carson 4.3.1 → 4.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aaef0edd290f56dd797540049069bdb07d2d5e86cef8ca30c6c40d735d37740e
-  data.tar.gz: 6b5d0df422508ef217f275fdaed1ecbc0a6b3b1e800acab0c1520c38a3cd58cd
+  metadata.gz: 5c6a03fe7387ab7c3df9dc7d1bc7de0b716dbb38b68b18cf9f103f8df9a7114c
+  data.tar.gz: 57e656339b9a4307684fae58ed6d10f147e8c23d4cd2a45731dd85905c4f7b05
 SHA512:
-  metadata.gz: eede4e41d8d530bb528d0515352f6879b2c4b8f64dacec0c767128f4f8151dcb22b620d0d946ebac395e5edb199f0296acfd7120c4aa211c3e70fc0069910fe1
-  data.tar.gz: ce5aa317bba3e47807e918a1432ae2ff9b7254f8f921e09420062e84cefd4bdee3eb3de20073e6d8c1167c6ccde487ac267842f4fc17ec2b6dce4ca6eedf70f8
+  metadata.gz: cc0ed4785b032dba61497a99ff09e29d890777d69d0dd59b1d632955a2b92a294a66571c7d04caa45b61ed0b81d56c65ce5a4550c13dfe6de32670f0103c0c54
+  data.tar.gz: 2419020c706bf3b1d94233c077ffdeb05475d2f443d1b8d27a1386c368d1535b797707f171270d18d2707bc98a3daf10d4c4add82d298e694375cecd27ff848e

data/.github/workflows/carson_policy.yml

@@ -62,10 +62,6 @@ jobs:
         working-directory: host
         run: carson refresh
 
-      - name: Carson audit
-        working-directory: host
-        run: carson audit
-
       - name: Carson review gate
         working-directory: host
         env:

data/API.md

@@ -21,7 +21,7 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 |---|---|
 | `carson setup` | Interactive quiz to configure remote, main branch, workflow, and canonical lint-policy path. Writes `~/.carson/config.json`. |
 | `carson onboard <repo_path>` | Apply one-command baseline setup for a target git repository. Auto-triggers `setup` on first run. Installs or refreshes Carson-managed global hooks. |
-| `carson refresh` | Re-apply hooks, templates, and audit across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
+| `carson refresh` | Re-apply hooks and templates across all governed repos after upgrading Carson. Auto-propagates template updates to the remote via worktree (branch workflow: PR on `carson/template-sync`; trunk workflow: push to main). Skips repos with active worktrees or uncommitted changes. |
 | `carson offboard <repo_path>` | Remove Carson-managed host artefacts, detach Carson hooks path, and deregister from `govern.repos`. |
 | `carson list [--json]` | List all governed repositories. |
 
@@ -29,9 +29,8 @@ Repo-scoped commands: `carson <repo> <command>` or `carson <command>` when CWD i
 
 | Command | Purpose |
 |---|---|
-| `carson audit` | Evaluate governance status and generate report output. |
 | `carson deliver [--commit MESSAGE]` | Run Carson-owned branch delivery for the current checkout. Plain `deliver` transports existing commits only; `--commit` creates one all-dirty delivery commit first. Before push, Carson verifies the branch is fresh against the configured remote `main`; behind or unknown freshness blocks delivery without creating or refreshing a PR. If freshness is good, Carson pushes, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, syncs local `main`, and reports merge proof for the delivered branch. Non-integrated exits report `Merge deferred` or `Merge blocked` with explicit handoff commands. |
-| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, merges through the recovery path, and records a machine-readable audit event. |
+| `carson recover --check NAME [--json]` | Run the exceptional governed recovery path when one governance-owned required check is already red on the default branch. Carson proves the named baseline failure, keeps every other gate intact, and merges through the recovery path. |
 | `carson sync` | Fast-forward local `main` from configured remote when tree is clean. |
 | `carson prune` | Remove stale local branches whose upstream refs no longer exist. |
 | `carson housekeep [--json] [--dry-run]` | Attempt to sync the current repo, then reap worktrees with strong abandonment evidence, reconcile integrated delivery worktree records from the ledger, and prune stale branches. Safe cleanup still runs when sync is blocked. |

data/MANUAL.md

@@ -40,7 +40,7 @@ On first run (no `~/.carson/config.json` exists), `onboard` launches `carson set
 - Repository `core.hooksPath` alignment to Carson global hooks.
 - Commit-time governance gate via managed `pre-commit` hook.
 - Canonical `.github/*` template synchronisation (when `lint.canonical` is configured).
-- Initial governance audit.
+- Initial governance status check.
 
 ### Reconfigure later
 
@@ -78,7 +78,7 @@ jobs:
 Notes:
 - When upgrading Carson, update both `carson_ref` and `carson_version` together.
 - `CARSON_READ_TOKEN` must have read access to your policy source repository.
-- The reusable workflow installs a pinned RuboCop gem before `carson audit`; mirror the same pin in host governance workflows for deterministic checks.
+- The reusable workflow installs a pinned RuboCop gem before lint checks; mirror the same pin in host governance workflows for deterministic checks.
 
 ### Canonical Templates
 
@@ -112,7 +112,7 @@ Carson discovers files in this directory and syncs them to governed repos. Root
 
 ## Operating Strategies
 
-These strategies are the audit lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
+These strategies are the design lens for Carson. If behaviour departs from them, either the product model or the implementation needs attention.
 
 ### Git Strategist
 
@@ -181,7 +181,7 @@ When a governance-owned required check is already red on the default branch, the
 carson recover --check "Carson governance"
 ```
 
-Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a machine-readable audit event before reporting success.
+Recovery is narrow. Carson proves that the named check is red on the default branch, verifies that the current branch is repairing the governance surface, requires every other required check and the review gate to pass, then records a recovery event before reporting success.
 
 If Carson refuses recovery, the message explains the exact missing proof or remaining gate and tells you what to do next.
 
@@ -255,13 +255,13 @@ The two tools serve different layers. EnterWorktree owns the session (CWD switch
 
 ```bash
 carson sync                                          # fast-forward local main
-carson audit                                         # full governance check
+carson status                                        # check repository state
 ```
 
 **Before push or PR update:**
 
 ```bash
-carson audit
+carson status
 carson template check
 ```
 
@@ -287,7 +287,7 @@ carson list --json      # machine-readable output
 **Portfolio maintenance:**
 
 ```bash
-carson refresh                 # re-apply hooks, templates, audit across all repos
+carson refresh                 # re-apply hooks and templates across all repos
 carson list                    # list all governed repositories
 ```
 
@@ -411,7 +411,7 @@ Change: `CARSON_REVIEW_DISPOSITION`.
 
 How much Carson prints.
 
-- Default: **concise**. A healthy audit prints one line. Problems print actionable summaries with cause and fix.
+- Default: **concise**. A healthy run prints one line. Problems print actionable summaries with cause and fix.
 - `--verbose` restores full diagnostic key-value output for debugging.
 
 ## Configuration

data/README.md

@@ -66,7 +66,7 @@ carson housekeep
 
 `carson deliver` runs Carson-owned branch delivery. Before any push, Carson verifies that the branch is fresh against the configured remote `main` using local git. If freshness is behind or unknown, delivery stops with an explicit block and no PR side effect. After a PR exists, Carson delegates merge eligibility to GitHub's `mergeStateStatus` — if GitHub reports `CLEAN`, Carson proceeds regardless of local ancestor status. Plain `deliver` transports existing commits only; `carson deliver --commit "..."` creates one all-dirty delivery commit first, then continues the same flow. If the branch is fresh, Carson pushes it, creates or refreshes the PR, watches the delivery for a bounded settle window, merges when clear, and syncs local `main`. If the settle window expires without integration, Carson exits with an explicit `Merge deferred` or `Merge blocked` handoff instead of leaving the PR mysteriously open. Deferred and blocked exits say whether Carson attempted merge and list the next commands in order.
 
-When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records an audit event, and never teaches operators to step outside Carson first.
+When one Carson-governed required check is already red on the default branch and the current PR is the repair, use `carson recover --check "..."`. Recovery is the explicit exceptional path: Carson proves the baseline failure, keeps every other gate intact, records a recovery event, and never teaches operators to step outside Carson first.
 
 `carson worktree list` is the visibility surface for cleanup: it shows every registered worktree, the branch, PR state, whether the content is already on `main`, and Carson's keep or reap recommendation. Content matching `main` is diagnostic, not standalone proof that a worktree is abandoned. `carson housekeep` is the main cleanup pass: sync main, reap worktrees with strong abandonment evidence (for example a missing directory, merged PR, or closed abandoned PR), and prune stale branches. When work needs to be abandoned instead of landed, use `carson abandon <pr-number|pr-url|branch>` to close the PR and clean up the branch/worktree safely.
 

data/RELEASE.md

@@ -7,6 +7,34 @@ Release-note scope rule:
 
 ## Unreleased
 
+### Removed
+
+- **`carson audit` dissolved.** The audit command and its pre-commit gate have been removed entirely. Three of its seven checks were already enforced by the commands that need them (sealed workbench by `pack!`, working tree by Courier, main sync by `sync!`). The remaining four (PR status, CI baseline, hooks health, outsider fingerprints) were either unproven at commit time or already called by individual commands. Bare `carson` now defaults to `status` instead of `audit`. The pre-commit hook is now a no-op reserved for future use.
+
+### Why
+
+Audit was a remote-centred pre-commit gate — it blocked commits based on delivery-time concerns (PR checks, CI baseline) that don't belong at commit time. In local-centred mode it was purely dead weight. Rather than relocate it to bureau, we verified that none of its unique checks had proven value at any gate, and dissolved the whole thing. Scars, not speculation.
+
+## 4.3.3
+
+### Fixed
+
+- **`carson checkin` is 13× faster.** Removed two redundant `git fetch` calls that hit GitHub on every checkin. `checkin` now branches from local main — zero network, 0.7s instead of 9.4s. Local main is the standard; GitHub is a backup, not a gating dependency.
+
+### Why
+
+Local-centred mode means local main is the source of truth. Fetching from GitHub on every checkin was a remote-centred assumption baked into the command. The two sequential network round-trips accounted for 90% of the wall time.
+
+## 4.3.2
+
+### Fixed
+
+- **Vault gives correct recovery when main worktree is dirty.** `vault_blocked` now inspects stderr from `git merge --ff-only` to distinguish dirty-tree conflicts from diverged-history blocks. Previously, both cases got the generic "rebase" advice — misleading when the branch was already a valid fast-forward descendant and the real problem was uncommitted files in the main worktree.
+
+### Why
+
+An agent rebased three times on an already-correct branch because Carson misdiagnosed a dirty-tree block as divergence. The fix: read stderr, give the right advice. Scars, not speculation.
+
 ## 4.3.1
 
 ### Changed

data/VERSION

@@ -1 +1 @@
-4.3.1
+4.3.3

data/config/hooks/pre-commit

@@ -1,19 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-if [[ -n "${CARSON_BIN:-}" ]]; then
-	carson_command=( "$CARSON_BIN" )
-elif command -v carson >/dev/null 2>&1; then
-	carson_command=( "carson" )
-else
-	echo "Carson policy: 'carson' command is required for pre-commit governance checks." >&2
-	echo "Install Carson and rerun 'carson prepare'." >&2
-	exit 1
-fi
-
-if ! "${carson_command[@]}" audit; then
-	echo "Carson policy: commit blocked by governance audit." >&2
-	echo "Resolve reported policy blocks before committing." >&2
-	echo "If lint policy files are missing, run: carson lint policy --source <path-or-git-url>" >&2
-	exit 1
-fi
+# Pre-commit hook — reserved for future use.
+exit 0

data/lib/carson/adapters/agent.rb

@@ -3,7 +3,7 @@ module Carson
 	module Adapters
 		module Agent
 			WorkOrder = Struct.new( :repo, :branch, :pr_number, :objective, :context, :acceptance_checks, keyword_init: true )
-			# objective: "fix_ci" | "address_review" | "fix_audit"
+			# objective: "fix_ci" | "address_review"
 			# context: String (legacy — PR title) or Hash with structured evidence:
 			#   fix_ci:         { title:, ci_logs:, ci_run_url:, prior_attempt: { summary:, dispatched_at: } }
 			#   address_review: { title:, review_findings: [{ kind:, url:, body: }], prior_attempt: ... }

data/lib/carson/config.rb

@@ -28,7 +28,6 @@ module Carson
 			:review_wait_seconds, :review_poll_seconds, :review_max_polls, :review_sweep_window_days,
 			:review_sweep_states, :review_disposition, :review_risk_keywords,
 			:review_tracking_issue_title, :review_tracking_issue_label, :review_bot_usernames,
-			:audit_advisory_check_names,
 			:workflow_style,
 			:govern_repos, :govern_merge_method,
 			:govern_agent_provider, :govern_state_path,
@@ -80,9 +79,6 @@ module Carson
 						"label" => "carson-review-sweep"
 					}
 				},
-				"audit" => {
-					"advisory_check_names" => [ "Scheduled review sweep", "Carson governance", "Tag, release, publish" ]
-				},
 				"deliver" => {
 				"poll_interval_at_bureau" => 30
 			},
@@ -170,9 +166,6 @@ module Carson
 			sweep[ "states" ] = states unless states.empty?
 			bot_usernames = env_string_array( key: "CARSON_REVIEW_BOT_USERNAMES" )
 			review[ "bot_usernames" ] = bot_usernames unless bot_usernames.empty?
-			audit = fetch_hash_section( data: copy, key: "audit" )
-			advisory_names = env_string_array( key: "CARSON_AUDIT_ADVISORY_CHECK_NAMES" )
-			audit[ "advisory_check_names" ] = advisory_names unless advisory_names.empty?
 			deliver = fetch_hash_section( data: copy, key: "deliver" )
 			deliver[ "poll_interval_at_bureau" ] = env_integer( key: "CARSON_POLL_INTERVAL_AT_BUREAU", fallback: deliver.fetch( "poll_interval_at_bureau" ) )
 			govern = fetch_hash_section( data: copy, key: "govern" )
@@ -243,9 +236,6 @@ module Carson
 			@review_tracking_issue_title = fetch_string( hash: tracking_issue_hash, key: "title" )
 			@review_tracking_issue_label = fetch_string( hash: tracking_issue_hash, key: "label" )
 			@review_bot_usernames = fetch_optional_string_array( hash: review_hash, key: "bot_usernames" )
-			audit_hash = fetch_hash( hash: data, key: "audit" )
-			@audit_advisory_check_names = fetch_optional_string_array( hash: audit_hash, key: "advisory_check_names" )
-
 			deliver_hash = fetch_hash( hash: data, key: "deliver" )
 			@poll_interval_at_bureau = fetch_non_negative_integer( hash: deliver_hash, key: "poll_interval_at_bureau" )
 

data/lib/carson/courier.rb

@@ -137,15 +137,15 @@ module Carson
 
 			# 02. Parcel behind standard — not based on client's latest standard.
 			#     The courier rebases automatically. Only blocks on conflict.
-			unless @warehouse.fetch_latest( registry: @warehouse.main_label )
+			unless @warehouse.receive_latest!
 				return blocked( result,
 					"cannot verify freshness — fetch failed",
 					recovery: "carson sync, then carson deliver" )
 			end
-			unless @warehouse.based_on_latest_standard?( parcel )
+			unless @warehouse.based_on_latest?( parcel )
 				remote_main = "#{@warehouse.bureau_address}/#{@warehouse.main_label}"
 				say "Branch is behind #{remote_main} — rebasing..."
-				unless @warehouse.rebase_on_latest_standard!
+				unless @warehouse.rebase!
 					return blocked( result,
 						"rebase conflict onto #{remote_main}",
 						recovery: "resolve conflicts, then carson deliver" )
@@ -175,8 +175,8 @@ module Carson
 			result[ :tracking_number ] = waybill.tracking_number
 			result[ :url ] = waybill.url
 
-			# Seal the shelf — no more packing until the outcome is confirmed.
-			@warehouse.seal_shelf!( tracking_number: waybill.tracking_number )
+			# Seal the workbench — no more packing until the outcome is confirmed.
+			@warehouse.seal!( tracking: waybill.tracking_number )
 
 			# Wait at the bureau while the bureaucrats check the parcel.
 			wait_and_poll_at_bureau( waybill, result )
@@ -185,7 +185,7 @@ module Carson
 			# delivered/held/rejected → unseal (shelf done or parcel returned)
 			# filed → stay sealed (parcel still in flight)
 			outcome = result[ :outcome ]
-			@warehouse.unseal_shelf! if outcome == "delivered" || outcome == "held" || outcome == "rejected"
+			@warehouse.unseal! if outcome == "delivered" || outcome == "held" || outcome == "rejected"
 
 			# Update the ledger with the final outcome and PR identity.
 			record( parcel, status: outcome || "filed", summary: result[ :hold_reason ], waybill: waybill )
@@ -201,12 +201,12 @@ module Carson
 		# checks are exhausted.
 		def wait_and_poll_at_bureau( waybill, result )
 			MAX_CHECKS_AT_BUREAU.times do |check|
-				@warehouse.check_parcel_at_bureau_with( waybill )
+				@warehouse.check_parcel_with( waybill )
 
 				# 14/17. Already accepted — parcel is in the registry.
 				if waybill.accepted?
 					result[ :outcome ] = "delivered"
-					result[ :synced ] = @warehouse.receive_latest_standard!
+					result[ :synced ] = @warehouse.receive_latest!
 					return
 				end
 
@@ -219,11 +219,11 @@ module Carson
 
 				# Cleared or mergeability pending — ask the warehouse to register.
 				if waybill.cleared? || waybill.mergeability_pending?
-					@warehouse.register_parcel_at_bureau_with!( waybill, method: @merge_method )
+					@warehouse.register_with!( waybill, method: @merge_method )
 
 					if waybill.accepted?
 						result[ :outcome ] = "delivered"
-						result[ :synced ] = @warehouse.receive_latest_standard!
+						result[ :synced ] = @warehouse.receive_latest!
 						return
 					end
 				end

data/lib/carson/parcel.rb

@@ -11,12 +11,13 @@ module Carson
 	# head (commit SHA), and shelf (worktree). The protagonist of every
 	# delivery — without a parcel, there is nothing to deliver.
 	class Parcel
