 			wantSuccess:  true,
 		},
 		{
 			name:         "with quiet mode",
 			isQuiet:      true,
 			items:        []string{"item1", "item2"},
 			wantMessages: 0,
 			wantInfo:     false,
 			wantProgress: false,
 			wantSuccess:  false,
 		},
 		{
 			name:         "with empty items",
 			isQuiet:      false,
 			items:        []string{},
 			wantMessages: 2, // 1 info + 1 success
 			wantInfo:     true,
 			wantProgress: false,
 			wantSuccess:  true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			logger := &testutil.MessageLoggerMock{}
 			progress := &testutil.ProgressReporterMock{}
 			writer := &compositeOutputWriterForTest{
 				MessageLoggerMock:    logger,
 				ProgressReporterMock: progress,
 				OutputConfigMock:     &testutil.OutputConfigMock{QuietMode: tt.isQuiet},
 			}
 			cow := NewCompositeOutputWriter(writer)
 			cow.ProcessWithOutput(tt.items)
 			totalMessages := len(logger.InfoCalls) + len(progress.ProgressCalls) + len(logger.SuccessCalls)
 			if totalMessages != tt.wantMessages {
 				t.Errorf("ProcessWithOutput() produced %d messages, want %d",
 					totalMessages, tt.wantMessages)
 			}
 			hasInfo := len(logger.InfoCalls) > 0
 			hasProgress := len(progress.ProgressCalls) > 0
 			hasSuccess := len(logger.SuccessCalls) > 0
 			if hasInfo != tt.wantInfo {
 				t.Errorf("ProcessWithOutput() hasInfo = %v, want %v", hasInfo, tt.wantInfo)
 			}
 			if hasProgress != tt.wantProgress {
 				t.Errorf("ProcessWithOutput() hasProgress = %v, want %v", hasProgress, tt.wantProgress)
 			}
 			if hasSuccess != tt.wantSuccess {
 				t.Errorf("ProcessWithOutput() hasSuccess = %v, want %v", hasSuccess, tt.wantSuccess)
 			}
 		})
 	}
 }
 // TestNewValidationComponent tests the validation component constructor.
 func TestNewValidationComponent(t *testing.T) {
 	t.Parallel()
 	errorManager := &errorManagerForTest{
 		ErrorReporterMock:  &testutil.ErrorReporterMock{},
 		ErrorFormatterMock: &testutil.ErrorFormatterMock{},
 	}
 	logger := &testutil.MessageLoggerMock{}
 	vc := NewValidationComponent(errorManager, logger)
 	if vc == nil {
 		t.Fatal("NewValidationComponent() returned nil")
 	}
 	if vc.errorManager != errorManager {
 		t.Error("NewValidationComponent() did not set errorManager correctly")
 	}
 	if vc.logger != logger {
 		t.Error("NewValidationComponent() did not set logger correctly")
 	}
 }
 // getErrorCallType returns the type of error call that was made.
 func getErrorCallType(reporter *testutil.ErrorReporterMock) string {
 	switch {
 	case len(reporter.ErrorWithSuggestionsCalls) > 0:
 		return "ErrorWithSuggestions"
 	case len(reporter.ErrorCalls) > 0:
 		return "Error"
 	case len(reporter.ErrorWithSimpleFixCalls) > 0:
 		return "ErrorWithSimpleFix"
 	case len(reporter.ErrorWithContextCalls) > 0:
 		return "ErrorWithContext"
 	default:
 		return ""
 	}
 }
 // TestValidationComponentValidateAndReport tests validation reporting.
 func TestValidationComponentValidateAndReport(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name              string
 		item              string
 		isValid           bool
 		err               error
 		wantLoggerCalls   int
 		wantErrorCalls    int
 		wantErrorCallType string
 	}{
 		{
 			name:              "valid item",
 			item:              testutil.TestItemName,
 			isValid:           true,
 			err:               nil,
 			wantLoggerCalls:   1,
 			wantErrorCalls:    0,
 			wantErrorCallType: "",
 		},
 		{
 			name:              "invalid with contextual error",
 			item:              testutil.TestItemName,
 			isValid:           false,
 			err:               apperrors.New(appconstants.ErrCodeValidation, "validation failed"),
 			wantLoggerCalls:   0,
 			wantErrorCalls:    1,
 			wantErrorCallType: "ErrorWithSuggestions",
 		},
 		{
 			name:              "invalid with regular error",
 			item:              testutil.TestItemName,
 			isValid:           false,
 			err:               errors.New("regular error"),
 			wantLoggerCalls:   0,
 			wantErrorCalls:    1,
 			wantErrorCallType: "Error",
 		},
 		{
 			name:              "invalid without error",
 			item:              testutil.TestItemName,
 			isValid:           false,
 			err:               nil,
 			wantLoggerCalls:   0,
 			wantErrorCalls:    1,
 			wantErrorCallType: "ErrorWithSimpleFix",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			errorReporter := &testutil.ErrorReporterMock{}
 			errorManager := &errorManagerForTest{
 				ErrorReporterMock:  errorReporter,
 				ErrorFormatterMock: &testutil.ErrorFormatterMock{},
 			}
 			logger := &testutil.MessageLoggerMock{}
 			vc := NewValidationComponent(errorManager, logger)
 			vc.ValidateAndReport(tt.item, tt.isValid, tt.err)
 			totalLoggerCalls := len(
 				logger.InfoCalls,
 			) + len(
 				logger.SuccessCalls,
 			) + len(
 				logger.WarningCalls,
 			) + len(
 				logger.BoldCalls,
 			) + len(
 				logger.PrintfCalls,
 			)
 			if totalLoggerCalls != tt.wantLoggerCalls {
 				t.Errorf("ValidateAndReport() logger calls = %d, want %d",
 					totalLoggerCalls, tt.wantLoggerCalls)
 			}
 			totalErrorCalls := len(
 				errorReporter.ErrorCalls,
 			) + len(
 				errorReporter.ErrorWithSuggestionsCalls,
 			) + len(
 				errorReporter.ErrorWithContextCalls,
 			) + len(
 				errorReporter.ErrorWithSimpleFixCalls,
 			)
 			if totalErrorCalls != tt.wantErrorCalls {
 				t.Errorf("ValidateAndReport() error calls = %d, want %d",
 					totalErrorCalls, tt.wantErrorCalls)
 			}
 			if tt.wantErrorCallType != "" {
 				actualCallType := getErrorCallType(errorReporter)
 				if actualCallType != tt.wantErrorCallType {
 					t.Errorf("ValidateAndReport() error call type = %s, want %s",
 						actualCallType, tt.wantErrorCallType)
 				}
 			}
 		})
 	}
 }
--- a/internal/generator.go
+++ b/internal/generator.go
@@ -48,7 +48,13 @@ func isUnitTestEnvironment() bool {
 // NewGenerator creates a new generator instance with the provided configuration.
 // This constructor maintains backward compatibility by using concrete implementations.
 // In unit test environments, it automatically uses NullOutput to suppress output.
 // If config is nil, it uses DefaultAppConfig() to prevent panics.
 func NewGenerator(config *AppConfig) *Generator {
 	// Handle nil config gracefully
 	if config == nil {
 		config = DefaultAppConfig()
 	}
 	// Use null output in unit test environments to keep tests clean
 	// Integration tests need real output to verify CLI behavior
 	if isUnitTestEnvironment() {
@@ -289,31 +295,47 @@ func (g *Generator) renderTemplateForAction(
 	return content, nil
 }
-// generateMarkdown creates a README.md file using the template.
+// generateSimpleFormat is a helper for generating simple text-based formats (Markdown, AsciiDoc).
-func (g *Generator) generateMarkdown(action *ActionYML, outputDir, actionPath string) error {
+// It consolidates the common pattern of template rendering, file writing, and success messaging.
 func (g *Generator) generateSimpleFormat(
 	action *ActionYML,
 	outputDir, actionPath string,
 	format, defaultFilename, successMsg string,
 ) error {
 	templatePath := g.resolveTemplatePathForFormat()
 	opts := TemplateOptions{
 		TemplatePath: templatePath,
-		Format:       "md",
+		Format:       format,
 	}
 	content, err := g.renderTemplateForAction(action, outputDir, actionPath, opts)
 	if err != nil {
-		return fmt.Errorf("failed to render markdown template: %w", err)
+		return fmt.Errorf("failed to render %s template: %w", format, err)
 	}
-	outputPath := g.resolveOutputPath(outputDir, appconstants.ReadmeMarkdown)
+	outputPath, err := g.resolveOutputPath(outputDir, defaultFilename)
 	if err != nil {
 		return fmt.Errorf(appconstants.ErrFailedToResolveOutputPath, err)
 	}
 	if err := os.WriteFile(outputPath, []byte(content), appconstants.FilePermDefault); err != nil {
 		// #nosec G306 -- output file permissions
-		return fmt.Errorf("failed to write README.md to %s: %w", outputPath, err)
+		return fmt.Errorf("failed to write %s to %s: %w", format, outputPath, err)
 	}
-	g.Output.Success("Generated README.md: %s", outputPath)
+	g.Output.Success("%s: %s", successMsg, outputPath)
 	return nil
 }
 // generateMarkdown creates a README.md file using the template.
 func (g *Generator) generateMarkdown(action *ActionYML, outputDir, actionPath string) error {
 	return g.generateSimpleFormat(
 		action, outputDir, actionPath,
 		"md", appconstants.ReadmeMarkdown, "Generated README.md",
 	)
 }
 // generateHTML creates an HTML file using the template and optional header/footer.
 func (g *Generator) generateHTML(action *ActionYML, outputDir, actionPath string) error {
 	templatePath := g.resolveTemplatePathForFormat()
@@ -337,7 +359,10 @@ func (g *Generator) generateHTML(action *ActionYML, outputDir, actionPath string
 	}
 	defaultFilename := action.Name + ".html"
-	outputPath := g.resolveOutputPath(outputDir, defaultFilename)
+	outputPath, err := g.resolveOutputPath(outputDir, defaultFilename)
 	if err != nil {
 		return fmt.Errorf(appconstants.ErrFailedToResolveOutputPath, err)
 	}
 	if err := writer.Write(content, outputPath); err != nil {
 		return fmt.Errorf("failed to write HTML to %s: %w", outputPath, err)
 	}
@@ -351,7 +376,10 @@ func (g *Generator) generateHTML(action *ActionYML, outputDir, actionPath string
 func (g *Generator) generateJSON(action *ActionYML, outputDir string) error {
 	writer := NewJSONWriter(g.Config)
-	outputPath := g.resolveOutputPath(outputDir, appconstants.ActionDocsJSON)
+	outputPath, err := g.resolveOutputPath(outputDir, appconstants.ActionDocsJSON)
 	if err != nil {
 		return fmt.Errorf(appconstants.ErrFailedToResolveOutputPath, err)
 	}
 	if err := writer.Write(action, outputPath); err != nil {
 		return fmt.Errorf("failed to write JSON to %s: %w", outputPath, err)
 	}
@@ -363,27 +391,10 @@ func (g *Generator) generateJSON(action *ActionYML, outputDir string) error {
 // generateASCIIDoc creates an AsciiDoc file using the template.
 func (g *Generator) generateASCIIDoc(action *ActionYML, outputDir, actionPath string) error {
-	templatePath := g.resolveTemplatePathForFormat()
+	return g.generateSimpleFormat(
-
+		action, outputDir, actionPath,
-	opts := TemplateOptions{
+		"asciidoc", appconstants.ReadmeASCIIDoc, "Generated AsciiDoc",
-		TemplatePath: templatePath,
+	)
 		Format:       "asciidoc",
 	}
 	content, err := g.renderTemplateForAction(action, outputDir, actionPath, opts)
 	if err != nil {
 		return fmt.Errorf("failed to render AsciiDoc template: %w", err)
 	}
 	outputPath := g.resolveOutputPath(outputDir, appconstants.ReadmeASCIIDoc)
 	if err := os.WriteFile(outputPath, []byte(content), appconstants.FilePermDefault); err != nil {
 		// #nosec G306 -- output file permissions
 		return fmt.Errorf("failed to write AsciiDoc to %s: %w", outputPath, err)
 	}
 	g.Output.Success("Generated AsciiDoc: %s", outputPath)
 	return nil
 }
 // processFiles processes each file and tracks results.
@@ -468,17 +479,56 @@ func (g *Generator) determineOutputDir(actionPath string) string {
 	return g.Config.OutputDir
 }
-// resolveOutputPath resolves the final output path, considering custom filename.
+// resolveOutputPath resolves the final output path and validates it prevents path traversal.
-func (g *Generator) resolveOutputPath(outputDir, defaultFilename string) string {
+// Returns an error if the resolved path would escape the outputDir.
 func (g *Generator) resolveOutputPath(outputDir, defaultFilename string) (string, error) {
 	// Determine the filename to use
 	filename := defaultFilename
 	if g.Config.OutputFilename != "" {
-		if filepath.IsAbs(g.Config.OutputFilename) {
+		filename = g.Config.OutputFilename
 			return g.Config.OutputFilename
 		}
 		return filepath.Join(outputDir, g.Config.OutputFilename)
 	}
-	return filepath.Join(outputDir, defaultFilename)
+	// Reject paths containing .. components (path traversal attempt)
 	if strings.Contains(filename, "..") {
 		return "", fmt.Errorf(appconstants.ErrPathTraversal, filename, outputDir)
 	}
 	// Handle absolute paths - allow them as-is (user's explicit choice)
 	if filepath.IsAbs(filename) {
 		cleaned := filepath.Clean(filename)
 		if cleaned != filename {
 			return "", fmt.Errorf("absolute path contains extraneous components: %s", filename)
 		}
 		return cleaned, nil
 	}
 	// For relative paths, join with output directory
 	finalPath := filepath.Join(outputDir, filename)
 	// Validate the final path stays within outputDir
 	absOutputDir, err := filepath.Abs(outputDir)
 	if err != nil {
 		return "", fmt.Errorf(appconstants.ErrInvalidOutputPath, err)
 	}
 	absFinalPath, err := filepath.Abs(finalPath)
 	if err != nil {
 		return "", fmt.Errorf(appconstants.ErrInvalidOutputPath, err)
 	}
 	// Check if final path is within output directory using filepath.Rel
 	relPath, err := filepath.Rel(absOutputDir, absFinalPath)
 	if err != nil {
 		return "", fmt.Errorf(appconstants.ErrInvalidOutputPath, err)
 	}
 	// If relative path starts with "..", it's outside the output directory
 	if strings.HasPrefix(relPath, "..") {
 		return "", fmt.Errorf(appconstants.ErrPathTraversal, filename, outputDir)
 	}
 	return absFinalPath, nil
 }
 // generateByFormat generates documentation in the specified format.
--- a/internal/generator_comprehensive_test.go
+++ b/internal/generator_comprehensive_test.go
@@ -5,12 +5,13 @@ import (
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
-// TestGenerator_ComprehensiveGeneration demonstrates the new table-driven testing framework
+// TestGeneratorComprehensiveGeneration demonstrates the new table-driven testing framework
 // by testing generation across all fixtures, themes, and formats systematically.
-func TestGenerator_ComprehensiveGeneration(t *testing.T) {
+func TestGeneratorComprehensiveGeneration(t *testing.T) {
 	t.Parallel()
 	// Create test cases using the new helper functions
 	cases := testutil.CreateGeneratorTestCases()
@@ -32,8 +33,8 @@ func TestGenerator_ComprehensiveGeneration(t *testing.T) {
 	testutil.RunGeneratorTests(t, filteredCases)
 }
-// TestGenerator_AllValidFixtures tests generation with all valid fixtures.
+// TestGeneratorAllValidFixtures tests generation with all valid fixtures.
-func TestGenerator_AllValidFixtures(t *testing.T) {
+func TestGeneratorAllValidFixtures(t *testing.T) {
 	t.Parallel()
 	validFixtures := testutil.GetValidFixtures()
@@ -64,8 +65,8 @@ func TestGenerator_AllValidFixtures(t *testing.T) {
 	}
 }
-// TestGenerator_AllInvalidFixtures tests that invalid fixtures produce expected errors.
+// TestGeneratorAllInvalidFixtures tests that invalid fixtures produce expected errors.
-func TestGenerator_AllInvalidFixtures(t *testing.T) {
+func TestGeneratorAllInvalidFixtures(t *testing.T) {
 	t.Parallel()
 	invalidFixtures := testutil.GetInvalidFixtures()
@@ -106,8 +107,8 @@ func TestGenerator_AllInvalidFixtures(t *testing.T) {
 	}
 }
-// TestGenerator_AllThemes demonstrates theme testing using helper functions.
+// TestGeneratorAllThemes demonstrates theme testing using helper functions.
-func TestGenerator_AllThemes(t *testing.T) {
+func TestGeneratorAllThemes(t *testing.T) {
 	t.Parallel()
 	// Use the helper function to test all themes
 	testutil.TestAllThemes(t, func(t *testing.T, theme string) {
@@ -129,8 +130,8 @@ func TestGenerator_AllThemes(t *testing.T) {
 	})
 }
-// TestGenerator_AllFormats demonstrates format testing using helper functions.
+// TestGeneratorAllFormats demonstrates format testing using helper functions.
-func TestGenerator_AllFormats(t *testing.T) {
+func TestGeneratorAllFormats(t *testing.T) {
 	t.Parallel()
 	// Use the helper function to test all formats
 	testutil.TestAllFormats(t, func(t *testing.T, format string) {
@@ -152,8 +153,8 @@ func TestGenerator_AllFormats(t *testing.T) {
 	})
 }
-// TestGenerator_ByActionType demonstrates testing by action type.
+// TestGeneratorByActionType demonstrates testing by action type.
-func TestGenerator_ByActionType(t *testing.T) {
+func TestGeneratorByActionType(t *testing.T) {
 	t.Parallel()
 	actionTypes := []testutil.ActionType{
 		testutil.ActionTypeJavaScript,
@@ -190,8 +191,8 @@ func TestGenerator_ByActionType(t *testing.T) {
 	}
 }
-// TestGenerator_WithMockEnvironment demonstrates testing with a complete mock environment.
+// TestGeneratorWithMockEnvironment demonstrates testing with a complete mock environment.
-func TestGenerator_WithMockEnvironment(t *testing.T) {
+func TestGeneratorWithMockEnvironment(t *testing.T) {
 	t.Parallel()
 	// Create a complete test environment
 	envConfig := &testutil.EnvironmentConfig{
@@ -227,8 +228,8 @@ func TestGenerator_WithMockEnvironment(t *testing.T) {
 	testutil.AssertNoError(t, err)
 }
-// TestGenerator_FixtureValidation demonstrates fixture validation.
+// TestGeneratorFixtureValidation demonstrates fixture validation.
-func TestGenerator_FixtureValidation(t *testing.T) {
+func TestGeneratorFixtureValidation(t *testing.T) {
 	t.Parallel()
 	// Test that all valid fixtures pass validation
 	validFixtures := testutil.GetValidFixtures()
@@ -271,7 +272,7 @@ func createGeneratorTestExecutor() testutil.TestExecutor {
 			}
 			// Create temporary action file
-			actionPath = filepath.Join(ctx.TempDir, "action.yml")
+			actionPath = filepath.Join(ctx.TempDir, appconstants.ActionFileNameYML)
 			testutil.WriteTestFile(t, actionPath, fixture.Content)
 		}
--- a/internal/generator_helper_test.go
+++ b/internal/generator_helper_test.go
@@ -0,0 +1,139 @@
 package internal
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 )
 // TestDefaultTestConfig_Helper tests the defaultTestConfig helper function.
 func TestDefaultTestConfigHelper(t *testing.T) {
 	t.Parallel()
 	// Call the helper multiple times to verify consistency
 	cfg1 := defaultTestConfig()
 	cfg2 := defaultTestConfig()
 	// Verify expected defaults
 	if cfg1.Quiet != true {
 		t.Error("expected Quiet=true for test config")
 	}
 	if cfg1.Theme != appconstants.ThemeDefault {
 		t.Errorf("expected default theme, got %s", cfg1.Theme)
 	}
 	if cfg1.OutputFormat != appconstants.OutputFormatMarkdown {
 		t.Errorf("expected markdown format, got %s", cfg1.OutputFormat)
 	}
 	if cfg1.OutputDir != "." {
 		t.Errorf("expected OutputDir='.', got %s", cfg1.OutputDir)
 	}
 	// Verify immutability - modifying one shouldn't affect others
 	cfg1.Quiet = false
 	cfg1.Theme = "custom"
 	if cfg2.Quiet != true {
 		t.Error("defaultTestConfig should return independent configs")
 	}
 	if cfg2.Theme != appconstants.ThemeDefault {
 		t.Error("defaultTestConfig should return independent configs")
 	}
 	// Verify getting a fresh config after modification
 	cfg3 := defaultTestConfig()
 	if cfg3.Quiet != true {
 		t.Error("defaultTestConfig should always return Quiet=true")
 	}
 }
 // TestAssertActionFiles_Helper tests the assertActionFiles helper function.
 func TestAssertActionFilesHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name    string
 		files   []string
 		setup   func(*testing.T) []string
 		wantErr bool
 	}{
 		{
 			name: "empty file list",
 			setup: func(t *testing.T) []string {
 				t.Helper()
 				return []string{}
 			},
 		},
 		{
 			name: "valid action.yml files",
 			setup: func(t *testing.T) []string {
 				t.Helper()
 				tmpDir1 := t.TempDir()
 				tmpDir2 := t.TempDir()
 				file1 := filepath.Join(tmpDir1, appconstants.ActionFileNameYML)
 				file2 := filepath.Join(tmpDir2, appconstants.ActionFileNameYML)
 				err := os.WriteFile(file1, []byte("name: test"), appconstants.FilePermDefault)
 				if err != nil {
 					t.Fatalf("failed to write file1: %v", err)
 				}
 				err = os.WriteFile(file2, []byte("name: test2"), appconstants.FilePermDefault)
 				if err != nil {
 					t.Fatalf("failed to write file2: %v", err)
 				}
 				return []string{file1, file2}
 			},
 		},
 		{
 			name: "valid action.yaml files",
 			setup: func(t *testing.T) []string {
 				t.Helper()
 				tmpDir := t.TempDir()
 				file := filepath.Join(tmpDir, "action.yaml")
 				err := os.WriteFile(file, []byte("name: test"), appconstants.FilePermDefault)
 				if err != nil {
 					t.Fatalf("failed to write file: %v", err)
 				}
 				return []string{file}
 			},
 		},
 		{
 			name: "mixed yml and yaml extensions",
 			setup: func(t *testing.T) []string {
 				t.Helper()
 				tmpDir1 := t.TempDir()
 				tmpDir2 := t.TempDir()
 				file1 := filepath.Join(tmpDir1, appconstants.ActionFileNameYML)
 				file2 := filepath.Join(tmpDir2, "action.yaml")
 				_ = os.WriteFile(file1, []byte("name: test1"), appconstants.FilePermDefault)
 				_ = os.WriteFile(file2, []byte("name: test2"), appconstants.FilePermDefault)
 				return []string{file1, file2}
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			files := tt.setup(t)
 			// Call the helper - it will verify files exist and have correct extensions
 			// For invalid files, it will call t.Error (which is expected)
 			assertActionFiles(t, files)
 		})
 	}
 }
 // Note: Invalid test cases (wrong extensions, nonexistent files) are not included
 // because testing error paths would require mocking testing.T, which is complex.
 // The helper is already well-tested through the main test suite for error cases.
--- a/internal/generator_test.go
+++ b/internal/generator_test.go
--- a/internal/generator_test_helper.go
+++ b/internal/generator_test_helper.go
@@ -0,0 +1,153 @@
 package internal
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // testFormatGeneration is a generic helper for testing format generation methods.
 // It consolidates the common pattern across HTML, JSON, and AsciiDoc generation tests.
 func testFormatGeneration(
 	t *testing.T,
 	generateFunc func(*Generator, *ActionYML, string, string) error,
 	expectedFile, formatName string,
 	needsActionPath bool,
 ) {
 	t.Helper()
 	t.Parallel()
 	tmpDir := t.TempDir()
 	action := createTestAction()
 	gen := createQuietGenerator()
 	var err error
 	if needsActionPath {
 		actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 		err = generateFunc(gen, action, tmpDir, actionPath)
 	} else {
 		// For JSON which doesn't need actionPath
 		err = generateFunc(gen, action, tmpDir, "")
 	}
 	if err != nil {
 		t.Errorf("%s generation unexpected error = %v", formatName, err)
 	}
 	verifyFileExists(t, filepath.Join(tmpDir, expectedFile), expectedFile)
 }
 // testHTMLGeneration tests HTML generation creates the expected output file.
 func testHTMLGeneration(t *testing.T) {
 	t.Helper()
 	testFormatGeneration(
 		t,
 		func(g *Generator, a *ActionYML, out, path string) error {
 			return g.generateHTML(a, out, path)
 		},
 		"Test Action.html",
 		"HTML",
 		true, // needs actionPath
 	)
 }
 // testJSONGeneration tests JSON generation creates the expected output file.
 func testJSONGeneration(t *testing.T) {
 	t.Helper()
 	testFormatGeneration(
 		t,
 		func(g *Generator, a *ActionYML, out, _ string) error {
 			return g.generateJSON(a, out)
 		},
 		"action-docs.json",
 		"JSON",
 		false, // doesn't need actionPath
 	)
 }
 // testASCIIDocGeneration tests AsciiDoc generation creates the expected output file.
 func testASCIIDocGeneration(t *testing.T) {
 	t.Helper()
 	testFormatGeneration(
 		t,
 		func(g *Generator, a *ActionYML, out, path string) error {
 			return g.generateASCIIDoc(a, out, path)
 		},
 		"README.adoc",
 		"AsciiDoc",
 		true, // needs actionPath
 	)
 }
 // createTestAction creates a basic test action for generator tests.
 func createTestAction() *ActionYML {
 	return &ActionYML{
 		Name:        testutil.TestActionName,
 		Description: testutil.TestActionDesc,
 		Runs:        map[string]any{"using": "composite"},
 	}
 }
 // createQuietGenerator creates a generator with quiet output for testing.
 func createQuietGenerator() *Generator {
 	config := DefaultAppConfig()
 	config.Quiet = true
 	return NewGenerator(config)
 }
 // verifyFileExists checks that a file was created at the expected path.
 func verifyFileExists(t *testing.T, fullPath, expectedFileName string) {
 	t.Helper()
 	if _, err := os.Stat(fullPath); os.IsNotExist(err) {
 		t.Errorf("Expected %s to be created", expectedFileName)
 	}
 }
 // createTestDirs creates multiple test directories with given names.
 func createTestDirs(t *testing.T, tmpDir string, names ...string) []string {
 	t.Helper()
 	dirs := make([]string, len(names))
 	for i, name := range names {
 		dirPath := filepath.Join(tmpDir, name)
 		testutil.CreateTestDir(t, dirPath)
 		dirs[i] = dirPath
 	}
 	return dirs
 }
 // createMultiActionSetup creates a setupFunc for batch processing tests with multiple actions.
 // It generates separate directories for each action and writes the specified fixtures.
 func createMultiActionSetup(dirNames, fixtures []string) func(t *testing.T, tmpDir string) []string {
 	return func(t *testing.T, tmpDir string) []string {
 		t.Helper()
 		// Create separate directories for each action
 		dirs := createTestDirs(t, tmpDir, dirNames...)
 		// Build file paths and write fixtures
 		files := make([]string, len(dirs))
 		for i, dir := range dirs {
 			files[i] = filepath.Join(dir, appconstants.ActionFileNameYML)
 			testutil.WriteTestFile(t, files[i], testutil.MustReadFixture(fixtures[i]))
 		}
 		return files
 	}
 }
 // setupNonexistentFiles returns a setupFunc that creates paths to nonexistent files.
 // This is used in multiple tests to verify error handling for missing files.
 func setupNonexistentFiles(filename string) func(*testing.T, string) []string {
 	return func(_ *testing.T, tmpDir string) []string {
 		return []string{filepath.Join(tmpDir, filename)}
 	}
 }
--- a/internal/generator_validation_helper_test.go
+++ b/internal/generator_validation_helper_test.go
@@ -0,0 +1,85 @@
 package internal
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // TestAssertMessageCounts_Helper tests the assertMessageCounts helper function.
 func TestAssertMessageCountsHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name   string
 		output *capturedOutput
 		want   messageCountExpectations
 	}{
 		{
 			name: "all counts zero",
 			output: &capturedOutput{
 				CapturedOutput: &testutil.CapturedOutput{
 					BoldMessages:    []string{},
 					SuccessMessages: []string{},
 					WarningMessages: []string{},
 					ErrorMessages:   []string{},
 					InfoMessages:    []string{},
 				},
 			},
 			want: messageCountExpectations{
 				bold:    0,
 				success: 0,
 				warning: 0,
 				error:   0,
 				info:    0,
 			},
 		},
 		{
 			name: "some messages",
 			output: &capturedOutput{
 				CapturedOutput: &testutil.CapturedOutput{
 					BoldMessages:    []string{"bold1", "bold2"},
 					SuccessMessages: []string{"success1"},
 					WarningMessages: []string{},
 					ErrorMessages:   []string{"error1", "error2", "error3"},
 					InfoMessages:    []string{"info1"},
 				},
 			},
 			want: messageCountExpectations{
 				bold:    2,
 				success: 1,
 				warning: 0,
 				error:   3,
 				info:    1,
 			},
 		},
 		{
 			name: "only bold and success",
 			output: &capturedOutput{
 				CapturedOutput: &testutil.CapturedOutput{
 					BoldMessages:    []string{"bold"},
 					SuccessMessages: []string{"success"},
 					WarningMessages: []string{},
 					ErrorMessages:   []string{},
 					InfoMessages:    []string{},
 				},
 			},
 			want: messageCountExpectations{
 				bold:    1,
 				success: 1,
 				warning: 0,
 				error:   0,
 				info:    0,
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Call the helper - it validates message counts
 			assertMessageCounts(t, tt.output, tt.want)
 		})
 	}
 }
--- a/internal/generator_validation_test.go
+++ b/internal/generator_validation_test.go
@@ -0,0 +1,551 @@
 package internal
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // capturedOutput wraps testutil.CapturedOutput to satisfy CompleteOutput interface.
 type capturedOutput struct {
 	*testutil.CapturedOutput
 }
 // ErrorWithSuggestions wraps the testutil version to match interface signature.
 func (c *capturedOutput) ErrorWithSuggestions(err *apperrors.ContextualError) {
 	c.CapturedOutput.ErrorWithSuggestions(err)
 }
 // FormatContextualError wraps the testutil version to match interface signature.
 func (c *capturedOutput) FormatContextualError(err *apperrors.ContextualError) string {
 	return c.CapturedOutput.FormatContextualError(err)
 }
 // newCapturedOutput creates a new capturedOutput instance.
 func newCapturedOutput() *capturedOutput {
 	return &capturedOutput{
 		CapturedOutput: &testutil.CapturedOutput{},
 	}
 }
 // TestCountValidationStats tests the validation statistics counting function.
 func TestCountValidationStats(t *testing.T) {
 	tests := []struct {
 		name            string
 		results         []ValidationResult
 		wantValidFiles  int
 		wantTotalIssues int
 	}{
 		{
 			name: "all valid files",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1}},
 				{MissingFields: []string{testutil.ValidationTestFile2}},
 			},
 			wantValidFiles:  2,
 			wantTotalIssues: 0,
 		},
 		{
 			name: "all invalid files",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1, "name", "description"}},
 				{MissingFields: []string{testutil.ValidationTestFile2, "runs"}},
 			},
 			wantValidFiles:  0,
 			wantTotalIssues: 3, // 2 issues in first file + 1 in second
 		},
 		{
 			name: "mixed valid and invalid",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1}},                        // Valid
 				{MissingFields: []string{testutil.ValidationTestFile2, "name", "description"}}, // 2 issues
 				{MissingFields: []string{"file: action3.yml"}},                                 // Valid
 				{MissingFields: []string{"file: action4.yml", "runs"}},                         // 1 issue
 			},
 			wantValidFiles:  2,
 			wantTotalIssues: 3,
 		},
 		{
 			name:            "empty results",
 			results:         []ValidationResult{},
 			wantValidFiles:  0,
 			wantTotalIssues: 0,
 		},
 		{
 			name: "single valid file",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile3}},
 			},
 			wantValidFiles:  1,
 			wantTotalIssues: 0,
 		},
 		{
 			name: "single invalid file with multiple issues",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile3, "name", "description", "runs"}},
 			},
 			wantValidFiles:  0,
 			wantTotalIssues: 3,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			gen := &Generator{}
 			gotValid, gotIssues := gen.countValidationStats(tt.results)
 			if gotValid != tt.wantValidFiles {
 				t.Errorf("countValidationStats() validFiles = %d, want %d", gotValid, tt.wantValidFiles)
 			}
 			if gotIssues != tt.wantTotalIssues {
 				t.Errorf("countValidationStats() totalIssues = %d, want %d", gotIssues, tt.wantTotalIssues)
 			}
 		})
 	}
 }
 // messageCountExpectations defines expected message counts for validation tests.
 type messageCountExpectations struct {
 	bold    int
 	success int
 	warning int
 	error   int
 	info    int
 }
 // assertMessageCounts checks that message counts match expectations.
 func assertMessageCounts(t *testing.T, output *capturedOutput, want messageCountExpectations) {
 	t.Helper()
 	checks := []struct {
 		name     string
 		got      int
 		expected int
 	}{
 		{"bold messages", len(output.BoldMessages), want.bold},
 		{"success messages", len(output.SuccessMessages), want.success},
 		{"warning messages", len(output.WarningMessages), want.warning},
 		{"error messages", len(output.ErrorMessages), want.error},
 		{"info messages", len(output.InfoMessages), want.info},
 	}
 	for _, check := range checks {
 		if check.got != check.expected {
 			t.Errorf("showValidationSummary() %s = %d, want %d", check.name, check.got, check.expected)
 		}
 	}
 }
 // TestShowValidationSummary tests the validation summary display function.
