docs(proof): KRL-specific proof narrative + assumption registry; drop template content#23
Merged
Conversation
Replaces eight rsr-template proof files (Coq/Lean4/Idris2) that
contained zero KRL-specific content (generic typed-arithmetic example,
generic ApiResult, generic Bounded/SafePtr) with a coherent proof
story scoped to the KRL surface language.
Added:
- PROOF-NARRATIVE.md — coherent story of what KRL proves, what it
assumes, what it owes. Covers KR-1..KR-8 with statement, "why
valuable", status, explicit assumptions, and "how to discharge".
- ASSUMPTIONS.md — registry of every load-bearing unproven
assumption (12 entries: MATH / DESIGN / EMPIRICAL / CRYPTO).
Rewritten:
- PROOF-NEEDS.md — 8-row per-obligation checklist (KR-1..KR-8)
with category, prover, priority, effort estimate. Previously was
a template scaffold with the project-specific section empty.
- TEST-NEEDS.md — KRL-specific (CRG D, real test inventory).
Previously referred to rsr-template-repo throughout and claimed
CRG Grade C achieved (for the template, not KRL).
- PROOF-STATUS.md — now reflects actual KR-1..KR-8 (0 proven, 2
partial, 6 not started) instead of 7 mythical template
obligations.
Deleted (recoverable from rsr-template-repo upstream):
- verification/proofs/coq/TypeSafety.v (generic typed arithmetic)
- verification/proofs/lean4/ApiTypes.lean (generic ApiResult)
- verification/proofs/idris2/Types.idr (generic Bounded/NonEmpty)
- verification/proofs/idris2/ABI/{Pointers,Foreign,Layout,Platform,Compliance}.idr (generic ABI scaffolds)
None asserted anything about KRL. Their headers said "Template —
replace with your project's ..." explicitly. The 2026-06-01 audit
found they were creating a false impression of formal verification.
The actual semantic-core proofs that KRL benefits from live in
hyperpolymath/tangle/proofs/Tangle.lean (16 results: Progress,
Preservation, Determinism, Type Safety + 12 lemmas), tracked in
that repo's PROOF-STATUS, referenced from this repo's narrative.
README.adoc updated: removed "TanglePL compiler module (this repo)"
claim — the compiler lives in KRLAdapter.jl, not here. Owner field
added to satisfy global pre-commit Owner check.
Part of the focused krl + quandledb + tangle audit/elevation pass.
Not estate-wide.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 71 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dependabot-automerge.yml",
"type": "missing_timeout_minutes",
"file": "dependabot-automerge.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in governance.yml",
"type": "missing_timeout_minutes",
"file": "governance.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This was referenced Jun 1, 2026
hyperpolymath
added a commit
that referenced
this pull request
Jun 1, 2026
…ve index) (#25) KR-7 from PROOF-NARRATIVE.md §3: `sigma N`, `sigma_inv N`, `cup N`, `cap N` must be accepted iff N >= 1. The canonical parser in `KRLAdapter.jl` raises a "zero index" error for `sigma 0` etc., and negative indices are outside the lexer's positive-Int recognition. The smoke test now asserts that no committed example contains such a pattern. Added check 4b in tests/smoke/grammar_smoke.sh: - Grep examples for `<gen> 0` — fail if present. - Grep examples for `<gen> -<digits>` — fail if present. - Report pass for examples with no violation. This is a positive smoke check, not a parser-correctness proof; full KR-7 discharge requires a parser-level property test (deferred to follow-up — see PROOF-NEEDS.md TG-K3 entry). The smoke version catches accidental commits of malformed examples and stays in the existing lexical-level CI lane. Verified locally: - Original 4 examples: 20 passing checks (was 16; added 1 KR-7 pass per file × 4 files). - Synthetic example `let bad = (sigma 0); close bad;` correctly fails with "generator with zero index violates KR-7 (sigma 0)". Cross-references: - PROOF-NARRATIVE.md KR-7 (added in PR #23) - ASSUMPTIONS.md A-KR-2.1 - TEST-NEEDS.md TG-K3 (added in PR #23) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace template-content "proofs" with a coherent KRL-specific proof narrative and an explicit assumption registry.
What's added
PROOF-NARRATIVE.md— single coherent story of what KRL proves, what it assumes, and what it owes. Covers obligationsKR-1..KR-8with statement, why valuable, status, explicit assumptions, and how to discharge per obligation.ASSUMPTIONS.md— registry of every load-bearing unproven assumption (12 entries, classified MATH / DESIGN / EMPIRICAL / CRYPTO).What's rewritten
PROOF-NEEDS.md— 8-row per-obligation checklist (KR-1..KR-8) with category, prover, priority, effort. Previously was a template scaffold with the "Project-Specific Proofs" section empty (just| | | | | | |).TEST-NEEDS.md— KRL-specific (CRG D, real test inventory). Previously referred to "rsr-template-repo" throughout and claimedCRG Grade: C — ACHIEVED 2026-04-04which referred to the template, not KRL.PROOF-STATUS.md— now reflects actual KR-1..KR-8 obligations (0 proven / 2 partial / 6 not started) instead of 7 mythical template obligations.What's deleted (recoverable from rsr-template-repo upstream)
verification/proofs/coq/TypeSafety.vInductive ty := TyNat | TyBooltyped arithmeticverification/proofs/lean4/ApiTypes.leanApiResult αFunctor laws +BoundedNatverification/proofs/idris2/Types.idrBoundedrecord +NonEmptylistverification/proofs/idris2/ABI/Pointers.idrSafePtr+Handle.../Foreign.idr.../Layout.idr.../Platform.idr.../Compliance.idrThe 2026-06-01 audit found these were creating a false impression of formal verification:
PROOF-STATUS.mdclaimed "7 proofs remaining, 0 proven" without acknowledging that the 7 listed were templates.README correction
README.adocclaimed the KRL parser/lowering lives in this repo ("TanglePL compiler module (this repo)"). It does not — it lives inKRLAdapter.jl(canonical) andquandledb/server/krl/(server-side query parser). The architecture diagram is corrected to attribute implementations to their actual repos.What KRL's soundness actually rests on now
The actual semantic-core proofs live in
hyperpolymath/tangle/proofs/Tangle.lean(16 results including Progress, Preservation, Determinism, Type Safety + 12 lemmas). KRL's job is the lowering —PROOF-NARRATIVE.mdmakes that obligation explicit (KR-1, KR-2, KR-3) instead of papering over it.Test plan
panic-attack assail --proofs-onlyno longer reports template-content false-positives.Part of the focused
krl + quandledb + tangleaudit/elevation pass. Not estate-wide. Companion PRs intangleandquandledbadding their own PROOF-NARRATIVE + ASSUMPTIONS follow.🤖 Generated with Claude Code