@esoteric-logic/praxis-harness 2.7.0 → 2.9.0

package/README.md

@@ -10,7 +10,7 @@ Praxis gives Claude Code a three-layer operating system:
 
 **Universal base** — always loaded. Praxis structures work (discuss → plan → execute → verify → simplify → ship). Built-in quality enforcement (debugging, code review, simplification).
 
-**AI-Kits** — activated on demand via `/kit:<name>`. Each kit bundles domain-specific rules, skills, MCP servers, and slash commands. Activate the web-designer kit and your components get design system enforcement, accessibility auditing, and production lint. Deactivate with `/kit:off`.
+**AI-Kits** — activated on demand via `/px-kit:<name>`. Each kit bundles domain-specific rules, skills, MCP servers, and slash commands. Activate the web-designer kit and your components get design system enforcement, accessibility auditing, and production lint. Deactivate with `/px-kit:off`.
 
 **Project config** — per-repo rules that fire automatically based on file paths. Terraform rules load when you touch `.tf` files. GitHub Actions rules load when you touch workflow YAML. No manual switching.
 
@@ -33,51 +33,51 @@ npx @esoteric-logic/praxis-harness@latest uninstall   # remove Praxis-owned file
 
 ## After install
 
-Verify with `/help` — you should see Praxis commands (`/discuss`, `/execute`, `/verify`, `/plan`, `/ship`, `/kit:*`).
+Verify with `/help` — you should see Praxis commands (`/px-discuss`, `/px-execute`, `/px-verify`, `/px-plan`, `/px-ship`, `/px-kit:*`).
 
 ## Workflow
 
 The standard Praxis workflow for feature development:
 
 ```
-/standup           → orient (reads status.md, surfaces stale state)
-/discuss       → frame the problem (conversational, scope guard)
-/discover          → research options with confidence levels (before /spec)
-/plan    → plan milestones (with dependency ordering + boundaries)
-/execute       → implement one milestone at a time (file-group isolation)
-/verify        → validate (test/lint/typecheck/build, self-review, UNIFY)
-/session-retro     → capture learnings, update vault
+/px-standup           → orient (reads status.md, surfaces stale state)
+/px-discuss          → frame the problem (conversational, scope guard)
+/px-discover         → research options with confidence levels (before /px-spec)
+/px-plan             → plan milestones (with dependency ordering + boundaries)
+/px-execute          → implement one milestone at a time (file-group isolation)
+/px-verify           → validate (test/lint/typecheck/build, self-review, UNIFY)
+/px-session-retro    → capture learnings, update vault
 ```
 
-For pure bugfixes: `/debug` (test-first debugging, skips the full loop).
-For code review: `/review` (launches subagent review at any time).
-For technical research: `/discover` (structured options evaluation before decisions).
+For pure bugfixes: `/px-debug` (test-first debugging, skips the full loop).
+For code review: `/px-review` (launches subagent review at any time).
+For technical research: `/px-discover` (structured options evaluation before decisions).
 
 ## Commands
 
 | Command | Purpose |
 |---------|---------|
-| `discuss` | Conversational problem framing, SPEC synthesis, scope guard |
-| `execute` | Implement one milestone with file-group isolation + boundary enforcement |
-| `verify` | Validate milestone (test/lint/build), self-review, UNIFY phase summary |
-
-| `plan` | Create a dated work plan with milestone dependencies + checkpoints |
-| `spec` | Create a structured spec or ADR with conflict detection |
-| `discover` | Structured technical discovery with confidence-rated options |
-| `standup` | Session-start orientation from vault state |
-| `risk` | Add a risk register entry to the vault |
-| `kit` | Activate/deactivate an AI-Kit |
-| `review` | Manual code review via subagent |
-| `simplify` | Post-implementation code simplification via subagent |
-| `debug` | Structured test-first debugging |
-| `ship` | Commit, push, and PR in one command with pre-flight checks |
-| `verify-app` | End-to-end verification with regression analysis |
-| `session-retro` | End-of-session retrospective with learnings extraction |
-| `status-update` | Manual vault status.md update |
-| `repair` | Structured 3-attempt fix-and-verify loop for failed milestones |
-| `sync-memory` | Bridge auto-memory insights to Obsidian vault |
-| `context-probe` | Assess context health and recommend action |
-| `context-reset` | Reload context from vault without clearing session |
+| `px-discuss` | Conversational problem framing, SPEC synthesis, scope guard |
+| `px-execute` | Implement one milestone with file-group isolation + boundary enforcement |
+| `px-verify` | Validate milestone (test/lint/build), self-review, UNIFY phase summary |
+
+| `px-plan` | Create a dated work plan with milestone dependencies + checkpoints |
+| `px-spec` | Create a structured spec or ADR with conflict detection |
+| `px-discover` | Structured technical discovery with confidence-rated options |
+| `px-standup` | Session-start orientation from vault state |
+| `px-risk` | Add a risk register entry to the vault |
+| `px-kit` | Activate/deactivate an AI-Kit |
+| `px-review` | Manual code review via subagent |
+| `px-simplify` | Post-implementation code simplification via subagent |
+| `px-debug` | Structured test-first debugging |
+| `px-ship` | Commit, push, and PR in one command with pre-flight checks |
+| `px-verify-app` | End-to-end verification with regression analysis |
+| `px-session-retro` | End-of-session retrospective with learnings extraction |
+| `px-status-update` | Manual vault status.md update |
+| `px-repair` | Structured 3-attempt fix-and-verify loop for failed milestones |
+| `px-sync-memory` | Bridge auto-memory insights to Obsidian vault |
+| `px-context-probe` | Assess context health and recommend action |
+| `px-context-reset` | Reload context from vault without clearing session |
 
 ## Rules
 
@@ -114,11 +114,11 @@ Key additions in this version:
 
 | Kit | Activate | What it does |
 |-----|----------|-------------|
-| web-designer | `/kit:web-designer` | Design system init → component build → accessibility audit → production lint |
-| infrastructure | `/kit:infrastructure` | Terraform plan → apply → drift detection → compliance check |
-| api | `/kit:api` | RESTful conventions → OpenAPI specs → contract testing |
-| security | `/kit:security` | Threat modeling → IAM review → OWASP audit |
-| data | `/kit:data` | Schema design → migration planning → query optimization |
+| web-designer | `/px-kit:web-designer` | Design system init → component build → accessibility audit → production lint |
+| infrastructure | `/px-kit:infrastructure` | Terraform plan → apply → drift detection → compliance check |
+| api | `/px-kit:api` | RESTful conventions → OpenAPI specs → contract testing |
+| security | `/px-kit:security` | Threat modeling → IAM review → OWASP audit |
+| data | `/px-kit:data` | Schema design → migration planning → query optimization |
 
 More kits coming. See `docs/creating-a-kit.md` to build your own.
 
@@ -158,13 +158,13 @@ Praxis auto-documents your work in the vault with zero manual effort. Two indepe
 
 | Skill | Auto-writes to vault |
 |-------|---------------------|
-| `/execute` | `status.md` loop position, `decision-log.md` scope events |
-| `/verify` | `claude-progress.json` milestones[] |
-| `/review` | `specs/review-{date}-{slug}.md` (full findings breakdown) |
-| `/simplify` | `notes/{date}_simplify-findings.md` |
-| `/debug` | `notes/{date}_debug-trace.md` |
-| `/verify-app` | `specs/verify-app-{date}-{slug}.md` |
-| `/ship` | `claude-progress.json` features[] |
+| `/px-execute` | `status.md` loop position, `decision-log.md` scope events |
+| `/px-verify` | `claude-progress.json` milestones[] |
+| `/px-review` | `specs/review-{date}-{slug}.md` (full findings breakdown) |
+| `/px-simplify` | `notes/{date}_simplify-findings.md` |
+| `/px-debug` | `notes/{date}_debug-trace.md` |
+| `/px-verify-app` | `specs/verify-app-{date}-{slug}.md` |
+| `/px-ship` | `claude-progress.json` features[] |
 
 **On context compaction** (automatic fallback):
 - `plans/{date}-compact-checkpoint.md` — git state, active plan, loop position
@@ -184,14 +184,14 @@ Re-copies all hooks, skills, rules, and kits from the latest npm package version
 
 ### Updating existing projects
 
-After a harness update that adds new vault files (like `decision-log.md`), run `/scaffold-exist` in a Claude Code session to audit your vault and add any missing files. This is non-destructive — it never overwrites existing content.
+After a harness update that adds new vault files (like `decision-log.md`), run `/px-scaffold-exist` in a Claude Code session to audit your vault and add any missing files. This is non-destructive — it never overwrites existing content.
 
 ```
 Step 1: npx @esoteric-logic/praxis-harness@latest update   → deploys new hooks, skills, rules
-Step 2: /scaffold-exist                                      → audits vault, adds missing files
+Step 2: /px-scaffold-exist                                   → audits vault, adds missing files
 ```
 
-New projects get everything automatically via `/scaffold-new`.
+New projects get everything automatically via `/px-scaffold-new`.
 
 ## Uninstalling
 

package/base/CLAUDE.md

@@ -14,20 +14,20 @@ You are a senior engineering partner. Think before you build. Verify before you
 
 ## Workflow Hierarchy
 - **Praxis** owns the outer loop: discuss → plan → execute → verify → simplify → ship.
-  Always start feature work with `/discuss` or `/next`.
+  Always start feature work with `/px-discuss` or `/px-next`.
 - **Kits** inject domain context into this workflow — they don't replace it.
-- Pure bugfixes: skip the full loop, use `/debug` directly.
-- Trivial changes (typos, config): use `/fast` to skip planning.
-- After every implementation: run `/simplify` to clean up code before verify.
-- Use `/verify-app` for end-to-end checks, `/ship` when ready to commit+push+PR.
+- Pure bugfixes: skip the full loop, use `/px-debug` directly.
+- Trivial changes (typos, config): use `/px-fast` to skip planning.
+- After every implementation: run `/px-simplify` to clean up code before verify.
+- Use `/px-verify-app` for end-to-end checks, `/px-ship` when ready to commit+push+PR.
 
 ## Plan Mode Protocol
 For non-trivial tasks (3+ steps):
 1. Start in Plan Mode — iterate on the plan until it's solid
 2. Switch to auto-accept edits and let Claude one-shot the implementation
-3. Run `/simplify` after implementation
-4. Run `/verify-app` to confirm everything works
-5. Run `/ship` to commit, push, and PR
+3. Run `/px-simplify` after implementation
+4. Run `/px-verify-app` to confirm everything works
+5. Run `/px-ship` to commit, push, and PR
 
 ## Error Learning
 When a mistake is corrected: update project CLAUDE.md `## Error Learning` section
@@ -85,7 +85,7 @@ Registered via `claude mcp add`. Persist globally across sessions.
 
 | Server | Purpose | Install | Degrades without |
 |--------|---------|---------|-----------------|
-| perplexity | AI web search | `bash scripts/onboard-mcp.sh perplexity` | No web research in `/discover` |
+| perplexity | AI web search | `bash scripts/onboard-mcp.sh perplexity` | No web research in `/px-discover` |
 | filesystem | Direct vault file access | `claude mcp add filesystem` | Uses shell for vault reads |
 | sequential-thinking | Multi-step reasoning | `claude mcp add sequential-thinking` | Standard reasoning only |
 
@@ -101,8 +101,8 @@ Missing servers are non-blocking — features degrade gracefully.
    - GitHub Actions → `~/.claude/rules/github-actions.md`
    - PowerShell scripts → `~/.claude/rules/powershell.md`
    - Git operation → `~/.claude/rules/git-workflow.md`
-   - Client-facing writing → auto-loaded by `communication-standards` skill
-   - Architecture/specs → auto-loaded by `architecture-patterns` skill
+   - Client-facing writing → auto-loaded by `px-communication-standards` skill
+   - Architecture/specs → auto-loaded by `px-architecture-patterns` skill
 5. Quality re-anchor: read most recent `compact-checkpoint.md` → check the Quality State section.
    - If lint findings existed before compaction: re-run `golangci-lint run`, confirm status.
    - If tests were failing before compaction: re-run test command, confirm status.
@@ -120,32 +120,41 @@ Missing servers are non-blocking — features degrade gracefully.
 - Use vault search when Obsidian is not running (obsidian backend requires Obsidian open)
 
 ## AI-Kit Registry
-Kits activate via `/kit:<n>` slash command. Kits are idempotent — double-activate is a no-op.
+Kits activate via `/px-kit:<n>` slash command. Kits are idempotent — double-activate is a no-op.
 
 | Kit | Activate | Domain |
 |-----|----------|--------|
-| web-designer | `/kit:web-designer` | Design system → components → accessibility → production lint |
-| infrastructure | `/kit:infrastructure` | Terraform → Azure → GitHub Actions → compliance |
-| api | `/kit:api` | RESTful conventions → OpenAPI specs → contract testing |
-| security | `/kit:security` | Threat modeling → IAM review → OWASP audit |
-| data | `/kit:data` | Schema design → migration planning → query optimization |
+| web-designer | `/px-kit:web-designer` | Design system → components → accessibility → production lint |
+| infrastructure | `/px-kit:infrastructure` | Terraform → Azure → GitHub Actions → compliance |
+| api | `/px-kit:api` | RESTful conventions → OpenAPI specs → contract testing |
+| security | `/px-kit:security` | Threat modeling → IAM review → OWASP audit |
+| code-quality | `/px-kit:code-quality` | SAST + secrets + SCA + IaC gate → AI review (over-engineering, smells, structure) |
+| data | `/px-kit:data` | Schema design → migration planning → query optimization |
 
 Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 
 ## Rules Registry — Load on Demand Only
 
-### Universal — always active (8 rules)
+### Universal — always active (9 rules)
 | File | Purpose |
 |------|---------|
 | `~/.claude/rules/profile.md` | Who the user is, identities, working style |
 | `~/.claude/rules/execution-loop.md` | SPEC/PLAN/VALIDATE loop enforcement |
-| `~/.claude/rules/coding.md` | Code quality, security, complexity thresholds, Context7 mandate |
+| `~/.claude/rules/coding.md` | Context7 mandate, tool preferences, quality architecture reference |
+| `~/.claude/rules/code-quality.md` | Layer 2: Active constraints — hard limits during generation |
 | `~/.claude/rules/git-workflow.md` | Commits, branches, identity verification, pre-commit checks |
 | `~/.claude/rules/vault.md` | Second brain integration — vault backend, file purposes |
 | `~/.claude/rules/context-management.md` | Context anti-rot, phase scoping, context reset protocol |
 | `~/.claude/rules/memory-boundary.md` | Auto-memory boundary, MEMORY.md cap, dream integration |
 | `~/.claude/rules/security-posture.md` | Sandbox model, credential protection, protected paths |
 
+### Skills — loaded at session start
+| File | Purpose |
+|------|---------|
+| `~/.claude/skills/code-excellence.md` | Layer 1: Principles — shapes reasoning about code |
+| `~/.claude/skills/engineering-judgment.md` | Layer 1: Meta-reasoning — principal engineer decision framework |
+| `~/.claude/skills/self-verify.md` | Layer 3: Self-verification protocol — proves correctness before commit |
+
 ### Scoped — load only when paths match
 | File | Loads when |
 |------|------------|
@@ -159,17 +168,17 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 ### Auto-invocable skills (replace former universal rules)
 | Skill | Triggers when |
 |-------|--------------|
-| `communication-standards` | Writing client-facing docs, proposals, status reports, commits, PRs |
-| `architecture-patterns` | Writing ADRs, specs, system design, risk docs, blocker reports |
+| `px-communication-standards` | Writing client-facing docs, proposals, status reports, commits, PRs |
+| `px-architecture-patterns` | Writing ADRs, specs, system design, risk docs, blocker reports |
 
 ## Judgment & Research Commands
 
 | Command | Purpose |
 |---------|---------|
-| `/duel` | Parallel Alpha/Beta implementation → blind scoring → synthesis |
-| `/deliberate` | Multi-perspective decision analysis with scored option matrix |
-| `/freshness` | Full dependency audit — CVEs, outdated packages, maintenance status |
-| `/research <pkg>` | Live docs (Context7) + CVE/version/maintenance check (Perplexity Sonar) |
+| `/px-duel` | Parallel Alpha/Beta implementation → blind scoring → synthesis |
+| `/px-deliberate` | Multi-perspective decision analysis with scored option matrix |
+| `/px-freshness` | Full dependency audit — CVEs, outdated packages, maintenance status |
+| `/px-research <pkg>` | Live docs (Context7) + CVE/version/maintenance check (Perplexity Sonar) |
 
 MCP server templates: `base/configs/mcp-servers.json` — declarative config for context7, github, perplexity-sonar.
 Dependency registry: `base/configs/registry.json` — single source of truth for all tools, auth, hooks.

package/base/configs/ci/lint-stack.yml

@@ -1,7 +1,7 @@
-# Polyglot Lint Stack — 3-Layer CI Template
+# Lint Stack — CI Template
 # Copy to: .github/workflows/lint-stack.yml
-# Conditional: each tool runs only if its language files exist in the repo.
-# Pin actions to SHA — update hashes when upgrading versions.
+# DeepSource handles comprehensive analysis via GitHub app integration.
+# This workflow provides basic file hygiene checks only.
 
 name: Lint Stack
 on:
@@ -10,117 +10,27 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
-  # ─────────────────────────────────────────────
-  # LAYER 1: Fast Feedback (~10s per tool)
-  # ─────────────────────────────────────────────
-  lint:
-    name: L1 — Lint + Format
+  hygiene:
+    name: File Hygiene
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      # Python — Ruff
-      - name: Ruff check
-        if: hashFiles('**/*.py') != ''
-        uses: astral-sh/ruff-action@9700c1666704e06e2cf8f9046755e3dfc6297e40 # v3.2.1
-        with:
-          args: "check"
-      - name: Ruff format check
-        if: hashFiles('**/*.py') != ''
-        uses: astral-sh/ruff-action@9700c1666704e06e2cf8f9046755e3dfc6297e40 # v3.2.1
-        with:
-          args: "format --check"
-
-      # JS/TS — Biome
-      - name: Setup Biome
-        if: hashFiles('**/*.js', '**/*.ts', '**/*.jsx', '**/*.tsx') != ''
-        uses: biomejs/setup-biome@1cbe33ead22c7a2fded3b52fa2893611c815c3d2 # v2.5.0
-      - name: Biome CI
-        if: hashFiles('**/*.js', '**/*.ts', '**/*.jsx', '**/*.tsx') != ''
-        run: biome ci .
-
-      # Go — golangci-lint
-      - name: golangci-lint
-        if: hashFiles('go.mod') != ''
-        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0
-        with:
-          version: v2.1
-
-      # Rust — Clippy
-      - name: Setup Rust toolchain
-        if: hashFiles('Cargo.toml') != ''
-        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # stable
-        with:
-          toolchain: stable
-          components: clippy, rustfmt
-      - name: Clippy
-        if: hashFiles('Cargo.toml') != ''
-        run: cargo clippy --all-targets --all-features -- -D warnings
-      - name: rustfmt check
-        if: hashFiles('Cargo.toml') != ''
-        run: cargo fmt --all -- --check
-
-      # Shell — ShellCheck
-      - name: ShellCheck
-        if: hashFiles('**/*.sh') != ''
+      - name: Check for merge conflict markers
         run: |
-          sudo apt-get install -y shellcheck
-          find . -name '*.sh' -not -path './node_modules/*' -not -path './vendor/*' | xargs shellcheck -s bash
-
-  # ─────────────────────────────────────────────
-  # LAYER 2: Quality Gates (~2min)
-  # ─────────────────────────────────────────────
-  security-scan:
-    name: L2 — Semgrep
-    runs-on: ubuntu-latest
-    needs: lint
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: semgrep/semgrep-action@713efdd345ae26c72e79b5b32927be8e0e6bab83 # v1
-        with:
-          config: >-
-            p/default
-            p/secrets
-            p/owasp-top-ten
-        env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+          if git grep -rn '<<<<<<< \|>>>>>>> ' -- ':!*.yml' ':!*.yaml'; then
+            echo "::error::Merge conflict markers found"
+            exit 1
+          fi
 
-  # Uncomment to add SonarQube quality gate (requires self-hosted server)
-  # sonarqube:
-  #   name: L2 — SonarQube
-  #   runs-on: ubuntu-latest
-  #   needs: lint
-  #   steps:
-  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-  #       with:
-  #         fetch-depth: 0
-  #     - uses: SonarSource/sonarqube-scan-action@0e1a25e90571a34e2ec5c72ee40ba45cc73a1e6e # v4
-  #       env:
-  #         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-  #         SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-  #     - uses: SonarSource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3066f25f47e3fc20894 # v1.1.0
-  #       timeout-minutes: 5
-  #       env:
-  #         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-  # ─────────────────────────────────────────────
-  # LAYER 3: AI Review (~2min, optional)
-  # ─────────────────────────────────────────────
-  # Uncomment to enable AI-powered PR review.
-  # Requires OPENAI_API_KEY secret or self-hosted Ollama.
-  #
-  # ai-review:
-  #   name: L3 — AI Review
-  #   runs-on: ubuntu-latest
-  #   needs: [security-scan]
-  #   steps:
-  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-  #     - uses: Codium-ai/pr-agent@main
-  #       env:
-  #         OPENAI_KEY: ${{ secrets.OPENAI_API_KEY }}
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       with:
-  #         command: review
+      - name: Check for large files
+        run: |
+          find . -type f -size +500k \
+            -not -path './.git/*' \
+            -not -path './node_modules/*' \
+            -not -path './vendor/*' \
+            -not -path './.terraform/*' | head -20 | while read -r f; do
+            echo "::warning file=$f::File exceeds 500KB"
+          done

package/base/configs/registry.json

@@ -26,16 +26,13 @@
       {"name": "gh", "minVersion": "2.0.0", "install": "brew install gh"}
     ],
     "optional": [
-      {"name": "trufflehog", "feature": "secret-scanning", "install": "brew install trufflehog"},
-      {"name": "gitleaks", "feature": "secret-scanning", "install": "brew install gitleaks"},
+      {"name": "deepsource", "feature": "code-analysis", "install": "curl -fsSL https://cli.deepsource.com/install | sh"},
       {"name": "osv-scanner", "feature": "dep-audit", "install": "go install github.com/google/osv-scanner/cmd/osv-scanner@latest"},
       {"name": "pip-audit", "feature": "dep-audit-python", "install": "pip install pip-audit"},
       {"name": "docker", "feature": "docker-sandbox", "install": "brew install --cask docker"},
       {"name": "biome", "feature": "lint-js", "install": "npm install -g @biomejs/biome"},
       {"name": "ruff", "feature": "lint-python", "install": "pip install ruff"},
-      {"name": "semgrep", "feature": "security-scan", "install": "pip install semgrep"},
       {"name": "markdownlint", "feature": "lint-markdown", "install": "npm install -g markdownlint-cli"},
-      {"name": "pre-commit", "feature": "pre-commit-hooks", "install": "pip install pre-commit"},
       {"name": "golangci-lint", "feature": "lint-go", "install": "brew install golangci-lint"},
       {"name": "rustfmt", "feature": "format-rust", "install": "rustup component add rustfmt"},
       {"name": "clippy", "feature": "lint-rust", "install": "rustup component add clippy"}
@@ -104,7 +101,6 @@
       {"path": "base/hooks/file-guard.sh", "event": "PreToolUse", "matcher": "Write|Edit|MultiEdit"},
       {"path": "base/hooks/identity-check.sh", "event": "PreToolUse", "matcher": "Bash"},
       {"path": "base/hooks/credential-guard.sh", "event": "PreToolUse", "matcher": "Bash"},
-      {"path": "base/hooks/quality-check.sh", "event": "PostToolUse", "matcher": "Write|Edit|MultiEdit"},
       {"path": "base/hooks/session-data-collect.sh", "event": "Stop", "matcher": ""}
     ],
     "optional": [

package/base/hooks/settings-hooks.json

@@ -39,15 +39,6 @@
       }
     ],
     "PostToolUse": [
-      {
-        "matcher": "Write|Edit|MultiEdit",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "bash ~/.claude/hooks/quality-check.sh"
-          }
-        ]
-      },
       {
         "matcher": "Write|Edit|MultiEdit",
         "hooks": [
@@ -62,10 +53,6 @@
       {
         "matcher": "",
         "hooks": [
-          {
-            "type": "command",
-            "command": "bash ~/.claude/hooks/post-session-lint.sh"
-          },
           {
             "type": "prompt",
             "prompt": "Run the project test suite. Read CLAUDE.md ## Commands for the test command. If no test command defined, respond {ok:true}. Run tests. If all pass: respond {ok:true}. If tests fail: respond {ok:false, reason:'Tests failing: <summary>'}. Do not fix — only report."

package/base/hooks/vault-checkpoint.sh

@@ -23,8 +23,6 @@ CHECKPOINT_FILE="$PLANS_DIR/$DATE-compact-checkpoint.md"
 
 BRANCH=$(git --no-pager rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
 LAST_COMMIT=$(git --no-pager log --oneline -1 2>/dev/null || echo "no commits")
-PROJECT_DIR=$(basename "$PWD")
-
 STATUS_FILE="$VAULT_PATH/status.md"
 PROGRESS_FILE="$VAULT_PATH/claude-progress.json"
 

package/base/rules/code-quality.md

@@ -0,0 +1,56 @@
+# Code Quality — Active Constraints
+
+These rules are active during code generation. They are not reviewed after writing —
+they shape what gets written in the first place.
+
+## Before writing any function
+State in a single-line comment what this function does.
+If you cannot write the comment in one sentence, split the function first.
+The function name must be derivable from that comment.
+
+## Hard limits — never violate without explicit documented exception
+- No function exceeds 30 lines of logic (blank lines and comments excluded)
+- No block nesting deeper than 3 levels
+- No function with more than 4 parameters — use an options/config object beyond 4
+- No class with more than 5 public methods — split the class first
+- No file with more than 300 lines — split the module first
+- No `TODO` or `FIXME` committed — resolve inline or create a tracked issue with link in comment
+
+## Before introducing any abstraction (interface, base class, factory, wrapper)
+Identify exactly 2 or more existing concrete use cases that require it.
+They must exist in the current codebase, not in anticipated future requirements.
+If only 1 use case exists, inline the logic and do not create the abstraction.
+
+## Before adding any new dependency
+- Verify the standard library does not provide equivalent functionality
+- Verify the package has had a commit within the last 6 months
+- Pin to exact version in package manifest
+- Add a comment above the import explaining why this dependency was chosen over alternatives
+
+## On every new public function or method
+Write the JSDoc/docstring before writing the implementation.
+The docstring must include: what it does, what each parameter is, what it returns, what it throws.
+If you cannot write the docstring, you do not yet understand what you are building.
+
+## On error handling — no exceptions
+- Every async function has explicit error handling (try/catch or .catch() or Result type)
+- Every function that receives external input validates type, range, and format before use
+- Every thrown error has a message that identifies: what failed, why it failed, what the caller should do
+- Errors are never caught and silently ignored — log at minimum, re-throw if unhandled
+
+## On tests
+- New public functions require tests before the PR is considered complete
+- Tests assert behavior (outputs and side effects), not implementation (which internal functions were called)
+- Each test covers exactly one scenario — no multi-scenario tests
+- Test files mirror source file structure — `src/auth/login.ts` → `tests/auth/login.test.ts`
+
+## On comments
+Write comments that explain WHY, not WHAT.
+Delete any comment that restates what the code already says.
+Write comments that capture: non-obvious decisions, external constraints, known limitations.
+
+## On naming
+- No single-letter variables except loop indices (`i`, `j`, `k`) in tight loops of ≤5 lines
+- No abbreviations unless they are universally understood domain terms (`id`, `url`, `api`)
+- No generic names: `data`, `info`, `temp`, `result`, `obj`, `val`, `res`, `thing`, `stuff`
+- Rename before committing. Names do not get "cleaned up later."