HN Showcase
Back to browse
GitHub Repository

The spec of leaderless log protocol used in Ursa

38 starsTLA

Formally Verified Leaderless Log Protocol for Kafka

by sijieg·Apr 10, 2026·5 points·1 comment
Visit ProjectView on HN

AI Analysis

●●●BangerBig BrainWizardry

TLA+ verification caught production bugs that years of testing missed.

Strengths
  • 200K state verification found design bugs production use never caught
  • Coordination-delegated pattern eliminates leader election overhead entirely
  • Spec-to-code workflow with Claude Code produces working implementations
Weaknesses
  • Niche audience—only matters if you're building distributed logs
  • Reference implementation is S3-based, not the full Ursa engine
Target Audience

Distributed systems engineers, database developers

Similar To

Kafka · Apache BookKeeper · Pulsar

Post Description

We open-sourced the TLA+ and Fizzbee verified spec behind Ursa's storage engine. Verification across ~200K states caught a design bug that years of production missed. We then handed the spec to Claude Code — it produced a working Rust implementation (concurrent producers, compaction, fencing) without back-and-forth. We think verified specs are the best harness for coding agents: open-source the spec, let anyone implement it.

Similar Projects

Security●●Solid

IC-AGI – Threshold auth for AI agents, formally verified in TLA+

Impressively concrete safety architecture: K-of-N threshold approval via Shamir SSS, capability tokens with TTL/scope/consumable budgets, an append-only audit ledger and shard-isolated workers all backed by TLA+ proofs for many properties. It reads like a research-to-prototype push — there's real formal rigor and test counts shown — but the repo looks early-stage and would benefit from runnable demos, deployment examples, and clearer integration docs before I'd recommend it for production.

Big BrainBold BetNiche Gem
saezbaldo
223mo ago