quonfig 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6e8e728d81d4870daabc72a78a69e5f8b3f990fbc168d59cd547b240f150d712
+  data.tar.gz: 627a0d2b3b6c9d7ade79a5d44a213d72e2b21ff09f80a4c67b3ee6aec77741f5
+SHA512:
+  metadata.gz: ba05469db1692fad2c3c778e8e150b7d929b755c77a85e31e393f9d3c52b8d6e0db0ea537381ea2829f0d219d39f4166adf6341c9035fae5af8639de2fdf8b30
+  data.tar.gz: 5ee24f2df153046ce6442e9f7cb7494f0ebf45a30a551b6359324679139fb05252bf196890e155eac0bcb5a0d3a4e760d430e0b88c2db94a348fc09b739c1de8

data/.claude/rules/constitution.md

@@ -0,0 +1,81 @@
+---
+name: constitution
+description: Rules for when agents must stop for human review vs. proceed autonomously. Read before committing significant changes or when uncertain about scope.
+---
+
+# Agent Constitution
+
+Default rule: **when in doubt, block for human review**. A false positive costs 30 seconds. A false negative can cause real damage.
+
+Human-review blocks use the built-in `blocked` status plus the `needs-human` label (bd's custom-status format doesn't accept `blocked:human`). Do NOT call `bd close` on a bead that needs human input — closed beads are invisible to the human review queue.
+
+## Auto-Proceed (no human needed)
+
+- Bug fixes with passing tests
+- UI copy, labels, and styling changes
+- Test coverage additions
+- Refactoring within a single file that doesn't change public interfaces
+- Docs and comment updates
+- Simulation-discovered bugs with a clear root cause and fix
+- Patch-version dependency bumps
+- Adding new flags/configs to `our-config/` (no schema change)
+- **Data-only edits** to existing configs in `our-config/` — flipping a boolean, editing a value, renaming a label. Changing *what* is stored is a data change; changing *how* it's stored is a schema change.
+- Staging deployments (`fly.staging.toml`)
+
+## Stop and Ask (blocked + needs-human)
+
+**Push as far as you can before blocking.** The goal is to surface a specific,
+answerable question — not to stop at the first sign of uncertainty. Investigate the
+codebase, try the obvious path, and block only when you hit a concrete fork that
+requires a human judgment call. An agent that does real work and then blocks with a
+precise question is far more valuable than one that blocks immediately.
+
+Block when you reach a decision point that touches:
+
+- **Storage format** — git repo structure, JSON config schema, Gitea config
+- **SDK-facing API surface** — anything SDK clients call: `api-delivery` endpoints, SSE protocol, SDK public interfaces
+- **Cache or delivery protocol** — how configs are loaded, evicted, or streamed
+- **Auth and access control** — workspace permissions, API keys, OAuth flows
+- **New external dependencies** — adding a package to package.json, go.mod, etc.
+- **Database schema changes** — Drizzle migrations, ClickHouse schema
+- **Multi-service contract changes** — modifying interfaces shared between two or more services
+- **High uncertainty** — you've investigated and the right approach still isn't clear
+
+When blocking, be specific: explain exactly what decision is needed, what you've
+already ruled out, and what the options are. Vague blocks ("not sure how to proceed")
+are not acceptable — do more investigation first.
+
+```bash
+bd update <id> --status blocked --add-label needs-human
+bd comments add <id> "Blocked: [what the decision is, what you investigated, what the options are]"
+```
+
+To see the human-review queue: `bd list --label needs-human`. Do NOT call `bd close` on these — the label is what surfaces them.
+
+## Never Touch Without Explicit Instruction
+
+- Credentials, secrets, `.env` files with real values
+- Live production data or the Gitea service token
+- Anything in `business/`
+- Production fly deployments (`fly.toml` or `fly.production.toml`, not `fly.staging.toml`)
+- The `.beads/` database directly (always use `bd` CLI)
+
+## Alpha Phase Rules
+
+In alpha it is acceptable to:
+- Deploy to staging without asking
+- Commit directly to main in sub-repos
+- Run simulated user tests against the local dev server
+- File new beads for bugs found during simulation
+
+It is NOT acceptable to:
+- Deploy to production without asking
+- Modify `integration-test-data/` YAML without asking
+- Merge breaking changes to SDK public APIs without asking
+
+## Daily Digest
+
+Append to `digests/YYYY-MM-DD.md` after each completed task:
+- What was done and what tests passed
+- What is blocked and why
+- Any bugs filed by the simulate stage

data/.claude/rules/git-safety.md

@@ -0,0 +1,11 @@
+---
+description: Git safety rules applied to all projects in the monorepo
+globs: ["**"]
+---
+
+IMPORTANT: Never force push (`--force` or `--force-with-lease`) to any branch.
+IMPORTANT: Never delete branches without explicit user approval.
+IMPORTANT: Never run `git reset --hard` or `git clean` without explaining what will be lost and getting confirmation first.
+IMPORTANT: Always commit work-in-progress before any context switch so nothing is lost.
+IMPORTANT: Keep commits small and well-scoped so anything can be easily reverted.
+IMPORTANT: If git blocks an operation, stop and ask — don't force past it.

data/.claude/rules/issue-tracking.md

@@ -0,0 +1,13 @@
+---
+description: Issue tracking with beads (bd) for all projects
+globs: ["**"]
+---
+
+IMPORTANT: Do not use Linear for issue tracking. Use beads (`bd`) instead.
+
+Quick reference:
+- `bd ready` — find available work
+- `bd show <id>` — view issue details
+- `bd update <id> --status in_progress` — claim work
+- `bd close <id>` — complete work
+- `bd sync` — sync with git

data/.claude/rules/testing-workflow.md

@@ -0,0 +1,28 @@
+---
+description: Testing workflow rules for all code projects
+globs: ["app-quonfig/**", "www-quonfig/**", "ai-starter/**", "api-telemetry/**", "api-delivery/**", "sdk-node/**", "sdk-go/**"]
+---
+
+IMPORTANT: Default to TDD — write the failing test first, run it and confirm it fails (red), then implement until it passes (green). The red→green sequence is the cheapest check that the test is real and that the change actually worked. Paste both the failing and passing output as evidence.
+
+IMPORTANT: The goal is **verification**, not test volume. If a change genuinely isn't red/green testable in code (UI polish, infra glue, config-only changes, anything where the test rig would be more complex than the fix), pick one:
+1. **Simulated verification** — drive the real flow (browser automation, live HTTP call, dev server) and paste the evidence it worked.
+2. **Block for human** — `bd update <id> --status blocked --add-label needs-human` with a comment explaining what you tried and why verification needs human hands. Do NOT `bd close` — that hides the bead from the human queue.
+
+Never ship with zero verification. Don't build elaborate test scaffolding when the change doesn't warrant it — the form can flex, the evidence cannot.
+
+IMPORTANT: Run the relevant test suite before marking a task complete (the file or package you touched, not necessarily the whole repo).
+
+## Browser / Chrome DevTools testing (app-quonfig)
+
+When any task requires browser testing in app-quonfig, ALWAYS read these skills first:
+- `/user-test-login`  — `.claude/skills/user-test-login/SKILL.md`
+- `/user-create-test` — `.claude/skills/user-create-test/SKILL.md`
+
+Key points so you don't go off-script:
+- Test accounts live in `app-quonfig/.dev/test-users.json` (gitignored, alias-keyed)
+- The dev-agent login route (`POST /api/dev/login-as`) is the preferred way to sign in headlessly — requires `DEV_AGENT_LOGIN=true` in `.env`
+- Use `isolatedContext` in Chrome MCP when you need a clean session that doesn't share cookies
+- Avoid `@example.com` emails — that domain triggers SSO via the Test Organization
+- Verification codes for new sign-ups come from the WorkOS Events API (see `/user-create-test` for the node snippet)
+- If a test requires a user with a specific state (e.g. pending invite, no org), create a fresh account with `/user-create-test` rather than reusing an existing one

