This sounds largely plausible to be the cause of the issue. Thanks for spotting!

I worried a bit about this issue. It seems that, to resolver it, one would need to implement this member, but the resolution is to actually. make Valid opaque in A. Could you detect that particular case and emit a more useful error message?

Excellent idea. I improved many messages. However, it became more difficult for some of them. The problem is that, early on during resolution, we change reveal X(); expressions into reveal_X(); lemma calls. By the time that these attempted lemma calls go through the resolver, the name looked up is reveal_X. To improve the error message, we then have to detect that we're in a reveal-statement context and that the thing we're trying to look up has a name that starts with "reveal_" (which is not actually guaranteed to be one of the rewritten calls, since this could have been a user-defined name in the first place), and then remove the "reveal_" prefix, try to find what the name X might have referred to, and finally reconstruct the reason why no reveal_X lemma was created in the first place. It would have been much better not to have done the reveal_X-lemma surgery so early in the pipeline. Then, the symbol we'd be looking at during resolution would be X. (Btw, I've seen this mistake many times--a change is made too early in the resolution pipeline, because it seems as if that's a quick way to get a new feature into the language, but then this bites later on.)

Anyhow, I feel okay with the error messages I did improve. At some point in the future, I expect that we'll revisit reveal statements to expand their role. That would be a good time to handle reveal in a way that's less hacky than today's reveal_-lemmas.

Not blocking, but I thought it should not be an error but a warning. Otherwise, it makes experimenting with opaque to be hard.