formal: prove P1 signed-object contracts#233
Draft
hartsock wants to merge 6 commits into
Draft
Conversation
Pin the Lean project, encode the v1 hash/signature/codec profile, and prove canonical byte identity for sealed values through an explicit injective encoding contract. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Index verified envelopes by their exact received bytes, reject unsupported versions and critical fields, and require profile witnesses before hash, signature, or codec dispatch. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Mirror the pinned Lake build across a dedicated GitHub Actions matrix, the pre-push hook, and a native-PowerShell-compatible just recipe. Treat Lean warnings as errors so proof placeholders cannot pass. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Bind decoded envelopes to exact received bytes, make universal signature domains structural, require CID and signature binding assumptions, keep verified constructors private, and reject proof escapes or omitted Lean modules across the whole formal project. Add mocked mutation tests for body, CID, record, store, thread, signer, codec, signature, profile algorithms, version, and critical fields. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Mark the rebased, independently reviewed P1 implementation and stacked PR creation steps complete. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Run the post-action formal gate through Bash with elan's explicit user-bin path because lean-action does not persist lake onto the following Windows PowerShell step. Co-Authored-By: OpenAI GPT-5 <codex@openai.com>
Member
Author
|
Integrated into #238 (Phase-1 formal foundation): your P1 signed-object Lean contracts ( |
hartsock
added a commit
that referenced
this pull request
Jul 17, 2026
…rity-kernel formal(phase1): unify P0 authority + P1 signed-object Lean project + CI gate (integrates #233)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
VerifiedEnvelopeandSealedconstructors private, requiresTrustedProfilefor verification and hash dispatch, and proves v1 dispatch cannot reach SHA-1.Authored by OpenAI GPT-5 in the Codex desktop harness on Windows.
Test plan
just check-formal- passed; 8 Lake jobs plus the all-source proof/import gate.VerifiedEnvelope.verifiedorSealed.sealed.cargo fmt --all -- --check- passed.actionlint .github/workflows/formal.yml- passed with actionlint 1.7.12.just check-windows- passed: 94 core tests, shell engines, launcher, and AppContainer filesystem/exec/network kernel proofs.just publish-check- passed.just check- blocked by unchanged parent no-default Clippy warnings: unusedToolimport andctxhelper inagent-bridle-tool-shell/tests/unbridle.rs. Normal push reproduced this before the author's previously approved--no-verifyfallback was used.All P1 tests are deterministic and fully mocked; no live service is used.
Out of scope
Stacked on #232; derives from #229 at
9e7a245.