Skip to content

Gate formal-verification jobs and complete Lean Ed25519 (sorry placeholders, unwired) #145

Description

@avrabe

Expected standard (the "full circle"): a formal-verification asset should be (1) wired into CI, (2) gating — not continue-on-error — so a regression actually blocks the merge, and (3) complete — no sorry/axioms standing in for proofs. When any link is missing, the proof exists but cannot stop a regression, so the loop is open. Maybe there is a reason here; if so it should be documented — otherwise it should follow the standard.

Found (.github/workflows/formal-verification.yml): verus-proofs (lines 39, 43), kani-proofs (line 64), and rocq-proofs all run continue-on-error: true. Separately, lean/Ed25519.lean has 6 sorry + an axiom and is not built by any job (the workflow triggers on lean/** but no job checks it).

Recommend: (1) drop continue-on-error on the Verus/Kani/Rocq jobs so SMT/BMC/translation regressions block; (2) complete Ed25519.lean (remove the sorry) and add a lake/Lean CI job that gates. If the proof tooling is too unstable to gate today, note that explicitly.

Noticed during a kiln verification-corpus audit.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions