Lean proved this program correct; then I found a bug

📝 Discussion Summary (Click to expand)

Summary of the 3 most prevalent themes

Verification is only as strong as its specification

“If you have a spec that isn’t correct, you can certainly write code that conforms to that spec and write proofs to support it. It just means you have verified a program that does something other than what you intended.” – porcoda
“A missing specification … is a real problem to the philosophy and practice of software verification.” – dchftcs
Misleading or click‑bait framing creates hype and confusion

“The title feels like a bait‑and‑switch.” – grg0
“The formulation of the title is ‘I was told X but that’s not true’… the failure was not in Lean’s proof.” – danparsonson
“It’s called clickbait.” – amoss
AI‑driven verification raises new expectations and responsibilities

“A combo of formal logic and adversarial thinking (probably from LLMs) … will produce an exhaustive list of everything the program will do.” – brookst
“Adding formal verification is not a strict defense against bugs.” – quantummagic

🚀 Project Ideas

AI‑driven specification generator that extracts intent from code, docs, and discussions to produce exhaustive, type‑checked specs.
Core value: reduces spec‑gap bugs by automatically surfacing missing invariants before verification.

Key	Value
Target Audience	Researchers and engineers using formal provers (Lean, Coq) who need tighter spec coverage.
Core Feature	Automatic generation of formal spec templates, with coverage analysis and AI‑suggested missing cases.
Tech Stack	Python LLM backend, Lean 4/Yardlink front‑end, Docker CI, PostgreSQL for spec storage.
Difficulty	Medium
Monetization	Revenue-ready: {tiered SaaS: "Free for repos <1k LOC, $0.02 per spec generation request thereafter"}.

HN commenters repeatedly lament “missing specification” bugs (e.g., denial‑of‑service in archive parsers).
Offers actionable guidance: “add this invariant” → prevents runtime crashes.
Potential to integrate with CI pipelines of verification‑oriented projects for early‑stage spec hygiene.

Cloud service that runs formal verification tools on unverified code fragments discovered by fuzzers, flagging gaps in proof coverage.
Core value: turns accidental bug finds into systematic verification obligations.

Key	Value
Target Audience	Teams building verified libraries or services (e.g., Rust, Lean) that need continuous verification hygiene.
Core Feature	Periodic ingestion of fuzzing results, automatic proof‑attempt dispatch to Lean/Coq, reporting of uncovered specifications.
Tech Stack	Go microservice, Kubernetes workers, Lean/Coq containers, Prometheus metrics, Slack webhook alerts.
Difficulty	High
Monetization	Revenue-ready: {Enterprise tier: $150/mo per project, includes audit logs and custom spec templates}.

Addresses the “bug outside proof boundary” complaint; provides a systematic way to expand proof coverage.
Resonates with users who want “vibe‑coding proofs” to be actionable rather than anecdotal.
Offers a concrete path to integrate AI‑driven verification into CI without overwhelming experts.

Dependency‑graph visualizer that tags each binary component with its verification status, exposing unverified links in real‑time.
Core value: prevents accidental reliance on unverified runtimes or parsers by surfacing gaps at build time.

Key	Value
Target Audience	Engineers integrating third‑party libraries into formally verified systems (e.g., blockchain, aerospace).
Core Feature	Scans source trees, marks verified modules, generates a dependency graph with risk scores, blocks builds on high‑risk edges.
Tech Stack	Rust backend, Neo4j graph database, React frontend, GitHub Actions integration.
Difficulty	Medium
Monetization	Revenue-ready: {SaaS: $30/user/mo, includes auto‑generated compliance reports}.

Mirrors HN concerns about “runtime bugs” leaking into verified code; provides guardrails.
Users emphasized need for “complete spec” and awareness of unverified components; VeriLink makes that explicit.
Could be marketed as essential CI linting for any project advertising formal correctness.