Skip to content

v0.1.0-beta.3 - config trust-boundary + honesty

Pre-release
Pre-release

Choose a tag to compare

@HetCreep HetCreep released this 09 Jul 05:37
v0.1.0-beta.3
2455559

Second CoalBoard dogfood pass (full mirror, nasa) — the config trust-boundary and two honesty over-claims.

  • [MED] an untrusted project config could weaken a global safety/privacy choice. The two-level cascade let a cloned repo's config flip a user's global localOnly:true to false, or a global off back on. Safety-shaping keys now merge monotonically (safer-value-wins): localOnly is OR'd, and mode/updateMode may only move toward the safer end. This preserves "shut off per project" (off is the safe end, always allowed) while closing the hole. +4 regression tests.
  • [MED honesty] "zero fact-loss proven by code" scoped to STRUCTURED tokens (a prose fact rests on the semantic reviewers + you — what the module already says).
  • [MED honesty] localOnly reworded from an absolute code guarantee to the mode the contract runs, with the flag now merge-protected.