Roadmap: consolidated proof-debt ledger (full-repo audit 2026-05-18)#49
Merged
Merged
Conversation
Adversarial three-reviewer review + a codebase pressure-test found no
in-repo defense for five central claims; two were contradicted by the
repo's own Gate-2 audit. This commit corrects the PROSE downward to
what the Agda actually establishes. No proof is weakened — Agda is
unchanged except for line-comment retraction banners; full build
(All.agda then Smoke.agda) still exits 0 under --safe --without-K.
Retracted -> replaced:
- "graded comonad" -> loss-graded reindexing modality
(thin-poset action; no nested D_r D_s)
- "terminal-cone universal
property" -> funext-relative pointwise mediator
- "two independent models /
model-independence" -> carrier-parametricity, fixed grade poset
- "conservativity metatheorem
discharged by the build" -> postulate-free build = evidence, not proof
- "funext quarantined" -> no funext anywhere; pointwise mediator
IS the real funext boundary
- docs/retractions.adoc: created (canonical log roadmap-gates.adoc
referenced but never existed); entry R-2026-05-18.
- docs/echo-types/earn-back-plan.adoc: created; Pillar F gated program
to convert retractions back into theorems (F1 make-or-break).
- paper/conservativity/types-abstract/establishment-plan: reframed;
"submission-ready" status withdrawn from the abstract.
- Smoke.agda + 7 modules: top retraction banners (comments only).
- ECHO-CNO-BRIDGE.adoc: scope note (its distinct, valid "model
independence" is NOT retracted; disambiguated, not over-applied).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The .envrc declared `use flake` but no flake.nix existed, so direnv failed. Add a devShell pinned to nixpkgs nixos-24.11: - rustc 1.82.0 + cabal-install 3.12.1.0 (exact .tool-versions match), agda 2.7.0.1, ghc 9.6.6, just 1.38.0 - Agda libraries: standard-library (nixpkgs, reproducible) + absolute-zero (local ~/dev/repos checkout; no usable upstream pkg), wired via a generated AGDA_DIR/libraries in the shellHook - .gitignore: ignore the generated .agda/ dir Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…05-18) Full-repo proof-debt audit. Confirmed zero postulates / zero escape pragmas across all 88 modules — no hidden debt. Catalogues every disclosed/structural debt as a single index (items A–E2): Pillar F gates F1–F4; the Buchholz direct-order structural-fidelity gap; the characteristic/ open obligations (EI-2 unaffected); the dangling roadmap-gates.adoc canonical-pointer drift; Transport.agda's two symbolic-ℚ open items + the corrected MEMORY.md index line. Records a recommended order of attack. Moves no claim; reframed docs stay as they are until their gate is green (per Guardrails). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… positive, coassoc open) (#48) **Draft / checkpoint — do not merge.** Stacked on #47 (depends on the earn-back plan it introduces). ## Finding First execution of Gate F1 (`docs/echo-types/earn-back-plan.adoc`) — the make-or-break gate for earning back the retracted "graded comonad" claim. `proofs/agda/EchoGradedComonadF1.agda` typechecks `--safe --without-K`, **zero postulates** (verified). **Decisive result: no foundational obstruction.** Agda demanded no K, no funext, no postulate. The monoid-graded iterated-residue candidate delivers, mechanised: - non-collapsing graded functor `D r` (separating witness `D2-nontrivial` — not ⊤) - functor laws - **nested** `δ : D (m+n) A → D m (D n A)` (the structure the retracted dev never had) - counit-right ✅ ; counit-left ✅ (only non-structural tool: ℕ-UIP, K-free) ## Open (F1 NOT passed) `gc-coassoc` — base + skeleton close; inductive step has an isolated proof-engineering type-mismatch needing an explicit δ-naturality-over-`R` lemma. Stated in-file as a precise OPEN obligation: **not postulated, not softened, not wired into `All.agda`/`Smoke.agda`**. Per the plan guardrail (close-but-not-closed = failed-and-logged), **no reframed claim moves** until F1 fully passes. This PR preserves the feasibility finding only. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ngelog Both sides are sequential 2026-05-18 == Status bullets; kept both in chronological order (ledger added → F1 feasibility spike run). No claim or gate moved; nothing retracted reinstated (verified per R-2026-05-18). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…/F4 independent Resolves an internal contradiction: the Gate F1 header said "everything else is gated on F1; other gates not attempted until F1 passes", but the gate descriptions (F2 line 101, F4 lines 157-159) and "Recommended order of attack" (F4+F2 in parallel, first) state F2/F4 are independent of F1. Header now matches the rest of the doc. Doc-only; moves no claim; the retraction posture (claims stay retracted until a gate passes) is unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
# Conflicts: # docs/echo-types/earn-back-plan.adoc
hyperpolymath
added a commit
that referenced
this pull request
May 18, 2026
…50) Stacked on #49 (proof-debt ledger) → #47 (corrective reframe). Two Pillar F earn-back gates pass, each strictly to its mechanised strength. ## Verified - **F4** — `proofs/agda/EchoPullbackUnivF4.agda`: strict terminal-cone universal property `m' ≡ m` as a function of an **explicit `funext` module parameter** (`FunExt₀`, *never a postulate* — the `Echo.agda` cancel-iso idiom). Funext-free pointwise mediator kept as the corollary. Unconditional claim **stays retracted**. - **F2** — `proofs/agda/EchoStepNDModelF2.agda`: a genuine second model of the **bare Echo functor** on `EchoRelational.StepND`, provably **not the graph of any function** under any state relabelling (`nd-not-graph`, checked `true ≢ false`). Same interface the deterministic model uses (`EchoFunctorModel`; functor laws via generic `map-rel-id`/`map-rel-comp`); agreement has content (`StepND` fibre = disjoint sum of deterministic branches by constructor case analysis — not `refl`, not Σ-η on `× ⊤`). Both `--safe --without-K`, **zero postulates**, wired into `All.agda`, pinned in `Smoke.agda`. Full + smoke build green (`agda All.agda` / `Smoke.agda` exit 0). ## Scope discipline (what is NOT earned back) F2 is the **Echo functor only**. The graded-comonad claim (no nested `D_r D_s`), modality-level model-independence, and the conservativity metatheorem **remain fully retracted**. Gates **F1** (coassoc open) and **F3** (gated on F1) remain open. No claim moved beyond its hypothesis license. ## Docs - `docs/retractions.adoc` — append-only follow-up **F-2026-05-18a** under R-2026-05-18 (entry not edited; policy-compliant). - `paper.adoc` — §3 NOTE (F4 conditional), §6 NOTE (F2 scoped), conclusion partial-earn-back paragraph. - `conservativity.adoc` — scope bullet + dated revision-history entry (statement unchanged: still *evidence for*). - `types-abstract.adoc` — contributions 2 & 5 scoped addenda (submission-ready status remains withdrawn). - `earn-back-plan.adoc` — ledger rows A2/A4 → PASSED, Status + recommended-order updated. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 10 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in secret-scanner.yml",
"type": "missing_workflow",
"file": "secret-scanner.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/cache@v4 needs attention",
"type": "unpinned_action",
"file": "agda.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "No dependabot.yml or renovate.json found in echo-types",
"type": "DependencyUpdate",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "high",
"remediation": "Add .github/dependabot.yml or renovate.json configuration.",
"scorecard_check": "Dependency-Update-Tool"
},
{
"reason": "Nominal-only SAST in echo-types: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
"type": "StaticAnalysis",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Add CodeQL or equivalent SAST workflow.",
"scorecard_check": "SAST"
},
{
"reason": "1 workflow(s) with tag-pinned (not SHA-pinned) actions in echo-types",
"type": "DependencyPinning",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Pin GitHub Actions and Docker base images by SHA hash.",
"scorecard_check": "Pinned-Dependencies"
},
{
"reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #47 (corrective reframe). Doc-only; moves no claim.
What this does
Full-repo proof-debt audit added as a single consolidated ledger in
docs/echo-types/earn-back-plan.adoc. Confirmed zero postulates / zero escape pragmas across all 88 Agda modules — no hidden debt; every catalogued item is disclosed-in-comment or structural-fidelity.Ledger (items A–E2)
gc-coassoc(open, not postulated, feasibility positive); F2 StepND second model; F3 second comonad model; F4 funext-parameterised universal property._<ᵇ_direct-constructor presentation incomplete (same-binder sub-cases deferred pending K-free reformulation);ExtendedOrder.agdais the honest closed WF wrapper. Off the paper critical path.characteristic/open obligations (general recipe-non-triviality,Mode-is-loss-only,ChoreoInjective2–5). EI-2 unaffected (terminated-negative).RoleRole.agdareclassified as a closed negative result, not a debt.docs/roadmap-gates.adocis cited by ≥7 docs but does not exist; canonical role split acrossretractions.adoc/ earn-back-plan /next-questions.adoc. Lead paragraph corrected; reconcile by back-link, not by fabricating retroactive gate history.Transport.agdatwo symbolic-ℚ open items; funext sidestepped viaVec ℚ n(no funext debt).MEMORY.mdindex line for transport Gate-3 corrected to match the (current) note body.Includes a recommended order of attack (F4+F2 parallel → F1 coassoc → doc-integrity → Buchholz → characteristic).
🤖 Generated with Claude Code