Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

jpc0/provably-correct-software

Name: provably-correct-software
Author: jpc0

skills/provably-correct-software/SKILL.md

npx skillsauth add jpc0/skills provably-correct-software

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Provably Correct Software Construction

Build software that is correct by design using formal verification.

Core Methodology

1. Design-by-Contract (DbC)

Action: Define Preconditions, Postconditions, and Class Invariants.
Convention: Reject defensive programming. If a precondition is specified, the supplier must assume it is true. Do not add redundant checks.
Exception Handling: Restore class invariants before resumption or triggering an "organized panic".
Rollback Rule: When restoring state in an exception handler, use established property setters or call the class invariant check immediately after restoration to ensure a validated state.

2. Hoare Logic & wp Calculus

Hoare Triples: Apply {P} C {Q} to specify code blocks.
Backward Construction: Use wp(C, Q) to derive the weakest precondition from your postcondition.
Assignment Rule: wp("x := E", R) = R[x -> E].
Sequential Composition: wp("S1; S2", R) = wp(S1, wp(S2, R)).

Implementation Workflow

Define Postcondition (Q): State the exact logical goal.
Derive Precondition (P): Calculate the minimum required state using wp.
Loop Verification (Total Correctness):
- Invariant (I): Must hold before, during, and after the loop. (I AND NOT B) => Q.
- Variant (v): Strictly decreasing non-negative integer function ensuring termination.
- Checks: Prove Initialization (P => I), Preservation ({I AND B} Body {I}), and Termination (v decreases, I => v >= 0).
- Runtime Enforcement: Embed assert statements within the loop body to verify the Invariant and Variant at each iteration.
Annotate: Use language-native assertions (e.g., assert in Python, @requires/@ensures in Eiffel/JML) to document the contract.

Worked Example: Array Binary Search

def binary_search(array: list[int], target: int) -> int:
    """
    Precondition: array is sorted.
    Postcondition: returns mid s.t. array[mid] == target, else -1.
    """
    # DbC Precondition
    assert all(array[i] <= array[i+1] for i in range(len(array)-1))

    low, high = 0, len(array) - 1
    # Invariant I: target in array iff target in array[low...high]
    # Variant v: high - low + 1
    
    while low <= high:
        # Runtime Invariant & Variant Verification
        v_old = high - low + 1
        assert (target not in array) or (target in array[low:high+1])
        assert v_old >= 0

        mid = (low + high) // 2
        if array[mid] == target:
            return mid # Postcondition Q reached
        elif array[mid] < target:
            low = mid + 1
        else:
            high = mid - 1
        
        # v decreases, I is preserved
        v_new = high - low + 1
        assert v_new < v_old
            
    return -1 # (I AND low > high) => target not in array

References

Hoare Logic
Weakest Precondition
Design-by-Contract

jpc0/provably-correct-software

skills/provably-correct-software/SKILL.md

Apply formal verification methods (Hoare Logic, wp calculus, Design-by-Contract) to ensure software correctness. Use this skill whenever writing new functions, implementing algorithms, modifying existing logic, or performing code reviews. Trigger when asked to "prove correctness", "verify code", "check invariants", "mathematical proof of code", or "ensure the algorithm is correct".

development

Updated Apr 25, 2026

$ install --global

skillsauth

npx skillsauth add jpc0/skills provably-correct-software

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 25, 2026, 8:08 PM123.7s23 files scanned

SKILL.md

name:: provably-correct-software
description:: Apply formal verification methods (Hoare Logic, wp calculus, Design-by-Contract) to ensure software correctness. Use this skill whenever writing new functions, implementing algorithms, modifying existing logic, or performing code reviews. Trigger when asked to "prove correctness", "verify code", "check invariants", "mathematical proof of code", or "ensure the algorithm is correct".

Provably Correct Software Construction

Build software that is correct by design using formal verification.

