MCP server that gives LLMs access to formal verification via Z3 (SMT solver) and Tau Prolog, plus tree-sitter-based source code analysis. Translates natural language problems into formal logic using a template-based pipeline, verifies results with mathematical certainty, and analyzes call graphs for reachability, dead code, and impact analysis.
- "Can our RBAC rules ever conflict?" ā Z3 finds the exact role/action/resource triple where allow and deny both fire
- "Find compatible package versions" ā Z3 solves dependency constraints with incompatibility rules, returns a valid assignment or proves none exists
- "Can user input reach the database?" ā Prolog traces all paths through the call graph, flags taint flows to sensitive sinks
- "Are our frontend and backend validations consistent?" ā Z3 finds concrete inputs that pass one but fail the other (e.g. age=15 passes frontend min=13 but fails backend min=18)
- "Does our workflow have dead-end or unreachable states?" ā Prolog checks reachability from the initial state, identifies orphaned and terminal nodes
- "What's the dead code in this module?" ā tree-sitter parses source files, Prolog finds functions unreachable from any entry point
- "What breaks if I change this function?" ā call graph impact analysis shows all transitive callers
npm install -g chiasmusclaude mcp add chiasmus -- npx -y chiasmusOr add to ~/.claude/settings.json:
{
"mcpServers": {
"chiasmus": {
"command": "npx",
"args": ["-y", "chiasmus"]
}
}
}Add to crush.json:
{
"mcp": {
"chiasmus": {
"type": "stdio",
"command": "npx",
"args": ["-y", "chiasmus"]
}
}
}Add to opencode.json:
{
"mcp": {
"chiasmus": {
"type": "local",
"command": ["npx", "-y", "chiasmus"]
}
}
}chiasmus_verify ā Submit raw SMT-LIB or Prolog, get a verified result. Z3 UNSAT results include an unsatCore showing which assertions conflict. Prolog supports explain=true for derivation traces showing which rules fired.
chiasmus_verify solver="z3" input="
(declare-const x Int)
(assert (! (> x 10) :named gt10))
(assert (! (< x 5) :named lt5))
"
ā { status: "unsat", unsatCore: ["gt10", "lt5"] }
chiasmus_verify solver="prolog"
input="parent(tom, bob). parent(bob, ann). ancestor(X,Y) :- parent(X,Y). ancestor(X,Y) :- parent(X,Z), ancestor(Z,Y)."
query="ancestor(tom, Who)."
explain=true
ā { status: "success", answers: [...], trace: ["ancestor(tom,bob)", "ancestor(bob,ann)", "ancestor(tom,ann)"] }
chiasmus_verify also accepts format="mermaid" with solver="prolog" to parse Mermaid flowcharts and state diagrams directly into Prolog facts:
chiasmus_verify solver="prolog" format="mermaid"
input="graph TD\n UserInput --> Validator\n Validator --> DB\n Validator --> Logger"
query="reaches(userinput, db)."
ā { status: "success", answers: [{}] }
chiasmus_verify solver="prolog" format="mermaid"
input="stateDiagram-v2\n Idle --> Active : start\n Active --> Done : finish"
query="can_reach(idle, done)."
ā { status: "success", answers: [{}] }
chiasmus_graph ā Analyze source code call graphs via tree-sitter + Prolog. Parses source files, extracts cross-module call graphs, runs formal analyses.
Built-in language support: TypeScript, JavaScript, Python, Go, Clojure/ClojureScript. Additional languages can be added via custom adapters.
chiasmus_graph files=["src/server.ts", "src/db.ts"] analysis="callers" target="query"
ā { analysis: "callers", result: ["handleRequest"] }
chiasmus_graph files=["src/**/*.ts"] analysis="dead-code"
ā { analysis: "dead-code", result: ["unusedHelper", "legacyParser"] }
chiasmus_graph files=["app.py", "db.py"] analysis="reachability" from="handle" to="connect"
ā { analysis: "reachability", result: { reachable: true } }
chiasmus_graph files=["main.go", "handler.go"] analysis="impact" target="Query"
ā { analysis: "impact", result: ["Handle", "main"] }
Analyses: summary, callers, callees, reachability, dead-code, cycles, path, impact, facts.
chiasmus_skills ā Search the template library. Ships with 8 starter templates covering authorization, configuration, dependency resolution, validation, rule inference, and graph reachability. By-name lookups include related template suggestions.
chiasmus_formalize ā Find the best template for a problem, get slot-filling instructions plus suggestions for related verification checks. Fill the slots using your context, then call chiasmus_verify.
chiasmus_solve ā End-to-end: selects template, fills slots via LLM, runs lint and correction loops with enriched feedback (unsat cores, structured error classification), returns a verified result. Optional ā the same result is achieved by using chiasmus_formalize ā fill slots ā chiasmus_verify, which is the recommended workflow since the calling LLM has full conversation context.
chiasmus_craft ā Create a new template and add it to the skill library. The calling LLM designs the template ā no API key needed. Describe a problem type, then submit a skeleton with {{SLOT:name}} markers, slot definitions, and normalization recipes. Validates slot/skeleton consistency and name uniqueness. Optionally tests the example through the solver.
chiasmus_craft name="api-rate-limit" domain="configuration" solver="z3"
signature="Check if rate limit configs across services are consistent"
skeleton="{{SLOT:declarations}}\n(assert (not (= {{SLOT:limit_a}} {{SLOT:limit_b}})))"
slots=[{name: "declarations", ...}, {name: "limit_a", ...}, {name: "limit_b", ...}]
normalizations=[{source: "YAML config", transform: "Map rate limits to Int constants"}]
ā { created: true, template: "api-rate-limit", slots: 3 }
After creation, the template appears in chiasmus_skills searches and chiasmus_formalize.
chiasmus_learn ā Extract a reusable template from a verified solution. Candidates get promoted after 3+ successful reuses.
chiasmus_lint ā Fast structural validation of specs without running the solver.
The calling LLM (Claude, GPT, etc.) drives the process ā no API key needed:
chiasmus_formalize problem="Can our RBAC rules ever conflict?"ā get template + slot instructions- Fill the template slots using your knowledge of the user's codebase
chiasmus_verify solver="z3" input="(filled spec)"ā get verified result- If error ā read the error, fix the spec, call
chiasmus_verifyagain
Use a solver when the LLM alone can't guarantee correctness:
- "Does this hold for ALL inputs?" ā solvers prove universally, LLMs just check examples
- "Do these rules ever conflict?" ā contradiction detection over combinatorial spaces
- "Can X reach Y through any path?" ā transitive closure / reachability
- Access control, configs, dependencies ā where correctness is non-negotiable
Use chiasmus_graph when you need structural reasoning about code:
- "What calls this function?" ā impact analysis before refactoring
- "What's dead code?" ā find functions unreachable from entry points
- "Can user input reach this SQL query?" ā taint analysis via call graph reachability
- "What breaks if I change X?" ā blast radius via reverse reachability
- "Are there circular dependencies?" ā cycle detection in call graphs
When an LLM needs to understand code structure, it typically greps for function names and manually traces call chains. This works for direct references but breaks down for transitive questions. Here's a real comparison using chiasmus's own codebase:
Question: "What's the blast radius of changing lintSpec?"
With grep, this takes multiple rounds ā first find direct callers, then callers of those callers, reconstructing the chain manually:
grep lintSpec src/**/*.ts ā found in engine.ts (lintLoop) and mcp-server.ts (handleLint)
grep lintLoop src/**/*.ts ā called from solve() at lines 75 and 87
grep handleSolve src/**/*.ts ā called from createChiasmusServer switch...
Three rounds of grep, manual reasoning at each step, and you've still only traced part of the chain. With chiasmus_graph, one call gives the complete transitive answer:
chiasmus_graph analysis="impact" target="lintSpec"
ā ["lintLoop", "handleLint", "solve", "correctionLoop",
"handleVerify", "handleSolve", "handleGraph",
"createChiasmusServer", "runAnalysis", "runAnalysisFromGraph"]
10 affected functions found in a single call ā including paths through correctionLoop and runAnalysis that the grep approach missed entirely.
The same applies to other structural questions:
| Question | Grep | chiasmus_graph |
|---|---|---|
| Impact of changing X | Multiple greps + manual trace; misses transitive paths | 1 call, complete transitive chain |
| Dead code detection | Grep every function name against all call sites ā impractical | 1 call, definitive answer |
| Can A reach B? | Manually reconstruct call chain across files | 1 call, true/false |
| Call chain AāB | Multiple greps, mentally reconstruct path | 1 call, exact chain e.g. [handleSolve,solve,lintLoop,lintSpec] |
The key difference: grep finds string matches, chiasmus_graph answers structural questions. Transitive reachability, dead code, and impact analysis are formally impossible with grep alone.
Add tree-sitter support for any language by publishing an npm package named chiasmus-adapter-<language>. Chiasmus auto-discovers these at startup.
// chiasmus-adapter-rust/index.ts
import type { LanguageAdapter } from "chiasmus/adapter";
const adapter: LanguageAdapter = {
language: "rust",
extensions: [".rs"],
grammar: { package: "tree-sitter-rust" },
extract(rootNode, filePath) {
const defines = [];
const calls = [];
// Walk the tree-sitter AST and populate defines, calls, imports, etc.
// ... your language-specific extraction logic ...
return { defines, calls, imports: [], exports: [], contains: [] };
},
};
export default adapter;Install alongside chiasmus and enable adapter discovery in ~/.chiasmus/config.json:
npm install chiasmus-adapter-rust{
"adapterDiscovery": true
}Adapter discovery is off by default to keep startup fast. Enable it when you have custom adapters installed.
An adapter can export searchPaths to point to directories containing additional adapter modules (.js/.mjs files). This is useful for loading adapters from non-standard locations:
export default {
language: "rust",
extensions: [".rs"],
grammar: { package: "tree-sitter-rust" },
extract(rootNode, filePath) { /* ... */ },
searchPaths: ["/shared/company-adapters"],
};| Field | Type | Description |
|---|---|---|
language |
string |
Language identifier (e.g., "rust") |
extensions |
string[] |
File extensions (e.g., [".rs"]) |
grammar |
object |
Tree-sitter grammar: { package, moduleExport? } for native or { package, wasmFile, wasm: true } for WASM |
extract |
(rootNode, filePath) => CodeGraph |
Walks the AST and returns { defines, calls, imports, exports, contains } |
searchPaths |
string[] (optional) |
Additional directories to scan for adapter modules |
Built-in languages always take precedence over adapters with the same extensions.
| Variable | Default | Purpose |
|---|---|---|
CHIASMUS_HOME |
~/.chiasmus/ |
Database, skill storage, and config |
ANTHROPIC_API_KEY |
ā | Optional: Anthropic provider for autonomous mode |
DEEPSEEK_API_KEY |
ā | Optional: DeepSeek provider for autonomous mode |
OPENAI_API_KEY |
ā | Optional: OpenAI provider for autonomous mode |
CHIASMUS_API_URL |
per provider | Override API base URL (e.g. for local models via Ollama) |
CHIASMUS_MODEL |
per provider | Override model name |
Providers are checked in order: Anthropic ā DeepSeek ā OpenAI. Only one key is needed for autonomous mode (chiasmus_solve, chiasmus_learn). When used from Claude Code, Crush, or OpenCode, no API key is needed ā the calling LLM handles template filling directly.
| Key | Default | Purpose |
|---|---|---|
adapterDiscovery |
false |
Scan node_modules for chiasmus-adapter-* packages at startup |
Apache-2.0