npm - qualia-framework - Versions diffs - 7.1.0 → 7.2.1 - Mend

qualia-framework 7.1.0 → 7.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/CHANGELOG.md +54 -0
package/FLAGS.md +10 -0
package/README.md +8 -8
package/bin/cli.js +48 -0
package/bin/host-adapters.js +5 -1
package/bin/install.js +125 -1
package/bin/knowledge-flush.js +123 -2
package/bin/qualia-doctor.js +249 -0
package/bin/qualia-ui.js +186 -1
package/bin/runtime-manifest.js +1 -0
package/bin/statusline.js +7 -1
package/guide.md +6 -1
package/hooks/session-start.js +1 -0
package/package.json +1 -1
package/rules/infrastructure.md +4 -2
package/skills/qualia-doctor/SKILL.md +25 -1
package/skills/qualia-polish/SKILL.md +1 -1
package/skills/qualia-report/SKILL.md +11 -0
package/skills/qualia-scope/SKILL.md +2 -2
package/skills/qualia-secure/SKILL.md +1 -1
package/skills/qualia-ship/SKILL.md +15 -0
package/skills/zoho-workflow/SKILL.md +8 -0
package/tests/fixtures/r6-golden-fail-panel.json +23 -0
package/tests/journey-spine.test.sh +171 -0
package/tests/lib.test.sh +2 -2
package/tests/memory-loop.test.sh +136 -0
package/tests/r6-golden.test.sh +66 -0
package/tests/refs.test.sh +33 -0
package/tests/run-all.sh +3 -0

package/skills/qualia-ship/SKILL.md CHANGED Viewed

@@ -222,6 +222,21 @@ fi
 ```
 Do NOT manually edit STATE.md or tracking.json — state.js handles both.
+```bash
+# Per-phase celebration card. Reads the freshly-updated state so the phase
+# number, name, and milestone progress bar are accurate. Streak = phases this
+# employee shipped today (from the trace log); omitted if unavailable. Every
+# metric self-omits when missing, so this never fabricates.
+PHASE_NUM=$(node ${QUALIA_BIN}/state.js check 2>/dev/null | node -pe 'try{JSON.parse(require("fs").readFileSync(0)).phase||""}catch{""}')
+PHASE_NAME=$(node ${QUALIA_BIN}/state.js check 2>/dev/null | node -pe 'try{JSON.parse(require("fs").readFileSync(0)).phase_name||""}catch{""}')
+TOTAL_PHASES=$(node ${QUALIA_BIN}/state.js check 2>/dev/null | node -pe 'try{JSON.parse(require("fs").readFileSync(0)).total_phases||""}catch{""}')
+node ${QUALIA_BIN}/qualia-ui.js phase-complete "${PHASE_NUM:-?}" "$PHASE_NAME" \
+  ${TASKS_DONE:+tasks=$TASKS_DONE} \
+  ${PHASE_NUM:+mdone=$PHASE_NUM} ${TOTAL_PHASES:+mtotal=$TOTAL_PHASES} \
+  ${STREAK:+streak=$STREAK} \
+  next=/qualia-handoff
+```
 ```bash
 node ${QUALIA_BIN}/qualia-ui.js end "SHIPPED" "/qualia-handoff"
 ```

package/skills/zoho-workflow/SKILL.md CHANGED Viewed

@@ -2,6 +2,14 @@
 name: zoho-workflow
 description: "Zoho Invoice + Mail ops via ERP-first routing. Invoices from templates, cover emails, contacts, inbox, payment reminders. Triggers: 'invoice this client', 'send an email', 'check inbox', 'create a Zoho contact', 'payment reminder'."
 tags: [zoho, invoice, email, billing, crm]
+# Money-moving + client-comms skill — least-privilege scope. ERP-first routing
+# (mcp__qualia-erp__*) is preferred; raw Zoho Books/Mail are the fallback surface.
+allowed-tools:
+  - Bash
+  - Read
+  - mcp__qualia-erp__*
+  - mcp__claude_ai_Zoho_Books__*
+  - mcp__claude_ai_Mail__*
 ---
 # Zoho Workflow

package/tests/fixtures/r6-golden-fail-panel.json ADDED Viewed

@@ -0,0 +1,23 @@
+{
+  "_comment": "R6 golden verifier fixture — a SEEDED STUB the verifier MUST score FAIL. This proves the deterministic verifier (bin/verify-panel.js) cannot default-pass. The fixture contains (a) a surviving CRITICAL finding voted real by majority, and (b) an unvoted HIGH (INSUFFICIENT-EVIDENCE-style: unverified != disproven). Both survive the skeptic round, so the verdict MUST be FAIL (exit 1). If verify-panel ever regresses to a default-3/PASS, r6-golden.test.sh turns red.",
+  "phase": 99,
+  "lenses": ["security", "correctness"],
+  "findings": [
+    {
+      "lens": "security",
+      "file": "lib/supabase/client.ts",
+      "line": 12,
+      "severity": "CRITICAL",
+      "title": "service_role key imported into a client component (auth bypass)",
+      "votes": { "real": 3, "notReal": 0 }
+    },
+    {
+      "lens": "correctness",
+      "file": "app/api/checkout/route.ts",
+      "line": 47,
+      "severity": "HIGH",
+      "title": "INSUFFICIENT EVIDENCE — payment idempotency unverified, no test backs the happy path",
+      "votes": { "real": 0, "notReal": 0 }
+    }
+  ]
+}

package/tests/journey-spine.test.sh ADDED Viewed

@@ -0,0 +1,171 @@
+#!/bin/bash
+# journey-spine.test.sh — lifecycle cosmetic layer (bin/qualia-ui.js spine/onboard/
+# phase-complete/clockout + barTicks + statusline progress bar).
+# Run: bash tests/journey-spine.test.sh
+PASS=0
+FAIL=0
+BIN_DIR="$(cd "$(dirname "$0")/../bin" && pwd)"
+NODE="${NODE:-node}"
+UI="$BIN_DIR/qualia-ui.js"
+STATE="$BIN_DIR/state.js"
+STATUSLINE="$BIN_DIR/statusline.js"
+# strip ANSI for column-accurate assertions
+strip() { sed 's/\x1b\[[0-9;]*m//g'; }
+assert_contains()     { if echo "$2" | strip | grep -qF -- "$3"; then echo "  ✓ $1"; PASS=$((PASS+1)); else echo "  ✗ $1 (missing '$3')"; FAIL=$((FAIL+1)); fi; }
+assert_not_contains() { if echo "$2" | strip | grep -qF -- "$3"; then echo "  ✗ $1 (should not contain '$3')"; FAIL=$((FAIL+1)); else echo "  ✓ $1"; PASS=$((PASS+1)); fi; }
+echo "journey-spine.test.sh — lifecycle cosmetic layer"
+echo ""
+$NODE -c "$UI" 2>/dev/null && { echo "  ✓ qualia-ui syntax valid"; PASS=$((PASS+1)); } || { echo "  ✗ qualia-ui syntax invalid"; FAIL=$((FAIL+1)); }
+# ── barTicks: scaling + clamping ──
+TICKS=$($NODE -e 'const u=require(process.argv[1]); console.log(["a"+u.barTicks(4,5),"b"+u.barTicks(0,5),"c"+u.barTicks(5,5),"d"+u.barTicks(9,5),"e"+u.barTicks(2,0)].join("\n"))' "$UI" | strip)
+assert_contains "barTicks 4/5 → 4 filled"        "$TICKS" "a▰▰▰▰▱"
+assert_contains "barTicks 0/5 → all empty"        "$TICKS" "b▱▱▱▱▱"
+assert_contains "barTicks 5/5 → all filled"       "$TICKS" "c▰▰▰▰▰"
+assert_contains "barTicks clamps over-fill to 5"  "$TICKS" "d▰▰▰▰▰"
+assert_contains "barTicks total<1 → empty string" "$TICKS" "e"
+# ── onboard card ──
+ONB=$($NODE "$UI" onboard "Maria" 2>&1)
+assert_contains "onboard greets by name"          "$ONB" "welcome aboard, Maria"
+assert_contains "onboard shows milestone flow"    "$ONB" "Plan"
+assert_contains "onboard shows the first move"    "$ONB" "/qualia"
+# ── phase-complete card ──
+PC=$($NODE "$UI" phase-complete 3 "Checkout flow" tasks=6 mdone=4 mtotal=5 streak=3 next=/qualia-build nextname="Order confirmation" 2>&1)
+assert_contains "phase-complete shows phase + name"     "$PC" "PHASE 3 COMPLETE"
+assert_contains "phase-complete shows task count"       "$PC" "6 tasks"
+assert_contains "phase-complete shows milestone bar"    "$PC" "4/5 phases"
+assert_contains "phase-complete 'one more' at 4/5"      "$PC" "one more to close the milestone"
+assert_contains "phase-complete shows streak"           "$PC" "3 phases shipped today"
+assert_contains "phase-complete shows next command"     "$PC" "/qualia-build"
+# streak of 1 must NOT render (not a streak)
+PC1=$($NODE "$UI" phase-complete 1 "Cart" streak=1 2>&1)
+assert_not_contains "phase-complete hides streak=1"     "$PC1" "shipped today"
+# milestone complete wording at full
+PCFULL=$($NODE "$UI" phase-complete 5 "Polish" mdone=5 mtotal=5 2>&1)
+assert_contains "phase-complete 'ready to close' at 5/5" "$PCFULL" "milestone ready to close"
+# ── clockout card ──
+CO=$($NODE "$UI" clockout "Maria" date="Thu Jun 25" phases=3 tasks=14 commits=9 mdone=4 mtotal=5 streak=4 erp=ok 2>&1)
+assert_contains "clockout names the employee"     "$CO" "CLOCK OUT"
+assert_contains "clockout shows shipped phases"   "$CO" "3 phases"
+assert_contains "clockout shows commits"          "$CO" "9 commits"
+assert_contains "clockout shows milestone %"      "$CO" "80%"
+assert_contains "clockout shows streak"           "$CO" "4 days"
+assert_contains "clockout confirms ERP upload"    "$CO" "uploaded to ERP"
+CO_Q=$($NODE "$UI" clockout "Maria" erp=queued 2>&1)
+assert_contains "clockout queued state"           "$CO_Q" "queued"
+# ── spine: needs a multi-milestone project fixture ──
+TMP=$(mktemp -d)
+(
+  cd "$TMP"
+  $NODE "$STATE" init --project "acme-portal" \
+    --phases '[{"name":"Cart","goal":"x"},{"name":"Checkout","goal":"y"},{"name":"Receipts","goal":"z"}]' >/dev/null 2>&1
+  mkdir -p .planning
+  cat > .planning/JOURNEY.md <<'JEOF'
+---
+project: "acme-portal"
+---
+## Milestone 1 · Foundations
+1. **Auth**
+## Milestone 2 · Commerce
+1. **Cart**
+## Milestone 3 · Growth
+1. **Referrals**
+## Milestone 4 · Handoff
+1. **Docs**
+JEOF
+)
+SPINE=$(cd "$TMP" && $NODE "$UI" spine 2>&1)
+assert_contains "spine renders the Journey label"  "$SPINE" "Journey"
+assert_contains "spine renders all 4 milestones"   "$SPINE" "M4"
+assert_contains "spine shows current marker ◆"     "$SPINE" "◆"
+assert_contains "spine shows 'you are here'"       "$SPINE" "you are here"
+# caret column == current-marker column (exact alignment)
+ALIGN=$(cd "$TMP" && $NODE "$UI" spine 2>&1 | strip | $NODE -e '
+  let s=""; process.stdin.on("data",d=>s+=d).on("end",()=>{
+    const lines=s.split("\n").filter(l=>l.length);
+    const spine=lines.find(l=>l.includes("Journey"));
+    const caret=lines.find(l=>l.includes("you are here"));
+    if(!spine||!caret){console.log("NOLINES");return;}
+    const markerCol=spine.indexOf("◆");
+    const caretCol=caret.indexOf("↑");
+    console.log(markerCol===caretCol?"ALIGNED":("MISALIGNED "+markerCol+" vs "+caretCol));
+  });
+')
+assert_contains "spine caret aligns under current marker" "$ALIGN" "ALIGNED"
+# spine self-skips with <2 milestones (single-milestone project)
+TMP2=$(mktemp -d)
+( cd "$TMP2" && $NODE "$STATE" init --project "solo" --phases '[{"name":"A","goal":"x"}]' >/dev/null 2>&1 )
+SPINE2=$(cd "$TMP2" && $NODE "$UI" spine 2>&1)
+assert_not_contains "spine self-skips single-milestone project" "$SPINE2" "you are here"
+# spine outside any project → no crash, no output
+SPINE3=$(cd / && $NODE "$UI" spine 2>&1)
+assert_not_contains "spine no-ops outside a project" "$SPINE3" "Journey"
+# ── statusline: the always-visible progress bar ──
+TMP3=$(mktemp -d); mkdir -p "$TMP3/.planning"
+cat > "$TMP3/.planning/tracking.json" <<'TEOF'
+{"phase":3,"total_phases":5,"status":"building","milestone":2,"milestone_name":"Commerce","tasks_done":2,"tasks_total":6,"blockers":[]}
+TEOF
+SL=$(printf '{"workspace":{"current_dir":"%s"},"cost":{"total_cost_usd":0},"duration_ms":0}' "$TMP3" | $NODE "$STATUSLINE" 2>&1)
+assert_contains "statusline shows P3/5"            "$SL" "P3/5"
+assert_contains "statusline shows the tick bar"    "$SL" "▰▰▰▱▱"
+# ── skill-wiring smoke: run the ACTUAL ship/report closing bash ──
+# These mirror the exact variable plumbing in skills/qualia-ship/SKILL.md and
+# skills/qualia-report/SKILL.md (state.js parsing + ${VAR:+…} expansions), so a
+# regression in the wiring — not just the renderer — is caught.
+TMP4=$(mktemp -d)
+( cd "$TMP4" && $NODE "$STATE" init --project "wired" \
+    --phases '[{"name":"Cart","goal":"x"},{"name":"Checkout","goal":"y"},{"name":"Receipts","goal":"z"}]' >/dev/null 2>&1 )
+# ---- /qualia-ship closing block (verbatim plumbing) ----
+SHIP_OUT=$(cd "$TMP4" && {
+  PHASE_NUM=$($NODE "$STATE" check 2>/dev/null | $NODE -pe 'try{JSON.parse(require("fs").readFileSync(0)).phase||""}catch{""}')
+  PHASE_NAME=$($NODE "$STATE" check 2>/dev/null | $NODE -pe 'try{JSON.parse(require("fs").readFileSync(0)).phase_name||""}catch{""}')
+  TOTAL_PHASES=$($NODE "$STATE" check 2>/dev/null | $NODE -pe 'try{JSON.parse(require("fs").readFileSync(0)).total_phases||""}catch{""}')
+  TASKS_DONE=4
+  $NODE "$UI" phase-complete "${PHASE_NUM:-?}" "$PHASE_NAME" \
+    ${TASKS_DONE:+tasks=$TASKS_DONE} \
+    ${PHASE_NUM:+mdone=$PHASE_NUM} ${TOTAL_PHASES:+mtotal=$TOTAL_PHASES} \
+    next=/qualia-handoff
+} 2>&1)
+assert_contains "ship wiring → resolves phase number into card" "$SHIP_OUT" "PHASE 1 COMPLETE"
+assert_contains "ship wiring → tasks plumbed through"   "$SHIP_OUT" "4 tasks"
+assert_contains "ship wiring → milestone bar plumbed"   "$SHIP_OUT" "phases"
+assert_contains "ship wiring → next command set"        "$SHIP_OUT" "/qualia-handoff"
+assert_not_contains "ship wiring → no literal \${VAR"   "$SHIP_OUT" '${'
+# ---- /qualia-report closing block (verbatim plumbing) ----
+REPORT_OUT=$(cd "$TMP4" && {
+  EMP_NAME=$($NODE -pe 'try{JSON.parse(require("fs").readFileSync(process.env.HOME+"/.claude/.qualia-config.json","utf8")).installed_by||""}catch{""}' 2>/dev/null)
+  MDONE=$($NODE "$STATE" check 2>/dev/null | $NODE -pe 'try{JSON.parse(require("fs").readFileSync(0)).phase||""}catch{""}')
+  MTOTAL=$($NODE "$STATE" check 2>/dev/null | $NODE -pe 'try{JSON.parse(require("fs").readFileSync(0)).total_phases||""}catch{""}')
+  COUNT=9
+  ERP_RESULT=ok
+  $NODE "$UI" clockout "$EMP_NAME" date="2026-06-25" \
+    ${COUNT:+commits=$COUNT} \
+    ${MDONE:+mdone=$MDONE} ${MTOTAL:+mtotal=$MTOTAL} \
+    ${ERP_RESULT:+erp=$ERP_RESULT}
+} 2>&1)
+assert_contains "report wiring → renders CLOCK OUT"     "$REPORT_OUT" "CLOCK OUT"
+assert_contains "report wiring → commit count plumbed"  "$REPORT_OUT" "9 commits"
+assert_contains "report wiring → milestone % plumbed"   "$REPORT_OUT" "%"
+assert_contains "report wiring → erp result plumbed"    "$REPORT_OUT" "uploaded to ERP"
+assert_not_contains "report wiring → no literal \${VAR" "$REPORT_OUT" '${'
+rm -rf "$TMP" "$TMP2" "$TMP3" "$TMP4"
+echo ""
+echo "=== Results: $PASS passed, $FAIL failed ==="
+[ "$FAIL" -eq 0 ]

package/tests/lib.test.sh CHANGED Viewed

@@ -532,7 +532,7 @@ TMP=$(mktmp)
 mkdir -p "$TMP/home/.claude/bin" "$TMP/home/.claude/hooks" "$TMP/home/.claude/knowledge/daily-log" "$TMP/home/.claude/qualia-design" "$TMP/home/.claude/agents" "$TMP/home/.claude/qualia-templates" "$TMP/project"
 echo '{"installed_by":"Test","role":"OWNER","version":"6.3.0","erp":{"enabled":false}}' > "$TMP/home/.claude/.qualia-config.json"
 touch "$TMP/home/.claude/CLAUDE.md" "$TMP/home/.claude/settings.json"
-for f in runtime-manifest.js command-surface.js host-adapters.js state.js qualia-ui.js statusline.js knowledge.js knowledge-flush.js recall.js vault-access.js repo-map.js design-tokens.js batch-plan.js state-ledger.js plan-contract.js contract-runner.js agent-status.js analyze-gate.js verify-panel.js wave-plan.js eval-runner.js branch-hygiene.js last-report.js harness-eval.js trust-score.js agent-runs.js slop-detect.mjs dep-verify.mjs erp-retry.js erp-event.js work-packet.js report-payload.js project-snapshot.js project-sync.js codex-goal.js planning-hygiene.js prune-deprecated.js learning-candidates.js status-snapshot.js security-scan.js auto-report.js; do
