proof(abi): discharge witness-discarding attestations + reconcile standards#130#33
Merged
hyperpolymath merged 1 commit intoMay 19, 2026
Conversation
standards#130 claimed "5 believe_me + 5 assert_total + 5 partial" in the typed-wasm ABI surface. Comprehensive re-grep over all 21 .idr files finds ZERO trust escapes of any kind (only "NO believe_me" banner comments) — a survey-agent over-report. Verified by clean Idris2 0.8.0 build of typed-wasm.ipkg: rc=0, 0 errors, 21/21 TTC, %default total throughout. The genuine residual debt is the one PROOF-NEEDS.md §P1 names: the 15 `attestLN_*` functions required a witness in their type then discarded it (`_ = MkAttestation N Proven`), so a reviewer asking "where is the theorem?" had nothing to point at. This adds Proofs.idr §A9: an `attestLN_Sound` theorem per level that cannot be invoked without the exact witness type and proves `LevelAchievedIn N [attestLN witness]` — the missing witness ⟹ certificate-claims-level bridge for all 15 levels. Purely additive (no existing definition touched → no prior proof can regress); verified by the same rc=0 build. PROOF-NEEDS.md gets a 2026-05-18 reconciliation banner (2026-04-13 inventory retained as superseded history). Stronger "attestation entails the level's semantic property" (needs LevelAttestation reindexed by witness) remains tracked future work. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#130 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 25 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/setup-node@v4 needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/setup-node@v4 needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
"type": "assert_total",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/Echo.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Routed from estate proof-debt epic hyperpolymath/standards#124, sub-issue #130 (typed-wasm, P1).
Reconciliation (epic mandate: reconcile PROOF-NEEDS vs ground truth in same pass)
standards#130 claimed "5
believe_me+ 5assert_total+ 5partial" and that an agent "called it fully real; it is not."Refuted by ground truth. Comprehensive re-grep over all 21
.idrfiles forbelieve_me,really_believe_me,assert_total,assert_smaller,postulate,idris_crash,prim__crash,%default partial,Admitted,sorry,unsafePerformIO,assert_linear→ zero in code (only inside "NO believe_me" banner comments). This is the survey-agent over-report mode the epic warns about (inverse of under-report). The repo's own PROOF-NEEDS.md (2026-04-13) already said zero; commite4253f0had removed the last (Epistemic).Verified build —
typed-wasm.ipkg, Idris2 0.8.0:rc=0, 0 errors, 21/21 modules → TTC,%default totalin all 21. 11 warnings, all one cosmetic kind (lowercase implicit-bind shadowing). The 2026-04-13 "Tropical/Epistemic draft-only, standalone-check-fails" item is resolved (both in ipkg, build clean).Genuine residual debt — discharged
The real defect is the one PROOF-NEEDS.md §P1 names: 15
attestLN_*functions required a witness in their type then discarded it (_ = MkAttestation N Proven) — "where is the theorem?" had no answer.Proofs.idr §A9 adds an
attestLN_Soundtheorem for all 15 levels: each cannot be invoked without the exact witness type and provesLevelAchievedIn N [attestLN witness]— the missing witness ⟹ certificate-claims-level bridge. Purely additive (no existing definition touched → no prior proof can regress); verified by the same cleanrc=0build. Consistent with the file's own A8 reframing precedent.Stronger "attestation entails the level's semantic property" (needs
LevelAttestationreindexed by witness) remains honestly scoped as tracked future work.PROOF-NEEDS.md gets a 2026-05-18 reconciliation banner; the 2026-04-13 inventory is retained as superseded history.
Refs hyperpolymath/standards#124
Refs hyperpolymath/standards#130
Joint-close only on explicit agreement per epic convention — this PR does not
Closeeither issue.🤖 Generated with Claude Code