{"id":49422845,"url":"https://github.com/nktkt/leanpp","last_synced_at":"2026-04-29T07:09:54.668Z","repository":{"id":354437346,"uuid":"1222565441","full_name":"nktkt/leanpp","owner":"nktkt","description":"Kernel-safe upper-compatible proof-engineering layer over Lean 4. spec def, concept, refines, obligations, proofplan, trust ledger.","archived":false,"fork":false,"pushed_at":"2026-04-28T15:54:53.000Z","size":239,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-28T16:21:04.050Z","etag":null,"topics":["formal-verification","lean","lean4","proof-assistant","proof-engineering","theorem-proving","verified-software-engineering"],"latest_commit_sha":null,"homepage":null,"language":"Lean","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nktkt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-27T13:43:48.000Z","updated_at":"2026-04-28T15:57:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nktkt/leanpp","commit_stats":null,"previous_names":["nktkt/leanpp"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/nktkt/leanpp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nktkt%2Fleanpp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nktkt%2Fleanpp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nktkt%2Fleanpp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nktkt%2Fleanpp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nktkt","download_url":"https://codeload.github.com/nktkt/leanpp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nktkt%2Fleanpp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32414654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T06:29:02.080Z","status":"ssl_error","status_checked_at":"2026-04-29T06:29:00.631Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["formal-verification","lean","lean4","proof-assistant","proof-engineering","theorem-proving","verified-software-engineering"],"created_at":"2026-04-29T07:09:49.872Z","updated_at":"2026-04-29T07:09:54.654Z","avatar_url":"https://github.com/nktkt.png","language":"Lean","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lean++\n\n[![CI](https://github.com/nktkt/leanpp/actions/workflows/ci.yml/badge.svg)](https://github.com/nktkt/leanpp/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![Lean 4](https://img.shields.io/badge/Lean-4.30-blue.svg)](https://lean-lang.org/)\n\n**Lean++ = Lean 4 + spec + automation + maintainability + verified SE + AI assistance, kernel-safe.**\n\nLean++ is an upper-compatible proof-engineering layer on top of Lean 4.\nIt never modifies or bypasses the Lean 4 kernel: every Lean++ program\nlowers to ordinary Lean 4 source that the unmodified kernel checks. The\nadded value is in the *surface*: specification-first definitions,\nreusable proof automation, a trust ledger for every build, and tooling\nthat scales to real software engineering.\n\nThis repository ships the Phase 1 MVP described in `docs/ROADMAP.md`.\n\n## Status\n\n| | |\n|--|--|\n| `lake build` | passes (9 jobs, 0 errors, 0 warnings) |\n| `.leanpp` examples (E2E) | 8 / 8 pass |\n| Elaboration tests | 9 / 9 pass |\n| CLI smoke tests | 11 / 11 pass |\n| Lean toolchain | `leanprover/lean4:v4.30.0-rc2` |\n| Mathlib dependency | none (Lean core only) |\n\nRun `bash tests/run.sh` to reproduce.\n\n## What's in the MVP\n\n- A `.leanpp` source format that is a strict superset of `.lean`.\n- A small transpiler (`leanpp transpile`) that lowers `.leanpp` to\n  `*.transpiled.lean` by injecting `import LeanPP`, desugaring the\n  `by implementation BODY proof PROOF` block into the stdlib's\n  `:= BODY` form, and wrapping bare `ensures EXPR` (using the magic\n  `result` variable) into `ensures fun result =\u003e EXPR`. All other\n  surface forms are passed through to Lean macros in the `LeanPP`\n  stdlib.\n- The `LeanPP` library (`LeanPP/*.lean`): Lean 4 macros for\n  `spec def`, `concept`, `model`, `implementation … refines …`,\n  `obligation`, `proofplan`, the `auto` tactic, and the `#trust` /\n  `#trust IDENT` / `#obligations` / `#profile` / `#assertSafe`\n  diagnostic commands.\n- A `leanpp` CLI: `new`, `transpile`, `transpile-all`, `build`,\n  `trust`, `obligations`.\n- A `lake++` wrapper around `lake` adding `trust`, `ci --safe-profile`\n  (which fails the build when `sorry \u003e 0` or `unsafe \u003e 0`), and stubs\n  for `proof-cache`, `minimize-imports`, `explain-broken-proof`,\n  `theorem-index`.\n- A current-module trust ledger that counts non-baseline axioms,\n  `sorry`, `unsafe`, and `@[extern]` usages plus tagged\n  `@[obligation]` / `@[law]` declarations. Imports are filtered out so\n  the ledger reflects only user code.\n\n## Quickstart\n\n```sh\n# Scaffold a new project (does not require Lean installed).\nbin/leanpp new my-proj\ncd my-proj\n\n# Edit Main.leanpp, then build.\nleanpp build\nleanpp trust\n\n# Or, to try one of the bundled examples in this repo:\nbin/leanpp run examples/abs.leanpp\nbin/leanpp run examples/Queue.leanpp\n```\n\nThe CLI works without Lean for `new`, `transpile`, and `--help`.\n`build`, `trust`, and `obligations` require an installed `lake` (the\nproject uses Lean 4.30; `elan` will pick up `lean-toolchain` and pin\nthe right version automatically).\n\n## A taste\n\nA short tour of the surface language. Every block here is taken\nverbatim from `examples/`; running `bin/leanpp run examples/...`\nelaborates each one against the `LeanPP` stdlib.\n\n### `spec def` — function with a postcondition\n\n```lean\n#profile safe\n\nspec def abs (x : Int) : Nat\n  ensures result ≥ 0\nby\n  implementation\n    if x \u003c 0 then Int.natAbs (-x) else Int.natAbs x\n  proof\n    auto\n```\n\nLowers to `def abs` plus an `@[obligation] theorem abs.ensures_1`\nthat the `auto` portfolio (`rfl | assumption | contradiction |\ndecide | omega | simp_all | leanpp_auto_simp_set | trivial | ...`)\ncloses automatically.\n\n### `concept` — abstract spec with multiple instances\n\n```lean\nconcept Map (α : Type) (β : Type) (M : Type) where\n  empty   : M\n  find    : α → M → Option β\n  insert  : α → β → M → M\n```\n\nTwo implementations of the same concept, side by side\n(`examples/BST.leanpp` + `examples/AssocMap.leanpp`), surface\ntheir proof-effort gap on the trust ledger:\n\n```\nexamples/BST.leanpp        Laws: 3 total, 2 open\nexamples/AssocMap.leanpp   Laws: 2 total, 0 open\n```\n\n### `proofplan` — declarative tactic combinator\n\n```lean\nproofplan group_normal\n  strategy:\n    normalize algebra\n    rewrite using [Int.add_assoc, Int.zero_add]\n    close by simp\n\ntheorem demo (a b : Int) : a + 0 + b = a + b := by\n  group_normal\n```\n\nLowers to a `macro` registration: `group_normal` becomes a\nfirst-class tactic name that expands to the planned sequence.\n\n### Diagnostics — `#trust`, `#laws`, `#obligations`\n\n```lean\n#trust safeDiv     -- focused per-decl trust ledger\n#laws              -- @[law]-tagged theorems with proved/open status\n#obligations       -- @[obligation]-tagged theorems with solved/unsolved status\n```\n\nEach command walks the elaborated environment and filters to the\ncurrent module so imported decls don't pollute the report. With\n`#profile safe`, an `obligation` left as `sorry` blocks the build\nvia `lake++ ci --safe-profile`.\n\n## Trust ledger\n\n```lean\n#trust              -- snapshot for the current module\n#trust myFunction   -- focused entry for one declaration\n#assertSafe        -- error if the current env contains any sorry / extra axiom\n```\n\nSample output for a clean spec under `#profile safe`:\n\n```\nTrust Ledger: safeDiv\n  kernel:     Lean 4 (unmodified)\n  profile:    safe\n  sorry:      no\n  unsafe:     no\n  extern:     no\n  obligation: no\n  law:        no\n  axioms: 0\n  baseline axioms: Classical.choice, Quot.sound, propext\n```\n\n## Layout\n\n```\nbin/leanpp, bin/lake++, bin/leanpp-transpile  -- CLI entry points\nlakefile.lean, lean-toolchain                 -- Lake package definition\nLeanPP.lean, LeanPP/*.lean                    -- Lean++ standard library\nexamples/*.leanpp                             -- runnable example specs\ndocs/*.md                                     -- design documents\ntests/run.sh, tests/run_all.sh, tests/smoke_cli.sh  -- regression suite\n```\n\n## Further reading\n\n- `docs/MANIFESTO.md` — the design rationale and four core principles.\n- `docs/COMPATIBILITY.md` — Lean 4 source-compatibility rules.\n- `docs/TRUST_MODEL.md` — kernel-safety story and the\n  reconstruct-or-reject policy for external solvers / AI suggestions.\n- `docs/SYNTAX_RFC.md` — surface-syntax RFC (per-construct semantics\n  and lowering).\n- `docs/TUTORIAL.md` — hands-on walkthrough using the MVP CLI.\n- `docs/ROADMAP.md` — Phase 0 → Phase 5 plan with success metrics.\n- `docs/ARCHITECTURE.md`, `docs/PROFILES.md`, `docs/AI_PROTOCOL.md` —\n  layered design, profile semantics, and AI-as-suggestion policy.\n- `examples/README.md` — what each `.leanpp` example demonstrates.\n\n## Non-goals\n\nLean++ does **not** replace the Lean 4 kernel, ship Lean 3 compatibility,\ntrust AI output as proof, fork mathlib, or claim full automation. Its\nvalue is the engineering layer: write specs naturally, generate\nobligations automatically, keep proofs from breaking, make trust\nboundaries visible, and use AI / SMT solvers safely as suggestions\nthat the Lean kernel re-verifies.\n\n## License\n\nMIT. See `LICENSE`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnktkt%2Fleanpp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnktkt%2Fleanpp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnktkt%2Fleanpp/lists"}