carson 3.21.0 → 3.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8274b4268c0fc93eeb9323f2b9fd0d4e042001d1633ccde431afcb7f61448bae
-  data.tar.gz: cff9a441857c256c82bf0f395c92a29a2879c5f1da45c4de3ae1232803e0ea5f
+  metadata.gz: e75b6729cf0c977beb1ace5da390f41ae20d80208d7470c97b145b76e44cb3ad
+  data.tar.gz: 24d85c37e66498731b9d980b39017a4d73c06c93acd1dd8018e74b33e951d4df
 SHA512:
-  metadata.gz: 375300bdb2789594fa0a088c3f2d983a31aa492884b7fd399e76f0531885c191b81d855dd35c9d79a488cca6a3fdbdc3da35a9ac24d820901a34558d60bbc4f2
-  data.tar.gz: a5f3ddb10f668b7003578c62bdec28b95c0c584cfe5c93da38d50ffc01e4a03f4a91c31053d02a7a97af396baa247917ce3a5edf95608d801c9ce274024cde04
+  metadata.gz: df4ff4c103415e7ff448ee5c8d7bbd60b4259afa15f522d840519b420e0202dc8cb7e86af7d27df0174c8df963eb57cf13fd578678e3c960b669f94e81089d6b
+  data.tar.gz: fcc758b8416931f303dbd72bcabac9f703b844c79b1dd37eec4572b43abe455bca81ca0f8f9871c09a2ee27f086f70c3e977b78b5c078d6820d8f8d770fb74c2

data/LICENSE

@@ -1,21 +1,91 @@
-MIT License
-
-Copyright (c) 2026 Hailei Wang (WHL) <wanghailei@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+# PolyForm Shield License 1.0.0
+
+<https://polyformproject.org/licenses/shield/1.0.0>
+
+Required Notice: Copyright (c) 2026 Hailei Wang (WHL) <wanghailei@gmail.com>
+
+## Acceptance
+
+In order to get any license under these terms, you must agree to them as both strict obligations and conditions to all your licenses.
+
+## Copyright License
+
+The licensor grants you a copyright license for the software to do everything you might do with the software that would otherwise infringe the licensor's copyright in it for any permitted purpose. However, you may only distribute the software according to Distribution License and make changes or new works based on the software according to Changes and New Works License.
+
+## Distribution License
+
+The licensor grants you an additional copyright license to distribute copies of the software. Your license to distribute covers distributing the software with changes and new works permitted by Changes and New Works License.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these terms or the URL for them above, as well as copies of any plain-text lines beginning with `Required Notice:` that the licensor provided with the software. For example:
+
+> Required Notice: Copyright Yoyodyne, Inc. (http://example.com)
+
+## Changes and New Works License
+
+The licensor grants you an additional copyright license to make changes and new works based on the software for any permitted purpose.
+
+## Patent License
+
+The licensor grants you a patent license for the software that covers patent claims the licensor can license, or becomes able to license, that you would infringe by using the software.
+
+## Noncompete
+
+Any purpose is a permitted purpose, except for providing any product that competes with the software or any product the licensor or any of its affiliates provides using the software.
+
+## Competition
+
+Goods and services compete even when they provide functionality through different kinds of interfaces or for different technical platforms. Applications can compete with services, libraries with plugins, frameworks with development tools, and so on, even if they're written in different programming languages or for different computer architectures. Goods and services compete even when provided free of charge. If you market a product as a practical substitute for the software or another product, it definitely competes.
+
+## New Products
+
+If you are using the software to provide a product that does not compete, but the licensor or any of its affiliates brings your product into competition by providing a new version of the software or another product using the software, you may continue using versions of the software available under these terms beforehand to provide your competing product, but not any later versions.
+
+## Discontinued Products
+
+You may begin using the software to compete with a product or service that the licensor or any of its affiliates has stopped providing, unless the licensor includes a plain-text line beginning with `Licensor Line of Business:` with the software that mentions that line of business. For example:
+
+> Licensor Line of Business: YoyodyneCMS Content Management System (http://example.com/cms)
+
+## Sales of Business
+
+If the licensor or any of its affiliates sells a line of business developing the software or using the software to provide a product, the buyer can also enforce Noncompete for that product.
+
+## Fair Use
+
+You may have "fair use" rights for the software under the law. These terms do not limit them.
+
+## No Other Rights
+
+These terms do not allow you to sublicense or transfer any of your licenses to anyone else, or prevent the licensor from granting licenses to anyone else. These terms do not imply any other licenses.
+
+## Patent Defense
+
+If you make any written claim that the software infringes or contributes to infringement of any patent, your patent license for the software granted under these terms ends immediately. If your company makes such a claim, your patent license ends immediately for work on behalf of your company.
+
+## Violations
+
+The first time you are notified in writing that you have violated any of these terms, or done anything with the software not covered by your licenses, your licenses can nonetheless continue if you come into full compliance with these terms, and take practical steps to correct past violations, within 32 days of receiving notice. Otherwise, all your licenses end immediately.
+
+## No Liability
+
+As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim.
+
+## Definitions
+
+The **licensor** is the individual or entity offering these terms, and the **software** is the software the licensor makes available under these terms.
+
+A **product** can be a good or service, or a combination of them.
+
+**You** refers to the individual or entity agreeing to these terms.
+
+**Your company** is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all its affiliates.
+
+**Affiliates** means the other organizations than an organization has control over, is under the control of, or is under common control with.
+
+**Control** means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect.
+
+**Your licenses** are all the licenses granted to you for the software under these terms.
+
+**Use** means anything you do with the software requiring one of your licenses.

data/RELEASE.md

@@ -5,6 +5,27 @@ Release-note scope rule:
 - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
 - Operational usage guides live in `MANUAL.md` and `API.md`.
 
+## 3.22.0
+
+### What changed
+
+- **Command-guard auto-install at CLI startup** — Carson now installs the command-guard hook automatically when any CLI command runs, removing the need for a manual `carson refresh` after install. The guard is installed once and skipped on subsequent invocations.
+- **Stale worktree sweep before portfolio safety check** — `refresh --all` now sweeps stale worktrees before checking repo safety, preventing false "active worktree" skips for worktrees whose branches have already been merged.
+- **Nested config path fix for merge method** — `govern.merge.method` is now read from the correct nested config path instead of the top-level key, fixing repos where the merge method setting was silently ignored.
+- **Deliver proceeds when no CI checks configured** — `deliver --merge` no longer blocks on repos with no CI checks. Previously it waited indefinitely for checks that would never arrive.
+- **Rebase-merge orphan branch pruning** — `prune` now detects branches absorbed into main via rebase merge (tip commit reachable from main) and cleans them up, not just squash-merged branches.
+- **Pluralisation fix** — corrected "branchs" → "branches" in prune and status output.
+
+### UX improvement
+
+- Carson is now fully self-configuring: installing the gem and running any command sets up all safety guards automatically. Batch operations on portfolios no longer false-skip repos with stale worktrees. Repos using rebase merge keep their branch list clean without manual intervention.
+
+## 3.21.1
+
+### What changed
+
+- **Command guard false-positive fix** — the `command-guard` regex now matches `gh pr create/merge` only at command position (start of line or after `&&`, `||`, `;`, `|`). Previously it matched inside string arguments, blocking legitimate commands like `git commit -m 'Document gh pr create hook'`.
+
 ## 3.21.0
 
 ### What changed

data/VERSION

@@ -1 +1 @@
-3.21.0
+3.22.0

data/carson.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
 	spec.summary = "Autonomous repository governance — you write the code, Carson manages everything else."
 	spec.description = "Carson is a governance runtime that lives outside the repositories it governs — no Carson-owned artefacts in your repo. On every commit, managed hooks enforce centralised lint policy and review gates. At portfolio level, carson govern triages every open PR across your registered repositories: merge what's ready, dispatch coding agents to fix what's failing, escalate what needs human judgement. One command, all your projects, unmanned."
 	spec.homepage = "https://github.com/wanghailei/carson"
-	spec.license = "MIT"
+	spec.license = "PolyForm-Shield-1.0.0"
 	spec.required_ruby_version = ">= 3.4"
 	spec.metadata = {
 		"source_code_uri" => "https://github.com/wanghailei/carson",

data/hooks/command-guard

@@ -33,7 +33,9 @@ command_text="$(echo "$input" | jq -r '.tool_input.command // empty' 2>/dev/null
 [ -n "$command_text" ] || exit 0
 
