lemmascript-claimcheck 0.1.0

package/DESIGN.md

@@ -0,0 +1,66 @@
+# DESIGN — vetting intent against spec in LemmaScript
+
+## The gap
+
+LemmaScript proves a function's `//@ requires`/`//@ ensures`. It cannot prove the spec *means* what the author thinks it means. A spec can be verified and still guarantee less — or other — than intended: `ensures \result >= a` proves cleanly but does not say "the larger of a and b."
+
+`claimcheck` closes that gap for Dafny lemmas by round-tripping: informalize the formal contract back to English **blind** (without seeing the stated requirement), then compare. This tool applies the same round-trip to LemmaScript, with the natural-language claim co-located as a `//@ contract` annotation on the function:
+
+```ts
+//@ contract Clamps x into the inclusive range [lo, hi]; the result never falls outside it.
+//@ requires lo <= hi
+//@ ensures \result >= lo && \result <= hi
+export function clamp(x: number, lo: number, hi: number): number { ... }
+```
+
+Because the same author writes both the prose and the spec, a mismatch is a **self-consistency** failure: their mental model and their formalization diverged. That is arguably more useful than checking an externally-supplied requirement — it catches the author misleading themselves (or a reader) about what the proof buys.
+
+## Why co-location
+
+`claimcheck`'s weakest link is its external `{requirement, lemmaName}` mapping JSON — a hand-authored file that drifts from the code. Putting the claim *on the function* as `//@ contract` makes the mapping implicit: each function carrying a contract is exactly one claim, and `lsc extract` emits the pairing for free. There is no second registry to maintain. (Contrast `lemmafit`, which hand-authors a `SPEC.yaml` plus a `guarantees.json` mapping; here both are derived.)
+
+## The trust model
+
+A guarantee in the output report rests on three independent legs:
+
+1. **verified** — `lsc check` discharges the `requires`/`ensures` (LemmaScript's job).
+2. **specified** — there is a formal contract behind the English, not just prose.
+3. **vetted** — the round-trip confirms the English faithfully describes that spec.
+
+This tool establishes only leg 3. It **assumes** leg 1 (verification is run separately; the report header says so) and it does **not** re-check leg 2's lowering — that LemmaScript's spec compiles faithfully to Dafny/Lean is LemmaScript's own guarantee, not the gap being filled here. So the trust boundary is precise: *given a verified spec, does the contract describe it?* A `//@ contract` with no `requires`/`ensures` has leg 2 missing — it is reported as a **gap**, a claim with nothing formal behind it.
+
+## Decisions
+
+- **Formal side is LS-level.** The round-trip informalizes a synthesized `function … requires … ensures …` block built from the IR's signature and spec strings — not generated Dafny. Checking the generated Dafny would test lowering fidelity, which is out of scope (see leg 2). The synthesized block keeps the tool a pure consumer of `lsc extract`.
+- **Reuse `claimcheck` unchanged.** It is shelled as a sibling via `--stdin`. Its prompts are Dafny-flavored, but they read the synthesized block (LemmaScript spec syntax, TS types, `\result`) without adaptation — no fork or special-casing was needed.
+- **`//@ contract` lives in the public extractor.** It is a verified-docstring directive in the `//@` namespace, ignored by the prover (never parsed as a spec expression). The extractor surfaces it so this tool can stay a downstream consumer, exactly like `lsc extract` feeds `lemmascript-guard`.
+
+## Architecture
+
+A consumer of two siblings, no logic of its own beyond the adapter and the report:
+
+```
+core.ts ──lsc extract──▶ Raw IR (carries //@ contract per function)
+                              │  collect: backed claims + gaps
+   {requirement, lemmaName, dafnyCode: synth block} ──claimcheck --stdin──▶ verdicts
+                              │  merge
+                  domain.guarantees.json + domain.guarantees.md
+```
+
+`RawModule` is imported type-only (the IR shape); its values arrive over the subprocess. The report is named after the source file, mirroring `lemmascript-guard`'s `core.guarded.ts`.
+
+## The feedback loop
+
+A disputed verdict points to one of two fixes, and the `weakeningType` usually says which:
+
+- the spec proves less than the prose claims → **strengthen the `ensures`** (then re-verify), or
+- the prose overstates what was intended → **fix the `//@ contract`**.
+
+Either way the report is the prompt: write intent in English, prove a spec, and let the round-trip surface where they disagree. This composes with an agent loop — the disputed entries and their discrepancies are direct, actionable feedback.
+
+## Limitations
+
+- **Verification is assumed**, not enforced. The report vets faithfulness only; an unverified file can still produce a clean-looking report. Run `lsc check` first.
+- **The unit is one function.** Cross-function properties (a state-machine invariant) are captured only insofar as each action's `//@ ensures` carries them; there is no whole-module claim.
+- **Function names leak intent** into the otherwise-blind Pass 1 (`largest`, `clamp`). The round-trip tolerates this, as `claimcheck` does, but a deliberately misleading name could anchor a back-translation.
+- **The check is only as honest as the contracts are load-bearing.** On a toy spec the round-trip is correct-by-construction theater; its value shows on a spec where a weakened `ensures` would be a genuine, catchable lie.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 midspiral
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,86 @@
+# lemmascript-claimcheck
+
+`claimcheck` for [LemmaScript](https://lemmascript.com): does a function's `//@ requires`/`//@ ensures` actually say what its plain-English `//@ contract` claims?
+
+LemmaScript proves the formal spec; it can't prove the spec *means* what you think. This vets the gap. Write intent in English next to the proof:
+
+```ts
+//@ contract Clamps x into the inclusive range [lo, hi]; the result never falls outside it.
+//@ requires lo <= hi
+//@ ensures \result >= lo && \result <= hi
+export function clamp(x: number, lo: number, hi: number): number { ... }
+```
+
+`lemmascript-claimcheck` informalizes the `requires`/`ensures` **blind** (without seeing the `//@ contract`) via the [claimcheck](https://github.com/metareflection/claimcheck) round-trip, then compares the back-translation to the contract. A mismatch means your proof guarantees something other than what your prose advertises — or vice versa.
+
+It orchestrates two CLIs: it shells `lsc extract` (LemmaScript's frontend, now carrying `//@ contract` strings) for the Raw IR, and `claimcheck --stdin` for the round-trip. Both are expected on your `PATH`.
+
+## Install
+
+```sh
+npm install -g lemmascript-claimcheck
+npm install -g lemmascript claimcheck   # the two tools it drives (peer prerequisites)
+```
+
+It needs `lemmascript >= 0.5.7` (introduces the `//@ contract` annotation) and `claimcheck >= 0.5.0` (the `--lang` framing) — declared as `peerDependencies`, so npm warns on a version mismatch.
+
+## Usage
+
+```sh
+lemmascript-claimcheck examples/demo.ts --bedrock
+```
+
+For `domain.ts` this writes `domain.guarantees.json` and `domain.guarantees.md` next to the source: a trust manifest of what the module promises in English, each promise vetted against its spec, with disputed and unbacked claims flagged.
+
+```
+lemmascript-claimcheck <file.ts> [--out <dir>] [--json] [--claims-only] [<claimcheck flags>]
+```
+
+- `<file.ts>` is the leading positional. Every other flag (and its value) is forwarded to claimcheck.
+- `--claims-only` prints the claims that would be sent (no API call) — useful for inspection.
+- `--out <dir>` writes the reports elsewhere; default is next to the source.
+
+## Configuring the backend
+
+The backend and models are claimcheck's concern — pick any setup it supports and pass it through:
+
+| Layer | What | Example |
+|-------|------|---------|
+| `$CLAIMCHECK` | which claimcheck to run | default: `claimcheck` on PATH; or a dev checkout's `bin/claimcheck.js` (run via node) |
+| `$CLAIMCHECK_ARGS` | persistent default flags | `export CLAIMCHECK_ARGS="--bedrock"` |
+| CLI passthrough | per-run flags (override the default) | `... examples/demo.ts --claude-code` |
+
+So any of these work: direct API (`ANTHROPIC_API_KEY`), `--bedrock`, `--vertex`, the in-claimcheck `--claude-code` (reuses your Claude Code auth), `--model`/`--compare-model`/`--informalize-model`, `--single-prompt`. Use `--` to end this tool's own flag parsing.
+
+## Output
+
+Each `//@ contract`-carrying function becomes one entry:
+
+| Status | Meaning |
+|--------|---------|
+| **confirmed** | the spec faithfully expresses the contract |
+| **disputed** | the spec says less/other than the contract (with `weakeningType` + discrepancy) |
+| **gap** | a `//@ contract` with no `//@ requires`/`//@ ensures` to back it |
+
+Verification itself is **assumed** (run `lsc check` to discharge the proofs); the report header says so.
+
+## Example
+
+`examples/demo.ts` carries one faithful contract (`clamp`), one that over-claims against a weakened spec (`largest`), and one unbacked claim (`double`) — exercising all three verdicts.
+
+## Development
+
+```sh
+git clone https://github.com/midspiral/lemmascript-claimcheck && cd lemmascript-claimcheck
+npm install
+npm run build        # tsc → dist/
+```
+
+To run against local checkouts instead of the published tools, point the env overrides at them:
+
+```sh
+LEMMASCRIPT=../LemmaScript CLAIMCHECK=../claimcheck/bin/claimcheck.js \
+  node dist/cli.js examples/demo.ts --bedrock
+```
+
+`$LEMMASCRIPT` runs the checkout's `lsc` source through `tsx`; `$CLAIMCHECK` points at a checkout's `bin/claimcheck.js`.

package/dist/claimcheck.js

@@ -0,0 +1,36 @@
+// Shell `claimcheck --stdin` for the blind round-trip. The backend and models are
+// claimcheck's concern — we just forward flags, so any setup works (direct API,
+// --bedrock, --vertex, the in-claimcheck --claude-code, --model/--compare-model,
+// --single-prompt, ...).
+//
+// Configuration, lowest to highest precedence:
+//   (default)         shell `claimcheck` from PATH (install with `npm i -g claimcheck`).
+//   $CLAIMCHECK       override: a command on PATH, or a path to a dev checkout's
+//                     bin/claimcheck.js (run via node).
+//   $CLAIMCHECK_ARGS  default flags, space-separated (a project's persistent
+//                     backend choice, e.g. "--bedrock" or "--claude-code").
+//   passthrough       per-invocation flags from the CLI (override the env default).
+import { execFileSync } from "child_process";
+function resolveCmd() {
+    const env = process.env.CLAIMCHECK;
+    if (env)
+        return env.endsWith(".js") ? { cmd: "node", pre: [env] } : { cmd: env, pre: [] };
+    return { cmd: "claimcheck", pre: [] };
+}
+/** `--lang lemmascript` (the formal side is a function contract, not a Dafny lemma),
+ *  then $CLAIMCHECK_ARGS, then CLI passthrough — later wins, so either can override. */
+export function claimcheckArgs(passthrough = []) {
+    const envArgs = (process.env.CLAIMCHECK_ARGS ?? "").split(/\s+/).filter(Boolean);
+    return ["--stdin", "--lang", "lemmascript", ...envArgs, ...passthrough];
+}
+export function runClaimcheck(claims, domain, passthrough = []) {
+    if (claims.length === 0)
+        return [];
+    const { cmd, pre } = resolveCmd();
+    const out = execFileSync(cmd, [...pre, ...claimcheckArgs(passthrough)], {
+        input: JSON.stringify({ claims, domain }),
+        encoding: "utf8",
+        maxBuffer: 64 * 1024 * 1024,
+    });
+    return (JSON.parse(out).results ?? []);
+}

package/dist/claims.js

@@ -0,0 +1,41 @@
+export function renderSig(fn) {
+    const tp = fn.typeParams.length ? `<${fn.typeParams.join(", ")}>` : "";
+    const params = fn.params.map((p) => `${p.name}: ${p.tsType}`).join(", ");
+    return `${fn.name}${tp}(${params}): ${fn.returnType}`;
+}
+/** The formal side fed to claimcheck — a Dafny-ish block built from the IR.
+ *  LemmaScript spec syntax is near-identical to Dafny, so claimcheck's
+ *  informalizer reads it directly; `\result` denotes the return value. */
+export function synthContract(fn) {
+    const lines = [`function ${renderSig(fn)}`];
+    for (const r of fn.requires)
+        lines.push(`  requires ${r}`);
+    for (const e of fn.ensures)
+        lines.push(`  ensures ${e}`);
+    return lines.join("\n");
+}
+export function collectClaims(mod) {
+    const backed = [];
+    const gaps = [];
+    for (const fn of mod.functions) {
+        const contract = fn.contract ?? [];
+        if (contract.length === 0)
+            continue;
+        const requirement = contract.join(" ");
+        if (fn.requires.length === 0 && fn.ensures.length === 0) {
+            gaps.push({
+                specId: fn.name,
+                requirement,
+                reason: "//@ contract present but no //@ requires/ensures to back it",
+            });
+            continue;
+        }
+        backed.push({
+            fn,
+            requirement,
+            spec: { signature: renderSig(fn), requires: fn.requires, ensures: fn.ensures },
+            dafnyCode: synthContract(fn),
+        });
+    }
+    return { backed, gaps };
+}

package/dist/cli.js

@@ -0,0 +1,84 @@
+#!/usr/bin/env node
+// lemmascript-claimcheck — vet that each `//@ contract` faithfully describes the
+// function's formal `//@ requires`/`//@ ensures`, then emit a guarantees report.
+//
+//   lemmascript-claimcheck <file.ts> [--out <dir>] [--json] [--claims-only]
+//                                    [<any claimcheck flags>]
+//
+// `<file.ts>` is the leading positional; every other flag (and its value) is
+// forwarded to claimcheck unchanged — so the backend/model are configured there
+// (--bedrock, --vertex, --claude-code, --model, --compare-model, --single-prompt,
+// ...), or persistently via $CLAIMCHECK_ARGS. Use `--` to end our own parsing.
+//
+// For `domain.ts` writes `domain.guarantees.json` + `domain.guarantees.md`
+// next to the source (or under --out).
+import { existsSync, writeFileSync } from "fs";
+import * as path from "path";
+import { extractModule } from "./extract.js";
+import { collectClaims } from "./claims.js";
+import { runClaimcheck } from "./claimcheck.js";
+import { buildReport, renderMarkdown } from "./guarantees.js";
+function usage() {
+    console.error("usage: lemmascript-claimcheck <file.ts> [--out <dir>] [--json] [--claims-only] [<claimcheck flags>]");
+    process.exit(1);
+}
+let file;
+let outDir;
+let json = false;
+let claimsOnly = false;
+const passthrough = []; // everything we don't own → forwarded to claimcheck
+const argv = process.argv.slice(2);
+for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--") {
+        passthrough.push(...argv.slice(i + 1));
+        break;
+    }
+    else if (a === "--out") {
+        outDir = argv[++i];
+    }
+    else if (a === "--json") {
+        json = true;
+    }
+    else if (a === "--claims-only") {
+        claimsOnly = true;
+    }
+    else if (!file && !a.startsWith("-")) {
+        file = a;
+    }
+    else {
+        passthrough.push(a); // any other flag (or its value) goes to claimcheck
+    }
+}
+if (!file)
+    usage();
+const abs = path.resolve(file);
+if (!existsSync(abs)) {
+    console.error(`file not found: ${abs}`);
+    process.exit(1);
+}
+const mod = extractModule(abs);
+const { backed, gaps } = collectClaims(mod);
+const domain = path.basename(abs, ".ts");
+const claims = backed.map((b) => ({ requirement: b.requirement, lemmaName: b.fn.name, dafnyCode: b.dafnyCode }));
+if (claimsOnly) {
+    console.log(JSON.stringify({ domain, claims, gaps }, null, 2));
+    process.exit(0);
+}
+const results = runClaimcheck(claims, domain, passthrough);
+const generated = new Date().toISOString().split("T")[0];
+const report = buildReport(file, backed, results, gaps, generated);
+const dir = outDir ?? path.dirname(abs);
+const jsonPath = path.join(dir, `${domain}.guarantees.json`);
+const mdPath = path.join(dir, `${domain}.guarantees.md`);
+writeFileSync(jsonPath, JSON.stringify(report, null, 2) + "\n");
+writeFileSync(mdPath, renderMarkdown(report) + "\n");
+if (json) {
+    console.log(JSON.stringify(report, null, 2));
+}
+else {
+    const s = report.summary;
+    console.log(`${domain}: ${s.confirmed} confirmed, ${s.disputed} disputed, ${s.gaps} gaps`);
+    console.log(`→ ${mdPath}`);
+    console.log(`→ ${jsonPath}`);
+}

package/dist/extract.js

@@ -0,0 +1,22 @@
+// Raw IR via LemmaScript's public `lsc extract`. By default we shell `lsc` from
+// PATH (install with `npm i -g lemmascript`); set $LEMMASCRIPT to a sibling
+// checkout to run its source through tsx instead (dev). The `//@ contract`
+// strings ride along on each function (lemmascript >= 0.5.7).
+import { execFileSync } from "child_process";
+import * as path from "path";
+function lscInvocation() {
+    const env = process.env.LEMMASCRIPT;
+    if (env) {
+        const lsc = path.join(env, "tools", "src", "lsc.ts");
+        return { cmd: "npx", pre: ["--prefix", path.join(env, "tools"), "tsx", lsc] };
+    }
+    return { cmd: "lsc", pre: [] };
+}
+export function extractModule(absFile) {
+    const { cmd, pre } = lscInvocation();
+    const json = execFileSync(cmd, [...pre, "extract", absFile], {
+        encoding: "utf8",
+        maxBuffer: 256 * 1024 * 1024,
+    });
+    return JSON.parse(json);
+}

package/dist/guarantees.js

@@ -0,0 +1,103 @@
+export function buildReport(file, backed, results, gaps, generated) {
+    const byName = new Map(results.map((r) => [r.lemmaName, r]));
+    const guarantees = backed.map((b) => {
+        const r = byName.get(b.fn.name);
+        const status = r?.status === "confirmed" ? "confirmed" : r?.status === "disputed" ? "disputed" : "unchecked";
+        const g = {
+            specId: b.fn.name,
+            function: b.fn.name,
+            requirement: b.requirement,
+            spec: b.spec,
+            status,
+        };
+        if (status === "disputed") {
+            const wt = r?.weakeningType ?? r?.comparison?.weakeningType;
+            const disc = r?.discrepancy ?? r?.comparison?.discrepancy;
+            if (wt)
+                g.weakeningType = wt;
+            if (disc)
+                g.discrepancy = disc;
+        }
+        const bt = r?.informalization?.naturalLanguage;
+        if (bt)
+            g.backTranslation = bt;
+        return g;
+    });
+    return {
+        file,
+        generated,
+        assumesVerified: true,
+        summary: {
+            contracts: backed.length,
+            confirmed: guarantees.filter((g) => g.status === "confirmed").length,
+            disputed: guarantees.filter((g) => g.status === "disputed").length,
+            gaps: gaps.length,
+        },
+        guarantees,
+        gaps,
+    };
+}
+function specBlock(g) {
+    const lines = ["```", g.spec.signature];
+    for (const r of g.spec.requires)
+        lines.push(`  requires ${r}`);
+    for (const e of g.spec.ensures)
+        lines.push(`  ensures ${e}`);
+    lines.push("```");
+    return lines;
+}
+export function renderMarkdown(report) {
+    const L = [];
+    L.push(`# Guarantees: ${report.file}`, "");
+    L.push(`Generated: ${report.generated}`, "");
+    L.push("> Verification is **assumed** (run `lsc check` to discharge the proofs). " +
+        "This report vets only that each `//@ contract` faithfully describes its formal " +
+        "`requires`/`ensures`, via claimcheck's blind round-trip.", "");
+    const s = report.summary;
+    L.push(`## Coverage`, "");
+    L.push(`- **${s.contracts}** backed contracts: ${s.confirmed} confirmed, ${s.disputed} disputed`);
+    L.push(`- **${s.gaps}** gaps (contract with no formal spec behind it)`, "");
+    const checked = report.guarantees.filter((g) => g.status !== "unchecked");
+    if (checked.length) {
+        L.push(`## Claimcheck Results`, "");
+        L.push(`| Function | Contract | Status |`, `|----------|----------|--------|`);
+        for (const g of report.guarantees) {
+            const badge = g.status === "confirmed" ? "✅ confirmed" : g.status === "disputed" ? "❌ disputed" : "— unchecked";
+            L.push(`| \`${g.function}\` | ${g.requirement} | ${badge} |`);
+        }
+        L.push("");
+    }
+    const confirmed = report.guarantees.filter((g) => g.status === "confirmed");
+    if (confirmed.length) {
+        L.push(`## Confirmed Guarantees`, "");
+        for (const g of confirmed) {
+            L.push(`**${g.requirement}** — \`${g.function}\``);
+            L.push(...specBlock(g));
+            if (g.backTranslation)
+                L.push(`- Back-translation: ${g.backTranslation}`);
+            L.push("");
+        }
+    }
+    const disputed = report.guarantees.filter((g) => g.status === "disputed");
+    if (disputed.length) {
+        L.push(`## Disputed`, "");
+        for (const g of disputed) {
+            L.push(`**${g.requirement}** — \`${g.function}\``);
+            if (g.weakeningType && g.weakeningType !== "none")
+                L.push(`- Weakening: ${g.weakeningType}`);
+            if (g.discrepancy)
+                L.push(`- Discrepancy: ${g.discrepancy}`);
+            if (g.backTranslation)
+                L.push(`- Back-translation: ${g.backTranslation}`);
+            L.push(...specBlock(g));
+            L.push("");
+        }
+    }
+    if (report.gaps.length) {
+        L.push(`## Gaps`, "");
+        for (const gap of report.gaps)
+            L.push(`- \`${gap.specId}\`: ${gap.requirement} — ${gap.reason}`);
+        L.push("");
+    }
+    return L.join("\n");
+}

package/dist/ir.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "lemmascript-claimcheck",
+  "version": "0.1.0",
+  "description": "claimcheck for LemmaScript: vet that a function's informal //@ contract faithfully describes its verified //@ requires/ensures, and emit a guarantees report.",
+  "keywords": [
+    "lemmascript",
+    "claimcheck",
+    "formal-verification",
+    "verification",
+    "verified",
+    "typescript",
+    "specification",
+    "design-by-contract",
+    "natural-language",
+    "round-trip",
+    "llm",
+    "intent"
+  ],
+  "license": "MIT",
+  "author": "midspiral <hello@midspiral.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/midspiral/lemmascript-claimcheck.git"
+  },
+  "homepage": "https://github.com/midspiral/lemmascript-claimcheck#readme",
+  "bugs": "https://github.com/midspiral/lemmascript-claimcheck/issues",
+  "type": "module",
+  "bin": {
+    "lemmascript-claimcheck": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "DESIGN.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "tsx": "^4.22.4",
+    "typescript": "^5.7.0"
+  },
+  "peerDependencies": {
+    "claimcheck": ">=0.5.0",
+    "lemmascript": ">=0.5.7"
+  }
+}