ede891f2ce
Combined all three under verification-monopoly.org with title: 'The Evaluation Harness — Collective Regression Suite as Certification Monopoly' Structure: (1) vision from monopoly, (2) service from harness, (3) spec from collective-regression. All three IDs preserved in PROPERTIES. Deleted evaluation-harness.org and collective-regression-suite.org.
1.9 KiB
1.9 KiB
Upgrade and Distribution Lifecycle
Once instances diverge in both code and knowledge, naive git pull breaks things. Passepartout's architecture already has the primitives for safe upgrades:
- Ontology versioning: every fact stores the ontology version at assertion. On upgrade, facts with old versions are flagged for re-verification.
- Degradation, not crash: if an upgrade breaks the fact store, the system degrades to the pre-macro state (hash-table fallback, text-scan fallback). Still works — just proves less.
- Reversible upgrades (Phase 0 undo): every upgrade produces a Merkle snapshot before applying.
- Delta distribution: upgrades delivered as diffs against the current ontology version. Migration script runs automatically.
The upgrade is verified by the upgraded system before committing. The distributor ships the new gate vector; ACL2 reports which rules are compatible and which need review. The operator reviews only the incompatible subset. This verified upgrade process creates infrastructure lock-in — switching costs are high when all knowledge is deeply coupled to the ontology version.
Business model for upgrades:
- Code upgrades: free (AGPL)
- Migration scripts: subscription. The verified migration path from current ontology version to new one.
- Domain knowledge package upgrades: subscription. When HIPAA updates, the healthcare package updates.
- Verification appliance firmware: bundled with hardware. Signed and verified against hardware root of trust.