Last Tuesday night, around 11:30 PM, I was debugging a recursive function that was supposed to sort a list but was instead producing what I can only describe as "creative reinterpretation." Copilot suggested a fix. Cursor suggested a different fix. Both compiled. Both passed my tests. Neither was actually correct for edge cases I had not thought of.
And then Mistral dropped Leanstral.
Leanstral is not another code completion tool. It is not another "AI pair programmer" that generates plausible-looking code and hopes for the best. It is an open-source AI agent that writes formal mathematical proofs to verify that your code does what you claim it does. Not "probably does." Not "passes 94% of test cases." Mathematically, provably, no-room-for-argument does.
It hit 427 points on Hacker News within hours. And for the first time in a while, the comments were not about whether AI coding tools are overhyped. They were about whether formal verification just became accessible to normal developers.
I spent the last 48 hours comparing Leanstral against every major AI coding tool I use. Here is what I found.
What Leanstral Actually Does (And Does Not Do)
The Formal Proof Part
Leanstral is built on Lean 4, a programming language and proof assistant developed at Microsoft Research. If you have never heard of Lean 4, do not worry — most working developers have not. It is the kind of tool that math professors and verification engineers get excited about at conferences normal people do not attend.
Here is the simplified version: Lean 4 lets you write code and then prove, with mathematical certainty, that the code satisfies specific properties. Not through testing (which can only prove the presence of bugs, never their absence) but through formal logical proofs that cover every possible input, every edge case, every weird corner scenario your QA team would never think of.
The problem has always been that writing these proofs is incredibly hard. It requires a completely different skillset than writing code. My friend Sandra, who did her PhD at ETH Zurich in formal verification, once told me: "Writing the proof for a 50-line function can take longer than writing the function itself. Sometimes weeks." And she is not exaggerating — I have seen her proof scripts.
Leanstral automates that proof-writing process using Mistral's large language models. You give it a function and a specification (what the function should do), and it generates the formal proof. If it cannot prove it, it tells you why — which often reveals actual bugs the code has.
What It Is Not
Leanstral does not write your application code. It does not autocomplete your React components. It does not suggest CSS fixes. If you are looking for "type a comment and get code," this is not that tool. It is a verification agent, not a generation agent.
Think of it this way: Copilot and Cursor are like having a fast but occasionally wrong junior developer. Leanstral is like having a very slow, very meticulous auditor who checks the junior developer's work with mathematical precision.
The Head-to-Head Comparison
Leanstral vs GitHub Copilot
What Copilot does best: Inline code completion, boilerplate generation, translating natural language to code. It is fast, it is everywhere (VSCode, JetBrains, Neovim), and it has gotten meaningfully better since GPT-4 Turbo powers the backend.
What Leanstral does that Copilot cannot: Prove correctness. Copilot can generate a sorting algorithm. Leanstral can prove that the sorting algorithm will always produce a sorted output, will never lose elements, and will terminate for any input. These are different universes of capability.
Where they overlap: Nowhere, really. They solve fundamentally different problems. Copilot helps you write code faster. Leanstral helps you trust code more. You could — and probably should — use both.
Pricing: Copilot Individual is $10/month. Copilot Business is $19/user/month. Leanstral is open source and free. (Yes, you need compute to run inference, but Mistral provides API access and the model weights are downloadable.)
My take: Comparing these two is like comparing a typewriter to a spell-checker. They are both useful. They do not compete. But if you told me I could only have one for safety-critical code? Leanstral, and it is not close.
Leanstral vs Cursor
What Cursor does best: Full-codebase understanding. Cursor's ability to index your entire repository and generate contextually-aware edits across multiple files is genuinely impressive. I have used it to refactor authentication flows across 15 files in one prompt. It felt like magic.
What Leanstral does that Cursor cannot: Guarantee those refactors did not break anything. When Cursor edited my auth flow across 15 files, it introduced a race condition in the token refresh logic that only showed up under load. My tests did not catch it. A formal proof would have.
Pricing: Cursor Pro is $20/month. Cursor Business is $40/user/month. Leanstral: free.
My take: Cursor is the best "AI-native IDE" right now. Period. But Leanstral fills a gap that Cursor does not even attempt to address. I now run Cursor for development and plan to add Leanstral to my CI pipeline for critical modules.
Leanstral vs Devin (Cognition)
What Devin does: Autonomous software engineering. Give it a task, it plans, codes, debugs, and deploys. The demo was impressive. The reality, based on independent evaluations, is more nuanced. METR's research (which we covered in detail here) found that about half of AI-generated pull requests would be rejected by experienced maintainers.
What Leanstral does differently: It does not try to be autonomous. It is a verification tool, not an agent that operates independently. And frankly, that restraint is its strength. The problem with autonomous coding agents — as we explored in our AI agents overnight guide — is not that they cannot write code — it is that nobody can tell if the code is correct without reviewing it line by line, which defeats the purpose.
Pricing: Devin is $500/month per seat. Leanstral: free.
My take: Devin is trying to replace developers. Leanstral is trying to help developers ship safer code. One of these approaches requires trust in AI. The other builds trust through proof. I know which one I would bet on. (Parenthetical aside: I realize the irony of using the word "bet" in an article about mathematical proof. Sandra would be disappointed in me.)
Leanstral vs Amazon CodeWhisperer (now Q Developer)
What Q Developer does: AWS-integrated code suggestions, security scanning, and code transformation. It is basically Copilot but with deep AWS service knowledge. If you are writing Lambda functions and DynamoDB queries, it is actually better than Copilot for those specific cases.
What Leanstral does differently: Platform-agnostic formal verification. It does not care if you are on AWS, GCP, or a Raspberry Pi. It cares about whether your code is logically correct.
Pricing: Q Developer free tier exists. Pro is $19/user/month. Leanstral: free.
My take: Q Developer is a nice tool if you live in AWS-land. But it is a code generation tool competing against other code generation tools. Leanstral is playing a completely different game.
Who Should Actually Care About Leanstral
The Obvious Cases
Financial software developers: If your code handles money, formal verification is not a nice-to-have. It is a "we got fined $2.3 million because a rounding error compounded across 40,000 transactions" necessity. My colleague Marcus, who spent 8 years at a quantitative trading firm, once found a bug in their order matching engine that had been silently mismatching orders for three months. It cost $1.7 million to unwind. A formal proof would have caught it before the first trade.
Medical device software: FDA guidance already recommends formal methods for high-risk medical devices. The problem has always been that formal verification was too expensive and too slow. If Leanstral can reduce that cost by even 60%, it changes the compliance math entirely.
Automotive and aerospace: Self-driving cars, flight control systems, anything where a bug kills people. The DO-178C standard for airborne software already requires "formal methods" at the highest design assurance levels. Leanstral could make those requirements practical for smaller teams.
The Surprising Cases
Smart contract developers: Blockchain smart contracts are immutable once deployed. You literally cannot patch a bug. The DAO hack in 2016 lost $60 million because of a reentrancy bug that a formal proof would have caught in seconds. If you are deploying contracts on Ethereum or Solana in 2026, ignoring formal verification is malpractice.
Open source maintainers: Remember the XZ Utils backdoor from 2024? (Related: Debian's stance on AI-generated code.) A supply chain attack that almost compromised every Linux system running SSH. Leanstral cannot catch intentional backdoors (those are social engineering problems), but it can verify that contributed code does exactly what its documentation claims — nothing more, nothing less.
The Honest Limitations
I am not going to pretend Leanstral solves everything. Here is where it falls short right now:
Learning curve: You need to write specifications in Lean 4. That means learning Lean 4. It is not Python. The syntax is closer to Haskell, and the type system is rich enough to make a category theorist blush. Mistral provides tutorials, but "beginner-friendly" is doing heavy lifting in their marketing copy.
Speed: Generating proofs takes time. For a complex function, Leanstral might run for several minutes. Compare that to Copilot's sub-second suggestions. This is not a tool for your inner loop development cycle — it is for your CI/CD pipeline or pre-merge verification.
Coverage: Not all code is amenable to formal verification. Web UI code, configuration glue, most CRUD operations — formally verifying these would be like hiring a forensic accountant to check your grocery receipts. Technically possible. Wildly impractical.
Proof failures: Sometimes Leanstral cannot complete a proof. This does not necessarily mean your code is wrong — it might mean the specification is too complex for the current model. Understanding why a proof failed requires some formal methods knowledge that most developers do not have yet.
The Bigger Picture: What This Means for AI Coding Tools
Here is what I think is actually happening, and why Leanstral matters beyond its immediate technical capabilities:
The AI coding market has been in a "more code faster" arms race. Copilot generates code. Cursor generates code in context. Devin generates code autonomously. Everyone is competing to produce more code with less human input.
Leanstral asks a different question: is the code correct?
And that question is going to matter more, not less, as AI generates an increasing percentage of production code. If 70% of your codebase was written by an LLM (which, according to GitHub, is where some teams are heading), the verification problem becomes existential. You cannot manually review all of it. Traditional testing catches common bugs but misses edge cases. Formal verification is the only approach that provides mathematical guarantees.
Mistral just made that approach free and (relatively) accessible. Whether Leanstral itself succeeds or not, it has proven that AI-powered formal verification is viable. And that changes the conversation about what AI coding tools should actually do.
Sandra texted me after the Hacker News thread blew up. She said: "I have been waiting 15 years for someone to make formal verification accessible. I did not expect it to be a French AI startup."
Neither did I. But here we are.
