carson 2.12.0 → 2.13.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87aef62f0df0f4a298b22d5fd2dcc033b3fb8ff382e7c43fcc37399fb9e28b17
-  data.tar.gz: 50120a7c2252236e86736fbab59eeade47b80488c89b2901849b16dc77ed2c7f
+  metadata.gz: d7fde15079ed380bb8c6e4d476fb8157dd7980ea6a250e06706188a645c1d160
+  data.tar.gz: 85a76cdb10a52573ba463a884079178e2b69befe21b8b377bb425f620057bd65
 SHA512:
-  metadata.gz: 790d1b70d2df69440acc5c7d13ed7566b243e3b69a7f6d5735bc6713c275702e72273cd13ff6c958e3635669ea2411af6289eefc69e6782d3182a7dd390e1f61
-  data.tar.gz: e9367dd0605946d9a2f7202c0f41cb2ebebfe6e19b463e606bb88e4e1d719b3c5fbdfc76911bf8b7be1a225f5dbbdd4518b88d5f9f0a5a92ad9a841d11f1f92d
+  metadata.gz: 910cfd8d4ee3095b3ea559ba66bcd372d764043d02131f38d2d75071542aa04e1ea7cf5bdf10ab1aabd792f8ff21762ea31063720c23c719cc361d4313ea38fd
+  data.tar.gz: 236417f25de6aba2640a3ec992c5f756851b931f961f213408f57533533403f20d011cf4169cb8384ed980d58100456e49ea9209ed08fc2bb87a2d9729fcd9e4

data/.github/workflows/carson_policy.yml

@@ -71,7 +71,7 @@ jobs:
         env:
           CARSON_READ_TOKEN: ${{ secrets.CARSON_READ_TOKEN }}
         run: |
-          carson lint setup --source https://github.com/wanghailei/ai.git --ref main --force
+          carson lint policy --source https://github.com/wanghailei/ai.git --ref main --force
           carson prepare
           carson audit
 

data/API.md

@@ -98,8 +98,6 @@ Environment overrides:
 - `CARSON_REVIEW_SWEEP_STATES`
 - `CARSON_WORKFLOW_STYLE`
 - `CARSON_RUBY_INDENTATION`
-- `CARSON_LINT_COMMAND`
-- `CARSON_LINT_ENFORCEMENT`
 - `CARSON_LINT_POLICY_SOURCE`
 
 `lint` schema:
@@ -107,29 +105,17 @@ Environment overrides:
 ```json
 {
   "lint": {
-    "command": "make lint",
-    "enforcement": "strict",
     "policy_source": "wanghailei/lint.git"
   }
 }
 ```
 
 `lint` semantics:
-- `command`: string or array — local lint command executed during `carson audit`. If `null` (default), local lint is skipped.
-- `enforcement`: `"strict"` (default) blocks on lint failure; `"advisory"` warns but does not block.
 - `policy_source`: default source for `carson lint policy` when `--source` is not specified.
 
 Environment overrides:
-- `CARSON_LINT_COMMAND` — overrides `lint.command`.
-- `CARSON_LINT_ENFORCEMENT` — overrides `lint.enforcement`.
 - `CARSON_LINT_POLICY_SOURCE` — overrides `lint.policy_source`.
 
-Lint target file source precedence in `carson audit`:
-- staged files for local commit-time execution.
-- PR changed files in GitHub `pull_request` events.
-- full repository tracked files in GitHub non-PR events.
-- local working-tree changes as fallback.
-
 Private-source clone token for `carson lint policy`:
 - `CARSON_READ_TOKEN` (used when `--source` points to a private GitHub repository).
 

data/MANUAL.md

@@ -27,7 +27,7 @@ carson version
 
 ### Step 1: Prepare your lint policy
 
-Carson distributes lint configuration files from a central policy source — a directory or git repository you control — into each governed repo's `.github/linters/` directory, where MegaLinter auto-discovers them.
+Carson distributes lint configuration files from a central policy source — a directory or git repository you control — into each governed repo's `.github/linters/` directory, where MegaLinter auto-discovers them in CI.
 
 ```bash
 carson lint policy --source /path/to/your-policy-repo
@@ -35,6 +35,8 @@ carson lint policy --source /path/to/your-policy-repo
 
 After this command, `.github/linters/` contains your lint configs (`.rubocop.yml`, `biome.json`, `ruff.toml`, etc.). MegaLinter uses these in CI. Every governed repository gets the same rules — this is how Carson keeps lint consistent across languages.
 
+Carson distributes policy; MegaLinter enforces it. Carson does not run linters itself — that responsibility belongs to MegaLinter in CI and to the developer's own local tooling.
+
 Options:
 - `--source <path-or-git-url>` — where to read policy files from (required).
 - `--ref <git-ref>` — branch or tag when `--source` is a git URL.
@@ -94,9 +96,20 @@ jobs:
 
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
-- `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint setup`.
+- `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint policy`.
 - The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
 
+### MegaLinter in CI
+
+Carson manages a MegaLinter workflow template (`carson-lint.yml`) that is applied to governed repositories via `carson template apply`. MegaLinter auto-discovers lint configs from `.github/linters/` — the same directory populated by `carson lint policy`. This means:
+
+- **Policy source** (your central lint repo) defines the rules.
+- **`carson lint policy`** distributes the rules into each repo.
+- **MegaLinter** (in GitHub Actions) enforces the rules.
+- **`carson govern`** reads CI check status (including MegaLinter results) and acts on it.
+
+Carson's `audit` gates on CI check status reported by GitHub — it does not duplicate MegaLinter's work locally. If MegaLinter fails in CI, `carson govern` classifies the PR accordingly and can dispatch a coding agent to fix the issues.
+
 ## Daily Operations
 
 **Start of work:**
@@ -146,6 +159,12 @@ The loop is built-in and cross-platform — no cron, launchd, or Task Scheduler
 
 Each cycle runs independently: if one cycle fails (network error, GitHub API timeout), the error is logged and the next cycle proceeds normally. Press `Ctrl-C` to stop — Carson exits cleanly with a cycle count summary.
 
+### Govern and Coding Agents
+
+`carson govern` dispatches coding agents (Codex or Claude) when a PR has failing CI checks. The agent receives the failure context and attempts to fix the issues in a follow-up commit. If the agent succeeds, the PR re-enters the governance pipeline. If it fails or times out, the PR is escalated for human attention.
+
+The agent provider is configurable via `govern.agent.provider` (`auto`, `codex`, or `claude`). In `auto` mode, Carson selects the first available provider.
+
 ## Merge Method and Linear History
 
 Carson's `govern.merge.method` controls how `carson govern` merges ready PRs. The options are `squash`, `merge`, and `rebase` (default: `squash`). Set this in `~/.carson/config.json`:
@@ -181,7 +200,7 @@ Carson's `govern.merge.method` controls how `carson govern` merges ready PRs. Th
 These define what Carson *is*. They are not configurable.
 
 - **Outsider boundary** — Carson never places its own artefacts inside a governed repository.
-- **Centralised lint** — one policy source distributed into each repo's `.github/linters/`, zero per-repo drift.
+- **Centralised lint** — one policy source distributed into each repo's `.github/linters/`, zero per-repo drift. MegaLinter enforces it in CI.
 - **Active review** — undisposed reviewer findings block merge; feedback must be acknowledged.
 - **Self-diagnosing output** — every message names the cause and the fix.
 - **Transparent governance** — Carson prepares everything for merge but never makes decisions without telling you.
@@ -241,7 +260,7 @@ Where lint configuration files come from and where they land.
 - Default source: **`wanghailei/lint.git`**. A central repository containing lint configs for all languages.
 - Target: **`<repo>/.github/linters/`**. MegaLinter auto-discovers configs here in CI.
 
-Change: `carson lint policy --source <path-or-git-url>` or `lint.policy_source` in config.
+Change: `carson lint policy --source <path-or-git-url>` or `lint.policy_source` in config. After changing policy, run `carson refresh --all` to propagate to all governed repositories.
 
 #### Scope integrity
 
@@ -332,11 +351,9 @@ carson template apply
 carson template check
 ```
 
-**Audit blocks on lint failure**
-- If `lint.command` is configured and fails, audit blocks (in `strict` mode) or warns (in `advisory` mode). Fix the lint issues and re-run `carson audit`.
-
 **Hook version mismatch after upgrade**
 - Run `carson refresh` to re-apply hooks and templates for the new Carson version.
+- Run `carson refresh --all` to refresh all governed repositories at once.
 
 ## Offboard a Repository
 

data/README.md

@@ -12,12 +12,12 @@ If you govern more than a handful of repositories, you know the pattern: lint co
 
 Carson is an autonomous governance runtime that lives on your workstation and in CI, never inside the repositories it governs. It operates at two levels:
 
-**Per-commit governance** — Carson enforces lint policy, gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions.
+**Per-commit governance** — Carson gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions. Lint execution is handled entirely by MegaLinter in CI and by the developer's own local tooling — Carson distributes the shared lint configuration but does not run linters itself.
 
 **Portfolio-level autonomy** — `carson govern` is a scheduled triage loop that scans all your repositories, classifies every open PR, and acts: merge what's ready, dispatch coding agents (Codex or Claude) to fix what's failing, and escalate what needs human judgement. One command, all your projects, unmanned.
 
 ```
-┌──────────────────────────────────────────────�┐
+┌──────────────────────────────────────────────┐
 │  Your workstation                             │
 │                                               │
 │  ~/.carson/            Carson config          │
@@ -39,12 +39,22 @@ Carson is an autonomous governance runtime that lives on your workstation and in
 
 This separation is Carson's defining trait — the **outsider boundary**: no Carson scripts, config files, or governance payloads are ever placed inside a governed repository.
 
+### The Governance Loop
+
+Carson orchestrates a closed governance loop across three layers:
+
+1. **Policy distribution** — `carson lint policy` distributes shared lint configs from a central source into each repo's `.github/linters/`. This is the single source of truth for lint rules across all governed repositories.
+2. **CI enforcement** — MegaLinter runs in GitHub Actions (via the managed `carson-lint.yml` workflow) and auto-discovers configs from `.github/linters/`. Carson does not run linters — MegaLinter does. Carson's `audit` gates on CI check status reported by GitHub.
+3. **Autonomous triage** — `carson govern` reads CI status (including MegaLinter results), review disposition, and audit health for every open PR. Ready PRs are merged. Failing PRs get a coding agent (Codex or Claude) dispatched to fix them. Stuck PRs are escalated.
+
+Carson's role is governance orchestration — distributing policy, gating on results, and dispatching action. The actual lint execution, CI runs, and code fixes are delegated to specialised tools: MegaLinter for linting, GitHub Actions for CI, and coding agents for remediation.
+
 ## Opinions
 
 Carson is opinionated about governance. These are non-negotiable principles, not configurable defaults:
 
 - **Outsider boundary** — Carson lives outside your repo, never inside. No Carson-owned artefacts in your repository. Offboarding leaves no trace.
-- **Centralised lint** — lint policy distributed from a central source into each repo's `.github/linters/`. One source of truth, zero drift.
+- **Centralised lint** — lint policy distributed from a central source into each repo's `.github/linters/`. One source of truth, zero drift. MegaLinter enforces it in CI.
 - **Active review** — undisposed reviewer findings block merge. Feedback must be acknowledged, not buried.
 - **Self-diagnosing output** — every message names the cause and the fix. If you need to debug Carson's output, the output failed.
 - **Transparent governance** — Carson prepares everything for merge but never oversteps. It does not make decisions for you without telling you.
@@ -78,6 +88,7 @@ The data flow:
 | `carson onboard` | One-command baseline: hooks + templates + first audit. |
 | `carson prepare` | Install or refresh Carson-managed global hooks. |
 | `carson refresh` | Re-apply hooks, templates, and audit after upgrading Carson. |
+| `carson refresh --all` | Refresh all governed repositories at once. |
 | `carson offboard` | Remove Carson from a repository. |
 
 **Daily** — regular development workflow:

data/RELEASE.md

@@ -5,6 +5,28 @@ Release-note scope rule:
 - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
 - Operational usage guides live in `MANUAL.md` and `API.md`.
 
+## 2.13.1 — Guided Governance Registration
+
+### What changed
+
+- After `carson onboard`, Carson now prompts to register the repo for portfolio governance (`govern.repos`). Accept to include it in `carson refresh --all` and `carson govern`; decline to skip.
+- Improved `refresh --all` guidance when no repos are configured — now directs users to `carson onboard`.
+
+## 2.13.0 — Refresh All + Strip Local Lint Execution
+
+### What changed
+
+- **`carson refresh --all`** refreshes every governed repository in a single command. Iterates `govern.repos`, runs hooks + templates + audit on each, prints a per-repo summary line, and returns non-zero if any repo fails. Verbose mode streams full diagnostics per repo.
+- **Removed `lint.command` and `lint.enforcement` config keys.** Local lint execution during `carson audit` has been removed. MegaLinter runs in CI and `carson govern` gates on CI check status — local lint execution was redundant. Carson now focuses on what makes it unique: **policy distribution** via `carson lint policy`. The `lint.policy_source` config key and `carson lint policy --source` command are unchanged.
+- **Removed `CARSON_LINT_COMMAND` and `CARSON_LINT_ENFORCEMENT` environment overrides.**
+- **Removed lint command and enforcement prompts from `carson setup`.**
+
+### Migration
+
+1. Remove `lint.command` and `lint.enforcement` from `~/.carson/config.json` if present — they are now ignored.
+2. Remove `CARSON_LINT_COMMAND` and `CARSON_LINT_ENFORCEMENT` from any CI or shell configuration.
+3. If you relied on local lint during audit, run your lint tool directly (e.g. `make lint`, `trunk check`) or let MegaLinter handle it in CI.
+
 ## 2.12.0 — Language-Agnostic Lint Policy Distribution + MegaLinter
 
 ### What changed

data/SKILL.md

@@ -33,7 +33,6 @@ When you see exit 2, do NOT bypass it. Read the output, fix the root cause, and
 Carson audit output is structured as labelled key-value lines prefixed with ⧓. Key sections:
 
 - **Working Tree** — staged/unstaged status.
-- **Local Lint Quality** — lint command result. `lint_command_status: ok` means clean.
 - **Main Sync Status** — whether local main matches remote. If ahead, reset drift before committing.
 - **Scope Integrity Guard** — checks that commits stay within a single business intent and scope group.
 - **Audit Result** — final verdict: `status: ok` (clean), `status: attention` (advisory, not blocking), `status: block` (must fix).

data/VERSION

@@ -1 +1 @@
-2.12.0
+2.13.1

data/hooks/pre-commit

@@ -14,6 +14,6 @@ fi
 if ! "${carson_command[@]}" audit; then
 	echo "Carson policy: commit blocked by governance audit." >&2
 	echo "Resolve reported policy blocks before committing." >&2
-	echo "If lint policy files are missing, run: carson lint setup --source <path-or-git-url>" >&2
+	echo "If lint policy files are missing, run: carson lint policy --source <path-or-git-url>" >&2
 	exit 1
 fi

data/lib/carson/cli.rb

@@ -12,6 +12,12 @@ module Carson
 				return Runtime::EXIT_OK
 			end
 
+			if command == "refresh:all"
+				verbose = parsed.fetch( :verbose, false )
+				runtime = Runtime.new( repo_root: repo_root, tool_root: tool_root, out: out, err: err, verbose: verbose )
+				return dispatch( parsed: parsed, runtime: runtime )
+			end
+
 			target_repo_root = parsed.fetch( :repo_root, nil )
 			target_repo_root = repo_root if target_repo_root.to_s.strip.empty?
 			unless Dir.exist?( target_repo_root )
@@ -47,7 +53,7 @@ module Carson
 
 		def self.build_parser
 			OptionParser.new do |opts|
-				opts.banner = "Usage: carson [setup|audit|sync|prune|prepare|inspect|onboard [repo_path]|refresh [repo_path]|offboard [repo_path]|template check|template apply|lint policy --source <path-or-git-url>|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|housekeep|version]"
+				opts.banner = "Usage: carson [setup|audit|sync|prune|prepare|inspect|onboard [repo_path]|refresh [--all|repo_path]|offboard [repo_path]|template check|template apply|lint policy --source <path-or-git-url>|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|housekeep|version]"
 			end
 		end
 
@@ -68,8 +74,10 @@ module Carson
 			when "version"
 				parser.parse!( argv )
 				{ command: "version" }
-			when "onboard", "refresh", "offboard"
+			when "onboard", "offboard"
 				parse_repo_path_command( command: command, argv: argv, parser: parser, err: err )
+			when "refresh"
+				parse_refresh_command( argv: argv, parser: parser, err: err )
 			when "template"
 				parse_named_subcommand( command: command, usage: "check|apply", argv: argv, parser: parser, err: err )
 			when "lint"
@@ -99,6 +107,31 @@ module Carson
 			}
 		end
 
+		def self.parse_refresh_command( argv:, parser:, err: )
+			all_flag = argv.delete( "--all" ) ? true : false
+			parser.parse!( argv )
+
+			if all_flag && !argv.empty?
+				err.puts "#{BADGE} --all and repo_path are mutually exclusive. Use: carson refresh --all OR carson refresh [repo_path]"
+				err.puts parser
+				return { command: :invalid }
+			end
+
+			return { command: "refresh:all" } if all_flag
+
+			if argv.length > 1
+				err.puts "#{BADGE} Too many arguments for refresh. Use: carson refresh [repo_path]"
+				err.puts parser
+				return { command: :invalid }
+			end
+
+			repo_path = argv.first
+			{
+				command: "refresh",
+				repo_root: repo_path.to_s.strip.empty? ? nil : File.expand_path( repo_path )
+			}
+		end
+
 		def self.parse_named_subcommand( command:, usage:, argv:, parser:, err: )
 			action = argv.shift
 			parser.parse!( argv )
@@ -206,6 +239,8 @@ module Carson
 				runtime.onboard!
 			when "refresh"
 				runtime.refresh!
+			when "refresh:all"
+				runtime.refresh_all!
 			when "offboard"
 				runtime.offboard!
 			when "template:check"

data/lib/carson/config.rb

@@ -9,7 +9,7 @@ module Carson
 		attr_accessor :git_remote
 		attr_reader :main_branch, :protected_branches, :hooks_base_path, :required_hooks,
 			:path_groups, :template_managed_files,
-			:lint_command, :lint_enforcement, :lint_policy_source,
+			:lint_policy_source,
 			:review_wait_seconds, :review_poll_seconds, :review_max_polls, :review_sweep_window_days,
 			:review_sweep_states, :review_disposition_prefix, :review_risk_keywords,
 			:review_tracking_issue_title, :review_tracking_issue_label, :review_bot_usernames,
@@ -51,8 +51,6 @@ module Carson
 					"managed_files" => [ ".github/carson-instructions.md", ".github/copilot-instructions.md", ".github/CLAUDE.md", ".github/AGENTS.md", ".github/pull_request_template.md", ".github/workflows/carson-lint.yml" ]
 				},
 				"lint" => {
-					"command" => nil,
-					"enforcement" => "strict",
 					"policy_source" => "wanghailei/lint.git"
 				},
 				"workflow" => {
@@ -168,10 +166,6 @@ module Carson
 			advisory_names = env_string_array( key: "CARSON_AUDIT_ADVISORY_CHECK_NAMES" )
 			audit[ "advisory_check_names" ] = advisory_names unless advisory_names.empty?
 			lint = fetch_hash_section( data: copy, key: "lint" )
-			lint_command_env = ENV.fetch( "CARSON_LINT_COMMAND", "" ).to_s.strip
-			lint[ "command" ] = lint_command_env unless lint_command_env.empty?
-			lint_enforcement_env = ENV.fetch( "CARSON_LINT_ENFORCEMENT", "" ).to_s.strip
-			lint[ "enforcement" ] = lint_enforcement_env unless lint_enforcement_env.empty?
 			lint_policy_source_env = ENV.fetch( "CARSON_LINT_POLICY_SOURCE", "" ).to_s.strip
 			lint[ "policy_source" ] = lint_policy_source_env unless lint_policy_source_env.empty?
 			style = fetch_hash_section( data: copy, key: "style" )
@@ -223,8 +217,6 @@ module Carson
 
 			@template_managed_files = fetch_string_array( hash: fetch_hash( hash: data, key: "template" ), key: "managed_files" )
 			lint_hash = fetch_hash( hash: data, key: "lint" )
-			@lint_command = normalize_lint_command_setting( value: lint_hash[ "command" ] )
-			@lint_enforcement = normalize_lint_enforcement( value: lint_hash.fetch( "enforcement", "strict" ) )
 			@lint_policy_source = lint_hash.fetch( "policy_source", "" ).to_s.strip
 
 			workflow_hash = fetch_hash( hash: data, key: "workflow" )
@@ -338,23 +330,6 @@ module Carson
 				patterns
 			end
 
-			def normalize_lint_command_setting( value: )
-				return nil if value.nil?
-				return value.to_s.strip if value.is_a?( String )
-				if value.is_a?( Array )
-					parts = value.map { |entry| entry.to_s.strip }.reject( &:empty? )
-					raise ConfigError, "lint.command array must contain at least one argument" if parts.empty?
-					return parts
-				end
-				raise ConfigError, "lint.command must be a string, array, or null"
-			end
-
-			def normalize_lint_enforcement( value: )
-				text = value.to_s.strip.downcase
-				raise ConfigError, "lint.enforcement must be one of strict, advisory" unless [ "strict", "advisory" ].include?( text )
-				text
-			end
-
 			def fetch_optional_boolean( hash:, key:, default:, key_path: nil )
 				value = hash.fetch( key, default )
 				return true if value == true

data/lib/carson/runtime/audit.rb

@@ -1,5 +1,4 @@
 require "cgi"
-require "open3"
 
 module Carson
 	class Runtime
@@ -24,17 +23,6 @@ module Carson
 					audit_concise_problems << "Hooks: mismatch — run carson prepare."
 				end
 				puts_verbose ""
-				puts_verbose "[Local Lint Quality]"
-				local_lint_quality = local_lint_quality_report
-				if local_lint_quality.fetch( :status ) == "block"
-					audit_state = "block"
-					blocking_langs = local_lint_quality.fetch( :languages ).select { |l| l.fetch( :status ) == "block" }
-					blocking_langs.each do |lang|
-						exit_code = lang.fetch( :exit_code, 1 )
-						audit_concise_problems << "Lint: #{lang.fetch( :language )} failed (exit #{exit_code})."
-					end
-				end
-				puts_verbose ""
 				puts_verbose "[Main Sync Status]"
 				ahead_count, behind_count, main_error = main_sync_counts
 				if main_error
@@ -71,7 +59,6 @@ module Carson
 				audit_state = "attention" if audit_state == "ok" && scope_guard.fetch( :status ) == "attention"
 					write_and_print_pr_monitor_report(
 						report: monitor_report.merge(
-							local_lint_quality: local_lint_quality,
 							default_branch_baseline: default_branch_baseline,
 							audit_status: audit_state
 						)
@@ -162,217 +149,6 @@ module Carson
 					report
 				end
 
-			# Enforces configured lint policy before governance passes.
-			# Runs lint.command and gates on exit code. Skips when lint.command is not set.
-			def local_lint_quality_report
-				unless config.lint_command
-					report = {
-						status: "ok",
-						skip_reason: "lint.command not configured",
-						target_source: "none",
-						target_files_count: 0,
-						blocking_languages: 0,
-						languages: []
-					}
-					puts_verbose "lint: SKIP (lint.command not configured)"
-					return report
-				end
-
-				lint_command_report
-			rescue StandardError => e
-				report = {
-					status: "block",
-					skip_reason: e.message,
-					target_source: "unknown",
-					target_files_count: 0,
-					blocking_languages: 0,
-					languages: []
-				}
-				puts_line "BLOCK: local lint quality check failed (#{e.message})."
-				report
-			end
-
-			# Runs the lint.command and returns a structured report.
-			def lint_command_report
-				target_files, target_source = lint_target_files
-				advisory = config.lint_enforcement == "advisory"
-				command_value = config.lint_command
-				command_string = command_value.is_a?( Array ) ? command_value.join( " " ) : command_value.to_s
-
-				report = {
-					status: "ok",
-					skip_reason: nil,
-					target_source: target_source,
-					target_files_count: target_files.count,
-					blocking_languages: 0,
-					languages: []
-				}
-				puts_verbose "lint_target_source: #{target_source}"
-				puts_verbose "lint_target_files_total: #{target_files.count}"
-				puts_verbose "lint_command: #{command_string}"
-				puts_verbose "lint_enforcement: #{config.lint_enforcement}"
-
-				args = command_string.split( /\s+/ )
-				command_name = args.first.to_s.strip
-				unless command_available_for_lint?( command_name: command_name )
-					language_report = {
-						language: "lint.command",
-						enabled: true,
-						status: "block",
-						reason: "command not available: #{command_name}",
-						file_count: target_files.count,
-						files: target_files,
-						command: args,
-						config_files: [],
-						exit_code: EXIT_BLOCK
-					}
-					report[ :languages ] << language_report
-					report[ :status ] = advisory ? "ok" : "block"
-					report[ :blocking_languages ] = advisory ? 0 : 1
-					puts_verbose "lint_command_status: #{language_report.fetch( :status )}"
-					puts_line "WARN: lint command not available: #{command_name}" if advisory
-					return report
-				end
-
-				stdout_text, stderr_text, success, exit_code = local_command( *args )
-				language_report = {
-					language: "lint.command",
-					enabled: true,
-					status: success ? "ok" : "block",
-					reason: success ? nil : summarise_command_output(
-						stdout_text: stdout_text,
-						stderr_text: stderr_text,
-						fallback: "lint command failed"
-					),
-					file_count: target_files.count,
-					files: target_files,
-					command: args,
-					config_files: [],
-					exit_code: exit_code
-				}
-				report[ :languages ] << language_report
-
-				unless success
-					if advisory
-						report[ :status ] = "ok"
-						puts_verbose "lint_command_status: advisory_warn (exit #{exit_code})"
-						puts_line "WARN: lint command failed (exit #{exit_code}) — advisory mode, not blocking."
-					else
-						report[ :status ] = "block"
-						report[ :blocking_languages ] = 1
-						puts_verbose "lint_command_status: block (exit #{exit_code})"
-					end
-				else
-					puts_verbose "lint_command_status: ok"
-				end
-
-				report
-			end
-
-			# File selection precedence:
-			# 1) staged files for local commit-time execution
-			# 2) PR changed files in GitHub pull_request events
-			# 3) full repository tracked files in GitHub non-PR events
-			# 4) local working-tree changed files as fallback
-			def lint_target_files
-				staged = existing_repo_files( paths: staged_files )
-				return [ staged, "staged" ] unless staged.empty?
-
-				if github_pull_request_event?
-					files = lint_target_files_for_pull_request
-					return [ files, "github_pull_request" ] unless files.nil?
-					puts_verbose "WARN: unable to resolve pull request changed files; falling back to full repository files."
-				end
-
-				if github_actions_environment?
-					return [ lint_target_files_for_non_pr_ci, "github_full_repository" ]
-				end
-
-				[ existing_repo_files( paths: changed_files ), "working_tree" ]
-			end
-
-			def lint_target_files_for_pull_request
-				base_ref = ENV.fetch( "GITHUB_BASE_REF", "" ).to_s.strip
-				return nil if base_ref.empty?
-
-				remote_name = config.git_remote
-				unless git_remote_exists?( remote_name: remote_name )
-					remote_name = "origin" if git_remote_exists?( remote_name: "origin" )
-				end
-
-				_, _, fetch_success, = git_run( "fetch", "--no-tags", "--depth", "1", remote_name, base_ref )
-				return nil unless fetch_success
-
-				base = "#{remote_name}/#{base_ref}"
-				stdout_text, _, success, = git_run(
-					"diff", "--name-only", "--diff-filter=ACMRTUXB", "#{base}...HEAD"
-				)
-				return nil unless success
-
-				paths = stdout_text.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				existing_repo_files( paths: paths )
-			end
-
-			def lint_target_files_for_non_pr_ci
-				stdout_text = git_capture!( "ls-files" )
-				paths = stdout_text.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				existing_repo_files( paths: paths )
-			end
-
-			def github_actions_environment?
-				ENV.fetch( "GITHUB_ACTIONS", "" ).to_s.strip.casecmp( "true" ).zero?
-			end
-
-			def github_pull_request_event?
-				return false unless github_actions_environment?
-
-				event_name = ENV.fetch( "GITHUB_EVENT_NAME", "" ).to_s.strip
-				[ "pull_request", "pull_request_target" ].include?( event_name )
-			end
-
-			def existing_repo_files( paths: )
-				Array( paths ).map do |relative|
-					next if relative.to_s.strip.empty?
-					absolute = resolve_repo_path!( relative_path: relative, label: "lint target file #{relative}" )
-					next unless File.file?( absolute )
-					relative
-				end.compact.uniq
-			end
-
-			def command_available_for_lint?( command_name: )
-				return false if command_name.to_s.strip.empty?
-
-				if command_name.include?( "/" )
-					path = if command_name.start_with?( "~" )
-						File.expand_path( command_name )
-					elsif command_name.start_with?( "/" )
-						command_name
-					else
-						File.expand_path( command_name, repo_root )
-					end
-					return File.executable?( path )
-				end
-				path_entries = ENV.fetch( "PATH", "" ).split( File::PATH_SEPARATOR )
-				path_entries.any? do |entry|
-					next false if entry.to_s.strip.empty?
-					File.executable?( File.join( entry, command_name ) )
-				end
-			end
-
-			# Local command runner for repository-context tools used by audit lint checks.
-			def local_command( *args )
-				stdout_text, stderr_text, status = Open3.capture3( *args, chdir: repo_root )
-				[ stdout_text, stderr_text, status.success?, status.exitstatus ]
-			end
-
-			# Compacts command output to one-line diagnostics for audit logs and JSON report payloads.
-			def summarise_command_output( stdout_text:, stderr_text:, fallback: )
-				combined = [ stderr_text.to_s, stdout_text.to_s ].join( "\n" )
-				lines = combined.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				return fallback if lines.empty?
-				lines.first( 12 ).join( " | " )
-			end
-
 			# Evaluates default-branch CI health so stale workflow drift blocks before merge.
 			def default_branch_ci_baseline_report
 				report = {
@@ -630,28 +406,6 @@ module Carson
 					checks.fetch( :pending ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
 				end
 				lines << ""
-				lines << "## Local Lint Quality"
-				lint_quality = report[ :local_lint_quality ]
-				if lint_quality.nil?
-					lines << "- not available"
-				else
-					lines << "- Status: #{lint_quality.fetch( :status )}"
-					lines << "- Skip reason: #{lint_quality.fetch( :skip_reason )}" unless lint_quality.fetch( :skip_reason ).nil?
-					lines << "- Target source: #{lint_quality.fetch( :target_source )}"
-					lines << "- Target files: #{lint_quality.fetch( :target_files_count )}"
-					lines << "- Blocking languages: #{lint_quality.fetch( :blocking_languages )}"
-					lines << ""
-					lines << "### Language Results"
-					if lint_quality.fetch( :languages ).empty?
-						lines << "- none"
-					else
-						lint_quality.fetch( :languages ).each do |entry|
-							lines << "- #{entry.fetch( :language )}: status=#{entry.fetch( :status )} files=#{entry.fetch( :file_count )} exit=#{entry.fetch( :exit_code )}"
-							lines << "  reason: #{entry.fetch( :reason )}" unless entry.fetch( :reason ).nil?
-						end
-					end
-				end
-				lines << ""
 				lines << "## Default Branch CI Baseline"
 				baseline = report[ :default_branch_baseline ]
 				if baseline.nil?

data/lib/carson/runtime/local.rb

@@ -247,6 +247,41 @@ module Carson
 				audit_status
 			end
 
+			# Re-applies hooks, templates, and audit across all governed repositories.
+			def refresh_all!
+				repos = config.govern_repos
+				if repos.empty?
+					puts_line "No governed repositories configured."
+					puts_line "  Run carson onboard in each repo to register."
+					return EXIT_ERROR
+				end
+
+				puts_line ""
+				puts_line "Refresh all (#{repos.length} repo#{plural_suffix( count: repos.length )})"
+				refreshed = 0
+				failed = 0
+
+				repos.each do |repo_path|
+					repo_name = File.basename( repo_path )
+					unless Dir.exist?( repo_path )
+						puts_line "#{repo_name}: FAIL (path not found)"
+						failed += 1
+						next
+					end
+
+					status = refresh_single_repo( repo_path: repo_path, repo_name: repo_name )
+					if status == EXIT_ERROR
+						failed += 1
+					else
+						refreshed += 1
+					end
+				end
+
+				puts_line ""
+				puts_line "Refresh all complete: #{refreshed} refreshed, #{failed} failed."
+				failed.zero? ? EXIT_OK : EXIT_ERROR
+			end
+
 			# Removes Carson-managed repository integration so a host repository can retire Carson cleanly.
 			def offboard!
 				puts_verbose ""
@@ -365,6 +400,30 @@ module Carson
 
 		private
 
+			# Refreshes a single governed repository using a scoped Runtime.
+			def refresh_single_repo( repo_path:, repo_name: )
+				if verbose?
+					rt = Runtime.new( repo_root: repo_path, tool_root: tool_root, out: out, err: err, verbose: true )
+				else
+					rt = Runtime.new( repo_root: repo_path, tool_root: tool_root, out: StringIO.new, err: StringIO.new )
+				end
+				status = rt.refresh!
+				label = refresh_status_label( status: status )
+				puts_line "#{repo_name}: #{label}"
+				status
+			rescue StandardError => e
+				puts_line "#{repo_name}: FAIL (#{e.message})"
+				EXIT_ERROR
+			end
+
+			def refresh_status_label( status: )
+				case status
+				when EXIT_OK then "OK"
+				when EXIT_BLOCK then "BLOCK"
+				else "FAIL"
+				end
+			end
+
 			def template_results
 				config.template_managed_files.map { |managed_file| template_result_for_file( managed_file: managed_file ) }
 			end
@@ -755,6 +814,9 @@ module Carson
 				puts_line ""
 				puts_line "Carson is ready. Workflow: #{config.workflow_style}"
 				puts_line "Reconfigure anytime: carson setup"
+
+				prompt_govern_registration! if self.in.respond_to?( :tty? ) && self.in.tty?
+
 				audit_status
 			end
 

data/lib/carson/runtime/setup.rb

@@ -39,11 +39,6 @@ module Carson
 				merge_choice = prompt_merge_method
 				choices[ "govern.merge.method" ] = merge_choice unless merge_choice.nil?
 
-				lint_command_choice = prompt_lint_command
-				choices[ "lint.command" ] = lint_command_choice unless lint_command_choice.nil?
-
-				lint_enforcement_choice = prompt_lint_enforcement
-				choices[ "lint.enforcement" ] = lint_enforcement_choice unless lint_enforcement_choice.nil?
 
 				write_setup_config( choices: choices )
 			end
@@ -148,34 +143,6 @@ module Carson
 				prompt_choice( options: options, default: 0 )
 			end
 
-			def prompt_lint_command
-				puts_line ""
-				puts_line "Lint command"
-				options = [
-					{ label: "make lint", value: "make lint" },
-					{ label: "trunk check (Recommended)", value: "trunk check" },
-					{ label: "Other (enter command)", value: :other },
-					{ label: "Skip (no local lint)", value: nil }
-				]
-				choice = prompt_choice( options: options, default: 1 )
-
-				if choice == :other
-					prompt_custom_value( label: "Lint command" )
-				else
-					choice
-				end
-			end
-
-			def prompt_lint_enforcement
-				puts_line ""
-				puts_line "Lint enforcement"
-				options = [
-					{ label: "strict — block on lint failure (default)", value: "strict" },
-					{ label: "advisory — warn but don't block", value: "advisory" }
-				]
-				prompt_choice( options: options, default: 0 )
-			end
-
 			def prompt_choice( options:, default: )
 				options.each_with_index do |option, index|
 					puts_line "  #{index + 1}) #{option.fetch( :label )}"
@@ -374,6 +341,56 @@ module Carson
 				path = Config.global_config_path( repo_root: repo_root )
 				!path.empty? && File.file?( path )
 			end
+
+			# After onboard succeeds, offer to register the repo for portfolio governance.
+			def prompt_govern_registration!
+				expanded = File.expand_path( repo_root )
+				if config.govern_repos.include?( expanded )
+					puts_verbose "govern_registration: already registered #{expanded}"
+					return
+				end
+
+				puts_line ""
+				puts_line "Portfolio governance"
+				puts_line "  Register this repo so carson refresh --all and carson govern include it?"
+				accepted = prompt_yes_no( default: true )
+				if accepted
+					append_govern_repo!( repo_path: expanded )
+					puts_line "Registered."
+				else
+					puts_line "Skipped. Re-run carson onboard to register later."
+				end
+			end
+
+			# Reusable Y/n prompt following existing prompt_choice conventions.
+			def prompt_yes_no( default: true )
+				hint = default ? "Y/n" : "y/N"
+				out.print "#{BADGE} [#{hint}]: "
+				out.flush
+				raw = self.in.gets
+				return default if raw.nil?
+
+				input = raw.to_s.strip.downcase
+				return default if input.empty?
+
+				input.start_with?( "y" )
+			end
+
+			# Appends a repo path to govern.repos without replacing the array via deep_merge.
+			def append_govern_repo!( repo_path: )
+				config_path = Config.global_config_path( repo_root: repo_root )
+				return if config_path.empty?
+
+				existing_data = load_existing_config( path: config_path )
+				existing_data[ "govern" ] ||= {}
+				repos = Array( existing_data[ "govern" ][ "repos" ] )
+				repos << repo_path
+				existing_data[ "govern" ][ "repos" ] = repos.uniq
+
+				FileUtils.mkdir_p( File.dirname( config_path ) )
+				File.write( config_path, JSON.pretty_generate( existing_data ) )
+				reload_config_after_setup!
+			end
 		end
 
 		include Setup

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: carson
 version: !ruby/object:Gem::Version
-  version: 2.12.0
+  version: 2.13.1
 platform: ruby
 authors:
 - Hailei Wang