fix: enforce strict open-interval task scores

inference.py

@@ -26,6 +26,8 @@ MAX_STEPS = int(os.getenv("MAX_STEPS", "12"))
 TEMPERATURE = 0.0
 MAX_TOKENS = 260
 BENCHMARK = "code_security_auditor_env"
+MIN_STRICT_SCORE = 0.001
+MAX_STRICT_SCORE = 0.999
 
 SYSTEM_PROMPT = (
     "You are a senior application security reviewer. Produce strictly valid JSON for the next action. "
@@ -202,7 +204,7 @@ async def run_task(env: CodeSecurityAuditorEnv, client: OpenAI, task_id: str) ->
                 break
 
         score = float(obs.reward or 0.0)
-        score = min(max(score, 0.0), 1.0)
+        score = min(max(score, MIN_STRICT_SCORE), MAX_STRICT_SCORE)
         success = score >= 0.6
     except Exception as exc:
         # Keep evaluator contract: do not crash inference.py on transient/runtime errors.
@@ -210,7 +212,7 @@ async def run_task(env: CodeSecurityAuditorEnv, client: OpenAI, task_id: str) ->
         if not rewards:
             rewards.append(0.0)
         steps_taken = max(1, steps_taken)
-        score = 0.0
+        score = MIN_STRICT_SCORE
         success = False
     finally:
         log_end(success=success, steps=steps_taken, score=score, rewards=rewards)
@@ -232,7 +234,7 @@ async def main() -> None:
         for task_id in TASK_IDS:
             log_start(task=task_id, env=BENCHMARK, model=MODEL_NAME)
             log_step(step=1, action="{}", reward=0.0, done=True, error=err)
-            log_end(success=False, steps=1, score=0.0, rewards=[0.0])
+            log_end(success=False, steps=1, score=MIN_STRICT_SCORE, rewards=[MIN_STRICT_SCORE])
         return
 
     try:

server/grader.py

@@ -5,6 +5,9 @@ from typing import Iterable, Optional
 
 from .tasks import SEVERITY_WEIGHTS, TARGET_CONFIDENCE, TaskSpec, VulnerabilitySpec
 
+MIN_STRICT_SCORE = 0.001
+MAX_STRICT_SCORE = 0.999
+
 
 @dataclass(frozen=True)
 class FindingEvaluation:
@@ -178,4 +181,4 @@ def final_grade(
     )
     score -= fp_penalty + dup_penalty + volume_penalty
 
-    return max(0.0, min(1.0, score))
+    return max(MIN_STRICT_SCORE, min(MAX_STRICT_SCORE, score))

server/security_environment.py

@@ -38,6 +38,8 @@ class CodeSecurityAuditorEnvironment(
     """Real-world code security auditing simulator with deterministic graders."""
 
     SUPPORTS_CONCURRENT_SESSIONS = True
+    MIN_STRICT_SCORE = 0.001
+    MAX_STRICT_SCORE = 0.999
 
     def __init__(self, default_task_id: str = "easy"):
         self._default_task_id = default_task_id
@@ -320,7 +322,7 @@ class CodeSecurityAuditorEnvironment(
         # This quality factor makes spam and random guesses strictly dominated,
         # limiting reward hacking while preserving partial-credit gradients.
         score *= self._state.quality_multiplier
-        return max(0.0, min(1.0, score))
+        return max(self.MIN_STRICT_SCORE, min(self.MAX_STRICT_SCORE, score))
 
     def _build_observation(
         self,