@soulbatical/tetra-dev-toolkit 1.1.0 → 1.2.0

package/bin/{vca-audit.js → tetra-audit.js}

@@ -1,15 +1,15 @@
 #!/usr/bin/env node
 
 /**
- * VCA Quality Toolkit - Main CLI
+ * Tetra Dev Toolkit - Main CLI
  *
  * Usage:
- *   vca-audit              # Run all checks
- *   vca-audit security     # Run security checks only
- *   vca-audit stability    # Run stability checks only
- *   vca-audit quick        # Run quick critical checks
- *   vca-audit --ci         # CI mode (GitHub Actions annotations)
- *   vca-audit --json       # JSON output
+ *   tetra-audit              # Run all checks
+ *   tetra-audit security     # Run security checks only
+ *   tetra-audit stability    # Run stability checks only
+ *   tetra-audit quick        # Run quick critical checks
+ *   tetra-audit --ci         # CI mode (GitHub Actions annotations)
+ *   tetra-audit --json       # JSON output
  */
 
 import { program } from 'commander'
@@ -17,9 +17,9 @@ import { runAllChecks, runSecurityChecks, runStabilityChecks, runCodeQualityChec
 import { formatResults, formatGitHubActions } from '../lib/reporters/terminal.js'
 
 program
-  .name('vca-audit')
-  .description('VCA Quality Toolkit - Unified quality checks for all projects')
-  .version('1.0.0')
+  .name('tetra-audit')
+  .description('Tetra Dev Toolkit - Unified quality checks for all projects')
+  .version('1.2.0')
   .argument('[suite]', 'Check suite to run: security, stability, quick, or all (default)')
   .option('--ci', 'CI mode - output GitHub Actions annotations')
   .option('--json', 'Output results as JSON')
@@ -56,7 +56,7 @@ program
 
         // Also print summary
         console.log('')
-        console.log('## VCA Quality Audit Results')
+        console.log('## Tetra Quality Audit Results')
         console.log('')
         console.log(`- **Status**: ${results.passed ? '✅ PASSED' : '❌ FAILED'}`)
         console.log(`- **Checks**: ${results.summary.passed} passed, ${results.summary.failed} failed`)

package/bin/{vca-dev-token.js → tetra-dev-token.js}

@@ -1,25 +1,25 @@
 #!/usr/bin/env node
 
 /**
- * VCA Dev Toolkit - Dev Token CLI
+ * Tetra Dev Toolkit - Dev Token CLI
  *
  * Manage Supabase dev tokens for API testing.
  * Auto-detects project from package.json, finds Supabase config from .env files.
  *
  * Usage:
- *   vca-dev-token                    # Auto-refresh or show status
- *   vca-dev-token --login            # Interactive login (prompts for password)
- *   vca-dev-token --status           # Show current token status
- *   vca-dev-token --project myapp    # Override project detection
+ *   tetra-dev-token                    # Auto-refresh or show status
+ *   tetra-dev-token --login            # Interactive login (prompts for password)
+ *   tetra-dev-token --status           # Show current token status
+ *   tetra-dev-token --project myapp    # Override project detection
  */
 
 import { program } from 'commander'
 import { runDevToken } from '../lib/commands/dev-token.js'
 
 program
-  .name('vca-dev-token')
+  .name('tetra-dev-token')
   .description('Manage Supabase dev tokens for API testing')
-  .version('1.1.0')
+  .version('1.2.0')
   .option('--login', 'Interactive login (prompts for email/password)')
   .option('--status', 'Show current token status')
   .option('--project <name>', 'Override auto-detected project slug')

package/bin/{vca-setup.js → tetra-setup.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * VCA Quality Toolkit - Setup CLI
+ * Tetra Dev Toolkit - Setup CLI
  *
  * Sets up quality infrastructure in a project:
  * - Husky pre-commit hooks
@@ -9,10 +9,10 @@
  * - Configuration file
  *
  * Usage:
- *   vca-setup              # Interactive setup
- *   vca-setup hooks        # Setup Husky hooks only
- *   vca-setup ci           # Setup GitHub Actions only
- *   vca-setup config       # Create .vca-quality.json
+ *   tetra-setup              # Interactive setup
+ *   tetra-setup hooks        # Setup Husky hooks only
+ *   tetra-setup ci           # Setup GitHub Actions only
+ *   tetra-setup config       # Create .tetra-quality.json
  */
 
 import { program } from 'commander'
@@ -23,14 +23,14 @@ import { join } from 'path'
 const projectRoot = process.cwd()
 
 program
-  .name('vca-setup')
-  .description('Setup VCA Quality Toolkit in your project')
-  .version('1.0.0')
+  .name('tetra-setup')
+  .description('Setup Tetra Dev Toolkit in your project')
+  .version('1.2.0')
   .argument('[component]', 'Component to setup: hooks, ci, config, or all (default)')
   .option('-f, --force', 'Overwrite existing files')
   .action(async (component, options) => {
     console.log('')
-    console.log('🔧 VCA Quality Toolkit - Setup')
+    console.log('🔧 Tetra Dev Toolkit - Setup')
     console.log('═'.repeat(50))
     console.log('')
 
@@ -58,7 +58,7 @@ program
     console.log('✅ Setup complete!')
     console.log('')
     console.log('Next steps:')
-    console.log('  1. Run `vca-audit` to check your project')
+    console.log('  1. Run `tetra-audit` to check your project')
     console.log('  2. Commit the generated files')
     console.log('  3. Push to trigger CI checks')
     console.log('')
@@ -95,14 +95,14 @@ async function setupHooks(options) {
     const preCommitContent = `#!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
-echo "🔍 Running VCA Quality checks..."
+echo "🔍 Running Tetra quality checks..."
 
 # Run quick security checks (fast, blocks commit on critical issues)
-npx vca-audit quick
+npx tetra-audit quick
 if [ $? -ne 0 ]; then
   echo ""
   echo "❌ Security issues found! Fix before committing."
-  echo "   Run 'vca-audit' for detailed report."
+  echo "   Run 'tetra-audit' for detailed report."
   exit 1
 fi
 
@@ -149,7 +149,7 @@ on:
 
 jobs:
   quality:
-    name: 🔍 VCA Quality Audit
+    name: 🔍 Tetra Quality Audit
     runs-on: ubuntu-latest
 
     steps:
@@ -165,8 +165,8 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Run VCA Quality Audit
-        run: npx @vca/quality-toolkit --ci
+      - name: Run Tetra Quality Audit
+        run: npx tetra-audit --ci
 
       - name: Upload results
         if: always()
@@ -186,10 +186,10 @@ jobs:
 async function setupConfig(options) {
   console.log('📝 Setting up configuration...')
 
-  const configPath = join(projectRoot, '.vca-quality.json')
+  const configPath = join(projectRoot, '.tetra-quality.json')
   if (!existsSync(configPath) || options.force) {
     const config = {
-      "$schema": "https://vca-tools.dev/schemas/quality-toolkit.json",
+      "$schema": "https://tetra-tools.dev/schemas/quality-toolkit.json",
       "suites": {
         "security": true,
         "stability": true,
@@ -218,7 +218,7 @@ async function setupConfig(options) {
     }
 
     writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n')
-    console.log('   ✅ Created .vca-quality.json')
+    console.log('   ✅ Created .tetra-quality.json')
   } else {
     console.log('   ⏭️  Config already exists (use --force to overwrite)')
   }

package/lib/checks/health/quality-toolkit.js

@@ -1,5 +1,5 @@
 /**
- * Health Check: @vca/dev-toolkit Installation
+ * Health Check: @soulbatical/tetra-dev-toolkit Installation
  *
  * Checks if the quality toolkit is installed and CLI commands available.
  * Score: 0 = not installed, 1 = installed, 2 = all commands available
@@ -15,7 +15,7 @@ export async function check(projectPath, { getCachedCodeQuality } = {}) {
   const result = createCheck('quality-toolkit', 2, {
     installed: false,
     version: null,
-    commands: { 'vca-audit': false, 'vca-setup': false, 'vca-dev-token': false }
+    commands: { 'tetra-audit': false, 'tetra-setup': false, 'tetra-dev-token': false }
   })
 
   const packageJsonPath = join(projectPath, 'package.json')
@@ -28,12 +28,12 @@ export async function check(projectPath, { getCachedCodeQuality } = {}) {
   try {
     const pkg = JSON.parse(readFileSync(packageJsonPath, 'utf-8'))
     const allDeps = { ...pkg.dependencies, ...pkg.devDependencies }
-    const toolkitDep = allDeps['@vca/dev-toolkit'] || allDeps['@vca/quality-toolkit']
+    const toolkitDep = allDeps['@soulbatical/tetra-dev-toolkit'] || allDeps['@vca/dev-toolkit'] || allDeps['@vca/quality-toolkit']
 
     if (!toolkitDep) {
       result.status = 'warning'
       result.details.message = 'Not installed'
-      result.details.installCommand = 'npm install --save-dev /Users/albertbarth/projecten/vca-quality-toolkit'
+      result.details.installCommand = 'npm install --save-dev @soulbatical/tetra-dev-toolkit'
       return result
     }
 
@@ -42,8 +42,12 @@ export async function check(projectPath, { getCachedCodeQuality } = {}) {
     result.score = 1
 
     // Get installed version from node_modules
-    for (const pkgName of ['dev-toolkit', 'quality-toolkit']) {
-      const toolkitPackagePath = join(projectPath, 'node_modules', '@vca', pkgName, 'package.json')
+    const lookupPaths = [
+      join(projectPath, 'node_modules', '@soulbatical', 'tetra-dev-toolkit', 'package.json'),
+      join(projectPath, 'node_modules', '@vca', 'dev-toolkit', 'package.json'),
+      join(projectPath, 'node_modules', '@vca', 'quality-toolkit', 'package.json'),
+    ]
+    for (const toolkitPackagePath of lookupPaths) {
       if (existsSync(toolkitPackagePath)) {
         try {
           result.details.version = JSON.parse(readFileSync(toolkitPackagePath, 'utf-8')).version
@@ -54,9 +58,9 @@ export async function check(projectPath, { getCachedCodeQuality } = {}) {
       }
     }
 
-    // Check CLI commands
+    // Check CLI commands (check new tetra-* names, fall back to legacy vca-*)
     const binPath = join(projectPath, 'node_modules', '.bin')
-    const commands = ['vca-audit', 'vca-setup', 'vca-dev-token']
+    const commands = ['tetra-audit', 'tetra-setup', 'tetra-dev-token']
     for (const cmd of commands) {
       result.details.commands[cmd] = existsSync(join(binPath, cmd))
     }

package/lib/checks/health/repo-visibility.js

@@ -43,7 +43,7 @@ export async function check(projectPath) {
 
   try {
     const response = await fetch(`https://api.github.com/repos/${owner}/${repo}`, {
-      headers: { 'User-Agent': 'vca-health-check' },
+      headers: { 'User-Agent': 'tetra-health-check' },
       signal: AbortSignal.timeout(5000)
     })
 

package/lib/checks/stability/ci-pipeline.js

@@ -91,7 +91,7 @@ export async function run(config, projectRoot) {
     },
     {
       name: 'security-audit',
-      patterns: ['npm audit', 'vca-audit', 'security-check', 'snyk', 'CodeQL'],
+      patterns: ['npm audit', 'tetra-audit', 'vca-audit', 'security-check', 'snyk', 'CodeQL'],
       severity: 'medium'
     }
   ]

package/lib/checks/stability/husky-hooks.js

@@ -56,7 +56,7 @@ export async function run(config, projectRoot) {
     { name: 'lint', patterns: ['lint', 'eslint'] },
     { name: 'type-check', patterns: ['tsc', 'typecheck', 'type-check'] },
     { name: 'test', patterns: ['test', 'jest', 'vitest'] },
-    { name: 'security', patterns: ['security', 'audit', 'vca-'] }
+    { name: 'security', patterns: ['security', 'audit', 'tetra-', 'vca-'] }
   ]
 
   const missingChecks = []

package/lib/commands/dev-token.js

@@ -1,7 +1,7 @@
 /**
- * VCA Dev Toolkit - Dev Token Manager
+ * Tetra Dev Toolkit - Dev Token Manager
  *
- * Centralized dev token management for all VCA/Supabase projects.
+ * Centralized dev token management for all Tetra/Supabase projects.
  * Auto-detects project name, finds Supabase config, manages token lifecycle.
  *
  * Replaces per-project generate-dev-token.js scripts.
@@ -279,7 +279,7 @@ export async function runDevToken({ forceLogin = false, showStatus = false, proj
   if (showStatus) {
     if (!cache) {
       console.log(chalk.red('No cached token.'))
-      console.log(chalk.dim(`Run: vca-dev-token --login`))
+      console.log(chalk.dim(`Run: tetra-dev-token --login`))
       process.exit(1)
     }
     const payload = decodeJWT(cache.access_token)
@@ -337,6 +337,6 @@ export async function runDevToken({ forceLogin = false, showStatus = false, proj
   }
 
   console.log(chalk.red('No valid token.'))
-  console.log(chalk.dim(`Run: vca-dev-token --login`))
+  console.log(chalk.dim(`Run: tetra-dev-token --login`))
   process.exit(1)
 }

package/lib/config.js

@@ -1,9 +1,9 @@
 /**
- * VCA Quality Toolkit - Configuration
+ * Tetra Dev Toolkit - Configuration
  *
  * Default configuration that can be overridden per project via:
- * - .vca-quality.json in project root
- * - vca-quality key in package.json
+ * - .tetra-quality.json in project root (also checks legacy .vca-quality.json)
+ * - tetra-quality key in package.json (also checks legacy vca-quality key)
  */
 
 import { readFileSync, existsSync } from 'fs'
@@ -135,23 +135,26 @@ export const DEFAULT_CONFIG = {
 export function loadConfig(projectRoot = process.cwd()) {
   let projectConfig = {}
 
-  // Check for .vca-quality.json
-  const configFile = join(projectRoot, '.vca-quality.json')
-  if (existsSync(configFile)) {
+  // Check for .tetra-quality.json (with legacy .vca-quality.json fallback)
+  const configFile = join(projectRoot, '.tetra-quality.json')
+  const legacyConfigFile = join(projectRoot, '.vca-quality.json')
+  const activeConfigFile = existsSync(configFile) ? configFile : (existsSync(legacyConfigFile) ? legacyConfigFile : null)
+  if (activeConfigFile) {
     try {
-      projectConfig = JSON.parse(readFileSync(configFile, 'utf-8'))
+      projectConfig = JSON.parse(readFileSync(activeConfigFile, 'utf-8'))
     } catch (e) {
-      console.warn(`Warning: Could not parse ${configFile}`)
+      console.warn(`Warning: Could not parse ${activeConfigFile}`)
     }
   }
 
-  // Check for vca-quality in package.json
+  // Check for tetra-quality in package.json (with legacy vca-quality fallback)
   const packageFile = join(projectRoot, 'package.json')
   if (existsSync(packageFile)) {
     try {
       const pkg = JSON.parse(readFileSync(packageFile, 'utf-8'))
-      if (pkg['vca-quality']) {
-        projectConfig = { ...projectConfig, ...pkg['vca-quality'] }
+      const pkgConfig = pkg['tetra-quality'] || pkg['vca-quality']
+      if (pkgConfig) {
+        projectConfig = { ...projectConfig, ...pkgConfig }
       }
     } catch (e) {
       // Ignore

package/lib/index.js

@@ -1,9 +1,9 @@
 /**
- * VCA Quality Toolkit
+ * Tetra Dev Toolkit
  *
- * Unified quality checks for all VCA projects.
+ * Unified quality checks for all Tetra projects.
  * Consolidates security, stability, and code quality checks
- * from sparkbuddy-live and vca-tools into a single npm package.
+ * into a single npm package.
  */
 
 export { loadConfig, detectSupabase, DEFAULT_CONFIG } from './config.js'

package/lib/reporters/terminal.js

@@ -24,7 +24,7 @@ export function formatResults(results, options = {}) {
   // Header
   lines.push('')
   lines.push(chalk.bold('═══════════════════════════════════════════════════════════════'))
-  lines.push(chalk.bold.cyan('  🔍 VCA Quality Toolkit - Audit Results'))
+  lines.push(chalk.bold.cyan('  🔍 Tetra Dev Toolkit - Audit Results'))
   lines.push(chalk.bold('═══════════════════════════════════════════════════════════════'))
   lines.push('')
 

package/lib/runner.js

@@ -1,5 +1,5 @@
 /**
- * VCA Quality Toolkit - Check Runner
+ * Tetra Dev Toolkit - Check Runner
  *
  * Orchestrates running all checks and collecting results
  */

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@soulbatical/tetra-dev-toolkit",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "publishConfig": {
     "access": "restricted"
   },
-  "description": "Developer toolkit for all VCA projects - audit, dev-token, quality checks",
+  "description": "Developer toolkit for Tetra projects - audit, dev-token, quality checks",
   "author": "Albert Barth <albertbarth@gmail.com>",
   "license": "MIT",
   "repository": {
@@ -25,11 +25,9 @@
   "type": "module",
   "main": "lib/index.js",
   "bin": {
-    "vca-audit": "./bin/vca-audit.js",
-    "vca-security": "./bin/vca-security.js",
-    "vca-stability": "./bin/vca-stability.js",
-    "vca-setup": "./bin/vca-setup.js",
-    "vca-dev-token": "./bin/vca-dev-token.js"
+    "tetra-audit": "./bin/tetra-audit.js",
+    "tetra-setup": "./bin/tetra-setup.js",
+    "tetra-dev-token": "./bin/tetra-dev-token.js"
   },
   "files": [
     "bin/",
@@ -39,8 +37,7 @@
   "scripts": {
     "test": "node --test src/**/*.test.js",
     "lint": "eslint src/ lib/ bin/",
-    "build": "echo 'No build step needed'",
-    "prepublishOnly": "npm test && npm run lint"
+    "build": "echo 'No build step needed'"
   },
   "engines": {
     "node": ">=18.0.0"

