diff --git a/scripts/check-no-upstream-edits.sh b/scripts/check-no-upstream-edits.sh
index 690eb77..01205a7 100755
--- a/scripts/check-no-upstream-edits.sh
+++ b/scripts/check-no-upstream-edits.sh
@@ -8,6 +8,19 @@
 # Spec: sethlabels-docs/specs/2026-04-29-packaging-design.md §5.5 (I1, F1)
 set -euo pipefail
 
+# Refuse to run silently if upstream/master ref is missing (spec §F1 — the
+# guardrail's contract is "abort on drift," not "abort on drift IF the ref
+# happens to be present"). Without this check, a fresh clone or
+# broken-remote environment would silently pass the committed-drift check.
+if ! git rev-parse --verify upstream/master >/dev/null 2>&1; then
+  echo "ERROR: upstream/master ref not found." >&2
+  echo "  Configure the upstream remote and fetch:" >&2
+  echo "    git remote add upstream https://github.com/j-evins/glabels-qt.git" >&2
+  echo "    git fetch upstream" >&2
+  echo "  See sethlabels-docs/specs/2026-04-29-packaging-design.md §6 (release flow step 1)." >&2
+  exit 1
+fi
+
 # Allowlist: files/dirs sethLabels is permitted to add or modify.
 # `.gitignore` is the one upstream-file exception (called out in spec §2).
 allowed_pattern='^\.gitignore$|^\.claude/|^scripts/|^packaging/|^sethlabels-docs/|^tests-impl/|^README\.sethlabels\.md$|^CLAUDE\.md$|^IDEA\.md$|^DECISIONS\.md$'
diff --git a/tests-impl/test-check-no-upstream-edits.bats b/tests-impl/test-check-no-upstream-edits.bats
index aa9a68f..952f661 100644
--- a/tests-impl/test-check-no-upstream-edits.bats
+++ b/tests-impl/test-check-no-upstream-edits.bats
@@ -106,3 +106,16 @@ make_test_repo() {
   run "$SCRIPT"
   [ "$status" -eq 0 ]
 }
+
+@test "exits 1 when upstream/master ref is missing" {
+  TMP_REPO=$(make_test_repo)
+  cd "$TMP_REPO"
+  # Delete the upstream/master ref we set in make_test_repo.
+  git update-ref -d refs/remotes/upstream/master
+  # Modify an upstream file in working tree — would normally trigger violation.
+  echo "edit" >> glabels-source.cpp
+
+  run "$SCRIPT"
+  [ "$status" -eq 1 ]
+  [[ "$output" == *"upstream/master ref not found"* || "$stderr" == *"upstream/master ref not found"* ]]
+}