feat(Logics): add FutureTemporalConnectives typeclass layer and LTL.Formula type

Split TemporalConnectives into FutureTemporalConnectives + TemporalConnectives.
Add HasNext typeclass and LTLConnectives bundle. Create LTL.Formula with
{atom, bot, imp, next, untl} and derived connectives. Add LTL.Formula.toTemporal
embedding. Add basic LTL satisfaction over omega-words. Remove
Encodable/Countable/Infinite/Denumerable and BEq instances from Temporal.Formula
(deferred to completeness PR).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: benbrastmckie

Cslib.lean

@@ -137,6 +137,8 @@ public import Cslib.Languages.LambdaCalculus.LocallyNameless.Untyped.StrongNorm
 public import Cslib.Languages.LambdaCalculus.Named.Untyped.Basic
 public import Cslib.Logics.HML.Basic
 public import Cslib.Logics.HML.LogicalEquivalence
+public import Cslib.Logics.LTL.Semantics.Satisfies
+public import Cslib.Logics.LTL.Syntax.Formula
 public import Cslib.Logics.LinearLogic.CLL.Basic
 public import Cslib.Logics.LinearLogic.CLL.CutElimination
 public import Cslib.Logics.LinearLogic.CLL.EtaExpansion

Cslib/Foundations/Logic/Connectives.lean

@@ -70,6 +70,11 @@ class HasSince (F : Type*) where
   /-- The since temporal operator. -/
   snce : F → F → F
 
+/-- A type has a next-step temporal operator. -/
+class HasNext (F : Type*) where
+  /-- The next-step temporal operator. -/
+  next : F → F
+
 /-- A type has a conjunction connective. -/
 class HasAnd (F : Type*) where
   /-- The conjunction connective. -/
@@ -87,7 +92,25 @@ When all four connectives are needed, use
 `[PropositionalConnectives F] [HasAnd F] [HasOr F]`. -/
 class PropositionalConnectives (F : Type*) extends HasBot F, HasImp F
 
-/-- Temporal connectives: propositional connectives plus until and since. -/
-class TemporalConnectives (F : Type*) extends PropositionalConnectives F, HasUntil F, HasSince F
+/-- Future temporal connectives: propositional connectives plus until (no since, no next).
+
+This bundle is shared by both `LTLConnectives` (which adds `HasNext`) and
+`TemporalConnectives` (which adds `HasSince`). Factoring out the future fragment
+allows code generic over future-only temporal logics without committing to past or
+next-step operators. -/
+class FutureTemporalConnectives (F : Type*) extends PropositionalConnectives F, HasUntil F
+
+/-- LTL connectives: future temporal connectives plus a primitive next-step operator.
+
+Linear Temporal Logic uses `next` as a primitive rather than deriving it from `until`
+(the encoding `next φ = φ U ⊥` does not hold in all models). `FutureTemporalConnectives`
+provides `bot`, `imp`, and `untl`; this bundle adds `next`. -/
+class LTLConnectives (F : Type*) extends FutureTemporalConnectives F, HasNext F
+
+/-- Temporal connectives: propositional connectives plus until and since.
+
+Extends `FutureTemporalConnectives` with the `since` operator, forming the standard
+two-sorted temporal signature (future + past). -/
+class TemporalConnectives (F : Type*) extends FutureTemporalConnectives F, HasSince F
 
 end Cslib.Logic

Cslib/Logics/LTL/Semantics/Satisfies.lean

@@ -0,0 +1,64 @@
+/-
+Copyright (c) 2026 Benjamin Brast-McKie. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Benjamin Brast-McKie
+-/
+
+module
+
+public import Cslib.Logics.LTL.Syntax.Formula
+
+/-! # LTL Satisfaction over Omega-Words
+
+This module defines a basic satisfaction relation for LTL formulas over omega-words.
+An omega-word is represented as a valuation `v : ℕ → (Atom → Prop)`, assigning to
+each time point `i : ℕ` the set of atoms that hold at that point.
+
+The semantics follow the standard Kripke/Pnueli definition of LTL over ω-sequences.
+Connection to `OmegaExecution` from the LTS library is deferred to future work.
+
+## Main definitions
+
+- `Satisfies v i φ` : formula `φ` holds at time `i` in valuation `v`
+- `Valid v φ` : `φ` holds at all time points in `v`
+- `Satisfiable φ` : `φ` holds at some time point in some valuation
+
+## References
+
+* [A. Pnueli, *The Temporal Logic of Programs*][Pnueli1977]
+* [M. Y. Vardi, P. Wolper,
+  *An automata-theoretic approach to automatic program verification*][VardiWolper1986]
+-/
+
+@[expose] public section
+
+namespace Cslib.Logic.LTL
+
+variable {Atom : Type*}
+
+/-- Satisfaction relation for LTL over omega-words.
+
+`Satisfies v i φ` means formula `φ` holds at time point `i` in the omega-word `v`,
+where `v : ℕ → (Atom → Prop)` assigns a set of true atoms to each time point.
+
+The `untl` case uses the Burgess convention: `φ U ψ` holds at `i` when there exists
+a future time `j ≥ i` where φ holds (the event), and ψ holds at all intermediate
+points `i ≤ k < j` (the guard). -/
+def Satisfies (v : ℕ → (Atom → Prop)) (i : ℕ) : Formula Atom → Prop
+  | .atom p => v i p
+  | .bot => False
+  | .imp φ ψ => Satisfies v i φ → Satisfies v i ψ
+  | .next φ => Satisfies v (i + 1) φ
+  | .untl φ ψ => ∃ j ≥ i, Satisfies v j φ ∧ ∀ k, i ≤ k → k < j → Satisfies v k ψ
+
+/-- A formula holds at all time points in a given omega-word. -/
+def Valid (v : ℕ → (Atom → Prop)) (φ : Formula Atom) : Prop :=
+  ∀ i, Satisfies v i φ
+
+/-- A formula is satisfiable: it holds at some time point in some omega-word. -/
+def Satisfiable (φ : Formula Atom) : Prop :=
+  ∃ (v : ℕ → (Atom → Prop)) (i : ℕ), Satisfies v i φ
+
+end Cslib.Logic.LTL
+
+end

Cslib/Logics/LTL/Syntax/Formula.lean

@@ -0,0 +1,143 @@
+/-
+Copyright (c) 2026 Benjamin Brast-McKie. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Benjamin Brast-McKie
+-/
+
+module
+
+public import Cslib.Init
+public import Cslib.Foundations.Logic.Connectives
+public import Cslib.Logics.Temporal.Syntax.Formula
+
+/-! # LTL Formula Type
+
+This module defines the formula type for Linear Temporal Logic with primitives
+`{atom, bot, imp, next, untl}`. The primitive `next` operator is kept separate from
+`untl` following the Burgess convention: in full temporal logic, `next φ` is sometimes
+encoded as `φ U ⊥`, but this encoding does not hold in all models (it relies on
+discreteness and non-triviality). An independent primitive `next` avoids this coupling.
+
+## Main definitions
+
+- `Formula` : Inductive type for LTL formulas with constructors
+  `atom`, `bot`, `imp`, `next`, `untl`
+- `Formula.someFuture` (𝐅): `φ U ⊤` — φ holds at some future point
+- `Formula.allFuture` (𝐆): `¬𝐅¬φ` — φ holds at all future points
+- `Formula.toTemporal` : Embedding of `LTL.Formula` into `Temporal.Formula`
+
+## Notation
+
+Propositional connectives (scoped to `Cslib.Logic.LTL`):
+- `¬` (prefix, 40) : negation (`Formula.neg`)
+- `∧` (infix, 36) : conjunction (`Formula.and`)
+- `∨` (infix, 35) : disjunction (`Formula.or`)
+- `→` (infix, 30) : implication (`Formula.imp`)
+- `↔` (infix, 30) : biconditional (`Formula.iff`)
+
+Temporal operators (scoped to `Cslib.Logic.LTL`):
+- `U` (infix, 40) : until (`Formula.untl`)
+- `X` (prefix, 40) : next-step (`Formula.next`)
+- `𝐅` (prefix, 40) : some future / eventually (`Formula.someFuture`)
+- `𝐆` (prefix, 40) : all future / globally (`Formula.allFuture`)
+
+## Derived Operators
+
+Derived operators follow the Burgess convention: in `untl event guard`, the first argument
+is the **event** (holds at the witness point) and the second is the **guard** (holds at all
+intermediate points). `someFuture φ` is `φ U ⊤` (φ is the event, ⊤ is the trivial guard).
+
+## References
+
+* [A. Pnueli, *The Temporal Logic of Programs*][Pnueli1977]
+* [H. Kamp, *Tense Logic and the Theory of Linear Order*][Kamp1968]
+* [J. P. Burgess, *Basic Tense Logic*][Burgess1984]
+* [M. Y. Vardi, P. Wolper,
+  *An automata-theoretic approach to automatic program verification*][VardiWolper1986]
+-/
+
+@[expose] public section
+
+namespace Cslib.Logic.LTL
+
+/-- LTL formula type. Primitives: atoms, falsum, implication, next-step, and until.
+
+`next` is a primitive constructor and is not derived from `untl`. The encoding
+`next φ = φ U ⊥` holds on discrete non-ending sequences but fails in general temporal
+models; keeping `next` primitive supports broader model classes. -/
+inductive Formula (Atom : Type u) : Type u where
+  /-- Atomic proposition. -/
+  | atom (p : Atom)
+  /-- Falsum / bottom. -/
+  | bot
+  /-- Implication. -/
+  | imp (φ₁ φ₂ : Formula Atom)
+  /-- Next-step operator: Xφ holds at t iff φ holds at t+1. -/
+  | next (φ : Formula Atom)
+  /-- Until temporal operator: φ₁ U φ₂ (Burgess: event U guard). -/
+  | untl (φ₁ φ₂ : Formula Atom)
+deriving DecidableEq, BEq
+
+/-- Negation: ¬φ := φ → ⊥ -/
+abbrev Formula.neg (φ : Formula Atom) : Formula Atom := .imp φ .bot
+
+/-- Verum / top: ⊤ := ⊥ → ⊥ -/
+abbrev Formula.top : Formula Atom := .imp .bot .bot
+
+/-- Disjunction: φ₁ ∨ φ₂ := ¬φ₁ → φ₂ -/
+abbrev Formula.or (φ₁ φ₂ : Formula Atom) : Formula Atom :=
+  .imp (.imp φ₁ .bot) φ₂
+
+/-- Conjunction: φ₁ ∧ φ₂ := ¬(φ₁ → ¬φ₂) -/
+abbrev Formula.and (φ₁ φ₂ : Formula Atom) : Formula Atom :=
+  .imp (.imp φ₁ (.imp φ₂ .bot)) .bot
+
+/-- Biconditional: φ₁ ↔ φ₂ := (φ₁ → φ₂) ∧ (φ₂ → φ₁) -/
+abbrev Formula.iff (φ₁ φ₂ : Formula Atom) : Formula Atom :=
+  (φ₁.imp φ₂).and (φ₂.imp φ₁)
+
+/-- Some future (eventually): F φ := φ U ⊤.
+    Uses Burgess convention: φ is the event (holds at witness), ⊤ is the trivial guard. -/
+abbrev Formula.someFuture (φ : Formula Atom) : Formula Atom :=
+  .untl φ .top
+
+/-- All future (globally): G φ := ¬F ¬φ -/
+abbrev Formula.allFuture (φ : Formula Atom) : Formula Atom :=
+  .neg (.someFuture (.neg φ))
+
+@[inherit_doc] scoped prefix:40 "¬" => Formula.neg
+@[inherit_doc] scoped infix:36 " ∧ " => Formula.and
+@[inherit_doc] scoped infix:35 " ∨ " => Formula.or
+@[inherit_doc] scoped infix:30 " → " => Formula.imp
+@[inherit_doc] scoped infix:30 " ↔ " => Formula.iff
+@[inherit_doc] scoped infix:40 " U " => Formula.untl
+@[inherit_doc] scoped prefix:40 "X" => Formula.next
+@[inherit_doc] scoped prefix:40 "𝐅" => Formula.someFuture
+@[inherit_doc] scoped prefix:40 "𝐆" => Formula.allFuture
+
+/-- Register `LTL.Formula` as an instance of `LTLConnectives`. -/
+instance : LTLConnectives (Formula Atom) where
+  bot := .bot
+  imp := .imp
+  untl := .untl
+  next := .next
+
+instance : Bot (Formula Atom) := ⟨.bot⟩
+instance : Top (Formula Atom) := ⟨.top⟩
+
+/-- Embed `LTL.Formula` into `Temporal.Formula`.
+
+`LTL.Satisfies` uses reflexive (non-strict) until: `∃ j ≥ i, ...`. The BX tense logic
+uses strict until: `∃ s > t, ...`. To preserve semantics, `untl` maps to
+`reflexiveUntl` (the derived non-strict operator), while `next` maps to the strict
+`untl · bot` which forces the witness to be the immediate successor on ℕ. -/
+def Formula.toTemporal : Formula Atom → Temporal.Formula Atom
+  | .atom p => .atom p
+  | .bot => .bot
+  | .imp φ ψ => .imp (toTemporal φ) (toTemporal ψ)
+  | .next φ => .untl (toTemporal φ) .bot
+  | .untl φ ψ => (toTemporal φ).reflexiveUntl (toTemporal ψ)
+
+end Cslib.Logic.LTL
+
+end