Skip to content

ci(idris): add fast proof-check gate over all Proofs.idr (#145)#147

Open
hyperpolymath wants to merge 1 commit into
mainfrom
ci/idris-proof-gate-145
Open

ci(idris): add fast proof-check gate over all Proofs.idr (#145)#147
hyperpolymath wants to merge 1 commit into
mainfrom
ci/idris-proof-gate-145

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 31, 2026

Summary

Addresses the source-fixable half of #145. Adds a dedicated proof-check job to idris2-ci.yml that type-checks every src/**/Proofs.idr (glob-discovered, so new proof files are auto-covered) with idris2 -p contrib -p network --check, running in parallel with the slow full build.

Why

#127's swapped-arg appendLengthInc (lengthSnoc arr v — but contrib lengthSnoc is element-first) failed to type-check and blocked the entire SafeJson.Proofs module, yet reached main. Two gaps let it through:

  1. The only job compiling proof modules was the full idris2 --build proven.ipkg (~12-20 min warm) — manual merges routinely outrace it while it sits queued.
  2. The explicit per-module --check list in idris2-ci.yml covered zero Proofs.idr files — exactly the modules the Phase-3 discharge campaign edits each PR.

What it does

  • New proof-check job: globs find src -name 'Proofs.idr', checks each, emits ::error file=…:: annotations, fails if any fail.
  • Caches only the Idris2 compiler; never idris2 --install proven.ipkg, never caches build/ — so a stale cache cannot mask a source-level break.
  • Documents the decision as ADR-004 in META.a2ml.

Remaining (admin, tracked in #145)

This job is necessary but not sufficient. Closing the gate needs proof-check made a required status check on main via branch protection — only the repo admin can toggle that. Until then, "merged" still doesn't imply "CI passed" under the solo-admin-merge posture.

Verification

  • Both files parse (yaml.safe_load → jobs build, proof-check, docs; tomllib → ADR-001..004).
  • The Proofs.idr check loop was validated locally on a clean idris2-0.8.0 + contrib install (SafeJson/SafeMath/SafeString proof cones, 0 errors).
  • This PR touches idris2-ci.yml, which is in the CI path filter — so the new proof-check job runs on this PR and proves itself before merge.

Refs #145, #144, #127.

Generated by Claude Code

@claude
ci(idris): add fast proof-check gate over all Proofs.idr (#145)
f679205 
Adds a dedicated `proof-check` job to idris2-ci.yml that type-checks every
src/**/Proofs.idr (glob-discovered) with `idris2 -p contrib -p network
--check`, in parallel with the slow full `build`.

Closes the gap that let #127's swapped-arg `appendLengthInc` reach main:
the full build was too slow to gate (merges outraced it while queued), and
the explicit per-module --check list covered ZERO Proofs.idr files — exactly
the modules the discharge campaign edits each PR.

The job never installs proven and never caches build/, so a stale cache
cannot mask a source-level break. Documents the decision as ADR-004; the
remaining step (make proof-check a REQUIRED status check via branch
protection) is an admin action tracked in #145.

Refs #145, #144, #127.

https://claude.ai/code/session_01MN5vzRR4MK2dkDNaHqqRDy
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 31, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@hyperpolymath hyperpolymath marked this pull request as ready for review May 31, 2026 07:13
@hyperpolymath hyperpolymath enabled auto-merge (squash) May 31, 2026 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude