zigttp
v0.16.0-RC8: a compiler-agent that writes inside a provable TypeScript subset
zigts subset - deployable contracts - 1.2MB deploys
RC8 makes the subset feel like leverage
Install once. Edit inside the compiler. Ship only what zigts keeps provable.
Linux and macOS builds keep the first run short and start from a binary, not a toolchain.
README and Releases are the source of truth for install steps, RC notes, and source-build guidance.
zigttp expert writes only inside zigts, reruns
proofs, and stops at code the compiler can sign.
zigts makes the compiler-agent possible
The subset is the leverage.
No back-edges, no exceptions, no hidden I/O. The compiler can follow every path, rewrite within bounds, and prove what a handler reads, writes, and returns.
TypeScript, narrowed until it can be proved
Unsupported features fail at parse time with a suggested alternative, not after deploy.
The agent can only ship what the compiler proves
$ zigttp check handler.ts --verify
→ all code paths verified ✓
Automatic least-privilege sandboxing
The compiler extracts a contract of what the handler does - then restricts runtime access to exactly those proven values.
{
"env": ["API_KEY", "DB_URL"],
"egress": ["api.stripe.com"],
"cache": ["sessions"],
"sql": ["getUserById"],
"properties": {
"read_only": true,
"retry_safe": true
},
"proof": "complete"
}
Linear code. Parallel I/O. Crash recovery.
parallel() and race() from zigttp:io
Handler code stays synchronous and linear. Concurrency happens in the I/O layer using OS threads.
3 API calls × 50ms each = ~50ms total
--durable <dir> enables crash recovery
Write-ahead oplog. Each I/O call persisted before returning. On crash, replay without touching the network.
sleep() - sleepUntil() - waitSignal()
Ship with confidence - prove before deploy
Record every I/O boundary with --trace. Replay against new versions. Handlers = pure functions of (Request, VirtualModuleResponses).
--trace / --replayDiff contracts + replay traces between handler versions. Result: equivalent, additive, or breaking - with a proof certificate.
zigttp prove old.json new.json
Generate platform-specific deployment configs from proven contracts. Env vars → params, routes → API events, egress → tags.
zigttp compile --deploy=aws
One CLI. The compiler-agent lives inside it.
install → init → dev → compile → prove
→ deploy
github.com/srdjan/zigttp#install
GitHub install instructions + release downloads for
v0.16.0-RC8
Zero-overhead composition. Native speed.
guard(auth) |> guard(log) |> handler |>
guard(cors)
Desugared to a single flat function with sequential if-checks at compile time. Zero runtime overhead.
zigttp:auth
JWT + webhooks
zigttp:crypto
SHA/HMAC/B64
zigttp:validate
JSON Schema
zigttp:decode
Parse + validate
zigttp:cache
KV store + TTL
zigttp:sql
SQLite
zigttp:io
Parallel I/O
zigttp:durable
Crash recovery
zigttp:compose
Guards + pipe
zigttp:router
Route matching
zigttp:env
Environment
zigttp:http
Cookies + CORS
zigttp:url
URL parsing
zigttp:id
UUID/ULID/nano
zigttp:log
Structured logs
zigttp:text
Escape + slug
zigttp:time
ISO/HTTP dates
zigttp:ratelimit
Token bucket
zigttp:service
Service calls
zigttp:scope
Resource scopes
20 modules implemented in Zig - zero interpretation overhead.
zigttp vs the general-purpose runtimes
zigttp trades generality for verification, security, and deployment automation.
zigttp
Write handlers. Prove them. Ship them.
Opinionated subset
Parse-time rejection of footguns
Compile-time verification
Every path, every type, every boolean
Automatic sandboxing
Least-privilege derived from analysis
Structured I/O
Linear code, parallel execution
Durable execution
Crash recovery via write-ahead oplog
Deterministic replay
Record I/O boundaries, replay anywhere
Proven evolution
Diff contracts, classify changes
Effect classification
Handler properties proven at build time
OpenAPI generation
Response schemas from type inference
Native performance
3ms init - 1.2MB - 4MB baseline