@@ -86,29 +86,89 @@ Located at `boj-server/cartridges/database-mcp/`:
8686| `vql-ut-horror-stories` | Interactive education — what each safety level prevents
8787|===
8888
89- == VQL Safety Levels (VQL-UT )
89+ == Universal Safety Pipeline (TypeLL → Query Languages )
9090
91- VeriSimDB's query language has a 10-level type-safe query pipeline:
91+ All query languages share the same 10-level safety model, originating in TypeLL.
92+ VQL-UT is the reference implementation. KQL and GQL map their constructs to the
93+ same levels — no separate "-UT" or "-DT" repos needed.
9294
93- [cols="^1,<3,<5", options="header"]
95+ [source]
96+ ----
97+ TypeLL (type theory core — defines the 10 levels)
98+ │
99+ ├──→ VQL-UT (reference implementation, VeriSimDB)
100+ ├──→ KQL (applies same levels, QuandleDB)
101+ └──→ GQL (applies same levels, LithoGlyph)
102+ ----
103+
104+ === The Two-Tier Model (All Query Languages)
105+
106+ Each query language has the same two tiers:
107+
108+ 1. **The language** (VQL / KQL / GQL) — what users write
109+ 2. **The safety pipeline** — TypeLL's 10 levels applied progressively behind the
110+ language. Simple queries exit early at L1-L2. Proof-carrying queries go to L9-L10.
111+
112+ There is no "VQL-DT", "KQL-DT", or "GQL-DT" as separate products. Dependent type
113+ features are part of the safety pipeline at the appropriate levels.
114+
115+ === The 10 Safety Levels
116+
117+ [cols="^1,<3,<5,<3,<3", options="header"]
94118|===
95- | Level | Name | What It Prevents
119+ | Level | Name | What It Prevents | KQL Mapping | GQL Mapping
120+
121+ | L1 | Construction Safety | Query injection
122+ | Pipeline parsing
123+ | Graph traversal parsing
124+
125+ | L2 | Schema Pinning | Schema drift
126+ | Dependent projection
127+ | Collection dependent types
128+
129+ | L3 | Resource Linearity | Connection leaks
130+ | Skein.jl connections
131+ | Graph cursor management
132+
133+ | L4 | Session Protocols | State violations
134+ | Query sessions
135+ | Traversal sessions
96136
97- | L1 | Construction Safety | SQL/query injection
98- | L2 | Schema Pinning | Schema drift between query and database
99- | L3 | Resource Linearity | Connection/cursor leaks
100- | L4 | Session Protocols | State machine violations (query before connect)
101137| L5 | Effect Tracking | Unaudited side effects
102- | L6 | Scope Isolation | Namespace boundary violations
103- | L7 | Information Flow | Data lineage tracking failures
104- | L8 | Quantitative Bounds | Resource exhaustion (unbounded queries)
105- | L9 | Proof Attachment | Missing evidence for sensitive operations
106- | L10 | Cross-Cutting | Composition bugs across query boundaries
138+ | Future (read-only now)
139+ | Mutation auditing
140+
141+ | L6 | Scope Isolation | Namespace violations
142+ | Knot table boundaries
143+ | Collection boundaries
144+
145+ | L7 | Information Flow | Lineage failures
146+ | Invariant provenance
147+ | Graph provenance tracking
148+
149+ | L8 | Quantitative Bounds | Resource exhaustion
150+ | Stratum-bounded eval
151+ | Bounded traversal depth
152+
153+ | L9 | Proof Attachment | Missing evidence
154+ | Confidence-indexed results
155+ | Dependent type proofs
156+
157+ | L10 | Cross-Cutting | Composition bugs
158+ | Pipeline composition
159+ | Cross-collection joins
107160|===
108161
162+ === Per-Database Safety Documentation
163+
164+ * **VQL:** `verisimdb/docs/vql-vs-vql-dt.adoc` — full spec with architecture diagram
165+ * **KQL:** `quandledb/docs/kql-safety-model.adoc` — KQL-specific mappings + Idris2 proofs
166+ * **GQL:** `lithoglyph/docs/gql-safety-model.adoc` — GQL-specific mappings + dependent types
167+
109168== Not Yet Integrated
110169
111170* **NQC** — Gleam-based Nested Query Calculus. Working implementation in `nqc/src/nqc.gleam`
112171 with Erlang FFI. Needs a `db_execute_nqc()` FFI function and database-mcp registration.
172+ Safety pipeline mapping not yet designed.
113173* **TypeQL-Experimental** — Idris2 ABI definitions exist at `typeql-experimental/src/abi/`.
114174 Parser is stub-phase. Needs compiler work before integration.
0 commit comments