Proof Boundary

A small formal nucleus.
Explicit transfer obligations.
No hidden claims.

MGOS does not ask you to trust a story. It shows exactly which kernel properties are formally mechanized, which layers are engineered, and which operational claims are supported by auditable evidence.

What is formally proved

The formally verified nucleus is the core authorization kernel, not the full product stack.

In the current Lean artifact, the following model-level claims are proved:

Formal methods paper and artifact available on request.
Where the proof starts

The formal model begins after the normalization boundary.

MGOS does not prove arbitrary perception, sensor fusion, or upstream AI semantics. It proves the behavior of the small execution-boundary kernel once external evidence has already been mapped into the kernel decision domain.

This is deliberate. It keeps the trusted core small, auditable, and suitable for mechanization.

Proof boundary diagram Shows that upstream layers are outside proof scope; formal proofs begin at the kernel boundary UPSTREAM sensors | models | inference N : E -> D PO4 OPEN KERNEL LEAN 4 PROVED DOWNSTREAM actuators | APIs | C2
Assumptions and scope

Some claims depend on an explicit pinned-environment contract.

The current formal story is model-level first, with implementation-level transfer obligations stated explicitly rather than silently upgraded into theorem status.

Pinned environment assumptions

Fixed build and configuration
Deterministic iteration order
Stable serialization
Fixed hashing behavior in the declared environment
Cross-platform bitwise identity is out of scope.
Determinism and receipt identity are claimed within a pinned environment only.
What is engineered. What is operationally validated.
Engineered (not formally closed)

These layers matter operationally. They are tracked in a different assurance layer than the Lean kernel.

Integrity / normalization boundary
Evidence pipeline and bundle tooling
Concrete cryptographic receipt pipeline
Deployment packaging and integration logic
Sentinel operator console
Operationally validated

Operational validation is not a theorem. It is a separate evidence layer designed to be replayable and externally auditable.

Baseline hardtests: PASS
Soak tests: PASS
Poison-input tests: PASS
Zero unsafe authorization (audited suites)
Fail-close coverage = 1.0 where required
What remains open

Items that are not closed are named explicitly.

MGOS follows a zero-overclaim discipline. This is not a weakness in presentation. It is the proof architecture itself.

Claim map
ClaimStatusScope
Fail-safe authorization rulePROVEDLean kernel model
Output exhaustiveness / totalityPROVEDLean kernel model
Model-level determinismPROVEDPure functional model
Vote permutation invariancePROVEDLean permutation layer
TMR decision permutation invariancePROVEDLean permutation layer
Conflict safetyPROVEDLean kernel model
Manual-override dominancePROVEDLean kernel model
Receipt composition (abstract)PROVEDAbstract witness model
Bitwise determinismCONDITIONALPinned environment required
Target-level termination / WCETCONDITIONALPlatform evidence required
Stable concrete cryptographic receiptsCONDITIONALConcrete pipeline not fully mechanized
Normalizer verificationOPENN : E -> D remains primary transfer risk
Audited black-box suitesVALIDATEDEvidence packs / audited runs
Artifacts and reproducibility

The proof story is supported by reproducible artifacts.

This is intended for independent review, not only internal demonstration.

Lean toolchainpinned version, one-command build
Formal artifactmechanized proofs, reproducible
MANIFEST.txtfile inventory + descriptions
SHA256SUMS.txthash manifest for all artifacts
VERIFY_BUNDLE.shone-command integrity check
Evidence bundleshash-verified, replayable
Evidence is tamper-evident. Replayable. No external anchoring by default.
Receipt verification = hash-chain + bundle integrity (MANIFEST/SHA).
Why this matters

AI systems are hard to certify end-to-end.
MGOS does not claim to certify them.

Instead, it offers something narrower and more auditable: a deterministic execution-boundary kernel, a named proof boundary, and an evidence trail that can be inspected by third parties.

Open Runtime Stack Request Artifact Access