v0.1.0-beta.3 - config trust-boundary + honesty
Pre-release
Pre-release
Second CoalBoard dogfood pass (full mirror, nasa) — the config trust-boundary and two honesty over-claims.
- [MED] an untrusted project config could weaken a global safety/privacy choice. The two-level cascade let a cloned repo's config flip a user's global localOnly:true to false, or a global off back on. Safety-shaping keys now merge monotonically (safer-value-wins): localOnly is OR'd, and mode/updateMode may only move toward the safer end. This preserves "shut off per project" (off is the safe end, always allowed) while closing the hole. +4 regression tests.
- [MED honesty] "zero fact-loss proven by code" scoped to STRUCTURED tokens (a prose fact rests on the semantic reviewers + you — what the module already says).
- [MED honesty] localOnly reworded from an absolute code guarantee to the mode the contract runs, with the flag now merge-protected.