CoalTipple v1.0.11

A comprehensive vulnerability hunt (4 parallel scanners + an adversarial work-review pass) — safety-gate, routing-correctness, config-honesty, and worldwide-language fixes.

Fixed

• The never-down sensitive gate could be breached by a mis-cased / typo'd floor. resolveWorker matched floorTier case-sensitively, so a typo fell through (indexOf -1 → Math.max(-1,0)=0) and collapsed a SENSITIVE task to the cheapest tier under a limit-hit. Now case-normalized + fail-safe (an unrecognized floor returns null, never the floor).
• Non-English sensitive prompts lost the deterministic safety flag. The keyword grader + the conductor hint match English literals only. The Step-2 HARD GATE now names the model the sensitive-gate authority for non-English (grade by MEANING), and the conductor injects a generic non-Latin-script nudge. (The model layer has been multilingual since 1.0.9; this closes the deterministic backstop.)
• mode and per-domain disableRouting were documented but dead. mode:"off" still routed; disableRouting:["coding"] did nothing. Both are now wired (the sensitive HARD GATE overrides mode).
• The grade keyword matcher over-matched (token→"tokenizer", crypto→"cryptocurrency") then a fix under-matched. Fixed with a stem (*) vs whole-word convention — and the common plurals (tokens/secrets/passwords/sessions/payments/deadlocks/mutexes) are now listed so a plural no longer escapes the never-down flag.
• modelTiers pin doc cheap → low · project config now anchors at the git root (not raw cwd) · strict validateRanking (rejects array / {} / missing-key / non-array / all-empty / complete-truthy) · verify.mjs uses the shared stripJsonc · grade() degrades on null input.

Added

• Regression tests across every fix. 110 tests, verify PASS.

---

Update: claude plugin update coaltipple@coaltipple + restart Claude Code.