Ochránce is a neurosymbolic filesystem verification framework built with Idris2 dependent types. It provides mathematically proven guarantees about filesystem integrity through:
-
A2ML (Attestation & Audit Markup Language) - A formally specified markup for filesystem manifests
-
Verified Merkle trees - Size-indexed binary trees with compile-time structure proofs
-
Linear type repair - Filesystem repair operations that prevent use-after-repair bugs
-
ECHIDNA integration - Neural proof synthesis for automated verification
┌─────────────────────────────────────────────┐
│ Ochránce (Idris2) │
│ │
│ A2ML Parser/Validator ←→ Merkle Trees │
│ ↓ ↓ │
│ VerifiedSubsystem Interface │
│ ↓ │
│ Filesystem Module (reference impl) │
└──────────────┬──────────────────────────────┘
│ C FFI
↓
┌──────────────────────────────────────────────┐
│ ECHIDNA (Rust/Julia) │
│ Neural proof synthesis + Multi-prover │
└──────────────────────────────────────────────┘| Mode | Description |
|---|---|
Lax |
Parse manifest only, skip hash verification |
Checked |
Verify all block hashes match Merkle root |
Attested |
Checked + verify cryptographic attestation signature |
This repo is the reference implementation of the Filesystem module defined in the ochrance-framework repository.
The framework defines the broader VerifiedSubsystem interface and four planned subsystem
modules (Filesystem, Memory, Network, Crypto). This repo (ochrance) provides the concrete,
working implementation of the Filesystem module using Idris2 dependent types and Zig FFI.
The two repos are complementary, not duplicates:
-
ochrance (this repo) — concrete filesystem verification implementation (~80% complete)
-
ochrance-framework — abstract modular framework for all four subsystems (~10% complete)
SPDX-License-Identifier: PMPL-1.0-or-later
Copyright © 2026 Jonathan D.A. Jewell. All rights reserved.
See TOPOLOGY.md for a visual architecture map and completion dashboard.