# Drift audit implementation

Implemented a first repo-local drift audit command.

## Added
- `bin/pi-config-audit`

## Checks
- required commands
- PATH expectations
- canonical directory roots
- key repo files
- agents-database status API
- personal-agent status API (warning only)
- key user services enabled
- host integration paths for nginx/portal
- tmux config presence

## Behavior
- exits nonzero on hard issues
- warnings stay visible without failing the audit

## Validation
- python compile passed
- live audit run passed with one warning:
  - personal-agent status API on `:8082` refused connection

## Value
This gives a concrete drift/restore check instead of relying on memory or docs alone.