diff --git a/docs/AUTONOMOUS-LOOP.md b/docs/AUTONOMOUS-LOOP.md
index 1a74fd27f..5cc4d9e14 100644
--- a/docs/AUTONOMOUS-LOOP.md
+++ b/docs/AUTONOMOUS-LOOP.md
@@ -225,8 +225,7 @@ wait for instruction. Priority ladder:
    **Check 0a — no-op-cadence**: examines last 7 tick-shards;
    warns if ≥5 are minimal-observation OR most-recent >15 min
    old. On warn: write a substantive shard OR do real work,
-   not acknowledgment-only. Bash sibling `.sh` for
-   non-bun environments; both kept in sync.
+   not acknowledgment-only.
 
    **Check 0b — cadence-tracker**: shards mark `CADENCE-TRACK:
    <work>` with last-run date for cadenced hygiene (AutoDream
diff --git a/tools/hygiene/append-tick-history-row.sh b/tools/hygiene/append-tick-history-row.sh
deleted file mode 100755
index 5d9038f79..000000000
--- a/tools/hygiene/append-tick-history-row.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/append-tick-history-row.sh — appends a row to
-# docs/hygiene-history/loop-tick-history.md using bash heredoc
-# (which naturally produces chronological tail-append).
-#
-# Why this exists (Aaron 2026-04-26):
-#   The Edit-tool default with old_string=existing-line tends to
-#   insert NEW content BEFORE the matched line, producing
-#   reverse-chronological order. This script wraps the correct
-#   pattern (`cat >> file`) so the bug shape can't occur via this
-#   entrypoint.
-#
-# Usage:
-#   tools/hygiene/append-tick-history-row.sh "FULL_ROW_TEXT"
-#
-# The argument is the entire row including leading `| ` and
-# trailing `|`. Caller is responsible for row content; this
-# script is dumb-pipe.
-#
-# What this validates:
-#   - Argument starts with `| YYYY-MM-DDTHH:MM:SSZ (`
-#   - The timestamp is >= the latest existing row timestamp
-#     (otherwise reject — chronological discipline)
-#
-# What this does NOT do:
-#   - Does NOT format the row for you. The caller decides
-#     content (this is signal-in-signal-out per
-#     memory/feedback_signal_in_signal_out_clean_or_better_dsp_discipline.md)
-#   - Does NOT commit. The caller stages + commits.
-#
-# Composes with:
-#   - tools/hygiene/check-tick-history-order.sh (CI gate
-#     that catches violations from any append path, not
-#     just this one)
-
-set -euo pipefail
-
-if [[ $# -ne 1 ]]; then
-  echo "usage: $0 \"<full row text including leading | and trailing |>\"" >&2
-  exit 2
-fi
-
-ROW="$1"
-REPO_ROOT="$(git rev-parse --show-toplevel)"
-TICK_FILE="${REPO_ROOT}/docs/hygiene-history/loop-tick-history.md"
-
-# Extract candidate timestamp from row
-if [[ ! "$ROW" =~ ^\|\ ([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z) ]]; then
-  echo "ERROR: row must start with '| YYYY-MM-DDTHH:MM:SSZ '" >&2
-  echo "got: ${ROW:0:80}..." >&2
-  exit 1
-fi
-NEW_TS="${BASH_REMATCH[1]}"
-
-# Find latest existing timestamp
-LATEST_TS=$(
-  grep -oE '^\| [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z' "$TICK_FILE" \
-    | sed 's/^| //' \
-    | sort \
-    | tail -1
-)
-
-if [[ -n "$LATEST_TS" && "$NEW_TS" < "$LATEST_TS" ]]; then
-  echo "ERROR: new row timestamp $NEW_TS is BEFORE latest existing $LATEST_TS" >&2
-  echo "" >&2
-  echo "Tick-history is append-only with non-decreasing timestamps." >&2
-  echo "If your row is for a past tick, you have to either:" >&2
-  echo "  (a) update the timestamp to current UTC (preferred)," >&2
-  echo "  (b) file an ADR explaining the back-dated correction" >&2
-  echo "      and use a correction-row pattern per Otto-229." >&2
-  exit 1
-fi
-
-# Append using heredoc (the whole point of this script — bash
-# heredoc is the canonical chronological-tail-append pattern)
-cat >> "$TICK_FILE" << EOF
-$ROW
-EOF
-
-echo "OK: appended row at $NEW_TS"
diff --git a/tools/hygiene/audit-agencysignature-main-tip.sh b/tools/hygiene/audit-agencysignature-main-tip.sh
deleted file mode 100755
index d953882d4..000000000
--- a/tools/hygiene/audit-agencysignature-main-tip.sh
+++ /dev/null
@@ -1,297 +0,0 @@
-#!/usr/bin/env bash
-# audit-agencysignature-main-tip.sh — post-merge auditor for the
-# AgencySignature Convention v1 trailer block. Pairs with
-# validate-agencysignature-pr-body.sh (task #298) as the post-merge half
-# of the ferry-7 enforcement-instrument set per Amara ferry-7 ("stop
-# designing, instrument enforcement").
-#
-# Usage:
-#   tools/hygiene/audit-agencysignature-main-tip.sh                   # audit HEAD
-#   tools/hygiene/audit-agencysignature-main-tip.sh --commit <SHA>    # audit specific commit
-#   tools/hygiene/audit-agencysignature-main-tip.sh --max 10          # audit last N commits on HEAD branch
-#   tools/hygiene/audit-agencysignature-main-tip.sh --since 2026-04-26 # audit commits since DATE (YYYY-MM-DD)
-#   tools/hygiene/audit-agencysignature-main-tip.sh --branch main     # audit a specific branch's tip
-#   tools/hygiene/audit-agencysignature-main-tip.sh --v1-ship-date <DATE>
-#                                                                    # override auto-detected v1 ship date
-#
-# Spec source (the canonical convention):
-#   docs/research/2026-04-26-gemini-deep-think-agencysignature-commit-
-#   attribution-convention-validation-and-refinement.md Section 10
-#
-# Per the human maintainer 2026-04-26 framing ("don't copy paste / make
-# sure you understand and write our own") — this implementation is
-# authored from the v1 spec, not transcribed from the Gemini ferry-8
-# example draft. Zeta-specific shape:
-#  - Three-state classification (per task #299 spec, beyond Gemini's draft):
-#    LEGACY (pre-v1-ship-date; no trailer expected; not regression)
-#    CORRECT (post-v1-ship-date with trailer; properly attributed)
-#    REGRESSION (post-v1-ship-date without trailer + Co-authored-by signal)
-#    HUMAN-AUTHORED-EXEMPT (post-v1-ship-date without trailer + no Co-authored-by)
-#  - Auto-detect v1 ship date as first commit reachable from current branch
-#    carrying Agency-Signature-Version: 1 trailer. Override via --v1-ship-date.
-#  - Otto-235 4-shell bash compat (verified on macOS bash 3.2.57): no
-#    associative arrays; portable git commands; printf for stdout.
-#  - Glass Halo radical-honesty register: no emoji; structured per-commit
-#    output with status + commit SHA + reason; aggregate summary at end.
-#
-# Exit codes:
-#   0 — no regressions found (LEGACY / CORRECT / HUMAN-AUTHORED-EXEMPT only)
-#   1 — at least one REGRESSION found
-#   2 — tooling / input error
-
-set -uo pipefail
-
-spec_doc="docs/research/2026-04-26-gemini-deep-think-agencysignature-commit-attribution-convention-validation-and-refinement.md"
-
-if ! command -v git >/dev/null 2>&1; then
-  echo "error: git not found on PATH" >&2
-  exit 2
-fi
-
-mode="head"          # head | commit | max | since
-commit_sha=""
-max_n=""
-since_date=""
-branch=""
-v1_ship_date=""
-
-while [ $# -gt 0 ]; do
-  case "$1" in
-    --commit)
-      if [ $# -lt 2 ]; then echo "error: --commit requires SHA" >&2; exit 2; fi
-      mode="commit"; commit_sha="$2"; shift 2;;
-    --max)
-      if [ $# -lt 2 ]; then echo "error: --max requires N" >&2; exit 2; fi
-      mode="max"; max_n="$2"; shift 2;;
-    --since)
-      if [ $# -lt 2 ]; then echo "error: --since requires DATE (YYYY-MM-DD)" >&2; exit 2; fi
-      mode="since"; since_date="$2"; shift 2;;
-    --branch)
-      if [ $# -lt 2 ]; then echo "error: --branch requires NAME" >&2; exit 2; fi
-      branch="$2"; shift 2;;
-    --v1-ship-date)
-      if [ $# -lt 2 ]; then echo "error: --v1-ship-date requires DATE" >&2; exit 2; fi
-      v1_ship_date="$2"; shift 2;;
-    -h|--help)
-      sed -n '2,30p' "$0" | sed 's/^# \?//'; exit 0;;
-    *) echo "error: unknown arg: $1" >&2; exit 2;;
-  esac
-done
-
-# Resolve target rev.
-if [ -n "$branch" ]; then
-  target_rev="$branch"
-else
-  target_rev="HEAD"
-fi
-
-if ! git rev-parse --verify "$target_rev" >/dev/null 2>&1; then
-  echo "error: cannot resolve target rev: $target_rev" >&2
-  exit 2
-fi
-
-# Determine v1 ship date: first commit reachable from target_rev whose
-# trailers PARSE (via git interpret-trailers) and contain
-# Agency-Signature-Version: 1. Auto-detect unless overridden.
-#
-# Important: use trailer-parser, not text-grep. A commit body can contain
-# the literal string "Agency-Signature-Version: 1" without it being a
-# parseable trailer (e.g., when GitHub squash-merge inserts a blank line
-# between the AgencySignature block and Co-authored-by, breaking
-# contiguity). Real ship status requires actual parseable presence —
-# this distinction itself was the discovery from the auditor's first
-# run that caught PR #20's squash-merge regression. See
-# docs/research/2026-04-26-squash-merge-blank-line-trailer-stripping-...
-detect_v1_ship() {
-  # Iterate commits oldest-first; return first one whose parsed trailers
-  # contain the version line. Limit to a sensible window so we do not
-  # scan the entire repo history per invocation; 5000 commits is ample
-  # for any reasonable ship-date detection.
-  git log --reverse --max-count=5000 --pretty='%H %cI' "$target_rev" 2>/dev/null \
-    | while IFS=' ' read -r sha cdate; do
-        if git log -1 --pretty='%(trailers)' "$sha" 2>/dev/null \
-            | grep -iq '^Agency-Signature-Version: 1'; then
-          printf '%s %s\n' "$sha" "$cdate"
-          return 0
-        fi
-      done | head -1
-}
-
-if [ -z "$v1_ship_date" ]; then
-  ship_line="$(detect_v1_ship)"
-  if [ -n "$ship_line" ]; then
-    v1_ship_sha="$(printf '%s' "$ship_line" | awk '{print $1}')"
-    v1_ship_date="$(printf '%s' "$ship_line" | awk '{print $2}')"
-  fi
-fi
-
-# Build commit list per mode.
-case "$mode" in
-  head)
-    commits="$(git rev-parse "$target_rev")"
-    ;;
-  commit)
-    if ! git rev-parse --verify "$commit_sha" >/dev/null 2>&1; then
-      echo "error: cannot resolve commit: $commit_sha" >&2
-      exit 2
-    fi
-    commits="$(git rev-parse "$commit_sha")"
-    ;;
-  max)
-    case "$max_n" in
-      ''|*[!0-9]*) echo "error: --max value must be a positive integer" >&2; exit 2;;
-    esac
-    commits="$(git log --max-count="$max_n" --pretty='%H' "$target_rev")"
-    ;;
-  since)
-    commits="$(git log --since="$since_date" --pretty='%H' "$target_rev")"
-    if [ -z "$commits" ]; then
-      printf '%s\n' "no commits since $since_date on $target_rev — nothing to audit"
-      exit 0
-    fi
-    ;;
-esac
-
-# classify_commit SHA -> echoes "STATUS REASON" on stdout.
-classify_commit() {
-  local sha="$1"
-  local trailers
-  trailers="$(git log -1 --pretty='%(trailers)' "$sha" 2>/dev/null || true)"
-
-  local has_v1=false
-  local has_coauthor=false
-  if printf '%s\n' "$trailers" | grep -iq '^Agency-Signature-Version: 1'; then
-    has_v1=true
-  fi
-  if printf '%s\n' "$trailers" | grep -iq '^Co-authored-by: Claude'; then
-    has_coauthor=true
-  fi
-
-  # Pre-v1-ship-date check: if we have a v1 ship date AND this commit is
-  # strictly older than that ship date, classify as LEGACY.
-  #
-  # Compare via Unix timestamps (committer date %ct) because ISO-8601
-  # string compare breaks with mixed timezone formats (e.g.,
-  # "2026-04-26T15:15:53-04:00" vs "2026-04-26T19:00:00Z" — same UTC
-  # moment but lexicographically misordered). Discovered while testing
-  # the auditor against c4400cb on 2026-04-26.
-  if [ -n "$v1_ship_date" ]; then
-    local commit_ts
-    local ship_ts
-    commit_ts="$(git log -1 --pretty='%ct' "$sha")"
-    # Convert v1_ship_date (ISO-8601) to Unix timestamp via git's
-    # date parser if not already numeric. Cache via $v1_ship_ts_cached
-    # for repeated calls.
-    if [ -z "${v1_ship_ts_cached:-}" ]; then
-      # Use date(1) to convert; both BSD and GNU date support `-d` /
-      # `-j -f` differently. Critical macOS-specific gotcha: BSD `date
-      # -j -f` ignores the timezone suffix in the input string and
-      # parses the digits as local time. Force UTC interpretation via
-      # TZ=UTC so a `Z` suffix actually means UTC, not local. (Tested
-      # on macOS bash 3.2.57 + EDT-localized system 2026-04-26.)
-      ship_ts="$(date -d "$v1_ship_date" +%s 2>/dev/null \
-        || TZ=UTC date -j -f '%Y-%m-%dT%H:%M:%SZ' "$v1_ship_date" +%s 2>/dev/null \
-        || TZ=UTC date -j -f '%Y-%m-%dT%H:%M:%S%z' "$v1_ship_date" +%s 2>/dev/null \
-        || echo '')"
-      if [ -z "$ship_ts" ]; then
-        # Hard-fail to stderr with exit code 2 (tooling / input error
-        # per the header's exit-code spec). Prior version printed
-        # 'ERROR ...' to stdout and returned, which the caller's
-        # case-statement treated as an unmatched status token —
-        # the audit could still print 'PASS: no regressions detected'
-        # despite the unparseable input. Copilot review on PR #22
-        # caught this — the error class needs to short-circuit the
-        # whole audit, not silently fall through.
-        printf 'error: cannot parse v1-ship-date as timestamp: %s\n' "$v1_ship_date" >&2
-        exit 2
-      fi
-      # Cache (function-local; persists for this invocation only)
-      v1_ship_ts_cached="$ship_ts"
-    else
-      ship_ts="$v1_ship_ts_cached"
-    fi
-    if [ "$commit_ts" -lt "$ship_ts" ]; then
-      printf 'LEGACY pre-v1-ship-date (%s < %s)\n' \
-        "$(git log -1 --pretty='%cI' "$sha")" "$v1_ship_date"
-      return
-    fi
-  else
-    # No v1 ship found in branch history at all -> all commits are LEGACY.
-    printf 'LEGACY v1 not yet shipped on this branch\n'
-    return
-  fi
-
-  # Post-v1-ship classification.
-  if [ "$has_v1" = "true" ]; then
-    printf 'CORRECT trailer present\n'
-  elif [ "$has_coauthor" = "true" ]; then
-    printf 'REGRESSION agent commit (Co-authored-by present) missing AgencySignature\n'
-  else
-    printf 'HUMAN-AUTHORED-EXEMPT no Co-authored-by signal; assuming human-authored\n'
-  fi
-}
-
-# Aggregate audit.
-correct_count=0
-legacy_count=0
-human_count=0
-regression_count=0
-regressions=""
-
-printf 'AgencySignature v1 main-tip audit\n'
-printf '  target_rev:    %s (%s)\n' "$target_rev" "$(git rev-parse "$target_rev")"
-if [ -n "$v1_ship_date" ]; then
-  printf '  v1-ship-date:  %s' "$v1_ship_date"
-  if [ -n "${v1_ship_sha:-}" ]; then
-    printf ' (commit %s)' "$(printf '%s' "$v1_ship_sha" | cut -c1-12)"
-  fi
-  printf '\n'
-else
-  printf '  v1-ship-date:  not yet shipped on this branch (all commits LEGACY)\n'
-fi
-printf '  mode:          %s\n' "$mode"
-printf '\n'
-
-while IFS= read -r sha; do
-  [ -z "$sha" ] && continue
-  result="$(classify_commit "$sha")"
-  status="$(printf '%s' "$result" | awk '{print $1}')"
-  reason="$(printf '%s' "$result" | sed -E 's/^[A-Z-]+ //')"
-
-  short="$(printf '%s' "$sha" | cut -c1-12)"
-  subject="$(git log -1 --pretty='%s' "$sha")"
-  printf '  [%-22s] %s — %s\n' "$status" "$short" "$subject"
-  printf '    %s\n' "$reason"
-
-  case "$status" in
-    CORRECT)               correct_count=$((correct_count + 1));;
-    LEGACY)                legacy_count=$((legacy_count + 1));;
-    HUMAN-AUTHORED-EXEMPT) human_count=$((human_count + 1));;
-    REGRESSION)
-      regression_count=$((regression_count + 1))
-      regressions="$regressions $short"
-      ;;
-  esac
-done <<< "$commits"
-
-printf '\nSummary:\n'
-printf '  CORRECT:                %d\n' "$correct_count"
-printf '  LEGACY:                 %d\n' "$legacy_count"
-printf '  HUMAN-AUTHORED-EXEMPT:  %d\n' "$human_count"
-printf '  REGRESSION:             %d\n' "$regression_count"
-
-if [ "$regression_count" -gt 0 ]; then
-  printf '\nFAIL: %d regression(s) found:%s\n' "$regression_count" "$regressions"
-  printf '  Cause: agent-authored commits (Co-authored-by present) on or after v1\n'
-  printf '         ship date are missing the Agency-Signature-Version: 1 trailer\n'
-  printf '         block, indicating squash-merge stripped the trailers OR the PR\n'
-  printf '         body did not carry the trailer block at the bottom.\n'
-  printf '  Fix:   re-attach AgencySignature trailers to the next commit; ensure\n'
-  printf '         future PR bodies include the trailer block at the body bottom\n'
-  printf '         per the Squash-Merge Invariant rule (ferry-6/7).\n'
-  printf '  Spec:  %s Section 7.5 + Section 10\n' "$spec_doc"
-  exit 1
-fi
-
-printf '\nPASS: no regressions detected\n'
-exit 0
diff --git a/tools/hygiene/audit-cross-platform-parity.sh b/tools/hygiene/audit-cross-platform-parity.sh
deleted file mode 100755
index d2de1653e..000000000
--- a/tools/hygiene/audit-cross-platform-parity.sh
+++ /dev/null
@@ -1,336 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/audit-cross-platform-parity.sh — detects cross-
-# platform parity gaps across the tools/ tree: bash scripts that
-# need a PowerShell twin for Windows support, and the inverse.
-# Detect-only; `--enforce` flips exit 2 on gaps.
-#
-# Post-setup stack: bash scaffolding — the audit ships under
-# `tools/hygiene/` and has to exist in bash while the bun+TS post-
-# setup migration is mid-flight (same exception as
-# `audit-post-setup-script-stack.sh` and
-# `audit-missing-prevention-layers.sh`). Queued for bun+TS
-# migration alongside them in docs/BACKLOG.md.
-#
-# ----- Decision record (mini-ADR) ---------------------------------
-#
-# Date:        2026-04-22
-# Context:     Aaron 2026-04-22 — "missing mac/windows/linux/wsl
-#              parity (ubuntu latest) we can deffer but should have
-#              the hygene in place for when we want to enforce and
-#              it will be more obvious to you in the future that we
-#              are cross platform."
-# Decision:    Author the audit NOW (detect-only); defer enforcement
-#              (no CI gate, exit 0 on gaps) until the baseline
-#              violations are triaged and CI matrix (macos-latest /
-#              windows-latest / ubuntu-latest) is wired. The
-#              `--enforce` flag flips exit 2 on gaps so the
-#              transition to enforcement is a one-line change when
-#              the baseline is green.
-# Alternatives considered:
-#              (a) Don't build it yet — rejected: cross-platform
-#                  status becomes aspirational not visible; Aaron
-#                  already noted it's easy to forget ("i was going
-#                  to wait and see if you rmembered that").
-#              (b) Build it + enforce immediately — rejected: 12
-#                  pre-setup bash scripts currently have no
-#                  PowerShell twin (Q1 violation discovered while
-#                  authoring this audit); turning on enforcement
-#                  blocks every CI run until all are fixed, which
-#                  is cart-before-horse.
-#              (c) Build it + enforce — this choice. Cross-
-#                  platform-first becomes a *visible* factory
-#                  property (the audit exists, runs, prints the
-#                  gap); enforcement flips on after triage. Same
-#                  pattern as FACTORY-HYGIENE row #23 (proposed →
-#                  active) and row #47 (detect-only-gap →
-#                  prevention-bearing).
-# Auditable by: Aaron on next invocation; any reviewer of this file;
-#              CI once `--enforce` is wired.
-# Supersedes:  N/A — first instance of cross-platform parity
-#              hygiene.
-# Expires when: baseline is green (all listed gaps resolved or
-#              intentional-decision-labelled) AND CI matrix runs
-#              `--enforce` on macos-latest / windows-latest /
-#              ubuntu-latest. At that point this comment block
-#              migrates to a proper ADR under docs/DECISIONS/ per
-#              the not-yet-formalised mini-ADR-format ADR (queued
-#              BACKLOG).
-#
-# ----- Rule classes -----------------------------------------------
-#
-# Pre-setup (tools/setup/**/*)
-#   - Both .sh AND .ps1 required. This is the existing Q1 dual-
-#     authoring rule per
-#     `memory/feedback_preinstall_scripts_forced_shell_meet_developer_where_they_live`
-#     and docs/POST-SETUP-SCRIPT-STACK.md Q1. Pre-setup scripts run
-#     BEFORE canonical tooling (bun, dotnet) is installed, on a
-#     bare OS-default shell — bash on macOS/Linux, PowerShell on
-#     Windows. Missing either twin = Q1 violation.
-#
-# Post-setup permanent-bash (thin wrapper over existing CLI /
-#                            trivial find-xargs pipeline /
-#                            stay bash forever)
-#   - PowerShell twin required per
-#     `memory/feedback_stay_bash_forever_implies_powershell_twin_obligation.md`.
-#     A permanent-bash script without a .ps1 twin silently breaks
-#     Windows devs (they'd need WSL / Git Bash for a tool the
-#     factory sells as cross-platform).
-#
-# Post-setup transitional (bun+TS migration candidate /
-#                          bash scaffolding)
-#   - No twin obligation. The long-term plan is one cross-platform
-#     bun+TS script; the single-bash state is acknowledged
-#     transitional.
-#
-# Post-setup bun+TS (*.ts under tools/)
-#   - No twin needed — cross-platform native via the bun runtime.
-#
-# ------------------------------------------------------------------
-#
-# Usage:
-#   tools/hygiene/audit-cross-platform-parity.sh            # report
-#   tools/hygiene/audit-cross-platform-parity.sh --summary  # counts
-#   tools/hygiene/audit-cross-platform-parity.sh --enforce  # exit 2
-#                                                          # on gaps
-#
-# Exit codes:
-#   0   always, unless --enforce and gaps > 0
-#   1   usage error
-#   2   --enforce mode with gap count > 0
-
-set -euo pipefail
-
-MODE="report"
-for arg in "$@"; do
-  case "$arg" in
-    --summary) MODE="summary" ;;
-    --enforce) MODE="enforce" ;;
-    -h|--help)
-      sed -n '3,60p' "$0"
-      exit 0
-      ;;
-    *)
-      echo "error: unknown arg: $arg" >&2
-      exit 1
-      ;;
-  esac
-done
-
-# Enumerate every script under tools/. git ls-files excludes
-# vendored / gitignored build caches. NUL-delimited for whitespace
-# tolerance; while-read for bash 3.2 (macOS default) compatibility.
-ALL=()
-while IFS= read -r -d '' f; do
-  ALL+=("$f")
-done < <(git ls-files -z 'tools/*.sh' 'tools/*.ps1' 'tools/**/*.sh' 'tools/**/*.ps1' | sort -z)
-
-# Classify a path. Echoes one of:
-#   pre-setup
-#   post-setup-permanent
-#   post-setup-transitional
-#   exempt-deprecated
-classify() {
-  local p="$1"
-  case "$p" in
-    tools/setup/*) echo "pre-setup"; return ;;
-    tools/_deprecated/*) echo "exempt-deprecated"; return ;;
-  esac
-  # Post-setup: inspect the FIRST label-declaration line only,
-  # to avoid false-positives on prose that references other
-  # category names while explaining the rule taxonomy. The two
-  # accepted declaration patterns are:
-  #   # Post-setup stack: <label> — ...
-  #   # label: "<label>" — ...   (self-referential form)
-  local decl
-  decl="$(head -60 "$p" 2>/dev/null | grep -iE '^# (Post-setup stack|Exception label|label):' | head -1)"
-  case "$decl" in
-    *"thin wrapper over existing CLI"*) echo "post-setup-permanent" ;;
-    *"trivial find-xargs pipeline"*) echo "post-setup-permanent" ;;
-    *"stay bash forever"*) echo "post-setup-permanent" ;;
-    *"bun+TS migration candidate"*) echo "post-setup-transitional" ;;
-    *"bash scaffolding"*) echo "post-setup-transitional" ;;
-    *)
-      # Unlabelled post-setup bash — violation of the post-setup
-      # stack rule (row #46), not a parity question. Defer to
-      # that row's audit; classify here as transitional to avoid
-      # double-counting.
-      echo "post-setup-transitional"
-      ;;
-  esac
-}
-
-# Return 0 if `<stem>.ps1` exists as a tracked file (Git-tracked,
-# not just on disk). 1 otherwise.
-has_twin() {
-  local p="$1"
-  local stem="${p%.sh}"
-  git ls-files --error-unmatch "${stem}.ps1" >/dev/null 2>&1
-}
-
-# Return 0 if `<stem>.sh` exists as a tracked file.
-has_bash_twin() {
-  local p="$1"
-  local stem="${p%.ps1}"
-  git ls-files --error-unmatch "${stem}.sh" >/dev/null 2>&1
-}
-
-PAIRED=()
-PRE_SETUP_GAP_BASH=()       # .sh under tools/setup/ without .ps1
-PRE_SETUP_GAP_PS1=()        # .ps1 under tools/setup/ without .sh
-POST_PERM_GAP=()            # permanent-bash .sh without .ps1
-TRANSITIONAL=()             # no twin obligation
-EXEMPT=()
-
-for f in "${ALL[@]}"; do
-  case "$f" in
-    *.sh)
-      klass="$(classify "$f")"
-      case "$klass" in
-        pre-setup)
-          if has_twin "$f"; then
-            PAIRED+=("$f")
-          else
-            PRE_SETUP_GAP_BASH+=("$f")
-          fi
-          ;;
-        post-setup-permanent)
-          if has_twin "$f"; then
-            PAIRED+=("$f")
-          else
-            POST_PERM_GAP+=("$f")
-          fi
-          ;;
-        post-setup-transitional)
-          TRANSITIONAL+=("$f")
-          ;;
-        exempt-deprecated)
-          EXEMPT+=("$f")
-          ;;
-      esac
-      ;;
-    *.ps1)
-      case "$f" in
-        tools/setup/*)
-          if has_bash_twin "$f"; then
-            : # already counted via the .sh side of the pair
-          else
-            PRE_SETUP_GAP_PS1+=("$f")
-          fi
-          ;;
-        tools/_deprecated/*)
-          EXEMPT+=("$f")
-          ;;
-        *)
-          # Post-setup .ps1 is unusual; no twin obligation on this
-          # side unless the .sh side is a permanent-bash exception.
-          # Count under PAIRED if the .sh twin exists, else treat
-          # as standalone (rare; not currently used).
-          if has_bash_twin "$f"; then
-            : # .sh side already counted
-          else
-            TRANSITIONAL+=("$f")
-          fi
-          ;;
-      esac
-      ;;
-  esac
-done
-
-gap_count=$(( ${#PRE_SETUP_GAP_BASH[@]} + ${#PRE_SETUP_GAP_PS1[@]} + ${#POST_PERM_GAP[@]} ))
-
-if [[ "$MODE" == "summary" ]]; then
-  printf 'paired:                    %d\n' "${#PAIRED[@]}"
-  printf 'transitional (no gap):     %d\n' "${#TRANSITIONAL[@]}"
-  printf 'exempt (_deprecated):      %d\n' "${#EXEMPT[@]}"
-  printf 'gap: pre-setup .sh no twin:  %d\n' "${#PRE_SETUP_GAP_BASH[@]}"
-  printf 'gap: pre-setup .ps1 no twin: %d\n' "${#PRE_SETUP_GAP_PS1[@]}"
-  printf 'gap: permanent-bash no .ps1: %d\n' "${#POST_PERM_GAP[@]}"
-  printf 'gap total:                 %d\n' "$gap_count"
-else
-  echo "# Cross-platform parity audit"
-  echo
-  echo "Run: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
-  echo "Authoritative rules: docs/POST-SETUP-SCRIPT-STACK.md Q1 (pre-setup)"
-  echo "  + memory/feedback_stay_bash_forever_implies_powershell_twin_obligation.md"
-  echo "  (post-setup permanent-bash)."
-  echo "Mode: $MODE (enforcement deferred; exit 2 requires --enforce)."
-  echo
-  echo "## Paired (${#PAIRED[@]})"
-  echo
-  echo "Scripts with a complete cross-platform twin."
-  echo
-  if [[ ${#PAIRED[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${PAIRED[@]}"
-  else
-    echo "- (none)"
-  fi
-  echo
-  echo "## Gaps — pre-setup bash without PowerShell twin (${#PRE_SETUP_GAP_BASH[@]})"
-  echo
-  echo "Q1 violation per docs/POST-SETUP-SCRIPT-STACK.md — pre-setup scripts"
-  echo "MUST be dual-authored as bash + PowerShell because they run before"
-  echo "canonical tooling is installed, on OS-default shells."
-  echo
-  if [[ ${#PRE_SETUP_GAP_BASH[@]} -gt 0 ]]; then
-    printf -- '- %s (missing .ps1)\n' "${PRE_SETUP_GAP_BASH[@]}"
-  else
-    echo "- (none — clean)"
-  fi
-  echo
-  echo "## Gaps — pre-setup PowerShell without bash twin (${#PRE_SETUP_GAP_PS1[@]})"
-  echo
-  if [[ ${#PRE_SETUP_GAP_PS1[@]} -gt 0 ]]; then
-    printf -- '- %s (missing .sh)\n' "${PRE_SETUP_GAP_PS1[@]}"
-  else
-    echo "- (none — clean)"
-  fi
-  echo
-  echo "## Gaps — permanent-bash without PowerShell twin (${#POST_PERM_GAP[@]})"
-  echo
-  echo "Post-setup permanent-bash exceptions (thin wrapper / find-xargs /"
-  echo "stay bash forever) owe a .ps1 twin per the 2026-04-22 Windows-twin"
-  echo "obligation. Missing twin is a quiet break for Windows devs."
-  echo
-  if [[ ${#POST_PERM_GAP[@]} -gt 0 ]]; then
-    printf -- '- %s (missing .ps1)\n' "${POST_PERM_GAP[@]}"
-  else
-    echo "- (none — clean)"
-  fi
-  echo
-  echo "## Transitional / exempt (${#TRANSITIONAL[@]} + ${#EXEMPT[@]})"
-  echo
-  echo "Transitional (bun+TS migration candidate / bash scaffolding): no twin obligation."
-  echo "Exempt (tools/_deprecated/): awaiting deletion."
-  echo
-  echo "Transitional:"
-  if [[ ${#TRANSITIONAL[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${TRANSITIONAL[@]}"
-  else
-    echo "- (none)"
-  fi
-  echo
-  echo "Exempt:"
-  if [[ ${#EXEMPT[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${EXEMPT[@]}"
-  else
-    echo "- (none)"
-  fi
-  echo
-  echo "## Summary"
-  echo
-  printf -- '- paired:                    %d\n' "${#PAIRED[@]}"
-  printf -- '- transitional (no gap):     %d\n' "${#TRANSITIONAL[@]}"
-  printf -- '- exempt (_deprecated):      %d\n' "${#EXEMPT[@]}"
-  printf -- '- gap: pre-setup .sh no twin:  %d\n' "${#PRE_SETUP_GAP_BASH[@]}"
-  printf -- '- gap: pre-setup .ps1 no twin: %d\n' "${#PRE_SETUP_GAP_PS1[@]}"
-  printf -- '- gap: permanent-bash no .ps1: %d\n' "${#POST_PERM_GAP[@]}"
-  printf -- '- gap total:                 %d\n' "$gap_count"
-fi
-
-if [[ "$MODE" == "enforce" && "$gap_count" -gt 0 ]]; then
-  echo
-  echo "FAIL: $gap_count cross-platform parity gap(s). See rules above." >&2
-  exit 2
-fi
-exit 0
diff --git a/tools/hygiene/audit-git-hotspots.sh b/tools/hygiene/audit-git-hotspots.sh
deleted file mode 100755
index f2bb1a0f7..000000000
--- a/tools/hygiene/audit-git-hotspots.sh
+++ /dev/null
@@ -1,250 +0,0 @@
-#!/usr/bin/env bash
-# tools/hygiene/audit-git-hotspots.sh
-#
-# Identifies high-churn files in the repo over a configurable
-# window — the "hotspots" the human maintainer named on
-# 2026-04-23 Otto-54:
-#
-# > cadence for checking github hotspots too this is a hygene
-# > issues points of friction and bottlenecks, we are
-# > frictionless... git hotspots i mean... we are gitnative
-# > with github as our first host
-#
-# High-churn shared files are the paradigmatic friction surface
-# (routine merge conflicts, reviewer burden, serialization
-# bottleneck). The audit surfaces candidates; the action
-# (split / freeze / archive / watch) is a judgment call the
-# author or architect makes from the report.
-#
-# Part of the Otto-54 directive cluster in BACKLOG.md §
-# "P1 — Git-native hygiene cadences". Composes with:
-# (The verbatim quote above is preserved as attribution —
-# the quoted directive IS attribution, which is the narrow
-# name-attribution exemption. Outside the quote block this
-# prose uses role references per the no-name-attribution
-# rule.)
-# - BACKLOG-per-swim-lane split row (one remediation option)
-# - CURRENT-maintainer freshness audit row (one remediation
-#   option for memory/MEMORY.md hotspots)
-#
-# Usage:
-#   tools/hygiene/audit-git-hotspots.sh               # default window: 60 days, top 20
-#   tools/hygiene/audit-git-hotspots.sh --window 30d  # custom window
-#   tools/hygiene/audit-git-hotspots.sh --top 40      # show more rows
-#   tools/hygiene/audit-git-hotspots.sh --report PATH # write markdown report
-#
-# Exit codes:
-#   0 — always (detect-only, no enforcement yet; see Otto-54
-#       NOT-list: detection-first, action-second)
-
-set -euo pipefail
-
-window="60 days"
-top=20
-report=""
-
-require_value() {
-  # require_value FLAG VALUE — aborts with a clear message if VALUE is empty.
-  if [[ -z "${2:-}" ]]; then
-    echo "error: $1 requires a value" >&2
-    exit 64
-  fi
-}
-
-require_positive_int() {
-  # require_positive_int FLAG VALUE — aborts with exit 64 if VALUE is not a positive integer.
-  if ! [[ "${2:-}" =~ ^[1-9][0-9]*$ ]]; then
-    echo "error: $1 requires a positive integer, got: ${2:-<empty>}" >&2
-    exit 64
-  fi
-}
-
-while [[ $# -gt 0 ]]; do
-  case "$1" in
-    --window)
-      require_value "$1" "${2:-}"
-      window="$2"
-      shift 2
-      ;;
-    --top)
-      require_value "$1" "${2:-}"
-      require_positive_int "$1" "${2:-}"
-      top="$2"
-      shift 2
-      ;;
-    --report)
-      require_value "$1" "${2:-}"
-      report="$2"
-      shift 2
-      ;;
-    -h|--help)
-      # Skip the shebang line so --help output doesn't start with
-      # `!/usr/bin/env bash`. The sed rewrite strips the leading
-      # `# ` / `#` markers so the doc block reads as plain prose.
-      grep '^#' "$0" | grep -v '^#!' | sed 's/^# //;s/^#//'
-      exit 0
-      ;;
-    *)
-      echo "unknown arg: $1" >&2
-      exit 64
-      ;;
-  esac
-done
-
-# Count per-file touches in the window, excluding paths we
-# deliberately expect to be hot:
-# - docs/hygiene-history/**: append-only fire logs; churn is
-#   by design (one row per tick).
-# - openspec/changes/**: OpenSpec staging surface (by design
-#   high-churn during spec backfill).
-# - references/upstreams/**: vendored external repos; not
-#   ours to audit.
-excluded_prefixes=(
-  'docs/hygiene-history/'
-  'openspec/changes/'
-  'references/upstreams/'
-)
-
-# Guard: the audit must run inside a git worktree. Without this
-# check a `git log` failure (missing worktree, corrupt repo,
-# unreadable objects) would be masked by `|| true` downstream
-# and produce a misleading "no commits" report while exiting 0.
-if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
-  echo "error: tools/hygiene/audit-git-hotspots.sh must run inside a git worktree" >&2
-  exit 128
-fi
-
-# Count touches: one row per (commit, file) pair. Note that
-# `git log --name-only` also lists files touched by deletion
-# commits (the path appears even though the file no longer
-# exists at HEAD). That's correct for a hotspot report —
-# frequent deletion of a path is still friction — so we
-# deliberately include deletions in the count rather than
-# filter them out.
-#
-# `sed '/^$/d'` (rather than `grep -v '^$' || true`) is used so
-# the empty-output case is handled by sed returning exit 0 with
-# an empty string, and any real `git log` failure propagates via
-# `set -euo pipefail` instead of being masked by `|| true`.
-raw=$(git log --since="$window" --pretty=format: --name-only \
-      | sed '/^$/d')
-
-# If the window is empty (new repo, tight window), bail
-# gracefully rather than aborting under `set -euo pipefail`.
-if [[ -z "$raw" ]]; then
-  echo "no commits in window '$window' (or all filtered)" >&2
-fi
-
-# Apply exclusions.
-filtered="$raw"
-for prefix in "${excluded_prefixes[@]}"; do
-  filtered=$(printf '%s\n' "$filtered" | grep -v "^$prefix" || true)
-done
-
-# Tally by file.
-ranked=$(printf '%s\n' "$filtered" | sort | uniq -c | sort -rn)
-
-# Unique author / PR-count per file — best-effort (may undercount
-# in squash-merge workflow where PR number appears in the
-# commit subject rather than the file touch).
-file_summary() {
-  local file="$1"
-  local touches="$2"
-  local authors_raw pr_raw authors pr_count
-  # Let `git log` failures propagate — don't mask with `|| true`
-  # or redirect stderr to /dev/null, both of which silently turn
-  # partial-clone / missing-object errors into fabricated zeros.
-  # The empty-match case (file not in window, or no PR tokens in
-  # subjects) is handled by counting lines directly: `grep -c`
-  # would exit 1 on no matches and trip pipefail, so we pipe
-  # through `wc -l` which always exits 0.
-  #
-  # PR-count parses trailing `(#NNN)` squash-merge markers only.
-  # Bare `#NNN` tokens in subjects (e.g. "row #58", "fix #213")
-  # are intentionally not counted — they are row IDs / issue
-  # refs, not PR numbers, and counting them inflates the metric.
-  authors_raw=$(git log --since="$window" --pretty=format:'%an' -- "$file")
-  if [[ -z "$authors_raw" ]]; then
-    authors=0
-  else
-    authors=$(printf '%s\n' "$authors_raw" | sort -u | wc -l | tr -d ' ')
-  fi
-  # Capture subjects first (propagates git log failures under
-  # pipefail), then run the grep filter in a context where a
-  # no-match result (exit 1) is fine.
-  local subjects
-  subjects=$(git log --since="$window" --pretty=format:'%s' -- "$file")
-  if [[ -z "$subjects" ]]; then
-    pr_count=0
-  else
-    pr_raw=$(printf '%s\n' "$subjects" | grep -oE '\(#[0-9]+\)$' | sort -u || true)
-    if [[ -z "$pr_raw" ]]; then
-      pr_count=0
-    else
-      pr_count=$(printf '%s\n' "$pr_raw" | wc -l | tr -d ' ')
-    fi
-  fi
-  printf '| %s | %s | %s | %s |\n' "$file" "$touches" "$authors" "$pr_count"
-}
-
-render() {
-  printf '# Git hotspots report\n\n'
-  printf -- '- **Window:** last %s\n' "$window"
-  printf -- '- **Generated:** %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
-  printf -- '- **Top:** %s files by touch count\n' "$top"
-  printf -- '- **Excluded prefixes:** %s\n\n' "${excluded_prefixes[*]}"
-
-  printf '## Ranking\n\n'
-  printf '| file | touches | unique authors | PR count |\n'
-  printf '|---|---:|---:|---:|\n'
-
-  # Stream the top-N rows without a `head` pipeline. Piping
-  # `printf` into `head -n N` under `set -euo pipefail` can
-  # surface as SIGPIPE 141 when `head` closes early on a long
-  # ranked list, which would violate the "always exit 0"
-  # contract. Iterate + counter instead.
-  local count=0
-  while IFS= read -r line; do
-    [[ -z "$line" ]] && continue
-    (( count >= top )) && break
-    # Extract touch count (first whitespace-delimited field from
-    # `uniq -c` output) without disturbing the rest of the row.
-    # `awk '{$1=""; print}'` normalises internal whitespace —
-    # that would corrupt filenames containing multiple spaces
-    # or tabs. Use a regex that strips exactly the `uniq -c`
-    # prefix (leading spaces + count + single space).
-    touches=$(printf '%s' "$line" | awk '{print $1}')
-    file=$(printf '%s' "$line" | sed -E 's/^[[:space:]]*[0-9]+[[:space:]]//')
-    [[ -z "$file" ]] && continue
-    file_summary "$file" "$touches"
-    count=$((count + 1))
-  done <<<"$ranked"
-
-  printf '\n## Suggested actions\n\n'
-  printf 'Detection-first. The action below is a prompt for human\n'
-  printf 'or Architect judgment, not an enforcement.\n\n'
-  printf -- '- **split** — file has become a shared bottleneck; consider\n'
-  printf '  per-swim-lane / per-subsystem decomposition\n'
-  printf -- '- **freeze** — historical content is append-only; freeze\n'
-  printf '  older rows to an archive and keep recent rows hot\n'
-  printf -- '- **audit** — hotness may reflect real work; investigate\n'
-  printf '  whether churn is healthy or pathological\n'
-  printf -- '- **watch** — hot but not yet a problem; leave for next\n'
-  printf '  audit cadence\n\n'
-  printf '## What this report is NOT\n\n'
-  printf -- '- Not an enforcement. The audit exits 0 regardless of\n'
-  printf '  findings.\n'
-  printf -- '- Not a blame tool. Author counts are descriptive of\n'
-  printf '  collaboration shape, not performance.\n'
-  printf -- '- Not a complete merge-conflict predictor. Two PRs can\n'
-  printf '  conflict on a rarely-touched file; conversely, a\n'
-  printf '  very hot file with careful coordination (append-only\n'
-  printf '  rows) may see zero conflicts.\n'
-}
-
-if [[ -n "$report" ]]; then
-  render > "$report"
-  echo "Report written: $report" >&2
-else
-  render
-fi
diff --git a/tools/hygiene/audit-machine-specific-content.sh b/tools/hygiene/audit-machine-specific-content.sh
deleted file mode 100755
index 19d6ea789..000000000
--- a/tools/hygiene/audit-machine-specific-content.sh
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/bin/env bash
-# tools/hygiene/audit-machine-specific-content.sh
-#
-# Scans in-repo content for machine-specific patterns that
-# should not appear in a portable factory substrate:
-#
-# - User-home paths: /Users/<username>/... , /home/<username>/...
-# - Claude Code harness paths: ~/.claude/projects/<slug>/...
-# - Other machine-name or hostname leaks
-#
-# Part of FACTORY-HYGIENE row #55 (machine-specific content
-# scrubber) per Aaron 2026-04-23 Otto-27:
-#
-# > we can have a machine specific scrubber/lint hygene task
-# > for anyting that makes it in by default. just run on a
-# > cadence.
-#
-# Not a prevention-gate yet (detect-only first per row #23 +
-# #47 pattern). Cadenced fire surfaces gaps; author-time
-# remediation lands as opportunistic cleanup.
-#
-# Usage:
-#   tools/hygiene/audit-machine-specific-content.sh          # summary
-#   tools/hygiene/audit-machine-specific-content.sh --list   # list offending files
-#   tools/hygiene/audit-machine-specific-content.sh --enforce # exit 2 on any gap
-#
-# Exit codes:
-#   0 — no machine-specific content detected (or --enforce not set and gaps found)
-#   2 — gaps found and --enforce was set
-
-set -euo pipefail
-
-mode="${1:-summary}"
-
-# Patterns that indicate machine-specific content leakage.
-# Each pattern is a grep -E extended regex.
-patterns=(
-  '/Users/[a-zA-Z0-9._-]+/'       # macOS home paths
-  '/home/[a-zA-Z0-9._-]+/'        # Linux home paths
-  'C:\\Users\\[a-zA-Z0-9._-]+'    # Windows home paths
-  'C:/Users/[a-zA-Z0-9._-]+'      # Windows home paths (forward-slash form)
-)
-
-# Paths to audit. In-repo content only (tracked files).
-# Exclude: historical docs that intentionally reference paths
-# (ROUND-HISTORY, tick-history, fire-history files preserve
-# their history verbatim per append-only discipline).
-exclude_patterns=(
-  'docs/ROUND-HISTORY.md'
-  'docs/hygiene-history/'
-  'docs/DECISIONS/'         # ADRs preserve their historical context
-  'tools/hygiene/audit-machine-specific-content.sh'  # self (patterns are examples)
-)
-
-# Get all tracked files, filter out exclusions.
-tracked_files=$(git ls-files)
-
-# Build exclusion grep
-exclude_grep=""
-for p in "${exclude_patterns[@]}"; do
-  if [[ -n "$exclude_grep" ]]; then
-    exclude_grep+="|"
-  fi
-  exclude_grep+="$p"
-done
-
-files_to_check=$(echo "$tracked_files" | grep -vE "$exclude_grep" || true)
-
-# Count gaps
-gap_count=0
-gap_files=()
-
-for pattern in "${patterns[@]}"; do
-  while IFS= read -r file; do
-    [[ -z "$file" ]] && continue
-    if grep -l -E "$pattern" "$file" > /dev/null 2>&1; then
-      gap_files+=("$file:$pattern")
-      gap_count=$((gap_count + 1))
-    fi
-  done <<< "$files_to_check"
-done
-
-# Report
-case "$mode" in
-  --list)
-    if (( gap_count > 0 )); then
-      printf '%s\n' "${gap_files[@]}"
-    fi
-    ;;
-  --enforce)
-    if (( gap_count > 0 )); then
-      echo "machine-specific content gaps: $gap_count"
-      printf '  %s\n' "${gap_files[@]}"
-      exit 2
-    fi
-    echo "machine-specific content gaps: 0 (clean)"
-    ;;
-  *)
-    if (( gap_count > 0 )); then
-      echo "machine-specific content gaps: $gap_count"
-      echo "run with --list to see offending files"
-    else
-      echo "machine-specific content gaps: 0 (clean)"
-    fi
-    ;;
-esac
diff --git a/tools/hygiene/audit-md032-plus-linestart.sh b/tools/hygiene/audit-md032-plus-linestart.sh
deleted file mode 100755
index f5296aa48..000000000
--- a/tools/hygiene/audit-md032-plus-linestart.sh
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/usr/bin/env bash
-# tools/hygiene/audit-md032-plus-linestart.sh
-#
-# Detects markdown files where a line starts with `+ ` inside
-# a paragraph (no blank line above, previous line is not itself
-# a `+ `-list continuation) — the pattern that markdownlint
-# MD032 treats as "list item missing blank line" and that caused
-# Otto-35 + Otto-38 regressions in the autonomous-loop session
-# 2026-04-23.
-#
-# The pattern triggers when an author writes prose continuation
-# like:
-#
-#   Full treatment in the DBSP paper
-#   + `docs/ARCHITECTURE.md` §operator-algebra.
-#
-# Markdownlint parses the second line as an unordered list
-# item (unexpectedly) and flags MD032 ("list not surrounded
-# by blank lines"). The author-time fix is to use "and" or
-# similar continuation instead of `+`.
-#
-# Post-setup stack: bash scaffolding — the audit ships under
-# `tools/hygiene/` and has to exist in bash while the bun+TS
-# post-setup migration is mid-flight (same exception as
-# `audit-cross-platform-parity.sh`, `audit-missing-prevention-
-# layers.sh`, and `audit-post-setup-script-stack.sh`). Queued
-# for bun+TS migration alongside them in docs/BACKLOG.md.
-#
-# Detection shape (CommonMark-aware):
-#   * Scans each line matching `^ {0,3}\+ ` (CommonMark allows
-#     up to 3 leading spaces on list-marker lines).
-#   * Flags a gap only when the previous line is **not blank**
-#     (after stripping all whitespace: spaces, tabs, CR) **and**
-#     the previous line is itself **not** a `^ {0,3}\+ ` line
-#     (a contiguous list is not a gap).
-#   * No file-level skip heuristic — every candidate line is
-#     judged on its own per-line context, so files that mostly
-#     use `+` as a list marker still get checked for stray
-#     prose-continuation `+`.
-#
-# FACTORY-HYGIENE row #56 (cadenced on-touch + round-cadence).
-#
-# Usage:
-#   tools/hygiene/audit-md032-plus-linestart.sh              # summary
-#   tools/hygiene/audit-md032-plus-linestart.sh --list       # list offending lines
-#   tools/hygiene/audit-md032-plus-linestart.sh --enforce    # exit 2 on any gap
-#
-# Exit codes:
-#   0 — no offending `+ `-at-line-start patterns (or --enforce
-#       not set and gaps found)
-#   2 — gaps found and --enforce was set
-
-set -euo pipefail
-
-mode="${1:-summary}"
-
-# Resolve every markdown path from the repo root, not from the
-# caller's current directory. `git ls-files` emits paths relative
-# to the repo root regardless of $PWD, so we cd there before
-# reading files. Staying at repo-root also keeps `sed` / `read`
-# paths consistent if the caller invokes the script from a sub-
-# directory.
-repo_root=$(git rev-parse --show-toplevel)
-cd "$repo_root"
-
-# Exclusion: audit-trail surfaces whose `+ `-at-line-start lines
-# are historical record, not fixable. Also self-exclude.
-exclude_pattern='^(docs/ROUND-HISTORY\.md|docs/hygiene-history/|docs/DECISIONS/|tools/hygiene/audit-md032-plus-linestart\.sh)'
-
-gap_count=0
-gap_lines=()
-
-# Match CommonMark-compliant `+ `-list-marker lines: up to 3
-# leading spaces allowed before the `+ ` token. Used both for
-# "is this line a candidate?" and "is the previous line a list
-# continuation?" checks.
-plus_marker_re='^ {0,3}\+ '
-
-# Iterate tracked `.md` files via NUL-delimited read — matches
-# the sibling hygiene-script convention (audit-cross-platform-
-# parity.sh, audit-post-setup-script-stack.sh) and is safe for
-# paths containing spaces / tabs / newlines.
-while IFS= read -r -d '' file; do
-  if [[ "$file" =~ $exclude_pattern ]]; then
-    continue
-  fi
-
-  # Read the whole file into an array once — avoids an O(N) `sed`
-  # per candidate line, and makes the "previous line" lookup a
-  # plain array index. Uses a `while read` loop rather than
-  # `mapfile` so the script runs on macOS bash 3.2 (no `mapfile`)
-  # in addition to Linux bash 4+. A trailing IFS=$'\n' read may
-  # miss a file whose last line has no newline, so we also
-  # capture any trailing partial line.
-  lines=()
-  while IFS= read -r line || [[ -n "$line" ]]; do
-    lines+=("$line")
-  done < "$file"
-
-  lineno=0
-  for line in "${lines[@]}"; do
-    lineno=$((lineno + 1))
-
-    # Candidate: `^ {0,3}\+ ` anywhere in the file.
-    if [[ ! "$line" =~ $plus_marker_re ]]; then
-      continue
-    fi
-
-    # First line of file can't have a non-blank predecessor.
-    if (( lineno == 1 )); then
-      continue
-    fi
-
-    prev_line="${lines[lineno - 2]}"
-
-    # Strip ALL whitespace (spaces, tabs, carriage returns) to
-    # decide if the previous line is "blank" in markdownlint's
-    # sense. Tab-only or CR-only lines count as blank.
-    prev_stripped="${prev_line//[[:space:]]/}"
-    if [[ -z "$prev_stripped" ]]; then
-      continue
-    fi
-
-    # Contiguous `+ `-list: previous line is itself a `+ `-marker
-    # line. Not a gap — legitimate list continuation.
-    if [[ "$prev_line" =~ $plus_marker_re ]]; then
-      continue
-    fi
-
-    # MD032 risk: non-blank previous line that is not a list
-    # continuation.
-    gap_count=$((gap_count + 1))
-    gap_lines+=("$file:$lineno")
-  done
-done < <(git ls-files -z '*.md')
-
-case "$mode" in
-  --list)
-    if (( gap_count > 0 )); then
-      printf '%s\n' "${gap_lines[@]}"
-    fi
-    ;;
-  --enforce)
-    if (( gap_count > 0 )); then
-      echo "MD032 '+'-at-line-start gaps: $gap_count"
-      printf '  %s\n' "${gap_lines[@]}"
-      echo ""
-      echo "Fix: replace '+' at line start with 'and' or similar prose"
-      echo "continuation, OR add a blank line before the '+' to make it"
-      echo "an intentional list (which markdownlint accepts)."
-      exit 2
-    fi
-    echo "MD032 '+'-at-line-start gaps: 0 (clean)"
-    ;;
-  *)
-    if (( gap_count > 0 )); then
-      echo "MD032 '+'-at-line-start gaps: $gap_count"
-      echo "run with --list to see offending file:line locations"
-    else
-      echo "MD032 '+'-at-line-start gaps: 0 (clean)"
-    fi
-    ;;
-esac
diff --git a/tools/hygiene/audit-missing-prevention-layers.sh b/tools/hygiene/audit-missing-prevention-layers.sh
deleted file mode 100755
index 7396af2ea..000000000
--- a/tools/hygiene/audit-missing-prevention-layers.sh
+++ /dev/null
@@ -1,186 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/audit-missing-prevention-layers.sh — meta-hygiene.
-#
-# For every row in `docs/FACTORY-HYGIENE.md`, ask: does this row
-# have a **prevention layer** (author-time / commit-time /
-# trigger-time mechanism that blocks or warns the violation BEFORE
-# it materialises), or is it **detection-only** (a cadenced audit
-# that catches the violation after the fact)?
-#
-# A row that is detection-only without a principled reason is a
-# gap: a prevention layer COULD be built and WOULD reduce the
-# factory's reactive-cost. A row that is justifiably detection-only
-# (e.g., cadence-history — you can only log AFTER a fire happens)
-# is labelled as such and excluded from the gap list.
-#
-# This script doesn't compute the classification itself — that
-# requires domain judgement per row. It produces the empty matrix
-# for a human or agent to fill in, and diffs against the previous
-# fill to surface newly-added rows that haven't been classified yet.
-#
-# Ships the detection side of FACTORY-HYGIENE row #47 (missing-
-# prevention-layer meta-audit). The "prevention" side of THIS row
-# is the factory-wide discipline that every new hygiene row
-# landing in `docs/FACTORY-HYGIENE.md` should declare its
-# prevention layer (or explicit detection-only rationale) in the
-# "Checks / enforces" or "Durable output" column at author-time.
-#
-# Usage:
-#   tools/hygiene/audit-missing-prevention-layers.sh [--classify FILE]
-#
-# With no arg, prints the list of every hygiene row and its
-# currently-filled classification (read from
-# `docs/hygiene-history/prevention-layer-classification.md` if
-# present, blank otherwise). With `--classify FILE`, uses the
-# given classification file instead.
-#
-# Exit codes:
-#   0   all rows have a classification; no gap rows
-#   1   usage error
-#   2   one or more rows lack a classification OR are classified
-#       as "detection-only (gap)"
-#
-# Self-referential note: this script is bash — exception label
-# "bash scaffolding". Queued for bun+TS migration with the other
-# tools/hygiene/ scripts.
-
-set -euo pipefail
-
-CLASSIFICATION_FILE="docs/hygiene-history/prevention-layer-classification.md"
-
-case "${1:-}" in
-  --classify)
-    CLASSIFICATION_FILE="${2:-}"
-    if [[ -z "$CLASSIFICATION_FILE" ]]; then
-      echo "error: --classify requires a file path" >&2
-      exit 1
-    fi
-    ;;
-  -h|--help)
-    sed -n '3,42p' "$0"
-    exit 0
-    ;;
-  "") ;;
-  *)
-    echo "error: unknown arg: $1" >&2
-    exit 1
-    ;;
-esac
-
-HYGIENE_FILE="docs/FACTORY-HYGIENE.md"
-if [[ ! -f "$HYGIENE_FILE" ]]; then
-  echo "error: $HYGIENE_FILE not found" >&2
-  exit 1
-fi
-
-# Extract row numbers + titles from the main hygiene table. The
-# rows start with `| NN | <title> | ...`. Skip the header divider
-# row and the adopter-facing projection table rows. Portable
-# while-read form for bash 3.2.
-ROWS=()
-while IFS= read -r line; do
-  [[ -z "$line" ]] && continue
-  ROWS+=("$line")
-done < <(awk -F'|' '
-  /^## Ships to project-under-construction/ { in_main = 0 }
-  /^## The list/ { in_main = 1; next }
-  in_main && /^\| *[0-9]+ *\|/ {
-    num = $2; gsub(/ /, "", num)
-    title = $3
-    sub(/^ +/, "", title); sub(/ +$/, "", title)
-    print num "\t" title
-  }
-' "$HYGIENE_FILE")
-
-# Load any existing classification into parallel arrays (bash 3.2
-# does not support `declare -A`). Lookup is linear but the row
-# count is small enough not to matter.
-CLASSIFIED_NUMS=()
-CLASSIFIED_LABELS=()
-if [[ -f "$CLASSIFICATION_FILE" ]]; then
-  while IFS=$'\t' read -r num label; do
-    [[ -z "$num" ]] && continue
-    CLASSIFIED_NUMS+=("$num")
-    CLASSIFIED_LABELS+=("$label")
-  done < <(awk -F'|' '
-    /^\| *[0-9]+ *\|/ {
-      num = $2; gsub(/ /, "", num)
-      label = $4
-      sub(/^ +/, "", label); sub(/ +$/, "", label)
-      print num "\t" label
-    }
-  ' "$CLASSIFICATION_FILE")
-fi
-
-# lookup_label NUM -> prints the label for the given row number,
-# or empty if no classification found.
-lookup_label() {
-  local want="$1" i
-  for i in "${!CLASSIFIED_NUMS[@]}"; do
-    if [[ "${CLASSIFIED_NUMS[$i]}" == "$want" ]]; then
-      printf '%s' "${CLASSIFIED_LABELS[$i]}"
-      return
-    fi
-  done
-}
-
-UNCLASSIFIED=()
-GAPS=()
-OK=()
-
-echo "# Missing prevention-layer audit"
-echo
-echo "Run: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
-echo "Classification source: $CLASSIFICATION_FILE"
-echo
-echo "## Matrix"
-echo
-echo "| Row # | Hygiene item | Classification |"
-echo "|---|---|---|"
-for r in "${ROWS[@]}"; do
-  num=$(echo "$r" | cut -f1)
-  title=$(echo "$r" | cut -f2)
-  label=$(lookup_label "$num")
-
-  if [[ -z "$label" ]]; then
-    UNCLASSIFIED+=("$num — $title")
-    label="**unclassified**"
-  elif [[ "$label" == *"detection-only (gap)"* ]]; then
-    GAPS+=("$num — $title")
-  else
-    OK+=("$num")
-  fi
-
-  # Truncate long titles for table readability.
-  short_title=$(echo "$title" | cut -c1-80)
-  echo "| $num | $short_title | $label |"
-done
-
-echo
-echo "## Summary"
-echo
-printf -- '- prevention-bearing or detection-only-justified: %d\n' "${#OK[@]}"
-printf -- '- detection-only-gap (prevention could exist but does not): %d\n' "${#GAPS[@]}"
-printf -- '- unclassified (no entry in classification file): %d\n' "${#UNCLASSIFIED[@]}"
-
-if [[ ${#UNCLASSIFIED[@]} -gt 0 ]]; then
-  echo
-  echo "## Unclassified rows (fill in classification file)"
-  printf -- '- %s\n' "${UNCLASSIFIED[@]}"
-fi
-
-if [[ ${#GAPS[@]} -gt 0 ]]; then
-  echo
-  echo "## Gap rows (prevention layer candidate)"
-  printf -- '- %s\n' "${GAPS[@]}"
-  echo
-  echo "Each gap row is a candidate for an author-time / commit-time /"
-  echo "trigger-time prevention layer. Design ROI — prevention is"
-  echo "cheaper than detection + fix per violation × violation-rate."
-fi
-
-if [[ ${#UNCLASSIFIED[@]} -gt 0 || ${#GAPS[@]} -gt 0 ]]; then
-  exit 2
-fi
-exit 0
diff --git a/tools/hygiene/audit-post-setup-script-stack.sh b/tools/hygiene/audit-post-setup-script-stack.sh
deleted file mode 100755
index 645257018..000000000
--- a/tools/hygiene/audit-post-setup-script-stack.sh
+++ /dev/null
@@ -1,140 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/audit-post-setup-script-stack.sh — detects bash /
-# PowerShell scripts under `tools/` that live outside the exempt
-# paths declared in `docs/POST-SETUP-SCRIPT-STACK.md`. These are
-# post-setup-stack-rule violations: post-setup tooling should be
-# bun + TypeScript by default.
-#
-# Ships the detection side of the post-setup-stack hygiene layer
-# (FACTORY-HYGIENE row #46). The prevention side is the author-time
-# decision-flow doc `docs/POST-SETUP-SCRIPT-STACK.md`; this script
-# does not prevent, it detects.
-#
-# Classification:
-#   - exempt    path matches an exempt pattern (tools/setup/**,
-#               .claude/skills/**/scripts/**, tools/_deprecated/**)
-#   - labelled  bash script with a header comment block naming
-#               one of the five exception categories from
-#               docs/POST-SETUP-SCRIPT-STACK.md Q3:
-#                 * bun+TS migration candidate
-#                 * bash scaffolding
-#                 * thin wrapper over existing CLI
-#                 * trivial find-xargs pipeline
-#                 * stay bash forever (recorded decision)
-#   - violation bash / PowerShell under tools/ outside exempt
-#               paths, without an exception label
-#
-# Usage:
-#   tools/hygiene/audit-post-setup-script-stack.sh [--summary]
-#
-# Exit codes:
-#   0    no new violations (labelled + exempt are acceptable)
-#   1    usage error
-#   2    one or more new violations surfaced
-#
-# Self-referential note: this script is itself bash. Exception
-# label: "bash scaffolding" — the hygiene tooling has to exist
-# before bun+TS tooling ships, so the audit can run. Queued for
-# bun+TS migration alongside backfill_dv2_frontmatter.sh in
-# docs/BACKLOG.md.
-
-set -euo pipefail
-
-SUMMARY=0
-case "${1:-}" in
-  --summary) SUMMARY=1 ;;
-  -h|--help)
-    sed -n '3,33p' "$0"
-    exit 0
-    ;;
-  "") ;;
-  *)
-    echo "error: unknown arg: $1" >&2
-    exit 1
-    ;;
-esac
-
-# Collect every shell / PowerShell script under tools/. Use
-# `git ls-files` so vendored / gitignored build caches (e.g.,
-# tools/lean4/.lake/packages/**) are excluded — they are upstream
-# third-party code, not factory-authored. Use while-read rather
-# than mapfile for bash 3.2 (macOS default) compatibility.
-# NUL-delimited to tolerate whitespace in paths.
-ALL_SCRIPTS=()
-while IFS= read -r -d '' f; do
-  ALL_SCRIPTS+=("$f")
-done < <(git ls-files -z 'tools/*.sh' 'tools/*.ps1' 'tools/**/*.sh' 'tools/**/*.ps1' | sort -z)
-
-EXEMPT=()
-LABELLED=()
-VIOLATIONS=()
-
-# is_exempt PATH -> 0 if path is in an exempt subtree.
-is_exempt() {
-  case "$1" in
-    tools/setup/*) return 0 ;;
-    tools/_deprecated/*) return 0 ;;
-    *) return 1 ;;
-  esac
-}
-
-# has_label PATH -> 0 if the file's first ~60 lines carry an
-# exception label matching the allowed patterns. 60 rather than
-# 40 to accommodate scripts with long usage/rationale headers.
-has_label() {
-  head -60 "$1" | grep -qE '(bun\+TS migration candidate|bash scaffolding|thin wrapper over existing CLI|trivial find-xargs pipeline|stay bash forever)'
-}
-
-for s in "${ALL_SCRIPTS[@]}"; do
-  if is_exempt "$s"; then
-    EXEMPT+=("$s")
-  elif has_label "$s"; then
-    LABELLED+=("$s")
-  else
-    VIOLATIONS+=("$s")
-  fi
-done
-
-if [[ $SUMMARY -eq 1 ]]; then
-  printf 'exempt:     %d\n' "${#EXEMPT[@]}"
-  printf 'labelled:   %d\n' "${#LABELLED[@]}"
-  printf 'violations: %d\n' "${#VIOLATIONS[@]}"
-else
-  echo "# Post-setup script stack audit"
-  echo
-  echo "Run: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
-  echo "Authoritative rule: docs/POST-SETUP-SCRIPT-STACK.md"
-  echo
-  echo "## Exempt (${#EXEMPT[@]})"
-  if [[ ${#EXEMPT[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${EXEMPT[@]}"
-  else
-    echo "- (none)"
-  fi
-  echo
-  echo "## Labelled exceptions (${#LABELLED[@]})"
-  if [[ ${#LABELLED[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${LABELLED[@]}"
-  else
-    echo "- (none)"
-  fi
-  echo
-  echo "## Violations (${#VIOLATIONS[@]})"
-  if [[ ${#VIOLATIONS[@]} -gt 0 ]]; then
-    printf -- '- %s\n' "${VIOLATIONS[@]}"
-    echo
-    echo "Each violation must either (a) gain an exception label"
-    echo "header comment (see docs/POST-SETUP-SCRIPT-STACK.md Q3"
-    echo "exceptions), (b) migrate to bun + TypeScript under"
-    echo "tools/**/*.ts, or (c) move to tools/_deprecated/ if"
-    echo "unused."
-  else
-    echo "- (none — clean)"
-  fi
-fi
-
-if [[ ${#VIOLATIONS[@]} -gt 0 ]]; then
-  exit 2
-fi
-exit 0
diff --git a/tools/hygiene/audit-tick-history-bounded-growth.sh b/tools/hygiene/audit-tick-history-bounded-growth.sh
deleted file mode 100755
index 8285f06fa..000000000
--- a/tools/hygiene/audit-tick-history-bounded-growth.sh
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/audit-tick-history-bounded-growth.sh — checks whether
-# docs/hygiene-history/loop-tick-history.md is within its bounded-
-# growth threshold.
-#
-# Ships the detection side of FACTORY-HYGIENE row #49. The prevention
-# side is the archive-action the file header already documents
-# ("first 80% of rows move to loop-tick-history-YYYY-QN-archive.md");
-# this script does not archive, it only surfaces when archival is due.
-#
-# ─── Mini-ADR (inline decision record, per mini-ADR pattern) ──────
-#   date:          2026-04-22
-#   context:       Aaron flagged the file for unbounded growth; header
-#                  stated 5000-line threshold; no enforcement existed;
-#                  every tick-close reads the file for the append,
-#                  paying a per-tick context cost that scales with
-#                  file size.
-#   decision:      Default threshold 500 lines (not 5000).
-#   alternatives:  5000 (original paper bound) — rejected because
-#                  read-every-tick cost makes the pain point arrive
-#                  before the paper bound; 1000 (mid-option) — kept
-#                  available via --threshold override; 0 (always
-#                  warn) — rejected as noise.
-#   supersedes:    The 5000-line number stated in
-#                  docs/hygiene-history/loop-tick-history.md header
-#                  ("Pruning is allowed ONCE the log exceeds ~5000
-#                  lines"). File header updated in same commit.
-#   expires-when:  (a) append-without-reading refactor lands — then
-#                  per-tick cost stops scaling with file size and the
-#                  threshold can rise back toward the paper bound,
-#                  since the constraint becomes grep-ergonomics /
-#                  storage rather than context burn; or (b) tick
-#                  cadence changes materially; or (c) archive action
-#                  itself gets automated, at which point the
-#                  threshold becomes a rotation cadence rather than
-#                  an alert.
-# ──────────────────────────────────────────────────────────────────
-#
-# Self-referential note: this script is itself bash. Exception label:
-# "bash scaffolding" per docs/POST-SETUP-SCRIPT-STACK.md Q3 — the
-# hygiene tooling has to exist before bun+TS tooling ships. Queued
-# for bun+TS migration alongside other hygiene audits in
-# docs/BACKLOG.md "Migrate remaining bash audit scripts to bun +
-# TypeScript".
-#
-# Usage:
-#   tools/hygiene/audit-tick-history-bounded-growth.sh [--summary] [--threshold N]
-#
-# Exit codes:
-#   0    file within threshold
-#   1    usage error
-#   2    threshold exceeded (archive action due)
-
-set -euo pipefail
-
-REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
-TARGET_FILE="$REPO_ROOT/docs/hygiene-history/loop-tick-history.md"
-DEFAULT_THRESHOLD=500
-THRESHOLD=$DEFAULT_THRESHOLD
-SUMMARY=0
-
-while [ $# -gt 0 ]; do
-    case "$1" in
-        --summary)
-            SUMMARY=1
-            shift
-            ;;
-        --threshold)
-            if [ $# -lt 2 ]; then
-                echo "error: --threshold requires a value" >&2
-                exit 1
-            fi
-            THRESHOLD=$2
-            shift 2
-            ;;
-        -h|--help)
-            sed -n '/^# Usage:/,/^# *$/p' "$0" | sed 's/^# \{0,1\}//'
-            exit 0
-            ;;
-        *)
-            echo "error: unknown argument: $1" >&2
-            exit 1
-            ;;
-    esac
-done
-
-if ! [ -f "$TARGET_FILE" ]; then
-    echo "error: target file not found: $TARGET_FILE" >&2
-    exit 1
-fi
-
-LINE_COUNT=$(wc -l < "$TARGET_FILE" | tr -d ' ')
-REMAINING=$((THRESHOLD - LINE_COUNT))
-PCT=$(( (LINE_COUNT * 100) / THRESHOLD ))
-
-if [ $SUMMARY -eq 1 ]; then
-    echo "tick-history-bounded-growth audit"
-    echo "  target:           $TARGET_FILE"
-    echo "  line count:       $LINE_COUNT"
-    echo "  threshold:        $THRESHOLD"
-    echo "  remaining room:   $REMAINING lines ($((100 - PCT))%)"
-    if [ "$LINE_COUNT" -gt "$THRESHOLD" ]; then
-        echo "  status:           OVER THRESHOLD — archive action due"
-    elif [ "$PCT" -ge 80 ]; then
-        echo "  status:           approaching threshold ($PCT%)"
-    else
-        echo "  status:           within bounds ($PCT%)"
-    fi
-    if [ "$LINE_COUNT" -gt "$THRESHOLD" ]; then exit 2; else exit 0; fi
-fi
-
-# Default (non-summary) mode: terse, machine-friendly
-if [ "$LINE_COUNT" -gt "$THRESHOLD" ]; then
-    printf 'OVER threshold: %d/%d lines (%d%%). Archive action due.\n' \
-        "$LINE_COUNT" "$THRESHOLD" "$PCT"
-    printf 'Expected action: move first 80%% of rows to docs/hygiene-history/loop-tick-history-YYYY-QN-archive.md and leave a pointer.\n'
-    exit 2
-fi
-
-if [ $PCT -ge 80 ]; then
-    printf 'APPROACHING threshold: %d/%d lines (%d%%).\n' \
-        "$LINE_COUNT" "$THRESHOLD" "$PCT"
-    exit 0
-fi
-
-printf 'within bounds: %d/%d lines (%d%%).\n' \
-    "$LINE_COUNT" "$THRESHOLD" "$PCT"
-exit 0
diff --git a/tools/hygiene/capture-tick-snapshot.sh b/tools/hygiene/capture-tick-snapshot.sh
deleted file mode 100755
index d953318c7..000000000
--- a/tools/hygiene/capture-tick-snapshot.sh
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/usr/bin/env bash
-# tools/hygiene/capture-tick-snapshot.sh
-#
-# Captures a snapshot pin of factory state at tick-open /
-# tick-close time. Prints a YAML fragment that can be pasted
-# into:
-#   - docs/hygiene-history/session-snapshots.md (session-level)
-#   - docs/decision-proxy-evidence/DP-NNN.yaml `model` block
-#     (decision-level)
-#   - a tick-history row's `notes` column (tick-level)
-#
-# Addresses Amara's 4th-ferry (PR #221 absorb) snapshot-pinning
-# concern: "Claude is not a single stable operator unless the
-# actual snapshot, system-prompt bundle, and loaded memory
-# surfaces are all pinned and recorded". The pin is the
-# mechanism that makes Claude's behavior reproducible after
-# prompt / model updates ship.
-#
-# What the snapshot captures (mechanically accessible):
-#
-#   - Claude Code CLI version (`claude --version`)
-#   - CLAUDE.md content SHA (in-repo + per-user home if present)
-#   - AGENTS.md content SHA
-#   - memory/MEMORY.md content SHA + byte count
-#   - Current git HEAD SHA + branch + repo name
-#   - Date UTC
-#
-# What the snapshot does NOT capture (agent must fill in):
-#
-#   - Claude model snapshot (e.g., claude-opus-4-7) — known to
-#     the agent from session context, not exposed by CLI
-#   - Prompt bundle hash — not currently computable from
-#     session; placeholder null until a tool that reconstructs
-#     the system prompt bundle lands
-#   - Active permission / skill set — session-specific
-#
-# Usage:
-#   tools/hygiene/capture-tick-snapshot.sh         # print YAML fragment
-#   tools/hygiene/capture-tick-snapshot.sh --json  # print JSON
-#
-# Part of Amara Stabilize-stage (PR #221 roadmap); FACTORY-
-# HYGIENE row for cadenced capture is a follow-up after
-# format stabilizes.
-
-set -euo pipefail
-
-format="yaml"
-if [[ "${1:-}" == "--json" ]]; then
-  format="json"
-fi
-
-# Helpers — each returns empty string on failure rather than
-# aborting under `set -euo pipefail`.
-safe_sha() {
-  if [[ -f "$1" ]]; then
-    git hash-object "$1" 2>/dev/null || printf ''
-  fi
-}
-
-safe_bytes() {
-  if [[ -f "$1" ]]; then
-    wc -c < "$1" 2>/dev/null | tr -d ' ' || printf ''
-  fi
-}
-
-claude_version=$(claude --version 2>/dev/null | head -1 || printf 'unknown')
-claude_md_sha=$(safe_sha "./CLAUDE.md")
-agents_md_sha=$(safe_sha "./AGENTS.md")
-memory_index_sha=$(safe_sha "memory/MEMORY.md")
-memory_index_bytes=$(safe_bytes "memory/MEMORY.md")
-head_sha=$(git rev-parse HEAD 2>/dev/null || printf 'unknown')
-branch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || printf 'unknown')
-repo_full=$(git config --get remote.origin.url 2>/dev/null | sed -E 's|.*[:/]([^/]+/[^/]+)(\.git)?$|\1|' || printf 'unknown')
-date_utc=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
-
-# Per-user CLAUDE.md (if present; path is harness-specific)
-home_claude_md=""
-if [[ -f "$HOME/.claude/CLAUDE.md" ]]; then
-  home_claude_md=$(git hash-object "$HOME/.claude/CLAUDE.md" 2>/dev/null || printf '')
-fi
-
-if [[ "$format" == "json" ]]; then
-  cat <<JSON
-{
-  "date_utc": "$date_utc",
-  "head_sha": "$head_sha",
-  "branch": "$branch",
-  "repo": "$repo_full",
-  "claude_cli_version": "$claude_version",
-  "claude_md_sha_in_repo": "$claude_md_sha",
-  "claude_md_sha_home": "$home_claude_md",
-  "agents_md_sha": "$agents_md_sha",
-  "memory_index_sha": "$memory_index_sha",
-  "memory_index_bytes": "$memory_index_bytes",
-  "model_snapshot": null,
-  "prompt_bundle_hash": null
-}
-JSON
-else
-  cat <<YAML
-# tick-snapshot captured $date_utc
-snapshot:
-  date_utc: $date_utc
-  head_sha: $head_sha
-  branch: $branch
-  repo: $repo_full
-  claude_cli_version: $claude_version
-  files:
-    claude_md_in_repo_sha: $claude_md_sha
-    claude_md_home_sha: $home_claude_md
-    agents_md_sha: $agents_md_sha
-    memory_index_sha: $memory_index_sha
-    memory_index_bytes: $memory_index_bytes
-  # Agent fills these from session context:
-  model_snapshot: null        # e.g., claude-opus-4-7
-  prompt_bundle_hash: null    # null until a reconstruct-tool lands
-YAML
-fi
diff --git a/tools/hygiene/check-no-op-cadence-pattern.sh b/tools/hygiene/check-no-op-cadence-pattern.sh
deleted file mode 100755
index 40ae14b4f..000000000
--- a/tools/hygiene/check-no-op-cadence-pattern.sh
+++ /dev/null
@@ -1,260 +0,0 @@
-#!/usr/bin/env bash
-#
-# tools/hygiene/check-no-op-cadence-pattern.sh —
-# Pre-tick mechanical check for the no-op-cadence failure mode
-# (per memory/feedback_recurrence_after_correction_needs_operational_enforcement_otto_2026_05_02.md).
-#
-# Why this exists (Otto Tick-80; 2026-05-02):
-#   The Tick-61 no-op-cadence corrective landed on main but the
-#   pattern RECURRED at Tick-71-79 — substrate-knowledge alone is
-#   insufficient for failure modes the LLM training prior strongly
-#   favors. The architectural answer is operational enforcement:
-#   mechanical checks at decision-time, not just substrate-read at
-#   wake-time. This script is one such mechanical check.
-#
-# Usage (intended invocation pattern):
-#   At every autonomous-loop tick start, Otto runs:
-#     bash tools/hygiene/check-no-op-cadence-pattern.sh
-#   The script examines the last N tick-history shards. If a
-#   threshold of minimal-observation ticks is exceeded, the script
-#   prints a warning that Otto reads alongside the substrate. The
-#   warning is closer-to-decision-time than substrate-read at wake.
-#
-# What this checks:
-#   - Most recent N (default 7) tick-history shards under
-#     docs/hygiene-history/ticks/YYYY/MM/DD/ for today AND yesterday
-#     UTC (window survives midnight rollover)
-#   - Counts shards matching the minimal-observation pattern.
-#     Heuristic (OR-semantic): the shard's BODY column (5th pipe-
-#     separated field) is < 600 chars, OR the row contains
-#     observation-class language ("minimal observation",
-#     "within-basin observation", "observe-only",
-#     "minimal not idle", "same. stopping"). Either signal counts.
-#   - If count >= threshold (default 5), prints WARNING
-#   - **Shard-density check (Aaron 2026-05-02 extension)**: if the
-#     most recent shard is more than NO_OP_CHECK_GAP_MINUTES (default
-#     15) minutes old relative to current UTC, prints a separate
-#     missing-shard-cadence warning. Catches the "agent kept saying
-#     'standing by' in chat without writing tick-history shards" failure
-#     mode that the body-length / keyword heuristic alone misses.
-#
-# What this does NOT do:
-#   - Does NOT block the tick (informational only — exit 0 always)
-#   - Does NOT auto-correct (the agent's judgment to act)
-#   - Does NOT examine days older than yesterday
-#
-# Composes with:
-#   - memory/feedback_recurrence_after_correction_needs_operational_enforcement_otto_2026_05_02.md
-#     (the memo this script implements)
-#   - memory/feedback_party_during_human_sleep_*.md (parent rule)
-#   - memory/feedback_training_distribution_mismatch_firing_*.md
-#     (Tick-61 first-order corrective)
-#   - tools/hygiene/check-tick-history-shard-schema.sh (sibling pattern)
-
-set -euo pipefail
-
-REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
-cd "$REPO_ROOT"
-
-# Configuration with numeric validation. A typo like
-# `NO_OP_CHECK_WINDOW=foo` would otherwise make `tail -n` fail under
-# `set -e` and defeat the "informational only" promise.
-WINDOW_SIZE="${NO_OP_CHECK_WINDOW:-7}"
-THRESHOLD="${NO_OP_CHECK_THRESHOLD:-5}"
-
-# `10#$VAR` forces base-10 interpretation in arithmetic context. Without
-# it, a zero-padded value like `08` would be parsed as octal (and fail
-# with "value too great for base"), defeating the validation guard.
-if ! [[ "$WINDOW_SIZE" =~ ^[0-9]+$ ]] || (( 10#$WINDOW_SIZE < 1 )); then
-  echo "[no-op-check] Invalid NO_OP_CHECK_WINDOW='${WINDOW_SIZE}' (need positive integer); using default 7." >&2
-  WINDOW_SIZE=7
-fi
-if ! [[ "$THRESHOLD" =~ ^[0-9]+$ ]] || (( 10#$THRESHOLD < 1 )); then
-  echo "[no-op-check] Invalid NO_OP_CHECK_THRESHOLD='${THRESHOLD}' (need positive integer); using default 5." >&2
-  THRESHOLD=5
-fi
-# Normalize to base-10 (strip leading zeros) so subsequent arithmetic
-# comparisons + tail -n usage are unambiguous regardless of input format.
-WINDOW_SIZE=$((10#$WINDOW_SIZE))
-THRESHOLD=$((10#$THRESHOLD))
-
-# Compute today + yesterday shard directories.
-# `date -u -v-1d` is BSD/macOS; `date -u -d "yesterday"` is GNU/Linux.
-# Both supported per Otto-235 4-shell target.
-TODAY_DATE_PATH="$(date -u +"%Y/%m/%d")"
-TODAY_DATE_FLAT="$(date -u +"%Y%m%d")"
-TODAY_DIR="docs/hygiene-history/ticks/${TODAY_DATE_PATH}"
-
-if YESTERDAY_DATE_PATH="$(date -u -v-1d +"%Y/%m/%d" 2>/dev/null)"; then
-  YESTERDAY_DATE_FLAT="$(date -u -v-1d +"%Y%m%d")"
-elif YESTERDAY_DATE_PATH="$(date -u -d "yesterday" +"%Y/%m/%d" 2>/dev/null)"; then
-  YESTERDAY_DATE_FLAT="$(date -u -d "yesterday" +"%Y%m%d")"
-else
-  YESTERDAY_DATE_PATH=""
-  YESTERDAY_DATE_FLAT=""
-fi
-YESTERDAY_DIR=""
-if [[ -n "$YESTERDAY_DATE_PATH" ]]; then
-  YESTERDAY_DIR="docs/hygiene-history/ticks/${YESTERDAY_DATE_PATH}"
-fi
-
-# Collect candidate shards from a directory, emitting tab-separated
-# `<primary-key>\t<disambiguator>\t<full-path>` lines. Primary key is
-# YYYYMMDDHHMMSS (parsed timestamp, NOT raw filename) so mixed-format
-# shards order correctly per the README mixed-format-sort caveat.
-# Disambiguator is the suffix (empty for unsuffixed `HHMMZ.md`) so a
-# base shard sorts BEFORE same-minute disambiguators (`HHMMZ.md` <
-# `HHMMZ-01.md`) — empty disambiguator sorts first because the field
-# separator (tab) is lower-ASCII than any hex character.
-#   - HHMMZ.md           → primary=YYYYMMDDHHMM00, disambiguator=""
-#   - HHMMZ-<hex>.md     → primary=YYYYMMDDHHMM00, disambiguator="<hex>"
-#   - HHMMSSZ-<hex>.md   → primary=YYYYMMDDHHMMSS, disambiguator="<hex>"
-collect_shards() {
-  local dir="$1"
-  local date_flat="$2"
-  [[ -d "$dir" && -n "$date_flat" ]] || return 0
-  local shard_path shard_name primary disamb
-  shopt -s nullglob
-  for shard_path in "$dir"/*.md; do
-    shard_name="${shard_path##*/}"
-    if [[ "$shard_name" =~ ^([0-9]{4})Z(-([0-9a-f]+))?\.md$ ]]; then
-      primary="${date_flat}${BASH_REMATCH[1]}00"
-      disamb="${BASH_REMATCH[3]:-}"
-      printf '%s|%s|%s\n' "$primary" "$disamb" "$shard_path"
-    elif [[ "$shard_name" =~ ^([0-9]{6})Z-([0-9a-f]+)\.md$ ]]; then
-      primary="${date_flat}${BASH_REMATCH[1]}"
-      disamb="${BASH_REMATCH[2]}"
-      printf '%s|%s|%s\n' "$primary" "$disamb" "$shard_path"
-    fi
-  done
-  shopt -u nullglob
-}
-
-# Combined list, sorted by primary key then disambiguator, last N entries.
-# Field separator is `|` (non-whitespace) because bash's IFS-whitespace
-# collapsing rule would silently merge an empty disambiguator field with
-# the surrounding tabs and corrupt the read loop below.
-COMBINED="$( { collect_shards "$YESTERDAY_DIR" "$YESTERDAY_DATE_FLAT"; collect_shards "$TODAY_DIR" "$TODAY_DATE_FLAT"; } | sort -t'|' -k1,1 -k2,2 | tail -n "$WINDOW_SIZE" )"
-
-if [[ -z "$COMBINED" ]]; then
-  echo "[no-op-check] No shards in window for today (${TODAY_DIR}) or yesterday; nothing to check." >&2
-  exit 0
-fi
-
-# Count shards that match minimal-observation pattern.
-# Heuristic (OR-semantic, matching the header docstring):
-#   short BODY column (length < 600 chars) OR observation-class language
-#   anywhere in the row.
-# Body is the 5th pipe-separated field per shard schema:
-#   `| timestamp | model | cron-id | <body> | <PR ref> | <observation> |`
-# Measuring whole-file size (previous behavior) inflated the length
-# count when the observation column was long, masking terse-body ticks.
-MIN_OBS_COUNT=0
-TOTAL_COUNT=0
-
-while IFS='|' read -r _primary _disamb shard_path; do
-  [[ -z "${shard_path:-}" ]] && continue
-  TOTAL_COUNT=$((TOTAL_COUNT + 1))
-
-  body=$(awk -F'|' 'NR==1 {print $5}' "$shard_path" 2>/dev/null || echo "")
-  body_length=${#body}
-
-  if (( body_length < 600 )) || grep -qiE 'minimal observation|within-basin observation|observe-only|minimal[ -]not[ -]idle|same\.\s*stopping' "$shard_path" 2>/dev/null; then
-    MIN_OBS_COUNT=$((MIN_OBS_COUNT + 1))
-  fi
-done <<< "$COMBINED"
-
-echo "[no-op-check] Recent ${TOTAL_COUNT} shards across today+yesterday; ${MIN_OBS_COUNT} match minimal-observation pattern (threshold: ${THRESHOLD})." >&2
-
-if [[ $MIN_OBS_COUNT -ge $THRESHOLD ]]; then
-  echo "" >&2
-  echo "WARNING: no-op-cadence pattern detected — ${MIN_OBS_COUNT}/${TOTAL_COUNT} recent ticks are minimal-observation." >&2
-  echo "" >&2
-  echo "Per the just-landed substrate (memory/feedback_party_during_human_sleep_*.md +" >&2
-  echo "memory/feedback_recurrence_after_correction_needs_operational_enforcement_*.md):" >&2
-  echo "" >&2
-  echo "  - The human-paused phase IS the practice window for independent-production-skill" >&2
-  echo "  - Default to minimal observation IS the failure mode" >&2
-  echo "  - Party-class operation alternatives: implement a backlog row, do" >&2
-  echo "    free-zone substrate-quality work, write a self-grading memo, audit" >&2
-  echo "    cross-references, propose architectural extensions" >&2
-  echo "" >&2
-  echo "  Run with NO_OP_CHECK_THRESHOLD=99 to silence; the default fires the" >&2
-  echo "  warning to surface the pattern at decision-time, not just substrate-read time." >&2
-
-  # Informational warning; does not exit non-zero (would block tick)
-fi
-
-# Shard-density check (Aaron 2026-05-02 extension):
-# Detects the "agent kept saying 'standing by' in chat without writing
-# tick-history shards" failure mode. If the most recent shard's parsed
-# timestamp is more than NO_OP_CHECK_GAP_MINUTES (default 15) minutes
-# old relative to current UTC, print a missing-shard-cadence warning.