 func TestShowValidationSummary(t *testing.T) {
 	tests := []validationSummaryTestCase{
 		createValidationSummaryTest(validationSummaryParams{
 			name:        "all valid files",
 			totalFiles:  3,
 			validFiles:  3,
 			totalIssues: 0,
 			resultCount: 3,
 			errorCount:  0,
 			wantWarning: 0,
 			wantError:   0,
 			wantInfo:    0,
 		}),
 		createValidationSummaryTest(validationSummaryParams{
 			name:        "some files with issues",
 			totalFiles:  3,
 			validFiles:  1,
 			totalIssues: 5,
 			resultCount: 3,
 			errorCount:  0,
 			wantWarning: 1,
 			wantError:   0,
 			wantInfo:    1,
 		}),
 		createValidationSummaryTest(validationSummaryParams{
 			name:        "parse errors present",
 			totalFiles:  5,
 			validFiles:  2,
 			totalIssues: 3,
 			resultCount: 3,
 			errorCount:  2,
 			wantWarning: 1,
 			wantError:   1,
 			wantInfo:    1,
 		}),
 		createValidationSummaryTest(validationSummaryParams{
 			name:        "only parse errors",
 			totalFiles:  2,
 			validFiles:  0,
 			totalIssues: 0,
 			resultCount: 0,
 			errorCount:  2,
 			wantWarning: 0,
 			wantError:   1,
 			wantInfo:    0,
 		}),
 		createValidationSummaryTest(validationSummaryParams{
 			name:        "zero files",
 			totalFiles:  0,
 			validFiles:  0,
 			totalIssues: 0,
 			resultCount: 0,
 			errorCount:  0,
 			wantWarning: 0,
 			wantError:   0,
 			wantInfo:    0,
 		}),
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := newCapturedOutput()
 			gen := &Generator{Output: output}
 			gen.showValidationSummary(tt.totalFiles, tt.validFiles, tt.totalIssues, tt.resultCount, tt.errorCount)
 			assertMessageCounts(t, output, messageCountExpectations{
 				bold:    tt.wantBold,
 				success: tt.wantSuccess,
 				warning: tt.wantWarning,
 				error:   tt.wantError,
 				info:    tt.wantInfo,
 			})
 		})
 	}
 }
 // TestShowParseErrors tests the parse error display function.
 func TestShowParseErrors(t *testing.T) {
 	tests := []struct {
 		name         string
 		errors       []string
 		wantBold     int
 		wantError    int
 		wantContains string
 	}{
 		{
 			name:         "no parse errors",
 			errors:       []string{},
 			wantBold:     0,
 			wantError:    0,
 			wantContains: "",
 		},
 		{
 			name:         "single parse error",
 			errors:       []string{"Failed to parse action.yml: invalid YAML"},
 			wantBold:     1,
 			wantError:    1,
 			wantContains: "Failed to parse",
 		},
 		{
 			name: "multiple parse errors",
 			errors: []string{
 				"Failed to parse action1.yml: invalid YAML",
 				"Failed to parse action2.yml: file not found",
 				"Failed to parse action3.yml: permission denied",
 			},
 			wantBold:     1,
 			wantError:    3,
 			wantContains: "Failed to parse",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := newCapturedOutput()
 			gen := &Generator{Output: output}
 			gen.showParseErrors(tt.errors)
 			testutil.AssertMessageCounts(t, tt.name, output.CapturedOutput, 0, tt.wantError, 0, tt.wantBold)
 			if tt.wantContains != "" && !output.ContainsError(tt.wantContains) {
 				t.Errorf(
 					"showParseErrors() error messages should contain %q, got %v",
 					tt.wantContains,
 					output.ErrorMessages,
 				)
 			}
 		})
 	}
 }
 // TestShowFileIssues tests the file-specific issue display function.
 func TestShowFileIssues(t *testing.T) {
 	tests := []struct {
 		name         string
 		result       ValidationResult
 		wantInfo     int
 		wantError    int
 		wantWarning  int
 		wantContains string
 	}{
 		{
 			name: "file with missing fields only",
 			result: ValidationResult{
 				MissingFields: []string{testutil.ValidationTestFile3, "name", "description"},
 			},
 			wantInfo:     1, // File name only (no suggestions)
 			wantError:    2, // 2 missing fields
 			wantWarning:  0,
 			wantContains: "name",
 		},
 		{
 			name: "file with warnings only",
 			result: ValidationResult{
 				MissingFields: []string{testutil.ValidationTestFile3},
 				Warnings:      []string{"author field is recommended", "icon field is recommended"},
 			},
 			wantInfo:     1, // File name
 			wantError:    0,
 			wantWarning:  2,
 			wantContains: "author",
 		},
 		{
 			name: "file with missing fields and warnings",
 			result: ValidationResult{
 				MissingFields: []string{testutil.ValidationTestFile3, "name"},
 				Warnings:      []string{"author field is recommended"},
 			},
 			wantInfo:     1,
 			wantError:    1,
 			wantWarning:  1,
 			wantContains: "name",
 		},
 		{
 			name: "file with suggestions",
 			result: ValidationResult{
 				MissingFields: []string{testutil.ValidationTestFile3, "name"},
 				Suggestions:   []string{"Add a descriptive name field", "See documentation for examples"},
 			},
 			wantInfo:     2, // File name + Suggestions header
 			wantError:    1,
 			wantWarning:  0,
 			wantContains: "descriptive name",
 		},
 		{
 			name: "valid file (no issues)",
 			result: ValidationResult{
 				MissingFields: []string{testutil.ValidationTestFile3},
 			},
 			wantInfo:     1, // Just file name
 			wantError:    0,
 			wantWarning:  0,
 			wantContains: appconstants.ActionFileNameYML,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := newCapturedOutput()
 			gen := &Generator{Output: output}
 			gen.showFileIssues(tt.result)
 			if len(output.InfoMessages) < tt.wantInfo {
 				t.Errorf("showFileIssues() info messages = %d, want at least %d", len(output.InfoMessages), tt.wantInfo)
 			}
 			if len(output.ErrorMessages) != tt.wantError {
 				t.Errorf("showFileIssues() error messages = %d, want %d", len(output.ErrorMessages), tt.wantError)
 			}
 			if len(output.WarningMessages) != tt.wantWarning {
 				t.Errorf("showFileIssues() warning messages = %d, want %d", len(output.WarningMessages), tt.wantWarning)
 			}
 			// Check if expected content appears somewhere in the output
 			if tt.wantContains != "" && !output.ContainsMessage(tt.wantContains) {
 				t.Errorf("showFileIssues() output should contain %q, got info=%v, error=%v, warning=%v",
 					tt.wantContains, output.InfoMessages, output.ErrorMessages, output.WarningMessages)
 			}
 		})
 	}
 }
 // TestShowDetailedIssues tests the detailed issues display function.
 func TestShowDetailedIssues(t *testing.T) {
 	tests := []struct {
 		name        string
 		results     []ValidationResult
 		totalIssues int
 		verbose     bool
 		wantBold    int // Expected number of bold messages
 	}{
 		{
 			name: "no issues, not verbose",
 			results: []ValidationResult{
 				{MissingFields: []string{"file: action1.yml"}},
 				{MissingFields: []string{"file: action2.yml"}},
 			},
 			totalIssues: 0,
 			verbose:     false,
 			wantBold:    0, // Should not show details
 		},
 		{
 			name: "no issues, verbose mode",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1}},
 				{MissingFields: []string{testutil.ValidationTestFile2}},
 			},
 			totalIssues: 0,
 			verbose:     true,
 			wantBold:    1, // Should show header even with no issues
 		},
 		{
 			name: "some issues",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1, "name"}},
 				{MissingFields: []string{testutil.ValidationTestFile2}},
 			},
 			totalIssues: 1,
 			verbose:     false,
 			wantBold:    1, // Should show details
 		},
 		{
 			name: "files with warnings",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1}, Warnings: []string{"author recommended"}},
 			},
 			totalIssues: 0,
 			verbose:     false,
 			wantBold:    0, // No bold output (warnings don't count as issues, early return)
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := newCapturedOutput()
 			gen := &Generator{
 				Output: output,
 				Config: &AppConfig{Verbose: tt.verbose},
 			}
 			gen.showDetailedIssues(tt.results, tt.totalIssues)
 			if len(output.BoldMessages) != tt.wantBold {
 				t.Errorf("showDetailedIssues() bold messages = %d, want %d", len(output.BoldMessages), tt.wantBold)
 			}
 		})
 	}
 }
 // TestReportValidationResults tests the main validation reporting function.
 // reportCounts holds the expected counts for validation report output.
 type reportCounts struct {
 	bold    int
 	success bool
 	error   bool
 }
 // validateReportCounts validates that the report output contains expected message counts.
 func validateReportCounts(
 	t *testing.T,
 	gotBold, gotSuccess, gotError int,
 	want reportCounts,
 	allowUnexpectedErrors bool,
 ) {
 	t.Helper()
 	if gotBold < want.bold {
 		t.Errorf("Bold messages = %d, want at least %d", gotBold, want.bold)
 	}
 	if want.success && gotSuccess == 0 {
 		t.Error("Expected success messages, got none")
 	}
 	if want.error && gotError == 0 {
 		t.Error("Expected error messages, got none")
 	}
 	if !allowUnexpectedErrors && gotError > 0 {
 		t.Errorf("Expected no error messages, got %d", gotError)
 	}
 }
 func TestReportValidationResults(t *testing.T) {
 	tests := []struct {
 		name        string
 		results     []ValidationResult
 		errors      []string
 		wantBold    int // Minimum number of bold messages
 		wantSuccess bool
 		wantError   bool
 	}{
 		{
 			name: "all valid, no errors",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1}},
 				{MissingFields: []string{testutil.ValidationTestFile2}},
 			},
 			errors:      []string{},
 			wantBold:    1,
 			wantSuccess: true,
 			wantError:   false,
 		},
 		{
 			name: "some invalid files",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1, "name"}},
 				{MissingFields: []string{testutil.ValidationTestFile2}},
 			},
 			errors:      []string{},
 			wantBold:    2, // Summary + Details
 			wantSuccess: true,
 			wantError:   true,
 		},
 		{
 			name:        "parse errors only",
 			results:     []ValidationResult{},
 			errors:      []string{"Failed to parse action.yml"},
 			wantBold:    2, // Summary + Parse Errors
 			wantSuccess: true,
 			wantError:   true,
 		},
 		{
 			name: "mixed validation issues and parse errors",
 			results: []ValidationResult{
 				{MissingFields: []string{testutil.ValidationTestFile1, "name", "description"}},
 			},
 			errors:      []string{"Failed to parse action2.yml"},
 			wantBold:    3, // Summary + Details + Parse Errors
 			wantSuccess: true,
 			wantError:   true,
 		},
 		{
 			name:        "empty results",
 			results:     []ValidationResult{},
 			errors:      []string{},
 			wantBold:    1,
 			wantSuccess: true,
 			wantError:   false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := newCapturedOutput()
 			gen := &Generator{
 				Output: output,
 				Config: &AppConfig{Verbose: false},
 			}
 			gen.reportValidationResults(tt.results, tt.errors)
 			counts := reportCounts{
 				bold:    tt.wantBold,
 				success: tt.wantSuccess,
 				error:   tt.wantError,
 			}
 			validateReportCounts(
 				t,
 				len(output.BoldMessages),
 				len(output.SuccessMessages),
 				len(output.ErrorMessages),
 				counts,
 				tt.wantError,
 			)
 		})
 	}
 }
--- a/internal/generator_validation_test_helper.go
+++ b/internal/generator_validation_test_helper.go
@@ -0,0 +1,44 @@
 package internal
 // validationSummaryTestCase defines a test case for validation summary tests.
 // This helper reduces duplication in test case definitions by providing
 // a factory function with sensible defaults.
 type validationSummaryTestCase struct {
 	name        string
 	totalFiles  int
 	validFiles  int
 	totalIssues int
 	resultCount int
 	errorCount  int
 	wantBold    int
 	wantSuccess int
 	wantWarning int
 	wantError   int
 	wantInfo    int
 }
 // validationSummaryParams holds parameters for creating validation summary test cases.
 type validationSummaryParams struct {
 	name                                                         string
 	totalFiles, validFiles, totalIssues, resultCount, errorCount int
 	wantWarning, wantError, wantInfo                             int
 }
 // createValidationSummaryTest creates a validation summary test case with defaults.
 // Default values: wantBold=1, wantSuccess=1, wantWarning=0, wantError=0, wantInfo=0
 // Only provide the fields that differ from defaults.
 func createValidationSummaryTest(params validationSummaryParams) validationSummaryTestCase {
 	return validationSummaryTestCase{
 		name:        params.name,
 		totalFiles:  params.totalFiles,
 		validFiles:  params.validFiles,
 		totalIssues: params.totalIssues,
 		resultCount: params.resultCount,
 		errorCount:  params.errorCount,
 		wantBold:    1, // Always 1
 		wantSuccess: 1, // Always 1
 		wantWarning: params.wantWarning,
 		wantError:   params.wantError,
 		wantInfo:    params.wantInfo,
 	}
 }
--- a/internal/git/detector.go
+++ b/internal/git/detector.go
@@ -155,7 +155,11 @@ func getRemoteURLFromConfig(repoRoot string) (string, error) {
 // getDefaultBranch gets the default branch name.
 func getDefaultBranch(repoRoot string) string {
-	cmd := exec.Command("git", "symbolic-ref", "refs/remotes/origin/HEAD")
+	cmd := exec.Command(
 		appconstants.GitCommand,
 		"symbolic-ref",
 		"refs/remotes/origin/HEAD",
 	) // #nosec G204 -- controlled git command
 	cmd.Dir = repoRoot
 	output, err := cmd.Output()
@@ -209,7 +213,7 @@ func parseGitHubURL(url string) (organization, repository string) {
 			repo := matches[2]
 			// Remove .git suffix if present
-			repo = strings.TrimSuffix(repo, ".git")
+			repo = strings.TrimSuffix(repo, appconstants.DirGit)
 			return org, repo
 		}
--- a/internal/git/detector_test.go
+++ b/internal/git/detector_test.go
@@ -1,7 +1,6 @@
 package git
 import (
 	"os"
 	"path/filepath"
 	"testing"
@@ -22,18 +21,11 @@ func TestFindRepositoryRoot(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				// Create .git directory
-				gitDir := filepath.Join(tmpDir, ".git")
+				testutil.SetupGitDirectory(t, tmpDir)
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				if err != nil {
 					t.Fatalf("failed to create .git directory: %v", err)
 				}
 				// Create subdirectory to test from
 				subDir := filepath.Join(tmpDir, "subdir", "nested")
-				err = os.MkdirAll(subDir, 0750) // #nosec G301 -- test directory permissions
+				testutil.CreateTestDir(t, subDir)
 				if err != nil {
 					t.Fatalf("failed to create subdirectory: %v", err)
 				}
 				return subDir
 			},
@@ -59,10 +51,7 @@ func TestFindRepositoryRoot(t *testing.T) {
 				t.Helper()
 				// Create subdirectory without .git
 				subDir := filepath.Join(tmpDir, "subdir")
-				err := os.MkdirAll(subDir, 0750) // #nosec G301 -- test directory permissions
+				testutil.CreateTestDir(t, subDir)
 				if err != nil {
 					t.Fatalf("failed to create subdirectory: %v", err)
 				}
 				return subDir
 			},
@@ -123,19 +112,9 @@ func TestDetectGitRepository(t *testing.T) {
 		setupFunc func(t *testing.T, tmpDir string) string
 		checkFunc func(t *testing.T, info *RepoInfo)
 	}{
-		{
+		createGitRepoTestCase(gitTestCase{
 			name: "GitHub repository",
-			setupFunc: func(t *testing.T, tmpDir string) string {
+			configContent: `[core]
 				t.Helper()
 				// Create .git directory
 				gitDir := filepath.Join(tmpDir, ".git")
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				if err != nil {
 					t.Fatalf("failed to create .git directory: %v", err)
 				}
 				// Create config file with GitHub remote
 				configContent := `[core]
 	repositoryformatversion = 0
 	filemode = true
 	bare = false
@@ -146,45 +125,21 @@ func TestDetectGitRepository(t *testing.T) {
 [branch "main"]
 	remote = origin
 	merge = refs/heads/main
-`
+`,
-				configPath := filepath.Join(gitDir, "config")
+			expectedOrg:  "owner",
-				testutil.WriteTestFile(t, configPath, configContent)
+			expectedRepo: "repo",
-
+			expectedURL:  "https://github.com/owner/repo.git",
-				return tmpDir
+		}),
-			},
+		createGitRepoTestCase(gitTestCase{
 			checkFunc: func(t *testing.T, info *RepoInfo) {
 				t.Helper()
 				testutil.AssertEqual(t, "owner", info.Organization)
 				testutil.AssertEqual(t, "repo", info.Repository)
 				testutil.AssertEqual(t, "https://github.com/owner/repo.git", info.RemoteURL)
 			},
 		},
 		{
 			name: "SSH remote URL",
-			setupFunc: func(t *testing.T, tmpDir string) string {
+			configContent: `[remote "origin"]
 				t.Helper()
 				gitDir := filepath.Join(tmpDir, ".git")
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				if err != nil {
 					t.Fatalf("failed to create .git directory: %v", err)
 				}
 				configContent := `[remote "origin"]
 	url = git@github.com:owner/repo.git
 	fetch = +refs/heads/*:refs/remotes/origin/*
-`
+`,
-				configPath := filepath.Join(gitDir, "config")
+			expectedOrg:  "owner",
-				testutil.WriteTestFile(t, configPath, configContent)
+			expectedRepo: "repo",
-
+			expectedURL:  "git@github.com:owner/repo.git",
-				return tmpDir
+		}),
 			},
 			checkFunc: func(t *testing.T, info *RepoInfo) {
 				t.Helper()
 				testutil.AssertEqual(t, "owner", info.Organization)
 				testutil.AssertEqual(t, "repo", info.Repository)
 				testutil.AssertEqual(t, "git@github.com:owner/repo.git", info.RemoteURL)
 			},
 		},
 		{
 			name: "no git repository",
 			setupFunc: func(_ *testing.T, tmpDir string) string {
@@ -197,33 +152,16 @@ func TestDetectGitRepository(t *testing.T) {
 				testutil.AssertEqual(t, "", info.Repository)
 			},
 		},
-		{
+		createGitRepoTestCase(gitTestCase{
 			name: "git repository without origin remote",
-			setupFunc: func(t *testing.T, tmpDir string) string {
+			configContent: `[core]
 				t.Helper()
 				gitDir := filepath.Join(tmpDir, ".git")
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				if err != nil {
 					t.Fatalf("failed to create .git directory: %v", err)
 				}
 				configContent := `[core]
 	repositoryformatversion = 0
 	filemode = true
 	bare = false
-`
+`,
-				configPath := filepath.Join(gitDir, "config")
+			expectedOrg:  "",
-				testutil.WriteTestFile(t, configPath, configContent)
+			expectedRepo: "",
-
+		}),
 				return tmpDir
 			},
 			checkFunc: func(t *testing.T, info *RepoInfo) {
 				t.Helper()
 				testutil.AssertEqual(t, true, info.IsGitRepo)
 				testutil.AssertEqual(t, "", info.Organization)
 				testutil.AssertEqual(t, "", info.Repository)
 			},
 		},
 	}
 	for _, tt := range tests {
@@ -298,7 +236,7 @@ func TestParseGitHubURL(t *testing.T) {
 	}
 }
-func TestRepoInfo_GetRepositoryName(t *testing.T) {
+func TestRepoInfoGetRepositoryName(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -344,3 +282,532 @@ func TestRepoInfo_GetRepositoryName(t *testing.T) {
 		})
 	}
 }
 // TestRepoInfoGenerateUsesStatement tests the GenerateUsesStatement method.
 func TestRepoInfoGenerateUsesStatement(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name       string
 		repoInfo   *RepoInfo
 		actionName string
 		version    string
 		expected   string
 	}{
 		{
 			name: "repository-level action",
 			repoInfo: &RepoInfo{
 				Organization: "actions",
 				Repository:   "checkout",
 			},
 			actionName: "",
 			version:    "v3",
 			expected:   testutil.TestActionCheckoutV3,
 		},
 		{
 			name: "repository-level action with same name",
 			repoInfo: &RepoInfo{
 				Organization: "actions",
 				Repository:   "checkout",
 			},
 			actionName: "checkout",
 			version:    "v3",
 			expected:   testutil.TestActionCheckoutV3,
 		},
 		{
 			name: "subdirectory action",
 			repoInfo: &RepoInfo{
 				Organization: "actions",
 				Repository:   "toolkit",
 			},
 			actionName: "cache",
 			version:    "v2",
 			expected:   "actions/toolkit/cache@v2",
 		},
 		{
 			name: "without organization",
 			repoInfo: &RepoInfo{
 				Organization: "",
 				Repository:   "",
 			},
 			actionName: "my-action",
 			version:    "v1",
 			expected:   "your-org/my-action@v1",
 		},
 		{
 			name: "without organization and action name",
 			repoInfo: &RepoInfo{
 				Organization: "",
 				Repository:   "",
 			},
 			actionName: "",
 			version:    "v1",
 			expected:   "your-org/your-action@v1",
 		},
 		{
 			name: "with SHA version",
 			repoInfo: &RepoInfo{
 				Organization: "actions",
 				Repository:   "checkout",
 			},
 			actionName: "",
 			version:    "abc123def456",
 			expected:   "actions/checkout@abc123def456",
 		},
 		{
 			name: "with main branch",
 			repoInfo: &RepoInfo{
 				Organization: "actions",
 				Repository:   "setup-node",
 			},
 			actionName: "",
 			version:    "main",
 			expected:   "actions/setup-node@main",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			result := tt.repoInfo.GenerateUsesStatement(tt.actionName, tt.version)
 			testutil.AssertEqual(t, tt.expected, result)
 		})
 	}
 }
 // TestGetDefaultBranch_Fallbacks tests branch detection fallback logic.
 func TestGetDefaultBranchFallbacks(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name           string
 		setupFunc      func(t *testing.T, tmpDir string) string
 		expectedBranch string
 	}{
 		createDefaultBranchTestCase(defaultBranchTestCase{
 			name:           "git config with main branch",
 			branch:         "main",
 			expectedBranch: "main",
 		}),
 		createDefaultBranchTestCase(defaultBranchTestCase{
 			name:           "git config with master branch - returns main fallback",
 			branch:         "master",
 			expectedBranch: "main",
 		}),
 		createDefaultBranchTestCase(defaultBranchTestCase{
 			name:           "git config with develop branch - returns main fallback",
 			branch:         "develop",
 			expectedBranch: "main",
 		}),
 		{
 			name: "no git config - returns main fallback",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				_ = testutil.SetupGitDirectory(t, tmpDir)
 				return tmpDir
 			},
 			expectedBranch: "main", // Falls back to "main" when git command fails
 		},
 		{
 			name: "malformed git config - returns main fallback",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				gitDir := testutil.SetupGitDirectory(t, tmpDir)
 				configContent := `[branch this is malformed`
 				configPath := filepath.Join(gitDir, "config")
 				testutil.WriteTestFile(t, configPath, configContent)
 				return tmpDir
 			},
 			expectedBranch: "main", // Falls back to "main" when git command fails
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tmpDir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			repoDir := tt.setupFunc(t, tmpDir)
 			branch := getDefaultBranch(repoDir)
 			testutil.AssertEqual(t, tt.expectedBranch, branch)
 		})
 	}
 }
 // TestGetRemoteURL_AllSources tests all remote URL detection methods.
 func TestGetRemoteURLAllSources(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name        string
 		setupFunc   func(t *testing.T, tmpDir string) string
 		expectError bool
 		expectedURL string
 	}{
 		createGitURLTestCase(gitURLTestCase{
 			name: "remote from git config - https",
 			configContent: `[remote "origin"]
 	url = https://github.com/test/repo.git
 `,
 			expectError: false,
 			expectedURL: "https://github.com/test/repo.git",
 		}),
 		createGitURLTestCase(gitURLTestCase{
 			name: "remote from git config - ssh",
 			configContent: `[remote "origin"]
 	url = git@github.com:user/repo.git
 `,
 			expectError: false,
 			expectedURL: "git@github.com:user/repo.git",
 		}),
 		createGitURLTestCase(gitURLTestCase{
 			name: "multiple remotes - origin takes precedence",
 			configContent: `[remote "upstream"]
 	url = https://github.com/upstream/repo
 [remote "origin"]
 	url = https://github.com/origin/repo
 `,
 			expectError: false,
 			expectedURL: "https://github.com/origin/repo",
 		}),
 		{
 			name: "no remote configured",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				_ = testutil.SetupGitDirectory(t, tmpDir)
 				return tmpDir
 			},
 			expectError: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tmpDir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			repoDir := tt.setupFunc(t, tmpDir)
 			url, err := getRemoteURL(repoDir)
 			if tt.expectError {
 				testutil.AssertError(t, err)
 			} else {
 				testutil.AssertNoError(t, err)
 				testutil.AssertEqual(t, tt.expectedURL, url)
 			}
 		})
 	}
 }
 // TestGetRemoteURLFromConfig_EdgeCases tests git config parsing with edge cases.
 func TestGetRemoteURLFromConfigEdgeCases(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name          string
 		configContent string
 		expectError   bool
 		expectedURL   string
 		description   string
 	}{
 		{
 			name: "standard git config",
 			configContent: `[remote "origin"]
 	url = ` + testutil.TestURLGitHubUserRepo + `
 `,
 			expectError: false,
 			expectedURL: testutil.TestURLGitHubUserRepo,
 			description: "Standard git config",
 		},
 		{
 			name: "config with comments",
 			configContent: `# This is a comment
 [remote "origin"]
 	# Another comment
 	url = ` + testutil.TestURLGitHubUserRepo + `
 	fetch = +refs/heads/*:refs/remotes/origin/*
 `,
 			expectError: false,
 			expectedURL: testutil.TestURLGitHubUserRepo,
 			description: "Config with comments should be parsed",
 		},
 		{
 			name:          "empty config",
 			configContent: ``,
 			expectError:   true,
 			description:   "Empty config",
 		},
 		{
 			name: "incomplete section",
 			configContent: `[remote "origin"
 	url = ` + testutil.TestURLGitHubUserRepo + `
 `,
 			expectError: true,
 			description: "Malformed section",
 		},
 		{
 			name: "url with spaces",
 			configContent: `[remote "origin"]
 	url = https://github.com/user name/repo name
 `,
 			expectError: false,
 			expectedURL: "https://github.com/user name/repo name",
 			description: "URL with spaces should be preserved",
 		},
 		{
 			name: "multiple origin sections - first wins",
 			configContent: `[remote "origin"]
 	url = https://github.com/first/repo
 [remote "origin"]
 	url = https://github.com/second/repo
 `,
 			expectError: false,
 			expectedURL: "https://github.com/first/repo",
 			description: "First origin section takes precedence",
 		},
 		{
 			name: "ssh url format",
 			configContent: `[remote "origin"]
 	url = git@gitlab.com:user/repo.git
 `,
 			expectError: false,
 			expectedURL: "git@gitlab.com:user/repo.git",
 			description: "SSH URL format",
 		},
 		{
 			name: "url with trailing whitespace",
 			configContent: `[remote "origin"]
 	url = ` + testutil.TestURLGitHubUserRepo + `
 `,
 			expectError: false,
 			expectedURL: testutil.TestURLGitHubUserRepo,
 			description: "Trailing whitespace should be trimmed",
 		},
 		{
 			name: "config without url field",
 			configContent: `[remote "origin"]
 	fetch = +refs/heads/*:refs/remotes/origin/*
 `,
 			expectError: true,
 			description: "Remote without URL",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tmpDir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			gitDir := testutil.SetupGitDirectory(t, tmpDir)
 			if tt.configContent != "" {
 				configPath := filepath.Join(gitDir, "config")
 				testutil.WriteTestFile(t, configPath, tt.configContent)
 			}
 			url, err := getRemoteURLFromConfig(tmpDir)
 			if tt.expectError {
 				testutil.AssertError(t, err)
 			} else {
 				testutil.AssertNoError(t, err)
 				testutil.AssertEqual(t, tt.expectedURL, url)
 			}
 		})
 	}
 }
 // TestFindRepositoryRoot_EdgeCases tests additional edge cases for repository root detection.
 func TestFindRepositoryRootEdgeCases(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name        string
 		setupFunc   func(t *testing.T, tmpDir string) string
 		expectError bool
 		checkFunc   func(t *testing.T, tmpDir, repoRoot string)
 	}{
 		{
 			name: "deeply nested subdirectory",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				testutil.SetupGitDirectory(t, tmpDir)
 				deepPath := filepath.Join(tmpDir, "a", "b", "c", "d", "e")
 				testutil.CreateTestDir(t, deepPath)
 				return deepPath
 			},
 			expectError: false,
 			checkFunc: func(t *testing.T, tmpDir, repoRoot string) {
 				t.Helper()
 				testutil.AssertEqual(t, tmpDir, repoRoot)
 			},
 		},
 		{
 			name: "git worktree with .git file",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				gitFile := filepath.Join(tmpDir, ".git")
 				testutil.WriteTestFile(t, gitFile, "gitdir: /path/to/worktree")
 				return tmpDir
 			},
 			expectError: false,
 			checkFunc: func(t *testing.T, tmpDir, repoRoot string) {
 				t.Helper()
 				testutil.AssertEqual(t, tmpDir, repoRoot)
 			},
 		},
 		{
 			name: "current directory is repo root",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				testutil.SetupGitDirectory(t, tmpDir)
 				return tmpDir
 			},
 			expectError: false,
 			checkFunc: func(t *testing.T, tmpDir, repoRoot string) {
 				t.Helper()
 				testutil.AssertEqual(t, tmpDir, repoRoot)
 			},
 		},
 		{
 			name: "path with spaces",
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				testutil.SetupGitDirectory(t, tmpDir)
 				spacePath := filepath.Join(tmpDir, "path with spaces")
 				testutil.CreateTestDir(t, spacePath)
 				return spacePath
 			},
 			expectError: false,
 			checkFunc: func(t *testing.T, tmpDir, repoRoot string) {
 				t.Helper()
 				testutil.AssertEqual(t, tmpDir, repoRoot)
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tmpDir, cleanup := testutil.TempDir(t)
 			defer cleanup()
 			testDir := tt.setupFunc(t, tmpDir)
 			repoRoot, err := FindRepositoryRoot(testDir)
 			if tt.expectError {
 				testutil.AssertError(t, err)
 			} else {
 				testutil.AssertNoError(t, err)
 				tt.checkFunc(t, tmpDir, repoRoot)
 			}
 		})
 	}
 }
 // TestParseGitHubURL_EdgeCases tests additional URL parsing edge cases.
 func TestParseGitHubURLEdgeCases(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		remoteURL    string
 		expectedOrg  string
 		expectedRepo string
 		description  string
 	}{
 		{
 			name:         "gitlab https url",
 			remoteURL:    "https://gitlab.com/owner/repo.git",
 			expectedOrg:  "",
 			expectedRepo: "",
 			description:  "Non-GitHub URLs return empty",
 		},
 		{
 			name:         "github url with subgroups",
 			remoteURL:    "https://github.com/org/subgroup/repo.git",
 			expectedOrg:  "org",
 			expectedRepo: "subgroup", // Regex only captures first two path segments
 			description:  "GitHub URLs with subpaths only capture org/subgroup",
 		},
 		{
 			name:         "ssh url without git suffix",
 			remoteURL:    "git@github.com:owner/repo",
 			expectedOrg:  "owner",
 			expectedRepo: "repo",
 			description:  "SSH URL without .git suffix",
 		},
 		{
 			name:         "url with trailing slash",
 			remoteURL:    "https://github.com/owner/repo/",
 			expectedOrg:  "owner",
 			expectedRepo: "repo",
 			description:  "Handles trailing slash",
 		},
 		{
 			name:         "url with query parameters",
 			remoteURL:    "https://github.com/owner/repo?param=value",
 			expectedOrg:  "owner",
 			expectedRepo: "repo?param=value", // Regex doesn't strip query params
 			description:  "Query parameters are not stripped by regex",
 		},
 		{
 			name:         "malformed ssh url",
 			remoteURL:    "git@github.com/owner/repo.git",
 			expectedOrg:  "owner",
 			expectedRepo: "repo", // Actually matches the pattern
 			description:  "Malformed SSH URL still matches pattern",
 		},
 		{
 			name:         "url with username",
 			remoteURL:    "https://user@github.com/owner/repo.git",
 			expectedOrg:  "owner",
 			expectedRepo: "repo",
 			description:  "Handles URL with username",
 		},
 		{
 			name:         "github enterprise url",
 			remoteURL:    "https://github.company.com/owner/repo.git",
 			expectedOrg:  "",
 			expectedRepo: "",
 			description:  "GitHub Enterprise URLs return empty (not github.com)",
 		},
 		{
 			name:         "short ssh format",
 			remoteURL:    "github.com:owner/repo.git",
 			expectedOrg:  "owner",
 			expectedRepo: "repo", // Actually matches the pattern with ':'
 			description:  "Short SSH format matches the regex pattern",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			org, repo := parseGitHubURL(tt.remoteURL)
 			testutil.AssertEqual(t, tt.expectedOrg, org)
 			testutil.AssertEqual(t, tt.expectedRepo, repo)
 		})
 	}
 }
--- a/internal/git/detector_test_helper.go
+++ b/internal/git/detector_test_helper.go
@@ -0,0 +1,126 @@
 package git
 import (
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // gitTestCase defines the configuration for a git repository test case.
 type gitTestCase struct {
 	name           string
 	configContent  string
 	expectedOrg    string
 	expectedRepo   string
 	expectedBranch string
 	expectedURL    string
 }
 // createGitRepoTestCase creates a test table entry for git repository detection tests.
 // setupGitTestRepo creates a test git directory with the specified config content.
 // This helper is used by multiple test case creators to eliminate duplicate setup logic.
 func setupGitTestRepo(t *testing.T, tmpDir, configContent string) string {
 	t.Helper()
 	gitDir := testutil.SetupGitDirectory(t, tmpDir)
 	configPath := filepath.Join(gitDir, "config")
 	testutil.WriteTestFile(t, configPath, configContent)
 	return tmpDir
 }
 // This helper reduces duplication by standardizing the setup and assertion patterns
 // for git repository test cases.
 func createGitRepoTestCase(tc gitTestCase) struct {
 	name      string
 	setupFunc func(t *testing.T, tmpDir string) string
 	checkFunc func(t *testing.T, info *RepoInfo)
 } {
 	return struct {
 		name      string
 		setupFunc func(t *testing.T, tmpDir string) string
 		checkFunc func(t *testing.T, info *RepoInfo)
 	}{
 		name: tc.name,
 		setupFunc: func(t *testing.T, tmpDir string) string {
 			t.Helper()
 			return setupGitTestRepo(t, tmpDir, tc.configContent)
 		},
 		checkFunc: func(t *testing.T, info *RepoInfo) {
 			t.Helper()
 			testutil.AssertEqual(t, tc.expectedOrg, info.Organization)
 			testutil.AssertEqual(t, tc.expectedRepo, info.Repository)
 			if tc.expectedBranch != "" {
 				testutil.AssertEqual(t, tc.expectedBranch, info.DefaultBranch)
 			}
 			if tc.expectedURL != "" {
 				testutil.AssertEqual(t, tc.expectedURL, info.RemoteURL)
 			}
 		},
 	}
 }
 // gitURLTestCase defines the configuration for git remote URL test cases.
 type gitURLTestCase struct {
 	name          string
 	configContent string
 	expectError   bool
 	expectedURL   string
 }
 // createGitURLTestCase creates a test table entry for git remote URL detection tests.
 // This helper reduces duplication by standardizing the setup pattern for URL tests.
 func createGitURLTestCase(tc gitURLTestCase) struct {
 	name        string
 	setupFunc   func(t *testing.T, tmpDir string) string
 	expectError bool
 	expectedURL string
 } {
 	return struct {
 		name        string
 		setupFunc   func(t *testing.T, tmpDir string) string
 		expectError bool
 		expectedURL string
 	}{
 		name: tc.name,
 		setupFunc: func(t *testing.T, tmpDir string) string {
 			t.Helper()
 			return setupGitTestRepo(t, tmpDir, tc.configContent)
 		},
 		expectError: tc.expectError,
 		expectedURL: tc.expectedURL,
 	}
 }
 // defaultBranchTestCase defines the configuration for default branch detection tests.
 type defaultBranchTestCase struct {
 	name           string
 	branch         string
 	expectedBranch string
 }
 // createDefaultBranchTestCase creates a test table entry for default branch tests.
 // This helper reduces duplication for tests that set up git repos with different branches.
 func createDefaultBranchTestCase(tc defaultBranchTestCase) struct {
 	name           string
 	setupFunc      func(t *testing.T, tmpDir string) string
 	expectedBranch string
 } {
 	return struct {
 		name           string
 		setupFunc      func(t *testing.T, tmpDir string) string
 		expectedBranch string
 	}{
 		name: tc.name,
 		setupFunc: func(t *testing.T, tmpDir string) string {
 			t.Helper()
 			gitDir := testutil.SetupGitDirectory(t, tmpDir)
 			testutil.CreateGitConfigWithRemote(t, gitDir, testutil.TestURLGitHubUserRepo, tc.branch)
 			return tmpDir
 		},
 		expectedBranch: tc.expectedBranch,
 	}
 }
--- a/internal/helpers/analyzer_test.go
+++ b/internal/helpers/analyzer_test.go
@@ -108,7 +108,7 @@ func TestCreateAnalyzerOrExit(t *testing.T) {
 	// In a real-world scenario, we might refactor to return errors instead
 }
-func TestCreateAnalyzer_Integration(t *testing.T) {
+func TestCreateAnalyzerIntegration(t *testing.T) {
 	t.Parallel()
 	// Test integration with actual generator functionality
--- a/internal/helpers/common_test.go
+++ b/internal/helpers/common_test.go
@@ -1,7 +1,6 @@
 package helpers
 import (
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -117,14 +116,11 @@ func TestFindGitRepoRoot(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				// Create .git directory
-				gitDir := filepath.Join(tmpDir, ".git")
+				_ = testutil.SetupGitDirectory(t, tmpDir)
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				testutil.AssertNoError(t, err)
 				// Create subdirectory to test from
 				subDir := filepath.Join(tmpDir, "subdir")
-				err = os.MkdirAll(subDir, 0750) // #nosec G301 -- test directory permissions
+				testutil.CreateTestDir(t, subDir)
 				testutil.AssertNoError(t, err)
 				return subDir
 			},
@@ -143,14 +139,11 @@ func TestFindGitRepoRoot(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
 				// Create .git directory at root
-				gitDir := filepath.Join(tmpDir, ".git")
+				_ = testutil.SetupGitDirectory(t, tmpDir)
 				err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				testutil.AssertNoError(t, err)
 				// Create deeply nested subdirectory
 				nestedDir := filepath.Join(tmpDir, "a", "b", "c")
-				err = os.MkdirAll(nestedDir, 0750) // #nosec G301 -- test directory permissions
+				testutil.CreateTestDir(t, nestedDir)
 				testutil.AssertNoError(t, err)
 				return nestedDir
 			},
@@ -241,9 +234,7 @@ func TestGetGitRepoRootAndInfo(t *testing.T) {
 func setupCompleteGitRepo(t *testing.T, tmpDir string) string {
 	t.Helper()
 	// Create .git directory
-	gitDir := filepath.Join(tmpDir, ".git")
+	gitDir := testutil.SetupGitDirectory(t, tmpDir)
 	err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 	testutil.AssertNoError(t, err)
 	// Create a basic git config to make it look like a real repo
 	configContent := `[core]
@@ -258,8 +249,7 @@ func setupCompleteGitRepo(t *testing.T, tmpDir string) string {
 	merge = refs/heads/main
 `
 	configPath := filepath.Join(gitDir, "config")
-	err = os.WriteFile(configPath, []byte(configContent), 0600) // #nosec G306 -- test file permissions
+	testutil.WriteTestFile(t, configPath, configContent)
 	testutil.AssertNoError(t, err)
 	return tmpDir
 }
@@ -267,9 +257,7 @@ func setupCompleteGitRepo(t *testing.T, tmpDir string) string {
 func setupMinimalGitRepo(t *testing.T, tmpDir string) string {
 	t.Helper()
 	// Create .git directory but with minimal content
-	gitDir := filepath.Join(tmpDir, ".git")
+	_ = testutil.SetupGitDirectory(t, tmpDir)
 	err := os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 	testutil.AssertNoError(t, err)
 	return tmpDir
 }
@@ -282,7 +270,7 @@ func verifyRepoRoot(t *testing.T, repoRoot, tmpDir string) {
 }
 // Test error handling in GetGitRepoRootAndInfo.
-func TestGetGitRepoRootAndInfo_ErrorHandling(t *testing.T) {
+func TestGetGitRepoRootAndInfoErrorHandling(t *testing.T) {
 	t.Parallel()
 	t.Run("nonexistent directory", func(t *testing.T) {
--- a/internal/html_test.go
+++ b/internal/html_test.go
@@ -0,0 +1,318 @@
 package internal
 import (
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // mustSafePath validates that a path is safe (no "..", matches cleaned version).
 // Fails the test if path is unsafe.
 func mustSafePath(t *testing.T, p string) string {
 	t.Helper()
 	cleaned := filepath.Clean(p)
 	if cleaned != p {
 		t.Fatalf("path %q does not match cleaned path %q", p, cleaned)
 	}
 	if strings.Contains(cleaned, "..") {
 		t.Fatalf("path %q contains unsafe .. component", p)
 	}
 	return cleaned
 }
 // TestHTMLWriterWrite tests the HTMLWriter.Write function.
 func TestHTMLWriterWrite(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name       string
 		header     string
 		footer     string
 		content    string
 		wantString string
 	}{
 		{
 			name:       "no header or footer",
 			header:     "",
 			footer:     "",
 			content:    "<h1>Test Content</h1>",
 			wantString: "<h1>Test Content</h1>",
 		},
 		{
 			name:       "with header only",
 			header:     "<!DOCTYPE html>\n<html>\n",
 			footer:     "",
 			content:    "<body>Content</body>",
 			wantString: "<!DOCTYPE html>\n<html>\n<body>Content</body>",
 		},
 		{
 			name:       "with footer only",
 			header:     "",
 			footer:     testutil.TestHTMLClosingTag,
 			content:    "<body>Content</body>",
 			wantString: "<body>Content</body>\n</html>",
 		},
 		{
 			name:       "with both header and footer",
 			header:     "<!DOCTYPE html>\n<html>\n<body>\n",
 			footer:     "\n</body>\n</html>",
 			content:    "<h1>Main Content</h1>",
 			wantString: "<!DOCTYPE html>\n<html>\n<body>\n<h1>Main Content</h1>\n</body>\n</html>",
 		},
 		{
 			name:       "empty content",
 			header:     "<header>",
 			footer:     "</footer>",
 			content:    "",
 			wantString: "<header></footer>",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tmpDir := t.TempDir()
 			outputPath := filepath.Join(tmpDir, "test.html")
 			writer := &HTMLWriter{
 				Header: tt.header,
 				Footer: tt.footer,
 			}
 			err := writer.Write(tt.content, outputPath)
 			if err != nil {
 				t.Errorf("Write() unexpected error = %v", err)
 				return
 			}
 			// Read the file and verify content
 			content, err := os.ReadFile(mustSafePath(t, outputPath))
 			if err != nil {
 				t.Fatalf(testutil.TestMsgFailedToReadOutput, err)
 			}
 			got := string(content)
 			if got != tt.wantString {
 				t.Errorf("Write() content = %q, want %q", got, tt.wantString)
 			}
 		})
 	}
 }
 // TestHTMLWriterWriteErrorPaths tests error handling in HTMLWriter.Write.
 func TestHTMLWriterWriteErrorPaths(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name       string
 		setupPath  func(t *testing.T) string
 		skipReason string
 		wantErr    bool
 	}{
 		{
 			name: "invalid path - directory doesn't exist",
 			setupPath: func(t *testing.T) string {
 				t.Helper()
 				tmpDir := t.TempDir()
 				return filepath.Join(tmpDir, "nonexistent", "file.html")
 			},
 			wantErr: true,
 		},
 		{
 			name: "permission denied - unwritable directory",
 			setupPath: func(t *testing.T) string {
 				t.Helper()
 				// Skip on Windows (chmod behavior differs)
 				if runtime.GOOS == "windows" {
 					return ""
 				}
 				// Skip if running as root (can write anywhere)
 				if os.Geteuid() == 0 {
 					return ""
 				}
 				tmpDir := t.TempDir()
 				restrictedDir := filepath.Join(tmpDir, "restricted")
 				if err := os.Mkdir(restrictedDir, 0700); err != nil {
 					t.Fatalf("failed to create restricted dir: %v", err)
 				}
 				// Make directory unwritable
 				if err := os.Chmod(restrictedDir, 0000); err != nil {
 					t.Fatalf("failed to chmod: %v", err)
 				}
 				// Restore permissions in cleanup
 				t.Cleanup(func() {
 					_ = os.Chmod(restrictedDir, 0700) // #nosec G302 -- directory needs exec bit for cleanup
 				})
 				return filepath.Join(restrictedDir, "file.html")
 			},
 			skipReason: "skipped on Windows or when running as root",
 			wantErr:    true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			path := tt.setupPath(t)
 			if path == "" {
 				t.Skip(tt.skipReason)
 			}
 			writer := &HTMLWriter{
 				Header: "<header>",
 				Footer: "</footer>",
 			}
 			err := writer.Write("<content>", path)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Write() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
 }
 // TestHTMLWriterWriteLargeContent tests writing large HTML content.
 func TestHTMLWriterWriteLargeContent(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()
 	outputPath := filepath.Join(tmpDir, "large.html")
 	// Create large content (10MB)
 	largeContent := strings.Repeat("<p>Test content line</p>\n", 500000)
 	writer := &HTMLWriter{
 		Header: "<!DOCTYPE html>\n",
 		Footer: testutil.TestHTMLClosingTag,
 	}
 	err := writer.Write(largeContent, outputPath)
 	if err != nil {
 		t.Errorf("Write() failed for large content: %v", err)
 	}
 	// Verify file was created and has correct size
 	info, err := os.Stat(outputPath)
 	if err != nil {
 		t.Fatalf("Failed to stat output file: %v", err)
 	}
 	expectedSize := len("<!DOCTYPE html>\n") + len(largeContent) + len(testutil.TestHTMLClosingTag)
 	if int(info.Size()) != expectedSize {
 		t.Errorf("File size = %d, want %d", info.Size(), expectedSize)
 	}
 }
 // TestHTMLWriterWriteSpecialCharacters tests writing HTML with special characters.
 func TestHTMLWriterWriteSpecialCharacters(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()
 	outputPath := filepath.Join(tmpDir, "special.html")
 	// Content with HTML entities and special characters
 	content := `<div>&lt;script&gt;alert("test")&lt;/script&gt;</div>
 <p>Special chars: &amp; &quot; &apos; &lt; &gt;</p>
 <p>Unicode: 你好 مرحبا привет 🎉</p>`
 	writer := &HTMLWriter{}
 	err := writer.Write(content, outputPath)
 	if err != nil {
 		t.Errorf("Write() failed for special characters: %v", err)
 	}
 	// Verify content was written correctly
 	readContent, err := os.ReadFile(mustSafePath(t, outputPath))
 	if err != nil {
 		t.Fatalf(testutil.TestMsgFailedToReadOutput, err)
 	}
 	if string(readContent) != content {
 		t.Errorf("Content mismatch for special characters")
 	}
 }
 // TestHTMLWriterWriteOverwrite tests overwriting an existing file.
 func TestHTMLWriterWriteOverwrite(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()
 	outputPath := filepath.Join(tmpDir, "overwrite.html")
 	// Write initial content
 	writer := &HTMLWriter{}
 	err := writer.Write("Initial content", outputPath)
 	if err != nil {
 		t.Fatalf("Initial write failed: %v", err)
 	}
 	// Overwrite with new content
 	err = writer.Write(testutil.TestHTMLNewContent, outputPath)
 	if err != nil {
 		t.Errorf("Overwrite failed: %v", err)
 	}
 	// Verify new content
 	content, err := os.ReadFile(mustSafePath(t, outputPath))
 	if err != nil {
 		t.Fatalf(testutil.TestMsgFailedToReadOutput, err)
 	}
 	if string(content) != testutil.TestHTMLNewContent {
 		t.Errorf("Content = %q, want %q", string(content), testutil.TestHTMLNewContent)
 	}
 }
 // TestHTMLWriterWriteEmptyPath tests writing to an empty path.
 func TestHTMLWriterWriteEmptyPath(t *testing.T) {
 	t.Parallel()
 	writer := &HTMLWriter{}
 	err := writer.Write("content", "")
 	// Empty path should cause an error
 	if err == nil {
 		t.Error("Write() with empty path should return error")
 	}
 }
 // TestHTMLWriterWriteValidPath tests writing to a valid nested path.
 func TestHTMLWriterWriteValidPath(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()
 	// Create nested directory structure
 	nestedDir := filepath.Join(tmpDir, "nested", "directory")
 	testutil.CreateTestDir(t, nestedDir)
 	outputPath := filepath.Join(nestedDir, "nested.html")
 	writer := &HTMLWriter{
 		Header: "<html>",
 		Footer: "</html>",
 	}
 	err := writer.Write("<body>Nested content</body>", outputPath)
 	if err != nil {
 		t.Errorf("Write() to nested path failed: %v", err)
 	}
 	// Verify file exists
 	if _, err := os.Stat(outputPath); os.IsNotExist(err) {
 		t.Error("File was not created in nested path")
 	}
 }
--- a/internal/interfaces_test.go
+++ b/internal/interfaces_test.go
@@ -2,6 +2,7 @@
 package internal
 import (
 	"fmt"
 	"os"
 	"strings"
 	"testing"
@@ -10,6 +11,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // MockMessageLogger implements MessageLogger for testing.
@@ -22,28 +24,33 @@ type MockMessageLogger struct {
 }
 func (m *MockMessageLogger) Info(format string, args ...any) {
-	m.InfoCalls = append(m.InfoCalls, formatMessage(format, args...))
+	m.recordCall(&m.InfoCalls, format, args...)
 }
 func (m *MockMessageLogger) Success(format string, args ...any) {
-	m.SuccessCalls = append(m.SuccessCalls, formatMessage(format, args...))
+	m.recordCall(&m.SuccessCalls, format, args...)
 }
 func (m *MockMessageLogger) Warning(format string, args ...any) {
-	m.WarningCalls = append(m.WarningCalls, formatMessage(format, args...))
+	m.recordCall(&m.WarningCalls, format, args...)
 }
 func (m *MockMessageLogger) Bold(format string, args ...any) {
-	m.BoldCalls = append(m.BoldCalls, formatMessage(format, args...))
+	m.recordCall(&m.BoldCalls, format, args...)
 }
 func (m *MockMessageLogger) Printf(format string, args ...any) {
-	m.PrintfCalls = append(m.PrintfCalls, formatMessage(format, args...))
+	m.recordCall(&m.PrintfCalls, format, args...)
 }
 func (m *MockMessageLogger) Fprintf(_ *os.File, format string, args ...any) {
 	// For testing, just track the formatted message
-	m.PrintfCalls = append(m.PrintfCalls, formatMessage(format, args...))
+	m.recordCall(&m.PrintfCalls, format, args...)
 }
 // recordCall is a helper to reduce duplication in mock methods.
 func (m *MockMessageLogger) recordCall(callSlice *[]string, format string, args ...any) {
 	*callSlice = append(*callSlice, fmt.Sprintf(format, args...))
 }
 // MockErrorReporter implements ErrorReporter for testing.
@@ -55,7 +62,7 @@ type MockErrorReporter struct {
 }
 func (m *MockErrorReporter) Error(format string, args ...any) {
-	m.ErrorCalls = append(m.ErrorCalls, formatMessage(format, args...))
+	m.recordCall(&m.ErrorCalls, format, args...)
 }
 func (m *MockErrorReporter) ErrorWithSuggestions(err *apperrors.ContextualError) {
@@ -72,13 +79,23 @@ func (m *MockErrorReporter) ErrorWithSimpleFix(message, suggestion string) {
 	m.ErrorWithSimpleFixCalls = append(m.ErrorWithSimpleFixCalls, message+": "+suggestion)
 }
 // recordCall is a helper to reduce duplication in mock methods.
 func (m *MockErrorReporter) recordCall(callSlice *[]string, format string, args ...any) {
 	*callSlice = append(*callSlice, fmt.Sprintf(format, args...))
 }
 // MockProgressReporter implements ProgressReporter for testing.
 type MockProgressReporter struct {
 	ProgressCalls []string
 }
 func (m *MockProgressReporter) Progress(format string, args ...any) {
-	m.ProgressCalls = append(m.ProgressCalls, formatMessage(format, args...))
+	m.recordCall(&m.ProgressCalls, format, args...)
 }
 // recordCall is a helper to reduce duplication in mock methods.
 func (m *MockProgressReporter) recordCall(callSlice *[]string, format string, args ...any) {
 	*callSlice = append(*callSlice, fmt.Sprintf(format, args...))
 }
 // MockOutputConfig implements OutputConfig for testing.
@@ -101,7 +118,7 @@ type MockProgressManager struct {
 }
 func (m *MockProgressManager) CreateProgressBar(description string, total int) *progressbar.ProgressBar {
-	m.CreateProgressBarCalls = append(m.CreateProgressBarCalls, formatMessage("%s (total: %d)", description, total))
+	m.CreateProgressBarCalls = append(m.CreateProgressBarCalls, fmt.Sprintf("%s (total: %d)", description, total))
 	return nil // Return nil for mock to avoid actual progress bar
 }
@@ -109,7 +126,7 @@ func (m *MockProgressManager) CreateProgressBar(description string, total int) *
 func (m *MockProgressManager) CreateProgressBarForFiles(description string, files []string) *progressbar.ProgressBar {
 	m.CreateProgressBarForFilesCalls = append(
 		m.CreateProgressBarForFilesCalls,
-		formatMessage("%s (files: %d)", description, len(files)),
+		fmt.Sprintf("%s (files: %d)", description, len(files)),
 	)
 	return nil // Return nil for mock to avoid actual progress bar
@@ -134,7 +151,7 @@ func (m *MockProgressManager) ProcessWithProgressBar(
 ) {
 	m.ProcessWithProgressBarCalls = append(
 		m.ProcessWithProgressBarCalls,
-		formatMessage("%s (items: %d)", description, len(items)),
+		fmt.Sprintf("%s (items: %d)", description, len(items)),
 	)
 	// Execute the process function for each item
 	for _, item := range items {
@@ -142,57 +159,8 @@ func (m *MockProgressManager) ProcessWithProgressBar(
 	}
 }
 // Helper function to format messages consistently.
 func formatMessage(format string, args ...any) string {
 	if len(args) == 0 {
 		return format
 	}
 	// Simple formatting for test purposes
 	result := format
 	for _, arg := range args {
 		result = strings.Replace(result, "%s", toString(arg), 1)
 		result = strings.Replace(result, "%d", toString(arg), 1)
 		result = strings.Replace(result, "%v", toString(arg), 1)
 	}
 	return result
 }
 func toString(v any) string {
 	switch val := v.(type) {
 	case string:
 		return val
 	case int:
 		return formatInt(val)
 	default:
 		return "unknown"
 	}
 }
 func formatInt(i int) string {
 	// Simple int to string conversion for testing
 	if i == 0 {
 		return "0"
 	}
 	result := ""
 	negative := i < 0
 	if negative {
 		i = -i
 	}
 	for i > 0 {
 		digit := i % 10
 		result = string(rune('0'+digit)) + result
 		i /= 10
 	}
 	if negative {
 		result = "-" + result
 	}
 	return result
 }
 // Test that demonstrates improved testability with focused interfaces.
-func TestFocusedInterfaces_SimpleLogger(t *testing.T) {
+func TestFocusedInterfacesSimpleLogger(t *testing.T) {
 	t.Parallel()
 	mockLogger := &MockMessageLogger{}
 	simpleLogger := NewSimpleLogger(mockLogger)
@@ -202,7 +170,7 @@ func TestFocusedInterfaces_SimpleLogger(t *testing.T) {
 	// Verify the expected calls were made
 	if len(mockLogger.InfoCalls) != 1 {
-		t.Errorf("expected 1 Info call, got %d", len(mockLogger.InfoCalls))
+		t.Errorf(testutil.TestMsgExpected1InfoCall, len(mockLogger.InfoCalls))
 	}
 	if len(mockLogger.SuccessCalls) != 1 {
 		t.Errorf("expected 1 Success call, got %d", len(mockLogger.SuccessCalls))
@@ -221,7 +189,7 @@ func TestFocusedInterfaces_SimpleLogger(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_SimpleLogger_WithFailure(t *testing.T) {
+func TestFocusedInterfacesSimpleLoggerWithFailure(t *testing.T) {
 	t.Parallel()
 	mockLogger := &MockMessageLogger{}
 	simpleLogger := NewSimpleLogger(mockLogger)
@@ -231,7 +199,7 @@ func TestFocusedInterfaces_SimpleLogger_WithFailure(t *testing.T) {
 	// Verify the expected calls were made
 	if len(mockLogger.InfoCalls) != 1 {
-		t.Errorf("expected 1 Info call, got %d", len(mockLogger.InfoCalls))
+		t.Errorf(testutil.TestMsgExpected1InfoCall, len(mockLogger.InfoCalls))
 	}
 	if len(mockLogger.SuccessCalls) != 0 {
 		t.Errorf("expected 0 Success calls, got %d", len(mockLogger.SuccessCalls))
@@ -241,10 +209,10 @@ func TestFocusedInterfaces_SimpleLogger_WithFailure(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_ErrorManager(t *testing.T) {
+func TestFocusedInterfacesErrorManager(t *testing.T) {
 	t.Parallel()
 	mockReporter := &MockErrorReporter{}
-	mockFormatter := &MockErrorFormatter{}
+	mockFormatter := &errorFormatterWrapper{&testutil.ErrorFormatterMock{}}
 	mockManager := &mockErrorManager{
 		reporter:  mockReporter,
 		formatter: mockFormatter,
@@ -264,7 +232,7 @@ func TestFocusedInterfaces_ErrorManager(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_TaskProgress(t *testing.T) {
+func TestFocusedInterfacesTaskProgress(t *testing.T) {
 	t.Parallel()
 	mockReporter := &MockProgressReporter{}
 	taskProgress := NewTaskProgress(mockReporter)
@@ -282,7 +250,7 @@ func TestFocusedInterfaces_TaskProgress(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_ConfigAwareComponent(t *testing.T) {
+func TestFocusedInterfacesConfigAwareComponent(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name       string
@@ -316,7 +284,7 @@ func TestFocusedInterfaces_ConfigAwareComponent(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_CompositeOutputWriter(t *testing.T) {
+func TestFocusedInterfacesCompositeOutputWriter(t *testing.T) {
 	t.Parallel()
 	// Create a composite mock that implements OutputWriter
 	mockLogger := &MockMessageLogger{}
@@ -337,7 +305,7 @@ func TestFocusedInterfaces_CompositeOutputWriter(t *testing.T) {
 	// Verify that the composite writer uses both message logging and progress reporting
 	// Should have called Info and Success for overall status
 	if len(mockLogger.InfoCalls) != 1 {
-		t.Errorf("expected 1 Info call, got %d", len(mockLogger.InfoCalls))
+		t.Errorf(testutil.TestMsgExpected1InfoCall, len(mockLogger.InfoCalls))
 	}
 	if len(mockLogger.SuccessCalls) != 1 {
 		t.Errorf("expected 1 Success call, got %d", len(mockLogger.SuccessCalls))
@@ -349,13 +317,13 @@ func TestFocusedInterfaces_CompositeOutputWriter(t *testing.T) {
 	}
 }
-func TestFocusedInterfaces_GeneratorWithDependencyInjection(t *testing.T) {
+func TestFocusedInterfacesGeneratorWithDependencyInjection(t *testing.T) {
 	t.Parallel()
 	// Create focused mocks
 	mockOutput := &mockCompleteOutput{
 		logger:    &MockMessageLogger{},
 		reporter:  &MockErrorReporter{},
-		formatter: &MockErrorFormatter{},
+		formatter: &errorFormatterWrapper{&testutil.ErrorFormatterMock{}},
 		progress:  &MockProgressReporter{},
 		config:    &MockOutputConfig{QuietMode: false},
 	}
@@ -440,20 +408,14 @@ func (m *mockOutputWriter) Fprintf(w *os.File, format string, args ...any) {
 func (m *mockOutputWriter) Progress(format string, args ...any) { m.reporter.Progress(format, args...) }
 func (m *mockOutputWriter) IsQuiet() bool                       { return m.config.IsQuiet() }
-// MockErrorFormatter implements ErrorFormatter for testing.
+// errorFormatterWrapper wraps testutil.ErrorFormatterMock to implement ErrorFormatter interface.
-type MockErrorFormatter struct {
+type errorFormatterWrapper struct {
-	FormatContextualErrorCalls []string
+	*testutil.ErrorFormatterMock
 }
-func (m *MockErrorFormatter) FormatContextualError(err *apperrors.ContextualError) string {
+// FormatContextualError adapts the generic error interface to ContextualError.
-	if err != nil {
+func (w *errorFormatterWrapper) FormatContextualError(err *apperrors.ContextualError) string {
-		formatted := err.Error()
+	return w.ErrorFormatterMock.FormatContextualError(err)
 		m.FormatContextualErrorCalls = append(m.FormatContextualErrorCalls, formatted)
 		return formatted
 	}
 	return ""
 }
 // mockErrorManager implements ErrorManager for testing.
--- a/internal/internal_parser_test.go
+++ b/internal/internal_parser_test.go
@@ -6,7 +6,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
-func TestParseActionYML_Valid(t *testing.T) {
+func TestParseActionYMLValid(t *testing.T) {
 	t.Parallel()
 	// Create temporary action file using fixture
 	actionPath := testutil.CreateTemporaryAction(t, "actions/javascript/simple.yml")
@@ -25,7 +25,7 @@ func TestParseActionYML_Valid(t *testing.T) {
 	}
 }
-func TestParseActionYML_MissingFile(t *testing.T) {
+func TestParseActionYMLMissingFile(t *testing.T) {
 	t.Parallel()
 	_, err := ParseActionYML("notfound/action.yml")
 	if err == nil {
--- a/internal/internal_template_test.go
+++ b/internal/internal_template_test.go
@@ -21,7 +21,7 @@ func TestRenderReadme(t *testing.T) {
 			"foo": {Description: "Foo input", Required: true},
 		},
 	}
-	tmpl := filepath.Join(tmpDir, "templates", "readme.tmpl")
+	tmpl := filepath.Join(tmpDir, "templates", testutil.TestTemplateReadme)
 	opts := TemplateOptions{TemplatePath: tmpl, Format: "md"}
 	out, err := RenderReadme(action, opts)
 	if err != nil {
--- a/internal/internal_validator_test.go
+++ b/internal/internal_validator_test.go
@@ -2,7 +2,7 @@ package internal
 import "testing"
-func TestValidateActionYML_Required(t *testing.T) {
+func TestValidateActionYMLRequired(t *testing.T) {
 	t.Parallel()
 	a := &ActionYML{
@@ -16,7 +16,7 @@ func TestValidateActionYML_Required(t *testing.T) {
 	}
 }
-func TestValidateActionYML_Valid(t *testing.T) {
+func TestValidateActionYMLValid(t *testing.T) {
 	t.Parallel()
 	a := &ActionYML{
 		Name:        "MyAction",
--- a/internal/json_writer.go
+++ b/internal/json_writer.go
@@ -228,8 +228,8 @@ func (jw *JSONWriter) convertToJSONOutput(action *ActionYML) *JSONOutput {
 			Badges:      badges,
 			Sections:    sections,
 			Links: map[string]string{
-				"action.yml": "./action.yml",
+				appconstants.ActionFileNameYML: "./" + appconstants.ActionFileNameYML,
-				"repository": "https://github.com/your-org/" + action.Name,
+				"repository":                   "https://github.com/your-org/" + action.Name,
 			},
 		},
 		Examples: examples,
--- a/internal/output.go
+++ b/internal/output.go
@@ -43,14 +43,7 @@ func (co *ColoredOutput) IsQuiet() bool {
 // Success prints a success message in green.
 func (co *ColoredOutput) Success(format string, args ...any) {
-	if co.Quiet {
+	co.printWithIcon("✅", format, color.Green, args...)
 		return
 	}
 	if co.NoColor {
 		fmt.Printf("✅ "+format+"\n", args...)
 	} else {
 		color.Green("✅ "+format, args...)
 	}
 }
 // Error prints an error message in red to stderr.
@@ -64,38 +57,17 @@ func (co *ColoredOutput) Error(format string, args ...any) {
 // Warning prints a warning message in yellow.
 func (co *ColoredOutput) Warning(format string, args ...any) {
-	if co.Quiet {
+	co.printWithIcon("⚠️ ", format, color.Yellow, args...)
 		return
 	}
 	if co.NoColor {
 		fmt.Printf("⚠️  "+format+"\n", args...)
 	} else {
 		color.Yellow("⚠️  "+format, args...)
 	}
 }
 // Info prints an info message in blue.
 func (co *ColoredOutput) Info(format string, args ...any) {
-	if co.Quiet {
+	co.printWithIcon("ℹ️ ", format, color.Blue, args...)
 		return
 	}
 	if co.NoColor {
 		fmt.Printf("ℹ️  "+format+"\n", args...)
 	} else {
 		color.Blue("ℹ️  "+format, args...)
 	}
 }
 // Progress prints a progress message in cyan.
 func (co *ColoredOutput) Progress(format string, args ...any) {
-	if co.Quiet {
+	co.printWithIcon("🔄", format, color.Cyan, args...)
 		return
 	}
 	if co.NoColor {
 		fmt.Printf("🔄 "+format+"\n", args...)
 	} else {
 		color.Cyan("🔄 "+format, args...)
 	}
 }
 // Bold prints text in bold.
@@ -194,6 +166,20 @@ func (co *ColoredOutput) FormatContextualError(err *apperrors.ContextualError) s
 	return strings.Join(parts, "\n")
 }
 // printWithIcon is a helper for printing messages with icons and colors.
 // It handles quiet mode, color toggling, and consistent formatting.
 func (co *ColoredOutput) printWithIcon(icon, format string, colorFunc func(string, ...any), args ...any) {
 	if co.Quiet {
 		return
 	}
 	message := icon + " " + format
 	if co.NoColor {
 		fmt.Printf(message+"\n", args...)
 	} else {
 		colorFunc(message, args...)
 	}
 }
 // formatMainError formats the main error message with code.
 func (co *ColoredOutput) formatMainError(err *apperrors.ContextualError) string {
 	mainMsg := fmt.Sprintf("%s [%s]", err.Error(), err.Code)
@@ -204,15 +190,19 @@ func (co *ColoredOutput) formatMainError(err *apperrors.ContextualError) string
 	return color.RedString("❌ ") + mainMsg
 }
 // formatBoldSection formats a section header with or without color.
 func (co *ColoredOutput) formatBoldSection(section string) string {
 	if co.NoColor {
 		return section
 	}
 	return color.New(color.Bold).Sprint(section)
 }
 // formatDetailsSection formats the details section.
 func (co *ColoredOutput) formatDetailsSection(details map[string]string) []string {
 	var parts []string
-
+	parts = append(parts, co.formatBoldSection(appconstants.SectionDetails))
 	if co.NoColor {
 		parts = append(parts, appconstants.SectionDetails)
 	} else {
 		parts = append(parts, color.New(color.Bold).Sprint(appconstants.SectionDetails))
 	}
 	for key, value := range details {
 		if co.NoColor {
@@ -230,12 +220,7 @@ func (co *ColoredOutput) formatDetailsSection(details map[string]string) []strin
 // formatSuggestionsSection formats the suggestions section.
 func (co *ColoredOutput) formatSuggestionsSection(suggestions []string) []string {
 	var parts []string
-
+	parts = append(parts, co.formatBoldSection(appconstants.SectionSuggestions))
 	if co.NoColor {
 		parts = append(parts, appconstants.SectionSuggestions)
 	} else {
 		parts = append(parts, color.New(color.Bold).Sprint(appconstants.SectionSuggestions))
 	}
 	for _, suggestion := range suggestions {
 		if co.NoColor {
--- a/internal/output_test.go
+++ b/internal/output_test.go
@@ -0,0 +1,542 @@
 package internal
 import (
 	"os"
 	"strings"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // testOutputMethod is a generic helper for testing output methods that follow the same pattern.
 func testOutputMethod(t *testing.T, testMessage, expectedEmoji string, methodFunc func(*ColoredOutput, string)) {
 	t.Helper()
 	tests := []struct {
 		name      string
 		quiet     bool
 		message   string
 		wantEmpty bool
 	}{
 		{
 			name:      "message displayed",
 			quiet:     false,
 			message:   testMessage,
 			wantEmpty: false,
 		},
 		{
 			name:      testutil.TestMsgQuietSuppressOutput,
 			quiet:     true,
 			message:   testMessage,
 			wantEmpty: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{Quiet: tt.quiet, NoColor: true}
 			captured := testutil.CaptureStdout(func() {
 				methodFunc(output, tt.message)
 			})
 			if tt.wantEmpty && captured != "" {
 				t.Errorf(testutil.TestMsgNoOutputInQuiet, captured)
 			}
 			if !tt.wantEmpty && !strings.Contains(captured, expectedEmoji) {
 				t.Errorf("Output missing %s emoji: %q", expectedEmoji, captured)
 			}
 		})
 	}
 }
 // testErrorStderr is a helper for testing error output methods that write to stderr.
 // Eliminates the repeated pattern of creating ColoredOutput, capturing stderr, and checking for emoji.
 func testErrorStderr(t *testing.T, expectedEmoji string, testFunc func(*ColoredOutput)) {
 	t.Helper()
 	output := &ColoredOutput{NoColor: true}
 	captured := testutil.CaptureStderr(func() {
 		testFunc(output)
 	})
 	if !strings.Contains(captured, expectedEmoji) {
 		t.Errorf("Output missing %s emoji: %q", expectedEmoji, captured)
 	}
 }
 // TestNewColoredOutput tests colored output creation.
 func TestNewColoredOutput(t *testing.T) {
 	tests := []struct {
 		name      string
 		quiet     bool
 		wantQuiet bool
 	}{
 		{
 			name:      testutil.TestScenarioQuietEnabled,
 			quiet:     true,
 			wantQuiet: true,
 		},
 		{
 			name:      testutil.TestScenarioQuietDisabled,
 			quiet:     false,
 			wantQuiet: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := NewColoredOutput(tt.quiet)
 			if output == nil {
 				t.Fatal("NewColoredOutput() returned nil")
 			}
 			if output.Quiet != tt.wantQuiet {
 				t.Errorf("Quiet = %v, want %v", output.Quiet, tt.wantQuiet)
 			}
 		})
 	}
 }
 // TestIsQuiet tests quiet mode detection.
 func TestIsQuiet(t *testing.T) {
 	tests := []struct {
 		name  string
 		quiet bool
 		want  bool
 	}{
 		{
 			name:  testutil.TestScenarioQuietEnabled,
 			quiet: true,
 			want:  true,
 		},
 		{
 			name:  testutil.TestScenarioQuietDisabled,
 			quiet: false,
 			want:  false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{Quiet: tt.quiet, NoColor: true}
 			got := output.IsQuiet()
 			if got != tt.want {
 				t.Errorf("IsQuiet() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
 // TestSuccess tests success message output.
 func TestSuccess(t *testing.T) {
 	testOutputMethod(t, testutil.TestMsgOperationCompleted, "✅", func(o *ColoredOutput, msg string) {
 		o.Success(msg)
 	})
 }
 // TestError tests error message output.
 func TestError(t *testing.T) {
 	tests := []struct {
 		name         string
 		message      string
 		wantContains string
 	}{
 		{
 			name:         "error message displayed",
 			message:      testutil.TestMsgFileNotFound,
 			wantContains: "❌ File not found",
 		},
 		{
 			name:         "error with formatting",
 			message:      "Failed to process %s",
 			wantContains: "❌ Failed to process %!s(MISSING)",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: true}
 			captured := testutil.CaptureStderr(func() {
 				output.Error(tt.message)
 			})
 			if !strings.Contains(captured, "❌") {
 				t.Errorf(testutil.TestMsgOutputMissingEmoji, captured)
 			}
 			if !strings.Contains(captured, strings.TrimPrefix(tt.wantContains, "❌ ")) {
 				t.Errorf("Output doesn't contain expected message. Got: %q", captured)
 			}
 		})
 	}
 }
 // TestWarning tests warning message output.
 func TestWarning(t *testing.T) {
 	testOutputMethod(t, "Deprecated feature", "⚠️", func(o *ColoredOutput, msg string) {
 		o.Warning(msg)
 	})
 }
 // TestInfo tests info message output.
 func TestInfo(t *testing.T) {
 	testOutputMethod(t, testutil.TestMsgProcessingStarted, "ℹ️", func(o *ColoredOutput, msg string) {
 		o.Info(msg)
 	})
 }
 // TestProgress tests progress message output.
 func TestProgress(t *testing.T) {
 	testOutputMethod(t, "Loading data...", "🔄", func(o *ColoredOutput, msg string) {
 		o.Progress(msg)
 	})
 }
 // TestBold tests bold text output.
 func TestBold(t *testing.T) {
 	testOutputMethod(t, "Important Notice", "Important Notice", func(o *ColoredOutput, msg string) {
 		o.Bold(msg)
 	})
 }
 // TestPrintf tests formatted print output.
 func TestPrintf(t *testing.T) {
 	testOutputMethod(t, "Test message\n", "Test message", func(o *ColoredOutput, msg string) {
 		o.Printf("%s", msg) // #nosec G104 -- constant format string
 	})
 }
 // TestFprintf tests file output.
 func TestFprintf(t *testing.T) {
 	// Create temporary file for testing
 	tmpfile, err := os.CreateTemp(t.TempDir(), "test-fprintf-*.txt")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer func() { _ = os.Remove(tmpfile.Name()) }() // Ignore error
 	defer func() { _ = tmpfile.Close() }()           // Ignore error
 	output := &ColoredOutput{NoColor: true}
 	output.Fprintf(tmpfile, "Test message: %s\n", "hello")
 	// Read back the content
 	_, _ = tmpfile.Seek(0, 0) // Ignore error in test
 	content := make([]byte, 100)
 	n, _ := tmpfile.Read(content)
 	got := string(content[:n])
 	want := "Test message: hello\n"
 	if got != want {
 		t.Errorf("Fprintf() wrote %q, want %q", got, want)
 	}
 }
 // TestErrorWithSuggestions tests contextual error output.
 func TestErrorWithSuggestions(t *testing.T) {
 	tests := []struct {
 		name         string
 		err          *apperrors.ContextualError
 		wantContains string
 	}{
 		{
 			name:         "nil error does nothing",
 			err:          nil,
 			wantContains: "",
 		},
 		{
 			name: "error with suggestions",
 			err: apperrors.New(appconstants.ErrCodeFileNotFound, testutil.TestMsgFileNotFound).
 				WithSuggestions(testutil.TestMsgCheckFilePath),
 			wantContains: "❌",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: true}
 			captured := testutil.CaptureStderr(func() {
 				output.ErrorWithSuggestions(tt.err)
 			})
 			if tt.wantContains == "" && captured != "" {
 				t.Errorf("Expected no output for nil error, got %q", captured)
 			}
 			if tt.wantContains != "" && !strings.Contains(captured, tt.wantContains) {
 				t.Errorf("Output doesn't contain %q. Got: %q", tt.wantContains, captured)
 			}
 		})
 	}
 }
 // TestErrorWithContext tests contextual error creation and output.
 func TestErrorWithContext(t *testing.T) {
 	tests := []struct {
 		name    string
 		code    appconstants.ErrorCode
 		message string
 		context map[string]string
 	}{
 		{
 			name:    "error with context",
 			code:    appconstants.ErrCodeFileNotFound,
 			message: testutil.TestMsgFileNotFound,
 			context: map[string]string{testutil.TestKeyFile: appconstants.ActionFileNameYML},
 		},
 		{
 			name:    "error without context",
 			code:    appconstants.ErrCodeInvalidYAML,
 			message: testutil.TestMsgInvalidYAML,
 			context: nil,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: true}
 			captured := testutil.CaptureStderr(func() {
 				output.ErrorWithContext(tt.code, tt.message, tt.context)
 			})
 			if !strings.Contains(captured, "❌") {
 				t.Errorf(testutil.TestMsgOutputMissingEmoji, captured)
 			}
 		})
 	}
 }
 // TestErrorWithSimpleFix tests simple error with fix output.
 func TestErrorWithSimpleFix(t *testing.T) {
 	testErrorStderr(t, "❌", func(output *ColoredOutput) {
 		output.ErrorWithSimpleFix("Something went wrong", "Try running it again")
 	})
 }
 // TestFormatContextualError tests contextual error formatting.
 func TestFormatContextualError(t *testing.T) {
 	tests := []struct {
 		name         string
 		err          *apperrors.ContextualError
 		wantContains []string
 	}{
 		{
 			name:         "nil error returns empty string",
 			err:          nil,
 			wantContains: nil,
 		},
 		{
 			name: "error with all sections",
 			err: apperrors.New(appconstants.ErrCodeFileNotFound, testutil.TestMsgFileNotFound).
 				WithSuggestions(testutil.TestMsgCheckFilePath, testutil.TestMsgVerifyPermissions).
 				WithDetails(map[string]string{testutil.TestKeyFile: appconstants.ActionFileNameYML}).
 				WithHelpURL(testutil.TestURLHelp),
 			wantContains: []string{
 				"❌",
 				testutil.TestMsgFileNotFound,
 				testutil.TestMsgCheckFilePath,
 				testutil.TestURLHelp,
 			},
 		},
 		{
 			name:         "error without suggestions",
 			err:          apperrors.New(appconstants.ErrCodeInvalidYAML, testutil.TestMsgInvalidYAML),
 			wantContains: []string{"❌", testutil.TestMsgInvalidYAML},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: true}
 			got := output.FormatContextualError(tt.err)
 			if tt.err == nil && got != "" {
 				t.Errorf("Expected empty string for nil error, got %q", got)
 			}
 			for _, want := range tt.wantContains {
 				if !strings.Contains(got, want) {
 					t.Errorf("FormatContextualError() missing %q. Got:\n%s", want, got)
 				}
 			}
 		})
 	}
 }
 // TestFormatMainError tests main error message formatting.
 func TestFormatMainError(t *testing.T) {
 	tests := []struct {
 		name         string
 		noColor      bool
 		err          *apperrors.ContextualError
 		wantContains []string
 	}{
 		{
 			name:         testutil.TestScenarioColorDisabled,
 			noColor:      true,
 			err:          apperrors.New(appconstants.ErrCodeFileNotFound, testutil.TestMsgFileNotFound),
 			wantContains: []string{"❌", testutil.TestMsgFileNotFound, string(appconstants.ErrCodeFileNotFound)},
 		},
 		{
 			name:         testutil.TestScenarioColorEnabled,
 			noColor:      false,
 			err:          apperrors.New(appconstants.ErrCodeInvalidYAML, testutil.TestMsgInvalidYAML),
 			wantContains: []string{"❌", testutil.TestMsgInvalidYAML, string(appconstants.ErrCodeInvalidYAML)},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: tt.noColor}
 			got := output.formatMainError(tt.err)
 			for _, want := range tt.wantContains {
 				if !strings.Contains(got, want) {
 					t.Errorf("formatMainError() missing %q. Got: %q", want, got)
 				}
 			}
 		})
 	}
 }
 // TestFormatDetailsSection tests details section formatting.
 func TestFormatDetailsSection(t *testing.T) {
 	tests := []struct {
 		name         string
 		noColor      bool
 		details      map[string]string
 		wantContains []string
 	}{
 		{
 			name:    testutil.TestScenarioColorDisabled,
 			noColor: true,
 			details: map[string]string{testutil.TestKeyFile: appconstants.ActionFileNameYML, "line": "10"},
 			wantContains: []string{
 				testutil.TestMsgDetails,
 				testutil.TestKeyFile,
 				appconstants.ActionFileNameYML,
 				"line",
 				"10",
 			},
 		},
 		{
 			name:         testutil.TestScenarioColorEnabled,
 			noColor:      false,
 			details:      map[string]string{testutil.TestKeyPath: "/tmp/test"},
 			wantContains: []string{testutil.TestMsgDetails, "path", "/tmp/test"},
 		},
 		{
 			name:         "empty details",
 			noColor:      true,
 			details:      map[string]string{},
 			wantContains: []string{testutil.TestMsgDetails},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: tt.noColor}
 			got := output.formatDetailsSection(tt.details)
 			gotStr := strings.Join(got, "\n")
 			for _, want := range tt.wantContains {
 				if !strings.Contains(gotStr, want) {
 					t.Errorf("formatDetailsSection() missing %q. Got:\n%s", want, gotStr)
 				}
 			}
 		})
 	}
 }
 // TestFormatSuggestionsSection tests suggestions section formatting.
 func TestFormatSuggestionsSection(t *testing.T) {
 	tests := []struct {
 		name         string
 		noColor      bool
 		suggestions  []string
 		wantContains []string
 	}{
 		{
 			name:        testutil.TestScenarioColorDisabled,
 			noColor:     true,
 			suggestions: []string{"Check the file", testutil.TestMsgVerifyPermissions},
 			wantContains: []string{
 				testutil.TestMsgSuggestions,
 				"•",
 				"Check the file",
 				testutil.TestMsgVerifyPermissions,
 			},
 		},
 		{
 			name:         testutil.TestScenarioColorEnabled,
 			noColor:      false,
 			suggestions:  []string{testutil.TestMsgTryAgain},
 			wantContains: []string{testutil.TestMsgSuggestions, "•", testutil.TestMsgTryAgain},
 		},
 		{
 			name:         "empty suggestions",
 			noColor:      true,
 			suggestions:  []string{},
 			wantContains: []string{testutil.TestMsgSuggestions},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: tt.noColor}
 			got := output.formatSuggestionsSection(tt.suggestions)
 			gotStr := strings.Join(got, "\n")
 			for _, want := range tt.wantContains {
 				if !strings.Contains(gotStr, want) {
 					t.Errorf("formatSuggestionsSection() missing %q. Got:\n%s", want, gotStr)
 				}
 			}
 		})
 	}
 }
 // TestFormatHelpURLSection tests help URL section formatting.
 func TestFormatHelpURLSection(t *testing.T) {
 	tests := []struct {
 		name         string
 		noColor      bool
 		helpURL      string
 		wantContains []string
 	}{
 		{
 			name:         testutil.TestScenarioColorDisabled,
 			noColor:      true,
 			helpURL:      testutil.TestURLHelp,
 			wantContains: []string{"For more help", testutil.TestURLHelp},
 		},
 		{
 			name:         testutil.TestScenarioColorEnabled,
 			noColor:      false,
 			helpURL:      "https://docs.example.com",
 			wantContains: []string{"For more help", "https://docs.example.com"},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			output := &ColoredOutput{NoColor: tt.noColor}
 			got := output.formatHelpURLSection(tt.helpURL)
 			for _, want := range tt.wantContains {
 				if !strings.Contains(got, want) {
 					t.Errorf("formatHelpURLSection() missing %q. Got: %q", want, got)
 				}
 			}
 		})
 	}
 }
--- a/internal/parser.go
+++ b/internal/parser.go
@@ -264,11 +264,12 @@ func DiscoverActionFiles(dir string, recursive bool, ignoredDirs []string) ([]st
 	}
 	// Check only the specified directory (non-recursive)
-	return discoverActionFilesNonRecursive(dir), nil
+	return DiscoverActionFilesNonRecursive(dir), nil
 }
-// discoverActionFilesNonRecursive finds action files in a single directory.
+// DiscoverActionFilesNonRecursive finds action files (action.yml or action.yaml) in a single directory.
-func discoverActionFilesNonRecursive(dir string) []string {
+// This is exported for use by other packages that need to discover action files.
 func DiscoverActionFilesNonRecursive(dir string) []string {
 	var actionFiles []string
 	for _, filename := range []string{appconstants.ActionFileNameYML, appconstants.ActionFileNameYAML} {
 		path := filepath.Join(dir, filename)
--- a/internal/parser_test.go
+++ b/internal/parser_test.go
@@ -17,48 +17,9 @@ const testPermissionWrite = "write"
 func parseActionFromContent(t *testing.T, content string) (*ActionYML, error) {
 	t.Helper()
-	tmpFile, err := os.CreateTemp(t.TempDir(), appconstants.TestActionFilePattern)
+	actionPath := testutil.CreateTempActionFile(t, content)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer func() { _ = os.Remove(tmpFile.Name()) }()
-	if _, err := tmpFile.WriteString(content); err != nil {
+	return ParseActionYML(actionPath)
 		t.Fatal(err)
 	}
 	_ = tmpFile.Close()
 	return ParseActionYML(tmpFile.Name())
 }
 // createTestDirWithAction creates a directory with an action.yml file and returns both paths.
 func createTestDirWithAction(t *testing.T, baseDir, dirName, yamlContent string) (string, string) {
 	t.Helper()
 	dirPath := filepath.Join(baseDir, dirName)
 	if err := os.Mkdir(dirPath, appconstants.FilePermDir); err != nil {
 		t.Fatalf(testutil.ErrCreateDir(dirName), err)
 	}
 	actionPath := filepath.Join(dirPath, appconstants.ActionFileNameYML)
 	if err := os.WriteFile(
 		actionPath, []byte(yamlContent), appconstants.FilePermDefault,
 	); err != nil {
 		t.Fatalf(testutil.ErrCreateFile(dirName+"/action.yml"), err)
 	}
 	return dirPath, actionPath
 }
 // createTestFile creates a file with the given content and returns its path.
 func createTestFile(t *testing.T, baseDir, fileName, content string) string {
 	t.Helper()
 	filePath := filepath.Join(baseDir, fileName)
 	if err := os.WriteFile(
 		filePath, []byte(content), appconstants.FilePermDefault,
 	); err != nil {
 		t.Fatalf(testutil.ErrCreateFile(fileName), err)
 	}
 	return filePath
 }
 // validateDiscoveredFiles checks if discovered files match expected count and paths.
@@ -183,18 +144,18 @@ func TestDiscoverActionFilesWithIgnoredDirectories(t *testing.T) {
 	//     action.yml (should be found)
 	// Create root action.yml
-	rootAction := createTestFile(t, tmpDir, appconstants.ActionFileNameYML, appconstants.TestYAMLRoot)
+	rootAction := testutil.WriteFileInDir(t, tmpDir, appconstants.ActionFileNameYML, testutil.TestYAMLRoot)
 	// Create directories with action.yml files
-	_, nodeModulesAction := createTestDirWithAction(
+	_, nodeModulesAction := testutil.CreateNestedAction(
 		t,
 		tmpDir,
 		appconstants.DirNodeModules,
-		appconstants.TestYAMLNodeModules,
+		testutil.TestYAMLNodeModules,
 	)
-	_, vendorAction := createTestDirWithAction(t, tmpDir, appconstants.DirVendor, appconstants.TestYAMLVendor)
+	_, vendorAction := testutil.CreateNestedAction(t, tmpDir, appconstants.DirVendor, testutil.TestYAMLVendor)
-	_, gitAction := createTestDirWithAction(t, tmpDir, appconstants.DirGit, appconstants.TestYAMLGit)
+	_, gitAction := testutil.CreateNestedAction(t, tmpDir, appconstants.DirGit, testutil.TestYAMLGit)
-	_, srcAction := createTestDirWithAction(t, tmpDir, "src", appconstants.TestYAMLSrc)
+	_, srcAction := testutil.CreateNestedAction(t, tmpDir, "src", testutil.TestYAMLSrc)
 	tests := []struct {
 		name        string
@@ -245,17 +206,9 @@ func TestDiscoverActionFilesNestedIgnoredDirs(t *testing.T) {
 	//       nested/
 	//         action.yml (should be ignored)
-	nodeModulesDir := filepath.Join(tmpDir, appconstants.DirNodeModules, "deep", "nested")
+	nodeModulesDir := testutil.CreateTestSubdir(t, tmpDir, appconstants.DirNodeModules, "deep", "nested")
 	if err := os.MkdirAll(nodeModulesDir, appconstants.FilePermDir); err != nil {
 		t.Fatalf(testutil.ErrCreateDir("nested"), err)
 	}
-	nestedAction := filepath.Join(nodeModulesDir, appconstants.ActionFileNameYML)
+	testutil.WriteFileInDir(t, nodeModulesDir, appconstants.ActionFileNameYML, testutil.TestYAMLNested)
 	if err := os.WriteFile(
 		nestedAction, []byte(appconstants.TestYAMLNested), appconstants.FilePermDefault,
 	); err != nil {
 		t.Fatalf(testutil.ErrCreateFile("nested action.yml"), err)
 	}
 	files, err := DiscoverActionFiles(tmpDir, true, []string{appconstants.DirNodeModules})
 	if err != nil {
@@ -273,24 +226,14 @@ func TestDiscoverActionFilesNonRecursive(t *testing.T) {
 	tmpDir := t.TempDir()
 	// Create action.yml in root
-	rootAction := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
+	rootAction := testutil.WriteFileInDir(t, tmpDir, appconstants.ActionFileNameYML, testutil.TestYAMLRoot)
 	if err := os.WriteFile(
 		rootAction, []byte(appconstants.TestYAMLRoot), appconstants.FilePermDefault,
 	); err != nil {
 		t.Fatalf(testutil.ErrCreateFile("action.yml"), err)
 	}
 	// Create subdirectory (should not be searched in non-recursive mode)
 	subDir := filepath.Join(tmpDir, "sub")
 	if err := os.Mkdir(subDir, appconstants.FilePermDir); err != nil {
 		t.Fatalf(testutil.ErrCreateDir("sub"), err)
 	}
-	subAction := filepath.Join(subDir, appconstants.ActionFileNameYML)
+	testutil.WriteFileInDir(t, subDir, appconstants.ActionFileNameYML, testutil.TestYAMLSub)
 	if err := os.WriteFile(
 		subAction, []byte(appconstants.TestYAMLSub), appconstants.FilePermDefault,
 	); err != nil {
 		t.Fatalf(testutil.ErrCreateFile("sub/action.yml"), err)
 	}
 	files, err := DiscoverActionFiles(tmpDir, false, []string{})
 	if err != nil {
@@ -317,23 +260,16 @@ func TestParsePermissionsFromComments(t *testing.T) {
 		wantErr bool
 	}{
 		{
-			name: "single permission with dash format",
+			name:    "single permission with dash format",
-			content: `# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsDashSingle)),
 # permissions:
 #   - contents: read  # Required for checking out repository
 name: Test Action`,
 			want: map[string]string{
 				"contents": "read",
 			},
 			wantErr: false,
 		},
 		{
-			name: "multiple permissions",
+			name:    "multiple permissions",
-			content: `# permissions:
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsDashMultiple)),
 #   - contents: read
 #   - issues: write
 #   - pull-requests: write
 name: Test Action`,
 			want: map[string]string{
 				"contents":      "read",
 				"issues":        "write",
@@ -342,11 +278,8 @@ name: Test Action`,
 			wantErr: false,
 		},
 		{
-			name: "permissions without dash",
+			name:    "permissions without dash",
-			content: `# permissions:
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsObject)),
 #   contents: read
 #   issues: write
 name: Test Action`,
 			want: map[string]string{
 				"contents": "read",
 				"issues":   "write",
@@ -354,18 +287,14 @@ name: Test Action`,
 			wantErr: false,
 		},
 		{
-			name: "no permissions block",
+			name:    "no permissions block",
-			content: `# Just a comment
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsNone)),
 name: Test Action`,
 			want:    map[string]string{},
 			wantErr: false,
 		},
 		{
-			name: "permissions with inline comments",
+			name:    "permissions with inline comments",
-			content: `# permissions:
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsInlineComments)),
 #   - contents: read  # Needed for checkout
 #   - issues: write   # To create issues
 name: Test Action`,
 			want: map[string]string{
 				"contents": "read",
 				"issues":   "write",
@@ -373,18 +302,14 @@ name: Test Action`,
 			wantErr: false,
 		},
 		{
-			name: "empty permissions block",
+			name:    "empty permissions block",
-			content: `# permissions:
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsEmpty)),
 name: Test Action`,
 			want:    map[string]string{},
 			wantErr: false,
 		},
 		{
-			name: "permissions with mixed formats",
+			name:    "permissions with mixed formats",
-			content: `# permissions:
+			content: string(testutil.MustReadFixture(testutil.TestFixturePermissionsMixed)),
 #   - contents: read
 #   issues: write
 name: Test Action`,
 			want: map[string]string{
 				"contents": "read",
 				"issues":   "write",
@@ -397,19 +322,8 @@ name: Test Action`,
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
-			// Create temp file
+			actionPath := testutil.CreateTempActionFile(t, tt.content)
-			tmpFile, err := os.CreateTemp(t.TempDir(), appconstants.TestActionFilePattern)
+			got, err := parsePermissionsFromComments(actionPath)
 			if err != nil {
 				t.Fatal(err)
 			}
 			defer func() { _ = os.Remove(tmpFile.Name()) }()
 			if _, err := tmpFile.WriteString(tt.content); err != nil {
 				t.Fatal(err)
 			}
 			_ = tmpFile.Close()
 			got, err := parsePermissionsFromComments(tmpFile.Name())
 			if (err != nil) != tt.wantErr {
 				t.Errorf("parsePermissionsFromComments() error = %v, wantErr %v", err, tt.wantErr)
@@ -428,17 +342,17 @@ name: Test Action`,
 func TestParseActionYMLWithCommentPermissions(t *testing.T) {
 	t.Parallel()
-	content := appconstants.TestPermissionsHeader +
+	content := testutil.TestPermissionsHeader +
 		"#   - contents: read\n" +
-		appconstants.TestActionNameLine +
+		testutil.TestActionNameLine +
-		appconstants.TestDescriptionLine +
+		testutil.TestDescriptionLine +
-		appconstants.TestRunsLine +
+		testutil.TestRunsLine +
-		appconstants.TestCompositeUsing +
+		testutil.TestCompositeUsing +
-		appconstants.TestStepsEmpty
+		testutil.TestStepsEmpty
 	action, err := parseActionFromContent(t, content)
 	if err != nil {
-		t.Fatalf(appconstants.TestErrorFormat, err)
+		t.Fatalf(testutil.TestErrorFormat, err)
 	}
 	if action.Permissions == nil {
@@ -454,20 +368,20 @@ func TestParseActionYMLWithCommentPermissions(t *testing.T) {
 func TestParseActionYMLYAMLPermissionsOverrideComments(t *testing.T) {
 	t.Parallel()
-	content := appconstants.TestPermissionsHeader +
+	content := testutil.TestPermissionsHeader +
 		"#   - contents: read\n" +
 		"#   - issues: write\n" +
-		appconstants.TestActionNameLine +
+		testutil.TestActionNameLine +
-		appconstants.TestDescriptionLine +
+		testutil.TestDescriptionLine +
 		"permissions:\n" +
 		"  contents: write  # YAML override\n" +
-		appconstants.TestRunsLine +
+		testutil.TestRunsLine +
-		appconstants.TestCompositeUsing +
+		testutil.TestCompositeUsing +
-		appconstants.TestStepsEmpty
+		testutil.TestStepsEmpty
 	action, err := parseActionFromContent(t, content)
 	if err != nil {
-		t.Fatalf(appconstants.TestErrorFormat, err)
+		t.Fatalf(testutil.TestErrorFormat, err)
 	}
 	// YAML should override comment
@@ -491,18 +405,18 @@ func TestParseActionYMLYAMLPermissionsOverrideComments(t *testing.T) {
 func TestParseActionYMLOnlyYAMLPermissions(t *testing.T) {
 	t.Parallel()
-	content := appconstants.TestActionNameLine +
+	content := testutil.TestActionNameLine +
-		appconstants.TestDescriptionLine +
+		testutil.TestDescriptionLine +
 		"permissions:\n" +
 		"  contents: read\n" +
 		"  issues: write\n" +
-		appconstants.TestRunsLine +
+		testutil.TestRunsLine +
-		appconstants.TestCompositeUsing +
+		testutil.TestCompositeUsing +
-		appconstants.TestStepsEmpty
+		testutil.TestStepsEmpty
 	action, err := parseActionFromContent(t, content)
 	if err != nil {
-		t.Fatalf(appconstants.TestErrorFormat, err)
+		t.Fatalf(testutil.TestErrorFormat, err)
 	}
 	if action.Permissions == nil {
@@ -522,15 +436,15 @@ func TestParseActionYMLOnlyYAMLPermissions(t *testing.T) {
 func TestParseActionYMLNoPermissions(t *testing.T) {
 	t.Parallel()
-	content := appconstants.TestActionNameLine +
+	content := testutil.TestActionNameLine +
-		appconstants.TestDescriptionLine +
+		testutil.TestDescriptionLine +
-		appconstants.TestRunsLine +
+		testutil.TestRunsLine +
-		appconstants.TestCompositeUsing +
+		testutil.TestCompositeUsing +
-		appconstants.TestStepsEmpty
+		testutil.TestStepsEmpty
 	action, err := parseActionFromContent(t, content)
 	if err != nil {
-		t.Fatalf(appconstants.TestErrorFormat, err)
+		t.Fatalf(testutil.TestErrorFormat, err)
 	}
 	if action.Permissions != nil {
@@ -542,8 +456,8 @@ func TestParseActionYMLNoPermissions(t *testing.T) {
 func TestParseActionYMLMalformedYAML(t *testing.T) {
 	t.Parallel()
-	content := appconstants.TestActionNameLine +
+	content := testutil.TestActionNameLine +
-		appconstants.TestDescriptionLine +
+		testutil.TestDescriptionLine +
 		"invalid-yaml: [\n" + // Unclosed bracket
 		"  - item"
@@ -557,15 +471,8 @@ func TestParseActionYMLMalformedYAML(t *testing.T) {
 func TestParseActionYMLEmptyFile(t *testing.T) {
 	t.Parallel()
-	tmpFile, err := os.CreateTemp(t.TempDir(), appconstants.TestActionFilePattern)
+	actionPath := testutil.CreateTempActionFile(t, "")
-	if err != nil {
+	_, err := ParseActionYML(actionPath)
 		t.Fatal(err)
 	}
 	defer func() { _ = os.Remove(tmpFile.Name()) }()
 	_ = tmpFile.Close()
 	_, err = ParseActionYML(tmpFile.Name())
 	// Empty file should return EOF error from YAML parser
 	if err == nil {
 		t.Error("Expected EOF error for empty file, got nil")
@@ -656,7 +563,7 @@ func TestProcessPermissionEntryIndentationEdgeCases(t *testing.T) {
 	}{
 		{
 			name:               "first item sets indent",
-			line:               appconstants.TestContentsRead,
+			line:               testutil.TestContentsRead,
 			content:            "contents: read",
 			initialIndent:      -1,
 			wantBreak:          false,
@@ -721,8 +628,8 @@ func TestParsePermissionsFromCommentsEdgeCases(t *testing.T) {
 	}{
 		{
 			name: "duplicate permissions",
-			content: appconstants.TestPermissionsHeader +
+			content: testutil.TestPermissionsHeader +
-				appconstants.TestContentsRead +
+				testutil.TestContentsRead +
 				"#   contents: write\n",
 			wantPerms:   map[string]string{"contents": "write"},
 			wantErr:     false,
@@ -730,8 +637,8 @@ func TestParsePermissionsFromCommentsEdgeCases(t *testing.T) {
 		},
 		{
 			name: "mixed valid and invalid lines",
-			content: appconstants.TestPermissionsHeader +
+			content: testutil.TestPermissionsHeader +
-				appconstants.TestContentsRead +
+				testutil.TestContentsRead +
 				"#   invalid-line-no-value\n" +
 				"#   issues: write\n",
 			wantPerms:   map[string]string{"contents": "read", "issues": "write"},
@@ -740,9 +647,9 @@ func TestParsePermissionsFromCommentsEdgeCases(t *testing.T) {
 		},
 		{
 			name: "permissions block ends at non-comment",
-			content: appconstants.TestPermissionsHeader +
+			content: testutil.TestPermissionsHeader +
-				appconstants.TestContentsRead +
+				testutil.TestContentsRead +
-				appconstants.TestActionNameLine +
+				testutil.TestActionNameLine +
 				"#   issues: write\n",
 			wantPerms:   map[string]string{"contents": "read"},
 			wantErr:     false,
@@ -750,8 +657,8 @@ func TestParsePermissionsFromCommentsEdgeCases(t *testing.T) {
 		},
 		{
 			name: "only permissions header",
-			content: appconstants.TestPermissionsHeader +
+			content: testutil.TestPermissionsHeader +
-				appconstants.TestActionNameLine,
+				testutil.TestActionNameLine,
 			wantPerms:   map[string]string{},
 			wantErr:     false,
 			description: "empty permissions block",
@@ -760,18 +667,8 @@ func TestParsePermissionsFromCommentsEdgeCases(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			tmpFile, err := os.CreateTemp(t.TempDir(), "test-*.yml")
+			actionPath := testutil.CreateTempActionFile(t, tt.content)
-			if err != nil {
+			perms, err := parsePermissionsFromComments(actionPath)
 				t.Fatal(err)
 			}
 			defer func() { _ = os.Remove(tmpFile.Name()) }()
 			if _, err := tmpFile.WriteString(tt.content); err != nil {
 				t.Fatal(err)
 			}
 			_ = tmpFile.Close()
 			perms, err := parsePermissionsFromComments(tmpFile.Name())
 			if (err != nil) != tt.wantErr {
 				t.Errorf("parsePermissionsFromComments() error = %v, wantErr %v", err, tt.wantErr)
@@ -868,7 +765,7 @@ func TestWalkFuncErrorHandling(t *testing.T) {
 	testErr := filepath.SkipDir
 	err = walker.walkFunc(tmpDir, info, testErr)
 	if err != testErr {
-		t.Errorf("walkFunc() should propagate error, got %v, want %v", err, testErr)
+		t.Errorf("walkFunc() should propagate error, "+testutil.TestMsgGotWant, err, testErr)
 	}
 }
@@ -878,8 +775,8 @@ func TestParseActionYMLOnlyComments(t *testing.T) {
 	content := "# This is a comment\n" +
 		"# Another comment\n" +
-		appconstants.TestPermissionsHeader +
+		testutil.TestPermissionsHeader +
-		appconstants.TestContentsRead
+		testutil.TestContentsRead
 	_, err := parseActionFromContent(t, content)
 	// File with only comments should return EOF error from YAML parser
--- a/internal/progress_test.go
+++ b/internal/progress_test.go
@@ -1,12 +1,13 @@
 package internal
 import (
 	"io"
 	"testing"
 	"github.com/schollz/progressbar/v3"
 )
-func TestProgressBarManager_CreateProgressBar(t *testing.T) {
+func TestProgressBarManagerCreateProgressBar(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name        string
@@ -64,7 +65,7 @@ func TestProgressBarManager_CreateProgressBar(t *testing.T) {
 	}
 }
-func TestProgressBarManager_CreateProgressBarForFiles(t *testing.T) {
+func TestProgressBarManagerCreateProgressBarForFiles(t *testing.T) {
 	t.Parallel()
 	pm := NewProgressBarManager(false)
 	files := []string{"file1.yml", "file2.yml", "file3.yml"}
@@ -76,33 +77,44 @@ func TestProgressBarManager_CreateProgressBarForFiles(t *testing.T) {
 	}
 }
-func TestProgressBarManager_FinishProgressBar(t *testing.T) {
+func TestProgressBarManagerNilSafeOperations(t *testing.T) {
 	t.Parallel()
 	// Use quiet mode to avoid cluttering test output
 	pm := NewProgressBarManager(true)
-	// Test with nil bar (should not panic)
+	tests := []struct {
-	pm.FinishProgressBar(nil)
+		name      string
 		operation func(*ProgressBarManager, *progressbar.ProgressBar)
 	}{
 		{
 			name: "FinishProgressBar handles nil",
 			operation: func(pm *ProgressBarManager, bar *progressbar.ProgressBar) {
 				pm.FinishProgressBar(bar)
 			},
 		},
 		{
 			name: "UpdateProgressBar handles nil",
 			operation: func(pm *ProgressBarManager, bar *progressbar.ProgressBar) {
 				pm.UpdateProgressBar(bar)
 			},
 		},
 	}
-	// Test with actual bar (will be nil in quiet mode)
+	for _, tt := range tests {
-	bar := pm.CreateProgressBar("Test", 5)
+		t.Run(tt.name, func(t *testing.T) {
-	pm.FinishProgressBar(bar) // Should handle nil gracefully
+			t.Parallel()
 			// Use quiet mode to avoid cluttering test output
 			pm := NewProgressBarManager(true)
 			// Should not panic with nil
 			tt.operation(pm, nil)
 			// Should not panic with actual bar (will be nil in quiet mode)
 			bar := pm.CreateProgressBar("Test", 5)
 			tt.operation(pm, bar)
 		})
 	}
 }
-func TestProgressBarManager_UpdateProgressBar(t *testing.T) {
+func TestProgressBarManagerProcessWithProgressBar(t *testing.T) {
 	t.Parallel()
 	// Use quiet mode to avoid cluttering test output
 	pm := NewProgressBarManager(true)
 	// Test with nil bar (should not panic)
 	pm.UpdateProgressBar(nil)
 	// Test with actual bar (will be nil in quiet mode)
 	bar := pm.CreateProgressBar("Test", 5)
 	pm.UpdateProgressBar(bar) // Should handle nil gracefully
 }
 func TestProgressBarManager_ProcessWithProgressBar(t *testing.T) {
 	t.Parallel()
 	// Use NullProgressManager to avoid cluttering test output
 	pm := NewNullProgressManager()
@@ -126,7 +138,7 @@ func TestProgressBarManager_ProcessWithProgressBar(t *testing.T) {
 	}
 }
-func TestProgressBarManager_ProcessWithProgressBar_QuietMode(t *testing.T) {
+func TestProgressBarManagerProcessWithProgressBarQuietMode(t *testing.T) {
 	t.Parallel()
 	pm := NewProgressBarManager(true) // quiet mode
 	items := []string{"item1", "item2"}
@@ -146,3 +158,32 @@ func TestProgressBarManager_ProcessWithProgressBar_QuietMode(t *testing.T) {
 		t.Errorf("expected %d processed items, got %d", len(items), len(processedItems))
 	}
 }
 // TestProgressBarManagerFinishProgressBarWithNewline tests finishing with newline.
 func TestProgressBarManagerFinishProgressBarWithNewline(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name string
 		bar  *progressbar.ProgressBar
 	}{
 		{
 			name: "with valid progress bar",
 			bar:  progressbar.NewOptions(10, progressbar.OptionSetWriter(io.Discard)),
 		},
 		{
 			name: "with nil progress bar",
 			bar:  nil,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			pm := NewProgressBarManager(false)
 			// Should not panic
 			pm.FinishProgressBarWithNewline(tt.bar)
 		})
 	}
 }
--- a/internal/template.go
+++ b/internal/template.go
@@ -13,7 +13,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/internal/dependencies"
 	"github.com/ivuorinen/gh-action-readme/internal/git"
 	"github.com/ivuorinen/gh-action-readme/internal/validation"
-	"github.com/ivuorinen/gh-action-readme/templates_embed"
+	templatesembed "github.com/ivuorinen/gh-action-readme/templates_embed"
 )
 // TemplateOptions defines options for rendering templates.
@@ -60,32 +60,34 @@ func templateFuncs() template.FuncMap {
 	}
 }
-// getGitOrg returns the Git organization from template data.
+// getFieldWithFallback extracts a field from TemplateData with Git-then-Config fallback logic.
-func getGitOrg(data any) string {
+func getFieldWithFallback(data any, gitGetter, configGetter func(*TemplateData) string, defaultValue string) string {
 	if td, ok := data.(*TemplateData); ok {
-		if td.Git.Organization != "" {
+		if gitValue := gitGetter(td); gitValue != "" {
-			return td.Git.Organization
+			return gitValue
 		}
-		if td.Config.Organization != "" {
+		if configValue := configGetter(td); configValue != "" {
-			return td.Config.Organization
+			return configValue
 		}
 	}
-	return appconstants.DefaultOrgPlaceholder
+	return defaultValue
 }
 // getGitOrg returns the Git organization from template data.
 func getGitOrg(data any) string {
 	return getFieldWithFallback(data,
 		func(td *TemplateData) string { return td.Git.Organization },
 		func(td *TemplateData) string { return td.Config.Organization },
 		appconstants.DefaultOrgPlaceholder)
 }
 // getGitRepo returns the Git repository name from template data.
 func getGitRepo(data any) string {
-	if td, ok := data.(*TemplateData); ok {
+	return getFieldWithFallback(data,
-		if td.Git.Repository != "" {
+		func(td *TemplateData) string { return td.Git.Repository },
-			return td.Git.Repository
+		func(td *TemplateData) string { return td.Config.Repository },
-		}
+		appconstants.DefaultRepoPlaceholder)
 		if td.Config.Repository != "" {
 			return td.Config.Repository
 		}
 	}
 	return appconstants.DefaultRepoPlaceholder
 }
 // getGitUsesString returns a complete uses string for the action.
@@ -289,7 +291,7 @@ func analyzeDependencies(actionPath string, config *AppConfig, gitInfo git.RepoI
 // RenderReadme renders a README using a Go template and the parsed action.yml data.
 func RenderReadme(action any, opts TemplateOptions) (string, error) {
-	tmplContent, err := templates_embed.ReadTemplate(opts.TemplatePath)
+	tmplContent, err := templatesembed.ReadTemplate(opts.TemplatePath)
 	if err != nil {
 		return "", err
 	}
@@ -301,11 +303,11 @@ func RenderReadme(action any, opts TemplateOptions) (string, error) {
 		}
 		var head, foot string
 		if opts.HeaderPath != "" {
-			h, _ := templates_embed.ReadTemplate(opts.HeaderPath)
+			h, _ := templatesembed.ReadTemplate(opts.HeaderPath)
 			head = string(h)
 		}
 		if opts.FooterPath != "" {
-			f, _ := templates_embed.ReadTemplate(opts.FooterPath)
+			f, _ := templatesembed.ReadTemplate(opts.FooterPath)
 			foot = string(f)
 		}
 		// Wrap template output in header/footer
--- a/internal/template_helper_test.go
+++ b/internal/template_helper_test.go
@@ -0,0 +1,165 @@
 package internal
 import (
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/internal/dependencies"
 	"github.com/ivuorinen/gh-action-readme/internal/git"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // TestAssertTemplateData_Helper tests the assertTemplateData helper function.
 func TestAssertTemplateDataHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name     string
 		setup    func() (*TemplateData, *ActionYML, *AppConfig)
 		wantOrg  string
 		wantRepo string
 	}{
 		{
 			name: "valid template data",
 			setup: func() (*TemplateData, *ActionYML, *AppConfig) {
 				action := &ActionYML{
 					Name:        "Test Action",
 					Description: "A test action",
 				}
 				config := &AppConfig{
 					Organization: testutil.TestOrgName,
 					Repository:   testutil.TestRepoName,
 				}
 				data := &TemplateData{
 					ActionYML: action,
 					Git: git.RepoInfo{
 						Organization: testutil.TestOrgName,
 						Repository:   testutil.TestRepoName,
 					},
 					Config: config,
 				}
 				return data, action, config
 			},
 			wantOrg:  testutil.TestOrgName,
 			wantRepo: testutil.TestRepoName,
 		},
 		{
 			name: "template data with dependencies",
 			setup: func() (*TemplateData, *ActionYML, *AppConfig) {
 				action := &ActionYML{
 					Name: "Action with deps",
 				}
 				config := &AppConfig{
 					Organization:        testutil.MyOrgName,
 					Repository:          testutil.MyRepoName,
 					AnalyzeDependencies: true,
 				}
 				data := &TemplateData{
 					ActionYML: action,
 					Git: git.RepoInfo{
 						Organization: testutil.MyOrgName,
 						Repository:   testutil.MyRepoName,
 					},
 					Config:       config,
 					Dependencies: []dependencies.Dependency{}, // Empty slice, not nil
 				}
 				return data, action, config
 			},
 			wantOrg:  testutil.MyOrgName,
 			wantRepo: testutil.MyRepoName,
 		},
 		{
 			name: "template data with empty organization",
 			setup: func() (*TemplateData, *ActionYML, *AppConfig) {
 				action := &ActionYML{
 					Name: "Test",
 				}
 				config := &AppConfig{
 					Organization: "",
 					Repository:   testutil.RepoName,
 				}
 				data := &TemplateData{
 					ActionYML: action,
 					Git: git.RepoInfo{
 						Organization: "",
 						Repository:   testutil.RepoName,
 					},
 					Config: config,
 				}
 				return data, action, config
 			},
 			wantOrg:  "",
 			wantRepo: testutil.RepoName,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			data, action, config := tt.setup()
 			// Call the helper - it validates the template data
 			assertTemplateData(t, data, action, config, tt.wantOrg, tt.wantRepo)
 		})
 	}
 }
 // TestPrepareTestActionFile_Helper tests the prepareTestActionFile helper function.
 func TestPrepareTestActionFileHelper(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name       string
 		actionPath string
 		wantExists bool
 	}{
 		{
 			name:       "analyzer fixture composite action",
 			actionPath: testutil.AnalyzerFixturePath + "composite-action.yml",
 			wantExists: true,
 		},
 		{
 			name:       "analyzer fixture docker action",
 			actionPath: testutil.AnalyzerFixturePath + "docker-action.yml",
 			wantExists: true,
 		},
 		{
 			name:       "analyzer fixture javascript action",
 			actionPath: testutil.AnalyzerFixturePath + "javascript-action.yml",
 			wantExists: true,
 		},
 		{
 			name:       "nonexistent file path",
 			actionPath: testutil.AnalyzerFixturePath + "nonexistent.yml",
 			wantExists: true, // Helper creates a path, even if file doesn't exist
 		},
 		{
 			name:       "non-analyzer path",
 			actionPath: "some/other/path.yml",
 			wantExists: true, // Returns tmpDir path
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			// Call the helper - it prepares a test action file
 			result := prepareTestActionFile(t, tt.actionPath)
 			// Verify we got a path
 			if result == "" {
 				t.Error("prepareTestActionFile returned empty path")
 			}
 			// Verify it's an absolute path or relative path
 			if !filepath.IsAbs(result) && !filepath.IsLocal(result) {
 				t.Logf("Note: path may be relative or absolute: %s", result)
 			}
 		})
 	}
 }
--- a/internal/template_test.go
+++ b/internal/template_test.go
@@ -2,10 +2,12 @@ package internal
 import (
 	"path/filepath"
 	"strings"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/git"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // newTemplateData creates a TemplateData with common test values.
@@ -59,7 +61,7 @@ func TestExtractActionSubdirectory(t *testing.T) {
 		},
 		{
 			name:       "single level subdirectory",
-			actionPath: appconstants.TestRepoBuildActionPath,
+			actionPath: testutil.TestRepoBuildActionPath,
 			repoRoot:   "/repo",
 			want:       "build",
 		},
@@ -71,7 +73,7 @@ func TestExtractActionSubdirectory(t *testing.T) {
 		},
 		{
 			name:       "root action",
-			actionPath: appconstants.TestRepoActionPath,
+			actionPath: testutil.TestRepoActionPath,
 			repoRoot:   "/repo",
 			want:       "",
 		},
@@ -83,7 +85,7 @@ func TestExtractActionSubdirectory(t *testing.T) {
 		},
 		{
 			name:       "empty repo root",
-			actionPath: appconstants.TestRepoActionPath,
+			actionPath: testutil.TestRepoActionPath,
 			repoRoot:   "",
 			want:       "",
 		},
@@ -138,7 +140,7 @@ func TestBuildUsesString(t *testing.T) {
 		{
 			name: "root action",
 			td: &TemplateData{
-				ActionPath: appconstants.TestRepoActionPath,
+				ActionPath: testutil.TestRepoActionPath,
 				RepoRoot:   "/repo",
 			},
 			org:     "ivuorinen",
@@ -149,7 +151,7 @@ func TestBuildUsesString(t *testing.T) {
 		{
 			name: "empty org",
 			td: &TemplateData{
-				ActionPath: appconstants.TestRepoBuildActionPath,
+				ActionPath: testutil.TestRepoBuildActionPath,
 				RepoRoot:   "/repo",
 			},
 			org:     "",
@@ -160,7 +162,7 @@ func TestBuildUsesString(t *testing.T) {
 		{
 			name: "empty repo",
 			td: &TemplateData{
-				ActionPath: appconstants.TestRepoBuildActionPath,
+				ActionPath: testutil.TestRepoBuildActionPath,
 				RepoRoot:   "/repo",
 			},
 			org:     "ivuorinen",
@@ -274,19 +276,19 @@ func TestGetGitUsesString(t *testing.T) {
 		{
 			name: "monorepo action with explicit version",
 			data: newTemplateData("Build Action", "v1.0.0", true, "main", "org", "actions",
-				appconstants.TestRepoBuildActionPath, "/repo"),
+				testutil.TestRepoBuildActionPath, "/repo"),
 			want: "org/actions/build@v1.0.0",
 		},
 		{
 			name: "root level action with default branch",
 			data: newTemplateData("My Action", "", true, "develop", "user", "my-action",
-				appconstants.TestRepoActionPath, "/repo"),
+				testutil.TestRepoActionPath, "/repo"),
 			want: "user/my-action@develop",
 		},
 		{
 			name: "action with use_default_branch disabled",
-			data: newTemplateData("Test Action", "", false, "main", "org", "test",
+			data: newTemplateData(testutil.TestActionName, "", false, "main", "org", "test",
-				appconstants.TestRepoActionPath, "/repo"),
+				testutil.TestRepoActionPath, "/repo"),
 			want: "org/test@v1",
 		},
 	}
@@ -330,12 +332,12 @@ func TestFormatVersion(t *testing.T) {
 		{
 			name:    "version without @",
 			version: "v1.2.3",
-			want:    appconstants.TestVersionV123,
+			want:    testutil.TestVersionV123,
 		},
 		{
 			name:    "version with @",
-			version: appconstants.TestVersionV123,
+			version: testutil.TestVersionV123,
-			want:    appconstants.TestVersionV123,
+			want:    testutil.TestVersionV123,
 		},
 		{
 			name:    "main branch",
@@ -382,7 +384,7 @@ func TestBuildTemplateData(t *testing.T) {
 		{
 			name: "basic action with config overrides",
 			action: &ActionYML{
-				Name:        "Test Action",
+				Name:        testutil.TestActionName,
 				Description: "Test description",
 			},
 			config: &AppConfig{
@@ -390,7 +392,7 @@ func TestBuildTemplateData(t *testing.T) {
 				Repository:   "testrepo",
 			},
 			repoRoot:   ".",
-			actionPath: "action.yml",
+			actionPath: appconstants.ActionFileNameYML,
 			wantOrg:    "testorg",
 			wantRepo:   "testrepo",
 		},
@@ -402,7 +404,7 @@ func TestBuildTemplateData(t *testing.T) {
 			},
 			config:     &AppConfig{},
 			repoRoot:   ".",
-			actionPath: "action.yml",
+			actionPath: appconstants.ActionFileNameYML,
 			wantOrg:    "",
 			wantRepo:   "",
 		},
@@ -469,6 +471,27 @@ func assertTemplateData(
 }
 // TestAnalyzeDependencies tests the analyzeDependencies function.
 // prepareTestActionFile prepares a test action file for analyzeDependencies tests.
 func prepareTestActionFile(t *testing.T, actionPath string) string {
 	t.Helper()
 	if strings.HasPrefix(actionPath, "../../testdata/analyzer/") &&
 		actionPath != "../../testdata/analyzer/nonexistent.yml" {
 		filename := filepath.Base(actionPath)
 		yamlContent := testutil.MustReadAnalyzerFixture(filename)
 		tmpDir := t.TempDir()
 		tmpPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 		tmpPath = testutil.ValidateTestPath(t, tmpPath, tmpDir)
 		testutil.WriteTestFile(t, tmpPath, yamlContent)
 		return tmpPath
 	}
 	// For nonexistent file test
 	return filepath.Join(t.TempDir(), "nonexistent.yml")
 }
 func TestAnalyzeDependencies(t *testing.T) {
 	t.Parallel()
@@ -508,18 +531,26 @@ func TestAnalyzeDependencies(t *testing.T) {
 			config:     &AppConfig{},
 			expectNil:  false, // Should gracefully handle errors and return empty slice
 		},
 		{
 			name:       "path traversal attempt",
 			actionPath: "../../etc/passwd",
 			config:     &AppConfig{},
 			expectNil:  false, // Returns empty slice for invalid paths
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			actionPath := prepareTestActionFile(t, tt.actionPath)
 			gitInfo := git.RepoInfo{
 				Organization: "testorg",
 				Repository:   "testrepo",
 			}
-			result := analyzeDependencies(tt.actionPath, tt.config, gitInfo)
+			result := analyzeDependencies(actionPath, tt.config, gitInfo)
 			if tt.expectNil && result != nil {
 				t.Errorf("analyzeDependencies() expected nil, got %v", result)
--- a/internal/testoutput_test.go
+++ b/internal/testoutput_test.go
@@ -0,0 +1,220 @@
 package internal
 import (
 	"os"
 	"testing"
 	"github.com/schollz/progressbar/v3"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal/apperrors"
 )
 const testFormatString = "test %s %d"
 func TestNullOutput(t *testing.T) {
 	t.Parallel()
 	no := NewNullOutput()
 	if no == nil {
 		t.Fatal("NewNullOutput() returned nil")
 	}
 	// Test IsQuiet
 	if !no.IsQuiet() {
 		t.Error("NullOutput.IsQuiet() should return true")
 	}
 	// Test all no-op methods don't panic
 	no.Success("test")
 	no.Error("test")
 	no.Warning("test")
 	no.Info("test")
 	no.Progress("test")
 	no.Bold("test")
 	no.Printf("test")
 	no.Fprintf(os.Stdout, "test")
 	// Test error methods
 	err := apperrors.New(appconstants.ErrCodeUnknown, "test error")
 	no.ErrorWithSuggestions(err)
 	no.ErrorWithContext(appconstants.ErrCodeUnknown, "test", map[string]string{})
 	no.ErrorWithSimpleFix("test", "fix")
 	// Test FormatContextualError
 	formatted := no.FormatContextualError(err)
 	if formatted != "" {
 		t.Errorf("NullOutput.FormatContextualError() = %q, want empty string", formatted)
 	}
 }
 func TestNullProgressManager(t *testing.T) {
 	t.Parallel()
 	npm := NewNullProgressManager()
 	if npm == nil {
 		t.Fatal("NewNullProgressManager() returned nil")
 	}
 	// Test CreateProgressBar returns nil
 	bar := npm.CreateProgressBar("test", 10)
 	if bar != nil {
 		t.Error("NullProgressManager.CreateProgressBar() should return nil")
 	}
 	// Test CreateProgressBarForFiles returns nil
 	bar = npm.CreateProgressBarForFiles("test", []string{"file1", "file2"})
 	if bar != nil {
 		t.Error("NullProgressManager.CreateProgressBarForFiles() should return nil")
 	}
 	// Test no-op methods don't panic
 	npm.FinishProgressBar(nil)
 	npm.FinishProgressBarWithNewline(nil)
 	npm.UpdateProgressBar(nil)
 	// Test ProcessWithProgressBar executes function for each item
 	var count int
 	items := []string{"item1", "item2", "item3"}
 	npm.ProcessWithProgressBar("test", items, func(_ string, _ *progressbar.ProgressBar) {
 		count++
 	})
 	if count != len(items) {
 		t.Errorf("ProcessWithProgressBar processed %d items, want %d", count, len(items))
 	}
 }
 // TestNullOutputEdgeCases tests NullOutput methods with edge case inputs.
 func TestNullOutputEdgeCases(t *testing.T) {
 	t.Parallel()
 	no := NewNullOutput()
 	// Test with empty strings
 	no.Success("")
 	no.Error("")
 	no.Warning("")
 	no.Info("")
 	no.Progress("")
 	no.Bold("")
 	no.Printf("")
 	// Test with special characters
 	specialChars := "\n\t\r\x00\a\b\v\f"
 	no.Success(specialChars)
 	no.Error(specialChars)
 	no.Warning(specialChars)
 	no.Info(specialChars)
 	no.Progress(specialChars)
 	no.Bold(specialChars)
 	no.Printf(specialChars)
 	// Test with unicode
 	unicode := "🎉 emoji test 你好 мир"
 	no.Success(unicode)
 	no.Error(unicode)
 	no.Warning(unicode)
 	no.Info(unicode)
 	no.Progress(unicode)
 	no.Bold(unicode)
 	no.Printf(unicode)
 	// Test with format strings and nil args
 	no.Printf(testFormatString, nil, nil)
 	no.Success(testFormatString, nil, nil)
 	no.Error(testFormatString, nil, nil)
 	// Test with multiple args
 	no.Success("test", "arg1", "arg2", "arg3")
 	no.Error("test", 1, 2, 3, 4, 5)
 	no.Printf("test %s %d %v", "str", 42, true)
 }
 // TestNullOutputErrorMethodsWithNil tests error methods with nil inputs.
 func TestNullOutputErrorMethodsWithNil(t *testing.T) {
 	t.Parallel()
 	no := NewNullOutput()
 	// Test with nil error
 	no.ErrorWithSuggestions(nil)
 	no.FormatContextualError(nil)
 	// Test with nil context
 	no.ErrorWithContext(appconstants.ErrCodeUnknown, "test", nil)
 	// Test with empty context
 	no.ErrorWithContext(appconstants.ErrCodeUnknown, "", map[string]string{})
 	// Test with empty simple fix
 	no.ErrorWithSimpleFix("", "")
 }
 // TestNullProgressManagerEdgeCases tests NullProgressManager with edge cases.
 func TestNullProgressManagerEdgeCases(t *testing.T) {
 	t.Parallel()
 	npm := NewNullProgressManager()
 	// Test with empty strings
 	bar := npm.CreateProgressBar("", 0)
 	if bar != nil {
 		t.Error("CreateProgressBar with empty string should return nil")
 	}
 	// Test with negative count
 	bar = npm.CreateProgressBar("test", -1)
 	if bar != nil {
 		t.Error("CreateProgressBar with negative count should return nil")
 	}
 	// Test with empty file list
 	bar = npm.CreateProgressBarForFiles("test", []string{})
 	if bar != nil {
 		t.Error("CreateProgressBarForFiles with empty list should return nil")
 	}
 	// Test with nil file list
 	bar = npm.CreateProgressBarForFiles("test", nil)
 	if bar != nil {
 		t.Error("CreateProgressBarForFiles with nil list should return nil")
 	}
 	// Test ProcessWithProgressBar with empty items
 	callCount := 0
 	npm.ProcessWithProgressBar("test", []string{}, func(_ string, _ *progressbar.ProgressBar) {
 		callCount++
 	})
 	if callCount != 0 {
 		t.Errorf("ProcessWithProgressBar with empty items called func %d times, want 0", callCount)
 	}
 	// Test ProcessWithProgressBar with nil items
 	callCount = 0
 	npm.ProcessWithProgressBar("test", nil, func(_ string, _ *progressbar.ProgressBar) {
 		callCount++
 	})
 	if callCount != 0 {
 		t.Errorf("ProcessWithProgressBar with nil items called func %d times, want 0", callCount)
 	}
 }
 // TestNullOutputInterfaceCompliance verifies NullOutput implements CompleteOutput.
 func TestNullOutputInterfaceCompliance(t *testing.T) {
 	t.Parallel()
 	var _ CompleteOutput = (*NullOutput)(nil)
 	var _ MessageLogger = (*NullOutput)(nil)
 	var _ ErrorReporter = (*NullOutput)(nil)
 	var _ ErrorFormatter = (*NullOutput)(nil)
 	var _ ProgressReporter = (*NullOutput)(nil)
 	var _ OutputConfig = (*NullOutput)(nil)
 }
 // TestNullProgressManagerInterfaceCompliance verifies NullProgressManager implements ProgressManager.
 func TestNullProgressManagerInterfaceCompliance(t *testing.T) {
 	t.Parallel()
 	var _ ProgressManager = (*NullProgressManager)(nil)
 }
--- a/internal/validation/strings_test.go
+++ b/internal/validation/strings_test.go
@@ -0,0 +1,146 @@
 package validation
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // TestTrimAndNormalize tests the TrimAndNormalize function.
 func TestTrimAndNormalize(t *testing.T) {
 	t.Parallel()
 	tests := []testutil.StringTestCase{
 		{
 			Name:  "no whitespace",
 			Input: "test",
 			Want:  "test",
 		},
 		{
 			Name:  "leading and trailing whitespace",
 			Input: "  test  ",
 			Want:  "test",
 		},
 		{
 			Name:  "multiple internal spaces",
 			Input: "hello    world",
 			Want:  testutil.HelloWorldStr,
 		},
 		{
 			Name:  "mixed whitespace",
 			Input: "  hello   world  ",
 			Want:  testutil.HelloWorldStr,
 		},
 		{
 			Name:  "newlines and tabs",
 			Input: "hello\n\t\tworld",
 			Want:  testutil.HelloWorldStr,
 		},
 		{
 			Name:  "empty string",
 			Input: "",
 			Want:  "",
 		},
 		{
 			Name:  "whitespace only",
 			Input: "   \n\t  ",
 			Want:  "",
 		},
 		{
 			Name:  "multiple lines",
 			Input: "line one\n  line two\n    line three",
 			Want:  "line one line two line three",
 		},
 	}
 	testutil.RunStringTests(t, tests, TrimAndNormalize)
 }
 // TestFormatUsesStatement tests the FormatUsesStatement function.
 func TestFormatUsesStatement(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name    string
 		org     string
 		repo    string
 		version string
 		want    string
 	}{
 		{
 			name:    "full statement with version",
 			org:     "actions",
 			repo:    "checkout",
 			version: "v3",
 			want:    testutil.TestActionCheckoutV3,
 		},
 		{
 			name:    "without version defaults to v1",
 			org:     "actions",
 			repo:    "setup-node",
 			version: "",
 			want:    "actions/setup-node@v1",
 		},
 		{
 			name:    "version with @ prefix",
 			org:     "actions",
 			repo:    "cache",
 			version: "@v2",
 			want:    "actions/cache@v2",
 		},
 		{
 			name:    "version without @ prefix",
 			org:     "actions",
 			repo:    "upload-artifact",
 			version: "v4",
 			want:    "actions/upload-artifact@v4",
 		},
 		{
 			name:    "empty org returns empty",
 			org:     "",
 			repo:    "checkout",
 			version: "v3",
 			want:    "",
 		},
 		{
 			name:    "empty repo returns empty",
 			org:     "actions",
 			repo:    "",
 			version: "v3",
 			want:    "",
 		},
 		{
 			name:    "both org and repo empty",
 			org:     "",
 			repo:    "",
 			version: "v3",
 			want:    "",
 		},
 		{
 			name:    "sha as version",
 			org:     "actions",
 			repo:    "checkout",
 			version: "abc123def456",
 			want:    "actions/checkout@abc123def456",
 		},
 		{
 			name:    "main branch as version",
 			org:     "actions",
 			repo:    "checkout",
 			version: "main",
 			want:    "actions/checkout@main",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := FormatUsesStatement(tt.org, tt.repo, tt.version)
 			if got != tt.want {
 				t.Errorf("FormatUsesStatement(%q, %q, %q) = %q, want %q",
 					tt.org, tt.repo, tt.version, got, tt.want)
 			}
 		})
 	}
 }
--- a/internal/validation/validation_test.go
+++ b/internal/validation/validation_test.go
@@ -1,11 +1,9 @@
 package validation
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
@@ -23,7 +21,7 @@ func TestValidateActionYMLPath(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
-				return testutil.WriteActionFixture(t, tmpDir, appconstants.TestFixtureJavaScriptSimple)
+				return testutil.WriteActionFixture(t, tmpDir, testutil.TestFixtureJavaScriptSimple)
 			},
 			expectError: false,
 		},
@@ -32,7 +30,7 @@ func TestValidateActionYMLPath(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
-				return testutil.WriteActionFixtureAs(t, tmpDir, "action.yaml", appconstants.TestFixtureMinimalAction)
+				return testutil.WriteActionFixtureAs(t, tmpDir, "action.yaml", testutil.TestFixtureMinimalAction)
 			},
 			expectError: false,
 		},
@@ -48,7 +46,7 @@ func TestValidateActionYMLPath(t *testing.T) {
 			setupFunc: func(t *testing.T, tmpDir string) string {
 				t.Helper()
-				return testutil.WriteActionFixtureAs(t, tmpDir, "action.txt", appconstants.TestFixtureJavaScriptSimple)
+				return testutil.WriteActionFixtureAs(t, tmpDir, "action.txt", testutil.TestFixtureJavaScriptSimple)
 			},
 			expectError: true,
 		},
@@ -91,7 +89,7 @@ func TestIsCommitSHA(t *testing.T) {
 	}{
 		{
 			name:     "full commit SHA",
-			version:  "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			version:  testutil.TestSHAForTesting,
 			expected: true,
 		},
 		{
@@ -101,16 +99,16 @@ func TestIsCommitSHA(t *testing.T) {
 		},
 		{
 			name:     "semantic version",
-			version:  "v1.2.3",
+			version:  testutil.TestVersionSemantic,
 			expected: false,
 		},
 		{
 			name:     "branch name",
-			version:  "main",
+			version:  testutil.TestBranchMain,
 			expected: false,
 		},
 		{
-			name:     "empty string",
+			name:     testutil.TestCaseNameEmpty,
 			version:  "",
 			expected: false,
 		},
@@ -141,12 +139,12 @@ func TestIsSemanticVersion(t *testing.T) {
 	}{
 		{
 			name:     "semantic version with v prefix",
-			version:  "v1.2.3",
+			version:  testutil.TestVersionSemantic,
 			expected: true,
 		},
 		{
 			name:     "semantic version without v prefix",
-			version:  "1.2.3",
+			version:  testutil.TestVersionPlain,
 			expected: true,
 		},
 		{
@@ -166,16 +164,16 @@ func TestIsSemanticVersion(t *testing.T) {
 		},
 		{
 			name:     "commit SHA",
-			version:  "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			version:  testutil.TestSHAForTesting,
 			expected: false,
 		},
 		{
 			name:     "branch name",
-			version:  "main",
+			version:  testutil.TestBranchMain,
 			expected: false,
 		},
 		{
-			name:     "empty string",
+			name:     testutil.TestCaseNameEmpty,
 			version:  "",
 			expected: false,
 		},
@@ -201,12 +199,12 @@ func TestIsVersionPinned(t *testing.T) {
 	}{
 		{
 			name:     "full semantic version",
-			version:  "v1.2.3",
+			version:  testutil.TestVersionSemantic,
 			expected: true,
 		},
 		{
 			name:     "full commit SHA",
-			version:  "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			version:  testutil.TestSHAForTesting,
 			expected: true,
 		},
 		{
@@ -221,7 +219,7 @@ func TestIsVersionPinned(t *testing.T) {
 		},
 		{
 			name:     "branch name",
-			version:  "main",
+			version:  testutil.TestBranchMain,
 			expected: false,
 		},
 		{
@@ -230,7 +228,7 @@ func TestIsVersionPinned(t *testing.T) {
 			expected: false,
 		},
 		{
-			name:     "empty string",
+			name:     testutil.TestCaseNameEmpty,
 			version:  "",
 			expected: false,
 		},
@@ -258,28 +256,27 @@ func TestValidateGitBranch(t *testing.T) {
 			name: "valid git repository with main branch",
 			setupFunc: func(_ *testing.T, tmpDir string) (string, string) {
 				// Create a simple git repository
-				gitDir := filepath.Join(tmpDir, ".git")
+				gitDir := testutil.SetupGitDirectory(t, tmpDir)
 				_ = os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				// Create a basic git config
 				configContent := `[core]
 	repositoryformatversion = 0
 	filemode = true
 	bare = false
-[branch "main"]
+[branch testutil.TestBranchMain]
 	remote = origin
 	merge = refs/heads/main
 `
 				testutil.WriteTestFile(t, filepath.Join(gitDir, "config"), configContent)
-				return tmpDir, "main"
+				return tmpDir, testutil.TestBranchMain
 			},
 			expected: true, // This may vary based on actual git repo state
 		},
 		{
 			name: "non-git directory",
 			setupFunc: func(_ *testing.T, tmpDir string) (string, string) {
-				return tmpDir, "main"
+				return tmpDir, testutil.TestBranchMain
 			},
 			expected: false,
 		},
@@ -320,8 +317,7 @@ func TestIsGitRepository(t *testing.T) {
 		{
 			name: "directory with .git folder",
 			setupFunc: func(_ *testing.T, tmpDir string) string {
-				gitDir := filepath.Join(tmpDir, ".git")
+				_ = testutil.SetupGitDirectory(t, tmpDir)
 				_ = os.MkdirAll(gitDir, 0750) // #nosec G301 -- test directory permissions
 				return tmpDir
 			},
@@ -378,28 +374,28 @@ func TestCleanVersionString(t *testing.T) {
 	}{
 		{
 			name:     "version with v prefix",
-			input:    "v1.2.3",
+			input:    testutil.TestVersionSemantic,
-			expected: "1.2.3",
+			expected: testutil.TestVersionPlain,
 		},
 		{
 			name:     "version without v prefix",
-			input:    "1.2.3",
+			input:    testutil.TestVersionPlain,
-			expected: "1.2.3",
+			expected: testutil.TestVersionPlain,
 		},
 		{
 			name:     "version with leading/trailing spaces",
 			input:    "  v1.2.3  ",
-			expected: "1.2.3",
+			expected: testutil.TestVersionPlain,
 		},
 		{
-			name:     "empty string",
+			name:     testutil.TestCaseNameEmpty,
 			input:    "",
 			expected: "",
 		},
 		{
 			name:     "commit SHA",
-			input:    "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			input:    testutil.TestSHAForTesting,
-			expected: "8f4b7f84bd579b95d7f0b90f8d8b6e5d9b8a7f6e",
+			expected: testutil.TestSHAForTesting,
 		},
 	}
@@ -489,7 +485,7 @@ func TestSanitizeActionName(t *testing.T) {
 			expected: "My Action",
 		},
 		{
-			name:     "empty string",
+			name:     testutil.TestCaseNameEmpty,
 			input:    "",
 			expected: "",
 		},
--- a/internal/wizard/detector.go
+++ b/internal/wizard/detector.go
@@ -59,7 +59,7 @@ type DetectedSettings struct {
 func (d *ProjectDetector) DetectProjectSettings() (*DetectedSettings, error) {
 	settings := &DetectedSettings{
 		SuggestedPermissions: make(map[string]string),
-		SuggestedRunsOn:      []string{"ubuntu-latest"},
+		SuggestedRunsOn:      []string{appconstants.RunnerUbuntuLatest},
 	}
 	// Detect repository information
@@ -223,28 +223,71 @@ func (d *ProjectDetector) findActionFiles(dir string, recursive bool) ([]string,
 }
 // findActionFilesRecursive discovers action files recursively using filepath.Walk.
 //
 func (d *ProjectDetector) findActionFilesRecursive(dir string) ([]string, error) {
 	// Validate directory path
 	if err := validateDirectoryPath(dir); err != nil {
 		return nil, err
 	}
 	var actionFiles []string
-	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+	err := filepath.WalkDir(dir, func(path string, entry os.DirEntry, err error) error {
 		if err != nil {
-			return filepath.SkipDir // Skip errors by skipping this directory
+			return filepath.SkipDir
 		}
-		if info.IsDir() {
+		return d.processWalkDirEntry(path, entry, &actionFiles)
 			return d.handleDirectory(info)
 		}
 		if d.isActionFile(info.Name()) {
 			actionFiles = append(actionFiles, path)
 		}
 		return nil
 	})
 	return actionFiles, err
 }
 // validateDirectoryPath checks for path traversal attempts.
 func validateDirectoryPath(dir string) error {
 	cleanDir := filepath.Clean(dir)
 	// Check for ".." as a path component, not substring
 	for _, component := range strings.Split(filepath.ToSlash(cleanDir), "/") {
 		if component == ".." {
 			return fmt.Errorf("invalid directory path: traversal detected in %q", dir)
 		}
 	}
 	return nil
 }
 // processWalkDirEntry processes a single entry during directory walking.
 func (d *ProjectDetector) processWalkDirEntry(path string, entry os.DirEntry, actionFiles *[]string) error {
 	// Check for symlinks - skip them
 	if entry.Type()&os.ModeSymlink != 0 {
 		return nil // Skip all symlinks
 	}
 	// Handle directories
 	if entry.IsDir() {
 		return d.handleDirectoryEntry(entry)
 	}
 	// Check if it's an action file
 	if d.isActionFile(entry.Name()) {
 		*actionFiles = append(*actionFiles, path)
 	}
 	return nil
 }
 // handleDirectoryEntry decides whether to skip a directory during walk.
 func (d *ProjectDetector) handleDirectoryEntry(entry os.DirEntry) error {
 	info, err := entry.Info()
 	if err != nil {
 		return filepath.SkipDir
 	}
 	return d.handleDirectory(info)
 }
 // handleDirectory decides whether to skip a directory during recursive search.
 func (d *ProjectDetector) handleDirectory(info os.FileInfo) error {
 	name := info.Name()
@@ -257,16 +300,7 @@ func (d *ProjectDetector) handleDirectory(info os.FileInfo) error {
 // findActionFilesInDirectory finds action files only in the specified directory.
 func (d *ProjectDetector) findActionFilesInDirectory(dir string) ([]string, error) {
-	var actionFiles []string
+	return internal.DiscoverActionFilesNonRecursive(dir), nil
 	for _, filename := range []string{appconstants.ActionFileNameYML, appconstants.ActionFileNameYAML} {
 		actionPath := filepath.Join(dir, filename)
 		if _, err := os.Stat(actionPath); err == nil {
 			actionFiles = append(actionFiles, actionPath)
 		}
 	}
 	return actionFiles, nil
 }
 // isActionFile checks if a filename is an action file.
@@ -454,15 +488,19 @@ func (d *ProjectDetector) suggestTheme(settings *DetectedSettings) {
 // suggestRunsOn suggests appropriate runners based on language/framework.
 func (d *ProjectDetector) suggestRunsOn(settings *DetectedSettings) {
-	if len(settings.SuggestedRunsOn) != 1 || settings.SuggestedRunsOn[0] != "ubuntu-latest" {
+	if len(settings.SuggestedRunsOn) != 1 || settings.SuggestedRunsOn[0] != appconstants.RunnerUbuntuLatest {
 		return
 	}
 	switch settings.Language {
 	case appconstants.LangJavaScriptTypeScript:
-		settings.SuggestedRunsOn = []string{"ubuntu-latest", "windows-latest", "macos-latest"}
+		settings.SuggestedRunsOn = []string{
 			appconstants.RunnerUbuntuLatest,
 			appconstants.RunnerWindowsLatest,
 			appconstants.RunnerMacosLatest,
 		}
 	case appconstants.LangGo, appconstants.LangPython:
-		settings.SuggestedRunsOn = []string{"ubuntu-latest"}
+		settings.SuggestedRunsOn = []string{appconstants.RunnerUbuntuLatest}
 	}
 }
--- a/internal/wizard/detector_test.go
+++ b/internal/wizard/detector_test.go
@@ -5,28 +5,27 @@ import (
 	"path/filepath"
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
-func TestProjectDetector_analyzeProjectFiles(t *testing.T) {
+func TestProjectDetectorAnalyzeProjectFiles(t *testing.T) {
 	t.Parallel()
 	// Create temporary directory for testing
 	tempDir := t.TempDir()
 	// Create test files (go.mod should be processed last to be the final language)
 	testFiles := map[string]string{
-		"Dockerfile":     "FROM alpine",
+		"Dockerfile":                   "FROM alpine",
-		"action.yml":     "name: Test Action",
+		appconstants.ActionFileNameYML: "name: Test Action",
-		"next.config.js": "module.exports = {}",
+		"next.config.js":               "module.exports = {}",
-		"package.json":   `{"name": "test", "version": "1.0.0"}`,
+		appconstants.PackageJSON:       `{"name": "test", "version": "1.0.0"}`,
-		"go.mod":         "module test", // This should be detected last
+		"go.mod":                       "module test", // This should be detected last
 	}
 	for filename, content := range testFiles {
-		filePath := filepath.Join(tempDir, filename)
+		testutil.WriteFileInDir(t, tempDir, filename, content)
 		if err := os.WriteFile(filePath, []byte(content), 0600); err != nil { // #nosec G306 -- test file permissions
 			t.Fatalf("Failed to create test file %s: %v", filename, err)
 		}
 	}
 	// Create detector with temp directory
@@ -38,10 +37,10 @@ func TestProjectDetector_analyzeProjectFiles(t *testing.T) {
 	characteristics := detector.analyzeProjectFiles()
-	// Test that a language is detected (either Go or JavaScript/TypeScript is valid)
+	// Test that a language is detected (either Go or testutil.TestLangJavaScriptTypeScript is valid)
 	language := characteristics["language"]
-	if language != "Go" && language != "JavaScript/TypeScript" {
+	if language != "Go" && language != testutil.TestLangJavaScriptTypeScript {
-		t.Errorf("Expected language 'Go' or 'JavaScript/TypeScript', got '%s'", language)
+		t.Errorf("Expected language 'Go' or '%s', got '%s'", testutil.TestLangJavaScriptTypeScript, language)
 	}
 	// Test that appropriate type is detected
@@ -64,7 +63,7 @@ func TestProjectDetector_analyzeProjectFiles(t *testing.T) {
 	}
 }
-func TestProjectDetector_detectVersionFromPackageJSON(t *testing.T) {
+func TestProjectDetectorDetectVersionFromPackageJSON(t *testing.T) {
 	t.Parallel()
 	tempDir := t.TempDir()
@@ -75,10 +74,7 @@ func TestProjectDetector_detectVersionFromPackageJSON(t *testing.T) {
 		"description": "Test package"
 	}`
-	packagePath := filepath.Join(tempDir, "package.json")
+	testutil.WriteFileInDir(t, tempDir, appconstants.PackageJSON, packageJSON)
 	if err := os.WriteFile(packagePath, []byte(packageJSON), 0600); err != nil { // #nosec G306 -- test file permissions
 		t.Fatalf("Failed to create package.json: %v", err)
 	}
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
@@ -92,16 +88,13 @@ func TestProjectDetector_detectVersionFromPackageJSON(t *testing.T) {
 	}
 }
-func TestProjectDetector_detectVersionFromFiles(t *testing.T) {
+func TestProjectDetectorDetectVersionFromFiles(t *testing.T) {
 	t.Parallel()
 	tempDir := t.TempDir()
 	// Create VERSION file
 	versionContent := "3.2.1\n"
-	versionPath := filepath.Join(tempDir, "VERSION")
+	testutil.WriteFileInDir(t, tempDir, "VERSION", versionContent)
 	if err := os.WriteFile(versionPath, []byte(versionContent), 0600); err != nil { // #nosec G306 -- test file permissions
 		t.Fatalf("Failed to create VERSION file: %v", err)
 	}
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
@@ -115,34 +108,20 @@ func TestProjectDetector_detectVersionFromFiles(t *testing.T) {
 	}
 }
-func TestProjectDetector_findActionFiles(t *testing.T) {
+func TestProjectDetectorFindActionFiles(t *testing.T) {
 	t.Parallel()
 	tempDir := t.TempDir()
 	// Create action files
-	actionYML := filepath.Join(tempDir, "action.yml")
+	actionYML := filepath.Join(tempDir, appconstants.ActionFileNameYML)
-	if err := os.WriteFile(
+	testutil.WriteTestFile(t, actionYML, "name: Test Action")
 		actionYML,
 		[]byte("name: Test Action"),
 		0600, // #nosec G306 -- test file permissions
 	); err != nil {
 		t.Fatalf("Failed to create action.yml: %v", err)
 	}
 	// Create subdirectory with another action file
 	subDir := filepath.Join(tempDir, "subaction")
-	if err := os.MkdirAll(subDir, 0750); err != nil { // #nosec G301 -- test directory permissions
+	testutil.CreateTestDir(t, subDir)
 		t.Fatalf("Failed to create subdirectory: %v", err)
 	}
 	subActionYAML := filepath.Join(subDir, "action.yaml")
-	if err := os.WriteFile(
+	testutil.WriteTestFile(t, subActionYAML, "name: Sub Action")
 		subActionYAML,
 		[]byte("name: Sub Action"),
 		0600, // #nosec G306 -- test file permissions
 	); err != nil {
 		t.Fatalf("Failed to create sub action.yaml: %v", err)
 	}
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
@@ -171,7 +150,7 @@ func TestProjectDetector_findActionFiles(t *testing.T) {
 	}
 }
-func TestProjectDetector_isActionFile(t *testing.T) {
+func TestProjectDetectorIsActionFile(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
@@ -182,7 +161,7 @@ func TestProjectDetector_isActionFile(t *testing.T) {
 		filename string
 		expected bool
 	}{
-		{"action.yml", true},
+		{appconstants.ActionFileNameYML, true},
 		{"action.yaml", true},
 		{"Action.yml", false},
 		{"action.yml.bak", false},
@@ -201,7 +180,7 @@ func TestProjectDetector_isActionFile(t *testing.T) {
 	}
 }
-func TestProjectDetector_suggestConfiguration(t *testing.T) {
+func TestProjectDetectorSuggestConfiguration(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
@@ -258,3 +237,610 @@ func TestProjectDetector_suggestConfiguration(t *testing.T) {
 		})
 	}
 }
 // TestProjectDetectorSuggestRunsOn tests the runner suggestion logic.
 func TestProjectDetectorSuggestRunsOn(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
 		output: output,
 	}
 	tests := []struct {
 		name     string
 		settings *DetectedSettings
 		expected []string
 	}{
 		{
 			name: "javascript/typescript project",
 			settings: &DetectedSettings{
 				Language:        testutil.TestLangJavaScriptTypeScript,
 				SuggestedRunsOn: []string{testutil.RunnerUbuntuLatest},
 			},
 			expected: []string{
 				testutil.RunnerUbuntuLatest,
 				testutil.RunnerWindowsLatest,
 				testutil.RunnerMacosLatest,
 			},
 		},
 		{
 			name: "go project",
 			settings: &DetectedSettings{
 				Language:        "Go",
 				SuggestedRunsOn: []string{testutil.RunnerUbuntuLatest},
 			},
 			expected: []string{testutil.RunnerUbuntuLatest},
 		},
 		{
 			name: "python project",
 			settings: &DetectedSettings{
 				Language:        "Python",
 				SuggestedRunsOn: []string{testutil.RunnerUbuntuLatest},
 			},
 			expected: []string{testutil.RunnerUbuntuLatest},
 		},
 		{
 			name: "already has multiple runners",
 			settings: &DetectedSettings{
 				Language:        testutil.TestLangJavaScriptTypeScript,
 				SuggestedRunsOn: []string{testutil.RunnerUbuntuLatest, "custom-runner"},
 			},
 			expected: []string{testutil.RunnerUbuntuLatest, "custom-runner"},
 		},
 		{
 			name: "unknown language",
 			settings: &DetectedSettings{
 				Language:        "Rust",
 				SuggestedRunsOn: []string{testutil.RunnerUbuntuLatest},
 			},
 			expected: []string{testutil.RunnerUbuntuLatest},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			detector.suggestRunsOn(tt.settings)
 			if len(tt.settings.SuggestedRunsOn) != len(tt.expected) {
 				t.Errorf("Expected %d runners, got %d", len(tt.expected), len(tt.settings.SuggestedRunsOn))
 				return
 			}
 			for i, expectedRunner := range tt.expected {
 				if tt.settings.SuggestedRunsOn[i] != expectedRunner {
 					t.Errorf("Expected runner at index %d to be %s, got %s",
 						i, expectedRunner, tt.settings.SuggestedRunsOn[i])
 				}
 			}
 		})
 	}
 }
 // assertPermissionsMatch is a helper to validate permissions in tests.
 func assertPermissionsMatch(t *testing.T, expected, actual map[string]string) {
 	t.Helper()
 	if expected == nil && actual != nil {
 		t.Errorf("Expected nil permissions, got %v", actual)
 		return
 	}
 	if expected != nil && actual == nil {
 		t.Errorf("Expected permissions %v, got nil", expected)
 		return
 	}
 	if expected == nil {
 		return
 	}
 	if len(actual) != len(expected) {
 		t.Errorf("Expected %d permissions, got %d", len(expected), len(actual))
 		return
 	}
 	for key, expectedValue := range expected {
 		if actualValue, ok := actual[key]; !ok {
 			t.Errorf("Expected permission %s not found", key)
 		} else if actualValue != expectedValue {
 			t.Errorf("Expected permission %s=%s, got %s=%s",
 				key, expectedValue, key, actualValue)
 		}
 	}
 }
 // TestProjectDetectorSuggestPermissions tests the permissions suggestion logic.
 func TestProjectDetectorSuggestPermissions(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	detector := &ProjectDetector{
 		output: output,
 	}
 	tests := []struct {
 		name     string
 		settings *DetectedSettings
 		expected map[string]string
 	}{
 		{
 			name: "github action without permissions",
 			settings: &DetectedSettings{
 				IsGitHubAction:       true,
 				SuggestedPermissions: nil,
 			},
 			expected: map[string]string{
 				"contents": "read",
 			},
 		},
 		{
 			name: "github action with existing permissions",
 			settings: &DetectedSettings{
 				IsGitHubAction: true,
 				SuggestedPermissions: map[string]string{
 					"contents": "write",
 					"issues":   "read",
 				},
 			},
 			expected: map[string]string{
 				"contents": "write",
 				"issues":   "read",
 			},
 		},
 		{
 			name: "not a github action",
 			settings: &DetectedSettings{
 				IsGitHubAction:       false,
 				SuggestedPermissions: nil,
 			},
 			expected: nil,
 		},
 		{
 			name: "github action with empty permissions map",
 			settings: &DetectedSettings{
 				IsGitHubAction:       true,
 				SuggestedPermissions: map[string]string{},
 			},
 			expected: map[string]string{
 				"contents": "read",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			detector.suggestPermissions(tt.settings)
 			assertPermissionsMatch(t, tt.expected, tt.settings.SuggestedPermissions)
 		})
 	}
 }
 // TestNewProjectDetector tests creating a new project detector.
 func TestNewProjectDetector(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	detector, err := NewProjectDetector(output)
 	if err != nil {
 		t.Fatalf("NewProjectDetector() error = %v", err)
 	}
 	if detector == nil {
 		t.Fatal("NewProjectDetector() returned nil")
 	}
 	if detector.output == nil {
 		t.Error("detector.output is nil")
 	}
 	if detector.currentDir == "" {
 		t.Error("detector.currentDir is empty")
 	}
 }
 // TestDetectProjectSettingsIntegration tests the main detection logic.
 func TestDetectProjectSettingsIntegration(t *testing.T) {
 	// Cannot use t.Parallel() because this test uses t.Chdir()
 	// Create a temporary directory with test files
 	tempDir := t.TempDir()
 	// Create action.yml
 	testutil.WriteActionFixture(t, tempDir, testutil.TestFixtureCompositeWithShellStep)
 	// Change to temp directory (cleanup automatic via t.Chdir)
 	t.Chdir(tempDir)
 	output := internal.NewColoredOutput(true)
 	detector, err := NewProjectDetector(output)
 	if err != nil {
 		t.Fatalf("NewProjectDetector() error = %v", err)
 	}
 	settings, err := detector.DetectProjectSettings()
 	if err != nil {
 		t.Fatalf("DetectProjectSettings() error = %v", err)
 	}
 	if settings == nil {
 		t.Fatal("DetectProjectSettings() returned nil")
 	}
 	// Verify action file was detected
 	if !settings.IsGitHubAction {
 		t.Error("Expected IsGitHubAction to be true")
 	}
 	if len(settings.ActionFiles) == 0 {
 		t.Error("Expected at least one action file to be detected")
 	}
 	// Verify default values are set
 	if len(settings.SuggestedRunsOn) == 0 {
 		t.Error("Expected SuggestedRunsOn to have default values")
 	}
 	if settings.SuggestedPermissions == nil {
 		t.Error("Expected SuggestedPermissions to be initialized")
 	}
 }
 // TestDetectRepositoryInfo tests repository info detection.
 func TestDetectRepositoryInfo(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name     string
 		repoRoot string
 		wantErr  bool
 	}{
 		{
 			name:     "no git repository",
 			repoRoot: "",
 			wantErr:  true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:   output,
 				repoRoot: tt.repoRoot,
 			}
 			settings := &DetectedSettings{
 				SuggestedPermissions: make(map[string]string),
 			}
 			err := detector.detectRepositoryInfo(settings)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("detectRepositoryInfo() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
 }
 // TestDetectActionFiles tests action file detection.
 //
 // validateDetectActionFilesResult validates the results of detectActionFiles call.
 func validateDetectActionFilesResult(
 	t *testing.T,
 	settings *DetectedSettings,
 	err error,
 	wantActionCount int,
 	wantErr bool,
 ) {
 	t.Helper()
 	if (err != nil) != wantErr {
 		t.Errorf("detectActionFiles() error = %v, wantErr %v", err, wantErr)
 	}
 	if len(settings.ActionFiles) != wantActionCount {
 		t.Errorf("Expected %d action files, got %d", wantActionCount, len(settings.ActionFiles))
 	}
 	if wantActionCount > 0 && !settings.IsGitHubAction {
 		t.Error("Expected IsGitHubAction to be true")
 	}
 }
 func TestDetectActionFiles(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name            string
 		setupFunc       func(t *testing.T, dir string)
 		wantActionCount int
 		wantErr         bool
 	}{
 		{
 			name: "detects action file",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				content := "name: Test Action\ndescription: Test"
 				testutil.WriteFileInDir(t, dir, appconstants.ActionFileNameYML, content)
 			},
 			wantActionCount: 1,
 			wantErr:         false,
 		},
 		{
 			name: "no action files",
 			setupFunc: func(t *testing.T, _ string) {
 				t.Helper()
 				// Don't create any files
 			},
 			wantActionCount: 0,
 			wantErr:         false,
 		},
 		{
 			name: "skips symlink to sensitive file",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				// Create symlink: action.yml -> /etc/passwd
 				symlinkPath := filepath.Join(dir, appconstants.ActionFileNameYML)
 				err := os.Symlink("/etc/passwd", symlinkPath)
 				if err != nil {
 					t.Skip("symlink creation not supported on this platform")
 				}
 			},
 			wantActionCount: 0, // Should skip symlinks for security
 			wantErr:         false,
 		},
 		{
 			name: "handles directory with .. components safely",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				// Create subdirectory with action.yml
 				content := "name: Test\ndescription: Test"
 				testutil.CreateNestedAction(t, dir, "subdir", content)
 			},
 			wantActionCount: 1, // Should find the file safely
 			wantErr:         false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tempDir := t.TempDir()
 			if tt.setupFunc != nil {
 				tt.setupFunc(t, tempDir)
 			}
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:     output,
 				currentDir: tempDir,
 			}
 			settings := &DetectedSettings{
 				SuggestedPermissions: make(map[string]string),
 			}
 			err := detector.detectActionFiles(settings)
 			validateDetectActionFilesResult(t, settings, err, tt.wantActionCount, tt.wantErr)
 		})
 	}
 }
 // TestDetectProjectCharacteristics tests project characteristics detection.
 func TestDetectProjectCharacteristics(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name           string
 		setupFunc      func(t *testing.T, dir string)
 		wantDockerfile bool
 	}{
 		{
 			name: "detects Dockerfile",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				content := "FROM alpine:latest"
 				testutil.WriteFileInDir(t, dir, "Dockerfile", content)
 			},
 			wantDockerfile: true,
 		},
 		{
 			name: "no Dockerfile",
 			setupFunc: func(t *testing.T, _ string) {
 				t.Helper()
 				// Don't create Dockerfile
 			},
 			wantDockerfile: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tempDir := t.TempDir()
 			if tt.setupFunc != nil {
 				tt.setupFunc(t, tempDir)
 			}
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:     output,
 				currentDir: tempDir,
 			}
 			settings := &DetectedSettings{
 				SuggestedPermissions: make(map[string]string),
 			}
 			detector.detectProjectCharacteristics(settings)
 			if settings.HasDockerfile != tt.wantDockerfile {
 				t.Errorf("HasDockerfile = %v, want %v", settings.HasDockerfile, tt.wantDockerfile)
 			}
 		})
 	}
 }
 // TestDetectVersion tests version detection from various sources.
 func TestDetectVersion(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name      string
 		setupFunc func(t *testing.T, dir string)
 		want      string
 	}{
 		{
 			name: "detects version from package.json",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				content := `{"version": "1.2.3"}`
 				testutil.WriteFileInDir(t, dir, appconstants.PackageJSON, content)
 			},
 			want: "1.2.3",
 		},
 		{
 			name: "detects version from VERSION file",
 			setupFunc: func(t *testing.T, dir string) {
 				t.Helper()
 				content := "2.0.0\n"
 				testutil.WriteFileInDir(t, dir, "VERSION", content)
 			},
 			want: "2.0.0",
 		},
 		{
 			name: "no version found",
 			setupFunc: func(t *testing.T, _ string) {
 				t.Helper()
 				// Don't create version files
 			},
 			want: "",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tempDir := t.TempDir()
 			if tt.setupFunc != nil {
 				tt.setupFunc(t, tempDir)
 			}
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:     output,
 				currentDir: tempDir,
 			}
 			version := detector.detectVersion()
 			if version != tt.want {
 				t.Errorf("detectVersion() = %q, want %q", version, tt.want)
 			}
 		})
 	}
 }
 // TestDetectVersionFromGitTags tests git tag version detection.
 func TestDetectVersionFromGitTags(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name     string
 		repoRoot string
 		want     string
 	}{
 		{
 			name:     "no git repository",
 			repoRoot: "",
 			want:     "",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:   output,
 				repoRoot: tt.repoRoot,
 			}
 			version := detector.detectVersionFromGitTags()
 			if version != tt.want {
 				t.Errorf("detectVersionFromGitTags() = %q, want %q", version, tt.want)
 			}
 		})
 	}
 }
 // TestAnalyzeActionFile tests action file analysis.
 func TestAnalyzeActionFile(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name      string
 		content   string
 		wantErr   bool
 		checkFunc func(t *testing.T, settings *DetectedSettings)
 	}{
 		{
 			name:    "analyzes composite action",
 			content: testutil.MustReadFixture(testutil.TestFixtureCompositeWithShellStep),
 			wantErr: false,
 			checkFunc: func(t *testing.T, settings *DetectedSettings) {
 				t.Helper()
 				if !settings.HasCompositeAction {
 					t.Error("Expected HasCompositeAction to be true")
 				}
 			},
 		},
 		{
 			name:    "handles invalid YAML",
 			content: "invalid: yaml: content:",
 			wantErr: true,
 			checkFunc: func(t *testing.T, _ *DetectedSettings) {
 				t.Helper()
 				// No specific checks for error case
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			tempDir := t.TempDir()
 			actionPath := testutil.WriteFileInDir(t, tempDir, appconstants.ActionFileNameYML, tt.content)
 			output := internal.NewColoredOutput(true)
 			detector := &ProjectDetector{
 				output:     output,
 				currentDir: tempDir,
 			}
 			settings := &DetectedSettings{
 				SuggestedPermissions: make(map[string]string),
 			}
 			err := detector.analyzeActionFile(actionPath, settings)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("analyzeActionFile() error = %v, wantErr %v", err, tt.wantErr)
 			}
 			if tt.checkFunc != nil {
 				tt.checkFunc(t, settings)
 			}
 		})
 	}
 }
--- a/internal/wizard/exporter.go
+++ b/internal/wizard/exporter.go
@@ -267,24 +267,22 @@ func (e *ConfigExporter) writeWorkflowSection(file *os.File, config *internal.Ap
 // writePermissionsSection writes the permissions section.
 func (e *ConfigExporter) writePermissionsSection(file *os.File, config *internal.AppConfig) {
-	if len(config.Permissions) == 0 {
+	e.writeMapSection(file, "[permissions]", config.Permissions)
 		return
 	}
 	_, _ = fmt.Fprintf(file, "\n[permissions]\n")
 	for key, value := range config.Permissions {
 		_, _ = fmt.Fprintf(file, appconstants.FormatEnvVar, key, value)
 	}
 }
 // writeVariablesSection writes the variables section.
 func (e *ConfigExporter) writeVariablesSection(file *os.File, config *internal.AppConfig) {
-	if len(config.Variables) == 0 {
+	e.writeMapSection(file, "[variables]", config.Variables)
 }
 // writeMapSection writes a TOML section with key-value pairs from a map.
 func (e *ConfigExporter) writeMapSection(file *os.File, sectionName string, data map[string]string) {
 	if len(data) == 0 {
 		return
 	}
-	_, _ = fmt.Fprintf(file, "\n[variables]\n")
+	_, _ = fmt.Fprintf(file, "\n%s\n", sectionName)
-	for key, value := range config.Variables {
+	for key, value := range data {
 		_, _ = fmt.Fprintf(file, appconstants.FormatEnvVar, key, value)
 	}
 }
--- a/internal/wizard/exporter_test.go
+++ b/internal/wizard/exporter_test.go
@@ -13,7 +13,7 @@ import (
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
-func TestConfigExporter_ExportConfig(t *testing.T) {
+func TestConfigExporterExportConfig(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true) // quiet mode for testing
 	exporter := NewConfigExporter(output)
@@ -62,11 +62,11 @@ func testYAMLExport(exporter *ConfigExporter, config *internal.AppConfig) func(*
 	return func(t *testing.T) {
 		t.Helper()
 		tempDir := t.TempDir()
-		outputPath := filepath.Join(tempDir, "config.yaml")
+		outputPath := filepath.Join(tempDir, testutil.TestFileConfigYAML)
 		err := exporter.ExportConfig(config, FormatYAML, outputPath)
 		if err != nil {
-			t.Fatalf("ExportConfig() error = %v", err)
+			t.Fatalf(testutil.TestMsgExportConfigError, err)
 		}
 		testutil.AssertFileExists(t, outputPath)
@@ -83,7 +83,7 @@ func testJSONExport(exporter *ConfigExporter, config *internal.AppConfig) func(*
 		err := exporter.ExportConfig(config, FormatJSON, outputPath)
 		if err != nil {
-			t.Fatalf("ExportConfig() error = %v", err)
+			t.Fatalf(testutil.TestMsgExportConfigError, err)
 		}
 		testutil.AssertFileExists(t, outputPath)
@@ -100,7 +100,7 @@ func testTOMLExport(exporter *ConfigExporter, config *internal.AppConfig) func(*
 		err := exporter.ExportConfig(config, FormatTOML, outputPath)
 		if err != nil {
-			t.Fatalf("ExportConfig() error = %v", err)
+			t.Fatalf(testutil.TestMsgExportConfigError, err)
 		}
 		testutil.AssertFileExists(t, outputPath)
@@ -113,7 +113,7 @@ func verifyYAMLContent(t *testing.T, outputPath string, expected *internal.AppCo
 	t.Helper()
 	data, err := os.ReadFile(outputPath) // #nosec G304 -- test output path
 	if err != nil {
-		t.Fatalf("Failed to read output file: %v", err)
+		t.Fatalf(testutil.TestMsgFailedReadOutput, err)
 	}
 	var yamlConfig internal.AppConfig
@@ -134,7 +134,7 @@ func verifyJSONContent(t *testing.T, outputPath string, expected *internal.AppCo
 	t.Helper()
 	data, err := os.ReadFile(outputPath) // #nosec G304 -- test output path
 	if err != nil {
-		t.Fatalf("Failed to read output file: %v", err)
+		t.Fatalf(testutil.TestMsgFailedReadOutput, err)
 	}
 	var jsonConfig internal.AppConfig
@@ -155,7 +155,7 @@ func verifyTOMLContent(t *testing.T, outputPath string) {
 	t.Helper()
 	data, err := os.ReadFile(outputPath) // #nosec G304 -- test output path
 	if err != nil {
-		t.Fatalf("Failed to read output file: %v", err)
+		t.Fatalf(testutil.TestMsgFailedReadOutput, err)
 	}
 	content := string(data)
@@ -167,7 +167,7 @@ func verifyTOMLContent(t *testing.T, outputPath string) {
 	}
 }
-func TestConfigExporter_sanitizeConfig(t *testing.T) {
+func TestConfigExporterSanitizeConfig(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	exporter := NewConfigExporter(output)
@@ -201,7 +201,7 @@ func TestConfigExporter_sanitizeConfig(t *testing.T) {
 	}
 }
-func TestConfigExporter_GetSupportedFormats(t *testing.T) {
+func TestConfigExporterGetSupportedFormats(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	exporter := NewConfigExporter(output)
@@ -226,7 +226,7 @@ func TestConfigExporter_GetSupportedFormats(t *testing.T) {
 	}
 }
-func TestConfigExporter_GetDefaultOutputPath(t *testing.T) {
+func TestConfigExporterGetDefaultOutputPath(t *testing.T) {
 	t.Parallel()
 	output := internal.NewColoredOutput(true)
 	exporter := NewConfigExporter(output)
@@ -235,7 +235,7 @@ func TestConfigExporter_GetDefaultOutputPath(t *testing.T) {
 		format   ExportFormat
 		expected string
 	}{
-		{FormatYAML, "config.yaml"},
+		{FormatYAML, testutil.TestFileConfigYAML},
 		{FormatJSON, "config.json"},
 		{FormatTOML, "config.toml"},
 	}
--- a/internal/wizard/validator.go
+++ b/internal/wizard/validator.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
 	"slices"
 	"strings"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
@@ -34,6 +35,22 @@ type ValidationWarning struct {
 	Value   string
 }
 // validPermissionsMap defines valid GitHub Actions permissions and their allowed values.
 var validPermissionsMap = map[string][]string{
 	"actions":             {"read", "write"},
 	"checks":              {"read", "write"},
 	"contents":            {"read", "write"},
 	"deployments":         {"read", "write"},
 	"id-token":            {"write"},
 	"issues":              {"read", "write"},
 	"discussions":         {"read", "write"},
 	"packages":            {"read", "write"},
 	"pull-requests":       {"read", "write"},
 	"repository-projects": {"read", "write"},
 	"security-events":     {"read", "write"},
 	"statuses":            {"read", "write"},
 }
 // ConfigValidator handles configuration validation with immediate feedback.
 type ConfigValidator struct {
 	output *internal.ColoredOutput
@@ -139,50 +156,38 @@ func (v *ConfigValidator) DisplayValidationResult(result *ValidationResult) {
 // validateOrganization validates the organization field.
 func (v *ConfigValidator) validateOrganization(org string, result *ValidationResult) {
-	if org == "" {
+	v.validateFieldWithEmptyCheck(
-		result.Warnings = append(result.Warnings, ValidationWarning{
+		"organization",
-			Field:   "organization",
+		org,
-			Message: "Organization is empty - will use auto-detected value",
+		v.isValidGitHubName,
-			Value:   org,
+		"Organization is empty - will use auto-detected value",
-		})
+		"Invalid organization name format",
-
+		"Organization names can only contain alphanumeric characters and hyphens",
-		return
+		result,
-	}
+	)
 	// GitHub username/organization rules
 	if !v.isValidGitHubName(org) {
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   "organization",
 			Message: "Invalid organization name format",
 			Value:   org,
 		})
 		result.Suggestions = append(result.Suggestions,
 			"Organization names can only contain alphanumeric characters and hyphens")
 	}
 }
 // validateRepository validates the repository field.
 func (v *ConfigValidator) validateRepository(repo string, result *ValidationResult) {
-	if repo == "" {
+	v.validateFieldWithEmptyCheck(
-		result.Warnings = append(result.Warnings, ValidationWarning{
+		"repository",
-			Field:   "repository",
+		repo,
-			Message: "Repository is empty - will use auto-detected value",
+		v.isValidGitHubName,
-			Value:   repo,
+		"Repository is empty - will use auto-detected value",
-		})
+		"Invalid repository name format",
 		"Repository names can only contain alphanumeric characters, hyphens, and underscores",
 		result,
 	)
 }
-		return
+// addWarningWithSuggestion is a helper to add a warning and suggestion together.
-	}
+func addWarningWithSuggestion(result *ValidationResult, field, message, value, suggestion string) {
-
+	result.Warnings = append(result.Warnings, ValidationWarning{
-	// GitHub repository name rules
+		Field:   field,
-	if !v.isValidGitHubName(repo) {
+		Message: message,
-		result.Errors = append(result.Errors, ValidationError{
+		Value:   value,
-			Field:   "repository",
+	})
-			Message: "Invalid repository name format",
+	result.Suggestions = append(result.Suggestions, suggestion)
 			Value:   repo,
 		})
 		result.Suggestions = append(result.Suggestions,
 			"Repository names can only contain alphanumeric characters, hyphens, and underscores")
 	}
 }
 // validateVersion validates the version field.
@@ -194,62 +199,32 @@ func (v *ConfigValidator) validateVersion(version string, result *ValidationResu
 	// Check if it follows semantic versioning
 	if !v.isValidSemanticVersion(version) {
-		result.Warnings = append(result.Warnings, ValidationWarning{
+		addWarningWithSuggestion(result,
-			Field:   "version",
+			"version",
-			Message: "Version does not follow semantic versioning (x.y.z)",
+			"Version does not follow semantic versioning (x.y.z)",
-			Value:   version,
+			version,
 		})
 		result.Suggestions = append(result.Suggestions,
 			"Consider using semantic versioning format (e.g., 1.0.0)")
 	}
 }
 // validateTheme validates the theme field.
 func (v *ConfigValidator) validateTheme(theme string, result *ValidationResult) {
-	validThemes := []string{"default", "github", "gitlab", "minimal", "professional"}
+	validThemes := []string{
-
+		appconstants.ThemeDefault,
-	found := false
+		appconstants.ThemeGitHub,
-	for _, validTheme := range validThemes {
+		appconstants.ThemeGitLab,
-		if theme == validTheme {
+		appconstants.ThemeMinimal,
-			found = true
+		appconstants.ThemeProfessional,
 			break
 		}
 	}
-	if !found {
+	v.validateFieldInList("theme", theme, validThemes, "Invalid theme", result)
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   "theme",
 			Message: "Invalid theme",
 			Value:   theme,
 		})
 		result.Suggestions = append(result.Suggestions,
 			"Valid themes: "+strings.Join(validThemes, ", "))
 	}
 }
 // validateOutputFormat validates the output format field.
 func (v *ConfigValidator) validateOutputFormat(format string, result *ValidationResult) {
-	validFormats := []string{"md", "html", "json", "asciidoc"}
+	validFormats := appconstants.GetSupportedOutputFormats()
-	found := false
+	v.validateFieldInList("output_format", format, validFormats, "Invalid output format", result)
 	for _, validFormat := range validFormats {
 		if format == validFormat {
 			found = true
 			break
 		}
 	}
 	if !found {
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   "output_format",
 			Message: "Invalid output format",
 			Value:   format,
 		})
 		result.Suggestions = append(result.Suggestions,
 			"Valid formats: "+strings.Join(validFormats, ", "))
 	}
 }
 // validateOutputDir validates the output directory field.
@@ -270,24 +245,20 @@ func (v *ConfigValidator) validateOutputDir(dir string, result *ValidationResult
 		parent := filepath.Dir(dir)
 		if parent != "." {
 			if _, err := os.Stat(parent); os.IsNotExist(err) {
-				result.Warnings = append(result.Warnings, ValidationWarning{
+				addWarningWithSuggestion(result,
-					Field:   "output_dir",
+					"output_dir",
-					Message: "Parent directory does not exist",
+					"Parent directory does not exist",
-					Value:   dir,
+					dir,
 				})
 				result.Suggestions = append(result.Suggestions,
 					"Ensure the parent directory exists or will be created")
 			}
 		}
 	} else {
 		// Absolute path - check if it exists
 		if _, err := os.Stat(dir); os.IsNotExist(err) {
-			result.Warnings = append(result.Warnings, ValidationWarning{
+			addWarningWithSuggestion(result,
-				Field:   "output_dir",
+				"output_dir",
-				Message: "Directory does not exist",
+				"Directory does not exist",
-				Value:   dir,
+				dir,
 			})
 			result.Suggestions = append(result.Suggestions,
 				"Directory will be created if it doesn't exist")
 		}
 	}
@@ -321,30 +292,32 @@ func (v *ConfigValidator) validateGitHubToken(token string, result *ValidationRe
 		"Consider using GITHUB_TOKEN environment variable instead")
 }
 // validatePermissionValue validates a single permission value and updates the result.
 func (v *ConfigValidator) validatePermissionValue(
 	permission, value string,
 	validValues []string,
 	result *ValidationResult,
 ) {
 	if !v.isValueInList(value, validValues) {
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   "permissions." + permission,
 			Message: "Invalid permission value",
 			Value:   value,
 		})
 		result.Suggestions = append(result.Suggestions,
 			fmt.Sprintf("Valid values for %s: %s", permission, strings.Join(validValues, ", ")))
 	}
 }
 // validatePermissions validates the permissions field.
 func (v *ConfigValidator) validatePermissions(permissions map[string]string, result *ValidationResult) {
 	if len(permissions) == 0 {
 		return
 	}
 	validPermissions := map[string][]string{
 		"actions":             {"read", "write"},
 		"checks":              {"read", "write"},
 		"contents":            {"read", "write"},
 		"deployments":         {"read", "write"},
 		"id-token":            {"write"},
 		"issues":              {"read", "write"},
 		"discussions":         {"read", "write"},
 		"packages":            {"read", "write"},
 		"pull-requests":       {"read", "write"},
 		"repository-projects": {"read", "write"},
 		"security-events":     {"read", "write"},
 		"statuses":            {"read", "write"},
 	}
 	for permission, value := range permissions {
 		// Check if permission is valid
-		validValues, permissionExists := validPermissions[permission]
+		validValues, permissionExists := validPermissionsMap[permission]
 		if !permissionExists {
 			result.Warnings = append(result.Warnings, ValidationWarning{
 				Field:   "permissions",
@@ -356,24 +329,7 @@ func (v *ConfigValidator) validatePermissions(permissions map[string]string, res
 		}
 		// Check if value is valid
-		validValue := false
+		v.validatePermissionValue(permission, value, validValues, result)
 		for _, validVal := range validValues {
 			if value == validVal {
 				validValue = true
 				break
 			}
 		}
 		if !validValue {
 			result.Errors = append(result.Errors, ValidationError{
 				Field:   "permissions",
 				Message: "Invalid value for permission " + permission,
 				Value:   value,
 			})
 			result.Suggestions = append(result.Suggestions,
 				fmt.Sprintf("Valid values for %s: %s", permission, strings.Join(validValues, ", ")))
 		}
 	}
 }
@@ -392,31 +348,22 @@ func (v *ConfigValidator) validateRunsOn(runsOn []string, result *ValidationResu
 	}
 	validRunners := []string{
-		"ubuntu-latest", "ubuntu-22.04", "ubuntu-20.04",
+		appconstants.RunnerUbuntuLatest, "ubuntu-22.04", "ubuntu-20.04",
-		"windows-latest", "windows-2022", "windows-2019",
+		appconstants.RunnerWindowsLatest, "windows-2022", "windows-2019",
-		"macos-latest", "macos-13", "macos-12", "macos-11",
+		appconstants.RunnerMacosLatest, "macos-13", "macos-12", "macos-11",
 	}
 	for _, runner := range runsOn {
 		// Check if it's a GitHub-hosted runner
-		isValid := false
+		isValid := v.isValueInList(runner, validRunners)
 		for _, validRunner := range validRunners {
 			if runner == validRunner {
 				isValid = true
 				break
 			}
 		}
 		// If not a standard runner, it might be self-hosted
 		if !isValid {
 			if !strings.HasPrefix(runner, "self-hosted") {
-				result.Warnings = append(result.Warnings, ValidationWarning{
+				addWarningWithSuggestion(result,
-					Field:   "runs_on",
+					"runs_on",
-					Message: "Unknown runner: " + runner,
+					"Unknown runner: "+runner,
-					Value:   runner,
+					runner,
 				})
 				result.Suggestions = append(result.Suggestions,
 					"Ensure the runner is available in your GitHub organization")
 			}
 		}
@@ -457,6 +404,11 @@ func (v *ConfigValidator) validateVariables(variables map[string]string, result
 	}
 }
 // isValueInList checks if a value exists in a list of valid options.
 func (v *ConfigValidator) isValueInList(value string, validOptions []string) bool {
 	return slices.Contains(validOptions, value)
 }
 // isValidGitHubName checks if a name follows GitHub naming rules.
 func (v *ConfigValidator) isValidGitHubName(name string) bool {
 	if len(name) == 0 || len(name) > 39 {
--- a/internal/wizard/validator_helper.go
+++ b/internal/wizard/validator_helper.go
@@ -0,0 +1,60 @@
 package wizard
 import (
 	"fmt"
 	"strings"
 )
 // validateFieldWithEmptyCheck is a generic helper for fields that:
 // - Allow empty values (with optional warning)
 // - Validate non-empty values with a custom validator function
 // - Add error and optional suggestion if validation fails.
 func (v *ConfigValidator) validateFieldWithEmptyCheck(
 	field, fieldValue string,
 	isValid func(string) bool,
 	emptyWarning, errorMsg, suggestion string,
 	result *ValidationResult,
 ) {
 	if fieldValue == "" {
 		if emptyWarning != "" {
 			result.Warnings = append(result.Warnings, ValidationWarning{
 				Field:   field,
 				Message: emptyWarning,
 				Value:   fieldValue,
 			})
 		}
 		return
 	}
 	if !isValid(fieldValue) {
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   field,
 			Message: errorMsg,
 			Value:   fieldValue,
 		})
 		if suggestion != "" {
 			result.Suggestions = append(result.Suggestions, suggestion)
 		}
 	}
 }
 // validateFieldInList is a generic helper for fields that must be
 // one of a predefined list of valid values.
 func (v *ConfigValidator) validateFieldInList(
 	field, fieldValue string,
 	validValues []string,
 	errorMsg string,
 	result *ValidationResult,
 ) {
 	if !v.isValueInList(fieldValue, validValues) {
 		result.Errors = append(result.Errors, ValidationError{
 			Field:   field,
 			Message: errorMsg,
 			Value:   fieldValue,
 		})
 		result.Suggestions = append(result.Suggestions,
 			fmt.Sprintf("Valid %ss: %s", field, strings.Join(validValues, ", ")))
 	}
 }
--- a/internal/wizard/validator_test.go
+++ b/internal/wizard/validator_test.go
@@ -6,10 +6,46 @@ import (
 	"github.com/ivuorinen/gh-action-readme/internal"
 )
-func TestConfigValidator_ValidateConfig(t *testing.T) {
+// newTestValidator creates a ConfigValidator for testing with quiet output.
 // Reduces duplication across validator tests.
 func newTestValidator() *ConfigValidator {
 	output := internal.NewColoredOutput(true)
 	return NewConfigValidator(output)
 }
 // validationTestCase defines a test case for string validation methods.
 type validationTestCase struct {
 	name  string
 	input string
 	want  bool
 }
 // runValidationTests is a generic helper for testing validator methods that take a string and return bool.
 // This eliminates duplication across isValidGitHubName, isValidSemanticVersion, isValidGitHubToken, etc.
 func runValidationTests(
 	t *testing.T,
 	tests []validationTestCase,
 	validatorFunc func(string) bool,
 	funcName string,
 ) {
 	t.Helper()
 	t.Parallel()
-	output := internal.NewColoredOutput(true) // quiet mode for testing
+
-	validator := NewConfigValidator(output)
+	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := validatorFunc(tt.input)
 			if got != tt.want {
 				t.Errorf("%s(%q) = %v, want %v", funcName, tt.input, got, tt.want)
 			}
 		})
 	}
 }
 func TestConfigValidatorValidateConfig(t *testing.T) {
 	t.Parallel()
 	validator := newTestValidator()
 	tests := []struct {
 		name           string
@@ -93,10 +129,9 @@ func TestConfigValidator_ValidateConfig(t *testing.T) {
 	}
 }
-func TestConfigValidator_ValidateField(t *testing.T) {
+func TestConfigValidatorValidateField(t *testing.T) {
 	t.Parallel()
-	output := internal.NewColoredOutput(true)
+	validator := newTestValidator()
 	validator := NewConfigValidator(output)
 	tests := []struct {
 		name        string
@@ -128,16 +163,10 @@ func TestConfigValidator_ValidateField(t *testing.T) {
 	}
 }
-func TestConfigValidator_isValidGitHubName(t *testing.T) {
+func TestConfigValidatorIsValidGitHubName(t *testing.T) {
-	t.Parallel()
+	validator := newTestValidator()
 	output := internal.NewColoredOutput(true)
 	validator := NewConfigValidator(output)
-	tests := []struct {
+	tests := []validationTestCase{
 		name  string
 		input string
 		want  bool
 	}{
 		{"valid name", "test-org", true},
 		{"valid name with numbers", "test123", true},
 		{"valid name with underscore", "test_org", true},
@@ -149,27 +178,13 @@ func TestConfigValidator_isValidGitHubName(t *testing.T) {
 		{"very long name", "this-is-a-very-long-organization-name-that-exceeds-the-limit", false},
 	}
-	for _, tt := range tests {
+	runValidationTests(t, tests, validator.isValidGitHubName, "isValidGitHubName")
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := validator.isValidGitHubName(tt.input)
 			if got != tt.want {
 				t.Errorf("isValidGitHubName(%q) = %v, want %v", tt.input, got, tt.want)
 			}
 		})
 	}
 }
-func TestConfigValidator_isValidSemanticVersion(t *testing.T) {
+func TestConfigValidatorIsValidSemanticVersion(t *testing.T) {
-	t.Parallel()
+	validator := newTestValidator()
 	output := internal.NewColoredOutput(true)
 	validator := NewConfigValidator(output)
-	tests := []struct {
+	tests := []validationTestCase{
 		name  string
 		input string
 		want  bool
 	}{
 		{"valid version", "1.0.0", true},
 		{"valid version with pre-release", "1.0.0-alpha", true},
 		{"valid version with build", "1.0.0+build.1", true},
@@ -180,27 +195,13 @@ func TestConfigValidator_isValidSemanticVersion(t *testing.T) {
 		{"empty version", "", false},
 	}
-	for _, tt := range tests {
+	runValidationTests(t, tests, validator.isValidSemanticVersion, "isValidSemanticVersion")
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := validator.isValidSemanticVersion(tt.input)
 			if got != tt.want {
 				t.Errorf("isValidSemanticVersion(%q) = %v, want %v", tt.input, got, tt.want)
 			}
 		})
 	}
 }
-func TestConfigValidator_isValidGitHubToken(t *testing.T) {
+func TestConfigValidatorIsValidGitHubToken(t *testing.T) {
-	t.Parallel()
+	validator := newTestValidator()
 	output := internal.NewColoredOutput(true)
 	validator := NewConfigValidator(output)
-	tests := []struct {
+	tests := []validationTestCase{
 		name  string
 		input string
 		want  bool
 	}{
 		{"classic token", "ghp_1234567890abcdef1234567890abcdef12345678", true},
 		{"fine-grained token", "github_pat_1234567890abcdef", true},
 		{"app token", "ghs_1234567890abcdef", true},
@@ -211,27 +212,13 @@ func TestConfigValidator_isValidGitHubToken(t *testing.T) {
 		{"empty token", "", false},
 	}
-	for _, tt := range tests {
+	runValidationTests(t, tests, validator.isValidGitHubToken, "isValidGitHubToken")
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := validator.isValidGitHubToken(tt.input)
 			if got != tt.want {
 				t.Errorf("isValidGitHubToken(%q) = %v, want %v", tt.input, got, tt.want)
 			}
 		})
 	}
 }
-func TestConfigValidator_isValidVariableName(t *testing.T) {
+func TestConfigValidatorIsValidVariableName(t *testing.T) {
-	t.Parallel()
+	validator := newTestValidator()
 	output := internal.NewColoredOutput(true)
 	validator := NewConfigValidator(output)
-	tests := []struct {
+	tests := []validationTestCase{
 		name  string
 		input string
 		want  bool
 	}{
 		{"valid name", "MY_VAR", true},
 		{"valid name with underscore", "_MY_VAR", true},
 		{"valid name lowercase", "my_var", true},
@@ -243,13 +230,5 @@ func TestConfigValidator_isValidVariableName(t *testing.T) {
 		{"empty name", "", false},
 	}
-	for _, tt := range tests {
+	runValidationTests(t, tests, validator.isValidVariableName, "isValidVariableName")
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got := validator.isValidVariableName(tt.input)
 			if got != tt.want {
 				t.Errorf("isValidVariableName(%q) = %v, want %v", tt.input, got, tt.want)
 			}
 		})
 	}
 }
--- a/internal/wizard/validator_test_helpers.go
+++ b/internal/wizard/validator_test_helpers.go
@@ -0,0 +1 @@
 package wizard
--- a/internal/wizard/wizard.go
+++ b/internal/wizard/wizard.go
@@ -141,7 +141,7 @@ func (w *ConfigWizard) configureThemeSelection() {
 // configureOutputFormat handles output format selection.
 func (w *ConfigWizard) configureOutputFormat() {
 	w.output.Info("\nAvailable output formats:")
-	formats := []string{"md", "html", "json", "asciidoc"}
+	formats := appconstants.GetSupportedOutputFormats()
 	w.displayFormatOptions(formats)
@@ -165,11 +165,11 @@ func (w *ConfigWizard) getAvailableThemes() []struct {
 		name string
 		desc string
 	}{
-		{"default", "Original simple template"},
+		{appconstants.ThemeDefault, "Original simple template"},
-		{"github", "GitHub-style with badges and collapsible sections"},
+		{appconstants.ThemeGitHub, "GitHub-style with badges and collapsible sections"},
-		{"gitlab", "GitLab-focused with CI/CD examples"},
+		{appconstants.ThemeGitLab, "GitLab-focused with CI/CD examples"},
-		{"minimal", "Clean and concise documentation"},
+		{appconstants.ThemeMinimal, "Clean and concise documentation"},
-		{"professional", "Comprehensive with troubleshooting and ToC"},
+		{appconstants.ThemeProfessional, "Comprehensive with troubleshooting and ToC"},
 	}
 }
@@ -357,15 +357,20 @@ func (w *ConfigWizard) promptYesNo(prompt string, defaultValue bool) bool {
 // findActionFiles discovers action files in the given directory.
 func (w *ConfigWizard) findActionFiles(dir string) []string {
-	var actionFiles []string
+	// Check for path traversal attempts in the raw input before cleaning
-
+	for _, component := range strings.Split(filepath.ToSlash(dir), "/") {
-	// Check for action.yml and action.yaml
+		if component == ".." {
-	for _, filename := range []string{"action.yml", "action.yaml"} {
+			return []string{} // Return empty for invalid paths
 		actionPath := filepath.Join(dir, filename)
 		if _, err := os.Stat(actionPath); err == nil {
 			actionFiles = append(actionFiles, actionPath)
 		}
 	}
-	return actionFiles
+	// Validate and clean the input path
 	cleanDir := filepath.Clean(dir)
 	// Verify Clean didn't change the path (indicates normalization/traversal)
 	if cleanDir != dir {
 		return []string{} // Return empty for paths with traversal
 	}
 	// Check for action.yml and action.yaml using validated path
 	return internal.DiscoverActionFilesNonRecursive(cleanDir)
 }
--- a/internal/wizard/wizard_test.go
+++ b/internal/wizard/wizard_test.go
--- a/main.go
+++ b/main.go
@@ -2,11 +2,10 @@
 package main
 import (
 	"errors"
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"github.com/schollz/progressbar/v3"
@@ -35,6 +34,37 @@ var (
 	quiet        bool
 )
 // InputReader interface for reading user input (enables testing).
 type InputReader interface {
 	ReadLine() (string, error)
 }
 // StdinReader reads from actual stdin.
 type StdinReader struct{}
 func (r *StdinReader) ReadLine() (string, error) {
 	var response string
 	_, err := fmt.Scanln(&response)
 	return strings.TrimSpace(response), err
 }
 // TestInputReader allows injecting test responses for testing.
 type TestInputReader struct {
 	responses []string
 	index     int
 }
 func (r *TestInputReader) ReadLine() (string, error) {
 	if r.index >= len(r.responses) {
 		return "", errors.New("no more test responses")
 	}
 	response := r.responses[r.index]
 	r.index++
 	return response, nil
 }
 // Helper functions to reduce duplication.
 func createOutputManager(quiet bool) *internal.ColoredOutput {
@@ -89,13 +119,52 @@ func createAnalyzer(generator *internal.Generator, output *internal.ColoredOutpu
 	return helpers.CreateAnalyzer(generator, output)
 }
 // wrapHandlerWithErrorHandling converts error-returning handler to Cobra handler.
 // This allows handlers to return errors for testing while maintaining Cobra compatibility.
 func wrapHandlerWithErrorHandling(handler func(*cobra.Command, []string) error) func(*cobra.Command, []string) {
 	return func(cmd *cobra.Command, args []string) {
 		// Ensure globalConfig is initialized (important for testing)
 		if globalConfig == nil {
 			globalConfig = internal.DefaultAppConfig()
 		}
 		if err := handler(cmd, args); err != nil {
 			output := createOutputManager(globalConfig.Quiet)
 			output.Error(err.Error())
 			os.Exit(1)
 		}
 	}
 }
 // wrapError wraps an error with a message constant.
 // This is a helper to reduce duplication of the fmt.Errorf("%s: %w", msg, err) pattern.
 func wrapError(msgConstant string, err error) error {
 	return fmt.Errorf("%s: %w", msgConstant, err)
 }
 // handleNoFilesFoundError handles errors where no action files are found, showing a warning instead of failing.
 // Returns nil if the error is about no files found (after showing warning), otherwise returns the original error.
 func handleNoFilesFoundError(err error, output *internal.ColoredOutput) error {
 	if err == nil {
 		return nil
 	}
 	if strings.Contains(err.Error(), appconstants.ErrNoActionFilesFound) {
 		output.Warning(appconstants.ErrNoActionFilesFound)
 		return nil
 	}
 	return err
 }
 func main() {
 	rootCmd := &cobra.Command{
 		Use:   "gh-action-readme",
 		Short: "Auto-generate beautiful README and HTML documentation for GitHub Actions.",
 		Long: `gh-action-readme is a CLI tool for parsing one or many action.yml files and ` +
 			`generating informative, modern, and customizable documentation.`,
-		PersistentPreRun: initConfig,
+		PersistentPreRunE: initConfig,
 	}
 	// Global flags
@@ -141,14 +210,14 @@ func main() {
 	}
 }
-func initConfig(_ *cobra.Command, _ []string) {
+func initConfig(_ *cobra.Command, _ []string) error {
 	var err error
 	// Use ConfigurationLoader for loading global configuration
 	loader := internal.NewConfigurationLoader()
 	globalConfig, err = loader.LoadGlobalConfig(configFile)
 	if err != nil {
-		log.Fatalf("Failed to initialize configuration: %v", err)
+		return fmt.Errorf("failed to initialize configuration: %w", err)
 	}
 	// Override with command line flags
@@ -159,6 +228,8 @@ func initConfig(_ *cobra.Command, _ []string) {
 		globalConfig.Quiet = true
 		globalConfig.Verbose = false // quiet overrides verbose
 	}
 	return nil
 }
 func newGenCmd() *cobra.Command {
@@ -175,10 +246,15 @@ Examples:
 	gh-action-readme gen -f html --output custom.html testdata/action/
 	gh-action-readme gen --output docs/action1.html testdata/action1/`,
 		Args: cobra.MaximumNArgs(1),
-		Run:  genHandler,
+		Run:  wrapHandlerWithErrorHandling(genHandler),
 	}
-	cmd.Flags().StringP(appconstants.FlagOutputFormat, "f", "md", "output format: md, html, json, asciidoc")
+	cmd.Flags().StringP(
 		appconstants.FlagOutputFormat,
 		"f",
 		appconstants.OutputFormatMarkdown,
 		"output format: md, html, json, asciidoc",
 	)
 	cmd.Flags().StringP(appconstants.FlagOutputDir, "o", ".", "output directory")
 	cmd.Flags().StringP(appconstants.FlagOutput, "", "", "custom output filename (overrides default naming)")
 	cmd.Flags().StringP(appconstants.ConfigKeyTheme, "t", "", "template theme: github, gitlab, minimal, professional")
@@ -196,7 +272,7 @@ func newValidateCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "validate",
 		Short: "Validate action.yml files and optionally autofill missing fields.",
-		Run:   validateHandler,
+		Run:   wrapHandlerWithErrorHandling(validateHandler),
 	}
 }
@@ -208,9 +284,9 @@ func newSchemaCmd() *cobra.Command {
 	}
 }
-func genHandler(cmd *cobra.Command, args []string) {
+// resolveAndValidateTargetPath resolves the target path from arguments or current directory,
-	output := createOutputManager(globalConfig.Quiet)
+// validates it exists, and returns the absolute path and file info.
-
+func resolveAndValidateTargetPath(args []string) (string, os.FileInfo, error) {
 	// Determine target path from arguments or current directory
 	var targetPath string
 	if len(args) > 0 {
@@ -219,23 +295,35 @@ func genHandler(cmd *cobra.Command, args []string) {
 		var err error
 		targetPath, err = helpers.GetCurrentDir()
 		if err != nil {
-			output.Error(appconstants.ErrErrorGettingCurrentDir, err)
+			return "", nil, wrapError(appconstants.ErrErrorGettingCurrentDir, err)
 			os.Exit(1)
 		}
 	}
 	// Resolve target path to absolute path
 	absTargetPath, err := filepath.Abs(targetPath)
 	if err != nil {
-		output.Error("Error resolving path %s: %v", targetPath, err)
+		return "", nil, fmt.Errorf("error resolving path %s: %w", targetPath, err)
 		os.Exit(1)
 	}
 	// Check if target exists
 	info, err := os.Stat(absTargetPath)
 	if err != nil {
-		output.Error("Path does not exist: %s", targetPath)
+		return "", nil, fmt.Errorf("path does not exist: %s", targetPath)
-		os.Exit(1)
+	}
 	return absTargetPath, info, nil
 }
 func genHandler(cmd *cobra.Command, args []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	// Resolve and validate target path
 	absTargetPath, info, err := resolveAndValidateTargetPath(args)
 	if err != nil {
 		return err
 	}
 	var workingDir string
@@ -260,46 +348,46 @@ func genHandler(cmd *cobra.Command, args []string) {
 			"documentation generation",
 		)
 		if err != nil {
-			os.Exit(1)
+			return fmt.Errorf(appconstants.ErrFailedToDiscoverActionFiles, err)
 		}
 	} else {
 		// Target is a file - validate it's an action file
 		lowerPath := strings.ToLower(absTargetPath)
 		if !strings.HasSuffix(lowerPath, ".yml") && !strings.HasSuffix(lowerPath, ".yaml") {
-			output.Error("File must be a YAML file (.yml or .yaml): %s", targetPath)
+			return fmt.Errorf("file must be a YAML file (.yml or .yaml): %s", absTargetPath)
 			os.Exit(1)
 		}
 		workingDir = filepath.Dir(absTargetPath)
 		actionFiles = []string{absTargetPath}
 	}
 	repoRoot := helpers.FindGitRepoRoot(workingDir)
-	config := loadGenConfig(repoRoot, workingDir)
+	config, err := loadGenConfig(repoRoot, workingDir)
 	if err != nil {
 		return err
 	}
 	applyGlobalFlags(config)
 	applyCommandFlags(cmd, config)
 	generator := internal.NewGenerator(config)
 	logConfigInfo(generator, config, repoRoot)
-	processActionFiles(generator, actionFiles)
+	return processActionFiles(generator, actionFiles)
 }
 // loadGenConfig loads multi-level configuration using ConfigurationLoader.
-func loadGenConfig(repoRoot, currentDir string) *internal.AppConfig {
+func loadGenConfig(repoRoot, currentDir string) (*internal.AppConfig, error) {
 	loader := internal.NewConfigurationLoader()
 	config, err := loader.LoadConfiguration(configFile, repoRoot, currentDir)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error loading configuration: %v\n", err)
+		return nil, fmt.Errorf("error loading configuration: %w", err)
 		os.Exit(1)
 	}
 	// Validate the loaded configuration
 	if err := loader.ValidateConfiguration(config); err != nil {
-		fmt.Fprintf(os.Stderr, "Configuration validation error: %v\n", err)
+		return nil, fmt.Errorf("configuration validation error: %w", err)
 		os.Exit(1)
 	}
-	return config
+	return config, nil
 }
 // applyGlobalFlags applies global verbose/quiet flags.
@@ -320,7 +408,7 @@ func applyCommandFlags(cmd *cobra.Command, config *internal.AppConfig) {
 	outputFilename, _ := cmd.Flags().GetString(appconstants.FlagOutput)
 	theme, _ := cmd.Flags().GetString(appconstants.ConfigKeyTheme)
-	if outputFormat != "md" {
+	if outputFormat != appconstants.OutputFormatMarkdown {
 		config.OutputFormat = outputFormat
 	}
 	if outputDir != "." {
@@ -345,18 +433,23 @@ func logConfigInfo(generator *internal.Generator, config *internal.AppConfig, re
 }
 // processActionFiles processes discovered files.
-func processActionFiles(generator *internal.Generator, actionFiles []string) {
+func processActionFiles(generator *internal.Generator, actionFiles []string) error {
 	if err := generator.ProcessBatch(actionFiles); err != nil {
-		generator.Output.Error("Error during generation: %v", err)
+		return fmt.Errorf("error during generation: %w", err)
 		os.Exit(1)
 	}
 	return nil
 }
-func validateHandler(_ *cobra.Command, _ []string) {
+func validateHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	currentDir, err := helpers.GetCurrentDir()
 	if err != nil {
-		_, errorHandler := setupOutputAndErrorHandling()
+		return fmt.Errorf("unable to determine current directory: %w", err)
 		errorHandler.HandleSimpleError("Unable to determine current directory", err)
 	}
 	generator := internal.NewGenerator(globalConfig)
@@ -367,23 +460,17 @@ func validateHandler(_ *cobra.Command, _ []string) {
 		"validation",
 	) // Recursive for validation
 	if err != nil {
-		os.Exit(1)
+		return fmt.Errorf(appconstants.ErrFailedToDiscoverActionFiles, err)
 	}
 	// Validate the discovered files
 	if err := generator.ValidateFiles(actionFiles); err != nil {
-		generator.Output.ErrorWithContext(
+		return fmt.Errorf("validation failed for %d files: %w", len(actionFiles), err)
 			appconstants.ErrCodeValidation,
 			"validation failed",
 			map[string]string{
 				"files_count":                strconv.Itoa(len(actionFiles)),
 				appconstants.ContextKeyError: err.Error(),
 			},
 		)
 		os.Exit(1)
 	}
 	generator.Output.Success("\nAll validations passed successfully!")
 	return nil
 }
 func schemaHandler(_ *cobra.Command, _ []string) {
@@ -417,14 +504,14 @@ func newConfigCmd() *cobra.Command {
 	cmd.AddCommand(&cobra.Command{
 		Use:   "init",
 		Short: "Initialize default configuration file",
-		Run:   configInitHandler,
+		Run:   wrapHandlerWithErrorHandling(configInitHandler),
 	})
 	initCmd := &cobra.Command{
 		Use:   "wizard",
 		Short: "Interactive configuration wizard",
 		Long:  "Launch an interactive wizard to set up your configuration step by step",
-		Run:   configWizardHandler,
+		Run:   wrapHandlerWithErrorHandling(configWizardHandler),
 	}
 	initCmd.Flags().String(appconstants.FlagFormat, "yaml", "Export format: yaml, json, toml")
 	initCmd.Flags().String(appconstants.FlagOutput, "", "Output path (default: XDG config directory)")
@@ -445,31 +532,36 @@ func newConfigCmd() *cobra.Command {
 	return cmd
 }
-func configInitHandler(_ *cobra.Command, _ []string) {
+func configInitHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	// Check if config already exists
 	configPath, err := internal.GetConfigPath()
 	if err != nil {
-		output.Error("Failed to get config path: %v", err)
+		return fmt.Errorf("failed to get config path: %w", err)
 		os.Exit(1)
 	}
 	if _, err := os.Stat(configPath); err == nil {
 		output.Warning("Configuration file already exists at: %s", configPath)
 		output.Info("Use 'gh-action-readme config show' to view current configuration")
-		return
+		return nil
 	}
 	// Create default config
 	if err := internal.WriteDefaultConfig(); err != nil {
-		output.Error("Failed to write default configuration: %v", err)
+		return fmt.Errorf("failed to write default configuration: %w", err)
 		os.Exit(1)
 	}
 	output.Success("Created default configuration at: %s", configPath)
 	output.Info("Edit this file to customize your settings")
 	return nil
 }
 func configShowHandler(_ *cobra.Command, _ []string) {
@@ -521,19 +613,19 @@ func newDepsCmd() *cobra.Command {
 	cmd.AddCommand(&cobra.Command{
 		Use:   "list",
 		Short: "List all dependencies in action files",
-		Run:   depsListHandler,
+		Run:   wrapHandlerWithErrorHandling(depsListHandler),
 	})
 	cmd.AddCommand(&cobra.Command{
 		Use:   "security",
 		Short: "Analyze dependency security (pinned vs floating versions)",
-		Run:   depsSecurityHandler,
+		Run:   wrapHandlerWithErrorHandling(depsSecurityHandler),
 	})
 	cmd.AddCommand(&cobra.Command{
 		Use:   "outdated",
 		Short: "Check for outdated dependencies",
-		Run:   depsOutdatedHandler,
+		Run:   wrapHandlerWithErrorHandling(depsOutdatedHandler),
 	})
 	cmd.AddCommand(&cobra.Command{
@@ -546,18 +638,18 @@ func newDepsCmd() *cobra.Command {
 		Use:   "upgrade",
 		Short: "Upgrade dependencies with interactive or CI mode",
 		Long:  "Upgrade dependencies to latest versions. Use --ci for automated pinned updates.",
-		Run:   depsUpgradeHandler,
+		Run:   wrapHandlerWithErrorHandling(depsUpgradeHandler),
 	}
-	upgradeCmd.Flags().Bool("ci", false, "CI/CD mode: automatically pin all updates to commit SHAs")
+	upgradeCmd.Flags().Bool(appconstants.FlagCI, false, "CI/CD mode: automatically pin all updates to commit SHAs")
 	upgradeCmd.Flags().Bool(appconstants.InputAll, false, "Update all outdated dependencies without prompts")
 	upgradeCmd.Flags().Bool(appconstants.InputDryRun, false, "Show what would be updated without making changes")
 	cmd.AddCommand(upgradeCmd)
 	pinCmd := &cobra.Command{
-		Use:   "pin",
+		Use:   appconstants.CommandPin,
 		Short: "Pin floating versions to specific commits",
 		Long:  "Convert floating versions (like @v4) to pinned commit SHAs with version comments.",
-		Run:   depsUpgradeHandler, // Uses same handler with different flags
+		Run:   wrapHandlerWithErrorHandling(depsUpgradeHandler), // Uses same handler with different flags
 	}
 	pinCmd.Flags().Bool(appconstants.InputAll, false, "Pin all floating dependencies")
 	pinCmd.Flags().Bool(appconstants.InputDryRun, false, "Show what would be pinned without making changes")
@@ -576,30 +668,34 @@ func newCacheCmd() *cobra.Command {
 	cmd.AddCommand(&cobra.Command{
 		Use:   "clear",
 		Short: "Clear the dependency cache",
-		Run:   cacheClearHandler,
+		Run:   wrapHandlerWithErrorHandling(cacheClearHandler),
 	})
 	cmd.AddCommand(&cobra.Command{
 		Use:   "stats",
 		Short: "Show cache statistics",
-		Run:   cacheStatsHandler,
+		Run:   wrapHandlerWithErrorHandling(cacheStatsHandler),
 	})
 	cmd.AddCommand(&cobra.Command{
 		Use:   "path",
 		Short: "Show cache directory path",
-		Run:   cachePathHandler,
+		Run:   wrapHandlerWithErrorHandling(cachePathHandler),
 	})
 	return cmd
 }
-func depsListHandler(_ *cobra.Command, _ []string) {
+func depsListHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	currentDir, err := helpers.GetCurrentDir()
 	if err != nil {
-		output.Error(appconstants.ErrErrorGettingCurrentDir, err)
+		return wrapError(appconstants.ErrErrorGettingCurrentDir, err)
 		os.Exit(1)
 	}
 	generator := internal.NewGenerator(globalConfig)
@@ -609,11 +705,8 @@ func depsListHandler(_ *cobra.Command, _ []string) {
 		globalConfig.IgnoredDirectories,
 		"dependency listing",
 	)
-	if err != nil {
+	if err := handleNoFilesFoundError(err, output); err != nil {
-		// For deps list, we can continue if no files found (show warning instead of error)
+		return err
 		output.Warning(appconstants.ErrNoActionFilesFound)
 		return
 	}
 	analyzer := createAnalyzer(generator, output)
@@ -622,6 +715,8 @@ func depsListHandler(_ *cobra.Command, _ []string) {
 	if totalDeps > 0 {
 		output.Bold("\nTotal dependencies: %d", totalDeps)
 	}
 	return nil
 }
 // analyzeDependencies analyzes and displays dependencies.
