feat: add tlaiser state machine specs for config validation pipeline

Models StageExecution (pending/cache-hit/running/succeeded/failed/
skipped) and CacheEntry (absent/fresh/stale) with TLA+ safety
properties for pipeline determinism and cache invalidation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: hyperpolymath

generated/tlaiser/CacheEntry.cfg

@@ -0,0 +1,20 @@
+\* TLC Configuration for CacheEntry
+\* Generated by tlaiser
+
+SPECIFICATION FairSpec
+
+\* State constants as model values
+CONSTANT Absent = Absent
+CONSTANT Fresh = Fresh
+CONSTANT Stale = Stale
+
+\* Type invariant
+INVARIANT TypeInvariant
+
+\* Safety properties (invariants)
+INVARIANT SucceededStageNeverReruns
+INVARIANT FailedStagePropagates
+
+\* Liveness and fairness properties
+PROPERTY PipelineEventuallyTerminates
+

generated/tlaiser/CacheEntry.tla

@@ -0,0 +1,89 @@
+---- MODULE CacheEntry ----
+\* Cache entry lifecycle for a pipeline stage result. Entries are keyed by content hash or mtime.
+\* Generated by tlaiser — https://github.com/hyperpolymath/tlaiser
+
+EXTENDS Naturals, Sequences, TLC
+
+\* State constants — each represents a distinct state
+CONSTANTS Absent, Fresh, Stale
+
+\* Variables tracked by this specification
+VARIABLES state, invalidation_policy
+
+\* Type invariant: state is always one of the declared states
+TypeInvariant == state \in {Absent, Fresh, Stale}
+
+\* Initial state predicate
+Init ==
+    /\ state = Absent
+    /\ invalidation_policy = 0
+
+\* Transition actions
+\* Transition: Absent -> Fresh (store_result)
+store_result ==
+    /\ state = Absent
+    /\ state' = Fresh
+    /\ UNCHANGED invalidation_policy
+
+\* Transition: Fresh -> Stale (content_hash_changed)
+content_hash_changed ==
+    /\ state = Fresh
+    /\ invalidation_policy = 0
+    /\ state' = Stale
+    /\ UNCHANGED invalidation_policy
+
+\* Transition: Fresh -> Stale (mtime_changed)
+mtime_changed ==
+    /\ state = Fresh
+    /\ invalidation_policy = 1
+    /\ state' = Stale
+    /\ UNCHANGED invalidation_policy
+
+\* Transition: Stale -> Fresh (store_new_result)
+store_new_result ==
+    /\ state = Stale
+    /\ state' = Fresh
+    /\ UNCHANGED invalidation_policy
+
+\* Transition: Fresh -> Absent (cache_clear)
+cache_clear ==
+    /\ state = Fresh
+    /\ state' = Absent
+    /\ UNCHANGED invalidation_policy
+
+\* Transition: Stale -> Absent (cache_clear)
+cache_clear ==
+    /\ state = Stale
+    /\ state' = Absent
+    /\ UNCHANGED invalidation_policy
+
+\* Next-state relation: disjunction of all transitions
+Next ==
+    \/ store_result
+    \/ content_hash_changed
+    \/ mtime_changed
+    \/ store_new_result
+    \/ cache_clear
+    \/ cache_clear
+
+\* All variables tuple (for stuttering)
+vars == <<state, invalidation_policy>>
+
+\* Complete specification
+Spec == Init /\ [][Next]_vars
+
+\* Fair specification (with weak fairness on Next)
+FairSpec == Spec /\ WF_vars(Next)
+
+\* ---- Temporal Properties ----
+\* Property: SucceededStageNeverReruns (safety)
+SucceededStageNeverReruns == []([][StageExecution = Succeeded => UNCHANGED StageExecution]_StageExecution)
+
+\* Property: FailedStagePropagates (safety)
+FailedStagePropagates == []([](StageExecution = Failed => allow_failure = FALSE))
+
+\* Property: PipelineEventuallyTerminates (liveness)
+PipelineEventuallyTerminates == <>(<>(StageExecution = Succeeded \/ StageExecution = Failed \/ StageExecution = Skipped))
+
+
+====

generated/tlaiser/CacheEntryPlusCal.tla

@@ -0,0 +1,57 @@
+---- MODULE CacheEntryPlusCal ----
+\* Cache entry lifecycle for a pipeline stage result. Entries are keyed by content hash or mtime.
+\* PlusCal version — generated by tlaiser
+\* https://github.com/hyperpolymath/tlaiser
+
+EXTENDS Naturals, Sequences, TLC
+
+CONSTANTS Absent, Fresh, Stale
+
+(* --fair algorithm CacheEntry
+variables
+    state = Absent;
+    invalidation_policy = 0;
+begin
+MainLoop:
+    while TRUE do
+        either
+            \* store_result
+            await state = Absent;
+            state := Fresh;
+        or
+            await state = Fresh;
+            either
+                await invalidation_policy = 0;
+                state := Stale;
+            or
+                await invalidation_policy = 1;
+                state := Stale;
+            or
+                state := Absent;
+            end either;
+        or
+            await state = Stale;
+            either
+                state := Fresh;
+            or
+                state := Absent;
+            end either;
+        end either;
+    end while;
+end algorithm; *)
+
+\* BEGIN TRANSLATION
+\* (PlusCal translator will insert TLA+ here)
+\* END TRANSLATION
+
+\* ---- Temporal Properties ----
+\* Property: SucceededStageNeverReruns (safety)
+SucceededStageNeverReruns == []([][StageExecution = Succeeded => UNCHANGED StageExecution]_StageExecution)
+
+\* Property: FailedStagePropagates (safety)
+FailedStagePropagates == []([](StageExecution = Failed => allow_failure = FALSE))
+
+\* Property: PipelineEventuallyTerminates (liveness)
+PipelineEventuallyTerminates == <>(<>(StageExecution = Succeeded \/ StageExecution = Failed \/ StageExecution = Skipped))
+
+====

generated/tlaiser/StageExecution.cfg

@@ -0,0 +1,23 @@
+\* TLC Configuration for StageExecution
+\* Generated by tlaiser
+
+SPECIFICATION FairSpec
+
+\* State constants as model values
+CONSTANT Pending = Pending
+CONSTANT CacheHit = CacheHit
+CONSTANT Running = Running
+CONSTANT Succeeded = Succeeded
+CONSTANT Failed = Failed
+CONSTANT Skipped = Skipped
+
+\* Type invariant
+INVARIANT TypeInvariant
+
+\* Safety properties (invariants)
+INVARIANT SucceededStageNeverReruns
+INVARIANT FailedStagePropagates
+
+\* Liveness and fairness properties
+PROPERTY PipelineEventuallyTerminates
+

generated/tlaiser/StageExecution.tla

@@ -0,0 +1,98 @@
+---- MODULE StageExecution ----
+\* Lifecycle of a single pipeline stage during execution. Includes cache lookup, execution, and allow_failure handling.
+\* Generated by tlaiser — https://github.com/hyperpolymath/tlaiser
+
+EXTENDS Naturals, Sequences, TLC
+
+\* State constants — each represents a distinct state
+CONSTANTS Pending, CacheHit, Running, Succeeded, Failed, Skipped
+
+\* Variables tracked by this specification
+VARIABLES state, allow_failure, cache_enabled
+
+\* Type invariant: state is always one of the declared states
+TypeInvariant == state \in {Pending, CacheHit, Running, Succeeded, Failed, Skipped}
+
+\* Initial state predicate
+Init ==
+    /\ state = Pending
+    /\ allow_failure = FALSE
+    /\ cache_enabled = TRUE
+
+\* Transition actions
+\* Transition: Pending -> Skipped (dry_run_or_condition_false)
+dry_run_or_condition_false ==
+    /\ state = Pending
+    /\ state' = Skipped
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: Pending -> CacheHit (cache_lookup_hit)
+cache_lookup_hit ==
+    /\ state = Pending
+    /\ cache_enabled = TRUE
+    /\ state' = CacheHit
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: Pending -> Running (cache_miss_or_disabled)
+cache_miss_or_disabled ==
+    /\ state = Pending
+    /\ state' = Running
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: CacheHit -> Succeeded (cache_result_applied)
+cache_result_applied ==
+    /\ state = CacheHit
+    /\ state' = Succeeded
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: Running -> Succeeded (executor_succeeds)
+executor_succeeds ==
+    /\ state = Running
+    /\ state' = Succeeded
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: Running -> Failed (executor_fails)
+executor_fails ==
+    /\ state = Running
+    /\ allow_failure = FALSE
+    /\ state' = Failed
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Transition: Running -> Succeeded (executor_fails_but_allowed)
+executor_fails_but_allowed ==
+    /\ state = Running
+    /\ allow_failure = TRUE
+    /\ state' = Succeeded
+    /\ UNCHANGED <<allow_failure, cache_enabled>>
+
+\* Next-state relation: disjunction of all transitions
+Next ==
+    \/ dry_run_or_condition_false
+    \/ cache_lookup_hit
+    \/ cache_miss_or_disabled
+    \/ cache_result_applied
+    \/ executor_succeeds
+    \/ executor_fails
+    \/ executor_fails_but_allowed
+
+\* All variables tuple (for stuttering)
+vars == <<state, allow_failure, cache_enabled>>
+
+\* Complete specification
+Spec == Init /\ [][Next]_vars
+
+\* Fair specification (with weak fairness on Next)
+FairSpec == Spec /\ WF_vars(Next)
+
+\* ---- Temporal Properties ----
+\* Property: SucceededStageNeverReruns (safety)
+SucceededStageNeverReruns == []([][StageExecution = Succeeded => UNCHANGED StageExecution]_StageExecution)
+
+\* Property: FailedStagePropagates (safety)
+FailedStagePropagates == []([](StageExecution = Failed => allow_failure = FALSE))
+
+\* Property: PipelineEventuallyTerminates (liveness)
+PipelineEventuallyTerminates == <>(<>(StageExecution = Succeeded \/ StageExecution = Failed \/ StageExecution = Skipped))
+
+
+====

generated/tlaiser/StageExecutionPlusCal.tla

@@ -0,0 +1,61 @@
+---- MODULE StageExecutionPlusCal ----
+\* Lifecycle of a single pipeline stage during execution. Includes cache lookup, execution, and allow_failure handling.
+\* PlusCal version — generated by tlaiser
+\* https://github.com/hyperpolymath/tlaiser
+
+EXTENDS Naturals, Sequences, TLC
+
+CONSTANTS Pending, CacheHit, Running, Succeeded, Failed, Skipped
+
+(* --fair algorithm StageExecution
+variables
+    state = Pending;
+    allow_failure = FALSE;
+    cache_enabled = TRUE;
+begin
+MainLoop:
+    while TRUE do
+        either
+            await state = Pending;
+            either
+                state := Skipped;
+            or
+                await cache_enabled = TRUE;
+                state := CacheHit;
+            or
+                state := Running;
+            end either;
+        or
+            \* cache_result_applied
+            await state = CacheHit;
+            state := Succeeded;
+        or
+            await state = Running;
+            either
+                state := Succeeded;
+            or
+                await allow_failure = FALSE;
+                state := Failed;
+            or
+                await allow_failure = TRUE;
+                state := Succeeded;
+            end either;
+        end either;
+    end while;
+end algorithm; *)
+
+\* BEGIN TRANSLATION
+\* (PlusCal translator will insert TLA+ here)
+\* END TRANSLATION
+
+\* ---- Temporal Properties ----
+\* Property: SucceededStageNeverReruns (safety)
+SucceededStageNeverReruns == []([][StageExecution = Succeeded => UNCHANGED StageExecution]_StageExecution)
+
+\* Property: FailedStagePropagates (safety)
+FailedStagePropagates == []([](StageExecution = Failed => allow_failure = FALSE))
+
+\* Property: PipelineEventuallyTerminates (liveness)
+PipelineEventuallyTerminates == <>(<>(StageExecution = Succeeded \/ StageExecution = Failed \/ StageExecution = Skipped))
+
+====

generated/tlaiser/run_tlc_CacheEntry.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# TLC run script for CacheEntry — generated by tlaiser
+# https://github.com/hyperpolymath/tlaiser
+#
+# Prerequisites:
+#   - Java runtime (>= 11)
+#   - tla2tools.jar on CLASSPATH or in current directory
+#   - Or: install Community TLA+ Toolbox
+
+set -euo pipefail
+
+# Locate TLA+ tools
+TLA2TOOLS="${TLA2TOOLS:-tla2tools.jar}"
+if [[ ! -f "$TLA2TOOLS" ]]; then
+    echo "Error: tla2tools.jar not found. Set TLA2TOOLS env var or download from:"
+    echo "  https://github.com/tlaplus/tlaplus/releases"
+    exit 1
+fi
+
+echo "Running TLC on CacheEntry.tla ..."
+java -XX:+UseParallelGC -Xmx4g -jar "$TLA2TOOLS" -workers 4 -config CacheEntry.cfg CacheEntry.tla
+
+echo "TLC completed."