diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0fed273..1ab28a3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -122,16 +122,15 @@ jobs:
           python scripts/check_doc_links.py --exclude templates --exclude history --cross-repo skip
 
   # ═══════════════════════════════════════════════════════════════════════════════════════════════
-  # Async-route audit (Phase 2 — soft-fail visibility).
+  # Async-route audit (Phase 4 — enforced).
   # Catches the BUG-JD-10 bug class (sync-blocking calls inside async def
-  # route handlers). `continue-on-error: true` so violations surface as
-  # PR annotations without blocking merge. Phase 4 will flip this off.
+  # route handlers). Hard-fails on any new violation; this repo reached
+  # zero violations at end of Phase 3 (PR #96).
   # See juniper-ml notes/ASYNC_ROUTE_AUDIT_HOOK_MIGRATION_PLAN.md §4.
   # ═══════════════════════════════════════════════════════════════════════════════════════════════
   async-route-audit:
-    name: Async-route audit (BUG-JD-10 class, soft-fail)
+    name: Async-route audit (BUG-JD-10 class)
     runs-on: ubuntu-latest
-    continue-on-error: true
 
     steps:
       - name: Checkout Code
@@ -150,12 +149,7 @@ jobs:
           echo "╔════════════════════════════════════════════════════════════╗"
           echo "║       JuniperData - Async-route audit (BUG-JD-10)         ║"
           echo "╚════════════════════════════════════════════════════════════╝"
-          # --exit-zero: same soft-fail contract as the pre-commit hook
-          # (Phase 2 "violations as warnings, not blockers"). Annotations
-          # still render via --output-format=github so reviewers see them
-          # in the PR; the step itself doesn't fail. Phase 4 will drop
-          # this flag along with `continue-on-error: true` on the job.
-          ruff check --select ASYNC --exit-zero --output-format=github juniper_data/
+          ruff check --select ASYNC --output-format=github juniper_data/
 
   # ═══════════════════════════════════════════════════════════════════════════════════════════════
   # Unit Tests: Run unit tests with coverage enforcement
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 94bd64a..98f7db1 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -97,16 +97,15 @@ repos:
         name: Format with Ruff
         files: ^juniper_data/.*\.py$
       # ─────────────────────────────────────────────────────────────────────
-      # Async-route audit (Phase 2 — soft-fail visibility).
+      # Async-route audit (Phase 4 — enforced).
       # See juniper-ml notes/ASYNC_ROUTE_AUDIT_HOOK_MIGRATION_PLAN.md.
-      # `--exit-zero` keeps violations as warnings (won't block commits).
-      # CI lane in .github/workflows/ci.yml runs the same check with
-      # `continue-on-error: true` so PRs see annotations without blocking
-      # merge. Phase 4 will drop both `--exit-zero` and `continue-on-error`.
+      # Hard-fails on any new ASYNC* violation. The repo reached zero
+      # violations at end of Phase 3 (PR #96); per-file-ignores live in
+      # pyproject.toml [tool.ruff.lint.per-file-ignores].
       - id: ruff
         alias: ruff-async-audit
         name: Async-route audit (BUG-JD-10 class)
-        args: [--select, ASYNC, --exit-zero]
+        args: [--select, ASYNC]
         files: ^juniper_data/.*\.py$
         stages: [pre-commit, manual]