chore + fix: bookkeeping consolidation + complete ≤a-⊔a-univ baseline-rot#79
Merged
Merged
Conversation
…-rot Three independent bookkeeping items consolidated to avoid PR churn: 1. CLAUDE.md "Current rung state (2026-05-20)" — full session arc covering #67-#72/#74-#77 echo-types swarm: the §"Theory work — no proof assistant needed" roadmap section is now essentially closed. Two patterns formalised (per-lemma Smoke pin for parameterised modules via concrete instance; sandbox.excludedCommands workaround for agda positional-arg quirk). Plan for next Claude included. 2. EchoAccess Lift ⊤ carrier — design closure. Lane 1 of the post-#75 carrier-honesty work hit a structural wall on the owner-authorised existential design: degrade-access becomes uninhabitable because the access lattice tracks DECREASING information as you climb, so degrading must drop info, never fabricate it. Conclusion: Lift ⊤ IS the right honest carrier at the top of the lattice (same sense as EchoGraded.forget = ⊤). New decisions/echo-access-trivial-carrier.adoc captures the closure; EchoAccess.agda module header updated from "Deferred to follow-up" to "Resolved 2026-05-20" with the structural reasoning. 3. Complete ≤a-⊔a-univ baseline-rot — 10 more wrong-RHS clauses in the same family as commit a8ac211 (which fixed only some of the strict-inequality witnesses). Discovered by Agda 2.8.0 on a clean .agdai cache; the previous "verified green" reports were spuriously passing because of stale incremental builds. Same diagnosis: when c1 ⊔a c2 = c2 (strict c1 < c2), the universal property witness needs c2≤c shape (p2), not c1≤c shape (p1). Fixed clauses span the decidable/enum/feasible/infeasible rows. Verified clean on Agda 2.8.0: LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/All.agda exit: 0 LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/Smoke.agda exit: 0 --safe --without-K invariants intact; no postulates introduced; no escape pragmas. Refs CLAUDE.md "Rung-consolidation policy" §4 ("Update machine docs"). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 10 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in secret-scanner.yml",
"type": "missing_workflow",
"file": "secret-scanner.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/cache@v4 needs attention",
"type": "unpinned_action",
"file": "agda.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "No dependabot.yml or renovate.json found in echo-types",
"type": "DependencyUpdate",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "high",
"remediation": "Add .github/dependabot.yml or renovate.json configuration.",
"scorecard_check": "Dependency-Update-Tool"
},
{
"reason": "Nominal-only SAST in echo-types: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
"type": "StaticAnalysis",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Add CodeQL or equivalent SAST workflow.",
"scorecard_check": "SAST"
},
{
"reason": "1 workflow(s) with tag-pinned (not SHA-pinned) actions in echo-types",
"type": "DependencyPinning",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Pin GitHub Actions and Docker base images by SHA hash.",
"scorecard_check": "Pinned-Dependencies"
},
{
"reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three independent bookkeeping items consolidated to avoid PR churn:
CLAUDE.md "Current rung state (2026-05-20)" — full session arc for the echo-types swarm (PRs docs: rule out 2-categorical shape; credit landed EchoApprox + EchoDecidable in roadmap #67-theory: AntiEcho × IsArgmin tropical decomposition #72, theory: EchoApprox deeper rung — separated zero-collapse + axis-1 shadow #74-docs: Gate 1 adjacency refresh — cross-check 5 notes against current taxonomy #77). §"Theory work — no proof assistant needed" is now essentially closed (Lane 2 BalancedTolerance is theory: EchoApprox Rung C — BalancedTolerance + full B/budget round-trip #78, awaiting review). Two patterns formalised (per-lemma Smoke pin for parameterised modules;
sandbox.excludedCommandsworkaround for the agda positional-arg sandbox quirk). Plan for next Claude included.EchoAccess
Lift ⊤carrier — design closure. The post-theory: Axis 8 sweep — join + composition trio (Rungs A + B; Rung C deferred) #75 carrier-honesty work hit a structural wall on the owner-authorised existential design:degrade-accessbecomes uninhabitable because the access lattice tracks decreasing information as you climb, so degrading must drop info, never fabricate it. Conclusion:Lift ⊤IS the right honest carrier at the top of the lattice (same sense asEchoGraded.forget = ⊤). Newdocs/echo-types/decisions/echo-access-trivial-carrier.adoccaptures the closure;EchoAccess.agdamodule header updated from "Deferred to follow-up" to "Resolved 2026-05-20" with the structural reasoning.Complete
≤a-⊔a-univbaseline-rot — 10 more wrong-RHS clauses in the same family as commita8ac211(which fixed only some of the strict-inequality witnesses). Discovered by Agda 2.8.0 on a clean.agdaicache; previous "verified green" reports were spuriously passing because of stale incremental builds. Same diagnosis: whenc1 ⊔a c2 = c2(strictc1 < c2), the universal property witness needsc2≤cshape (p2), notc1≤cshape (p1). Fixed clauses span the decidable/enum/feasible/infeasible rows.Test plan
LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/All.agdaexits 0 on Agda 2.8.0LC_ALL=C.UTF-8 agda -i proofs/agda proofs/agda/Smoke.agdaexits 0 on Agda 2.8.0--safe --without-Kinvariants intactdecisions/no-2-cat.adoctemplate)Refs CLAUDE.md "Rung-consolidation policy" §4 ("Update machine docs"). Does not close any issue.