carson 2.13.0 → 2.13.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbc67303ff1efe52235731586e0fb13830d943764edfb67119ff3b8cd5605102
-  data.tar.gz: 6facbe0d10eebe0ef1f89d491799fa65d2993221574b1d3e7e898d82e3c0fc32
+  metadata.gz: 8d19271a17424021f6b4ef1ceabe73275feb47c54965175fbd5fbd1a2b6f869b
+  data.tar.gz: 8011d1e680ba9331e99bd8254b0b07605f64ed1856baa6a62b53ec1f6eb98c7c
 SHA512:
-  metadata.gz: c606ed005e274ab872ccf9b50da945edcc8bffcf2a7e146679e0f6f9673c572d826a679e9575d9866a4c91ffe71ca648a89b415237cb63e97f7d023ffa05a453
-  data.tar.gz: fc3e7c8ba85a437aafc643f498c381bb8f617ee71c5527b08462af993f1b94cbcf51dbfc9298dd45b3dee92dbfad45c611513e449114051878e4c8239e4b7c23
+  metadata.gz: 51be2370d394a2b83169b5ca543339a8949ec0a8cb969430e934d7a22977e3e085997c7d6f89006a7d128abb9a8f426c5f22327555a6d26f85c89c186eb25dc9
+  data.tar.gz: 9bc89f7a0f84f70d21c0a38ec5cca6b84d961ebab815bfb826f86a1316139915093f378fbbf8d52f9696d9445bacbe3d5677b3c78e14e6a9542b334128adfbb3

data/API.md

@@ -98,38 +98,57 @@ Environment overrides:
 - `CARSON_REVIEW_SWEEP_STATES`
 - `CARSON_WORKFLOW_STYLE`
 - `CARSON_RUBY_INDENTATION`
-- `CARSON_LINT_COMMAND`
-- `CARSON_LINT_ENFORCEMENT`
 - `CARSON_LINT_POLICY_SOURCE`
+- `CARSON_GOVERN_REPOS`
+- `CARSON_GOVERN_MERGE_AUTHORITY`
+- `CARSON_GOVERN_MERGE_METHOD`
+- `CARSON_GOVERN_AGENT_PROVIDER`
+- `CARSON_GOVERN_CHECK_WAIT`
+
+`govern` schema:
+
+```json
+{
+  "govern": {
+    "repos": ["~/Dev/project-a", "~/Dev/project-b"],
+    "agent": {
+      "provider": "auto",
+      "codex": {},
+      "claude": {}
+    },
+    "check_wait": 30,
+    "merge": {
+      "authority": false,
+      "method": "squash"
+    }
+  }
+}
+```
+
+`govern` semantics:
+- `repos`: list of local repo paths to govern (empty = current repo only).
+- `agent.provider`: `"auto"`, `"codex"`, or `"claude"`.
+- `agent.codex` / `agent.claude`: provider-specific options (reserved).
+- `check_wait`: seconds to wait for CI checks before classifying (default: `30`).
+- `merge.authority`: `false` (default) — Carson does not merge until explicitly enabled.
+- `merge.method`: `"squash"` (default), `"merge"`, or `"rebase"`.
 
 `lint` schema:
 
 ```json
 {
   "lint": {
-    "command": "make lint",
-    "enforcement": "strict",
     "policy_source": "wanghailei/lint.git"
   }
 }
 ```
 
 `lint` semantics:
-- `command`: string or array — local lint command executed during `carson audit`. If `null` (default), local lint is skipped.
-- `enforcement`: `"strict"` (default) blocks on lint failure; `"advisory"` warns but does not block.
 - `policy_source`: default source for `carson lint policy` when `--source` is not specified.
 
 Environment overrides:
-- `CARSON_LINT_COMMAND` — overrides `lint.command`.
-- `CARSON_LINT_ENFORCEMENT` — overrides `lint.enforcement`.
 - `CARSON_LINT_POLICY_SOURCE` — overrides `lint.policy_source`.
 
-Lint target file source precedence in `carson audit`:
-- staged files for local commit-time execution.
-- PR changed files in GitHub `pull_request` events.
-- full repository tracked files in GitHub non-PR events.
-- local working-tree changes as fallback.
-
 Private-source clone token for `carson lint policy`:
 - `CARSON_READ_TOKEN` (used when `--source` points to a private GitHub repository).
 

data/MANUAL.md

@@ -27,7 +27,7 @@ carson version
 
 ### Step 1: Prepare your lint policy
 
-Carson distributes lint configuration files from a central policy source — a directory or git repository you control — into each governed repo's `.github/linters/` directory, where MegaLinter auto-discovers them.
+Carson distributes lint configuration files from a central policy source — a directory or git repository you control — into each governed repo's `.github/linters/` directory, where MegaLinter auto-discovers them in CI.
 
 ```bash
 carson lint policy --source /path/to/your-policy-repo
@@ -35,6 +35,8 @@ carson lint policy --source /path/to/your-policy-repo
 
 After this command, `.github/linters/` contains your lint configs (`.rubocop.yml`, `biome.json`, `ruff.toml`, etc.). MegaLinter uses these in CI. Every governed repository gets the same rules — this is how Carson keeps lint consistent across languages.
 
+Carson distributes policy; MegaLinter enforces it. Carson does not run linters itself — that responsibility belongs to MegaLinter in CI and to the developer's own local tooling.
+
 Options:
 - `--source <path-or-git-url>` — where to read policy files from (required).
 - `--ref <git-ref>` — branch or tag when `--source` is a git URL.
@@ -97,6 +99,17 @@ Notes:
 - `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint policy`.
 - The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
 
+### MegaLinter in CI
+
+Carson manages a MegaLinter workflow template (`carson-lint.yml`) that is applied to governed repositories via `carson template apply`. MegaLinter auto-discovers lint configs from `.github/linters/` — the same directory populated by `carson lint policy`. This means:
+
+- **Policy source** (your central lint repo) defines the rules.
+- **`carson lint policy`** distributes the rules into each repo.
+- **MegaLinter** (in GitHub Actions) enforces the rules.
+- **`carson govern`** reads CI check status (including MegaLinter results) and acts on it.
+
+Carson's `audit` gates on CI check status reported by GitHub — it does not duplicate MegaLinter's work locally. If MegaLinter fails in CI, `carson govern` classifies the PR accordingly and can dispatch a coding agent to fix the issues.
+
 ## Daily Operations
 
 **Start of work:**
@@ -146,6 +159,12 @@ The loop is built-in and cross-platform — no cron, launchd, or Task Scheduler
 
 Each cycle runs independently: if one cycle fails (network error, GitHub API timeout), the error is logged and the next cycle proceeds normally. Press `Ctrl-C` to stop — Carson exits cleanly with a cycle count summary.
 
+### Govern and Coding Agents
+
+`carson govern` dispatches coding agents (Codex or Claude) when a PR has failing CI checks. The agent receives the failure context and attempts to fix the issues in a follow-up commit. If the agent succeeds, the PR re-enters the governance pipeline. If it fails or times out, the PR is escalated for human attention.
+
+The agent provider is configurable via `govern.agent.provider` (`auto`, `codex`, or `claude`). In `auto` mode, Carson selects the first available provider.
+
 ## Merge Method and Linear History
 
 Carson's `govern.merge.method` controls how `carson govern` merges ready PRs. The options are `squash`, `merge`, and `rebase` (default: `squash`). Set this in `~/.carson/config.json`:
@@ -181,7 +200,7 @@ Carson's `govern.merge.method` controls how `carson govern` merges ready PRs. Th
 These define what Carson *is*. They are not configurable.
 
 - **Outsider boundary** — Carson never places its own artefacts inside a governed repository.
-- **Centralised lint** — one policy source distributed into each repo's `.github/linters/`, zero per-repo drift.
+- **Centralised lint** — one policy source distributed into each repo's `.github/linters/`, zero per-repo drift. MegaLinter enforces it in CI.
 - **Active review** — undisposed reviewer findings block merge; feedback must be acknowledged.
 - **Self-diagnosing output** — every message names the cause and the fix.
 - **Transparent governance** — Carson prepares everything for merge but never makes decisions without telling you.
@@ -332,9 +351,6 @@ carson template apply
 carson template check
 ```
 
-**Audit blocks on lint failure**
-- If `lint.command` is configured and fails, audit blocks (in `strict` mode) or warns (in `advisory` mode). Fix the lint issues and re-run `carson audit`.
-
 **Hook version mismatch after upgrade**
 - Run `carson refresh` to re-apply hooks and templates for the new Carson version.
 - Run `carson refresh --all` to refresh all governed repositories at once.

data/README.md

@@ -2,22 +2,26 @@
 
 # ⧓ Carson
 
+*Carson at your service.*
+
 Named after the head of household in Downton Abbey, Carson is your repositories' autonomous governance runtime — you write the code, Carson manages everything else. From commit-time checks through PR triage, agent dispatch, merge, and cleanup, Carson runs the household with discipline and professional standards. Carson itself has no intelligence — it follows a deterministic decision tree. The intelligence comes from the coding agents it dispatches (Codex, Claude) to fix problems.
 
-## The Problem
+## The Problem to Solve
+
+Managing a growing portfolio of repositories is rewarding work — but the operational overhead scales faster than the code itself. Lint configs drift between repos, PR templates go stale, reviewer feedback gets quietly buried, and what passes on a developer's laptop fails in CI. When coding agents start producing PRs across multiple projects, the coordination load multiplies: checking results, dispatching fixes, clicking merge, cleaning up branches.
 
-If you govern more than a handful of repositories, you know the pattern: lint configs drift between repos, PR templates go stale, reviewer feedback gets quietly ignored, and what passes on a developer's laptop fails in CI. Across a portfolio of projects with coding agents producing many PRs, you become the bottleneck — manually checking results, dispatching fixes, clicking merge, and cleaning up.
+Carson exists so you can focus on what matters — building — while governance runs itself.
 
 ## How Carson Works
 
 Carson is an autonomous governance runtime that lives on your workstation and in CI, never inside the repositories it governs. It operates at two levels:
 
-**Per-commit governance** — Carson enforces lint policy, gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions.
+**Per-commit governance** — Carson gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions. Lint execution is handled entirely by MegaLinter in CI and by the developer's own local tooling — Carson distributes the shared lint configuration but does not run linters itself.
 
-**Portfolio-level autonomy** — `carson govern` is a scheduled triage loop that scans all your repositories, classifies every open PR, and acts: merge what's ready, dispatch coding agents (Codex or Claude) to fix what's failing, and escalate what needs human judgement. One command, all your projects, unmanned.
+**Portfolio-level autonomy** — `carson govern` is a triage loop that scans your registered repositories, classifies every open PR, and acts: merge what's ready, dispatch coding agents (Codex or Claude) to fix what's failing, and escalate what needs human judgement. One command, all your projects, unmanned.
 
 ```
-┌──────────────────────────────────────────────�┐
+┌──────────────────────────────────────────────┐
 │  Your workstation                             │
 │                                               │
 │  ~/.carson/            Carson config          │
@@ -39,71 +43,27 @@ Carson is an autonomous governance runtime that lives on your workstation and in
 
 This separation is Carson's defining trait — the **outsider boundary**: no Carson scripts, config files, or governance payloads are ever placed inside a governed repository.
 
+### The Governance Loop
+
+Carson orchestrates a closed governance loop across three layers:
+
+1. **Policy distribution** — `carson lint policy` distributes shared lint configs from a central source into each repo's `.github/linters/`. This is the single source of truth for lint rules across all governed repositories.
+2. **CI enforcement** — MegaLinter runs in GitHub Actions (via the managed `carson-lint.yml` workflow) and auto-discovers configs from `.github/linters/`. Carson does not run linters — MegaLinter does. Carson's `audit` gates on CI check status reported by GitHub.
+3. **Autonomous triage** — `carson govern` reads CI status (including MegaLinter results), review disposition, and audit health for every open PR. Ready PRs are merged. Failing PRs get a coding agent (Codex or Claude) dispatched to fix them. Stuck PRs are escalated.
+
+Carson's role is governance orchestration — distributing policy, gating on results, and dispatching action. The actual lint execution, CI runs, and code fixes are delegated to specialised tools: MegaLinter for linting, GitHub Actions for CI, and coding agents for remediation.
+
 ## Opinions
 
 Carson is opinionated about governance. These are non-negotiable principles, not configurable defaults:
 
 - **Outsider boundary** — Carson lives outside your repo, never inside. No Carson-owned artefacts in your repository. Offboarding leaves no trace.
-- **Centralised lint** — lint policy distributed from a central source into each repo's `.github/linters/`. One source of truth, zero drift.
+- **Centralised lint** — lint policy distributed from a central source into each repo's `.github/linters/`. One source of truth, zero drift. MegaLinter enforces it in CI.
 - **Active review** — undisposed reviewer findings block merge. Feedback must be acknowledged, not buried.
 - **Self-diagnosing output** — every message names the cause and the fix. If you need to debug Carson's output, the output failed.
 - **Transparent governance** — Carson prepares everything for merge but never oversteps. It does not make decisions for you without telling you.
 
-Everything else — workflow style, merge method, remote name, main branch — is a configurable default chosen during `carson setup`. See `MANUAL.md` for the full list of defaults and why each was chosen.
-
-The data flow:
-
-1. You maintain a **policy source** — a directory or git repository containing your lint config files (e.g. `.rubocop.yml`, `biome.json`, `ruff.toml`). `carson lint policy --source <repo>` copies these into each governed repo's `.github/linters/`, where MegaLinter auto-discovers them.
-2. `carson onboard` installs git hooks, synchronises `.github/*` templates (including a MegaLinter CI workflow), and runs a first governance audit on a host repository.
-3. From that point, every commit triggers `carson audit` through the managed `pre-commit` hook. The same `carson audit` runs in GitHub Actions. If it passes locally, it passes in CI.
-4. `carson review gate` enforces review accountability: it blocks merge until every actionable reviewer comment has been formally acknowledged by the PR author through a **disposition comment**.
-5. `carson govern` triages all open PRs across your portfolio. Ready PRs are merged and housekept. Failing PRs get a coding agent dispatched to fix them. Stuck PRs are escalated for your attention.
-
-## Commands at a Glance
-
-**Govern** — autonomous portfolio management:
-
-| Command | What it does |
-|---|---|
-| `carson govern` | Triage all open PRs: merge ready ones, dispatch agents for failures, escalate the rest. |
-| `carson govern --dry-run` | Show what Carson would do without taking action. |
-| `carson govern --loop SECONDS` | Run the govern cycle continuously, sleeping SECONDS between cycles. |
-| `carson housekeep` | Sync main + prune stale branches (also runs automatically after govern merges). |
-
-**Setup** — run once per machine or per repository:
-
-| Command | What it does |
-|---|---|
-| `carson lint policy --source <repo>` | Distribute lint configs from policy source into `.github/linters/`. |
-| `carson onboard` | One-command baseline: hooks + templates + first audit. |
-| `carson prepare` | Install or refresh Carson-managed global hooks. |
-| `carson refresh` | Re-apply hooks, templates, and audit after upgrading Carson. |
-| `carson refresh --all` | Refresh all governed repositories at once. |
-| `carson offboard` | Remove Carson from a repository. |
-
-**Daily** — regular development workflow:
-
-| Command | What it does |
-|---|---|
-| `carson audit` | Full governance check (also runs automatically on every commit). |
-| `carson sync` | Fast-forward local `main` from remote. |
-| `carson prune` | Remove stale local branches whose upstream is gone. |
-| `carson template check` | Detect drift between managed and host `.github/*` files. |
-| `carson template apply` | Repair drifted `.github/*` files. |
-
-**Review** — PR merge readiness:
-
-| Command | What it does |
-|---|---|
-| `carson review gate` | Block or approve merge based on unresolved review comments. |
-| `carson review sweep` | Scan recent PRs and update a tracking issue for late feedback. |
-
-**Info**:
-
-| Command | What it does |
-|---|---|
-| `carson version` | Print installed version. |
-| `carson inspect` | Verify Carson-managed hook installation and repository setup. |
+Everything else bends to your preference. Which branch is main, how PRs are merged, which repositories to govern, which coding agent to dispatch, where your lint policy lives — Carson asks during setup and remembers. Sensible defaults are provided; you only change what matters to you. See `MANUAL.md` for the full list.
 
 ## Quickstart
 
@@ -111,7 +71,6 @@ Prerequisites: Ruby `>= 3.4`, `git`, and `gem` in your PATH.
 `gh` (GitHub CLI) is recommended for full review governance features.
 
 ```bash
-# Install
 gem install --user-install carson
 carson version
 ```
@@ -135,7 +94,7 @@ After `carson onboard`, your repository has:
 
 Commit the generated `.github/*` changes, and the repository is governed.
 
-**Daily workflow:**
+**Run governance across your portfolio:**
 
 ```bash
 carson govern --dry-run     # see what Carson would do across all repos
@@ -143,18 +102,9 @@ carson govern               # triage PRs, merge ready ones, dispatch agents, hou
 carson govern --loop 300    # run continuously, cycling every 5 minutes
 ```
 
-Or the individual commands if you prefer manual control:
-
-```bash
-carson audit                # full governance check
-carson review gate          # block or approve merge based on review status
-carson sync                 # fast-forward local main
-carson prune                # clean up stale local branches
-```
-
 ## Where to Read Next
 
-- **MANUAL.md** — installation, first-time setup, CI configuration, daily operations, troubleshooting.
+- **MANUAL.md** — installation, first-time setup, CI configuration, daily operations, full command reference, troubleshooting.
 - **API.md** — formal interface contract: commands, exit codes, configuration schema.
 - **RELEASE.md** — version history and upgrade actions.
 - **docs/define.md** — product definition and scope.

data/RELEASE.md

@@ -5,11 +5,35 @@ Release-note scope rule:
 - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
 - Operational usage guides live in `MANUAL.md` and `API.md`.
 
-## 2.13.0 — Refresh All Governed Repositories
+## 2.13.2 — Docs Refresh
+
+### What changed
+
+- Updated `docs/define.md`: added missing in-scope commands (`govern`, `housekeep`, `refresh --all`, `lint policy`); corrected out-of-scope merge authority statement.
+- Updated `docs/plan.md`: corrected test counts, added `prompt.rb` and `runtime_refresh_all_test.rb` to file structure, added `--loop SECONDS` and `refresh --all` to CLI section, updated delivery status.
+- Updated `API.md`: added `govern` config schema and environment overrides.
+
+## 2.13.1 — Guided Governance Registration
+
+### What changed
+
+- After `carson onboard`, Carson now prompts to register the repo for portfolio governance (`govern.repos`). Accept to include it in `carson refresh --all` and `carson govern`; decline to skip.
+- Improved `refresh --all` guidance when no repos are configured — now directs users to `carson onboard`.
+
+## 2.13.0 — Refresh All + Strip Local Lint Execution
 
 ### What changed
 
 - **`carson refresh --all`** refreshes every governed repository in a single command. Iterates `govern.repos`, runs hooks + templates + audit on each, prints a per-repo summary line, and returns non-zero if any repo fails. Verbose mode streams full diagnostics per repo.
+- **Removed `lint.command` and `lint.enforcement` config keys.** Local lint execution during `carson audit` has been removed. MegaLinter runs in CI and `carson govern` gates on CI check status — local lint execution was redundant. Carson now focuses on what makes it unique: **policy distribution** via `carson lint policy`. The `lint.policy_source` config key and `carson lint policy --source` command are unchanged.
+- **Removed `CARSON_LINT_COMMAND` and `CARSON_LINT_ENFORCEMENT` environment overrides.**
+- **Removed lint command and enforcement prompts from `carson setup`.**
+
+### Migration
+
+1. Remove `lint.command` and `lint.enforcement` from `~/.carson/config.json` if present — they are now ignored.
+2. Remove `CARSON_LINT_COMMAND` and `CARSON_LINT_ENFORCEMENT` from any CI or shell configuration.
+3. If you relied on local lint during audit, run your lint tool directly (e.g. `make lint`, `trunk check`) or let MegaLinter handle it in CI.
 
 ## 2.12.0 — Language-Agnostic Lint Policy Distribution + MegaLinter
 

data/SKILL.md

@@ -33,7 +33,6 @@ When you see exit 2, do NOT bypass it. Read the output, fix the root cause, and
 Carson audit output is structured as labelled key-value lines prefixed with ⧓. Key sections:
 
 - **Working Tree** — staged/unstaged status.
-- **Local Lint Quality** — lint command result. `lint_command_status: ok` means clean.
 - **Main Sync Status** — whether local main matches remote. If ahead, reset drift before committing.
 - **Scope Integrity Guard** — checks that commits stay within a single business intent and scope group.
 - **Audit Result** — final verdict: `status: ok` (clean), `status: attention` (advisory, not blocking), `status: block` (must fix).

data/VERSION

@@ -1 +1 @@
-2.13.0
+2.13.2

data/carson.gemspec

@@ -7,8 +7,8 @@ Gem::Specification.new do |spec|
 	spec.version = Carson::VERSION
 	spec.authors = [ "Hailei Wang" ]
 	spec.email = [ "wanghailei@users.noreply.github.com" ]
-	spec.summary = "Autonomous governance runtime — lint, review gates, PR triage, and merge across repositories."
-	spec.description = "Carson lives outside the repositories it governs. On every commit it enforces centralised lint policy and scope checks. On PRs it gates merge on unresolved reviewer feedback, dispatches coding agents to fix CI failures, merges passing PRs, and housekeeps branches. Runs locally and in GitHub Actions."
+	spec.summary = "Autonomous repository governance — you write the code, Carson manages everything else."
+	spec.description = "Carson is a governance runtime that lives outside the repositories it governs — no Carson-owned artefacts in your repo. On every commit, managed hooks enforce centralised lint policy and review gates. At portfolio level, carson govern triages every open PR across your registered repositories: merge what's ready, dispatch coding agents to fix what's failing, escalate what needs human judgement. One command, all your projects, unmanned."
 	spec.homepage = "https://github.com/wanghailei/carson"
 	spec.license = "MIT"
 	spec.required_ruby_version = ">= 3.4"

data/lib/carson/config.rb

@@ -9,7 +9,7 @@ module Carson
 		attr_accessor :git_remote
 		attr_reader :main_branch, :protected_branches, :hooks_base_path, :required_hooks,
 			:path_groups, :template_managed_files,
-			:lint_command, :lint_enforcement, :lint_policy_source,
+			:lint_policy_source,
 			:review_wait_seconds, :review_poll_seconds, :review_max_polls, :review_sweep_window_days,
 			:review_sweep_states, :review_disposition_prefix, :review_risk_keywords,
 			:review_tracking_issue_title, :review_tracking_issue_label, :review_bot_usernames,
@@ -51,8 +51,6 @@ module Carson
 					"managed_files" => [ ".github/carson-instructions.md", ".github/copilot-instructions.md", ".github/CLAUDE.md", ".github/AGENTS.md", ".github/pull_request_template.md", ".github/workflows/carson-lint.yml" ]
 				},
 				"lint" => {
-					"command" => nil,
-					"enforcement" => "strict",
 					"policy_source" => "wanghailei/lint.git"
 				},
 				"workflow" => {
@@ -168,10 +166,6 @@ module Carson
 			advisory_names = env_string_array( key: "CARSON_AUDIT_ADVISORY_CHECK_NAMES" )
 			audit[ "advisory_check_names" ] = advisory_names unless advisory_names.empty?
 			lint = fetch_hash_section( data: copy, key: "lint" )
-			lint_command_env = ENV.fetch( "CARSON_LINT_COMMAND", "" ).to_s.strip
-			lint[ "command" ] = lint_command_env unless lint_command_env.empty?
-			lint_enforcement_env = ENV.fetch( "CARSON_LINT_ENFORCEMENT", "" ).to_s.strip
-			lint[ "enforcement" ] = lint_enforcement_env unless lint_enforcement_env.empty?
 			lint_policy_source_env = ENV.fetch( "CARSON_LINT_POLICY_SOURCE", "" ).to_s.strip
 			lint[ "policy_source" ] = lint_policy_source_env unless lint_policy_source_env.empty?
 			style = fetch_hash_section( data: copy, key: "style" )
@@ -223,8 +217,6 @@ module Carson
 
 			@template_managed_files = fetch_string_array( hash: fetch_hash( hash: data, key: "template" ), key: "managed_files" )
 			lint_hash = fetch_hash( hash: data, key: "lint" )
-			@lint_command = normalize_lint_command_setting( value: lint_hash[ "command" ] )
-			@lint_enforcement = normalize_lint_enforcement( value: lint_hash.fetch( "enforcement", "strict" ) )
 			@lint_policy_source = lint_hash.fetch( "policy_source", "" ).to_s.strip
 
 			workflow_hash = fetch_hash( hash: data, key: "workflow" )
@@ -338,23 +330,6 @@ module Carson
 				patterns
 			end
 
-			def normalize_lint_command_setting( value: )
-				return nil if value.nil?
-				return value.to_s.strip if value.is_a?( String )
-				if value.is_a?( Array )
-					parts = value.map { |entry| entry.to_s.strip }.reject( &:empty? )
-					raise ConfigError, "lint.command array must contain at least one argument" if parts.empty?
-					return parts
-				end
-				raise ConfigError, "lint.command must be a string, array, or null"
-			end
-
-			def normalize_lint_enforcement( value: )
-				text = value.to_s.strip.downcase
-				raise ConfigError, "lint.enforcement must be one of strict, advisory" unless [ "strict", "advisory" ].include?( text )
-				text
-			end
-
 			def fetch_optional_boolean( hash:, key:, default:, key_path: nil )
 				value = hash.fetch( key, default )
 				return true if value == true

data/lib/carson/runtime/audit.rb

@@ -1,5 +1,4 @@
 require "cgi"
-require "open3"
 
 module Carson
 	class Runtime
@@ -24,17 +23,6 @@ module Carson
 					audit_concise_problems << "Hooks: mismatch — run carson prepare."
 				end
 				puts_verbose ""
-				puts_verbose "[Local Lint Quality]"
-				local_lint_quality = local_lint_quality_report
-				if local_lint_quality.fetch( :status ) == "block"
-					audit_state = "block"
-					blocking_langs = local_lint_quality.fetch( :languages ).select { |l| l.fetch( :status ) == "block" }
-					blocking_langs.each do |lang|
-						exit_code = lang.fetch( :exit_code, 1 )
-						audit_concise_problems << "Lint: #{lang.fetch( :language )} failed (exit #{exit_code})."
-					end
-				end
-				puts_verbose ""
 				puts_verbose "[Main Sync Status]"
 				ahead_count, behind_count, main_error = main_sync_counts
 				if main_error
@@ -71,7 +59,6 @@ module Carson
 				audit_state = "attention" if audit_state == "ok" && scope_guard.fetch( :status ) == "attention"
 					write_and_print_pr_monitor_report(
 						report: monitor_report.merge(
-							local_lint_quality: local_lint_quality,
 							default_branch_baseline: default_branch_baseline,
 							audit_status: audit_state
 						)
@@ -162,217 +149,6 @@ module Carson
 					report
 				end
 
-			# Enforces configured lint policy before governance passes.
-			# Runs lint.command and gates on exit code. Skips when lint.command is not set.
-			def local_lint_quality_report
-				unless config.lint_command
-					report = {
-						status: "ok",
-						skip_reason: "lint.command not configured",
-						target_source: "none",
-						target_files_count: 0,
-						blocking_languages: 0,
-						languages: []
-					}
-					puts_verbose "lint: SKIP (lint.command not configured)"
-					return report
-				end
-
-				lint_command_report
-			rescue StandardError => e
-				report = {
-					status: "block",
-					skip_reason: e.message,
-					target_source: "unknown",
-					target_files_count: 0,
-					blocking_languages: 0,
-					languages: []
-				}
-				puts_line "BLOCK: local lint quality check failed (#{e.message})."
-				report
-			end
-
-			# Runs the lint.command and returns a structured report.
-			def lint_command_report
-				target_files, target_source = lint_target_files
-				advisory = config.lint_enforcement == "advisory"
-				command_value = config.lint_command
-				command_string = command_value.is_a?( Array ) ? command_value.join( " " ) : command_value.to_s
-
-				report = {
-					status: "ok",
-					skip_reason: nil,
-					target_source: target_source,
-					target_files_count: target_files.count,
-					blocking_languages: 0,
-					languages: []
-				}
-				puts_verbose "lint_target_source: #{target_source}"
-				puts_verbose "lint_target_files_total: #{target_files.count}"
-				puts_verbose "lint_command: #{command_string}"
-				puts_verbose "lint_enforcement: #{config.lint_enforcement}"
-
-				args = command_string.split( /\s+/ )
-				command_name = args.first.to_s.strip
-				unless command_available_for_lint?( command_name: command_name )
-					language_report = {
-						language: "lint.command",
-						enabled: true,
-						status: "block",
-						reason: "command not available: #{command_name}",
-						file_count: target_files.count,
-						files: target_files,
-						command: args,
-						config_files: [],
-						exit_code: EXIT_BLOCK
-					}
-					report[ :languages ] << language_report
-					report[ :status ] = advisory ? "ok" : "block"
-					report[ :blocking_languages ] = advisory ? 0 : 1
-					puts_verbose "lint_command_status: #{language_report.fetch( :status )}"
-					puts_line "WARN: lint command not available: #{command_name}" if advisory
-					return report
-				end
-
-				stdout_text, stderr_text, success, exit_code = local_command( *args )
-				language_report = {
-					language: "lint.command",
-					enabled: true,
-					status: success ? "ok" : "block",
-					reason: success ? nil : summarise_command_output(
-						stdout_text: stdout_text,
-						stderr_text: stderr_text,
-						fallback: "lint command failed"
-					),
-					file_count: target_files.count,
-					files: target_files,
-					command: args,
-					config_files: [],
-					exit_code: exit_code
-				}
-				report[ :languages ] << language_report
-
-				unless success
-					if advisory
-						report[ :status ] = "ok"
-						puts_verbose "lint_command_status: advisory_warn (exit #{exit_code})"
-						puts_line "WARN: lint command failed (exit #{exit_code}) — advisory mode, not blocking."
-					else
-						report[ :status ] = "block"
-						report[ :blocking_languages ] = 1
-						puts_verbose "lint_command_status: block (exit #{exit_code})"
-					end
-				else
-					puts_verbose "lint_command_status: ok"
-				end
-
-				report
-			end
-
-			# File selection precedence:
-			# 1) staged files for local commit-time execution
-			# 2) PR changed files in GitHub pull_request events
-			# 3) full repository tracked files in GitHub non-PR events
-			# 4) local working-tree changed files as fallback
-			def lint_target_files
-				staged = existing_repo_files( paths: staged_files )
-				return [ staged, "staged" ] unless staged.empty?
-
-				if github_pull_request_event?
-					files = lint_target_files_for_pull_request
-					return [ files, "github_pull_request" ] unless files.nil?
-					puts_verbose "WARN: unable to resolve pull request changed files; falling back to full repository files."
-				end
-
-				if github_actions_environment?
-					return [ lint_target_files_for_non_pr_ci, "github_full_repository" ]
-				end
-
-				[ existing_repo_files( paths: changed_files ), "working_tree" ]
-			end
-
-			def lint_target_files_for_pull_request
-				base_ref = ENV.fetch( "GITHUB_BASE_REF", "" ).to_s.strip
-				return nil if base_ref.empty?
-
-				remote_name = config.git_remote
-				unless git_remote_exists?( remote_name: remote_name )
-					remote_name = "origin" if git_remote_exists?( remote_name: "origin" )
-				end
-
-				_, _, fetch_success, = git_run( "fetch", "--no-tags", "--depth", "1", remote_name, base_ref )
-				return nil unless fetch_success
-
-				base = "#{remote_name}/#{base_ref}"
-				stdout_text, _, success, = git_run(
-					"diff", "--name-only", "--diff-filter=ACMRTUXB", "#{base}...HEAD"
-				)
-				return nil unless success
-
-				paths = stdout_text.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				existing_repo_files( paths: paths )
-			end
-
-			def lint_target_files_for_non_pr_ci
-				stdout_text = git_capture!( "ls-files" )
-				paths = stdout_text.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				existing_repo_files( paths: paths )
-			end
-
-			def github_actions_environment?
-				ENV.fetch( "GITHUB_ACTIONS", "" ).to_s.strip.casecmp( "true" ).zero?
-			end
-
-			def github_pull_request_event?
-				return false unless github_actions_environment?
-
-				event_name = ENV.fetch( "GITHUB_EVENT_NAME", "" ).to_s.strip
-				[ "pull_request", "pull_request_target" ].include?( event_name )
-			end
-
-			def existing_repo_files( paths: )
-				Array( paths ).map do |relative|
-					next if relative.to_s.strip.empty?
-					absolute = resolve_repo_path!( relative_path: relative, label: "lint target file #{relative}" )
-					next unless File.file?( absolute )
-					relative
-				end.compact.uniq
-			end
-
-			def command_available_for_lint?( command_name: )
-				return false if command_name.to_s.strip.empty?
-
-				if command_name.include?( "/" )
-					path = if command_name.start_with?( "~" )
-						File.expand_path( command_name )
-					elsif command_name.start_with?( "/" )
-						command_name
-					else
-						File.expand_path( command_name, repo_root )
-					end
-					return File.executable?( path )
-				end
-				path_entries = ENV.fetch( "PATH", "" ).split( File::PATH_SEPARATOR )
-				path_entries.any? do |entry|
-					next false if entry.to_s.strip.empty?
-					File.executable?( File.join( entry, command_name ) )
-				end
-			end
-
-			# Local command runner for repository-context tools used by audit lint checks.
-			def local_command( *args )
-				stdout_text, stderr_text, status = Open3.capture3( *args, chdir: repo_root )
-				[ stdout_text, stderr_text, status.success?, status.exitstatus ]
-			end
-
-			# Compacts command output to one-line diagnostics for audit logs and JSON report payloads.
-			def summarise_command_output( stdout_text:, stderr_text:, fallback: )
-				combined = [ stderr_text.to_s, stdout_text.to_s ].join( "\n" )
-				lines = combined.lines.map { |line| line.to_s.strip }.reject( &:empty? )
-				return fallback if lines.empty?
-				lines.first( 12 ).join( " | " )
-			end
-
 			# Evaluates default-branch CI health so stale workflow drift blocks before merge.
 			def default_branch_ci_baseline_report
 				report = {
@@ -630,28 +406,6 @@ module Carson
 					checks.fetch( :pending ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
 				end
 				lines << ""
-				lines << "## Local Lint Quality"
-				lint_quality = report[ :local_lint_quality ]
-				if lint_quality.nil?
-					lines << "- not available"
-				else
-					lines << "- Status: #{lint_quality.fetch( :status )}"
-					lines << "- Skip reason: #{lint_quality.fetch( :skip_reason )}" unless lint_quality.fetch( :skip_reason ).nil?
-					lines << "- Target source: #{lint_quality.fetch( :target_source )}"
-					lines << "- Target files: #{lint_quality.fetch( :target_files_count )}"
-					lines << "- Blocking languages: #{lint_quality.fetch( :blocking_languages )}"
-					lines << ""
-					lines << "### Language Results"
-					if lint_quality.fetch( :languages ).empty?
-						lines << "- none"
-					else
-						lint_quality.fetch( :languages ).each do |entry|
-							lines << "- #{entry.fetch( :language )}: status=#{entry.fetch( :status )} files=#{entry.fetch( :file_count )} exit=#{entry.fetch( :exit_code )}"
-							lines << "  reason: #{entry.fetch( :reason )}" unless entry.fetch( :reason ).nil?
-						end
-					end
-				end
-				lines << ""
 				lines << "## Default Branch CI Baseline"
 				baseline = report[ :default_branch_baseline ]
 				if baseline.nil?

data/lib/carson/runtime/local.rb

@@ -188,7 +188,7 @@ module Carson
 				puts_line ""
 				puts_line "Onboarding #{repo_name}..."
 
-				unless global_config_exists?
+				if !global_config_exists? || !git_remote_exists?( remote_name: config.git_remote )
 					if self.in.respond_to?( :tty? ) && self.in.tty?
 						setup_status = setup!
 						return setup_status unless setup_status == EXIT_OK
@@ -251,7 +251,8 @@ module Carson
 			def refresh_all!
 				repos = config.govern_repos
 				if repos.empty?
-					puts_line "ERROR: no governed repositories configured. Add repos via carson setup or govern.repos in ~/.carson/config.json."
+					puts_line "No governed repositories configured."
+					puts_line "  Run carson onboard in each repo to register."
 					return EXIT_ERROR
 				end
 
@@ -813,6 +814,9 @@ module Carson
 				puts_line ""
 				puts_line "Carson is ready. Workflow: #{config.workflow_style}"
 				puts_line "Reconfigure anytime: carson setup"
+
+				prompt_govern_registration! if self.in.respond_to?( :tty? ) && self.in.tty?
+
 				audit_status
 			end
 

data/lib/carson/runtime/setup.rb

@@ -39,11 +39,6 @@ module Carson
 				merge_choice = prompt_merge_method
 				choices[ "govern.merge.method" ] = merge_choice unless merge_choice.nil?
 
-				lint_command_choice = prompt_lint_command
-				choices[ "lint.command" ] = lint_command_choice unless lint_command_choice.nil?
-
-				lint_enforcement_choice = prompt_lint_enforcement
-				choices[ "lint.enforcement" ] = lint_enforcement_choice unless lint_enforcement_choice.nil?
 
 				write_setup_config( choices: choices )
 			end
@@ -148,34 +143,6 @@ module Carson
 				prompt_choice( options: options, default: 0 )
 			end
 
-			def prompt_lint_command
-				puts_line ""
-				puts_line "Lint command"
-				options = [
-					{ label: "make lint", value: "make lint" },
-					{ label: "trunk check (Recommended)", value: "trunk check" },
-					{ label: "Other (enter command)", value: :other },
-					{ label: "Skip (no local lint)", value: nil }
-				]
-				choice = prompt_choice( options: options, default: 1 )
-
-				if choice == :other
-					prompt_custom_value( label: "Lint command" )
-				else
-					choice
-				end
-			end
-
-			def prompt_lint_enforcement
-				puts_line ""
-				puts_line "Lint enforcement"
-				options = [
-					{ label: "strict — block on lint failure (default)", value: "strict" },
-					{ label: "advisory — warn but don't block", value: "advisory" }
-				]
-				prompt_choice( options: options, default: 0 )
-			end
-
 			def prompt_choice( options:, default: )
 				options.each_with_index do |option, index|
 					puts_line "  #{index + 1}) #{option.fetch( :label )}"
@@ -374,6 +341,56 @@ module Carson
 				path = Config.global_config_path( repo_root: repo_root )
 				!path.empty? && File.file?( path )
 			end
+
+			# After onboard succeeds, offer to register the repo for portfolio governance.
+			def prompt_govern_registration!
+				expanded = File.expand_path( repo_root )
+				if config.govern_repos.include?( expanded )
+					puts_verbose "govern_registration: already registered #{expanded}"
+					return
+				end
+
+				puts_line ""
+				puts_line "Portfolio governance"
+				puts_line "  Register this repo so carson refresh --all and carson govern include it?"
+				accepted = prompt_yes_no( default: true )
+				if accepted
+					append_govern_repo!( repo_path: expanded )
+					puts_line "Registered. Run carson refresh --all to keep all repos in sync."
+				else
+					puts_line "Skipped. Run carson onboard here again to register later."
+				end
+			end
+
+			# Reusable Y/n prompt following existing prompt_choice conventions.
+			def prompt_yes_no( default: true )
+				hint = default ? "Y/n" : "y/N"
+				out.print "#{BADGE} [#{hint}]: "
+				out.flush
+				raw = self.in.gets
+				return default if raw.nil?
+
+				input = raw.to_s.strip.downcase
+				return default if input.empty?
+
+				input.start_with?( "y" )
+			end
+
+			# Appends a repo path to govern.repos without replacing the array via deep_merge.
+			def append_govern_repo!( repo_path: )
+				config_path = Config.global_config_path( repo_root: repo_root )
+				return if config_path.empty?
+
+				existing_data = load_existing_config( path: config_path )
+				existing_data[ "govern" ] ||= {}
+				repos = Array( existing_data[ "govern" ][ "repos" ] )
+				repos << repo_path
+				existing_data[ "govern" ][ "repos" ] = repos.uniq
+
+				FileUtils.mkdir_p( File.dirname( config_path ) )
+				File.write( config_path, JSON.pretty_generate( existing_data ) )
+				reload_config_after_setup!
+			end
 		end
 
 		include Setup

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: carson
 version: !ruby/object:Gem::Version
-  version: 2.13.0
+  version: 2.13.2
 platform: ruby
 authors:
 - Hailei Wang
@@ -9,10 +9,12 @@ bindir: exe
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
-description: Carson lives outside the repositories it governs. On every commit it
-  enforces centralised lint policy and scope checks. On PRs it gates merge on unresolved
-  reviewer feedback, dispatches coding agents to fix CI failures, merges passing PRs,
-  and housekeeps branches. Runs locally and in GitHub Actions.
+description: 'Carson is a governance runtime that lives outside the repositories it
+  governs — no Carson-owned artefacts in your repo. On every commit, managed hooks
+  enforce centralised lint policy and review gates. At portfolio level, carson govern
+  triages every open PR across your registered repositories: merge what''s ready,
+  dispatch coding agents to fix what''s failing, escalate what needs human judgement.
+  One command, all your projects, unmanned.'
 email:
 - wanghailei@users.noreply.github.com
 executables:
@@ -93,6 +95,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 4.0.3
 specification_version: 4
-summary: Autonomous governance runtime — lint, review gates, PR triage, and merge
-  across repositories.
+summary: Autonomous repository governance — you write the code, Carson manages everything
+  else.
 test_files: []