2-week sprint to daily users

Day-by-day tactical playbook. Start today with what's live (LemmaFit core + lemmafit add), drip content daily, drop shadow later this week as the crescendo. Check off tasks as you go.

0 / 0 tasks done Day 1 of 14
SITUATION

Constraints

  • AUDIENCE Small network, not a natural marketer
  • CONCEPT "Formal verification" is alien to most devs
  • SCOPE Early product, limited functionality
  • REACH Some interested people don't use Claude Code
  • TIME 14 days to show traction signal

What you have RIGHT NOW

  • LIVE LemmaFit core — verified apps, pattern library
  • LIVE lemmafit add — add verification to existing codebases
  • PROOF Found CVE-2024-34351 (Next.js SSRF) with shadow — can tease, not detail yet
  • GALLERY 10 verified apps tied to real incidents
  • COMING Shadow — blog post nearly ready, drop later this week
CORE REFRAME — HOW TO TALK ABOUT THIS

Don't lead with this

"LemmaFit brings formal verification to your codebase using Dafny to mathematically prove properties..."

Eyes glaze. "Formal verification" = academic, not for me.

Lead with these angles

"We found a real Next.js SSRF vulnerability — CVE-2024-34351 — before it was public."

"What if your code could prove no bug exists — not just that tests haven't found one yet?"

"Your tests check 10,000 inputs. Formal verification checks all of them. At once."

Start with the consequence. The method becomes interesting after the stakes land.

YOUR 5 CONTENT PILLARS — ROTATE THESE

PILLAR 1

Horror Stories

Real failures a simple invariant catches. You have 70+. Each is a post.

PILLAR 2

Product Drops

lemmafit add, shadow launch, gallery. Each feature is its own moment.

PILLAR 3

Proof Points

The Next.js CVE. OSS bugs found. User reactions. Concrete evidence.

PILLAR 4

Educational

Testing vs. proving. What's an invariant? Why simulations lie. Lobste.rs-friendly.

PILLAR 5

Website

Landing page updates, gallery showcase, docs. The place everything points to.

DAY-BY-DAY CONTENT CALENDAR — START TODAY
in LinkedIn (Fernanda)
M LinkedIn (Midspiral)
𝕏 Twitter/X
🦋 Bluesky
Y Hacker News
🦞 Lobste.rs
r/ Reddit
D Discord
Blog
Email list
W Website
DMs/Outreach
Build
PHASE 1 — DRIP & BUILD (DAYS 1-4)
TUE
D1
TODAY
in
10:00
Educational post: testing vs. proving FERNANDA
"Your tests check 10,000 inputs. What about input 10,001? There's a better way." Short, punchy take on why tests have a ceiling. No product mention yet — just the insight. End with "I've been thinking about this a lot lately." PILLAR: EDUCATIONAL · ~120 WORDS · THOUGHT LEADERSHIP, NOT A PITCH
𝕏
12:30
Same angle, tweet thread (3-4 tweets)
Thread: "Testing proves the presence of bugs. It can never prove their absence. → What would it look like if you could? → Turns out, there's a 50-year-old field called formal verification. → We made it work without a PhD. More soon." ALSO POST TO BLUESKY · TEASE, DON'T REVEAL
🦋
12:45
Cross-post the tweet thread to Bluesky
Same content, adapted if needed for Bluesky's audience (more academic/curious crowd). BLUESKY TENDS TO ENGAGE MORE ON TECHNICAL IDEAS
D
DONE
Post in Claude Discord #built-with-claude
"Experimenting with formal verification on Claude Code" — build log framing, CVE result, link to repo. Informational, not promotional. POSTED · CHECK OFF
Reach out to hackathon contacts
Low-pressure DMs to fellow Claude Code hackathon participants. Lead with shared experience, offer to run LemmaFit on their projects. "I built this at the hackathon, curious what you think." HIGH-VALUE AUDIENCE · THEY ALREADY USE CLAUDE CODE
3:00
Draft your warm DM list: Write down 10-15 names. Note what they work on, what'd hook them. Don't send yet. PREP FOR TOMORROW'S DM BLITZ
4:00
Prep lemmafit add announcement. Write a short blog post: what it does, who it's for, one example. Draft tonight, publish tomorrow. ALSO: MAKE SURE THE INSTALL IS ONE COMMAND, WORKS FIRST TRY
W
5:00
Audit lemmafit.dev landing page. Does it clearly show what LemmaFit does in 5 seconds? Is there a "Get Started" that works? Add the gallery as a visible section if it isn't already. THE WEBSITE IS WHERE EVERYTHING POINTS — IT MUST CONVERT
WED
D2
PRODUCT DROP
9:30
Publish lemmafit add blog post: "You can now add formal verification to your existing codebase" SHORT, PRACTICAL, INCLUDE INSTALL COMMAND + QUICKSTART
in
10:00
Announce lemmafit add FERNANDA
"Most verification tools want you to rewrite everything. We took the opposite approach." Link to blog. FRAME AS: MEETING DEVS WHERE THEY ARE
M
10:30
Midspiral company page reshare MIDSPIRAL
Reshare Fernanda's post with a brief company voice comment: "Our latest — bring formal verification to code that already exists." COMPANY PAGE AMPLIFIES PERSONAL POST
𝕏
11:00
Tweet thread: lemmafit add — before/after showing a codebase without verification, then with. Include screenshot/GIF. End with repo link. Also post to Bluesky. VISUAL PROOF IS KEY — SHOW THE TERMINAL OUTPUT
2:00
Send warm DMs — batch 1 (5 people). "Hey [name], I built something for [their domain]. Can I show you a quick demo?" Reference their work. FOR NON-CC USERS: "I'LL RUN IT FOR YOU AND SEND RESULTS"
W
4:00
Add lemmafit add to the website. Feature section or getting-started update. Make sure the blog post CTA points to the site. WEBSITE = SOURCE OF TRUTH · BLOG DRIVES TRAFFIC HERE
THU
D3
CVE TEASER
in
10:00
Next.js CVE teaser FERNANDA
"We pointed our formal verification tool at a major framework and found CVE-2024-34351 — an SSRF in Next.js Server Actions that let attackers read internal network responses." Keep it brief. No full details. "Full write-up coming." PILLAR: PROOF POINT · BE SPECIFIC ENOUGH TO BE CREDIBLE, VAGUE ENOUGH TO CREATE CURIOSITY
𝕏
12:00
CVE tweet thread: "We used formal verification to find a real SSRF vulnerability in Next.js (CVE-2024-34351). The Host header was trusted in Server Actions redirects. Tests didn't catch it. Formal verification did. Here's why →" Also Bluesky. ENGAGEMENT DRIVER — NEXTJS IS MASSIVE, PEOPLE WILL HAVE OPINIONS
M
1:00
Midspiral company page post MIDSPIRAL
More formal angle: "Our verification engine identified a Server-Side Request Forgery vulnerability in a widely-used framework. This is what formal verification is for." COMPANY VOICE: AUTHORITATIVE, NOT HYPE
3:00
Send warm DMs — batch 2 (5 more). Reference the CVE teaser post if relevant to their work. NOW YOU HAVE SOMETHING CONCRETE TO SHOW
FRI
D4
EDUCATION
in
10:00
Educational: What is an invariant? FERNANDA
"Every bug I've debugged was a broken invariant." Use the shopping cart example: total must equal sum of line items. When it breaks = real bugs. Reference 6pm.com's $1.6M loss from negative quantities. DUAL-AUDIENCE: INTUITIVE FOR BEGINNERS, CREDIBLE TO EXPERTS
𝕏
12:00
Tweet thread: Invariant explainer
"Every bug I've ever debugged was a broken invariant. The shopping cart that goes negative. The state machine that skips a step. The counter that wraps. Each is an invariant failure." SHORT, PUNCHY EXAMPLES
PHASE 2 — SHADOW LAUNCH (DAYS 5-8)
SAT/SUN
D5-6
SHADOW DROP
9:00
Publish shadow blog post
The full story: what shadow is, the CVE it found, why tests missed it, how to try it. THIS IS THE CENTERPIECE OF THE WEEK
in
11:00
Shadow launch (Fernanda) FERNANDA
"Last week I teased a CVE we found in Next.js. Here's the full story — and the tool that found it." NARRATIVE: PROBLEM → INSIGHT → SOLUTION
M
12:00
Shadow launch (Midspiral company) MIDSPIRAL
More authoritative version: "Shadow brings formal verification to your codebase. We just demonstrated what it finds." COMPANY AMPLIFIES PERSONAL POST
𝕏
1:00
Shadow launch tweet thread (5-6 tweets)
The bug story → how shadow works → why tests missed it → try it yourself. THREAD SHOULD DRIVE TRAFFIC TO BLOG
🦋
2:00
Cross-post shadow thread to Bluesky
Adapted for the more technical/academic audience. TIMING: A FEW HOURS AFTER X THREAD
W
3:00
Add shadow to website prominently. Gallery, feature section, docs. Everything points to this. WEBSITE UPDATE MUST BE LIVE BEFORE POSTS GO OUT
MON/TUE
D7-8
HORROR STORY
in
10:00
Educational: Why simulations lie FERNANDA
"Monte Carlo told a hospital 'no failures in 10,000 runs.' They lost an audit anyway." The difference between statistical and deterministic guarantees. Why testing is probabilistic; verification is proof. PILLAR: EDUCATIONAL · TIES TO REAL INDUSTRY STORY
𝕏
12:00
Hospital horror story tweet thread
"An EHR lost 11,000 clinical orders in an 'unknown queue.' One patient died. State machine invariant: queue size >= 0. It broke. Tests never caught it. Formal verification would have." ENGAGEMENT: REAL HARM, REAL STAKES
2:00
Send warm DMs — batch 3 (5 more). Folks in healthcare, finance, security where stakes are highest. SHADOW IS LIVE NOW — LEAD WITH WHAT THEY CAN TRY
PHASE 3 — WEEKLY RETRO + PATTERNS (DAYS 9-14)
WED
D9
RETRO
in
10:00
Week 1 retrospective (Fernanda) FERNANDA
"What happened this week. What surprised me. What's hard." Founder transparency. Raw. Not polished. PILLAR: FOUNDER HONESTY · BUILDS TRUST
𝕏
12:00
OSS bug report template
"Ran shadow on [X]. Found [bug type]. Tests missed it. Filed issue → [link]" TEMPLATE FOR WHEN YOU FIND REAL BUGS IN THE WILD
THU/FRI
D10-11
PATTERNS
in
10:00
6 patterns post (Fernanda) FERNANDA
"6 patterns that catch 90% of business logic bugs." State machine, arithmetic bounds, partition, monotonic counter, access control, data integrity. Concrete examples. PILLAR: EDUCATIONAL · EVERGREEN, SHAREABLE
SAT/SUN
D12-13
HORROR STORIES
𝕏
10:00
Equifax horror story thread
"Equifax lost credit scores for millions of people. Data integrity invariant: verified flag must match calculated hash. It didn't. No one caught it. Formal verification would have." BIGGEST DATA BREACH IN US HISTORY · TIES TO PATTERNS POST
in
11:00
Feature a user or win (Fernanda) FERNANDA
Template: When you get positive feedback, publicly celebrate it. Reference their domain. SOCIAL PROOF · ENCOURAGE OTHERS TO TRY
MON
D14
WEEK 2 START
10:00
Analyze feedback. What worked? What flopped? Iterate product. YOU NOW HAVE 2 WEEKS OF REAL DATA. USE IT.
in
1:00
Week 2 thesis post (Fernanda) FERNANDA
Where you're headed. What you learned. Set a new direction. MOMENTUM: WEEK 1 WAS ABOUT SIGNAL, WEEK 2 IS ABOUT TRACTION
KEY PLAYS
PLAY 1

Social proof blitzkrieg

Days 1-4: Flood the zone with educational posts to own the narrative before you even announce the product. Build an audience that's primed.

  • LinkedIn: thought leadership posts
  • Twitter/X: threads, technical depth
  • Bluesky: same angle, academic crowd
  • Goal: 500+ quality engaged followers by Day 4
PLAY 2

DM warm outreach 3x

Three batches of 5 hand-picked people each. Batch 1 after educational posts land. Batch 2 after lemmafit add. Batch 3 after shadow.

  • Research each person's recent work
  • Personalize every message
  • End with "I'd love your feedback"
  • Goal: 3-5 conversations that lead to users
PLAY 3

Horror story rotations

You have 70+ real bugs. Post one per week. Each thread shows: the story, the invariant it broke, why tests missed it, how verification catches it.

  • Hospital EHR. Equifax. Amazon. Wells Fargo. Gitlab.
  • Real + recent = credibility
  • One per week keeps engagement high
  • Goal: 10,000+ views per post
PLAY 4

Educator authority play

Post one "here's how to think about X" post per week. Educational, not salesey. Builds credibility for Week 2 when product makes sense.

  • Testing vs. proving (D1)
  • What is an invariant (D4)
  • Why simulations lie (D7)
  • The 6 patterns (D10)
PLAY 5

Website as conversion funnel

Every post points here. Website shows the gallery (10 verified apps), a clear problem statement, and one-click install. This is your MRR driver.

  • Day 1: Audit landing page clarity
  • Day 2: Add lemmafit add feature
  • Day 5: Add shadow prominently
  • Day 10+: Add user wins, testimonials
PLAY 6

Product as proof

Each tool drop (lemmafit add, shadow) is a moment. Tease before, explain during, celebrate after. Make it an event.

  • Day 1: Tease lemmafit add
  • Day 2: Launch lemmafit add
  • Day 3: Tease CVE
  • Day 5: Launch shadow
BUILDING FOR NON-CLAUDE-CODE USERS

Not everyone uses Claude Code. For people on Cursor, VSCode, Neovim, etc., you need a different path: run verification for them, send results as GIFs, show benefit without friction.

During DMs

"I'll run shadow on your repo and send you what it finds — no install needed. Sound good?"

Social proof

Share results + screenshots from non-CC users who tried it. "Caught in 5 minutes."

One-click repo analysis

Build a web app where they paste a GitHub URL and get instant results. No signup.

SUCCESS METRICS — WHAT TO TRACK
0
Total engagement (likes + replies)
Target: 2,000+ by Day 7
0
New followers across platforms
Target: 1,000+ by Day 14
0
Inbound DMs / inquiries
Target: 20+ by Day 14
0
New users who tried the tool
Target: 50+ by Day 14

Ready to go live?

Post the first thread today. Check tasks as you complete them. This playbook moves fast — you'll have real signal by Day 7. Use that data to adapt.

Drafted Post
Tips & Notes