<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: umbra</title>
    <description>The latest articles on DEV Community by umbra (@umbraaeternaa).</description>
    <link>https://dev.to/umbraaeternaa</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3995375%2F3361ae9d-a29c-40aa-aba2-76549ac89446.png</url>
      <title>DEV Community: umbra</title>
      <link>https://dev.to/umbraaeternaa</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/umbraaeternaa"/>
    <language>en</language>
    <item>
      <title>Day 12: LOOM now owns its memory — a trust layer for AI-written code, in plain language</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 10 Jul 2026 10:11:20 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-12-loom-now-owns-its-memory-a-trust-layer-for-ai-written-code-in-plain-language-443o</link>
      <guid>https://dev.to/umbraaeternaa/day-12-loom-now-owns-its-memory-a-trust-layer-for-ai-written-code-in-plain-language-443o</guid>
      <description>&lt;p&gt;More and more of the world’s code is written by AI. That’s exciting — and quietly unnerving. Not because AI makes mistakes, but because the &lt;em&gt;same&lt;/em&gt; AI often writes both the code &lt;strong&gt;and&lt;/strong&gt; the test meant to catch the mistake. When one mind grades its own exam, “it passed” stops meaning “it’s safe.” You’re trusting on faith.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;LOOM flips that.&lt;/strong&gt; It’s a small, open-source language that acts as a &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. Code doesn’t just &lt;em&gt;run&lt;/em&gt; — first LOOM asks, and &lt;em&gt;proves at a gate&lt;/em&gt;:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What does this code promise to do?&lt;/li&gt;
&lt;li&gt;Does it do &lt;em&gt;only&lt;/em&gt; that — or does it secretly touch the network, the disk, the outside world?&lt;/li&gt;
&lt;li&gt;Where did each value come from — and can the AI vouch for its own output? (It can’t.)&lt;/li&gt;
&lt;li&gt;Is there independent confirmation — a human, an auditor, a real-run trace?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If the code lies about itself, LOOM refuses to run it. The slogan says it all: &lt;strong&gt;AI proposes, the compiler decides.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  What makes it different
&lt;/h2&gt;

&lt;p&gt;Most “AI safety” lives in prompts, reviews, and hope. LOOM makes trust a &lt;strong&gt;property the machine checks before a single line runs&lt;/strong&gt; — and that guarantee survives translation: the same verified program runs in an interpreter, compiles to Python and JavaScript, and runs in your browser as &lt;strong&gt;real WebAssembly&lt;/strong&gt;, with the identical result. It’s tiny on purpose — a research kernel — and it’s &lt;strong&gt;self-verified by 389 checks that can only ever go greener&lt;/strong&gt;: every new feature ships with a test that tries to break it, so the language can’t silently regress.&lt;/p&gt;

&lt;h2&gt;
  
  
  Day 12 — we taught the language to own its memory
&lt;/h2&gt;

&lt;p&gt;Until now, a LOOM program compiled to WebAssembly ran on a fixed scrap of memory. If it overflowed, it crashed — a random, low-level trap &lt;em&gt;outside&lt;/em&gt; the language’s control. As of today, &lt;strong&gt;LOOM checks there’s room before every single write&lt;/strong&gt; (&lt;code&gt;reserve&lt;/code&gt; → then &lt;code&gt;store&lt;/code&gt;). An overflow is no longer a random crash; it’s LOOM’s own deliberate, predictable decision — a clean stop instead of a mystery. It’s the same principle as the whole language — &lt;em&gt;nothing happens that LOOM didn’t allow&lt;/em&gt; — now extended to &lt;strong&gt;memory itself&lt;/strong&gt;. &lt;strong&gt;388 → 389 checks, all green.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The part people don’t expect
&lt;/h2&gt;

&lt;p&gt;I don’t write LOOM by hand. &lt;strong&gt;An autonomous organism I built grows it — day and night, on one machine.&lt;/strong&gt; It proposes an improvement, proves it green itself, adversarially attacks its own idea, and only then does a human get the final say. Many “minds,” one engine. You’ll always see &lt;em&gt;what&lt;/em&gt; it produces, and every result comes with proof — but the engine that grows it stays private. Open where it earns trust; private where it protects the edge.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where this is going
&lt;/h2&gt;

&lt;p&gt;Today LOOM &lt;em&gt;checks and proves&lt;/em&gt;. Next it moves from checking to &lt;strong&gt;enforcing&lt;/strong&gt;: a real action an AI agent wants to take — edit a file, run a test, push to a repo — physically passes through this gate. It builds a &lt;strong&gt;manifest&lt;/strong&gt; (who’s acting, what they want, which files), checks policy, asks you to approve if needed, and then writes a &lt;strong&gt;receipt&lt;/strong&gt;: what was allowed, and what actually happened. Picture a &lt;strong&gt;control panel of trust&lt;/strong&gt; for working with AI agents — not terminal magic, but plain-language decisions: “this code wants network access,” “this change has no independent proof,” “this push is allowed.”&lt;/p&gt;

&lt;p&gt;That’s the goal: to become the &lt;strong&gt;trust layer the world uses to safely let AI write code&lt;/strong&gt; — so you can move fast with agents &lt;em&gt;without&lt;/em&gt; giving up control.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;389 checks, all green.&lt;/strong&gt; Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;— Links —&lt;br&gt;
⭐ GitHub (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
📸 Instagram: &lt;a href="https://instagram.com/umbra_owner_architect_ai" rel="noopener noreferrer"&gt;https://instagram.com/umbra_owner_architect_ai&lt;/a&gt;&lt;br&gt;
💼 LinkedIn: &lt;a href="https://linkedin.com/in/volodymyr-natoptanyi-16b906262" rel="noopener noreferrer"&gt;https://linkedin.com/in/volodymyr-natoptanyi-16b906262&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>aisafety</category>
      <category>webassembly</category>
      <category>opensource</category>
    </item>
    <item>
      <title>Day 11: my AI-code trust gate now sees what actually happened — two-phase, signed</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Mon, 06 Jul 2026 18:36:53 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-11-my-ai-code-trust-gate-now-sees-what-actually-happened-two-phase-signed-17e3</link>
      <guid>https://dev.to/umbraaeternaa/day-11-my-ai-code-trust-gate-now-sees-what-actually-happened-two-phase-signed-17e3</guid>
      <description>&lt;p&gt;I'm building LOOM — a small open-source language that is a machine-checked &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. I don't write it by hand: an organism I built grows it, day and night. Day 11 closes the gap between &lt;em&gt;approved&lt;/em&gt; and &lt;em&gt;done&lt;/em&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  A one-shot approval isn't enough — the gate should see what actually happened
&lt;/h2&gt;

&lt;p&gt;LOOM's core is a gate that refuses code that lies about what it does. Approvals became signed and one-use — but they were still one &lt;strong&gt;step&lt;/strong&gt;: you signed, and it was "spent." Between &lt;em&gt;approved&lt;/em&gt; and &lt;em&gt;done&lt;/em&gt; there was a gap: a crash mid-action, a replay, a swapped result — the gate never saw it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Day 11 makes approval two-phase and signed — 385 → 388 checks, all green
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;claim_operator_approval&lt;/code&gt;&lt;/strong&gt; reserves the signed approval &lt;strong&gt;before&lt;/strong&gt; the action runs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;finish_claimed_receipt&lt;/code&gt;&lt;/strong&gt; closes it &lt;strong&gt;exactly once&lt;/strong&gt; — completed or failed — with a receipt.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fails closed everywhere&lt;/strong&gt; — replay across old and new paths, duplicate claims, forgery/rebinding, and double finalization are all rejected.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The gate that &lt;em&gt;refuses lies&lt;/em&gt; and &lt;em&gt;proves what it allowed&lt;/em&gt; now also proves &lt;strong&gt;what actually happened&lt;/strong&gt; — not just what was approved.&lt;/p&gt;

&lt;h2&gt;
  
  
  The organism (what I show, not how it's built)
&lt;/h2&gt;

&lt;p&gt;I never write the language by hand. The organism runs a loop no hand-written project has: &lt;strong&gt;propose → prove it green itself → adversarially attack it itself → and only then a human decides.&lt;/strong&gt; &lt;em&gt;AI proposes; the compiler disposes.&lt;/em&gt; The engine that grows it stays mine — I show what it does and the proof, never the engine.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;388 checks, all green.&lt;/strong&gt; Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;— Links —&lt;br&gt;
⭐ GitHub (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
📸 Instagram: &lt;a href="https://instagram.com/umbra_owner_architect_ai" rel="noopener noreferrer"&gt;https://instagram.com/umbra_owner_architect_ai&lt;/a&gt;&lt;br&gt;
💼 LinkedIn: &lt;a href="https://linkedin.com/in/volodymyr-natoptanyi-16b906262" rel="noopener noreferrer"&gt;https://linkedin.com/in/volodymyr-natoptanyi-16b906262&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>computerscience</category>
      <category>aisafety</category>
      <category>opensource</category>
    </item>
    <item>
      <title>LOOM: a language that proves what AI-written code is allowed to do</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Sat, 04 Jul 2026 18:35:33 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/loom-a-language-that-proves-what-ai-written-code-is-allowed-to-do-3f0i</link>
      <guid>https://dev.to/umbraaeternaa/loom-a-language-that-proves-what-ai-written-code-is-allowed-to-do-3f0i</guid>
      <description>&lt;p&gt;▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;The problem nobody can scale their way out of&lt;br&gt;
AI now writes a large and growing share of the code that runs in the world. The uncomfortable part isn't that the code is often wrong — it's that the same model frequently writes both the code and the tests that check it. When one intelligence authors the solution and the criteria, "it passed" quietly stops meaning "it's safe." The gate becomes foolable. You can make the model bigger, but a bigger model that grades its own homework is still grading its own homework.&lt;/p&gt;

&lt;p&gt;The honest answer isn't "trust a smarter model." It's: trust only what can be independently proven — and make that proof mechanical, not a matter of hope. That is the whole idea behind LOOM.&lt;/p&gt;

&lt;p&gt;What LOOM is&lt;br&gt;
LOOM is a small, open-source, effect-typed language that acts as a machine-checked trust layer for AI-written code. It doesn't just run code — it proves, at a gate, exactly what the code is allowed to do, before a single line executes. If the code lies about what it does, the compiler refuses it.&lt;/p&gt;

&lt;p&gt;The slogan is: AI proposes, the compiler disposes.&lt;/p&gt;

&lt;p&gt;Today it is a research kernel with 385 self-verifying checks, all green — every feature added only with an adversarial test, so the language can only ever get greener. There's a live browser playground where a stranger can paste a program and watch the checker accept or reject it in under a minute.&lt;/p&gt;

&lt;p&gt;What it can actually do&lt;br&gt;
Effect honesty. Every function declares its effects — Pure, IO, Net, Alloc, FFI, Rand. Declared effects must cover what the code actually does; the lie is caught transitively through calls, branches, recursion — not just straight-line code.&lt;br&gt;
Capabilities, not ambient power. A foreign call has no ambient authority — un-wrapped, it's refused. A seam is the only thing that grants authority, so (seam (Pure) (ffi untrusted)) makes that code's I/O physically impossible.&lt;br&gt;
Reinterpreting handlers. Take code that touches the network, swap what Net means (a pure mock), and the type system proves the original effect is contained.&lt;br&gt;
Linear &amp;amp; affine resources — open-once, use, close-once, carried honestly across calls.&lt;br&gt;
Provenance &amp;amp; a trust gate. Every value carries who authored it. (trust N e) refuses a value trusted only by itself and demands N independent, non-AI anchors — a direct defense against circular trust. Plus role quorums (code, spec, proof by distinct authors), provenance-gated capabilities, taint that flows through data, memory-poisoning defense, and program-wide require/forbid policy.&lt;br&gt;
One program, every backend. The same checked program runs on the interpreter, compiles to Python, JavaScript, and real WebAssembly — structures, closures, effects, strings, and the trust layer itself — with identical output. Honest all the way down to the metal and into the browser.&lt;br&gt;
An accountable gate. A trust decision is no longer a bare yes/no: approvals are now structured verdicts with manifests, advisory receipts, CI evidence, a read-only git observer, and cryptographic one-use signatures — an approval can be spent exactly once and never replayed. The gate that refuses lies now also proves what it allowed.&lt;br&gt;
Its power&lt;br&gt;
The power isn't a single feature — it's the shift in what "trust" means. Elsewhere, trust is a comment, a review, a hope. In LOOM, trust is a property the machine verifies before execution, and it survives translation: a guarantee proven in the interpreter still holds in the browser.&lt;/p&gt;

&lt;p&gt;That generality is why the same engine can be pointed outward: LOOM's auditor can read real, external AI-agent code and model each suspected weakness as a minimal LOOM program the live checker rejects — turning "this feels risky" into "here is the exact effect/trust/capability shape, proven." It's early, and every finding is human-ratified before it counts, but the direction is clear: formal, checkable trust analysis for the code AI writes.&lt;/p&gt;

&lt;p&gt;Its secret&lt;br&gt;
Here's the part people don't expect: I don't write LOOM by hand. An autonomous organism I built grows it — day and night, on a single machine. Its loop is one no hand-written project runs: it proposes a change → proves it green itself → adversarially attacks its own proposal → and only then a human decides. It self-heals. Many "minds," one engine.&lt;/p&gt;

&lt;p&gt;And that's the moat. The language is open. The results are public, always with proof. The engine that grows it stays private. You see what it does and verify it — never how it's built. Openness where it earns trust; secrecy where it protects the edge.&lt;/p&gt;

&lt;p&gt;Its future&lt;br&gt;
As AI writes more of the world's code, the scarce thing won't be more model capacity — it will be trust you can prove. LOOM aims to be that layer: where AI-written code can be proven, from a human-checked gate down to the metal and into the browser, with an accountable, non-replayable record of every decision. Next: deeper low-level and cross-platform expansion above the honest assembly contract, sharper external auditing, and — the real goal — for this kind of verifiable trust to be recognized and adopted by the people who need it most.&lt;/p&gt;

&lt;p&gt;It's alpha, tiny on purpose. The individual ideas — effect rows, capabilities, provenance — aren't new; the synthesis is: one legible signature channel, checked at a trusted gate, as a trust layer for AI-generated code. Feedback and criticism are genuinely welcome — especially where the model is wrong.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;br&gt;
📸 Instagram: &lt;a href="https://instagram.com/umbra_owner_architect_ai" rel="noopener noreferrer"&gt;https://instagram.com/umbra_owner_architect_ai&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>go</category>
      <category>aisafety</category>
      <category>opensource</category>
    </item>
    <item>
      <title>Day 10: my AI-code trust gate now leaves evidence — signed, one-use, receipted</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Sat, 04 Jul 2026 17:56:01 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-10-my-ai-code-trust-gate-now-leaves-evidence-signed-one-use-receipted-2nlh</link>
      <guid>https://dev.to/umbraaeternaa/day-10-my-ai-code-trust-gate-now-leaves-evidence-signed-one-use-receipted-2nlh</guid>
      <description>&lt;p&gt;canonical_url: &lt;a href="https://umbraaeternaa.github.io/loom/" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/&lt;/a&gt;&lt;br&gt;
I'm building LOOM — a small open-source language that is a machine-checked &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. I don't write it by hand: an organism I built grows it, day and night. Day 10 is about turning a yes/no gate into an &lt;strong&gt;accountable&lt;/strong&gt; one.&lt;/p&gt;

&lt;h2&gt;
  
  
  A verdict is not enough — a trust gate should leave evidence
&lt;/h2&gt;

&lt;p&gt;LOOM's core is a gate that refuses code that lies about what it does. Until now that gate was ephemeral: it decided, then forgot. An approval left no trace, carried no proof, could be &lt;strong&gt;replayed&lt;/strong&gt;, and an outside observer couldn't check &lt;em&gt;what&lt;/em&gt; was actually approved.&lt;/p&gt;

&lt;h2&gt;
  
  
  Day 10 makes every trust decision accountable — 333 → 385 checks, all green
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Structured verdicts + manifests&lt;/strong&gt; — an approval is now a structured object that records exactly what it covers, not a bare boolean.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Advisory receipts, a role policy, and CI evidence&lt;/strong&gt; — the gate emits an audit trail; a read-only &lt;strong&gt;git observer&lt;/strong&gt; can witness it without touching anything.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Signed, one-use approvals&lt;/strong&gt; — an approval is cryptographically signed and can be spent &lt;strong&gt;exactly once&lt;/strong&gt;; it cannot be replayed or reused.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Checked WASM signed comparisons (i31)&lt;/strong&gt; — the low-level backend gained verified signed-integer comparison intrinsics on top of the existing checked-asm metadata contract (raw assembly stays fail-closed).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The gate that &lt;em&gt;refuses lies&lt;/em&gt; now also &lt;em&gt;proves what it allowed&lt;/em&gt; — accountability, not just a yes/no.&lt;/p&gt;

&lt;h2&gt;
  
  
  The organism (what I show, not how it's built)
&lt;/h2&gt;

&lt;p&gt;I never write the language by hand. The organism runs a loop no hand-written project has: &lt;strong&gt;propose → prove it green itself → adversarially attack it itself → and only then a human decides.&lt;/strong&gt; &lt;em&gt;AI proposes; the compiler disposes.&lt;/em&gt; The engine that grows it stays mine — I show what it does and the proof, never the engine.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;385 checks, all green.&lt;/strong&gt; Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;br&gt;
📸 Instagram: &lt;a href="https://instagram.com/umbra_owner_architect_ai" rel="noopener noreferrer"&gt;https://instagram.com/umbra_owner_architect_ai&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>computerscience</category>
      <category>aisafety</category>
      <category>opensource</category>
    </item>
    <item>
      <title>my AI-code language is now honest all the way down to WebAssembly</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 03 Jul 2026 18:24:15 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-5e8h</link>
      <guid>https://dev.to/umbraaeternaa/my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-5e8h</guid>
      <description>&lt;p&gt;Full LOOM Language Report&lt;br&gt;
LOOM is no longer just an idea. It is a compact experimental programming language with its own:&lt;br&gt;
syntax;&lt;br&gt;
static checker;&lt;br&gt;
interpreter;&lt;br&gt;
Python, JavaScript, and WebAssembly compilers;&lt;br&gt;
effect, capability, resource, and trust systems;&lt;br&gt;
browser Playground;&lt;br&gt;
command-line interface;&lt;br&gt;
suite of 378 self-verifying checks.&lt;br&gt;
Current canonical state:&lt;br&gt;
Commit: 92a5742&lt;br&gt;
Citadel: 378/378&lt;br&gt;
Documentation parity: PASS&lt;br&gt;
Git synchronization: 0/0&lt;br&gt;
Live Playground: operational&lt;br&gt;
The Core Idea&lt;br&gt;
Most programming languages primarily check whether code is syntactically and structurally valid.&lt;br&gt;
LOOM additionally checks:&lt;br&gt;
What the code is allowed to do, who is responsible for it, and under which conditions it may receive dangerous capabilities.&lt;/p&gt;

&lt;p&gt;For example, a function may claim to be pure:&lt;br&gt;
(defx sneaky () (fn (x) (print x)))&lt;br&gt;
But it performs output internally. LOOM detects the hidden IO effect and rejects the program before execution.&lt;br&gt;
This verification works through:&lt;br&gt;
nested functions;&lt;br&gt;
function calls;&lt;br&gt;
branches;&lt;br&gt;
bindings;&lt;br&gt;
recursion;&lt;br&gt;
closures;&lt;br&gt;
handlers;&lt;br&gt;
external components.&lt;br&gt;
The central principle is:&lt;br&gt;
AI proposes. The compiler disposes.&lt;/p&gt;

&lt;p&gt;Current Capabilities&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;General Programming
LOOM already supports:
signed integers;
arithmetic;
comparisons;
if expressions;
local let bindings;
named functions;
anonymous functions;
recursion;
first-class functions;
closures;
lists;
list construction;
head, tail, and empty;
records with named fields;
field access;
variants;
pattern matching;
string literals.
This is sufficient for writing small real programs rather than isolated demonstration expressions.&lt;/li&gt;
&lt;li&gt;Effect Checking
LOOM distinguishes between different classes of behavior:
Pure — pure computation;
IO — input and output;
Net — network access;
Alloc — allocation;
FFI — foreign code;
Rand — randomness.
Every function declares its effect row. The checker computes what the function actually performs and compares it with the declaration.
This prevents code from secretly:
accessing the network;
producing output;
executing foreign code;
allocating resources;
using randomness;
smuggling effects through helper functions.&lt;/li&gt;
&lt;li&gt;Transitive Effect Verification
Effect checking is not limited to direct operations.
LOOM follows effects through:
calls;
recursion;
conditions;
local bindings;
higher-order functions;
closures;
handlers;
foreign boundaries.
A pure function cannot call an effectful function and hide the effect from its own contract.&lt;/li&gt;
&lt;li&gt;Effect Polymorphism
Higher-order functions may accept functions whose effects are not known in advance.
If the supplied function is pure, the call remains pure. If it performs IO or Net, that effect automatically propagates to the caller.
This allows reusable functions such as map and fold without losing security information.&lt;/li&gt;
&lt;li&gt;Capability Seams
A seam is an explicit capability boundary.
Foreign or opaque code does not automatically receive access to:
networking;
output;
allocation;
random sources;
other host capabilities.
Capabilities must be granted explicitly.
For example:
(seam (Pure) ...)
runs the enclosed computation without external capabilities. If foreign code attempts IO or Net, the runtime blocks it.
This is the foundation of LOOM’s future sandbox for AI-generated code.&lt;/li&gt;
&lt;li&gt;Effect Handlers
LOOM can locally discharge or reinterpret an effect.
A real network operation may be replaced by a pure mock:
(with Net mock ...)
This enables:
safe testing;
service simulation;
dry-run execution;
deterministic environments;
controlled external dependencies.
The checker proves that the original network effect does not escape.&lt;/li&gt;
&lt;li&gt;Affine Capabilities
LOOM supports capabilities that may be used at most once.
This protects against:
repeated network requests;
duplicate token use;
repeated critical actions;
accidental reuse of one-time authority.&lt;/li&gt;
&lt;li&gt;Linear Resources
Resources can be required to follow exactly one lifecycle:
created;
used;
completed.
LOOM rejects programs where a resource is:
never used;
used more than once;
lost;
duplicated;
passed incorrectly between functions.
Potential applications include:
files;
sockets;
transactions;
locks;
one-time keys;
descriptors;
hardware resources.&lt;/li&gt;
&lt;li&gt;Typed Resources
A resource may carry a specific effect.
For example, network authority can be tied to one resource. Code cannot claim to use that resource while secretly performing an ambient network operation elsewhere.
This protects the integrity of the execution path.&lt;/li&gt;
&lt;li&gt;Required Effects
A conventional effect system says:
“This function may perform a network action.”&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;LOOM can also express:&lt;br&gt;
“This function must actually perform the network action.”&lt;/p&gt;

&lt;p&gt;This catches false or empty implementations such as:&lt;br&gt;
audit functions that never write an audit record;&lt;br&gt;
persistence functions that store nothing;&lt;br&gt;
transactions that report success without committing;&lt;br&gt;
security checks replaced by return true;&lt;br&gt;
production code accidentally replaced by a stub.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Negative Policies
A policy such as:
(forbid Net)
can prohibit network effects from escaping anywhere in the program.
The effect must either:
not occur;
or be locally handled by a real handler.
This supports:
offline execution;
network-free environments;
FFI-free modes;
deterministic builds;
restricted production profiles.&lt;/li&gt;
&lt;li&gt;Provenance Tracking
LOOM can record where a value came from:
(prov ai value)
(prov human value)
(prov trace value)
Provenance flows through:
bindings;
computations;
function calls;
nested expressions;
later trust checks.
Moving a value into another variable does not erase its history.&lt;/li&gt;
&lt;li&gt;Trust Gates
A trust gate verifies whether a value has independent supporting evidence.
An AI-generated value cannot certify itself:
(trust (prov ai 42))
This is rejected.
LOOM may require multiple independent anchors:
(trust 2
(prov human
(prov trace
  (prov ai 42))))
This value has:
an AI origin;
human ratification;
a real execution trace.
The purpose is to prevent one system from generating:
the code;
the specification;
the test;
the proof of its own correctness.&lt;/li&gt;
&lt;li&gt;Roles and Independent Authors
LOOM may require specific roles rather than only counting confirmations:
code author;
specification author;
reviewer;
auditor;
proof author.
A policy can require code and proof to be confirmed by different parties.
One person or one AI cannot occupy every role and certify itself.&lt;/li&gt;
&lt;li&gt;Role Hierarchies
Roles may form a hierarchy:
reviewer;
auditor;
senior auditor.
A stronger role may satisfy a weaker requirement, but not the reverse.
Role hierarchy never removes the requirement for independent participants.&lt;/li&gt;
&lt;li&gt;Provenance-Gated Capabilities
Dangerous authority may be granted only to code carrying the required provenance and role quorum.
For example:
Grant Net only to code written by one party and independently reviewed by another.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;If the evidence is missing, the network capability is never issued.&lt;br&gt;
This is one of LOOM’s defining properties:&lt;br&gt;
Trust is not documentation. Trust becomes a condition for receiving real authority.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Per-Effect Trust Requirements
Different effects may require different reviewers:
Net may require a network reviewer;
FFI may require a security auditor;
IO may require an operations reviewer.
Different risks can therefore demand different evidence.&lt;/li&gt;
&lt;li&gt;Program-Wide Policy
Policies may be declared once for the entire program:
role hierarchy;
required number of confirmations;
capability requirements;
forbidden effects;
required effects.
Every function and capability seam then inherits the same rules.
Trust becomes a property of the codebase rather than repeated boilerplate.&lt;/li&gt;
&lt;li&gt;Author-Based Confinement
LOOM can control not only what happens, but also which author’s code performs the dangerous operation.
This matters when a system combines:
first-party code;
libraries;
plugins;
vendor code;
code generated by multiple AI systems.
An unapproved component can be prevented from directly exercising Net, even when another trusted component has that capability.&lt;/li&gt;
&lt;li&gt;Declassification
declassify allows an authorized human or role to take responsibility for an AI-derived value after review.
This creates an explicit accountability point:
“I reviewed this value and now vouch for it.”&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;An AI cannot declassify its own output.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Reproducibility and Recall
LOOM includes constructs for expressing:
persisted provenance;
recalled values;
reproducibility claims;
checked re-execution.
Much of this layer is static: it is verified before execution and does not add unnecessary runtime overhead.&lt;/li&gt;
&lt;li&gt;Checked Low-Level Assembly
LOOM exposes a closed low-level interface:
(asm wasm OPCODE ARG...)
This is not arbitrary textual assembly.
The currently registered operations are:
i31.add;
i31.sub;
i31.mul;
i31.eq;
i31.lt_s;
i31.gt_s.
For each operation, the registry defines:
argument count;
input types;
result type;
effects;
portable semantics;
WebAssembly opcode;
WAT representation;
result encoding.
Unknown operations, raw WAT, arbitrary WebAssembly bytes, memory operations, and host calls are rejected.&lt;/li&gt;
&lt;li&gt;Portable Numeric Semantics
All backends share one integer contract:
signed i31 values;
range from -2^30 to 2^30 - 1;
deterministic modulo-2^31 wraparound;
out-of-range literals rejected before execution.
Python, JavaScript, the interpreter, and WebAssembly must produce identical results.&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Multi-Target Compilation&lt;br&gt;
One checked LOOM program can be:&lt;br&gt;
executed by the interpreter;&lt;br&gt;
compiled to Python;&lt;br&gt;
compiled to JavaScript;&lt;br&gt;
compiled to binary WebAssembly;&lt;br&gt;
rendered as human-readable WAT.&lt;br&gt;
The goal is:&lt;br&gt;
One checked source program, multiple platforms, one behavior.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;WebAssembly Backend&lt;br&gt;
The WebAssembly backend already supports:&lt;br&gt;
integers;&lt;br&gt;
lists;&lt;br&gt;
records;&lt;br&gt;
variants;&lt;br&gt;
pattern matching;&lt;br&gt;
strings;&lt;br&gt;
functions;&lt;br&gt;
closures;&lt;br&gt;
captured values;&lt;br&gt;
effects;&lt;br&gt;
handlers;&lt;br&gt;
capability seams;&lt;br&gt;
FFI;&lt;br&gt;
trust and provenance wrappers;&lt;br&gt;
structured heap values;&lt;br&gt;
checked assembly.&lt;br&gt;
The ABI is versioned. Generated modules publish their ABI version, allowing a host to reject incompatible modules.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Isolated Compilation Contexts&lt;br&gt;
Each WebAssembly compilation uses an isolated per-program context.&lt;br&gt;
Parallel builds cannot leak or mix:&lt;br&gt;
closure layouts;&lt;br&gt;
helper functions;&lt;br&gt;
variant tags;&lt;br&gt;
record fields;&lt;br&gt;
ABI state.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Command-Line Interface&lt;br&gt;
LOOM can already be used as a local tool:&lt;br&gt;
python3 loom.py check program.loom&lt;br&gt;
python3 loom.py run program.loom&lt;br&gt;
python3 loom.py build program.loom --target js&lt;br&gt;
python3 loom.py audit program.loom&lt;br&gt;
These commands allow users to:&lt;br&gt;
verify a program;&lt;br&gt;
run it;&lt;br&gt;
compile it;&lt;br&gt;
inspect declared and actual effects;&lt;br&gt;
receive structured rejection reports.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Browser Playground&lt;br&gt;
The live Playground can:&lt;br&gt;
accept LOOM source code;&lt;br&gt;
run the checker;&lt;br&gt;
execute the program;&lt;br&gt;
compile it to JavaScript;&lt;br&gt;
emit WAT;&lt;br&gt;
compile and run real WebAssembly;&lt;br&gt;
group errors by function;&lt;br&gt;
demonstrate checked assembly operations.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Self-Verification&lt;br&gt;
LOOM currently has:&lt;br&gt;
378/378 Citadel checks;&lt;br&gt;
negative security tests;&lt;br&gt;
cross-backend differential tests;&lt;br&gt;
deterministic property fuzzing;&lt;br&gt;
reproducible seeds;&lt;br&gt;
standalone published-bundle verification;&lt;br&gt;
GitHub CI;&lt;br&gt;
live-site read-back after publication.&lt;br&gt;
A feature is not treated as complete until it works on every claimed backend and includes tests against incorrect use.&lt;br&gt;
Current Applications&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Education&lt;br&gt;
LOOM can teach:&lt;br&gt;
effect systems;&lt;br&gt;
capability security;&lt;br&gt;
linear resources;&lt;br&gt;
sandbox design;&lt;br&gt;
provenance tracking;&lt;br&gt;
circular-trust risks;&lt;br&gt;
WebAssembly compilation.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Programming-Language Research&lt;br&gt;
LOOM is a practical research environment for:&lt;br&gt;
effect systems;&lt;br&gt;
linear and affine types;&lt;br&gt;
provenance;&lt;br&gt;
trust policies;&lt;br&gt;
capability security;&lt;br&gt;
role-based authorization;&lt;br&gt;
secure FFI;&lt;br&gt;
WebAssembly ABI design.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Small AI-Generated Programs&lt;br&gt;
AI systems can generate LOOM code while LOOM checks:&lt;br&gt;
hidden network access;&lt;br&gt;
undeclared output;&lt;br&gt;
incorrect resource use;&lt;br&gt;
missing independent validation;&lt;br&gt;
unauthorized capabilities.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Secure Plugins&lt;br&gt;
LOOM could serve as a language for small:&lt;br&gt;
plugins;&lt;br&gt;
automation scripts;&lt;br&gt;
rules;&lt;br&gt;
handlers;&lt;br&gt;
agent tools;&lt;br&gt;
user extensions.&lt;br&gt;
The host could inspect a plugin’s authority before running it.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;CI/CD Policies&lt;br&gt;
LOOM can model policies such as:&lt;br&gt;
deployment requires two independent approvals;&lt;br&gt;
production must not use randomness;&lt;br&gt;
foreign code receives no network authority;&lt;br&gt;
security checks cannot be replaced by empty stubs;&lt;br&gt;
FFI requires an auditor role.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Agent Workflows&lt;br&gt;
LOOM can describe:&lt;br&gt;
which tools an agent may access;&lt;br&gt;
how many times a tool may be used;&lt;br&gt;
who approved the result;&lt;br&gt;
whether network access is permitted;&lt;br&gt;
whether human ratification is required.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Verifiable Automation&lt;br&gt;
A workflow could:&lt;br&gt;
Download data.&lt;br&gt;
Transform it.&lt;br&gt;
Store the result.&lt;br&gt;
Prove that network access occurred only during the download.&lt;br&gt;
Prove that the final write occurred exactly once.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;External Code Auditing&lt;br&gt;
The organism’s Auditor can use LOOM as a logical oracle:&lt;br&gt;
Model suspected external behavior as a minimal LOOM program.&lt;br&gt;
Confirm that the checker rejects the unsafe model.&lt;br&gt;
Confirm that the corrected model is accepted.&lt;br&gt;
Confirm that safe controls remain accepted.&lt;br&gt;
This does not automatically prove a vulnerability in arbitrary external Python code. It provides a disciplined way to formalize and test a security hypothesis.&lt;br&gt;
Future Applications&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Policy Language for AI Systems&lt;br&gt;
LOOM could verify critical contracts such as:&lt;br&gt;
an agent may read but not write;&lt;br&gt;
a model may access only one API;&lt;br&gt;
code execution requires a sandbox;&lt;br&gt;
production actions require human approval;&lt;br&gt;
a financial operation cannot be repeated.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Trusted Intermediate Representation&lt;br&gt;
Other languages and AI tools could generate a small LOOM intermediate representation.&lt;br&gt;
LOOM would then act as a verification layer between:&lt;br&gt;
AI-generated code;&lt;br&gt;
organizational policy;&lt;br&gt;
WebAssembly;&lt;br&gt;
the host environment.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Verifiable Execution SDK&lt;br&gt;
A future SDK could:&lt;br&gt;
Accept a program.&lt;br&gt;
Verify effects and provenance.&lt;br&gt;
Produce a structured verdict.&lt;br&gt;
Compile the program to WebAssembly.&lt;br&gt;
Run it with minimal capabilities.&lt;br&gt;
Preserve evidence of exactly what was authorized.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Plugin Platform&lt;br&gt;
Before installing a plugin, the platform could show:&lt;br&gt;
network access required;&lt;br&gt;
output access required;&lt;br&gt;
FFI used;&lt;br&gt;
provenance not independently verified;&lt;br&gt;
security audit required;&lt;br&gt;
one-time resource consumed.&lt;br&gt;
The host would issue only the declared and verified capabilities.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;AI Tool Marketplace&lt;br&gt;
LOOM could support a marketplace where:&lt;br&gt;
every component has a capability profile;&lt;br&gt;
every release is bound to exact source code;&lt;br&gt;
effect changes are visible;&lt;br&gt;
dangerous authority requires role approval;&lt;br&gt;
execution is isolated through WebAssembly.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Browser, Edge, and Offline Systems&lt;br&gt;
Because LOOM is compact and targets WebAssembly, it may suit:&lt;br&gt;
browser applications;&lt;br&gt;
local automation;&lt;br&gt;
edge devices;&lt;br&gt;
offline systems;&lt;br&gt;
embedded policy engines;&lt;br&gt;
small controlled runtimes.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Contracts Between Multiple Agents&lt;br&gt;
One agent may create code, another the specification, and another the proof.&lt;br&gt;
LOOM can require that:&lt;br&gt;
authors are independent;&lt;br&gt;
roles are not controlled by one party;&lt;br&gt;
runtime traces match the exact artifact;&lt;br&gt;
capabilities are issued only after quorum.&lt;br&gt;
Where the Project Is Going&lt;br&gt;
LOOM is not trying to become another general-purpose replacement for Python.&lt;br&gt;
Its stronger purpose is:&lt;br&gt;
A small, understandable, verifiable language for code that cannot automatically be trusted.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The intended execution chain is:&lt;br&gt;
A human or AI writes a program.&lt;br&gt;
LOOM determines every effect.&lt;br&gt;
LOOM verifies resources and one-time capabilities.&lt;br&gt;
LOOM verifies provenance and independent approvals.&lt;br&gt;
LOOM applies organization-wide policy.&lt;br&gt;
LOOM rejects the program or produces a verdict.&lt;br&gt;
An accepted program is compiled to WebAssembly.&lt;br&gt;
The host grants only the proven capabilities.&lt;br&gt;
The program runs in a browser, server, or local runtime.&lt;br&gt;
The result remains bound to the source, policy, and ABI version.&lt;br&gt;
The Intended Final Product&lt;br&gt;
The complete system should include:&lt;br&gt;
the LOOM language;&lt;br&gt;
an effect, capability, resource, and trust checker;&lt;br&gt;
a WebAssembly compiler;&lt;br&gt;
a capability-aware runtime;&lt;br&gt;
a versioned ABI;&lt;br&gt;
CLI and SDK interfaces;&lt;br&gt;
a browser Playground;&lt;br&gt;
structured verdicts and receipts;&lt;br&gt;
an AI-code auditing tool;&lt;br&gt;
CI/CD and agent integrations;&lt;br&gt;
a standard library of verified components.&lt;br&gt;
The practical outcome is:&lt;br&gt;
We can accept code written by an unknown author or an AI, refuse to trust it on reputation alone, verify its authority before execution, and run it only within the contract that was actually proven.&lt;/p&gt;

&lt;p&gt;What Still Blocks Production Readiness&lt;br&gt;
LOOM is already a strong research prototype, but it is not yet a production language.&lt;br&gt;
The remaining work includes:&lt;br&gt;
completing a formal language specification;&lt;br&gt;
stabilizing the ABI;&lt;br&gt;
further separating the main facade into clear modules;&lt;br&gt;
expanding property testing and fuzzing;&lt;br&gt;
conducting an independent security audit;&lt;br&gt;
building a real host sandbox model for FFI;&lt;br&gt;
formally specifying trust and provenance semantics;&lt;br&gt;
creating stable packages and SDKs;&lt;br&gt;
improving diagnostics;&lt;br&gt;
developing a standard library;&lt;br&gt;
testing larger real-world programs;&lt;br&gt;
versioning policies and verdict formats;&lt;br&gt;
resolving recurring first-attempt GitHub Pages deployment failures.&lt;br&gt;
Independent Assessment&lt;br&gt;
LOOM already combines several capabilities that are rarely present together in a small language:&lt;br&gt;
effects;&lt;br&gt;
capabilities;&lt;br&gt;
linear resources;&lt;br&gt;
provenance;&lt;br&gt;
independent roles;&lt;br&gt;
trust gates;&lt;br&gt;
real WebAssembly execution.&lt;br&gt;
Its greatest potential is not competing with Python for ordinary application development.&lt;br&gt;
Its natural role is:&lt;br&gt;
A verifiable execution layer for AI-generated code, agent tools, plugins, and critical automation workflows.&lt;/p&gt;

&lt;p&gt;The strongest next strategic step is not simply adding more opcodes. It is creating an exportable verdict or receipt: a compact machine-readable document binding the verification result to the exact source code, policy, ABI version, and commit.&lt;br&gt;
That would transform LOOM from a strong language research project into an embeddable trust tool for other systems.&lt;/p&gt;

&lt;p&gt;378 checks, all green. Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live: &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>security</category>
      <category>showdev</category>
    </item>
    <item>
      <title>my AI-code language is now honest all the way down to WebAssembly</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 03 Jul 2026 18:24:15 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-587h</link>
      <guid>https://dev.to/umbraaeternaa/my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-587h</guid>
      <description>&lt;p&gt;Full LOOM Language Report&lt;br&gt;
LOOM is no longer just an idea. It is a compact experimental programming language with its own:&lt;br&gt;
syntax;&lt;br&gt;
static checker;&lt;br&gt;
interpreter;&lt;br&gt;
Python, JavaScript, and WebAssembly compilers;&lt;br&gt;
effect, capability, resource, and trust systems;&lt;br&gt;
browser Playground;&lt;br&gt;
command-line interface;&lt;br&gt;
suite of 378 self-verifying checks.&lt;br&gt;
Current canonical state:&lt;br&gt;
Commit: 92a5742&lt;br&gt;
Citadel: 378/378&lt;br&gt;
Documentation parity: PASS&lt;br&gt;
Git synchronization: 0/0&lt;br&gt;
Live Playground: operational&lt;br&gt;
The Core Idea&lt;br&gt;
Most programming languages primarily check whether code is syntactically and structurally valid.&lt;br&gt;
LOOM additionally checks:&lt;br&gt;
What the code is allowed to do, who is responsible for it, and under which conditions it may receive dangerous capabilities.&lt;/p&gt;

&lt;p&gt;For example, a function may claim to be pure:&lt;br&gt;
(defx sneaky () (fn (x) (print x)))&lt;br&gt;
But it performs output internally. LOOM detects the hidden IO effect and rejects the program before execution.&lt;br&gt;
This verification works through:&lt;br&gt;
nested functions;&lt;br&gt;
function calls;&lt;br&gt;
branches;&lt;br&gt;
bindings;&lt;br&gt;
recursion;&lt;br&gt;
closures;&lt;br&gt;
handlers;&lt;br&gt;
external components.&lt;br&gt;
The central principle is:&lt;br&gt;
AI proposes. The compiler disposes.&lt;/p&gt;

&lt;p&gt;Current Capabilities&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;General Programming
LOOM already supports:
signed integers;
arithmetic;
comparisons;
if expressions;
local let bindings;
named functions;
anonymous functions;
recursion;
first-class functions;
closures;
lists;
list construction;
head, tail, and empty;
records with named fields;
field access;
variants;
pattern matching;
string literals.
This is sufficient for writing small real programs rather than isolated demonstration expressions.&lt;/li&gt;
&lt;li&gt;Effect Checking
LOOM distinguishes between different classes of behavior:
Pure — pure computation;
IO — input and output;
Net — network access;
Alloc — allocation;
FFI — foreign code;
Rand — randomness.
Every function declares its effect row. The checker computes what the function actually performs and compares it with the declaration.
This prevents code from secretly:
accessing the network;
producing output;
executing foreign code;
allocating resources;
using randomness;
smuggling effects through helper functions.&lt;/li&gt;
&lt;li&gt;Transitive Effect Verification
Effect checking is not limited to direct operations.
LOOM follows effects through:
calls;
recursion;
conditions;
local bindings;
higher-order functions;
closures;
handlers;
foreign boundaries.
A pure function cannot call an effectful function and hide the effect from its own contract.&lt;/li&gt;
&lt;li&gt;Effect Polymorphism
Higher-order functions may accept functions whose effects are not known in advance.
If the supplied function is pure, the call remains pure. If it performs IO or Net, that effect automatically propagates to the caller.
This allows reusable functions such as map and fold without losing security information.&lt;/li&gt;
&lt;li&gt;Capability Seams
A seam is an explicit capability boundary.
Foreign or opaque code does not automatically receive access to:
networking;
output;
allocation;
random sources;
other host capabilities.
Capabilities must be granted explicitly.
For example:
(seam (Pure) ...)
runs the enclosed computation without external capabilities. If foreign code attempts IO or Net, the runtime blocks it.
This is the foundation of LOOM’s future sandbox for AI-generated code.&lt;/li&gt;
&lt;li&gt;Effect Handlers
LOOM can locally discharge or reinterpret an effect.
A real network operation may be replaced by a pure mock:
(with Net mock ...)
This enables:
safe testing;
service simulation;
dry-run execution;
deterministic environments;
controlled external dependencies.
The checker proves that the original network effect does not escape.&lt;/li&gt;
&lt;li&gt;Affine Capabilities
LOOM supports capabilities that may be used at most once.
This protects against:
repeated network requests;
duplicate token use;
repeated critical actions;
accidental reuse of one-time authority.&lt;/li&gt;
&lt;li&gt;Linear Resources
Resources can be required to follow exactly one lifecycle:
created;
used;
completed.
LOOM rejects programs where a resource is:
never used;
used more than once;
lost;
duplicated;
passed incorrectly between functions.
Potential applications include:
files;
sockets;
transactions;
locks;
one-time keys;
descriptors;
hardware resources.&lt;/li&gt;
&lt;li&gt;Typed Resources
A resource may carry a specific effect.
For example, network authority can be tied to one resource. Code cannot claim to use that resource while secretly performing an ambient network operation elsewhere.
This protects the integrity of the execution path.&lt;/li&gt;
&lt;li&gt;Required Effects
A conventional effect system says:
“This function may perform a network action.”&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;LOOM can also express:&lt;br&gt;
“This function must actually perform the network action.”&lt;/p&gt;

&lt;p&gt;This catches false or empty implementations such as:&lt;br&gt;
audit functions that never write an audit record;&lt;br&gt;
persistence functions that store nothing;&lt;br&gt;
transactions that report success without committing;&lt;br&gt;
security checks replaced by return true;&lt;br&gt;
production code accidentally replaced by a stub.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Negative Policies
A policy such as:
(forbid Net)
can prohibit network effects from escaping anywhere in the program.
The effect must either:
not occur;
or be locally handled by a real handler.
This supports:
offline execution;
network-free environments;
FFI-free modes;
deterministic builds;
restricted production profiles.&lt;/li&gt;
&lt;li&gt;Provenance Tracking
LOOM can record where a value came from:
(prov ai value)
(prov human value)
(prov trace value)
Provenance flows through:
bindings;
computations;
function calls;
nested expressions;
later trust checks.
Moving a value into another variable does not erase its history.&lt;/li&gt;
&lt;li&gt;Trust Gates
A trust gate verifies whether a value has independent supporting evidence.
An AI-generated value cannot certify itself:
(trust (prov ai 42))
This is rejected.
LOOM may require multiple independent anchors:
(trust 2
(prov human
(prov trace
  (prov ai 42))))
This value has:
an AI origin;
human ratification;
a real execution trace.
The purpose is to prevent one system from generating:
the code;
the specification;
the test;
the proof of its own correctness.&lt;/li&gt;
&lt;li&gt;Roles and Independent Authors
LOOM may require specific roles rather than only counting confirmations:
code author;
specification author;
reviewer;
auditor;
proof author.
A policy can require code and proof to be confirmed by different parties.
One person or one AI cannot occupy every role and certify itself.&lt;/li&gt;
&lt;li&gt;Role Hierarchies
Roles may form a hierarchy:
reviewer;
auditor;
senior auditor.
A stronger role may satisfy a weaker requirement, but not the reverse.
Role hierarchy never removes the requirement for independent participants.&lt;/li&gt;
&lt;li&gt;Provenance-Gated Capabilities
Dangerous authority may be granted only to code carrying the required provenance and role quorum.
For example:
Grant Net only to code written by one party and independently reviewed by another.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;If the evidence is missing, the network capability is never issued.&lt;br&gt;
This is one of LOOM’s defining properties:&lt;br&gt;
Trust is not documentation. Trust becomes a condition for receiving real authority.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Per-Effect Trust Requirements
Different effects may require different reviewers:
Net may require a network reviewer;
FFI may require a security auditor;
IO may require an operations reviewer.
Different risks can therefore demand different evidence.&lt;/li&gt;
&lt;li&gt;Program-Wide Policy
Policies may be declared once for the entire program:
role hierarchy;
required number of confirmations;
capability requirements;
forbidden effects;
required effects.
Every function and capability seam then inherits the same rules.
Trust becomes a property of the codebase rather than repeated boilerplate.&lt;/li&gt;
&lt;li&gt;Author-Based Confinement
LOOM can control not only what happens, but also which author’s code performs the dangerous operation.
This matters when a system combines:
first-party code;
libraries;
plugins;
vendor code;
code generated by multiple AI systems.
An unapproved component can be prevented from directly exercising Net, even when another trusted component has that capability.&lt;/li&gt;
&lt;li&gt;Declassification
declassify allows an authorized human or role to take responsibility for an AI-derived value after review.
This creates an explicit accountability point:
“I reviewed this value and now vouch for it.”&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;An AI cannot declassify its own output.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Reproducibility and Recall
LOOM includes constructs for expressing:
persisted provenance;
recalled values;
reproducibility claims;
checked re-execution.
Much of this layer is static: it is verified before execution and does not add unnecessary runtime overhead.&lt;/li&gt;
&lt;li&gt;Checked Low-Level Assembly
LOOM exposes a closed low-level interface:
(asm wasm OPCODE ARG...)
This is not arbitrary textual assembly.
The currently registered operations are:
i31.add;
i31.sub;
i31.mul;
i31.eq;
i31.lt_s;
i31.gt_s.
For each operation, the registry defines:
argument count;
input types;
result type;
effects;
portable semantics;
WebAssembly opcode;
WAT representation;
result encoding.
Unknown operations, raw WAT, arbitrary WebAssembly bytes, memory operations, and host calls are rejected.&lt;/li&gt;
&lt;li&gt;Portable Numeric Semantics
All backends share one integer contract:
signed i31 values;
range from -2^30 to 2^30 - 1;
deterministic modulo-2^31 wraparound;
out-of-range literals rejected before execution.
Python, JavaScript, the interpreter, and WebAssembly must produce identical results.&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Multi-Target Compilation&lt;br&gt;
One checked LOOM program can be:&lt;br&gt;
executed by the interpreter;&lt;br&gt;
compiled to Python;&lt;br&gt;
compiled to JavaScript;&lt;br&gt;
compiled to binary WebAssembly;&lt;br&gt;
rendered as human-readable WAT.&lt;br&gt;
The goal is:&lt;br&gt;
One checked source program, multiple platforms, one behavior.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;WebAssembly Backend&lt;br&gt;
The WebAssembly backend already supports:&lt;br&gt;
integers;&lt;br&gt;
lists;&lt;br&gt;
records;&lt;br&gt;
variants;&lt;br&gt;
pattern matching;&lt;br&gt;
strings;&lt;br&gt;
functions;&lt;br&gt;
closures;&lt;br&gt;
captured values;&lt;br&gt;
effects;&lt;br&gt;
handlers;&lt;br&gt;
capability seams;&lt;br&gt;
FFI;&lt;br&gt;
trust and provenance wrappers;&lt;br&gt;
structured heap values;&lt;br&gt;
checked assembly.&lt;br&gt;
The ABI is versioned. Generated modules publish their ABI version, allowing a host to reject incompatible modules.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Isolated Compilation Contexts&lt;br&gt;
Each WebAssembly compilation uses an isolated per-program context.&lt;br&gt;
Parallel builds cannot leak or mix:&lt;br&gt;
closure layouts;&lt;br&gt;
helper functions;&lt;br&gt;
variant tags;&lt;br&gt;
record fields;&lt;br&gt;
ABI state.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Command-Line Interface&lt;br&gt;
LOOM can already be used as a local tool:&lt;br&gt;
python3 loom.py check program.loom&lt;br&gt;
python3 loom.py run program.loom&lt;br&gt;
python3 loom.py build program.loom --target js&lt;br&gt;
python3 loom.py audit program.loom&lt;br&gt;
These commands allow users to:&lt;br&gt;
verify a program;&lt;br&gt;
run it;&lt;br&gt;
compile it;&lt;br&gt;
inspect declared and actual effects;&lt;br&gt;
receive structured rejection reports.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Browser Playground&lt;br&gt;
The live Playground can:&lt;br&gt;
accept LOOM source code;&lt;br&gt;
run the checker;&lt;br&gt;
execute the program;&lt;br&gt;
compile it to JavaScript;&lt;br&gt;
emit WAT;&lt;br&gt;
compile and run real WebAssembly;&lt;br&gt;
group errors by function;&lt;br&gt;
demonstrate checked assembly operations.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Self-Verification&lt;br&gt;
LOOM currently has:&lt;br&gt;
378/378 Citadel checks;&lt;br&gt;
negative security tests;&lt;br&gt;
cross-backend differential tests;&lt;br&gt;
deterministic property fuzzing;&lt;br&gt;
reproducible seeds;&lt;br&gt;
standalone published-bundle verification;&lt;br&gt;
GitHub CI;&lt;br&gt;
live-site read-back after publication.&lt;br&gt;
A feature is not treated as complete until it works on every claimed backend and includes tests against incorrect use.&lt;br&gt;
Current Applications&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Education&lt;br&gt;
LOOM can teach:&lt;br&gt;
effect systems;&lt;br&gt;
capability security;&lt;br&gt;
linear resources;&lt;br&gt;
sandbox design;&lt;br&gt;
provenance tracking;&lt;br&gt;
circular-trust risks;&lt;br&gt;
WebAssembly compilation.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Programming-Language Research&lt;br&gt;
LOOM is a practical research environment for:&lt;br&gt;
effect systems;&lt;br&gt;
linear and affine types;&lt;br&gt;
provenance;&lt;br&gt;
trust policies;&lt;br&gt;
capability security;&lt;br&gt;
role-based authorization;&lt;br&gt;
secure FFI;&lt;br&gt;
WebAssembly ABI design.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Small AI-Generated Programs&lt;br&gt;
AI systems can generate LOOM code while LOOM checks:&lt;br&gt;
hidden network access;&lt;br&gt;
undeclared output;&lt;br&gt;
incorrect resource use;&lt;br&gt;
missing independent validation;&lt;br&gt;
unauthorized capabilities.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Secure Plugins&lt;br&gt;
LOOM could serve as a language for small:&lt;br&gt;
plugins;&lt;br&gt;
automation scripts;&lt;br&gt;
rules;&lt;br&gt;
handlers;&lt;br&gt;
agent tools;&lt;br&gt;
user extensions.&lt;br&gt;
The host could inspect a plugin’s authority before running it.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;CI/CD Policies&lt;br&gt;
LOOM can model policies such as:&lt;br&gt;
deployment requires two independent approvals;&lt;br&gt;
production must not use randomness;&lt;br&gt;
foreign code receives no network authority;&lt;br&gt;
security checks cannot be replaced by empty stubs;&lt;br&gt;
FFI requires an auditor role.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Agent Workflows&lt;br&gt;
LOOM can describe:&lt;br&gt;
which tools an agent may access;&lt;br&gt;
how many times a tool may be used;&lt;br&gt;
who approved the result;&lt;br&gt;
whether network access is permitted;&lt;br&gt;
whether human ratification is required.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Verifiable Automation&lt;br&gt;
A workflow could:&lt;br&gt;
Download data.&lt;br&gt;
Transform it.&lt;br&gt;
Store the result.&lt;br&gt;
Prove that network access occurred only during the download.&lt;br&gt;
Prove that the final write occurred exactly once.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;External Code Auditing&lt;br&gt;
The organism’s Auditor can use LOOM as a logical oracle:&lt;br&gt;
Model suspected external behavior as a minimal LOOM program.&lt;br&gt;
Confirm that the checker rejects the unsafe model.&lt;br&gt;
Confirm that the corrected model is accepted.&lt;br&gt;
Confirm that safe controls remain accepted.&lt;br&gt;
This does not automatically prove a vulnerability in arbitrary external Python code. It provides a disciplined way to formalize and test a security hypothesis.&lt;br&gt;
Future Applications&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Policy Language for AI Systems&lt;br&gt;
LOOM could verify critical contracts such as:&lt;br&gt;
an agent may read but not write;&lt;br&gt;
a model may access only one API;&lt;br&gt;
code execution requires a sandbox;&lt;br&gt;
production actions require human approval;&lt;br&gt;
a financial operation cannot be repeated.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Trusted Intermediate Representation&lt;br&gt;
Other languages and AI tools could generate a small LOOM intermediate representation.&lt;br&gt;
LOOM would then act as a verification layer between:&lt;br&gt;
AI-generated code;&lt;br&gt;
organizational policy;&lt;br&gt;
WebAssembly;&lt;br&gt;
the host environment.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Verifiable Execution SDK&lt;br&gt;
A future SDK could:&lt;br&gt;
Accept a program.&lt;br&gt;
Verify effects and provenance.&lt;br&gt;
Produce a structured verdict.&lt;br&gt;
Compile the program to WebAssembly.&lt;br&gt;
Run it with minimal capabilities.&lt;br&gt;
Preserve evidence of exactly what was authorized.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Plugin Platform&lt;br&gt;
Before installing a plugin, the platform could show:&lt;br&gt;
network access required;&lt;br&gt;
output access required;&lt;br&gt;
FFI used;&lt;br&gt;
provenance not independently verified;&lt;br&gt;
security audit required;&lt;br&gt;
one-time resource consumed.&lt;br&gt;
The host would issue only the declared and verified capabilities.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;AI Tool Marketplace&lt;br&gt;
LOOM could support a marketplace where:&lt;br&gt;
every component has a capability profile;&lt;br&gt;
every release is bound to exact source code;&lt;br&gt;
effect changes are visible;&lt;br&gt;
dangerous authority requires role approval;&lt;br&gt;
execution is isolated through WebAssembly.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Browser, Edge, and Offline Systems&lt;br&gt;
Because LOOM is compact and targets WebAssembly, it may suit:&lt;br&gt;
browser applications;&lt;br&gt;
local automation;&lt;br&gt;
edge devices;&lt;br&gt;
offline systems;&lt;br&gt;
embedded policy engines;&lt;br&gt;
small controlled runtimes.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Contracts Between Multiple Agents&lt;br&gt;
One agent may create code, another the specification, and another the proof.&lt;br&gt;
LOOM can require that:&lt;br&gt;
authors are independent;&lt;br&gt;
roles are not controlled by one party;&lt;br&gt;
runtime traces match the exact artifact;&lt;br&gt;
capabilities are issued only after quorum.&lt;br&gt;
Where the Project Is Going&lt;br&gt;
LOOM is not trying to become another general-purpose replacement for Python.&lt;br&gt;
Its stronger purpose is:&lt;br&gt;
A small, understandable, verifiable language for code that cannot automatically be trusted.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The intended execution chain is:&lt;br&gt;
A human or AI writes a program.&lt;br&gt;
LOOM determines every effect.&lt;br&gt;
LOOM verifies resources and one-time capabilities.&lt;br&gt;
LOOM verifies provenance and independent approvals.&lt;br&gt;
LOOM applies organization-wide policy.&lt;br&gt;
LOOM rejects the program or produces a verdict.&lt;br&gt;
An accepted program is compiled to WebAssembly.&lt;br&gt;
The host grants only the proven capabilities.&lt;br&gt;
The program runs in a browser, server, or local runtime.&lt;br&gt;
The result remains bound to the source, policy, and ABI version.&lt;br&gt;
The Intended Final Product&lt;br&gt;
The complete system should include:&lt;br&gt;
the LOOM language;&lt;br&gt;
an effect, capability, resource, and trust checker;&lt;br&gt;
a WebAssembly compiler;&lt;br&gt;
a capability-aware runtime;&lt;br&gt;
a versioned ABI;&lt;br&gt;
CLI and SDK interfaces;&lt;br&gt;
a browser Playground;&lt;br&gt;
structured verdicts and receipts;&lt;br&gt;
an AI-code auditing tool;&lt;br&gt;
CI/CD and agent integrations;&lt;br&gt;
a standard library of verified components.&lt;br&gt;
The practical outcome is:&lt;br&gt;
We can accept code written by an unknown author or an AI, refuse to trust it on reputation alone, verify its authority before execution, and run it only within the contract that was actually proven.&lt;/p&gt;

&lt;p&gt;What Still Blocks Production Readiness&lt;br&gt;
LOOM is already a strong research prototype, but it is not yet a production language.&lt;br&gt;
The remaining work includes:&lt;br&gt;
completing a formal language specification;&lt;br&gt;
stabilizing the ABI;&lt;br&gt;
further separating the main facade into clear modules;&lt;br&gt;
expanding property testing and fuzzing;&lt;br&gt;
conducting an independent security audit;&lt;br&gt;
building a real host sandbox model for FFI;&lt;br&gt;
formally specifying trust and provenance semantics;&lt;br&gt;
creating stable packages and SDKs;&lt;br&gt;
improving diagnostics;&lt;br&gt;
developing a standard library;&lt;br&gt;
testing larger real-world programs;&lt;br&gt;
versioning policies and verdict formats;&lt;br&gt;
resolving recurring first-attempt GitHub Pages deployment failures.&lt;br&gt;
Independent Assessment&lt;br&gt;
LOOM already combines several capabilities that are rarely present together in a small language:&lt;br&gt;
effects;&lt;br&gt;
capabilities;&lt;br&gt;
linear resources;&lt;br&gt;
provenance;&lt;br&gt;
independent roles;&lt;br&gt;
trust gates;&lt;br&gt;
real WebAssembly execution.&lt;br&gt;
Its greatest potential is not competing with Python for ordinary application development.&lt;br&gt;
Its natural role is:&lt;br&gt;
A verifiable execution layer for AI-generated code, agent tools, plugins, and critical automation workflows.&lt;/p&gt;

&lt;p&gt;The strongest next strategic step is not simply adding more opcodes. It is creating an exportable verdict or receipt: a compact machine-readable document binding the verification result to the exact source code, policy, ABI version, and commit.&lt;br&gt;
That would transform LOOM from a strong language research project into an embeddable trust tool for other systems.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>security</category>
      <category>showdev</category>
    </item>
    <item>
      <title>Day 9: my AI-code language is now honest all the way down to WebAssembly</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 03 Jul 2026 12:57:14 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-9-my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-2l66</link>
      <guid>https://dev.to/umbraaeternaa/day-9-my-ai-code-language-is-now-honest-all-the-way-down-to-webassembly-2l66</guid>
      <description>&lt;p&gt;I'm building LOOM — a small open-source language that is a machine-checked &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. I don't write it by hand: an organism I built grows it, day and night, on one machine. Day 9 is one idea taken to its conclusion — &lt;strong&gt;the language is now honest all the way down to the metal.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The arc: every layer used to have a "hole at the bottom"
&lt;/h2&gt;

&lt;p&gt;LOOM started as an effect checker — &lt;em&gt;"is this function lying about what it does?"&lt;/em&gt;. Then it grew a &lt;strong&gt;trust layer&lt;/strong&gt; (a value is trusted only with independent, non-AI anchors). Then a &lt;strong&gt;WebAssembly&lt;/strong&gt; backend — but at first only for integers. Each layer had a hole underneath it where the honesty quietly evaporated: structures and trust didn't reach the machine, a string was indistinguishable from a symbol, and the embedded-assembly boundary just stayed silent.&lt;/p&gt;

&lt;h2&gt;
  
  
  Day 9 closes those holes — 333 → 373 checks, all green
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Strings, structures and the trust layer now run in real WASM.&lt;/strong&gt; Records, closures, effects, and the transparent &lt;code&gt;trust/prov/recall/declassify&lt;/code&gt; wrappers lower to a tagged-ABI runtime; quoted string literals are stored as static WASM data and the &lt;strong&gt;browser playground decodes them itself&lt;/strong&gt;. &lt;code&gt;interp == Python == JavaScript == WASM&lt;/code&gt; — for real values, not just arithmetic.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The proof is legible.&lt;/strong&gt; When the checker refuses, it groups its findings &lt;strong&gt;by function&lt;/strong&gt; (global findings separated), in the CLI &lt;em&gt;and&lt;/em&gt; the browser — you see exactly &lt;em&gt;where&lt;/em&gt; the lie is.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The assembly boundary is honest.&lt;/strong&gt; An embedded &lt;code&gt;(asm …)&lt;/code&gt; form is explicitly &lt;strong&gt;reserved and fail-closed&lt;/strong&gt; across checker, interpreter, Python/JS, and WASM/WAT: embedded assembly is backend-owned until a &lt;em&gt;checked&lt;/em&gt; low-level contract exists. No magic asm smuggled into the core.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  The organism (what I show, not how it's built)
&lt;/h2&gt;

&lt;p&gt;I never write the language by hand. The organism runs a loop no hand-written project has: it &lt;strong&gt;proposes a change → proves it green itself → adversarially attacks it itself → and only then a human decides.&lt;/strong&gt; &lt;em&gt;AI proposes; the compiler disposes.&lt;/em&gt; It self-heals on crashes and low-quality output. The engine that grows the language stays mine — I show what it does and the proof, never the engine.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where this is going
&lt;/h2&gt;

&lt;p&gt;Deeper low-level / cross-platform expansion &lt;strong&gt;above this honest asm contract&lt;/strong&gt; — so AI-written code can be &lt;em&gt;proven&lt;/em&gt;, from the gate down to the metal and into the browser.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;373 checks, all green.&lt;/strong&gt; Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live: &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webassembly</category>
      <category>compiler</category>
      <category>ailang</category>
      <category>opensource</category>
    </item>
    <item>
      <title>"Day 8: my AI-code trust layer now compiles to real WebAssembly — guarantees and all"</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Wed, 01 Jul 2026 20:27:19 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-8-my-ai-code-trust-layer-now-compiles-to-real-webassembly-guarantees-and-all-3bfp</link>
      <guid>https://dev.to/umbraaeternaa/day-8-my-ai-code-trust-layer-now-compiles-to-real-webassembly-guarantees-and-all-3bfp</guid>
      <description>&lt;p&gt;I'm building LOOM — a small open-source language that is a machine-checked &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. Here's the part people don't expect: &lt;strong&gt;I don't write it by hand.&lt;/strong&gt; An organism I built grows it, autonomously, day and night, on a single machine. Day 8 crossed a line I care about — &lt;strong&gt;the language now runs fully in real WebAssembly, and it takes its trust guarantees down to the metal with it.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most languages compile the code and leave the safety story behind&lt;/p&gt;

&lt;p&gt;You can compile almost anything to WASM. But the &lt;em&gt;guarantees&lt;/em&gt; — the effect discipline, the capability seams, the provenance-aware trust gate — usually live in a higher-level checker and quietly evaporate on the way down. The artifact runs; the promise doesn't come along.&lt;/p&gt;

&lt;p&gt;Day 8 closed that gap. It went from &lt;strong&gt;333 to 365 self-verifying checks&lt;/strong&gt;, all green (I ran &lt;code&gt;run_tests.py&lt;/code&gt; and &lt;code&gt;verify_docs_parity.py&lt;/code&gt; — both PASS), in two moves:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;A full value runtime in WASM.&lt;/strong&gt; Not just integers anymore — &lt;strong&gt;records, closures (heap-boxed with a generated dispatcher), and effects (IO)&lt;/strong&gt; now run in WebAssembly through a &lt;strong&gt;tagged ABI v1&lt;/strong&gt;. The core trap: in an &lt;code&gt;i32&lt;/code&gt; a plain number and a heap pointer are indistinguishable, so a structural runtime is impossible without ambiguity. The tagged ABI removes it &lt;strong&gt;by construction&lt;/strong&gt; — even values are integers, odd values are pointers — and records/closures/effects sit on top.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The trust layer itself, lowered.&lt;/strong&gt; &lt;code&gt;trust&lt;/code&gt;, &lt;code&gt;prov&lt;/code&gt;, &lt;code&gt;by&lt;/code&gt;, &lt;code&gt;recall&lt;/code&gt;, &lt;code&gt;declassify&lt;/code&gt;, &lt;code&gt;repro&lt;/code&gt; now lower into real WASM — and not by faking a shortcut: the lowering &lt;strong&gt;matches the interpreter's sequencing step-for-step&lt;/strong&gt; (intermediates dropped, final value preserved, handled effects inside wrapper bodies still behave). The guarantee that holds in the interpreter now holds in the browser.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So the invariant is real: &lt;strong&gt;interp == Python == JavaScript == WASM&lt;/strong&gt;, for structures &lt;em&gt;and&lt;/em&gt; for trust — not just arithmetic.&lt;/p&gt;

&lt;p&gt;The unglamorous half that makes it trustworthy&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Deterministic fuzzing&lt;/strong&gt; (property fuzz across parser/checker/interpreter/Python/JS/WASM) found and closed &lt;strong&gt;3 real defects&lt;/strong&gt; before they could ship.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CI&lt;/strong&gt; now pins all of it.&lt;/li&gt;
&lt;li&gt;The old ~1300-line monolith was &lt;strong&gt;decomposed into clean modules&lt;/strong&gt; (a small facade over parse / checker / codegen / runtime / wasm / cli), so the surface stays auditable as it grows. Net change since I froze the trust layer: 17 files, +4725 / −1387.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;What makes the &lt;em&gt;organism&lt;/em&gt; unique&lt;/p&gt;

&lt;p&gt;I'll always show what the organism &lt;strong&gt;does&lt;/strong&gt; and the &lt;strong&gt;proof&lt;/strong&gt; — never &lt;strong&gt;how it's built&lt;/strong&gt;. But what it does is the interesting part: it runs a loop no hand-written project has — it &lt;strong&gt;proposes a change → proves it green itself → adversarially attacks it itself → and only then a human decides.&lt;/strong&gt; &lt;em&gt;AI proposes; the compiler disposes.&lt;/em&gt; It self-heals: a "mind" that crashes &lt;strong&gt;or&lt;/strong&gt; keeps producing un-landable, low-quality proposals auto-pauses and retries later — it heals output &lt;em&gt;quality&lt;/em&gt;, not just crashes. Many minds, one engine. The proof it works isn't a claim — it's these 365 machine-checked green checks and a real WASM backend, all grown this way.&lt;/p&gt;