+for f in runtime-manifest.js command-surface.js host-adapters.js state.js qualia-ui.js statusline.js knowledge.js knowledge-flush.js recall.js vault-access.js repo-map.js design-tokens.js batch-plan.js state-ledger.js plan-contract.js contract-runner.js agent-status.js analyze-gate.js verify-panel.js wave-plan.js eval-runner.js branch-hygiene.js last-report.js harness-eval.js trust-score.js agent-runs.js slop-detect.mjs dep-verify.mjs erp-retry.js erp-event.js work-packet.js report-payload.js project-snapshot.js project-sync.js codex-goal.js planning-hygiene.js prune-deprecated.js learning-candidates.js status-snapshot.js security-scan.js qualia-doctor.js auto-report.js; do
   touch "$TMP/home/.claude/bin/$f"
 done
 for h in session-start.js auto-update.js branch-guard.js pre-push.js pre-deploy-gate.js migration-guard.js git-guardrails.js stop-session-log.js fawzi-approval-guard.js vercel-account-guard.js env-empty-guard.js supabase-destructive-guard.js secret-guard.js; do
@@ -647,7 +647,7 @@ TMP=$(mktmp)
 mkdir -p "$TMP/.claude/bin" "$TMP/.claude/hooks" "$TMP/.claude/knowledge/daily-log" "$TMP/.claude/qualia-design" "$TMP/.claude/agents" "$TMP/.claude/qualia-templates" "$TMP/project/.planning"
 echo '{"installed_by":"Test","role":"OWNER","erp":{"enabled":false}}' > "$TMP/.claude/.qualia-config.json"
 touch "$TMP/.claude/CLAUDE.md" "$TMP/.claude/settings.json"
-for f in runtime-manifest.js command-surface.js host-adapters.js state.js qualia-ui.js statusline.js knowledge.js knowledge-flush.js recall.js vault-access.js repo-map.js design-tokens.js batch-plan.js state-ledger.js plan-contract.js contract-runner.js agent-status.js analyze-gate.js verify-panel.js wave-plan.js eval-runner.js branch-hygiene.js last-report.js harness-eval.js trust-score.js agent-runs.js slop-detect.mjs dep-verify.mjs erp-retry.js erp-event.js work-packet.js report-payload.js project-snapshot.js project-sync.js codex-goal.js planning-hygiene.js prune-deprecated.js learning-candidates.js status-snapshot.js security-scan.js auto-report.js; do
+for f in runtime-manifest.js command-surface.js host-adapters.js state.js qualia-ui.js statusline.js knowledge.js knowledge-flush.js recall.js vault-access.js repo-map.js design-tokens.js batch-plan.js state-ledger.js plan-contract.js contract-runner.js agent-status.js analyze-gate.js verify-panel.js wave-plan.js eval-runner.js branch-hygiene.js last-report.js harness-eval.js trust-score.js agent-runs.js slop-detect.mjs dep-verify.mjs erp-retry.js erp-event.js work-packet.js report-payload.js project-snapshot.js project-sync.js codex-goal.js planning-hygiene.js prune-deprecated.js learning-candidates.js status-snapshot.js security-scan.js qualia-doctor.js auto-report.js; do
   touch "$TMP/.claude/bin/$f"
 done
 for h in session-start.js auto-update.js branch-guard.js pre-push.js pre-deploy-gate.js migration-guard.js git-guardrails.js stop-session-log.js fawzi-approval-guard.js vercel-account-guard.js env-empty-guard.js supabase-destructive-guard.js secret-guard.js; do

package/tests/memory-loop.test.sh ADDED Viewed

@@ -0,0 +1,136 @@
+#!/bin/bash
+# memory-loop.test.sh — the one-loop contract: knowledge-flush vault dual-write
+# (ITEM 13) + qualia-doctor freshness gates (ITEM 14b).
+#
+# Pure-function tests, no agent CLI, no live vault. Each builds a temp QUALIA_HOME
+# and QUALIA_MEMORY so the loop logic is exercised hermetically.
+#
+# Run: bash tests/memory-loop.test.sh
+PASS=0
+FAIL=0
+DIR="$(cd "$(dirname "$0")" && pwd)"
+BIN_DIR="$(cd "$DIR/../bin" && pwd)"
+NODE="${NODE:-node}"
+FLUSH="$BIN_DIR/knowledge-flush.js"
+DOCTOR="$BIN_DIR/qualia-doctor.js"
+assert_contains() {
+  local name="$1" hay="$2" needle="$3"
+  if echo "$hay" | grep -qF "$needle"; then echo "  ✓ $name"; PASS=$((PASS+1));
+  else echo "  ✗ $name (missing '$needle' in: $hay)"; FAIL=$((FAIL+1)); fi
+}
+assert_ok() {
+  local name="$1" rc="$2"
+  if [ "$rc" -eq 0 ]; then echo "  ✓ $name"; PASS=$((PASS+1));
+  else echo "  ✗ $name (rc=$rc)"; FAIL=$((FAIL+1)); fi
+}
+echo "memory-loop.test.sh — dual-write + freshness gates"
+echo ""
+# --- syntax ---
+$NODE -c "$FLUSH" 2>/dev/null && { echo "  ✓ knowledge-flush.js syntax"; PASS=$((PASS+1)); } || { echo "  ✗ knowledge-flush.js syntax"; FAIL=$((FAIL+1)); }
+$NODE -c "$DOCTOR" 2>/dev/null && { echo "  ✓ qualia-doctor.js syntax"; PASS=$((PASS+1)); } || { echo "  ✗ qualia-doctor.js syntax"; FAIL=$((FAIL+1)); }
+# ── ITEM 13: dualWriteVault mirrors curated concepts into the vault ──────────
+TMP=$(mktemp -d); mkdir -p "$TMP/vault"
+OUT=$(QUALIA_HOME="$TMP/home" QUALIA_MEMORY="$TMP/vault" $NODE -e '
+const fs=require("fs"),path=require("path");
+const kh=process.env.QUALIA_HOME;
+fs.mkdirSync(path.join(kh,"knowledge","concepts"),{recursive:true});
+fs.writeFileSync(path.join(kh,"knowledge","learned-patterns.md"),"# Patterns\n- always RLS\n");
+fs.writeFileSync(path.join(kh,"knowledge","concepts","voice-call-state.md"),"# Voice\nstate\n");
+const m=require("'"$FLUSH"'");
+const r1=m.dualWriteVault();
+const files1=fs.readdirSync(m.VAULT_CONCEPTS_DIR).sort();
+const r2=m.dualWriteVault();
+const files2=fs.readdirSync(m.VAULT_CONCEPTS_DIR).sort();
+console.log("detail="+r1.event_detail);
+console.log("written="+r1.written);
+console.log("idempotent="+(files1.length===files2.length && files1.join(",")===files2.join(",")));
+console.log("files="+files2.join(","));
+const sample=fs.readFileSync(path.join(m.VAULT_CONCEPTS_DIR,files2[0]),"utf8");
+console.log("hasFrontmatter="+sample.includes("source: qualia-framework/knowledge-flush"));
+' 2>&1)
+assert_contains "dual-write mirrors concepts (vault-mirrored)" "$OUT" "detail=vault-mirrored"
+assert_contains "dual-write wrote 2 files" "$OUT" "written=2"
+assert_contains "dual-write is idempotent" "$OUT" "idempotent=true"
+assert_contains "dual-write emits a concept-prefixed subdir file" "$OUT" "concept-voice-call-state.md"
+assert_contains "dual-write emits curated top-level file" "$OUT" "learned-patterns.md"
+assert_contains "dual-write stamps provenance front-matter" "$OUT" "hasFrontmatter=true"
+rm -rf "$TMP"
+# --- vault absent → graceful skip, no crash ---
+TMP=$(mktemp -d)
+OUT=$(QUALIA_HOME="$TMP/home" QUALIA_MEMORY="$TMP/does-not-exist" $NODE -e '
+const fs=require("fs"),path=require("path");
+const kh=process.env.QUALIA_HOME;
+fs.mkdirSync(path.join(kh,"knowledge"),{recursive:true});
+fs.writeFileSync(path.join(kh,"knowledge","learned-patterns.md"),"# P\n- x\n");
+const m=require("'"$FLUSH"'");
+const r=m.dualWriteVault();
+console.log("detail="+r.event_detail+" written="+r.written);
+' 2>&1)
+assert_ok "vault-absent does not crash" $?
+assert_contains "vault-absent is skipped gracefully" "$OUT" "detail=vault-absent"
+rm -rf "$TMP"
+# ── ITEM 14b: freshness gates ───────────────────────────────────────────────
+# Healthy loop: fresh daily-log, recent flush log, fresh export with matching
+# coverage and no deprecated rows → all PASS.
+TMP=$(mktemp -d)
+KH="$TMP/home"; VAULT="$TMP/vault"
+mkdir -p "$KH/knowledge/daily-log"
+TODAY=$(date +%Y-%m-%d)
+echo "# log" > "$KH/knowledge/daily-log/$TODAY.md"
+printf '{"timestamp":"%s","event":"ok"}\n' "$(date -Iseconds)" > "$KH/.qualia-flush.log"
+mkdir -p "$VAULT/wiki/sessions/concepts" "$VAULT/wiki/_export/concepts"
+echo "# c1" > "$VAULT/wiki/sessions/concepts/c1.md"
+echo "# c1 exported" > "$VAULT/wiki/_export/concepts/c1.md"
+OUT=$(QUALIA_HOME="$KH" QUALIA_MEMORY="$VAULT" $NODE "$DOCTOR" --json 2>&1)
+assert_contains "healthy daily-log → PASS" "$OUT" '"gate": "daily-log freshness"'
+HEALTHY_FAILS=$(echo "$OUT" | grep -c '"status": "FAIL"')
+if [ "$HEALTHY_FAILS" -eq 0 ]; then echo "  ✓ healthy loop has zero FAIL gates"; PASS=$((PASS+1)); else echo "  ✗ healthy loop has $HEALTHY_FAILS FAIL gate(s): $OUT"; FAIL=$((FAIL+1)); fi
+rm -rf "$TMP"
+# Broken loop: no daily-log, no flush log, no export → FAILs + --exit-code 1.
+TMP=$(mktemp -d)
+mkdir -p "$TMP/home/knowledge" "$TMP/vault"
+OUT=$(QUALIA_HOME="$TMP/home" QUALIA_MEMORY="$TMP/vault" $NODE "$DOCTOR" --json 2>&1)
+assert_contains "broken loop flags stale daily-log" "$OUT" 'no daily-log entries'
+assert_contains "broken loop flags missing flush log" "$OUT" 'flush never ran'
+assert_contains "broken loop flags missing export" "$OUT" 'export never ran'
+QUALIA_HOME="$TMP/home" QUALIA_MEMORY="$TMP/vault" $NODE "$DOCTOR" --exit-code >/dev/null 2>&1
+RC=$?
+if [ "$RC" -eq 1 ]; then echo "  ✓ broken loop --exit-code returns 1"; PASS=$((PASS+1)); else echo "  ✗ broken loop --exit-code returned $RC"; FAIL=$((FAIL+1)); fi
+rm -rf "$TMP"
+# Coverage gate: source has 2 concepts, export has 1 → FAIL (stale/partial).
+TMP=$(mktemp -d)
+KH="$TMP/home"; VAULT="$TMP/vault"
+mkdir -p "$KH/knowledge/daily-log"
+echo "# log" > "$KH/knowledge/daily-log/$(date +%Y-%m-%d).md"
+printf '{"timestamp":"%s","event":"ok"}\n' "$(date -Iseconds)" > "$KH/.qualia-flush.log"
+mkdir -p "$VAULT/wiki/sessions/concepts" "$VAULT/wiki/_export/concepts"
+echo "# a" > "$VAULT/wiki/sessions/concepts/a.md"
+echo "# b" > "$VAULT/wiki/sessions/concepts/b.md"
+echo "# a" > "$VAULT/wiki/_export/concepts/a.md"
+OUT=$(QUALIA_HOME="$KH" QUALIA_MEMORY="$VAULT" $NODE "$DOCTOR" --json 2>&1)
+assert_contains "partial export → coverage FAIL" "$OUT" 'export is stale or partial'
+rm -rf "$TMP"
+# Deprecated gate: an export file tagged deprecated → FAIL.
+TMP=$(mktemp -d)
+KH="$TMP/home"; VAULT="$TMP/vault"
+mkdir -p "$KH/knowledge/daily-log" "$VAULT/wiki/_export"
+echo "# log" > "$KH/knowledge/daily-log/$(date +%Y-%m-%d).md"
+printf '{"timestamp":"%s","event":"ok"}\n' "$(date -Iseconds)" > "$KH/.qualia-flush.log"
+printf -- '---\ntags: [deprecated, old]\n---\n# stale\n' > "$VAULT/wiki/_export/old.md"
+OUT=$(QUALIA_HOME="$KH" QUALIA_MEMORY="$VAULT" $NODE "$DOCTOR" --json 2>&1)
+assert_contains "deprecated row in export → FAIL" "$OUT" 'deprecated file(s)'
+rm -rf "$TMP"
+echo ""
+echo "=== Results: $PASS passed, $FAIL failed ==="
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1

package/tests/r6-golden.test.sh ADDED Viewed

@@ -0,0 +1,66 @@
+#!/bin/bash
+# r6-golden.test.sh — R6 golden verifier fixture.
+#
+# Proves the deterministic verifier (bin/verify-panel.js) CANNOT default-pass.
+# The fixture tests/fixtures/r6-golden-fail-panel.json is a SEEDED STUB
+# engineered so the only correct verdict is FAIL: it carries a surviving
+# CRITICAL (voted real 3-0) plus an unvoted HIGH (INSUFFICIENT-EVIDENCE style —
+# unverified is not disproven, so it survives the skeptic round).
+#
+# If verify-panel ever regresses to scoring 3/PASS on input it cannot fully
+# clear, this turns red. It is the framework gating its OWN verifier the way it
+# gates user projects (the missing R6 piece from the v7 audit, F3).
+#
+# CONSTRAINT: this test ONLY adds the fixture wiring. It does not touch the
+# anti-default-3 logic, the gates, or Codex parity — it observes them.
+#
+# Run: bash tests/r6-golden.test.sh
+PASS=0
+FAIL=0
+DIR="$(cd "$(dirname "$0")" && pwd)"
+BIN_DIR="$(cd "$DIR/../bin" && pwd)"
+NODE="${NODE:-node}"
+VP="$BIN_DIR/verify-panel.js"
+FIXTURE="$DIR/fixtures/r6-golden-fail-panel.json"
+assert_exit() {
+  local name="$1" expected="$2" actual="$3"
+  if [ "$expected" = "$actual" ]; then echo "  ✓ $name"; PASS=$((PASS+1));
+  else echo "  ✗ $name (expected exit $expected, got $actual)"; FAIL=$((FAIL+1)); fi
+}
+assert_contains() {
+  local name="$1" hay="$2" needle="$3"
+  if echo "$hay" | grep -qF "$needle"; then echo "  ✓ $name"; PASS=$((PASS+1));
+  else echo "  ✗ $name (missing '$needle')"; FAIL=$((FAIL+1)); fi
+}
+assert_absent() {
+  local name="$1" hay="$2" needle="$3"
+  if echo "$hay" | grep -qF "$needle"; then echo "  ✗ $name (found forbidden '$needle')"; FAIL=$((FAIL+1));
+  else echo "  ✓ $name"; PASS=$((PASS+1)); fi
+}
+echo "r6-golden.test.sh — verifier cannot default-pass"
+echo ""
+# Fixture must exist (precondition).
