Update beads metadata

Fix Form_Utils bugs and unify error handling documentation
Protect framework files from auto-modification when not in developer mode

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/RSpade/man/ajax_error_handling.txt

@@ -26,9 +26,9 @@ RESPONSE FORMATS
     -----------------------------------------
     {
         "_success": false,
-        "error_type": "response_form_error|response_auth_required|response_unauthorized",
+        "error_code": "validation|not_found|unauthorized|auth_required",
         "reason": "User-friendly message",
-        "details": { /* optional, e.g., field-specific validation errors */ },
+        "metadata": { /* optional, e.g., field-specific validation errors */ },
         "console_debug": [ /* optional debug messages */ ]
     }
 
@@ -84,35 +84,42 @@ HTTP STATUS CODE STRATEGY
 
 ERROR TYPES
 
-    fatal
-    -----
+    All error responses use the unified response_error() function with constants:
+
+    Ajax::ERROR_FATAL
+    -----------------
     Uncaught PHP exceptions, database errors, bugs in code.
     Dev mode: Shows file/line/error/backtrace
     Prod mode: Generic "An error occurred" message
 
-    response_form_error (validation)
-    --------------------------------
+    Ajax::ERROR_VALIDATION
+    ----------------------
     Validation failures with field-specific details.
-    Used via: return response_form_error($reason, $details);
+    Used via: return response_error(Ajax::ERROR_VALIDATION, $field_errors);
     Example:
-        return response_form_error('Validation failed', [
+        return response_error(Ajax::ERROR_VALIDATION, [
             'email' => 'Email address is required',
             'phone' => 'Invalid phone number format'
         ]);
 
-    response_auth_required
-    ----------------------
+    Ajax::ERROR_AUTH_REQUIRED
+    -------------------------
     User not logged in, needs authentication.
-    Used via: return response_auth_required($reason, $redirect);
+    Used via: return response_error(Ajax::ERROR_AUTH_REQUIRED);
 
-    response_unauthorized
-    ---------------------
+    Ajax::ERROR_UNAUTHORIZED
+    ------------------------
     User logged in but lacks permission for this action.
-    Used via: return response_unauthorized($reason, $redirect);
+    Used via: return response_error(Ajax::ERROR_UNAUTHORIZED);
 
-    network
-    -------
-    Client-side only. Server unreachable (xhr.status === 0).
+    Ajax::ERROR_NOT_FOUND
+    ---------------------
+    Resource not found.
+    Used via: return response_error(Ajax::ERROR_NOT_FOUND, 'Project not found');
+
+    network (client-side only)
+    --------------------------
+    Server unreachable (xhr.status === 0).
 
 SERVER-SIDE IMPLEMENTATION
 
@@ -127,7 +134,7 @@ SERVER-SIDE IMPLEMENTATION
         $user = User::find($params['id']);
 
         if (!$user) {
-            return response_form_error('User not found', ['id' => 'Invalid']);
+            return response_error(Ajax::ERROR_NOT_FOUND, 'User not found');
         }
 
         return [
@@ -216,13 +223,17 @@ CLIENT-SIDE IMPLEMENTATION
     ----------------------
     Rejected promises receive standard Error objects with additional properties:
 
-        error.type       - 'fatal'|'form_error'|'auth_required'|
-                           'unauthorized'|'network'
+        error.code       - 'validation'|'not_found'|'unauthorized'|
+                           'auth_required'|'fatal'|'network'
         error.message    - User-displayable message
-        error.details    - Full error data from server
-                           (for form_error: field-specific errors)
+        error.metadata   - Additional error data from server
+                           (for validation: field-specific errors)
                            (for fatal: file/line/backtrace)
 
+    Constants available on both server and client:
+        PHP:  Ajax::ERROR_VALIDATION, Ajax::ERROR_NOT_FOUND, etc.
+        JS:   Ajax.ERROR_VALIDATION, Ajax.ERROR_NOT_FOUND, etc.
+
     Automatic Error Handling
     ------------------------
     Uncaught Ajax errors automatically display via Modal.error():
@@ -253,7 +264,7 @@ CLIENT-SIDE IMPLEMENTATION
     });
 
     Rsx_Form.render_error() handles all error types:
-    - form_error: Shows inline field errors + unmatched errors alert
+    - validation: Shows inline field errors + unmatched errors alert
     - fatal/network/auth: Shows error in form's error container
 
     Form_Utils Error Display
@@ -264,8 +275,8 @@ CLIENT-SIDE IMPLEMENTATION
         const result = await Controller.save_user(form_data);
         await Modal.alert('User saved!');
     } catch (error) {
-        if (error.type === 'form_error') {
-            await Form_Utils.apply_form_errors($form, error.details);
+        if (error.code === Ajax.ERROR_VALIDATION) {
+            await Form_Utils.apply_form_errors($form, error.metadata);
         } else {
             Rsx.render_error(error, '#error_container');
         }
@@ -289,7 +300,7 @@ CLIENT-SIDE IMPLEMENTATION
 
     Handles all error types:
     - fatal: Shows file:line and full message
-    - form_error: Shows bulleted list of unmatched validation errors
+    - validation: Shows bulleted list of unmatched validation errors
     - auth/network: Shows user-friendly message
     - generic: Shows error message in danger alert
 
@@ -403,7 +414,7 @@ COMMON PATTERNS
     public static function save(Request $request, array $params = []): array
     {
         if (empty($params['email'])) {
-            return response_form_error('Validation failed', [
+            return response_error(Ajax::ERROR_VALIDATION, [
                 'email' => 'Email is required'
             ]);
         }