architecture-safety

131 beliefs (43 IN, 88 OUT)

The architecture-safety topic captures how the reasons system prevents corruption and maintains consistency across its entire operation. At its foundation, the architecture enforces safety along two independent dimensions: structurally, the central network dependency (network-is-central-dependency) is contained within clean three-layer boundaries that prevent cross-layer corruption (central-dependency-is-safely-contained), and operationally, every mutation path uses atomic isolated transactions (architecture-enforces-structural-and-operational-safety). The system is also externally self-contained with zero runtime dependencies, meaning it neither imports external risk nor allows internal complexity to leak across layers (architecture-is-self-contained-and-safely-layered). These guarantees hold uniformly across both SQLite and PostgreSQL backends (safety-is-enforced-across-all-layers-and-backends).

A significant thread within this topic establishes that many desirable properties emerge from shared minimal foundations rather than independent engineering. Completeness, determinism, and minimality are shown to be co-derived from the same primitives (completeness-determinism-and-minimality-are-unified), with evaluation purity serving as the concrete computational property that makes this unification possible (evaluation-purity-enables-complete-minimal-architecture). Edge-case uniformity and semantic coverage flow from minimality as well (edge-case-uniformity-follows-from-minimality). Rich lifecycle governance, which extends beyond binary IN/OUT truth to metadata like retraction reasons and staleness tracking, inherits its determinism from this same minimal root (rich-governance-inherits-minimality-completeness-determinism-unity) and is shown to be exception-safe (rich-governance-is-exception-safe), backend-portable (rich-governance-spans-all-backends), and topology-complete in its state transitions (rich-governance-encompasses-topology-complete-transitions).

A notable cluster of IN beliefs documents the specific handling of dangling dependent references, a concrete safety mechanism where propagation skips missing nodes with structured warnings rather than crashing (dangling-dependent-guard-skips-missing-nodes, dangling-guard-is-continue-not-raise). The changed and visited sets explicitly exclude ghost IDs (dangling-ids-excluded-from-changed, dangling-ids-excluded-from-visited), and the warning log schema is stable and tested (warning-log-schema-stable). These concrete mechanisms support the broader claim that the TMS core is crash-safe (tms-core-is-crash-safe) and handles all conditions including contradictions safely (tms-handles-all-conditions-safely). Several open audit issues remain tracked as premises: evolution tolerance at boundaries (issue-121-evolution-tolerance-audit), review fault tolerance (issue-122-review-fault-tolerance-audit), resource footprint (issue-123-resource-footprint-audit), and reference validation coverage (issue-126-reference-validation-audit).

The most striking feature of this topic is the large number of OUT beliefs, which represent a major retraction cascade. Nearly all of the grand unifying claims have been retracted: assertions that the system has no hidden fragility (architecture-has-no-hidden-fragility), that operational integrity survives all graph states (operational-integrity-survives-all-graph-states), that the system is production-ready (complete-unified-system-is-production-ready), and that invariant preservation is total and self-sustaining (invariant-preservation-is-total-and-self-sustaining) are all OUT. This pattern suggests that while the concrete architectural mechanisms and their individual properties remain well-established, the ambitious synthesized claims that composed these properties into sweeping guarantees were found to overreach, likely because the open audit issues and known defects in propagation and budget allocation undermine the universal coverage those claims asserted. The surviving IN beliefs form a solid but more modest picture: the architecture is well-layered, minimal, deterministic, and handles known failure modes gracefully, but it does not yet warrant claims of gap-free or total safety across every dimension.