src/abi/Types.idr(232 lines) — Configuration flow typessrc/abi/Layout.idr(177 lines) — Memory layoutsrc/abi/Foreign.idr(217 lines) — FFI declarations- No dangerous patterns in ABI layer
- Claims: "type-safe", "memory-safe" (Rust)
- Configuration DAG acyclicity: Prove the configuration dependency graph is always a DAG (no circular dependencies that cause infinite loops)
- Merge conflict resolution determinism: Prove that configuration merges produce deterministic results regardless of evaluation order
- Rollback safety: Prove that configuration rollback restores the exact previous state (no partial rollback)
- Schema validation completeness: Prove that all configuration values passing validation conform to their declared schema (no type confusion)
- Idris2 — Dependent types naturally express DAG properties and schema conformance; already used for ABI
- MEDIUM — Configuration errors can cascade to downstream services. The type-safety claim should be backed by proofs, especially for merge determinism and rollback correctness.
Template ABI removed -- was creating false impression of formal verification. The removed files (Types.idr, Layout.idr, Foreign.idr) contained only RSR template scaffolding with unresolved {{PROJECT}}/{{AUTHOR}} placeholders and no domain-specific proofs.