askill
formal-verify

formal-verifySafety 95Repository

Formal verification of system designs using TLA+, Z3, and Apalache. Finds bugs in design BEFORE implementation. Agent feedback loop: spec → model check → counterexample → fix → repeat. Use for state machines, protocols, multi-agent coordination, payment flows. Use when: design has >3 states, concurrent actors, or failure/retry logic.

formal-verifyphrazzld
5 stars
1.2k downloads
Updated 2 weeks ago

Package Files

Loading files...
SKILL.md

/formal-verify

Prove correctness before writing code. Model checker overrides confident prose.

Use When

  • Design has >3 states or state transitions
  • Multiple concurrent actors (agents, services, users)
  • Failure/retry logic (payments, webhooks, queues)
  • Temporal properties: "never", "always", "eventually" in requirements
  • Multi-agent coordination or orchestration protocols
  • Any system where a bug in the protocol costs more than a bug in code

Prerequisites

Graceful degradation — any subset works:

ToolInstallProvides
TLCbrew install tlaplusModel checking TLA+/PlusCal specs
Z3pip install z3-solverConstraint solving, satisfiability
Apalachebrew install apalacheSymbolic bounded model checking

If none installed, the skill still produces specs — manual verification or CI can run them.

Routing

IntentReference
Write TLA+/PlusCal spec from requirementsreferences/tlaplus-spec.md
TS-first approach: start in TypeScript, map to TLA+references/ts-first-approach.md
Z3 constraint solving, counterexamplesreferences/z3-verify.md
Symbolic model checking with Apalachereferences/apalache.md
Full spec→check→fix feedback loopreferences/agent-loop.md
Domain-specific state machine skeletonsreferences/state-machine.md

If first argument matches a reference name, load it directly. Default: references/agent-loop.md (the full feedback loop).

The Core Insight

Model checkers are hallucination kryptonite. An LLM can confidently assert a protocol is correct. A model checker will find the counterexample in seconds.

The agent loop:

  1. Extract state machine from requirements/ACs
  2. Write formal spec (TLA+/PlusCal or Z3Py)
  3. Run model checker
  4. If counterexample found → fix the DESIGN, not the spec
  5. Repeat until all invariants hold
  6. THEN implement in code

Quick Start

# TLA+ spec from acceptance criteria
/formal-verify tlaplus "payment state machine with retry and refund"

# Z3 constraint check
/formal-verify z3 "rate limiting invariants for multi-tenant API"

# Full feedback loop
/formal-verify loop "agent orchestration with supervisor restart"

# Domain skeleton
/formal-verify state-machine "webhook delivery with exponential backoff"

Integration Points

  • /groom Phase 2: Flag formal verification candidates during architecture critique
  • /shape Phase 3: Optionally run /formal-verify loop for state machine designs
  • /autopilot Step 6: Consider formal verification before build for concurrent protocols
  • /verify-ac: Check temporal ACs against existing .tla specs
  • /harness-engineering: TLC/Z3 as feedback loop mechanisms

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

83/100Analyzed 6 days ago

High-quality formal verification skill with clear structure. Provides tool prerequisites, routing to detailed reference docs, and specific command examples. The core insight about model checkers catching LLM hallucinations is compelling. Tags are somewhat mismatched but skill content is solid, technical, and well-structured. Located in dedicated skills folder suggesting proper skill distribution.

95
85
80
80
75

Metadata

Licenseunknown
Version-
Updated2 weeks ago
Publisherphrazzld

Tags

apici-cdllm