brouwer(arithmetic): checked refutations of strict-left-mono of _⊕_ and additive-principal closure on generic sums#146
Merged
Conversation
… and additive-principal closure on generic sums
Promotes the two routes flagged as "structurally blocked" by the
RankLexSlice3 design note (and Phase13's `⊕-mono-≤-left` block
comment) into CHECKED REFUTATIONS — named `¬`-theorems with
explicit counterexamples and irreflexivity-derived ⊥.
## What lands
Two new modules under `Ordinal.Brouwer`:
* `StrictLeftMonoRefuted` — promotes Phase13's prose counterexample
on `α <′ β → α ⊕ γ <′ β ⊕ γ`:
- `StrictLeftMonoSum` (hypothesised property as `Set`).
- `<′-irrefl` derived from `wf-<′` via Acc-induction (standalone
helper, useful downstream).
- Per-index dominance helper `osuc-oz-⊕-nat≤osuc-of-oz-⊕-nat`
(each branch of the LHS olim equals the next branch of the
RHS olim definitionally after osuc-recursion).
- Limit-level companion `osuc-oz-⊕-ω≤oz-⊕-ω` (both olims denote
ω, so the "larger" side `≤′` the smaller via branch-shifting).
- Headline `strict-left-mono-refuted : ¬ StrictLeftMonoSum`,
chained via `≤′-trans` + `<′-irrefl` at `α = oz, β = osuc oz,
γ = olim nat-to-ord`.
* `AdditivePrincipalGenericRefuted` — promotes the RankLexSlice3
design-note claim that "additive-principal closure on generic
sums" fails:
- `AdditivePrincipalGenericSum` (hypothesised generalisation of
`additive-principal-ω-rank-pow` to `α <′ X ⊕ Y → β <′ X ⊕ Y →
α ⊕ β <′ X ⊕ Y`).
- `ω<′ω⊕ω` (premise witness via branch 1 in the outer olim:
`olim nat-to-ord ⊕ nat-to-ord 1 = osuc (olim nat-to-ord)`
definitionally).
- Headline `additive-principal-generic-sum-refuted` at
`X = Y = α = β = olim nat-to-ord`; both premises are `ω<′ω⊕ω`;
conclusion `ω ⊕ ω <′ ω ⊕ ω` is refuted by `<′-irrefl`
(re-exported from the (b) module — that's why the two ship
in one PR despite being independent claims).
## Why this matters
These refutations close out the two "open routes" left by
`RankLexSlice3.agda`'s in-file design note for the bplus-chain-level
extension of the joint-bplus rank-mono primitive. Both routes are
now CHECKED dead-ends rather than prose claims — the consumer
cannot accidentally "rediscover" them and the next session's
follow-up exploration knows exactly which routes are foreclosed.
The genuinely open structural route is the parallel-rank refactor
(`rank-lex-jb : BT → RankLex` with a richer `bplus`-case
second-component) mentioned at the bottom of RankLexSlice3's
design note — that one is NOT refuted, just non-local to attempt.
## Build invariant
* `StrictLeftMonoRefuted.agda` + `AdditivePrincipalGenericRefuted.agda`
both compile standalone under `--safe --without-K`, zero postulates,
no funext.
* Pinned in `proofs/agda/Smoke.agda` under their own `using` block.
* Wired into `proofs/agda/All.agda` adjacent to `OmegaPow`.
* `scripts/kernel-guard.sh` PASS.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 74 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Issue in codeql.yml",
"type": "missing_workflow",
"file": "codeql.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in secret-scanner.yml",
"type": "missing_workflow",
"file": "secret-scanner.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in agda.yml",
"type": "unknown",
"file": "agda.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in agda.yml",
"type": "unknown",
"file": "agda.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in governance.yml",
"type": "unknown",
"file": "governance.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in hypatia-scan.yml",
"type": "unknown",
"file": "hypatia-scan.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in mirror.yml",
"type": "unknown",
"file": "mirror.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard.yml",
"type": "unknown",
"file": "scorecard.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (1 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/echo-types/echo-types/tutorial/epistemic_erasure/EpistemicErasure.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
Merged
5 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 28, 2026
…plus second component Opens the sole-viable forward path for the bplus-chain-level bpsi-source-at-equality discharge after PR #146's checked refutations of the two prior unblock routes (additive-principal on generic sums + strict-left-mono of `_⊕_`). New module `Ordinal.Buchholz.RankLexJointBplus`: * `leftmost-α : BT → Ord` — leftmost-ψ-α-rank discriminator (walks the left spine of a left-leaning `bplus` chain to its atomic leaf; reads off `rank-pow α` for `bpsi _ α` leaves, `oz` otherwise). * `rank-lex-jb : BT → RankLex` — the parallel lex rank. First component matches `RankLex.rank-lex` pointwise; second component diverges only on `bplus` (uses `leftmost-α` instead of `oz`). * `rank-lex-jb-strict-second-at-equal-first` — the load-bearing primitive: fires `<lex-second` when first components are propositionally equal and `leftmost-α` witnesses are strictly ordered. Closes the (a) leg of the follow-on case-split documented in the module preamble. * Definitional sanity (4 per ranks: bzero / bOmega / bpsi / bplus). * `leftmost-α-bplus-left` two-level convenience (mirrors `HeadOmega.head-Ω-bplus-left`). Honest scope: this is scaffold-only. The full headline (joint-bplus `<ᵇ-+1` discharge at the bpsi-source-at-equality sub-case) requires the (a)+(b)+(c) assembly the module preamble documents: a first-component trichotomy, the equal-first lex-second leg (this slice), and the strict-first lex-first leg (multi-PR follow-on). Wired into `All.agda` adjacent to `RankLexSlice3`; pinned in `Ordinal/Buchholz/Smoke.agda` under own block per CLAUDE.md Working rules. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 28, 2026
…plus second component (#147) ## Summary Opens the sole-viable forward path for the bplus-chain-level bpsi-source-at-equality discharge after PR #146's checked refutations of the two prior unblock routes (additive-principal on generic sums + strict-left-mono of `_⊕_`). New module `Ordinal.Buchholz.RankLexJointBplus`: * `leftmost-α : BT → Ord` — leftmost-ψ-α-rank discriminator. * `rank-lex-jb : BT → RankLex` — parallel lex rank with richer `bplus` second component (`leftmost-α` instead of `oz`). * `rank-lex-jb-strict-second-at-equal-first` — load-bearing scaffold primitive: fires `<lex-second` at equal first components. * 4 + 4 definitional sanity lemmas; `leftmost-α-bplus-left` two-level convenience. ## Honest scope Scaffold-only. The full headline (joint-bplus `<ᵇ-+1` discharge at bpsi-source-at-equality) requires the (a)+(b)+(c) assembly documented in the module preamble: * (a) **equal-first lex-second leg** — closed here. * (b) **strict-first lex-first leg** — multi-PR follow-on (same bplus-chain sum-bound challenge that motivated the refactor). * (c) **first-component trichotomy** — non-trivial `Ord`-valued decidability bridge not landed in `Phase13` yet. The next session's task is (b) + (c) + assembly into a full headline; this scaffold lays the foundation. ## Test plan - [x] `agda --library-file=/tmp/echo-libraries -i proofs/agda proofs/agda/Ordinal/Buchholz/RankLexJointBplus.agda` exits 0 - [x] `agda --library-file=... proofs/agda/Ordinal/Buchholz/Smoke.agda` exits 0 - [x] `scripts/kernel-guard.sh` PASS (kernel cone funext-free + classification in sync) - [x] Wired into `All.agda` adjacent to `RankLexSlice3`; pinned in `Ordinal/Buchholz/Smoke.agda` under own block per CLAUDE.md Working rules - [x] Zero postulates, `--safe --without-K`, no funext 🤖 Generated with [Claude Code](https://claude.com/claude-code)
5 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 30, 2026
…charge (#165) ## Summary Advances the rank-lex-jb pivot's `(a)+(b)+(c)` assembly plan beyond the (a) primitive that PR #147 shipped. Three primitives added to \`Ordinal.Buchholz.RankLexJointBplus\` and pinned in \`Ordinal/Buchholz/Smoke.agda\`. Zero postulates, \`--safe --without-K\`, no funext. ## Three primitives | Primitive | Type | Role | |---|---|---| | \`rank-lex-jb-strict-first\` | \`rank-pow (bplus _ _) <′ rank-pow (bplus _ _) → rank-lex-jb _ <lex rank-lex-jb _\` | Leg (b) primitive; one-line via \`<lex-first\` | | \`leftmost-α-strict-from-bpsi-source\` | \`α <ᵇ⁰ β → leftmost-α (bplus (bpsi ν α) x₂) <′ leftmost-α (bplus (bpsi ν β) y₂)\` | Consumer helper composing \`leftmost-α-{bplus,bpsi}\` with \`rank-pow-mono-<ᵇ⁰\` | | \`rank-lex-jb-bpsi-at-equality\` | \`first-eq → α <ᵇ⁰ β → rank-lex-jb _ <lex rank-lex-jb _\` | Named theorem closing the bpsi-source-at-equality sub-case at rank-lex-jb level, gated on first-eq hypothesis | ## Where this sits in the assembly Per the PR #147 module preamble's \`(a)+(b)+(c)\` plan (see \`RankLexJointBplus.agda\` preamble): - **(a) equal-first lex-second leg** — CLOSED in PR #147 (\`rank-lex-jb-strict-second-at-equal-first\`). - **(b) strict-first lex-first leg** — primitive CLOSED here; consumer-side derivation of \`rank-pow (bplus _ _) <′ rank-pow (bplus _ _)\` remains the multi-PR ordinal-arithmetic challenge. - **(c) first-component trichotomy** — STILL OPEN (Ord-valued decidability bridge in \`Phase13\` not yet attempted). - **Assembly into full \`<ᵇ-+1\`-at-equal-head headline** = multi-PR follow-on, still gated on (c). This slice records that every other discharge step composes cleanly (the bpsi sub-case now ships as a named theorem under the first-eq hypothesis); resolving the gating obligations unblocks the headline mechanically. ## Honest scope (preserved in module preambles) - The trivial \`<lex-first\` shape of primitive (1) does **not** mean leg (b) is "done" — the consumer plumbing is the hard part. Both pre-identified unblock routes (additive-principal closure on a generic sum, strict-left-mono of \`_⊕_\`) are CHECKED-REFUTED in PR #146. - Primitive (2) is \`_<ᵇ⁰_\`-parameterised, not \`_<ᵇ_\`-parameterised. Lifting to full \`_<ᵇ_\` requires the joint-bplus closure that this very pivot was designed to attack. - Primitive (3) requires the first-eq hypothesis as input; consumer-side derivation is the gating obligation. ## Local verification - \`agda -i proofs/agda proofs/agda/Ordinal/Buchholz/RankLexJointBplus.agda\` — clean. - \`agda -i proofs/agda proofs/agda/Ordinal/Buchholz/Smoke.agda\` — clean, exit 0. - \`agda -i proofs/agda proofs/agda/Smoke.agda\` — clean, exit 0. - \`agda -i proofs/agda proofs/agda/All.agda\` — clean, exit 0. - \`bash tools/check-guardrails.sh proofs/agda\` — 160 modules pass. - \`sh scripts/kernel-guard.sh\` — PASS. ## Test plan - [x] All four Agda lanes typecheck locally. - [x] Three new primitives pinned in Buchholz Smoke. - [x] Foundation guardrail + kernel-guard pass. - [ ] CI: \`check\` + \`cold-check\` + governance lanes green. - [ ] Auto-merge on green. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 30, 2026
…ivation (#166) ## Summary Follow-on to PR #165's (b) primitive. Adds the **(c) trichotomy** data type and the **consumer-side first-eq derivation** tools the (a)+(b)+(c) assembly plan calls for, plus a named theorem fully closing the bpsi-source-at-equal-head sub-case at the rank-lex-jb level GIVEN only a tail-rank-equality discharge. Zero postulates, \`--safe --without-K\`, no funext. ## What lands ### Consumer-side first-eq derivation (2 primitives) The DEFINITIONAL fact underlying the closure: \`rank-pow (bplus x y) = rank-pow x ⊕ rank-pow y\` (\`RankPow.rank-pow-bplus\`, \`refl\`). So first-eq REDUCES to a conjunction of summand-equalities via \`cong₂ _⊕_\`. | Name | Role | |---|---| | \`rank-pow-bplus-eq-from-summands\` | Generic \`cong₂ _⊕_\` helper | | \`first-eq-from-bpsi-source-at-equal-head\` | Specialised: bpsi-source at equal head (left-rank-eq is \`refl\`); reduces consumer-side first-eq to **tail-rank-equality only** | ### (c) Trichotomy data type + dispatchers (5 primitives) Brouwer ordinals are NOT decidably ordered in general (\`Ord\` carries \`olim f\` over arbitrary ℕ → Ord functions), so a universal trichotomy on \`rank-pow (bplus _ _)\` is unattainable under \`--safe --without-K\` without postulates. The TRACTABLE narrowing is a STRUCTURAL trichotomy data type that records the strict / equal cases the consumer can derive. | Name | Role | |---|---| | \`BplusFirstTri x₁ x₂ y₁ y₂\` | Data type with two constructors: \`bplus-tri-strict\` (rank-strict) and \`bplus-tri-equal\` (rank-equal) | | \`bplus-tri-from-strict\` / \`bplus-tri-from-equal\` | Wrapper constructors lifting consumer-derived witnesses into the trichotomy | | \`dispatch-trichotomy-to-<lex\` | Assembly headline: consumes a trichotomy + leftmost-α strict witness, produces \`<lex\` at rank-lex-jb level. Strict → \`<lex-first\` via (b) primitive (#165); equal → \`<lex-second\` via (a) primitive (#147). | ### Named theorem: bpsi-source-at-equal-head fully discharged (1) | Name | Type | |---|---| | \`rank-lex-jb-bpsi-equal-head-from-tail-eq\` | \`rank-pow x₂ ≡ rank-pow y₂ → α <ᵇ⁰ β → rank-lex-jb (bplus (bpsi ν α) x₂) <lex rank-lex-jb (bplus (bpsi ν β) y₂)\` | The tail-rank-equality gate is **THE SAME structural obligation** that the ψ-rank-level closure (\`RankLexSlice3.rank-adm-bpsi-strict-at-equality\`) carries. Resolving that one structural blocker unblocks BOTH the ψ-rank-level and the bplus-chain-level closures mechanically. ## Honest scope - The Brouwer-arithmetic blocker (strict-left-mono of \`_⊕_\` + additive-principal closure on generic sums, both CHECKED-REFUTED in PR #146) means **strict-first via strict-left-rank** is structurally unreachable at the bplus-chain level. Strict-first via strict-head-Ω already lands in PR #141 / \`<ᵇ¹-+1-+\`. - Equal-first beyond the bpsi-source-at-equal-head case is open multi-PR research; the trichotomy data type leaves room for future dispatchers without committing to any specific closure path. - \`dispatch-trichotomy-to-<lex\` shows the assembly composes mechanically — the structural ordinal-arithmetic obligation is the SOLE remaining gating, and it's pushed to the precise consumer call site rather than scattered across the proof. ## (a)+(b)+(c) assembly status after this PR Per PR #147's preamble plan: | Leg | Status | |---|---| | (a) equal-first lex-second | CLOSED in #147 | | (b) strict-first lex-first primitive | CLOSED in #165 (one-liner via \`<lex-first\`) | | (c) first-component trichotomy | CLOSED HERE as a structural data type + dispatchers | | Consumer-side first-eq derivation | CLOSED HERE for the bpsi-source-at-equal-head case (parameterised on tail-rank-eq) | | Full assembly headline | \`rank-lex-jb-bpsi-equal-head-from-tail-eq\` named theorem closes the bpsi sub-case given **only** tail-rank-eq | The bplus-chain-level rank-mono umbrella over **all** 13 \`_<ᵇ_\` constructors is still gated on (i) tail-rank-equality discharge (structural ordinal-arithmetic work) AND (ii) the equal-first dispatch beyond the bpsi-source case (open research). Per the SLICE 4 narrowing (\`RankMonoUmbrellaSlice4\`), the \`<ᵇ⁻ⁿ-shortfall-equal-head\` matched-negative remains. ## Local verification - \`agda -i proofs/agda proofs/agda/Ordinal/Buchholz/RankLexJointBplus.agda\` — clean. - \`agda -i proofs/agda proofs/agda/Ordinal/Buchholz/Smoke.agda\` — clean, exit 0. - \`agda -i proofs/agda proofs/agda/Smoke.agda\` — clean, exit 0. - \`agda -i proofs/agda proofs/agda/All.agda\` — clean, exit 0. - \`bash tools/check-guardrails.sh proofs/agda\` — 160 modules pass. - \`sh scripts/kernel-guard.sh\` — PASS. All eleven new names pinned in \`Ordinal/Buchholz/Smoke.agda\`. ## Test plan - [x] All Agda lanes typecheck locally. - [x] New names pinned in Buchholz Smoke. - [x] Foundation guardrail + kernel-guard pass. - [ ] CI: \`check\` + \`cold-check\` + governance lanes green. - [ ] Auto-merge on green. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 30, 2026
…171) ## Summary Seam-analyst gigafan agent surfaced three documents enumerating the ordinal-track work that referenced only the pre-2026-05-30 state. Updates reflect the **rank-lex-jb (a)+(b)+(c) assembly completion**, the **Path-3 source-rule enrichment**, the **RankMonoUnion architectural realisation**, the **WfCNF wrap**, and the **Gate 2 (well-foundedness) closure**. ## Files | File | Update | |---|---| | \`docs/echo-types/MAP.adoc\` §"Ordinal" Proofs line | Extends the per-module enumeration to mention the six new modules from PRs #165-#170 with their roles | | \`roadmap.adoc\` Lane 3 close-out | Adds the "Slice 3+4 Route A 6-PR arc" subsection with the (a)+(b)+(c) + Path-3 + union + WfCNF + WF breakdown | | \`docs/echo-types/buchholz-rank-obstruction.adoc\` per-constructor verdict table | Updates the \`<ᵇ-+1\` row from "Slice 3 headline remaining" to "closed for strict-head + literal-same-left sub-cases; cross-head rank-equal (Gate 1) open with documented structural blockers". Score footer revised to "12/13 at the per-case level" | ## Honest scope preserved Documents what LANDED, not what's CLOSED-OPEN conceptually. The \`<ᵇ-+1\` joint-bplus case now has **two of three sub-cases closed** (strict-head + literal-same-left); the cross-head rank-equal sub-case (Gate 1) is explicitly documented as still open with both pre-identified unblock routes refuted in PR #146 AND the WfCNF-constraint refutation also closed. R-2026-05-18 retraction narrowings respected: no "graded comonad" / "model-independence" / "universal property" / "conservativity metatheorem" language added. ## Local verification - \`bash tools/check-guardrails.sh proofs/agda\` — 163 modules pass (no Agda touched; docs-only change). ## Test plan - [x] No Agda touched; docs-only diff. - [x] Foundation guardrail still passes. - [ ] CI: governance lanes green. - [ ] Auto-merge on green. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes the two routes flagged as "structurally blocked" by
RankLexSlice3's design note (and Phase13's⊕-mono-≤-leftblock comment) into CHECKED REFUTATIONS — named¬-theorems with explicit counterexamples and irreflexivity-derived ⊥.Both routes are now checked dead-ends rather than prose claims; the consumer cannot accidentally "rediscover" them and the next session's exploration knows exactly which routes are foreclosed.
What lands
StrictLeftMonoRefutedStrictLeftMonoSum(hypothesised property)<′-irreflderived fromwf-<′(standalone helper)osuc-oz-⊕-ω≤oz-⊕-ω— both olims denote ωstrict-left-mono-refutedheadline atα = oz, β = osuc oz, γ = ωAdditivePrincipalGenericRefutedAdditivePrincipalGenericSum(hypothesised generalisation ofadditive-principal-ω-rank-pow)ω<′ω⊕ωpremise witness (branch 1 of the olim suffices)additive-principal-generic-sum-refutedatX = Y = α = β = ω; both premisesω<′ω⊕ω; conclusionω ⊕ ω <′ ω ⊕ ωrefutedWhat this does NOT refute
The genuinely open structural route is the parallel-rank refactor (
rank-lex-jb : BT → RankLexwith a richerbplus-case second-component) mentioned at the bottom ofRankLexSlice3's design note — that one is NOT refuted, just non-local to attempt.Why one PR for two routes
(a) imports
<′-irreflfrom (b), so the modules ship as a logical pair.Test plan
--safe --without-K, zero postulates, no funext.scripts/kernel-guard.shPASS.proofs/agda/Smoke.agda, wired intoproofs/agda/All.agda.