In safety-critical environments it is no longer sufficient to rely on legacy methodologies. Correctness should be built in all the way through the process. This paper presents a toolchain which allows theorem prover output to be interfaced to fault-tolerant FPGA circuitry. We show a shallow embedding of a lambda calculus executing on a Xilinx platform with the assistance of a choice of fault-tolerance methodologies to detect or mask single-event upsets. The toolchain and synthesis procedure maintains type-safety throughout and eliminates buffer-overrun attacks. The new flow generates results which are competitive relative to N-modular redundancy, and can be readily adapted to mass production devices.