Formally verified WebAssembly toolchain for safety-critical systems
Ā
Ā
Ā Repositories Ā Ā Ā Ā Website Ā Ā Ā Ā Examples Ā
Ā
Meld fuses. Loom weaves. Synth transpiles. Kiln fires. Sigil seals.
.wasm |
Ā āĀ | Meld fuse |
Ā āĀ | Loom optimize |
Ā āĀ | Synth transpile |
Ā āĀ | Kiln fire |
| sigil Ā· attest Ā· sign Ā· verify | ||||||||
Ā
|
Statically fuses multiple WebAssembly components into a single core module. Import resolution, index-space merging, and canonical ABI adapter generation happen at build time ā runtime linking eliminated entirely. Every transformation carries mechanized proofs covering parsing, resolution, merging, and adapter correctness. |
Twelve-pass WebAssembly optimization pipeline built on Cranelift's ISLE pattern-matching engine. Constant folding, strength reduction, CSE, inlining, dead code elimination ā each pass proven correct through SMT translation validation and mechanized proofs. Includes a fused mode purpose-built for Meld output. |
|
Transpiles WebAssembly to native ARM for embedded Cortex-M targets. Not just translation ā program synthesis: exploring equivalent implementations for provably optimal native code. Pattern-based instruction selection, AAPCS calling conventions, and ELF generation. Translation validation ensures the transpiled output faithfully preserves WebAssembly semantics. |
WebAssembly runtime for safety-critical systems. Full Component Model and WASI 0.2 support with a modular |
Ā
Sigil ā Supply Chain Security
The cryptographic backbone of the pipeline. Every stage ā fusion, optimization, compilation ā creates a signed transformation attestation recording what changed, which tool version ran, and cryptographic hashes of inputs and outputs. The full chain is verifiable end-to-end.
Sigstore keyless signing for CI/CD. SLSA policy enforcement with per-tool version and hash constraints. Hardware security via TPM 2.0. Offline verification for air-gapped embedded environments. IoT device provisioning with pre-provisioned trust bundles. All signatures embedded directly in WebAssembly modules ā no external registry required.
Ā
Note
Correctness at every layer ā Rocq mechanized proofs, Kani bounded model checking, Z3 SMT verification, and Verus Rust verification are used across the toolchain ā not confined to individual projects. Sigil attestation chains bind it all together. No transformation ships without a proof.
Ā
Safety-Critical Systems
Ā
- gale ā Formally verified Rust port of Zephyr RTOS kernel primitives for ASIL-D, dual-track Verus and Rocq verification
- spar ā AADL v2.2 architecture analysis toolchain ā parser, semantic model, 30+ analyses, and LSP server
- rivet ā Schema-driven SDLC artifact manager for requirements traceability and safety compliance
Build & Verification
Ā
- rules_wasm_component ā Bazel rules for WebAssembly Component Model across Rust, Go, C++, and JavaScript
- rules_rocq_rust ā Bazel rules for Rocq theorem proving and Rust formal verification with hermetic Nix toolchains
- rules_verus ā Bazel rules for Verus Rust verification
- rules_moonbit ā Bazel rules for MoonBit with hermetic toolchain support
- rules_lean ā Bazel rules for Lean 4 with Mathlib and Aeneas integration
AI & MCP
Ā
- mcp ā Rust framework for building Model Context Protocol servers and clients, published to crates.io
- template-mcp-server ā Scaffolding template for creating MCP servers in Rust
- timedate-mcp ā MCP server for time and date operations with timezone support, published to npm
Developer Tools
Ā
- temper ā GitHub App that hardens repositories to organizational standards
- wasm-component-examples ā Working examples for Component Model development in C, C++, Go, and Rust
- bazel-file-ops-component ā WebAssembly-based cross-platform file operations for Bazel builds
- moonbit_checksum_updater ā Native MoonBit checksum management with GitHub API integration
Ā
Rust Ā· WebAssembly Component Model Ā· WASI 0.2 Ā· 0.3 Ā· Bazel Ā· Rocq Ā· Z3 Ā· Kani Ā· Verus Ā· Sigstore