Rebrand to Proof of Work; multi-user 0.4 package with curated library sync

Repo cleanup
- Add top-level .gitignore (was missing; node_modules, .next, *.s9pk,
  image.tar, seed/data/*.db, log files, etc.) and a root README.
- Delete legacy start9/0.3.5/ package (StartOS 0.3.5 wrapper, no longer
  the deploy target).
- Delete start9-example-packaging/ (template from another project).
- Delete planning docs (START9_PACKAGING_LOG.md, VERSIONING.md,
  STARTOS_0.4_UPGRADE_PROMPT.md, ICON_FILES_INDEX.md, etc.) — info now
  lives in the deploy guide and code comments.
- Drop the standalone Dockerfile, docker-compose.yml, ICON_*, and dev
  log/build artifacts from the app dir.
- Drop the v0.1.0:18/19/20 version files (they belonged to the legacy
  workout-log package and don't apply to the new id).

Rename + new package
- Rename app dir workout-planner/ -> proof-of-work/.
- Rename StartOS package id workout-log -> proof-of-work; the new id
  makes this a brand new StartOS service (clean cutover from the old
  one rather than in-place upgrade).
- Reset version graph; v1.0.0:1 is the seeded cutover release. The
  Dockerfile bakes a one-time /data snapshot and docker_entrypoint.sh
  copies it into the new volume on truly-fresh first boot only (both
  /data/app.db missing AND /data/.seeded absent).
- Move start9/0.4-migration/ -> start9/0.4/; the old start9/0.4/ stub
  is gone.

Curated exercise library (multi-user-aware)
- proof-of-work/prisma/exercises.seed.json is the canonical library
  shipped to every install (164 exercises today, dumped from the live
  snapshot).
- proof-of-work/scripts/sync-library.cjs (npm run sync-library) refreshes
  the JSON from start9/0.4/seed/data/app.db after refresh_seed.sh.
- proof-of-work/prisma/seed.ts now reads from the JSON instead of a
  hardcoded 52-exercise array; runs at Docker build time to seed the
  fallback DB and on first boot for fresh installs.
- proof-of-work/prisma/ensureExerciseLibrary.cjs runs on every container
  boot (from docker_entrypoint.sh) and INSERT OR IGNOREs every library
  entry for every user, keyed on (userId, name). Library updates flow
  to existing installs on package upgrade; user-custom exercises
  (isCustom=true) and any colliding names are never overwritten;
  removed exercises stay on existing installs (additive-only).

Deploy guide (start9/0.4/DEPLOY_040.md)
- Rewritten end-to-end for the workout-log -> proof-of-work cutover:
  refresh_seed, sync-library, build, sideload, verify, rotate creds,
  stop the old service, then post-cutover cleanup release v1.0.0:2.

proof-of-work/app/api/exercises/[id]/route.ts

@@ -0,0 +1,190 @@
+import { getCurrentUser } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+import { NextRequest, NextResponse } from "next/server";
+import { z } from "zod";
+
+/**
+ * GET /api/exercises/[id]
+ * Get exercise with history
+ */
+export async function GET(
+  _request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getCurrentUser();
+    if (!user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const exercise = await prisma.exercise.findFirst({
+      where: {
+        id: params.id,
+        userId: user.id,
+      },
+    });
+
+    if (!exercise) {
+      return NextResponse.json({ error: "Exercise not found" }, { status: 404 });
+    }
+
+    // Get exercise history grouped by workout
+    const setLogs = await prisma.setLog.findMany({
+      where: {
+        exerciseId: params.id,
+        workout: {
+          userId: user.id,
+          deletedAt: null,
+        },
+      },
+      include: {
+        workout: {
+          select: {
+            id: true,
+            date: true,
+            name: true,
+          },
+        },
+      },
+      orderBy: [
+        { workout: { date: "desc" } },
+        { setNumber: "asc" },
+      ],
+      take: 500,
+    });
+
+    // Group by workout
+    const workoutMap = new Map<string, { workout: any; sets: any[] }>();
+    for (const log of setLogs) {
+      const key = log.workoutId;
+      if (!workoutMap.has(key)) {
+        workoutMap.set(key, { workout: log.workout, sets: [] });
+      }
+      workoutMap.get(key)!.sets.push(log);
+    }
+
+    const history = Array.from(workoutMap.values()).slice(0, 50);
+
+    return NextResponse.json({
+      exercise,
+      history,
+    });
+  } catch (error) {
+    console.error("GET /api/exercises/[id] error:", error);
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * PATCH /api/exercises/[id]
+ * Edit exercise details
+ */
+const updateExerciseSchema = z.object({
+  name: z.string().min(1).optional(),
+  type: z.string().min(1).optional(),
+  muscleGroups: z.array(z.string()).optional(),
+  description: z.string().optional(),
+  inputFields: z.array(z.string().min(1)).optional(),
+  defaultWeightUnit: z.string().nullable().optional(),
+});
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getCurrentUser();
+    if (!user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const exercise = await prisma.exercise.findFirst({
+      where: {
+        id: params.id,
+        userId: user.id,
+      },
+    });
+
+    if (!exercise) {
+      return NextResponse.json({ error: "Exercise not found" }, { status: 404 });
+    }
+
+    const body = await request.json();
+    const validated = updateExerciseSchema.parse(body);
+
+    const data: any = {};
+    if (validated.name !== undefined) data.name = validated.name;
+    if (validated.type !== undefined) data.type = validated.type;
+    if (validated.description !== undefined) data.description = validated.description;
+    if (validated.muscleGroups !== undefined)
+      data.muscleGroups = JSON.stringify(validated.muscleGroups);
+    if (validated.inputFields !== undefined)
+      data.inputFields = JSON.stringify(validated.inputFields);
+    if (validated.defaultWeightUnit !== undefined)
+      data.defaultWeightUnit = validated.defaultWeightUnit;
+
+    const updated = await prisma.exercise.update({
+      where: { id: params.id },
+      data,
+    });
+
+    return NextResponse.json(updated);
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: "Invalid data", details: error.errors },
+        { status: 400 }
+      );
+    }
+    console.error("PATCH /api/exercises/[id] error:", error);
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * DELETE /api/exercises/[id]
+ */
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getCurrentUser();
+    if (!user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const exercise = await prisma.exercise.findFirst({
+      where: {
+        id: params.id,
+        userId: user.id,
+      },
+    });
+
+    if (!exercise) {
+      return NextResponse.json({ error: "Exercise not found" }, { status: 404 });
+    }
+
+    await prisma.setLog.deleteMany({
+      where: { exerciseId: params.id },
+    });
+
+    await prisma.exercise.delete({
+      where: { id: params.id },
+    });
+
+    return NextResponse.json({ message: "Exercise deleted successfully" });
+  } catch (error) {
+    console.error("DELETE /api/exercises/[id] error:", error);
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    );
+  }
+}