theory: Axis 8 sweep — join + composition trio (Rungs A + B; Rung C deferred)#75
Merged
Merged
Conversation
Extends `EchoAccess.agda` (PR #68 thin slice) with the join structure and per-decoration composition trio, completing the same recipe as `EchoGraded` and `EchoLinear` at the per-decoration composition rung. Rung A — categorical join structure: * `_⊔a_` — componentwise max along free ≤ decidable ≤ enum ≤ feasible ≤ infeasible. * `≤a-⊔a-left` — join is an upper bound on its left summand. * `≤a-⊔a-right` — join is an upper bound on its right summand. * `≤a-⊔a-univ` — universal property: any common upper bound of `c1` and `c2` is dominated by their join. Rung B — per-decoration composition trio: * `degrade-access-comp` — two successive degrades along a factoring `c1 ≤a c2 ≤a c3` agree with a single degrade along the composed ordering proof. Closes `refl` on every reachable constructor pair. * `degrade-access-compose` — factoring-free composition: any direct `p13 : c1 ≤a c3` agrees with the composed-via-`c2` degrade. Corollary of `degrade-access-comp` + `≤a-prop`. * `degrade-access-via-join` — same law restated through the join: any degrade to a common upper bound factors through the `c1 ⊔a c2` join. Rung C — honest carriers — deferred with written design note: An honest `enum`-grade carrier needs an enumerator `Fin n → A` and a decider on `B`, neither of which can be supplied without breaking the parametricity over `A` that `Echo f y` enjoys at the `free` grade. The two cleanest resolutions are (a) parameterise `CEcho` on `Decidable B` + an enumeration witness (forces every caller to supply them, even at `free` where they do nothing), or (b) bury both in an existential inside `enum` / `feasible` / `infeasible` cases (loses the ability to extract from outside). Both are real architectural choices — Stop-condition in the PR brief flagged this as the design-decision case. The composition layer landed here is grade-indexed not carrier-indexed, so it is unaffected by the eventual carrier choice. Module preamble carries the full deferral note. All new headlines pinned in `Smoke.agda` (`_⊔a_`, `≤a-⊔a-left`, `≤a-⊔a-right`, `≤a-⊔a-univ`, `degrade-access-comp`, `degrade-access-compose`, `degrade-access-via-join`). Module preamble section list refreshed; `degrade-access` follow-up commentary updated to reflect that the trio now lands in-file. No new dependencies — the existing `Echo`, `EchoDecidable`, `Level`, `Data.Product.Base`, `Relation.Nullary.Decidable.Core`, and `Relation.Binary.PropositionalEquality` (now also re-exporting `sym`) remain the sole imports. No postulates. `--safe --without-K` preserved. BUILD UNVERIFIED LOCALLY — the sandbox repeatedly blocks `agda` invocations on positional file arguments (the known quirk noted on PRs #71 + #72). Parent session will verify and post a confirmation comment. Refs PR #68, roadmap.md Axis 8 entry, /tmp/echo-types-exploration/axis8.md §5 (deferred list). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
Author
|
Fix pushed: commit Audit by
Total 10, exactly the diff.
Sandbox still blocks |
Owner
Author
|
Fix verified green from parent session: The 10-clause RHS fix in |
This was referenced May 20, 2026
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…-rot (#79) ## Summary Three independent bookkeeping items consolidated to avoid PR churn: 1. **CLAUDE.md "Current rung state (2026-05-20)"** — full session arc for the echo-types swarm (PRs #67-#72, #74-#77). §"Theory work — no proof assistant needed" is now essentially closed (Lane 2 BalancedTolerance is #78, awaiting review). Two patterns formalised (per-lemma Smoke pin for parameterised modules; `sandbox.excludedCommands` workaround for the agda positional-arg sandbox quirk). Plan for next Claude included. 2. **EchoAccess `Lift ⊤` carrier — design closure.** The post-#75 carrier-honesty work hit a structural wall on the owner-authorised existential design: `degrade-access` becomes uninhabitable because the access lattice tracks **decreasing** information as you climb, so degrading must drop info, never fabricate it. Conclusion: `Lift ⊤` IS the right honest carrier at the top of the lattice (same sense as `EchoGraded.forget = ⊤`). New `docs/echo-types/decisions/echo-access-trivial-carrier.adoc` captures the closure; `EchoAccess.agda` module header updated from "Deferred to follow-up" to "Resolved 2026-05-20" with the structural reasoning. 3. **Complete `≤a-⊔a-univ` baseline-rot** — 10 more wrong-RHS clauses in the same family as commit `a8ac211` (which fixed only some of the strict-inequality witnesses). Discovered by Agda 2.8.0 on a clean `.agdai` cache; previous "verified green" reports were spuriously passing because of stale incremental builds. Same diagnosis: when `c1 ⊔a c2 = c2` (strict `c1 < c2`), the universal property witness needs `c2≤c` shape (p2), not `c1≤c` shape (p1). Fixed clauses span the decidable/enum/feasible/infeasible rows. ## Test plan - [x] `LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/All.agda` exits 0 on Agda 2.8.0 - [x] `LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/Smoke.agda` exits 0 on Agda 2.8.0 - [x] `--safe --without-K` invariants intact - [x] No postulates introduced - [x] No escape pragmas - [ ] CI Agda check passes - [ ] AsciiDoctor render of new decisions adoc (no asciidoctor in environment; hand-inspected against `decisions/no-2-cat.adoc` template) Refs CLAUDE.md "Rung-consolidation policy" §4 ("Update machine docs"). Does **not** close any issue. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
Lands the deferred Rung C from PR #74 / axis-2 design-note §7 via option (b) of the post-#74 design call: a separate `BalancedTolerance` record layered on `Tolerance` (mirroring how `Separated` is layered on `PseudoMetric`), NOT a mutation of the base `Tolerance` interface. Landed: * `BalancedTolerance T` record — `+-identityˡ : ∀ ε → zero + ε ≡ ε` and `+-identityʳ : ∀ ε → ε + zero ≡ ε`. Base `Tolerance` interface untouched. * `echo-approx-comp-retract-B` — B-component pin: the canonical-split section picks `b := f x` definitionally (`refl`; no BT needed). * `echo-approx-comp-retract-budget` — budget round-trip: `(zero + ε) ≡ ε` from `BalancedTolerance.+-identityˡ`. * `echo-approx-comp-retract-from-to` — budget-aligned A-component round-trip: `proj₁ (subst _ (+-identityˡ ε) (sound (retract-to e))) ≡ proj₁ e`, via the `subst-A-invariant` auxiliary. * `trivialBalancedTolerance` pin in `EchoApproxInstance.agda` (both identity laws discharge to `refl` on `Tol := ⊤`) and the four new per-lemma headlines pinned through `Smoke.agda` per the PR-#71 hygiene pattern. * `docs/echo-types/composition.md` §Q3 refreshed: option-(b) design cited, new round-trip lemmas enumerated, leftover deferred work (Lipschitz; transported full equality needing `_≤_`-propositionality) re-stated honestly. The full transported equality `subst _ (+-identityˡ ε) (sound (retract-to e)) ≡ e` is NOT discharged — it would require propositionality of the order `_≤_` on the inner bound, which the `Tolerance` interface deliberately does not assert. The A-component statement above is the strongest available without that extra structural hypothesis; this is noted in the file header, module preamble, and `composition.md`. Agda status. `EchoApprox.agda` + `EchoApproxInstance.agda` typecheck clean on Agda 2.8.0 (both `.agdai` produced from a clean cache). `proofs/agda/Smoke.agda` itself cannot be driven to exit 0 in this sandbox because of a pre-existing baseline-rot error in `proofs/agda/EchoAccess.agda:400` on origin/main (Agda 2.8 stricter unification rejects a `decidable ⊔a enum` reduction landed in PR \#75; unrelated to this change). CI is expected to run on the pinned stdlib v2.3 + apt-shipped older Agda where that reduction still goes through. Refs PR #74, /tmp/echo-types-exploration/axis2-approximate.md §7. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…rip (#78) ## Summary Lands the deferred Rung C from PR #74 / axis-2 design-note §7 via the post-#74 design decision — **option (b)**: a separate `BalancedTolerance` record layered on `Tolerance` (mirroring how `Separated` is layered on `PseudoMetric`), **NOT** a mutation of the base `Tolerance` interface. ## Landed - `BalancedTolerance T` record — `+-identityˡ : ∀ ε → zero + ε ≡ ε` and `+-identityʳ : ∀ ε → ε + zero ≡ ε`. The base `Tolerance` interface stays untouched. - `echo-approx-comp-retract-B` — B-component pin: the canonical-split section picks `b := f x` definitionally (`refl`; no `BT` needed). - `echo-approx-comp-retract-budget` — budget round-trip: `(zero + ε) ≡ ε` from `BalancedTolerance.+-identityˡ`. - `echo-approx-comp-retract-from-to` — budget-aligned A-component round-trip: `proj₁ (subst _ (+-identityˡ ε) (sound (retract-to e))) ≡ proj₁ e`, via a small `subst-A-invariant` auxiliary. - `trivialBalancedTolerance` instance in `EchoApproxInstance.agda` (both identity laws discharge to `refl` on `Tol := ⊤`) plus the four new per-lemma headlines pinned through `Smoke.agda` per the PR #71 hygiene pattern. - `docs/echo-types/composition.md` §Q3 refreshed: option-(b) design cited, new round-trip lemmas enumerated, leftover deferred work re-stated honestly. ## Out of scope (still deferred) The full transported equality `subst _ (+-identityˡ ε) (sound (retract-to e)) ≡ e` is **not** discharged here — it would require propositionality of `_≤_` on the inner bound, which `Tolerance` deliberately does not assert. The A-component statement above is the strongest available without that extra structural hypothesis; documented in the file header, module preamble, and `composition.md`. The Lipschitz generalisation (`L_g ≠ 1`) is still deferred — it needs multiplication on `Tolerance`, an orthogonal interface call. ## Agda status - `EchoApprox.agda` + `EchoApproxInstance.agda` typecheck clean on Agda 2.8.0 (both `.agdai` produced from a clean cache in the worktree sandbox). - `proofs/agda/Smoke.agda` itself **cannot** be driven to exit 0 in this sandbox because of a pre-existing baseline-rot error at `proofs/agda/EchoAccess.agda:400` on `origin/main` (Agda 2.8 stricter unification rejects a `decidable ⊔a enum` reduction landed in #75; unrelated to this change). CI runs on the apt-shipped older Agda + pinned stdlib v2.3 where that reduction still goes through — the green CI signal here is the merge oracle. ## Test plan - [ ] CI (`agda.yml`) green on the `theory/echo-approx-balanced-tolerance` branch with `--safe --without-K`, no postulates. - [ ] `agda proofs/agda/All.agda` and `agda proofs/agda/Smoke.agda` both exit 0 on CI. - [ ] Verify the four new headline pins (`approx-comp-retract-B`, `approx-comp-retract-budget`, `approx-comp-retract-from-to`, `approx-subst-A-invariant`) appear in `Smoke.agda` and resolve against `EchoApproxInstance`. ## References - Builds on / refs PR #74 (Rung B; `Separated` layer + `echo-strict→approx` + axis-1 shadow), PR #71 (per-lemma Smoke pins via instance module). - Closes the Rung-C portion of `/tmp/echo-types-exploration/axis2-approximate.md` §7 obligations (B-component + budget round-trip). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…luster landed (#92) ## Summary Three small accuracy passes through `docs/echo-types/` after the earn-back programme, the §"Theory work — no proof assistant needed" section, and the canonical examples cluster (5/9/10) all closed in this session. Pure prose; no Agda changes. ### 1. `roadmap.md` §"Theory work" — two stale items refreshed * **Axis 8** line said the *decidability-respecting* candidate had shipped but listed the other three as still candidate refinements. All four have now shipped: `EchoDecidable`, `EchoCost` (#85), `EchoAccess` (#68 / #75), `EchoSearch` (#80). Updated to credit all four. * **Negative / co-echoes** line was `[unblocked]`; now `[landed]` — `AntiEcho` (#69), tropical decomposition concrete + generic (#72 + #91), `antiecho-partition-dec` (#90). Names the `coecho.md` §5 obligation-5 / obligation-6 closures explicitly. After these edits, every item in §"Theory work — no proof assistant needed" is either `[landed]` or `[ruled out]`/`[refreshed]` — the section is genuinely closed. ### 2. `roadmap.md` §"Example work" — three items landed * ex. 5 (`EchoExampleProvenance`, #81) → `[landed]` * ex. 9 (`EchoExampleParser`, #83) → `[landed]` * ex. 10 (`EchoExampleAbsInt`, #82) → `[landed]` Only ex. 6 (approximate-echo numeric example) remains `[unblocked]`. ### 3. `earn-back-plan.adoc` — stale `roadmap-gates.adoc` claim corrected * Header note used to say "the gate discipline was historically attributed to a `roadmap-gates.adoc`; that file does not exist in-tree". The file **does** exist (created 2026-05-18; see its preamble). Header rewritten to list `roadmap-gates.adoc` alongside `retractions.adoc` / this plan / `next-questions.adoc` as the four canonical loci. * Ledger row D (the "doesn't exist" entry) marked **CLOSED 2026-05-20** with the cite reflecting current reality. ## Test plan * [x] Pure docs / `.adoc` / `.md` edits — no Agda touched * [x] `agda proofs/agda/All.agda` exit 0 (confirms docs match code) * [x] `agda proofs/agda/Smoke.agda` exit 0 * [x] No retracted-claim language moved; no earned-back claim overclaimed; `paper.adoc` / `types-abstract.adoc` / `conservativity.adoc` untouched ## Scope Disjoint from all currently-open PRs: * #88 (F3) — touches Agda + `retractions.adoc` (different sections) + `earn-back-plan.adoc` Status (different section from header / ledger-D) * #90 (partition-dec) — touches Agda only * #91 (generic-codomain) — touches Agda + preamble comments No retracted claim is moved. No earned-back claim is overclaimed. `paper.adoc` / `types-abstract.adoc` / `conservativity.adoc` are intentionally untouched (owner-gated, per the posture set by #86 / #88). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 10 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in secret-scanner.yml",
"type": "missing_workflow",
"file": "secret-scanner.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/cache@v4 needs attention",
"type": "unpinned_action",
"file": "agda.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "No dependabot.yml or renovate.json found in echo-types",
"type": "DependencyUpdate",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "high",
"remediation": "Add .github/dependabot.yml or renovate.json configuration.",
"scorecard_check": "Dependency-Update-Tool"
},
{
"reason": "Nominal-only SAST in echo-types: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
"type": "StaticAnalysis",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Add CodeQL or equivalent SAST workflow.",
"scorecard_check": "SAST"
},
{
"reason": "1 workflow(s) with tag-pinned (not SHA-pinned) actions in echo-types",
"type": "DependencyPinning",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Pin GitHub Actions and Docker base images by SHA hash.",
"scorecard_check": "Pinned-Dependencies"
},
{
"reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends
proofs/agda/EchoAccess.agda(the PR #68 thin slice) with the join structure and per-decoration composition trio, completing the same recipe asEchoGradedandEchoLinearat the per-decoration composition rung.Rung A — categorical join structure.
_⊔a_(componentwise max alongfree ≤ decidable ≤ enum ≤ feasible ≤ infeasible) +≤a-⊔a-left+≤a-⊔a-right+≤a-⊔a-univ(universal property).Rung B — per-decoration composition trio.
degrade-access-comp— two successive degrades along a factoring agree with one degrade along the composed proof. Closesreflon every reachable(p12, p23)constructor pair (the carriers reduce in lock-step with≤a-trans).degrade-access-compose— factoring-free composition; corollary ofdegrade-access-comp+≤a-prop.degrade-access-via-join— same law restated through the join.Rung C — honest carriers — deferred with design note. An honest
enum-grade carrier needs an enumeratorFin n → Aand a decider onB. Neither can be supplied without breaking the parametricity overAthatEcho f yenjoys at thefreegrade. The two clean resolutions are (a) parameterise the wholeCEchofamily onDecidable B+ an enumeration witness (forces every caller to supply them, even atfreewhere they do nothing), or (b) bury both in an existential inside theenum/feasible/infeasiblecases (loses the ability to extract from outside). Both are real architectural choices — the PR brief's Stop-condition explicitly flagged this as the design-decision case and instructed landing A + B with a written deferral.Importantly, the composition layer that lands here is grade-indexed not carrier-indexed, so it is unaffected by the eventual carrier choice. Module preamble carries the full deferral note.
All new headlines pinned in
Smoke.agda. Module preamble section list refreshed;degrade-accessfollow-up commentary updated. No new imports beyondsymfromRelation.Binary.PropositionalEquality. No postulates.--safe --without-Kpreserved throughout.Build status
BUILD UNVERIFIED LOCALLY — the sandbox repeatedly blocked
agdainvocations on positional file arguments (the known quirk that hit PRs #71 + #72). Parent session will verify (LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/All.agdaand same forSmoke.agda, both expected to exit 0) and post a confirmation comment.The mathematical content is mechanical mirror of
EchoGraded.{degrade-comp, degrade-compose, degrade-via-join, ⊔g, ≤g-⊔g-*}(with 5 grades instead of 3) andEchoLinear.{degradeMode-comp, degradeMode-compose, degradeMode-via-join, ⊔m, ≤m-⊔m-*}(with 5 grades instead of 2). Every clause closesreflmodulo the≤a-transreduction table that already ships in PR #68.Refs
Refs PR #68 (the thin slice),
docs/echo-types/roadmap.mdAxis 8 entry,/tmp/echo-types-exploration/axis8.md§5 deferred list.Test plan
LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/All.agdaexits 0.LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/Smoke.agdaexits 0.--safe --without-Kpreserved.Smoke.agda.Generated with Claude Code