.github/workflows/ci.yml

@@ -326,7 +326,7 @@ jobs:
   # RAM headroom on ubuntu-latest (16 GB ceiling) — operator-confirmed
   # in Phase 0 / frozen decision 0.14 prototype-branch run. If RAM
   # regresses, fall back to bucketed matrix per
-  # cowork/ci-pipeline-cleanup/decisions-revised.md.
+  # the project's frozen-decisions log.
   #
   # The Windows matrix (deploy-vendor-e2e-windows) was deleted entirely
   # per Phase 6 / frozen decision 0.5 (revises Bundle II decision 0.4).

.github/workflows/loadtest.yml

@@ -1,6 +1,6 @@
 # Load-test workflow — closes the #8 acquisition-readiness blocker from
 # the 2026-05-01 issuer coverage audit (see
-# cowork/issuer-coverage-audit-2026-05-01/RESULTS.md).
+# the 2026-05-01 issuer coverage audit).
 #
 # CADENCE: workflow_dispatch + weekly cron, NOT per-push. Load tests
 # are minutes long and don't provide useful per-PR signal — per-push

.github/workflows/security-deep-scan.yml

@@ -20,7 +20,7 @@ name: security-deep-scan
 #
 # Each step is best-effort — failures are uploaded as artefacts but do
 # NOT block the workflow. Triage happens via the Bundle-7 receipt
-# directory under cowork/comprehensive-audit-2026-04-25/tool-output/.
+# the project's comprehensive-audit tool-output directory.
 
 on:
   schedule:
@@ -82,7 +82,7 @@ jobs:
       # package is mutated independently; the per-package summary line
       # (`The mutation score is X.YZ`) is grep-extracted into the receipt.
       # Acceptance threshold: ≥80% kill ratio per package; surviving
-      # mutants get triaged in cowork/comprehensive-audit-2026-04-25/
+      # mutants get triaged in the project's comprehensive-audit notes/
       # d003-mutation-results.md (per-mutant action item or
       # equivalent-mutation justification).