project-ghost 0.2.0__tar.gz → 0.2.1__tar.gz

{project_ghost-0.2.0 → project_ghost-0.2.1}/.github/workflows/ci.yml

@@ -149,15 +149,98 @@ jobs:
             closed_loop_smoke.mcap
             closed_loop_smoke_with_recovery.mcap
 
+  determinism-cross-machine:
+    # Paper §8.4 self-enforcement: the reference smoke must produce
+    # byte-identical MCAPs and property-report JSON across Linux and
+    # Windows runners. This job runs the smoke + verifier on a matrix
+    # and uploads a single-line SHA-256 + JSON SHA-256 per runner;
+    # the aggregator step downloads both artifacts and asserts equality.
+    # If the assertion ever fires, some non-determinism leaked into
+    # either the pipeline (smoke MCAP) or the verifier (report JSON).
+    name: Cross-machine determinism (paper §8.4)
+    needs: test
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+      - name: Install
+        shell: bash
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Smoke + verify + hash
+        shell: bash
+        run: |
+          python -m project_ghost.examples.closed_loop_smoke
+          # Normalise the JSON output before hashing: parse, drop
+          # platform-dependent fields (mcap_path; path separators differ
+          # between Linux / Windows), and re-serialise canonically.
+          ghost verify-properties \
+            --mcap closed_loop_smoke.mcap --json \
+            > property_report_raw.json
+          python -c "
+          import hashlib, json, sys
+          mcap_sha = hashlib.sha256(open('closed_loop_smoke.mcap','rb').read()).hexdigest()
+          report = json.load(open('property_report_raw.json'))
+          report.pop('mcap_path', None)
+          canonical = json.dumps(report, sort_keys=True, separators=(',', ':'))
+          report_sha = hashlib.sha256(canonical.encode('utf-8')).hexdigest()
+          with open('determinism_${{ matrix.os }}.txt', 'w', newline='\n') as f:
+              f.write(f'MCAP {mcap_sha}\nREPORT {report_sha}\n')
+          "
+          cat determinism_${{ matrix.os }}.txt
+      - name: Upload determinism hash
+        uses: actions/upload-artifact@v4
+        with:
+          name: determinism-${{ matrix.os }}
+          path: determinism_${{ matrix.os }}.txt
+
+  determinism-cross-machine-assert:
+    # Downloads both runners' hash files and asserts byte-equality of
+    # the MCAP and JSON SHA-256 across Linux and Windows.
+    name: Cross-machine determinism assert (paper §8.4)
+    needs: determinism-cross-machine
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download Linux hash
+        uses: actions/download-artifact@v4
+        with:
+          name: determinism-ubuntu-latest
+          path: linux/
+      - name: Download Windows hash
+        uses: actions/download-artifact@v4
+        with:
+          name: determinism-windows-latest
+          path: windows/
+      - name: Assert byte-equality
+        run: |
+          set -eo pipefail
+          echo "== Linux =="
+          cat linux/determinism_ubuntu-latest.txt
+          echo "== Windows =="
+          cat windows/determinism_windows-latest.txt
+          diff linux/determinism_ubuntu-latest.txt windows/determinism_windows-latest.txt
+          echo "::notice::Smoke MCAP and property-report JSON are byte-identical across Linux and Windows runners."
+
   tla-plus:
-    # ADR-0036 self-enforcement: every push must keep the TLA+
-    # specification's invariants satisfiable. TLC enumerates the full
-    # reachable state space (bounded by M=2, K=1, W=3) and asserts
-    # INV_BAUD, INV_ERUR, INV_PARTITION, INV_NO_INVENTED_CONFIDENCE
-    # and INV_HISTORY_BOUND all hold. Any violation indicates a bug
-    # in the spec, the policy encoding, or the property statements
-    # themselves — release-blocking.
-    name: TLA+ mechanical verification (ADR-0036)
+    # ADR-0036 + paper §6 self-enforcement: every push must keep both
+    # TLA+ specifications' invariants satisfiable. TLC enumerates the
+    # full reachable state space and asserts every invariant. Any
+    # violation indicates a bug in the spec, the policy encoding, or
+    # the property statements themselves — release-blocking.
+    #
+    # BaudErur.tla (M=2, K=1, W=3): INV_BAUD, INV_ERUR, INV_PARTITION,
+    #   INV_NO_INVENTED_CONFIDENCE, INV_HISTORY_BOUND.
+    # Rlb.tla (W=4, MAX_DIRTY_RUN=12): INV_RLB (Theorem 1),
+    #   INV_PEAK_BOUNDED, INV_WINDOW_BOUND.
+    name: TLA+ mechanical verification (ADR-0036 + paper §6)
     needs: test
     runs-on: ubuntu-latest
     steps:
@@ -186,14 +269,23 @@ jobs:
           # non-zero exit from java OR a broken pipe fails this step.
           java -cp ../../tla2tools.jar tlc2.TLC \
             -config BaudErur.cfg \
-            BaudErur.tla 2>&1 | tee tlc_output.log
+            BaudErur.tla 2>&1 | tee tlc_output_baud_erur.log
           # Belt-and-braces success check: TLC exit code already gated
           # by pipefail, this just asserts the canonical success
           # signature is in the log we are about to archive.
-          grep -q "Model checking completed" tlc_output.log
+          grep -q "Model checking completed" tlc_output_baud_erur.log
+      - name: Run TLC on Rlb spec (Theorem 1)
+        working-directory: docs/proofs
+        run: |
+          java -cp ../../tla2tools.jar tlc2.TLC \
+            -config Rlb.cfg \
+            Rlb.tla 2>&1 | tee tlc_output_rlb.log
+          grep -q "Model checking completed" tlc_output_rlb.log
       - name: Upload TLC output
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: tlc-output
-          path: docs/proofs/tlc_output.log
+          path: |
+            docs/proofs/tlc_output_baud_erur.log
+            docs/proofs/tlc_output_rlb.log

{project_ghost-0.2.0 → project_ghost-0.2.1}/CHANGELOG.md

@@ -7,6 +7,88 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.1] - 2026-06-11
+
+Paper-readiness pass: artifacts in support of the v0.2.x academic
+write-up at [`docs/paper/project_ghost_v0_2.md`](docs/paper/project_ghost_v0_2.md),
+the LaTeX arXiv source at [`docs/paper/arxiv/main.tex`](docs/paper/arxiv/main.tex),
+and a second TLA+ specification mechanically verifying Theorem 1
+(the tight recovery latency bound `L ≤ peak + W − 1`).
+
+### Added
+
+- **TLA+ `Rlb.tla` specification** mechanically verifying Theorem 1
+  ([`docs/proofs/Rlb.tla`](docs/proofs/Rlb.tla),
+  [`docs/proofs/Rlb.cfg`](docs/proofs/Rlb.cfg)). Mirrors the
+  verifier algorithm of
+  [`src/project_ghost/properties/rlb.py`](src/project_ghost/properties/rlb.py)
+  and checks three invariants over the full reachable state space
+  (`W=4, MAX_DIRTY_RUN=12`): `INV_RLB` (the formal recovery latency
+  bound `L ≤ peak + W − 1`), `INV_PEAK_BOUNDED`, and
+  `INV_WINDOW_BOUND`. CI-enforced on every push alongside
+  `BaudErur.tla`.
+- **Violation showcase**
+  ([`closed_loop_smoke_violated.py`](src/project_ghost/examples/closed_loop_smoke_violated.py)):
+  a smoke that swaps the reference calibrator for
+  `_BuggyPassthroughCalibrator` (never downgrades), proving the
+  property verifier detects the bug — `BAUD-v1: VIOLATED`,
+  `violation_count: 12` (6 cycles × 2 postconditions), exit code 1.
+  Companion artifact for paper §8.2 demonstrating detection capacity
+  of the reproducibility primitive (contribution C3).
+- **Cross-machine determinism CI jobs**
+  (`determinism-cross-machine` + `determinism-cross-machine-assert`
+  in [`ci.yml`](.github/workflows/ci.yml)): the reference smoke runs
+  on a `{ubuntu-latest, windows-latest}` matrix, each runner
+  publishes the SHA-256 of its MCAP and property-report JSON, and
+  the aggregator step `diff`s the two files. Any disagreement fails
+  the build, operationalising paper §8.4.
+- **Parametric metrics script**
+  ([`docs/paper/scripts/measure_metrics.py`](docs/paper/scripts/measure_metrics.py)):
+  reproducibly measures verifier runtime, MCAP size, smoke runtime,
+  and HOLDS verdict across 3 calibrator parameterisations
+  `(M=4,K=2), (M=3,K=1), (M=5,K=3)` × 3 trace lengths `n ∈ {10, 50, 200}`.
+  Writes results to
+  [`docs/paper/outputs/metrics.json`](docs/paper/outputs/metrics.json).
+  All 9 combinations report all 5 properties HOLDS.
+- **Paper draft** at
+  [`docs/paper/project_ghost_v0_2.md`](docs/paper/project_ghost_v0_2.md)
+  with:
+  - 4 contributions formulated as C1–C4: tight recovery latency
+    bound (Theorem 1), mechanically verified partition theorem,
+    reproducibility primitive with demonstrated detection capacity,
+    end-to-end safety citation pattern.
+  - **§6 Theorem 1 with rigorous proof by sliding-window trace**
+    (accumulation → saturation → flush → recovery) and two
+    corollaries on the operational regime and structural sanity.
+  - §2 Related work with 10 prior tools cited (RTAMT, MoonLight,
+    ROSMonitoring, ROSRV, Shielding, CBF Toolbox, Conformal
+    prediction, Timed Automata SC, Rizaldi survey) and §2.3
+    9-dimension comparison matrix.
+  - §8 Evaluation with violation-showcase JSON output and the
+    9-run parametric policy table.
+  - 18 references (vs. 7 in the initial draft).
+- **arXiv submission package** at
+  [`docs/paper/arxiv/`](docs/paper/arxiv/):
+  - [`main.tex`](docs/paper/arxiv/main.tex) — self-contained
+    LaTeX source (~600 lines, `article` class, compiles with
+    pdflatex + bibtex).
+  - [`refs.bib`](docs/paper/arxiv/refs.bib) — BibTeX bibliography
+    (21 entries).
+  - [`README.md`](docs/paper/arxiv/README.md) — submission
+    instructions for arXiv (categories: cs.SE primary, cs.LO +
+    cs.RO secondary; MSC 68N30, 68V20), plus adaptation notes for
+    RV 2026 and FMAS 2026 workshop versions.
+- Per-file ruff ignore for [`docs/paper/scripts/`](docs/paper/scripts/)
+  to permit `M`, `K` math notation matching the ADRs and the
+  Unicode `×` matching the paper's table captions.
+
+### Notes
+
+- Suite remains 1665 tests passing, ruff + mypy strict + deptry
+  clean after the additions. The new smoke, script, and TLA+ spec
+  are wired into the same lint / type / TLC infrastructure as the
+  rest of the repo.
+
 ## [0.2.0] - 2026-06-10
 
 Major addition: a fourth layer of evidence for the property set —
@@ -172,7 +254,8 @@ safety property set as the project's central contribution.
 - All property reports are deterministic: same MCAP bytes produce
   byte-identical JSON output across machines.
 
-[Unreleased]: https://github.com/JFHelvetius/ghost/compare/v0.2.0...HEAD
+[Unreleased]: https://github.com/JFHelvetius/ghost/compare/v0.2.1...HEAD
+[0.2.1]: https://github.com/JFHelvetius/ghost/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/JFHelvetius/ghost/compare/v0.1.1...v0.2.0
 [0.1.1]: https://github.com/JFHelvetius/ghost/compare/v0.1.0...v0.1.1
 [0.1.0]: https://github.com/JFHelvetius/ghost/releases/tag/v0.1.0

{project_ghost-0.2.0 → project_ghost-0.2.1}/CITATION.cff

@@ -18,12 +18,12 @@ abstract: >-
   and self-enforced on every push by CI.
 type: software
 authors:
-  - family-names: Mateos
-    given-names: J. M.
+  - family-names: Menéndez Mateos
+    given-names: Javier
     email: jfhelvetius@gmail.com
     affiliation: Independent
-version: 0.2.0
-date-released: 2026-06-10
+version: 0.2.1
+date-released: 2026-06-11
 url: "https://github.com/JFHelvetius/ghost"
 repository-code: "https://github.com/JFHelvetius/ghost"
 repository-artifact: "https://pypi.org/project/project-ghost/"
@@ -45,8 +45,8 @@ preferred-citation:
   type: software
   title: "Project Ghost: Autonomy under uncertainty"
   authors:
-    - family-names: Mateos
-      given-names: J. M.
+    - family-names: Menéndez Mateos
+      given-names: Javier
       email: jfhelvetius@gmail.com
   version: 0.2.0
   date-released: 2026-06-10
@@ -56,8 +56,8 @@ references:
   - type: software
     title: "ADR-0031 — Bounded Action Under Drift Property v1 (BAUD)"
     authors:
-      - family-names: Mateos
-        given-names: J. M.
+      - family-names: Menéndez Mateos
+        given-names: Javier
     url: "https://github.com/JFHelvetius/ghost/blob/main/docs/adr/0031-bounded-action-under-drift-property-v1.md"
     notes: >-
       Formal statement of the BAUD-v1 property: when prediction
@@ -66,8 +66,8 @@ references:
   - type: software
     title: "ADR-0032 — Eventual Reactivation Under Recovery Property v1 (ERUR)"
     authors:
-      - family-names: Mateos
-        given-names: J. M.
+      - family-names: Menéndez Mateos
+        given-names: Javier
     url: "https://github.com/JFHelvetius/ghost/blob/main/docs/adr/0032-eventual-reactivation-under-recovery-property-v1.md"
     notes: >-
       Formal statement of the ERUR-v1 property: when drift is
@@ -75,8 +75,8 @@ references:
   - type: software
     title: "ADR-0033 — Monotonic Degradation Property v1 (MD)"
     authors:
-      - family-names: Mateos
-        given-names: J. M.
+      - family-names: Menéndez Mateos
+        given-names: Javier
     url: "https://github.com/JFHelvetius/ghost/blob/main/docs/adr/0033-monotonic-degradation-property-v1.md"
     notes: >-
       Formal statement of the MD-v1 property: the reference
@@ -84,8 +84,8 @@ references:
   - type: software
     title: "ADR-0034 — Recovery Latency Bound Property v1 (RLB)"
     authors:
-      - family-names: Mateos
-        given-names: J. M.
+      - family-names: Menéndez Mateos
+        given-names: Javier
     url: "https://github.com/JFHelvetius/ghost/blob/main/docs/adr/0034-recovery-latency-bound-property-v1.md"
     notes: >-
       Formal statement of the RLB-v1 property: dirty-run length
@@ -93,8 +93,8 @@ references:
   - type: software
     title: "ADR-0035 — False Positive Bound Property v1 (FPB)"
     authors:
-      - family-names: Mateos
-        given-names: J. M.
+      - family-names: Menéndez Mateos
+        given-names: Javier
     url: "https://github.com/JFHelvetius/ghost/blob/main/docs/adr/0035-false-positive-bound-property-v1.md"
     notes: >-
       Formal statement of the FPB-v1 property: empirical BAUD

{project_ghost-0.2.0 → project_ghost-0.2.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: project-ghost
-Version: 0.2.0
+Version: 0.2.1
 Summary: Autonomy under uncertainty: closed-loop reference pipeline + 5 formal safety properties verifiable byte-exact from any MCAP + TLA+ mechanically-verified BAUD/ERUR/MD/partition over the abstract state space.
 Project-URL: Homepage, https://github.com/JFHelvetius/ghost
 Project-URL: Repository, https://github.com/JFHelvetius/ghost
@@ -78,7 +78,31 @@ Five properties, five citable claims, exit code `0` iff every property holds. Ea
 | **RLB-v1** | Recovery Latency Bound ([ADR-0034](docs/adr/0034-recovery-latency-bound-property-v1.md)) | Dirty-run length is bounded by `peak + W - 1` where W is the window size |
 | **FPB-v1** | False Positive Bound observer ([ADR-0035](docs/adr/0035-false-positive-bound-property-v1.md)) | Empirical BAUD fire rate is exposed and bounded for regression gating |
 
-The honest part: the individual ideas (uncertainty calibration, action gating on confidence, fault detection) are decades-old robotics research. The contribution of Ghost is not new theory — it's **the specific combination, end-to-end, with byte-exact replay verification and a CLI-grade external surface**. See [ADR-0031 §Context](docs/adr/0031-bounded-action-under-drift-property-v1.md) for the honest framing.
+### Contributions
+
+Project Ghost makes five concrete, citable contributions on top of the
+existing literature on uncertainty in robotics. The underlying
+ingredients (Bayesian filters, calibration, FDI, runtime supervisors)
+are well-established; **the contributions are in how they are
+combined, stated, and verified**:
+
+| # | Contribution | Status |
+|---|---|---|
+| **PV-1** | A **reproducibility primitive** — `ghost verify-properties --mcap <log>` reduces "is this run safe?" to a single shell command returning a byte-exact verdict with exit code `0` iff every property holds. Verifier is a pure function over content-addressed MCAP; no replay, no simulation, no trust in the producer. | Shipped (CLI v0.2.0) |
+| **PV-2** | A **formal partition theorem**: BAUD-v1 + ERUR-v1 partition the space of per-cycle conditional behaviour. Stated in TLA+ as `INV_PARTITION`, **mechanically verified by TLC** over the full reachable state space of the abstract model ([ADR-0036](docs/adr/0036-tla-plus-mechanical-verification-of-baud-erur.md)). Promoted from "observed on one trace" to "proved on the model". | Shipped (CI green) |
+| **PV-3** | A **structural recovery latency bound** `L ≤ peak + W − 1` for sliding-window calibration histories with `MahalanobisDowngradePolicy(M, K)` ([ADR-0034](docs/adr/0034-recovery-latency-bound-property-v1.md)). Drift-then-recovery smoke fires at the bound exactly (38 = 7 + 32 − 1), proving the bound is tight. | Shipped (RLB-v1) |
+| **PV-4** | A **safe-reason set encoding pattern** for safety properties: `S_BAUD-v1 = {"attitude_hold_hold", "kill_zero_throttle"}` — a closed taxonomy of strings classifying which non-PROCEED actuator commands count as conservative, replacing fragile `command is None` checks with an extensible, externally-auditable allowlist. | Shipped (ADR-0031) |
+| **PV-5** | A **citation pattern** for safety claims: content-addressed MCAP + ADR + pure-function verifier + Hypothesis property test + CI gate + tagged release + OIDC-signed PyPI wheel — assembled as one coherent reproducibility unit. The headline claim is operationally re-runnable from `pip install project-ghost==0.2.0`. | Shipped (this release) |
+
+For each, the binding ADR is the formal statement; the verifier is
+the executable test; the inline witness in `SmokeSummary.*_report`
+is the self-evidence; and CI is the continuous guarantee.
+
+Theoretically novel? No: this is an engineering and citation
+contribution, not a new theorem. **Operationally novel? Yes** —
+this is the pattern getting actually built and shipped, in a form
+that lets third parties verify their own runs without trusting
+the producer.
 
 ## Try it without installing anything
 

{project_ghost-0.2.0 → project_ghost-0.2.1}/README.md

@@ -33,7 +33,31 @@ Five properties, five citable claims, exit code `0` iff every property holds. Ea
 | **RLB-v1** | Recovery Latency Bound ([ADR-0034](docs/adr/0034-recovery-latency-bound-property-v1.md)) | Dirty-run length is bounded by `peak + W - 1` where W is the window size |
 | **FPB-v1** | False Positive Bound observer ([ADR-0035](docs/adr/0035-false-positive-bound-property-v1.md)) | Empirical BAUD fire rate is exposed and bounded for regression gating |
 
-The honest part: the individual ideas (uncertainty calibration, action gating on confidence, fault detection) are decades-old robotics research. The contribution of Ghost is not new theory — it's **the specific combination, end-to-end, with byte-exact replay verification and a CLI-grade external surface**. See [ADR-0031 §Context](docs/adr/0031-bounded-action-under-drift-property-v1.md) for the honest framing.
+### Contributions
+
+Project Ghost makes five concrete, citable contributions on top of the
+existing literature on uncertainty in robotics. The underlying
+ingredients (Bayesian filters, calibration, FDI, runtime supervisors)
+are well-established; **the contributions are in how they are
+combined, stated, and verified**:
+
+| # | Contribution | Status |
+|---|---|---|
+| **PV-1** | A **reproducibility primitive** — `ghost verify-properties --mcap <log>` reduces "is this run safe?" to a single shell command returning a byte-exact verdict with exit code `0` iff every property holds. Verifier is a pure function over content-addressed MCAP; no replay, no simulation, no trust in the producer. | Shipped (CLI v0.2.0) |
+| **PV-2** | A **formal partition theorem**: BAUD-v1 + ERUR-v1 partition the space of per-cycle conditional behaviour. Stated in TLA+ as `INV_PARTITION`, **mechanically verified by TLC** over the full reachable state space of the abstract model ([ADR-0036](docs/adr/0036-tla-plus-mechanical-verification-of-baud-erur.md)). Promoted from "observed on one trace" to "proved on the model". | Shipped (CI green) |
+| **PV-3** | A **structural recovery latency bound** `L ≤ peak + W − 1` for sliding-window calibration histories with `MahalanobisDowngradePolicy(M, K)` ([ADR-0034](docs/adr/0034-recovery-latency-bound-property-v1.md)). Drift-then-recovery smoke fires at the bound exactly (38 = 7 + 32 − 1), proving the bound is tight. | Shipped (RLB-v1) |
+| **PV-4** | A **safe-reason set encoding pattern** for safety properties: `S_BAUD-v1 = {"attitude_hold_hold", "kill_zero_throttle"}` — a closed taxonomy of strings classifying which non-PROCEED actuator commands count as conservative, replacing fragile `command is None` checks with an extensible, externally-auditable allowlist. | Shipped (ADR-0031) |
+| **PV-5** | A **citation pattern** for safety claims: content-addressed MCAP + ADR + pure-function verifier + Hypothesis property test + CI gate + tagged release + OIDC-signed PyPI wheel — assembled as one coherent reproducibility unit. The headline claim is operationally re-runnable from `pip install project-ghost==0.2.0`. | Shipped (this release) |
+
+For each, the binding ADR is the formal statement; the verifier is
+the executable test; the inline witness in `SmokeSummary.*_report`
+is the self-evidence; and CI is the continuous guarantee.
+
+Theoretically novel? No: this is an engineering and citation
+contribution, not a new theorem. **Operationally novel? Yes** —
+this is the pattern getting actually built and shipped, in a form
+that lets third parties verify their own runs without trusting
+the producer.
 
 ## Try it without installing anything
 

{project_ghost-0.2.0 → project_ghost-0.2.1}/docs/index.md

@@ -87,19 +87,51 @@ shows the five property veredictos inline. Same code that
 
 [See the full overview →](properties/index.md)
 
-## Honest framing
-
-The individual ideas Ghost relies on — uncertainty calibration,
-action gating on confidence, fault detection and isolation,
-calibrated probabilistic predictions — are well-established robotics
-research, much of it decades old. **The contribution of Project
-Ghost is not new theory.** It is the specific opinionated combination,
-end-to-end, with byte-exact replay verification and a CLI-grade
-external surface that third parties can use against any captured run
-without trusting the producer.
-
-In other words: a *carefully built reference of a pattern that is
-discussed more often than it is implemented*.
+## Contributions
+
+The underlying ingredients (Bayesian filters, calibration, FDI,
+runtime supervisors) are well-established. Project Ghost makes five
+concrete, citable contributions in **how they are combined, stated,
+and verified**:
+
+- **PV-1 — Reproducibility primitive.**
+  `ghost verify-properties --mcap <log>` reduces "is this run safe?"
+  to one shell command returning a byte-exact verdict with exit code
+  `0` iff every property holds. Verifier is a pure function over
+  content-addressed MCAP — no replay, no simulation, no trust in the
+  producer.
+- **PV-2 — Formal partition theorem.**
+  BAUD-v1 + ERUR-v1 partition the space of per-cycle conditional
+  behaviour. Stated in TLA+ as `INV_PARTITION`, **mechanically
+  verified by TLC** over the full reachable state space of the
+  abstract model ([ADR-0036](adr/0036-tla-plus-mechanical-verification-of-baud-erur.md)).
+  Promoted from "observed on one trace" to "proved on the model".
+- **PV-3 — Structural recovery latency bound.**
+  `L ≤ peak + W − 1` for sliding-window calibration histories with
+  `MahalanobisDowngradePolicy(M, K)`. Drift-then-recovery smoke fires
+  at the bound exactly (38 = 7 + 32 − 1), proving the bound is tight
+  ([ADR-0034](adr/0034-recovery-latency-bound-property-v1.md)).
+- **PV-4 — Safe-reason set encoding pattern.**
+  `S_BAUD-v1 = {"attitude_hold_hold", "kill_zero_throttle"}` — a
+  closed taxonomy of strings classifying which non-PROCEED actuator
+  commands count as conservative, replacing fragile `command is None`
+  checks with an extensible, externally-auditable allowlist
+  ([ADR-0031](adr/0031-bounded-action-under-drift-property-v1.md)).
+- **PV-5 — End-to-end safety citation pattern.**
+  Content-addressed MCAP + ADR + pure-function verifier + Hypothesis
+  property test + CI gate + tagged release + OIDC-signed PyPI wheel
+  — assembled as one coherent reproducibility unit. The headline
+  claim is operationally re-runnable from `pip install project-ghost==0.2.0`.
+
+For each, the binding ADR is the formal statement, the verifier is
+the executable test, the inline witness in `SmokeSummary.*_report`
+is the self-evidence, and CI is the continuous guarantee.
+
+Theoretically novel? No — this is an engineering and citation
+contribution, not a new theorem. **Operationally novel? Yes** —
+this is the pattern getting actually built and shipped, in a form
+that lets third parties verify their own runs against the captured
+MCAP without trusting the producer.
 
 ## Architecture in one diagram
 

project_ghost-0.2.1/docs/paper/arxiv/README.md

@@ -0,0 +1,147 @@
+# arXiv submission package
+
+This directory contains the LaTeX source ready for arXiv submission
+and as the starting point for RV 2026 / FMAS 2026 workshop versions.
+
+## Files
+
+| File | Purpose |
+|---|---|
+| [`main.tex`](main.tex) | Paper source (article class, ~600 lines, self-contained) |
+| [`refs.bib`](refs.bib) | BibTeX bibliography (18 entries) |
+| `main.pdf` | Generated locally; not committed |
+
+The Markdown extended version lives at
+[`../project_ghost_v0_2.md`](../project_ghost_v0_2.md) and is the
+authoritative narrative source. The LaTeX is a faithful condensed
+rendering suitable for venue submission.
+
+## Building locally
+
+Requires TeX Live or MiKTeX with `pdflatex` + `bibtex`.
+
+```bash
+cd docs/paper/arxiv/
+pdflatex main
+bibtex main
+pdflatex main
+pdflatex main
+```
+
+Output: `main.pdf` (~12 pages).
+
+## arXiv submission checklist
+
+### 1. Account and credentials
+
+- Sign in at <https://arxiv.org/user/login>.
+- If you do not already have a moderator endorsement, you will need
+  one for first-time submission in **cs.SE** or **cs.LO**. Endorsement
+  is per-archive; once you have it for one, you can cross-list to the
+  others. See <https://arxiv.org/help/endorsement>.
+
+### 2. Upload bundle
+
+arXiv accepts either a single PDF (simpler) or a tarball with the
+LaTeX source (preferred — arXiv extracts metadata, indexes the
+abstract, and renders the references correctly).
+
+**Preferred: source tarball.**
+
+```bash
+cd docs/paper/arxiv/
+tar czf project_ghost_v0_2_arxiv.tar.gz main.tex refs.bib main.bbl
+```
+
+(Include `main.bbl` so arXiv does not have to re-run `bibtex`.)
+
+Upload at <https://arxiv.org/submit>. arXiv will compile your source
+server-side and show you the rendered preview. Iterate until it
+looks correct.
+
+### 3. Categories
+
+Primary and secondary classifications for the submission form:
+
+- **Primary:** `cs.SE` — Software Engineering. The paper is
+  fundamentally about a build-and-ship pattern with reproducibility
+  as the headline.
+- **Secondary 1:** `cs.LO` — Logic in Computer Science. Theorem 1
+  + the TLA+/TLC mechanisation belong here.
+- **Secondary 2:** `cs.RO` — Robotics. The application domain.
+
+MSC classification: `68N30` (Mathematical aspects of software
+engineering), `68V20` (Formal methods).
+
+ACM Computing Classification System (optional, free-text):
+`Software and its engineering → Software verification and validation`;
+`Computing methodologies → Robotics`.
+
+### 4. Title, abstract, and metadata
+
+- **Title:** `Project Ghost: A Verifiable Safety-Property Surface for Autonomy Under Uncertainty`
+- **Authors:** `Javier Menéndez Mateos` (single author).
+- **Comments line** (free text, displayed under the abstract):
+  ```
+  12 pages, 2 tables. Code, MCAPs, TLA+ specs, and TLC verification
+  output reproducible from https://github.com/JFHelvetius/ghost
+  (release v0.2.0) and from pip install project-ghost==0.2.0.
+  ```
+- **Abstract:** copy verbatim from the `\begin{abstract}` block in
+  `main.tex` (arXiv accepts plain text; strip the LaTeX commands).
+- **Report-no, journal-ref, DOI:** leave empty for v0.2.0 preprint.
+  Update on resubmission after a workshop accepts the paper.
+- **License:** the source is Apache-2.0; on arXiv select
+  `arXiv.org perpetual, non-exclusive license to distribute` (the
+  default — does not transfer copyright). The CC-BY option is also
+  appropriate if you prefer it.
+
+### 5. After submission
+
+- arXiv assigns a paper ID of the form `arXiv:2606.NNNNN` (the
+  prefix is YYMM).
+- Once accepted, update the project repository:
+  - `CITATION.cff`: add the arXiv ID and DOI under `identifiers`.
+  - `README.md`: add a "Cite this work" badge linking to the arXiv
+    abstract page.
+  - This `README.md`: record the arXiv ID and submission date here.
+- arXiv DOIs become routable via `https://arxiv.org/abs/<id>` and via
+  `https://doi.org/10.48550/arXiv.<id>`.
+
+## RV 2026 (Runtime Verification) submission
+
+The same `main.tex` is reusable as the basis for an RV 2026 tool
+paper or regular paper submission. RV typically uses Springer LNCS.
+
+1. Download the LNCS class files:
+   <https://www.springer.com/gp/computer-science/lncs/conference-proceedings-guidelines>.
+2. Replace the top of `main.tex`:
+   ```latex
+   \documentclass[runningheads]{llncs}
+   ```
+   Remove the `\usepackage{geometry}` line (LNCS sets its own
+   margins).
+3. Replace the author block with the LNCS form:
+   ```latex
+   \author{Javier Menéndez Mateos\inst{1}}
+   \institute{Independent\\\email{jfhelvetius@gmail.com}}
+   ```
+4. Adjust page count to the venue limit (RV regular ~16, tool ~6).
+   The current paper at ~12 pages fits regular comfortably; for a
+   tool paper, trim §1.2 + §9 and condense §6's proof.
+5. Submit via the RV 2026 EasyChair URL when the CFP opens
+   (typically March–July).
+
+## FMAS 2026 (Formal Methods for Autonomous Systems)
+
+FMAS uses EPTCS or LNCS depending on the year. Check the CFP at
+<https://fmasworkshop.github.io/FMAS2026/>. The current `main.tex`
+adapts directly; FMAS tends to weight the autonomy-domain framing
+higher than RV does, so consider expanding §1's motivation
+paragraph for FMAS submission.
+
+## Versioning
+
+This package corresponds to **Project Ghost v0.2.0**, released
+2026-06-10. Update version + date in `main.tex` (\\date and
+abstract) when bumping for resubmission.