package/README.md

@@ -1,312 +0,0 @@
-# @vca/quality-toolkit
-
-Unified quality checks for all VCA projects. Consolidates security, stability, and code quality checks from sparkbuddy-live and vca-tools into a single npm package.
-
-**Status:** Installed in 13 projects | Version 1.0.0
-
-## Installation
-
-```bash
-# Local installation (recommended for VCA projects)
-npm install --save-dev /Users/albertbarth/projecten/vca-quality-toolkit
-
-# Or via file reference in package.json
-"devDependencies": {
-  "@vca/quality-toolkit": "file:../vca-quality-toolkit"
-}
-```
-
-## Quick Start
-
-```bash
-# Run all checks
-npx vca-audit
-
-# Run only security checks
-npx vca-audit security
-
-# Run only stability checks
-npx vca-audit stability
-
-# Quick check (critical issues only - fast, for pre-commit)
-npx vca-audit quick
-
-# Setup Husky hooks and CI
-npx vca-setup
-```
-
-## Example Output
-
-```
-═══════════════════════════════════════════════════════════════
-  🔍 VCA Quality Toolkit - Audit Results
-═══════════════════════════════════════════════════════════════
-
-  Project: /Users/albertbarth/projecten/ralph-manager
-  Time: 2026-02-03T15:04:03.478Z
-
-  ✅ Overall Status: PASSED
-
-  ✅ SECURITY
-  ──────────────────────────────────────────────────
-    ✅ Hardcoded Secrets Detection PASS
-    ✅ Service Role Key Exposure PASS
-    ✅ Deprecated supabaseAdmin Usage PASS
-    ✅ systemDB Context Whitelist PASS
-
-  ✅ STABILITY
-  ──────────────────────────────────────────────────
-    ✅ Pre-commit Hooks (Husky) PASS
-    ✅ CI/CD Pipeline PASS
-    ✅ NPM Vulnerability Audit PASS
-
-═══════════════════════════════════════════════════════════════
-  Checks: 7 passed, 0 failed, 0 skipped
-═══════════════════════════════════════════════════════════════
-```
-
-## What It Checks
-
-### Security (4 checks implemented)
-| Check | Severity | Description |
-|-------|----------|-------------|
-| Hardcoded Secrets | Critical | API keys, tokens, JWTs in source code |
-| Service Key Exposure | Critical | Supabase service role key in frontend |
-| Deprecated supabaseAdmin | High | Direct supabaseAdmin usage (use systemDB/userDB) |
-| systemDB Whitelist | High | Unwhitelisted systemDB contexts |
-
-### Stability (3 checks implemented)
-| Check | Severity | Description |
-|-------|----------|-------------|
-| Husky Hooks | High | Pre-commit hooks configured with useful checks |
-| CI Pipeline | High | GitHub Actions/GitLab CI with lint, test, build |
-| npm audit | High | No critical/high vulnerabilities |
-
-### Health (15 ecosystem checks) — NEW
-
-Project-level health scanner shared by ralph-manager and development-mcp.
-
-| Check | Max Score | Description |
-|-------|-----------|-------------|
-| `plugins` | 2 | Claude Code plugins installed |
-| `mcps` | 1 | MCP servers configured |
-| `git` | 3 | Branch, uncommitted, unpushed |
-| `tests` | 5 | Test pyramid (unit/integration/e2e) |
-| `secrets` | 2 | Exposed secrets in MD files |
-| `quality-toolkit` | 2 | @vca/dev-toolkit installed |
-| `naming-conventions` | 3 | DB + code naming compliance |
-| `rls-audit` | 3 | RLS policies in SQL migrations |
-| `gitignore` | 2 | Critical .gitignore entries |
-| `repo-visibility` | 2 | Public vs private repo |
-| `vincifox-widget` | 2 | VinciFox feedback widget |
-| `stella-integration` | 2 | @ralph/stella integration level |
-| `claude-md` | 3 | CLAUDE.md protocol sections |
-| `doppler-compliance` | 3 | Doppler secret management |
-| `infrastructure-yml` | 3 | .ralph/INFRASTRUCTURE.yml |
-
-**Total: 38 points.** Score thresholds: Healthy >= 70%, Warning 40-70%, Unhealthy < 40%.
-
-```javascript
-import { scanProjectHealth } from '@vca/dev-toolkit'
-
-const report = await scanProjectHealth('/path/to/project', 'my-project')
-console.log(report.healthPercent + '%')  // e.g. "58%"
-console.log(report.status)               // "healthy" | "warning" | "unhealthy"
-```
-
-### Planned Checks
-- [ ] Dead code detection (Knip integration)
-- [ ] Circular dependency detection
-- [ ] TypeScript strict mode
-- [ ] Test coverage thresholds
-
-## Integration with Ralph Manager
-
-The toolkit integrates with ralph-manager's Health dashboard:
-
-- **Health Scanner**: Shared 15-check scanner (ralph-manager imports from this package)
-- **Toolkit Check**: Shows toolkit installation status per project
-- **API Endpoint**: `/api/admin/health/quality-toolkit` returns status for all projects
-
-## Usage in package.json
-
-```json
-{
-  "scripts": {
-    "audit": "vca-audit",
-    "audit:security": "vca-audit security",
-    "audit:quick": "vca-audit quick",
-    "prepare": "husky"
-  }
-}
-```
-
-## Configuration
-
-Create `.vca-quality.json` in your project root:
-
-```json
-{
-  "suites": {
-    "security": true,
-    "stability": true,
-    "codeQuality": true,
-    "supabase": "auto"
-  },
-  "security": {
-    "checkHardcodedSecrets": true,
-    "checkServiceKeyExposure": true
-  },
-  "stability": {
-    "requireHusky": true,
-    "requireCiConfig": true,
-    "allowedVulnerabilities": {
-      "critical": 0,
-      "high": 0,
-      "moderate": 10
-    }
-  },
-  "supabase": {
-    "publicRpcFunctions": ["get_public_stats"],
-    "publicTables": ["lookup_countries"]
-  },
-  "ignore": [
-    "node_modules/**",
-    "dist/**"
-  ]
-}
-```
-
-## CI Integration
-
-### GitHub Actions
-
-```yaml
-name: Quality Checks
-
-on: [push, pull_request]
-
-jobs:
-  quality:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      - run: npm ci
-      - run: npx vca-audit --ci
-```
-
-The `--ci` flag outputs GitHub Actions annotations for inline PR feedback.
-
-### Pre-commit Hook
-
-Run `npx vca-setup hooks` or manually create `.husky/pre-commit`:
-
-```bash
-#!/bin/sh
-npx vca-audit quick
-if [ $? -ne 0 ]; then
-  echo "❌ Security issues found! Fix before committing."
-  exit 1
-fi
-```
-
-## Programmatic Usage
-
-```javascript
-import { runAllChecks, runSecurityChecks } from '@vca/quality-toolkit'
-
-const results = await runAllChecks()
-
-if (!results.passed) {
-  console.log('Quality checks failed!')
-  console.log(`Critical: ${results.summary.findings.critical}`)
-  console.log(`High: ${results.summary.findings.high}`)
-}
-```
-
-## Projects Using This Toolkit
-
-| Project | Status | Version |
-|---------|--------|---------|
-| ralph-manager | ✅ | 1.0.0 |
-| sparkbuddy-live | ✅ | 1.0.0 |
-| snelstart-mcp | ✅ | 1.0.0 |
-| snelstart-portal | ✅ | 1.0.0 |
-| vibecodingacademy | ✅ | 1.0.0 |
-| Plokko | ✅ | 1.0.0 |
-| ad-agent | ✅ | 1.0.0 |
-| ai-finder | ✅ | 1.0.0 |
-| airbnb | ✅ | 1.0.0 |
-| github-ai-research | ✅ | 1.0.0 |
-| groei-boom | ✅ | 1.0.0 |
-| sparkgrowth | ✅ | 1.0.0 |
-| vca-security | ✅ | 1.0.0 |
-
-## Relationship to vca-tools
-
-This package complements [vca-tools](https://github.com/mralbertzwolle/vibe-coding-academy-tools) (Claude Code plugins):
-
-| Tool | Purpose | Usage |
-|------|---------|-------|
-| **vca-tools** | Interactive Claude Code plugins | `/security-audit:run`, `/codebase-stability-audit:run` |
-| **@vca/quality-toolkit** | Automated CI/pre-commit checks | `npx vca-audit`, GitHub Actions |
-
-Both share the same check logic, but:
-- **vca-tools** = human-in-the-loop, detailed reports, fix suggestions
-- **@vca/quality-toolkit** = automated, CI-friendly, pass/fail
-
-## Architecture
-
-```
-@vca/quality-toolkit/
-├── bin/
-│   ├── vca-audit.js        # Main CLI
-│   └── vca-setup.js        # Setup hooks/CI
-├── lib/
-│   ├── index.js            # Main exports
-│   ├── config.js           # Configuration loader
-│   ├── runner.js           # Check orchestrator
-│   ├── checks/
-│   │   ├── health/         # 15 ecosystem health checks (shared with ralph-manager)
-│   │   │   ├── scanner.js  # Orchestrator — scanProjectHealth()
-│   │   │   ├── types.js    # Shared types & helpers
-│   │   │   ├── plugins.js  # Claude Code plugins
-│   │   │   ├── mcps.js     # MCP server config
-│   │   │   ├── git.js      # Git status
-│   │   │   ├── tests.js    # Test pyramid
-│   │   │   ├── secrets.js  # Exposed secrets
-│   │   │   └── ...         # 10 more checks
-│   │   ├── security/       # Security checks
-│   │   ├── stability/      # Stability checks
-│   │   ├── codeQuality/    # Code quality checks
-│   │   └── supabase/       # Supabase checks
-│   └── reporters/
-│       └── terminal.js     # Pretty output + GitHub Actions
-└── package.json
-```
-
-## Consumers
-
-| Package | Import | Usage |
-|---------|--------|-------|
-| **ralph-manager** | `scanProjectHealth` | Dashboard health scanner (background job, every 2 min) |
-| **development-mcp** | `scanProjectHealth` | `health_check` MCP tool (on-demand via Claude Code) |
-| **13 VCA projects** | `vca-audit` CLI | CI/pre-commit quality checks |
-
-## Contributing
-
-1. Add new check in `lib/checks/<category>/<name>.js`
-2. Register in `lib/runner.js`
-3. Update README
-4. Test with `npx vca-audit` in a project
-
-## License
-
-MIT
-
----
-
-Built by [Vibe Coding Academy](https://vibecodingacademy.nl) • [Albert Barth](https://linkedin.com/in/albertbarth/)