lemmafit 0.1.0 → 0.2.1

package/README.md

@@ -1,8 +1,10 @@
 # lemmafit
 
-Make agents **prove** that their code is correct.
+Make agents **prove** that their code is correct. 
 
-Lemmafit integrates [Dafny](https://dafny.org/) formal verification into your development workflow via [Claude Code](https://docs.anthropic.com/en/docs/claude-code). Business logic, state machines, and other logic is written in Dafny, mathematically verified, then auto-compiled to TypeScript for use in your React app.
+Read our launch post: [Introducing lemmafit: A Verifier in the AI Loop](https://midspiral.com/blog/introducing-lemmafit-a-verifier-in-the-ai-loop/). 
+
+Lemmafit integrates [Dafny](https://dafny.org/) formal verification into your development workflow via [Claude Code](https://docs.anthropic.com/en/docs/claude-code). Business logic, state machines, and other logic are written in Dafny, mathematically verified, then auto-compiled to TypeScript for use in your React app.
 
 ## Quick Start
 
@@ -29,9 +31,9 @@ claude
 
 ## Use Cases / Considerations
 
-- lemmafit works with greenfield projects only. You must begin a project with lemmafit. Support for existing codebases is in the pipeline. 
+- lemmafit works with greenfield projects. You typically begin a project with `lemmafit init` though `lemmafit add` provides rudimentary support for existing codebases.
 
-- lemmafit compiles Dafny to Typescript which then hooks into a React app. In the future, we will support other languages and frameworks. 
+- lemmafit compiles Dafny to Javascript/Typescript which then hooks into a runtime like a React app. In the future, we will support other languages.
 
 - lemmafit is optimized to work with Claude Code. In the future, lemmafit will be agent-agnostic. 
 
@@ -42,7 +44,7 @@ claude
 2. The agent will write a `SPEC.yaml` and write verified logic in `lemmafit/dafny/Domain.dfy`
 3. The **daemon** watches `.dfy` files, runs `dafny verify`, and on success compiles to `src/dafny/Domain.cjs` + `src/dafny/app.ts`
 4. The agent will hook the generated TypeScript API into a React app — the logic is proven correct
-5. After proofs complete, run custom command in Claude Code `/guarantees` to activate claimcheck and generate a guarantees report
+5. After proofs complete, run the `/guarantees` skill to activate claimcheck and generate a guarantees report
 
 ## Project Structure
 
@@ -55,6 +57,7 @@ my-app/
 │   │   └── Replay.dfy           # Generic Replay kernel
 │   ├── .vibe/
 │   │   ├── config.json           # Project config
+│   │   ├── modules.json          # Module registry (for multi-module projects)
 │   │   ├── status.json           # Verification status (generated)
 │   │   └── claims.json           # Proof obligations (generated)
 │   └── reports/
@@ -73,6 +76,7 @@ my-app/
 
 ```bash
 lemmafit init [dir]                # Create project from template
+lemmafit add [Name]                # Add a verified module to an existing project
 lemmafit sync [dir]                # Re-sync system files (.claude/, hooks)
 lemmafit daemon [dir]              # Run verification daemon standalone
 lemmafit logs [dir]                # View daemon log

package/blank-template/package.json

@@ -19,7 +19,7 @@
     "@types/react": "^18.2.0",
     "@types/react-dom": "^18.2.0",
     "@vitejs/plugin-react": "^4.2.0",
-"typescript": "^5.3.0",
+    "typescript": "^5.3.0",
     "vite": "^5.0.0"
   }
 }

package/cli/download-dafny2js.js

@@ -10,7 +10,7 @@ const path = require('path');
 const { execSync } = require('child_process');
 const os = require('os');
 
-const DAFNY2JS_VERSION = '0.9.1';
+const DAFNY2JS_VERSION = '0.9.5';
 
 const PLATFORM_RIDS = {
   'darwin-arm64': 'osx-arm64',

package/cli/generate-guarantees-md.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 /**
- * Generates lemmafit/.vibe/guarantees.md deterministically from:
- *   - lemmafit/.vibe/guarantees.json (claim-to-spec mapping)
+ * Generates reports/guarantees.md deterministically from:
+ *   - reports/guarantees.json (claim-to-spec mapping)
  *   - lemmafit/.vibe/claimcheck.json (claimcheck results, optional)
  *   - SPEC.yaml (for trusted entries and group info)
  *

package/cli/lemmafit.js

@@ -6,6 +6,10 @@
  *   lemmafit init [dir]                   - Initialize a new lemmafit project (blank)
  *   lemmafit init --template <name> [dir] - Initialize from a named template
  *   lemmafit init --server <url|none> [dir] - Use a custom server (default: none)
+ *   lemmafit add [Name]                   - Add a verified module (or just bootstrap infrastructure)
+ *   lemmafit add <Name> --null-options    - Add with Option<T> → T | null mapping
+ *   lemmafit add <Name> --no-json-api     - Add without JSON marshalling
+ *   lemmafit add <Name> --target <target> - Set compilation target (client|node|inline|deno|cloudflare)
  *   lemmafit sync [dir]     - Sync system files from current package version
  *   lemmafit daemon [dir]   - Run the verification daemon
  *   lemmafit logs [dir]     - View the dev log
@@ -95,7 +99,8 @@ function initProject(targetDir, templateName, serverBase) {
   }
   config.secret = secret;
   if (serverBase.toLowerCase() !== 'none') {
-    const serverWsUrl = `${serverBase}/ws?project=${encodeURIComponent(projectName)}`;
+    const sep = serverBase.includes('?') ? '&' : '?';
+    const serverWsUrl = `${serverBase}${sep}project=${encodeURIComponent(projectName)}`;
     config.server = serverWsUrl;
   }
   fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
@@ -117,6 +122,116 @@ function initProject(targetDir, templateName, serverBase) {
   console.log('');
 }
 
+function addModule(targetDir, moduleName, options = {}) {
+  const absTarget = path.resolve(targetDir);
+
+  const lemmafitDir = path.join(absTarget, 'lemmafit');
+  const vibeDir = path.join(lemmafitDir, '.vibe');
+  const dafnyDir = path.join(lemmafitDir, 'dafny');
+  const configPath = path.join(vibeDir, 'config.json');
+  const modulesPath = path.join(vibeDir, 'modules.json');
+  const isFirstRun = !fs.existsSync(lemmafitDir);
+
+  // First run: bootstrap lemmafit infrastructure
+  if (isFirstRun) {
+    console.log('First lemmafit module — bootstrapping infrastructure...');
+    fs.mkdirSync(dafnyDir, { recursive: true });
+    fs.mkdirSync(vibeDir, { recursive: true });
+
+    // Minimal config (no entry/appCore since we use modules.json)
+    fs.writeFileSync(configPath, JSON.stringify({}, null, 2) + '\n');
+
+    // Empty modules array
+    fs.writeFileSync(modulesPath, JSON.stringify([], null, 2) + '\n');
+
+    // Sync .claude/ system files
+    syncProject(absTarget);
+
+    // Add lemmafit as devDependency and daemon script to package.json
+    // Create a minimal package.json if one doesn't exist
+    const pkgJsonPath = path.join(absTarget, 'package.json');
+    if (!fs.existsSync(pkgJsonPath)) {
+      const dirName = path.basename(absTarget);
+      fs.writeFileSync(pkgJsonPath, JSON.stringify({
+        name: dirName,
+        private: true
+      }, null, 2) + '\n');
+      console.log('  Created package.json');
+    }
+    const pkg = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf8'));
+    if (!pkg.devDependencies) pkg.devDependencies = {};
+    if (!pkg.devDependencies.lemmafit && !(pkg.dependencies && pkg.dependencies.lemmafit)) {
+      const lemmaPackageDir = path.resolve(__dirname, '..');
+      const relPath = path.relative(absTarget, lemmaPackageDir);
+      pkg.devDependencies.lemmafit = `file:${relPath}`;
+    }
+    if (!pkg.scripts) pkg.scripts = {};
+    if (!pkg.scripts.daemon) {
+      pkg.scripts.daemon = 'lemmafit daemon';
+    }
+    fs.writeFileSync(pkgJsonPath, JSON.stringify(pkg, null, 2) + '\n');
+
+    console.log('  Created lemmafit/dafny/');
+    console.log('  Created lemmafit/.vibe/config.json');
+    console.log('  Created lemmafit/.vibe/modules.json');
+    console.log('  Synced .claude/ system files');
+    console.log('');
+  }
+
+  if (!moduleName) return;
+
+  // Load existing modules
+  let modules = [];
+  if (fs.existsSync(modulesPath)) {
+    try { modules = JSON.parse(fs.readFileSync(modulesPath, 'utf8')); } catch {}
+  }
+
+  // Check for duplicate
+  if (modules.some(m => m.outputName === moduleName)) {
+    console.error(`Error: Module '${moduleName}' already exists in modules.json`);
+    process.exit(1);
+  }
+
+  // Scaffold the Dafny file
+  const dafnyFile = path.join(dafnyDir, `${moduleName}.dfy`);
+  if (fs.existsSync(dafnyFile)) {
+    console.error(`Error: ${path.relative(absTarget, dafnyFile)} already exists`);
+    process.exit(1);
+  }
+
+  const dafnyContent = `module ${moduleName} {
+  // Your verified logic here
+}
+`;
+  fs.mkdirSync(dafnyDir, { recursive: true });
+  fs.writeFileSync(dafnyFile, dafnyContent);
+
+  // Add entry to modules.json
+  const moduleEntry = {
+    entry: `lemmafit/dafny/${moduleName}.dfy`,
+    appCore: moduleName,
+    outputName: moduleName,
+    jsonApi: options.jsonApi !== false,
+    nullOptions: options.nullOptions || false
+  };
+  if (options.target) moduleEntry.target = options.target;
+  modules.push(moduleEntry);
+  fs.writeFileSync(modulesPath, JSON.stringify(modules, null, 2) + '\n');
+
+  // Print results
+  console.log(`  Created lemmafit/dafny/${moduleName}.dfy`);
+  console.log(`  Added to lemmafit/.vibe/modules.json`);
+  console.log('');
+  console.log(`  Next: write your verified logic in ${moduleName}.dfy`);
+  console.log(`  The daemon will compile it to src/dafny/${moduleName}.ts`);
+  console.log(`  Import with: import ${moduleName} from './src/dafny/${moduleName}.ts'`);
+  console.log('');
+  if (modules.length > 1) {
+    console.log(`  Modules: ${modules.map(m => m.outputName).join(', ')}`);
+    console.log('');
+  }
+}
+
 function showLogs(targetDir, clear) {
   const absTarget = path.resolve(targetDir);
   const logPath = path.join(absTarget, 'lemmafit', 'logs', 'lemmafit.log');
@@ -197,21 +312,41 @@ function runDaemon(targetDir) {
 const args = process.argv.slice(2);
 const command = args[0];
 const clearFlag = args.includes('--clear');
+const nullOptionsFlag = args.includes('--null-options');
+const noJsonApiFlag = args.includes('--no-json-api');
+const targetIdx = args.indexOf('--target');
+const targetFlag = targetIdx !== -1 ? args[targetIdx + 1] : null;
 const templateIdx = args.indexOf('--template');
 const templateName = templateIdx !== -1 ? args[templateIdx + 1] : DEFAULT_TEMPLATE;
 const serverIdx = args.indexOf('--server');
 const serverBase = serverIdx !== -1 ? args[serverIdx + 1] : DEFAULT_SERVER;
 const positionalArgs = args.filter((a, i) =>
   a !== '--clear' && a !== '--template' && a !== '--server' &&
+  a !== '--null-options' && a !== '--no-json-api' && a !== '--target' &&
+  (targetIdx === -1 || i !== targetIdx + 1) &&
   (templateIdx === -1 || i !== templateIdx + 1) &&
   (serverIdx === -1 || i !== serverIdx + 1)
 ).slice(1);
-const target = positionalArgs[0] || '.';
+let addModuleName = null;
+let target;
+if (command === 'add') {
+  addModuleName = positionalArgs[0] || null;
+  target = '.';
+} else {
+  target = positionalArgs[0] || '.';
+}
 
 switch (command) {
   case 'init':
     initProject(target, templateName, serverBase);
     break;
+  case 'add':
+    addModule(target, addModuleName, {
+      jsonApi: !noJsonApiFlag,
+      nullOptions: nullOptionsFlag,
+      target: targetFlag
+    });
+    break;
   case 'sync':
     syncProject(target);
     break;
@@ -232,7 +367,11 @@ switch (command) {
     console.log('Usage:');
     console.log('  lemmafit init [dir]                   - Create a new project (blank template)');
     console.log('  lemmafit init --template <name> [dir] - Create from a named template');
-    console.log('  lemmafit init --server <url> [dir]      - Use a custom server (default: none)');
+    console.log('  lemmafit init --server <url> [dir]    - Use a custom server (default: none)');
+    console.log('  lemmafit add [Name]                    - Add a verified module (or just bootstrap infrastructure)');
+    console.log('  lemmafit add <Name> --null-options     - Add with Option<T> → T | null mapping');
+    console.log('  lemmafit add <Name> --no-json-api      - Add without JSON marshalling');
+    console.log('  lemmafit add <Name> --target <target>  - Set compilation target (client|node|inline|deno|cloudflare)');
     console.log('  lemmafit sync [dir]          - Sync system files from package');
     console.log('  lemmafit daemon [dir]        - Run the verification daemon');
     console.log('  lemmafit dashboard [dir]     - Open the dashboard in a browser');

package/cli/sync.js

@@ -30,9 +30,9 @@ const SETTINGS = {
       "Read(src/dafny/**)",
       "Read(node_modules/lemmafit/docs/**)",
       "Edit(SPEC.yaml)",
-      "Edit(lemmafit/dafny/Domain.dfy)",
+      "Edit(lemmafit/dafny/*.dfy)",
       "Write(SPEC.yaml)",
-      "Write(lemmafit/dafny/**)",
+      "Write(lemmafit/dafny/*.dfy)",
       // Common build/dev commands
       "Bash(npm run build:*)",
       "Bash(npm run dev:*)",
@@ -110,19 +110,6 @@ function syncProject(targetDir) {
     fs.writeFileSync(claudeMdPath, POINTER_LINE + '\n');
   }
 
-  // Sync .claude/commands/ from package
-  const srcCommands = path.join(__dirname, '..', 'commands');
-  if (fs.existsSync(srcCommands)) {
-    const commandsDir = path.join(claudeDir, 'commands');
-    fs.mkdirSync(commandsDir, { recursive: true });
-    for (const file of fs.readdirSync(srcCommands)) {
-      fs.copyFileSync(
-        path.join(srcCommands, file),
-        path.join(commandsDir, file)
-      );
-    }
-  }
-
   // Sync .claude/skills/ from package
   const srcSkills = path.join(__dirname, '..', 'skills');
   if (fs.existsSync(srcSkills)) {

package/docs/CLAUDE_INSTRUCTIONS.md

@@ -19,6 +19,40 @@ Before writing code, ask yourself: "Is any part of this code verifiable?" Verifi
 - `src/App.tsx` - React app that uses the verified API
 - `lemmafit/.vibe/status.json` - Current verification status
 - `lemmafit/.vibe/logic-surface.json` - Logic interface/API
+- `lemmafit/.vibe/modules.json` - Multi-module configuration (optional, see below)
+
+## Multi-Module Projects
+
+By default, lemmafit uses a single Dafny module with the Replay kernel pattern (Domain.dfy → app.ts). For projects that need multiple independent verified modules, create `lemmafit/.vibe/modules.json`:
+
+```json
+[
+  {
+    "entry": "lemmafit/dafny/Workflow.dfy",
+    "appCore": "Workflow",
+    "outputName": "Workflow",
+    "jsonApi": true
+  },
+  {
+    "entry": "lemmafit/dafny/Validation.dfy",
+    "appCore": "Validation",
+    "outputName": "Validation",
+    "jsonApi": true,
+    "nullOptions": true,
+    "target": "node"
+  }
+]
+```
+
+When `modules.json` exists:
+- Each module is compiled independently to `src/dafny/{outputName}.cjs` and `src/dafny/{outputName}.ts`
+- Each module is its own AppCore (no separate AppCore module needed)
+- `jsonApi: true` enables full JSON marshalling (plain types in/out, no Dafny runtime types)
+- `nullOptions: true` maps `Option<T>` to `T | null` at the boundary
+- `target` sets the dafny2js compilation target (default: `"client"`). Valid values: `"client"` (browser/React), `"node"` (Node.js, uses `fs.readFileSync`), `"inline"` (universal, inlines .cjs code), `"deno"` (Deno adapter), `"cloudflare"` (Cloudflare Workers adapter)
+- Modules don't know about each other — write a thin TypeScript glue file to connect them
+- The glue file is unverified but should be minimal and auditable
+- Prefer returning result types with verified error messages over boolean predicates — the UI can display them directly without duplicating logic
 
 ## Available Skills
 
@@ -26,6 +60,10 @@ Before writing code, ask yourself: "Is any part of this code verifiable?" Verifi
  - `lemmafit-proofs`: Load this skill before writing or editing lemmas
  - `lemmafit-react-pattern`: Load this skill before writing React 
  - `lemmafit-spec`: Load this skill when user asks to add or edit feature, and before writing or editing the spec.yaml file 
+ - `lemmafit-guarantees`: Load this skill to generate a human-readable guarantees report from proven Dafny code and verify claims with claimcheck
+ - `lemmafit-pre-react-audits`: Load this skill before writing React to audit proof strength and catch unverified logic
+ - `lemmafit-post-react-audit`: Load this skill after writing React to catch effect-free logic that should be in Dafny
+
 
 If you try to read any of these files and they are missing, alert the user. 
 
@@ -51,7 +89,7 @@ Load lemmafit-dafny skill before writing or editing any Dafny.
 Write `.dfy` files in `lemmafit/dafny/` that formalize the verifiable spec entries. 
 
 A hook runs automatically after you write any `.dfy` file — it verifies and compiles immediately. You must wait for a response from the daemon before moving forward. The response will be one of two:
-- `✓ Verified and compiled` — success, spec queue auto-cleared, `src/dafny/app.ts` regenerated
+- `✓ Verified and compiled` — success, spec queue auto-cleared, wrappers regenerated (`src/dafny/app.ts` or per-module `src/dafny/{name}.ts`)
 - `✗ Verification failed` — fix the errors shown and write the file again
 
 Do not move to the next step until verification passes (verified and compiled).
@@ -76,7 +114,7 @@ Iterate on Steps 4 and 5 until audit returns only minor findings.
 ## Step 6: Write React code
 Load lemmafit-react-pattern skill before writing React code. 
 
-Only after verification passes. The auto-generated API is at `src/dafny/app.ts` (never edit this file).
+Only after verification passes. The auto-generated API is at `src/dafny/app.ts` (single-module) or `src/dafny/{name}.ts` (multi-module). Never edit generated files.
 
 - Create hooks in `src/hooks/` that wrap `Api.Init`, `Api.Dispatch`, `Api.Present`
 - Create components in `src/components/` that receive data/callbacks via props

package/lib/daemon.js

@@ -38,6 +38,8 @@ class Daemon {
 
     // Load or create config
     this.config = this.loadConfig();
+    this.modulesPath = path.join(this.vibeDir, 'modules.json');
+    this.modules = this.loadModules();
 
     // WS relay state (only active when config.server is set)
     this.relayWs = null;
@@ -96,6 +98,27 @@ class Daemon {
     return defaultConfig;
   }
 
+  loadModules() {
+    if (fs.existsSync(this.modulesPath)) {
+      try {
+        const modules = JSON.parse(fs.readFileSync(this.modulesPath, 'utf8'));
+        if (Array.isArray(modules) && modules.length > 0) {
+          return modules;
+        }
+      } catch {}
+    }
+    // Fall back to single-module from config.json
+    return [{
+      entry: this.config.entry,
+      appCore: this.config.appCore,
+      outputName: this.config.outputName
+    }];
+  }
+
+  isMultiModule() {
+    return fs.existsSync(this.modulesPath);
+  }
+
   readSpecFile() {
     const specPath = path.join(this.projectDir, 'SPEC.yaml');
     if (!fs.existsSync(specPath)) return null;
@@ -203,6 +226,10 @@ class Daemon {
         hash.update(fs.readFileSync(file, 'utf8'));
       } catch {}
     }
+    // Include modules.json so config changes trigger recompilation
+    try {
+      hash.update(fs.readFileSync(this.modulesPath, 'utf8'));
+    } catch {}
     return hash.digest('hex');
   }
 
@@ -350,15 +377,33 @@ class Daemon {
   }
 
   async compile() {
-    const entryPath = path.join(this.projectDir, this.config.entry);
+    // Reload modules in case modules.json was created/changed
+    this.modules = this.loadModules();
+
+    const errors = [];
+    for (const mod of this.modules) {
+      const result = await this.compileModule(mod);
+      if (!result.success) {
+        errors.push(`${mod.outputName}: ${result.error}`);
+      }
+    }
+
+    if (errors.length > 0) {
+      return { success: false, error: errors.join('\n') };
+    }
+    return { success: true };
+  }
+
+  async compileModule(mod) {
+    const entryPath = path.join(this.projectDir, mod.entry);
     if (!fs.existsSync(entryPath)) {
-      return { success: false, error: `Entry file not found: ${this.config.entry}` };
+      return { success: false, error: `Entry file not found: ${mod.entry}` };
     }
 
     const generatedDir = path.join(this.projectDir, 'generated');
     fs.mkdirSync(generatedDir, { recursive: true });
 
-    const outputBase = path.join(generatedDir, this.config.outputName);
+    const outputBase = path.join(generatedDir, mod.outputName);
 
     // Step 1: dafny translate js
     const translateResult = await this.runCommand(this.dafnyPath, [
@@ -379,22 +424,38 @@ class Daemon {
       return { success: false, error: `Generated JS not found: ${generatedJs}` };
     }
 
-    const targetCjs = path.join(this.srcDafnyDir, `${this.config.outputName}.cjs`);
+    const outputDir = mod.outputDir
+      ? path.resolve(this.projectDir, mod.outputDir)
+      : this.srcDafnyDir;
+    fs.mkdirSync(outputDir, { recursive: true });
+
+    const targetCjs = path.join(outputDir, `${mod.outputName}.cjs`);
     fs.copyFileSync(generatedJs, targetCjs);
 
-    // Step 3: Run dafny2js to generate app.ts
+    // Step 3: Run dafny2js to generate wrapper
     if (!fs.existsSync(this.dafny2jsBin)) {
       return { success: false, error: `dafny2js not found at ${this.dafny2jsBin}` };
     }
 
-    const appTsPath = path.join(this.srcDafnyDir, 'app.ts');
+    // Multi-module: each module gets its own {outputName}.ts
+    // Single-module (backward compat): output is app.ts
+    const wrapperName = this.isMultiModule()
+      ? `${mod.outputName}.ts`
+      : 'app.ts';
+    const wrapperPath = path.join(outputDir, wrapperName);
 
-    const dafny2jsResult = await this.runCommand(this.dafny2jsBin, [
+    const targetFlag = `--${mod.target || 'client'}`;
+    const dafny2jsArgs = [
       '--file', entryPath,
-      '--app-core', this.config.appCore,
-      '--cjs-name', `${this.config.outputName}.cjs`,
-      '--client', appTsPath
-    ]);
+      '--app-core', mod.appCore,
+      '--cjs-name', `${mod.outputName}.cjs`,
+      targetFlag, wrapperPath
+    ];
+
+    if (mod.jsonApi) dafny2jsArgs.push('--json-api');
+    if (mod.nullOptions) dafny2jsArgs.push('--null-options');
+
+    const dafny2jsResult = await this.runCommand(this.dafny2jsBin, dafny2jsArgs);
 
     if (dafny2jsResult.code !== 0) {
       return { success: false, error: `dafny2js failed: ${dafny2jsResult.stderr || dafny2jsResult.stdout}` };
@@ -404,60 +465,69 @@ class Daemon {
   }
 
   async extractClaims() {
-    const entryPath = path.join(this.projectDir, this.config.entry);
-    if (!fs.existsSync(entryPath)) {
-      return { success: false, error: `Entry file not found: ${this.config.entry}` };
-    }
-
     const claimsPath = path.join(this.vibeDir, 'claims.json');
+    const allClaims = { axioms: [], lemmas: [], predicates: [], functions: [] };
 
-    const result = await this.runCommand(this.dafny2jsBin, [
-      '--file', entryPath,
-      '--claims'
-    ]);
-
-    if (result.code !== 0) {
-      return { success: false, error: `claims extraction failed: ${result.stderr || result.stdout}` };
-    }
+    for (const mod of this.modules) {
+      const entryPath = path.join(this.projectDir, mod.entry);
+      if (!fs.existsSync(entryPath)) continue;
 
-    // Parse and write claims.json
-    try {
-      const claims = JSON.parse(result.stdout);
-      fs.writeFileSync(claimsPath, JSON.stringify(claims, null, 2));
+      const result = await this.runCommand(this.dafny2jsBin, [
+        '--file', entryPath,
+        '--claims'
+      ]);
 
-      // Generate ASSUMPTIONS.md from axioms
-      this.generateAssumptions(claims);
+      if (result.code !== 0) {
+        return { success: false, error: `claims extraction failed for ${mod.outputName}: ${result.stderr || result.stdout}` };
+      }
 
-      return { success: true, claims };
-    } catch (err) {
-      return { success: false, error: `Failed to parse claims JSON: ${err.message}` };
+      try {
+        const claims = JSON.parse(result.stdout);
+        for (const key of Object.keys(allClaims)) {
+          if (claims[key]) allClaims[key].push(...claims[key]);
+        }
+      } catch (err) {
+        return { success: false, error: `Failed to parse claims JSON for ${mod.outputName}: ${err.message}` };
+      }
     }
+
+    fs.writeFileSync(claimsPath, JSON.stringify(allClaims, null, 2));
+    this.generateAssumptions(allClaims);
+    return { success: true, claims: allClaims };
   }
 
   async extractLogicSurface() {
-    const entryPath = path.join(this.projectDir, this.config.entry);
-    if (!fs.existsSync(entryPath)) {
-      return { success: false, error: `Entry file not found: ${this.config.entry}` };
-    }
+    const allSurfaces = [];
 
-    const result = await this.runCommand(this.dafny2jsBin, [
-      '--file', entryPath,
-      '--logic-surface',
-      '--app-core', this.config.appCore || 'AppCore'
-    ]);
+    for (const mod of this.modules) {
+      const entryPath = path.join(this.projectDir, mod.entry);
+      if (!fs.existsSync(entryPath)) continue;
 
-    if (result.code !== 0) {
-      return { success: false, error: `logic surface extraction failed: ${result.stderr || result.stdout}` };
-    }
+      const result = await this.runCommand(this.dafny2jsBin, [
+        '--file', entryPath,
+        '--logic-surface',
+        '--app-core', mod.appCore
+      ]);
 
-    try {
-      const surface = JSON.parse(result.stdout);
-      const surfacePath = path.join(this.vibeDir, 'logic-surface.json');
-      fs.writeFileSync(surfacePath, JSON.stringify(surface, null, 2));
-      return { success: true, surface };
-    } catch (err) {
-      return { success: false, error: `Failed to parse logic surface JSON: ${err.message}` };
+      if (result.code !== 0) {
+        return { success: false, error: `logic surface extraction failed for ${mod.outputName}: ${result.stderr || result.stdout}` };
+      }
+
+      try {
+        const surface = JSON.parse(result.stdout);
+        surface._module = mod.outputName;
+        allSurfaces.push(surface);
+      } catch (err) {
+        return { success: false, error: `Failed to parse logic surface JSON for ${mod.outputName}: ${err.message}` };
+      }
     }
+
+    // Single module: write surface directly (backward compat)
+    // Multi-module: write array of surfaces
+    const output = allSurfaces.length === 1 ? allSurfaces[0] : allSurfaces;
+    const surfacePath = path.join(this.vibeDir, 'logic-surface.json');
+    fs.writeFileSync(surfacePath, JSON.stringify(output, null, 2));
+    return { success: true, surface: output };
   }
 
   generateAssumptions(claims) {
@@ -765,7 +835,11 @@ class Daemon {
     console.log(`Lemmafit daemon watching: ${this.projectDir}`);
     console.log(`  Dafny files: ${this.dafnyDir}`);
     console.log(`  Status: ${this.statusPath}`);
-    console.log(`  Entry: ${this.config.entry}`);
+    if (this.isMultiModule()) {
+      console.log(`  Modules: ${this.modules.map(m => m.outputName).join(', ')}`);
+    } else {
+      console.log(`  Entry: ${this.config.entry}`);
+    }
     console.log(`  Dafny: ${this.dafnyPath}`);
     if (this.config.server) {
       console.log(`  Relay: ${this.config.server}`);

package/package.json

@@ -15,14 +15,13 @@
     "verified",
     "proof"
   ],
-  "version": "0.1.0",
+  "version": "0.2.1",
   "type": "commonjs",
   "files": [
     "cli/",
     "lib/",
     "docs/",
     "skills/",
-    "commands/",
     "kernels/",
     "blank-template/"
   ],
@@ -40,9 +39,9 @@
     "postinstall": "node ./cli/sync.js && node ./cli/download-dafny2js.js && node ./lib/download-dafny.js"
   },
   "dependencies": {
+    "claimcheck": "^0.2.0",
     "js-yaml": "^4.1.1",
-    "ws": "^8.18.0",
-    "claimcheck": "0.1.0"
+    "ws": "^8.18.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/skills/lemmafit-dafny/SKILL.md

@@ -6,7 +6,7 @@ description: Dafny code patterns and reference for lemmafit apps. Use when writi
 # Lemmafit Dafny
 
 ## When to Write Code in Dafny
-- ALL `verifiable:true` entries in the spec MUST be written in Dafny (do not write verifiable code directly in JavaScript or TypeSscript)
+- ALL `verifiable:true` entries in the spec MUST be written in Dafny (do not write verifiable code directly in JavaScript or TypeScript)
 
 ## Dafny Pattern Example
 

package/{commands/guarantees.md → skills/lemmafit-guarantees/SKILL.md}

@@ -1,10 +1,15 @@
+---
+name: lemmafit-guarantees
+description: Generate human-readable guarantees from proven Dafny code and verify them with claimcheck. Use after verification succeeds and SPEC.yaml is in sync with Dafny. Produces guarantees.json, claimcheck-mapping.json, runs claimcheck-multi, and generates guarantees.md report.
+---
+
 # Generate Guarantees and Run Claimcheck
 
 You are generating human-readable guarantees from proven Dafny code and verifying them with claimcheck.
 
 ## Step 0: Make sure the state of the project is verified
 
-Check `lemmafit/.vibe/status.json` for the current verification status.
+Check your context for verification status of the project.
 
 ## Step 1: Read project data
 
@@ -35,7 +40,7 @@ Analyze the claims from `claims.json` and map them to spec entries from `SPEC.ya
 
 ## Step 3: Write guarantees.json
 
-Write `lemmafit/.vibe/guarantees.json` with this format:
+Write `reports/guarantees.json` with this format:
 
 ```json
 {
@@ -117,15 +122,15 @@ Parse the claimcheck results and report:
 - **Disputed** — a discrepancy was found. Show the `discrepancy` text and `weakeningType` (tautology, weakened-postcondition, narrowed-scope, wrong-property).
 - **Error** — lemma not found in source. Check the lemmaName.
 
-**If any claims are disputed:** Suggest specific fixes to the Dafny code or the requirement text. If the user agrees, make the fixes, wait for re-verification, and re-run the guarantees process. 
+**If any claims are disputed:** Suggest specific fixes to the Dafny code or the requirement text. If the user agrees, make the fixes, wait for re-verification, and re-run the guarantees process.
 
 ## Step 8: Ensure all files up to date
 
-Once iteration is complete, compare `claimcheck-mapping.json` with `guarantees.json` to ensure they contain equivalent information. If there's a discrepancy, trace back to the Dafny code to find which is most accurate. Adjust the relevant file accordingly and re-run `/guarantees` command. Once confirmed, report that the files are in sync.  
+Once iteration is complete, compare `claimcheck-mapping.json` with `guarantees.json` to ensure they contain equivalent information. If there's a discrepancy, trace back to the Dafny code to find which is most accurate. Adjust the relevant file accordingly and re-run `/guarantees` command. Once confirmed, report that the files are in sync.
 
 ## Step 9: Generate guarantees.md via the script
 
-Do this only after Step 9 confirms that `claimcheck-mapping.json` and `guarantees.json` are in sync.  
+Do this only after Step 8 confirms that `claimcheck-mapping.json` and `guarantees.json` are in sync.
 
 Run the deterministic report generator:
 
@@ -133,6 +138,6 @@ Run the deterministic report generator:
 npx lemmafit-generate-guarantees
 ```
 
-This reads `lemmafit/.vibe/guarantees.json`, `lemmafit/.vibe/claimcheck.json`, and `SPEC.yaml` and writes `lemmafit/.vibe/guarantees.md`. Do NOT write this file manually — always use the script so the report matches the JSON exactly.
+This reads `reports/guarantees.json`, `reports/claimcheck.json`, and `SPEC.yaml` and writes `reports/guarantees.md`. Do NOT write this file manually — always use the script so the report matches the JSON exactly.
 
-Report to the user: "A report of your app's guarantees has been generated in lemmafit/reports/guarantees.md" 
+Report to the user: "A report of your app's guarantees has been generated in lemmafit/reports/guarantees.md"

package/skills/lemmafit-spec/SKILL.md

@@ -39,7 +39,7 @@ SPEC.yaml is a structured YAML file with an `entries` list. Each entry has:
 - `depends_on` — list of spec IDs this entry depends on
 - `verifiable` — whether this can be proven in Dafny 
 - `guarantee_type` — `verified`, `assumed`, or `trusted`
-- `state` - `DRAFT`, `ADDRESSED`, `null`- only use `addressed` if the corresponding Dafny module or property have been verified. Use null for `verifiable: false`
+- `state` - `DRAFT`, `ADDRESSED`, `null` — only use `ADDRESSED` if the corresponding Dafny module or property have been verified. Use `null` for `verifiable: false`
 
 ### Example
 ```yaml
@@ -54,7 +54,8 @@ entries:
     module: AppCore
     depends_on: []
     verifiable: true
-    status: verified
+    guarantee_type: verified
+    state: ADDRESSED
   - id: spec-002
     req_id: null
     title: The increment button displays the current count