Campaign overview
Phase 3 of the proof-debt remediation arc kicks off the actual discharge work — converting OWED annotations into proven theorems. This is a multi-quarter campaign; this issue is the umbrella + sequencing tracker.
Phases 1 + 2 (Days 1-10) closed via PRs #76 + #77 (2026-05-27). Phase 2 Days 11-21 partially done — see Phase 2 tail status below.
Aggregate disposition (Tier A, ~209 sites)
| Disposition |
Sites |
% |
Effort |
| DISCHARGE |
~59 |
28% |
~30h |
| DISCHARGE-after-totality |
~7 |
3% |
gated on #80, #81 |
| PROPERTY-TEST |
~66 |
31% |
~22h |
| OWED-AXIOM (permanent or until Idris2 upgrade) |
~79 |
38% |
tracked separately |
DISCHARGE backlog concentration: SafeRegex (20) + SafeBase64 (10) + SafeEmail (10) = ~70% of total discharge work.
Recommended sequencing
- SafeUrl warm-up — 16 OWED sites in
src/Proven/SafeUrl/Proofs.idr. Lower-risk; mixed family. Use as gauge for Idris2 0.8.0 reducibility constraints.
- Tractable today:
addParamIncreasesCount (needs lengthSnoc : (xs : List a) -> (x : a) -> length (xs ++ [x]) = S (length xs) lemma + rewrite).
- Blocked on Idris2 0.9.0:
emptyBuilderEmpty (joinWith reduction), setGetIdentity (String equality).
- SafeRegex (20 sites) — largest single concentration. Discharge via Brzozowski derivative formalism (or property-test path if formal blocked).
- SafeBase64 (10 sites) — well-understood (fixed alphabet); high yield.
- SafeEmail (10 sites) — depends on SafeRegex landing.
Phase 2 tail (still NOT done)
Phase 3 work proceeds in parallel with Phase 2 tail (only DISCHARGE-after-totality slice is gated).
Discharge convention
Per Fork A convention (.machine_readable/6a2/META.a2ml ADR-001):
||| OWED: → ||| DISCHARGED: once theorem closes, OR||| OWED-AXIOM: for permanent obligations (external KDF, FFI opacity not in Idris2 reach)
Each discharge PR should:
- Convert ONE OWED → DISCHARGED (single-purpose, reviewable)
- Update
PROOF-NEEDS.md if relevant
- Include a
tests/properties/ smoke test where the theorem composes with existing checks
- GPG-sign + auto-merge per estate convention
Cross-references
Disambiguation
proven proof-debt is DISTINCT from:
ephapax formal/ (single judgment, Coq) — see ephapax CLAUDE.mdtyped-wasm post-A10 (L1-L15 lattice) — see project_typed_wasm_proof_debt_post_a10
No cross-references; fixes do not transfer.
Campaign overview
Phase 3 of the proof-debt remediation arc kicks off the actual discharge work — converting OWED annotations into proven theorems. This is a multi-quarter campaign; this issue is the umbrella + sequencing tracker.
Phases 1 + 2 (Days 1-10) closed via PRs #76 + #77 (2026-05-27). Phase 2 Days 11-21 partially done — see Phase 2 tail status below.
Aggregate disposition (Tier A, ~209 sites)
DISCHARGE backlog concentration: SafeRegex (20) + SafeBase64 (10) + SafeEmail (10) = ~70% of total discharge work.
Recommended sequencing
src/Proven/SafeUrl/Proofs.idr. Lower-risk; mixed family. Use as gauge for Idris2 0.8.0 reducibility constraints.addParamIncreasesCount(needslengthSnoc : (xs : List a) -> (x : a) -> length (xs ++ [x]) = S (length xs)lemma + rewrite).emptyBuilderEmpty(joinWith reduction),setGetIdentity(String equality).Phase 2 tail (still NOT done)
PROOF-NEEDS.mdPhase 3 work proceeds in parallel with Phase 2 tail (only DISCHARGE-after-totality slice is gated).
Discharge convention
Per Fork A convention (
.machine_readable/6a2/META.a2mlADR-001):||| OWED:→||| DISCHARGED:once theorem closes, OR||| OWED-AXIOM:for permanent obligations (external KDF, FFI opacity not in Idris2 reach)Each discharge PR should:
PROOF-NEEDS.mdif relevanttests/properties/smoke test where the theorem composes with existing checksCross-references
docs/proof-debt-triage.mddocs/proof-debt-triage-tier-a.mdPROOF-NEEDS.mdproject_proven_proof_debt_triage.mdDisambiguation
provenproof-debt is DISTINCT from:ephapaxformal/(single judgment, Coq) — see ephapaxCLAUDE.mdtyped-wasmpost-A10 (L1-L15 lattice) — seeproject_typed_wasm_proof_debt_post_a10No cross-references; fixes do not transfer.