feat(depth): deepen d_environmental_law, d_energy, d_nuclear — replac…#159
Conversation
…eplace boolean echoes
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
There was a problem hiding this comment.
🚩 Pre-existing bug: check_flight_envelope_compliance missing title-case 'Falsifies if:'
The check_flight_envelope_compliance function at src/domains/d_aviation/invariants.py:327-332 has falsifies_if: on line 332 but no Falsifies if:. This predates this PR (the docstring was not changed by the diff), but is a related pre-existing violation of the same rule that the PR's new functions also violate. This function is not part of the changed diff hunks, so it cannot be flagged as a bug in this review, but it should be addressed in a follow-up.
(Refers to lines 327-332)
Was this helpful? React with 👍 or 👎 to provide feedback.
| def check_pilot_certification_score(state: FlightState) -> Tuple[bool, ProofObject]: | ||
| """ | ||
| Invariant: Pilot must hold a valid certificate and current medical before acting as PIC. | ||
| Invariant: Pilot certification and medical validity must each meet the minimum | ||
| Fraction threshold, and their composite score must be computed exactly. | ||
|
|
||
| Standard: FAA 14 CFR Part 61 (Certification of Pilots). | ||
| falsifies_if: pilot_certified is False OR medical_certificate_valid is False. | ||
| falsifies_if: pilot_certification_score < 3/4 OR medical_validity_score < 3/4. |
There was a problem hiding this comment.
🔴 Missing mandatory "Falsifies if:" (title-case) in check_pilot_certification_score and check_ifr_readiness_score docstrings
The repository's hard rules (.windsurfrules, .cursorrules, CLAUDE.md) mandate that every check_*() docstring include both Falsifies if: (title-case) AND falsifies_if: (lowercase). The new check_pilot_certification_score (line 386) and check_ifr_readiness_score (line 425) functions only have falsifies_if: but are missing the required title-case Falsifies if: form. These are newly written functions in this PR, so this is a new violation.
| def check_pilot_certification_score(state: FlightState) -> Tuple[bool, ProofObject]: | |
| """ | |
| Invariant: Pilot must hold a valid certificate and current medical before acting as PIC. | |
| Invariant: Pilot certification and medical validity must each meet the minimum | |
| Fraction threshold, and their composite score must be computed exactly. | |
| Standard: FAA 14 CFR Part 61 (Certification of Pilots). | |
| falsifies_if: pilot_certified is False OR medical_certificate_valid is False. | |
| falsifies_if: pilot_certification_score < 3/4 OR medical_validity_score < 3/4. | |
| def check_pilot_certification_score(state: FlightState) -> Tuple[bool, ProofObject]: | |
| """ | |
| Invariant: Pilot certification and medical validity must each meet the minimum | |
| Fraction threshold, and their composite score must be computed exactly. | |
| Standard: FAA 14 CFR Part 61 (Certification of Pilots). | |
| Falsifies if: pilot_certification_score < 3/4 OR medical_validity_score < 3/4. | |
| falsifies_if: pilot_certification_score < 3/4 OR medical_validity_score < 3/4. |
Was this helpful? React with 👍 or 👎 to provide feedback.
| def check_ifr_readiness_score(state: FlightState) -> Tuple[bool, ProofObject]: | ||
| """ | ||
| Invariant: Flight in IFR conditions requires an Instrument Rating (ATP or CPL/IFR rated). | ||
| Invariant: Flight in IFR conditions requires the pilot's IFR readiness score | ||
| to meet or exceed the minimum Fraction threshold. | ||
|
|
||
| Standard: FAA 14 CFR 61.3(e) (Instrument rating required); FAR 91.173 (ATC clearance). | ||
| falsifies_if: ifr_conditions is True AND certificate_type is "PPL" (no instrument rating implied). | ||
| falsifies_if: ifr_readiness_score < 1/2. |
There was a problem hiding this comment.
