chore: deploy-audit cleanup (drop fictional binary scaffolding, fix version embed)

[Patel230]

Why

A deploy-readiness audit across the hawk-eco set found that this repo was carrying scaffolding for a yaad binary — an installer, a Homebrew formula, a Docker compose file, and a Version = "dev" constant waiting for ldflags. yaad is a Go library (no cmd/, no package main, no goreleaser config, Makefile build target literally says "library consumed by hawk; no standalone binary"). None of that scaffolding could actually work, and one piece directly contradicted the CHANGELOG.

What changed

Removed

• install.sh — fetched yaad_${OS}_${ARCH} from GitHub Releases and invoked yaad auto. No binary exists, no goreleaser is configured to build one, and there is no auto subcommand. Following the README's curl-pipe-sh would always fail.
• Formula/yaad.rb — Homebrew formula pointed at releases/download/v0.2.0/yaad_<os>_<arch> artifacts that have never been published; ran yaad --version against an absent binary; and was still pinned at 0.2.0 while the rest of the repo had re-baselined to 0.1.0. (The CHANGELOG explicitly claimed this file had been rebaselined — it hadn't.)
• deploy/docker/docker-compose.yml + .dockerignore — build.dockerfile: Dockerfile with context ../../; no Dockerfile exists anywhere in the repo. docker compose build would fail on first invocation. Consumers who want an HTTP service wire internal/server.RESTServer into their own daemon (or use hawk daemon).
• deploy/ — directory deleted entirely (empty after the compose file went away).

Fixed

• internal/version/version.go — Version is now populated at compile time via go:embed from the new internal/version/VERSION file. Previously hard-coded to "dev" and overrideable only via ldflags — but yaad has no build path that sets those ldflags, so every go build / go install / go get was reporting dev regardless of the root VERSION file. Matches the pattern eyrie + tok already use.
• Makefile — documents the new go:embed pattern in the versioning comment block and adds a make sync-version target that copies root VERSION into internal/version/VERSION.
• CHANGELOG.md — dropped the false claim that Formula/yaad.rb had been rebaselined; documents the removal of install.sh / Formula / deploy/docker; documents the version.go embed switch.

Pinned

• .github/workflows/ci.yml — deadcode pinned to v0.30.0 (was @latest). Matches eyrie + hawk and gives reproducible CI.

Validation

All run locally on Go 1.26.4 (matches go.mod):

Check	Result
go build ./...	clean
go vet ./...	clean
gofumpt -l . / goimports -l .	clean
golangci-lint run --timeout=5m	0 issues
go test ./internal/version/... -v	5/5 PASS
go test ./... -short	all 33 packages PASS
govulncheck ./...	no vulnerabilities

Risk

Low. The only *.go change is in internal/version/, covered by existing tests. The deletions remove user-facing footguns (broken installer, stale Homebrew formula).

Follow-ups (separate PRs)

The audit also fixed similar issues in tok (GrayCodeAI/tok#56), eyrie (GrayCodeAI/eyrie#26), and a larger one coming for hawk.

[Patel230]

Self-review: removed user-facing fictional binary scaffolding (install.sh, Formula, deploy/docker) that always failed; fixed internal/version/version.go to actually report the VERSION via go:embed (was hard-pinned to "dev"). All 12 CI checks green: vet, fmt, lint, race tests, fuzz, govulncheck, gosec, deadcode, 5-platform build matrix. Merging.