carson 2.23.0 → 2.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e192c17c03b702b370cf76636a3c78674c719ecb4244ba779549301fa3564f0f
-  data.tar.gz: 72c7f78fe5cb5140f25aa50d0f4312a9e4cb3c704eb7f3d7b996a3da90f3298d
+  metadata.gz: 6046632b555d3558d7b0b8910cbcb50a562d155b92d535f28275eb78cd9f02d9
+  data.tar.gz: 8a86dad0adc37689a2dc2185ac428c4710f3aa511b2015455a6eeab9ae7468d6
 SHA512:
-  metadata.gz: 9cad7952c709755faba1df36e1b247dea7ea21885c7d7987ec4c8aa42a4f2c1e2eb139ca02d8ff392129b61d4d821eeb57c2f768431aab73ec45b199d69c77c2
-  data.tar.gz: 6e95e4916ed3635bb1fb502d3e8068b02cd737803304ea1d54c5b8205c0d85b31700baf6bc2d00c76bdf66f5e27ab1ba11b9bc5d7e8522faa7791e003aad6f4e
+  metadata.gz: aca61a3a47edbbf4a6dea33970b954f5b5116786d3f14713f67e2140ce0d113364f4e5c08181146296cb28858d5023b552102178386e05c6d9120686c79dbcb2
+  data.tar.gz: 65fd5eb074422776f240a8161c5bec6d3ea6c8d746e182b9e2f95bf8cbd05131c9a0567af5dc0d9ef3f4e5b9bc1ab71e4c22493d3ef69f9a6e43c9487430fac3

data/.github/pull_request_template.md

@@ -1,8 +1,6 @@
 ## Shared Scope and Validation
 
 - [ ] `single_business_intent`: this PR is one coherent domain or feature intent.
-- [ ] `single_scope_group`: non-doc files stay within one scope group.
-- [ ] `cross-boundary_changes_justified`: any cross-boundary change has explicit rationale.
 - [ ] `carson audit` before commit.
 - [ ] `carson audit` before push.
 - [ ] `gh pr list --state open --limit 50` checked at session start (capture competing active PRs).

data/.github/workflows/carson_policy.yml

@@ -12,14 +12,9 @@ on:
         description: Exact Carson gem version expected in VERSION
         required: true
         type: string
-      rubocop_version:
-        description: Exact RuboCop gem version installed before Carson audit.
-        required: false
-        type: string
-        default: "1.81.0"
     secrets:
       CARSON_READ_TOKEN:
-        description: Read token for private lint-policy source repository.
+        description: Read token for private canonical-template source repository.
         required: false
 
 jobs:
@@ -63,17 +58,13 @@ jobs:
           gem build carson.gemspec
           gem install --local "carson-${{ inputs.carson_version }}.gem"
 
-      - name: Install pinned RuboCop
-        run: gem install rubocop -v "${{ inputs.rubocop_version }}" --no-document
+      - name: Carson refresh
+        working-directory: host
+        run: carson refresh
 
       - name: Carson audit
         working-directory: host
-        env:
-          CARSON_READ_TOKEN: ${{ secrets.CARSON_READ_TOKEN }}
-        run: |
-          carson lint policy --source https://github.com/wanghailei/ai.git --ref main --force
-          carson prepare
-          carson audit
+        run: carson audit
 
       - name: Carson review gate
         working-directory: host

data/API.md

@@ -16,9 +16,7 @@ carson <command> [subcommand] [arguments]
 | Command | Purpose |
 |---|---|
 | `carson setup` | Interactive quiz to configure remote, main branch, workflow, and merge method. Writes `~/.carson/config.json`. |
-| `carson lint policy --source <path-or-git-url> [--ref <git-ref>] [--force]` | Distribute lint configs from a central source into the governed repo's `.github/linters/`. |
-| `carson onboard [repo_path]` | Apply one-command baseline setup for a target git repository. Auto-triggers `setup` on first run. |
-| `carson prepare` | Install or refresh Carson-managed global hooks. |
+| `carson onboard [repo_path]` | Apply one-command baseline setup for a target git repository. Auto-triggers `setup` on first run. Installs or refreshes Carson-managed global hooks. |
 | `carson refresh [repo_path]` | Re-apply hooks, templates, and audit after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). |
 | `carson offboard [repo_path]` | Remove Carson-managed host artefacts, detach Carson hooks path, and deregister from `govern.repos`. |
 
@@ -37,7 +35,6 @@ carson <command> [subcommand] [arguments]
 | Command | Purpose |
 |---|---|
 | `carson govern [--dry-run] [--json] [--loop SECONDS]` | Portfolio-level PR triage: classify, merge, dispatch agents, escalate. |
-| `carson housekeep` | Sync main + prune stale branches (also runs automatically after govern merges). |
 
 `--loop SECONDS` runs the govern cycle continuously, sleeping SECONDS between cycles. The loop isolates errors per cycle — a single failing cycle does not stop the daemon. `Ctrl-C` cleanly exits with a cycle count summary. SECONDS must be a positive integer.
 
@@ -55,8 +52,6 @@ carson <command> [subcommand] [arguments]
 | Command | Purpose |
 |---|---|
 | `carson version` | Print installed Carson version. |
-| `carson inspect` | Verify Carson-managed hook installation and repository setup. |
-| `carson check` | Report required CI check status for the current branch's open PR. Exits 0 for passing or pending; exits 2 for failing. Never exits 8. |
 
 ## Exit status contract
 
@@ -90,18 +85,16 @@ Override path:
 - `CARSON_CONFIG_FILE=/absolute/path/to/config.json`
 
 Environment overrides:
-- `CARSON_HOOKS_BASE_PATH`
+- `CARSON_HOOKS_PATH`
 - `CARSON_REVIEW_WAIT_SECONDS`
 - `CARSON_REVIEW_POLL_SECONDS`
 - `CARSON_REVIEW_MAX_POLLS`
-- `CARSON_REVIEW_DISPOSITION_PREFIX`
+- `CARSON_REVIEW_DISPOSITION`
 - `CARSON_REVIEW_SWEEP_WINDOW_DAYS`
 - `CARSON_REVIEW_SWEEP_STATES`
 - `CARSON_WORKFLOW_STYLE`
-- `CARSON_RUBY_INDENTATION`
-- `CARSON_LINT_POLICY_SOURCE`
 - `CARSON_GOVERN_REPOS`
-- `CARSON_GOVERN_MERGE_AUTHORITY`
+- `CARSON_GOVERN_AUTO_MERGE`
 - `CARSON_GOVERN_MERGE_METHOD`
 - `CARSON_GOVERN_AGENT_PROVIDER`
 - `CARSON_GOVERN_CHECK_WAIT`
@@ -118,8 +111,8 @@ Environment overrides:
       "claude": {}
     },
     "check_wait": 30,
+    "auto_merge": true,
     "merge": {
-      "authority": true,
       "method": "squash"
     }
   }
@@ -131,7 +124,7 @@ Environment overrides:
 - `agent.provider`: `"auto"`, `"codex"`, or `"claude"`.
 - `agent.codex` / `agent.claude`: provider-specific options (reserved).
 - `check_wait`: seconds to wait for CI checks before classifying (default: `30`).
-- `merge.authority`: `true` (default) — Carson may merge autonomously. Set to `false` to require explicit enablement.
+- `auto_merge`: `true` (default) — Carson may merge autonomously. Set to `false` to require explicit enablement.
 - `merge.method`: `"squash"` (default), `"merge"`, or `"rebase"`.
 
 `template` schema:
@@ -147,29 +140,6 @@ Environment overrides:
 `template` semantics:
 - `canonical`: path to a directory of canonical `.github/` files. Carson discovers files in this directory and syncs them to governed repos alongside its own governance files. The directory mirrors `.github/` structure — `workflows/lint.yml` deploys to `.github/workflows/lint.yml`. Default: `nil` (no canonical files).
 
-`lint` schema:
-
-```json
-{
-  "lint": {
-    "policy_source": "wanghailei/lint.git"
-  }
-}
-```
-
-`lint` semantics:
-- `policy_source`: default source for `carson lint policy` when `--source` is not specified.
-
-Environment overrides:
-- `CARSON_LINT_POLICY_SOURCE` — overrides `lint.policy_source`.
-
-Private-source clone token for `carson lint policy`:
-- `CARSON_READ_TOKEN` (used when `--source` points to a private GitHub repository).
-
-Policy layout requirement:
-- Lint config files sit at the root of the source repo and are copied to `<governed-repo>/.github/linters/`.
-- MegaLinter auto-discovers configs in `.github/linters/` during CI.
-
 ## Output interface
 
 Report output directory precedence:

data/MANUAL.md

@@ -25,26 +25,7 @@ carson version
 
 ## First-Time Setup
 
-### Step 1: Prepare your lint policy
-
-Carson distributes lint configuration files from a central policy source — a directory or git repository you control — into each governed repo's `.github/linters/` directory, where MegaLinter auto-discovers them in CI.
-
-```bash
-carson lint policy --source /path/to/your-policy-repo
-```
-
-After this command, `.github/linters/` contains your lint configs (`.rubocop.yml`, `biome.json`, `ruff.toml`, etc.). MegaLinter uses these in CI. Every governed repository gets the same rules — this is how Carson keeps lint consistent across languages.
-
-Carson distributes policy; MegaLinter enforces it. Carson does not run linters itself — that responsibility belongs to MegaLinter in CI and to the developer's own local tooling.
-
-Options:
-- `--source <path-or-git-url>` — where to read policy files from (required).
-- `--ref <git-ref>` — branch or tag when `--source` is a git URL.
-- `--force` — overwrite existing `.github/linters/` files.
-
-Policy layout: lint config files sit at the root of the source repo (flat layout, no subdirectories required).
-
-### Step 2: Onboard a repository
+### Onboard a repository
 
 ```bash
 carson onboard /path/to/your-repo
@@ -69,7 +50,7 @@ carson setup
 
 Re-run the interactive setup quiz to change your remote, main branch, workflow style, or merge method. Choices are saved to `~/.carson/config.json`.
 
-### Step 3: Commit generated files
+### Commit generated files
 
 After `onboard`, commit the generated `.github/*` changes in your repository. From this point the repository is governed.
 
@@ -96,7 +77,7 @@ jobs:
 
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
-- `CARSON_READ_TOKEN` must have read access to your policy source repository so CI can run `carson lint policy`.
+- `CARSON_READ_TOKEN` must have read access to your policy source repository.
 - The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
 
 ### Canonical Templates
@@ -133,7 +114,6 @@ Carson discovers files in this directory and syncs them to governed repos alongs
 
 ```bash
 carson sync                                          # fast-forward local main
-carson lint policy --source /path/to/your-policy-repo # refresh policy if needed
 carson audit                                         # full governance check
 ```
 
@@ -230,7 +210,7 @@ These are starting points chosen during `carson setup`. Every default has a reas
 
 How code reaches main.
 
-- **`branch`** (default) — every change goes through a PR. Hooks block direct commits and pushes to main/master. PRs enforce review, scope integrity, and CI gates before code reaches main.
+- **`branch`** (default) — every change goes through a PR. Hooks block direct commits and pushes to main/master. PRs enforce review and CI gates before code reaches main.
 - **`trunk`** — commit directly to main. Hooks allow all commits. Suits solo projects or flat teams that don't need PR-based review.
 
 Change: `carson setup` or `CARSON_WORKFLOW_STYLE`.
@@ -268,24 +248,7 @@ Where Carson installs git hooks.
 
 - Default: **`~/.carson/hooks/<version>/`**. Outsider principle: hooks live outside your repo, versioned per Carson release, never committed to your repository.
 
-Change: `CARSON_HOOKS_BASE_PATH`.
-
-#### Lint policy source
-
-Where lint configuration files come from and where they land.
-
-- Default source: **`wanghailei/lint.git`**. A central repository containing lint configs for all languages.
-- Target: **`<repo>/.github/linters/`**. MegaLinter auto-discovers configs here in CI.
-
-Change: `carson lint policy --source <path-or-git-url>` or `lint.policy_source` in config. After changing policy, run `carson refresh --all` to propagate to all governed repositories.
-
-#### Scope integrity
-
-Whether cross-module changes are flagged.
-
-- Default: **advisory** (attention, not block). Carson informs you when staged files span multiple module groups (e.g. both `domain` and `ui`), but doesn't prevent the commit. Useful for awareness; not a hard gate.
-
-Customise groups: `scope.path_groups` in config.
+Change: `CARSON_HOOKS_PATH`.
 
 #### Review disposition
 
@@ -293,7 +256,7 @@ Whether reviewer findings require acknowledgement.
 
 - Default: **required**. Comments containing risk keywords (`bug`, `security`, `regression`, etc.) must have a `Disposition:` response from the PR author before merge. Prevents feedback from being buried.
 
-Change prefix: `CARSON_REVIEW_DISPOSITION_PREFIX`.
+Change: `CARSON_REVIEW_DISPOSITION`.
 
 #### Merge authority
 
@@ -301,7 +264,7 @@ Whether `carson govern` can merge PRs autonomously.
 
 - Default: **enabled**. Carson merges PRs that pass all gates (CI green, review clean, audit clean). PRs that need human judgement are escalated, never silently merged.
 
-Disable: `govern.merge_authority: false` in config.
+Disable: `govern.auto_merge: false` in config or `CARSON_GOVERN_AUTO_MERGE=false`.
 
 #### Output verbosity
 
@@ -338,14 +301,15 @@ Common environment overrides:
 
 | Variable | Purpose |
 |---|---|
-| `CARSON_HOOKS_BASE_PATH` | Custom hooks installation directory. |
+| `CARSON_HOOKS_PATH` | Custom hooks installation directory. |
 | `CARSON_REVIEW_WAIT_SECONDS` | Initial wait before first review poll. |
 | `CARSON_REVIEW_POLL_SECONDS` | Interval between review polls. |
 | `CARSON_REVIEW_MAX_POLLS` | Maximum review poll attempts. |
-| `CARSON_REVIEW_DISPOSITION_PREFIX` | Required prefix for disposition comments. |
+| `CARSON_REVIEW_DISPOSITION` | Required disposition keyword for review comments. |
 | `CARSON_REVIEW_SWEEP_WINDOW_DAYS` | Lookback window for review sweep. |
 | `CARSON_REVIEW_SWEEP_STATES` | PR states to include in sweep. |
 | `CARSON_REVIEW_BOT_USERNAMES` | Comma-separated bot usernames to ignore in review gate and sweep. |
+| `CARSON_GOVERN_AUTO_MERGE` | Enable or disable autonomous PR merging. |
 | `CARSON_WORKFLOW_STYLE` | Workflow style override (`branch` or `trunk`). |
 | `CARSON_RUBY_INDENTATION` | Ruby indentation policy (`tabs`, `spaces`, or `either`). |
 
@@ -358,7 +322,7 @@ For the full configuration schema, see `API.md`.
 - Confirm `$(ruby -e 'print Gem.user_dir')/bin` is in `PATH`.
 
 **`review gate` fails on actionable comments**
-- Respond with a valid disposition comment using the required prefix.
+- Respond with a valid disposition comment using the required disposition keyword.
 - Re-run `carson review gate`.
 
 **Template drift blocks**

data/README.md

@@ -8,7 +8,7 @@ Named after the head of household in Downton Abbey, Carson is your repositories'
 
 ## The Problem to Solve
 
-Managing a growing portfolio of repositories is rewarding work — but the operational overhead scales faster than the code itself. Lint configs drift between repos, PR templates go stale, reviewer feedback gets quietly buried, and what passes on a developer's laptop fails in CI. When coding agents start producing PRs across multiple projects, the coordination load multiplies: checking results, dispatching fixes, clicking merge, cleaning up branches.
+Managing a growing portfolio of repositories is rewarding work — but the operational overhead scales faster than the code itself. PR templates go stale, reviewer feedback gets quietly buried, and what passes on a developer's laptop fails in CI. When coding agents start producing PRs across multiple projects, the coordination load multiplies: checking results, dispatching fixes, clicking merge, cleaning up branches.
 
 Carson exists so you can focus on what matters — building — while governance runs itself.
 
@@ -16,7 +16,7 @@ Carson exists so you can focus on what matters — building — while governance
 
 Carson is an autonomous governance runtime that lives on your workstation and in CI, never inside the repositories it governs. It operates at two levels:
 
-**Per-commit governance** — Carson gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions. Lint execution is handled entirely by MegaLinter in CI and by the developer's own local tooling — Carson distributes the shared lint configuration but does not run linters itself.
+**Per-commit governance** — Carson gates merges on unresolved review comments, synchronises templates, and keeps your local branches clean. Every commit triggers `carson audit` through managed hooks; the same checks run in GitHub Actions.
 
 **Portfolio-level autonomy** — `carson govern` is a triage loop that scans your registered repositories, classifies every open PR, and acts: merge what's ready, dispatch coding agents (Codex or Claude) to fix what's failing, and escalate what needs human judgement. One command, all your projects, unmanned.
 
@@ -24,7 +24,6 @@ Carson is an autonomous governance runtime that lives on your workstation and in
   ~/.carson/                     ← Carson lives here, never inside your repos
        │
        ├─ hooks ──────────────►  commit gates      (every governed repo)
-       ├─ lint configs ───────►  .github/linters/  (MegaLinter auto-discovers)
        └─ govern ─────────────►  PR triage → merge | dispatch agent | escalate
 ```
 
@@ -32,25 +31,23 @@ This separation is Carson's defining trait — the **outsider boundary**: no Car
 
 ### The Governance Loop
 
-Carson orchestrates a closed governance loop across three layers:
+Carson orchestrates a closed governance loop across two layers:
 
-1. **Policy distribution** — `carson lint policy` distributes shared lint configs from a central source into each repo's `.github/linters/`. This is the single source of truth for lint rules across all governed repositories.
-2. **CI enforcement** — MegaLinter runs in GitHub Actions (via the managed `carson-lint.yml` workflow) and auto-discovers configs from `.github/linters/`. Carson does not run linters — MegaLinter does. Carson's `audit` gates on CI check status reported by GitHub.
-3. **Autonomous triage** — `carson govern` reads CI status (including MegaLinter results), review disposition, and audit health for every open PR. Ready PRs are merged. Failing PRs get a coding agent (Codex or Claude) dispatched to fix them. Stuck PRs are escalated.
+1. **CI enforcement** — Carson's `audit` gates on CI check status reported by GitHub. The actual CI runs are delegated to GitHub Actions.
+2. **Autonomous triage** — `carson govern` reads CI status, review disposition, and audit health for every open PR. Ready PRs are merged. Failing PRs get a coding agent (Codex or Claude) dispatched to fix them. Stuck PRs are escalated.
 
-Carson's role is governance orchestration — distributing policy, gating on results, and dispatching action. The actual lint execution, CI runs, and code fixes are delegated to specialised tools: MegaLinter for linting, GitHub Actions for CI, and coding agents for remediation.
+Carson's role is governance orchestration — gating on results and dispatching action. The actual CI runs and code fixes are delegated to specialised tools: GitHub Actions for CI and coding agents for remediation.
 
 ## Opinions
 
 Carson is opinionated about governance. These are non-negotiable principles, not configurable defaults:
 
 - **Outsider boundary** — Carson lives outside your repo, never inside. No Carson-owned artefacts in your repository. Offboarding leaves no trace.
-- **Centralised lint** — lint policy distributed from a central source into each repo's `.github/linters/`. One source of truth, zero drift. MegaLinter enforces it in CI.
 - **Active review** — undisposed reviewer findings block merge. Feedback must be acknowledged, not buried.
 - **Self-diagnosing output** — every warning and error names what went wrong, why, and what to do next. If you have to read source code to understand a message, that message is a bug.
 - **Transparent governance** — Carson prepares everything for merge but never oversteps. It does not make decisions for you without telling you.
 
-Everything else bends to your preference. Which branch is main, how PRs are merged, which repositories to govern, which coding agent to dispatch, where your lint policy lives — Carson asks during setup and remembers. Sensible defaults are provided; you only change what matters to you. See `MANUAL.md` for the full list.
+Everything else bends to your preference. Which branch is main, how PRs are merged, which repositories to govern, which coding agent to dispatch — Carson asks during setup and remembers. Sensible defaults are provided; you only change what matters to you. See `MANUAL.md` for the full list.
 
 ## Quickstart
 
@@ -75,21 +72,11 @@ After `carson onboard`, your repository has:
 
 Commit the generated `.github/*` changes, and the repository is governed.
 
-**Set up lint policy** (optional). If you have a central directory or repository of lint configs, point Carson at it — configs are copied into `.github/linters/` where MegaLinter auto-discovers them:
-
-```bash
-# local directory
-carson lint policy --source /path/to/your-policy-dir
-
-# remote repository
-carson lint policy --source https://github.com/you/lint-policy.git
-```
-
-**Govern your portfolio.** Once repositories are onboarded, `carson govern` is your recurring command. Run it whenever you want Carson to triage open PRs, enforce review policy, dispatch coding agents, and housekeep across all governed repos:
+**Govern your portfolio.** Once repositories are onboarded, `carson govern` is your recurring command. Run it whenever you want Carson to triage open PRs, enforce review policy, and dispatch coding agents across all governed repos:
 
 ```bash
 carson govern --dry-run     # preview what Carson would do, change nothing
-carson govern               # triage PRs, merge ready ones, dispatch agents, housekeep
+carson govern               # triage PRs, merge ready ones, dispatch agents
 carson govern --loop 300    # run continuously, cycling every 5 minutes
 ```
 

data/RELEASE.md

@@ -5,6 +5,27 @@ Release-note scope rule:
 - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
 - Operational usage guides live in `MANUAL.md` and `API.md`.
 
+## 2.25.0 — Onboard/Offboard UX Improvements
+
+### What changed
+
+- **`carson offboard` now asks for TTY confirmation** before removing files. In non-TTY environments (CI, scripts), offboard proceeds without prompting, preserving backwards compatibility.
+- **Offboard prints post-removal guidance** ("commit the removals and push to finalise offboarding") so users know what to do next.
+- **Non-TTY `carson onboard` now shows a govern registration hint** ("to register for portfolio governance: carson onboard in a TTY") instead of silently skipping the prompt.
+- **`carson setup` shows current values** for workflow style and merge method when re-running, and pre-selects the current choice as the default. Previously only canonical template showed its current value.
+
+## 2.24.0 — Remove Scope Integrity Guard
+
+### What changed
+
+- **Scope integrity guard removed from `carson audit`.** The guard classified changed files into path groups (tool, ui, test, domain, docs) and flagged commits crossing multiple groups. This required maintaining an explicit `scope.path_groups` list in `~/.carson/config.json` that went stale whenever a repository's directory structure changed. The maintenance burden outweighed the value.
+
+### Migration
+
+- The `scope.path_groups` config key is now ignored. Existing configs with this key will not cause errors — the data is silently unused.
+- The `path_groups` attribute has been removed from `Carson::Config`. Code referencing `config.path_groups` will raise `NoMethodError`.
+- PR template no longer includes `single_scope_group` and `cross-boundary_changes_justified` checklist items. The `single_business_intent` check remains — that is a human-level focus check, not mechanical path classification.
+
 ## 2.23.0 — Warm Onboard Welcome Guide
 
 ### What changed

data/SKILL.md

@@ -1,16 +1,16 @@
 # Carson Skill
 
-You are working in a repository governed by Carson — a deterministic governance runtime. Carson handles git hooks, lint enforcement, PR triage, agent dispatch, merge, and cleanup. You provide the intelligence; Carson provides the infrastructure.
+You are working in a repository governed by Carson — a deterministic governance runtime. Carson handles git hooks, PR triage, agent dispatch, merge, and cleanup. You provide the intelligence; Carson provides the infrastructure.
 