🔴 Missing mandatory "Falsifies if:" (title-case) in check_ifr_readiness_score docstring
The new check_ifr_readiness_score function only has falsifies_if: (line 431) but is missing the mandatory title-case Falsifies if: form required by .windsurfrules rule #3, .cursorrules, and CLAUDE.md.
| def check_ifr_readiness_score(state: FlightState) -> Tuple[bool, ProofObject]: | |
| """ | |
| Invariant: Flight in IFR conditions requires an Instrument Rating (ATP or CPL/IFR rated). | |
| Invariant: Flight in IFR conditions requires the pilot's IFR readiness score | |
| to meet or exceed the minimum Fraction threshold. | |
| Standard: FAA 14 CFR 61.3(e) (Instrument rating required); FAR 91.173 (ATC clearance). | |
| falsifies_if: ifr_conditions is True AND certificate_type is "PPL" (no instrument rating implied). | |
| falsifies_if: ifr_readiness_score < 1/2. | |
| def check_ifr_readiness_score(state: FlightState) -> Tuple[bool, ProofObject]: | |
| """ | |
| Invariant: Flight in IFR conditions requires the pilot's IFR readiness score | |
| to meet or exceed the minimum Fraction threshold. | |
| Standard: FAA 14 CFR 61.3(e) (Instrument rating required); FAR 91.173 (ATC clearance). | |
| Falsifies if: ifr_readiness_score < 1/2. | |
| falsifies_if: ifr_readiness_score < 1/2. |
Was this helpful? React with 👍 or 👎 to provide feedback.
| """Rule: Hydroelectric facilities require FERC license compliance score above threshold (16 U.S.C. 797). | ||
|
|
||
| falsifies_if: facility_type is "hydro" AND ferc_license_valid is False. | ||
| falsifies_if: facility_type is "hydro" AND license_compliance_score < Fraction(3, 4). |
There was a problem hiding this comment.
🔴 Missing mandatory "Falsifies if:" in all three d_energy check function docstrings
The rewritten docstrings for check_ferc_licensing (line 23), check_renewable_portfolio_standard (line 59), and check_grid_interconnection (line 91) all contain only falsifies_if: but are missing the required title-case Falsifies if: form mandated by .windsurfrules rule #3. All three functions had their docstrings meaningfully changed in this PR.
| """Rule: Hydroelectric facilities require FERC license compliance score above threshold (16 U.S.C. 797). | |
| falsifies_if: facility_type is "hydro" AND ferc_license_valid is False. | |
| falsifies_if: facility_type is "hydro" AND license_compliance_score < Fraction(3, 4). | |
| """Rule: Hydroelectric facilities require FERC license compliance score above threshold (16 U.S.C. 797). | |
| Falsifies if: facility_type is "hydro" AND license_compliance_score < Fraction(3, 4). | |
| falsifies_if: facility_type is "hydro" AND license_compliance_score < Fraction(3, 4). |
Was this helpful? React with 👍 or 👎 to provide feedback.
| """Rule: Emissions must not exceed NAAQS limits (Clean Air Act 42 U.S.C. 7409). | ||
|
|
||
| falsifies_if: emission_tons_per_year > naaqs_limit_tons. |
There was a problem hiding this comment.
🔴 Missing mandatory "Falsifies if:" in all four d_environmental_law check function docstrings
The rewritten docstrings for check_clean_air_act (line 23), check_clean_water_npdes (line 55), check_nepa_eis (line 85), and check_rcra_manifest (line 115) all contain only falsifies_if: but are missing the required title-case Falsifies if: form mandated by .windsurfrules rule #3. All four functions had their docstrings meaningfully rewritten in this PR.
| """Rule: Emissions must not exceed NAAQS limits (Clean Air Act 42 U.S.C. 7409). | |
| falsifies_if: emission_tons_per_year > naaqs_limit_tons. | |
| """Rule: Emissions must not exceed NAAQS limits (Clean Air Act 42 U.S.C. 7409). | |
| Falsifies if: emission_tons_per_year > naaqs_limit_tons. | |
| falsifies_if: emission_tons_per_year > naaqs_limit_tons. |
Was this helpful? React with 👍 or 👎 to provide feedback.
