docs(policies): trusted-base reduction policy for proof debt#203
Merged
Conversation
Closes Item 5 of the 2026-05-26 estate tech-debt audit follow-up
(standards#195).
Adds docs/TRUSTED-BASE-REDUCTION-POLICY.adoc — formalises the boj-server
backend-assurance harness pattern as an estate-wide policy for managing
soundness-relevant escape hatches:
- Coq Axiom/Admitted, Lean sorry/axiom, Agda postulate, Idris2
believe_me/assert_total/partial, F* assume val, Dafny :axiom,
TODO PROOF / OWED markers, Rust/Haskell unsafePerformIO/unsafeCoerce.
Every escape hatch in the estate MUST be one of:
(a) DISCHARGED — proof exists, marker removed
(b) BUDGETED — covered by property/adversarial tests at a documented
refutation budget (the budget is load-bearing)
(c) NECESSARY — encodes a metatheoretic assumption with citation
(funExt, propositional truncation, etc.)
A marker that is none of (a)/(b)/(c) is DEBT; lives in
docs/proof-debt.md §(d) with deadline + owner.
Includes:
- docs/proof-debt.md schema with §(a)/(b)/(c)/(d) sections.
- TRUSTED:/AXIOM: leading-comment annotation conventions per language.
- Enforcement plan: a future check-trusted-base.sh in
governance-reusable.yml, same shape as standards#201
check-licence-consistency.sh.
- Initial migration priority list (P0: ephapax + boj-server;
P1: absolute-zero, maa-framework, betlang, proven; P2: standards
itself + 6 mid-density repos).
Status: PROPOSED. Owner-merge gated. After merge, the next PR adds
check-trusted-base.sh; subsequent per-repo PRs seed proof-debt.md
following this schema.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 26, 2026
hyperpolymath
added a commit
to hyperpolymath/boj-server
that referenced
this pull request
May 26, 2026
## Summary - Adds `docs/proof-debt.md` — schema-conformant index for the trusted-base reduction policy ([standards#203](hyperpolymath/standards#203)). - boj-server is the **reference implementation** cited in standards#203. ## Sections | § | Content | |---|---| | (a) DISCHARGED | None — 5 class-J axioms unavoidable in Idris2 0.8.0. | | (b) BUDGETED | Reference to `docs/backend-assurance/` (BEAM-side validation). | | (c) NECESSARY | Table of all 5 axioms in `src/abi/Boj/SafetyLemmas.idr`. | | (d) DEBT | None in ABI layer. | ## What this PR does NOT duplicate Substantive content lives in `PROOF-NEEDS.md` + `docs/backend-assurance/*`. This file references them. ## Companion - standards#195, #203 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 26, 2026
## Summary - Adds `docs/proof-debt.md` enumerating this repo's 129 soundness-relevant escape hatches. - All markers start in §(d) DEBT (initial seed); the maintainer triages each into §(a)/§(b)/§(c) as classification proceeds. - P1 seed in the [estate trusted-base reduction policy](hyperpolymath/standards#203) chain. ## Why this matters Without this file, [`check-trusted-base.sh`](hyperpolymath/standards#211) fails CI on every escape hatch as 'undocumented'. With this file, all 129 markers are at least *enumerated* and the maintainer can disposition them at their own pace. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 26, 2026
Merged
Merged
🔍 Hypatia Security ScanFindings: 118 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
to hyperpolymath/snifs
that referenced
this pull request
May 27, 2026
…policy (#26) ## Summary - Adds `docs/proof-debt.md` declaring this repo's zero-soundness-debt invariant. - Verified: every syntactic `believe_me` / `assert_total` / `postulate` match in source is inside a docstring explicitly stating the file does NOT use that construct. - Closes part of the [estate trusted-base reduction policy](hyperpolymath/standards#203) follow-up (P1 seed). ## Effect Future PRs that introduce real escape hatches will be caught by [`check-trusted-base.sh`](hyperpolymath/standards#211) and must annotate inline OR enumerate here. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 27, 2026
## Summary - Adds `docs/audits/2026-05-26-tech-debt-chain-complete.md` — human-readable closeout document for the 2026-05-26 estate tech-debt audit chain. - Adds `.machine_readable/audits/2026-05-26-tech-debt-chain-complete.a2ml` — machine-readable session manifest. ## What this PR closes The chain that began with standards#195/#196/#197 has now executed all 5 named follow-ups + 3 deep follow-ups + all 3 Row-2 phases. Approximately **460 PRs** filed across the estate today. Headline outcomes per category: ### Licence debt - 7 PMPL → MPL-2.0 migrations landed. - `standards` itself now self-consistent (SPDX + body + manifest). - 3 CRITICAL no-LICENSE repos closed. - Future drift caught by `check-licence-consistency.sh` (#201). ### Proof debt - 13 `docs/proof-debt.md` files seeded (P0 + P1 + standards itself). - Trusted-base reduction policy (#203) + CI enforcement (#211) infrastructure landed. - `boj-server` cited as reference implementation. ### Documentation debt - 238 per-repo `docs/tech-debt-2026-05-26.md` records. - 9 stub READMEs expanded to substantive content. - 44 MEDIUM-severity repos received the canonical docs-template/ skeleton. - 162 CHANGELOG.md seeds — closes the 65% CHANGELOG gap. - `changelog-reusable.yml` (#206) + `docs-template/` (rsr-template-repo#75) available for downstream adoption. ## Outstanding (post-chain) - Owner: rotate Cloudflare token (separate memory item). - Owner: 007 proprietary-vs-MPL decision (1 HIGH-policy finding). - Maintainer: triage `docs/proof-debt.md` §(d) entries at preferred pace. ## Companion - standards#195, #196, #197 — the three estate-wide audits. - standards#201, #203, #206, #211, #213 — the follow-up infrastructure. - rsr-template-repo#75 — the docs-template skeleton. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/stapeln
that referenced
this pull request
May 27, 2026
Per the trusted-base reduction policy (hyperpolymath/standards#203), adds a schema-conformant index at docs/proof-debt.md that references PROOF-NEEDS.md as the source of truth. This repo already has substantive proof-debt documentation in PROOF-NEEDS.md — this PR doesn't duplicate that content, just adds the schema bridge so the check-trusted-base CI gate (standards#211) finds docs/proof-debt.md at the canonical filename and recognises this repo as documented. Marker count detected by check-trusted-base.sh: 34. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 27, 2026
## Summary Adds `docs/proof-debt-triage.md` — Phase 1 of the proof-debt triage process described in [the seed `docs/proof-debt.md`](./docs/proof-debt.md) (PR #52). Classifies every Coq `Axiom` in the repo against the [standards#203 trusted-base reduction policy](hyperpolymath/standards#203): - **52 AXIOM** (§c TRUSTED-BASE) — physics constants, quantum gate primitives, POSIX semantics, Kolmogorov + Shannon axioms, complex exponential algebra, fundamental physical laws. - **17 DISCHARGE** (§a) — derivable theorems mistakenly stated as `Axiom`. Lowest-hanging: `cno_zero_energy_dissipation_derived` (name says it), `fidelity_bound`, `unitary_inverse_property`, the two `*_not_identity` existence axioms. - **3 PROPERTY-TEST** (§b) — decidability claims over opaque types (`fs_eq_dec`, `state_dec`, `state_eq_dec`). ## Scope Coq Axioms only (72 of 72 classified). Out of scope but tracked in the doc: - 52 Lean 4 `axiom` declarations in `proofs/lean4/*.lean`. - 7 Idris2 `postulate`s in `src/abi/Layout.idr` (tracked by #27). ## Follow-ups surfaced by triage 1. **De-duplicate physics constants** — `kB_positive` / `temperature_positive` declared 3x across QuantumCNO, StatMech, LandauerDerivation. 2. **De-duplicate quantum laws** — `unitary_preserves_entropy` and `no_cloning` declared twice with the same name. 3. **De-duplicate probability + decidability + Shannon axioms** between `StatMech.v` and `LandauerDerivation.v`. 4. **Define `Cexp` constructively in `Complex.v`** — collapses 4 axioms in QuantumCNO to DISCHARGE. 5. **The 17 DISCHARGE cluster** is the backlog for the next batch of proof PRs. ## Method Inventory generated by `grep -nE '^[[:space:]]*Axiom[[:space:]]' proofs/coq/**/*.v` and each axiom classified by reading its declared type and the nearest doc-comment. Counts triple-checked: `3+29+1+13+10+14+2 = 72`. ## Test plan - [ ] Visual review of `docs/proof-debt-triage.md` table - [ ] `bash /path/to/standards/scripts/check-trusted-base.sh .` still reports the same marker count (the triage doc doesn't change any `Axiom` declarations) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 27, 2026
Merged
hyperpolymath
added a commit
to hyperpolymath/boj-server
that referenced
this pull request
May 27, 2026
#163) ## Summary Follow-up to #161 (which seeded `docs/proof-debt.md` per the estate [Trusted-Base Reduction Policy](https://github.com/hyperpolymath/standards/blob/main/docs/TRUSTED-BASE-REDUCTION-POLICY.adoc) — hyperpolymath/standards#203, enforcement hyperpolymath/standards#211). `docs/proof-debt.md` already enumerates the 5 class-(J) `believe_me` sites in `src/abi/Boj/SafetyLemmas.idr`, so the `check-trusted-base.sh` gate passes via the "documented in proof-debt.md" path. This PR closes the second path: each marker now also has an inline `AXIOM:` leading comment, the canonical keyword the script greps. The result: boj-server satisfies **both** halves of the check, making it the fully canonical reference implementation cited in standards#203 §"Precedent". ## Changes - `src/abi/Boj/SafetyLemmas.idr` (38 lines, 5 sites + 1 module header): - `charEqSound`, `charEqSym`, `unpackLength`, `appendLengthSum`, `substrLengthBound` each gain an `AXIOM: <name>; class-(J) — ...` header line citing `docs/proof-debt.md §(c)` and the per-primitive `docs/backend-assurance/<primitive>.md`. - Module-header summary updated from "Five axiomatic believe_me" to use the policy vocabulary ("AXIOM-tagged", "disposition-§(c) NECESSARY-AXIOM"). - `PROOF-NEEDS.md`: new header note cross-linking `docs/proof-debt.md` (strategic-goals doc ↔ schema-conformant per-repo index) — mirrors the pattern from standards#213. ## Marker inventory (unchanged) 5 escape hatches, all `believe_me`, all in `src/abi/Boj/SafetyLemmas.idr`, all class-(J) NECESSARY AXIOM (§(c)), all externally validated under `docs/backend-assurance/`: | Site | Function | Disposition | |------|----------|-------------| | `SafetyLemmas.idr:61` | `charEqSound` | §(c) NECESSARY AXIOM | | `SafetyLemmas.idr:68` | `charEqSym` | §(c) NECESSARY AXIOM | | `SafetyLemmas.idr:226` | `unpackLength` | §(c) NECESSARY AXIOM | | `SafetyLemmas.idr:236` | `appendLengthSum` | §(c) NECESSARY AXIOM | | `SafetyLemmas.idr:246` | `substrLengthBound` | §(c) NECESSARY AXIOM | §(a) DISCHARGED: 0. §(b) BUDGETED: 0 (the externally-validated harness under `docs/backend-assurance/` is §(b)-style discipline applied to §(c) items per standards#203 §"Precedent"). §(d) DEBT: 0. ## Test plan - [ ] `bash scripts/check-trusted-base.sh .` (when the standards#211 `trusted-base` job runs against this branch) reports `[OK] All 5 escape hatch(es) are documented (inline annotation or entry in: docs/proof-debt.md PROOF-NEEDS.md).` - [ ] CI green on the trusted-base job specifically. - [ ] No behavioural change in Idris2 build — `believe_me` bodies and signatures untouched; only doc-comments edited. Refs: hyperpolymath/standards#203 (policy), hyperpolymath/standards#211 (enforcement), #161 (proof-debt.md seed). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 27, 2026
…cross-link (#222) ## Summary Fills three gaps in the trusted-base reduction policy (standards#203, merged) so per-repo proof-debt triage prompts can classify cleanly: - **Idris2 `||| OWED:` + `0`-multiplicity form** added as the canonical axiom annotation (disposition (c)). Distinguishes proof-only declarations from the run-time `believe_me` form already documented under (b). - **Lean annotation block** added (was missing). Shows `axiom` for necessary-axiom (c) and named `sorry` for debt (d). - **Marker disambiguation**: `TRUSTED:` (run-time soundness break / (b)), `AXIOM:` (named top-level axiom / (c)), `OWED:` (erased / cross-language debt / (c) or (d)). - **Enforcement section** rewired to cross-link standards#211 (merged) with the concrete script path, marker set, and 5-line annotation window — replacing the "future PR" placeholder. - **Status table** updated: #203 merged, #211 merged, #213 seeded `standards`' own `proof-debt.md`. `:status:` PROPOSED → ADOPTED. - Companion documents expanded to link #211 and #213. ## Why The per-repo proof-debt triage prompts queued behind this (followup chain #8/#9/#10) need a concrete classification grammar and annotation syntax for every prover the estate uses. Without the Lean example, the OWED erased form, and the cross-link to the actual enforcement script, the prompts fall back to ad-hoc judgment per repo and the trusted base won't shrink coherently. ## Scope Single doc file; no code, no CI changes. The Companion PRs (#211 enforcement, #213 schema-example seed) have already merged — this is purely the in-policy fill-in those merges enabled. ## Test plan - [ ] Asciidoctor render is well-formed (no broken cross-refs, source blocks close). - [ ] `scripts/check-trusted-base.sh` on a sample repo recognises `OWED:`, `TRUSTED:`, and `AXIOM:` markers as documented (already verified per #211 PR body). - [ ] CI green on PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 27, 2026
…ies (Phase 2d) (#63) ## Summary Phase 2d of the standards#203 trusted-base annotation rollout. Annotates the **Quantum cluster** (Coq `QuantumCNO.v` + `QuantumMechanicsExact.v` + Lean `QuantumCNO.lean`) so its 46 escape hatches are policy-compliant under `scripts/check-trusted-base.sh`. ### Changes - **22 inline `(* AXIOM: ... *)`** in `proofs/coq/quantum/QuantumCNO.v` (§(c) — Boltzmann constant, temperature, dim, inner-product axioms, Pauli/H/CNOT gate primitives, Cexp algebra, von Neumann entropy postulates, no-cloning, Landauer bound, measurement postulate, approximate-CNO). - **3 inline `(* AXIOM: ... *)`** in `proofs/coq/quantum/QuantumMechanicsExact.v` (X-gate unitarity, unitary-preserves-entropy, no-cloning). - **11 inline `-- AXIOM:`** in `proofs/lean4/QuantumCNO.lean` (mirrors Coq §(c) classifications). - **New "Phase 2d triage — Lean Quantum cluster" section** in `docs/proof-debt.md` classifying all 14 Lean axioms (11 §(c) + 3 §(d)). - **10 new §(d) DEBT entries** in `docs/proof-debt.md`: - 7 Coq DISCHARGE candidates (`QuantumCNO.v:258/283/296/487/545/551/584`). - 3 Lean DEBT mirroring Coq sites (`QuantumCNO.lean:134/144/235`). ### Verification `bash ~/developer/repos/standards/scripts/check-trusted-base.sh .