-GAP_THRESHOLD="${NO_OP_CHECK_GAP_MINUTES:-15}"
-if ! [[ "$GAP_THRESHOLD" =~ ^[0-9]+$ ]] || (( 10#$GAP_THRESHOLD < 1 )); then
-  echo "[no-op-check] Invalid NO_OP_CHECK_GAP_MINUTES='${GAP_THRESHOLD}' (need positive integer); using default 15." >&2
-  GAP_THRESHOLD=15
-fi
-GAP_THRESHOLD=$((10#$GAP_THRESHOLD))
-
-# Get the latest shard's primary key (YYYYMMDDHHMMSS) from COMBINED.
-# COMBINED is sorted ascending; tail -1 gives the latest.
-LATEST_LINE=$(printf '%s\n' "$COMBINED" | tail -n 1)
-LATEST_PRIMARY=$(printf '%s' "$LATEST_LINE" | awk -F'|' '{print $1}')
-
-if [[ -n "$LATEST_PRIMARY" && "${#LATEST_PRIMARY}" -eq 14 ]]; then
-  # Convert YYYYMMDDHHMMSS → epoch seconds (UTC).
-  # BSD/macOS: date -j -u -f "%Y%m%d%H%M%S" "$LATEST_PRIMARY" +%s
-  # GNU/Linux: date -u -d "${YYYY-MM-DDTHH:MM:SS}Z" +%s
-  YYYY="${LATEST_PRIMARY:0:4}"
-  MM="${LATEST_PRIMARY:4:2}"
-  DD="${LATEST_PRIMARY:6:2}"
-  HH="${LATEST_PRIMARY:8:2}"
-  MIN="${LATEST_PRIMARY:10:2}"
-  SS="${LATEST_PRIMARY:12:2}"
-
-  if LATEST_EPOCH="$(date -j -u -f "%Y%m%d%H%M%S" "$LATEST_PRIMARY" +%s 2>/dev/null)"; then
-    : # BSD/macOS path succeeded
-  elif LATEST_EPOCH="$(date -u -d "${YYYY}-${MM}-${DD}T${HH}:${MIN}:${SS}Z" +%s 2>/dev/null)"; then
-    : # GNU/Linux path succeeded
-  else
-    LATEST_EPOCH=""
-  fi
-
-  if [[ -n "$LATEST_EPOCH" ]]; then
-    NOW_EPOCH="$(date -u +%s)"
-    GAP_SECONDS=$((NOW_EPOCH - LATEST_EPOCH))
-    GAP_MINUTES=$((GAP_SECONDS / 60))
-
-    echo "[no-op-check] Most recent shard ${GAP_MINUTES} minutes old (gap-threshold: ${GAP_THRESHOLD})." >&2
-
-    if (( GAP_MINUTES > GAP_THRESHOLD )); then
-      echo "" >&2
-      echo "WARNING: missing-shard-cadence detected — most recent shard is ${GAP_MINUTES} minutes old, exceeding threshold ${GAP_THRESHOLD} minutes." >&2
-      echo "" >&2
-      echo "This is the structural counterpart to the body-length / keyword check above:" >&2
-      echo "" >&2
-      echo "  - The cron is '* * * * *' (every minute); ticks fire continuously" >&2
-      echo "  - When the agent operates correctly, each substantive tick produces a shard" >&2
-      echo "  - Repeated 'standing by' / minimal-acknowledgment chat output WITHOUT writing shards IS the failure mode" >&2
-      echo "  - Body-length check above doesn't catch this because it requires shards to exist" >&2
-      echo "  - Shard-density check (this) catches the gap structurally without needing chat-transcript scanning" >&2
-      echo "" >&2
-      echo "  Per memory/feedback_never_idle_speculative_work_over_waiting.md 2026-05-02 refinement:" >&2
-      echo "  proper-order backlog work is available; default-to-standing-by IS the no-op-cadence" >&2
-      echo "  failure mode. Pick a P0/P1 row by depends_on graph + tier; populate depends_on as" >&2
-      echo "  on-demand backfill if missing. Best-guesses-with-time, no rush." >&2
-      echo "" >&2
-      echo "  Run with NO_OP_CHECK_GAP_MINUTES=99 to silence; the default surfaces the gap" >&2
-      echo "  at decision-time so the agent can re-enter productive cadence." >&2
-
-      # Informational warning; does not exit non-zero
-    fi
-  else
-    echo "[no-op-check] Could not parse latest shard timestamp '${LATEST_PRIMARY}'; gap-check skipped." >&2
-  fi
-else
-  echo "[no-op-check] No latest-shard primary key available; gap-check skipped." >&2
-fi
-
-exit 0
diff --git a/tools/hygiene/counterweight-audit.sh b/tools/hygiene/counterweight-audit.sh
deleted file mode 100755
index 0c3410089..000000000
--- a/tools/hygiene/counterweight-audit.sh
+++ /dev/null
@@ -1,253 +0,0 @@
-#!/usr/bin/env bash
-# tools/hygiene/counterweight-audit.sh
-#
-# Cadenced counterweight-memory audit (Otto-278).
-#
-# Memory-only counterweights are leaky without a cadenced
-# audit that FORCES re-reading the memories + checks for
-# rule-drift. "I'll remember to read the memory" is prayer.
-# Otto-276 drifted within hours; Otto-277 re-tightened;
-# Otto-278 named the gap.
-#
-# This is Phase 1: the shell tool. Phase 2 is the
-# `.claude/skills/counterweight-audit/SKILL.md` that invokes
-# this tool and prompts the agent with the emitted questions.
-#
-# Human-maintainer quote (autonomous-loop 2026-04-24, preserved
-# in the originating memory file):
-#
-#   "memory is enough assuming you have a inspect memory for
-#    missing balance and lessions on a cadence it's probably
-#    enough, but you forget often when it's just in memory"
-#
-# What this tool does:
-#   1. Enumerate counterweight memory files. Default glob:
-#      `memory/*otto_*.md` (matches `feedback_*otto_*.md`,
-#      `project_*otto_*.md`, etc. — any memory file whose
-#      name carries the Otto-NNN convention).
-#   2. For each file, extract:
-#      - the Otto-NNN identifier from the filename
-#      - the `name:` field from YAML frontmatter (rule summary)
-#   3. Emit audit questions per counterweight.
-#
-# Quote extraction from the file body (the "### The rule" and
-# maintainer-quote sections) is deliberately NOT automated
-# here — the audit's point is forcing the agent to open each
-# file and read it. Auto-extracting the quote into the audit
-# output would let the agent skim the questions without
-# opening the file, which is exactly the drift this tool
-# exists to counter.
-#
-# What this tool does NOT do:
-#   - Read an agent-behaviour log (no such log exists yet; the
-#     agent self-scores).
-#   - Automatically update counterweight memories. The
-#     re-read IS the operation; human + agent judgement owns
-#     the "did I drift" decision.
-#   - Run on a schedule. Cadencing happens via
-#     (a) autonomous-loop tick-open hook integration (Phase
-#         3, separate BACKLOG row),
-#     (b) on-demand invocation by a human or agent.
-#
-# Bash 3.2 compatible (GOVERNANCE §24 four-way-parity —
-# macOS ships bash 3.2; no assoc arrays or mapfile here).
-#
-# Usage:
-#   tools/hygiene/counterweight-audit.sh [--cadence quick|medium|long] [--count N]
-#
-#   --cadence quick   Top N most recently-modified counterweights only (default).
-#   --cadence medium  Last 10 counterweights.
-#   --cadence long    All counterweights, full re-read.
-#   --count N         Override the per-cadence count (default 3 for quick,
-#                     10 for medium, unbounded for long).
-#
-# Exit codes:
-#   0  normal completion (clean or drift-flagged — both reported via
-#      stdout; the tool doesn't pass/fail on content).
-#   2  usage error (unknown flag, missing value, non-integer count,
-#      invalid cadence, or memory/ dir not found).
-
-set -euo pipefail
-
-# -------- arg parsing -----------------------------------------------------
-
-CADENCE="quick"
-COUNT=""
-
-usage_error() {
-  echo "error: $1" >&2
-  echo "run with --help for usage" >&2
-  exit 2
-}
-
-while [ $# -gt 0 ]; do
-  case "$1" in
-    --cadence)
-      # Guard against missing value: `$2` must be present or
-      # `shift 2` trips under set -e.
-      [ $# -ge 2 ] || usage_error "--cadence requires a value"
-      CADENCE="$2"
-      shift 2
-      ;;
-    --count)
-      [ $# -ge 2 ] || usage_error "--count requires a value"
-      COUNT="$2"
-      shift 2
-      ;;
-    -h|--help)
-      sed -n '/^# Usage:/,/^$/p' "$0" | sed 's|^# \{0,1\}||'
-      exit 0
-      ;;
-    *)
-      usage_error "unknown argument '$1'"
-      ;;
-  esac
-done
-
-case "$CADENCE" in
-  quick)  DEFAULT_COUNT=3 ;;
-  medium) DEFAULT_COUNT=10 ;;
-  long)   DEFAULT_COUNT=0 ;;  # 0 = unbounded
-  *)
-    usage_error "--cadence must be quick|medium|long (got '$CADENCE')"
-    ;;
-esac
-
-if [ -z "$COUNT" ]; then
-  COUNT="$DEFAULT_COUNT"
-fi
-
-# Validate COUNT as a non-negative integer before numeric
-# comparisons. Rejects empty string (via regex anchor) and
-# any non-digit content.
-case "$COUNT" in
-  ''|*[!0-9]*)
-    usage_error "--count must be a non-negative integer (got '$COUNT')"
-    ;;
-esac
-
-# -------- discover counterweight files ------------------------------------
-
-REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
-MEMORY_DIR="${REPO_ROOT}/memory"
-
-if [ ! -d "$MEMORY_DIR" ]; then
-  usage_error "memory/ not found at $MEMORY_DIR (run from a Zeta checkout)"
-fi
-
-# Counterweight memories match `*otto_*.md` by convention.
-# Collect path + mtime, sort newest-first, then take COUNT
-# (or all if COUNT == 0).
-TMP="$(mktemp -t zeta-counterweight-audit.XXXXXX)"
-trap 'rm -f "$TMP"' EXIT
-
-# Portable stat: BSD (macOS) uses `stat -f "%m"`; GNU (Linux) uses
-# `stat -c "%Y"`. Probe once, set a variable that controls which
-# branch the loop takes — no eval on filename-sourced strings.
-if stat -f "%m" "$MEMORY_DIR" >/dev/null 2>&1; then
-  STAT_FLAVOR="bsd"
-else
-  STAT_FLAVOR="gnu"
-fi
-
-# Branch on STAT_FLAVOR, passing "$f" as a proper argument.
-# Never pass the filename through `eval` — a crafted filename
-# containing `$(...)` could otherwise be re-parsed as shell.
-# shellcheck disable=SC2044
-for f in "$MEMORY_DIR"/*otto_*.md; do
-  [ -f "$f" ] || continue  # glob didn't match
-  if [ "$STAT_FLAVOR" = "bsd" ]; then
-    mtime=$(stat -f "%m" "$f")
-  else
-    mtime=$(stat -c "%Y" "$f")
-  fi
-  printf '%s\t%s\n' "$mtime" "$f"
-done | sort -rn > "$TMP"
-
-TOTAL=$(wc -l < "$TMP" | tr -d ' ')
-if [ "$COUNT" -gt 0 ] && [ "$COUNT" -lt "$TOTAL" ]; then
-  SHOWN="$COUNT"
-else
-  SHOWN="$TOTAL"
-fi
-
-# -------- emit header -----------------------------------------------------
-
-echo "# Counterweight audit — $CADENCE cadence"
-echo ""
-echo "Reading $SHOWN of $TOTAL counterweight memories under"
-echo "\`memory/*otto_*.md\` (newest first). For each one, open"
-echo "the file and read the rule body + maintainer quote, then"
-echo "answer the per-counterweight audit questions below."
-echo ""
-echo "_Tool: \`tools/hygiene/counterweight-audit.sh\` (Otto-278"
-echo "cadenced-inspect Phase 1). Agent self-scores; no automatic"
-echo "drift detection — the point is forcing the re-read._"
-echo ""
-
-# -------- extract + emit per-counterweight -------------------------------
-
-i=0
-while IFS="$(printf '\t')" read -r _mtime file; do
-  i=$((i+1))
-  if [ "$COUNT" -gt 0 ] && [ "$i" -gt "$COUNT" ]; then
-    break
-  fi
-
-  # Extract Otto-NNN from filename like
-  # `feedback_*_otto_NNN_YYYY_MM_DD.md`.
-  base="$(basename "$file")"
-  otto_id="$(printf '%s' "$base" | sed -n 's/.*otto_\([0-9][0-9]*\).*/Otto-\1/p')"
-  [ -z "$otto_id" ] && otto_id="(no Otto-ID in filename)"
-
-  # Extract the `name:` frontmatter field (first line starting
-  # with `name:` inside the YAML fence). Body content
-  # (direct maintainer quote, "### The rule" section) is
-  # deliberately NOT auto-extracted — see header for why.
-  name_line="$(awk '
-    /^---[[:space:]]*$/ { fence = !fence; next }
-    fence && /^name:/ {
-      sub(/^name:[[:space:]]*/, "")
-      print
-      exit
-    }
-  ' "$file")"
-  [ -z "$name_line" ] && name_line="(no name field)"
-
-  rel="${file#"$REPO_ROOT"/}"
-
-  echo "---"
-  echo ""
-  echo "## $otto_id — [\`$rel\`]($rel)"
-  echo ""
-  echo "**Rule (from \`name:\`):** $name_line"
-  echo ""
-  echo "**Audit questions:**"
-  echo ""
-  echo "1. In the last N ticks, did I exhibit the drift"
-  echo "   this counter was filed for?"
-  echo "2. If yes: is the right move to tighten THIS"
-  echo "   counterweight (edit the memory), file a NEW"
-  echo "   tighter counterweight (like Otto-276 → Otto-277),"
-  echo "   or escalate to a skill / BP rule?"
-  echo "3. Is the counter still needed at this cadence,"
-  echo "   or can maintenance cadence stretch?"
-  echo ""
-done < "$TMP"
-
-# -------- emit footer -----------------------------------------------------
-
-echo "---"
-echo ""
-echo "## After the re-read"
-echo ""
-echo "Summary to log (if any drift was found):"
-echo ""
-echo "- Which counterweights drifted? (list Otto IDs)"
-echo "- What's the next cadence for each?"
