feat(ci): Lean proof + Bazel + proptest CI gates (#135)#151
Merged
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
avrabe
force-pushed
the
feat/135-lean-bazel-ci
branch
from
0fd4fb9 to
54eae48
Compare
4 tasks
avrabe
force-pushed
the
feat/135-lean-bazel-ci
branch
from
54eae48 to
22d1b1a
Compare
avrabe
added a commit
that referenced
this pull request
Apr 25, 2026
…I integration (#154) Closes the v0.7.0 Track A milestone: - COMPLIANCE.md "In progress / v0.7.0" expanded into a full narrative covering all four Track A commits (foundation #145, hierarchical RTA #147, Lean convergence #148, this close-out), the Track B variant- contract foundation (#144), v0.7.x infrastructure landings (#141-143, #151), and v0.8.0 planning anchors (Track D #149/#152, Track E #150/#153). - Updated header date to 2026-04-25 and crate count from "16 crates, 1200+ tests" to "17 crates, 1900+ tests" reflecting the test growth through Track A and the v0.7.x infrastructure additions. - New CLI integration test crates/spar-cli/tests/track_a_close_out.rs exercises the full parse → instance → analyze pipeline on a model using the Spar_Timing::ISR_* property surface plus a sporadic handler thread. The unit + fixture tests in spar-analysis cover the algorithm at the analysis-crate level; this test guards the property surface flowing through the CLI binary end-to-end. Out-of-scope items explicitly recorded: PIP/PCP blocking deferred to v0.7.1, multi-processor ISR migration deferred, cache-aware interference inflation deferred to v1.0+. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 25, 2026
The first cold-cache run on #151 cancelled at ~98% Mathlib build (module 2796 of 2845) when it hit the 60-minute GH Actions timeout. Compiling Mathlib from source on a single runner takes ~70-90 min; GitHub's hosted runners can't fit that in 60. Two fixes, both standard Lean-community practice: 1. use-mathlib-cache: true — leanprover/lean-action runs `lake exe cache get` before `lake build`, pulling ~2 GB of precompiled `.olean` files from Mathlib's cloud cache instead of rebuilding from source. Cuts cold-cache time from 70+ min to roughly 5 min for the fetch + 1-2 min for our in-tree proofs. 2. timeout-minutes: 90 — covers a worst-case fetch path (slow S3, region thrash, etc.) without forcing future cancellations. Warm runs (after actions/cache hits on `proofs/.lake`) land in well under 10 minutes — those rebuild only modules that changed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
force-pushed
the
feat/135-lean-bazel-ci
branch
from
22d1b1a to
c3e8895
Compare
2 tasks
avrabe
added a commit
that referenced
this pull request
Apr 25, 2026
The Lean compiler requires `import` statements to appear before any other top-level content (including doc-comment blocks `/- ... -/`). The original file from #148 had two stacked comment blocks (a `/-!` docstring then a `/- ... -/` overview) above the `import` lines, and Lean 4.29.0-rc6 rejects that with: error: Proofs/Scheduling/RTAJittered.lean:35:0: invalid 'import' command, it must be used in the beginning of the file Fix: merge the two blocks into a single `/-! ... -/` module docstring that sits *before* the imports — Lean treats the leading docstring as metadata, not as a top-level command, so imports following it are still "at the beginning". Same content, different framing. Discovered by the new Lean CI gate from #151 once Mathlib's precompiled cache lands fast enough to actually reach our in-tree files. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
added a commit
that referenced
this pull request
Apr 25, 2026
The first cold-cache run on #151 cancelled at ~98% Mathlib build (module 2796 of 2845) when it hit the 60-minute GH Actions timeout. Compiling Mathlib from source on a single runner takes ~70-90 min; GitHub's hosted runners can't fit that in 60. Two fixes, both standard Lean-community practice: 1. use-mathlib-cache: true — leanprover/lean-action runs `lake exe cache get` before `lake build`, pulling ~2 GB of precompiled `.olean` files from Mathlib's cloud cache instead of rebuilding from source. Cuts cold-cache time from 70+ min to roughly 5 min for the fetch + 1-2 min for our in-tree proofs. 2. timeout-minutes: 90 — covers a worst-case fetch path (slow S3, region thrash, etc.) without forcing future cancellations. Warm runs (after actions/cache hits on `proofs/.lake`) land in well under 10 minutes — those rebuild only modules that changed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
force-pushed
the
feat/135-lean-bazel-ci
branch
from
c3e8895 to
1a564f8
Compare
1 task
avrabe
added a commit
that referenced
this pull request
Apr 26, 2026
Lean 4.29.0-rc6 rejects `import` after a `/-! ... -/` module-docstring in this file's pattern, even though Mathlib uses module docstrings throughout — likely an interaction with the closing `-/` being on the same line as content text. The other working files in this directory (RTA.lean, RMBound.lean, EDF.lean) all use a regular `/- ... -/` block comment with the closing `-/` on its own line, so we match that style. #159 (the previous import-order fix) addressed the structural ordering but introduced the `/-!` form. CI surfaced that in #151's first run that actually reached our in-tree files via mathlib-cache. Body unchanged. Format-only edit. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds three CI gates that promote spar's verification artifacts from "documentation that should be checked" to "CI-gated evidence": - .github/workflows/proofs.yml — `lake build` for proofs/, with Mathlib cache and audit artifact upload - bazel-test job in ci.yml — `bazel test //...` for the full Rust + Lean + Bazel target sweep - Proptest CI confirmation — extended-cases run on every PR Lean toolchain pinned via lean-toolchain file (matches rules_lean 4.27.0 per issue notes). Mathlib is cached on `lake-manifest.json` hash to avoid recompiles. Status badges added to README for Rust CI, Lean proofs, rivet validate. Closes #135. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The rivet-validate job pinned to v0.1.0 was treating legitimate schema-extension fields (used by Track A/B/D/E artifacts and EU AI Act / IEC 62304 / DO-178C bridges) as hard errors. v0.4.x reclassifies unknown-field warnings to INFO level — matching what `rivet validate` returns locally on the same artifact set today (PASS, 91 INFO). release.yml still pins v0.1.0 for its legacy compliance-action; that's a separate cleanup, not blocking this PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The first cold-cache run on #151 cancelled at ~98% Mathlib build (module 2796 of 2845) when it hit the 60-minute GH Actions timeout. Compiling Mathlib from source on a single runner takes ~70-90 min; GitHub's hosted runners can't fit that in 60. Two fixes, both standard Lean-community practice: 1. use-mathlib-cache: true — leanprover/lean-action runs `lake exe cache get` before `lake build`, pulling ~2 GB of precompiled `.olean` files from Mathlib's cloud cache instead of rebuilding from source. Cuts cold-cache time from 70+ min to roughly 5 min for the fetch + 1-2 min for our in-tree proofs. 2. timeout-minutes: 90 — covers a worst-case fetch path (slow S3, region thrash, etc.) without forcing future cancellations. Warm runs (after actions/cache hits on `proofs/.lake`) land in well under 10 minutes — those rebuild only modules that changed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
force-pushed
the
feat/135-lean-bazel-ci
branch
from
1a564f8 to
e443aab
Compare
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the three CI gates required by issue #135 so that spar's existing verification artifacts (Lean proofs, rivet schemas, Bazel rules) become CI-gated evidence instead of documentation:
.github/workflows/proofs.yml— runslake buildagainstproofs/on every PR + main push. Usesleanprover/lean-action@v1, which readsproofs/lean-toolchain(currently pinned toleanprover/lean4:v4.29.0-rc6). Mathlib + transitive.oleanoutputs are cached viaactions/cache@v4keyed onlean-toolchain+lake-manifest.json. On failure, per-target lake build logs are uploaded as thelake-build-logartifact for forensic review.bazel-testjob inci.yml— wires upbazel test //...viabazelbuild/setup-bazelisk@v3, with~/.cache/bazelcached. Currentlycontinue-on-error: trueand informational because there is no rootMODULE.bazel/WORKSPACEyet (thetools/bazel/rules_*rules are consumed by generated BUILD files); the gate will flip the moment a root workspace marker lands — no follow-up workflow edit needed.rivet-validatejob inci.yml— installs therivetCLI pinned to the samev0.1.0tag the existing compliance action uses, then runsrivet validate --format text. Mirrors the local pre-commit invariant from AGENTS.md.Proptest (extended)already runs on every PR (the workflow's top-levelon:covers it). Added a comment documenting the gate.proofs/README.md— new doc covering the three verified theorems, the toolchain pin, and how CI consumes them.Test plan
Lean Proofsrunslake buildto green on this PR (cold run will be slow — Mathlib is ~2 GB; subsequent runs reuse the cache).CI / Rivet validate (artifacts)runsrivet validateto green.CI / Bazel test (//...)runs and emits the informational warning (noMODULE.bazelyet); job iscontinue-on-error: trueso it does not block.CI / Proptest (extended)continues to pass on this PR.Format,Clippy,Test,Security Audit,Cargo Deny,Code Coverage,Miri,Mutation Testing,Fuzz smoke,Supply Chain,Bench compile smoke,Kani) remain green.Local smoke tests
lake build— not run locally (sandbox lackslake/elan). Validation will happen on the first CI run.bazel test //...— not run locally; the repo also has no rootMODULE.bazel, so the new job is intentionally informational until that lands. Documented in the workflow comment.Deferred / follow-ups
MODULE.bazel(and any requiredBUILD.bazelfiles generated fromspar codegen) is committed, flipbazel-testfromcontinue-on-error: trueto a hard gate.proofs.yml::leanto the required-checks list.🤖 Generated with Claude Code