π¬ Lean Squad β automated formal verification for this repository.
At a Glance
| Target |
Phase |
Status |
File |
RingBuffer |
Phase 5 |
β
26 theorems |
RingBuffer.lean |
ResultEx |
Phase 5 |
β
19 theorems |
ResultEx.lean |
RetryPolicy |
Phase 5 |
β
13 theorems |
RetryPolicy.lean |
RestartPolicy |
Phase 5 |
β
10 theorems |
RestartPolicy.lean |
Affordances |
Phase 5 |
β
19 theorems |
Affordances.lean |
EvalPipeline |
Phase 5 |
β
20 theorems |
EvalPipeline.lean |
HotReloadState |
Phase 5 |
β
30 theorems |
HotReloadState.lean |
SessionLifecycle |
Phase 5 |
β
16 theorems |
SessionLifecycle.lean |
Theme |
Phase 5 |
β
21 theorems |
Theme.lean |
Composition (cross-file) |
Phase 5 |
β
12 theorems |
Composition.lean |
PhaseTransition (state machine) |
Phase 5 |
β
11 theorems |
PhaseTransition.lean |
SmartReset |
Phase 5 |
β
8 theorems |
SmartReset.lean |
SageFsError (error classification) |
Phase 5 |
β
23 theorems |
SageFsError.lean |
SseReplayBuffer (SSE reconnect replay) |
Phase 5 |
β
19 theorems |
SseReplayBuffer.lean |
FsiRewrite (FSI useβlet rewrite) |
Phase 5 |
β
19 theorems |
FsiRewrite.lean |
TimeTravel (navigation state machine) |
Phase 5 |
β
30 theorems |
TimeTravel.lean |
BinaryFormat.Crc32 |
Phase 5 |
β
16 theorems |
BinaryFormat.lean |
WorkflowTypes.SessionWorkflow |
Phase 1 |
β¬ Research identified |
β |
ValidTimeout |
Phase 1 |
β¬ Research identified |
β |
Summary
The SageFs FV project now has 312 theorems across 17 Lean files, 0 sorry (lake build passes with Lean 4.30.0-rc2). This run (Tasks 3+4+5+6) completed the Lean spec for BinaryFormat.Crc32 β the project's first algorithmic target (pure CRC-32 implementation with standard test vector 0xCBF43926 verified). Also updated CORRESPONDENCE.md with a full BinaryFormat section and corrected an error in the informal spec (CRC-32 of [0x00] is 0xD202EF8D, not 0x2144DF1C).
Findings
- π
crc32_test_vector: CRC-32 of "123456789" = 0xCBF43926 β the universally agreed standard test vector passes by native_decide, confirming the Lean model matches the ISO 3309 polynomial exactly
- π
crc32_slicing_consistency: Proved that crc32Compute (pfx ++ data ++ sfx) pfx.length data.length = crc32All data β slice correctness via Lean stdlib List.drop/List.take lemmas
- β οΈ Informal spec correction:
binaryformat_crc32_informal.md stated CRC-32 of [0x00u] = 0x2144DF1Cu; the correct standard value is 0xD202EF8Du. This was a copy-paste error in the informal spec.
- No implementation bugs found in any target so far.
Approach Notes
- Tool: Lean 4 (v4.30.0-rc2), stdlib only (CI firewall blocks lakecache/Mathlib)
- Build:
cd formal-verification/lean && lake build
- CI:
lean-ci.yml β
| fv-correspondence-tests.yml β
- Key tactics:
native_decide, omega, simp/simp only, decide, cases, rfl
Run History
2026-05-12 01:20 UTC β Run
- π Task 3+4+5 (Formal Spec + Implementation + Proofs):
BinaryFormat.lean β 16 theorems, 0 sorry
- π Task 6 (Correspondence Review): Updated
CORRESPONDENCE.md with BinaryFormat section; corrected informal spec error for [0x00] CRC value
- β
lake build PASSED β 19 jobs, 0 sorry, Lean 4.30.0-rc2 (312 total theorems across 17 files)
- π PR created: BinaryFormat.Crc32 Lean spec + correspondence review
2026-05-11 17:10 UTC β Run
2026-05-11 09:41 UTC β Run
2026-05-09 16:35 UTC β Run
- π Task 9 (CI Audit): Fixed
fv-correspondence-tests.yml checkout@v5βv4
- π Task 2 (Informal Spec):
timetravel_informal.md
2026-05-08 17:01 UTC β Run
- π Task 2 (Informal Spec):
ssereplaybuffer_informal.md
- π Task 5 (Proof Assistance):
SseReplayBuffer.lean β 19 theorems, 0 sorry
2026-05-08 09:00 UTC β Run
- π Task 4+5:
SageFsError.lean β 26 theorems, 0 sorry
2026-05-07 09:15 UTC β Run
- π Task 10+11:
REPORT.md + paper/paper.tex created
2026-05-07 01:20 UTC β Run
- π Task 5:
PhaseTransition.lean β 14 theorems
2026-05-06 16:52 UTC β Run
- π Task 5:
Composition.lean β 12 cross-file theorems
Generated by π Lean Squad, see workflow run. Learn more.
To install this agentic workflow, run
gh aw add githubnext/agentics/workflows/lean-squad.md@13377ddf7e35c2b6e47aa58f45acb228fba902c8
π¬ Lean Squad β automated formal verification for this repository.
At a Glance
| Target |
Phase |
Status |
File |
RingBuffer |
Phase 5 |
β
20 theorems |
RingBuffer.lean |
ResultEx |
Phase 5 |
β
17 theorems |
ResultEx.lean |
RetryPolicy |
Phase 5 |
β
13 theorems |
RetryPolicy.lean |
RestartPolicy |
Phase 5 |
β
9 theorems |
RestartPolicy.lean |
Affordances |
Phase 5 |
β
19 theorems |
Affordances.lean |
EvalPipeline |
Phase 5 |
β
20 theorems |
EvalPipeline.lean |
HotReloadState |
Phase 5 |
β
23 theorems |
HotReloadState.lean |
SessionLifecycle |
Phase 5 |
β
16 theorems |
SessionLifecycle.lean |
Theme |
Phase 5 |
β
20 theorems |
Theme.lean |
Composition |
Phase 5 |
β
12 theorems |
Composition.lean |
PhaseTransition |
Phase 5 |
β
14 theorems |
PhaseTransition.lean |
SmartReset |
Phase 5 |
β
8 theorems |
SmartReset.lean |
SageFsError |
Phase 5 |
β
23 theorems |
SageFsError.lean |
SseReplayBuffer |
Phase 5 |
β
19 theorems |
SseReplayBuffer.lean |
FsiRewrite |
Phase 5 |
β
17 theorems + 52 tests |
FsiRewrite.lean |
TimeTravel |
Phase 5 |
β
30 theorems |
TimeTravel.lean |
BinaryFormat.Crc32 |
Phase 5 |
β
16 theorems + 28 tests |
BinaryFormat.lean |
WorkflowTypes.SessionWorkflow |
Phase 5 |
β
20 theorems |
WorkflowTypes.lean |
ValidTimeout |
Phase 1 |
β¬ Research done, no spec yet |
β |
DirectoryConfig.LoadStrategy |
Phase 2 |
π Informal spec written |
specs/directoryconfig_loadstrategy_informal.md |
316 theorems Β· 18 Lean files Β· 0 sorry Β· Lean 4.30.0-rc2 Β· stdlib-only
Summary
316 theorems proved across 18 Lean 4 files, zero sorry. The project covers the full spectrum of SageFs components: ring buffer correctness, error classification, session lifecycle safety, access control, hot-reload state machine, retry policies, time travel, CRC-32 conformance, and workflow constraints. The landmark recent result is no_hotReload_and_fullRepl in WorkflowTypes.lean, which proves the illegal "hot reload + full REPL" combination is structurally unrepresentable. Two targets remain: ValidTimeout (T19, Phase 1) and DirectoryConfig.LoadStrategy (T20, Phase 2 β informal spec written this run). No implementation bugs have been found in the F# source.
Findings
π Structural findings
no_hotReload_and_fullRepl (WorkflowTypes.lean): No SessionWorkflow value can simultaneously have hot-reload active and full REPL capability. This is structurally unrepresentable β not just runtime-guarded.toState_never_uninitialized (SessionLifecycle.lean): Uninitialized is unreachable from toState β confirms the sentinel design.eval_cannot_fault_directly (PhaseTransition.lean): Evaluation failure β Ready, never Faulted directly.send_fsharp_code_iff_ready_phase (Composition.lean): System-level evaluation gate proved end-to-end across SessionLifecycle and Affordances.
π Spec correction
- BinaryFormat CRC([0x00]): Initial informal spec stated
0x2144DF1C. Correct value is 0xD202EF8D (confirmed by native_decide + standard CRC-32 tables). Documented in CORRESPONDENCE.md Β§D3.
β
No implementation bugs found
All proved properties hold for the Lean models of the F# source.
Approach Notes
- Tool: Lean 4 (stdlib-only; no Mathlib β CI firewall blocks lakecache/mathlib downloads)
- Toolchain:
leanprover/lean4:v4.30.0-rc2 (pinned in lean-toolchain)
- Correspondence tests: 3 harnesses (RingBuffer 52 tests, FsiRewrite 52 tests, BinaryFormat 28 tests)
- Key abstractions: async/Task β pure synchronous functions; payload fields erased from error tags; snapshot contents abstracted; OS path separators abstracted
- CI:
lean-ci.yml (lake build on all PRs/pushes) + fv-correspondence-tests.yml (F# test harnesses)
Run History
2026-05-13 09:30 UTC β Run
- π Task 7 completed: full proof utility critique of all 18 Lean files (316 theorems)
- Updated CRITIQUE.md: new theorem entries T12βT18, new positive findings, new concerns
- New concern: SmartReset async model not capturing cancellation
- New positive finding:
crc32_test_vector confirms CRC-32 standard conformance
- π Task 2 completed: informal spec for T20
DirectoryConfig.LoadStrategy
specs/directoryconfig_loadstrategy_informal.md created- T20 advanced to Phase 2; Lean spec (Task 3) is the next step
- π PR created: feat(fv): proof utility critique (Task 7) + DirectoryConfig informal spec (Task 2)
2026-05-12 17:00 UTC β Run
2026-05-12 09:30 UTC β Run
2026-05-12 01:20 UTC β Run
Generated by π Lean Squad, see workflow run. Learn more.
To install this agentic workflow, run
gh aw add githubnext/agentics/workflows/lean-squad.md@13377ddf7e35c2b6e47aa58f45acb228fba902c8
π¬ Lean Squad β automated formal verification for this repository.
At a Glance
RingBufferRingBuffer.leanResultExResultEx.leanRetryPolicyRetryPolicy.leanRestartPolicyRestartPolicy.leanAffordancesAffordances.leanEvalPipelineEvalPipeline.leanHotReloadStateHotReloadState.leanSessionLifecycleSessionLifecycle.leanThemeTheme.leanComposition(cross-file)Composition.leanPhaseTransition(state machine)PhaseTransition.leanSmartResetSmartReset.leanSageFsError(error classification)SageFsError.leanSseReplayBuffer(SSE reconnect replay)SseReplayBuffer.leanFsiRewrite(FSI useβlet rewrite)FsiRewrite.leanTimeTravel(navigation state machine)TimeTravel.leanBinaryFormat.Crc32BinaryFormat.leanWorkflowTypes.SessionWorkflowValidTimeoutSummary
The SageFs FV project now has 312 theorems across 17 Lean files, 0 sorry (
lake buildpasses with Lean 4.30.0-rc2). This run (Tasks 3+4+5+6) completed the Lean spec forBinaryFormat.Crc32β the project's first algorithmic target (pure CRC-32 implementation with standard test vector0xCBF43926verified). Also updatedCORRESPONDENCE.mdwith a full BinaryFormat section and corrected an error in the informal spec (CRC-32 of[0x00]is0xD202EF8D, not0x2144DF1C).Findings
crc32_test_vector: CRC-32 of "123456789" =0xCBF43926β the universally agreed standard test vector passes bynative_decide, confirming the Lean model matches the ISO 3309 polynomial exactlycrc32_slicing_consistency: Proved thatcrc32Compute (pfx ++ data ++ sfx) pfx.length data.length = crc32All dataβ slice correctness via Lean stdlibList.drop/List.takelemmasbinaryformat_crc32_informal.mdstated CRC-32 of[0x00u]=0x2144DF1Cu; the correct standard value is0xD202EF8Du. This was a copy-paste error in the informal spec.Approach Notes
cd formal-verification/lean && lake buildlean-ci.ymlβ |fv-correspondence-tests.ymlβnative_decide,omega,simp/simp only,decide,cases,rflRun History
2026-05-12 01:20 UTC β Run
BinaryFormat.leanβ 16 theorems, 0 sorryCORRESPONDENCE.mdwith BinaryFormat section; corrected informal spec error for[0x00]CRC valuelake buildPASSED β 19 jobs, 0 sorry, Lean 4.30.0-rc2 (312 total theorems across 17 files)2026-05-11 17:10 UTC β Run
BinaryFormat.Crc32(HIGH),WorkflowTypes.SessionWorkflow(HIGH),ValidTimeout(MEDIUM)specs/binaryformat_crc32_informal.mdβ 7 properties, 2 loop invariants, standard test vectors, slicing property, proof strategy2026-05-11 09:41 UTC β Run
TimeTravel.leanβ 30 theorems, 0 sorryCORRESPONDENCE.mdwith TimeTravel sectionlake buildPASSED2026-05-09 16:35 UTC β Run
fv-correspondence-tests.ymlcheckout@v5βv4timetravel_informal.md2026-05-08 17:01 UTC β Run
ssereplaybuffer_informal.mdSseReplayBuffer.leanβ 19 theorems, 0 sorry2026-05-08 09:00 UTC β Run
SageFsError.leanβ 26 theorems, 0 sorry2026-05-07 09:15 UTC β Run
REPORT.md+paper/paper.texcreated2026-05-07 01:20 UTC β Run
PhaseTransition.leanβ 14 theorems2026-05-06 16:52 UTC β Run
Composition.leanβ 12 cross-file theoremsπ¬ Lean Squad β automated formal verification for this repository.
