Generates code and waits for tests or review to find the mismatch.
Limited TypeScript. Proven handlers.
TypeScript handlers the compiler can prove.
zigttp runs HTTP handlers in a smaller TypeScript profile. The compiler proves paths on save, and zigttp expert can generate handlers until proof passes. Deploy the result as a small Zig binary without Node or npm.
$
curl -fsSL
https://raw.githubusercontent.com/srdjan/zigttp/main/install.sh |
sh
3.5 ms cold-start floor. 7-15 ms typical. 4.8 MB local binary. macOS and Linux.
proof loop
handler.ts
proof ledger
+
src/handler.tssaved 14ms ago
import { decodeJson } from "zigttp:decode";
import type { Spec } from "zigttp:types";
type Guardrails = Spec<
"idempotent" | "deterministic" |
"no_secret_leakage"
>;
function handler(req): Response & Guardrails {
const body = decodeJson("order", req.body ?? "");
assert(body.ok, Response.json({ errors: body.errors }, { status: 400 }));
return Response.json({ status: "accepted" });
}
zigttp dev --watchlive
PROVEN
7/7
contractsafe_with_additions
sandboxleast privilege
binary4.8MB
cold start~7ms
$ zigttp dev --watch --prove
verdict: safe_with_additions
ledger: .zigttp/proofs.jsonl
hot swap: allowedLive in your browser
Watch the proof loop.
The playground runs the real zigts analyzer quietly in
WebAssembly. Safe code stays green. Use a perturbation when you want
to see the compiler escalate into a concrete diagnostic.
WASM analyzer
Source stays in
page
Diagnostics on
anomaly
PROVEN
3/3 specs | 6/7 props
compiled from source
- +deterministic
- +read-only
- +state-isolated
- +injection-safe
- +retry-safe
- +idempotent
- -fault-covered
declared Spec<>
deterministic
no_secret_leakage
injection_safe
Press a perturbation, then read the certificate here.
What a third party sees when they verify your deploy:
HTTP/1.1 200 OK Zigttp-Proofs: deterministic, read_only, injection_safe Zigttp-Attest: eyJhbGciOiJFZERTQS...
$ zigttp verify https://your-service.dev Verified key 9f2c..a1 3 proven chips
The signature is checked against the public key at
/.well-known/zigttp-attest.
Compiler-in-the-loop agent
The compiler drives the agent.
How the loop runs
-
01
Write
The agent drafts a handler in the zigts subset.
-
02
Compile
It runs the same compiler that gates deploys.
-
03
Read diagnostics
Unsupported code comes back with a concrete reason.
-
04
Rewrite
It edits against the compiler output and tries again.
-
Proven
The handler clears the proof loop before review.
compile, read, rewrite - repeat until proven
Compiler transcript show diagnostic loop
zigttp expertcompiler in the loop
$ zigttp expert "add a health check endpoint"
[agent] Writing handler...
[agent] Compiling handler.ts
error[E0003]: try/catch is not supported in zigts
--> handler.ts:12:5
= help: use Result types
[agent] Rewriting with Result types...
[agent] Compiling handler.ts
PROVEN 7/7 proofs
Handler ready: health-check (1.2MB)
zigttp expert writes code, runs the compiler, reads
diagnostics, and rewrites. The compiler keeps the agent inside the
limited TypeScript profile instead of trusting a generated patch.
- Draft a handler from your request.
- Compile every patch before review.
- Repair against diagnostics, not guesses.
Compiles each draft and repairs against proof errors before review.
zigttp expert supports Anthropic and OpenAI keys, resume,
read-only mode, and non-interactive prompts.
Compiler runs
locally
Provider keys from
env
Read-only mode
available
Positioning
The trade that makes proof work.
zigttp gives up the full JavaScript and npm surface so the compiler can enumerate handler paths, capabilities, and behavior before deploy.
| Capability | Node / Deno / Bun | Serverless platforms | Static type checks | zigttp |
|---|---|---|---|---|
| Runs TypeScript handlers | ✓ | ✓ | partial | ✓ |
| Compile-time path proofs | - | - | limited | ✓ |
| Guarantees enforced by default | - | - | - | ✓ |
| Compiler-guided agent | - | - | - | ✓ |
| Small self-contained Zig binary | - | - | - | ✓ |
| Proof ledger and witness replay | - | - | - | ✓ |
Runs TypeScript handlers
Node/Deno/Bun ✓Serverless ✓Type checks partialzigttp ✓Compile-time path proofs
Node/Deno/Bun -Serverless -Type checks limitedzigttp ✓Guarantees enforced by default
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Compiler-guided agent
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Small Zig binary
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Proof ledger and witness replay
Node/Deno/Bun -Serverless -Type checks -zigttp ✓Core idea
Three claims, all concrete.
Limited TypeScript
zigts removes features that hide control flow, including
while, try/catch, class,
and var.
Compiler agent
zigttp expert writes, compiles, reads diagnostics,
and rewrites until the proof clears.
Small Zig binaries
zigttp deploy emits a local self-contained binary.
Current public baseline: 4.8 MB and 7-15 ms typical cold start.
CLI surface
Five commands cover the loop.
Init a handler, prove it on save, test it, ask the agent for edits, then deploy a signed local binary.
Every deploy appends a contract verdict to
proofs.jsonl:
safe
safe_with_additions
blocked
needs_review
# create a handler project
zigttp init api && cd api
zigttp dev
# run handler tests
zigttp test
# ask the compiler-guided agent for a patch
zigttp expert "add health check"
# build a signed local binary
zigttp deploy
zigttp proofs show HEADStart proving
Install zigttp. Break one proof.
The quickest demo is one unsupported feature. Add
while or try/catch and watch the compiler
explain which proof it would break.