feat: EchoResidueCell — Agda mirror of 007's Holding/Spent once-only discipline#250
Merged
Conversation
…discipline New `proofs/agda/EchoResidueCell.agda`: the Agda shadow of 007's `ResidueCell` (`proofs/idris2/EchoResidueLinear.idr`), the operational once-only half that `EchoReversibilityBridge` deferred as "runtime Holding/Spent bookkeeping". Under `--safe --without-K` the linear `(1 e)` quantity is unavailable, so once-only is enforced via the STATE MACHINE instead: - `ResidueCell f y = holding (Echo f y) | spent` - `takeForReverse : ResidueCell f y → Maybe A` (= the Idris partial form) - `consume` : Holding → Spent - `holding-reverses` / `spent-does-not-reverse` (↔ Idris `holdingReverses` / `spentDoesNotReverse`) - `once-only : takeForReverse (consume c) ≡ nothing` — the headline: after a reverse the cell is Spent, so a residue replays AT MOST ONCE. Honest scope: captures the once-PER-CELL discipline. Linear NON-DUPLICATION (nothing stops copying a `holding` cell) needs `@0`-style erasure and remains the documented next slice. `--safe --without-K`, zero postulates. Wired into All.agda, 7 headlines pinned in Smoke.agda, classified in echo-kernel-note.adoc + MAP.adoc (kernel-guard PASS). EchoResidueCell + Smoke.agda + All.agda all exit 0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_018CaSgNjNURC7ocsyjYh9We
🔍 Hypatia Security ScanFindings: 6 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Nominal-only SAST in echo-types: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
"type": "StaticAnalysis",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Add CodeQL or equivalent SAST workflow.",
"scorecard_check": "SAST"
},
{
"reason": "Repository has 6 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
},
{
"reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 18 day(s) old [STALE]",
"type": "CSA001",
"file": ".github/workflows/scorecard.yml",
"action": "escalate",
"rule_module": "code_scanning_alerts",
"severity": "high"
},
{
"reason": "Code-scanning alert TokenPermissionsID (high) at .github/workflows/scorecard.yml is 18 days old (threshold: 7 days) -- overdue for remediation",
"type": "CSA003",
"file": ".github/workflows/scorecard.yml",
"action": "escalate",
"rule_module": "code_scanning_alerts",
"severity": "high"
},
{
"reason": "Code-scanning alert hypatia/code_safety/agda_postulate dismissed as 'false positive' -- ensure dismissal is documented and justified",
"type": "CSA004",
"file": "proofs/agda/EchoImageFactorizationPropPostulated.agda",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
pushed a commit
that referenced
this pull request
Jun 21, 2026
…rdinal-contradiction flag Catches the machine ledger up to the gap-closing proofs that landed without an arc (#249 EchoReversibilityBridge, #250 EchoResidueCell, #251/#254 EchoSearch decidable+product, #252 EchoApprox Lipschitz, #257 EchoLLEncoding universal gap, #258 proof-debt variance refresh), records the cross-repo (echo-types + 007) docs-completeness audit, and flags one unresolved owner decision: main carries ordinal BH climb rungs 7 & 8 (f89a3aa, a096764) dated 2026-06-21 — the same day as the D-2026-06-21 retirement — contradicting the retirement banner. The two ordinal wiki files are deliberately left un-fixed pending that reconciliation. Disposition: both repos clean/verified, push-nothing-else. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_018CaSgNjNURC7ocsyjYh9We
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
A new module
proofs/agda/EchoResidueCell.agda— the Agda mirror of 007'sResidueCell(Holding/Spent) once-only reversal discipline, the operational half thatEchoReversibilityBridge(#249) deferred as "runtime bookkeeping".007's Idris2 spec (
EchoResidueLinear.idr) enforces once-only via the linear quantity(1 e : Echo f y). Agda has no such quantity under--safe, so this module enforces it via the state machine instead — which is exactly how 007's runtime (the rung-3b residue cell) does it.The mirror
EchoResidueLinear.idrResidueCell f y = holding (Echo f y) | spentdata ResidueCell … = Holding (1 e) | SpenttakeForReverse : ResidueCell f y → Maybe AtakeForReverse … : Maybe aconsume : ResidueCell f y → ResidueCell f y(Holding→Spent)reverseholding-reversesholdingReversesspent-does-not-reversespentDoesNotReverseonce-only—takeForReverse (consume c) ≡ nothing(1 e)linear-consumption guaranteeonce-onlyis the headline: afterconsume, a residue replays at most once — the state-machine form of linear consumption, and the operational content of 007's cross-handler once-only property that the rung-3b static check could only approximate by presence. All proofs arerefl(definitional).Honest scope
Captures the once-per-cell discipline. It does not model linear NON-DUPLICATION (nothing stops a caller copying a
holdingcell before consuming) — that needs the(1 e)quantity / an@0-style erasure encoding, and remains the documented next slice. Stated explicitly in the module preamble and the MAP.adoc scope note.Discipline
--safe --without-K, zero postulates, no funext.All.agda(next toEchoReversibilityBridge); 7 headlines pinned inSmoke.agda.echo-kernel-note.adoc(Tier 2) +MAP.adoc(the 007-bridge section) —sh scripts/kernel-guard.shPASS (applying the lesson from feat: EchoReversibilityBridge — discharge 007 L10 reversibility obligations #249).main:EchoResidueCell.agda,Smoke.agda, andAll.agdaallagda --safe --without-Kexit 0 (captured locally).🤖 Generated with Claude Code
https://claude.ai/code/session_018CaSgNjNURC7ocsyjYh9We
Generated by Claude Code