Library Interface
The current library direction is organized around a small set of concepts:
Specdefines the model boundary.Actiondefines one possible transition.Invariantdefines a property that must hold for every reachable state.CheckResultreports whether the model holds or violates a property.TraceStepexplains how a counterexample was reached.
State values are copied into the checker queue and counterexample traces. The current API expects State to be a non-owning, copyable model value; result deinitialization only frees checker-owned trace storage.
The interface should remain explicit enough for reviewers to understand what was checked.