Generates code and waits for tests or review to find the mismatch.
Compile-time proofs. Compiler-guided agent.
TypeScript the compiler proves, not just checks.
zigttp narrows TypeScript to a subset the compiler can prove: every path returns and every declared guarantee holds. Its agent runs that same compiler, repairing each draft until the proof passes.
$
curl -fsSL
https://raw.githubusercontent.com/srdjan/zigttp/main/install.sh |
sh
Break while, try/catch, or
Date.now() and the compiler tells you why the proof
failed.
proof loop
handler.ts
proof ledger
+
src/handler.tssaved 14ms ago
import { decodeJson } from "zigttp:decode";
import type { Spec } from "zigttp:types";
type Guardrails = Spec<
"idempotent" | "deterministic" |
"no_secret_leakage"
>;
function handler(req): Response & Guardrails {
const body = decodeJson("order", req.body ?? "");
assert(body.ok, Response.json({ errors: body.errors }, { status: 400 }));
return Response.json({ status: "accepted" });
}
zigttp dev --watchlive
PROVEN
7/7
contractsafe_with_additions
sandboxleast privilege
binary4.8MB
cold start~7ms
$ zigttp dev --watch --prove
verdict: safe_with_additions
ledger: .zigttp/proofs.jsonl
hot swap: allowedLive in your browser
Prove code before it runs.
The playground runs the real zigts analyzer in
WebAssembly. It proves the handler from source, then shows the exact
diagnostic when you add code the compiler cannot prove.
Compile-time
analyzer
Source stays in
page
Proof blocks
anomaly
PROVEN
3/3 specs | 6/7 props
compiled from source
- +deterministic
- +read-only
- +state-isolated
- +injection-safe
- +retry-safe
- +idempotent
- -fault-covered
declared Spec<>
deterministic
no_secret_leakage
injection_safe
Press a perturbation, then read the certificate here.
What a third party sees when they verify your deploy:
HTTP/1.1 200 OK Zigttp-Proofs: deterministic, read_only, injection_safe Zigttp-Attest: eyJhbGciOiJFZERTQS...
$ zigttp verify https://your-service.dev Verified key 9f2c..a1 3 proven chips
The signature is checked against the public key at
/.well-known/zigttp-attest.
Compiler-in-the-loop agent
The compiler won't let the agent guess.
How the loop runs
-
01
Write
The agent drafts a handler from your request.
-
02
Compile
It runs the same proof pass that gates deploys.
-
03
Read diagnostics
Unsupported code comes back with a file, line, and fix.
-
04
Rewrite
It edits against the compiler output and tries again.
-
Proven
The handler clears the proof loop before you review it.
write, compile, repair - repeat until proven
Compiler transcript show compiler loop
zigttp expertcompiler in the loop
$ zigttp expert "add a health check endpoint"
[agent] Writing handler...
[agent] Compiling handler.ts
error[E0003]: try/catch is not supported in zigts
--> handler.ts:12:5
= help: use Result types
[agent] Rewriting with Result types...
[agent] Compiling handler.ts
PROVEN 7/7 proofs
Handler ready: health-check (1.2MB)
zigttp expert writes code, runs the proof pass, reads
diagnostics, and rewrites. The compiler keeps the agent inside the
TypeScript subset instead of asking you to trust a generated
patch.
- Draft a handler from your request.
- Compile every patch against the proof rules.
- Repair from compiler diagnostics, not guesses.
Compiles each draft, reads proof errors, and repairs before review.
zigttp expert supports Anthropic and OpenAI keys, resume,
read-only mode, and non-interactive prompts.
Compiler runs
locally
Provider keys from
env
Read-only mode
available
Positioning
The trade that makes compile-time proof work.
zigttp gives up the full JavaScript and npm surface so the compiler can enumerate handler paths, capabilities, and declared guarantees before deploy.
| Capability | Node / Deno / Bun | Serverless platforms | Static type checks | zigttp |
|---|---|---|---|---|
| Runs TypeScript handlers | ✓ | ✓ | partial | ✓ |
| Compile-time path and guarantee proofs | - | - | limited | ✓ |
| Guarantees enforced by default | - | - | - | ✓ |
| Compiler-guided agent | - | - | - | ✓ |
| Small self-contained Zig binary | - | - | - | ✓ |
| Proof ledger and witness replay | - | - | - | ✓ |
Runs TypeScript handlers
Node/Deno/Bun ✓Serverless ✓Type checks partialzigttp ✓Compile-time path and guarantee proofs
Node/Deno/Bun -Serverless -Type checks limitedzigttp ✓Guarantees enforced by default
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Compiler-guided agent
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Small Zig binary
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Proof ledger and witness replay
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Core idea
Three claims, all concrete.
Provable TypeScript
zigts removes features that hide control flow, including
while, try/catch, class,
and var.
Compiler-in-the-loop agent
zigttp expert writes a patch, runs the proof pass,
reads diagnostics, and rewrites until the compiler accepts it.
Small Zig binaries
zigttp deploy emits a local self-contained binary.
Current public baseline: 4.8 MB and 7-15 ms typical cold start.
CLI surface
Five commands cover the proof loop.
Init a handler, prove it on save, test it, ask the compiler-guided agent for edits, then deploy a signed local binary.
Every deploy appends a contract verdict to
proofs.jsonl:
safe
safe_with_additions
blocked
needs_review
# create a handler project
zigttp init api && cd api
zigttp dev
# run handler tests
zigttp test
# ask the compiler-guided agent for a patch
zigttp expert "add health check"
# build a signed local binary
zigttp deploy
zigttp proofs show HEADStart proving
Install zigttp. Break a proof on purpose.
The quickest demo is one unsupported feature. Add
while or try/catch and watch the compiler
point to the proof it cannot discharge.