+[ -f "$FIXTURE" ] && { echo "  ✓ golden fixture present"; PASS=$((PASS+1)); } \
+  || { echo "  ✗ golden fixture missing: $FIXTURE"; FAIL=$((FAIL+1)); }
+# The golden stub MUST FAIL (exit 1). This is the anti-default-pass proof.
+$NODE "$VP" "$FIXTURE" >/dev/null 2>&1
+assert_exit "golden stub → FAIL (exit 1), not a default PASS" 1 $?
+OUT=$($NODE "$VP" "$FIXTURE" --json 2>&1)
+assert_contains "verdict is FAIL" "$OUT" '"verdict": "FAIL"'
+assert_absent  "verdict is NOT PASS" "$OUT" '"verdict": "PASS"'
+# ok must be false — the contract kernel treats this as a phase fail.
+assert_contains "ok:false (phase does not ship)" "$OUT" '"ok": false'
+# The surviving CRITICAL is the load-bearing reason it cannot pass.
+assert_contains "surviving CRITICAL preserved" "$OUT" '"severity": "CRITICAL"'
+# The unvoted HIGH survives (unverified != disproven).
+assert_contains "unvoted HIGH survives the skeptic round" "$OUT" '"severity": "HIGH"'
+echo ""
+echo "=== Results: $PASS passed, $FAIL failed ==="
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1

package/tests/refs.test.sh CHANGED Viewed

@@ -184,6 +184,39 @@ for pattern in "${forbidden_surface_patterns[@]}"; do
   fi
 done
+# ── Count-drift guard ─────────────────────────────────────────────────────────
+# The orientation docs (README.md / guide.md) hardcode skill/hook/rule counts.
+# These rot every time a skill/hook/rule is added. Assert each stated count
+# matches the live directory listing so the numbers can't silently drift again.
+#   skills/  = directory entries
+#   hooks/   = *.js files
+#   rules/   = *.md files
+SKILL_COUNT=$(find "$FRAMEWORK_ROOT/skills" -mindepth 1 -maxdepth 1 -type d | wc -l | tr -d ' ')
+HOOK_COUNT=$(find "$FRAMEWORK_ROOT/hooks" -maxdepth 1 -name '*.js' | wc -l | tr -d ' ')
+RULE_COUNT=$(find "$FRAMEWORK_ROOT/rules" -maxdepth 1 -name '*.md' | wc -l | tr -d ' ')
+# assert_count <label> <expected-actual> <file> <regex-with-NUM-placeholder>
+# Fails if the file contains a "<N> <label>" claim where N != actual.
+assert_count() {
+  local label="$1" actual="$2" file="$3" pattern="$4"
+  local bad
+  # Find every "<digits> <label>" mention; flag any whose number != actual.
+  # grep -oE (no -n) yields just the matched "<N> label" substrings; pull the
+  # leading integer from each and compare. (No line-number prefix to confuse it.)
+  bad=$(grep -oE "$pattern" "$file" 2>/dev/null | grep -oE '^[0-9]+' | grep -vx "$actual" || true)
+  if [ -n "$bad" ]; then
+    fail_case "count drift: $label in $(basename "$file")" \
+      "stated $(echo "$bad" | paste -sd, -) but actual is $actual — regenerate from the directory listing"
+  else
+    pass "$(basename "$file") $label count = $actual (matches $label/)"
+  fi
+}
+assert_count "skills" "$SKILL_COUNT" "$FRAMEWORK_ROOT/README.md" '[0-9]+ (installed )?skills'
+assert_count "hooks"  "$HOOK_COUNT"  "$FRAMEWORK_ROOT/README.md" '[0-9]+ hooks'
+assert_count "rules"  "$RULE_COUNT"  "$FRAMEWORK_ROOT/README.md" '[0-9]+ (installed )?rules'
+assert_count "skills" "$SKILL_COUNT" "$FRAMEWORK_ROOT/guide.md"  '[0-9]+ active skills'
 echo ""
 echo "Results: $PASS passed, $FAIL failed"

package/tests/run-all.sh CHANGED Viewed

@@ -35,6 +35,9 @@ SUITES=(
   "repo-map"
   "design-tokens"
   "batch-plan"
+  "r6-golden"
+  "memory-loop"
+  "journey-spine"
 )
 FAILED=()