zigttp

v0.1.0-beta: TypeScript handlers proven at compile time

zigts subset - compile-time proof - compiler-in-the-loop agent

~7ms cold start

4.8MB binary size

~13MB memory baseline

The Product

v0.1.0-beta turns the compiler into a proof loop

Install once. Edit your handler. Run zigttp dev --watch --prove and watch the compile-time proofs update on every save. Ship only code the compiler can prove and the contract diff keeps green.

📦 Single-binary install

Linux and macOS builds keep the first run short and start from a binary, not a toolchain.

🔗 Compile-time proof on save

zigttp dev --watch --prove re-runs path and guarantee proofs on every save, then hot-swaps only on safe / safe_with_additions.

⚙️ Compiler-in-the-loop agent

zigttp expert writes a patch, runs the proof pass, reads diagnostics, and repairs until the compiler accepts the handler.

The Insight

The subset is what makes compile-time proof tractable

Your handler code is checked as the spec.

No back-edges, no exceptions, no hidden I/O. The compiler walks every path in finite time, enforces guarantees by default (narrow with Spec<...> when you need a chosen few), and emits a behavioral contract small enough to diff between versions.

Handler Code

→

Compiler Analysis

→

Proven Contract

→

Auto Sandbox

Language Design

TypeScript, narrowed until the compiler can prove it

REMOVED (zigts)

✕ classes / this / new

✕ var / null / == / !=

✕ while / do...while

✕ async / await / Promises

✕ try / catch / throw

✕ regex / delete / any / as

KEPT + ADDED (zigts)

✓ arrow functions + destructuring

✓ const / let / for...of

✓ match expressions (exhaustive)

✓ pipe operator (|>)

✓ guard() composition

✓ comptime() evaluation

✓ JSX / TSX (first-class SSR)

Unsupported features fail at parse time with a suggested alternative, not after deploy.

Verification

Compile-time proof for paths, types, and guarantees

✓

Every code path returns a Response No forgotten early returns. No implicit undefined.

✓

Result values checked before access jwtVerify(...).ok must be tested - the BoolChecker enforces it.

✓

No unreachable code Dead branches are a build error, not a linter warning.

✓

Boolean enforcement Truthy/falsy coercion rejected everywhere. Progressive type inference for env(), cacheGet(), and match arms.

✓

Full type checking Variable types, function signatures, property access, nominal interfaces - all validated.

$ zigts check handler.ts --json --contract

→ PROVEN 7/7 paths + Spec<idempotent, deterministic>
                ✓

Security

Automatic least-privilege sandboxing

The compiler extracts a contract of what the handler does, then restricts runtime access to exactly those proven values.

contract.json

{
  "env": ["API_KEY", "DB_URL"],
  "egress": ["api.stripe.com"],
  "cache": ["sessions"],
  "sql": ["getUserById"],
  "properties": {
    "read_only": true,
    "retry_safe": true
  },
  "proof": "complete"
}

🛡 Zero configuration required

🛡 Env vars scoped to declared set

🛡 Egress locked to proven hosts

🛡 Effect classification per handler

🛡 OpenAPI spec from -Dopenapi

Concurrency & Durability

Linear code. Parallel I/O. Crash recovery.

⚡ Structured Concurrent I/O

parallel() and race() from zigttp:io

Handler code stays synchronous and linear. Concurrency happens in the I/O layer using OS threads.

3 API calls × 50ms each = ~50ms total

🔄 Durable Execution

--durable <dir> enables crash recovery

Write-ahead oplog. Each I/O call persisted before returning. On crash, replay without touching the network.

sleep() - sleepUntil() - waitSignal()

Evolution

Prove before deploy

Deterministic Replay

Record every I/O boundary with --trace. Replay against new versions. Handlers = pure functions of (Request, VirtualModuleResponses).

--trace / --replay

Proven Evolution

Diff behavioral contracts and replay traces between handler versions. Verdicts are safe, safe_with_additions, breaking, or needs_review - with a proof certificate.

zigts prove old.json new.json

Proof Ledger

Every successful deploy and proven hot-swap appends one row to .zigttp/proofs.jsonl with verdicts, proven facts, and contract sha. Export as markdown, HTML, or an SVG verdict badge for the PR description.

zigttp proofs list | show | diff | export

Developer Experience

Three binaries. The proof loop in your terminal, the agent inside it.

▶ zigttp CLI v0.1.0-beta

init → dev → test → expert →
                deploy

$

zigttp init my-app Scaffold a project with a handler, zigttp.json, and zigts-ready defaults

$

zigttp test Run handler tests as golden request/response cases against the proven handler

$

zigttp dev --watch --prove Proven live reload - hot-swap only on safe / safe_with_additions verdicts

$

zigttp deploy Self-contained binary + one proof-ledger row; verify with zigttp verify against the embedded Ed25519 key

$

zigttp expert Writes a patch, compiles it, reads diagnostics, and repairs until proof clears

$

zigttp proofs / witnesses Browse the proof ledger; manage the per-handler witness corpus that defends against regressions

curl -fsSL
                https://raw.githubusercontent.com/srdjan/zigttp/main/install.sh
                | sh

Pre-built binaries for macOS and Linux (x86_64, aarch64) -
                v0.1.0-beta

Composition

Zero-overhead composition. Native speed.

📦 Guard Composition

guard(auth) |> guard(log) |> handler |>
                guard(cors)

Desugared to a single flat function with sequential if-checks at compile time. Zero runtime overhead.

⚙️ Native Virtual Modules

zigttp:auth JWT + webhooks

zigttp:crypto SHA/HMAC/B64

zigttp:validate JSON Schema

zigttp:decode Parse + validate

zigttp:cache KV store + TTL

zigttp:sql SQLite

zigttp:io Parallel I/O

zigttp:durable Crash recovery

zigttp:compose Guards + pipe

zigttp:router Route matching

zigttp:env Environment

zigttp:http Cookies + CORS

zigttp:url URL parsing

zigttp:id UUID/ULID/nano

zigttp:log Structured logs

zigttp:text Escape + slug

zigttp:time ISO/HTTP dates

zigttp:ratelimit Token bucket

zigttp:service Service calls

zigttp:scope Resource scopes

20 modules implemented in Zig - zero interpretation overhead.

Comparison

zigttp vs the general-purpose runtimes

zigttp

Node.js

Deno

Bun

Performance

Cold start

~7ms

~200-300ms

~150-200ms

~100-130ms

Binary

4.8MB

~80MB

~130MB

~90MB

Memory

~13MB

~30MB

~25MB

~20MB

Verification

Compile-time proofs

✓

-

Auto sandboxing

✓

-

Perms

-

Injection prevention

Proof

Manual

OWASP compliance

Auto

Audit

DX & Trade-offs

Deploy manifest

Compiler

Template

AI agents

Compiler loop

Generic

Language

zigts subset

Yes

npm ecosystem

Virtual

Full

zigttp trades generality for compile-time proof, least privilege, and deployment automation.

zigttp

Write handlers. Prove them at compile time. Ship them.

Opinionated subset Parse-time rejection of footguns

Compile-time verification Every path, every type, every boolean

Compiler-in-the-loop agent Writes, compiles, and repairs before review

Automatic sandboxing Least-privilege derived from analysis

Structured I/O Linear code, parallel execution

Durable execution Crash recovery via write-ahead oplog

Deterministic replay Record I/O boundaries, replay anywhere

Proven evolution Diff contracts, classify changes into four verdicts

Guarantees by default All enforced by default; Spec<...> narrows to a chosen few

Proof ledger A persistent verdict timeline for every deploy

Witness corpus Counterexamples persist; regressions are caught, not rediscovered

Native performance ~7ms cold start - 4.8MB - ~13MB baseline