verified-mutation-correctness-across-boundaries

OUT derived (depth 7)

Every mutation source produces fully correct persisted state that preserves boundary-agnostic integrity — not just safe operation, but verified output correctness across internal/external boundaries and all source types — only when implementation-level defects in propagation and budget allocation are resolved.

Summary

The system can guarantee that every way of changing data — whether from a human, an AI, or another agent — produces fully correct results regardless of where the change originates or crosses system boundaries, but only once known bugs in how changes propagate and how budgets are allocated get fixed. This is currently not held as true, meaning those implementation-level defects still block the jump from "mutations are safe and uniform" to "mutations are verified correct end-to-end."

Justifications

SL — safe+uniform operation and boundary-agnostic integrity together imply output correctness, but the agent count bug can misallocate LLM budgets and propagation's unchecked dependent access can crash mid-cascade

Antecedents (all must be IN):

  • all-mutation-sources-are-safe-and-uniform — Every belief modification path — human-initiated dialectical challenge/defend, LLM-derived proposals, and multi-agent import/sync — is simultaneously operationally safe (atomic, bounded, deterministic) and semantically uniform (same outlist/disjunction evaluation, same edge-case handling), with no source-specific exceptions or special-case machinery at any level.
  • integrity-is-boundary-and-source-agnostic — System integrity is enforced agnostically along two independent dimensions — across the internal/external boundary (local mutations vs. external ingestion) and across mutation sources (human dialectics, LLM derivation, agent import) — because the same atomic-deterministic pipeline processes all combinations without branching on origin or direction.

Unless (any of these IN defeats this justification):

  • derive-agent-count-bug — `_build_beliefs_section` has a bug: `count += len(belief_ids)` is inside the per-belief loop instead of outside it, inflating the count and shrinking the non-agent budget below intended size
  • propagate-assumes-dependents-exist — Every ID in `node.dependents` is accessed via `self.nodes[dep_id]` without a membership check; a dangling dependent reference will raise `KeyError` — this is intentional (broken invariant = bug)

Details