Skip to content

ABI Layer 2: prove forbidden actions are never permitted (ethical safety) — flagship Idris2 proof#33

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/new-session-znxgm7
Jun 27, 2026
Merged

ABI Layer 2: prove forbidden actions are never permitted (ethical safety) — flagship Idris2 proof#33
hyperpolymath merged 1 commit into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Raises phronesiser's Idris2 ABI to Layer 2 with its first flagship semantic proof. phronesiser's headline is provably safe ethical constraints for AI agents; this proves the core safety property: a forbidden action can never be certified permitted. ActionPermitted has no inhabitant for a forbidden action, the certifier is proven sound (Permitted ⇒ ActionPermitted), and forbiddenNeverPermitted : Not (...) is the headline safety theorem.

Mirrors the estate flagship-proof pattern: action/policy model, uninhabited bad case, sound+complete Dec, certifier proven sound, positive + negative controls.

Changes

  • Adds src/interface/abi/Phronesiser/ABI/Semantics.idrAction/policy, ActionPermitted, sound+complete decision, certifyPermitted/soundness, and the safety theorem forbiddenNeverPermitted.
  • Registers the module in phronesiser-abi.ipkg.

RSR Quality Checklist

Required

  • Tests pass — ABI builds clean (see Testing)
  • Linter clean — zero warnings
  • No banned language patterns
  • No banned functions — genuine proof
  • SPDX headers present
  • No secrets

As Applicable

  • ABI/FFI changes validated — additive proof; FFI untouched

Testing

Verified with Idris2 0.7.0: idris2 --build phronesiser-abi.ipkg → exit 0, zero warnings. Adversarial check: a deliberately-false proof (certifying a forbidden action as permitted) was rejected. build/ removed.

🤖 Generated with Claude Code

https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx


Generated by Claude Code

Raises the Phronesiser Idris2 ABI to Layer 2 with a flagship, machine-checked
semantic proof of the repo's headline property ("provably safe ethical
constraints for AI agents").

Model: a deontic policy partitions agent actions into Allow/Deny. The
`ActionPermitted` proposition has NO constructor admitting a `Deny` verdict, so
a forbidden action is structurally uncertifiable.

Proven:
- decActionPermitted: sound + complete `Dec (ActionPermitted a)`.
- certifyPermittedSound: certifier soundness (Ok => ActionPermitted).
- safeInformPermitted: positive control (inhabited permission witness).
- forbiddenNeverPermitted: negative control / core safety theorem
  `Not (ActionPermitted forbiddenDeploy)`.
- forbiddenNeverCertifiedOk: corollary that the forbidden action is never Ok.

Non-vacuity confirmed: a deliberately false witness
`PermitAllow Refl : ActionPermitted forbiddenDeploy` is rejected by idris2
(Allow vs Deny mismatch). Build is clean (exit 0, zero warnings).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
@hyperpolymath hyperpolymath marked this pull request as ready for review June 27, 2026 19:52
@hyperpolymath hyperpolymath merged commit 1a0ad20 into main Jun 27, 2026
22 of 24 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 27, 2026 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants