carson 2.12.0 → 2.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87aef62f0df0f4a298b22d5fd2dcc033b3fb8ff382e7c43fcc37399fb9e28b17
-  data.tar.gz: 50120a7c2252236e86736fbab59eeade47b80488c89b2901849b16dc77ed2c7f
+  metadata.gz: fbc67303ff1efe52235731586e0fb13830d943764edfb67119ff3b8cd5605102
+  data.tar.gz: 6facbe0d10eebe0ef1f89d491799fa65d2993221574b1d3e7e898d82e3c0fc32
 SHA512:
-  metadata.gz: 790d1b70d2df69440acc5c7d13ed7566b243e3b69a7f6d5735bc6713c275702e72273cd13ff6c958e3635669ea2411af6289eefc69e6782d3182a7dd390e1f61
-  data.tar.gz: e9367dd0605946d9a2f7202c0f41cb2ebebfe6e19b463e606bb88e4e1d719b3c5fbdfc76911bf8b7be1a225f5dbbdd4518b88d5f9f0a5a92ad9a841d11f1f92d
+  metadata.gz: c606ed005e274ab872ccf9b50da945edcc8bffcf2a7e146679e0f6f9673c572d826a679e9575d9866a4c91ffe71ca648a89b415237cb63e97f7d023ffa05a453
+  data.tar.gz: fc3e7c8ba85a437aafc643f498c381bb8f617ee71c5527b08462af993f1b94cbcf51dbfc9298dd45b3dee92dbfad45c611513e449114051878e4c8239e4b7c23

data/.github/workflows/carson_policy.yml

@@ -71,7 +71,7 @@ jobs:
         env:
           CARSON_READ_TOKEN: ${{ secrets.CARSON_READ_TOKEN }}
         run: |
-          carson lint setup --source https://github.com/wanghailei/ai.git --ref main --force
+          carson lint policy --source https://github.com/wanghailei/ai.git --ref main --force
           carson prepare
           carson audit
 

data/MANUAL.md

@@ -94,7 +94,7 @@ jobs:
 
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
-- `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint setup`.
+- `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint policy`.
 - The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
 
 ## Daily Operations
@@ -241,7 +241,7 @@ Where lint configuration files come from and where they land.
 - Default source: **`wanghailei/lint.git`**. A central repository containing lint configs for all languages.
 - Target: **`<repo>/.github/linters/`**. MegaLinter auto-discovers configs here in CI.
 
-Change: `carson lint policy --source <path-or-git-url>` or `lint.policy_source` in config.
+Change: `carson lint policy --source <path-or-git-url>` or `lint.policy_source` in config. After changing policy, run `carson refresh --all` to propagate to all governed repositories.
 
 #### Scope integrity
 
@@ -337,6 +337,7 @@ carson template check
 
 **Hook version mismatch after upgrade**
 - Run `carson refresh` to re-apply hooks and templates for the new Carson version.
+- Run `carson refresh --all` to refresh all governed repositories at once.
 
 ## Offboard a Repository
 

data/README.md

@@ -78,6 +78,7 @@ The data flow:
 | `carson onboard` | One-command baseline: hooks + templates + first audit. |
 | `carson prepare` | Install or refresh Carson-managed global hooks. |
 | `carson refresh` | Re-apply hooks, templates, and audit after upgrading Carson. |
+| `carson refresh --all` | Refresh all governed repositories at once. |
 | `carson offboard` | Remove Carson from a repository. |
 
 **Daily** — regular development workflow:

data/RELEASE.md

@@ -5,6 +5,12 @@ Release-note scope rule:
 - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
 - Operational usage guides live in `MANUAL.md` and `API.md`.
 
+## 2.13.0 — Refresh All Governed Repositories
+
+### What changed
+
+- **`carson refresh --all`** refreshes every governed repository in a single command. Iterates `govern.repos`, runs hooks + templates + audit on each, prints a per-repo summary line, and returns non-zero if any repo fails. Verbose mode streams full diagnostics per repo.
+
 ## 2.12.0 — Language-Agnostic Lint Policy Distribution + MegaLinter
 
 ### What changed

data/VERSION

@@ -1 +1 @@
-2.12.0
+2.13.0

data/hooks/pre-commit

@@ -14,6 +14,6 @@ fi
 if ! "${carson_command[@]}" audit; then
 	echo "Carson policy: commit blocked by governance audit." >&2
 	echo "Resolve reported policy blocks before committing." >&2
-	echo "If lint policy files are missing, run: carson lint setup --source <path-or-git-url>" >&2
+	echo "If lint policy files are missing, run: carson lint policy --source <path-or-git-url>" >&2
 	exit 1
 fi

data/lib/carson/cli.rb

@@ -12,6 +12,12 @@ module Carson
 				return Runtime::EXIT_OK
 			end
 
+			if command == "refresh:all"
+				verbose = parsed.fetch( :verbose, false )
+				runtime = Runtime.new( repo_root: repo_root, tool_root: tool_root, out: out, err: err, verbose: verbose )
+				return dispatch( parsed: parsed, runtime: runtime )
+			end
+
 			target_repo_root = parsed.fetch( :repo_root, nil )
 			target_repo_root = repo_root if target_repo_root.to_s.strip.empty?
 			unless Dir.exist?( target_repo_root )
@@ -47,7 +53,7 @@ module Carson
 
 		def self.build_parser
 			OptionParser.new do |opts|
-				opts.banner = "Usage: carson [setup|audit|sync|prune|prepare|inspect|onboard [repo_path]|refresh [repo_path]|offboard [repo_path]|template check|template apply|lint policy --source <path-or-git-url>|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|housekeep|version]"
+				opts.banner = "Usage: carson [setup|audit|sync|prune|prepare|inspect|onboard [repo_path]|refresh [--all|repo_path]|offboard [repo_path]|template check|template apply|lint policy --source <path-or-git-url>|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|housekeep|version]"
 			end
 		end
 
@@ -68,8 +74,10 @@ module Carson
 			when "version"
 				parser.parse!( argv )
 				{ command: "version" }
-			when "onboard", "refresh", "offboard"
+			when "onboard", "offboard"
 				parse_repo_path_command( command: command, argv: argv, parser: parser, err: err )
+			when "refresh"
+				parse_refresh_command( argv: argv, parser: parser, err: err )
 			when "template"
 				parse_named_subcommand( command: command, usage: "check|apply", argv: argv, parser: parser, err: err )
 			when "lint"
@@ -99,6 +107,31 @@ module Carson
 			}
 		end
 
+		def self.parse_refresh_command( argv:, parser:, err: )
+			all_flag = argv.delete( "--all" ) ? true : false
+			parser.parse!( argv )
+
+			if all_flag && !argv.empty?
+				err.puts "#{BADGE} --all and repo_path are mutually exclusive. Use: carson refresh --all OR carson refresh [repo_path]"
+				err.puts parser
+				return { command: :invalid }
+			end
+
+			return { command: "refresh:all" } if all_flag
+
+			if argv.length > 1
+				err.puts "#{BADGE} Too many arguments for refresh. Use: carson refresh [repo_path]"
+				err.puts parser
+				return { command: :invalid }
+			end
+
+			repo_path = argv.first
+			{
+				command: "refresh",
+				repo_root: repo_path.to_s.strip.empty? ? nil : File.expand_path( repo_path )
+			}
+		end
+
 		def self.parse_named_subcommand( command:, usage:, argv:, parser:, err: )
 			action = argv.shift
 			parser.parse!( argv )
@@ -206,6 +239,8 @@ module Carson
 				runtime.onboard!
 			when "refresh"
 				runtime.refresh!
+			when "refresh:all"
+				runtime.refresh_all!
 			when "offboard"
 				runtime.offboard!
 			when "template:check"

data/lib/carson/runtime/local.rb

@@ -247,6 +247,40 @@ module Carson
 				audit_status
 			end
 
+			# Re-applies hooks, templates, and audit across all governed repositories.
+			def refresh_all!
+				repos = config.govern_repos
+				if repos.empty?
+					puts_line "ERROR: no governed repositories configured. Add repos via carson setup or govern.repos in ~/.carson/config.json."
+					return EXIT_ERROR
+				end
+
+				puts_line ""
+				puts_line "Refresh all (#{repos.length} repo#{plural_suffix( count: repos.length )})"
+				refreshed = 0
+				failed = 0
+
+				repos.each do |repo_path|
+					repo_name = File.basename( repo_path )
+					unless Dir.exist?( repo_path )
+						puts_line "#{repo_name}: FAIL (path not found)"
+						failed += 1
+						next
+					end
+
+					status = refresh_single_repo( repo_path: repo_path, repo_name: repo_name )
+					if status == EXIT_ERROR
+						failed += 1
+					else
+						refreshed += 1
+					end
+				end
+
+				puts_line ""
+				puts_line "Refresh all complete: #{refreshed} refreshed, #{failed} failed."
+				failed.zero? ? EXIT_OK : EXIT_ERROR
+			end
+
 			# Removes Carson-managed repository integration so a host repository can retire Carson cleanly.
 			def offboard!
 				puts_verbose ""
@@ -365,6 +399,30 @@ module Carson
 
 		private
 
+			# Refreshes a single governed repository using a scoped Runtime.
+			def refresh_single_repo( repo_path:, repo_name: )
+				if verbose?
+					rt = Runtime.new( repo_root: repo_path, tool_root: tool_root, out: out, err: err, verbose: true )
+				else
+					rt = Runtime.new( repo_root: repo_path, tool_root: tool_root, out: StringIO.new, err: StringIO.new )
+				end
+				status = rt.refresh!
+				label = refresh_status_label( status: status )
+				puts_line "#{repo_name}: #{label}"
+				status
+			rescue StandardError => e
+				puts_line "#{repo_name}: FAIL (#{e.message})"
+				EXIT_ERROR
+			end
+
+			def refresh_status_label( status: )
+				case status
+				when EXIT_OK then "OK"
+				when EXIT_BLOCK then "BLOCK"
+				else "FAIL"
+				end
+			end
+
 			def template_results
 				config.template_managed_files.map { |managed_file| template_result_for_file( managed_file: managed_file ) }
 			end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: carson
 version: !ruby/object:Gem::Version
-  version: 2.12.0
+  version: 2.13.0
 platform: ruby
 authors:
 - Hailei Wang