Focus local CLI on code/policy scanning (remove trace-mining surface)

CHANGELOG.md

@@ -19,8 +19,8 @@ broke.
   the Node-only YAML/config-loading path out of edge bundles (Cloudflare
   Workers), complementing the `createRequire` deferral in `0.2.0a3`.
 - **Trace mining fails open when its extension isn't bundled.**
-  `CodeAnalyzer` imported `TraceMiner` unguarded, crashing
-  `sponsio scan --trace` with `ModuleNotFoundError` in builds without the
+  `CodeAnalyzer` imported `TraceMiner` unguarded, crashing the
+  trace-mining path with `ModuleNotFoundError` in builds without the
   optional `trace_mining` extension; it now degrades to "no contracts
   mined", matching the other call sites.
 
@@ -29,6 +29,11 @@ broke.
 - Added an explicit `[tool.ruff]` config to `pyproject.toml` so local
   lint matches CI, and synced `docs/reference/cli.md` with the real CLI
   surface (`onboard`/`serve`/`daemon`/`cursor` now documented).
+- The CLI now centers on code and policy scanning. `sponsio scan` reads
+  source code and policy docs; `sponsio check --trace` and `sponsio eval`
+  still replay traces. Trace-derived contract mining (the `sponsio
+  refresh` command and `sponsio scan --trace`) is no longer part of this
+  distribution.
 
 ---
 

OSS_PROMISE.md

@@ -46,7 +46,7 @@ Apache 2.0. We will not relicense, gate, or remove them.
 
 - `sponsio init` (interactive wizard, the user-facing entry),
   plus the underlying `sponsio onboard`, `scan`, `validate`,
-  `check`, `report`, `refresh`, `eval`, `export`,
+  `check`, `report`, `eval`, `export`,
   `export-sessions`
 - `sponsio host` group: install / status / list / trace / uninstall
   for the Cursor / Claude Code / OpenClaw plugins
@@ -67,8 +67,6 @@ Apache 2.0. We will not relicense, gate, or remove them.
 - AST-based code scan (`sponsio scan`) over your own codebase
 - Document parser (`sponsio scan --policy policy.md`) for natural
   language → contract
-- Trace mining (`sponsio refresh`) over your own traces: finds
-  repeating unsafe patterns and proposes new contracts
 - NL → contract parser (deterministic patterns)
 
 These will never be relicensed. New work in these areas ships under

README.ja.md

@@ -66,7 +66,7 @@ pip install sponsio        # または: npm install -D @sponsio/sdk
 sponsio init .             # 対話型ウィザード: フレームワーク・IDE ホスト・observe vs enforce を検出
 ```
 
-ウィザードがフレームワークを自動検出し、対応するラップ スニペットを表示します。手動配線は [docs/integrations/](docs/integrations/index.md) を参照。[OpenClaw ユーザー](docs/integrations/openclaw.md)は ClawHavoc + CVE-2026-25253 のカバレッジを最初から利用できます。設定リファレンス、observe → enforce 切替、`sponsio refresh`、CI 配線は[完全ガイド](QUICKSTART.md)を参照。
+ウィザードがフレームワークを自動検出し、対応するラップ スニペットを表示します。手動配線は [docs/integrations/](docs/integrations/index.md) を参照。[OpenClaw ユーザー](docs/integrations/openclaw.md)は ClawHavoc + CVE-2026-25253 のカバレッジを最初から利用できます。設定リファレンス、observe → enforce 切替、CI 配線は[完全ガイド](QUICKSTART.md)を参照。
 
 **自然言語から契約を下書きする。** `sponsio validate "<平易な文のルール>"` は、自然言語のルールを読み返せる契約に変換します。出力はあくまで下書きとして扱い、enforce する前に自分でレビューして調整してください。決定論的なのは契約がランタイムでどう*強制される*かであって、どう下書きされるかではありません。
 

README.md

@@ -65,7 +65,7 @@ pip install sponsio        # or: npm install -D @sponsio/sdk
 sponsio init .             # interactive wizard: detects framework, IDE hosts, observe vs enforce
 ```
 
-The wizard auto-detects your framework and prints the right wrap snippet. For manual wiring, see [all supported integrations](docs/integrations/index.md). [OpenClaw users](docs/integrations/openclaw.md) get bundled ClawHavoc and CVE-2026-25253 coverage out of the box. For config reference, observe → enforce flip, `sponsio refresh`, and CI wiring, see the [full walkthrough](QUICKSTART.md).
+The wizard auto-detects your framework and prints the right wrap snippet. For manual wiring, see [all supported integrations](docs/integrations/index.md). [OpenClaw users](docs/integrations/openclaw.md) get bundled ClawHavoc and CVE-2026-25253 coverage out of the box. For config reference, observe → enforce flip, and CI wiring, see the [full walkthrough](QUICKSTART.md).
 
 **Drafting contracts from natural language.** `sponsio validate "<rule in plain English>"` turns a plain-English rule into a contract you can read back. Treat the output as a starting draft to review and adjust before you enforce. The determinism is in how contracts are *enforced* at runtime, not in how they're drafted.
 

README.zh-CN.md

@@ -66,7 +66,7 @@ pip install sponsio        # 或 npm install -D @sponsio/sdk
 sponsio init .             # 交互式向导：检测框架、选择 IDE host、observe vs enforce
 ```
 
-向导会自动检测你的框架并打印对应的接入片段。手动接线见 [docs/integrations/](docs/integrations/index.md)。[OpenClaw 用户](docs/integrations/openclaw.md)开箱即享 ClawHavoc + CVE-2026-25253 覆盖。配置参考、observe → enforce 切换、`sponsio refresh`、CI 接线见[完整指引](QUICKSTART.md)。
+向导会自动检测你的框架并打印对应的接入片段。手动接线见 [docs/integrations/](docs/integrations/index.md)。[OpenClaw 用户](docs/integrations/openclaw.md)开箱即享 ClawHavoc + CVE-2026-25253 覆盖。配置参考、observe → enforce 切换、CI 接线见[完整指引](QUICKSTART.md)。
 
 **用自然语言起草合约。** `sponsio validate "<一句话规则>"` 会把一条自然语言规则转成一份你能读回来的合约。把输出当作起点草稿，enforce 之前先自己 review、按需调整。确定性在于合约在运行时如何被*强制执行*，而不在于它如何被起草。
 

docs/getting-started/onboard-prompt.md

@@ -112,9 +112,8 @@ After merge:
     "ok" before writing.
   - sponsio validate --config sponsio.yaml
 
-Done.  Host-plugin tuning, refresh from traces, flip to enforce,
-or debugging a specific contract: those live in the ``sponsio``
-skill, not in this prompt.
+Done.  Host-plugin tuning, flip to enforce, or debugging a specific
+contract: those live in the ``sponsio`` skill, not in this prompt.
 ```
 
 ## TypeScript project
@@ -225,9 +224,8 @@ After merge:
     "ok" before writing.
   - npx sponsio validate sponsio.yaml
 
-Done.  Host-plugin tuning, refresh from traces, flip to enforce,
-or debugging a specific contract: those live in the ``sponsio``
-skill, not in this prompt.
+Done.  Host-plugin tuning, flip to enforce, or debugging a specific
+contract: those live in the ``sponsio`` skill, not in this prompt.
 ```
 
 ## Why two phases (CLI then agent)

docs/reference/cli.md

@@ -9,10 +9,10 @@ Every `sponsio` command exits 0 on success and 1 on failure (parse error, violat
 
 ## sponsio scan
 
-Scan source code, policy documents, or execution traces to discover contracts.
+Scan source code or policy documents to discover contracts.
 
 ```bash
-sponsio scan PATHS... [--llm] [--policy DOC] [--trace FILE] [-o sponsio.yaml]
+sponsio scan PATHS... [--llm] [--policy DOC] [-o sponsio.yaml]
 ```
 
 | Option | Description |
@@ -25,9 +25,6 @@ sponsio scan PATHS... [--llm] [--policy DOC] [--trace FILE] [-o sponsio.yaml]
 | `--out`, `-o` | Output file (default: `./sponsio.yaml`; `-o -` for stdout) |
 | `--append` | Append to existing file instead of overwriting |
 | `--policy`, `-p` | Policy document(s), repeatable |
-| `--trace`, `-t` | Trace file or glob (OTLP, Phoenix, Langfuse, Sponsio session JSONL). No LLM required. |
-| `--trace-min-support` | Minimum traces a pattern must appear in (default `1`) |
-| `--trace-confidence-threshold` | Confidence floor for ordering or sequence mining, 0-1 (default `0.95`) |
 
 ### Provider matrix
 
@@ -48,9 +45,6 @@ sponsio scan src/agents/
 # With LLM and policy
 sponsio scan src/agents/ --policy security.md --llm -o sponsio.yaml
 
-# Mine from traces (no LLM)
-sponsio scan src/ -t '~/.sponsio/sessions/agent/*.jsonl'
-
 # Local model via Ollama
 sponsio scan src/ --llm --base-url http://localhost:11434/v1 --model llama3.1
 ```
@@ -302,7 +296,7 @@ The walker ignores `mode:` lines nested under unrelated keys (e.g. `judge.fallba
 Print the agent-facing prompt template for a Sponsio workflow. Used by the `sponsio` skill (W1 initial setup, W2 audit, W3 tune, W4 enforce, W5 troubleshoot).
 
 ```bash
-sponsio prompt (onboard|refresh|scan)
+sponsio prompt (onboard|scan)
 ```
 
 Output is a copy-pasteable prompt block your AI assistant can run.

docs/reference/observability.md

@@ -16,7 +16,7 @@ ls ~/.sponsio/sessions/support_bot/
 # 2026-04-24T10-12-33Z.jsonl
 ```
 
-`sponsio report` reads these files. `sponsio scan -t '~/.sponsio/sessions/bot/*.jsonl'` mines them for contract candidates. Disable with `SPONSIO_SESSION_LOG=0` or `sessions_dir: null` in `sponsio.yaml`.
+`sponsio report` reads these files. Disable with `SPONSIO_SESSION_LOG=0` or `sessions_dir: null` in `sponsio.yaml`.
 
 ## OpenTelemetry
 

docs/reference/oss-scope.md

@@ -65,9 +65,6 @@ is no LLM call on the enforcement path.
 - `sponsio/discovery/starter_pack.py`: static rule matching for
   starter-pack selection
 - `sponsio/discovery/trace_replay.py`: `sponsio eval` replay engine
-- `sponsio/refresh.py` + `sponsio refresh` CLI. Local trace mining
-  over your own `~/.sponsio/sessions/*` (proposes new contracts from
-  patterns repeating in your traces).
 
 ### Generation
 - `sponsio/generation/dsl_to_contract.py`: text DSL → contract parser