| def check_ifr_readiness_score(state: FlightState) -> Tuple[bool, ProofObject]: | ||
| """ | ||
| Invariant: Flight in IFR conditions requires an Instrument Rating (ATP or CPL/IFR rated). | ||
| Invariant: Flight in IFR conditions requires the pilot's IFR readiness score | ||
| to meet or exceed the minimum Fraction threshold. | ||
|
|
||
| Standard: FAA 14 CFR 61.3(e) (Instrument rating required); FAR 91.173 (ATC clearance). | ||
| falsifies_if: ifr_conditions is True AND certificate_type is "PPL" (no instrument rating implied). | ||
| falsifies_if: ifr_readiness_score < 1/2. | ||
|
|
||
| Returns: | ||
| Tuple of (success: bool, proof: ProofObject) | ||
| """ | ||
| ifr_rated_certs = {"CPL", "ATP"} | ||
| ifr_rated = state.certificate_type in ifr_rated_certs | ||
|
|
||
| if state.ifr_conditions and not ifr_rated: | ||
| success = False | ||
| conclusion = ( | ||
| f"VIOLATION: IFR conditions present but pilot holds {state.certificate_type} " | ||
| "without IFR rating — 14 CFR 61.3(e) violated" | ||
| ) | ||
| elif state.ifr_conditions and not state.flight_plan_filed: | ||
| success = False | ||
| conclusion = "VIOLATION: IFR flight without filed flight plan — FAR 91.173 violated" | ||
| else: | ||
| success = True | ||
| conclusion = "IFR requirements satisfied per 14 CFR 61.3(e) and FAR 91.173" | ||
| ifr_score = state.ifr_readiness_score | ||
| threshold = Fraction(1, 2) | ||
| success = ifr_score >= threshold | ||
|
|
||
| return success, ProofObject( | ||
| rule="IFRRequirements", | ||
| rule="IFRReadinessScore", | ||
| premises=[ | ||
| f"state_id={state.state_id}", | ||
| f"ifr_conditions={state.ifr_conditions}", | ||
| f"certificate_type={state.certificate_type}", | ||
| f"ifr_rated={ifr_rated}", | ||
| f"flight_plan_filed={state.flight_plan_filed}", | ||
| f"ifr_readiness_score={ifr_score}", | ||
| f"threshold={threshold}", | ||
| ], | ||
| conclusion=conclusion, | ||
| conclusion=( | ||
| f"IFR readiness satisfied per 14 CFR 61.3(e) (score={ifr_score})" | ||
| if success | ||
| else f"VIOLATION: IFR readiness score {ifr_score} below threshold {threshold}" | ||
| ), | ||
| ) |
There was a problem hiding this comment.
🚩 Safety invariant semantics weakened: IFR check no longer validates conditions or flight plan
The old check_ifr_requirements at src/domains/d_aviation/invariants.py checked three distinct safety conditions: (1) whether the pilot had an IFR-rated certificate when IFR conditions were present, (2) whether a flight plan was filed for IFR flight, and (3) rejected PPL holders in IFR conditions. The new check_ifr_readiness_score (line 425) replaces all of this with a single ifr_readiness_score >= 1/2 threshold check that ignores the ifr_conditions, certificate_type, and flight_plan_filed fields entirely. This means a flight state with ifr_conditions=True and flight_plan_filed=False would pass if the readiness score is high enough, which the old code would have rejected as a FAR 91.173 violation. This is a significant semantic weakening of a safety invariant. Whether this is intentional depends on whether the score is meant to subsume all those checks upstream.
Was this helpful? React with 👍 or 👎 to provide feedback.
| def check_pilot_certification_score(state: FlightState) -> Tuple[bool, ProofObject]: | ||
| """ | ||
| Invariant: Pilot must hold a valid certificate and current medical before acting as PIC. | ||
| Invariant: Pilot certification and medical validity must each meet the minimum | ||
| Fraction threshold, and their composite score must be computed exactly. | ||
|
|
||
| Standard: FAA 14 CFR Part 61 (Certification of Pilots). | ||
| falsifies_if: pilot_certified is False OR medical_certificate_valid is False. | ||
| falsifies_if: pilot_certification_score < 3/4 OR medical_validity_score < 3/4. | ||
|
|
||
| Returns: | ||
| Tuple of (success: bool, proof: ProofObject) | ||
| """ | ||
| valid_certs = {"PPL", "CPL", "ATP"} | ||
| cert_recognized = state.certificate_type in valid_certs | ||
| success = state.pilot_certified and state.medical_certificate_valid and cert_recognized | ||
| cert_score = state.pilot_certification_score | ||
| medical_score = state.medical_validity_score | ||
| threshold = Fraction(3, 4) | ||
|
|
||
| cert_pass = cert_score >= threshold | ||
| medical_pass = medical_score >= threshold | ||
| composite = (cert_score + medical_score) / Fraction(2, 1) | ||
| success = cert_pass and medical_pass | ||
|
|
||
| return success, ProofObject( | ||
| rule="PilotCertification", | ||
| rule="PilotCertificationScore", | ||
| premises=[ | ||
| f"state_id={state.state_id}", | ||
| f"pilot_certified={state.pilot_certified}", | ||
| f"certificate_type={state.certificate_type}", | ||
| f"cert_recognized={cert_recognized}", | ||
| f"medical_certificate_valid={state.medical_certificate_valid}", | ||
| f"pilot_certification_score={cert_score}", | ||
| f"medical_validity_score={medical_score}", | ||
| f"threshold={threshold}", | ||
| f"composite_score={composite}", | ||
| f"cert_pass={cert_pass}", | ||
| f"medical_pass={medical_pass}", | ||
| ], | ||
| conclusion=( | ||
| f"Pilot certification valid per 14 CFR Part 61 (cert={state.certificate_type})" | ||
| f"Pilot certification valid per 14 CFR Part 61 (composite={composite})" | ||
| if success | ||
| else "VIOLATION: pilot not certified, medical invalid, or unrecognized certificate type" | ||
| else "VIOLATION: pilot certification score or medical validity score below 3/4" | ||
| ), | ||
| ) |
There was a problem hiding this comment.
🚩 Pilot certification no longer validates certificate_type against allowed set
The old check_pilot_certification validated that certificate_type was one of {"PPL", "CPL", "ATP"}, that pilot_certified was True, and that medical_certificate_valid was True. The new check_pilot_certification_score (line 386) only checks pilot_certification_score >= 3/4 and medical_validity_score >= 3/4. The pilot_certified, certificate_type, and medical_certificate_valid fields are now entirely ignored. An unrecognized certificate type (e.g., "FAKE") would pass if the score fields are high. This is a meaningful reduction in validation coverage for a safety-critical check.
Was this helpful? React with 👍 or 👎 to provide feedback.
| rule="ism_code_doc_required" | ||
| ) | ||
|
|
||
| composite = (vessel.smc_compliance_score + vessel.doc_compliance_score) / 2 |
There was a problem hiding this comment.
📝 Info: Maritime ISM composite score divides by int 2 instead of Fraction(2)
At src/domains/d_maritime/invariants.py:88, the composite score is computed as (vessel.smc_compliance_score + vessel.doc_compliance_score) / 2. This divides a Fraction by a plain int. In Python, Fraction.__truediv__(int) works correctly and returns a Fraction, so this is not a bug. However, the aviation equivalent at src/domains/d_aviation/invariants.py:403 uses / Fraction(2, 1) explicitly. This inconsistency across domains is cosmetic but worth noting for code uniformity.
Was this helpful? React with 👍 or 👎 to provide feedback.
| def check_fall_protection_coverage(fp: FallProtection) -> Tuple[bool, ProofObject]: | ||
| """OSHA 1926.501: Fall protection coverage at 6+ feet. | ||
|
|
||
| Falsifies if: work height is 6+ feet and fall protection coverage is less than 3/4. | ||
| falsifies_if: work height is 6+ feet and fall protection coverage is less than 3/4. | ||
| """ | ||
| if not fp.protection_required(): | ||
| threshold = Fraction(6) | ||
| coverage_ratio = fp.fall_protection_coverage | ||
| if fp.work_height_feet < threshold: | ||
| return True, ProofObject( | ||
| conclusion=f"Fall protection not required ({fp.work_height_feet} < {fp.FALL_PROTECTION_THRESHOLD} ft)", | ||
| conclusion=f"Fall protection not required ({fp.work_height_feet} < {threshold} ft)", | ||
| premises=[], | ||
| rule="osha_fall_protection" | ||
| rule="osha_fall_protection_coverage" | ||
| ) | ||
|
|
||
| if fp.is_compliant(): | ||
| if coverage_ratio >= Fraction(3, 4): | ||
| return True, ProofObject( | ||
| conclusion="Fall protection adequate", | ||
| conclusion=f"Fall protection coverage adequate ({coverage_ratio})", | ||
| premises=[], | ||
| rule="osha_fall_protection" | ||
| rule="osha_fall_protection_coverage" | ||
| ) | ||
|
|
||
| return False, ProofObject( | ||
| conclusion="VIOLATION: Fall protection required but not provided", | ||
| premises=[f"Height: {fp.work_height_feet} feet"], | ||
| rule="osha_fall_protection" | ||
| conclusion=f"VIOLATION: Fall protection coverage insufficient ({coverage_ratio} < 3/4)", | ||
| premises=[f"Height: {fp.work_height_feet} feet", f"Coverage: {coverage_ratio}"], | ||
| rule="osha_fall_protection_coverage" | ||
| ) |
There was a problem hiding this comment.
🚩 Construction and occupational safety both define check_fall_protection_coverage with different signatures
Both src/domains/d_construction/invariants.py:100 and src/domains/d_occupational_safety/invariants.py:35 now define a function named check_fall_protection_coverage, but they accept different types (OSHACompliance vs FallProtection) and use different threshold logic (construction checks height > 6 AND coverage < 3/4, while occupational_safety checks height >= 6 AND coverage < 3/4). The >= vs > difference for the 6-foot threshold is a subtle discrepancy that could cause confusion. Since these are in separate domain packages, there's no name collision, but the inconsistent boundary condition at exactly 6 feet is worth verifying against OSHA 1926.501 requirements.
Was this helpful? React with 👍 or 👎 to provide feedback.
| reclamation_plan = ReclamationPlan( | ||
| plan_id=None, | ||
| mine_id=None, | ||
| plan_id="PLAN-001", | ||
| mine_id="MINE-001", | ||
| total_acres_disturbed=Fraction(1), | ||
| acres_reclaimed=Fraction(1), | ||
| bonding_amount=Fraction(1), | ||
| bonding_type=None, | ||
| bonding_amount=Fraction(10000), | ||
| bonding_type="surety", |
There was a problem hiding this comment.
📝 Info: Mining nominal test data: bonding_amount=10000 for 1 acre matches expected cost of 5000
The run_all_invariants in src/domains/d_mining/invariants.py:250-256 creates a ReclamationPlan with bonding_amount=Fraction(10000) and total_acres_disturbed=Fraction(1). The bonding_adequate() method in src/domains/d_mining/implementation.py:148-153 checks bonding_amount >= total_acres_disturbed * 5000, so 10000 >= 5000 passes correctly. The computed shortfall displayed as $-5000 in the PASS case is a bit unusual (negative shortfall = surplus) but technically correct. Not a bug, just noting the display choice.
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
…e boolean echoes