FORMAL SPECIFICATION

ENC Protocol

Encode, Encrypt, Enclave — a formally verified protocol for log-based, verifiable, sovereign data structures.

7Layers

66Files

14,869Lines

162Theorems

What

A Formally Verified Database Protocol

ENC (Encode, Encrypt, Enclave) is a protocol for building log-based, verifiable, sovereign data structures with role-based access control. Every component — from cryptographic primitives to React frontends — is specified in Lean 4 and proven correct.

Core idea: A single Enclave structure (7 fields) determines the complete server, SDK, and frontend for any application. Three layers, one source of truth, zero redundancy.

Architecture

Seven Layers

Each layer composes from the ones below. No cycles. Every layer has a formal spec and a corresponding Lean implementation.

FTA — Theory

Abstract math. Three primitives (Values, Keys, Time), three functions (reduce, render, effect), 48 theorem obligations.

Core — Protocol

Crypto, SMT, CT, Events, RBAC, Validation, Node, SDK. 22 files, 3,361 lines.

Middleware

ECDH (1-to-1 encryption) and MLS (group ratchet). 2 files, 361 lines.

Applications

Registry, Timeline, DM, Chat, Messenger. Schema, SDK, DataView, State, Components per app.

Typeclasses

6 classes × 4 instances. 43 composition theorems proving all apps satisfy the theory.

6–7

Bridge + Codegen

Theory↔Protocol mapping, React DSL, and the three codegen targets (Server, Client, Frontend).

Data Flow

One Enclave, Three Targets

Information is defined once and flows downward. The client does not define its own type — ClientView = Enclave.

Enclave (7 fields) → Server: allRoutes, ddl, handlers

Enclave (same) → Client: reads, writes, protocol

Enclave + AppDef + CSS → Frontend: components, hooks, styles

37 axiomatized IO methods across three runtimes. Everything else — 14,869 lines — is derived, proven, or structurally enforced.

Runtime	Methods	Implementation	~JS
Server	12	Cloudflare DO API	50 lines
Client	10	fetch + WebSocket	30 lines
Frontend	8	React hooks + DOM	20 lines
Crypto	7	noble-curves	10 lines
Total	37		~110

Applications

Four Apps, One Pattern

Service	Schema	DataView	Encrypted	Reads	Writes	Components
Registry	static	✓	—	5	3	8
Timeline	static	✓	—	7	7	12
Chat	static	—	MLS	0	5	9
DM	static	—	ECDH	0	2	9

Messenger (20 components) composes DM + Chat + Timeline at the frontend layer. 58 total components, all specified in Lean.

Verification

162 Theorems

Layer	Theorems	Key results
FTA	10	Meta-theorems on the abstract framework
Core	20	SMT soundness, CT inclusion, expiry rejection
Apps	65	Schema well-formedness, all 17 writes reduce to `createCommit`
Composition	43	C1–C6 conditions satisfied for all 4 applications
Codegen	24	Route counts, capability matrix, read derivation

Guide

Reading Order

Start here. Then read the theory, then the protocol, then the architecture.

1. FTA → 2. Protocol → 3. Architecture

For Lean beginners: Lean Intro first, then Lean Proofs.

Codebase

66 Lean Files

Layer	Files	Lines	What
1 FTA	12	946	Abstract theory — pure math, no ENC knowledge
2 Core	22	3,361	Crypto, SMT, CT, Events, RBAC, Validation, Node, SDK
3 Middleware	2	361	ECDH (1-to-1) + MLS (group) encryption
4 Apps	19	7,182	Registry, Timeline, DM, Chat, Messenger
5 Typeclasses	3	1,215	6 classes × 4 instances, 43 composition theorems
6 Bridge + UI	2	967	Theory↔Protocol mapping, React component DSL
7 Codegen	3	595	Server + Client + Frontend (three duals)
	66	14,869

ENC PROTOCOL · 66 FILES · 14,869 LINES · 162 THEOREMS