carson 4.3.0 → 4.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d25d50d20c3cc3244b3ab246ca7f5b661e097146993fee1cc5b8dd66f978938
-  data.tar.gz: 1d2f6a26fc79dc62688c409557f2b74328f593f2e582af17c4a6fa020bb1b75b
+  metadata.gz: cef1919871b9d457a8b1ad95b2faa127cbb1a740fa211bf48e1b18110141be5a
+  data.tar.gz: bd4f1107862848b8a60d5ef794f43127a6b8f14146ed781bfe72d841220f4190
 SHA512:
-  metadata.gz: 234de9b2d4bad297af4b7bf24bd396629690bde5925fa743d9438316dcbb146f88e444b0aed61a72c022de32e34ba09aeedfb078afc4711973437eb5a38e6279
-  data.tar.gz: 2d3438c23a8146367289413e28d756eee5cb303c58c5820273f471482a83f351d0fc379a3db01a6edbbcdd5f13afbce508b8f999344d0e295dfb6fd74c816f88
+  metadata.gz: c4047e729026abc15be0601316a3521249cdc392c60b24b6ebf61bf5454746d48d649f16f2cda705e5a01ed2c9cce91ac2b407fd8d10ad670453fd2d0742d243
+  data.tar.gz: 9dee7343ec14dbf351fce53e0da6b406e52fe64bb71e736bb70ad23dc22c2e82013d34705d901d7b304d79b6cb40ef1cb8cc0c3412da9796ab6d853e81648156

data/.github/workflows/carson_policy.yml

@@ -62,10 +62,6 @@ jobs:
         working-directory: host
         run: carson refresh
 
-      - name: Carson audit
-        working-directory: host
-        run: carson audit
-
       - name: Carson review gate
         working-directory: host
         env:

data/API.md

@@ -21,7 +21,7 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 |---|---|
 | `carson setup` | Interactive quiz to configure remote, main branch, workflow, and canonical lint-policy path. Writes `~/.carson/config.json`. |
 | `carson onboard <repo_path>` | Apply one-command baseline setup for a target git repository. Auto-triggers `setup` on first run. Installs or refreshes Carson-managed global hooks. |
-| `carson refresh` | Re-apply hooks, templates, and audit across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
+| `carson refresh` | Re-apply hooks and templates across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
 | `carson offboard <repo_path>` | Remove Carson-managed host artefacts, detach Carson hooks path, and deregister from `govern.repos`. |
 | `carson list [--json]` | List all governed repositories. |
 
@@ -29,9 +29,8 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 
 | Command | Purpose |
 |---|---|
-| `carson audit` | Evaluate governance status and generate report output. |
 | `carson deliver [--commit MESSAGE]` | Run Carson-owned branch delivery for the current checkout. Plain `deliver` transports existing commits only; `--commit` creates one all-dirty delivery commit first. Before push, Carson verifies the branch is fresh against the configured remote `main`; behind or unknown freshness blocks delivery without creating or refreshing a PR. If freshness is good, Carson pushes, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, syncs local `main`, and reports merge proof for the delivered branch. Non-integrated exits report `Merge deferred` or `Merge blocked` with explicit handoff commands. |
-| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, merges through the recovery path, and records a machine-readable audit event. |
+| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, and merges through the recovery path. |
 | `carson sync` | Fast-forward local `main` from configured remote when tree is clean. |
 | `carson prune` | Remove stale local branches whose upstream refs no longer exist. |
 | `carson housekeep [--json] [--dry-run]` | Attempt to sync the current repo, then reap worktrees with strong abandonment evidence, reconcile integrated delivery worktree records from the ledger, and prune stale branches. Safe cleanup still runs when sync is blocked. |

data/MANUAL.md

@@ -40,7 +40,7 @@ On first run (no `~/.carson/config.json` exists), `onboard` launches `carson set
 - Repository `core.hooksPath` alignment to Carson global hooks.
 - Commit-time governance gate via managed `pre-commit` hook.
 - Canonical `.github/*` template synchronisation (when `lint.canonical` is configured).
-- Initial governance audit.
+- Initial governance status check.
 
 ### Reconfigure later
 
@@ -78,7 +78,7 @@ jobs:
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
 - `CARSON_READ_TOKEN` must have read access to your policy source repository.
-- The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
+- The reusable workflow installs a pinned RuboCop gem before lint checks; mirror the same pin in host governance workflows for deterministic checks.
 
 ### Canonical Templates
 
@@ -112,7 +112,7 @@ Carson discovers files in this directory and syncs them to governed repos. Root
 
 ## Operating Strategies
 
-These strategies are the audit lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
+These strategies are the design lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
 
 ### Git Strategist
 
@@ -181,7 +181,7 @@ When a governance-owned required check is already red on the default branch, the
 carson recover --check "Carson governance"
 ```
 
-Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a machine-readable audit event before reporting success.
+Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a recovery event before reporting success.
 
 If Carson refuses recovery, the message explains the exact missing proof or remaining gate and tells you what to do next.
 
@@ -255,13 +255,13 @@ The two tools serve different layers. EnterWorktree owns the session (CWD switch
 
 ```bash
 carson sync                                          # fast-forward local main
-carson audit                                         # full governance check
+carson status                                        # check repository state
 ```
 
 **Before push or PR update:**
 
 ```bash
-carson audit
+carson status
 carson template check
 ```
 
@@ -287,7 +287,7 @@ carson list --json      # machine-readable output
 **Portfolio maintenance:**
 
 ```bash
-carson refresh                 # re-apply hooks, templates, audit across all repos
+carson refresh                 # re-apply hooks and templates across all repos
 carson list                    # list all governed repositories
 ```
 
@@ -411,7 +411,7 @@ Change: `CARSON_REVIEW_DISPOSITION`.
 
 How much Carson prints.
 
-- Default: **concise**. A healthy audit prints one line. Problems print actionable summaries with cause and fix.
+- Default: **concise**. A healthy run prints one line. Problems print actionable summaries with cause and fix.
 - `--verbose` restores full diagnostic key-value output for debugging.
 
 ## Configuration

data/README.md

@@ -66,7 +66,7 @@ carson housekeep
 
 `carson deliver` runs Carson-owned branch delivery. Before any push, Carson verifies that the branch is fresh against the configured remote `main` using local git. If freshness is behind or unknown, delivery stops with an explicit block and no PR side effect. After a PR exists, Carson delegates merge eligibility to GitHub's `mergeStateStatus` — if GitHub reports `CLEAN`, Carson proceeds regardless of local ancestor status. Plain `deliver` transports existing commits only; `carson deliver --commit "..."` creates one all-dirty delivery commit first, then continues the same flow. If the branch is fresh, Carson pushes it, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, and syncs local `main`. If the settle window expires without integration, Carson exits with an explicit `Merge deferred` or `Merge blocked` handoff instead of leaving the PR mysteriously open. Deferred and blocked exits say whether Carson attempted merge and list the next commands in order.
 
-When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records an audit event, and never teaches operators to step outside Carson first.
+When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records a recovery event, and never teaches operators to step outside Carson first.
 
 `carson worktree list` is the visibility surface for cleanup: it shows every registered worktree, the branch, PR state, whether the content is already on `main`, and Carson's keep or reap recommendation. Content matching `main` is diagnostic, not standalone proof that a worktree is abandoned. `carson housekeep` is the main cleanup pass: sync main, reap worktrees with strong abandonment evidence (for example a missing directory, merged PR, or closed abandoned PR), and prune stale branches. When work needs to be abandoned instead of landed, use `carson abandon <pr-number|pr-url|branch>` to close the PR and clean up the branch/worktree safely.
 

data/RELEASE.md

@@ -7,6 +7,37 @@ Release-note scope rule:
 
 ## Unreleased
 
+### Removed
+
+- **`carson audit` dissolved.** The audit command and its pre-commit gate have been removed entirely. Three of its seven checks were already enforced by the commands that need them (sealed workbench by `pack!`, working tree by Courier, main sync by `sync!`). The remaining four (PR status, CI baseline, hooks health, outsider fingerprints) were either unproven at commit time or already called by individual commands. Bare `carson` now defaults to `status` instead of `audit`. The pre-commit hook is now a no-op reserved for future use.
+
+### Why
+
+Audit was a remote-centred pre-commit gate — it blocked commits based on delivery-time concerns (PR checks, CI baseline) that don't belong at commit time. In local-centred mode it was purely dead weight. Rather than relocate it to bureau, we verified that none of its unique checks had proven value at any gate, and dissolved the whole thing. Scars, not speculation.
+
+## 4.3.2
+
+### Fixed
+
+- **Vault gives correct recovery when main worktree is dirty.** `vault_blocked` now inspects stderr from `git merge --ff-only` to distinguish dirty-tree conflicts from diverged-history blocks. Previously, both cases got the generic "rebase" advice — misleading when the branch was already a valid fast-forward descendant and the real problem was uncommitted files in the main worktree.
+
+### Why
+
+An agent rebased three times on an already-correct branch because Carson misdiagnosed a dirty-tree block as divergence. The fix: read stderr, give the right advice. Scars, not speculation.
+
+## 4.3.1
+
+### Changed
+
+- **Bureau is an enhancement, not a mode.** Config simplified from `workstyle: local/remote` to `bureau: true/false` (default: false). Local delivery is always the foundation. Bureau adds PR + CI on top.
+- **Pre-push hook simplified to no-op.** Pushes to main are always legitimate — local delivery is the base. The hook no longer needs workstyle detection or push guards.
+- **Parcel-on-main guard added.** `carson deliver` blocks when run from main itself — agents must work on a workbench.
+- **Output: "Synced to remote"** replaces "Pushed to remote". Sync is objective.
+
+### Why
+
+The key insight: remote-centred is not a different path — it's local delivery with Bureau enhancement bolted on. One path, optional layer. `workstyle` dissolved into a single `bureau` toggle. 72 insertions, 166 deletions.
+
 ## 4.3.0
 
 ### New

data/VERSION

@@ -1 +1 @@
-4.3.0
+4.3.2

data/config/hooks/pre-commit

@@ -1,19 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-if [[ -n "${CARSON_BIN:-}" ]]; then
-	carson_command=( "$CARSON_BIN" )
-elif command -v carson >/dev/null 2>&1; then
-	carson_command=( "carson" )
-else
-	echo "Carson policy: 'carson' command is required for pre-commit governance checks." >&2
-	echo "Install Carson and rerun 'carson prepare'." >&2
-	exit 1
-fi
-
-if ! "${carson_command[@]}" audit; then
-	echo "Carson policy: commit blocked by governance audit." >&2
-	echo "Resolve reported policy blocks before committing." >&2
-	echo "If lint policy files are missing, run: carson lint policy --source <path-or-git-url>" >&2
-	exit 1
-fi
+# Pre-commit hook — reserved for future use.
+exit 0

data/config/hooks/pre-push

@@ -1,60 +1,14 @@
 #!/usr/bin/env bash
-# Carson pre-push hook — enforces push policy in governed repositories.
+# Carson pre-push hook.
 #
-# Guards:
-#   1. Blocks direct push to main/master refs.
-#   2. Blocks raw git push in governed repos — agents must use `carson deliver`.
-#      Carson bypasses via --no-verify internally. No env-var signal to spoof.
+# Local delivery is always the base — pushes to main are legitimate.
+# When bureau enhancement is enabled, the Bureau path runs through
+# Runtime.deliver!, not through raw git push. So the hook has nothing
+# to enforce in either case.
 #
-# Bypass: git push --no-verify
+# The hook remains installed for future use (e.g. bureau-specific guards).
+# For now: consume stdin and exit.
 set -euo pipefail
 
-hooks_dir="$(cd "$(dirname "$0")" && pwd)"
-style="$(cat "$hooks_dir/workflow_style" 2>/dev/null || echo "branch")"
-[ "$style" = "trunk" ] && exit 0
-
