ddaanet/formalize
skills/formalize/SKILL.md
Verify a Python function against its intended behavior by writing an icontract contract and checking it with `edify check` (CrossHair), repairing in a loop. Triggers on "formalize", "verify this function", "add a contract and check it", or after writing a function whose correctness matters. The in-context agent holds intent and asks the user when behavior is ambiguous; CrossHair owns the deduction.
development
Updated Jun 11, 2026
$ install --global
skillsauthnpx skillsauth add ddaanet/agent-core formalizeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 2:54 AM51.0s1 file scanned
SKILL.md
- name:
- formalize
- description:
- >-
- user-invocable:
- true
Formalize and Check a Function
Drive a propose-contract -> check -> repair loop around one Python function.
The verifier (edify check, backed by CrossHair) owns deduction. You own
intent: what the function should guarantee. Verification proves code meets a
contract; it does NOT prove the contract is the right one. That judgment is
yours, and when intent is genuinely ambiguous you ASK rather than guess.
Procedure
-
Establish intent. Derive what the target function should guarantee from the conversation and the surrounding code. If the intended behavior is genuinely ambiguous (edge cases, error handling, empty inputs), use
AskUserQuestion— do not invent a specification. -
Write the contract. Add
icontractdecorators to the function:@require(lambda <args>: <precondition>)and@ensure(lambda <args>, result: <postcondition>). A target needs at least one pre/post-condition or CrossHair will not analyze it. -
Check. Run:
edify check <file-or-dotted-target> --jsonThe result status is one of
verified,refuted, orerror. -
Interpret — the core judgment:
verified— no counterexample within CrossHair's search budget. Report and stop. State the honest guarantee level: bounded path-exploration, not a total proof.refuted— read the counterexample (falsifying input + location), then decide why it failed:- code bug — the implementation is wrong: fix the code.
- spec bug — the contract was wrong or too strong: fix the contract.
- intent ambiguity — the counterexample exposes a case the user has not decided (e.g. "what should this do on an empty list?"): STOP and ask. Then loop back to step 3.
error— surface it. A common cause is a target with no contract (CrossHair analyzed nothing); add a contract. Never reporterroras success.
-
Loop with a cap. Do at most a small fixed number of repair iterations (e.g. 5). If you hit the cap, STOP and report the honest state: the last counterexample and what remains unresolved. Never upgrade
refutedor an error to "verified".
Disciplines
- Ambiguity about intent -> ask, never guess.
- Every counterexample gets an explicit code-bug vs spec-bug triage.
- No "verified" claim without a
verifiedresult fromedify check. - A
verifiedresult is bounded, not a soundness/termination proof — say so.
Backend
edify check wraps CrossHair (symbolic execution + Z3). It is the deduction
oracle; this skill is the intent-holder. See
docs/superpowers/specs/2026-06-08-invariant-guided-verify-loop-design.md.
Related Skills
ddaanet/worktree
tools
VerifiedTrustedCommunity
Manage git worktrees for parallel task execution. Triggers on "create a worktree", "set up parallel work", "merge a worktree", "branch off a task", or uses the `wt`, `wt merge`, or `wt-rm` shortcuts. Worktree lifecycle: creation, focused sessions, merge ceremony, cleanup, parallel task setup.
SKILL.mdUpdated Apr 5, 2026
ddaanet/when
testing
VerifiedTrustedCommunity
Recall behavioral knowledge from project decisions. Triggers on "when to do X", situational patterns, or decision content for recognized situations. Invoke with "/when <trigger>".
SKILL.mdUpdated Apr 5, 2026
ddaanet/update
tools
VerifiedTrustedCommunity
Sync edify fragments and portable justfile to match the current plugin version. Detects user-edited files and warns instead of overwriting. Use --force to overwrite conflicts.
SKILL.mdUpdated Apr 5, 2026
ddaanet/token-efficient-bash
testing
VerifiedTrustedCommunity
Write compact bash scripts using exec tracing pattern. Triggers when writing bash scripts with 3+ sequential commands. The exec 2>&1 + set -xeuo pipefail pattern eliminates echo statements via automatic command tracing, reducing script size by 40-60%.
SKILL.mdUpdated Apr 5, 2026