where cryptographic guarantees become language primitives

Install now → Read the audit → Read the Manifesto
01 — Architecture

Styx Protocol: four cryptographic layers

Styx is Covenant's native runtime, not a dependency. Four named layers — each responsible for a distinct class of cryptographic guarantee. The compiler verifies that compositions across layers are sound.

Fortress Post-quantum keys

CRYSTALS-Kyber-1024 + Dilithium-5. Identity substrate for all layers.

NIST PQC · ERC-8231
Veil Homomorphic computation

TFHE via tfhe-rs. Operate on encrypted data without decrypting.

FHE BLIND · ERC-8227
Prism Zero-knowledge proofs

Nova IVC folding + Halo2 SNARK. Selective state disclosure.

ZK RECURSIVE · ERC-8229
Oblivion Cryptographic amnesia

Shamir SSS + Wesolowski VDF + ZK destruction proofs.

AMNESIA · ERC-8228

The integration between these four layers is where the most dangerous bugs live in existing systems. Covenant's type system makes such bugs inexpressible. Read the full architecture →

02 — Audited

OMEGA V4 — full audit, all findings resolved

Before V0.7 GA shipped, the compiler and runtime underwent a complete OMEGA V4 security audit — 41 findings across all severity levels. Every finding is resolved. The audit report and full writeup are public.

5 Critical resolved
8 High resolved
8 Medium resolved
6 Low resolved
9 Informational resolved
41 Total 0 open

Critical findings (all resolved)

  • KSR-CVN-001 IrGuard node was never codegenned — on-chain guard clauses silently dropped
  • KSR-CVN-002 STATICCALL success flag discarded — failed external calls treated as success
  • KSR-CVN-003 Stale memory region forged VEIL verification — decryption bypassed under specific alloc patterns
  • KSR-CVN-004 No re-initialisation guard on Styx runtime — double-init corrupted cryptographic state
  • KSR-CVN-005 Ceremony phase transitions unchecked — attacker could skip phases and claim invalid proofs
Read the full audit writeup → PoCs on GitHub → Install V0.7 →
03 — The proof point

The same logic. Two languages.

A private vote function — FHE computation, post-quantum identity, cryptographic amnesia on exit. In Solidity, this requires ~220 lines of integration glue and compiler-invisible contracts between libraries. In Covenant, the type system enforces every invariant.

Solidity manual integration · compiler-invisible 
// integration glue (~220 lines above)
function processPrivateVote(
    bytes calldata ciphertext,
    bytes calldata pqSignature,
    bytes calldata zkProof,
    bytes calldata publicInputs
) external {
    // manual key identity check
    require(
      IFHE(fheLib).verifyKey(pqSignature,
        voterRegistry[msg.sender]),
      "key mismatch"); // not enforced
    require(
      IZKVerifier(zkLib).verify(
        zkProof, publicInputs),
      "proof invalid");
    uint256 vote =
      IFHE(fheLib).decrypt(
        voterKey, ciphertext); // assumed
    _tally(vote);
    // destroy — ordering unenforced
    IForget(amnesiaLib).destroy(ciphertext);
    IForget(amnesiaLib).destroy(pqSignature);
}
Covenant compiler-enforced · type-safe · 6 lines 
// key identity enforced by type system
fn process_private_vote(
    vote:  fhe<u256>,
    voter: identity<pq>
) -> amnesia {
    // @non_reentrant        auto-injected
    // privacy flow          verified
    // compiled to           2,847 bytes
    let cleartext = decrypt(
        vote, voter.key); // key — enforced
    self.tally(cleartext);
} // amnesia auto-triggered on exit

22 lines, 4 libraries, 0 compiler checks. Key identity, proof validity, and destruction ordering are all convention — invisible to the compiler. One misordered call, one wrong key reference: a silent bug in production.

6 lines, 1 language, full compiler coverage. The identity<pq> type carries the key. amnesia return type enforces destruction. None of this can be skipped.

04 — Install

Get the audited compiler

Covenant V0.6 GA ships a full toolchain: compiler, CLI, LSP, and VS Code extension. One command to start.

# one command cargo install covenant-cli
Compiler + CLI Cargo Rust 1.76+ · ~15,000 lines · OMEGA V4 audited 
# install
cargo install covenant-cli

# verify
covenant --version
# Covenant V0.6.0 (OMEGA V4 audited)
Editor VS Code Extension Syntax · LSP · 21 security detectors 
# marketplace
kairos-lab.covenant-lang

# or via CLI
code --install-extension \
  kairos-lab.covenant-lang
Covenant Language Support in VS Code — inline diagnostics, type inference, and security warnings on secret_vault.cov

Inline diagnostics in action — E421 (no matching field admin), W003 (reentrancy window) — caught at edit time, not at audit time.

Full install docs → Audit report →
05 — Live on Ethereum
Live on Ethereum · Sepolia Testnet · April 2026

The first Covenant contract.

A proof of concept is not a proof. This is a deployment.

Contract address View on Sepolia Etherscan ↗
Contract Sepolia Coin
Compiler Covenant V0.6
Language Rust · ~15,000 lines
06 — What ships today

Working infrastructure. Not a paper.

Compiler Rust · ~15,000 lines · 18 crates V0.6 · Shipped
Codex 20 working examples · 4 tiers V0.4 · Shipped
CLI 870+ tests · compile, check, deploy, test V0.5 · Shipped
LSP + Linter 21+ security detectors · VS Code V0.6 · Shipped