loki-mode 7.49.0 → 7.50.0

package/autonomy/run.sh

@@ -7038,6 +7038,130 @@ enforce_static_analysis() {
         }
     fi
 
+    # C / C++ (P1-6: cppcheck is a standalone static analyzer that needs no
+    # build system, headers, or compile flags, so it does not false-block on
+    # missing includes the way a per-file `clang` compile would. The exit gate
+    # fires only on `error` severity; style/warning/portability findings on WIP
+    # code do not block. When cppcheck is absent we pass through honestly
+    # (log, no block) rather than silently skipping.)
+    local cfiles
+    cfiles=$(echo "$changed_files" | grep -E '\.(c|cc|cpp|cxx|h|hpp|hxx)$' || true)
+    if [ -n "$cfiles" ]; then
+        local cabs=""
+        for f in $cfiles; do
+            [ -f "${TARGET_DIR:-.}/$f" ] && cabs="$cabs ${TARGET_DIR:-.}/$f"
+        done
+        if [ -n "$cabs" ]; then
+            if command -v cppcheck &>/dev/null; then
+                total_checked=$((total_checked + $(echo "$cabs" | wc -w)))
+                # Default cppcheck reports ONLY error severity, so with
+                # --error-exitcode=2 the gate returns 2 exclusively on an
+                # error-severity finding. We deliberately do NOT pass
+                # --enable=warning: that would make warning/style/portability
+                # findings on incomplete WIP code block the iteration (verified:
+                # a deref-then-null-check warning returns 2 under --enable=warning
+                # but 0 under the default ruleset). Error severity only = honest
+                # parity with the TS/shell `-S error` gates above.
+                local cpp_out cpp_rc=0
+                # shellcheck disable=SC2086
+                cpp_out=$(cppcheck --quiet --error-exitcode=2 $cabs 2>&1) || cpp_rc=$?
+                if [ "$cpp_rc" -eq 2 ]; then
+                    findings=$((findings + 1))
+                    details="${details}cppcheck (error severity): $(echo "$cpp_out" | tail -3 | tr '\n' ' '). "
+                fi
+            else
+                log_info "Static analysis: cppcheck not on PATH, skipping C/C++ check (pass-through)"
+            fi
+        fi
+    fi
+
+    # Kotlin (P1-6: ktlint and detekt are standalone, build-system-free linters.
+    # Prefer ktlint; fall back to detekt. Absent -> honest pass-through.)
+    #
+    # ADVISORY ONLY (not blocking): unlike cppcheck/checkstyle which expose an
+    # error-vs-style severity distinction, ktlint is a pure formatter -- every
+    # finding it reports is a style/formatting issue and it exits nonzero on ANY
+    # violation, with no CLI mode to fail only on error severity. detekt's failure
+    # threshold is config-driven (maxIssues) and its findings are code smells, not
+    # compiler errors; there is no stable CLI flag to fail only on error severity.
+    # Per the gate principle (a new-language arm must NOT block on style/formatting,
+    # consistent with cppcheck's error-exitcode-only and the JS/TS/Py `-S error`
+    # gates), we run these linters as ADVISORY: report findings via log_warn and
+    # the details string, but do NOT increment `findings` (no BLOCK). This avoids
+    # false-blocking a WIP build on formatting. Absent -> honest pass-through.
+    local kt_files
+    kt_files=$(echo "$changed_files" | grep -E '\.(kt|kts)$' || true)
+    if [ -n "$kt_files" ]; then
+        local kt_abs=""
+        for f in $kt_files; do
+            [ -f "${TARGET_DIR:-.}/$f" ] && kt_abs="$kt_abs ${TARGET_DIR:-.}/$f"
+        done
+        if [ -n "$kt_abs" ]; then
+            if command -v ktlint &>/dev/null; then
+                total_checked=$((total_checked + $(echo "$kt_abs" | wc -w)))
+                local kt_out
+                # shellcheck disable=SC2086
+                kt_out=$(cd "${TARGET_DIR:-.}" && ktlint $kt_files 2>&1) || {
+                    # Advisory: ktlint reports only style/formatting; warn, do not block.
+                    details="${details}ktlint advisory (style, non-blocking): $(echo "$kt_out" | tail -3 | tr '\n' ' '). "
+                    log_warn "Static analysis: ktlint reported style findings (advisory, non-blocking)"
+                }
+            elif command -v detekt &>/dev/null; then
+                total_checked=$((total_checked + $(echo "$kt_abs" | wc -w)))
+                local dt_out dt_input
+                dt_input=$(echo "$kt_files" | tr ' \n' ',,' | sed 's/,*$//;s/^,*//')
+                dt_out=$(cd "${TARGET_DIR:-.}" && detekt --input "$dt_input" 2>&1) || {
+                    # Advisory: detekt threshold is config-driven, findings are code
+                    # smells (no error-severity-only CLI mode); warn, do not block.
+                    details="${details}detekt advisory (code smell, non-blocking): $(echo "$dt_out" | tail -3 | tr '\n' ' '). "
+                    log_warn "Static analysis: detekt reported findings (advisory, non-blocking)"
+                }
+            else
+                log_info "Static analysis: ktlint/detekt not on PATH, skipping Kotlin check (pass-through)"
+            fi
+        fi
+    fi
+
+    # Java (P1-6: checkstyle is a pure static linter that needs no compile or
+    # classpath, but it REQUIRES a config file. A per-file `javac` would
+    # false-block on unresolved imports/classpath the way per-file tsc did, so
+    # Java is gated on checkstyle-with-config only. Without a config we pass
+    # through honestly. C# is deferred: roslyn analyzers and `dotnet build` need
+    # a full project + restore, which cannot be auto-detected cleanly per-file.)
+    local java_files
+    java_files=$(echo "$changed_files" | grep -E '\.java$' || true)
+    if [ -n "$java_files" ]; then
+        local java_abs=""
+        for f in $java_files; do
+            [ -f "${TARGET_DIR:-.}/$f" ] && java_abs="$java_abs ${TARGET_DIR:-.}/$f"
+        done
+        if [ -n "$java_abs" ]; then
+            local _cs_config=""
+            for cfg in checkstyle.xml .checkstyle.xml config/checkstyle/checkstyle.xml google_checks.xml sun_checks.xml; do
+                if [ -f "${TARGET_DIR:-.}/$cfg" ]; then _cs_config="${TARGET_DIR:-.}/$cfg"; break; fi
+            done
+            if command -v checkstyle &>/dev/null && [ -n "$_cs_config" ]; then
+                total_checked=$((total_checked + $(echo "$java_abs" | wc -w)))
+                local cs_out
+                # checkstyle's exit code equals the count of audit events at
+                # severity=error; warning/info violations are printed but do NOT
+                # bump the exit code (verified against checkstyle CLI behavior).
+                # So a nonzero exit means error-severity findings only -- this is
+                # already error-gated like cppcheck (--error-exitcode) and the
+                # JS/TS/Py `-S error` gates, and does NOT block on style/warning.
+                # Whether a given rule is error vs warning is the user's explicit
+                # choice in their checkstyle config, which we respect.
+                # shellcheck disable=SC2086
+                cs_out=$(cd "${TARGET_DIR:-.}" && checkstyle -c "$_cs_config" $java_files 2>&1) || {
+                    findings=$((findings + 1))
+                    details="${details}checkstyle (error severity): $(echo "$cs_out" | tail -3 | tr '\n' ' '). "
+                }
+            else
+                log_info "Static analysis: checkstyle+config not available, skipping Java check (pass-through)"
+            fi
+        fi
+    fi
+
     # Write results
     cat > "$quality_dir/static-analysis.json" << SAFEOF
 {"timestamp":"$(date -u +%Y-%m-%dT%H:%M:%SZ)","files_checked":$total_checked,"findings":$findings,"summary":"$details","pass":$([ $findings -eq 0 ] && echo "true" || echo "false")}

package/autonomy/spec-interrogation.sh

@@ -29,6 +29,28 @@
 #   prompt-injected, and surfaced in proof-of-done. LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1
 #   disables auto-ack for a human-in-the-loop path (only confirmed=true clears).
 #
+# Design note (P2-4 contradictions -- the exception to the lifecycle above):
+#   A GAP can become a recorded assumption: "the spec is silent, so I took the
+#   implementer default." A CONTRADICTION cannot -- there is no default that
+#   satisfies "X and not-X". So a contradiction (class=contradictory, forced to
+#   severity=high) is NEVER auto-acknowledged, even in default autonomous mode
+#   (spec_ledger_acknowledge_all skips it). It stays acknowledged=false and keeps
+#   the completion gate BLOCKED until a human sets confirmed=true. We chose this
+#   "block, do not assume away" behavior over the softer "auto-ack but surface
+#   loudly" option because a silently-acked contradiction lets "done" be declared
+#   over a spec we know is internally inconsistent, which is exactly the
+#   accuracy failure this feature exists to prevent. Honest cost: in a fully
+#   autonomous run an unresolved contradiction grinds the loop to max-iterations
+#   (no human to confirm), wasting budget. It is STILL surfaced in proof-of-done
+#   on every terminal path. Escape hatches: a human sets confirmed=true in
+#   .loki/assumptions/, or the operator sets LOKI_ASSUMPTION_GATE=0. A follow-up
+#   in run.sh (out of this module's scope) should add an early hard-stop on an
+#   unresolved contradiction so the run fails fast instead of grinding.
+#   Contradictions come from two sources: spec-INTERNAL (grill finds them, the
+#   classifier tags them) and spec-EXTERNAL (spec_interrogation_external_check
+#   compares the spec to the repo's declared dependencies; narrow + high-
+#   confidence by design).
+#
 # Provider-aware + clean degrade: grill needs a provider CLI; when absent we log
 # an honest message, skip the grill subcall (NO fabricated questions), but STILL
 # fold prd-analyzer's deterministic missing-dimension assumptions into the ledger
@@ -38,6 +60,7 @@
 #   LOKI_SPEC_GRILL=0                  skip interrogation entirely
 #   LOKI_ASSUMPTION_GATE=0            completion gate is pass-through (gate file)
 #   LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1  require human confirmed=true (no auto-ack)
+#   LOKI_SPEC_EXTERNAL_CHECK=0       skip the spec-vs-repo external contradiction check
 
 set -uo pipefail
 
@@ -81,6 +104,17 @@ spec_interrogation_severity_for() {
             printf 'high'; return 0 ;;
     esac
 
+    # P2-4: a "Contradictions" SECTION escalates to high even when the line has
+    # no contradiction keyword. Keyword-only detection would silently miss a
+    # contradiction phrased plainly ("section 2 mandates immutable records;
+    # section 5 specifies an edit endpoint."), which is exactly the failure P2-4
+    # exists to prevent -- and the grill-prompt follow-up that adds a
+    # "Contradictions" section would emit such keyword-free findings.
+    case "$lc_section" in
+        *contradiction*|*contradictor*)
+            printf 'high'; return 0 ;;
+    esac
+
     # Section-driven severity.
     case "$lc_section" in
         *security*|*scale*|*reliability*)
@@ -113,6 +147,13 @@ spec_interrogation_class_for() {
             printf 'contradictory'; return 0 ;;
     esac
 
+    # P2-4: a "Contradictions" SECTION tags its findings contradictory even when
+    # the line carries no contradiction keyword (see severity_for for rationale).
+    case "$lc_section" in
+        *contradiction*|*contradictor*)
+            printf 'contradictory'; return 0 ;;
+    esac
+
     case "$lc_section" in
         *security*|*scale*|*reliability*) printf 'missing'; return 0 ;;
         *unstated\ assumption*)           printf 'underspecified'; return 0 ;;
@@ -249,9 +290,19 @@ spec_interrogation_classify_report() {
         # Trim leading/trailing whitespace.
         stripped="$(printf '%s' "$q" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
         [ -z "$stripped" ] && continue
-        # Skip explicit "None identified." placeholders (no fabricated findings).
-        case "$stripped" in
-            "None identified"*|"None."*|"None"|"N/A"*) continue ;;
+        # Skip negative-result / clean-spec lines so a grill that honestly
+        # reports "nothing found" never becomes a persisted finding (and, under
+        # "### Contradictions", never deadlocks a clean spec to max-iterations).
+        # Match a lowercased copy (bash 3.2 has no ${var,,}); write the original.
+        # Patterns are START-anchored to whole-line negative phrasings so a real
+        # finding that merely contains "no" (e.g. "no input validation on the
+        # login endpoint") is NOT skipped.
+        local stripped_lc
+        stripped_lc="$(printf '%s' "$stripped" | tr '[:upper:]' '[:lower:]')"
+        case "$stripped_lc" in
+            "none"|"none."*|"none found"*|"none identified"*|\
+            "no contradiction"*|"no issues"*|"no conflicts"*|"no problems"*|\
+            "no concerns"*|"no gaps"*|"not applicable"*|"n/a"*) continue ;;
         esac
 
         local sev class affects assumption
@@ -260,7 +311,20 @@ spec_interrogation_classify_report() {
         affects="$(_spec_affects_for "$section")"
         # No-fabrication: the finding is a QUESTION; the honest assumption is a
         # stated default, NOT an invented resolution the build will not follow.
-        assumption="Spec gives no answer; proceeding with the implementer default for ${affects}."
+        # P2-4: a CONTRADICTION is special. A gap can become a recorded
+        # assumption (a stated default), but a contradiction CANNOT be assumed
+        # away -- there is no consistent default for "X and not-X". So a
+        # contradictory finding carries a contradiction-specific message instead
+        # of the implementer-default text. This keeps spec_ledger_prompt_block
+        # honest (it would otherwise instruct the build agent to "proceed with a
+        # default" for something that has no consistent default) and makes the
+        # ledger rollup state the truth: unresolvable by assumption, needs a
+        # human.
+        if [ "$class" = "contradictory" ]; then
+            assumption="UNRESOLVED CONTRADICTION: the spec is internally inconsistent here and cannot be assumed away; a human must resolve it before this can be built correctly."
+        else
+            assumption="Spec gives no answer; proceeding with the implementer default for ${affects}."
+        fi
 
         spec_ledger_write \
             "$stripped" \
@@ -274,6 +338,144 @@ spec_interrogation_classify_report() {
     return 0
 }
 
+# ---------------------------------------------------------------------------
+# P2-4 EXTERNAL contradiction check: spec vs existing code/config.
+#
+# A spec-internal contradiction is found by the grill (LLM) and recognized by
+# the classifier above. An EXTERNAL contradiction is the spec disagreeing with
+# the repo it is being built into (spec says Postgres, repo wired to Mongo).
+#
+# Design constraint -- PRECISION OVER RECALL (deliberate):
+#   A contradiction is tagged high + contradictory and (per the auto-ack skip
+#   above) BLOCKS completion until a human resolves it. In an autonomous run no
+#   human is present, so a false positive grinds a GOOD spec to max-iterations.
+#   That is a severe failure mode. A grep heuristic is far lower-confidence than
+#   the LLM-identified internal contradictions feeding the same blocking path, so
+#   this check fires ONLY on UNAMBIGUOUS POSITIVE-CONFLICT evidence and is happy
+#   to miss real conflicts (low recall) rather than ever block a clean spec.
+#
+# Scope of THIS slice: database-engine conflict only -- the single signal where
+# "what the spec names" and "what the repo is wired to" are both concretely
+# detectable from declared dependencies. The trigger requires ALL FOUR:
+#   1. the spec explicitly names database engine X, AND
+#   2. a manifest (package.json / requirements.txt / go.mod / pyproject.toml /
+#      Gemfile) declares a concrete driver for a DIFFERENT engine Y, AND
+#   3. that same manifest declares NO driver for engine X, AND
+#   4. the spec does NOT also name engine Y (if it names BOTH, the spec is
+#      discussing the choice -- "we chose Mongo over Postgres" -- not in
+#      conflict; skip rather than false-fire on a good spec).
+# Bare prose substring matches in source files are intentionally NOT used (specs
+# mention databases in passing; comments and migrations carry both drivers).
+#
+# Honest deferral: other external conflicts (REST-vs-gRPC, language/runtime,
+# cloud provider) are NOT implemented here. They need a higher-confidence
+# extractor than a single grep and are documented as the harder follow-up.
+#
+# Usage: spec_interrogation_external_check <spec_path>
+# Best-effort; writes at most one contradiction ledger entry; never fails a run.
+# ---------------------------------------------------------------------------
+spec_interrogation_external_check() {
+    local spec_path="${1:-}"
+    [ -n "$spec_path" ] && [ -f "$spec_path" ] || return 0
+    [ "${LOKI_SPEC_EXTERNAL_CHECK:-1}" = "0" ] && return 0
+
+    local repo_root="${TARGET_DIR:-.}"
+
+    # Collect declared-dependency manifest text (declarations only, not prose).
+    local manifests="" m
+    for m in \
+        "$repo_root/package.json" \
+        "$repo_root/requirements.txt" \
+        "$repo_root/pyproject.toml" \
+        "$repo_root/go.mod" \
+        "$repo_root/Gemfile"; do
+        [ -f "$m" ] && manifests="$manifests $m"
+    done
+    # No declared dependencies => no concrete repo signal => nothing to conflict.
+    [ -n "$manifests" ] || return 0
+
+    # Lowercase the spec body and the manifest text once.
+    local spec_lc deps_lc
+    spec_lc="$(tr '[:upper:]' '[:lower:]' < "$spec_path" 2>/dev/null)"
+    # shellcheck disable=SC2086  # word-split of the manifest path list is intended
+    deps_lc="$(cat $manifests 2>/dev/null | tr '[:upper:]' '[:lower:]')"
+    [ -n "$spec_lc" ] && [ -n "$deps_lc" ] || return 0
+
+    # Engine -> concrete driver-dependency token (a dependency name, not prose).
+    # Keys are the engine names we look for in the SPEC; values are the package
+    # tokens that prove the repo is wired to that engine.
+    _spec_db_driver_token() {
+        case "$1" in
+            postgres) printf '%s' 'pg|psycopg|postgresql|asyncpg|node-postgres|sequelize-postgres|gorm.io/driver/postgres' ;;
+            mongodb)  printf '%s' 'mongoose|pymongo|mongodb|motor|go.mongodb.org/mongo-driver' ;;
+            mysql)    printf '%s' 'mysql|mysql2|pymysql|mysqlclient|gorm.io/driver/mysql' ;;
+            *)        printf '' ;;
+        esac
+    }
+    # Does the spec name engine $1? Match unambiguous engine names only.
+    _spec_names_engine() {
+        case "$1" in
+            postgres) printf '%s' 'postgres\|postgresql' ;;
+            mongodb)  printf '%s' 'mongodb\|mongo db\|mongo database' ;;
+            mysql)    printf '%s' 'mysql' ;;
+            *)        printf '' ;;
+        esac
+    }
+
+    local engines="postgres mongodb mysql"
+    local spec_engine other_engine
+    for spec_engine in $engines; do
+        local spec_pat
+        spec_pat="$(_spec_names_engine "$spec_engine")"
+        [ -n "$spec_pat" ] || continue
+        printf '%s' "$spec_lc" | grep -q -e "$spec_pat" || continue
+
+        # Spec names this engine. Is the repo wired to a DIFFERENT one, with no
+        # driver for the spec's engine?
+        local spec_engine_token
+        spec_engine_token="$(_spec_db_driver_token "$spec_engine")"
+        # If the repo DOES declare a driver for the spec's engine, there is no
+        # conflict (they agree) -- skip.
+        if printf '%s' "$deps_lc" | grep -E -q -- "$spec_engine_token"; then
+            continue
+        fi
+
+        for other_engine in $engines; do
+            [ "$other_engine" = "$spec_engine" ] && continue
+            # PRECISION guard: if the spec ALSO names other_engine, this is not an
+            # unambiguous conflict -- the spec is discussing both engines (e.g.
+            # "we chose MongoDB over PostgreSQL"). Skip rather than false-fire on
+            # a good spec, since a false contradiction would block it to max-iter.
+            local other_spec_pat
+            other_spec_pat="$(_spec_names_engine "$other_engine")"
+            if [ -n "$other_spec_pat" ] && printf '%s' "$spec_lc" | grep -q -e "$other_spec_pat"; then
+                continue
+            fi
+            local other_token
+            other_token="$(_spec_db_driver_token "$other_engine")"
+            [ -n "$other_token" ] || continue
+            if printf '%s' "$deps_lc" | grep -E -q -- "$other_token"; then
+                # UNAMBIGUOUS: spec names X, repo declares a Y driver, repo has
+                # no X driver. Record one high/contradictory external finding.
+                local gap assumption
+                gap="External contradiction: the spec specifies the ${spec_engine} database, but this repository declares a ${other_engine} driver dependency and no ${spec_engine} driver."
+                assumption="UNRESOLVED CONTRADICTION: the spec and the existing code disagree on the database engine and this cannot be assumed away; a human must reconcile the spec with the repo before building."
+                spec_ledger_write \
+                    "$gap" \
+                    "$assumption" \
+                    "external: spec vs repo dependencies" \
+                    "high" \
+                    "contradictory" \
+                    "data-store" \
+                    "external-check"
+                # One database-engine conflict is enough to block; stop scanning.
+                return 0
+            fi
+        done
+    done
+    return 0
+}
+
 # ---------------------------------------------------------------------------
 # Fold prd-analyzer's deterministic missing-dimension assumptions into the
 # ledger as medium (non-blocking). Reads .loki/prd-observations.md "Assumptions
@@ -371,6 +573,16 @@ print("%d %d" % (total, high))
 # Auto-acknowledgment lifecycle helper: set acknowledged=true on every ledger
 # entry. run.sh calls this once an iteration AFTER assumptions are injected into
 # the build prompt (unless LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1). Best-effort.
+#
+# P2-4 EXCEPTION: class=contradictory entries are NEVER auto-acknowledged. A gap
+# can be assumed away (auto-ack records that the implementer-default was taken),
+# but a contradiction is unresolvable by assumption -- there is no default that
+# satisfies "X and not-X". Auto-acknowledging it would silently clear the
+# completion gate and let "done" be declared over an internally inconsistent
+# spec. So a contradiction stays acknowledged=false until a human confirms a
+# resolution (sets confirmed=true). This is deliberately the same teeth the
+# LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1 path applies to ALL entries, scoped here to
+# just contradictions in default autonomous mode. See the design note below.
 # ---------------------------------------------------------------------------
 spec_ledger_acknowledge_all() {
     [ "${LOKI_ASSUMPTIONS_REQUIRE_CONFIRM:-0}" = "1" ] && return 0
@@ -388,6 +600,9 @@ for p in glob.glob(os.path.join(d, "a-*.json")):
         continue
     if r.get("acknowledged"):
         continue
+    # P2-4: a contradiction cannot be assumed away, so it is never auto-acked.
+    if r.get("class") == "contradictory":
+        continue
     r["acknowledged"] = True
     fd, tmp = tempfile.mkstemp(dir=os.path.dirname(p), suffix=".tmp")
     try:
@@ -531,6 +746,11 @@ spec_interrogation_run() {
     # (works with no provider) so degrade still surfaces something.
     spec_ledger_fold_prd_observations || true
 
+    # P2-4: best-effort EXTERNAL contradiction check (spec vs repo deps). Runs
+    # with no provider (it is pure file inspection) and is intentionally narrow
+    # (high-confidence DB-engine conflict only) so it never blocks a clean spec.
+    spec_interrogation_external_check "$spec_path" || true
+
     spec_ledger_rebuild_md || true
 
     local counts total high

package/autonomy/spec.sh

@@ -470,12 +470,17 @@ PYEOF
 # drift check quietly and, on drift, emits ONE SPEC_DRIFT record to stdout in
 # the verify finding TSV shape:
 #     severity \t category \t source \t file \t line \t message
-# Severity is Medium (-> CONCERNS, per the task). Graceful no-op (prints
-# nothing, returns 0) when there is no lock or the spec cannot be resolved.
+# Severity is High (-> BLOCKED under verify's default --block-on critical,high).
+# A spec lock is an explicit human declaration that "this spec is the contract"
+# (loki spec lock / sync), so once it exists, real drift is a blocking gate, not
+# a soft concern. Graceful no-op (prints nothing, returns 0) when there is no
+# lock or the spec cannot be resolved, so an unlocked / first-run workflow is
+# never blocked.
 #
 # This function is intentionally side-effect-light for the verify caller: it
-# still writes the drift-report.json (a useful artifact) but never blocks and
-# never prints to the verify human channel.
+# still writes the drift-report.json (a useful artifact) and never prints to the
+# verify human channel; the BLOCK is delivered purely via the High finding the
+# verify verdict logic consumes.
 # ---------------------------------------------------------------------------
 spec_verify_hook() {
     local out_dir="${1:-$SPEC_DIR_DEFAULT}"
@@ -485,16 +490,17 @@ spec_verify_hook() {
     local spec_path
     # Prefer the spec path recorded in the lock; fall back to resolution.
     spec_path="$(python3 -c 'import sys,json; print(json.load(open(sys.argv[1])).get("spec_path",""))' "$lock_file" 2>/dev/null || echo "")"
-    # MEDIUM-4: the lock recorded a spec path but that file is now MISSING (the
-    # locked spec was deleted). That is real drift -- the contract the lock binds
-    # no longer exists -- so emit a Medium spec_drift finding instead of silently
-    # returning 0. NEVER fall back to spec_resolve_source here: comparing against
-    # a different candidate file would mask the deletion and attest a spec that is
-    # not the locked one. The empty-spec_path case below is a SEPARATE, legitimate
-    # fallback (legacy locks that never recorded a path).
+    # The lock recorded a spec path but that file is now MISSING (the locked spec
+    # was deleted). That is real drift -- the contract the lock binds no longer
+    # exists -- so emit a High spec_drift finding (blocking, consistent with the
+    # content-drift finding below) instead of silently returning 0. NEVER fall
+    # back to spec_resolve_source here: comparing against a different candidate
+    # file would mask the deletion and attest a spec that is not the locked one.
+    # The empty-spec_path case below is a SEPARATE, legitimate fallback (legacy
+    # locks that never recorded a path).
     if [ -n "$spec_path" ] && [ ! -f "$spec_path" ]; then
         printf '%s\t%s\t%s\t%s\t%s\t%s\n' \
-            "Medium" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" \
+            "High" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" \
             "locked spec file missing: $spec_path (the spec is the contract; restore it or run 'loki spec sync' after review to re-lock against the current spec)"
         return 0
     fi
@@ -523,9 +529,10 @@ PYEOF
 )"
     [ -n "$summary" ] || return 0
 
-    # Emit one Medium SPEC_DRIFT finding in the verify TSV shape.
+    # Emit one High SPEC_DRIFT finding in the verify TSV shape (blocking under
+    # verify's default --block-on critical,high; only reachable when a lock exists).
     printf '%s\t%s\t%s\t%s\t%s\t%s\n' \
-        "Medium" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" "$summary"
+        "High" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" "$summary"
     return 0
 }
 
@@ -572,8 +579,10 @@ EXIT CODES:
 
 VERIFY INTEGRATION:
     When .loki/spec/spec.lock exists, `loki verify` runs the drift check and
-    adds a Medium-severity SPEC_DRIFT finding on drift, which maps to a CONCERNS
-    verdict. No lock = graceful no-op.
+    adds a High-severity SPEC_DRIFT finding on drift, which BLOCKS verify under
+    its default --block-on critical,high. Locking is an explicit declaration
+    that the spec is the contract, so post-lock drift is a hard gate. No lock =
+    graceful no-op (gate skipped, never blocks an unlocked / first-run workflow).
 
 EOF
 }