The invariant pyramid constitutes of:
- Program (What invariants your program enforces, either at compile time or runtime)
- Tests (What invariants your tests enforce)
- Documentation (What invariants are enforced outside of the code)
- Unknown (What invariants are out there but not captured)
These go from strongest to weakest, where having more invariants captured in the program > tests > documentation.
You want few invariants that are unknown, and want to hoist most of the invariants as high up as you can.