Clean up spec terminology in public docs and comments

[dcellison]

Summary

• Remove "spec" jargon from contributor-facing text in CONTRIBUTING.md (specs are internal constructs external contributors never see)
• Trim the historical narrative in review.py's spec resolution comment to a concise policy statement
• No code or test changes

Test plan

• All 901 tests pass
• Verified CONTRIBUTING.md lines 83-84 (collaborator section spec: reference) left unchanged
• Verified README.md "spec compliance" mention left unchanged

[dcellison]

Review by Kai

Overall: clean PR with one warning worth discussing.

---

Warning — src/kai/review.py, deleted lines 115-124

The trimmed comment contained two pieces of load-bearing security rationale that the replacement loses:

1. The boundary-token limitation: The original explicitly noted that random boundary tokens (PR Harden review prompt against XML tag injection #90) prevent structural injection but not semantic injection — i.e., content inside the boundary can still influence the model's behavior. The new comment just says external content "is never fed in," with no explanation of why or the subtlety that boundaries alone aren't sufficient.

2. The future-agent warning: The original called out that avoiding this pattern matters especially to prevent future agents (which may have tools) from inheriting it. That forward-looking constraint is now gone.

The PR description frames this as removing "historical narrative," but these are active design constraints, not history. A future contributor who sees a short "humans create local spec files manually" comment has far less reason to resist the temptation to re-introduce issue-body fetching than one who reads a comment explaining the structural vs. semantic injection distinction.

Suggestion: Keep the two-sentence policy statement but retain the injection-type distinction and the agent-inheritance warning. Something like:

# Specs are loaded from the local filesystem only. External content
# (GitHub issue bodies, third-party input) is never fed into the
# review agent's Claude session. A human reviews external input and
# creates local spec files manually.
#
# Note: random boundary tokens prevent structural injection (delimiter
# escape) but not semantic injection — content inside the boundary can
# still influence model behavior. This restriction should not be
# relaxed for future agents, which may have tools.

---

Everything else

• CONTRIBUTING.md changes: Clean. The terminology swap from "spec" to "proposal/write-up" is consistent throughout the touched lines, and the PR correctly left the collaborator-section spec: label reference (line 83-84) and README mention untouched as noted.
• No bugs, no logic errors, no auth or data-exposure issues. No style violations.

[dcellison]

Review by Kai

Clean PR. Prior review concern fully addressed.

The review.py comment now matches the suggested text from the prior review almost exactly — both the structural-vs-semantic injection distinction and the future-agent warning are retained. Only cosmetic difference is an em-dash vs hyphen, which is fine.

CONTRIBUTING.md: Terminology swaps are consistent and correct. The deliberately-preserved lines (collaborator spec: label reference, README mention) are confirmed untouched per the test plan.

No bugs, no logic errors, no security issues, no style violations. Nothing new to raise.