 # Check for gh pr commands that Carson replaces.
-guarded_pattern='gh\s+pr\s+(create|merge)'
+# Match only at command position: start of line, or after a shell operator (&&, ||, ;, |).
+# This avoids false positives from gh pr references inside commit messages or string arguments.
+guarded_pattern='(^|&&|\|\||;|\|)\s*gh\s+pr\s+(create|merge)'
 if ! echo "$command_text" | grep -qE "$guarded_pattern"; then
 	exit 0
 fi

data/lib/carson/cli.rb

@@ -4,6 +4,8 @@ require "optparse"
 module Carson
 	class CLI
 		def self.start( arguments:, repo_root:, tool_root:, output:, error: )
+			ensure_global_artefacts!( tool_root: tool_root )
+
 			parsed = parse_args( arguments: arguments, output: output, error: error )
 			command = parsed.fetch( :command )
 			return Runtime::EXIT_OK if command == :help
@@ -685,6 +687,27 @@ module Carson
 			{ command: :invalid }
 		end
 
+		# --- global artefacts ---
+
+		# Ensures global (non-repo) artefacts are installed at CLI startup.
+		# The command-guard lives at a stable path (~/.carson/hooks/command-guard)
+		# referenced by Claude Code's PreToolUse hook. It must exist regardless of
+		# whether `carson refresh` has been run in any governed repo.
+		def self.ensure_global_artefacts!( tool_root: )
+			source = File.join( tool_root, "hooks", "command-guard" )
+			return unless File.file?( source )
+
+			hooks_base = File.expand_path( "~/.carson/hooks" )
+			target = File.join( hooks_base, "command-guard" )
+			return if File.file?( target ) && FileUtils.identical?( source, target )
+
+			FileUtils.mkdir_p( hooks_base )
+			FileUtils.cp( source, target )
+			FileUtils.chmod( 0o755, target )
+		rescue StandardError
+			# Best-effort — do not block any command if this fails.
+		end
+
 		# --- dispatch ---
 
 		def self.dispatch( parsed:, runtime: )

data/lib/carson/config.rb

@@ -66,7 +66,9 @@ module Carson
 				"govern" => {
 					"repos" => [],
 					"auto_merge" => true,
-					"merge_method" => "squash",
+					"merge" => {
+						"method" => "squash"
+					},
 					"agent" => {
 						"provider" => "auto",
 						"codex" => {},
@@ -154,7 +156,10 @@ module Carson
 			govern_auto_merge = ENV.fetch( "CARSON_GOVERN_AUTO_MERGE", "" ).to_s.strip
 			govern[ "auto_merge" ] = ( govern_auto_merge == "true" ) unless govern_auto_merge.empty?
 			govern_method = ENV.fetch( "CARSON_GOVERN_MERGE_METHOD", "" ).to_s.strip
-			govern[ "merge_method" ] = govern_method unless govern_method.empty?
+			unless govern_method.empty?
+				govern[ "merge" ] ||= {}
+				govern[ "merge" ][ "method" ] = govern_method
+			end
 			agent = fetch_hash_section( data: govern, key: "agent" )
 			govern_provider = ENV.fetch( "CARSON_GOVERN_AGENT_PROVIDER", "" ).to_s.strip
 			agent[ "provider" ] = govern_provider unless govern_provider.empty?
@@ -215,7 +220,8 @@ module Carson
 			govern_hash = fetch_hash( hash: data, key: "govern" )
 			@govern_repos = fetch_optional_string_array( hash: govern_hash, key: "repos" ).map { |path| safe_expand_path( path ) }
 			@govern_auto_merge = fetch_optional_boolean( hash: govern_hash, key: "auto_merge", default: true, key_path: "govern.auto_merge" )
-			@govern_merge_method = fetch_string( hash: govern_hash, key: "merge_method" ).downcase
+			govern_merge_hash = fetch_hash( hash: govern_hash, key: "merge" )
+			@govern_merge_method = fetch_string( hash: govern_merge_hash, key: "method" ).downcase
 			govern_agent_hash = fetch_hash( hash: govern_hash, key: "agent" )
 			@govern_agent_provider = fetch_string( hash: govern_agent_hash, key: "provider" ).downcase
 			dispatch_path = govern_hash.fetch( "dispatch_state_path" ).to_s

data/lib/carson/runtime/audit.rb

@@ -115,12 +115,12 @@ module Carson
 					puts_verbose "[Canonical Templates]"
 					puts_verbose "HINT: canonical templates not configured — run carson setup to enable."
 				end
-					write_and_print_pr_monitor_report(
-						report: monitor_report.merge(
-							default_branch_baseline: default_branch_baseline,
-							audit_status: audit_state
-						)
+				write_and_print_pr_monitor_report(
+					report: monitor_report.merge(
+						default_branch_baseline: default_branch_baseline,
+						audit_status: audit_state
 					)
+				)
 				exit_code = audit_state == "block" ? EXIT_BLOCK : EXIT_OK
 
 				if json_output
@@ -581,7 +581,6 @@ module Carson
 				lines.join( "\n" )
 			end
 
-			# True when there are no staged/unstaged/untracked file changes.
 		end
 
 		include Audit

data/lib/carson/runtime/deliver.rb

@@ -1,7 +1,7 @@
 # PR delivery lifecycle — push, create PR, and optionally merge.
 # Collapses the 8-step manual PR flow into one or two commands.
 # `carson deliver` pushes and creates the PR.
-# `carson deliver --merge` also merges if CI is green.
+# `carson deliver --merge` also merges if CI passes or no checks are configured.
 # `carson deliver --json` outputs structured result for agent consumption.
 module Carson
 	class Runtime
@@ -46,17 +46,14 @@ module Carson
 				result[ :ci ] = ci_status.to_s
 
 				case ci_status
-				when :pass
-					# Continue to review gate.
+				when :pass, :none
+					# Continue to review gate. :none means no checks configured — nothing to wait for.
 				when :pending
 					result[ :recovery ] = "gh pr checks #{pr_number} --watch && carson deliver --merge"
 					return deliver_finish( result: result, exit_code: EXIT_OK, json_output: json_output )
 				when :fail
 					result[ :recovery ] = "gh pr checks #{pr_number} — fix failures, push, then `carson deliver --merge`"
 					return deliver_finish( result: result, exit_code: EXIT_BLOCK, json_output: json_output )
-				else
-					result[ :recovery ] = "gh pr checks #{pr_number}"
-					return deliver_finish( result: result, exit_code: EXIT_OK, json_output: json_output )
 				end
 
 				# Step 4: check review gate — block if changes are requested.
@@ -117,15 +114,14 @@ module Carson
 					case ci
 					when "pass"
 						puts_line "CI: pass"
+					when "none"
+						puts_line "CI: none — no checks configured, proceeding."
 					when "pending"
 						puts_line "CI: pending — merge when checks complete."
 						puts_line "  Recovery: #{result[ :recovery ]}" if result[ :recovery ]
 					when "fail"
 						puts_line "CI: failing — fix before merging."
 						puts_line "  Recovery: #{result[ :recovery ]}" if result[ :recovery ]
-					else
-						puts_line "CI: #{ci} — check manually."
-						puts_line "  Recovery: #{result[ :recovery ]}" if result[ :recovery ]
 					end
 				end
 

data/lib/carson/runtime/local/prune.rb

@@ -78,9 +78,9 @@ module Carson
 					message = if deleted_count > 0 && skipped_count > 0
 						"Pruned #{deleted_count}, skipped #{skipped_count} (--verbose for details)."
 					elsif deleted_count > 0
-						"Pruned #{deleted_count} stale branch#{plural_suffix( count: deleted_count )}."
+						"Pruned #{deleted_count} stale #{ deleted_count == 1 ? 'branch' : 'branches' }."
 					else
-						"Skipped #{skipped_count} branch#{plural_suffix( count: skipped_count )} (--verbose for details)."
+						"Skipped #{skipped_count} #{ skipped_count == 1 ? 'branch' : 'branches' } (--verbose for details)."
 					end
 					puts_line message
 				end
@@ -347,7 +347,7 @@ module Carson
 				counters
 			end
 
-			# Checks a single orphan branch for merged PR evidence and force-deletes if confirmed.
+			# Checks a single orphan branch for merged PR evidence or absorbed content, then force-deletes if confirmed.
 			def prune_orphan_branch_entry( branch: )
 				tip_sha_text, tip_sha_error, tip_sha_success, = git_run( "rev-parse", "--verify", branch.to_s )
 				unless tip_sha_success
@@ -363,6 +363,17 @@ module Carson
 				end
 
 				merged_pr, error = merged_pr_for_branch( branch: branch, branch_tip_sha: branch_tip_sha )
+
+				# Fallback: branch content is already on main (rebase merges rewrite SHAs).
+				if merged_pr.nil? && branch_absorbed_into_main?( branch: branch )
+					merged_pr = {
+						number: nil,
+						url: "absorbed into #{config.main_branch}",
+						merged_at: Time.now.utc.iso8601,
+						head_sha: branch_tip_sha
+					}
+				end
+
 				if merged_pr.nil?
 					reason = error.to_s.strip
 					reason = "no merged PR evidence for branch tip into #{config.main_branch}" if reason.empty?
@@ -374,7 +385,7 @@ module Carson
 				if force_success
 					output.print force_stdout if verbose? && !force_stdout.empty?
 					puts_verbose "deleted_orphan_branch: #{branch} merged_pr=#{merged_pr.fetch( :url )}"
-					return { action: :deleted, branch: branch, upstream: "", type: "orphan", reason: "merged PR evidence found" }
+					return { action: :deleted, branch: branch, upstream: "", type: "orphan", reason: "content absorbed into #{config.main_branch}" }
 				end
 
 				force_error_text = normalise_branch_delete_error( error_text: force_stderr )

data/lib/carson/runtime/local/worktree.rb

@@ -362,7 +362,7 @@ module Carson
 						# Content-aware check: after squash/rebase merge, commit SHAs differ
 						# but the tree content may be identical to main. Compare content,
 						# not SHAs — if the diff is empty, the work is already on main.
-						diff_out, _, diff_ok, = Open3.capture3( "git", "diff", "--quiet", config.main_branch, branch, chdir: worktree_path )
+						_, _, diff_ok, = Open3.capture3( "git", "diff", "--quiet", config.main_branch, branch, chdir: worktree_path )
 						unless diff_ok.success?
 							return { error: "branch has not been pushed to #{remote}",
 								recovery: "git -C #{worktree_path} push -u #{remote} #{branch}, or use --force to override" }

data/lib/carson/runtime/status.rb

@@ -276,7 +276,7 @@ module Carson
 				if stale && stale.fetch( :count ) > 0
 					count = stale.fetch( :count )
 					puts_line ""
-					puts_line "#{count} stale branch#{plural_suffix( count: count )} ready for pruning."
+					puts_line "#{count} stale #{ count == 1 ? 'branch' : 'branches' } ready for pruning."
 				end
 
 				# Governance

data/lib/carson/runtime.rb

@@ -306,8 +306,10 @@ module Carson
 
 			reasons = []
 
-			# Active worktrees beyond the main working tree.
+			# Sweep stale worktrees (merged branches) before counting active ones
+			# so only genuinely active worktrees block the operation.
 			scoped_runtime = build_scoped_runtime( repo_path: repo_path )
+			scoped_runtime.sweep_stale_worktrees!
 			worktrees = scoped_runtime.send( :worktree_list )
 			main_root = scoped_runtime.send( :realpath_safe, repo_path )
 			active = worktrees.reject { |worktree| worktree.fetch( :path ) == main_root }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: carson
 version: !ruby/object:Gem::Version
-  version: 3.21.0
+  version: 3.22.0
 platform: ruby
 authors:
 - Hailei Wang
@@ -80,7 +80,7 @@ files:
 - templates/.github/pull_request_template.md
 homepage: https://github.com/wanghailei/carson
 licenses:
-- MIT
+- PolyForm-Shield-1.0.0
 metadata:
   source_code_uri: https://github.com/wanghailei/carson
   changelog_uri: https://github.com/wanghailei/carson/blob/main/RELEASE.md