CoalTipple v1.0.20

PATCH — board-audit fixes (verify-triaged from the whole-Colliery nasa board); bugfixes + doc accuracy, routing unchanged.

• Hermetic test isolation — the conductor/install spawn tests delete env.CLAUDE_CONFIG_DIR so they can't read/write a real config dir on a machine/CI where it's set.
• config-path-sync comment corrected — it substring-checks the path segment, NOT the findGitRoot function body (the comment claimed a guarantee the gate doesn't make).
• conductor updateCheckDays now applies the schema bound (int 1-365) — a 1.5/99999 value no longer slips through.
• README "Workers cannot spawn nested subagents" → the by-policy framing (the capability claim was the pre-2.1.172 framing the project disavowed; nesting is on since 2.1.172).
• PRIVACY.md — the model ranking is GLOBAL ~/.claude/.coaltipple/ranking.json (not project-scoped); the .claude/ segment restored on the project-config path.
• factory config xhigh → max (effort ladder is low→max); config comments — modelTiers drops the non-existent local tier, keywords adds the omitted audit group, config-load.mjs header path corrected.

Gate: build (2-step) + 135 tests + verify PASS. Update: claude plugin update coaltipple@coaltipple + restart.

CoalTipple v1.0.19

PATCH — SKILL.md load-path carve (token economy); routing behavior unchanged.

• #9 carve — the always-resident SKILL.md body compressed −29% (32,295 → 22,875 chars): the rare ranking-rebuild procedure + rationale → references/lock.md, and the damage-control mechanics + memory-anchor lifecycle + self-error-report → references/damage-control.md (loaded on-demand, off the every-prompt routing path). Every auto-path behavior stays resident — grade rubric, the TIER×EFFORT route table, the sensitive HARD GATE, the qualityBar staircase, delegate-floor, budget-gate, spawn-fail-fall, the Lock's routing rules. Behavior preserved (weakest-model test); rolls the CoalBoard load-path carve (skill-authoring §4) to CoalTipple.

Gate: build (2-step) + 135 tests + verify PASS. Update: claude plugin update coaltipple@coaltipple + restart.

CoalTipple v1.0.18 - never-down gate hardened (CT-1/CT-2)

Round-2 audit (CoalBoard whole-Colliery) — the never-delegate-down gate hardened against a config bypass. PATCH — security fixes; the shipped plugin/ runtime is unchanged.

Fixed

• CT-1 (HIGH · security): scripts/lib/grade.mjs — sensitivePaths now UNIONs the config with DEFAULT_SENSITIVE instead of REPLACING it. The documented configure.mjs --sensitive <path> workflow used to DROP the built-in crypto/auth/payment/token/session fragments → a sensitive file + a neutral prompt graded sensitive:false → eligible for delegate-DOWN, defeating the never-down guarantee. (excludePaths UNIONs too.)
• CT-2 (MED · security): mergeKeywordGroups no longer lets a config WEAKEN a built-in sensitive group — the factory sensitive/preserveVoice flags stay set and the grade can't drop below the factory floor.

Update: claude plugin update coaltipple@coaltipple + restart. Gate: build + verify + 135 tests PASS.

CoalTipple v1.0.17 — CoalBoard-audit hardening

CoalBoard-audit hardening (dogfood). The shipped plugin/ runtime is unchanged — these fix the user-run CLIs + the grade reference.

Fixed

• H1 configure.mjs — editing the last config key no longer corrupts the file (preserve comma state + validate-before-write).
• H2 (security) grade.mjs — the never-delegate-down hard gate is no longer bypassable: the sensitive-path check now runs over the pre-exclusion list and EXCLUDE matches by whole path segment (a path containing an exclude substring like src/auth-dist/login.js can no longer slip the gate). Also fixes the size under-count.
• M6/M7 configure.mjs arg-parse — trailing // comment preserved; a strArr flag no longer swallows a following flag; -p collision resolved (-P = updateCheckDays).

Removed

• M8 build-skill.mjs parked cross-platform dead code (YAGNI).

Found by a CoalBoard dogfood audit; each fix verified (135/135 tests, verify PASS).

CoalTipple v1.0.16

Routing-safety hardening + a routing-savings benchmark.

• mergeKeywordGroups — a config keyword group now inherits the base group's flags and UNIONs its words (deduped), so a custom override can never silently drop a built-in sensitive word or flag (hardens the never-delegate-down gate).
• validateRanking — rejects a ranking where no routable tier holds a usable model (a local-only / empty-model ranking that reads green but routes to nothing).
• Routing-savings benchmark — main does it itself vs delegates to a cheap worker: ~70-75% cheaper to delegate a big mechanical task above the delegateMinLines floor (sensitive work is never delegated down). Recorded in the series benchmarks; the README links it.

Propagate: claude plugin update coaltipple@coaltipple then restart.

v1.0.15 — conductor guard + doc-accuracy

Conductor input-hardening + doc-accuracy.

• Conductor (C6) — valid-but-non-object stdin (null / a number / an array) no longer null-derefs; it falls back to {} so a malformed event still safely injects the contract. + a hermetic test.
• SECURITY.md — pins the last actual SkillSpector scan (v1.0.8); scanning is periodic, not per-release (an unscanned version is unverified).
• Config help — qualityBar / maxTotalAttempts trimmed to the one-line convention; disableRouting notes the domain is inferred from the task + its keyword group; xhigh→max (the effort ladder is low→max).
• SKILL.md — modelTiers documents the array (priority-chain) form.

Update: claude plugin update coaltipple@coaltipple + restart.

CoalTipple v1.0.14

Routing-core simplification — the model-ranking introspection layer is gone; routing now rides the alias floor + modelTiers pins.

Changed

• The ranking is ALWAYS the alias floor (haiku < sonnet < opus → low/mid/heavy, reasoning = opus) + your modelTiers pins — no introspection, no model-list enumeration, no refresh cadence. The platform resolves each alias to its best current model at spawn-time; an unfamiliar model → heavy (never cheap); a failed spawn falls (resolveWorker). The comprehensive vuln-hunt confirmed routing rides this tier STRUCTURE, not the (fragile) auto-introspected exact list.

Removed

• Dropped classifyModel / parseModel / buildHeuristicFloor / isBootstrapRanking / EMPTY_LIST_HASH; tombstoned the rankingMode and rankingRefreshDays config keys (a leftover key in an existing config is harmlessly ignored).

Preserved (byte-unchanged)

• resolveWorker (the sensitive never-down floor + spawn-fail-fall), the strict validateRanking, and all v1.0.11–1.0.13 safety features. Verified on a live Haiku main: it builds the alias floor without enumerating, and the sensitive never-down gate fires.

---

Update: claude plugin update coaltipple@coaltipple + restart Claude Code.

CoalTipple v1.0.13

Self-Updating (kind-1) — an opt-in, consent-gated update-check, silent by default. Ported from CoalMine v3.7.5.

Added

• New config updateMode (ask/auto/remind/off, factory ask) + updateCheckDays (factory 14). The conductor stays silent until updateCheckDays elapse since the last check (a crash-safe ~/.claude/.coaltipple-update-check stamp, throttled once per window), then: ask prompts once how to handle updates; auto has the agent compare the latest tag to the installed version and offer claude plugin update coaltipple@coaltipple (standing consent — the only token-spending path); remind is a free reminder; off is silent. The hook never networks or spends — the version-check lives only in the new /coaltipple:update agent procedure (graceful offline fallback). The per-prompt routing forcer is unchanged.
• (CoalMine's kind-2 gold-rule freshness scan is N/A here — CoalTipple has no gold-standard rules.)

---

Update: claude plugin update coaltipple@coaltipple + restart Claude Code.

CoalTipple v1.0.12

The "validated on Claude Code 2.1.143" version gate is lifted — routing is now stated as version-agnostic.

Changed

• The SKILL contract + conductor no longer tell the model to "rebuild + verify before relying" on a non-2.1.143 CC. They now state routing degrades safe on any Claude Code version — an unfamiliar model classifies as a strong tier (never cheap), a failed spawn falls to the next available, and the ranking self-heals on first route.
• Verified live across the 2.1.x line (2.1.143 + 2.1.177: self-heal, escalate-up, cross-tier spawn, and a pure-Thai sensitive prompt all routed correctly via relay-verify).
• README badge, live claim, compatibility note, and the CONTRIBUTING table updated to match; the stale "baseline stays 2.1.143 / re-verification in progress" hedging removed.

110 tests, verify PASS.

---

Update: claude plugin update coaltipple@coaltipple + restart Claude Code.

CoalTipple v1.0.11

A comprehensive vulnerability hunt (4 parallel scanners + an adversarial work-review pass) — safety-gate, routing-correctness, config-honesty, and worldwide-language fixes.

Fixed

• The never-down sensitive gate could be breached by a mis-cased / typo'd floor. resolveWorker matched floorTier case-sensitively, so a typo fell through (indexOf -1 → Math.max(-1,0)=0) and collapsed a SENSITIVE task to the cheapest tier under a limit-hit. Now case-normalized + fail-safe (an unrecognized floor returns null, never the floor).
• Non-English sensitive prompts lost the deterministic safety flag. The keyword grader + the conductor hint match English literals only. The Step-2 HARD GATE now names the model the sensitive-gate authority for non-English (grade by MEANING), and the conductor injects a generic non-Latin-script nudge. (The model layer has been multilingual since 1.0.9; this closes the deterministic backstop.)
• mode and per-domain disableRouting were documented but dead. mode:"off" still routed; disableRouting:["coding"] did nothing. Both are now wired (the sensitive HARD GATE overrides mode).
• The grade keyword matcher over-matched (token→"tokenizer", crypto→"cryptocurrency") then a fix under-matched. Fixed with a stem (*) vs whole-word convention — and the common plurals (tokens/secrets/passwords/sessions/payments/deadlocks/mutexes) are now listed so a plural no longer escapes the never-down flag.
• modelTiers pin doc cheap → low · project config now anchors at the git root (not raw cwd) · strict validateRanking (rejects array / {} / missing-key / non-array / all-empty / complete-truthy) · verify.mjs uses the shared stripJsonc · grade() degrades on null input.

Added

• Regression tests across every fix. 110 tests, verify PASS.

---

Update: claude plugin update coaltipple@coaltipple + restart Claude Code.