At a Glance
RingBufferRingBuffer.leanResultExResultEx.leanRetryPolicyRetryPolicy.leanRestartPolicyRestartPolicy.leanAffordancesAffordances.leanEvalPipelineEvalPipeline.leanHotReloadStateHotReloadState.leanSessionLifecycleSessionLifecycle.leanThemeTheme.leanCompositionComposition.leanPhaseTransitionPhaseTransition.leanSmartResetSmartReset.leanSageFsErrorSageFsError.leanSseReplayBufferSseReplayBuffer.leanFsiRewriteFsiRewrite.leanTimeTravelTimeTravel.leanBinaryFormat.Crc32BinaryFormat.leanWorkflowTypes.SessionWorkflowWorkflowTypes.leanValidTimeoutDirectoryConfig.LoadStrategyspecs/directoryconfig_loadstrategy_informal.md316 theorems Β· 18 Lean files Β· 0 sorry Β· Lean 4.30.0-rc2 Β· stdlib-only
Summary
316 theorems proved across 18 Lean 4 files, zero
sorry. The project covers the full spectrum of SageFs components: ring buffer correctness, error classification, session lifecycle safety, access control, hot-reload state machine, retry policies, time travel, CRC-32 conformance, and workflow constraints. The landmark recent result isno_hotReload_and_fullReplinWorkflowTypes.lean, which proves the illegal "hot reload + full REPL" combination is structurally unrepresentable. Two targets remain:ValidTimeout(T19, Phase 1) andDirectoryConfig.LoadStrategy(T20, Phase 2 β informal spec written this run). No implementation bugs have been found in the F# source.Findings
π Structural findings
no_hotReload_and_fullRepl(WorkflowTypes.lean): NoSessionWorkflowvalue can simultaneously have hot-reload active and full REPL capability. This is structurally unrepresentable β not just runtime-guarded.toState_never_uninitialized(SessionLifecycle.lean):Uninitializedis unreachable fromtoStateβ confirms the sentinel design.eval_cannot_fault_directly(PhaseTransition.lean): Evaluation failure βReady, neverFaulteddirectly.send_fsharp_code_iff_ready_phase(Composition.lean): System-level evaluation gate proved end-to-end acrossSessionLifecycleandAffordances.π Spec correction
0x2144DF1C. Correct value is0xD202EF8D(confirmed bynative_decide+ standard CRC-32 tables). Documented inCORRESPONDENCE.md Β§D3.β No implementation bugs found
All proved properties hold for the Lean models of the F# source.
Approach Notes
leanprover/lean4:v4.30.0-rc2(pinned inlean-toolchain)lean-ci.yml(lake build on all PRs/pushes) +fv-correspondence-tests.yml(F# test harnesses)Run History
2026-05-13 09:30 UTC β Run
crc32_test_vectorconfirms CRC-32 standard conformanceDirectoryConfig.LoadStrategyspecs/directoryconfig_loadstrategy_informal.mdcreated2026-05-12 17:00 UTC β Run
WorkflowTypes.lean(T18, 0 sorry)no_hotReload_and_fullRepl: illegal state structurally unrepresentable2026-05-12 09:30 UTC β Run
2026-05-12 01:20 UTC β Run
BinaryFormat.lean(T17, 0 sorry)crc32_test_vector: CRC-32("123456789") = 0xCBF43926 confirmed bynative_decide