Skip to content

docs+test: ROADMAP truthfulness audit + drift-detection aspect (closes Phase 0 housekeeping)#60

Merged
hyperpolymath merged 1 commit into
mainfrom
phase-0/housekeeping
May 24, 2026
Merged

docs+test: ROADMAP truthfulness audit + drift-detection aspect (closes Phase 0 housekeeping)#60
hyperpolymath merged 1 commit into
mainfrom
phase-0/housekeeping

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 24, 2026

Summary

Phase 0 housekeeping — the ROADMAP truthfulness audit that docs/PRODUCTION-PATH.adoc §Phase 0 requires before advancing to Phase 1. Three real drifts found and fixed, plus a new aspect-test section that catches this drift class going forward.

Drifts found and fixed

1. spec/10-levels-for-wasm.adocspec/type-safety-levels-for-wasm.adoc

The file was renamed but 5 callers still pointed at the old path:

  • ROADMAP.adoc
  • README.adoc
  • EXPLAINME.adoc (twice)
  • .claude/CLAUDE.md

All updated.

2. EXPLAINME.adoc Idris2 ABI table out of date

EXPLAINME described a pre-restructure architecture (Types.idr / Layout.idr / Access.idr / Effects.idr / Linearity.idr / Foreign.idr). The actual structure is src/abi/TypedWasm/ABI/{Region, TypedAccess, Pointer, Levels, Effects, Lifetime, Linear, MultiModule, Layout, Proofs, SessionProtocol, ResourceCapabilities, Choreography, Tropical, Epistemic, Echo, ModuleIsolation}.idr.

Rewrote claim 3's evidence sentence and the full file table to match reality, with each entry naming the actual load-bearing types from each file (Region.idr → Schema, sizeOf, alignOf; TypedAccess.idr → HostType, RegionPredicate; Levels.idr → Level1_InstructionValidity through Level10_Linear data types; etc.).

3. src/abi/Foreign.idr doesn't exist

EXPLAINME's file table claimed Foreign.idr provided "FFI declarations: C header generation from Idris2 ABI". The file doesn't exist (the FFI surface is ffi/zig/src/main.zig, hand-maintained per the comment in that file's header). Removed the stale row.

Drift-detection: claim-envelope §8

To prevent this class of drift recurring, tests/aspect/claim-envelope.mjs gets a new section 8 — "Path references in docs resolve to real files":

  • Scans README.adoc, ROADMAP.adoc, EXPLAINME.adoc, .claude/CLAUDE.md
  • Matches repo-relative path tokens with extensions: adoc/md/mjs/res/idr/zig/rs/ebnf/toml/ipkg
  • Allowlist: cross-repo paths (typedqliser/, affinescript/, ephapax/, standards/, hypatia/, typell/, vql-ut/, echidna/), templated paths ({{...}}), well-known non-repo paths (github.com, /home/runner/)
  • Skip filter: bare filenames without / (those are prose conventions like "see PROOF-NEEDS.md")
  • Prints every stale reference inline (not first-5-only) since rename drift is what reviewers must see in full

Section 8 now finds 31 path references across the 4 docs, all resolving. Before this PR's fixes: 7 stale (the EXPLAINME refs to old src/abi/ paths).

Verification

All test surfaces green after the changes:

Test Result
claim-envelope.mjs 53 passed, 0 failed, 0 skipped (was 52; +1 from new section 8)
property_test.mjs 29 passed, 0 failed, 0 skipped
security-envelope.mjs 10 passed, 0 failed, 0 skipped
regression.mjs 25 passed, 0 failed, 1 skipped (idris2 not on PATH)
smoke/e2e-smoke.mjs 40 passed, 0 failed
Structural E2E 53 passed, 0 failed, 1 skipped

Files changed

  • .claude/CLAUDE.md — spec path fix
  • EXPLAINME.adoc — spec path fix + claim 3 evidence rewrite + file table restructure
  • README.adoc — spec path fix in Quick Tour
  • ROADMAP.adoc — spec path fix in Current State
  • tests/aspect/claim-envelope.mjs — new section 8 (path-reference drift detection)

Closes Phase 0

This PR completes the ROADMAP truthfulness audit checklist item in #48. After it lands, Phase 0's housekeeping subsection is fully closed. Remaining Phase 0 items are Track A's multi-PR codegen pipeline work and Track B's cross-repo AffineScript migration — both outside what one session can ship.

Generated by Claude Code

@claude
docs+test: ROADMAP truthfulness audit fixes + drift-detection aspect
b06d093 
Phase 0 housekeeping. The 6-phase production path doc instructed a
ROADMAP truthfulness audit: every "DONE" claim verified against a
green CI run + every path reference verified against the filesystem.

Audit findings (fixed in this commit):

1. spec/10-levels-for-wasm.adoc → spec/type-safety-levels-for-wasm.adoc
   The file was renamed at some point but 5 callers still pointed at
   the old path: ROADMAP.adoc, README.adoc, EXPLAINME.adoc (twice),
   .claude/CLAUDE.md. All updated.

2. EXPLAINME.adoc described a pre-restructure Idris2 ABI architecture:
   listed Types.idr / Layout.idr / Access.idr / Effects.idr /
   Linearity.idr / Foreign.idr as the load-bearing proof modules.
   Actual structure is src/abi/TypedWasm/ABI/{Region, TypedAccess,
   Pointer, Levels, Effects, Lifetime, Linear, MultiModule, Layout,
   Proofs, SessionProtocol, ResourceCapabilities, Choreography,
   Tropical, Epistemic, Echo, ModuleIsolation}.idr. EXPLAINME's
   evidence sentence and full file table rewritten to match the real
   structure, with each entry naming the actual load-bearing types
   from each file.

3. EXPLAINME.adoc still referenced src/abi/Foreign.idr (a file that
   doesn't exist in the current tree). Removed.

To prevent this drift class going forward, claim-envelope.mjs gets a
new section 8 ("Path references in docs resolve to real files") that
scans README/ROADMAP/EXPLAINME/CLAUDE for repo-relative path tokens
(adoc/md/mjs/res/idr/zig/rs/ebnf/toml/ipkg extensions) and verifies
each resolves on disk. Filters: only paths with a `/` (bare filenames
are conventional prose references); cross-repo paths
(typedqliser/affinescript/ephapax/standards/hypatia/typell/vql-ut/
echidna) are allowlisted; templated paths ({{...}}) and well-known
non-repo paths (github.com, /home/runner/) are allowlisted.

Section 8 prints every stale reference inline (not just first-5)
because rename drift is the kind of thing reviewers must see in full.

Net: 53 claim-envelope assertions all pass; no regressions in other
test surfaces (property 29/0, security 10/0, proof 25/0/1skip, smoke
40/0, structural E2E 53/0/1skip).
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 24, 2026

🔍 Hypatia Security Scan

Findings: 96 issues detected

Severity Count
🔴 Critical 6
🟠 High 39
🟡 Medium 51

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action actions/upload-artifact@v4 needs attention",
    "type": "unpinned_action",
    "file": "release.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action actions/download-artifact@v4 needs attention",
    "type": "unpinned_action",
    "file": "release.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
    "type": "believe_me",
    "file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
    "type": "assert_total",
    "file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
    "type": "believe_me",
    "file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/Echo.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
    "type": "assert_total",
    "file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/Echo.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
    "type": "believe_me",
    "file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/ResourceCapabilities.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath merged commit 7084347 into main May 24, 2026
26 of 27 checks passed
@hyperpolymath hyperpolymath deleted the phase-0/housekeeping branch May 24, 2026 20:05
@hyperpolymath hyperpolymath mentioned this pull request May 25, 2026
Open
30 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude