Skip to content

CoalTipple v1.0.17 — CoalBoard-audit hardening

Choose a tag to compare

View all tags
@HetCreep HetCreep released this 20 Jun 14:53
· 14 commits to main since this release
v1.0.17
This tag was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.
740b99f
This commit was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.

CoalBoard-audit hardening (dogfood). The shipped plugin/ runtime is unchanged — these fix the user-run CLIs + the grade reference.

Fixed

  • H1 configure.mjs — editing the last config key no longer corrupts the file (preserve comma state + validate-before-write).
  • H2 (security) grade.mjs — the never-delegate-down hard gate is no longer bypassable: the sensitive-path check now runs over the pre-exclusion list and EXCLUDE matches by whole path segment (a path containing an exclude substring like src/auth-dist/login.js can no longer slip the gate). Also fixes the size under-count.
  • M6/M7 configure.mjs arg-parse — trailing // comment preserved; a strArr flag no longer swallows a following flag; -p collision resolved (-P = updateCheckDays).

Removed

  • M8 build-skill.mjs parked cross-platform dead code (YAGNI).

Found by a CoalBoard dogfood audit; each fix verified (135/135 tests, verify PASS).

Assets 2
Loading