 ## When to use Carson commands
 
 | User intent | Command | What happens |
 |---|---|---|
-| "Check if my code is ready" | `carson audit` | Lint, scope, boundary checks. Exit 0 = clean. Exit 2 = policy block. |
+| "Check if my code is ready" | `carson audit` | Scope, boundary checks. Exit 0 = clean. Exit 2 = policy block. |
 | "Is my PR mergeable?" | `carson review gate` | Polls for unresolved review threads and actionable comments. Blocks until resolved. |
 | "What's happening across my repos?" | `carson govern --dry-run` | Classifies every open PR without taking action. Read the summary. |
 | "Run governance continuously" | `carson govern --loop 300` | Triage-dispatch-merge cycle every 300 seconds. Ctrl-C to stop. |
-| "Merge ready PRs and dispatch fixes" | `carson govern` | Full autonomous cycle: merge, dispatch agents, escalate, housekeep. |
+| "Merge ready PRs and dispatch fixes" | `carson govern` | Full autonomous cycle: merge, dispatch agents, escalate. |
 | "Set up Carson for a repo" | `carson onboard /path/to/repo` | Installs hooks, syncs templates, runs first audit. |
 | "Refresh after upgrading Carson" | `carson refresh` | Re-applies hooks and templates for the current version. |
 | "Update my local main" | `carson sync` | Fast-forward local main from remote. Blocks if tree is dirty. |
@@ -18,13 +18,12 @@ You are working in a repository governed by Carson — a deterministic governanc
 | "Check template drift" | `carson template check` then `carson template apply` | Detect and fix .github/* drift. |
 | "Remove Carson from a repo" | `carson offboard /path/to/repo` | Removes hooks and managed files. |
 | "What version?" | `carson version` | Prints installed version with ⧓ badge. |
-| "Verify hook installation" | `carson inspect` | Checks hooks path, file existence, permissions. |
 
 ## Exit codes
 
 - `0` — success, all clear.
 - `1` — runtime or configuration error. Read the error message.
-- `2` — policy block. Something must be fixed before proceeding (lint violation, unresolved review, boundary breach).
+- `2` — policy block. Something must be fixed before proceeding (unresolved review, boundary breach).
 
 When you see exit 2, do NOT bypass it. Read the output, fix the root cause, and re-run.
 
@@ -88,7 +87,7 @@ Run `carson review gate` to see which comments need disposition. Respond to each
 This means a commit was made to main that couldn't be pushed (branch protection). Reset: `git checkout main && git reset --hard github/main`.
 
 **Hooks out of date after upgrade:**
-Run `carson prepare` to write new hook versions, then `carson inspect` to verify.
+Run `carson refresh` to re-apply hooks and templates for the current version.
 
 **Govern merge fails:**
 Check that `govern.merge.method` in config matches what GitHub allows. If the repo enforces linear history, only `rebase` works.
@@ -98,4 +97,3 @@ Check that `govern.merge.method` in config matches what GitHub allows. If the re
 - Carson never lives inside governed repositories. No `.carson.yml`, no `bin/carson`, no `.tools/carson/`.
 - Carson-managed files in repos are limited to `.github/*` templates.
 - Carson's hooks live at `~/.carson/hooks/<version>/`, never in `.git/hooks/`.
-- Lint policy is distributed via `carson lint policy --source <policy-repo>` into each repo's `.github/linters/`.