-		attr_reader :label, :head, :shelf
+		attr_reader :label, :head, :shelf, :origin
 
-		def initialize( label:, head:, shelf: nil )
+		def initialize( label:, head:, shelf: nil, origin: nil )
 			@label = label
 			@head = head
 			@shelf = shelf
+			@origin = origin
 		end
 
 		# Is this parcel sitting on the main shelf?
@@ -24,5 +25,13 @@ module Carson
 		def on_main?( main_label )
 			label == main_label
 		end
+
+		# Does this parcel carry anything?
+		# A parcel with no commits ahead of its origin is empty —
+		# nothing was packed, nothing to deliver.
+		def empty?
+			return false unless origin
+			head == origin
+		end
 	end
 end

data/lib/carson/runtime/local/onboard.rb

@@ -1,12 +1,12 @@
 # Repository onboarding and refresh lifecycle.
-# Onboard: detect remote, install hooks, apply templates, run initial audit.
+# Onboard: detect remote, install hooks, apply templates.
 # Refresh: re-apply hooks and templates after Carson upgrade.
 # Refresh all: batch refresh across governed portfolio with safety checks.
 module Carson
 	class Runtime
 		module Local
 			# One-command onboarding for new repositories: detect remote, install hooks,
-			# apply templates, and run initial audit.
+			# and apply templates.
 			def onboard!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -32,7 +32,7 @@ module Carson
 				onboard_apply!
 			end
 
-			# Re-applies hooks, templates, and audit after upgrading Carson.
+			# Re-applies hooks and templates after upgrading Carson.
 			def refresh!
 				fingerprint_status = block_if_outsider_fingerprints!
 				return fingerprint_status unless fingerprint_status.nil?
@@ -55,13 +55,8 @@ module Carson
 
 					@template_sync_result = template_propagate!( drift_count: drift_count + stale_count )
 
-					audit_status = audit!
-					if audit_status == EXIT_OK
-						puts_line "OK: Carson refresh completed for #{repo_root}."
-					elsif audit_status == EXIT_BLOCK
-						puts_line "Refresh complete — some checks need attention. Run carson audit for details."
-					end
-					return audit_status
+					puts_line "OK: Carson refresh completed for #{repo_root}."
+					return EXIT_OK
 				end
 
 				puts_line "Refresh"
@@ -82,12 +77,11 @@ module Carson
 
 				@template_sync_result = template_propagate!( drift_count: total_drift )
 
-				audit_status = audit!
 				puts_line "Refresh complete."
-				audit_status
+				EXIT_OK
 			end
 
-			# Re-applies hooks, templates, and audit across all governed repositories.
+			# Re-applies hooks and templates across all governed repositories.
 			# Checks each repo for safety (active worktrees, uncommitted changes) and
 			# marks unsafe repos as pending to avoid disrupting active work.
 			def refresh_all!
@@ -202,7 +196,7 @@ module Carson
 
 		private
 
-			# Concise onboard orchestration: hooks, templates, remote, audit, guidance.
+			# Concise onboard orchestration: hooks, templates, remote, guidance.
 			def onboard_apply!
 				hook_status = with_captured_output { prepare! }
 				return hook_status unless hook_status == EXIT_OK
@@ -218,7 +212,6 @@ module Carson
 				end
 
 				onboard_report_remote!
-				audit_status = onboard_run_audit!
 
 				puts_line ""
 				puts_line "Carson at your service."
@@ -235,7 +228,7 @@ module Carson
 				puts_line ""
 				puts_line "To adjust any setting: carson setup"
 
-				audit_status
+				EXIT_OK
 			end
 
 			# Friendly remote status for onboard output.
@@ -247,33 +240,6 @@ module Carson
 				end
 			end
 
-			# Runs audit with captured output; reports summary instead of full detail.
-			def onboard_run_audit!
-				audit_error = nil
-				audit_status = with_captured_output { audit! }
-			rescue StandardError => exception
-				audit_error = exception
-				audit_status = EXIT_OK
-			ensure
-				return onboard_print_audit_result( status: audit_status, error: audit_error )
-			end
-
-			def onboard_print_audit_result( status:, error: )
-				if error
-					if error.message.to_s.match?( /HEAD|rev-parse/ )
-						puts_line "No commits yet — run carson audit after your first commit."
-					else
-						puts_line "Audit skipped — run carson audit for details."
-					end
-					return EXIT_OK
-				end
-
-				if status == EXIT_BLOCK
-					puts_line "Some checks need attention — run carson audit for details."
-				end
-				status
-			end
-
 			# Verifies configured remote exists and logs status without mutating remotes.
 			def report_detected_remote!
 				if git_remote_exists?( remote_name: config.git_remote )

data/lib/carson/runtime/receive.rb

@@ -87,7 +87,7 @@ module Carson
 				# Unseal worktrees that were filed — receive now owns the delivery lifecycle.
 				unless dry_run
 					filed_worktree_paths.each do |worktree_path|
-						Warehouse.new( path: worktree_path ).unseal_shelf!
+						Warehouse.new( path: worktree_path ).unseal!
 					end
 				end
 
@@ -365,7 +365,7 @@ module Carson
 				case cause
 				when "ci" then "fix_ci"
 				when "review" then "address_review"
-				else "fix_audit"
+				else "fix_ci"
 				end
 			end
 

data/lib/carson/runtime/recover.rb

@@ -84,14 +84,14 @@ module Carson
 				}
 				if baseline.fetch( :status ) == "skipped"
 					result[ :error ] = "unable to verify the default-branch baseline: #{baseline.fetch( :skip_reason )}"
-					result[ :recovery ] = "run carson audit after fixing GitHub access"
+					result[ :recovery ] = "run carson status after fixing GitHub access"
 					return recover_finish( result: result, exit_code: EXIT_ERROR, json_output: json_output )
 				end
 
 				baseline_entry = recovery_baseline_entry( baseline: baseline, check_name: check_name )
 				if baseline_entry.nil?
 					result[ :error ] = "#{check_name} is not red on #{baseline.fetch( :default_branch, config.main_branch )}"
-					result[ :recovery ] = "run carson audit to confirm the baseline check state"
+					result[ :recovery ] = "run carson status to confirm the baseline check state"
 					return recover_finish( result: result, exit_code: EXIT_BLOCK, json_output: json_output )
 				end
 
@@ -408,7 +408,7 @@ module Carson
 				elsif result[ :synced ]
 					puts_line "Synced local #{result.fetch( :main_branch )}."
 				end
-				puts_line "Recorded recovery audit for #{result.fetch( :check )}."
+				puts_line "Recorded recovery for #{result.fetch( :check )}."
 				puts_line "Check back with #{result.fetch( :next_step )}" if result[ :next_step ]
 			end
 		end

data/lib/carson/runtime/review/sweep_support.rb

@@ -163,7 +163,7 @@ module Carson
 					}
 				end
 
-				# When sweep is clear, close prior tracking issue and add one clear audit comment.
+				# When sweep is clear, close prior tracking issue and add a clear comment.
 				def close_review_sweep_issue_if_open( repo_slug:, issue: )
 					return { action: "none", issue: nil } if issue.nil?
 					return { action: "none", issue: issue } unless issue.fetch( :state ) == "OPEN"

data/lib/carson/runtime.rb

@@ -14,8 +14,6 @@ module Carson
 		EXIT_ERROR = 1
 		EXIT_BLOCK = 2
 
-		REPORT_MD = "pr_report_latest.md".freeze
-		REPORT_JSON = "pr_report_latest.json".freeze
 		REVIEW_GATE_REPORT_MD = "review_gate_latest.md".freeze
 		REVIEW_GATE_REPORT_JSON = "review_gate_latest.json".freeze
 		REVIEW_SWEEP_REPORT_MD = "review_sweep_latest.md".freeze
@@ -43,7 +41,7 @@ module Carson
 		attr_reader :template_sync_result
 
 		# Lazy ledger: only constructed when a command actually needs delivery state.
-		# Read-only commands (worktree list, audit, prune, sync) never touch the
+		# Read-only commands (worktree list, prune, sync) never touch the
 		# govern state lock file.
 		def ledger
 			@ledger ||= Ledger.new( path: @config.govern_state_path )
@@ -115,7 +113,7 @@ module Carson
 			success
 		end
 
-		# Human-readable plural suffix helper for audit messaging.
+		# Human-readable plural suffix helper.
 		def plural_suffix( count: )
 			count.to_i == 1 ? "" : "s"
 		end
@@ -366,7 +364,6 @@ module Carson
 end
 
 require_relative "runtime/local"
-require_relative "runtime/audit"
 require_relative "runtime/loop_runner"
 require_relative "runtime/housekeep"
 require_relative "runtime/list"

data/lib/carson/warehouse/bureau.rb

@@ -1,15 +1,14 @@
-# The warehouse's bureau-facing concern.
-# The warehouse owns the connection to the bureau (GitHub).
-# It queries, files, and registers on behalf of the courier.
+# The warehouse's bureau concern — backup and optional PR/CI.
+# The bureau is just a backup. These methods exist for when
+# the courier needs the warehouse to interact with it.
 require "json"
 
 module Carson
 	class Warehouse
 		module Bureau
 
-			# Check the parcel's status at the bureau using the waybill.
-			# Calls gh pr view + gh pr checks. Records findings onto the waybill.
-			def check_parcel_at_bureau_with( waybill )
+			# Check a parcel's status using the waybill.
+			def check_parcel_with( waybill )
 				state = fetch_pr_state_for( waybill.tracking_number )
 				ci, ci_diagnostic = fetch_ci_state_for( waybill.tracking_number )
 				waybill.record( state: state, ci: ci, ci_diagnostic: ci_diagnostic )
@@ -47,15 +46,13 @@ module Carson
 				Waybill.new( label: parcel.label, tracking_number: tracking_number, url: url )
 			end
 
-			# Register the parcel at the bureau using the waybill.
-			# Calls gh pr merge. Stamps the waybill on success.
-			def register_parcel_at_bureau_with!( waybill, method: )
+			# Register a parcel using the waybill.
+			def register_with!( waybill, method: )
 				_, _, status = gh( "pr", "merge", waybill.tracking_number.to_s, "--#{method}" )
 				if status.success?
 					waybill.stamp( :accepted )
 				else
-					# Re-check the state — the merge may have revealed a new blocker.
-					check_parcel_at_bureau_with( waybill )
+					check_parcel_with( waybill )
 				end
 			end
 

data/lib/carson/warehouse/seal.rb

@@ -1,8 +1,16 @@
-# The warehouse's workbench seal concern.
-# Once a parcel ships and the waybill is filed, the warehouse seals the
-# workbench. No more packing until the delivery outcome is confirmed.
-# The seal marker lives outside the worktree (~/.carson/seals/) so it
-# does not pollute git status.
+# The warehouse's seal concern — bureau enhancement only.
+#
+# The seal is inactive in the base (local-centred) model.
+# There is no "in flight" period — the parcel goes directly
+# into the vault.
+#
+# The seal only activates with bureau enhancement, where there's
+# a waiting period between shipping and bureau acceptance. During
+# that period, the workbench is sealed — no more packing until
+# the delivery outcome is confirmed.
+#
+# The seal marker lives outside the worktree (~/.carson/seals/)
+# so it does not pollute git status.
 require "digest"
 require "fileutils"
 
@@ -10,17 +18,15 @@ module Carson
 	class Warehouse
 		module Seal
 
-			# Seal the workbench — no more packing until delivery outcome is confirmed.
-			# The courier seals the workbench after shipping and filing the waybill.
-			def seal_workbench!( tracking_number: )
+			# Seal the workbench — no more packing until the bureau answers.
+			def seal!( tracking: )
 				marker = delivering_marker_path
 				FileUtils.mkdir_p( File.dirname( marker ) )
-				File.write( marker, "#{tracking_number}\n#{@path}" )
+				File.write( marker, "#{tracking}\n#{@path}" )
 			end
 
 			# Unseal the workbench — the courier brought back the parcel.
-			# Called when the delivery outcome is held or rejected.
-			def unseal_workbench!
+			def unseal!
 				File.delete( delivering_marker_path ) if File.exist?( delivering_marker_path )
 			end
 
@@ -35,11 +41,6 @@ module Carson
 				File.read( delivering_marker_path ).lines.first.strip
 			end
 
-			# --- Transitional aliases ---
-			# Keep old names working until all callers are updated.
-			alias seal_shelf! seal_workbench!
-			alias unseal_shelf! unseal_workbench!
-
 		private
 
 			# Path to the delivery marker file.