data/.envrc.sample

@@ -0,0 +1,3 @@
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export PREFAB_INTEGRATION_TEST_API_KEY=

data/.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# All changes require review from prefabdevs team
+* @prefab-cloud/prefabdevs

data/.github/pull_request_template.md

@@ -0,0 +1,8 @@
+## Description
+*(Brief overview of what this PR changes and/or why the changes are needed)*
+
+## Testing & Validation
+*(Outline the steps needed to be taken to verify the changes.)*
+
+## Rollout
+*(Optional section: Provide rollout and rollback procedures, when outside the bounds or requiring additional work beyond standard deployment)*

data/.github/workflows/push_gem.yml

@@ -0,0 +1,49 @@
+---
+name: Push gem
+
+"on":
+  workflow_run:
+    workflows: ["Ruby"]
+    branches: [main]
+    types:
+      - completed
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+          ruby-version: '3.3'
+
+      - name: Install runtime dependencies
+        run: bundle install --without development --jobs 4 --retry 3
+
+      - name: Check if version already exists
+        id: version-check
+        run: |
+          VERSION=$(cat VERSION)
+          if gem list -r quonfig | grep -q "quonfig ($VERSION)"; then
+            echo "version-exists=true" >> $GITHUB_OUTPUT
+            echo "Version $VERSION already exists on RubyGems, skipping publish"
+          else
+            echo "version-exists=false" >> $GITHUB_OUTPUT
+            echo "Version $VERSION not found, proceeding with publish"
+          fi
+
+      - name: Release gem
+        if: steps.version-check.outputs.version-exists == 'false'
+        uses: rubygems/release-gem@v1

data/.github/workflows/ruby.yml

@@ -0,0 +1,60 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ['3.2','3.3','3.4']
+
+    steps:
+    - name: Checkout sdk-ruby
+      uses: actions/checkout@v4
+      with:
+        submodules: recursive
+        path: sdk-ruby
+
+    - name: Checkout integration-test-data
+      uses: actions/checkout@v4
+      with:
+        repository: quonfig/integration-test-data
+        path: integration-test-data
+        ref: main
+
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+    # uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: false # runs 'bundle install' and caches installed gems automatically
+        working-directory: sdk-ruby
+    - name: Install dependencies
+      working-directory: sdk-ruby
+      run: bundle install --without development --jobs 4 --retry 3
+    - name: Run tests
+      working-directory: sdk-ruby
+      run: bundle exec rake --trace
+      env:
+        NOT_A_NUMBER: "abcd"
+        IS_A_NUMBER: "1234"

data/.github/workflows/test.yaml

@@ -0,0 +1,40 @@
+name: Test
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ['3.1', '3.2', '3.3']
+    steps:
+      - name: Checkout sdk-ruby
+        uses: actions/checkout@v4
+        with:
+          path: sdk-ruby
+
+      - name: Checkout integration-test-data
+        uses: actions/checkout@v4
+        with:
+          repository: quonfig/integration-test-data
+          path: integration-test-data
+          ref: main
+
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+          working-directory: sdk-ruby
+
+      - name: Install dependencies
+        working-directory: sdk-ruby
+        run: bundle install
+
+      - name: Run tests
+        working-directory: sdk-ruby
+        run: bundle exec rake test

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  NewCops: enable
+  Exclude:
+    - sdk-reforge.gemspec
+    - lib/prefab_pb.rb
+
+Metrics:
+  Exclude:
+    - 'test/*.rb'
+
+Layout/LineLength:
+  Exclude:
+    - 'test/*.rb'

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.2.7

data/CHANGELOG.md

@@ -0,0 +1,301 @@
+# Changelog
+
+## 0.0.2 - 2026-04-22
+
+- **Fix:** SSE client now connects to `/api/v2/sse/config` to match the server route and other Quonfig SDKs (was `/api/v2/sse`, which would have failed at runtime against api-delivery). (qfg-uq8)
+- **Test cleanup:** removed two unused Prefab-era integration tests in `test_sse_config_client.rb` that targeted `goatsofreforge.com` and the dead `test/integration_test.rb` helper class. (qfg-9u6)
+
+## 0.0.1 - 2026-04-21
+
+- **Rename:** gem renamed from `sdk-reforge` to `quonfig`; top-level module `Reforge` → `Quonfig`. First release of the Quonfig Ruby SDK; version reset to `0.0.1` under the new gem name.
+- **Env vars:** canonical names are now `QUONFIG_BACKEND_SDK_KEY`, `QUONFIG_DIR`, `QUONFIG_DATASOURCES`, `QUONFIG_API_URLS`. Legacy `REFORGE_*` / `PREFAB_*` env vars are no longer read.
+- **BREAKING:** option `sources:` renamed to `api_urls:` (matches other Quonfig SDKs). No alias/deprecation — 0.0.x strategy. Env var `QUONFIG_SOURCES` renamed to `QUONFIG_API_URLS`.
+- **BREAKING:** `DEFAULT_API_URLS` is now `['https://primary.quonfig.com']` (was `[primary, secondary]`). SSE stream URLs are derived by prepending `stream.` to each api_url hostname (see `Quonfig::Options.derive_stream_url`).
+- **Requires:** `require 'sdk-reforge'` → `require 'quonfig'`.
+
+## 1.12.0 - 2025-10-31
+
+- Restore log level functionality with LOG_LEVEL_V2 support
+- Make SemanticLogger optional - SDK now works with or without it
+- Add stdlib Logger support as alternative to SemanticLogger
+- Add InternalLogger that automatically uses SemanticLogger or stdlib Logger
+- Add `logger_key` initialization option for configuring dynamic log levels
+- Add `stdlib_formatter` method for stdlib Logger integration
+
+## 1.11.2 - 2025-10-07
+
+- Address OpenSSL issue with vulnerability to truncation attack
+
+## 1.11.1 - 2025-10-06
+
+- quiet logging for SSE reconnections
+- let the SSE::Client handle the Last-Event-ID header
+
+## 1.10.0 - 2025-10-02
+
+- require `base64` for newest ruby versions
+- look for `REFORGE_BACKEND_SDK_KEY` and `REFORGE_DATAFILE`
+
+## 1.9.2 - 2025-10-02
+
+- Fix bug in row index calculation for the evaluation summary data
+
+## 1.9.1 - 2025-10-01
+
+- Fix entrypoint
+
+
+## 1.9.0 - 2025-08-23
+
+- Moved to reforge gem name `sdk-reforge`
+- Add automated gem publishing via GitHub Actions trusted publishing
+- Add support for `reforge.current-time` virtual context
+- Dropped the previous implementation of dynamic logging support
+- Removed local file loading based on prefab-envs
+
+## 1.8.9 - 2025-04-15
+
+- Fix support for virtual context `prefab.current-time` [#229]
+
+## 1.8.8 - 2025-02-28
+
+- Add conditional fetch support for configurations [#226]
+- Operator support for string starts with, contains [#212]
+- Operator support for regex, semver (protobuf update) [#215]
+- Operator support for date comparison (before/after) [#221]
+- Operator support for numeric comparisons [#220]
+
+
+## 1.8.7 - 2024-10-25
+
+- Add option symbolize_json_names [#211]
+
+
+## 1.8.6 - 2024-10-07
+
+- Fix deprecation warning caused by x_datafile being set by default [#208]
+
+## 1.8.5 - 2024-09-27
+
+- Fix JS bootstrapping and improve performance [#206]
+- Promote `datafile` from `x_datafile` [#205]
+
+## 1.8.4 - 2024-09-19
+
+- Use `stream` subdomain for SSE [#203]
+
+## 1.8.3 - 2024-09-16
+
+- Add JavaScript stub & bootstrapping [#200]
+
+## 1.8.2 - 2024-09-03
+
+- Forbid bad semantic_logger version [#198]
+
+## 1.8.1 - 2024-09-03
+
+- Fix SSE reconnection bug [#197]
+
+## 1.8.0 - 2024-08-22
+
+- Load config from belt and failover to suspenders [#195]
+
+## 1.7.2 - 2024-06-24
+
+- Support JSON config values [#194]
+
+## 1.7.1 - 2024-04-11
+
+- Ergonomics [#191]
+
+## 1.7.0 - 2024-04-10
+
+- Add duration support [#187]
+
+## 1.6.2 - 2024-03-29
+
+- Fix context telemetry when JIT and Block contexts are combined [#185]
+- Remove logger prefix [#186]
+
+## 1.6.1 - 2024-03-28
+
+- Performance optimizations [#178]
+- Global context [#182]
+
+## 1.6.0 - 2024-03-27
+
+- Use semantic_logger for internal logging [#173]
+- Remove Prefab::LoggerClient as a logger for end users [#173]
+- Provide log_filter for end users [#173]
+
+## 1.5.1 - 2024-02-22
+
+- Fix: Send context shapes by default [#174]
+
