This work proposes SEIO*, a novel framework that addresses the lack of fully verified quotation steps in existing approaches for extracting shallowly embedded F* programs into mainstream languages, thereby enabling strong, machine-checked secure compilation guarantees. SEIO* is the first to integrate relational quoting with metaprogram-generated type derivations and verified syntax-generation functions to securely extract F* programs featuring I/O effects into a deeply embedded λ-calculus. The framework is formalized and mechanized within F*, and its correctness is established via a machine-checked proof of Robust Relational Hyperproperty Preservation (RrHP). This property ensures that the generated code remains semantically secure under arbitrary adversarial contexts, going beyond prior methods that focus solely on functional correctness.

Shallow embeddings that use monads to represent effects are popular in proof-oriented languages because they are convenient for formal verification. Once shallowly embedded programs are verified, they are often extracted to mainstream languages like OCaml or C and linked into larger codebases. The extraction process is not fully verified because it often involves quotation -- turning the shallowly embedded program into a deeply embedded one -- and verifying quotation remains a major open challenge. Instead, some prior work obtains formal correctness guarantees using translation validation to certify individual extraction results. We build on this idea, but limit the use of translation validation to a first extraction step that we call relational quotation and that uses a metaprogram to construct a typing derivation for the given shallowly embedded program. This metaprogram is simple, since the typing derivation follows the structure of the original program. Once we validate, syntactically, that the typing derivation is valid for the original program, we pass it to a verified syntax-generation function that produces code guaranteed to be semantically related to the original program. We apply this general idea to build SEIO*, a framework for extracting shallowly embedded F* programs with IO to a deeply embedded lambda-calculus while providing formal secure compilation guarantees. Using two cross-language logical relations, we devise a machine-checked proof in F* that SEIO* guarantees Robust Relational Hyperproperty Preservation (RrHP), a very strong secure compilation criterion that implies full abstraction as well as preservation of trace properties and hyperproperties against arbitrary adversarial contexts. This goes beyond the state of the art in verified and certifying extraction, which so far has focused on correctness rather than security.