docs: bespoke architecture, roadmap, topology, and ABI definitions for dafniser

Replace all template placeholders with dafniser-specific content:

- README.adoc: Dafny verification pipeline (specs -> Z3 -> target compilation),
  use cases (crypto, consensus, financial, sorting), Dafny constructs
- ROADMAP.adoc: Phase 0-6 (scaffold, spec parser, Dafny codegen, Z3 verification,
  multi-target compilation, Idris2 meta-proofs, ecosystem)
- TOPOLOGY.md: module topology, data flow diagram, verification pipeline
- Types.idr: Precondition, Postcondition, LoopInvariant, GhostVariable, Lemma,
  VerificationResult, DafnyTarget, FunctionSpec, SpecTree
- Layout.idr: memory layouts for all Dafniser ABI types
- Foreign.idr: FFI for spec loading, Dafny generation, Z3 verification,
  target compilation
- main.zig: Dafniser FFI implementation with pipeline stubs
- build.zig, integration_test.zig: dafniser-specific
- 0-AI-MANIFEST.a2ml: dafniser description, invariants, structure
- 6a2/*.a2ml: STATE, META, ECOSYSTEM, AGENTIC, NEUROSYM, PLAYBOOK — all bespoke

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.machine_readable/6a2/AGENTIC.a2ml

@@ -1,12 +1,12 @@
 # SPDX-License-Identifier: PMPL-1.0-or-later
 # Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
 #
-# AGENTIC.a2ml — AI agent constraints and capabilities
+# AGENTIC.a2ml — AI agent constraints and capabilities for dafniser
 # Defines what AI agents can and cannot do in this repository.
 
 [metadata]
 version = "0.1.0"
-last-updated = "{{CURRENT_DATE}}"
+last-updated = "2026-03-21"
 
 [agent-permissions]
 can-edit-source = true
@@ -22,6 +22,8 @@ can-create-files = true
 # - Never use banned languages (TypeScript, Python, Go, etc.)
 # - Never place state files in repository root (must be in .machine_readable/)
 # - Never use AGPL license (use PMPL-1.0-or-later)
+# - Never write Dafny by hand — dafniser generates all Dafny from TOML specs
+# - Never bypass Z3 verification — all generated Dafny must pass verification
 
 [maintenance-integrity]
 fail-closed = true

.machine_readable/6a2/ECOSYSTEM.a2ml

@@ -6,12 +6,13 @@
   (version "0.1.0")
   (name "dafniser")
   (type "tool")
-  (purpose "Generate correct-by-construction code using Dafny")
+  (purpose "Generate correct-by-construction code for critical functions using Dafny verification and Z3 SMT solving — sorting, searching, crypto, consensus, financial algorithms")
 
   (position-in-ecosystem
     (family "-iser acceleration frameworks")
     (meta-framework "iseriser")
     (relationship "sibling")
+    (niche "Formal verification via Dafny/Z3 — proves code satisfies pre/postconditions, loop invariants, and termination")
     (top-3 ("typedqliser" "chapeliser" "verisimiser")))
 
   (related-projects
@@ -32,7 +33,13 @@
       (description "Database recovery via constraint propagation"))
     (project "proven"
       (relationship "dependency")
-      (description "Shared Idris2 verified library"))
+      (description "Shared Idris2 verified library — dafniser may use proven lemmas"))
     (project "typell"
       (relationship "dependency")
-      (description "Type theory engine"))))
+      (description "Type theory engine — potential source of type-level spec validation"))
+    (project "halideiser"
+      (relationship "sibling")
+      (description "Halide image processing acceleration — shares -iser architecture"))
+    (project "futharkiser"
+      (relationship "sibling")
+      (description "Futhark GPU acceleration — shares -iser architecture"))))

.machine_readable/6a2/META.a2ml

@@ -4,38 +4,53 @@
 
 (meta
   (version "0.1.0")
-  (last-updated "2026-03-20")
+  (last-updated "2026-03-21")
 
   (architecture-decisions
     (adr "001-iser-pattern"
       (status "accepted")
-      (context "Need to make powerful languages accessible without steep learning curves")
-      (decision "Use manifest-driven code generation: user describes WHAT, tool generates HOW")
-      (consequences "Users write zero target language code; all complexity in the -iser"))
+      (context "Need to make Dafny verification accessible without requiring users to learn Dafny syntax")
+      (decision "Use manifest-driven code generation: user describes WHAT (pre/postconditions), dafniser generates HOW (Dafny source with verification annotations)")
+      (consequences "Users write zero Dafny; all complexity in the -iser; specs are TOML, not Dafny"))
 
     (adr "002-abi-ffi-standard"
       (status "accepted")
-      (context "Need verified interop between Rust CLI, target language, and user code")
-      (decision "Idris2 ABI for formal proofs, Zig FFI for C-ABI bridge")
-      (consequences "Compile-time correctness guarantees; zero runtime overhead from proofs"))
+      (context "Need verified interop between Rust CLI, Dafny compiler, Z3, and user code")
+      (decision "Idris2 ABI for formal proofs of spec consistency; Zig FFI for C-ABI bridge to Dafny compilation and verification pipeline")
+      (consequences "Compile-time correctness guarantees for specs; zero runtime overhead from proofs"))
 
-    (adr "003-rsr-template"
+    (adr "003-dafny-verification-pipeline"
+      (status "accepted")
+      (context "Dafny uses Z3 SMT solver for automatic verification of requires/ensures/invariant/decreases")
+      (decision "Pipeline: parse TOML -> Idris2 meta-proofs -> generate .dfy -> invoke Dafny+Z3 -> parse results -> compile target")
+      (consequences "Verification failures map back to TOML locations; counterexamples shown in user terms, not Dafny terms"))
+
+    (adr "004-multi-target-compilation"
+      (status "accepted")
+      (context "Dafny compiles to C#, Java, Go, Python, JavaScript — users want verified code in their ecosystem")
+      (decision "Support all 5 Dafny targets; Zig FFI bridge wraps compiled output for C-ABI integration")
+      (consequences "One spec, five verified outputs; FFI bridge needed per target runtime"))
+
+    (adr "005-rsr-template"
       (status "accepted")
       (context "Need consistent project structure across 29+ -iser repos")
       (decision "All repos cloned from rsr-template-repo with full CI/CD and governance")
       (consequences "17 workflows, SECURITY.md, CONTRIBUTING, bot directives from day one")))
 
   (development-practices
-    (language "Rust" (purpose "CLI and orchestration"))
-    (language "Idris2" (purpose "ABI formal proofs"))
-    (language "Zig" (purpose "FFI C-ABI bridge"))
+    (language "Rust" (purpose "CLI, manifest parsing, orchestration"))
+    (language "Idris2" (purpose "ABI formal proofs — spec consistency, termination, ghost scoping"))
+    (language "Zig" (purpose "FFI C-ABI bridge to Dafny compiler and Z3"))
+    (language "Dafny" (purpose "Generated verification-aware code (never hand-written)"))
     (build-tool "cargo")
     (ci "GitHub Actions (17 workflows)"))
 
   (design-rationale
     (principle "Manifest-driven"
-      (explanation "User intent captured in TOML; all generation is deterministic and reproducible"))
+      (explanation "User intent captured in TOML — pre/postconditions, invariants, ghost variables, lemma hints; all generation is deterministic and reproducible"))
     (principle "Formally verified bridges"
-      (explanation "Idris2 dependent types prove interface correctness at compile time"))
-    (principle "Zero target language exposure"
-      (explanation "Users never write Chapel/Julia/Futhark/etc. — the -iser handles everything"))))
+      (explanation "Idris2 dependent types prove spec consistency at compile time — no contradictory requires/ensures, well-founded decreases, ghost variables stay ghost"))
+    (principle "Zero Dafny exposure"
+      (explanation "Users never write or read Dafny — the -iser handles all Dafny syntax, Z3 interaction, and target compilation"))
+    (principle "Counterexample-driven feedback"
+      (explanation "When Z3 finds a violation, dafniser maps the counterexample back to the TOML spec location with a concrete witness value"))))

.machine_readable/6a2/NEUROSYM.a2ml

@@ -1,20 +1,24 @@
 # SPDX-License-Identifier: PMPL-1.0-or-later
 # Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
 #
-# NEUROSYM.a2ml — Neurosymbolic integration metadata
+# NEUROSYM.a2ml — Neurosymbolic integration metadata for dafniser
 # Configuration for Hypatia scanning and symbolic reasoning.
 
 [metadata]
 version = "0.1.0"
-last-updated = "{{CURRENT_DATE}}"
+last-updated = "2026-03-21"
 
 [hypatia-config]
 scan-enabled = true
 scan-depth = "standard"  # quick | standard | deep
 report-format = "logtalk"
 
 [symbolic-rules]
-# Custom symbolic rules for this project
+# Custom symbolic rules for dafniser:
+# - Ensure generated Dafny always has requires/ensures on every method
+# - Ensure decreases annotations on all recursive functions and loops
+# - Ensure ghost variables never leak into runtime code paths
+# - Ensure lemma dependency graph is acyclic (DAG)
 # - { name = "no-unsafe-ffi", pattern = "believe_me|unsafeCoerce", severity = "critical" }
 
 [neural-config]

.machine_readable/6a2/PLAYBOOK.a2ml

@@ -1,25 +1,26 @@
 # SPDX-License-Identifier: PMPL-1.0-or-later
 # Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
 #
-# PLAYBOOK.a2ml — Operational playbook
+# PLAYBOOK.a2ml — Operational playbook for dafniser
 # Runbooks, incident response, deployment procedures.
 
 [metadata]
 version = "0.1.0"
-last-updated = "{{CURRENT_DATE}}"
+last-updated = "2026-03-21"
 
 [deployment]
-# method = "gitops"  # gitops | manual | ci-triggered
-# target = "container"  # container | binary | library | wasm
+method = "ci-triggered"
+target = "binary"  # Rust CLI binary; Zig FFI shared library
 
 [incident-response]
-# 1. Check .machine_readable/STATE.a2ml for current status
+# 1. Check .machine_readable/6a2/STATE.a2ml for current status
 # 2. Review recent commits and CI results
 # 3. Run `just validate` to check compliance
 # 4. Run `just security` to audit for vulnerabilities
+# 5. If Dafny verification is failing, check Z3 version compatibility
 
 [release-process]
-# 1. Update version in STATE.a2ml, META.a2ml, Justfile
+# 1. Update version in STATE.a2ml, META.a2ml, Cargo.toml, Justfile
 # 2. Run `just release-preflight` (validate + quality + security + maint-hard-pass)
 # 3. Optional local permission hardening: `just perms-snapshot && just perms-lock`
 # 4. Tag and push

.machine_readable/6a2/STATE.a2ml

@@ -5,31 +5,34 @@
 (state
   (metadata
     (version "0.1.0")
-    (last-updated "2026-03-20")
+    (last-updated "2026-03-21")
     (author "Jonathan D.A. Jewell"))
 
   (project-context
     (name "dafniser")
-    (description "Generate correct-by-construction code using Dafny")
+    (description "Generate correct-by-construction code for critical functions using Dafny verification and Z3 SMT solving")
     (status "scaffold")
     (priority "—")
     (ecosystem "-iser family (https://github.com/hyperpolymath/iseriser)"))
 
   (current-position
-    (phase "initial-scaffold")
-    (completion-percentage 5)
-    (milestone "Architecture defined, CLI scaffolded, RSR template complete"))
+    (phase "scaffold-complete")
+    (completion-percentage 10)
+    (milestone "Architecture defined, CLI scaffolded, bespoke Idris2 ABI types (Precondition, Postcondition, LoopInvariant, GhostVariable, Lemma, VerificationResult, SpecTree), Zig FFI with Dafny pipeline stubs, TOPOLOGY documented"))
 
   (route-to-mvp
-    (step 1 "Replace codegen stubs with target-language-specific generation")
-    (step 2 "Implement Idris2 ABI proofs for core invariants")
-    (step 3 "Build Zig FFI bridge")
-    (step 4 "Integration tests with real-world examples")
-    (step 5 "Documentation and examples"))
+    (step 1 "Define dafniser.toml schema for function specs with requires/ensures/invariant/decreases/ghost")
+    (step 2 "Implement spec parser in Rust (manifest/ module)")
+    (step 3 "Generate Dafny source with verification annotations (codegen/ module)")
+    (step 4 "Integrate Z3 verification — invoke dafny verify, parse results, map failures to TOML locations")
+    (step 5 "Multi-target compilation — Dafny to C#/Java/Go/Python/JavaScript")
+    (step 6 "Idris2 meta-proofs: spec consistency, termination, ghost scoping, lemma DAG")
+    (step 7 "First working end-to-end example: verified sorting algorithm"))
 
   (blockers-and-issues
-    (none "Project is in scaffold phase — no blockers yet"))
+    (none "Project is in scaffold phase with bespoke architecture — no blockers yet"))
 
   (critical-next-actions
-    (action "Implement codegen for primary use case")
-    (action "Write first working example end-to-end")))
+    (action "Define dafniser.toml manifest schema with Dafny-specific fields")
+    (action "Implement spec parser for requires/ensures/invariant/decreases clauses")
+    (action "Write first Dafny codegen template for a sorting algorithm")))

0-AI-MANIFEST.a2ml

@@ -1,19 +1,29 @@
-# ⚠️ STOP - CRITICAL READING REQUIRED
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# 0-AI-MANIFEST.a2ml — Universal AI agent entry point for dafniser
+
+# STOP - CRITICAL READING REQUIRED
 
 **THIS FILE MUST BE READ FIRST BY ALL AI AGENTS**
 
 ## WHAT IS THIS?
 
-This is the AI manifest for **[YOUR-REPO-NAME]**. It declares:
-- Canonical file locations (where things MUST be, and nowhere else)
-- Critical invariants (rules that must NEVER be violated)
-- Repository structure and organization
+This is the AI manifest for **dafniser** — a tool that generates
+correct-by-construction code for critical functions using Dafny.
+
+Dafniser takes function specifications (pre/postconditions, loop invariants,
+ghost variables, lemma hints) from a TOML manifest, generates Dafny source
+with `requires`/`ensures`/`invariant`/`decreases` annotations, verifies
+them via Z3, and compiles to C#, Java, Go, Python, or JavaScript.
+
+Part of the hyperpolymath -iser family (https://github.com/hyperpolymath/iseriser).
 
 ## CANONICAL LOCATIONS (UNIVERSAL RULE)
 
 ### Machine-Readable Metadata: `.machine_readable/` ONLY
 
-These 6 a2ml files MUST exist in `.machine_readable/` directory ONLY:
+These 6 a2ml files MUST exist in `.machine_readable/6a2/` directory ONLY:
 1. **STATE.a2ml** - Project state, progress, blockers
 2. **META.a2ml** - Architecture decisions, governance
 3. **ECOSYSTEM.a2ml** - Position in ecosystem, relationships
@@ -55,7 +65,7 @@ Policy enforcement contracts (k9, dust, lust, must, trust).
 ### AI Configuration & Guides: `.machine_readable/ai/` ONLY
 
 - `AI.a2ml` - Language-specific or LLM-specific patterns
-- `PLACEHOLDERS.md` - Bootstrap guide
+- `PLACEHOLDERS.adoc` - Bootstrap guide
 
 ### Community & Forge Metadata: `.github/` ONLY
 
@@ -70,6 +80,40 @@ Policy enforcement contracts (k9, dust, lust, must, trust).
 
 - `0-AI-MANIFEST.a2ml` - THIS FILE (universal entry point)
 
+## REPOSITORY STRUCTURE
+
+```
+dafniser/
+├── 0-AI-MANIFEST.a2ml         # THIS FILE (start here)
+├── README.adoc                 # What dafniser does and why
+├── ROADMAP.adoc                # Phase 0-6 roadmap
+├── CONTRIBUTING.adoc           # Human contribution guide
+├── Justfile                    # Task runner
+├── Containerfile               # OCI build (Chainguard base)
+├── Cargo.toml                  # Rust CLI dependencies
+├── LICENSE                     # PMPL-1.0-or-later
+├── src/
+│   ├── main.rs                 # CLI entry point (init/validate/generate/build/run/info)
+│   ├── lib.rs                  # Library API
+│   ├── manifest/               # TOML manifest parser and spec extraction
+│   ├── codegen/                # Dafny source generation with verification annotations
+│   └── interface/              # Verified Interface Seams
+│       ├── abi/                # Idris2 ABI (Types, Layout, Foreign)
+│       │   ├── Types.idr       # Precondition, Postcondition, LoopInvariant,
+│       │   │                   # GhostVariable, Lemma, VerificationResult, SpecTree
+│       │   ├── Layout.idr      # Memory layout proofs for ABI types
+│       │   └── Foreign.idr     # FFI declarations (Dafny compile, Z3 verify, target compile)
+│       ├── ffi/                # Zig FFI (The Bridge)
+│       │   ├── build.zig       # Build config (shared + static libs)
+│       │   ├── src/main.zig    # C-ABI implementation of Foreign.idr
+│       │   └── test/           # Integration tests
+│       └── generated/          # C Headers (auto-generated from Idris2 ABI)
+├── docs/
+│   └── architecture/
+│       └── TOPOLOGY.md         # Module topology and data flow diagram
+└── .machine_readable/          # ALL machine-readable metadata (6a2/ subdirectory)
+```
+
 ## CORE INVARIANTS
 
 1. **No state file duplication** - Root must NOT contain STATE.a2ml, META.a2ml, etc.
@@ -80,42 +124,16 @@ Policy enforcement contracts (k9, dust, lust, must, trust).
 6. **Container images** - MUST use Chainguard base (`cgr.dev/chainguard/wolfi-base:latest` or `cgr.dev/chainguard/static:latest`)
 7. **Container runtime** - Podman, never Docker. Files are `Containerfile`, never `Dockerfile`
 8. **Container orchestration** - `selur-compose`, never `docker-compose`
-
-## REPOSITORY STRUCTURE
-
-This repo follows the **Dual-Track** architecture:
-
-```
-[YOUR-REPO-NAME]/
-├── 0-AI-MANIFEST.a2ml         # THIS FILE (start here)
-├── README.adoc                 # High-level orientation (Rich Human)
-├── ROADMAP.adoc                # Future direction
-├── CONTRIBUTING.adoc           # Human contribution guide
-├── GOVERNANCE.adoc             # Decision-making model
-├── Justfile                    # Task runner
-├── Containerfile               # OCI build
-├── LICENSE                     # Primary license
-├── src/                        # Source code
-│   └── interface/              # Verified Interface Seams
-│       ├── abi/                # Idris2 ABI (The Spec)
-│       ├── ffi/                # Zig FFI (The Bridge)
-│       └── generated/          # C Headers (The Result)
-├── container/                  # Stapeln container ecosystem
-├── docs/                       # Technical depths
-│   ├── attribution/            # Citations, owners, maintainers (adoc)
-│   ├── architecture/           # Topology, diagrams
-│   ├── theory/                 # Domain theory
-│   └── practice/               # Manuals
-├── docs/legal/                  # Legal exhibits and full texts
-└── .machine_readable/          # ALL machine-readable metadata
-```
+9. **Dafny pipeline order** - Always: parse spec -> meta-prove (Idris2) -> generate .dfy -> verify (Z3) -> compile target
+10. **No manual Dafny** - Users never write Dafny; dafniser generates everything from TOML specs
 
 ## SESSION STARTUP CHECKLIST
 
-✅ Read THIS file (0-AI-MANIFEST.a2ml) first
-✅ Understand canonical location: `.machine_readable/`
-✅ State understanding of canonical locations
+1. Read THIS file (0-AI-MANIFEST.a2ml) first
+2. Understand canonical location: `.machine_readable/`
+3. Read `.machine_readable/6a2/STATE.a2ml` for current project state
+4. State understanding of canonical locations
 
 ## ATTESTATION PROOF
 
-**"I have read the AI manifest. All machine-readable content (state files, anchors, policies, bot directives, contractiles, AI guides) is located in `.machine_readable/` ONLY, and community metadata is in `.github/`. I will not create duplicate files in the root directory."**
+**"I have read the AI manifest for dafniser. All machine-readable content (state files, anchors, policies, bot directives, contractiles, AI guides) is located in `.machine_readable/` ONLY, and community metadata is in `.github/`. I will not create duplicate files in the root directory."**