High-integrity, safety-critical site generation in Ada/SPARK. "Anvil" — The iron-clad forge of correctness. A generator built for systems where a build failure is not just an error, but a safety risk.
-
High-Integrity Systems Engineers who demand mathematical proof of software correctness.
-
Aerospace and Medical Architects requiring documentation tools that meet DO-178C or ISO 26262 standards.
-
Security Purists who want to eliminate all categories of runtime errors through formal verification.
By using the SPARK subset of Ada, anvil-ssg provides mathematical proof that the generator is free from buffer overflows, division by zero, and uninitialised variables. It is the "Hardened Shield" of the poly-ssg family.
Templates and content-loaders use strict preconditions and postconditions. The engine proves that if the input satisfies the contract, the output is guaranteed to be valid HTML/CSS, leaving no room for "heisenbugs."
Ada’s disciplined approach to memory ensures that anvil-ssg operates with a predictable footprint. This makes it the premier choice for ASICs and Minix-based systems where memory leaks are unacceptable.
# Setup GNAT and SPARK tools via asdf
just setup
# Run the SPARK prover to verify the site logic
just prove
# Compile the verified SSG core
just build-
Formally Proven Core - Zero runtime errors via GNATprove.
-
Strong Typing Discipline - Total separation of content and presentation types.
-
Podman-First - Hardened build containers for high-integrity environments.
-
Multi-Arch - Verified for RISC-V, x86_64, and ARM.
