CONCEPT Cited by 1 source
Coverage cell¶
An (area × attack-class) matrix cell used to measure and track vulnerability scanning completeness across a codebase.
Definition¶
Each repository is decomposed into a grid where: - Area: a distinct subsystem, module, or code region within the repo - Attack class: a category of vulnerability (injection, memory corruption, timing side-channel, etc.)
Each cell represents "has this attack class been adequately tested against this area?" The Gapfill agent iteratively generates new hunt tasks for empty or under-tested cells until it stops producing findings.
Measurement¶
When prompts are updated, they are tested against a held-out repository to verify the total coverage-cell count actually moves — preventing prompt changes that reduce coverage.
Cost dynamics¶
Each additional gapfill pass costs roughly half as much as the initial hunt, making Gapfill the primary cost-to-coverage lever.
Seen in¶
- systems/cloudflare-vulnerability-discovery-harness — coverage-cell grid is the gapfill termination criterion
Related¶
- concepts/producer-consumer-loop — gapfill feeds cells back into the hunt queue
- concepts/shallow-run-detection — complements cell-based measurement with health signals