loki-mode 7.49.0 → 7.51.0

package/autonomy/spec-interrogation.sh

@@ -29,6 +29,28 @@
 #   prompt-injected, and surfaced in proof-of-done. LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1
 #   disables auto-ack for a human-in-the-loop path (only confirmed=true clears).
 #
+# Design note (P2-4 contradictions -- the exception to the lifecycle above):
+#   A GAP can become a recorded assumption: "the spec is silent, so I took the
+#   implementer default." A CONTRADICTION cannot -- there is no default that
+#   satisfies "X and not-X". So a contradiction (class=contradictory, forced to
+#   severity=high) is NEVER auto-acknowledged, even in default autonomous mode
+#   (spec_ledger_acknowledge_all skips it). It stays acknowledged=false and keeps
+#   the completion gate BLOCKED until a human sets confirmed=true. We chose this
+#   "block, do not assume away" behavior over the softer "auto-ack but surface
+#   loudly" option because a silently-acked contradiction lets "done" be declared
+#   over a spec we know is internally inconsistent, which is exactly the
+#   accuracy failure this feature exists to prevent. Honest cost: in a fully
+#   autonomous run an unresolved contradiction grinds the loop to max-iterations
+#   (no human to confirm), wasting budget. It is STILL surfaced in proof-of-done
+#   on every terminal path. Escape hatches: a human sets confirmed=true in
+#   .loki/assumptions/, or the operator sets LOKI_ASSUMPTION_GATE=0. A follow-up
+#   in run.sh (out of this module's scope) should add an early hard-stop on an
+#   unresolved contradiction so the run fails fast instead of grinding.
+#   Contradictions come from two sources: spec-INTERNAL (grill finds them, the
+#   classifier tags them) and spec-EXTERNAL (spec_interrogation_external_check
+#   compares the spec to the repo's declared dependencies; narrow + high-
+#   confidence by design).
+#
 # Provider-aware + clean degrade: grill needs a provider CLI; when absent we log
 # an honest message, skip the grill subcall (NO fabricated questions), but STILL
 # fold prd-analyzer's deterministic missing-dimension assumptions into the ledger
@@ -38,6 +60,7 @@
 #   LOKI_SPEC_GRILL=0                  skip interrogation entirely
 #   LOKI_ASSUMPTION_GATE=0            completion gate is pass-through (gate file)
 #   LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1  require human confirmed=true (no auto-ack)
+#   LOKI_SPEC_EXTERNAL_CHECK=0       skip the spec-vs-repo external contradiction check
 
 set -uo pipefail
 
@@ -81,6 +104,17 @@ spec_interrogation_severity_for() {
             printf 'high'; return 0 ;;
     esac
 
+    # P2-4: a "Contradictions" SECTION escalates to high even when the line has
+    # no contradiction keyword. Keyword-only detection would silently miss a
+    # contradiction phrased plainly ("section 2 mandates immutable records;
+    # section 5 specifies an edit endpoint."), which is exactly the failure P2-4
+    # exists to prevent -- and the grill-prompt follow-up that adds a
+    # "Contradictions" section would emit such keyword-free findings.
+    case "$lc_section" in
+        *contradiction*|*contradictor*)
+            printf 'high'; return 0 ;;
+    esac
+
     # Section-driven severity.
     case "$lc_section" in
         *security*|*scale*|*reliability*)
@@ -113,6 +147,13 @@ spec_interrogation_class_for() {
             printf 'contradictory'; return 0 ;;
     esac
 
+    # P2-4: a "Contradictions" SECTION tags its findings contradictory even when
+    # the line carries no contradiction keyword (see severity_for for rationale).
+    case "$lc_section" in
+        *contradiction*|*contradictor*)
+            printf 'contradictory'; return 0 ;;
+    esac
+
     case "$lc_section" in
         *security*|*scale*|*reliability*) printf 'missing'; return 0 ;;
         *unstated\ assumption*)           printf 'underspecified'; return 0 ;;
@@ -249,9 +290,19 @@ spec_interrogation_classify_report() {
         # Trim leading/trailing whitespace.
         stripped="$(printf '%s' "$q" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
         [ -z "$stripped" ] && continue
-        # Skip explicit "None identified." placeholders (no fabricated findings).
-        case "$stripped" in
-            "None identified"*|"None."*|"None"|"N/A"*) continue ;;
+        # Skip negative-result / clean-spec lines so a grill that honestly
+        # reports "nothing found" never becomes a persisted finding (and, under
+        # "### Contradictions", never deadlocks a clean spec to max-iterations).
+        # Match a lowercased copy (bash 3.2 has no ${var,,}); write the original.
+        # Patterns are START-anchored to whole-line negative phrasings so a real
+        # finding that merely contains "no" (e.g. "no input validation on the
+        # login endpoint") is NOT skipped.
+        local stripped_lc
+        stripped_lc="$(printf '%s' "$stripped" | tr '[:upper:]' '[:lower:]')"
+        case "$stripped_lc" in
+            "none"|"none."*|"none found"*|"none identified"*|\
+            "no contradiction"*|"no issues"*|"no conflicts"*|"no problems"*|\
+            "no concerns"*|"no gaps"*|"not applicable"*|"n/a"*) continue ;;
         esac
 
         local sev class affects assumption
@@ -260,7 +311,20 @@ spec_interrogation_classify_report() {
         affects="$(_spec_affects_for "$section")"
         # No-fabrication: the finding is a QUESTION; the honest assumption is a
         # stated default, NOT an invented resolution the build will not follow.
-        assumption="Spec gives no answer; proceeding with the implementer default for ${affects}."
+        # P2-4: a CONTRADICTION is special. A gap can become a recorded
+        # assumption (a stated default), but a contradiction CANNOT be assumed
+        # away -- there is no consistent default for "X and not-X". So a
+        # contradictory finding carries a contradiction-specific message instead
+        # of the implementer-default text. This keeps spec_ledger_prompt_block
+        # honest (it would otherwise instruct the build agent to "proceed with a
+        # default" for something that has no consistent default) and makes the
+        # ledger rollup state the truth: unresolvable by assumption, needs a
+        # human.
+        if [ "$class" = "contradictory" ]; then
+            assumption="UNRESOLVED CONTRADICTION: the spec is internally inconsistent here and cannot be assumed away; a human must resolve it before this can be built correctly."
+        else
+            assumption="Spec gives no answer; proceeding with the implementer default for ${affects}."
+        fi
 
         spec_ledger_write \
             "$stripped" \
@@ -274,6 +338,144 @@ spec_interrogation_classify_report() {
     return 0
 }
 
+# ---------------------------------------------------------------------------
+# P2-4 EXTERNAL contradiction check: spec vs existing code/config.
+#
+# A spec-internal contradiction is found by the grill (LLM) and recognized by
+# the classifier above. An EXTERNAL contradiction is the spec disagreeing with
+# the repo it is being built into (spec says Postgres, repo wired to Mongo).
+#
+# Design constraint -- PRECISION OVER RECALL (deliberate):
+#   A contradiction is tagged high + contradictory and (per the auto-ack skip
+#   above) BLOCKS completion until a human resolves it. In an autonomous run no
+#   human is present, so a false positive grinds a GOOD spec to max-iterations.
+#   That is a severe failure mode. A grep heuristic is far lower-confidence than
+#   the LLM-identified internal contradictions feeding the same blocking path, so
+#   this check fires ONLY on UNAMBIGUOUS POSITIVE-CONFLICT evidence and is happy
+#   to miss real conflicts (low recall) rather than ever block a clean spec.
+#
+# Scope of THIS slice: database-engine conflict only -- the single signal where
+# "what the spec names" and "what the repo is wired to" are both concretely
+# detectable from declared dependencies. The trigger requires ALL FOUR:
+#   1. the spec explicitly names database engine X, AND
+#   2. a manifest (package.json / requirements.txt / go.mod / pyproject.toml /
+#      Gemfile) declares a concrete driver for a DIFFERENT engine Y, AND
+#   3. that same manifest declares NO driver for engine X, AND
+#   4. the spec does NOT also name engine Y (if it names BOTH, the spec is
+#      discussing the choice -- "we chose Mongo over Postgres" -- not in
+#      conflict; skip rather than false-fire on a good spec).
+# Bare prose substring matches in source files are intentionally NOT used (specs
+# mention databases in passing; comments and migrations carry both drivers).
+#
+# Honest deferral: other external conflicts (REST-vs-gRPC, language/runtime,
+# cloud provider) are NOT implemented here. They need a higher-confidence
+# extractor than a single grep and are documented as the harder follow-up.
+#
+# Usage: spec_interrogation_external_check <spec_path>
+# Best-effort; writes at most one contradiction ledger entry; never fails a run.
+# ---------------------------------------------------------------------------
+spec_interrogation_external_check() {
+    local spec_path="${1:-}"
+    [ -n "$spec_path" ] && [ -f "$spec_path" ] || return 0
+    [ "${LOKI_SPEC_EXTERNAL_CHECK:-1}" = "0" ] && return 0
+
+    local repo_root="${TARGET_DIR:-.}"
+
+    # Collect declared-dependency manifest text (declarations only, not prose).
+    local manifests="" m
+    for m in \
+        "$repo_root/package.json" \
+        "$repo_root/requirements.txt" \
+        "$repo_root/pyproject.toml" \
+        "$repo_root/go.mod" \
+        "$repo_root/Gemfile"; do
+        [ -f "$m" ] && manifests="$manifests $m"
+    done
+    # No declared dependencies => no concrete repo signal => nothing to conflict.
+    [ -n "$manifests" ] || return 0
+
+    # Lowercase the spec body and the manifest text once.
+    local spec_lc deps_lc
+    spec_lc="$(tr '[:upper:]' '[:lower:]' < "$spec_path" 2>/dev/null)"
+    # shellcheck disable=SC2086  # word-split of the manifest path list is intended
+    deps_lc="$(cat $manifests 2>/dev/null | tr '[:upper:]' '[:lower:]')"
+    [ -n "$spec_lc" ] && [ -n "$deps_lc" ] || return 0
+
+    # Engine -> concrete driver-dependency token (a dependency name, not prose).
+    # Keys are the engine names we look for in the SPEC; values are the package
+    # tokens that prove the repo is wired to that engine.
+    _spec_db_driver_token() {
+        case "$1" in
+            postgres) printf '%s' 'pg|psycopg|postgresql|asyncpg|node-postgres|sequelize-postgres|gorm.io/driver/postgres' ;;
+            mongodb)  printf '%s' 'mongoose|pymongo|mongodb|motor|go.mongodb.org/mongo-driver' ;;
+            mysql)    printf '%s' 'mysql|mysql2|pymysql|mysqlclient|gorm.io/driver/mysql' ;;
+            *)        printf '' ;;
+        esac
+    }
+    # Does the spec name engine $1? Match unambiguous engine names only.
+    _spec_names_engine() {
+        case "$1" in
+            postgres) printf '%s' 'postgres\|postgresql' ;;
+            mongodb)  printf '%s' 'mongodb\|mongo db\|mongo database' ;;
+            mysql)    printf '%s' 'mysql' ;;
+            *)        printf '' ;;
+        esac
+    }
+
+    local engines="postgres mongodb mysql"
+    local spec_engine other_engine
+    for spec_engine in $engines; do
+        local spec_pat
+        spec_pat="$(_spec_names_engine "$spec_engine")"
+        [ -n "$spec_pat" ] || continue
+        printf '%s' "$spec_lc" | grep -q -e "$spec_pat" || continue
+
+        # Spec names this engine. Is the repo wired to a DIFFERENT one, with no
+        # driver for the spec's engine?
+        local spec_engine_token
+        spec_engine_token="$(_spec_db_driver_token "$spec_engine")"
+        # If the repo DOES declare a driver for the spec's engine, there is no
+        # conflict (they agree) -- skip.
+        if printf '%s' "$deps_lc" | grep -E -q -- "$spec_engine_token"; then
+            continue
+        fi
+
+        for other_engine in $engines; do
+            [ "$other_engine" = "$spec_engine" ] && continue
+            # PRECISION guard: if the spec ALSO names other_engine, this is not an
+            # unambiguous conflict -- the spec is discussing both engines (e.g.
+            # "we chose MongoDB over PostgreSQL"). Skip rather than false-fire on
+            # a good spec, since a false contradiction would block it to max-iter.
+            local other_spec_pat
+            other_spec_pat="$(_spec_names_engine "$other_engine")"
+            if [ -n "$other_spec_pat" ] && printf '%s' "$spec_lc" | grep -q -e "$other_spec_pat"; then
+                continue
+            fi
+            local other_token
+            other_token="$(_spec_db_driver_token "$other_engine")"
+            [ -n "$other_token" ] || continue
+            if printf '%s' "$deps_lc" | grep -E -q -- "$other_token"; then
+                # UNAMBIGUOUS: spec names X, repo declares a Y driver, repo has
+                # no X driver. Record one high/contradictory external finding.
+                local gap assumption
+                gap="External contradiction: the spec specifies the ${spec_engine} database, but this repository declares a ${other_engine} driver dependency and no ${spec_engine} driver."
+                assumption="UNRESOLVED CONTRADICTION: the spec and the existing code disagree on the database engine and this cannot be assumed away; a human must reconcile the spec with the repo before building."
+                spec_ledger_write \
+                    "$gap" \
+                    "$assumption" \
+                    "external: spec vs repo dependencies" \
+                    "high" \
+                    "contradictory" \
+                    "data-store" \
+                    "external-check"
+                # One database-engine conflict is enough to block; stop scanning.
+                return 0
+            fi
+        done
+    done
+    return 0
+}
+
 # ---------------------------------------------------------------------------
 # Fold prd-analyzer's deterministic missing-dimension assumptions into the
 # ledger as medium (non-blocking). Reads .loki/prd-observations.md "Assumptions
@@ -371,6 +573,16 @@ print("%d %d" % (total, high))
 # Auto-acknowledgment lifecycle helper: set acknowledged=true on every ledger
 # entry. run.sh calls this once an iteration AFTER assumptions are injected into
 # the build prompt (unless LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1). Best-effort.
+#
+# P2-4 EXCEPTION: class=contradictory entries are NEVER auto-acknowledged. A gap
+# can be assumed away (auto-ack records that the implementer-default was taken),
+# but a contradiction is unresolvable by assumption -- there is no default that
+# satisfies "X and not-X". Auto-acknowledging it would silently clear the
+# completion gate and let "done" be declared over an internally inconsistent
+# spec. So a contradiction stays acknowledged=false until a human confirms a
+# resolution (sets confirmed=true). This is deliberately the same teeth the
+# LOKI_ASSUMPTIONS_REQUIRE_CONFIRM=1 path applies to ALL entries, scoped here to
+# just contradictions in default autonomous mode. See the design note below.
 # ---------------------------------------------------------------------------
 spec_ledger_acknowledge_all() {
     [ "${LOKI_ASSUMPTIONS_REQUIRE_CONFIRM:-0}" = "1" ] && return 0
@@ -388,6 +600,9 @@ for p in glob.glob(os.path.join(d, "a-*.json")):
         continue
     if r.get("acknowledged"):
         continue
+    # P2-4: a contradiction cannot be assumed away, so it is never auto-acked.
+    if r.get("class") == "contradictory":
+        continue
     r["acknowledged"] = True
     fd, tmp = tempfile.mkstemp(dir=os.path.dirname(p), suffix=".tmp")
     try:
@@ -531,6 +746,11 @@ spec_interrogation_run() {
     # (works with no provider) so degrade still surfaces something.
     spec_ledger_fold_prd_observations || true
 
+    # P2-4: best-effort EXTERNAL contradiction check (spec vs repo deps). Runs
+    # with no provider (it is pure file inspection) and is intentionally narrow
+    # (high-confidence DB-engine conflict only) so it never blocks a clean spec.
+    spec_interrogation_external_check "$spec_path" || true
+
     spec_ledger_rebuild_md || true
 
     local counts total high

package/autonomy/spec.sh

@@ -470,12 +470,17 @@ PYEOF
 # drift check quietly and, on drift, emits ONE SPEC_DRIFT record to stdout in
 # the verify finding TSV shape:
 #     severity \t category \t source \t file \t line \t message
-# Severity is Medium (-> CONCERNS, per the task). Graceful no-op (prints
-# nothing, returns 0) when there is no lock or the spec cannot be resolved.
+# Severity is High (-> BLOCKED under verify's default --block-on critical,high).
+# A spec lock is an explicit human declaration that "this spec is the contract"
+# (loki spec lock / sync), so once it exists, real drift is a blocking gate, not
+# a soft concern. Graceful no-op (prints nothing, returns 0) when there is no
+# lock or the spec cannot be resolved, so an unlocked / first-run workflow is
+# never blocked.
 #
 # This function is intentionally side-effect-light for the verify caller: it
-# still writes the drift-report.json (a useful artifact) but never blocks and
-# never prints to the verify human channel.
+# still writes the drift-report.json (a useful artifact) and never prints to the
+# verify human channel; the BLOCK is delivered purely via the High finding the
+# verify verdict logic consumes.
 # ---------------------------------------------------------------------------
 spec_verify_hook() {
     local out_dir="${1:-$SPEC_DIR_DEFAULT}"
@@ -485,16 +490,17 @@ spec_verify_hook() {
     local spec_path
     # Prefer the spec path recorded in the lock; fall back to resolution.
     spec_path="$(python3 -c 'import sys,json; print(json.load(open(sys.argv[1])).get("spec_path",""))' "$lock_file" 2>/dev/null || echo "")"
-    # MEDIUM-4: the lock recorded a spec path but that file is now MISSING (the
-    # locked spec was deleted). That is real drift -- the contract the lock binds
-    # no longer exists -- so emit a Medium spec_drift finding instead of silently
-    # returning 0. NEVER fall back to spec_resolve_source here: comparing against
-    # a different candidate file would mask the deletion and attest a spec that is
-    # not the locked one. The empty-spec_path case below is a SEPARATE, legitimate
-    # fallback (legacy locks that never recorded a path).
+    # The lock recorded a spec path but that file is now MISSING (the locked spec
+    # was deleted). That is real drift -- the contract the lock binds no longer
+    # exists -- so emit a High spec_drift finding (blocking, consistent with the
+    # content-drift finding below) instead of silently returning 0. NEVER fall
+    # back to spec_resolve_source here: comparing against a different candidate
+    # file would mask the deletion and attest a spec that is not the locked one.
+    # The empty-spec_path case below is a SEPARATE, legitimate fallback (legacy
+    # locks that never recorded a path).
     if [ -n "$spec_path" ] && [ ! -f "$spec_path" ]; then
         printf '%s\t%s\t%s\t%s\t%s\t%s\n' \
-            "Medium" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" \
+            "High" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" \
             "locked spec file missing: $spec_path (the spec is the contract; restore it or run 'loki spec sync' after review to re-lock against the current spec)"
         return 0
     fi
@@ -523,9 +529,10 @@ PYEOF
 )"
     [ -n "$summary" ] || return 0
 
-    # Emit one Medium SPEC_DRIFT finding in the verify TSV shape.
+    # Emit one High SPEC_DRIFT finding in the verify TSV shape (blocking under
+    # verify's default --block-on critical,high; only reachable when a lock exists).
     printf '%s\t%s\t%s\t%s\t%s\t%s\n' \
-        "Medium" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" "$summary"
+        "High" "spec_drift" "deterministic:loki-spec" "$spec_path" "null" "$summary"
     return 0
 }
 
@@ -572,8 +579,10 @@ EXIT CODES:
 
 VERIFY INTEGRATION:
     When .loki/spec/spec.lock exists, `loki verify` runs the drift check and
-    adds a Medium-severity SPEC_DRIFT finding on drift, which maps to a CONCERNS
-    verdict. No lock = graceful no-op.
+    adds a High-severity SPEC_DRIFT finding on drift, which BLOCKS verify under
+    its default --block-on critical,high. Locking is an explicit declaration
+    that the spec is the contract, so post-lock drift is a hard gate. No lock =
+    graceful no-op (gate skipped, never blocks an unlocked / first-run workflow).
 
 EOF
 }

package/autonomy/verify.sh

@@ -453,11 +453,104 @@ verify_gate_static() {
 }
 
 # ---------------------------------------------------------------------------
-# Gate: secret scan (NET-NEW). gitleaks if available, otherwise a regex
-# fallback over the PR-diff files. A planted credential is a Critical finding.
+# Gate: secret scan (NET-NEW).
+#
+# WHAT IS SCANNED:
+#   Only the files in the PR diff (merge-base(base,HEAD)..HEAD), i.e. the net
+#   change being verified. Pre-existing secrets in untouched files are NOT
+#   scanned by design: a verifier attests that THE CHANGE is safe, and blocking
+#   on legacy secrets is the #1 false-positive-fatigue failure (spec 7.2).
+#   Binary files are skipped.
+#
+# WHEN IT RUNS:
+#   As a gate inside `loki verify`, after generation/edits and BEFORE the change
+#   is treated as VERIFIED. A real secret here forces a non-VERIFIED verdict.
+#
+# GITLEAKS vs FALLBACK:
+#   - If `gitleaks` is on PATH, it scans each changed file (filesystem mode,
+#     `detect --no-git --source`). Any hit -> Critical finding for that file.
+#   - If gitleaks is NOT installed, a documented two-tier regex fallback runs
+#     (see verify_secret_scan_file). The fallback is a deterministic safety net,
+#     not a replacement for a full scanner; gitleaks is recommended for depth.
+#
+# BLOCKING GUARANTEE:
+#   Every detected secret is emitted as a Critical finding. The default
+#   --block-on is "critical,high" (verify_main), so verify_compute_verdict sets
+#   verdict=BLOCKED and exit=2 (VERIFY_EXIT_BLOCKED). The scan BLOCKS, it does
+#   not merely warn. (Operators who pass a narrower --block-on accept the risk.)
+#
+# FOLLOW-UP (deferred, honest): a true pre-WRITE hook that scans generated bytes
+#   BEFORE they touch disk would be stronger still, but it must hook every write
+#   path in run.sh (out of scope for this verify.sh slice). The gate here is the
+#   strong post-generation / pre-completion scan; the pre-write hook is tracked
+#   as a follow-up and is NOT claimed to exist.
 #
 # skipped = no changed files to scan.
 # ---------------------------------------------------------------------------
+
+# Two-tier regex secret matcher for a single file. Echoes nothing; returns 0 if
+# a high-confidence secret is found, 1 otherwise. Used ONLY by the fallback path
+# (gitleaks absent). Kept as a standalone function so the test suite can drive it
+# and so the two tiers are documented in one place.
+#
+# TIER 1 -- specific credential FORMATS. A match is conclusive on its own: the
+#   string already looks exactly like a real credential, so we do NOT apply the
+#   placeholder filter (a leaked key is a leak even if a comment says EXAMPLE).
+#
+# TIER 2 -- generic long quoted-value assignments (api_key="...", bearer
+#   tokens). This is a length + charset heuristic (>=16 contiguous secret-charset
+#   chars), NOT a true Shannon-entropy measure. These are false-positive magnets,
+#   so a match is only counted if the matched LINE survives the placeholder /
+#   env-reference deny filter. That keeps obvious non-secrets (your-api-key-here,
+#   REDACTED, ${API_KEY}, process.env.X) clean.
+verify_secret_scan_file() {
+    local file="$1"
+
+    # TIER 1: specific formats. No deny filter -- a format match is a finding.
+    local tier1=(
+        'AKIA[0-9A-Z]{16}'                          # AWS access key id
+        'ASIA[0-9A-Z]{16}'                          # AWS temporary (STS) key id
+        '-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----'     # PEM private key block
+        'gh[pousr]_[A-Za-z0-9]{36,}'                # GitHub token (ghp_/gho_/...)
+        'github_pat_[A-Za-z0-9_]{60,}'              # GitHub fine-grained PAT
+        'xox[baprs]-[A-Za-z0-9-]{10,}'              # Slack token (xoxb-/xoxp-/...)
+        'sk-[A-Za-z0-9]{20,}'                       # OpenAI-style secret key
+        'AIza[0-9A-Za-z_-]{35}'                     # Google API key
+        'glpat-[A-Za-z0-9_-]{20,}'                  # GitLab personal access token
+    )
+    local p
+    for p in "${tier1[@]}"; do
+        # -e terminates option parsing so patterns beginning with '-' (the PEM
+        # "-----BEGIN ... PRIVATE KEY-----" block) are not mistaken for a flag.
+        if LC_ALL=C grep -Eq -e "$p" "$file" 2>/dev/null; then
+            return 0
+        fi
+    done
+
+    # Deny filter for TIER 2: a matched line is IGNORED if it is plainly a
+    # placeholder or an environment-variable reference rather than a literal.
+    #   - env refs:   ${VAR}, $VAR, process.env.X, os.environ/os.getenv, %VAR%
+    #   - placeholders: your-/your_..., redacted, changeme, placeholder, example,
+    #                   dummy/sample/fake, xxxx+, <...>, runs of 4+ asterisks
+    #     ("test" is deliberately NOT denied -- too common, would mask real keys)
+    local deny='(\$\{|\$[A-Za-z_]|process\.env|os\.(environ|getenv)|%[A-Za-z_]+%|your[-_]|redacted|changeme|change[-_]me|placeholder|example|dummy|sample|fake|<[^>]*>|x{4,}|\*{4,})'
+
+    # TIER 2: generic assignments. Grab matching lines, drop denied ones, count.
+    # api_key / apikey / secret / token / password / passwd / access_key, an
+    # assignment operator (= or :), then a quoted >=16-char high-entropy value.
+    local tier2='(api[_-]?key|secret|token|password|passwd|access[_-]?key|client[_-]?secret|auth)[A-Za-z0-9_]*[[:space:]]*[:=][[:space:]]*["'"'"']?[A-Za-z0-9_/+.=-]{16,}'
+    # Bearer tokens: "Bearer <>=20 high-entropy chars>".
+    local bearer='[Bb]earer[[:space:]]+[A-Za-z0-9_.\-]{20,}'
+
+    local surviving
+    surviving="$(LC_ALL=C grep -EiI "$tier2|$bearer" "$file" 2>/dev/null \
+        | LC_ALL=C grep -Eiv "$deny" 2>/dev/null)"
+    if [ -n "$surviving" ]; then
+        return 0
+    fi
+    return 1
+}
+
 verify_gate_secret_scan() {
     local tree="$1"
     local changed="$VERIFY_DIFF_NAMES"
@@ -504,17 +597,10 @@ verify_gate_secret_scan() {
         return 0
     fi
 
-    # High-confidence credential patterns. Conservative on purpose to limit
-    # false positives (spec Section 7.2).
-    local patterns=(
-        'AKIA[0-9A-Z]{16}'                                  # AWS access key id
-        '-----BEGIN [A-Z ]*PRIVATE KEY-----'                # PEM private key
-        'gh[pousr]_[A-Za-z0-9]{36,}'                        # GitHub token
-        'xox[baprs]-[A-Za-z0-9-]{10,}'                      # Slack token
-        'sk-[A-Za-z0-9]{20,}'                               # OpenAI-style key
-        'AIza[0-9A-Za-z_-]{35}'                             # Google API key
-    )
-
+    # High-confidence two-tier matcher (verify_secret_scan_file): tier 1 specific
+    # credential formats flag unconditionally; tier 2 generic assignments flag
+    # only when the line survives the placeholder/env-ref deny filter. Conservative
+    # on purpose to limit false positives (spec Section 7.2).
     local hits=0
     local detail=""
     local f
@@ -523,16 +609,12 @@ verify_gate_secret_scan() {
         [ -f "$tree/$f" ] || continue
         # Skip obvious binaries.
         if LC_ALL=C grep -Iq . "$tree/$f" 2>/dev/null; then : ; else continue; fi
-        local p
-        for p in "${patterns[@]}"; do
-            if grep -Eq "$p" "$tree/$f" 2>/dev/null; then
-                hits=$((hits + 1))
-                detail="${detail}${f} "
-                _verify_add_finding "Critical" "security" "deterministic:regex-secret-scan" "$f" "null" \
-                    "Potential hardcoded secret detected in $f (matched a high-confidence credential pattern)."
-                break
-            fi
-        done
+        if verify_secret_scan_file "$tree/$f"; then
+            hits=$((hits + 1))
+            detail="${detail}${f} "
+            _verify_add_finding "Critical" "security" "deterministic:regex-secret-scan" "$f" "null" \
+                "Potential hardcoded secret detected in $f (matched a high-confidence credential pattern)."
+        fi
     done <<<"$changed"
 
     if [ "$hits" -eq 0 ]; then
@@ -975,9 +1057,9 @@ EOF
 # Living-spec drift gate (integration with autonomy/spec.sh).
 #
 # When .loki/spec/spec.lock exists, source the spec module and run its
-# verify hook, which emits at most one SPEC_DRIFT finding (Medium -> CONCERNS)
-# in the verify finding TSV shape. Records a gate row either way so the
-# evidence document shows the spec was checked. Fully graceful: no lock, no
+# verify hook, which emits at most one SPEC_DRIFT finding (High -> BLOCKED when
+# the spec is locked) in the verify finding TSV shape. Records a gate row either
+# way so the evidence document shows the spec was checked. Fully graceful: no lock, no
 # module, or a hook error all degrade to a skipped gate and never abort verify.
 # ---------------------------------------------------------------------------
 verify_spec_drift_gate() {

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.49.0"
+__version__ = "7.51.0"
 
 # Expose the control app for easy import
 try: