full-system-integrity-is-gap-free
OUT derived (depth 4)
The system achieves gap-free integrity — enforced across all architectural layers, lifecycle states, and mutation paths — only when the dependents reverse index is reliably maintained and propagation handles dangling references gracefully.
Summary
The system can only claim complete, gap-free integrity if the reverse index tracking which beliefs depend on which is kept accurate and if the propagation logic handles missing or broken references without crashing or corrupting state. This claim is currently not supported, meaning there is a recognized gap in one of those areas that prevents full integrity from being assured.
Justifications
SL — depth-4 gate — both antecedents implicitly assume a well-formed dependents graph; the fragile denormalization and unchecked lookup are the two known gaps that could break this assumption
Antecedents (all must be IN):
- integrity-enforced-across-architecture-and-lifecycle — Integrity is enforced along two orthogonal dimensions: vertically across architectural layers (clean data-model/TMS/persistence boundaries with snapshot persistence and CI gating) and horizontally across node lifecycle states (staleness checking skips OUT nodes without mutating, propagation skips retracted nodes while preserving them for restoration).
- mutations-are-atomic-and-safely-propagated — Every network mutation follows an end-to-end safety pipeline: API context management ensures atomic load/save with write-flag gating, truth propagation terminates deterministically with lifecycle-aware BFS traversal, and snapshot persistence captures the final consistent state — no mutation can produce an inconsistent or divergent network.
Unless (any of these IN defeats this justification):
- dependents-index-is-fragile-denormalization — The dependents set is a manually-maintained denormalized reverse index that is never persisted and must be rebuilt on every load, creating a consistency obligation on all mutation paths
- propagate-assumes-dependents-exist — Every ID in `node.dependents` is accessed via `self.nodes[dep_id]` without a membership check; a dangling dependent reference will raise `KeyError` — this is intentional (broken invariant = bug)