Skip to content

ABI Layer 5: end-to-end soundness capstone certificate#178

Merged
hyperpolymath merged 4 commits into
mainfrom
claude/new-session-znxgm7
Jun 28, 2026
Merged

ABI Layer 5: end-to-end soundness capstone certificate#178
hyperpolymath merged 4 commits into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Layer 5 (the capstone, completing the 5-layer proof track): a new Verisimiser.ABI.Capstone module importing every prior layer and assembling a single inhabited ABISound certificate (abiContractDischarged) from the real exported witnesses of the flagship property (L2 Octad bijection), the deeper invariant (L3 compositional sidecar isolation), and the FFI-seam injectivity (L4). One end-to-end soundness statement.

Genuine composition only — reuses real exported names.

Testing

Idris2 0.7.0 --build → exit 0, zero warnings. Adversarial: a bogus-field certificate was rejected. build/ removed. No believe_me/postulate/sorry.

🤖 Generated with Claude Code

https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx


Generated by Claude Code

claude added 3 commits June 27, 2026 22:29
Add Verisimiser.ABI.Invariants, a second, deeper machine-checked theorem
over the existing Octad model (distinct from the Layer-2 Octad<->Fin 8
bijection). Models the write effect of an augmentation *pipeline* as a join
over a two-point lattice (ReadOnly <= Writes, Writes absorbing) and proves:

- effectHomomorphism: pipelineEffect is a monoid homomorphism from list
  append to joinE (with joinAssoc / identity laws).
- tier1PipelineReadOnly (CLOSURE): any pipeline of only Tier-1 dimensions is
  read-only -- isolation is preserved under composition (reuses Layer-2
  tier1NeverWritesTarget).
- writerContaminates (CONTAMINATION) + appendMonotone (MONOTONICITY): one
  target-writing step taints the whole pipeline.
- decReadOnly: sound + complete decision procedure.
- Positive control (readPathIsReadOnly) + negative controls
  (overlayNotReadOnly, decOverlayIsNo, effectsDistinct).

No believe_me/postulate/assert_total/etc. Builds with zero warnings;
adversarial false-proof rejected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Prove the FFI result-code encoding is SOUND, not just structurally
name/value-matched by scripts/abi-ffi-gate.py:

- intToResult decoder + resultRoundTrip: resultToInt is faithful/lossless
  (every Result round-trips back from its C integer).
- resultToIntInjective: DERIVED from the round-trip via cong + justInj
  (distinct ABI outcomes never collide on the wire).
- Positive controls (decode 0/7/99 by Refl) and a machine-checked
  non-vacuity control (Ok and Error encode to distinct ints).
- (c) Same injectivity for every other FFI enum encoder in Types:
  octadToInt, backendToInt, provenanceOpToInt, driftToInt,
  accessPolicyToInt (no ProofStatus/statusToInt in this repo).

Genuine total proof: no believe_me/postulate/assert_total/etc.
Builds clean (idris2 0.7.0, 0 warnings); false seam claims rejected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Assemble the existing per-layer proofs into one inhabited certificate value
in Verisimiser.ABI.Capstone:

- ABISound record: one field per discharged layer
  * flagship octad bijection (Layer-2 Octad.idr): octadFinInverseL/R
  * compositional sidecar-isolation invariant (Layer-3 Invariants.idr):
    readPathIsReadOnly on the canonical positive-control pipeline
  * FFI-seam injectivity (Layer-4 FfiSeam.idr): resultToIntInjective
- abiContractDischarged : ABISound, built solely from real exported witnesses.
  Typechecks iff every prior layer remains sound; a false field (e.g. claiming
  the overlay pipeline is read-only) is rejected by the type checker.

Pure composition: no believe_me/postulate/assert/idris_crash. %default total,
zero build warnings.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
@hyperpolymath hyperpolymath marked this pull request as ready for review June 28, 2026 07:25
Signed-off-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>
@hyperpolymath hyperpolymath merged commit ce26ae4 into main Jun 28, 2026
7 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 28, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants