qualia-framework 3.1.0 → 3.2.0

package/tests/hooks.test.sh

@@ -34,29 +34,6 @@ for f in "$HOOKS_DIR"/*.js; do
   fi
 done
 
-# --- block-env-edit.js ---
-echo ""
-echo "block-env-edit:"
-
-echo '{"tool_input":{"file_path":".env.local"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "blocks .env.local" 2 $?
-
-echo '{"tool_input":{"file_path":".env.production"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "blocks .env.production" 2 $?
-
-echo '{"tool_input":{"file_path":".env"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "blocks .env" 2 $?
-
-# Windows-style path with backslashes (normalized by the hook)
-echo '{"tool_input":{"file_path":"C:\\project\\.env.local"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "blocks windows .env.local" 2 $?
-
-echo '{"tool_input":{"file_path":"src/app.tsx"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "allows src/app.tsx" 0 $?
-
-echo '{"tool_input":{"file_path":"components/Footer.tsx"}}' | $NODE "$HOOKS_DIR/block-env-edit.js" > /dev/null 2>&1
-assert_exit "allows components/Footer.tsx" 0 $?
-
 # --- migration-guard.js ---
 echo ""
 echo "migration-guard:"
@@ -107,11 +84,11 @@ TMP=$(setup_guard_repo main OWNER)
 assert_exit "OWNER on main → allowed" 0 $?
 rm -rf "$TMP"
 
-# EMPLOYEE on main → blocked (exit 2)
+# EMPLOYEE on main → blocked (exit 1)
 TMP=$(setup_guard_repo main EMPLOYEE)
 OUT=$(cd "$TMP/proj" && HOME="$TMP" $NODE "$HOOKS_DIR/branch-guard.js" 2>&1)
 RC=$?
-if [ "$RC" -eq 2 ] && echo "$OUT" | grep -q "BLOCKED" && echo "$OUT" | grep -q "main"; then
+if [ "$RC" -eq 1 ] && echo "$OUT" | grep -q "BLOCKED" && echo "$OUT" | grep -q "main"; then
   echo "  ✓ EMPLOYEE on main → blocked (BLOCKED in stdout)"
   PASS=$((PASS + 1))
 else
@@ -123,7 +100,7 @@ rm -rf "$TMP"
 # EMPLOYEE on master → blocked
 TMP=$(setup_guard_repo master EMPLOYEE)
 (cd "$TMP/proj" && HOME="$TMP" $NODE "$HOOKS_DIR/branch-guard.js" >/dev/null 2>&1)
-assert_exit "EMPLOYEE on master → blocked" 2 $?
+assert_exit "EMPLOYEE on master → blocked" 1 $?
 rm -rf "$TMP"
 
 # EMPLOYEE on feature branch → allowed
@@ -138,13 +115,13 @@ TMP=$(setup_guard_repo feature/xyz OWNER)
 assert_exit "OWNER on feature/xyz → allowed" 0 $?
 rm -rf "$TMP"
 
-# Missing config → fails closed (block, exit 2)
+# Missing config → fails closed (block, exit 1)
 TMP=$(mktemp -d)
 mkdir -p "$TMP/proj"
 (cd "$TMP/proj" && git init -q && git checkout -b feature/x -q 2>/dev/null)
 # NO .claude/.qualia-config.json
 (cd "$TMP/proj" && HOME="$TMP" $NODE "$HOOKS_DIR/branch-guard.js" >/dev/null 2>&1)
-assert_exit "missing config → blocked (fails closed)" 2 $?
+assert_exit "missing config → blocked (fails closed)" 1 $?
 rm -rf "$TMP"
 
 # Malformed config JSON → fails closed
@@ -153,7 +130,7 @@ mkdir -p "$TMP/proj" "$TMP/.claude"
 (cd "$TMP/proj" && git init -q && git checkout -b feature/x -q 2>/dev/null)
 echo 'not json{' > "$TMP/.claude/.qualia-config.json"
 (cd "$TMP/proj" && HOME="$TMP" $NODE "$HOOKS_DIR/branch-guard.js" >/dev/null 2>&1)
-assert_exit "malformed config JSON → blocked" 2 $?
+assert_exit "malformed config JSON → blocked" 1 $?
 rm -rf "$TMP"
 
 # Empty role field → fails closed
@@ -162,7 +139,7 @@ mkdir -p "$TMP/proj" "$TMP/.claude"
 (cd "$TMP/proj" && git init -q && git checkout -b feature/x -q 2>/dev/null)
 echo '{"role":""}' > "$TMP/.claude/.qualia-config.json"
 (cd "$TMP/proj" && HOME="$TMP" $NODE "$HOOKS_DIR/branch-guard.js" >/dev/null 2>&1)
-assert_exit "empty role field → blocked" 2 $?
+assert_exit "empty role field → blocked" 1 $?
 rm -rf "$TMP"
 
 # --- pre-push.js ---
@@ -286,52 +263,6 @@ else
 fi
 rm -rf "$TMP"
 
-# --- pre-deploy-gate: Server Component / route handler exemptions ---
-
-# route.ts with service_role → exempt (always server-side)
-TMP=$(mktemp -d)
-mkdir -p "$TMP/app/api/auth"
-echo 'const key = process.env.SUPABASE_SERVICE_ROLE_KEY; export async function POST() {}' > "$TMP/app/api/auth/route.ts"
-OUT=$( (cd "$TMP" && $NODE "$HOOKS_DIR/pre-deploy-gate.js") 2>&1 )
-RC=$?
-assert_exit "route.ts with service_role → exempt (exit 0)" 0 $RC
-rm -rf "$TMP"
-
-# middleware.ts with service_role → exempt (always server-side)
-TMP=$(mktemp -d)
-echo 'import { service_role } from "./config"; export function middleware() {}' > "$TMP/middleware.ts"
-OUT=$( (cd "$TMP" && $NODE "$HOOKS_DIR/pre-deploy-gate.js") 2>&1 )
-RC=$?
-assert_exit "middleware.ts with service_role → exempt (exit 0)" 0 $RC
-rm -rf "$TMP"
-
-# File in app/api/ with service_role → exempt
-TMP=$(mktemp -d)
-mkdir -p "$TMP/app/api/webhook"
-echo 'const sr = "service_role"; export async function GET() { return new Response(sr); }' > "$TMP/app/api/webhook/route.js"
-OUT=$( (cd "$TMP" && $NODE "$HOOKS_DIR/pre-deploy-gate.js") 2>&1 )
-RC=$?
-assert_exit "app/api/ file with service_role → exempt (exit 0)" 0 $RC
-rm -rf "$TMP"
-
-# File with "use server" directive + service_role → exempt
-TMP=$(mktemp -d)
-mkdir -p "$TMP/app/admin"
-printf '"use server"\nconst key = process.env.SUPABASE_SERVICE_ROLE_KEY;\nexport async function deleteUser() {}\n' > "$TMP/app/admin/actions.ts"
-OUT=$( (cd "$TMP" && $NODE "$HOOKS_DIR/pre-deploy-gate.js") 2>&1 )
-RC=$?
-assert_exit "\"use server\" file with service_role → exempt (exit 0)" 0 $RC
-rm -rf "$TMP"
-
-# Regular app/page.tsx WITHOUT directive + service_role → still blocks
-TMP=$(mktemp -d)
-mkdir -p "$TMP/app/admin"
-echo 'const key = "service_role"; export default function Page() { return <div>{key}</div>; }' > "$TMP/app/admin/page.tsx"
-OUT=$( (cd "$TMP" && $NODE "$HOOKS_DIR/pre-deploy-gate.js") 2>&1 )
-RC=$?
-assert_exit "regular page.tsx with service_role → blocked (exit 1)" 1 $RC
-rm -rf "$TMP"
-
 # --- session-start.js — must exit 0 always ---
 echo ""
 echo "session-start:"

package/tests/state.test.sh

@@ -45,34 +45,6 @@ fail_case() {
   FAIL=$((FAIL + 1))
 }
 
-# Write a minimal valid plan file (passes content validation).
-# Usage: make_valid_plan "$TMP" 1
-make_valid_plan() {
-  local dir="$1"
-  local phase="${2:-1}"
-  cat > "$dir/.planning/phase-${phase}-plan.md" <<'PLAN'
----
-phase: 1
-goal: "Test goal"
-tasks: 1
-waves: 1
----
-
-# Phase 1: Test
-
-Goal: Test goal
-
-## Task 1 — Test task
-**Wave:** 1
-**Files:** src/test.ts
-**Action:** Create test file
-**Done when:** File exists
-
-## Success Criteria
-- [ ] Test passes
-PLAN
-}
-
 echo "=== state.js Behavioral Tests ==="
 echo ""
 
@@ -154,7 +126,7 @@ echo "happy path transitions:"
 
 # 4. setup → planned (with plan file)
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned 2>&1)
 EXIT=$?
 if [ "$EXIT" -eq 0 ] \
@@ -194,7 +166,7 @@ fi
 
 # 7. built → verified(fail) stays on phase 1, records verification=fail
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 3 --tasks-total 5 >/dev/null 2>&1)
 touch "$TMP/.planning/phase-1-verification.md"
@@ -229,7 +201,7 @@ fi
 
 # 9. planned → verified fails (requires status=built)
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 touch "$TMP/.planning/phase-1-verification.md"
 OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to verified --verification pass 2>&1)
@@ -257,7 +229,7 @@ fi
 
 # 11. built → verified with missing verification file → MISSING_FILE
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
 # NO verification file
@@ -273,7 +245,7 @@ fi
 
 # 12. built → verified without --verification → MISSING_ARG
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
 touch "$TMP/.planning/phase-1-verification.md"
@@ -290,13 +262,13 @@ fi
 # 13. → shipped without --deployed-url → MISSING_ARG
 # Must go through polished first, so fabricate state by transitioning through the full path.
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
 touch "$TMP/.planning/phase-1-verification.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to verified --verification pass >/dev/null 2>&1)
 # Now on phase 2, status=setup. Run phase 2 to completion.
-make_valid_plan "$TMP" 2
+touch "$TMP/.planning/phase-2-plan.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
 touch "$TMP/.planning/phase-2-verification.md"
@@ -331,7 +303,7 @@ echo "gap cycle circuit breaker:"
 
 # 15. First gap closure: verified(fail) → planned, gap_cycles[1]=1
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 touch "$TMP/.planning/phase-1-verification.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
@@ -374,7 +346,7 @@ fi
 # 18. verified(pass) resets gap_cycles[1] to 0
 # Set up a fresh project, do ONE failed cycle, then pass on the next attempt.
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 touch "$TMP/.planning/phase-1-verification.md"
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
 (cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
@@ -493,7 +465,7 @@ fi
 
 # 26. Transition refuses on severity=error (missing Phase: header)
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 sed -i.bak '/^Phase:/d' "$TMP/.planning/STATE.md"
 OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned 2>&1)
 EXIT=$?
@@ -541,7 +513,7 @@ fi
 
 # 29. After fix, transition that was previously blocked now works
 TMP=$(make_project)
-make_valid_plan "$TMP" 1
+touch "$TMP/.planning/phase-1-plan.md"
 sed -i.bak '/^Phase:/d' "$TMP/.planning/STATE.md"
 # Blocked before fix
 (cd "$TMP" && $NODE "$STATE_JS" transition --to planned 2>&1 | grep -q STATE_SCHEMA_ERROR) || \
@@ -557,156 +529,6 @@ else
   fail_case "after fix transition" "exit=$EXIT out=$OUT"
 fi
 
-# ─── Configurable gap cycle limit ────────────────────────
-echo ""
-echo "configurable gap cycle limit:"
-
-# 30. gap_cycle_limit=5 allows 3rd gap closure (would fail at default 2)
-TMP=$(make_project)
-make_valid_plan "$TMP" 1
-touch "$TMP/.planning/phase-1-verification.md"
-# Set custom limit in tracking.json
-TRACKING=$(cat "$TMP/.planning/tracking.json")
-echo "$TRACKING" | $NODE -e "
-  const t = JSON.parse(require('fs').readFileSync(0,'utf8'));
-  t.gap_cycle_limit = 5;
-  process.stdout.write(JSON.stringify(t, null, 2));
-" > "$TMP/.planning/tracking.json"
-# Do 3 gap closure cycles
-(cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
-(cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
-(cd "$TMP" && $NODE "$STATE_JS" transition --to verified --verification fail >/dev/null 2>&1)
-(cd "$TMP" && $NODE "$STATE_JS" transition --to planned >/dev/null 2>&1)
-(cd "$TMP" && $NODE "$STATE_JS" transition --to built --tasks-done 1 --tasks-total 1 >/dev/null 2>&1)
-(cd "$TMP" && $NODE "$STATE_JS" transition --to verified --verification fail >/dev/null 2>&1)
-# 3rd closure should succeed (limit is 5, we're at 2)
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 0 ] \
-   && echo "$OUT" | grep -q '"ok": true'; then
-  pass "gap_cycle_limit=5 allows 3rd closure (default would block)"
-else
-  fail_case "custom gap limit" "exit=$EXIT out=$OUT"
-fi
-
-# 31. cmdCheck includes gap_cycle_limit in output
-TMP=$(make_project)
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" check 2>&1)
-if echo "$OUT" | grep -q '"gap_cycle_limit":'; then
-  pass "cmdCheck includes gap_cycle_limit in output"
-else
-  fail_case "gap_cycle_limit in check" "out=$OUT"
-fi
-
-# ─── Plan content validation ────────────────────────────
-echo ""
-echo "plan content validation:"
-
-# 32. validate-plan accepts well-formed plan
-TMP=$(make_project)
-make_valid_plan "$TMP" 1
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" validate-plan --phase 1 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 0 ] \
-   && echo "$OUT" | grep -q '"action": "validate-plan"' \
-   && echo "$OUT" | grep -q '"task_count": 1'; then
-  pass "validate-plan accepts well-formed plan"
-else
-  fail_case "validate well-formed plan" "exit=$EXIT out=$OUT"
-fi
-
-# 33. validate-plan rejects empty plan
-TMP=$(make_project)
-echo "" > "$TMP/.planning/phase-1-plan.md"
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" validate-plan --phase 1 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 1 ] \
-   && echo "$OUT" | grep -q '"error": "PLAN_VALIDATION_FAILED"'; then
-  pass "validate-plan rejects empty plan"
-else
-  fail_case "validate empty plan" "exit=$EXIT out=$OUT"
-fi
-
-# 34. validate-plan rejects plan missing Done when
-TMP=$(make_project)
-cat > "$TMP/.planning/phase-1-plan.md" <<'EOF'
----
-phase: 1
-goal: "Test"
-tasks: 1
-waves: 1
----
-## Task 1 — Incomplete
-**Wave:** 1
-**Files:** test.ts
-**Action:** Do something
-
-## Success Criteria
-- [ ] Works
-EOF
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" validate-plan --phase 1 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 1 ] \
-   && echo "$OUT" | grep -q "PLAN_VALIDATION_FAILED" \
-   && echo "$OUT" | grep -q "Done when"; then
-  pass "validate-plan rejects plan missing 'Done when'"
-else
-  fail_case "validate missing done-when" "exit=$EXIT out=$OUT"
-fi
-
-# 35. Transition to planned with invalid plan content → INVALID_PLAN
-TMP=$(make_project)
-echo "# Empty plan with no tasks" > "$TMP/.planning/phase-1-plan.md"
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 1 ] \
-   && echo "$OUT" | grep -q '"error": "INVALID_PLAN"'; then
-  pass "transition → planned with invalid plan → INVALID_PLAN"
-else
-  fail_case "transition invalid plan" "exit=$EXIT out=$OUT"
-fi
-
-# ─── Force flag ──────────────────────────────────────────
-echo ""
-echo "force flag:"
-
-# 36. --force bypasses precondition failure
-TMP=$(make_project)
-# setup → built should fail (requires planned first)
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to built --force 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 0 ] \
-   && echo "$OUT" | grep -q '"ok": true' \
-   && echo "$OUT" | grep -q '"status": "built"'; then
-  pass "--force bypasses precondition (setup → built)"
-else
-  fail_case "force flag" "exit=$EXIT out=$OUT"
-fi
-
-# 37. --force does NOT bypass MISSING_FILE (planned without plan file)
-TMP=$(make_project)
-# No plan file exists — force should NOT help
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned --force 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 1 ] \
-   && echo "$OUT" | grep -q '"error": "MISSING_FILE"'; then
-  pass "--force does NOT bypass MISSING_FILE"
-else
-  fail_case "force vs MISSING_FILE" "exit=$EXIT out=$OUT"
-fi
-
-# 38. --force does NOT bypass INVALID_PLAN
-TMP=$(make_project)
-echo "# No tasks here" > "$TMP/.planning/phase-1-plan.md"
-OUT=$(cd "$TMP" && $NODE "$STATE_JS" transition --to planned --force 2>&1)
-EXIT=$?
-if [ "$EXIT" -eq 1 ] \
-   && echo "$OUT" | grep -q '"error": "INVALID_PLAN"'; then
-  pass "--force does NOT bypass INVALID_PLAN"
-else
-  fail_case "force vs INVALID_PLAN" "exit=$EXIT out=$OUT"
-fi
-
 # ─── Summary ─────────────────────────────────────────────
 echo ""
 echo "=== Results: $PASS passed, $FAIL failed ==="

package/docs/erp-contract.md

@@ -1,161 +0,0 @@
-# ERP API Contract
-
-The Qualia Framework optionally uploads session reports to the company ERP at `https://portal.qualiasolutions.net`. This document specifies the API shape.
-
-## Configuration
-
-Stored in `~/.claude/.qualia-config.json`:
-
-```json
-{
-  "erp": {
-    "enabled": true,
-    "url": "https://portal.qualiasolutions.net",
-    "api_key_file": ".erp-api-key"
-  }
-}
-```
-
-The API key is read from `~/.claude/.erp-api-key` (file mode 0600).
-
-## Endpoints
-
-### POST /api/v1/reports
-
-Upload a session report.
-
-**Headers:**
-```
-Authorization: Bearer <api-key>
-Content-Type: application/json
-```
-
-**Request Body:**
-```json
-{
-  "project": "client-project-name",
-  "client": "Client Name",
-  "phase": 2,
-  "phase_name": "Authentication & Dashboard",
-  "total_phases": 4,
-  "status": "built",
-  "tasks_done": 5,
-  "tasks_total": 5,
-  "verification": "pass",
-  "gap_cycles": 0,
-  "deployed_url": "https://client.vercel.app",
-  "session_duration_minutes": 45,
-  "commits": ["abc1234", "def5678"],
-  "notes": "Completed auth flow, dashboard layout, and API routes.",
-  "submitted_by": "Fawzi Goussous",
-  "submitted_at": "2026-04-12T14:30:00Z"
-}
-```
-
-**Response (200 OK):**
-```json
-{
-  "ok": true,
-  "report_id": "rpt_abc123def456",
-  "message": "Report received"
-}
-```
-
-**Response (401 Unauthorized):**
-```json
-{
-  "ok": false,
-  "error": "INVALID_API_KEY",
-  "message": "API key is invalid or expired"
-}
-```
-
-**Response (422 Unprocessable Entity):**
-```json
-{
-  "ok": false,
-  "error": "VALIDATION_FAILED",
-  "message": "Missing required field: project"
-}
-```
-
-### GET /api/v1/reports/:project
-
-Retrieve reports for a project.
-
-**Headers:**
-```
-Authorization: Bearer <api-key>
-```
-
-**Response (200 OK):**
-```json
-{
-  "ok": true,
-  "reports": [
-    {
-      "report_id": "rpt_abc123def456",
-      "phase": 2,
-      "status": "built",
-      "submitted_at": "2026-04-12T14:30:00Z",
-      "submitted_by": "Fawzi Goussous"
-    }
-  ]
-}
-```
-
-### GET /api/v1/tracking/:project
-
-Retrieve current tracking state (same shape as tracking.json).
-
-**Headers:**
-```
-Authorization: Bearer <api-key>
-```
-
-**Response (200 OK):**
-```json
-{
-  "ok": true,
-  "tracking": {
-    "project": "client-project-name",
-    "phase": 2,
-    "total_phases": 4,
-    "status": "built",
-    "last_updated": "2026-04-12T14:30:00Z"
-  }
-}
-```
-
-## Behavior
-
-- When `erp.enabled` is `false`, `/qualia-report` skips the upload silently.
-- When the API key file is missing or empty, the upload is skipped with a warning.
-- Network failures are non-blocking — the report is saved locally regardless.
-- The ERP reads `tracking.json` directly from git for real-time status (no API call needed for passive monitoring).
-- Reports are append-only — no update or delete endpoints exist.
-
-## Required Fields
-
-| Field | Type | Required | Description |
-|-------|------|----------|-------------|
-| project | string | yes | Project slug from tracking.json |
-| phase | number | yes | Current phase number |
-| status | string | yes | Current status (setup, planned, built, verified, etc.) |
-| submitted_by | string | yes | Team member name |
-| submitted_at | string | yes | ISO 8601 timestamp |
-
-All other fields are optional but recommended for complete reporting.
-
-## Rate Limits
-
-- 60 requests per minute per API key
-- Report body max size: 64KB
-- No batch endpoint — one report per request
-
-## Security
-
-- API keys are per-user, not per-project
-- Keys expire after 90 days (re-issue via Fawzi)
-- All traffic is HTTPS-only
-- No PII beyond team member names is transmitted

package/hooks/block-env-edit.js

@@ -1,52 +0,0 @@
-#!/usr/bin/env node
-// ~/.claude/hooks/block-env-edit.js — prevent editing .env files.
-// PreToolUse hook on Edit/Write tool calls. Reads tool input as JSON on stdin.
-// Exits 2 to BLOCK the tool call. Exits 0 to allow it.
-// Cross-platform (Windows/macOS/Linux).
-
-const fs = require("fs");
-
-const _traceStart = Date.now();
-
-function readInput() {
-  try {
-    const raw = fs.readFileSync(0, "utf8");
-    return JSON.parse(raw);
-  } catch {
-    return {};
-  }
-}
-
-const input = readInput();
-const file = (input.tool_input && (input.tool_input.file_path || input.tool_input.command)) || "";
-
-// Match .env, .env.local, .env.production, .env.*, etc.
-// Normalize separators so Windows paths (C:\project\.env.local) also match.
-const normalized = String(file).replace(/\\/g, "/");
-
-function _trace(hookName, result, extra) {
-  try {
-    const os = require("os");
-    const path = require("path");
-    const traceDir = path.join(os.homedir(), ".claude", ".qualia-traces");
-    if (!fs.existsSync(traceDir)) fs.mkdirSync(traceDir, { recursive: true });
-    const entry = {
-      hook: hookName,
-      result,
-      timestamp: new Date().toISOString(),
-      duration_ms: Date.now() - _traceStart,
-      ...extra,
-    };
-    const file = path.join(traceDir, `${new Date().toISOString().split("T")[0]}.jsonl`);
-    fs.appendFileSync(file, JSON.stringify(entry) + "\n");
-  } catch {}
-}
-
-if (/\.env(\.|$)/.test(normalized)) {
-  console.log("BLOCKED: Cannot edit environment files. Ask Fawzi to update secrets.");
-  _trace("block-env-edit", "block", { file: normalized });
-  process.exit(2);
-}
-
-_trace("block-env-edit", "allow");
-process.exit(0);