fix(review): address CodeRabbit review feedback

- Guard prepare script for Docker builds without .git
- Add pre-push hook for heavier quality gates (typecheck/test/build)
- Pin drizzle-orm version in scripts/package.json
- Add E2E_SMOKE_ALLOW_WRITE opt-in guard via e2eEnv abstraction
- Create @household/config env-e2e.ts using same t3-env + zod pattern
- Make e2e teardown robust with optional chaining + allSettled
- Fix markdown code block language identifier (MD040)
- Fix CI integration docs to reflect actual workflow

docs/runbooks/e2e-tests.md

@@ -14,6 +14,7 @@ smoke test for the billing pipeline. It exercises:
 - Bun 1.3+ installed
 - A running Supabase/Postgres database with the schema applied
 - `DATABASE_URL` set (via `.env` or environment)
+- `E2E_SMOKE_ALLOW_WRITE=true` set explicitly (safety guard)
 
 ## Running locally
 
@@ -26,7 +27,7 @@ cp .env.example .env
 bun run db:migrate
 
 # 3. Run the e2e smoke test
-bun run test:e2e
+E2E_SMOKE_ALLOW_WRITE=true bun run test:e2e
 ```
 
 The test seeds its own data (household + 3 roommates), runs the full
@@ -37,7 +38,7 @@ cleans up after itself.
 
 On success:
 
-```
+```text
 E2E smoke passed: purchase ingestion, utility updates, and statements are deterministic
 ```
 
@@ -45,9 +46,10 @@ On failure the script exits with code 1 and prints the assertion error.
 
 ## CI integration
 
-The e2e smoke test runs in CI as part of the quality matrix when the
-`DATABASE_URL` secret is configured. Without the secret, the job is
-skipped automatically.
+Run the e2e smoke test with `bun run test:e2e` locally or in a dedicated
+CI job. If you wire it into CI, gate it on `DATABASE_URL` and
+`E2E_SMOKE_ALLOW_WRITE` to avoid false failures. The test is **not**
+part of the standard CI quality matrix by default.
 
 ## Test data