explaingit

dollspace-gay/thermite

16RustAudience · researcherComplexity · 5/5Setup · hard

TLDR

Thermite is a programming language built for AI agents to write code in, where every function must include a formal proof of what it does and unverified code is loudly flagged so humans can audit it at a glance.

Mindmap

mindmap
  root((repo))
    What It Does
      Language for AI agents
      Mandatory contracts
      Proof certificates
    Verification Levels
      Full mathematical proof
      Bounded input checking
      Runtime enforcement
    Tech Stack
      Compiles to Rust
      SMT solver backend
      Linux security layer
    Use Cases
      Auditable AI-written code
      Side effect enforcement
    Audience
      AI safety researchers
      Formal verification users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Write a function in Thermite with formal preconditions and postconditions, then use the Forge toolchain to generate a proof certificate of its correctness.

USE CASE 2

Mark code that cannot be fully verified with a loud audit tag so human reviewers can find and inspect it immediately.

USE CASE 3

Compile a Thermite program to a native binary via Rust with declared side effects enforced at runtime by the Linux kernel security layer.

Tech stack

Rust

Getting it running

Difficulty · hard Time to first run · 1day+

Full toolchain including the Forge verifier must be built from source, no binary releases or package registry install documented.

In plain English

Thermite is a new programming language designed specifically for AI agents to write code in, not humans. The core idea is that software written by AI agents is hard to trust, because there is no easy way to verify that the code actually does what the agent claims. Thermite tries to solve this by making verification a mandatory part of the language itself, not an optional add-on. Every function in Thermite must come with a formal contract: what the function requires to be true before it runs, what it promises to be true after it runs, and what side effects it is allowed to have (such as reading files or making network calls). A separate toolchain called Forge checks these contracts using mathematical proof techniques borrowed from formal verification research. Code that passes is issued a certificate proving what was verified and how strong the proof is. Code that cannot be verified at the highest level is still allowed, but must be explicitly marked with a loud tag so auditors can find it immediately. The verification system has multiple levels. At the strongest level, a mathematical solver proves the code correct for all possible inputs. If that times out, it falls back to checking the code up to a bounded set of inputs. If that also fails, contracts are enforced at runtime. The language is deliberately designed to be uncomfortable for humans to write, since the intended author is an AI agent that can afford to spend compute and tokens on annotation work that a human would find tedious. The language compiles to Rust under the hood, so the final output is a native binary. The declared side effects of each function are also enforced at runtime using a Linux kernel security feature that kills any code that tries to do something it did not declare permission for. The project describes itself as reaching a point where the full toolchain runs end-to-end, including recursive data types, effects, strings, and composable verification. The toolchain's own core logic is itself verified using the same proof tools. The license is not mentioned in the README.

Copy-paste prompts

Prompt 1
I am writing a function in Thermite for an AI agent. Show me the contract syntax for declaring preconditions, postconditions, and allowed side effects for a function that reads a file and returns its line count.
Prompt 2
How does the Forge verification toolchain in Thermite fall back from full mathematical proof to bounded checking to runtime enforcement? Give me a concrete example showing all three levels.
Prompt 3
In Thermite, how do I mark a function as unverifiable at the strongest level so auditors can find it? What does the loud tag look like in code?
Prompt 4
Help me write a Thermite module that makes HTTP requests, with side effect declarations that restrict it to a specific set of allowed domains.
Open on GitHub → Explain another repo

← dollspace-gay on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.