@@ -678,12 +773,17 @@ func analyzeActionFileDeps(output *internal.ColoredOutput, actionFile string, an
 	return len(deps)
 }
-func depsSecurityHandler(_ *cobra.Command, _ []string) {
+func depsSecurityHandler(_ *cobra.Command, _ []string) error {
-	output, errorHandler := setupOutputAndErrorHandling()
+	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	currentDir, err := helpers.GetCurrentDir()
 	if err != nil {
-		errorHandler.HandleSimpleError("Failed to get current directory", err)
+		return fmt.Errorf("failed to get current directory: %w", err)
 	}
 	generator := internal.NewGenerator(globalConfig)
@@ -694,16 +794,23 @@ func depsSecurityHandler(_ *cobra.Command, _ []string) {
 		"security analysis",
 	)
 	if err != nil {
-		os.Exit(1)
+		return fmt.Errorf(appconstants.ErrFailedToDiscoverActionFiles, err)
 	}
 	analyzer := createAnalyzer(generator, output)
 	if analyzer == nil {
-		return
+		output.Warning(
 			"⚠️  Analyzer disabled: GitHub token not configured. " +
 				"Use GITHUB_TOKEN or GH_README_GITHUB_TOKEN environment variable.",
 		)
 		return nil // Analyzer can be nil if token isn't configured, gracefully handle
 	}
 	pinnedCount, floatingDeps := analyzeSecurityDeps(output, actionFiles, analyzer)
 	displaySecuritySummary(output, currentDir, pinnedCount, floatingDeps)
 	return nil
 }
 // analyzeSecurityDeps analyzes dependencies for security issues.
@@ -781,12 +888,16 @@ func displayFloatingDeps(output *internal.ColoredOutput, currentDir string, floa
 	}
 }
-func depsOutdatedHandler(_ *cobra.Command, _ []string) {
+func depsOutdatedHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	currentDir, err := helpers.GetCurrentDir()
 	if err != nil {
-		output.Error(appconstants.ErrErrorGettingCurrentDir, err)
+		return wrapError(appconstants.ErrErrorGettingCurrentDir, err)
 		os.Exit(1)
 	}
 	generator := internal.NewGenerator(globalConfig)
@@ -796,24 +907,23 @@ func depsOutdatedHandler(_ *cobra.Command, _ []string) {
 		globalConfig.IgnoredDirectories,
 		"outdated dependency analysis",
 	)
-	if err != nil {
+	if err := handleNoFilesFoundError(err, output); err != nil {
-		// For deps outdated, we can continue if no files found (show warning instead of error)
+		return err
 		output.Warning(appconstants.ErrNoActionFilesFound)
 		return
 	}
 	analyzer := createAnalyzer(generator, output)
-	if analyzer == nil {
+	if !validateGitHubToken(output) {
-		return
+		return nil // Not an error, just no token available
 	}
-	if !validateGitHubToken(output) {
+	if analyzer == nil {
-		return
+		return nil // Analyzer can be nil if token isn't configured, gracefully handle
 	}
 	allOutdated := checkAllOutdated(output, actionFiles, analyzer)
 	displayOutdatedResults(output, allOutdated)
 	return nil
 }
 // validateGitHubToken checks if GitHub token is available.
@@ -884,25 +994,30 @@ func displayOutdatedResults(output *internal.ColoredOutput, allOutdated []depend
 	output.Info("\nRun 'gh-action-readme deps upgrade' to update dependencies")
 }
-func depsUpgradeHandler(cmd *cobra.Command, _ []string) {
+func depsUpgradeHandler(cmd *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	currentDir, err := helpers.GetCurrentDir()
 	if err != nil {
-		output.Error(appconstants.ErrErrorGettingCurrentDir, err)
+		return wrapError(appconstants.ErrErrorGettingCurrentDir, err)
 		os.Exit(1)
 	}
 	// Setup and validation
-	analyzer, actionFiles := setupDepsUpgrade(output, currentDir)
+	analyzer, actionFiles, err := setupDepsUpgrade(output, currentDir, nil)
-	if analyzer == nil || len(actionFiles) == 0 {
+	if err != nil {
-		return
+		// setupDepsUpgrade returns descriptive errors, so just pass them through
 		return err
 	}
 	// Parse flags and show mode
-	ciMode, _ := cmd.Flags().GetBool("ci")
+	ciMode, _ := cmd.Flags().GetBool(appconstants.FlagCI)
 	allFlag, _ := cmd.Flags().GetBool(appconstants.InputAll)
 	dryRun, _ := cmd.Flags().GetBool(appconstants.InputDryRun)
-	isPinCmd := cmd.Use == "pin"
+	isPinCmd := cmd.Use == appconstants.CommandPin
 	showUpgradeMode(output, ciMode, isPinCmd)
@@ -911,47 +1026,57 @@ func depsUpgradeHandler(cmd *cobra.Command, _ []string) {
 	if len(allUpdates) == 0 {
 		output.Success("✅ No updates needed - all dependencies are current and pinned!")
-		return
+		return nil
 	}
 	// Show and apply updates
 	showPendingUpdates(output, allUpdates, currentDir)
 	if !dryRun {
-		applyUpdates(output, analyzer, allUpdates, ciMode || allFlag)
+		if err := applyUpdates(output, analyzer, allUpdates, ciMode || allFlag, nil); err != nil {
 			return err
 		}
 	} else {
 		output.Info("\n🔍 Dry run complete - no changes made")
 	}
 	return nil
 }
 // setupDepsUpgrade handles initial setup and validation for dependency upgrades.
-func setupDepsUpgrade(output *internal.ColoredOutput, currentDir string) (*dependencies.Analyzer, []string) {
+// The config parameter allows injection for testing (pass nil to use globalConfig).
-	generator := internal.NewGenerator(globalConfig)
+func setupDepsUpgrade(
-	actionFiles, err := generator.DiscoverActionFiles(currentDir, true, globalConfig.IgnoredDirectories)
+	_ *internal.ColoredOutput,
 	currentDir string,
 	config *internal.AppConfig,
 ) (*dependencies.Analyzer, []string, error) {
 	// Default to globalConfig if not provided (backward compatible)
 	if config == nil {
 		if globalConfig == nil {
 			globalConfig = internal.DefaultAppConfig()
 		}
 		config = globalConfig
 	}
 	generator := internal.NewGenerator(config)
 	actionFiles, err := generator.DiscoverActionFiles(currentDir, true, config.IgnoredDirectories)
 	if err != nil {
-		output.Error("Error discovering action files: %v", err)
+		return nil, nil, fmt.Errorf("error discovering action files: %w", err)
 		os.Exit(1)
 	}
 	if len(actionFiles) == 0 {
-		output.Warning("No action files found")
+		return nil, nil, errors.New(appconstants.ErrNoActionFilesFound)
 		return nil, nil
 	}
 	analyzer, err := generator.CreateDependencyAnalyzer()
 	if err != nil {
-		output.Warning(appconstants.ErrCouldNotCreateDependencyAnalyzer, err)
+		return nil, nil, fmt.Errorf("could not create dependency analyzer: %w", err)
 		return nil, nil
 	}
-	if globalConfig.GitHubToken == "" {
+	if config.GitHubToken == "" {
-		output.Warning("No GitHub token found. Set GITHUB_TOKEN environment variable")
+		return nil, nil, errors.New("no GitHub token found, set GITHUB_TOKEN environment variable")
 		return nil, nil
 	}
-	return analyzer, actionFiles
+	return analyzer, actionFiles, nil
 }
 // showUpgradeMode displays the current upgrade mode to the user.
@@ -1024,37 +1149,46 @@ func showPendingUpdates(
 }
 // applyUpdates applies the collected updates either automatically or interactively.
 // The reader parameter allows injection of input for testing (pass nil to use stdin).
 func applyUpdates(
 	output *internal.ColoredOutput,
 	analyzer *dependencies.Analyzer,
 	allUpdates []dependencies.PinnedUpdate,
 	automatic bool,
-) {
+	reader InputReader,
 ) error {
 	// Default to stdin if not provided
 	if reader == nil {
 		reader = &StdinReader{}
 	}
 	if automatic {
 		output.Info("\n🚀 Applying updates...")
 		if err := analyzer.ApplyPinnedUpdates(allUpdates); err != nil {
-			output.Error(appconstants.ErrFailedToApplyUpdates, err)
+			return fmt.Errorf(appconstants.ErrFailedToApplyUpdatesWrapped, err)
 			os.Exit(1)
 		}
 		output.Success("✅ Successfully updated %d dependencies with pinned commit SHAs", len(allUpdates))
 	} else {
 		// Interactive mode
 		output.Info("\n❓ This will modify your action.yml files. Continue? (y/N): ")
-		var response string
+		response, err := reader.ReadLine()
-		_, _ = fmt.Scanln(&response) // User input, scan error not critical
+		if err != nil {
 			return fmt.Errorf("failed to read response: %w", err)
 		}
 		if strings.ToLower(response) != "y" && strings.ToLower(response) != appconstants.InputYes {
 			output.Info("Canceled")
-			return
+			return nil
 		}
 		output.Info("🚀 Applying updates...")
 		if err := analyzer.ApplyPinnedUpdates(allUpdates); err != nil {
-			output.Error(appconstants.ErrFailedToApplyUpdates, err)
+			return fmt.Errorf(appconstants.ErrFailedToApplyUpdatesWrapped, err)
 			os.Exit(1)
 		}
 		output.Success("✅ Successfully updated %d dependencies", len(allUpdates))
 	}
 	return nil
 }
 func depsGraphHandler(_ *cobra.Command, _ []string) {
@@ -1064,39 +1198,48 @@ func depsGraphHandler(_ *cobra.Command, _ []string) {
 	output.Printf("This feature is not yet implemented\n")
 }
-func cacheClearHandler(_ *cobra.Command, _ []string) {
+func cacheClearHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	output.Info("Clearing dependency cache...")
 	// Create a cache instance
 	cacheInstance, err := cache.NewCache(cache.DefaultConfig())
 	if err != nil {
-		output.Error(appconstants.ErrFailedToAccessCache, err)
+		return wrapError(appconstants.ErrFailedToAccessCache, err)
 		os.Exit(1)
 	}
 	if err := cacheInstance.Clear(); err != nil {
-		output.Error("Failed to clear cache: %v", err)
+		return fmt.Errorf("failed to clear cache: %w", err)
 		os.Exit(1)
 	}
 	output.Success("Cache cleared successfully")
 	return nil
 }
-func cacheStatsHandler(_ *cobra.Command, _ []string) {
+func cacheStatsHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	// Create a cache instance
 	cacheInstance, err := cache.NewCache(cache.DefaultConfig())
 	if err != nil {
-		output.Error(appconstants.ErrFailedToAccessCache, err)
+		return wrapError(appconstants.ErrFailedToAccessCache, err)
 		os.Exit(1)
 	}
 	stats := cacheInstance.Stats()
 	output.Bold("Cache Statistics:")
-	output.Printf("Cache location: %s\n", stats["cache_dir"])
+	output.Printf("Cache location: %s\n", stats[appconstants.CacheStatsKeyDir])
 	output.Printf("Total entries: %d\n", stats["total_entries"])
 	output.Printf("Expired entries: %d\n", stats["expired_count"])
@@ -1107,20 +1250,26 @@ func cacheStatsHandler(_ *cobra.Command, _ []string) {
 	}
 	sizeStr := formatSize(totalSize)
 	output.Printf("Total size: %s\n", sizeStr)
 	return nil
 }
-func cachePathHandler(_ *cobra.Command, _ []string) {
+func cachePathHandler(_ *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	// Create a cache instance
 	cacheInstance, err := cache.NewCache(cache.DefaultConfig())
 	if err != nil {
-		output.Error(appconstants.ErrFailedToAccessCache, err)
+		return wrapError(appconstants.ErrFailedToAccessCache, err)
 		os.Exit(1)
 	}
 	stats := cacheInstance.Stats()
-	cachePath, ok := stats["cache_dir"].(string)
+	cachePath, ok := stats[appconstants.CacheStatsKeyDir].(string)
 	if !ok {
 		cachePath = appconstants.ScopeUnknown
 	}
@@ -1134,17 +1283,23 @@ func cachePathHandler(_ *cobra.Command, _ []string) {
 	} else if os.IsNotExist(err) {
 		output.Warning("Directory does not exist (will be created on first use)")
 	}
 	return nil
 }
-func configWizardHandler(cmd *cobra.Command, _ []string) {
+func configWizardHandler(cmd *cobra.Command, _ []string) error {
 	// Ensure globalConfig is initialized
 	if globalConfig == nil {
 		globalConfig = internal.DefaultAppConfig()
 	}
 	output := createOutputManager(globalConfig.Quiet)
 	// Create and run the wizard
 	configWizard := wizard.NewConfigWizard(output)
 	config, err := configWizard.Run()
 	if err != nil {
-		output.Error("Wizard failed: %v", err)
+		return fmt.Errorf("wizard failed: %w", err)
 		os.Exit(1)
 	}
 	// Get export format and output path
@@ -1159,8 +1314,7 @@ func configWizardHandler(cmd *cobra.Command, _ []string) {
 		exportFormat := resolveExportFormat(format)
 		defaultPath, err := exporter.GetDefaultOutputPath(exportFormat)
 		if err != nil {
-			output.Error("Failed to get default output path: %v", err)
+			return fmt.Errorf("failed to get default output path: %w", err)
 			os.Exit(1)
 		}
 		outputPath = defaultPath
 	}
@@ -1169,10 +1323,11 @@ func configWizardHandler(cmd *cobra.Command, _ []string) {
 	exportFormat := resolveExportFormat(format)
 	if err := exporter.ExportConfig(config, exportFormat, outputPath); err != nil {
-		output.Error("Failed to export configuration: %v", err)
+		return fmt.Errorf("failed to export configuration: %w", err)
 		os.Exit(1)
 	}
 	output.Info("\n🎉 Configuration wizard completed successfully!")
 	output.Info("You can now use 'gh-action-readme gen' to generate documentation.")
 	return nil
 }
--- a/main_test.go
+++ b/main_test.go
--- a/main_test_helper.go
+++ b/main_test_helper.go
@@ -0,0 +1,118 @@
 package main
 import (
 	"path/filepath"
 	"testing"
 	"github.com/spf13/cobra"
 	"github.com/ivuorinen/gh-action-readme/appconstants"
 	"github.com/ivuorinen/gh-action-readme/internal"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // testSimpleHandler is a helper for testing simple command handlers that:
 // - Don't need specific setup beyond globalConfig
 // - Return an error
 // - Should complete without error
 //
 // This reduces duplication in tests like TestCacheClearHandler, TestCacheStatsHandler, etc.
 func testSimpleHandler(
 	t *testing.T,
 	handlerFunc func(cmd *cobra.Command, args []string) error,
 	handlerName string,
 ) {
 	t.Helper()
 	// Save and restore globalConfig
 	originalConfig := globalConfig
 	defer func() { globalConfig = originalConfig }()
 	globalConfig = &internal.AppConfig{Quiet: true}
 	// Execute handler
 	cmd := &cobra.Command{}
 	err := handlerFunc(cmd, []string{})
 	if err != nil {
 		t.Errorf("%s() unexpected error: %v", handlerName, err)
 	}
 }
 // testSimpleVoidHandler is a helper for testing void command handlers that:
 // - Don't need specific setup beyond globalConfig
 // - Don't return an error
 // - Should complete without panicking
 //
 // This reduces duplication in tests like TestConfigThemesHandler, TestConfigShowHandler, etc.
 func testSimpleVoidHandler(
 	t *testing.T,
 	handlerFunc func(cmd *cobra.Command, args []string),
 ) {
 	t.Helper()
 	// Save and restore globalConfig
 	originalConfig := globalConfig
 	defer func() { globalConfig = originalConfig }()
 	globalConfig = &internal.AppConfig{Quiet: true}
 	// Execute handler (should not panic)
 	cmd := &cobra.Command{}
 	handlerFunc(cmd, []string{})
 }
 // setupFixtureReturningPath is a helper for test setup functions that:
 // - Write a single action fixture to tmpDir
 // - Return []string{actionPath} pointing to the created action file
 //
 // This reduces duplication in tests that need the action file path for processing.
 func setupFixtureReturningPath(fixturePath string) func(*testing.T, string) []string {
 	return func(t *testing.T, tmpDir string) []string {
 		t.Helper()
 		actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 		testutil.WriteActionFixture(t, tmpDir, fixturePath)
 		return []string{actionPath}
 	}
 }
 // setupFixtureInDir is a helper for E2E test setup functions that:
 // - Write a single action fixture to tmpDir
 // - Don't return anything (void setupFunc)
 //
 // This reduces duplication in E2E integration tests where many cases write a single fixture.
 func setupFixtureInDir(fixturePath string) func(*testing.T, string) {
 	return func(t *testing.T, tmpDir string) {
 		t.Helper()
 		testutil.WriteActionFixture(t, tmpDir, fixturePath)
 	}
 }
 // setupWithSingleFixture is a helper for test setup functions that:
 // - Write a single action fixture to tmpDir
 // - Return []string{tmpDir} for test processing
 //
 // This reduces duplication in genHandler tests where many cases follow the same pattern.
 func setupWithSingleFixture(fixturePath string) func(*testing.T, string) []string {
 	return func(t *testing.T, tmpDir string) []string {
 		t.Helper()
 		testutil.WriteActionFixture(t, tmpDir, fixturePath)
 		return []string{tmpDir}
 	}
 }
 // setupWithActionContent is a helper for test setup functions that:
 // - Write action content to tmpDir/action.yml
 // - Return []string{actionPath} pointing to the created action file
 //
 // This reduces duplication in tests that need to create action files from string content.
 func setupWithActionContent(content string) func(*testing.T, string) []string {
 	return func(t *testing.T, tmpDir string) []string {
 		t.Helper()
 		actionPath := filepath.Join(tmpDir, appconstants.ActionFileNameYML)
 		testutil.WriteTestFile(t, actionPath, content)
 		return []string{actionPath}
 	}
 }
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -0,0 +1,20 @@
 # SonarCloud project configuration
 sonar.projectKey=ivuorinen_gh-action-readme
 sonar.organization=ivuorinen
 # Source and test paths
 sonar.sources=.
 sonar.tests=.
 sonar.test.inclusions=**/*_test.go
 sonar.exclusions=**/*_test.go,**/vendor/**,**/testdata/**,**/dist/**,.serena/**,.claude/**,**/.git/**
 # Go specific settings
 sonar.go.coverage.reportPaths=coverage.out
 # Disable go:S100 (function naming) for test files
 # Rationale: Go convention uses underscores in test names for readability
 # (e.g., TestFoo_EdgeCase is more readable than TestFooEdgeCase)
 sonar.issue.ignore.multicriteria=e1
 sonar.issue.ignore.multicriteria.e1.ruleKey=go:S100
 sonar.issue.ignore.multicriteria.e1.resourceKey=**/*_test.go
--- a/templates_embed/embed.go
+++ b/templates_embed/embed.go
@@ -1,9 +1,7 @@
-// Package templates_embed provides embedded template filesystem functionality for gh-action-readme.
+// Package templatesembed provides embedded template filesystem functionality for gh-action-readme.
 // This package contains all template files embedded in the binary using Go's embed directive,
 // making templates available regardless of working directory or filesystem location.
-//
+package templatesembed
 //nolint:revive // Package name with underscore is intentional for clarity
 package templates_embed
 import (
 	"embed"
--- a/templates_embed/embed_test.go
+++ b/templates_embed/embed_test.go
@@ -0,0 +1,238 @@
 package templatesembed
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // TestGetEmbeddedTemplate tests reading templates from embedded filesystem.
 func TestGetEmbeddedTemplate(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		templatePath string
 		expectError  bool
 		description  string
 	}{
 		{
 			name:         "valid default template",
 			templatePath: testutil.TestTemplateReadme,
 			expectError:  false,
 			description:  "Should read default template successfully",
 		},
 		{
 			name:         "valid template with templates/ prefix",
 			templatePath: testutil.TestTemplateWithPrefix,
 			expectError:  false,
 			description:  "Should handle templates/ prefix correctly",
 		},
 		{
 			name:         "valid GitHub theme",
 			templatePath: testutil.TestTemplateGitHub,
 			expectError:  false,
 			description:  "Should read theme template successfully",
 		},
 		{
 			name:         "valid template with leading slash",
 			templatePath: "/readme.tmpl",
 			expectError:  false,
 			description:  "Should strip leading slash and read template",
 		},
 		{
 			name:         "non-existent template",
 			templatePath: "nonexistent.tmpl",
 			expectError:  true,
 			description:  "Should return error for missing template",
 		},
 		{
 			name:         "empty path",
 			templatePath: "",
 			expectError:  true,
 			description:  "Should return error for empty path",
 		},
 		{
 			name:         "path traversal attempt",
 			templatePath: "../../../etc/passwd",
 			expectError:  true,
 			description:  "Should reject path traversal",
 		},
 		{
 			name:         "Windows-style path",
 			templatePath: "themes\\github\\readme.tmpl",
 			expectError:  true,
 			description:  "Windows paths won't work directly in embedded FS",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			content, err := GetEmbeddedTemplate(tt.templatePath)
 			assertTemplateLoaded(t, content, err, tt.expectError, 1)
 		})
 	}
 }
 // TestGetEmbeddedTemplateFS verifies the filesystem is accessible.
 func TestGetEmbeddedTemplateFS(t *testing.T) {
 	t.Parallel()
 	fs := GetEmbeddedTemplateFS()
 	if fs == nil {
 		t.Fatal("GetEmbeddedTemplateFS() returned nil")
 	}
 	// Verify we can read from the filesystem
 	file, err := fs.Open(testutil.TestTemplateWithPrefix)
 	if err != nil {
 		t.Errorf("failed to open default template: %v", err)
 	}
 	if file != nil {
 		_ = file.Close()
 	}
 }
 // TestIsEmbeddedTemplateAvailable tests template existence checking.
 func TestIsEmbeddedTemplateAvailable(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		templatePath string
 		expectExists bool
 	}{
 		{
 			name:         "default template exists",
 			templatePath: testutil.TestTemplateReadme,
 			expectExists: true,
 		},
 		{
 			name:         "GitHub theme exists",
 			templatePath: testutil.TestTemplateGitHub,
 			expectExists: true,
 		},
 		{
 			name:         "non-existent template",
 			templatePath: "nonexistent.tmpl",
 			expectExists: false,
 		},
 		{
 			name:         "empty path",
 			templatePath: "",
 			expectExists: false,
 		},
 		{
 			name:         "path with leading slash",
 			templatePath: "/readme.tmpl",
 			expectExists: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			exists := IsEmbeddedTemplateAvailable(tt.templatePath)
 			if exists != tt.expectExists {
 				t.Errorf("IsEmbeddedTemplateAvailable(%q) = %v, want %v",
 					tt.templatePath, exists, tt.expectExists)
 			}
 		})
 	}
 }
 // TestReadTemplate tests the fallback logic (embedded → filesystem).
 func TestReadTemplate(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
 		templatePath string
 		expectError  bool
 		description  string
 	}{
 		{
 			name:         "read embedded template",
 			templatePath: testutil.TestTemplateReadme,
 			expectError:  false,
 			description:  "Should read from embedded filesystem",
 		},
 		{
 			name:         "absolute path - valid",
 			templatePath: "/tmp/test-template.tmpl",
 			expectError:  true, // Will fail unless file exists
 			description:  "Should attempt filesystem read for absolute path",
 		},
 		{
 			name:         "path traversal protection - relative",
 			templatePath: "../../../etc/passwd",
 			expectError:  true,
 			description:  "Should reject path traversal in relative paths",
 		},
 		{
 			name:         "path traversal protection - with dots",
 			templatePath: "templates/../../../etc/passwd",
 			expectError:  true,
 			description:  "Should detect unclean paths",
 		},
 		{
 			name:         "non-existent embedded template",
 			templatePath: "missing.tmpl",
 			expectError:  true,
 			description:  "Should fail when template doesn't exist",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			content, err := ReadTemplate(tt.templatePath)
 			assertTemplateLoaded(t, content, err, tt.expectError, 1)
 		})
 	}
 }
 // TestReadTemplate_PathValidation tests security aspects of path handling.
 func TestReadTemplatePathValidation(t *testing.T) {
 	t.Parallel()
 	securityTests := []struct {
 		name        string
 		path        string
 		description string
 	}{
 		{
 			name:        "double dot traversal",
 			path:        "../templates/readme.tmpl",
 			description: "Should reject paths with ..",
 		},
 		{
 			name:        "null byte injection",
 			path:        "readme.tmpl\x00.evil",
 			description: "Should reject null bytes",
 		},
 		{
 			name:        "absolute traversal",
 			path:        "/nonexistent/absolute/path/file.txt",
 			description: "Should validate absolute paths and fail for non-existent",
 		},
 	}
 	for _, tt := range securityTests {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			_, err := ReadTemplate(tt.path)
 			// All these should fail (either not found or security rejection)
 			if err == nil {
 				t.Errorf("security test failed: %s should have been rejected", tt.description)
 			}
 		})
 	}
 }
--- a/templates_embed/embed_test_helpers.go
+++ b/templates_embed/embed_test_helpers.go
@@ -0,0 +1,31 @@
 package templatesembed
 import (
 	"testing"
 	"github.com/ivuorinen/gh-action-readme/testutil"
 )
 // assertTemplateLoaded validates template loading results.
 // This helper reduces cognitive complexity in embed tests by centralizing
 // the template loading validation logic that was repeated across test functions.
 func assertTemplateLoaded(t *testing.T, content []byte, err error, expectError bool, minContentLength int) {
 	t.Helper()
 	if expectError {
 		if err == nil {
 			t.Error(testutil.TestErrNoErrorGotNone)
 		}
 		return
 	}
 	// Success case
 	if err != nil {
 		t.Errorf(testutil.TestErrUnexpected, err)
 	}
 	if len(content) < minContentLength {
 		t.Errorf("content too short: got %d bytes, want at least %d", len(content), minContentLength)
 	}
 }
--- a/testdata/analyzer/composite-action.yml
+++ b/testdata/analyzer/composite-action.yml
@@ -0,0 +1,6 @@
 name: Test Action
 runs:
  using: composite
  steps:
    - run: echo "test"
      shell: bash
--- a/testdata/analyzer/docker-action.yml
+++ b/testdata/analyzer/docker-action.yml
@@ -0,0 +1,4 @@
 name: Test Action
 runs:
  using: docker
  image: Dockerfile
--- a/testdata/analyzer/invalid.yml
+++ b/testdata/analyzer/invalid.yml
@@ -0,0 +1 @@
 invalid: [yaml: content
--- a/testdata/analyzer/javascript-action.yml
+++ b/testdata/analyzer/javascript-action.yml
@@ -0,0 +1,4 @@
 name: Test Action
 runs:
  using: node20
  main: index.js
--- a/testdata/yaml-fixtures/actions/composite/with-multiple-named-steps.yml
+++ b/testdata/yaml-fixtures/actions/composite/with-multiple-named-steps.yml
@@ -0,0 +1,9 @@
 name: Test Action
 description: Test composite action with dependencies
 runs:
  using: composite
  steps:
  - name: Checkout
    uses: actions/checkout@v4
  - name: Setup Node
    uses: actions/setup-node@v3
--- a/testdata/yaml-fixtures/actions/composite/with-shell-step.yml
+++ b/testdata/yaml-fixtures/actions/composite/with-shell-step.yml
@@ -0,0 +1,8 @@
 name: Test Action
 description: Test action for detection
 runs:
  using: composite
  steps:
    - name: Test step
      run: echo "test"
      shell: bash
--- a/testdata/yaml-fixtures/actions/minimal/action.yml
+++ b/testdata/yaml-fixtures/actions/minimal/action.yml
@@ -0,0 +1,5 @@
 name: Test
 description: Test
 runs:
  using: composite
  steps: []
--- a/testdata/yaml-fixtures/actions/simple/action.yml
+++ b/testdata/yaml-fixtures/actions/simple/action.yml
@@ -0,0 +1,11 @@
 name: Test Action
 description: Test Description
 inputs:
  test-input:
    description: Test input
    required: true
 runs:
  using: composite
  steps:
    - run: echo "test"
      shell: bash
--- a/testdata/yaml-fixtures/configs/action-config-professional.yml
+++ b/testdata/yaml-fixtures/configs/action-config-professional.yml
@@ -0,0 +1,3 @@
 theme: professional
 template: custom-template.tmpl
 output_dir: docs
--- a/testdata/yaml-fixtures/configs/action-config-simple.yml
+++ b/testdata/yaml-fixtures/configs/action-config-simple.yml
@@ -0,0 +1,2 @@
 theme: professional
 output_dir: output
--- a/testdata/yaml-fixtures/configs/config-minimal-theme.yml
+++ b/testdata/yaml-fixtures/configs/config-minimal-theme.yml
@@ -0,0 +1,2 @@
 theme: minimal
 output_format: json
--- a/testdata/yaml-fixtures/configs/github-verbose-simple.yml
+++ b/testdata/yaml-fixtures/configs/github-verbose-simple.yml
@@ -0,0 +1,2 @@
 theme: github
 verbose: true
--- a/testdata/yaml-fixtures/configs/global-base-token.yml
+++ b/testdata/yaml-fixtures/configs/global-base-token.yml
@@ -0,0 +1,4 @@
 theme: default
 output_format: md
 github_token: base-token
 verbose: false
--- a/testdata/yaml-fixtures/configs/global-config-default.yml
+++ b/testdata/yaml-fixtures/configs/global-config-default.yml
@@ -0,0 +1,4 @@
 theme: default
 output_format: md
 verbose: false
 github_token: ghp_test1234567890abcdefghijklmnopqrstuvwxyz
--- a/testdata/yaml-fixtures/configs/invalid-config-incomplete.yml
+++ b/testdata/yaml-fixtures/configs/invalid-config-incomplete.yml
@@ -0,0 +1,2 @@
 unknown_field: value
 invalid_theme: nonexistent
--- a/testdata/yaml-fixtures/configs/invalid-config-malformed.yml
+++ b/testdata/yaml-fixtures/configs/invalid-config-malformed.yml
@@ -0,0 +1,3 @@
 theme: [invalid yaml structure
 output_format: "missing quote
 verbose: not_a_boolean
--- a/testdata/yaml-fixtures/configs/invalid-config-nonexistent-theme.yml
+++ b/testdata/yaml-fixtures/configs/invalid-config-nonexistent-theme.yml
@@ -0,0 +1,2 @@
 theme: nonexistent_theme
 template: /path/to/nonexistent/template.tmpl
--- a/testdata/yaml-fixtures/configs/minimal-dist.yml
+++ b/testdata/yaml-fixtures/configs/minimal-dist.yml
@@ -0,0 +1,2 @@
 theme: minimal
 output_dir: dist
--- a/testdata/yaml-fixtures/configs/minimal-simple.yml
+++ b/testdata/yaml-fixtures/configs/minimal-simple.yml
@@ -0,0 +1 @@
 theme: minimal
--- a/testdata/yaml-fixtures/configs/professional-quiet.yml
+++ b/testdata/yaml-fixtures/configs/professional-quiet.yml
@@ -0,0 +1,2 @@
 theme: professional
 quiet: true
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`unknown_field: value`
							`invalid_theme: nonexistent`
		`@@ -0,0 +1,2 @@`
							`theme: nonexistent_theme`
							`template: /path/to/nonexistent/template.tmpl`