` results: | | Undocumented | |---|---:| | Before this PR | 88/129 | | After this PR | 42/129 | | Drop | **−46** (22 Coq §c + 3 Coq §c + 11 Lean §c + 7 Coq §(d) DISCHARGE-mention + 3 Lean §(d) DEBT mention) | Quantum cluster errors → 0. Remaining 42 = Physics cluster (Phase 2e, next PR) + 4 Idris2 BoJ markers in `src/abi/Proofs/` (out of scope; tracked separately). ### Triage source Per-marker classifications come from `docs/proof-debt-triage.md` (Phase 1, #58) for the Coq side. Lean Quantum classifications are added in this PR's `docs/proof-debt.md` section. ### Refs - Phase 1 triage: #58 - Phase 2a (Lambda): #60 - Phase 2b (CNOCategory): #61 - Phase 2c (Filesystem): #62 - Policy: [standards#203](hyperpolymath/standards#203) - CI enforcement: [standards#211](hyperpolymath/standards#211) ## Test plan - [x] `check-trusted-base.sh` Quantum cluster errors → 0 (verified locally; cumulative 88 → 42) - [x] No code semantics changed; comments + docs only - [ ] CI green on this branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 27, 2026
…vendored copy (#65) ## Summary Upstreams 3 Agda files that exist only in maa-framework's vendored copy of absolute-zero, but self-identify as absolute-zero artefacts. - `proofs/agda/EchoBridgeScaffold.agda` — compile-safe interface (`Echo` Σ-shape, `CNOModel`), intentionally independent of `CNO.agda`. - `proofs/agda/EchoBridgeCNO.agda` — concrete instantiation from `CNO.Program` / `CNO.eval` into the scaffold. - `proofs/agda/README.adoc` — describes the directory. ## Why now Discovered during proof-debt classification triage for maa-framework (filed at hyperpolymath/maa-framework#82, with disposition analysis in hyperpolymath/maa-framework#84). The maa-framework re-vendor (hyperpolymath/maa-framework#83) currently uses `rsync --filter='P ...'` to *preserve* these files across each sync — once they're upstream, that filter becomes redundant. The README.adoc literally titles itself "Agda Proofs (absolute-zero)" and the scaffold header says "Echo/CNO Agda bridge scaffold", so the canonical home is here. ## Trusted-base impact The 3-file set has **zero postulates and zero axioms**. `EchoBridgeCNO.agda` imports `Axiom.Extensionality.Propositional` to obtain the `Extensionality` *type*, which is then accepted as an explicit *module parameter* by downstream functions — not postulated. Documented in `docs/proof-debt.md` under a new "False positives" section to satisfy `check-trusted-base.sh`'s path-enumeration clause. ## Test plan - [ ] `cd proofs/agda && agda EchoBridgeScaffold.agda` typechecks. - [ ] `cd proofs/agda && agda EchoBridgeCNO.agda` typechecks (may need `CNO.agda` build prerequisites). - [ ] `bash scripts/check-trusted-base.sh .` passes (path-enumeration covers the false positive). - [ ] CI green. ## Companion - hyperpolymath/maa-framework#82 — proof-debt schema PR (parallel). - hyperpolymath/maa-framework#83 — re-vendor PR (parallel; this PR removes its need for `rsync --filter='P ...'`). - hyperpolymath/maa-framework#84 — fork-vs-vendor disposition issue (open, owner-decision). - hyperpolymath/standards#203 — trusted-base reduction policy. - hyperpolymath/standards#211 — `check-trusted-base.sh`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 27, 2026
…es (Phase 2e) (#66) ## Summary Phase 2e of the standards#203 trusted-base annotation rollout. Annotates the **Physics cluster** (Coq `LandauerDerivation.v` + `StatMech.v` + Lean `StatMech.lean`) so its 42 escape hatches are policy-compliant under \`scripts/check-trusted-base.sh\`. ### Changes - **11 inline \`(* AXIOM: ... *)\`** in \`proofs/coq/physics/LandauerDerivation.v\` (kB, temperature, Kolmogorov probability axioms, Shannon entropy postulates, second law, entropy_change_erasure, isothermal_work_bound, state_eq_dec — all §(c); duplicates flagged for follow-up 1+3). - **9 inline \`(* AXIOM: ... *)\`** in \`proofs/coq/physics/StatMech.v\` (same pattern; cross-references LandauerDerivation duplicates). - **14 inline \`-- AXIOM:\`** in \`proofs/lean4/StatMech.lean\` (mirrors Coq §(c) classifications). - **New "Phase 2e triage — Lean StatMech cluster" section** in \`docs/proof-debt.md\` classifying all 14 Lean axioms (all §(c)). - **4 new §(d) DEBT entries** in \`docs/proof-debt.md\` (Coq DISCHARGE-class): - \`StatMech.v:229\` \`reversible_zero_dissipation\` - \`LandauerDerivation.v:81\` \`shannon_entropy_additive\` - \`LandauerDerivation.v:277\` \`cno_preserves_shannon_entropy\` - \`LandauerDerivation.v:326\` \`cno_zero_energy_dissipation_derived\` - **Lean pending-triage count: 14 → 0** — Lean side now fully classified per standards#203. ### Verification \`bash ~/developer/repos/standards/scripts/check-trusted-base.sh .\` results: | | Undocumented | |---|---:| | Before this PR | 42/129 | | After this PR | 4/129 | | Drop | **−38** (11 Coq Landauer + 9 Coq StatMech + 14 Lean + 4 Coq §(d) DISCHARGE-mention) | Physics cluster errors → 0. Remaining 4 = Idris2 \`src/abi/Proofs/DivMod.idr\` (out of Phase 2 scope; BoJ vendored proofs). ### Note on Lean \`reversible_zero_dissipation\` The Coq counterpart (\`StatMech.v:229\`) is triaged DISCHARGE; the Lean side keeps it as §(c) AXIOM because no Lean-side derivation chain is in place yet. When the Coq DISCHARGE lands, the Lean side can be reclassified. ### Refs - Phase 1 triage: #58 - Phase 2a (Lambda): #60 - Phase 2b (CNOCategory): #61 - Phase 2c (Filesystem): #62 - Phase 2d (Quantum): #63 - Policy: [standards#203](hyperpolymath/standards#203) - CI enforcement: [standards#211](hyperpolymath/standards#211) ## Test plan - [x] \`check-trusted-base.sh\` Physics cluster errors → 0 (verified locally; cumulative 42 → 4) - [x] No code semantics changed; comments + docs only - [ ] CI green on this branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6 tasks
hyperpolymath
added a commit
to hyperpolymath/typed-wasm
that referenced
this pull request
May 27, 2026
…policy (#70) ## Summary - Adds `docs/proof-debt.md` declaring this repo's zero-soundness-debt invariant. - Verified: every syntactic `believe_me` / `assert_total` / `postulate` match in source is inside a docstring explicitly stating the file does NOT use that construct. - Closes part of the [estate trusted-base reduction policy](hyperpolymath/standards#203) follow-up (P1 seed). ## Effect Future PRs that introduce real escape hatches will be caught by [`check-trusted-base.sh`](hyperpolymath/standards#211) and must annotate inline OR enumerate here. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/vcl-ut
that referenced
this pull request
May 27, 2026
…policy (#42) Per the trusted-base reduction policy (hyperpolymath/standards#203), this repo declares its zero-escape-hatch invariant. Verified by scripts/check-trusted-base.sh from hyperpolymath/standards: every syntactic match in this repo for believe_me / assert_total / postulate / sorry / Admitted is inside a docstring explicitly stating the file does NOT use them ('zero proof-escape' discipline pattern). This file exists so the check-trusted-base CI gate (standards#211) can affirm the invariant. Any future PR that introduces a real soundness-relevant escape hatch MUST either annotate the call site with TRUSTED:/AXIOM: leading comment OR add an entry here under §(b)/§(c)/§(d). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/hypatia
that referenced
this pull request
May 27, 2026
## Summary - Adds `docs/proof-debt.md` enumerating this repo's 5 soundness-relevant escape hatches. - All markers start in §(d) DEBT (initial seed); the maintainer triages each into §(a)/§(b)/§(c) as classification proceeds. - P1 seed in the [estate trusted-base reduction policy](hyperpolymath/standards#203) chain. ## Why this matters Without this file, [`check-trusted-base.sh`](hyperpolymath/standards#211) fails CI on every escape hatch as 'undocumented'. With this file, all 5 markers are at least *enumerated* and the maintainer can disposition them at their own pace. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/somethings-fishy
that referenced
this pull request
May 27, 2026
* docs: seed docs/proof-debt.md index per trusted-base policy Per the trusted-base reduction policy (hyperpolymath/standards#203), adds a schema-conformant index at docs/proof-debt.md that references PROOF-NEEDS.md as the source of truth. This repo already has substantive proof-debt documentation in PROOF-NEEDS.md — this PR doesn't duplicate that content, just adds the schema bridge so the check-trusted-base CI gate (standards#211) finds docs/proof-debt.md at the canonical filename and recognises this repo as documented. Marker count detected by check-trusted-base.sh: 2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: nudge CI to re-resolve standards@main past #219 The original CI for this PR resolved governance-reusable.yml@main to SHA 7c2b815 (2026-05-26 pre-#219). `gh run rerun` re-runs with the same workflow resolution and doesn't re-resolve @main. This empty push forces a fresh run that will pick up current standards/main (post-#219 workflow_sha fix). No content changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/maa-framework
that referenced
this pull request
May 27, 2026
…e) vendored) (#82) ## Summary Seeds `docs/proof-debt.md` for `hyperpolymath/maa-framework` per the trusted-base reduction policy schema landed via hyperpolymath/standards#203 (canonical policy) + hyperpolymath/standards#211 (`scripts/check-trusted-base.sh` CI gate). ## Triage result **All 150 syntactic markers across 13 files** live under the in-tree `absolute-zero/` subtree — a vendored copy of the sibling estate repo `hyperpolymath/absolute-zero`. Canonical disposition is delegated upstream. Per the standards#203 guidance ("extend the schema; document the extension at the top of the file as a repo-specific note"), this seed introduces a new disposition: - **§(e) VENDORED — estate-sibling**: marker lives in an in-tree copy of another estate repository; close-out path is upstream. §(a)/(b)/(c)/(d) are all **empty** because maa-framework itself contains no proof-bearing source outside the vendored subtree. ## Marker count by disposition | § | Count | | --- | ---: | | (a) DISCHARGED | 0 | | (b) BUDGETED | 0 | | (c) NECESSARY AXIOM | 0 | | (d) DEBT | 0 | | **(e) VENDORED — estate-sibling** | **150** (13 files) | ## Vendored-ratio **13/13 files vendored, 0/13 estate-owned-by-this-repo.** File-header inspection confirms estate-ownership (`Author: Jonathan D. A. Jewell; Project: Absolute Zero`) but canonical home is the sibling repo `hyperpolymath/absolute-zero`. The two trees have drifted (`LambdaCNO.v` differs); re-sync is a follow-up. ## Owner-decision questions filed inline 1. Should `absolute-zero/` become a git submodule (so the canonical `proof-debt.md` is the single source of truth) instead of a vendored copy? 2. What is the re-sync cadence until that decision lands? The original audit prompt flagged maa-framework with the explicit question "investigate whether vendored or original". This PR's answer: **fully vendored from a sibling estate repo, zero original proof-bearing source in maa-framework itself**. ## Notes on the audit count (134 vs 150) The estate-wide audit reported "134 markers in 25 files" for maa-framework. The wider regex used by `check-trusted-base.sh` matches 150 hits across 13 files (a more inclusive pattern). One of the 150 is a grep false positive (an `Axiom.Extensionality.Propositional` module **import** in `EchoBridgeCNO.agda`). Net "load-bearing" count: ~149. The schema preserves the grep number for CI parity. ## Test plan - [ ] CI green on this branch (governance, hypatia, antipattern checks). - [ ] `bash scripts/check-trusted-base.sh .` (once standards#211 has landed in maa-framework's governance bundle) accepts the enumerated paths. - [ ] Maintainer reviews the §(e) extension and the two owner-decision questions. Refs hyperpolymath/standards#203 hyperpolymath/standards#211 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/betlang
that referenced
this pull request
May 27, 2026
Per-repo proof-debt triage for `betlang`, applying the estate-wide Trusted-Base Reduction Policy that landed at [standards#203](hyperpolymath/standards#203) and was filled in by [standards#222](hyperpolymath/standards#222). The detection gate is `scripts/check-trusted-base.sh` ([standards#211](hyperpolymath/standards#211)). ## What this PR does 1. Adds `docs/proof-debt.md` matching the schema-conformant per-repo form (the same shape as [standards/docs/proof-debt.md@standards#213](https://github.com/hyperpolymath/standards/blob/main/docs/proof-debt.md)). 2. Enumerates the **1 real marker** in `proofs/BetLang.lean` (the `axiom substTop_preserves_typing` at L392) under **§(d) DEBT**, with a full discharge recipe inlined from the body of [PR #27](#27). 3. Documents the **3 comment-skip false positives** (lines 19, 387, 388) at the top of `docs/proof-debt.md` as a marker-count table. 4. Adds an inline `-- AXIOM: substTop_preserves_typing — disposition §(d) DEBT ...` annotation 5 lines preceding the axiom so the `check-trusted-base.sh` gate flips from naked-marker to documented. ## Classification rationale `substTop_preserves_typing` is **§(d) DEBT, not §(c) NECESSARY AXIOM**: - It is the standard top-level substitution-preservation lemma (Pierce, TAPL Ch.9). It is constructively provable in Lean 4 by induction on the typing derivation, factored through a generalised `substAt_preserves_typing` plus three `Ctx.insertAt` lookup lemmas. - It does **not** encode any metatheoretic assumption (no funExt, no choice, no UIP, no propositional truncation). - It exists in the source only because a full de Bruijn substitution calculus would, per the inline doc-comment, "triple the file size" — a *cost* judgement (which §(d) DEBT captures) not a *necessity* judgement (which §(c) would capture). - A partial implementation already lives on a local working branch (`proofs/discharge-substTop-axiom-23`, commit `8fa128d`); the six-step discharge recipe is inlined verbatim in the new `docs/proof-debt.md` from the body of merged PR [#27](#27). - Issue [#23](#23) was closed optimistically when PR #27 merged the build-fix half of the work; the axiom itself remained in source. The new §(d) entry records "INDEFINITE" as the deadline pending re-open. ## Verification Locally: ``` $ bash /path/to/standards/scripts/check-trusted-base.sh . [INFO] Found 3 soundness-relevant escape hatch(es). [OK] proof-debt document(s) found: docs/proof-debt.md PROOF-NEEDS.md [OK] All 3 escape hatch(es) are documented (inline annotation or entry in: docs/proof-debt.md PROOF-NEEDS.md). ``` (The "3" reflects the post-comment-skip count from the script's `is_comment_line` heuristic: L19 is line-comment-skipped, L387 + L388 survive as continuation lines of a `/-- ... -/` block, L392 is the real declaration. All three are covered by `docs/proof-debt.md`'s path enumeration plus the inline `AXIOM:` annotation within 5 lines.) ## References - [hyperpolymath/standards#203](hyperpolymath/standards#203) — policy - [hyperpolymath/standards#211](hyperpolymath/standards#211) — enforcement script - [hyperpolymath/standards#222](hyperpolymath/standards#222) — fill-in pass (open, auto-merge armed) - [#23](#23) — tracking issue (closed; axiom still in source) - [#27](#27) — merged build-fix PR carrying the discharge recipe in its body ## Test plan - [x] `bash scripts/check-trusted-base.sh .` exits 0 on this branch (verified locally) - [ ] CI `trusted-base` job (when wired) reports `[OK]` on the merged main Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/hypatia
that referenced
this pull request
May 27, 2026
## Summary - Adds inline `TRUSTED:` leading comments to the 5 deliberate scanner fixtures under `test/soundness/fixtures/code_safety/` (admitted.v, sorry.lean, agda_postulate.agda, believe_me.idr, unsafe_coerce.hs). - Satisfies the trusted-base reduction policy (hyperpolymath/standards#203) inline-annotation path (b) — companion to docs enumeration in #343 (path d/initial seed). - Classifies these 5 sites as PROPERTY-TEST (§(b) BUDGETED): each fixture exists so that `test/soundness_test.exs` can regression-test that the corresponding `code_safety/*` rule fires. The soundness test suite IS the refutation budget. - Step B of the P1 proof-debt cleanup template (one PR per cluster — all 5 are scanner fixtures, one cluster). ## Why this is content-safe The added comments live *above* the trigger line. The marker pattern (`Admitted.`, `sorry`, `postulate`, `believe_me`, `unsafeCoerce`) is preserved verbatim. `test/soundness_test.exs` still fires on every fixture (verified by the existing test suite). ## Test plan - [ ] `mix test --only soundness` continues to pass (every fixture still triggers its rule at the expected severity). - [ ] `bash /path/to/standards/scripts/check-trusted-base.sh .` reports the 5 canonical sites as satisfied via inline annotation (no longer needs docs/proof-debt.md substring match to pass). - [ ] No other CI regressions. ## Related - #343 — initial seed of `docs/proof-debt.md` (count-correction revision pushed in parallel). - standards#195 — estate proof-debt audit. - standards#203 — trusted-base reduction policy. - standards#211 — `check-trusted-base.sh` CI enforcement. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/ephapax
that referenced
this pull request
May 27, 2026
## Summary - Seeds `docs/proof-debt.md` enumerating the 3 known `Admitted`s in `formal/Semantics.v` (lines 4924, 5983, 6572) and their planned discharge. - Follows the schema defined by [standards#203](hyperpolymath/standards#203) (trusted-base reduction policy). - Closes part of Item-3 follow-up of the 2026-05-26 estate tech-debt audit. ## Entries (§(d) DEBT) | File:line | Lemma | Plan | |---|---|---| | `formal/Semantics.v:4924` | inside `step_preserves_type` | Discharge per `project_ephapax_preservation_closure_plan` (6-9 day plan, deadline 2026-09-01) | | `formal/Semantics.v:5983` | inside `step_output_context_eq` | Corollary of the strengthened `step_preserves_type` | | `formal/Semantics.v:6572` | inside `preservation` (top-level theorem) | Lands automatically once the two feeder lemmas close | ## What this PR does NOT do Discharge the proofs. That's separate, multi-PR work owned by the closure plan. This PR just makes the debt *visible* in the agreed schema so it's countable and so the future `scripts/check-trusted-base.sh` CI gate has something to validate against. ## Companion - standards#195 — estate proof-debt audit (the empirical motivation) - standards#203 — trusted-base reduction policy (the schema) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 27, 2026
#67) ## Summary Mechanical follow-ups 1, 2, 3 from the Phase 1 proof-debt triage (#58). Consolidates triplicated / duplicated trusted-base axioms into shared modules and removes dead duplicate copies, reducing the estate trust base by **11 markers** (129 → 118) without changing semantics. ### Follow-up 1 — physics constants (`PhysicsConstants.v`) - **New**: `proofs/coq/common/PhysicsConstants.v` — single declaration of `kB`, `kB_positive`, `temperature`, `temperature_positive`. - **Updated**: `QuantumCNO.v`, `StatMech.v`, `LandauerDerivation.v` — drop local declarations, `Require Import CNO.PhysicsConstants`. ### Follow-up 2 — quantum laws (dead-code removal in `QuantumMechanicsExact.v`) - **Removed**: `Axiom unitary_preserves_entropy` (line 323) and `Axiom no_cloning` (line 404) from `QuantumMechanicsExact.v`. Both were dead code (no in-file callers). The `no_cloning` body `forall ψ, False` was trivially `True`-equivalent, so removal also strengthens the trust base. - **Canonical**: `QuantumCNO.v` declarations remain (used by `quantum_cno_preserves_information` and friends). ### Follow-up 3 — statmech basis (`StatMechBasis.v`) - **New**: `proofs/coq/common/StatMechBasis.v` — single declaration of `StateDistribution`, `prob_nonneg`, `prob_normalized`, `state_dec` (canonical name; subsumes `state_eq_dec`), `point_dist`, `shannon_entropy`, `shannon_entropy_nonneg`, `shannon_entropy_point_zero`. - **Updated**: `StatMech.v` and `LandauerDerivation.v` — drop local declarations, `Require Import CNO.StatMechBasis`. ### Cleanup + machine-readable - **`.gitignore`**: adds Coq build artefact patterns (`*.vo`, `*.vok`, `*.vos`, `*.glob`, `.*.aux`, `.lia.cache`, `.nia.cache`) so future builds don't pollute status. - **`_CoqProject`**: registers `common/PhysicsConstants.v` and `common/StatMechBasis.v` in the build manifest. - **`.machine_readable/META.scm`**: ADR-011 (Phase 2a–2e Lean triage campaign) and ADR-012 (Follow-ups 1–3 consolidation) added to the architecture-decisions ledger. - **`docs/proof-debt-triage.md`**: Follow-ups 1, 2, 3 marked `✅ DONE 2026-05-27` with the consolidation summaries. ## Verification ``` coqc -R common CNO common/PhysicsConstants.v → OK coqc -R common CNO common/Complex.v → OK coqc -R common CNO common/CNO.v → OK coqc -R common CNO common/StatMechBasis.v → OK coqc -R common CNO physics/StatMech.v → OK coqc -R common CNO physics/LandauerDerivation.v → OK coqc -R common CNO quantum/QuantumCNO.v → OK coqc -R common CNO quantum/QuantumMechanicsExact.v → OK ``` `bash ~/developer/repos/standards/scripts/check-trusted-base.sh .`: | | Total markers | Undocumented | |---|---:|---:| | Before this PR (after Phase 2e #66) | 129 | 4 (Idris2 BoJ) | | After this PR | **118** | 4 (Idris2 BoJ, unchanged) | | Delta | **−11** | 0 | The 4 remaining undocumented markers are in `src/abi/Proofs/DivMod.idr` (BoJ vendored proofs) — explicitly out of Phase 2 scope and tracked at #27. ## Why this is low-risk The consolidated axioms are opaque `Parameter`s and `Axiom`s (no executable definitions). Consolidating means all callers now reference the **same** symbol instead of nominally-distinct copies — strictly an improvement for soundness. The dead-code removal in Follow-up 2 is verified by `coqc` building all downstream files unchanged. ## Refs - Phase 1 triage: #58 - Phase 2a (Lambda): #60 - Phase 2b (CNOCategory): #61 - Phase 2c (Filesystem): #62 - Phase 2d (Quantum): #63 - Phase 2e (Physics): #66 - Follow-ups source: `docs/proof-debt-triage.md` §"Follow-ups surfaced by triage" (1, 2, 3 of 5; 4 + 5 require real proof work, deferred) - Policy: [standards#203](hyperpolymath/standards#203) - CI enforcement: [standards#211](hyperpolymath/standards#211) ## Test plan - [x] All eight touched/new Coq files compile under `coqc -R common CNO ...` (verified locally) - [x] `check-trusted-base.sh` — 129 → 118 markers, undocumented count unchanged at 4 - [x] No code semantics changed; refactor only - [x] `.gitignore` covers Coq build artefacts - [x] Machine-readable ADR ledger updated (ADR-011, ADR-012) - [ ] CI green on this branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/proven
that referenced
this pull request
May 27, 2026
## Summary - Adds a thin, schema-conformant index at `docs/proof-debt.md`. - References [`PROOF-NEEDS.md`](./PROOF-NEEDS.md) as the source of truth — no content duplication. - P1 seed in the [trusted-base reduction policy](hyperpolymath/standards#203) chain. ## What this PR does NOT do Migrate the substantive content out of `PROOF-NEEDS.md`. That file remains canonical; this file just makes the schema-conformant filename exist for the [`check-trusted-base.sh`](hyperpolymath/standards#211) CI gate. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docs/TRUSTED-BASE-REDUCTION-POLICY.adoc— formalises the boj-server backend-assurance harness pattern as estate-wide policy.Axiom,Admitted,sorry,postulate,believe_me,assume val,unsafePerformIO, …):docs/proof-debt.mdwith deadline + owner.docs/proof-debt.mdschema, per-language annotation conventions (TRUSTED:/AXIOM:leading comments), and an enforcement plan (futurescripts/check-trusted-base.shwired intogovernance-reusable.yml).Initial migration order
ephapax(3 Admitteds with discharge plan in memory),boj-server(reference impl).absolute-zero(387 markers),maa-framework(134 in 25 files),betlang(1 named axiom),proven(372 TODO PROOF).standardsitself,typed-wasm,stapeln,vcl-ut,hypatia,snifs,somethings-fishy.Companion PRs
check-trusted-base.sh)🤖 Generated with Claude Code