architecture-safety
131 beliefs (43 IN, 88 OUT)
The architecture-safety topic captures how the reasons system prevents corruption and maintains consistency across its entire operation. At its foundation, the architecture enforces safety along two independent dimensions: structurally, the central network dependency (network-is-central-dependency) is contained within clean three-layer boundaries that prevent cross-layer corruption (central-dependency-is-safely-contained), and operationally, every mutation path uses atomic isolated transactions (architecture-enforces-structural-and-operational-safety). The system is also externally self-contained with zero runtime dependencies, meaning it neither imports external risk nor allows internal complexity to leak across layers (architecture-is-self-contained-and-safely-layered). These guarantees hold uniformly across both SQLite and PostgreSQL backends (safety-is-enforced-across-all-layers-and-backends).
A significant thread within this topic establishes that many desirable properties emerge from shared minimal foundations rather than independent engineering. Completeness, determinism, and minimality are shown to be co-derived from the same primitives (completeness-determinism-and-minimality-are-unified), with evaluation purity serving as the concrete computational property that makes this unification possible (evaluation-purity-enables-complete-minimal-architecture). Edge-case uniformity and semantic coverage flow from minimality as well (edge-case-uniformity-follows-from-minimality). Rich lifecycle governance, which extends beyond binary IN/OUT truth to metadata like retraction reasons and staleness tracking, inherits its determinism from this same minimal root (rich-governance-inherits-minimality-completeness-determinism-unity) and is shown to be exception-safe (rich-governance-is-exception-safe), backend-portable (rich-governance-spans-all-backends), and topology-complete in its state transitions (rich-governance-encompasses-topology-complete-transitions).
A notable cluster of IN beliefs documents the specific handling of dangling dependent references, a concrete safety mechanism where propagation skips missing nodes with structured warnings rather than crashing (dangling-dependent-guard-skips-missing-nodes, dangling-guard-is-continue-not-raise). The changed and visited sets explicitly exclude ghost IDs (dangling-ids-excluded-from-changed, dangling-ids-excluded-from-visited), and the warning log schema is stable and tested (warning-log-schema-stable). These concrete mechanisms support the broader claim that the TMS core is crash-safe (tms-core-is-crash-safe) and handles all conditions including contradictions safely (tms-handles-all-conditions-safely). Several open audit issues remain tracked as premises: evolution tolerance at boundaries (issue-121-evolution-tolerance-audit), review fault tolerance (issue-122-review-fault-tolerance-audit), resource footprint (issue-123-resource-footprint-audit), and reference validation coverage (issue-126-reference-validation-audit).
The most striking feature of this topic is the large number of OUT beliefs, which represent a major retraction cascade. Nearly all of the grand unifying claims have been retracted: assertions that the system has no hidden fragility (architecture-has-no-hidden-fragility), that operational integrity survives all graph states (operational-integrity-survives-all-graph-states), that the system is production-ready (complete-unified-system-is-production-ready), and that invariant preservation is total and self-sustaining (invariant-preservation-is-total-and-self-sustaining) are all OUT. This pattern suggests that while the concrete architectural mechanisms and their individual properties remain well-established, the ambitious synthesized claims that composed these properties into sweeping guarantees were found to overreach, likely because the open audit issues and known defects in propagation and budget allocation undermine the universal coverage those claims asserted. The surviving IN beliefs form a solid but more modest picture: the architecture is well-layered, minimal, deterministic, and handles known failure modes gracefully, but it does not yet warrant claims of gap-free or total safety across every dimension.
-
OUT
all-belief-inspection-is-non-mutating-and-fault-tolerant
All belief inspection operations — quality review (read-only with fault-tolerant batch handling), staleness checking (conservative non-mutating CI gate), and negative classification (defensively bounded with graceful degradation) — are uniformly non-mutating and fault-tolerant, ensuring observation never perturbs the observed system. -
IN
all-exceptions-are-safely-handled
The system handles both automated exceptions (contradictions triggering dependency-directed backtracking) and manual challenges (irreversible premise-to-justified transformation via dialectics) safely — exceptional conditions from any origin reach correct truth states through deterministic propagation, and no exception pathway corrupts network consistency. -
OUT
all-external-belief-paths-are-safely-bounded
Both external belief integration pathways — LLM-driven derivation (bounded by fail-soft validation, Jaccard retraction guards, environment isolation, and safe propagation) and multi-agent import (bounded by namespace isolation, reversible kill-switches, and layered architecture) — are defense-in-depth pipelines that cannot corrupt the host network. -
OUT
all-information-flow-is-fault-tolerant-and-governed
Every information flow path through the system is simultaneously fault-tolerant (graceful degradation on FTS5 index failures, LLM timeouts, and missing source files) and governed (pure deterministic functions with fixed priority ordering, access-tag authorization gating, and token-budget constraints) — no information retrieval can fail catastrophically, and no information output can bypass authorization or exceed bounds. -
OUT
all-information-retrieval-is-fault-tolerant
Every information retrieval path — structured reads (FTS search with index self-healing, staleness checking with deterministic output, compact with pure bounded distillation) and LLM-synthesized queries (ask with bounded tool loops and raw search fallback) — degrades gracefully rather than failing, ensuring the system always returns useful results -
IN
all-query-operations-degrade-gracefully
All query operations degrade gracefully through multiple independent fallback tiers: ask cascades from LLM synthesis through bounded tool loops to raw FTS5 results on any failure, while search self-heals via index rebuilds on every save and falls back to substring matching on FTS5 unavailability — ensuring queries always return useful results regardless of LLM availability or index state. -
OUT
all-read-paths-are-deterministic-and-resilient
Every read-path operation produces deterministic output resilient to environmental variation: search handles missing FTS5 indexes via self-healing derived indexes and substring fallback, staleness checking produces sorted uniformly-structured CI-pipeline-ready results, and compact generates predictable bounded output from a pure function with fixed priority ordering. -
IN
architecture-enforces-structural-and-operational-safety
Architectural safety is enforced along two independent dimensions: structurally, the central network dependency is contained within clean three-layer boundaries preventing cross-layer corruption; operationally, every mutation path is atomic and isolated preventing within-layer partial state — neither dimension alone is sufficient, but together they eliminate both classes of corruption. -
OUT
architecture-has-no-hidden-fragility
The system's architectural safety is robust end-to-end: structural containment via clean layer boundaries and operational atomicity via context-managed mutations leave no hidden consistency hazards across the persistence boundary. -
IN
architecture-is-self-contained-and-safely-layered
The project is both externally self-contained (zero runtime dependencies at packaging and implementation levels) and internally well-structured (central network dependency safely contained within clean three-layer boundaries) — the architecture neither imports external risk nor allows internal complexity to leak across layers. -
IN
architecture-sustains-gapless-lifecycle
Architectural safety (clean layer boundaries with atomic isolated mutations) sustains gapless lifecycle management (staleness detection plus propagation lifecycle awareness) — beliefs are correctly managed at every point in their lifecycle, backed by structural guarantees that lifecycle operations execute atomically and without cross-layer leakage. -
OUT
batch-fault-isolation-is-universal-across-llm-operations
Both LLM-facing batch operations — derive proposal application (try/except per proposal with error accumulation) and belief review (silent skip on per-batch LLM failure) — isolate faults at the individual item level, preventing any single bad item from aborting the entire batch. -
IN
central-dependency-is-safely-contained
Despite `network.py` being imported by virtually every module in the codebase, the three-layer architecture with clean boundaries ensures this central coupling does not create cross-cutting mutation paths — layer separation contains the dependency's blast radius so that the hub topology does not compromise architectural integrity. -
OUT
complete-architecture-achieves-verified-production-correctness
The complete reasoning-and-revision architecture — deterministic in state trajectories, lifecycle-complete in monitoring, and architecturally grounded in invariant preservation — achieves verified production correctness across all operation types when propagation correctly tracks all dependents. -
IN
complete-architecture-is-backend-portable
The deterministic lifecycle-complete architecture — with its predictable state trajectories, gapless lifecycle monitoring, and uniform safety enforcement — operates identically across all storage backends, achieving full portability between SQLite and PostgreSQL. -
IN
complete-architecture-is-deterministic-and-lifecycle-complete
The complete reasoning-and-revision architecture is both deterministic in its state trajectories and lifecycle-complete in its monitoring coverage — no belief can escape either guarantee, creating a system where every belief is both predictably computed and fully tracked. -
OUT
complete-architecture-preserves-invariants-minimally
The complete reasoning-and-revision architecture preserves all system invariants through shared minimal foundations rather than through independent enforcement mechanisms — both architectural completeness (forward reasoning paired with backward revision) and invariant preservation (reactive contradiction resolution paired with proactive dialectical challenge) flow from the same outlist/disjunction primitives. -
OUT
complete-operational-uniformity-across-all-sources
All mutation sources produce fully correct persisted network state — operationally safe, semantically uniform, and consistent across all graph configurations — only when propagation handles dangling dependents without crashing and the derive pipeline's agent-count bug does not skew budget allocation. -
OUT
complete-quality-lifecycle-spans-creation-through-egress
The complete belief quality lifecycle — automated self-correction maintaining consistency, explicit review validating derived beliefs, and governed resilient egress controlling all output — forms an unbroken chain where quality is enforced at creation, validated during maintenance, and preserved through output. -
OUT
complete-system-is-self-correcting
The system actively maintains its own consistency along two independent dimensions: the TMS core handles exceptional conditions (contradictions trigger deterministic resolution, propagation respects lifecycle state), while belief currency management detects and surfaces drift in source material — no inconsistency persists undetected or unresolved. -
OUT
complete-unified-system-is-production-ready
The fully unified minimal-dialectical-scalable system with end-to-end integrity is production-ready — all mutations produce correct state, all revision is reliable, all extensions compose safely — but only when every known fragility and bug is resolved. -
IN
completeness-and-minimality-are-unified
The reasoning-and-revision architecture achieves completeness through minimality rather than despite it — both forward truth computation and backward belief revision derive from the same small set of primitives (outlist, disjunctive truth, vacuous validity), so completeness requires no feature accumulation beyond what minimality already provides. -
IN
completeness-determinism-and-minimality-are-unified
The reasoning-and-revision architecture achieves completeness through minimality, and that same minimality produces operational determinism — completeness and determinism are not independently established but co-derived from shared minimal foundations: uniform outlist primitives simultaneously enable complete revision coverage and deterministic evaluation, revealing a single architectural root for both properties. -
OUT
context-agnosticism-follows-from-minimality
Context-agnostic evaluation — producing identical results regardless of evaluation timing, attachment history, or structural origin — is a consequence of semantic minimality with operational determinism: because truth evaluation derives from uniform minimal rules with deterministic pure evaluation, it naturally cannot distinguish between contexts. -
IN
dangling-dependent-guard-skips-missing-nodes
`_propagate` skips dependent IDs not present in `net.nodes` rather than raising `KeyError`, and emits a structured warning log entry for each (fix for issue #22). -
IN
dangling-dependents-are-safely-contained
Dangling dependent references are safely contained across all propagation dimensions: BFS skips missing nodes with structured warnings, the changed set never includes ghost IDs, and the visited set excludes dangling IDs so later-created nodes propagate normally. -
IN
dangling-dependents-log-not-crash
Covered by existing `propagate-assumes-dependents-exist` (documents the assumption) and `tms-core-is-crash-safe` (documents crash safety) -
IN
dangling-guard-is-continue-not-raise
When `_propagate` encounters a dependent ID not in `self.nodes`, it logs a structured warning and continues the BFS loop rather than raising `KeyError` or silently skipping. -
IN
dangling-ids-excluded-from-changed
The `changed` set returned by `retract()` and `assert_node()` never contains IDs that don't correspond to real nodes in the network. -
IN
dangling-ids-excluded-from-visited
The propagation visited set does not include dangling IDs, so a formerly-dangling ID that becomes a real node will propagate correctly on subsequent operations. -
IN
dangling-refs-excluded-from-changed-set
The `changed` set returned by `retract`/`assert_node` never contains node IDs that don't exist in the network. -
IN
dangling-refs-excluded-from-visited-set
Dangling dependent IDs are not added to the propagation visited set, so later-created nodes with the same ID propagate normally. -
OUT
data-integrity-spans-architecture
Data integrity is enforced across all three architectural layers: clean layer boundaries prevent cross-cutting mutations, snapshot persistence ensures atomic state transitions, and conservative staleness checking gates CI pipelines. -
OUT
defense-in-depth-is-resource-efficient
The system's defense-in-depth across LLM and system boundaries — layered defenses including bounded execution, fail-soft error handling, process isolation, and referential integrity validation — achieves comprehensive protection within the same resource-efficient pipeline that spans packaging, startup, and runtime with zero external dependencies and lazy loading. -
OUT
defense-in-depth-spans-llm-and-system-boundaries
Defense-in-depth is enforced at every external interface through two independently-established layers: LLM integration applies layered defenses across application and process isolation boundaries (bounded execution, fail-soft handling, subprocess isolation), while all system boundaries simultaneously enforce strict validation, evolution tolerance, and resource constraints. -
OUT
edge-case-safety-spans-creation-and-maintenance
The system handles edge cases safely across both temporal dimensions: at creation time, uniform revision covers all semantic edge cases (vacuous premises, asymmetric absence, empty antecedents) through minimal primitives; at maintenance time, contradiction resolution and staleness detection actively catch drift — no edge case is safe only at one point in time. -
IN
edge-case-uniformity-follows-from-minimality
Uniform handling of all semantic edge cases — vacuous premises, asymmetric absence, empty antecedents — is a consequence of semantic minimality: because every edge case derives from the same primitives that drive deterministic core semantics, no special-case logic exists. -
IN
evaluation-purity-enables-complete-minimal-architecture
Evaluation purity — uniform, deterministic, side-effect-free justification validity checking — is the concrete computational property that makes the completeness-minimality unification possible: purity simultaneously grounds context-agnosticism (enabling the minimal primitive set to handle all cases uniformly) and ensures that architectural completeness follows from rather than despite minimality (because pure evaluation needs no case-specific logic). -
IN
exception-safety-spans-tms-and-source-lifecycle
The system handles failures safely across both domains: the TMS core resolves exceptional conditions (contradictions via backtracking, challenges via deterministic propagation) while the source integrity pipeline handles its failure modes (missing files, changed content, deleted sources) — no exception in either domain can produce inconsistent or undefined state. -
OUT
extensions-compose-transparently-on-core
Both extension systems — dialectical challenge/defend and multi-agent federation — compose transparently on the core TMS because each is evaluated by uniform outlist rules, propagated deterministically, reversed by the same primitive, and isolated from the other's namespace. -
OUT
fault-tolerance-spans-inspection-through-self-correction
Fault tolerance covers the complete belief quality spectrum: passive inspection operations (review, staleness checking, list-negative classification) degrade gracefully with fail-safe defaults and never mutate state, AND active self-correction (contradiction resolution via backtracking, staleness detection via source hashing) continues operating without external LLM dependencies — the system maintains quality assurance autonomously even when LLMs, external files, or network resources are unavailable. -
OUT
format-resilience-spans-all-external-interfaces
The system tolerates format variation at every external interface — derive output parsers support version fallback, import parsers silently skip unknown fields, storage handles schema evolution — and extends this resilience to LLM response parsing, where the list-negative parser uses regex extraction to recover structured data from prose-laden responses. -
OUT
format-resilient-boundaries-enforce-validated-trust
All system boundaries simultaneously tolerate format variation at every level — from LLM response parsing through schema migration to derive output versioning — while enforcing strict validated trust through typed exceptions, referential integrity checks, and hallucination filtering. -
OUT
full-system-integrity-is-gap-free
The system achieves gap-free integrity — enforced across all architectural layers, lifecycle states, and mutation paths — only when the dependents reverse index is reliably maintained and propagation handles dangling references gracefully. -
OUT
full-user-stack-is-verified-atomic-delegation
The full user-facing stack forms a verified chain of atomic delegation: the CLI is structurally pure delegation verified through hermetic integration tests, and every mutation flowing through the API layer is atomic, audited, and produces observable before/after diffs — ensuring end-to-end traceability from user command to persisted state change. -
IN
init-is-pure-data-model
`reasons_lib/__init__.py` contains only dataclass definitions (`Node`, `Justification`, `Nogood`) with no behavior, validation, or I/O; it imports nothing from the project and sits at the bottom of the import graph. -
OUT
integrity-and-scalability-are-complementary
The system achieves comprehensive integrity (unified across all internal mutations and external belief ingestion) and sound multi-agent scalability (isolated namespaces, minimal primitives, deterministic propagation) simultaneously — these properties reinforce rather than trade off against each other because both derive from the same uniform evaluation rules. -
OUT
integrity-enforced-across-architecture-and-lifecycle
Integrity is enforced along two orthogonal dimensions: vertically across architectural layers (clean data-model/TMS/persistence boundaries with snapshot persistence and CI gating) and horizontally across node lifecycle states (staleness checking skips OUT nodes without mutating, propagation skips retracted nodes while preserving them for restoration). -
OUT
integrity-is-an-emergent-consequence-of-minimality
End-to-end integrity across all mutation paths and architectural boundaries is not an independently-achieved property requiring separate enforcement — it falls out of minimality as another emergent consequence, because uniform primitive evaluation leaves no gaps for inconsistency to enter. -
OUT
integrity-is-boundary-and-source-agnostic
System integrity is enforced agnostically along two independent dimensions — across the internal/external boundary (local mutations vs. external ingestion) and across mutation sources (human dialectics, LLM derivation, agent import) — because the same atomic-deterministic pipeline processes all combinations without branching on origin or direction. -
OUT
internal-and-external-integrity-are-unified
Every operation — internal mutations (atomic transactions, deterministic propagation) and external belief ingestion (defensive validation, environment isolation, agent containment) — maintains end-to-end integrity through complementary safety mechanisms. -
OUT
invariant-preservation-is-architecturally-grounded
The complete reasoning-and-revision architecture preserves invariants through minimal foundations not in a vacuum but atop concrete architectural safety — three-layer containment and atomic mutations provide the structural substrate within which minimal invariant preservation operates. -
OUT
invariant-preservation-is-comprehensive
System invariants are comprehensively preserved through two complementary mechanisms: the closed revision/lifecycle loop ensures temporal coverage across forward computation and backward revision, while dual structural/dynamic enforcement provides orthogonal protection through architectural grounding and minimality-enforced self-correction. -
OUT
invariant-preservation-is-self-sustaining
Comprehensive invariant preservation — spanning revision loops, lifecycle management, and architectural grounding — is itself sustained by minimality's fixed-point property: the minimal primitives that preserve invariants are themselves invariants of the system, closing a meta-level consistency loop. -
OUT
invariant-preservation-is-total
Invariant preservation is both comprehensive in scope (spanning revision loops, lifecycle management, and structural/dynamic enforcement) and grounded across all independent dimensions (origin, time, and structure), achieving total invariant coverage with no gaps in either what is preserved or where preservation holds. -
OUT
invariant-preservation-is-total-and-self-sustaining
Invariant preservation is simultaneously total in scope (spanning all invariant dimensions and encompassing all belief types including externally-integrated ones) and self-sustaining in mechanism (maintained by minimality's fixed-point that dynamically corrects any departure) — comprehensiveness and sustainability are co-achieved rather than traded off. -
OUT
invariants-are-origin-time-and-structurally-grounded
System invariants are anchored along three dimensions: they hold across all belief origins and through time (comprehensive scope), and they are grounded in the concrete architecture's clean layer boundaries and atomic operations (structural foundation) — the invariants are both broad in what they cover and deep in how they are enforced. -
OUT
invariants-are-structurally-and-dynamically-preserved
System invariants are preserved through two complementary layers: architectural grounding provides structural enforcement via clean layer boundaries and atomic mutations, while minimality-enforced self-correction actively detects and resolves violations through contradiction resolution and staleness detection. -
OUT
invariants-hold-across-origin-and-time
System invariants hold along every independent dimension: across all belief origins (human-initiated, LLM-derived, agent-imported) via shared minimal foundations, and across both temporal phases (creation-time edge-case handling and maintenance-time staleness detection) including all semantic edge cases. -
IN
issue-121-evolution-tolerance-audit
Issue #121: Audit evolution tolerance at all system boundaries — not all boundaries have documented forward-compatibility mechanisms -
IN
issue-122-review-fault-tolerance-audit
Issue #122: Audit review module for unhandled failure modes — three specific handlers do not establish coverage of all failure modes -
IN
issue-123-resource-footprint-audit
Issue #123: Audit resource footprint across all lifecycle phases — only deployment and startup phases are currently evidenced -
IN
issue-126-reference-validation-audit
Issue #126: Audit all node ID reference boundaries for validation — three specific boundaries do not establish coverage of every boundary -
IN
network-is-central-dependency
`network.py` is imported by essentially every other module — api, storage, import, export, compact, check_stale, and all test files — making it the central data structure of the project. -
OUT
operational-assurance-is-resource-efficient
The system's comprehensive operational assurance — spanning temporal self-correction, end-to-end reliability, and external control — is achieved within a resource-efficient pipeline that minimizes footprint at every lifecycle phase, ensuring operational guarantees do not degrade under resource constraints. -
OUT
operational-guarantees-span-safety-and-trust
The system's operational guarantees span two independent enforcement dimensions: safety that is universal and condition-independent (holding across all layers, backends, and adverse conditions) and trust boundaries that are comprehensively enforced (architectural self-containment and information flow control at every boundary) — together ensuring no operational path can compromise system integrity regardless of layer, backend, or external interaction. -
OUT
operational-integrity-is-end-to-end
Every network operation achieves both transactional atomicity (load/save gating, snapshot persistence) and semantic determinism (uniform pure evaluation, terminating propagation, reversible defeat), ensuring every mutation produces a predictable, recoverable network state. -
OUT
operational-integrity-survives-all-graph-states
End-to-end operational integrity holds across all semantic edge cases — including vacuous premises, asymmetric absence, and empty antecedents — only when the dependents graph is consistent and propagation handles all node references safely. -
OUT
operational-profile-is-safe-assured-and-resource-bounded
The system's complete operational profile achieves both safety (defense-in-depth reinforced across LLM and system boundaries with resource-efficient layered defenses) and assurance (spanning temporal self-correction, end-to-end reliability, and external control within efficient pipeline bounds) — neither safety nor assurance requires resource trade-offs against the other. -
OUT
operational-profile-is-traceable-through-equilibria
The system's safe, assured, resource-bounded operational profile produces evaluations that are traceable from individual computation through system-wide convergence to documented equilibria — operational guarantees hold not just at a point in time but longitudinally across the system's entire trajectory toward stable states. -
OUT
operational-profile-spans-all-backends
The safe, assured, resource-bounded operational profile holds identically across all storage backends — the same safety, assurance, and resource-efficiency guarantees apply uniformly to both SQLite and PostgreSQL deployments. -
OUT
operational-safety-is-defense-in-depth-reinforced
The system's operational safety guarantees — universal across all architectural layers and condition-independent — are concretely reinforced by defense-in-depth at every external boundary: LLM integration applies layered defenses (bounded execution, fail-soft handling, subprocess isolation) and system boundaries enforce validation, resilience, and resource constraints simultaneously -
OUT
operational-safety-is-resource-efficient-defense-in-depth
The system's operational safety guarantees — universal across all architectural layers and condition-independent — are concretely reinforced by defense-in-depth spanning LLM and system boundaries, and this defense-in-depth is achieved within a resource-efficient pipeline from packaging through runtime, meaning comprehensive safety does not trade off against operational cost. -
OUT
operational-safety-is-universal-and-condition-independent
Operational safety holds universally across two independent dimensions: across all architectural layers and storage backends (SQLite and PostgreSQL enforce equivalent safety through backend-appropriate mechanisms), AND under all graph conditions including adverse states (dangling references trigger graceful degradation, cyclic justifications are bounded, concurrent access uses WAL mode) -
OUT
operational-safety-spans-all-mutation-sources
Operational safety extends across both internal mutation pipelines (atomic load/save transactions, deterministic propagation, write-flag gating) and external belief ingestion pathways (defensive validation, Jaccard retraction guards, environment isolation, agent namespace containment), ensuring every mutation source — whether programmatic, LLM-driven, or agent-imported — passes through integrity enforcement. -
OUT
operational-traceability-enables-efficient-self-correction
The system's operational profile — traceable from individual truth evaluation through system-wide equilibria — combines with quality-complete self-correction operating within an efficient pipeline, so that every correction and its full cascade is simultaneously traceable and resource-bounded from individual computation through stable-state convergence. -
OUT
query-degradation-is-deterministic-across-all-access-paths
All information access paths degrade gracefully while maintaining deterministic output: interactive queries cascade through tiered modes (LLM synthesis → bounded tool loop → raw FTS5 search), structured reads self-heal missing indexes via derived FTS5 reconstruction, and all fallback paths produce deterministic sorted output. -
OUT
query-resilience-serves-self-correcting-knowledge
All query access paths — interactive LLM synthesis, batch search, and compact summarization — degrade gracefully with deterministic output while operating against a knowledge base that actively self-corrects through contradiction resolution and staleness detection, ensuring degraded queries still return data from a consistency-maintained belief network -
IN
read-and-write-paths-are-both-reliable
Both the read path (staleness checking detects all forms of source drift without false negatives) and the write path (truth propagation completes without runtime errors across all reachable nodes) are operationally reliable, ensuring the system functions correctly in both observational and mutational modes. -
OUT
reasoning-and-knowledge-expansion-are-both-exhaustive
The system achieves exhaustive coverage in both formal reasoning (deterministic reversible truth evaluation with guaranteed-terminating exploration of all derivable conclusions) and LLM-driven knowledge expansion (complete coverage with fault tolerance across all interactive and batch LLM operations) -
OUT
reference-validation-is-defense-in-depth
Every system boundary that accepts node ID references validates them against the actual network: import normalization drops unknown antecedent/outlist refs, nogood recording skips invalid node IDs, and LLM-returned negative-list IDs are filtered against existing nodes. -
IN
rich-governance-determinism-spans-revision-through-source
