lemmafit 0.0.1 → 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 midspiral
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,9 +1,98 @@
 # lemmafit
 
-Formal verification for web apps.
+Make agents **prove** that their code is correct. 
 
-This package is under active development and not yet functional. We will be releasing soon. 
+Read our launch post: [Introducing lemmafit: A Verifier in the AI Loop](https://midspiral.com/blog/introducing-lemmafit-a-verifier-in-the-ai-loop/). 
 
-You can stay up to date at midspiral.com
+Lemmafit integrates [Dafny](https://dafny.org/) formal verification into your development workflow via [Claude Code](https://docs.anthropic.com/en/docs/claude-code). Business logic, state machines, and other logic are written in Dafny, mathematically verified, then auto-compiled to TypeScript for use in your React app.
 
-See the basis for the product on [GitHub](https://github.com/metareflection/dafny-replay).
+## Quick Start
+
+```bash
+# Install lemmafit globally
+npm install -g lemmafit
+
+# Create a new project
+lemmafit init PROJECT_NAME
+cd PROJECT_NAME
+
+# Install deps (downloads Dafny automatically)
+npm install
+
+# In one terminal, start the verification daemon
+npm run daemon
+
+# In another terminal, start the Vite dev server
+npm run dev
+
+# In a third terminal, open Claude Code
+claude
+```
+
+## Use Cases / Considerations
+
+- lemmafit works with greenfield projects only. You must begin a project with lemmafit. Support for existing codebases is in the pipeline. 
+
+- lemmafit compiles Dafny to Typescript which then hooks into a React app. In the future, we will support other languages and frameworks. 
+
+- lemmafit is optimized to work with Claude Code. In the future, lemmafit will be agent-agnostic. 
+
+## How It Works
+
+1. Prompt Claude Code as you normally would. You may use a simple starting prompt or a structured prompting system. 
+**Example: "Create a pomodoro app I can use personally and locally."** 
+2. The agent will write a `SPEC.yaml` and write verified logic in `lemmafit/dafny/Domain.dfy`
+3. The **daemon** watches `.dfy` files, runs `dafny verify`, and on success compiles to `src/dafny/Domain.cjs` + `src/dafny/app.ts`
+4. The agent will hook the generated TypeScript API into a React app — the logic is proven correct
+5. After proofs complete, run custom command in Claude Code `/guarantees` to activate claimcheck and generate a guarantees report
+
+## Project Structure
+
+```
+my-app/
+├── SPEC.yaml                    # Your requirements
+├── lemmafit/
+│   ├── dafny/
+│   │   └── Domain.dfy           # Your verified Dafny logic
+│   │   └── Replay.dfy           # Generic Replay kernel
+│   ├── .vibe/
+│   │   ├── config.json           # Project config
+│   │   ├── status.json           # Verification status (generated)
+│   │   └── claims.json           # Proof obligations (generated)
+│   └── reports/
+│       └── guarantees.md         # Guarantee report (generated)
+├── src/
+│   ├── dafny/
+│   │   ├── Domain.cjs            # Compiled JS (generated)
+│   │   └── app.ts                # TypeScript API (generated - DO NOT EDIT)
+│   ├── App.tsx                   # Your React app
+│   └── main.tsx
+├── .claude/                      # Hooks & settings (managed by lemmafit)
+└── package.json
+```
+
+## CLI
+
+```bash
+lemmafit init [dir]                # Create project from template
+lemmafit sync [dir]                # Re-sync system files (.claude/, hooks)
+lemmafit daemon [dir]              # Run verification daemon standalone
+lemmafit logs [dir]                # View daemon log
+lemmafit logs --clear [dir]        # Clear daemon log
+```
+
+## Updating
+
+System files sync automatically on install:
+
+```bash
+npm update lemmafit
+# postinstall re-syncs .claude/settings.json, hooks, and instructions
+```
+
+## Requirements
+
+- Node.js 18+
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) CLI
+
+Dafny and dafny2js are downloaded automatically during `npm install` to `~/.lemmafit/`.

package/blank-template/README.md

@@ -0,0 +1,3 @@
+# Verified App
+
+A lemmafit project using Dafny and React.

package/blank-template/SPEC.yaml

@@ -0,0 +1 @@
+entries: []

package/blank-template/index.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Verified App</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

package/blank-template/lemmafit/.vibe/config.json

@@ -0,0 +1,5 @@
+{
+  "entry": "lemmafit/dafny/Domain.dfy",
+  "appCore": "AppCore",
+  "outputName": "Domain"
+}

package/blank-template/lemmafit/dafny/Domain.dfy

@@ -0,0 +1,5 @@
+// Verified domain logic
+// This file is the source of truth for your app's state machine.
+// The daemon watches this file and recompiles on changes.
+
+include "Replay.dfy"

package/blank-template/lemmafit/dafny/Replay.dfy

@@ -0,0 +1,147 @@
+abstract module {:compile false} Domain {
+  type Model
+  type Action
+
+  ghost predicate Inv(m: Model)
+
+  function Init(): Model
+  function Apply(m: Model, a: Action): Model
+    requires Inv(m)
+  function Normalize(m: Model): Model
+
+  lemma InitSatisfiesInv()
+    ensures Inv(Init())
+
+  lemma StepPreservesInv(m: Model, a: Action)
+    requires Inv(m)
+    ensures Inv(Normalize(Apply(m,a)))
+}
+
+abstract module {:compile false} Kernel {
+  import D : Domain
+
+  function Step(m: D.Model, a: D.Action): D.Model
+  requires D.Inv(m)
+  {
+    D.Normalize(D.Apply(m, a))
+  }
+
+  function InitHistory(): History {
+    History([], D.Init(), [])
+  }
+
+  datatype History =
+    History(past: seq<D.Model>, present: D.Model, future: seq<D.Model>)
+
+  function Do(h: History, a: D.Action): History
+  requires D.Inv(h.present)
+  {
+    History(h.past + [h.present], Step(h.present, a), [])
+  }
+
+  // Apply action without recording to history (for live preview during drag)
+  function Preview(h: History, a: D.Action): History
+  requires D.Inv(h.present)
+  {
+    History(h.past, Step(h.present, a), h.future)
+  }
+
+  // Commit current state, recording baseline to history (for end of drag)
+  function CommitFrom(h: History, baseline: D.Model): History {
+    History(h.past + [baseline], h.present, [])
+  }
+
+  function Undo(h: History): History {
+    if |h.past| == 0 then h
+    else
+      var i := |h.past| - 1;
+      History(h.past[..i], h.past[i], [h.present] + h.future)
+  }
+
+  function Redo(h: History): History {
+    if |h.future| == 0 then h
+    else
+      History(h.past + [h.present], h.future[0], h.future[1..])
+  }
+
+  lemma DoPreservesInv(h: History, a: D.Action)
+    requires D.Inv(h.present)
+    ensures  D.Inv(Do(h, a).present)
+  {
+    D.StepPreservesInv(h.present, a);
+  }
+
+  ghost predicate HistInv(h: History) {
+    (forall i | 0 <= i < |h.past| :: D.Inv(h.past[i])) &&
+    D.Inv(h.present) &&
+    (forall j | 0 <= j < |h.future| :: D.Inv(h.future[j]))
+  }
+
+  lemma InitHistorySatisfiesInv()
+    ensures HistInv(InitHistory())
+  {
+    D.InitSatisfiesInv();
+  }
+
+  lemma UndoPreservesHistInv(h: History)
+    requires HistInv(h)
+    ensures  HistInv(Undo(h))
+  {
+  }
+
+  lemma RedoPreservesHistInv(h: History)
+    requires HistInv(h)
+    ensures  HistInv(Redo(h))
+  {
+  }
+
+  lemma DoPreservesHistInv(h: History, a: D.Action)
+    requires HistInv(h)
+    ensures  HistInv(Do(h, a))
+  {
+    D.StepPreservesInv(h.present, a);
+  }
+
+  lemma PreviewPreservesHistInv(h: History, a: D.Action)
+    requires HistInv(h)
+    ensures  HistInv(Preview(h, a))
+  {
+    D.StepPreservesInv(h.present, a);
+  }
+
+  lemma CommitFromPreservesHistInv(h: History, baseline: D.Model)
+    requires HistInv(h)
+    requires D.Inv(baseline)
+    ensures  HistInv(CommitFrom(h, baseline))
+  {
+  }
+
+  // proxy for linear undo: after a new action, there is no redo branch
+  lemma DoHasNoRedoBranch(h: History, a: D.Action)
+  requires HistInv(h)
+  ensures Redo(Do(h, a)) == Do(h, a)
+  {
+  }
+  // round-tripping properties
+  lemma UndoRedoRoundTrip(h: History)
+  requires |h.past| > 0
+  ensures Redo(Undo(h)) == h
+  {
+  }
+  lemma RedoUndoRoundTrip(h: History)
+  requires |h.future| > 0
+  ensures Undo(Redo(h)) == h
+  {
+  }
+  // idempotence at boundaries
+  lemma UndoAtBeginningIsNoOp(h: History)
+  requires |h.past| == 0
+  ensures Undo(h) == h
+  {
+  }
+  lemma RedoAtEndIsNoOp(h: History)
+  requires |h.future| == 0
+  ensures Redo(h) == h
+  {
+  }
+}

package/blank-template/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "verified-app",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "daemon": "lemmafit-daemon",
+    "build": "tsc && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "lemmafit": "^0.1.0",
+    "bignumber.js": "^9.1.2",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0"
+  },
+  "devDependencies": {
+    "@types/react": "^18.2.0",
+    "@types/react-dom": "^18.2.0",
+    "@vitejs/plugin-react": "^4.2.0",
+"typescript": "^5.3.0",
+    "vite": "^5.0.0"
+  }
+}

package/blank-template/src/App.css

@@ -0,0 +1,3 @@
+.app {
+  padding: 2rem;
+}

package/blank-template/src/App.tsx

@@ -0,0 +1,10 @@
+import './App.css'
+
+function App() {
+  return (
+    <div className="app">
+    </div>
+  )
+}
+
+export default App

package/blank-template/src/index.css

@@ -0,0 +1,29 @@
+:root {
+  font-family: Inter, system-ui, Avenir, Helvetica, Arial, sans-serif;
+  line-height: 1.5;
+  font-weight: 400;
+
+  color-scheme: light dark;
+  color: rgba(255, 255, 255, 0.87);
+  background-color: #242424;
+
+  font-synthesis: none;
+  text-rendering: optimizeLegibility;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+body {
+  margin: 0;
+  display: flex;
+  place-items: center;
+  min-width: 320px;
+  min-height: 100vh;
+}
+
+#root {
+  max-width: 1280px;
+  margin: 0 auto;
+  padding: 2rem;
+  text-align: center;
+}

package/blank-template/src/main.tsx

@@ -0,0 +1,10 @@
+import React from 'react'
+import ReactDOM from 'react-dom/client'
+import App from './App'
+import './index.css'
+
+ReactDOM.createRoot(document.getElementById('root')!).render(
+  <React.StrictMode>
+    <App />
+  </React.StrictMode>,
+)

package/blank-template/src/vite-env.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="vite/client" />
+
+declare module '*.cjs?raw' {
+  const content: string;
+  export default content;
+}

package/blank-template/template.gitignore

@@ -0,0 +1,3 @@
+node_modules/
+*~
+lemmafit/.vibe/daemon.sock

package/blank-template/tsconfig.json

@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx",
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["src"],
+  "references": [{ "path": "./tsconfig.node.json" }]
+}

package/blank-template/tsconfig.node.json

@@ -0,0 +1,11 @@
+{
+  "compilerOptions": {
+    "composite": true,
+    "skipLibCheck": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true,
+    "strict": true
+  },
+  "include": ["vite.config.js"]
+}

package/blank-template/vite.config.js

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+
+export default defineConfig({
+  plugins: [react()],
+  optimizeDeps: {
+    include: ['bignumber.js'],
+  },
+})

package/cli/context-hook.js

@@ -0,0 +1,103 @@
+#!/usr/bin/env node
+/**
+ * Claude Code UserPromptSubmit hook for lemmafit.
+ *
+ * Reads lemmafit/.vibe/status.json and writes it to stdout so Claude
+ * sees the current verification status before processing every prompt.
+ *
+ * Hook receives JSON on stdin with { "cwd": "..." }
+ */
+
+const path = require('path');
+const fs = require('fs');
+const { initLog, log } = require('../lib/log');
+
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  return Buffer.concat(chunks).toString('utf8');
+}
+
+function findProjectRoot(dir) {
+  let current = dir;
+  while (current !== path.dirname(current)) {
+    if (fs.existsSync(path.join(current, 'lemmafit'))) {
+      return current;
+    }
+    current = path.dirname(current);
+  }
+  return null;
+}
+
+async function main() {
+  const input = await readStdin();
+
+  let hookData;
+  try {
+    hookData = JSON.parse(input);
+  } catch {
+    process.exit(0);
+  }
+
+  const cwd = hookData.cwd;
+  if (!cwd) {
+    process.exit(0);
+  }
+
+  const projectDir = findProjectRoot(cwd);
+  if (!projectDir) {
+    process.exit(0);
+  }
+
+  initLog(projectDir);
+  log('context', 'Injecting status into prompt');
+
+  const statusPath = path.join(projectDir, 'lemmafit', '.vibe', 'status.json');
+  let status;
+  try {
+    status = JSON.parse(fs.readFileSync(statusPath, 'utf8'));
+  } catch {
+    log('context', 'status.json missing or unreadable');
+    const context = `<lemmafit-status>
+{ "state": "unavailable", "error": "status.json missing or unreadable — is the daemon running?" }
+</lemmafit-status>`;
+    console.log(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'UserPromptSubmit',
+        additionalContext: context,
+      }
+    }));
+    process.exit(0);
+  }
+
+  // Inject status with full spec queue items so Claude can act on them directly
+  const summary = {
+    state: status.state,
+    compiled: status.compiled,
+    lastCompiled: status.lastCompiled,
+    timestamp: status.timestamp,
+    files: status.files,
+    axioms: status.axioms,
+    compileError: status.compileError || undefined,
+    specQueue: status.specQueue || [],
+  };
+
+  const context = `<lemmafit-status>
+${JSON.stringify(summary, null, 2)}
+</lemmafit-status>
+<lemmafit-status-file>${statusPath}</lemmafit-status-file>`;
+
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'UserPromptSubmit',
+      additionalContext: context,
+    }
+  }));
+}
+
+main().catch((err) => {
+  console.error('Context hook error:', err.message);
+  process.exit(1);
+});

package/cli/daemon.js

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+/**
+ * Lemmafit daemon CLI - watches and verifies Dafny files.
+ *
+ * Usage:
+ *   lemmafit-daemon [project-dir] [--once]
+ */
+
+const path = require('path');
+const { Daemon } = require('../lib/daemon');
+
+const args = process.argv.slice(2);
+const projectDir = args.find(a => !a.startsWith('-')) || '.';
+const once = args.includes('--once');
+
+const daemon = new Daemon(projectDir);
+
+if (once) {
+  daemon.runOnce().then((result) => {
+    process.exit(result.verified && result.compiled ? 0 : 1);
+  });
+} else {
+  daemon.watch();
+}