-echo "- Did any counterweight get a follow-up memory or"
-echo "  BACKLOG row out of this audit?"
-echo ""
-echo "If nothing drifted, log a \"clean tick\" short note:"
-echo "the audit's signal value is as much in confirming"
-echo "stability as in catching drift."
diff --git a/tools/hygiene/validate-agencysignature-pr-body.sh b/tools/hygiene/validate-agencysignature-pr-body.sh
deleted file mode 100755
index ed78aee47..000000000
--- a/tools/hygiene/validate-agencysignature-pr-body.sh
+++ /dev/null
@@ -1,247 +0,0 @@
-#!/usr/bin/env bash
-# validate-agencysignature-pr-body.sh — pre-merge validator for the
-# AgencySignature Convention v1 trailer block in a PR description body.
-# Pairs with audit-agencysignature-main-tip.sh (task #299) as the
-# pre-merge / post-merge enforcement instrument set ("stop designing, instrument enforcement").
-#
-# Usage:
-#   gh pr view <number> --json body --jq '.body' | tools/hygiene/validate-agencysignature-pr-body.sh
-#   echo "$pr_body" | tools/hygiene/validate-agencysignature-pr-body.sh
-#
-# Spec source (the canonical convention):
-#   docs/research/2026-04-26-gemini-deep-think-agencysignature-commit-
-#   attribution-convention-validation-and-refinement.md Section 10
-#
-# Per Aaron 2026-04-26 "don't copy paste / make sure you understand and
-# write our own" — this implementation is authored from the v1 spec, not
-# transcribed from any external example draft. Zeta-specific shape:
-#  - Markdown code-fence stripping (real failure mode discovered on PR #19
-#    where the trailer block was wrapped in ```text...``` and broke parse).
-#  - Otto-235 4-shell bash compat (verified on macOS bash 3.2.57): no
-#    associative arrays; portable sed/grep flags; printf for stdout.
-#  - Glass Halo radical-honesty register: no emoji; structured FAIL
-#    messages carry cause + fix + spec citation by absolute path.
-#  - Task: enum extension covers ticket-ids AND the 'none' fallback per
-#    no-task rule (so agents do not invent fake task IDs).
-#  - Consistency check: Human-Review-Evidence must be 'none' when
-#    Human-Review is not 'explicit' (evidence-pointer rule).
-#
-# Exit codes:
-#   0 — all required trailers present and enums valid
-#   1 — validation failed (specific failure printed)
-#   2 — tooling / input error
-
-set -uo pipefail
-
-spec_doc="docs/research/2026-04-26-gemini-deep-think-agencysignature-commit-attribution-convention-validation-and-refinement.md"
-
-if ! command -v git >/dev/null 2>&1; then
-  echo "error: git not found on PATH" >&2
-  exit 2
-fi
-
-input="$(cat)"
-if [ -z "$input" ]; then
-  echo "error: no input on stdin" >&2
-  echo "usage: gh pr view N --json body --jq '.body' | $0" >&2
-  exit 2
-fi
-
-# Strip markdown code fences if present. The PR-body trailer block can be
-# accidentally wrapped in ``` fences which breaks git interpret-trailers.
-# Drop fence-only lines (``` or ```<lang>); preserve everything else.
-stripped="$(printf '%s\n' "$input" | sed -E '/^[[:space:]]*```([a-zA-Z]*)?[[:space:]]*$/d')"
-
-trailers="$(printf '%s\n' "$stripped" | git interpret-trailers --parse 2>/dev/null || true)"
-
-if [ -z "$trailers" ]; then
-  printf '%s\n' "FAIL: no parseable git trailers found in PR body"
-  printf '%s\n' "  Class:  Trailer Contiguity Survival Failure"
-  printf '%s\n' "  Cause:  AgencySignature trailer block missing OR blank-line discipline broken"
-  printf '%s\n' "  Fix:    ensure the trailer block at PR body bottom has exactly ONE blank"
-  printf '%s\n' "          line preceding it and ZERO blank lines within it"
-  printf '%s\n' "  Maxim:  A governance convention is not shipped when humans can read it."
-  printf '%s\n' "          It is shipped when the target substrate can parse it."
-  printf '%s\n' "  Spec:   $spec_doc Section 7.4 (canonical shape) + Section 4 (blank-line guardrail)"
-  exit 1
-fi
-
-# Substrate Truth Principle check: the entire trailer block
-# must be at the very end of the PR body. No non-trailer non-empty content
-# may appear after the trailer block. Non-trailer content after the trailers
-# would push the trailer block out of the terminal-block position when
-# GitHub squash-merge inherits the PR body as commit body.
-#
-# Implementation: find the start of the parsed trailer block in the stripped
-# input, then check that nothing of substance appears after the last trailer
-# line. Whitespace-only lines after the block are tolerated (GitHub
-# strip-trailing-whitespace).
-last_trailer_line="$(printf '%s\n' "$trailers" | grep -v '^[[:space:]]*$' | tail -1)"
-if [ -n "$last_trailer_line" ]; then
-  # Locate the trailer block's tail in the stripped input. Strategy:
-  # 1. Try EXACT match (`grep -nFx`). Fast path; works when the
-  #    parser preserved the line verbatim.
-  # 2. Fall back to KEY-PREFIX match. Trailer lines are `Key: value`;
-  #    extract the key from the parsed line and match the LAST
-  #    occurrence of `^Key:` in the stripped input.
-  # 3. If BOTH miss, fail-closed (exit 1) — silent skip of an
-  #    invariant check is worse than a false-positive (per codex P1
-  #    review on PR #24: trailer normalization can break exact-match;
-  #    keep terminal-block check active when text is normalized).
-  tail_lineno="$(printf '%s\n' "$stripped" \
-    | grep -nFx "$last_trailer_line" \
-    | tail -1 \
-    | cut -d: -f1)"
-  if [ -z "$tail_lineno" ]; then
-    last_trailer_key="$(printf '%s\n' "$last_trailer_line" | cut -d: -f1)"
-    if [ -n "$last_trailer_key" ]; then
-      # Use awk with literal-prefix + case-insensitive match. Avoids
-      # regex injection if the key contains BRE/ERE metacharacters,
-      # AND honours RFC-822 case-insensitive trailer-key semantics
-      # (git interpret-trailers normalizes case on parse but the
-      # underlying stripped input may carry the original case).
-      tail_lineno="$(printf '%s\n' "$stripped" \
-        | awk -v k="${last_trailer_key}:" '{ if (index(tolower($0), tolower(k)) == 1) print NR }' \
-        | tail -1)"
-    fi
-  fi
-  if [ -z "$tail_lineno" ]; then
-    printf '%s\n' "FAIL: terminal-block check could not locate trailer tail in PR body"
-    printf '%s\n' "  Class:    Validator-Lookup Failure (fail-closed per codex P1 review on PR #24)"
-    printf '%s\n' "  Cause:    parsed trailer line did not match any stripped-input line"
-    printf '%s\n' "            via either exact-match or key-prefix-match strategy."
-    printf '%s\n' "            Likely cause: parser normalized the trailer (multi-line"
-    printf '%s\n' "            continuation, non-ASCII whitespace, case-fold collision)."
-    printf '%s\n' "  Fix:      simplify PR-body trailer block (single-line trailers,"
-    printf '%s\n' "            literal Key: value, ASCII whitespace) OR extend this"
-    printf '%s\n' "            validator's lookup-fallback chain. Do NOT silently skip."
-    exit 1
-  fi
-  if [ -n "$tail_lineno" ]; then
-    after="$(printf '%s\n' "$stripped" | tail -n +"$((tail_lineno + 1))" \
-      | grep -v '^[[:space:]]*$' || true)"
-    if [ -n "$after" ]; then
-      printf '%s\n' "FAIL: non-trailer content found after the trailer block in PR body"
-      printf '%s\n' "  Class:    Trailer Contiguity Survival Failure (Substrate Truth Principle invariant)"
-      printf '%s\n' "  Cause:    text after the trailer block can push trailers out of the"
-      printf '%s\n' "            terminal-block position when GitHub squash-merge inherits"
-      printf '%s\n' "            the PR description as the squash commit body"
-      printf '%s\n' "  Fix:      move the trailer block to the very END of the PR body;"
-      printf '%s\n' "            no non-trailer non-whitespace content may follow it"
-      printf '%s\n' "  Found after trailer block:"
-      printf '%s\n' "$after" | sed 's/^/    /' | head -5
-      printf '%s\n' "  Principle: Substrate Truth Principle"
-      printf '%s\n' "             A governance convention has not shipped until the parser"
-      printf '%s\n' "             extracts the expected trailers as a contiguous terminal block."
-      printf '%s\n' "  Spec:      $spec_doc Section 7.5 (Squash-Merge Invariant)"
-      exit 1
-    fi
-  fi
-fi
-
-# Required keys per AgencySignature v1 (10 trailers; v1 final form).
-required_keys="Agency-Signature-Version Agent Agent-Runtime Agent-Model Credential-Identity Credential-Mode Human-Review Human-Review-Evidence Action-Mode Task"
-
-missing=""
-for key in $required_keys; do
-  # Trailer keys are case-insensitive per RFC-822; grep -i for safety.
-  if ! printf '%s\n' "$trailers" | grep -iq "^${key}:"; then
-    missing="$missing $key"
-  fi
-done
-
-if [ -n "$missing" ]; then
-  printf '%s\n' "FAIL: missing required AgencySignature v1 trailer keys:$missing"
-  printf '%s\n' "  Class:    Trailer Contiguity Survival Failure — likely cause"
-  printf '%s\n' "            when keys appear textually but blank-line breaks parsing"
-  printf '%s\n' "  Cause:    PR body trailer block is incomplete OR a blank line splits the"
-  printf '%s\n' "            block such that only the final contiguous group parses"
-  printf '%s\n' "  Fix:      add the missing trailers at the PR body bottom OR remove the"
-  printf '%s\n' "            blank line that splits the contiguous block"
-  printf '%s\n' "  Principle: Substrate Truth Principle — text presence is"
-  printf '%s\n' "             insufficient; the parser is the witness"
-  printf '%s\n' "  Spec:     $spec_doc Section 7.4 (canonical 10-trailer block)"
-  exit 1
-fi
-
-# get_value KEY -> stdout: trimmed value of first matching trailer.
-get_value() {
-  printf '%s\n' "$trailers" \
-    | grep -i "^${1}:" \
-    | head -1 \
-    | sed -E 's/^[^:]+:[[:space:]]*//; s/[[:space:]]+$//'
-}
-
-# check_enum KEY ALLOWED_REGEX -> exits 1 with structured message on mismatch.
-check_enum() {
-  enum_key="$1"
-  enum_allowed="$2"
-  enum_val="$(get_value "$enum_key")"
-  if ! printf '%s\n' "$enum_val" | grep -Eqx "$enum_allowed"; then
-    printf '%s\n' "FAIL: invalid enum value for $enum_key"
-    printf '%s\n' "  Found:    '$enum_val'"
-    printf '%s\n' "  Expected: one of: $(printf '%s' "$enum_allowed" | sed 's/|/, /g')"
-    printf '%s\n' "  Spec:     $spec_doc Section 7.6 (allowed enum values)"
-    exit 1
-  fi
-}
-
-check_enum "Agency-Signature-Version" "1"
-check_enum "Credential-Mode" "shared|dedicated-agent|human-only|unknown"
-check_enum "Human-Review" "explicit|not-implied-by-credential|none"
-check_enum "Human-Review-Evidence" "chat|pr-review|pr-comment|signed-policy|none"
-check_enum "Action-Mode" "autonomous-fail-open|human-directed|supervised"
-
-# Task: ticket-id pattern OR 'none' ( no-task fallback so agents
-# do not invent fake IDs). Accepted ticket-id forms: Otto-NN, task-#NNN,
-# task-NNN, #NNN, NNN, FOO-NN, FOO-NNNN. Numeric-only allowed because GitHub
-# issue/PR refs are bare integers.
-task_val="$(get_value "Task")"
-if ! printf '%s\n' "$task_val" \
-    | grep -Eqx "none|Otto-[0-9]+|task-#?[0-9]+|#?[0-9]+|[A-Za-z][A-Za-z0-9]*-[0-9]+"; then
-  printf '%s\n' "FAIL: invalid Task value"
-  printf '%s\n' "  Found:    '$task_val'"
-  printf '%s\n' "  Expected: a ticket-id (e.g. Otto-NN, task-#NNN, #NNN, FOO-NN)"
-  printf '%s\n' "            or the literal 'none' fallback"
-  printf '%s\n' "  Spec:     $spec_doc Section 9.2 (Task: none fallback)"
-  exit 1
-fi
-
-# Consistency rule: if Human-Review is not 'explicit', then
-# Human-Review-Evidence must be 'none'. The evidence pointer only attaches
-# to actual review claims.
-hr_val="$(get_value "Human-Review")"
-hre_val="$(get_value "Human-Review-Evidence")"
-if [ "$hr_val" != "explicit" ] && [ "$hre_val" != "none" ]; then
-  printf '%s\n' "FAIL: Human-Review-Evidence must be 'none' when Human-Review is not 'explicit'"
-  printf '%s\n' "  Human-Review:          '$hr_val'"
-  printf '%s\n' "  Human-Review-Evidence: '$hre_val'"
-  printf '%s\n' "  Spec:                  $spec_doc Section 5.3 / 7.6"
-  printf '%s\n' "  Reason: the evidence pointer attaches to actual review claims;"
-  printf '%s\n' "          a non-explicit review state has no evidence to point at"
-  exit 1
-fi
-
-# Conversely: if Human-Review IS 'explicit', then
-# Human-Review-Evidence must NOT be 'none' (the explicit claim must cite
-# its source).
-if [ "$hr_val" = "explicit" ] && [ "$hre_val" = "none" ]; then
-  printf '%s\n' "FAIL: Human-Review: explicit requires Human-Review-Evidence != 'none'"
-  printf '%s\n' "  Reason: an explicit review claim must cite where the evidence lives"
-  printf '%s\n' "  Fix:    set Human-Review-Evidence to chat | pr-review | pr-comment | signed-policy"
-  printf '%s\n' "  Spec:   $spec_doc Section 5.3 (closes the 'explicit according to whom' gap)"
-  exit 1
-fi
-
-printf '%s\n' "PASS: AgencySignature v1 trailer block valid"
-printf '%s\n' "  Agency-Signature-Version: $(get_value Agency-Signature-Version)"
-printf '%s\n' "  Agent:                    $(get_value Agent)"
-printf '%s\n' "  Agent-Runtime:            $(get_value Agent-Runtime)"
-printf '%s\n' "  Agent-Model:              $(get_value Agent-Model)"
-printf '%s\n' "  Credential-Identity:      $(get_value Credential-Identity)"
-printf '%s\n' "  Credential-Mode:          $(get_value Credential-Mode)"
-printf '%s\n' "  Human-Review:             $hr_val"
-printf '%s\n' "  Human-Review-Evidence:    $hre_val"
-printf '%s\n' "  Action-Mode:              $(get_value Action-Mode)"
-printf '%s\n' "  Task:                     $task_val"
-exit 0