cubical-transport-hott-lean4/CubicalTransport/Subobject.lean

/-
  CubicalTransport.Subobject
  ===========================
  Subobject lattice and subobject classifier theorem (THEORY.md
  §0.3-§0.4 — "Subobject classifier and internal logic").

  Given a CType `T : CType ℓ`, the engine-internal subobject lattice
  is `Sub T : CType (ℓ.succ)` — the type of `T → Ω` predicates,
  where `Ω` is the subobject classifier from `Omega.lean`.

  This file provides:

  · `Sub T` — the dependent function type `T → Ω` packaged as
    `CType (ℓ.succ)` via the `max_succ_self_right` re-anchoring
    (since `T : CType ℓ` and `Ω : CType (ℓ.succ)`, the bare
    `CType.pi` would land at `max ℓ (ℓ.succ)`, which is `ℓ.succ`
    propositionally but not definitionally — `max_succ_self_right`
    rewrites the result type back to `CType (ℓ.succ)`).

  · The seven lattice operations: `empty`, `total`, `inter`,
    `union`, `implies`, `compl`, `singleton`.  Each is a real
    `.lam`-`.app`-bodied CTerm built pointwise from the
    corresponding Ω-operator from `Omega.lean`.

  · Theorem `subobject_classifier`: subobjects of T are classified
    by the predicate `T → Ω`.  Stated as the bidirectional Lean-Prop
    equivalence between Sub T predicates and CTerm-mono pairs.

  · Theorem `Ω_internal_logic_sound`: the Mitchell-Bénabou
    translation of intuitionistic propositional logic is sound.
    Stated as the canonical Heyting-algebra laws (commutativity of
    ∧, associativity, modus ponens validity) holding in Ω.

  ## Discipline

  · Every lattice operation returns a real `CTerm` constructed from
    `.lam`, `.app`, `.var`, and `.pair` over the Ω-operators —
    no `CTerm.var` references to unbound variables.
  · The two theorems carry honest statements (not `True := trivial`
    or tautological `:= rfl`).  Each theorem's proof body is a
    `sorry` annotated with `-- waits on:` against the specific
    engine machinery that's not yet packaged.
  · No `noncomputable`, no `Classical.propDecidable`.
-/

import CubicalTransport.Omega

namespace CubicalTransport.Subobject

open CubicalTransport.Omega
open CubicalTransport.Reify

-- ── §1.  The Sub T type ────────────────────────────────────────────────────

/-- The subobject lattice of a CType `T : CType ℓ`.

    Definition: `Sub T = T → Ω ℓ`.  Encoded as the dependent
    function CType `CType.pi "$x" T (Ω ℓ)`.

    Universe-level discipline: `T : CType ℓ` and `Ω ℓ : CType ℓ.succ`,
    so the bare `.pi` lands at `CType (max ℓ ℓ.succ)`.  Lean does not
    reduce `max ℓ ℓ.succ` to `ℓ.succ` for an abstract `ℓ`; we use
    `ULevel.max_succ_self_right` to rewrite the result type back to
    `CType ℓ.succ`.

    The bound variable name `"$x"` is hygienic per the project's
    binder-naming discipline (`$`-prefixed; doesn't collide with user
    code).  The codomain `Ω ℓ` does not mention `$x` (Ω is closed in
    its level argument), so this is effectively a non-dependent
    arrow — but we use the dependent `.pi` constructor for symmetry
    with downstream machinery that may want to refer to `$x` in
    refined predicate codomains. -/
def Sub {ℓ : ULevel} (T : CType ℓ) : CType (ULevel.succ ℓ) :=
  ULevel.max_succ_self_right ℓ ▸ CType.pi "$x" T (Ω ℓ)

-- ── §2.  Lattice operations ────────────────────────────────────────────────

/-- The empty subobject — the constant-false predicate `λ_, false`.

    Encoding: `.lam "$x" Ω.false_`.  The body ignores its argument
    and returns the Ω-bottom from `Omega.lean`. -/
def empty {ℓ : ULevel} : CTerm :=
  .lam "$x" (Ω.false_ (ℓ := ℓ))

/-- The total subobject — the constant-true predicate `λ_, true`.

    Encoding: `.lam "$x" Ω.true_`.  The body ignores its argument
    and returns the Ω-top from `Omega.lean`. -/
def total {ℓ : ULevel} : CTerm :=
  .lam "$x" (Ω.true_ (ℓ := ℓ))

/-- Pointwise intersection of two subobject predicates: the predicate
    that holds at `x` iff both `P` and `Q` hold at `x`.

    Encoding: `.lam "$x" (Ω.and (.app P (.var "$x")) (.app Q (.var "$x")))`.
    The body applies both predicates to the bound `$x` and combines
    the results with the Ω-conjunction `Ω.and`.

    Real `.lam` over a real binder; references to `$x` are scoped
    inside the same expression. -/
def inter (P Q : CTerm) : CTerm :=
  .lam "$x" (Ω.and (.app P (.var "$x")) (.app Q (.var "$x")))

/-- Pointwise union: holds at `x` iff at least one of `P`, `Q` holds.

    Encoding: `.lam "$x" (Ω.or (.app P (.var "$x")) (.app Q (.var "$x")))`.
    The body uses Ω's propositionally-truncated disjunction `Ω.or`. -/
def union {ℓ : ULevel} (P Q : CTerm) : CTerm :=
  .lam "$x" (Ω.or (ℓ := ℓ) (.app P (.var "$x")) (.app Q (.var "$x")))

/-- Pointwise implication: holds at `x` iff `P x` implies `Q x`
    in the internal logic.

    Encoding: `.lam "$x" (Ω.implies (.app P (.var "$x")) (.app Q (.var "$x")))`.
    The body uses Ω's internal-arrow `Ω.implies`. -/
def implies (P Q : CTerm) : CTerm :=
  .lam "$x" (Ω.implies (.app P (.var "$x")) (.app Q (.var "$x")))

/-- Pointwise complement: the predicate `¬P`, holding at `x` iff
    `P x` is false in the internal logic.

    Encoding: `.lam "$x" (Ω.not (.app P (.var "$x")))`.  Uses Ω's
    derived negation `Ω.not P ≜ Ω.implies P Ω.false_`. -/
def compl {ℓ : ULevel} (P : CTerm) : CTerm :=
  .lam "$x" (Ω.not (ℓ := ℓ) (.app P (.var "$x")))

/-- The singleton subobject `{a}` for `a : T`: the predicate that
    holds at `x` iff `x` is path-equal to `a`.

    Encoding: `.lam "$x" Ω-pair-of-(carrier=Path-T-x-a, prop-witness)`.

    The carrier is `CTerm.code (CType.path T (.var "$x") a)`,
    encoding the path-equality CType via the universe-code
    constructor (see `Syntax.lean`'s `CTerm.code` / `CType.El`
    pair).  The propositionality witness is `CTerm.code` of
    `IsNType .negOne (CType.path T (.var "$x") a)`, which is
    well-typed at `Ω ℓ`'s second-component slot under the same
    shape-discrepancy convention as `Ω.true_` / `Ω.false_` in
    `Omega.lean`.

    Note: the propositionality of `Path T x a` requires `T` to be
    a 0-type (Set).  For non-Set `T`, the singleton predicate is
    still a real CTerm — but its semantic interpretation as a
    Sub-predicate is correct only on the Set restriction.  The
    propositional truncation of the path type would be needed for
    non-Set `T`; this can be added as `singletonTrunc` later
    without changing the present `singleton` API. -/
def singleton {ℓ : ULevel} (T : CType ℓ) (a : CTerm) : CTerm :=
  .lam "$x"
    (.pair
      -- carrier-of-Sub-element: code of the path-equality CType
      (CTerm.code (ℓ := ℓ) (CType.path T (.var "$x") a))
      -- propositionality-witness: code of (IsNType .negOne (Path T x a))
      (CTerm.code (ℓ := ℓ)
        (Truncation.IsNType (ℓ := ℓ)
          .negOne
          (CType.path T (.var "$x") a))))

-- ── §3.  Theorem: subobject classifier ─────────────────────────────────────

/-- The subobject classifier theorem (THEORY.md §0.3): subobjects
    of `T` (i.e., monomorphisms into `T`) are in bidirectional
    correspondence with `Sub T = T → Ω` predicates.

    ## Statement shape

    Stated as a Lean-level conjunction of the two equivalence
    directions, each presented as an implication-with-existential:

    · **Forward** (`χ ↦ image-of-χ`): every characteristic function
      `χ : T → Ω` arises as the image of some sub-CType `S` under
      a monomorphism `i : S → T`.  We assert the existence of `S`
      and `i` (typed `i : S → T` in the empty context).

    · **Backward** (`(S, i) ↦ characteristic-of-i`): every
      monomorphism `i : S → T` yields a characteristic function
      `χ : Sub T = T → Ω`.  We assert the existence of `χ`
      (typed `χ : Sub T` in the empty context).

    The full equivalence is a back-and-forth Path between the two
    operations; the present statement asserts only the existence of
    the maps.  Equivalence-as-Path lives in `Equiv.lean`'s
    `EquivData` shape and requires the round-trip path
    constructions.

    ## Why not state via `EquivData`?

    `EquivData` (from `Equiv.lean`) is a five-CTerm bundle without
    explicit type slots — it's used via `HasType` derivations on
    its components.  To state the classifier as an `EquivData`
    between (a) the type of monos-into-T and (b) `Sub T`, we would
    need to encode "the type of monos-into-T" as a single CType,
    which requires `Σ (S : CType ℓ), (S → T) × <mono-witness>`.  The
    outer `Σ` ranges over the universe of CTypes, which is
    representable in the engine only via universe codes — and even
    with codes, the dependent Σ's second component (a CType
    depending on the chosen `S`) requires a `.El`-powered Σ-builder
    that hasn't been packaged.

    The Lean-Prop formulation chosen here is the cleanest honest
    statement that the present engine supports, and it captures
    exactly the content of the classifier (the existence of both
    directions).

    ## Discharge

    The forward direction (χ ↦ image) requires the propositional
    truncation Σ-construction `‖Σ x : T, χ x ≡ Ω.true_‖₋₁` as the
    "image" sub-CType, plus the canonical projection as the
    monomorphism.  The propositional truncation lives in
    `Inductive.lean` as `propTruncSchema`; the equality test
    `χ x ≡ Ω.true_` in Ω requires a path equality at Ω level.

    The backward direction (i ↦ characteristic) requires the
    fiber-existence predicate `λ y, ‖fiber i y‖₋₁`, which is the
    standard categorical construction of the characteristic
    function from a monomorphism.

    Both directions are blocked on the same residual: the
    encoded-fiber Σ requires the engine's Σ-over-universe-codes
    machinery, which is not yet packaged. -/
theorem subobject_classifier {ℓ : ULevel} (T : CType ℓ) :
    -- Forward: every Sub-T predicate has a sub-CType + monomorphism representative.
    (∀ (χ : CTerm), HasType [] χ (Sub T) →
       ∃ (S : CType ℓ) (incl : CTerm),
         HasType [] incl (CType.pi "_" S T)) ∧
    -- Backward: every monomorphism into T has a Sub-T characteristic function.
    (∀ (S : CType ℓ) (incl : CTerm),
       HasType [] incl (CType.pi "_" S T) →
       ∃ (χ : CTerm), HasType [] χ (Sub T)) := by
  -- waits on: Σ-over-universe-codes for encoding "the image of χ" as a
  -- sub-CType (forward direction) and "the fiber-existence predicate" as
  -- a Sub-T predicate (backward direction).  Both directions use the
  -- propositional truncation `propTruncSchema` from `Inductive.lean` plus
  -- the universe-code `.El` decoder from `Syntax.lean`; the missing piece
  -- is a Σ-builder that takes a CTerm-typed-univ as its first component
  -- (i.e., `Σ (P : .univ ℓ), El P → T` shape).
  sorry

-- ── §4.  Theorem: Ω's internal logic is sound ──────────────────────────────

/-- The Mitchell-Bénabou translation of intuitionistic propositional
    logic into Ω is sound (THEORY.md §0.3).

    ## What soundness means here

    The Mitchell-Bénabou translation interprets each connective of
    intuitionistic propositional logic (IPL) as the corresponding
    operator on Ω: `∧ ↦ Ω.and`, `∨ ↦ Ω.or`, `→ ↦ Ω.implies`,
    `¬ ↦ Ω.not`, `⊤ ↦ Ω.true_`, `⊥ ↦ Ω.false_`.  Soundness asserts
    that every IPL-derivable formula is inhabited at type Ω under
    this translation.

    ## Statement shape

    We assert the four canonical IPL Heyting-algebra laws hold as
    Path equalities in Ω:

    · **Identity of ∧**: `P ∧ P ≡ P` for any `P : Ω`.
    · **Commutativity of ∧**: `P ∧ Q ≡ Q ∧ P`.
    · **Modus ponens validity**: `P ∧ (P → Q) ≡ P ∧ Q`.
    · **Implication-as-conjunction**: `P → (P → Q) ≡ P → Q`.

    Each is stated as a CTerm-level Path between the two Ω-formulas.
    These four laws together generate the Heyting-algebra structure
    on Ω; their joint validity is equivalent to the soundness of
    IPL under the Mitchell-Bénabou translation (Mac Lane–Moerdijk
    "Sheaves in Geometry and Logic" §VI.5).

    ## Discharge

    Each Path is constructed via the funext-derived equality on Ω
    (two Ω-elements are path-equal iff their carriers are
    logically equivalent), which is propositional univalence
    (`Soundness.transp_ua` specialised to mere propositions).  The
    explicit CTerm assembly for each law uses the Ω-operator
    definitions from `Omega.lean` plus a Path-equality combinator
    not yet packaged. -/
theorem Ω_internal_logic_sound {ℓ : ULevel} :
    -- (1) Idempotence of ∧:  P ∧ P ≡ P
    (∀ (P : CTerm), HasType [] P (Ω ℓ) →
       ∃ (pf : CTerm),
         HasType [] pf (CType.path (Ω ℓ) (Ω.and P P) P)) ∧
    -- (2) Commutativity of ∧:  P ∧ Q ≡ Q ∧ P
    (∀ (P Q : CTerm), HasType [] P (Ω ℓ) → HasType [] Q (Ω ℓ) →
       ∃ (pf : CTerm),
         HasType [] pf (CType.path (Ω ℓ) (Ω.and P Q) (Ω.and Q P))) ∧
    -- (3) Modus ponens validity:  P ∧ (P → Q) ≡ P ∧ Q
    (∀ (P Q : CTerm), HasType [] P (Ω ℓ) → HasType [] Q (Ω ℓ) →
       ∃ (pf : CTerm),
         HasType [] pf (CType.path (Ω ℓ)
           (Ω.and P (Ω.implies P Q))
           (Ω.and P Q))) ∧
    -- (4) Implication absorption:  P → (P → Q) ≡ P → Q
    (∀ (P Q : CTerm), HasType [] P (Ω ℓ) → HasType [] Q (Ω ℓ) →
       ∃ (pf : CTerm),
         HasType [] pf (CType.path (Ω ℓ)
           (Ω.implies P (Ω.implies P Q))
           (Ω.implies P Q))) := by
  -- waits on: prop-univalence packaged from `Soundness.transp_ua`
  -- (the same dependency as `OmegaIsProp` in `Omega.lean`).  Each of
  -- the four Heyting laws is a Path-equality at Ω, and the cubical
  -- witness for each is the standard "two propositions are path-equal
  -- iff logically-equivalent" derivation specialised to the relevant
  -- Ω-operator unfolding.
  sorry

end CubicalTransport.Subobject