V0.9.0 Production-real on Sepolia View release →

where cryptographic guarantees become language primitives

Try in Playground → View on GitHub → Read OMEGA V5 → Read the Manifesto
01 — Architecture

Styx Protocol: four cryptographic layers

Styx is Covenant's native runtime, not a dependency. Four named layers — each responsible for a distinct class of cryptographic guarantee. The compiler verifies that compositions across layers are sound.

Fortress Post-quantum keys

CRYSTALS-Kyber-1024 + Dilithium-5. Identity substrate for all layers.

NIST PQC · ERC-8231
Veil Homomorphic computation

TFHE via tfhe-rs. Operate on encrypted data without decrypting.

FHE BLIND · ERC-8227
Prism Zero-knowledge proofs

Nova IVC folding + Halo2 SNARK. Selective state disclosure.

ZK RECURSIVE · ERC-8229
Oblivion Cryptographic amnesia

Shamir SSS + Wesolowski VDF + ZK destruction proofs (commitment placeholder in V0.9; real primitives in V1.0).

AMNESIA · Covenant ceremony

The integration between these four layers is where the most dangerous bugs live in existing systems. Covenant's type system makes such bugs inexpressible. Read the full architecture →

02 — Audited

OMEGA V4 + V5 — two self-audits, all findings resolved

Before V0.7 GA shipped, the compiler and runtime underwent a complete OMEGA V4 self-audit — 41 findings across all severity levels. All findings remain resolved through V0.9. V0.8 added 9 OMEGA V4 verifications (8 verified + 1 mitigated, fully resolved in V0.9). V0.9 cleared OMEGA V5 — 10-point self-audit, all GO, 1206 tests, 0 clippy warnings. Both audits are internal to Kairos Lab; an independent third-party audit is the gate for V1.0 mainnet.

5 Critical resolved
8 High resolved
8 Medium resolved
6 Low resolved
9 Informational resolved
41 Total 0 open

Critical findings (all resolved)

  • KSR-CVN-001 IrGuard node was never codegenned — on-chain guard clauses silently dropped
  • KSR-CVN-002 STATICCALL success flag discarded — failed external calls treated as success
  • KSR-CVN-003 Stale memory region forged VEIL verification — decryption bypassed under specific alloc patterns
  • KSR-CVN-004 No re-initialisation guard on Styx runtime — double-init corrupted cryptographic state
  • KSR-CVN-005 Ceremony phase transitions unchecked — attacker could skip phases and claim invalid proofs
Read the full audit writeup → PoCs on GitHub → Install V0.9 →
03 — The proof point

The same logic. Two languages.

A private vote function — FHE computation, post-quantum identity, cryptographic amnesia on exit. In Solidity, this requires ~220 lines of integration glue and compiler-invisible contracts between libraries. In Covenant, the type system enforces every invariant.

Solidity manual integration · compiler-invisible 
// integration glue (~220 lines above)
function processPrivateVote(
    bytes calldata ciphertext,
    bytes calldata pqSignature,
    bytes calldata zkProof,
    bytes calldata publicInputs
) external {
    // manual key identity check
    require(
      IFHE(fheLib).verifyKey(pqSignature,
        voterRegistry[msg.sender]),
      "key mismatch"); // not enforced
    require(
      IZKVerifier(zkLib).verify(
        zkProof, publicInputs),
      "proof invalid");
    uint256 vote =
      IFHE(fheLib).decrypt(
        voterKey, ciphertext); // assumed
    _tally(vote);
    // destroy — ordering unenforced
    IForget(amnesiaLib).destroy(ciphertext);
    IForget(amnesiaLib).destroy(pqSignature);
}
Covenant compiler-enforced · type-safe · 6 lines 
// key identity enforced by type system
fn process_private_vote(
    vote:  fhe<u256>,
    voter: identity<pq>
) -> amnesia {
    // @non_reentrant        auto-injected
    // privacy flow          verified
    // compiled to           2,847 bytes
    let cleartext = decrypt(
        vote, voter.key); // key — enforced
    self.tally(cleartext);
} // amnesia auto-triggered on exit

22 lines, 4 libraries, 0 compiler checks. Key identity, proof validity, and destruction ordering are all convention — invisible to the compiler. One misordered call, one wrong key reference: a silent bug in production.

6 lines, 1 language, full compiler coverage. The identity<pq> type carries the key. amnesia return type enforces destruction. None of this can be skipped.

04 — Install

Get the audited compiler

Covenant V0.9 GA ships a full toolchain: compiler, Foundry-class CLI (test, fmt, doctor, lint, init), LSP, VS Code extension, and a gas-regression benchmark. Three targets (EVM, Aster Chain, WebAssembly). One command to start.

# build from source (silent-deploy — crates.io publish deferred) git clone https://github.com/Valisthea/covenant-lang && cd covenant-lang && cargo build --release --bin covenant
Compiler + CLI Cargo Rust stable (1.81+) · 22-crate workspace · OMEGA V5 cleared 
# build
cargo build --release --bin covenant

# verify
./target/release/covenant --version
# covenant 0.9.0

# compile for EVM (default MockChain target)
covenant build contract.cov

# compile for live Sepolia helper-contract bridge
covenant build contract.cov \
  --target-chain sepolia

# diagnose your local toolchain
covenant doctor

# run the test runner with action coverage
covenant test --coverage
Editor VS Code Extension Syntax · LSP · 21+ security detectors 
# VSIX attached to the GitHub release (extension at 0.8.2; V0.9 source compatible)
code --install-extension \
  covenant-lang-0.8.2.vsix

# or via marketplace (post V1.0 GA)
kairos-lab.covenant-lang
Covenant Language Support in VS Code — inline diagnostics, type inference, and security warnings on secret_vault.cov

Inline diagnostics in action — E421 (no matching field admin), W003 (reentrancy window) — caught at edit time, not at audit time.

Full install docs → OMEGA V5 (V0.9) → OMEGA V4 (V0.6) →
04b — What's new

What's new in V0.9

V0.9 is the helper-bridge release. Covenant contracts now reach Sepolia via the helper-contract bridge: a real ceremony state machine + auto-synthesized ERC-721 / ERC-8231 surfaces, with cryptographic primitives stubbed by mocked helpers (real TFHE / Dilithium / Halo2 / Wesolowski VDF land in V1.0 alongside the third-party audit and mainnet helpers). Three new top-level constructs (nft, registry, interface) bring ERC-721 and the PQ key registry to 5-line declarations. Foundry-class CLI tooling, a 6-rule linter for Solidity-isms, OMEGA V5 self-audit cleared. Fully backward compatible — V0.8 .cov files compile unchanged.

Live on Sepolia

Ceremony state machine + auto-synth ERC-721 deployed and exercised on Sepolia via the helper-contract bridge. Cryptographic primitives (FHE, PQ, ZK, VDF, Shamir) stubbed by mocked helpers in V0.9 — real implementations in V1.0.

M1 · First ceremony on Sepolia →

NFTs in 5 lines

The nft construct auto-synthesizes the entire ERC-721 surface. Name, symbol, base_uri — that's all you write.

nft CoolApes {
    name: "Cool Apes"
    symbol: "APE"
    base_uri: "https://api.example.com/"
}

Post-Quantum Registry

registry ships ERC-8231 — Dilithium-5 key registration, update, revocation. The migration path from ECDSA to post-quantum.

View the fixture →

Foundry-class CLI

Per-test isolation, name-heuristic coverage, format gates, environment doctor — a complete developer toolchain (watch mode + IR-instrumented coverage in V0.9.x).

covenant test --coverage
covenant fmt --check
covenant doctor
covenant init my-token

Smart Linter

6 rules catch Solidity-isms on paste. mapping()map<>, functionaction, //--. One-click fix in Monaco + VSCode.

View detector list →

OMEGA V5 Audit

10-point self-audit, all GO. 1206 tests passing, 0 clippy warnings, 9 audit fixtures compile end-to-end on both MockChain and Sepolia.

Read the audit report →
Testnet-only by design. V0.9 helper contracts are deployed on Sepolia. Mainnet deployment follows V1.0, gated on external audit by a third-party firm.

Read the V0.9 release notes →  ·  V0.8 → V0.9 migration guide →

05 — Verified on Sepolia
Live on Ethereum · Sepolia Testnet · April 2026

Three milestones. Externally verifiable.

A proof of concept is not a proof. These are deployments — real contracts, real transactions, on Etherscan.

M0

First Covenant contract on Sepolia

A record Hello — the simplest possible Covenant contract — deployed and interacted with on Sepolia. Compiler V0.9 → real EVM bytecode → deployed transaction.

0xab083fc4…018671 on Etherscan ↗
M1

First ceremony lifecycle on Sepolia

Full ceremony lifecycle: setup → submit_share → finalize → destroy. Helper-contract bridge in production. Destruction commitment irrevocable. Verifiable by anyone.

0x2FB87d54…e916D on Etherscan ↗
M2

First auto-synth ERC-721 NFT on Sepolia

A 4-line nft AuditNFT { ... } source compiled by Covenant V0.9 → 1235-byte ERC-721 bytecode → deployed and exercised on Sepolia (mint #1, mint #2, transfer, burn-via-zero). Indistinguishable from Solidity-authored ERC-721 to wallets, OpenSea, and indexers.

0xf8d9895c…4bc25 on Etherscan ↗
Compiler Covenant V0.9
Workspace Rust · 22 crates · 1206 tests
Audit OMEGA V5 · all GO
05b — Live tools

Interact in your browser, no install.

Every Covenant deployment listed above can be opened in two purpose-built dApps on playground.covenant-lang.org. Etherscan's Read/Write tabs require Solidity/Vyper/Yul source verification — Covenant source isn't supported there yet. These tools are the gap-filler : Covenant-native UIs that read state, send transactions, decode custom errors, and connect any wallet on any EVM chain.

Curated showcase

M2 — Audit NFT (live on Sepolia)

Side-by-side panel : the 4 lines of nft AuditNFT { ... } source on the left, live read/write interface on the right. Mint a token, transfer it, observe the empirical-finding banner that documents the V0.9.0 permissive transferFrom behavior. The vitrine for what auto-synth produces from minimal source.

Open showcase → Generic dApp · for your contracts

My Contract — Read/Write any deployed Covenant

Paste your contract address, pick the network (Sepolia · BSC · Polygon · Arbitrum · Optimism · Base · Aster), then either paste your .cov source (in-browser WASM compiler extracts the ABI) or paste raw ABI JSON. Get auto-generated Read panels (every view function, instant), Write panels (every action, MetaMask-gated), and live custom error decoding on revert. Same UX Etherscan would give Solidity contracts — but for Covenant.

Open the dApp →

Recommended flow when deploying a Covenant contract : covenant build … --target-chain=sepoliacast send --create $BYTECODE → open /contract, paste address + source. Zero frontend code required. Same path works for any EVM chain where the helper contracts are deployed (BSC, Polygon, etc. for non-cryptographic constructs work today; cryptographic constructs require deploying the 4 helper contracts on the target chain — ~5 min via the Foundry script in covenant-src/helpers/).

06 — What ships today

Working infrastructure. Not a paper.

Compiler Rust · 22-crate workspace · 1206 tests · EVM + Aster + WASM V0.9 · Shipped
17 Top-level Constructs + nft, registry, interface in V0.9 · ERC-721 + ERC-8231 auto-synthesis V0.9 · Shipped
Foundry-class CLI test, fmt, doctor, lint, init, explain · per-test isolation · name-heuristic coverage V0.9 · Shipped
LSP + Linter 21+ security detectors + 6 Solidity-ism rules · VS Code extension 0.8.2 (V0.9 source compatible; bump to 0.9.x in V0.9.x patch line) V0.9 · Shipped
Helper-Contract Bridge CeremonyHelper + FHE/PQ/ZK helpers · CREATE2 · Sepolia live V0.9 · Shipped
Playground In-browser compile + MockChain + Sepolia · 16 verified examples · cross-tab sync V0.9 · Shipped
Amnesia Ceremonies Real state machine on Sepolia · destruction commitment verified on Etherscan · real VDF + Shamir in V1.0 V0.9 · Shipped
Audit OMEGA V4 (V0.6 + V0.8) + OMEGA V5 (V0.9) · 60 findings · all GO CLEARED