data/VERSION

@@ -1 +1 @@
-2.23.0
+2.25.0

data/lib/carson/cli.rb

@@ -53,7 +53,7 @@ module Carson
 
 		def self.build_parser
 			OptionParser.new do |opts|
-				opts.banner = "Usage: carson [setup|audit|check|sync|prune|prepare|inspect|onboard [repo_path]|refresh [--all|repo_path]|offboard [repo_path]|template check|template apply|lint policy --source <path-or-git-url>|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|housekeep|version]"
+				opts.banner = "Usage: carson [setup|audit|sync|prune|onboard [repo_path]|refresh [--all|repo_path]|offboard [repo_path]|template check|template apply|review gate|review sweep|govern [--dry-run] [--json] [--loop SECONDS]|version]"
 			end
 		end
 
@@ -80,8 +80,6 @@ module Carson
 				parse_refresh_command( argv: argv, parser: parser, err: err )
 			when "template"
 				parse_template_subcommand( argv: argv, parser: parser, err: err )
-			when "lint"
-				parse_lint_subcommand( argv: argv, parser: parser, err: err )
 			when "review"
 				parse_named_subcommand( command: command, usage: "gate|sweep", argv: argv, parser: parser, err: err )
 			when "govern"
@@ -172,48 +170,6 @@ module Carson
 			{ command: :invalid }
 		end
 
-		def self.parse_lint_subcommand( argv:, parser:, err: )
-			action = argv.shift
-			unless action == "policy"
-				err.puts "#{BADGE} Missing or invalid subcommand for lint. Use: carson lint policy --source <path-or-git-url> [--ref <git-ref>] [--force]"
-				err.puts parser
-				return { command: :invalid }
-			end
-
-			options = {
-				source: nil,
-				ref: "main",
-				force: false
-			}
-			lint_parser = OptionParser.new do |opts|
-				opts.banner = "Usage: carson lint policy --source <path-or-git-url> [--ref <git-ref>] [--force]"
-				opts.on( "--source SOURCE", "Source repository path or git URL that contains CODING/" ) { |value| options[ :source ] = value.to_s.strip }
-				opts.on( "--ref REF", "Git ref used when --source is a git URL (default: main)" ) { |value| options[ :ref ] = value.to_s.strip }
-				opts.on( "--force", "Overwrite existing files" ) { options[ :force ] = true }
-			end
-			lint_parser.parse!( argv )
-			if options.fetch( :source ).to_s.empty?
-				err.puts "#{BADGE} Missing required --source for lint policy."
-				err.puts lint_parser
-				return { command: :invalid }
-			end
-			unless argv.empty?
-				err.puts "#{BADGE} Unexpected arguments for lint policy: #{argv.join( ' ' )}"
-				err.puts lint_parser
-				return { command: :invalid }
-			end
-			{
-				command: "lint:setup",
-				source: options.fetch( :source ),
-				ref: options.fetch( :ref ),
-				force: options.fetch( :force )
-			}
-		rescue OptionParser::ParseError => e
-			err.puts "#{BADGE} #{e.message}"
-			err.puts lint_parser
-			{ command: :invalid }
-		end
-
 		def self.parse_govern_subcommand( argv:, err: )
 			options = {
 				dry_run: false,
@@ -260,12 +216,6 @@ module Carson
 				runtime.sync!
 			when "prune"
 				runtime.prune!
-			when "prepare"
-				runtime.prepare!
-			when "inspect"
-				runtime.inspect!
-			when "check"
-				runtime.check!
 			when "onboard"
 				runtime.onboard!
 			when "refresh"
@@ -278,12 +228,6 @@ module Carson
 				runtime.template_check!
 			when "template:apply"
 				runtime.template_apply!( push_prep: parsed.fetch( :push_prep, false ) )
-			when "lint:setup"
-				runtime.lint_setup!(
-					source: parsed.fetch( :source ),
-					ref: parsed.fetch( :ref ),
-					force: parsed.fetch( :force )
-				)
 			when "review:gate"
 				runtime.review_gate!
 			when "review:sweep"
@@ -294,8 +238,6 @@ module Carson
 					json_output: parsed.fetch( :json, false ),
 					loop_seconds: parsed.fetch( :loop_seconds, nil )
 				)
-			when "housekeep"
-				runtime.housekeep!
 			else
 				runtime.send( :puts_line, "Unknown command: #{command}" )
 				Runtime::EXIT_ERROR