Skip to main content

CVE — articulation hygiene (L6)

Document CVE self-application

ShapeDeclarations {
    purpose: Some(Purpose {
        role: "CVE-L6 articulation-hygiene discipline — register prohibitions + self-reference operator",
        k_min: CveThresholdK.FullWitness,
        v_min: CveThresholdV.NamedCertification,
        e_min: CveThresholdE.StructurallyReady,
    }),
    substrate: Some(CognitiveSubstrate.AnalyticDecompositional),
    anchoring: Some(FormalAnchoring.CurryHowardLawvere),
    e_sense:   Some(ExecutabilitySense.StructuralReadiness),
    self_reference: Some(SelfReferenceWitness {
        operator:       "the CVE-L6 hygiene check applied to this very page",
        fixed_point:    "this page surviving its own three register prohibitions",
        fixpoint_class: fixpoint_class_custom_fixpoint(
            "CVE §6.10 self-application — the framework survives its own articulation hygiene"
        ),
    }),
}

Lifecycle: [T] Theorem of L6 self-survival (the framework applied to itself satisfies the three register prohibitions — see §4 below). The self_reference field is non-None because the page documents the very check that audits it.

The CVE framework is recursively self-applicable: it asks the same three questions of itself that it asks of every other artefact. The recursive application is what gives the framework its load-bearing status — a frame that cannot articulate itself in its own vocabulary is, by construction, weaker than the artefacts it claims to classify.

Articulation hygiene is the discipline that protects the self-application from a small but well-known class of philosophical traps. The hygiene is enforced at CVE layer L6 — the layer where the framework is checked against itself.

This page documents the register prohibitions, the self-application audit, and how Verum surfaces violations.

1. Why an articulation discipline?

The CVE frame is a meta-discipline. It applies to:

  • ordinary code (L0),
  • proof terms (L1),
  • proof methods (L2),
  • meta-theories (L3),
  • architectural shapes (L4),
  • audit reports (L5),
  • the frame itself (L6).

At L6 the frame is being applied to the frame. This recursion admits well-known anti-patterns drawn from philosophy of language:

  • Self-reference without operator. Asserting "this sentence is constructive" without specifying what register the assertion lives in.
  • Register collision. Mixing object-level and meta-level vocabulary in a single assertion.
  • Ungrounded universality. Asserting "every claim is C-typed" without specifying the layer the universality applies to.

These traps are subtle. They don't surface as obvious errors during development; they surface as logical inconsistency in the audit chronicle. Articulation hygiene catches them before they do.

2. The register-prohibition discipline

Verum's articulation hygiene enforces three register prohibitions at L6:

2.1 Prohibition 1 — no self-reference without operator

Every CVE statement in the audit chronicle MUST specify the layer it applies to. A statement of the form "this artefact is C-V-E" is admissible only when the layer is explicit:

  • ✓ "At CVE-L0, add(2, 3) = 5 is C-V-E."
  • ✓ "At CVE-L4, the Shape of payment.checkout is C-V-E."
  • ✗ "X is C-V-E." (which layer? object? proof? frame?)

Statements without layer attribution are flagged as candidates for the register-prohibition check.

2.2 Prohibition 2 — no mixing object-level and meta-level

Within a single assertion, all terms must inhabit the same layer. A sentence that combines L0 vocabulary with L4 vocabulary is a register collision:

  • ✓ "The function f (L0) has refinement type Int { self > 0 }."
  • ✓ "The cog payment.checkout (L4) has Lifecycle Theorem."
  • ✗ "The function f has Lifecycle Theorem." — f is L0; Lifecycle is L4. The statement is a register collision.

2.3 Prohibition 3 — no ungrounded universality

Universal quantifications (∀, "every", "always") must specify the layer they range over:

  • ✓ "Every annotated cog (L4) carries a Lifecycle."
  • ✓ "Every kernel rule (L1/L2) is admissible at the MSFS reflection-tower's BoundedByOneInaccessible stage (L3)."
  • ✗ "Every claim is C-typed." (over what layer? L0 alone? all layers?)

Ungrounded universality is the most subtle of the three: the ungrounded statement might be true at every layer, but the audit cannot mechanically verify it because the quantification range is undefined.

3. The L6 audit gate

Articulation hygiene is not a separate audit subcommand; it is verified by verum audit --bundle's L6 self-application step. The step walks every emitted diagnostic, every audit report field, every framework citation, and applies the three register prohibitions.

A bundle that triggers any prohibition reports:

warning[ATS-V-L6-REGISTER-001]: register prohibition triggered
  --> target/audit-reports/bundle.json (field: gates[3].verdict)
   |
   | "verdict": "every artifact is C-V-E"
   |            ^^^^^^^^^^^^^^^^^^^^^^^^^ ungrounded universality
   |                                     (no layer specified)
help: specify the layer the universality ranges over.
      Replace with one of:
        "every L0 artifact is C-V-E"
        "every L4 cog is C-V-E"
        ...

The L6 gate is the self-check of the audit framework. A project's L4 verdict can be load-bearing without the L6 check passing — but the audit pipeline reports the discrepancy explicitly so reviewers can spot when the audit's own articulation drifts from the discipline.

4. Self-application — does the frame survive?

The decisive test of articulation hygiene is whether the CVE frame, when applied to itself, satisfies the three register prohibitions. The answer is yes — by design.

The framework's self-application:

  • "Is the CVE framework constructive?" — Yes, at CVE-L6. The framework is realised as Verum types and audit dispatchers.
  • "Is the CVE framework verifiable?" — Yes, at CVE-L6. The manifest of CVE-glyph-to-rule is enumerable and audited.
  • "Is the CVE framework executable?" — Yes, at CVE-L6. Every audit gate is a runnable subcommand.

Each answer specifies its layer (CVE-L6). Each answer's vocabulary stays within L6. The universality is grounded in the specific layer.

The framework therefore survives its own articulation hygiene. This is the property that makes CVE suitable as a foundation rather than a convention.

5. Why the prohibitions are necessary

A natural skepticism: "if the framework survives by careful application, why surface the prohibitions explicitly?"

The answer: the prohibitions don't protect the framework's designed use; they protect the framework's unintended use. A codebase that adopts CVE may produce audit reports whose prose violates the hygiene discipline. Without the L6 check, the violations would propagate silently into the audit chronicle.

The prohibitions are therefore quality gates on the audit chronicle — analogous to how the type checker is a quality gate on the source code. Both prevent silently-wrong artefacts from reaching production.

6. Common L6 register-prohibition triggers

Three patterns most commonly trigger the L6 check:

Trigger 1. A diagnostic message that uses object-level vocabulary to describe an architectural concept:

  • ✗ "This function has Lifecycle Theorem."
  • ✓ "This cog has Lifecycle Theorem."

Trigger 2. An audit summary that aggregates across layers without specifying the layer:

  • ✗ "Total constructive artefacts: 1024."
  • ✓ "Total CVE-L0 constructive artefacts: 1024. Total CVE-L4 constructive artefacts: 267."

Trigger 3. A framework citation that lifts a result without documenting the layer transit:

  • ✗ "Cited under @framework(joux_2009, "Theorem 4.2")."
  • ✓ "Cited under @framework(joux_2009, "Theorem 4.2 — generic group lower bound")." (the citation specifies what kind of theorem at what layer)

The fixes for each trigger are mechanical; the L6 gate's diagnostic includes the canonical fix.

7. The L6 ↔ CVE-AH connection

Articulation hygiene at L6 connects to the CVE articulation-hygiene band through four load-bearing anti-patterns:

These patterns and the L6 gate together cover the full hygiene surface: the L6 gate catches prose-level register collisions, AP-036/038/039/040 catch type-system-level register collisions and self-referential constructions.

8. Self-reference: operator + fixed point as type-level discipline

Section declarations. FormalAnchoring: CurryHowardLawvere — Banach / Tarski / Adamek all live within the CHL anchoring (categorical fixed-point theorems). Substrate: AnalyticDecompositional. Lifecycle: [T] Theorem of the architectural law (operationalised via AP-040).

The articulation-hygiene principle is a specialisation of CVE closure to self-referential constructs, stated at CVE-L4 (architectural law) and operationalised at CVE-L0 through AP-040 SelfReferenceWithoutOperator:

Principle (CVE-L4). For every self-referential construct XX admitted at CVE-L0, the construct's identity is not the bare assertion "XX is XX" but the fixed point Fix(TX)\mathrm{Fix}(\mathcal{T}_X) of an explicitly named operator TX\mathcal{T}_X under a CVE-L4-cited fixed-point theorem.

The CVE decomposition:

AxisRealisation
Cthe operator TX\mathcal{T}_X is given constructively — an explicit transformation rule on the argument
Vthe existence of the fixed point is proved via a fixed-point theorem: Banach for contracting operators, Tarski–Knaster for monotone, Adamek for continuous functors on cocomplete categories
Ethe fixed point is computed — iterations xn+1=TX(xn)x_{n+1} = \mathcal{T}_X(x_n), x=limxnx = \lim x_n are a program

The principle applies in every domain where self-reference arises:

DomainThe self-X formArticulation hygiene
Mathematics"the set of all sets not containing themselves"operator + fixed point in a category where such a point exists and is unique
Software engineeringself-modifying codetype-safe metaprogramming environment; first construct the transformation operator, then find the stable point
Legal systema constitution regulating its own amendmenta formal amendment procedure (operator) + the fixed point as the stable constitution surviving iterations of amendment
AI architecturea self-modifying training processmeta-learning operator + fixed point as the stable architecture surviving meta-training
Organisational structurean organisation restructuring itselfformal restructuring procedure (operator) + fixed point as the stable structure

The articulation-hygiene technique is the constructive bypass of the no-go theorem family (Russell, Gödel, Tarski, Lawvere, and their generalisations). These theorems show: in a complete system, any "self-X" formulation leads to a paradox. The hygiene gives an operational way to work with self-referential constructs without falling into paradox: instead of "self-X", an operator and its fixed point in a suitable category. Applicable not only in mathematics but in any domain where analogues of these no-go theorems operate (software systems via computability theory, legal systems via no-go theorems on total self-validation, etc.).

The operational reading: at CVE-L0 (object level), a self-referential claim is admissible only when it is re-articulated as the fixed point of an explicitly-named operator under a CVE-L4 fixpoint-class theorem. Every CVE-L0 self-referential Shape declaration without an explicit SelfReferenceWitness is operationally indistinguishable from a Russell-paradox construction; the bare assertion "X is X" (or its CVE-L0 analogues — a cog that cites itself in composes_with, a capability targeting the cog's own holon, a constitution that ratifies its own amendment process) triggers AP-040 SelfReferenceWithoutOperator in strict mode.

Verum operationalises this discipline through two new first-class types and one new anti-pattern.

8.1 The two new types

Universal-property classifier

Categorically, a fixed-point theorem is the assertion that for a chosen category C\mathcal{C} and a chosen class of endomorphisms EEnd(C)\mathcal{E} \subseteq \mathrm{End}(\mathcal{C}), every TE\mathcal{T} \in \mathcal{E} has a fixed point Fix(T)\mathrm{Fix}(\mathcal{T}) — and, where applicable, the fixed point is unique. The type of fixed-point witnesses is therefore indexed by the triple (C,E,Theorem)(\mathcal{C}, \mathcal{E}, \mathrm{Theorem}):

FixpointClass    C:CatE:Sub(End(C))Theorem(TE.  Fix(T)).\mathrm{FixpointClass} \;\cong\; \sum_{\mathcal{C} : \mathrm{Cat}} \sum_{\mathcal{E} : \mathrm{Sub}(\mathrm{End}(\mathcal{C}))} \mathrm{Theorem}\bigl(\forall\, \mathcal{T} \in \mathcal{E}.\; \exists\, \mathrm{Fix}(\mathcal{T})\bigr).

The Verum-side FixpointClass (core/architecture/types.vr:917, mirrored in crates/verum_kernel/src/arch.rs:1156) inhabits this universal classifier directly: it is the record type (category,endomorphism_class,theorem)(\mathrm{category}, \mathrm{endomorphism\_class}, \mathrm{theorem}) where each component is a separate enum:

public type FixpointCategory is
    | CompleteMetricSpace
    | CompleteLattice
    | CocompleteCategory
    | CustomCategory(Text);

public type EndomorphismClass is
    | Contracting
    | Monotone
    | ContinuousFunctor
    | CustomEndomorphismClass(Text);

public type FixpointTheorem is
    | Banach
    | Tarski
    | Adamek
    | Custom(Text);

public type FixpointClass is {
    category: FixpointCategory,
    endomorphism_class: EndomorphismClass,
    theorem: FixpointTheorem,
};

The three named theorems — Banach, Tarski-Knaster, Adamek — are produced by smart constructors that pin the canonical (C,E,Theorem)(\mathcal{C}, \mathcal{E}, \mathrm{Theorem}) triples:

Smart constructor(C,E,Theorem)(\mathcal{C}, \mathcal{E}, \mathrm{Theorem})Uniqueness
fixpoint_class_banach()(CompleteMetricSpace, Contracting, Banach)unique
fixpoint_class_tarski()(CompleteLattice, Monotone, Tarski)existence guaranteed; uniqueness conditional
fixpoint_class_adamek()(CocompleteCategory, ContinuousFunctor, Adamek)unique up to canonical iso (initial-algebra)
fixpoint_class_custom_fixpoint(citation)(CustomCategory(citation), CustomEndomorphismClass(citation), Custom(citation))as cited

The smart-constructor surface preserves the ergonomics of the old enum: a witness is built by writing fixpoint_class_banach() in place of FixpointClass::Banach. The richer record carries the universal-property data explicitly — a witness's category and endomorphism class are first-class queryable fields, not implicit in the variant tag.

The triple is open: other named theorems (Knaster–Tarski lattice variant, Kleene fixed-point on dcpos, Brouwer for continuous self-maps of compact convex sets, Lefschetz for algebraic-topological maps, ...) are admitted via fixpoint_class_custom_fixpoint(citation) carrying a @framework(...) citation, enumerable through verum audit --framework-axioms. As new fixed-point theorems are added to a project's framework registry, the universal classifier extends without modification of any enum.

Cross-side parity: every smart constructor + every component enum variant is pin-tested by pin_fixpoint_class_four_canonical in crates/verum_kernel/tests/k_arch_v_alignment.rs:653.

SelfReferenceWitness (core/architecture/types.vr:908, mirrored in crates/verum_kernel/src/arch.rs:1190) — the operator + fixed-point pair plus the cited fixpoint class:

public type SelfReferenceWitness is {
    operator: Text,        // path to the cog implementing T_X
    fixed_point: Text,     // path to the cog implementing Fix(T_X)
    fixpoint_class: FixpointClass,
};

The witness is packaged into ShapeDeclarations.self_reference: Maybe<SelfReferenceWitness> (core/architecture/types.vr:945) alongside the existing purpose, substrate, anchoring, e_sense declarations. AP-040's predicate check_self_reference_without_operator at crates/verum_kernel/src/arch_anti_pattern.rs:2374 enforces that any cog whose Shape exhibits a self-X pattern carries a non-None witness.

8.2 The detection rule (AP-040)

A cog's Shape exhibits a self-X pattern when at least one of:

  1. The cog's own module path appears in composes_with (the most common variant).
  2. A capability in exposes or requires targets a resource whose tag string contains the cog's own path (e.g. Capability.Read( ResourceTag.Database("synarc.governance.constitution")) from the synarc.governance.constitution cog).
  3. A Capability.Custom { tag, ... } whose tag contains the cog's own path (chain-domain self-reference via synarc:holon/<self> or similar).

When self-X is present, AP-040 fires unless Shape.declarations. self_reference carries an explicit witness.

8.3 Worked example — a constitution amendment cog

Without witness (triggers AP-040):

@arch_module(
    foundation:    Foundation.ZfcTwoInacc,
    stratum:       MsfsStratum.LFnd,
    lifecycle:     Lifecycle.Theorem("v1.0"),
    composes_with: ["synarc.governance.constitution"],  // SELF
    strict:        true,
    // declarations omitted: AP-040 fires
)
module synarc.governance.constitution;

The cog cites itself in composes_with (the Russell-paradox shape: «the constitution is composed of the constitution»). In strict mode this is rejected at deploy.

With witness (admitted):

@arch_module(
    foundation:    Foundation.ZfcTwoInacc,
    stratum:       MsfsStratum.LFnd,
    lifecycle:     Lifecycle.Theorem("v1.0"),
    composes_with: ["synarc.governance.constitution"],  // SELF, but...
    strict:        true,
    declarations: ShapeDeclarations {
        self_reference: Some(SelfReferenceWitness {
            operator:       "synarc.governance.amendment_operator",
            fixed_point:    "synarc.governance.constitution",
            fixpoint_class: fixpoint_class_banach(),
        }),
        ..ShapeDeclarations::empty()
    },
)
module synarc.governance.constitution;

The witness re-articulates the bare self-X as: the constitution is the unique fixed point of the amendment-operator under Banach's theorem. The synarc.governance.amendment_operator cog is a contracting operator (each amendment narrows admissible constitutions; iterating converges to a unique stable text). The cited theorem is mechanically discharged by the kernel through the @framework(...) registry; AP-039 closure ensures the fixpoint-class citation traces to a [T]-status proof.

8.4 The discipline applied to existing chain features

Several chain-level concepts that look like self-reference are already articulated as operator+fixed-point:

ConceptOperatorFixed pointClass
Validator-set rotation (§A2.6)synarc.consensus.rotation_operatoractive validator setfixpoint_class_tarski() (monotone on stake-weighted lattice)
Holon coinductive guardedness (§L6)synarc.cognition.holon_operatorself-similar holon at depth-Nfixpoint_class_adamek() (continuous functor on coalgebra)
Diakrisis canonical articulation (§A1.1)core.math.diakrisis.canonicalizeunique canonical formfixpoint_class_banach() (contracting on Bures metric)
Audit-bundle self-application (§L4)verum_audit::self_audit[T]-status audit cogfixpoint_class_custom_fixpoint("CVE chronicle self-application")

Each of these is a legitimate self-reference because the cog declares the operator and fixed point explicitly. AP-040 catches the cogs that look like these but lack the witness — silent self-reference is the defect, witnessed self-reference is the discipline.

8. The discipline applied — a real example

A short worked example. The audit chronicle for revision N contains:

gate: counterfactual
verdict: "every counterfactual scenario is HoldsBoth"

The L6 gate inspects the verdict and triggers Prohibition 3: ungrounded universality — over which scenarios? all scenarios? the default battery? custom scenarios?

Fix:

gate: counterfactual
verdict: "every default-battery scenario reports HoldsBoth"

The fixed verdict specifies the scope (default battery) and the specific arm (HoldsBoth), so an auditor reading the chronicle can mechanically verify the claim by re-running the gate.

9. Cross-references

Relation markers per the convention introduced in three-axes §5: