Skip to content

CoalBoard v1.2.0 - deterministic rigor-scaled tiering, scan-exclude, .github security, warm-resume

Choose a tag to compare

View all tags
@HetCreep HetCreep released this 20 Jun 20:22
· 17 commits to main since this release
v1.2.0
This tag was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.
19eaa0a
This commit was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.

Round-3 dogfood (the board run as a customer, every finding reported). MINOR — new config keys + deterministic behavior.

Added

  • rigorLensTiers — a deterministic rigor→lens-tier map (factory relaxed/standard → haiku · high → sonnet · nasa → opus). The lens model now scales with rigor and is READ from a table, so the assignment is identical every run — fixing both all-haiku-at-nasa under-powering and run-to-run non-determinism. The judge stays top-tier; the adversary always takes the rigor tier (≥ sonnet), never undetermined.
  • excludePaths is now a functional scan/audit exclude (was reserved/inert). The factory default unions the build/vcs dirs with the always-hard dev-contamination floor (CLAUDE.md/MEMORY.md/AGENTS.md/.claude/.agents); config adds to the floor, never weakens it (a lens must never read the dev governance).

Changed

  • CoalTipple ranking adopted (optional, series-interop) — inherit CT's ranking.json if installed (alias-floor authority + stable tier-structure + modelTiers pins + validity-lock + spawn-fail-fall); else the alias floor + rigorLensTiers suffice. CB stands alone.
  • .github / workflows = a SECURITY unit, never "just CI" — workflows are classified + audited (action SHA-pins, scanned/action version correctness, pull_request_target + untrusted checkout, ${{ github.event.* }} injection, over-broad permissions). Boarding-scope enumerates units FROM the scan, never re-derives "the tools" (the recurring .github skip-bias).
  • Pre-spawn scan is enumerate-only (classify by extension/path, no content read) — avoids burning 200k+ tokens and bloating main's context before any lens runs.
  • Warm-resume prefers platform SendMessage-resume over re-spawn-fresh (keeps the dead lens's accumulated work), triggered on budget-return (the quota reset OR a user refill, whichever first), never a fixed clock; any scheduled resume is idempotent.
  • Judge narrates verifies-vs-is-a-lens so a watcher is not alarmed when main runs ground-truth post-collapse; after a budget-collapse to an inline judge, the dead lens's domain is flagged NOT-CHECKED, never inline-generated.

Fixed

  • CT/CB issue-template version placeholders were stale (v1.0.0) and ungated → replaced with a number-free vX.Y.Z format hint that cannot rot.

Gate: build + verify + 28 tests PASS.

Assets 2
Loading