diff --git a/docs/dev-loop-spec.md b/docs/dev-loop-spec.md
index 041383a..670f276 100644
--- a/docs/dev-loop-spec.md
+++ b/docs/dev-loop-spec.md
@@ -232,6 +232,7 @@ These are statically checked by `~/.openclaw/workspace/scripts/test/check-invari
 | S7 | SPAWN:impl guarded by `ACTIVE_WIP == 0` check |
 | S8 | No merge calls in any worker template |
 | S9 | Zero close-PR API calls in dispatch script (`state=closed` does not appear) |
+| S10 | No close-PR API calls in any worker template; every worker template contains `NEVER close a PR` |
 
 ---
 
@@ -273,7 +274,7 @@ Every worker template begins with an `⛔ ABSOLUTE CONSTRAINTS` section containi
 - **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only.
 - **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first.
 
-These constraints are enforced by S1, S8, and S9 in `check-invariants.sh` (for the dispatch script) and by the template text itself (for workers).
+These constraints are statically enforced by `check-invariants.sh`: S1 and S9 cover the dispatch script (no merge, no close); S8 and S10 cover worker templates (no merge calls, no close calls, and NEVER-close text present in each).
 
 ---
 
@@ -294,5 +295,6 @@ Worker templates were missing an explicit constraint against closing PRs. The di
 script never had a close call, but workers could reason their way into calling
 `PATCH /pulls/{id}` with `state=closed`. All worker templates now include
 `NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies
-the dispatch script contains no close calls. The regression test in `dispatch.bats`
-verifies the same statically.
+the dispatch script contains no close calls. Invariant S10 verifies
+worker templates contain no close calls and each contains the NEVER-close text. Regression
+tests in `dispatch.bats` verify all of this statically.