Nickel configuration language tools and extensions for RSR-compliant projects. Provides typed, contract-validated configuration that enforces language policy, security policy, and infrastructure standards at build time.
| Component | Purpose | Status |
|---|---|---|
Reusable Nickel contract library ( |
Active |
|
CLI tool that audits |
Active |
|
K9 contractile templates (Kennel/Yard/Hunt) and must/trust/dust/lust files |
Stable |
# Check dependencies
just deps
# Typecheck all library modules
just build
# Run full test suite (typecheck + export validation)
just test
# Audit .ncl files for RSR compliance
./config-reporter/bin/config-reporter augmented/
# Export a Nickel config to JSON
just run augmented/examples/nickel/build.nclThe augmented/lib/proven-bridge.ncl module connects nickel-augmentation to the proven formally verified safety library. It re-exports key contracts that are backed by Idris2 dependent-type proofs via Zig FFI.
let aug = import "./lib/prelude.ncl" in
{
# Check availability
verified | Bool = aug.proven.has_proven,
# Use proven contracts
safe_path = aug.proven.SafePath,
safe_email = aug.proven.SafeEmail,
safe_string = aug.proven.SafeString,
safe_math = aug.proven.SafeMath,
}Available modules: SafeUrl, SafeCrypto, SafeVersion, SafePath, SafeEmail, SafeString, SafeMath. When the proven repo is not available at the expected sibling path, has_proven reports false and the prelude import will fail at typecheck time (use the non-proven contracts in security.ncl as a fallback).
Nickel augments existing config — it does not replace governance or runtime systems:
-
Nickel generates, Scheme governs —
.machine_readable/6a2/STATE.a2mlremains the source of truth -
Contracts, not code — if you’re writing loops, use ReScript/Rust instead
-
Build-time validation — catches config errors before deployment
See augmented/README.adoc for the full boundary specification.
