11/11
known-bad killed
Careful, bold, compliant, terse — turn all four dials up inside one model and they fight. You don't train the tension out. You architect around it: route the task through the right deterministic check. LAPLACE is that check.
per repo · base pack + custom rules + offline license · no sales call, no lock-in
# the scanner flagged 12 lines. the gate keeps the two that are real. KILL src/api.py CWE-502 pickle.loads deserialises untrusted data KILL src/db.py CWE-89 SQL built from a dynamic string PASS src/util.py # none of the 8 classes -> commit proceeds PASS src/io.py # style noise another scanner screams about -> dropped receipt 8f197b6c2047a2a6 # same code + ruleset -> same hash, every run
Honest scope: PASS means "none of the active rules fired," not "safe." A focused checker, not a scanner. Two pre-registered hypotheses are still marked NOT PROVEN on /kruc.
Not an everything-model. A system that sends each task to the check that can actually answer it.
# .pre-commit-config.yaml repos: - repo: github.com/blacktrace-hq/laplace rev: v1.0.0 hooks: - id: laplace-gate $ pre-commit install # real issues block the commit; noise passes
# .github/workflows/laplace.yml - uses: blacktrace-hq/laplace@v1 with: path: . license: ${{ secrets.LAPLACE_LICENSE }} # red on a real issue, green on clean, receipt as a CI artifact
# author rules with the license unlocked open blacktrace.co/laplace/build # pick primitives -> preview the verdict live -> download # .laplace/config.yml -> commit -> your rules run in CI