+## 1.5.0 - 2024-02-12
+
+- Fix potential inconsistent Context behavior [#172]
+
+## 1.4.5 - 2024-01-31
+
+- Refactor out a `should_log?` method [#170]
+
+## 1.4.4 - 2024-01-26
+
+- Raise when ENV var is missing
+
+## 1.4.3 - 2024-01-17
+
+- Updated proto definition file
+
+## 1.4.2 - 2023-12-14
+
+- Use reportable value even for invalid data [#166]
+
+## 1.4.1 - 2023-12-08
+
+- Include version in `get` request [#165]
+
+## 1.4.0 - 2023-11-28
+
+- ActiveJob tagged logger issue [#164]
+- Compact Log Format [#163]
+- Tagged Logging [#161]
+- ContextKey logging thread safety [#162]
+
+## 1.3.2 - 2023-11-15
+
+- Send back cloud.prefab logging telemetry [#160]
+
+## 1.3.1 - 2023-11-14
+
+- Improve path of rails.controller logging & fix strong param include [#159]
+
+## 1.3.0 - 2023-11-13
+
+- Less logging when wifi is off and we load from cache [#157]
+- Alpha: Add Provided & Secret Support [#152]
+- Alpha: x_datafile [#156]
+- Add single line action-controller output under rails.controller [#158]
+
+## 1.2.1 - 2023-11-01
+
+- Update protobuf definitions [#154]
+
+## 1.2.0 - 2023-10-30
+
+- Add `Prefab.get('key')` style usage after a `Prefab.init()` call [#151]
+- Add `add_context_keys` and `with_context_keys` method for LoggerClient [#145]
+
+## 1.1.2 - 2023-10-13
+
+- Add `cloud.prefab.client.criteria_evaluator` `debug` logging of evaluations [#150]
+- Add `x_use_local_cache` for local caching [#148]
+- Tests run in RubyMine [#147]
+
+## 1.1.1 - 2023-10-11
+
+- Migrate happy-path client-initialization logging to `DEBUG` level rather than `INFO` [#144]
+- Add `ConfigClientPresenter` for logging out stats upon successful client initialization [#144]
+- Add support for default context [#146]
+
+## 1.1.0 - 2023-09-18
+
+- Add support for structured logging [#143]
+  - Ability to pass a hash of key/value context pairs to any of the user-facing log methods
+
+## 1.0.1 - 2023-08-17
+
+- Bug fix for StringList w/ ExampleContextsAggregator [#141]
+
+## 1.0.0 - 2023-08-10
+
+- Removed EvaluatedKeysAggregator [#137]
+- Change `collect_evaluation_summaries` default to true [#136]
+- Removed some backwards compatibility shims [#133]
+- Standardizing options [#132]
+  - Note that the default value for `context_upload_mode` is `:periodic_example` which means example contexts will be collected.
+    This enables easy variant override assignment in our UI. More at https://prefab.cloud/blog/feature-flag-variant-assignment/
+
+## 0.24.6 - 2023-07-31
+
+- Logger Client compatibility [#129]
+- Replace EvaluatedConfigs with ExampleContexts [#128]
+- Add ConfigEvaluationSummaries (opt-in for now) [#123]
+
+## 0.24.5 - 2023-07-10
+
+- Report Client Version [#121]
+
+## [0.24.4] - 2023-07-06
+
+- Support Timed Loggers [#119]
+- Added EvaluatedConfigsAggregator (disabled by default) [#118]
+- Added EvaluatedKeysAggregator (disabled by default) [#117]
+- Dropped Ruby 2.6 support [#116]
+- Capture/report context shapes [#115]
+- Added bin/console [#114]
+
+## [0.24.3] - 2023-05-15
+
+- Add JSON log formatter [#106]
+
+# [0.24.2] - 2023-05-12
+
+- Fix bug in FF rollout eval consistency [#108]
+- Simplify forking [#107]
+
+# [0.24.1] - 2023-04-26
+
+- Fix misleading deprecation warning [#105]
+
+# [0.24.0] - 2023-04-26
+
+- Backwards compatibility for JIT context [#104]
+- Remove upsert [#103]
+- Add resolver presenter and `on_update` callback [#102]
+- Deprecate `lookup_key` and introduce Context [#99]
+
+# [0.23.8] - 2023-04-21
+
+- Update protobuf [#101]
+
+# [0.23.7] - 2023-04-21
+
+- Guard against ActiveJob not being loaded [#100]
+
+# [0.23.6] - 2023-04-17
+
+- Fix bug in FF rollout eval consistency [#98]
+- Add tests for block-form of logging [#96]
+
+# [0.23.5] - 2023-04-13
+
+- Cast the value to string when checking presence in string list [#95]
+
+# [0.23.4] - 2023-04-12
+
+- Remove GRPC [#93]
+
+# [0.23.3] - 2023-04-07
+
+- Use exponential backoff for log level uploading [#92]
+
+# [0.23.2] - 2023-04-04
+
+- Move log collection logs from INFO to DEBUG [#91]
+- Fix: Handle trailing slash in PREFAB_API_URL [#90]
+
+# [0.23.1] - 2023-03-30
+
+- ActiveStorage not defined in Rails < 5.2 [#87]
+
+# [0.23.0] - 2023-03-28
+
+- Convenience for setting Rails.logger [#85]
+- Log evaluation according to rules [#81]
+
+# [0.22.0] - 2023-03-15
+
+- Report log paths and usages [#79]
+- Accept hash or keyword args in `initialize` [#78]

data/CLAUDE.md

@@ -0,0 +1,29 @@
+# Quonfig Ruby SDK
+
+Ruby SDK for Quonfig feature flags and configuration.
+
+## Build & Test
+
+```bash
+bundle install                          # install dependencies
+bundle exec rake test                   # run all tests
+bundle exec ruby test/test_FOO.rb       # run a single test file
+bundle exec rake                        # default task — runs tests
+```
+
+## Directory layout
+
+- `lib/quonfig/` — SDK source code
+- `test/` — unit tests (one `test_*.rb` per module)
+- `test/integration/` — integration tests driven by shared YAML specs
+
+Integration tests require the sibling directory `../../integration-test-data/`
+to exist (cloned from `quonfig/integration-test-data`). Without it the
+integration suite cannot resolve its YAML specs.
+
+## Environment variables
+
+- `QUONFIG_BACKEND_SDK_KEY` — backend SDK key for authenticated config delivery
+- `QUONFIG_DIR` — path to a local Quonfig workspace (datadir mode)
+- `QUONFIG_ENVIRONMENT` — which environment to evaluate (`production`, `staging`, `development`)
+- `QUONFIG_TELEMETRY_URL` — telemetry ingest endpoint

data/CODEOWNERS

@@ -0,0 +1 @@
+*    @prefab-cloud/prefabdevs @prefab-cloud/prefabmaintainers @prefab-cloud/prefabadmins