Rich lifecycle governance — deterministic and lifecycle-complete — achieves end-to-end determinism from belief revision semantics through source integrity verification, ensuring that metadata-enabled state governance produces predictable outcomes at every pipeline stage from truth evaluation through hash-based staleness detection. -
OUT
rich-governance-emerges-from-minimal-foundations
Rich state governance — metadata-enabled lifecycle management extending beyond binary IN/OUT truth to retraction pins, stale reasons, and access tags — is achieved through the same minimal foundations that unify truth computation and belief revision, not through additional machinery layered on top. -
IN
rich-governance-encompasses-topology-complete-transitions
Rich governance — deterministic from revision through source integrity, exception-safe across all failure modes, and source-grounded — encompasses topology-complete state transitions, ensuring every belief modification propagates richly-governed metadata-enriched state changes completely through the dependency graph with deterministic recoverable outcomes. -
OUT
rich-governance-has-verified-evolution-tolerance
The system's rich governance — deterministic, exception-safe, and source-grounded — combined with gap-free lifecycle source coverage achieves verified evolution tolerance at all system boundaries when the evolution tolerance audit (issue #121) confirms that all boundaries have documented forward-compatibility, completing the governance guarantee across the format/schema evolution dimension. -
IN
rich-governance-inherits-minimality-completeness-determinism-unity
Rich lifecycle governance — deterministic and lifecycle-complete — achieves its determinism not as an independently-engineered property but as a consequence of the same minimality that generates completeness: the unified minimality-completeness-determinism triad ensures that rich governance's predictable state trajectories and gapless monitoring arise from the same minimal primitives that produce comprehensive truth maintenance coverage. -
IN
rich-governance-is-deterministic-and-lifecycle-complete
The deterministic lifecycle-complete architecture governs state richer than binary truth values — deterministic reasoning ensures predictable state trajectories and gapless lifecycle monitoring ensures no belief escapes management, while metadata-enabled governance extends these guarantees to retraction reasons, staleness tracking, and access control beyond IN/OUT. -
IN
rich-governance-is-deterministic-exception-safe-and-source-grounded
Rich lifecycle governance simultaneously achieves end-to-end determinism from revision semantics through source integrity and exception safety across TMS and source lifecycle — governance is both predictable in its state trajectories and resilient to all exceptional conditions. -
IN
rich-governance-is-exception-safe
The system's rich lifecycle governance — deterministic, lifecycle-complete, extending beyond binary truth to metadata-enabled state with full monitoring — operates within an exception-safe framework spanning both TMS core and source lifecycle: contradictions are resolved through deterministic backtracking, challenges reach correct truth states through crash-safe propagation, and source failures degrade gracefully through fail-safe path resolution — ensuring that rich state transitions never produce corrupted or inconsistent lifecycle metadata. -
IN
rich-governance-spans-all-backends
The system's exception-safe rich lifecycle governance — deterministic, lifecycle-complete, and spanning revision through source integrity — operates identically across all storage backends, achieving full behavioral parity between SQLite and PostgreSQL for metadata-enabled lifecycle management. -
OUT
safety-and-uniformity-are-co-derived
Dialectical safety (deterministic evaluation of irreversible premise transformations) and edge-case uniformity (consistent handling of vacuous premises, asymmetric absence, and empty antecedents) are independently derived from the same shared root — semantic minimality with operational determinism — revealing them as two faces of a single architectural property rather than independent design achievements. -
OUT
safety-integrity-and-uniformity-converge
Three independently-established properties — boundary-agnostic integrity (internal/external indifference), dialectical safety (deterministic evaluation of irreversible transformations), and edge-case uniformity (consistent handling of vacuous and asymmetric cases) — converge to a single architectural invariant because all three derive from the same minimal evaluation rules applied uniformly. -
IN
safety-is-enforced-across-all-layers-and-backends
Safety is enforced uniformly across both the architectural dimension (clean layer boundaries with atomic isolated mutations) and the storage dimension (equivalent guarantees through backend-appropriate mechanisms in SQLite and PostgreSQL) — no safety property depends on a specific backend or architectural layer. -
OUT
self-sustainability-is-reinforced-by-resource-efficiency
The system's self-sustaining minimality loop — where minimality generates the closed maintenance loop and self-correction mechanisms that actively maintain minimality itself — is reinforced by pervasive resource efficiency: zero external dependencies eliminate supply-chain risk to the loop's operation, lazy loading reduces maintenance overhead, and O(1) budget tracking ensures the loop operates within bounded computational cost. -
OUT
self-sustaining-invariants-are-independently-verifiable
The system's self-sustaining invariant preservation does not require blind trust: the same maintenance loop observability that enables trustworthiness verification independently confirms that minimality's fixed-point continues to sustain invariant preservation — self-sustainability is verifiable, not merely claimed. -
OUT
self-sustaining-preservation-encompasses-external-beliefs
Self-sustaining invariant preservation fully encompasses external beliefs: the correction and equivalence guarantees for external beliefs are dynamically sustained by minimality's fixed-point property, not merely statically established — external integration quality is actively maintained as part of the system's self-maintenance loop. -
IN
semantics-and-revision-share-minimal-foundations
Both truth maintenance semantics and belief revision achieve comprehensive coverage through the same minimal primitives — the outlist primitive simultaneously enables emergent truth evaluation (disjunction over conjunction with absence semantics) and all non-monotonic revision mechanisms (defeat, backtracking, dialectics), confirming minimality as a cross-cutting architectural principle rather than a property of any single subsystem. -
OUT
system-achieves-tripartite-operational-assurance
The system achieves a complete operational profile across three independent assurance dimensions: externally controlled (bounded interfaces with defensive ingestion), internally self-correcting (contradiction resolution and staleness detection), and query-resilient (graceful degradation across all access paths) — ensuring no operational scenario is unaddressed. -
OUT
system-assurance-is-universal-and-multidimensional
The system's operational assurance spans all dimensions — temporal completeness of self-correction, end-to-end reliability of read and write paths, and external control through bidirectional bounds and defensive ingestion — and holds universally across all architectural layers, storage backends, and adverse graph conditions including vacuous premises, asymmetric absence, and empty antecedents. -
OUT
system-assurance-spans-correction-reliability-and-control
The system's operational assurance spans three independent dimensions: temporal completeness of self-correction (creation-time contradiction resolution and maintenance-time staleness detection), resource sustainability (bounded token budgets preventing exhaustion), and external controllability (bidirectional interface bounds with defensive ingestion) — no assurance gap exists along any axis. -
OUT
system-boundaries-are-evolution-tolerant-and-reference-safe
The system handles boundary interactions safely along two independent dimensions: format and schema evolution is tolerated gracefully (derive parser fallbacks, forward-compatible metadata lines, SQLite schema migration via try/except), while reference validation prevents invalid IDs from crossing any boundary (import normalization drops unknown refs, nogoods skip missing nodes, LLM hallucination filtering discards phantom IDs) -
OUT
system-boundaries-are-validating-and-evolution-tolerant
All system boundaries simultaneously enforce strict input validation (typed exceptions, referential integrity checks, hallucination filtering) and tolerate evolution gracefully (dual format parsers, forward-compatible metadata, schema-tolerant loading) — boundaries are both strict about current invariants and adaptive to future changes. -
OUT
system-boundary-enforcement-spans-validation-resilience-and-resources
All system boundaries simultaneously enforce three independent properties: strict input validation through typed exceptions and referential integrity checks that reject malformed or dangling references, forward-compatible resilience that tolerates format and schema evolution without requiring coordinated upgrades, and resource governance through accurate bidirectional token budgets with transitive subset-gated access control — boundaries serve as gates for correctness, adapters for evolution, and constraints on resource consumption. -
OUT
system-guarantees-are-universal-and-permanent
The system's ultimate properties are both permanent (maintained indefinitely without temporal degradation) and universal (extending fully to all beliefs regardless of origin) — no belief can escape the system's guarantees along either the time or scope dimension. -
OUT
system-guarantees-are-universal-permanent-and-verifiable
The system's ultimate guarantees are simultaneously universal (extending fully to all belief types including externally-integrated ones), permanent (maintained indefinitely without temporal degradation), and independently verifiable (origin-agnostic observability enables external audit without requiring trust in the system's internal state). -
OUT
system-is-minimal-sound-and-scalable
The entire system — from single-node truth semantics through multi-agent operation — achieves semantic minimality (all features derive from uniform primitives), operational soundness (deterministic reversible truth maintenance), and safe scalability (isolated multi-agent operation) simultaneously. -
OUT
system-is-reliable-self-correcting-and-externally-controlled
The system achieves triple-layered assurance: reliability spanning internal and external boundaries (both read and write paths reliable, external interface bidirectionally bounded), active self-correction for consistency maintenance (contradiction resolution and staleness detection), and full external surface control through defensive ingestion and token bounds — combining reactive integrity maintenance with proactive boundary enforcement. -
OUT
system-is-resource-efficient-self-sustaining-and-auditable
The system achieves a self-reinforcing triad: resource efficiency reinforces self-sustainability (preventing exhaustion of the minimality-generated maintenance loop), self-sustainability maintains indefinite auditability (the audit trail never degrades because the maintenance loop that produces it is self-maintaining), and auditability remains resource-efficient (the overhead of permanent traceability does not threaten sustainability) — forming a closed positive-feedback cycle. -
OUT
system-is-self-sustaining-auditable-and-invariant-complete
The system simultaneously achieves three ultimate properties: self-sustainability through minimality's fixed-point, comprehensive invariant preservation, and complete operational auditability for every maintenance action — a single closed architecture that maintains itself, preserves all guarantees, and traces every action. -
OUT
system-is-unified-minimal-dialectical-and-scalable
The entire system — minimal primitives, sound multi-agent scaling, and complete dialectical revision — forms a unified design where every feature derives from the same core outlist/disjunction semantics with deterministic, reversible behavior. -
OUT
system-operations-never-crash
Every system operation is crash-free: atomic mutations prevent partial state corruption, deterministic reversible reasoning prevents oscillation and ambiguity, and uniform evaluation prevents dispatch errors — provided no dangling dependent references exist in the graph. -
OUT
system-properties-are-indefinitely-maintained
The system's three ultimate properties — self-sustainability, comprehensive auditability, and complete invariant preservation — extend beyond external beliefs to unlimited temporal scope: resource-sustainable self-correction within a deterministic lifecycle ensures these properties hold not just now but indefinitely, provided propagation correctness is maintained. -
OUT
system-properties-emerge-from-unified-design
All four primary system properties — integrity, scalability, extensibility, and robustness — emerge from a single unified architectural design rather than requiring independent engineering effort; integrity and scalability are complementary consequences of unified internal/external integrity with sound multi-agent scaling, while extensibility and robustness are jointly yielded by minimality, and the design that produces both pairs is the same. -
OUT
system-properties-extend-fully-to-external-beliefs
The system's three ultimate properties — self-sustainability through minimality's fixed-point, comprehensive auditability through fully-characterized maintenance, and complete invariant preservation — extend fully to externally-sourced beliefs through self-sustaining invariant preservation that dynamically encompasses external beliefs as first-class participants. -
OUT
system-reliability-spans-internal-and-external
The system is reliable along both internal and external dimensions: internally, both read paths (comprehensive staleness detection) and write paths (crash-free propagation) are reliable; externally, interfaces are bidirectionally bounded with budget-constrained output and comprehensive staleness-gated input. -
OUT
system-tolerates-evolution-at-all-boundaries
The system handles format and schema evolution gracefully at every external boundary: derive output parsers support two format versions with automatic fallback, belief import silently skips unknown metadata fields, and storage tolerates missing tables from older database schemas via exception handling -
IN
tms-core-is-crash-safe
The TMS core provides crash-free truth maintenance: deterministic termination, pure evaluation, and conservative failure semantics ensure correct results across all reachable nodes. -
IN
tms-handles-all-conditions-safely
The TMS core handles both normal operation (crash-free truth propagation via BFS with stop-on-unchanged) and exceptional conditions (deterministic contradiction resolution via backtracking with least-entrenched selection) through shared propagation infrastructure — no reachable execution state leads to undefined behavior. -
OUT
total-invariant-preservation-encompasses-all-beliefs
Total invariant preservation — comprehensive in scope and architecturally grounded — fully encompasses externally-integrated beliefs that achieve integration parity along all quality axes, establishing that the system's invariant regime makes no distinction between internal and external beliefs at any level. -
OUT
total-preservation-is-indefinitely-auditable
Total invariant preservation — comprehensive in scope and self-sustaining through minimality — is accompanied by indefinite auditability: every invariant-preserving action across all time leaves traceable history without temporal degradation, meaning the system can prove its own correctness at any point. -
OUT
trust-and-information-boundaries-are-comprehensively-enforced
The system enforces comprehensive boundaries spanning both architecture and information flow: architectural trust boundaries through self-containment and defensive ingestion pipelines ensure no unvalidated data enters the network, while information boundaries through access-tag authorization, token-budget constraints, and bidirectional external surface control ensure no unauthorized or unbounded data leaves it -
OUT
trust-boundaries-are-self-maintaining
Trust boundaries are both structurally enforced (zero external dependencies, defensive ingestion, format-resilient validation) and dynamically maintained through autonomous convergence (every modification reaches a deterministic stable state within trust boundaries) — the system's trust guarantees require no external enforcement mechanism. -
OUT
trust-boundary-is-architecturally-enforced
The system's trust boundary is architecturally enforced through complementary internal and external mechanisms: internal self-containment (zero external dependencies, clean three-layer boundaries) eliminates supply-chain and cross-layer attack surfaces, while defensive external containment (layered validation pipelines, namespace isolation, agent kill-switches) prevents untrusted input from corrupting internal state -
OUT
trust-enforcement-is-structural-and-operationally-resilient
System trust boundaries are enforced through two complementary mechanisms: structural containment (zero external dependencies, defensive ingestion pipelines, safe three-layer architecture) provides static trust guarantees, while format resilience at all external interfaces (parser fallbacks, schema evolution tolerance, hallucination filtering) provides dynamic trust that adapts to changing external formats without relaxing validation. -
OUT
unified-system-is-a-closed-self-maintaining-architecture
The system forms a closed self-maintaining belief architecture: end-to-end integrity ensures no operation corrupts consistency, while revision completeness ensures any valid belief configuration is reachable — together guaranteeing the system can evolve to any target state while preserving all invariants — only when all known defects and fragilities are resolved. -
OUT
unified-system-maintains-end-to-end-integrity
The fully unified system — minimal primitives, sound multi-agent scaling, and complete dialectical revision — also maintains end-to-end integrity across all internal and external operations, meaning the design's unification extends from semantic minimality through operational safety to produce a system where every component inherits both the expressiveness and the integrity guarantees of the core. -
IN
unused-node-import-in-dangling-test
Unstable trivia — an unused import is likely to be cleaned up and is not an architectural invariant. -
IN
unused-path-import
Dead code observation (`Path` imported but unused) — unstable detail that will change when cleaned up. -
OUT
verified-mutation-correctness-across-boundaries
Every mutation source produces fully correct persisted state that preserves boundary-agnostic integrity — not just safe operation, but verified output correctness across internal/external boundaries and all source types — only when implementation-level defects in propagation and budget allocation are resolved. -
IN
warning-log-contract-action-target-value
Dangling-dependent warnings in `net.log` have `action="warn"`, a `target` field with the ghost node ID, and a `value` string containing both `"dangling"` and the parent node ID. -
IN
warning-log-schema-stable
Dangling-dependent warnings use the dict schema `{action: "warn", target:, value: , timestamp: }` and tests enforce all four fields.