npm - @mc-and-his-agents/loom-installer - Versions diffs - 0.1.48 → 0.1.49 - Mend

@mc-and-his-agents/loom-installer 0.1.48 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mc-and-his-agents/loom-installer",
-  "version": "0.1.48",
+  "version": "0.1.49",
   "description": "Node installer for Loom plugin and single-skill installation surfaces.",
   "type": "module",
   "bin": {

package/payload/manifest.json CHANGED Viewed

@@ -2,9 +2,9 @@
   "schema_version": "loom-installer-payload/v1",
   "loom_version": "0.4.0",
   "source_repository": "https://github.com/MC-and-his-Agents/Loom",
-  "source_commit": "e584966cb8ab5b856e9b3588173d436302fa4904",
+  "source_commit": "bcb61000e8157a08d51f2817b8768e5be8439343",
   "source_ref": "main",
-  "built_at": "2026-04-28T10:12:57+08:00",
+  "built_at": "2026-04-28T10:56:14+08:00",
   "runtime": {
     "python_minimum": "3.10",
     "python_recommended": "3.11+"
@@ -633,13 +633,13 @@
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_init.py",
@@ -1223,13 +1223,13 @@
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_init.py",
@@ -1843,13 +1843,13 @@
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_init.py",
@@ -2463,13 +2463,13 @@
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_init.py",
@@ -3088,13 +3088,13 @@
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_init.py",
@@ -3708,13 +3708,13 @@
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_init.py",
@@ -4328,13 +4328,13 @@
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_init.py",
@@ -4948,13 +4948,13 @@
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_init.py",
@@ -5568,13 +5568,13 @@
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_init.py",
@@ -6188,13 +6188,13 @@
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 362269,
-      "sha256": "451270ab050bc0b1522ae08d2c151dd704d711a41c5de5ba237d626b6d60ec1d"
+      "bytes": 363725,
+      "sha256": "a2e8c10cda53568e099b6c9ce242b524d84b7a7b0bbcb8efb4163b92e9150bb4"
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 341764,
-      "sha256": "1d48bec787cdb4a056cd98c0f40b54fadc70711299691c343dcf4db60672246b"
+      "bytes": 342513,
+      "sha256": "00a5476d3e1a1b6215558d1d840e852be898cd818749c3caaa442bc657dde5eb"
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_init.py",

package/payload/plugin/loom/skills/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/plugin/loom/skills/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-adopt/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-adopt/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-handoff/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-handoff/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-init/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-init/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-pre-review/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-pre-review/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-resume/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-resume/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-retire/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-retire/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-review/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-review/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors:

package/payload/skills/loom-spec-review/.loom-runtime/shared/scripts/loom_check.py CHANGED Viewed

@@ -7229,6 +7229,39 @@ def check_adversarial_adoption_fixture(root: Path) -> list[Failure]:
         else:
             failures.append(Failure("adversarial-adoption", "review shadow carrier fixture could not load review artifact"))
+        unreadable_review_shadow_target = base / "unreadable-review-shadow"
+        shutil.copytree(baseline, unreadable_review_shadow_target)
+        (unreadable_review_shadow_target / ".loom/shadow/review-repo.json").write_text("{not-json", encoding="utf-8")
+        run_command(
+            root,
+            ["git", "add", "-f", ".loom/shadow/review-repo.json"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        run_command(
+            root,
+            ["git", "commit", "-m", "corrupt review shadow evidence"],
+            cwd=unreadable_review_shadow_target,
+            timeout_seconds=30,
+        )
+        unreadable_payload, unreadable_error = load_command_json(
+            root,
+            [
+                "python3",
+                str(unreadable_review_shadow_target / ".loom/bin/loom_flow.py"),
+                "checkpoint",
+                "merge",
+                "--target",
+                str(unreadable_review_shadow_target),
+                "--item",
+                "INIT-0001",
+            ],
+        )
+        if unreadable_error:
+            failures.append(Failure("adversarial-adoption", f"unreadable review shadow evidence must fail closed without crashing: {unreadable_error}"))
+        elif unreadable_payload.get("result") == "pass":
+            failures.append(Failure("adversarial-adoption", "unreadable review shadow evidence must fail closed instead of passing"))
         invalid_review_schema_target = base / "invalid-review-schema"
         shutil.copytree(baseline, invalid_review_schema_target)
         invalid_review_payload = load_json_file(invalid_review_schema_target / review_path)

package/payload/skills/loom-spec-review/.loom-runtime/shared/scripts/loom_flow.py CHANGED Viewed

@@ -1489,7 +1489,10 @@ def shadow_evidence_paths_for_sources(target_root: Path, source_paths: set[str])
         relative = evidence_path.relative_to(target_root).as_posix()
         if relative == ".loom/shadow/shadow-parity.json":
             continue
-        payload = load_json_file(evidence_path)
+        try:
+            payload = load_json_file(evidence_path)
+        except (OSError, ValueError, json.JSONDecodeError):
+            continue
         if not isinstance(payload, dict):
             continue
         source_files = payload.get("source_files")
@@ -1509,10 +1512,13 @@ def allowed_post_review_carrier_paths(context: dict[str, Any], *review_paths: st
     allowed.update(shadow_evidence_paths_for_sources(context["target_root"], set(review_paths)))
     review_shadow_root = context["target_root"] / ".loom/shadow"
     if review_shadow_root.exists():
-        allowed.update(
-            evidence_path.relative_to(context["target_root"]).as_posix()
-            for evidence_path in sorted(review_shadow_root.glob("review-*.json"))
-        )
+        for evidence_path in sorted(review_shadow_root.glob("review-*.json")):
+            try:
+                payload = load_json_file(evidence_path)
+            except (OSError, ValueError, json.JSONDecodeError):
+                continue
+            if isinstance(payload, dict):
+                allowed.add(evidence_path.relative_to(context["target_root"]).as_posix())
     return allowed
@@ -2107,7 +2113,7 @@ def build_review_flow_payload(
     build_payload = checkpoint_payload("build", context)
     governance_surface = build_governance_surface(target_root)
-    surface_name = "review" if operation == "review" else "spec_review"
+    surface_name = "review"
     repo_specific_requirements = repo_specific_requirements_payload(
         governance_surface.get("repo_interface"),
         target_root=target_root,
@@ -4237,6 +4243,15 @@ def carrier_refresh_payload(target_root: Path, output_relative: str, expected_it
     for action in actions:
         if action.get("status") == "block":
             missing_inputs.extend(str(message) for message in action.get("missing_inputs", []))
+    if runtime_state.get("result") != "pass":
+        refreshable_runtime_drift = {
+            f"bootstrap runtime artifact `{action.get('path')}` sha256 drifted"
+            for action in actions
+            if action.get("kind") is None and action.get("status") == "refresh-needed" and action.get("path")
+        }
+        for message in runtime_state.get("missing_inputs", []):
+            if str(message) not in refreshable_runtime_drift:
+                missing_inputs.append(f"runtime-state: {message}")
     review_status: dict[str, Any] = {"status": "not_checked"}
     if not context_errors: