Skip to content

ABI Layer 5: end-to-end soundness capstone certificate#49

Merged
hyperpolymath merged 6 commits into
mainfrom
claude/new-session-znxgm7
Jun 28, 2026
Merged

ABI Layer 5: end-to-end soundness capstone certificate#49
hyperpolymath merged 6 commits into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Layer 5 (the capstone, completing the 5-layer proof track): a new *.ABI.Capstone module importing every prior layer and assembling a single inhabited ABISound certificate (abiContractDischarged) from the real exported witnesses of the flagship property (L2 contract validation), the deeper invariant (L3 conjunction law), and the FFI-seam injectivity (L4). One end-to-end soundness statement.

Genuine composition only — reuses real exported names.

Testing

Idris2 0.7.0 --build → exit 0, zero warnings. Adversarial: a bogus-field certificate was rejected. build/ removed. No believe_me/postulate/sorry.

🤖 Generated with Claude Code

https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx


Generated by Claude Code

claude and others added 6 commits June 27, 2026 19:41
New module K9iser.ABI.Semantics proves the repo's headline property
("Wrap configs into self-validating K9 contracts"): a config that
SATISFIES a "must"-contract (a required key present whose value lies
within an inclusive numeric range) provably validates, and a config that
VIOLATES it (missing key OR out-of-range value) provably does not.

- Faithful model: Config = assoc list (Key, Nat); Contract = key + [lo,hi].
- Headline proposition `Validates c cfg` has constructors only for the
  satisfying case (resolver equation + InRange via propositional LTE);
  no constructor exists for a missing key or out-of-range value.
- Sound + complete `decValidates : Dec (Validates c cfg)` and `decInRange`.
- Certifier `certify` into the ABI Result code, with `certifySound` and
  `certifyComplete`.
- Positive control `goodValidates` (replicas=5 in [1,10]) and two negative
  controls: `badRangeNotValidates` (replicas=0) and `missingNotValidates`.

ABI builds clean (exit 0, zero warnings). A deliberately false witness
for the out-of-range config is rejected by idris2 (non-vacuity verified).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Add a second, deeper machine-checked theorem over the existing Layer-2
Semantics model, raising the Idris2 ABI to Layer 3. Proves how config
validation behaves under CONJUNCTION of K9 contracts, distinct from the
Layer-2 single-contract soundness/completeness:

- ValidatesBoth / ValidatesAll: binary and n-ary conjunction over the
  existing Validates proposition.
- validatesAndIff / validatesAllConsIff: decomposition isomorphisms
  (real witness round-trips, = Refl).
- validatesBothSym: commutativity of conjunction.
- decValidatesAll: sound + complete decision, built compositionally
  from the Layer-2 decValidates.
- validatesAllAppend{Fwd,Bwd}: distribution of conjunction over list
  append (induction on the bundle).
- validatesAllWeaken: monotonicity / downward-closure.
- certifyAll{,Sound,Complete}: certifier into the ABI Result code.
- Positive controls (twoValidatesBoth / twoValidatesBundle) and
  negative / non-vacuity controls (mixedNotBoth / mixedNotBundle),
  all machine-checked; resolver equations proved via resolveHead /
  resolveSkip lemmas (String decEq does not reduce definitionally).

No believe_me / postulate / assert_total / sorry. %default total.
Registered last in k9iser-abi.ipkg. Clean build, zero warnings;
a deliberately-false ValidatesAll over the out-of-range config is
rejected by the type checker (non-vacuity confirmed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Prove resultToInt is a sound wire encoding: a faithful decoder
intToResult with resultRoundTrip (lossless), injectivity derived
from the round-trip, positive decode controls, and a machine-checked
non-vacuity control (distinct codes have distinct ints).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Assemble the prior proof layers into a single inhabited certificate
value, K9iser.ABI.Capstone.abiContractDischarged : ABISound, tying
manifest -> flagship (Layer 2 goodValidates) -> deeper invariant
(Layer 3 twoValidatesBundle) -> FFI seam (Layer 4 resultToIntInjective)
into one end-to-end soundness statement. Built purely from existing
exported witnesses; no new domain theorem, no escape hatches.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Signed-off-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>
@hyperpolymath hyperpolymath marked this pull request as ready for review June 28, 2026 07:24
@hyperpolymath hyperpolymath merged commit e2f0d85 into main Jun 28, 2026
7 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 28, 2026 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants