State precedes velocity
We name the invariant first, then permit every implementation detail to move.
§2.1
Working proposition
Proof by Invariants
Claims
Each claim carries its witness
Benchmarks and counterexamples sit beside the proposition they support.
Notation remains local
A symbol is introduced once, scoped narrowly, and retired before review.
Review becomes refutation
Every merge asks for the smallest case that would falsify the result.