qualia-framework 7.0.0 → 7.0.1

package/CHANGELOG.md

@@ -8,6 +8,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 > Note: git tags for historical versions were not retained; commit references are approximate
 > and dates reflect commit history rather than npm publish timestamps.
 
+## [7.0.1] - 2026-06-22 (/qualia-recall is OWNER-only)
+
+### Changed — `/qualia-recall` restricted to OWNER
+- `recall.js` now resolves the install role up front and **refuses any role other
+  than `OWNER`** (exit 3, clear message) — a deterministic gate, not a prose note.
+  Previously the command was available to everyone and only the *vault content*
+  was role-filtered. Employees keep `/qualia-learn` (write side) and the read-only
+  memory MCP for ALL_ROLES wiki content; the curated cross-project recall is the
+  OWNER's surface. Skill description + body mark it OWNER-only; the employee
+  manual drops it from the command reference. `tests/recall.test.sh` now asserts
+  OWNER→allowed, EMPLOYEE/MANAGER/unknown→refused (20 cases). All 24 suites green.
+
 ## [7.0.0] - 2026-06-22 (v7 — the restructure is complete)
 
 The v7 milestone release. The 6.12→6.29 line landed the whole v7 restructure

package/bin/recall.js

@@ -124,6 +124,18 @@ function main() {
     usage();
     process.exit(0);
   }
+
+  // OWNER-only command. The curated cross-project memory recall is the OWNER's
+  // surface; employees still have the read-only memory MCP for ALL_ROLES wiki
+  // content. Deterministic gate — not just a prose note. Exit 3 = forbidden.
+  const role = resolveRole(qualiaHome());
+  if (role !== "OWNER") {
+    process.stderr.write(
+      "/qualia-recall is OWNER-only. Ask Fawzi if you need a cross-project lookup.\n"
+    );
+    process.exit(3);
+  }
+
   const query = opts.terms.join(" ").trim();
   if (!query) {
     usage();
@@ -134,7 +146,6 @@ function main() {
     process.exit(2);
   }
 
-  const role = resolveRole(qualiaHome());
   const knowledge = opts.scope === "vault" ? [] : searchKnowledge(query, opts.max);
   const vault = opts.scope === "knowledge" ? [] : searchVault(query, opts.max, role);
   const total = knowledge.length + vault.length;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qualia-framework",
-  "version": "7.0.0",
+  "version": "7.0.1",
   "description": "Claude Code and Codex workflow framework by Qualia Solutions. Plan, build, verify, ship.",
   "bin": {
     "qualia-framework": "./bin/cli.js"

package/skills/qualia-recall/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: qualia-recall
-description: "Recall curated prior lessons from the Qualia memory substrate — the knowledge layer + the qualia-memory vault, role-filtered. The read side of /qualia-learn. Triggers: 'recall', 'have we done this before', 'what did we learn about X', 'prior art', 'any notes on', 'check the vault'."
+description: "OWNER-ONLY. Recall curated prior lessons from the Qualia memory substrate — the knowledge layer + the qualia-memory vault. The read side of /qualia-learn. Only the OWNER (Fawzi) can run it; recall.js refuses any other role. Triggers (OWNER only): 'recall', 'have we done this before', 'what did we learn about X', 'prior art', 'any notes on', 'check the vault'."
 allowed-tools:
   - Read
   - Grep
@@ -9,6 +9,11 @@ allowed-tools:
 
 # /qualia-recall — Recall Knowledge
 
+> **OWNER-only.** `recall.js` resolves the install role and **refuses any role
+> other than `OWNER`** (exit 3). This is a deterministic gate, not a convention —
+> do not run it for an employee. Employees still have the read-only memory MCP for
+> ALL_ROLES wiki content; the curated cross-project recall is the OWNER's surface.
+
 The **read side** of memory. `/qualia-learn` writes; `/qualia-recall` reads. One
 query, both stores:
 

package/tests/recall.test.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# recall.test.sh — bin/recall.js (read-side memory recall, role-filtered vault)
+# recall.test.sh — bin/recall.js (read-side memory recall — OWNER-only command)
 # Run: bash tests/recall.test.sh
 
 PASS=0
@@ -44,7 +44,8 @@ cat > "$VAULT/wiki/_meta/access.md" <<'EOF'
 EOF
 
 export QUALIA_MEMORY_ROOT="$VAULT"
-RUN() { QUALIA_HOME="$HOME_DIR" "$@"; }
+# recall is OWNER-only — every functional test runs as OWNER to reach the logic.
+RUN() { QUALIA_HOME="$HOME_DIR" QUALIA_ROLE=OWNER "$@"; }
 
 # ── Invocation guards ──
 RUN $NODE "$RECALL" >/dev/null 2>&1; assert_exit "no query → exit 2" 2 $?
@@ -55,15 +56,15 @@ OUT=$(QUALIA_ROLE=OWNER RUN $NODE "$RECALL" zebrafish 2>&1); assert_exit "valid
 assert_contains "knowledge-layer hit"    "$OUT" "learned-patterns.md"
 assert_contains "vault ALL_ROLES hit"    "$OUT" "concepts/notes.md"
 
-# ── Role enforcement (the security boundary) ──
-OWNER_OUT=$(QUALIA_ROLE=OWNER RUN $NODE "$RECALL" zebrafish --scope vault 2>&1)
-assert_contains "OWNER sees OWNER_ONLY path"  "$OWNER_OUT" "_meta/access.md"
-EMP_OUT=$(QUALIA_ROLE=EMPLOYEE RUN $NODE "$RECALL" zebrafish --scope vault 2>&1)
-assert_contains "EMPLOYEE still sees ALL_ROLES" "$EMP_OUT" "concepts/notes.md"
-assert_absent   "EMPLOYEE blocked from OWNER_ONLY" "$EMP_OUT" "_meta/access.md"
-# fail-closed: no role config + no QUALIA_ROLE → RESTRICTED
-NOROLE_OUT=$(QUALIA_HOME="$VAULT" env -u QUALIA_ROLE $NODE "$RECALL" zebrafish --scope vault 2>&1)
-assert_absent   "RESTRICTED (fail-closed) blocked from OWNER_ONLY" "$NOROLE_OUT" "_meta/access.md"
+# ── OWNER-only gate (the command itself is restricted, not just vault content) ──
+OWNER_OUT=$(QUALIA_HOME="$HOME_DIR" QUALIA_ROLE=OWNER $NODE "$RECALL" zebrafish --scope vault 2>&1); assert_exit "OWNER → allowed (exit 0)" 0 $?
+assert_contains "OWNER sees vault content" "$OWNER_OUT" "concepts/notes.md"
+QUALIA_HOME="$HOME_DIR" QUALIA_ROLE=EMPLOYEE $NODE "$RECALL" zebrafish >/dev/null 2>&1; assert_exit "EMPLOYEE → refused (exit 3)" 3 $?
+EMP_MSG=$(QUALIA_HOME="$HOME_DIR" QUALIA_ROLE=EMPLOYEE $NODE "$RECALL" zebrafish 2>&1)
+assert_contains "EMPLOYEE refusal names OWNER-only" "$EMP_MSG" "OWNER-only"
+QUALIA_HOME="$HOME_DIR" QUALIA_ROLE=MANAGER $NODE "$RECALL" zebrafish >/dev/null 2>&1; assert_exit "MANAGER → refused (exit 3)" 3 $?
+# unknown role (no QUALIA_ROLE, no config) → fail-closed → refused
+env -u QUALIA_ROLE QUALIA_HOME="$HOME_DIR" $NODE "$RECALL" zebrafish >/dev/null 2>&1; assert_exit "unknown role (fail-closed) → refused (exit 3)" 3 $?
 
 # ── JSON shape ──
 JSON=$(QUALIA_ROLE=OWNER RUN $NODE "$RECALL" zebrafish --json 2>&1)