szl-invariants

The eight falsifiable runtime invariants of the a11oy backbone — as a get_kernel-discoverable, offline, stdlib-only governance kernel. From SZL Holdings.

Honest scope box — read this first

This is NOT a trained model. There are NO weights (.safetensors / .bin / .pt / .gguf). It is a pure-Python, stdlib-only governance kernel: an offline replay of the live Alloy surface — it recomputes the same eight FALSIFIABLE invariants the a11oy backbone checks live at /api/invariants, over a receipts/ledger JSONL export you already hold. No network, no torch, no tensors. It is get_kernel-discoverable purely so the SZL family loads the same way; it does not import torch. Λ is not touched here and stays Conjecture 1 (open).

Why it exists

Every Kernel-Hub leader competes on FLOPs. None of them let you re-verify a serving ledger's self-consistency offline. This kernel does exactly that: hand it your ledger export and it recomputes, row by row, whether the receipt chain closes on its own tail, whether failures are shaped honestly, and whether signed receipts still verify under ed25519 — all with no coercion: HOLDS / VIOLATED / KEY_ROTATED / NO_DATA / UNAVAILABLE are all first-class.

Quickstart (fully offline)

from kernels import get_kernel

# Current `kernels` (>=0.15) requires an explicit revision + trust flag for org kernels:
inv = get_kernel("SZLHOLDINGS/szl-invariants", revision="main", trust_remote_code=True)

rows    = inv.load_jsonl("runs_export.jsonl")          # your ledger export
samples = inv.load_jsonl("training_samples.jsonl")     # optional flywheel export
pubkey  = "<SPKI base64 from /api/receipts/pubkey>"    # optional — enables ed25519

report = inv.run_invariants(rows, samples=samples, pubkey=pubkey)
print(report["summary"])          # {'total':8,'holds':..,'violated':..,'indeterminate':..}
for i in report["invariants"]:
    print(i["id"], i["status"], i["detail"])

print(inv.selfcheck())            # demonstrates falsifiability end-to-end

verify_ed25519 prefers the audited cryptography backend and falls back to a stdlib-only pure-Python RFC 8032 verifier, so signature checking is genuinely offline-capable with zero deps.

The eight invariants (all genuinely FALSIFIABLE — theater excluded)

# id Predicate (holds ⇔)
1 receipt-chain-continuity rowHash == sha256(prevHash | contentHash) and each prevHash links the next-older rowHash (Ouroboros closure)
2 ledger-failure-shape ok=false rows carry no servedProvider / latencyMs
3 served-run-has-model ok ∧ ¬demo ⇒ model IS NOT NULL
4 signed-columns-atomic (receiptId, signature, keyId, receiptJson) all-present or all-absent
5 loop-steps-positive ok ∧ ¬demo ⇒ loopSteps ≥ 1 (lower bound only — the upper bound is not persisted)
6 receipt-ed25519-verify signed rows verify under the supplied key; KEY_ROTATED reported honestly
7 receipt-columns-consistent parse(receiptJson) agrees with the indexed columns
8 flywheel-lineage every sample with a receiptId joins a run with demo=false ∧ servedNode≠null

A check that cannot fail would be verification theater and is deliberately excluded. Counts are enumerated rows only, never a claimed total. pubkey=None → invariant #6 is honestly UNAVAILABLE (not a pass, not a fail); samples=None → invariant #8 is UNAVAILABLE.

latentVerification — honest analogy, not a learned embedding

The report includes a MEASURED latentVerification coverage ratio: the fraction of the enumerated export whose trust is established purely in hash/signature space (ed25519 over sha256 canonical bytes). Its docstring states the JEPA-latent-space parallel is an ANALOGY — the mechanism is a cryptographic digest + signature, NOT a trained/predictive embedding, and it does not prove or upgrade Λ.

Tests — MEASURED, local, stdlib-only

PYTHONPATH=build/torch-universal python3 -m pytest tests/ -q
14 passed

14/14 passed on a local python3 run (MEASURED, stdlib-only). Each invariant is shown to genuinely flip to VIOLATED on real corruption/tamper (a clean chain HOLDS; a tampered chain VIOLATED; a real ed25519 signature HOLDS; a single tampered canonical byte VIOLATED), and missing capabilities stay UNAVAILABLE. selfcheck() reports falsifiable_demonstrated: True.

Provenance

Mirrors the live a11oy backbone /api/invariants recompute (artifacts/api-server/src/routes/invariants.ts) plus the exact chain hashing from runLedger.ts and receipts.ts. Backed by the Lean 4 formalization szl-holdings/lutar-lean, DOI 10.5281/zenodo.20434308. Λ uniqueness = Conjecture 1 (open).

Compatibility

Python 3.9+, standard library only — no torch, no third-party deps required (the cryptography backend is used opportunistically if present, else the pure-Python fallback runs).

License

Apache-2.0. Copyright 2026 SZL Holdings.


The SZL honest-model trio + the kernel suite

Part of the SZL Holdings honest-model trio — stdlib-only offline replays of the live Alloy surface:

Model Lane
szl-invariants (this repo) 8 falsifiable receipt/ledger invariants, offline
szl-ouroboros bounded-loop trace + MEASURED/DERIVED loop-tax accounting
szl-formulas the 21 canonical formulas with per-formula PROOF-STATUS

Anchored by the governed-kernel suite szl-kernels (hub) and its members (szl-lambda-gate, szl-governed-norm, governed-inference-meter).

Live substrate: a-11-oy.com · a11oy Space.


SZL Holdings · falsifiable invariants only (theater excluded) · statuses never coerced · Λ untouched = Conjecture 1 · a-11-oy.com · github.com/szl-holdings · huggingface.co/SZLHOLDINGS

Signed-off-by: Stephen Lutar stephenlutar2@gmail.com

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Collection including SZLHOLDINGS/szl-invariants