Formal verification of the Lean 4 kernel’s correctness remains an open challenge. Method: This paper develops the first fully Lean 4–implemented external type checker, formally specifying its type-theoretic semantics and rigorously proving semantic equivalence between the implementation and the formal semantics. The checker supports end-to-end verification of the entire mathlib library (>1 million lines) and achieves 50%–80% of the performance of the C++ reference implementation. Contribution/Results: It presents the first complete formalization of Lean’s type theory within Lean itself; establishes a provably sound correspondence between kernel primitives and semantic inference rules, thereby providing dual reliability guarantees for kernel evolution; and constitutes a critical step toward a fully self-hosting Lean compiler—significantly enhancing the trustworthiness and maintainability of the theorem prover.

In this paper we present a new"external checker"for the Lean theorem prover, written in Lean itself. This is the first complete typechecker for Lean 4 other than the reference implementation in C++ used by Lean itself, and our new checker is competitive with the original, running between 20% and 50% slower and usable to verify all of Lean's mathlib library, forming an additional step in Lean's aim to self-host the full elaborator and compiler. Moreover, because the checker is written in a language which admits formal verification, it is possible to state and prove properties about the kernel itself, and we report on some initial steps taken in this direction to formalize the Lean type theory abstractly and express the relation between the kernel functions and the type theory. We plan to use this project to help justify any future changes to the kernel and type theory and ensure unsoundness does not sneak in through either the abstract theory or implementation bugs.