proofs: db-theory carriers (#174, #176) + Veblen least-fixed-point rung#260
Merged
Conversation
…loses #174 SQL transaction rollback safety as a Security instance reducing to no-section-of-collapsing-map (affinescript db-theory #2 / #DB-2.1). A staged WriteSet is an affine resource; rollback collapses it to an information-free RollbackLog, so no pure function recovers the discarded writes from the receipt alone. - proofs/agda/EchoTransaction.agda: Mutation/WriteSet/RollbackLog/rollback, rollback-discards-writes (direct no-section), transaction-security (Security instance), rollback-no-recovery (via the abstract theorem), honest matched-negative block (NOT durability/isolation/commit-dual/ savepoint/runtime-memory). - Wired into All.agda; headlines pinned in Smoke.agda. - Classified in echo-kernel-note.adoc + MAP.adoc (kernel-guard Check B). --safe --without-K, zero postulates. All.agda + Smoke.agda exit 0; kernel-guard PASS. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
…loses #176 Relational-algebra selection/projection commutativity (Codd, subset case) as an Echo-fibre set-equality (affinescript db-theory #4). For a column-safe predicate (p factors through the projection as q), σ_p and π_S commute: ProjectSelect s ⇔ SelectProject s at every projected value. A predicate reading a projected-away column admits no column-restricted lift (no-column-safe-lift) — the non-commuting counterexample. - proofs/agda/EchoSelectiveProjection.agda: local _⇔_ (set-equality level), SelectiveProjection record (column-safe factoring), select-project-commute (K-free via refl-matching the fibre witness), column-safe-example instance, no-column-safe-lift counterexample. - Wired into All.agda; headlines pinned in Smoke.agda. - Classified in echo-kernel-note.adoc + MAP.adoc (kernel-guard Check B). --safe --without-K, zero postulates. All.agda + Smoke.agda exit 0; kernel-guard PASS. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
…); reverse-Γ₀ reduced
The generic Veblen fixed-point engine was proved correct (nextFix g x is
*a* fixed point above x) but not minimal. nextFix-least closes that: for
monotone g, nextFix g x is the LEAST pre-fixed point of g strictly above
x. As payoff, Γ₀-fixed-from-closure reduces the open reverse direction
φ_Γ₀(0) ≤′ Γ₀ to a single closure obligation
(commonStep (n ↦ φ_{Γ-tower n}) Γ₀ ≤′ Γ₀); with VeblenBinaryMono.Γ₀-prefixed
that closure yields the full bi-≤′ fixed point Γ₀ ≃ φ_Γ₀(0).
- proofs/agda/Ordinal/Brouwer/VeblenBinaryLeast.agda: nextFix-least
(tower induction against a pre-fixed point) + Γ₀-fixed-from-closure
(reduction via nextFix-least at x=oz, z=Γ₀).
- Wired into All.agda; headlines pinned in Smoke.agda.
Honest scope: nextFix-least is unconditional; Γ₀-fixed-from-closure is
conditional on the still-open closure (needs general first-arg
monotonicity). Order-type fidelity ψ₀(Ω_ω) REMAINS OPEN (D-2026-06-14).
--safe --without-K, zero postulates. All.agda + Smoke.agda exit 0;
kernel-guard PASS.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
🔍 Hypatia Security ScanFindings: 6 issues detected
View findings[
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/echo-types/echo-types",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Nominal-only SAST in echo-types: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
"type": "StaticAnalysis",
"file": "/home/runner/work/echo-types/echo-types",
"action": "auto_fix",
"rule_module": "scorecard",
"severity": "medium",
"remediation": "Add CodeQL or equivalent SAST workflow.",
"scorecard_check": "SAST"
},
{
"reason": "Repository has 8 non-main remote branch(es). Policy: single main branch only.",
"type": "GS007",
"file": ".",
"action": "delete_remote_branches",
"rule_module": "git_state",
"severity": "medium"
},
{
"reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 18 day(s) old [STALE]",
"type": "CSA001",
"file": ".github/workflows/scorecard.yml",
"action": "escalate",
"rule_module": "code_scanning_alerts",
"severity": "high"
},
{
"reason": "Code-scanning alert TokenPermissionsID (high) at .github/workflows/scorecard.yml is 18 days old (threshold: 7 days) -- overdue for remediation",
"type": "CSA003",
"file": ".github/workflows/scorecard.yml",
"action": "escalate",
"rule_module": "code_scanning_alerts",
"severity": "high"
},
{
"reason": "Code-scanning alert hypatia/code_safety/agda_postulate dismissed as 'false positive' -- ensure dismissal is documented and justified",
"type": "CSA004",
"file": "proofs/agda/EchoImageFactorizationPropPostulated.agda",
"action": "review",
"rule_module": "code_scanning_alerts",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three verified proof rungs (all
--safe --without-K, zero postulates;All.agda+Smoke.agdaexit 0;kernel-guardPASS).db-theory consumer carriers
EchoTransaction: SQL transaction rollback safety as aSecurityinstance reducing tono-section-of-collapsing-map. A stagedWriteSetis an affine resource;rollbackcollapses it to an information-freeRollbackLog, so no pure function recovers the discarded writes (#DB-2.1). Honest matched-negatives (NOT durability / isolation / commit-dual / savepoint / runtime-memory).EchoSelectiveProjection: relational-algebra σ–π commutativity (Codd, subset case) as an Echo-fibre set-equality (_⇔_of the two result relations per projected value).select-project-commute(column-safe ⇒ commute) +no-column-safe-lift(a projected-away-column predicate admits no column-restricted lift ⇒ σ/π don't commute). The issue's↔/p (proj₁ e)sketch is corrected to the honest_⇔_set-equality level.Ordinal track — Bachmann–Howard climb, rung 7
Ordinal.Brouwer.VeblenBinaryLeast:nextFix-least— the generic Veblen fixed-point engine is minimal (nextFix g xis the LEAST pre-fixed point ofgstrictly abovex), the missing half of its correctness (the engine already had "is a fixed point" + "above x"). Payoff:Γ₀-fixed-from-closurereduces the open reverse directionφ_Γ₀(0) ≤′ Γ₀to a single closure obligationcommonStep (n ↦ φ_{Γ-tower n}) Γ₀ ≤′ Γ₀; combined withVeblenBinaryMono.Γ₀-prefixed(the≤′direction) that closure would yield the full bi-≤′fixed pointΓ₀ ≃ φ_Γ₀(0).Honest scope
nextFix-leastis unconditional.Γ₀-fixed-from-closureis conditional — it does not proveφ_Γ₀(0) ≤′ Γ₀, it reduces it to the still-open closure (needs general first-argument monotonicity / closure-from-above). Order-type fidelity ψ₀(Ω_ω) REMAINS OPEN (D-2026-06-14); no postulate is closed. (Note: #175, general aggregation, was found already landed upstream asEchoAggregation.)Wiring / discipline
All three modules wired into
All.agdaand headline-pinned inSmoke.agda; the twoEcho*modules classified inecho-kernel-note.adoc+MAP.adoc(kernel-guard Check B). Toolchain provisioned viascripts/provision-agda.sh(Agda 2.6.3 + stdlib 2.3 + absolute-zero); baselineAll.agdaconfirmed green before and after.🤖 Generated with Claude Code
https://claude.ai/code/session_019GiSiEfgZCte35dyykgBHs
Generated by Claude Code