docs(policies): trusted-base reduction policy for proof debt#203
Merged
Conversation
Closes Item 5 of the 2026-05-26 estate tech-debt audit follow-up
(standards#195).
Adds docs/TRUSTED-BASE-REDUCTION-POLICY.adoc — formalises the boj-server
backend-assurance harness pattern as an estate-wide policy for managing
soundness-relevant escape hatches:
- Coq Axiom/Admitted, Lean sorry/axiom, Agda postulate, Idris2
believe_me/assert_total/partial, F* assume val, Dafny :axiom,
TODO PROOF / OWED markers, Rust/Haskell unsafePerformIO/unsafeCoerce.
Every escape hatch in the estate MUST be one of:
(a) DISCHARGED — proof exists, marker removed
(b) BUDGETED — covered by property/adversarial tests at a documented
refutation budget (the budget is load-bearing)
(c) NECESSARY — encodes a metatheoretic assumption with citation
(funExt, propositional truncation, etc.)
A marker that is none of (a)/(b)/(c) is DEBT; lives in
docs/proof-debt.md §(d) with deadline + owner.
Includes:
- docs/proof-debt.md schema with §(a)/(b)/(c)/(d) sections.
- TRUSTED:/AXIOM: leading-comment annotation conventions per language.
- Enforcement plan: a future check-trusted-base.sh in
governance-reusable.yml, same shape as standards#201
check-licence-consistency.sh.
- Initial migration priority list (P0: ephapax + boj-server;
P1: absolute-zero, maa-framework, betlang, proven; P2: standards
itself + 6 mid-density repos).
Status: PROPOSED. Owner-merge gated. After merge, the next PR adds
check-trusted-base.sh; subsequent per-repo PRs seed proof-debt.md
following this schema.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 26, 2026
hyperpolymath
added a commit
to hyperpolymath/boj-server
that referenced
this pull request
May 26, 2026
## Summary - Adds `docs/proof-debt.md` — schema-conformant index for the trusted-base reduction policy ([standards#203](hyperpolymath/standards#203)). - boj-server is the **reference implementation** cited in standards#203. ## Sections | § | Content | |---|---| | (a) DISCHARGED | None — 5 class-J axioms unavoidable in Idris2 0.8.0. | | (b) BUDGETED | Reference to `docs/backend-assurance/` (BEAM-side validation). | | (c) NECESSARY | Table of all 5 axioms in `src/abi/Boj/SafetyLemmas.idr`. | | (d) DEBT | None in ABI layer. | ## What this PR does NOT duplicate Substantive content lives in `PROOF-NEEDS.md` + `docs/backend-assurance/*`. This file references them. ## Companion - standards#195, #203 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 26, 2026
## Summary - Adds `docs/proof-debt.md` enumerating this repo's 129 soundness-relevant escape hatches. - All markers start in §(d) DEBT (initial seed); the maintainer triages each into §(a)/§(b)/§(c) as classification proceeds. - P1 seed in the [estate trusted-base reduction policy](hyperpolymath/standards#203) chain. ## Why this matters Without this file, [`check-trusted-base.sh`](hyperpolymath/standards#211) fails CI on every escape hatch as 'undocumented'. With this file, all 129 markers are at least *enumerated* and the maintainer can disposition them at their own pace. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 26, 2026
Open
Open
🔍 Hypatia Security ScanFindings: 118 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docs/TRUSTED-BASE-REDUCTION-POLICY.adoc— formalises the boj-server backend-assurance harness pattern as estate-wide policy.Axiom,Admitted,sorry,postulate,believe_me,assume val,unsafePerformIO, …):docs/proof-debt.mdwith deadline + owner.docs/proof-debt.mdschema, per-language annotation conventions (TRUSTED:/AXIOM:leading comments), and an enforcement plan (futurescripts/check-trusted-base.shwired intogovernance-reusable.yml).Initial migration order
ephapax(3 Admitteds with discharge plan in memory),boj-server(reference impl).absolute-zero(387 markers),maa-framework(134 in 25 files),betlang(1 named axiom),proven(372 TODO PROOF).standardsitself,typed-wasm,stapeln,vcl-ut,hypatia,snifs,somethings-fishy.Companion PRs
check-trusted-base.sh)🤖 Generated with Claude Code