-# --- Guard 1: block pushes to main/master refs ---
-
-remote_name="${1:-unknown}"
-remote_url="${2:-unknown}"
-has_commit_push=false
-while read -r local_ref local_sha remote_ref remote_sha; do
-	case "$remote_ref" in
-		refs/heads/main|refs/heads/master)
-			echo "Pushes to ${remote_ref#refs/heads/} go through PRs, not direct push." >&2
-			echo "Use \`carson deliver\` instead — it handles push, PR, and merge with safety guards." >&2
-			echo "Bypass: git push --no-verify" >&2
-			exit 1
-			;;
-	esac
-	[[ "$local_sha" != "0000000000000000000000000000000000000000" ]] && has_commit_push=true
-done
-
-# --- Guard 2: block raw git push in governed repos ---
-# All pushes in governed repos are blocked unconditionally.
-# Carson bypasses this hook via --no-verify when pushing internally.
-# No env-var bypass — cannot be spoofed.
-
-config_file="${HOME}/.carson/config.json"
-if [[ -f "$config_file" ]]; then
-	repo_root="$(git rev-parse --show-toplevel 2>/dev/null || echo "")"
-	if [[ -n "$repo_root" ]]; then
-		normalised="$(cd "$repo_root" && pwd -P)"
-		if grep -qF "\"$normalised\"" "$config_file" 2>/dev/null; then
-			echo "This repo is Carson-governed — use \`carson deliver\` instead of raw \`git push\`." >&2
-			echo "Use \`carson deliver\` instead — it handles push, PR, and merge with safety guards." >&2
-			echo "Bypass: git push --no-verify" >&2
-			exit 1
-		fi
-	fi
-fi
-
-# --- Template sync on push ---
-
-if $has_commit_push; then
-	if [[ -n "${CARSON_BIN:-}" ]]; then
-		ruby "$CARSON_BIN" template apply --push-prep || exit 1
-	else
-		carson template apply --push-prep || exit 1
-	fi
-fi
+cat > /dev/null
+exit 0

data/lib/carson/adapters/agent.rb

@@ -3,7 +3,7 @@ module Carson
 	module Adapters
 		module Agent
 			WorkOrder = Struct.new( :repo, :branch, :pr_number, :objective, :context, :acceptance_checks, keyword_init: true )
-			# objective: "fix_ci" | "address_review" | "fix_audit"
+			# objective: "fix_ci" | "address_review"
 			# context: String (legacy — PR title) or Hash with structured evidence:
 			#   fix_ci:         { title:, ci_logs:, ci_run_url:, prior_attempt: { summary:, dispatched_at: } }
 			#   address_review: { title:, review_findings: [{ kind:, url:, body: }], prior_attempt: ... }

data/lib/carson/config.rb

@@ -28,13 +28,12 @@ module Carson
 			:review_wait_seconds, :review_poll_seconds, :review_max_polls, :review_sweep_window_days,
 			:review_sweep_states, :review_disposition, :review_risk_keywords,
 			:review_tracking_issue_title, :review_tracking_issue_label, :review_bot_usernames,
-			:audit_advisory_check_names,
 			:workflow_style,
 			:govern_repos, :govern_merge_method,
 			:govern_agent_provider, :govern_state_path,
 			:govern_check_wait,
 			:poll_interval_at_bureau,
-			:workstyle
+			:bureau
 
 		def self.load( repo_root: )
 			base_data = default_data
@@ -80,13 +79,10 @@ module Carson
 						"label" => "carson-review-sweep"
 					}
 				},
-				"audit" => {
-					"advisory_check_names" => [ "Scheduled review sweep", "Carson governance", "Tag, release, publish" ]
-				},
 				"deliver" => {
 				"poll_interval_at_bureau" => 30
 			},
-			"workstyle" => "local",
+			"bureau" => false,
 			"govern" => {
 					"repos" => [],
 					"merge" => {
@@ -170,9 +166,6 @@ module Carson
 			sweep[ "states" ] = states unless states.empty?
 			bot_usernames = env_string_array( key: "CARSON_REVIEW_BOT_USERNAMES" )
 			review[ "bot_usernames" ] = bot_usernames unless bot_usernames.empty?
-			audit = fetch_hash_section( data: copy, key: "audit" )
-			advisory_names = env_string_array( key: "CARSON_AUDIT_ADVISORY_CHECK_NAMES" )
-			audit[ "advisory_check_names" ] = advisory_names unless advisory_names.empty?
 			deliver = fetch_hash_section( data: copy, key: "deliver" )
 			deliver[ "poll_interval_at_bureau" ] = env_integer( key: "CARSON_POLL_INTERVAL_AT_BUREAU", fallback: deliver.fetch( "poll_interval_at_bureau" ) )
 			govern = fetch_hash_section( data: copy, key: "govern" )
@@ -243,14 +236,10 @@ module Carson
 			@review_tracking_issue_title = fetch_string( hash: tracking_issue_hash, key: "title" )
 			@review_tracking_issue_label = fetch_string( hash: tracking_issue_hash, key: "label" )
 			@review_bot_usernames = fetch_optional_string_array( hash: review_hash, key: "bot_usernames" )
-			audit_hash = fetch_hash( hash: data, key: "audit" )
-			@audit_advisory_check_names = fetch_optional_string_array( hash: audit_hash, key: "advisory_check_names" )
-
 			deliver_hash = fetch_hash( hash: data, key: "deliver" )
 			@poll_interval_at_bureau = fetch_non_negative_integer( hash: deliver_hash, key: "poll_interval_at_bureau" )
 
-			workstyle_raw = data.fetch( "workstyle", "local" ).to_s.downcase
-			@workstyle = [ "local", "remote" ].include?( workstyle_raw ) ? workstyle_raw.to_sym : :local
+			@bureau = !!data.fetch( "bureau", false )
 
 			govern_hash = fetch_hash( hash: data, key: "govern" )
 			@govern_repos = fetch_optional_string_array( hash: govern_hash, key: "repos" ).map { |path| safe_expand_path( path ) }

data/lib/carson/courier.rb

@@ -64,11 +64,10 @@ module Carson
 	# == Workstyle
 	#
 	# The courier's gesture depends on the workstyle:
-	# - :local — push main to backup vault (simple, no PR, no waiting)
-	# - :remote — ship → waybill → bureau → acceptance (complex Bureau trip)
-	#
-	# The courier doesn't know whether it's doing "backup" or "primary" —
-	# it just delivers to wherever the workstyle dictates.
+	# The courier delivers parcels. The default gesture is local: sync the
+	# vault to the remote. When bureau enhancement is enabled, the courier
+	# also files a PR and waits for Bureau checks — but that path runs
+	# through Runtime.deliver!, not through this default gesture.
 	class Courier
 		# Exit codes — shared contract between Carson employees and the CLI.
 		OK = 0
@@ -80,9 +79,9 @@ module Carson
 		# The courier checks the bureau up to 6 times before leaving.
 		MAX_CHECKS_AT_BUREAU = 6
 
-		def initialize( warehouse, workstyle: :local, ledger: nil, merge_method: "rebase", poll_interval_at_bureau: 30, output: $stdout )
+		def initialize( warehouse, bureau: false, ledger: nil, merge_method: "rebase", poll_interval_at_bureau: 30, output: $stdout )
 			@warehouse = warehouse
-			@workstyle = workstyle
+			@bureau = bureau
 			@ledger = ledger
 			@merge_method = merge_method
 			@poll_interval_at_bureau = poll_interval_at_bureau
@@ -90,10 +89,10 @@ module Carson
 		end
 
 		# Deliver a parcel.
-		# Local gesture: push main to backup vault.
-		# Remote gesture: ship to Bureau, file waybill, poll, register.
+		# Default: sync the vault to the remote.
+		# Bureau enhancement: also file waybill, poll, register.
 		def deliver( parcel, title: nil, body_file: nil, commit_message: nil )
-			return deliver_locally( parcel ) if @workstyle == :local
+			return deliver_locally( parcel ) unless @bureau
 
 			result = {
 				command: "deliver",
@@ -255,9 +254,9 @@ module Carson
 			result[ :diagnostic ] = waybill.ci_diagnostic
 		end
 
-		# Local gesture: push main to the backup vault.
+		# Local gesture: sync the vault to the remote.
 		# The parcel is already in the vault (accepted by the Warehouse).
-		# The courier's job is to push the vault state to the remote backup.
+		# The courier's job is to push the vault state to the remote.
 		def deliver_locally( parcel )
 			result = {
 				command: "deliver",
@@ -269,11 +268,9 @@ module Carson
 			main = @warehouse.main_label
 			root = @warehouse.main_worktree_root
 
-			# --no-verify bypasses the pre-push hook that blocks direct pushes
-			# to main in governed repos. This IS Carson's delivery — the vault
-			# accepted the parcel, now the courier backs it up.
+			# The pre-push hook understands local workstyle — no bypass needed.
 			_, stderr, status = Open3.capture3(
-				"git", "-C", root, "push", "--no-verify", remote, main
+				"git", "-C", root, "push", remote, main
 			)
 
 			if status.success?
@@ -284,7 +281,7 @@ module Carson
 				result[ :exit ] = OK
 				result[ :outcome ] = "delivered"
 				result[ :synced ] = false
-				result[ :backup_error ] = stderr.strip
+				result[ :sync_error ] = stderr.strip
 			end
 
 			result

data/lib/carson/runtime/deliver.rb

@@ -20,7 +20,7 @@ module Carson
 					head: current_head
 				)
 				courier = Courier.new( warehouse,
-				workstyle: :remote,
+				bureau: true,
 				ledger: ledger,
 				merge_method: config.govern_merge_method,
 				poll_interval_at_bureau: config.poll_interval_at_bureau,

data/lib/carson/runtime/local/onboard.rb

@@ -1,12 +1,12 @@
 # Repository onboarding and refresh lifecycle.
-# Onboard: detect remote, install hooks, apply templates, run initial audit.
+# Onboard: detect remote, install hooks, apply templates.
 # Refresh: re-apply hooks and templates after Carson upgrade.
 # Refresh all: batch refresh across governed portfolio with safety checks.
 module Carson
 	class Runtime
 		module Local
 			# One-command onboarding for new repositories: detect remote, install hooks,
-			# apply templates, and run initial audit.
+			# and apply templates.
 			def onboard!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -32,7 +32,7 @@ module Carson
 				onboard_apply!
 			end
 
-			# Re-applies hooks, templates, and audit after upgrading Carson.
+			# Re-applies hooks and templates after upgrading Carson.
 			def refresh!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -55,13 +55,8 @@ module Carson
 
 					@template_sync_result = template_propagate!( drift_count: drift_count + stale_count )
 
-					audit_status = audit!
-					if audit_status == EXIT_OK
-						puts_line "OK: Carson refresh completed for #{repo_root}."
-					elsif audit_status == EXIT_BLOCK
-						puts_line "Refresh complete — some checks need attention. Run carson audit for details."
-					end
-					return audit_status
+					puts_line "OK: Carson refresh completed for #{repo_root}."
+					return EXIT_OK
 				end
 
 				puts_line "Refresh"
@@ -82,12 +77,11 @@ module Carson
 
 				@template_sync_result = template_propagate!( drift_count: total_drift )
 
-				audit_status = audit!
 				puts_line "Refresh complete."
-				audit_status
+				EXIT_OK
 			end
 
-			# Re-applies hooks, templates, and audit across all governed repositories.
+			# Re-applies hooks and templates across all governed repositories.
 			# Checks each repo for safety (active worktrees, uncommitted changes) and
 			# marks unsafe repos as pending to avoid disrupting active work.
 			def refresh_all!
@@ -202,7 +196,7 @@ module Carson
 
 		private
 
-			# Concise onboard orchestration: hooks, templates, remote, audit, guidance.
+			# Concise onboard orchestration: hooks, templates, remote, guidance.
 			def onboard_apply!
 				hook_status = with_captured_output { prepare! }
 				return hook_status unless hook_status == EXIT_OK
@@ -218,7 +212,6 @@ module Carson
 				end
 
 				onboard_report_remote!
-				audit_status = onboard_run_audit!
 
 				puts_line ""
 				puts_line "Carson at your service."
@@ -235,7 +228,7 @@ module Carson
 				puts_line ""
 				puts_line "To adjust any setting: carson setup"
 
-				audit_status
+				EXIT_OK
 			end
 
 			# Friendly remote status for onboard output.
@@ -247,33 +240,6 @@ module Carson
 				end
 			end
 
-			# Runs audit with captured output; reports summary instead of full detail.
-			def onboard_run_audit!
-				audit_error = nil
-				audit_status = with_captured_output { audit! }
-			rescue StandardError => exception
-				audit_error = exception
-				audit_status = EXIT_OK
-			ensure
-				return onboard_print_audit_result( status: audit_status, error: audit_error )
-			end
-
-			def onboard_print_audit_result( status:, error: )
-				if error
-					if error.message.to_s.match?( /HEAD|rev-parse/ )
-						puts_line "No commits yet — run carson audit after your first commit."
-					else
-						puts_line "Audit skipped — run carson audit for details."
-					end
-					return EXIT_OK
-				end
-
-				if status == EXIT_BLOCK
-					puts_line "Some checks need attention — run carson audit for details."
-				end
-				status
-			end
-
 			# Verifies configured remote exists and logs status without mutating remotes.
 			def report_detected_remote!
 				if git_remote_exists?( remote_name: config.git_remote )

data/lib/carson/runtime/receive.rb

@@ -365,7 +365,7 @@ module Carson
 				case cause
 				when "ci" then "fix_ci"
 				when "review" then "address_review"
-				else "fix_audit"
+				else "fix_ci"
 				end
 			end
 

data/lib/carson/runtime/recover.rb

@@ -84,14 +84,14 @@ module Carson
 				}
 				if baseline.fetch( :status ) == "skipped"
 					result[ :error ] = "unable to verify the default-branch baseline: #{baseline.fetch( :skip_reason )}"
-					result[ :recovery ] = "run carson audit after fixing GitHub access"
+					result[ :recovery ] = "run carson status after fixing GitHub access"
 					return recover_finish( result: result, exit_code: EXIT_ERROR, json_output: json_output )
 				end
 
 				baseline_entry = recovery_baseline_entry( baseline: baseline, check_name: check_name )
 				if baseline_entry.nil?
 					result[ :error ] = "#{check_name} is not red on #{baseline.fetch( :default_branch, config.main_branch )}"
-					result[ :recovery ] = "run carson audit to confirm the baseline check state"
+					result[ :recovery ] = "run carson status to confirm the baseline check state"
 					return recover_finish( result: result, exit_code: EXIT_BLOCK, json_output: json_output )
 				end
 
@@ -408,7 +408,7 @@ module Carson
 				elsif result[ :synced ]
 					puts_line "Synced local #{result.fetch( :main_branch )}."
 				end
-				puts_line "Recorded recovery audit for #{result.fetch( :check )}."
+				puts_line "Recorded recovery for #{result.fetch( :check )}."
 				puts_line "Check back with #{result.fetch( :next_step )}" if result[ :next_step ]
 			end
 		end

data/lib/carson/runtime/review/sweep_support.rb

@@ -163,7 +163,7 @@ module Carson
 					}
 				end
 
-				# When sweep is clear, close prior tracking issue and add one clear audit comment.
+				# When sweep is clear, close prior tracking issue and add a clear comment.
 				def close_review_sweep_issue_if_open( repo_slug:, issue: )
 					return { action: "none", issue: nil } if issue.nil?
 					return { action: "none", issue: issue } unless issue.fetch( :state ) == "OPEN"

data/lib/carson/runtime.rb

@@ -14,8 +14,6 @@ module Carson
 		EXIT_ERROR = 1
 		EXIT_BLOCK = 2
 
-		REPORT_MD = "pr_report_latest.md".freeze
-		REPORT_JSON = "pr_report_latest.json".freeze
 		REVIEW_GATE_REPORT_MD = "review_gate_latest.md".freeze
 		REVIEW_GATE_REPORT_JSON = "review_gate_latest.json".freeze
 		REVIEW_SWEEP_REPORT_MD = "review_sweep_latest.md".freeze
@@ -43,7 +41,7 @@ module Carson
 		attr_reader :template_sync_result
 
 		# Lazy ledger: only constructed when a command actually needs delivery state.
-		# Read-only commands (worktree list, audit, prune, sync) never touch the
+		# Read-only commands (worktree list, prune, sync) never touch the
 		# govern state lock file.
 		def ledger
 			@ledger ||= Ledger.new( path: @config.govern_state_path )
@@ -115,7 +113,7 @@ module Carson
 			success
 		end
 
-		# Human-readable plural suffix helper for audit messaging.
+		# Human-readable plural suffix helper.
 		def plural_suffix( count: )
 			count.to_i == 1 ? "" : "s"
 		end
@@ -366,7 +364,6 @@ module Carson
 end
 
 require_relative "runtime/local"
-require_relative "runtime/audit"
 require_relative "runtime/loop_runner"
 require_relative "runtime/housekeep"
 require_relative "runtime/list"

data/lib/carson/warehouse/vault.rb

@@ -63,12 +63,22 @@ module Carson
 			end
 
 			# Build the blocked/error result when vault acceptance fails.
+			# Distinguishes dirty-tree conflicts from diverged-history blocks
+			# so the agent gets the correct recovery advice.
 			def vault_blocked( parcel, stderr )
-				{
-					status: "block",
-					error: "#{parcel.label} cannot be fast-forwarded into #{@main_label}.",
-					recovery: "Rebase onto #{@main_label} and deliver again."
-				}
+				if stderr.to_s.include?( "would be overwritten" )
+					{
+						status: "block",
+						error: "Main worktree has uncommitted changes that conflict with #{parcel.label}.",
+						recovery: "Commit or discard the dirty files in the main worktree, then deliver again."
+					}
+				else
+					{
+						status: "block",
+						error: "#{parcel.label} cannot be fast-forwarded into #{@main_label}.",
+						recovery: "Rebase onto #{@main_label} and deliver again."
+					}
+				end
 			end
 
 		end