Pin proof-pr v0.2.8 dogfood guidance

Author: saagpatel

.github/workflows/proof-pr.yml

@@ -9,10 +9,10 @@ permissions:
 
 jobs:
   proof:
-    uses: saagpatel/proof-pr/.github/workflows/proof-pr-receipt.yml@v0.2.7
+    uses: saagpatel/proof-pr/.github/workflows/proof-pr-receipt.yml@v0.2.8
     with:
       receipt_path: proof-pr.json
-      proof_pr_ref: v0.2.7
+      proof_pr_ref: v0.2.8
       check_public_git_metadata: true
       public_git_metadata_mode: introduced
       artifact_name: github-repo-auditor-proof-pr

docs/proof-pr-dogfood.md

@@ -12,7 +12,7 @@ environment and render the proof block from a generated receipt:
 ```bash
 python3 -m venv /tmp/gra-proof-pr-venv
 /tmp/gra-proof-pr-venv/bin/python -m pip install \
-  git+https://github.com/saagpatel/proof-pr.git@v0.2.7
+  git+https://github.com/saagpatel/proof-pr.git@v0.2.8
 /tmp/gra-proof-pr-venv/bin/proof-pr init \
   --cwd . \
   --tier T1 \
@@ -25,13 +25,14 @@ python3 -m venv /tmp/gra-proof-pr-venv
   /tmp/gra-proof-pr.json
 /tmp/gra-proof-pr-venv/bin/proof-pr receipt-hygiene \
   /tmp/gra-proof-pr.json \
-  --explain
+  --explain \
+  --check public-git-metadata \
+  --fix-only
 ```
 
 `receipt-hygiene --explain` is the author-facing nudge for incomplete receipts.
-It keeps hygiene read-only, but adds copyable commands and compact receipt patch
-examples for missing evidence such as public git metadata, secrets posture,
-permission posture, or rollback specificity.
+Add `--check <id> --fix-only` when you want just one copyable command and compact
+receipt patch, instead of the full hygiene report. It keeps hygiene read-only.
 
 For GithubRepoAuditor, keep the risk tier honest: