Skip to content

CoalTipple v1.0.18 - never-down gate hardened (CT-1/CT-2)

Choose a tag to compare

View all tags
@HetCreep HetCreep released this 20 Jun 18:22
· 13 commits to main since this release
v1.0.18
This tag was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.
a63bf11
This commit was signed with the committer’s verified signature.
HetCreep
SSH Key Fingerprint: 0osv9sipbbl2qmrI00rRA3kcEKs4ZuS+FBihPD/c8DU
Verified
Learn about vigilant mode.

Round-2 audit (CoalBoard whole-Colliery) — the never-delegate-down gate hardened against a config bypass. PATCH — security fixes; the shipped plugin/ runtime is unchanged.

Fixed

  • CT-1 (HIGH · security): scripts/lib/grade.mjssensitivePaths now UNIONs the config with DEFAULT_SENSITIVE instead of REPLACING it. The documented configure.mjs --sensitive <path> workflow used to DROP the built-in crypto/auth/payment/token/session fragments → a sensitive file + a neutral prompt graded sensitive:false → eligible for delegate-DOWN, defeating the never-down guarantee. (excludePaths UNIONs too.)
  • CT-2 (MED · security): mergeKeywordGroups no longer lets a config WEAKEN a built-in sensitive group — the factory sensitive/preserveVoice flags stay set and the grade can't drop below the factory floor.

Update: claude plugin update coaltipple@coaltipple + restart. Gate: build + verify + 135 tests PASS.

Assets 2
Loading