Core Methodology

1. Design-by-Contract (DbC)

Action: Define Preconditions, Postconditions, and Class Invariants.
Convention: Reject defensive programming. If a precondition is specified, the supplier must assume it is true. Do not add redundant checks.
Exception Handling: Restore class invariants before resumption or triggering an "organized panic".
Rollback Rule: When restoring state in an exception handler, use established property setters or call the class invariant check immediately after restoration to ensure a validated state.

2. Hoare Logic & wp Calculus

Hoare Triples: Apply {P} C {Q} to specify code blocks.
Backward Construction: Use wp(C, Q) to derive the weakest precondition from your postcondition.
Assignment Rule: wp("x := E", R) = R[x -> E].
Sequential Composition: wp("S1; S2", R) = wp(S1, wp(S2, R)).

Implementation Workflow

Define Postcondition (Q): State the exact logical goal.
Derive Precondition (P): Calculate the minimum required state using wp.
Loop Verification (Total Correctness):
- Invariant (I): Must hold before, during, and after the loop. (I AND NOT B) => Q.
- Variant (v): Strictly decreasing non-negative integer function ensuring termination.
- Checks: Prove Initialization (P => I), Preservation ({I AND B} Body {I}), and Termination (v decreases, I => v >= 0).
- Runtime Enforcement: Embed assert statements within the loop body to verify the Invariant and Variant at each iteration.
Annotate: Use language-native assertions (e.g., assert in Python, @requires/@ensures in Eiffel/JML) to document the contract.

Worked Example: Array Binary Search

def binary_search(array: list[int], target: int) -> int:
    """
    Precondition: array is sorted.
    Postcondition: returns mid s.t. array[mid] == target, else -1.
    """
    # DbC Precondition
    assert all(array[i] <= array[i+1] for i in range(len(array)-1))

    low, high = 0, len(array) - 1
    # Invariant I: target in array iff target in array[low...high]
    # Variant v: high - low + 1
    
    while low <= high:
        # Runtime Invariant & Variant Verification
        v_old = high - low + 1
        assert (target not in array) or (target in array[low:high+1])
        assert v_old >= 0

        mid = (low + high) // 2
        if array[mid] == target:
            return mid # Postcondition Q reached
        elif array[mid] < target:
            low = mid + 1
        else:
            high = mid - 1
        
        # v decreases, I is preserved
        v_new = high - low + 1
        assert v_new < v_old
            
    return -1 # (I AND low > high) => target not in array

References

Hoare Logic
Weakest Precondition
Design-by-Contract

Related Skills

jpc0/mim-architecture

testing

VerifiedTrustedCommunity

Define module boundaries, structure infrastructure layers, implement dependency inversion, and create sociable unit tests using MIM (Module-Infrastructure-Module) architecture and modular design principles. Use this skill when the user mentions "MIM", "Module-Infrastructure-Module", "Screaming Architecture", or asks for advice on modular design, high cohesion, low coupling, or sociable unit testing.

SKILL.mdUpdated Apr 25, 2026

jpc0/mim-architecture

jpc0/headless-architecture

development

VerifiedTrustedCommunity

Use this skill to refactor, design, or review application architecture. Trigger it when discussing clean architecture, separating business logic from UI, or cross-platform/WASM development. This skill enforces the 'Headless Core & Passive View' pattern, it proactively refactors logic out of the UI, creates platform-agnostic Core interfaces, and ensures the View is a 'Humble Object' that only reflects state.

SKILL.mdUpdated Apr 25, 2026

jpc0/headless-architecture

openclaw/openclaw-secret-scanning-maintainer

development

VerifiedTrustedCommunity

Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.

357,764SKILL.mdUpdated Apr 15, 2026

openclaw/openclaw-secret-scanning-maintainer

openclaw/openclaw-release-maintainer

development

VerifiedTrustedCommunity

Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/openclaw-release-maintainer

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/jpc0/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/skills/provably-correct-software ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

jpc0/skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT