carson 4.3.1 → 4.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aaef0edd290f56dd797540049069bdb07d2d5e86cef8ca30c6c40d735d37740e
-  data.tar.gz: 6b5d0df422508ef217f275fdaed1ecbc0a6b3b1e800acab0c1520c38a3cd58cd
+  metadata.gz: cef1919871b9d457a8b1ad95b2faa127cbb1a740fa211bf48e1b18110141be5a
+  data.tar.gz: bd4f1107862848b8a60d5ef794f43127a6b8f14146ed781bfe72d841220f4190
 SHA512:
-  metadata.gz: eede4e41d8d530bb528d0515352f6879b2c4b8f64dacec0c767128f4f8151dcb22b620d0d946ebac395e5edb199f0296acfd7120c4aa211c3e70fc0069910fe1
-  data.tar.gz: ce5aa317bba3e47807e918a1432ae2ff9b7254f8f921e09420062e84cefd4bdee3eb3de20073e6d8c1167c6ccde487ac267842f4fc17ec2b6dce4ca6eedf70f8
+  metadata.gz: c4047e729026abc15be0601316a3521249cdc392c60b24b6ebf61bf5454746d48d649f16f2cda705e5a01ed2c9cce91ac2b407fd8d10ad670453fd2d0742d243
+  data.tar.gz: 9dee7343ec14dbf351fce53e0da6b406e52fe64bb71e736bb70ad23dc22c2e82013d34705d901d7b304d79b6cb40ef1cb8cc0c3412da9796ab6d853e81648156

data/.github/workflows/carson_policy.yml

@@ -62,10 +62,6 @@ jobs:
         working-directory: host
         run: carson refresh
 
-      - name: Carson audit
-        working-directory: host
-        run: carson audit
-
       - name: Carson review gate
         working-directory: host
         env:

data/API.md

@@ -21,7 +21,7 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 |---|---|
 | `carson setup` | Interactive quiz to configure remote, main branch, workflow, and canonical lint-policy path. Writes `~/.carson/config.json`. |
 | `carson onboard <repo_path>` | Apply one-command baseline setup for a target git repository. Auto-triggers `setup` on first run. Installs or refreshes Carson-managed global hooks. |
-| `carson refresh` | Re-apply hooks, templates, and audit across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
+| `carson refresh` | Re-apply hooks and templates across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
 | `carson offboard <repo_path>` | Remove Carson-managed host artefacts, detach Carson hooks path, and deregister from `govern.repos`. |
 | `carson list [--json]` | List all governed repositories. |
 
@@ -29,9 +29,8 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 
 | Command | Purpose |
 |---|---|
-| `carson audit` | Evaluate governance status and generate report output. |
 | `carson deliver [--commit MESSAGE]` | Run Carson-owned branch delivery for the current checkout. Plain `deliver` transports existing commits only; `--commit` creates one all-dirty delivery commit first. Before push, Carson verifies the branch is fresh against the configured remote `main`; behind or unknown freshness blocks delivery without creating or refreshing a PR. If freshness is good, Carson pushes, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, syncs local `main`, and reports merge proof for the delivered branch. Non-integrated exits report `Merge deferred` or `Merge blocked` with explicit handoff commands. |
-| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, merges through the recovery path, and records a machine-readable audit event. |
+| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, and merges through the recovery path. |
 | `carson sync` | Fast-forward local `main` from configured remote when tree is clean. |
 | `carson prune` | Remove stale local branches whose upstream refs no longer exist. |
 | `carson housekeep [--json] [--dry-run]` | Attempt to sync the current repo, then reap worktrees with strong abandonment evidence, reconcile integrated delivery worktree records from the ledger, and prune stale branches. Safe cleanup still runs when sync is blocked. |

data/MANUAL.md

@@ -40,7 +40,7 @@ On first run (no `~/.carson/config.json` exists), `onboard` launches `carson set
 - Repository `core.hooksPath` alignment to Carson global hooks.
 - Commit-time governance gate via managed `pre-commit` hook.
 - Canonical `.github/*` template synchronisation (when `lint.canonical` is configured).
-- Initial governance audit.
+- Initial governance status check.
 
 ### Reconfigure later
 
@@ -78,7 +78,7 @@ jobs:
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
 - `CARSON_READ_TOKEN` must have read access to your policy source repository.
-- The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
+- The reusable workflow installs a pinned RuboCop gem before lint checks; mirror the same pin in host governance workflows for deterministic checks.
 
 ### Canonical Templates
 
@@ -112,7 +112,7 @@ Carson discovers files in this directory and syncs them to governed repos. Root
 
 ## Operating Strategies
 
-These strategies are the audit lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
+These strategies are the design lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
 
 ### Git Strategist
 
@@ -181,7 +181,7 @@ When a governance-owned required check is already red on the default branch, the
 carson recover --check "Carson governance"
 ```
 
-Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a machine-readable audit event before reporting success.
+Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a recovery event before reporting success.
 
 If Carson refuses recovery, the message explains the exact missing proof or remaining gate and tells you what to do next.
 
@@ -255,13 +255,13 @@ The two tools serve different layers. EnterWorktree owns the session (CWD switch
 
 ```bash
 carson sync                                          # fast-forward local main
-carson audit                                         # full governance check
+carson status                                        # check repository state
 ```
 
 **Before push or PR update:**
 
 ```bash
-carson audit
+carson status
 carson template check
 ```
 
@@ -287,7 +287,7 @@ carson list --json      # machine-readable output
 **Portfolio maintenance:**
 
 ```bash
-carson refresh                 # re-apply hooks, templates, audit across all repos
+carson refresh                 # re-apply hooks and templates across all repos
 carson list                    # list all governed repositories
 ```
 
@@ -411,7 +411,7 @@ Change: `CARSON_REVIEW_DISPOSITION`.
 
 How much Carson prints.
 
-- Default: **concise**. A healthy audit prints one line. Problems print actionable summaries with cause and fix.
+- Default: **concise**. A healthy run prints one line. Problems print actionable summaries with cause and fix.
 - `--verbose` restores full diagnostic key-value output for debugging.
 
 ## Configuration

data/README.md

@@ -66,7 +66,7 @@ carson housekeep
 
 `carson deliver` runs Carson-owned branch delivery. Before any push, Carson verifies that the branch is fresh against the configured remote `main` using local git. If freshness is behind or unknown, delivery stops with an explicit block and no PR side effect. After a PR exists, Carson delegates merge eligibility to GitHub's `mergeStateStatus` — if GitHub reports `CLEAN`, Carson proceeds regardless of local ancestor status. Plain `deliver` transports existing commits only; `carson deliver --commit "..."` creates one all-dirty delivery commit first, then continues the same flow. If the branch is fresh, Carson pushes it, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, and syncs local `main`. If the settle window expires without integration, Carson exits with an explicit `Merge deferred` or `Merge blocked` handoff instead of leaving the PR mysteriously open. Deferred and blocked exits say whether Carson attempted merge and list the next commands in order.
 
-When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records an audit event, and never teaches operators to step outside Carson first.
+When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records a recovery event, and never teaches operators to step outside Carson first.
 
 `carson worktree list` is the visibility surface for cleanup: it shows every registered worktree, the branch, PR state, whether the content is already on `main`, and Carson's keep or reap recommendation. Content matching `main` is diagnostic, not standalone proof that a worktree is abandoned. `carson housekeep` is the main cleanup pass: sync main, reap worktrees with strong abandonment evidence (for example a missing directory, merged PR, or closed abandoned PR), and prune stale branches. When work needs to be abandoned instead of landed, use `carson abandon <pr-number|pr-url|branch>` to close the PR and clean up the branch/worktree safely.
 

data/RELEASE.md

@@ -7,6 +7,24 @@ Release-note scope rule:
 
 ## Unreleased
 
+### Removed
+
+- **`carson audit` dissolved.** The audit command and its pre-commit gate have been removed entirely. Three of its seven checks were already enforced by the commands that need them (sealed workbench by `pack!`, working tree by Courier, main sync by `sync!`). The remaining four (PR status, CI baseline, hooks health, outsider fingerprints) were either unproven at commit time or already called by individual commands. Bare `carson` now defaults to `status` instead of `audit`. The pre-commit hook is now a no-op reserved for future use.
+
+### Why
+
+Audit was a remote-centred pre-commit gate — it blocked commits based on delivery-time concerns (PR checks, CI baseline) that don't belong at commit time. In local-centred mode it was purely dead weight. Rather than relocate it to bureau, we verified that none of its unique checks had proven value at any gate, and dissolved the whole thing. Scars, not speculation.
+
+## 4.3.2
+
+### Fixed
+
+- **Vault gives correct recovery when main worktree is dirty.** `vault_blocked` now inspects stderr from `git merge --ff-only` to distinguish dirty-tree conflicts from diverged-history blocks. Previously, both cases got the generic "rebase" advice — misleading when the branch was already a valid fast-forward descendant and the real problem was uncommitted files in the main worktree.
+
+### Why
+
+An agent rebased three times on an already-correct branch because Carson misdiagnosed a dirty-tree block as divergence. The fix: read stderr, give the right advice. Scars, not speculation.
+
 ## 4.3.1
 
 ### Changed

data/VERSION

@@ -1 +1 @@
-4.3.1
+4.3.2

data/config/hooks/pre-commit

@@ -1,19 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-if [[ -n "${CARSON_BIN:-}" ]]; then
-	carson_command=( "$CARSON_BIN" )
-elif command -v carson >/dev/null 2>&1; then
-	carson_command=( "carson" )
-else
-	echo "Carson policy: 'carson' command is required for pre-commit governance checks." >&2
-	echo "Install Carson and rerun 'carson prepare'." >&2
-	exit 1
-fi
-
-if ! "${carson_command[@]}" audit; then
-	echo "Carson policy: commit blocked by governance audit." >&2
-	echo "Resolve reported policy blocks before committing." >&2
-	echo "If lint policy files are missing, run: carson lint policy --source <path-or-git-url>" >&2
-	exit 1
-fi
+# Pre-commit hook — reserved for future use.
+exit 0

data/lib/carson/adapters/agent.rb

@@ -3,7 +3,7 @@ module Carson
 	module Adapters
 		module Agent
 			WorkOrder = Struct.new( :repo, :branch, :pr_number, :objective, :context, :acceptance_checks, keyword_init: true )
-			# objective: "fix_ci" | "address_review" | "fix_audit"
+			# objective: "fix_ci" | "address_review"
 			# context: String (legacy — PR title) or Hash with structured evidence:
 			#   fix_ci:         { title:, ci_logs:, ci_run_url:, prior_attempt: { summary:, dispatched_at: } }
 			#   address_review: { title:, review_findings: [{ kind:, url:, body: }], prior_attempt: ... }

data/lib/carson/config.rb

@@ -28,7 +28,6 @@ module Carson
 			:review_wait_seconds, :review_poll_seconds, :review_max_polls, :review_sweep_window_days,
 			:review_sweep_states, :review_disposition, :review_risk_keywords,
 			:review_tracking_issue_title, :review_tracking_issue_label, :review_bot_usernames,
-			:audit_advisory_check_names,
 			:workflow_style,
 			:govern_repos, :govern_merge_method,
 			:govern_agent_provider, :govern_state_path,
@@ -80,9 +79,6 @@ module Carson
 						"label" => "carson-review-sweep"
 					}
 				},
-				"audit" => {
-					"advisory_check_names" => [ "Scheduled review sweep", "Carson governance", "Tag, release, publish" ]
-				},
 				"deliver" => {
 				"poll_interval_at_bureau" => 30
 			},
@@ -170,9 +166,6 @@ module Carson
 			sweep[ "states" ] = states unless states.empty?
 			bot_usernames = env_string_array( key: "CARSON_REVIEW_BOT_USERNAMES" )
 			review[ "bot_usernames" ] = bot_usernames unless bot_usernames.empty?
-			audit = fetch_hash_section( data: copy, key: "audit" )
-			advisory_names = env_string_array( key: "CARSON_AUDIT_ADVISORY_CHECK_NAMES" )
-			audit[ "advisory_check_names" ] = advisory_names unless advisory_names.empty?
 			deliver = fetch_hash_section( data: copy, key: "deliver" )
 			deliver[ "poll_interval_at_bureau" ] = env_integer( key: "CARSON_POLL_INTERVAL_AT_BUREAU", fallback: deliver.fetch( "poll_interval_at_bureau" ) )
 			govern = fetch_hash_section( data: copy, key: "govern" )
@@ -243,9 +236,6 @@ module Carson
 			@review_tracking_issue_title = fetch_string( hash: tracking_issue_hash, key: "title" )
 			@review_tracking_issue_label = fetch_string( hash: tracking_issue_hash, key: "label" )
 			@review_bot_usernames = fetch_optional_string_array( hash: review_hash, key: "bot_usernames" )
-			audit_hash = fetch_hash( hash: data, key: "audit" )
-			@audit_advisory_check_names = fetch_optional_string_array( hash: audit_hash, key: "advisory_check_names" )
-
 			deliver_hash = fetch_hash( hash: data, key: "deliver" )
 			@poll_interval_at_bureau = fetch_non_negative_integer( hash: deliver_hash, key: "poll_interval_at_bureau" )
 

data/lib/carson/runtime/local/onboard.rb

@@ -1,12 +1,12 @@
 # Repository onboarding and refresh lifecycle.
-# Onboard: detect remote, install hooks, apply templates, run initial audit.
+# Onboard: detect remote, install hooks, apply templates.
 # Refresh: re-apply hooks and templates after Carson upgrade.
 # Refresh all: batch refresh across governed portfolio with safety checks.
 module Carson
 	class Runtime
 		module Local
 			# One-command onboarding for new repositories: detect remote, install hooks,
-			# apply templates, and run initial audit.
+			# and apply templates.
 			def onboard!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -32,7 +32,7 @@ module Carson
 				onboard_apply!
 			end
 
-			# Re-applies hooks, templates, and audit after upgrading Carson.
+			# Re-applies hooks and templates after upgrading Carson.
 			def refresh!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -55,13 +55,8 @@ module Carson
 
 					@template_sync_result = template_propagate!( drift_count: drift_count + stale_count )
 
-					audit_status = audit!
-					if audit_status == EXIT_OK
-						puts_line "OK: Carson refresh completed for #{repo_root}."
-					elsif audit_status == EXIT_BLOCK
-						puts_line "Refresh complete — some checks need attention. Run carson audit for details."
-					end
-					return audit_status
+					puts_line "OK: Carson refresh completed for #{repo_root}."
+					return EXIT_OK
 				end
 
 				puts_line "Refresh"
@@ -82,12 +77,11 @@ module Carson
 
 				@template_sync_result = template_propagate!( drift_count: total_drift )
 
-				audit_status = audit!
 				puts_line "Refresh complete."
-				audit_status
+				EXIT_OK
 			end
 
-			# Re-applies hooks, templates, and audit across all governed repositories.
+			# Re-applies hooks and templates across all governed repositories.
 			# Checks each repo for safety (active worktrees, uncommitted changes) and
 			# marks unsafe repos as pending to avoid disrupting active work.
 			def refresh_all!
@@ -202,7 +196,7 @@ module Carson
 
 		private
 
-			# Concise onboard orchestration: hooks, templates, remote, audit, guidance.
+			# Concise onboard orchestration: hooks, templates, remote, guidance.
 			def onboard_apply!
 				hook_status = with_captured_output { prepare! }
 				return hook_status unless hook_status == EXIT_OK
@@ -218,7 +212,6 @@ module Carson
 				end
 
 				onboard_report_remote!
-				audit_status = onboard_run_audit!
 
 				puts_line ""
 				puts_line "Carson at your service."
@@ -235,7 +228,7 @@ module Carson
 				puts_line ""
 				puts_line "To adjust any setting: carson setup"
 
-				audit_status
+				EXIT_OK
 			end
 
 			# Friendly remote status for onboard output.
@@ -247,33 +240,6 @@ module Carson
 				end
 			end
 
-			# Runs audit with captured output; reports summary instead of full detail.
-			def onboard_run_audit!
-				audit_error = nil
-				audit_status = with_captured_output { audit! }
-			rescue StandardError => exception
-				audit_error = exception
-				audit_status = EXIT_OK
-			ensure
-				return onboard_print_audit_result( status: audit_status, error: audit_error )
-			end
-
-			def onboard_print_audit_result( status:, error: )
-				if error
-					if error.message.to_s.match?( /HEAD|rev-parse/ )
-						puts_line "No commits yet — run carson audit after your first commit."
-					else
-						puts_line "Audit skipped — run carson audit for details."
-					end
-					return EXIT_OK
-				end
-
-				if status == EXIT_BLOCK
-					puts_line "Some checks need attention — run carson audit for details."
-				end
-				status
-			end
-
 			# Verifies configured remote exists and logs status without mutating remotes.
 			def report_detected_remote!
 				if git_remote_exists?( remote_name: config.git_remote )

data/lib/carson/runtime/receive.rb

@@ -365,7 +365,7 @@ module Carson
 				case cause
 				when "ci" then "fix_ci"
 				when "review" then "address_review"
-				else "fix_audit"
+				else "fix_ci"
 				end
 			end
 

data/lib/carson/runtime/recover.rb

@@ -84,14 +84,14 @@ module Carson
 				}
 				if baseline.fetch( :status ) == "skipped"
 					result[ :error ] = "unable to verify the default-branch baseline: #{baseline.fetch( :skip_reason )}"
-					result[ :recovery ] = "run carson audit after fixing GitHub access"
+					result[ :recovery ] = "run carson status after fixing GitHub access"
 					return recover_finish( result: result, exit_code: EXIT_ERROR, json_output: json_output )
 				end
 
 				baseline_entry = recovery_baseline_entry( baseline: baseline, check_name: check_name )
 				if baseline_entry.nil?
 					result[ :error ] = "#{check_name} is not red on #{baseline.fetch( :default_branch, config.main_branch )}"
-					result[ :recovery ] = "run carson audit to confirm the baseline check state"
+					result[ :recovery ] = "run carson status to confirm the baseline check state"
 					return recover_finish( result: result, exit_code: EXIT_BLOCK, json_output: json_output )
 				end
 
@@ -408,7 +408,7 @@ module Carson
 				elsif result[ :synced ]
 					puts_line "Synced local #{result.fetch( :main_branch )}."
 				end
-				puts_line "Recorded recovery audit for #{result.fetch( :check )}."
+				puts_line "Recorded recovery for #{result.fetch( :check )}."
 				puts_line "Check back with #{result.fetch( :next_step )}" if result[ :next_step ]
 			end
 		end

data/lib/carson/runtime/review/sweep_support.rb

@@ -163,7 +163,7 @@ module Carson
 					}
 				end
 
-				# When sweep is clear, close prior tracking issue and add one clear audit comment.
+				# When sweep is clear, close prior tracking issue and add a clear comment.
 				def close_review_sweep_issue_if_open( repo_slug:, issue: )
 					return { action: "none", issue: nil } if issue.nil?
 					return { action: "none", issue: issue } unless issue.fetch( :state ) == "OPEN"

data/lib/carson/runtime.rb

@@ -14,8 +14,6 @@ module Carson
 		EXIT_ERROR = 1
 		EXIT_BLOCK = 2
 
-		REPORT_MD = "pr_report_latest.md".freeze
-		REPORT_JSON = "pr_report_latest.json".freeze
 		REVIEW_GATE_REPORT_MD = "review_gate_latest.md".freeze
 		REVIEW_GATE_REPORT_JSON = "review_gate_latest.json".freeze
 		REVIEW_SWEEP_REPORT_MD = "review_sweep_latest.md".freeze
@@ -43,7 +41,7 @@ module Carson
 		attr_reader :template_sync_result
 
 		# Lazy ledger: only constructed when a command actually needs delivery state.
-		# Read-only commands (worktree list, audit, prune, sync) never touch the
+		# Read-only commands (worktree list, prune, sync) never touch the
 		# govern state lock file.
 		def ledger
 			@ledger ||= Ledger.new( path: @config.govern_state_path )
@@ -115,7 +113,7 @@ module Carson
 			success
 		end
 
-		# Human-readable plural suffix helper for audit messaging.
+		# Human-readable plural suffix helper.
 		def plural_suffix( count: )
 			count.to_i == 1 ? "" : "s"
 		end
@@ -366,7 +364,6 @@ module Carson
 end
 
 require_relative "runtime/local"
-require_relative "runtime/audit"
 require_relative "runtime/loop_runner"
 require_relative "runtime/housekeep"
 require_relative "runtime/list"

data/lib/carson/warehouse/vault.rb

@@ -63,12 +63,22 @@ module Carson
 			end
 
 			# Build the blocked/error result when vault acceptance fails.
+			# Distinguishes dirty-tree conflicts from diverged-history blocks
+			# so the agent gets the correct recovery advice.
 			def vault_blocked( parcel, stderr )
-				{
-					status: "block",
-					error: "#{parcel.label} cannot be fast-forwarded into #{@main_label}.",
-					recovery: "Rebase onto #{@main_label} and deliver again."
-				}
+				if stderr.to_s.include?( "would be overwritten" )
+					{
+						status: "block",
+						error: "Main worktree has uncommitted changes that conflict with #{parcel.label}.",
+						recovery: "Commit or discard the dirty files in the main worktree, then deliver again."
+					}
+				else
+					{
+						status: "block",
+						error: "#{parcel.label} cannot be fast-forwarded into #{@main_label}.",
+						recovery: "Rebase onto #{@main_label} and deliver again."
+					}
+				end
 			end
 
 		end

data/lib/cli.rb

@@ -5,7 +5,7 @@ require "optparse"
 module Carson
 	class CLI
 		PORTFOLIO_COMMANDS = %w[onboard offboard list refresh version].freeze
-		REPO_COMMANDS = %w[deliver receive sync status audit prune housekeep worktree abandon recover review template setup checkin checkout].freeze
+		REPO_COMMANDS = %w[deliver receive sync status prune housekeep worktree abandon recover review template setup checkin checkout].freeze
 		ALL_COMMANDS = ( PORTFOLIO_COMMANDS + REPO_COMMANDS ).freeze
 
 		def self.start( arguments:, repo_root:, tool_root:, output:, error: )
@@ -154,7 +154,7 @@ module Carson
 				return { command: :help }
 			end
 			return { command: "version" } if [ "--version", "-v" ].include?( first )
-			return { command: "audit" } if arguments.empty?
+			return { command: "status" } if arguments.empty?
 
 			nil
 		end
@@ -217,8 +217,6 @@ module Carson
 				parse_sync_command( arguments: arguments, error: error )
 			when "status"
 				parse_status_command( arguments: arguments, error: error )
-			when "audit"
-				parse_audit_command( arguments: arguments, error: error )
 			when "prune"
 				parse_prune_command( arguments: arguments, error: error )
 			when "housekeep"
@@ -284,7 +282,7 @@ module Carson
 				parser.banner = "Usage: carson onboard <REPO_PATH>"
 				parser.separator ""
 				parser.separator "Register a repository for Carson governance."
-				parser.separator "Detects the remote, installs hooks, applies templates, and runs initial audit."
+				parser.separator "Detects the remote, installs hooks, and applies templates."
 				parser.separator ""
 				parser.separator "Examples:"
 				parser.separator "    carson onboard ~/Dev/app   Onboard a specific repository"
@@ -677,36 +675,6 @@ module Carson
 			{ command: :invalid }
 		end
 
-		# --- audit ---
-
-		def self.parse_audit_command( arguments:, error: )
-			options = { json: false }
-			audit_parser = OptionParser.new do |parser|
-				parser.banner = "Usage: carson audit [--json]"
-				parser.separator ""
-				parser.separator "Run pre-commit health checks on the repository."
-				parser.separator "Validates hooks, main-branch sync, PR status, and CI baseline."
-				parser.separator "Exits with a non-zero status when policy violations are found."
-				parser.separator ""
-				parser.separator "Options:"
-				parser.on( "--json", "Machine-readable JSON output" ) { options[ :json ] = true }
-				parser.separator ""
-				parser.separator "Examples:"
-				parser.separator "    carson audit           Check repository health (also the default command)"
-				parser.separator "    carson audit --json    Structured output for agent consumption"
-			end
-			audit_parser.parse!( arguments )
-			unless arguments.empty?
-				error.puts "#{BADGE} Unexpected arguments for audit: #{arguments.join( ' ' )}"
-				return { command: :invalid }
-			end
-			{ command: "audit", json: options[ :json ] }
-		rescue OptionParser::ParseError => exception
-			error.puts "#{BADGE} #{exception.message}"
-			error.puts audit_parser
-			{ command: :invalid }
-		end
-
 		# --- abandon ---
 
 		def self.parse_abandon_command( arguments:, error: )
@@ -854,7 +822,7 @@ module Carson
 				parser.banner = "Usage: carson recover --check NAME [--json]"
 				parser.separator ""
 				parser.separator "Merge the current repair PR when one governance-owned required check is already red on the default branch."
-				parser.separator "Recovery is narrow: Carson verifies the baseline failure, keeps every other gate intact, and records an audit event."
+				parser.separator "Recovery is narrow: Carson verifies the baseline failure, keeps every other gate intact, and records a recovery event."
 				parser.separator ""
 				parser.separator "Options:"
 				parser.on( "--check NAME", "Name of the governance-owned required check to recover" ) { |value| options[ :check_name ] = value }
@@ -988,8 +956,6 @@ module Carson
 				runtime.status!( json_output: parsed.fetch( :json, false ) )
 			when "setup"
 				runtime.setup!( cli_choices: parsed.fetch( :cli_choices, {} ) )
-			when "audit"
-				runtime.audit!( json_output: parsed.fetch( :json, false ) )
 			when "abandon"
 				runtime.abandon!( target: parsed.fetch( :target ), json_output: parsed.fetch( :json, false ) )
 			when "sync"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: carson
 version: !ruby/object:Gem::Version
-  version: 4.3.1
+  version: 4.3.2
 platform: ruby
 authors:
 - Hailei Wang
@@ -57,7 +57,6 @@ files:
 - lib/carson/revision.rb
 - lib/carson/runtime.rb
 - lib/carson/runtime/abandon.rb
-- lib/carson/runtime/audit.rb
 - lib/carson/runtime/deliver.rb
 - lib/carson/runtime/housekeep.rb
 - lib/carson/runtime/list.rb

data/lib/carson/runtime/audit.rb

@@ -1,603 +0,0 @@
-# Pre-commit audit — checks hooks, main sync, PR checks, and CI baseline.
-# Exits with EXIT_BLOCK when policy violations are found.
-# Supports --json for machine-readable structured output.
-require "cgi"
-
-module Carson
-	class Runtime
-		module Audit
-			def audit!( json_output: false )
-				# Sealed workbench guard — hard block before anything else.
-				# The warehouse seals the workbench when a parcel ships.
-				# No commits allowed until the delivery outcome is confirmed.
-				sealed_result = audit_sealed_workbench( json_output: json_output )
-				return sealed_result unless sealed_result.nil?
-
-				fingerprint_status = block_if_outsider_fingerprints!
-				return fingerprint_status unless fingerprint_status.nil?
-				unless head_exists?
-					if json_output
-						output.puts JSON.pretty_generate( { command: "audit", status: "skipped", reason: "no commits yet", exit_code: EXIT_OK } )
-					else
-						puts_line "No commits yet — audit skipped for initial commit."
-					end
-					return EXIT_OK
-				end
-				audit_state = "ok"
-				audit_concise_problems = []
-				puts_verbose ""
-				puts_verbose "[Repository]"
-				puts_verbose "root: #{repo_root}"
-				puts_verbose "current_branch: #{current_branch}"
-				puts_verbose ""
-				puts_verbose "[Working Tree]"
-				puts_verbose git_capture!( "status", "--short", "--branch" ).strip
-				working_tree = audit_working_tree_report
-				if working_tree.fetch( :status ) == "block"
-					puts_verbose "ACTION: #{working_tree.fetch( :error )}; #{working_tree.fetch( :recovery )}."
-					audit_state = "block"
-					audit_concise_problems << "Working tree: #{working_tree.fetch( :error )} — #{working_tree.fetch( :recovery )}."
-				end
-				puts_verbose ""
-				puts_verbose "[Hooks]"
-				hooks_ok = hooks_health_report
-				hooks_status = hooks_ok ? "ok" : "mismatch"
-				unless hooks_ok
-					audit_state = "block"
-					audit_concise_problems << "Hooks don't match — run carson refresh."
-				end
-				puts_verbose ""
-				puts_verbose "[Main Sync Status]"
-				ahead_count, behind_count, main_error = main_sync_counts
-				main_sync = { ahead: 0, behind: 0, status: "ok" }
-				if main_error
-					puts_verbose "main_vs_remote_main: unknown"
-					puts_verbose "WARN: unable to calculate main sync status (#{main_error})."
-					audit_state = "attention" if audit_state == "ok"
-					audit_concise_problems << "Main sync: unable to determine — check remote connectivity."
-					main_sync = { ahead: 0, behind: 0, status: "unknown", error: main_error }
-				elsif ahead_count.positive?
-					puts_verbose "main_vs_remote_main_ahead: #{ahead_count}"
-					puts_verbose "main_vs_remote_main_behind: #{behind_count}"
-					puts_verbose "ACTION: local #{config.main_branch} is ahead of #{config.git_remote}/#{config.main_branch} by #{ahead_count} commit#{plural_suffix( count: ahead_count )}; reset local drift before commit/push workflows."
-					audit_state = "block"
-					audit_concise_problems << "Main sync (#{config.git_remote}): ahead by #{ahead_count} — git fetch #{config.git_remote}, or carson setup to switch remote."
-					main_sync = { ahead: ahead_count, behind: behind_count, status: "ahead" }
-				elsif behind_count.positive?
-					puts_verbose "main_vs_remote_main_ahead: #{ahead_count}"
-					puts_verbose "main_vs_remote_main_behind: #{behind_count}"
-					puts_verbose "ACTION: local #{config.main_branch} is behind #{config.git_remote}/#{config.main_branch} by #{behind_count} commit#{plural_suffix( count: behind_count )}; run carson sync."
-					audit_state = "attention" if audit_state == "ok"
-					audit_concise_problems << "Main sync (#{config.git_remote}): behind by #{behind_count} — run carson sync."
-					main_sync = { ahead: ahead_count, behind: behind_count, status: "behind" }
-				else
-					puts_verbose "main_vs_remote_main_ahead: 0"
-					puts_verbose "main_vs_remote_main_behind: 0"
-					puts_verbose "ACTION: local #{config.main_branch} is in sync with #{config.git_remote}/#{config.main_branch}."
-				end
-				puts_verbose ""
-				puts_verbose "[PR and Required Checks (gh)]"
-				monitor_report = pr_and_check_report
-				audit_state = "attention" if audit_state == "ok" && !%w[ok skipped].include?( monitor_report.fetch( :status ) )
-				if monitor_report.fetch( :status ) == "attention"
-					checks = monitor_report.fetch( :checks )
-					failing_count = checks.fetch( :failing_count )
-					pending_count = checks.fetch( :pending_count )
-					total = checks.fetch( :required_total )
-					fail_names = checks.fetch( :failing ).map { |entry| entry.fetch( :name ) }.join( ", " )
-					if failing_count.positive? && pending_count.positive?
-						audit_concise_problems << "Checks: #{failing_count} failing (#{fail_names}), #{pending_count} pending of #{total} required."
-					elsif failing_count.positive?
-						audit_concise_problems << "Checks: #{failing_count} of #{total} failing (#{fail_names})."
-					elsif pending_count.positive?
-						audit_concise_problems << "Checks: pending (#{total - pending_count} of #{total} complete)."
-					end
-				end
-				puts_verbose ""
-				puts_verbose "[Default Branch CI Baseline (gh)]"
-				default_branch_baseline = default_branch_ci_baseline_report
-				audit_state = "attention" if audit_state == "ok" && !%w[ok skipped].include?( default_branch_baseline.fetch( :status ) )
-				baseline_status = default_branch_baseline.fetch( :status )
-				if baseline_status == "block"
-					parts = []
-					if default_branch_baseline.fetch( :failing_count ).positive?
-						names = default_branch_baseline.fetch( :failing ).map { |entry| entry.fetch( :name ) }.join( ", " )
-						parts << "#{default_branch_baseline.fetch( :failing_count )} failing (#{names})"
-					end
-					if default_branch_baseline.fetch( :pending_count ).positive?
-						names = default_branch_baseline.fetch( :pending ).map { |entry| entry.fetch( :name ) }.join( ", " )
-						parts << "#{default_branch_baseline.fetch( :pending_count )} pending (#{names})"
-					end
-					parts << "no check-runs for active workflows" if default_branch_baseline.fetch( :no_check_evidence )
-					audit_concise_problems << "Baseline (#{default_branch_baseline.fetch( :default_branch, config.main_branch )}): #{parts.join( ', ' )} — fix before merge."
-				elsif baseline_status == "attention"
-					parts = []
-					if default_branch_baseline.fetch( :advisory_failing_count ).positive?
-						names = default_branch_baseline.fetch( :advisory_failing ).map { |entry| entry.fetch( :name ) }.join( ", " )
-						parts << "#{default_branch_baseline.fetch( :advisory_failing_count )} advisory failing (#{names})"
-					end
-					if default_branch_baseline.fetch( :advisory_pending_count ).positive?
-						names = default_branch_baseline.fetch( :advisory_pending ).map { |entry| entry.fetch( :name ) }.join( ", " )
-						parts << "#{default_branch_baseline.fetch( :advisory_pending_count )} advisory pending (#{names})"
-					end
-					audit_concise_problems << "Baseline (#{default_branch_baseline.fetch( :default_branch, config.main_branch )}): #{parts.join( ', ' )}."
-				end
-				if config.lint_canonical.nil? || config.lint_canonical.to_s.empty?
-					puts_verbose ""
-					puts_verbose "[Canonical Lint Policy]"
-					puts_verbose "HINT: lint.canonical not configured — run carson setup to enable."
-				end
-				write_and_print_pr_monitor_report(
-					report: monitor_report.merge(
-						default_branch_baseline: default_branch_baseline,
-						audit_status: audit_state
-					)
-				)
-				exit_code = audit_state == "block" ? EXIT_BLOCK : EXIT_OK
-
-				if json_output
-					result = {
-						command: "audit",
-						status: audit_state,
-						branch: current_branch,
-						working_tree: working_tree,
-						hooks: { status: hooks_status },
-						main_sync: main_sync,
-						pr: monitor_report[ :pr ],
-						checks: monitor_report.fetch( :checks ),
-						baseline: {
-							status: default_branch_baseline.fetch( :status ),
-							repository: default_branch_baseline[ :repository ],
-							failing_count: default_branch_baseline.fetch( :failing_count ),
-							pending_count: default_branch_baseline.fetch( :pending_count ),
-							advisory_failing_count: default_branch_baseline.fetch( :advisory_failing_count ),
-							advisory_pending_count: default_branch_baseline.fetch( :advisory_pending_count )
-						},
-						problems: audit_concise_problems,
-						exit_code: exit_code
-					}
-					output.puts JSON.pretty_generate( result )
-				else
-					puts_verbose ""
-					puts_verbose "[Audit Result]"
-					puts_verbose "status: #{audit_state}"
-					puts_verbose( audit_state == "block" ? "ACTION: local policy block must be resolved before commit/push." : "ACTION: no local hard block detected." )
-					unless verbose?
-						audit_concise_problems.each { |problem| puts_line problem }
-						puts_line format_audit_state( audit_state )
-					end
-				end
-				exit_code
-			end
-
-			# rubocop:disable Layout/AccessModifierIndentation -- tab-width calculation produces unfixable mixed tabs+spaces
-			private
-			# rubocop:enable Layout/AccessModifierIndentation
-
-				def format_audit_state( state )
-					case state
-					when "ok" then "Audit passed."
-					when "block" then "Audit blocked."
-					when "attention" then "Audit: needs attention."
-					else "Audit: #{state}"
-					end
-				end
-
-				# Check if the workbench is sealed (parcel in flight).
-				# Returns EXIT_BLOCK if sealed, nil otherwise.
-				# Delegates to Warehouse so the seal path is resolved in one place.
-				def audit_sealed_workbench( json_output: )
-					warehouse = Warehouse.new( path: work_dir )
-					return nil unless warehouse.sealed?
-
-					tracking_number = warehouse.sealed_tracking_number || "unknown"
-					if json_output
-						require "json"
-						output.puts JSON.pretty_generate( {
-							command: "audit",
-							status: "block",
-							reason: "workbench_sealed",
-							tracking_number: tracking_number,
-							recovery: "carson worktree create <name>",
-							exit_code: EXIT_BLOCK
-						} )
-					else
-						puts_line "Branch is locked — PR ##{tracking_number} in flight."
-						puts_line "  \u2192 carson worktree create <name>"
-					end
-					EXIT_BLOCK
-				end
-
-				def audit_working_tree_report
-					dirty_reason = dirty_worktree_reason
-					return { dirty: false, context: nil, status: "ok" } if dirty_reason.nil?
-
-					if dirty_reason == "main_worktree"
-						{
-							dirty: true,
-							context: dirty_reason,
-							status: "block",
-							error: "main working tree has uncommitted changes",
-							recovery: "create a worktree with carson worktree create <name>"
-						}
-					else
-						{ dirty: true, context: dirty_reason, status: "ok" }
-					end
-				end
-
-				def pr_and_check_report
-					report = {
-					generated_at: Time.now.utc.iso8601,
-					branch: current_branch,
-					status: "ok",
-					skip_reason: nil,
-					pr: nil,
-					checks: {
-						status: "unknown",
-						skip_reason: nil,
-						required_total: 0,
-						failing_count: 0,
-						pending_count: 0,
-						failing: [],
-						pending: []
-					}
-				}
-				unless gh_available?
-					report[ :status ] = "skipped"
-					report[ :skip_reason ] = "gh CLI not available in PATH"
-					puts_verbose "SKIP: #{report.fetch( :skip_reason )}"
-					return report
-				end
-				pr_stdout, pr_stderr, pr_success, = gh_run( "pr", "view", current_branch, "--json", "number,title,url,state,reviewDecision" )
-				unless pr_success
-					error_text = gh_error_text( stdout_text: pr_stdout, stderr_text: pr_stderr, fallback: "unable to read PR for branch #{current_branch}" )
-					report[ :status ] = "skipped"
-					report[ :skip_reason ] = error_text
-					puts_verbose "SKIP: #{error_text}"
-					return report
-				end
-				pr_data = JSON.parse( pr_stdout )
-				report[ :pr ] = {
-					number: pr_data[ "number" ],
-					title: pr_data[ "title" ].to_s,
-					url: pr_data[ "url" ].to_s,
-					state: pr_data[ "state" ].to_s,
-					review_decision: blank_to( value: pr_data[ "reviewDecision" ], default: "NONE" )
-				}
-				puts_verbose "pr: ##{report.dig( :pr, :number )} #{report.dig( :pr, :title )}"
-				puts_verbose "url: #{report.dig( :pr, :url )}"
-				puts_verbose "review_decision: #{report.dig( :pr, :review_decision )}"
-				checks_stdout, checks_stderr, checks_success, checks_exit = gh_run( "pr", "checks", report.dig( :pr, :number ).to_s, "--required", "--json", "name,state,bucket,workflow,link" )
-				if checks_stdout.to_s.strip.empty?
-					error_text = gh_error_text( stdout_text: checks_stdout, stderr_text: checks_stderr, fallback: "required checks unavailable" )
-					report[ :checks ][ :status ] = "skipped"
-					report[ :checks ][ :skip_reason ] = error_text
-					report[ :status ] = "attention"
-					puts_verbose "checks: SKIP (#{error_text})"
-					return report
-				end
-				checks_data = JSON.parse( checks_stdout )
-				pending = checks_data.select { |entry| entry[ "bucket" ].to_s == "pending" }
-				failing = checks_data.select { |entry| check_entry_failing?( entry: entry ) }
-				report[ :checks ][ :status ] = checks_success ? "ok" : ( checks_exit == 8 ? "pending" : "attention" )
-				report[ :checks ][ :required_total ] = checks_data.count
-				report[ :checks ][ :failing_count ] = failing.count
-				report[ :checks ][ :pending_count ] = pending.count
-				report[ :checks ][ :failing ] = normalise_check_entries( entries: failing )
-				report[ :checks ][ :pending ] = normalise_check_entries( entries: pending )
-				puts_verbose "required_checks_total: #{report.dig( :checks, :required_total )}"
-				puts_verbose "required_checks_failing: #{report.dig( :checks, :failing_count )}"
-				puts_verbose "required_checks_pending: #{report.dig( :checks, :pending_count )}"
-				report.dig( :checks, :failing ).each { |entry| puts_verbose "check_fail: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} #{entry.fetch( :link )}".strip }
-				report.dig( :checks, :pending ).each { |entry| puts_verbose "check_pending: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} #{entry.fetch( :link )}".strip }
-				report[ :status ] = "attention" if report.dig( :checks, :failing_count ).positive? || report.dig( :checks, :pending_count ).positive?
-				report
-				rescue JSON::ParserError => exception
-					report[ :status ] = "skipped"
-					report[ :skip_reason ] = "invalid gh JSON response (#{exception.message})"
-					puts_verbose "SKIP: #{report.fetch( :skip_reason )}"
-					report
-				end
-
-			# Evaluates default-branch CI health so stale workflow drift blocks before merge.
-			def default_branch_ci_baseline_report
-				report = {
-					status: "ok",
-					skip_reason: nil,
-					repository: nil,
-					default_branch: nil,
-					head_sha: nil,
-					workflows_total: 0,
-					check_runs_total: 0,
-					failing_count: 0,
-					pending_count: 0,
-					advisory_failing_count: 0,
-					advisory_pending_count: 0,
-					no_check_evidence: false,
-					failing: [],
-					pending: [],
-					advisory_failing: [],
-					advisory_pending: []
-				}
-				unless gh_available?
-					report[ :status ] = "skipped"
-					report[ :skip_reason ] = "gh CLI not available in PATH"
-					puts_verbose "baseline: SKIP (#{report.fetch( :skip_reason )})"
-					return report
-				end
-				owner, repo = repository_coordinates
-				report[ :repository ] = "#{owner}/#{repo}"
-				repository_data = gh_json_payload!(
-					"api", "repos/#{owner}/#{repo}",
-					"--method", "GET",
-					fallback: "unable to read repository metadata for #{owner}/#{repo}"
-				)
-				default_branch = blank_to( value: repository_data[ "default_branch" ], default: config.main_branch )
-				report[ :default_branch ] = default_branch
-				branch_data = gh_json_payload!(
-					"api", "repos/#{owner}/#{repo}/branches/#{CGI.escape( default_branch )}",
-					"--method", "GET",
-					fallback: "unable to read default branch #{default_branch}"
-				)
-				head_sha = branch_data.dig( "commit", "sha" ).to_s.strip
-				raise "default branch #{default_branch} has no commit SHA" if head_sha.empty?
-				report[ :head_sha ] = head_sha
-				workflow_entries = default_branch_workflow_entries(
-					owner: owner,
-					repo: repo,
-					default_branch: default_branch
-				)
-				report[ :workflows_total ] = workflow_entries.count
-				check_runs_payload = gh_json_payload!(
-					"api", "repos/#{owner}/#{repo}/commits/#{head_sha}/check-runs",
-					"--method", "GET",
-					fallback: "unable to read check-runs for #{default_branch}@#{head_sha}"
-				)
-				check_runs = Array( check_runs_payload[ "check_runs" ] )
-				failing, pending = partition_default_branch_check_runs( check_runs: check_runs )
-				advisory_names = config.audit_advisory_check_names
-				critical_failing, advisory_failing = separate_advisory_check_entries( entries: failing, advisory_names: advisory_names )
-				critical_pending, advisory_pending = separate_advisory_check_entries( entries: pending, advisory_names: advisory_names )
-				report[ :check_runs_total ] = check_runs.count
-				report[ :failing ] = normalise_default_branch_check_entries( entries: critical_failing )
-				report[ :pending ] = normalise_default_branch_check_entries( entries: critical_pending )
-				report[ :advisory_failing ] = normalise_default_branch_check_entries( entries: advisory_failing )
-				report[ :advisory_pending ] = normalise_default_branch_check_entries( entries: advisory_pending )
-				report[ :failing_count ] = report.fetch( :failing ).count
-				report[ :pending_count ] = report.fetch( :pending ).count
-				report[ :advisory_failing_count ] = report.fetch( :advisory_failing ).count
-				report[ :advisory_pending_count ] = report.fetch( :advisory_pending ).count
-				report[ :no_check_evidence ] = report.fetch( :workflows_total ).positive? && report.fetch( :check_runs_total ).zero?
-				report[ :status ] = "block" if report.fetch( :failing_count ).positive?
-				report[ :status ] = "block" if report.fetch( :pending_count ).positive?
-				report[ :status ] = "block" if report.fetch( :no_check_evidence )
-				report[ :status ] = "attention" if report.fetch( :status ) == "ok" && ( report.fetch( :advisory_failing_count ).positive? || report.fetch( :advisory_pending_count ).positive? )
-				puts_verbose "default_branch_repository: #{report.fetch( :repository )}"
-				puts_verbose "default_branch_name: #{report.fetch( :default_branch )}"
-				puts_verbose "default_branch_head_sha: #{report.fetch( :head_sha )}"
-				puts_verbose "default_branch_workflows_total: #{report.fetch( :workflows_total )}"
-				puts_verbose "default_branch_check_runs_total: #{report.fetch( :check_runs_total )}"
-				puts_verbose "default_branch_failing: #{report.fetch( :failing_count )}"
-				puts_verbose "default_branch_pending: #{report.fetch( :pending_count )}"
-				puts_verbose "default_branch_advisory_failing: #{report.fetch( :advisory_failing_count )}"
-				puts_verbose "default_branch_advisory_pending: #{report.fetch( :advisory_pending_count )}"
-				report.fetch( :failing ).each { |entry| puts_verbose "default_branch_check_fail: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} #{entry.fetch( :link )}".strip }
-				report.fetch( :pending ).each { |entry| puts_verbose "default_branch_check_pending: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} #{entry.fetch( :link )}".strip }
-				report.fetch( :advisory_failing ).each { |entry| puts_verbose "default_branch_check_advisory_fail: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (advisory) #{entry.fetch( :link )}".strip }
-				report.fetch( :advisory_pending ).each { |entry| puts_verbose "default_branch_check_advisory_pending: #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (advisory) #{entry.fetch( :link )}".strip }
-				if report.fetch( :no_check_evidence )
-					puts_verbose "ACTION: default branch has workflow files but no check-runs; align workflow triggers and branch protection check names."
-				end
-				report
-			rescue JSON::ParserError => exception
-				report[ :status ] = "skipped"
-				report[ :skip_reason ] = "invalid gh JSON response (#{exception.message})"
-				puts_verbose "baseline: SKIP (#{report.fetch( :skip_reason )})"
-				report
-			rescue StandardError => exception
-				report[ :status ] = "skipped"
-				report[ :skip_reason ] = exception.message
-				puts_verbose "baseline: SKIP (#{report.fetch( :skip_reason )})"
-				report
-			end
-
-			# Reads JSON API payloads and raises a detailed error when gh reports non-success.
-			def gh_json_payload!( *args, fallback: )
-				stdout_text, stderr_text, success, = gh_run( *args )
-				unless success
-					error_text = gh_error_text( stdout_text: stdout_text, stderr_text: stderr_text, fallback: fallback )
-					raise error_text
-				end
-				JSON.parse( stdout_text )
-			end
-
-			# Reads workflow files from default branch; missing workflow directory is valid and returns none.
-			def default_branch_workflow_entries( owner:, repo:, default_branch: )
-				stdout_text, stderr_text, success, = gh_run(
-					"api", "repos/#{owner}/#{repo}/contents/.github/workflows",
-					"--method", "GET",
-					"-f", "ref=#{default_branch}"
-				)
-				unless success
-					error_text = gh_error_text(
-						stdout_text: stdout_text,
-						stderr_text: stderr_text,
-						fallback: "unable to read workflow files for #{default_branch}"
-					)
-					return [] if error_text.match?( /\b404\b/ )
-					raise error_text
-				end
-				payload = JSON.parse( stdout_text )
-				Array( payload ).select do |entry|
-					entry.is_a?( Hash ) &&
-						entry[ "type" ].to_s == "file" &&
-						entry[ "name" ].to_s.match?( /\.ya?ml\z/i )
-				end
-			end
-
-			# Splits default-branch check-runs into failing and pending policy buckets.
-			def partition_default_branch_check_runs( check_runs: )
-				failing = []
-				pending = []
-				Array( check_runs ).each do |entry|
-					if default_branch_check_run_failing?( entry: entry )
-						failing << entry
-					elsif default_branch_check_run_pending?( entry: entry )
-						pending << entry
-					end
-				end
-				[ failing, pending ]
-			end
-
-			# Separates check-run entries into critical and advisory buckets based on configured advisory names.
-			def separate_advisory_check_entries( entries:, advisory_names: )
-				advisory, critical = Array( entries ).partition do |entry|
-					advisory_names.include?( entry[ "name" ].to_s.strip )
-				end
-				[ critical, advisory ]
-			end
-
-			# Returns true when a required-check entry is in a non-passing, non-pending state.
-			# Cancelled, errored, timed-output, and any unknown bucket all count as failing.
-			def check_entry_failing?( entry: )
-				!%w[pass pending].include?( entry[ "bucket" ].to_s )
-			end
-
-			# Failing means completed with a non-successful conclusion.
-			def default_branch_check_run_failing?( entry: )
-				status = entry[ "status" ].to_s.strip.downcase
-				conclusion = entry[ "conclusion" ].to_s.strip.downcase
-				status == "completed" && !conclusion.empty? && !%w[success neutral skipped].include?( conclusion )
-			end
-
-			# Pending includes non-completed checks and completed checks missing conclusion.
-			def default_branch_check_run_pending?( entry: )
-				status = entry[ "status" ].to_s.strip.downcase
-				conclusion = entry[ "conclusion" ].to_s.strip.downcase
-				return true if status.empty?
-				return true unless status == "completed"
-
-				conclusion.empty?
-			end
-
-			# Normalises default-branch check-runs to report layout used by markdown output.
-			def normalise_default_branch_check_entries( entries: )
-				Array( entries ).map do |entry|
-					state = if entry[ "status" ].to_s.strip.downcase == "completed"
-						blank_to( value: entry[ "conclusion" ], default: "UNKNOWN" )
-					else
-						blank_to( value: entry[ "status" ], default: "UNKNOWN" )
-					end
-					{
-						workflow: blank_to( value: entry.dig( "app", "name" ), default: "workflow" ),
-						name: blank_to( value: entry[ "name" ], default: "check" ),
-						state: state.upcase,
-						link: entry[ "html_url" ].to_s
-					}
-				end
-			end
-
-			# Writes monitor report artefacts and prints their locations.
-			def write_and_print_pr_monitor_report( report: )
-				markdown_path, json_path = write_pr_monitor_report( report: report )
-				puts_verbose "report_markdown: #{markdown_path}"
-				puts_verbose "report_json: #{json_path}"
-			rescue StandardError => exception
-				puts_verbose "report_write: SKIP (#{exception.message})"
-			end
-
-			# Persists report in both machine-readable JSON and human-readable Markdown.
-			def write_pr_monitor_report( report: )
-				report_dir = report_dir_path
-				FileUtils.mkdir_p( report_dir )
-				markdown_path = File.join( report_dir, REPORT_MD )
-				json_path = File.join( report_dir, REPORT_JSON )
-				File.write( json_path, JSON.pretty_generate( report ) )
-				File.write( markdown_path, render_pr_monitor_markdown( report: report ) )
-				[ markdown_path, json_path ]
-			end
-
-			# Renders Markdown summary used by humans during merge-readiness reviews.
-			def render_pr_monitor_markdown( report: )
-				lines = []
-				lines << "# Carson PR Monitor Report"
-				lines << ""
-				lines << "- Generated at: #{report.fetch( :generated_at )}"
-				lines << "- Branch: #{report.fetch( :branch )}"
-				lines << "- Audit status: #{report.fetch( :audit_status, 'unknown' )}"
-				lines << "- Monitor status: #{report.fetch( :status )}"
-				lines << "- Skip reason: #{report.fetch( :skip_reason )}" unless report.fetch( :skip_reason ).nil?
-				lines << ""
-				lines << "## PR"
-				pr = report[ :pr ]
-				if pr.nil?
-					lines << "- not available"
-				else
-					lines << "- Number: ##{pr.fetch( :number )}"
-					lines << "- Title: #{pr.fetch( :title )}"
-					lines << "- URL: #{pr.fetch( :url )}"
-					lines << "- State: #{pr.fetch( :state )}"
-					lines << "- Review decision: #{pr.fetch( :review_decision )}"
-				end
-				lines << ""
-				lines << "## Required Checks"
-				checks = report.fetch( :checks )
-				lines << "- Status: #{checks.fetch( :status )}"
-				lines << "- Skip reason: #{checks.fetch( :skip_reason )}" unless checks.fetch( :skip_reason ).nil?
-				lines << "- Total: #{checks.fetch( :required_total )}"
-				lines << "- Failing: #{checks.fetch( :failing_count )}"
-				lines << "- Pending: #{checks.fetch( :pending_count )}"
-				lines << ""
-				lines << "### Failing"
-				if checks.fetch( :failing ).empty?
-					lines << "- none"
-				else
-					checks.fetch( :failing ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
-				end
-				lines << ""
-				lines << "### Pending"
-				if checks.fetch( :pending ).empty?
-					lines << "- none"
-				else
-					checks.fetch( :pending ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
-				end
-				lines << ""
-				lines << "## Default Branch CI Baseline"
-				baseline = report[ :default_branch_baseline ]
-				if baseline.nil?
-					lines << "- not available"
-				else
-					lines << "- Status: #{baseline.fetch( :status )}"
-					lines << "- Skip reason: #{baseline.fetch( :skip_reason )}" unless baseline.fetch( :skip_reason ).nil?
-					lines << "- Repository: #{baseline.fetch( :repository )}" unless baseline.fetch( :repository ).nil?
-					lines << "- Branch: #{baseline.fetch( :default_branch )}" unless baseline.fetch( :default_branch ).nil?
-					lines << "- Head SHA: #{baseline.fetch( :head_sha )}" unless baseline.fetch( :head_sha ).nil?
-					lines << "- Workflow files: #{baseline.fetch( :workflows_total )}"
-					lines << "- Check-runs: #{baseline.fetch( :check_runs_total )}"
-					lines << "- Failing: #{baseline.fetch( :failing_count )}"
-					lines << "- Pending: #{baseline.fetch( :pending_count )}"
-					lines << "- No check evidence: #{baseline.fetch( :no_check_evidence )}"
-					lines << ""
-					lines << "### Baseline Failing"
-					if baseline.fetch( :failing ).empty?
-						lines << "- none"
-					else
-						baseline.fetch( :failing ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
-					end
-					lines << ""
-					lines << "### Baseline Pending"
-					if baseline.fetch( :pending ).empty?
-						lines << "- none"
-					else
-						baseline.fetch( :pending ).each { |entry| lines << "- #{entry.fetch( :workflow )} / #{entry.fetch( :name )} (#{entry.fetch( :state )}) #{entry.fetch( :link )}".strip }
-					end
-				end
-				lines << ""
-				lines.join( "\n" )
-			end
-
-		end
-
-		include Audit
-	end
-end