&lt;p&gt;The language is open; the results are public; the engine is private.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;365 checks, all green.&lt;/strong&gt; Across every day, the language has only ever gotten greener.&lt;/p&gt;

&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webassembly</category>
      <category>compiler</category>
      <category>ailang</category>
      <category>opensource</category>
    </item>
    <item>
      <title>"Day 7: the organism that grows my language learned to improve itself"</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Sat, 27 Jun 2026 20:14:39 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-7-the-organism-that-grows-my-language-learned-to-improve-itself-4852</link>
      <guid>https://dev.to/umbraaeternaa/day-7-the-organism-that-grows-my-language-learned-to-improve-itself-4852</guid>
      <description>&lt;p&gt;&lt;a href="https://umbraaeternaa.github.io/loom/" rel="noopener noreferrer"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I'm building LOOM — a small open-source language that is a machine-checked &lt;strong&gt;trust layer for AI-written code&lt;/strong&gt;. I don't write it by hand: an organism I built grows it, day and night, on my own machine. Day 7 was different — &lt;strong&gt;the organism learned to improve &lt;em&gt;itself&lt;/em&gt;.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The language reached a mature point — and I froze it there
&lt;/h2&gt;

&lt;p&gt;LOOM's trust layer (effects + capabilities + provenance, proven at a gate that refuses to run lies) grew from 308 to &lt;strong&gt;333 self-verifying checks&lt;/strong&gt;, all green, then I deliberately &lt;strong&gt;froze it&lt;/strong&gt;:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;D28 — metered attestation:&lt;/strong&gt; one capability "seam" now carries three things at once — what foreign code may DO (the grant), &lt;em&gt;how many times&lt;/em&gt; it may do it (the meter), and a &lt;strong&gt;non-AI authority's signature&lt;/strong&gt; over that specific component (the attestation). Audited foreign code is trusted; unaudited is not.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;repro&lt;/code&gt; — a reproducibility region:&lt;/strong&gt; a scoped, non-launderable assertion that no nondeterminism (a &lt;code&gt;Rand&lt;/code&gt; draw) may influence a path that must stay re-derivable. The determinism dual of a capability seam.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The trust arc (D9→D28) is now a coherent whole. More depth would add checks, not adopters — so I stopped.&lt;/p&gt;

&lt;h2&gt;
  
  
  The interesting part: the organism started drifting, so I taught it to self-police
&lt;/h2&gt;

&lt;p&gt;Here's the honest bit. The organism kept proposing &lt;em&gt;deeper&lt;/em&gt; trust changes — subtler and riskier each time. One of them &lt;strong&gt;weakened a security guarantee&lt;/strong&gt; (it flipped a guard from "reject" to "accept") and it reached my review gate &lt;strong&gt;without having finished its own adversarial self-test.&lt;/strong&gt; Sound in the abstract, but a loosening on a security axis — so I rejected it.&lt;/p&gt;

&lt;p&gt;Then I closed the gap in the organism itself:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;a proposal is now marked &lt;strong&gt;gate-ready only if it passed both its self-pre-check AND its self-red-team&lt;/strong&gt; — an unverified one can no longer look "done";&lt;/li&gt;
&lt;li&gt;the pre-check now &lt;strong&gt;flags any proposal that loosens a guarantee&lt;/strong&gt; (reject→accept) with a loud banner — keyed by the program, so a renamed label can't hide it;&lt;/li&gt;
&lt;li&gt;a new &lt;strong&gt;quality self-healing&lt;/strong&gt;: a "mind" that keeps producing un-landable proposals now auto-pauses (like one that crashes) and retries after a cooldown — it heals &lt;strong&gt;output quality&lt;/strong&gt;, not just crashes;&lt;/li&gt;
&lt;li&gt;and I re-aimed every mind off the now-frozen trust layer toward what matters next (the WebAssembly backend + reaching real users).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So the loop is now: the organism &lt;strong&gt;proposes → proves it green → attacks it itself → and only then a human decides.&lt;/strong&gt; It self-corrects on both crashes &lt;em&gt;and&lt;/em&gt; quality.&lt;/p&gt;

&lt;h2&gt;
  
  
  What I show, and what I keep
&lt;/h2&gt;

&lt;p&gt;I'll always show what the organism &lt;strong&gt;does&lt;/strong&gt; and the &lt;strong&gt;proof&lt;/strong&gt; — never &lt;strong&gt;how it's built&lt;/strong&gt;. The engine that grows the language stays mine. That's deliberate: the language is open; the results are public; the engine is private.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;333 checks, all green.&lt;/strong&gt; Across every day, the language has only ever gotten greener.&lt;/p&gt;

&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live (in your browser): &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>compiler</category>
      <category>aisafety</category>
      <category>opensource</category>
    </item>
    <item>
      <title>Day 6: my language now compiles to WebAssembly — and I emit the bytes by hand</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 26 Jun 2026 21:22:32 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/day-6-my-language-now-compiles-to-webassembly-and-i-emit-the-bytes-by-hand-c0o</link>
      <guid>https://dev.to/umbraaeternaa/day-6-my-language-now-compiles-to-webassembly-and-i-emit-the-bytes-by-hand-c0o</guid>
      <description>&lt;p&gt;I'm building LOOM — a small open-source language that is a machine-checked trust layer for AI-written code. I don't write it by hand anymore: an organism I built grows it, day and night, on my own machine. This is Day 6, and the whole day went to one thing — &lt;strong&gt;WebAssembly&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this was a real test
&lt;/h2&gt;

&lt;p&gt;LOOM already runs three ways: an interpreter, and backends that compile checked code to Python and JavaScript. The thesis is "trust survives translation" — effects and provenance, proven once, hold the same on every target. WebAssembly is the strongest test of that: a low-level stack machine with linear memory, nothing like Python or JS.&lt;/p&gt;

&lt;p&gt;And there was a constraint. This machine's clang has no wasm target, and I install nothing paid or heavy. So I don't compile &lt;em&gt;to&lt;/em&gt; wasm through a toolchain — &lt;strong&gt;I emit the wasm bytes myself&lt;/strong&gt; (LEB128, the type / function / memory / global / export / code sections, the i32 stack machine) and run them through node's built-in &lt;code&gt;WebAssembly&lt;/code&gt;. Zero dependencies.&lt;/p&gt;

&lt;h2&gt;
  
  
  From &lt;code&gt;fib&lt;/code&gt; to a value runtime, in a day
&lt;/h2&gt;

&lt;p&gt;Every step was prototyped and proven (wasm output == interpreter output) &lt;em&gt;before&lt;/em&gt; it touched the kernel:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;The integer core&lt;/strong&gt; — arithmetic, comparison, &lt;code&gt;if&lt;/code&gt;, first-order calls and recursion. &lt;code&gt;fib(10)&lt;/code&gt; becomes 61 bytes of real WebAssembly and returns 55, identically on the interpreter, Python, Node and wasm.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A value runtime&lt;/strong&gt; — &lt;code&gt;let&lt;/code&gt; and integer &lt;strong&gt;lists&lt;/strong&gt; in a real linear-memory heap (a bump pointer + a &lt;code&gt;$cons&lt;/code&gt; cell allocator; &lt;code&gt;head&lt;/code&gt;/&lt;code&gt;tail&lt;/code&gt; are &lt;code&gt;i32.load&lt;/code&gt;, &lt;code&gt;empty&lt;/code&gt; is &lt;code&gt;i32.eqz&lt;/code&gt;). A list sums and folds by recursion, inside wasm.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Sum types&lt;/strong&gt; — &lt;code&gt;(variant Tag e)&lt;/code&gt; becomes a tagged cell &lt;code&gt;[tag-id | payload]&lt;/code&gt;; &lt;code&gt;match&lt;/code&gt; loads the tag, compares, binds the payload, branches.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You can watch it: the live playground has a &lt;strong&gt;Compile → WAT&lt;/strong&gt; button and &lt;code&gt;WASM · fib&lt;/code&gt; / &lt;code&gt;list-sum&lt;/code&gt; / &lt;code&gt;match&lt;/code&gt; examples. Type a program, see it become real assembly, in your browser.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Honest scope:&lt;/strong&gt; ints, &lt;code&gt;let&lt;/code&gt;, integer lists and sum types compile to wasm today. Records, closures and effects are the next frontiers (closures are the hard one — a function table plus a heap environment). Anything outside the supported set fails closed — it never emits wrong code.&lt;/p&gt;

&lt;h2&gt;
  
  
  The part I didn't write
&lt;/h2&gt;

&lt;p&gt;While I worked on wasm, the organism worked on the trust layer. I'd landed D26 — a rule that provenance does &lt;strong&gt;not&lt;/strong&gt; survive an opaque foreign (FFI) call, so the host can vouch for what foreign code is &lt;em&gt;granted&lt;/em&gt; but never for what it &lt;em&gt;returns&lt;/em&gt;. D26 left an honest gap in its own comments: a vetted, signed library was treated no better than an arbitrary &lt;code&gt;.so&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;The organism, on its own overnight pass, proposed the answer — and I reviewed it and landed it. &lt;code&gt;(vouch ROLE WHO COMP)&lt;/code&gt;: a non-AI authority signs a &lt;strong&gt;specific&lt;/strong&gt; foreign component, so that component's output carries the authority's anchor instead of being stripped. It's an &lt;em&gt;attestation&lt;/em&gt; — traceability to a named, non-AI auditor of that exact component — not a claim the component is correct. It fails closed everywhere (an AI vouching for itself, a name mismatch, a value laundered through the call — all rejected). A machine I built found and closed a gap in my own design.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;298 checks, all green.&lt;/strong&gt; Across every day, the language has only ever gotten greener.&lt;/p&gt;

&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
▶ Try it live: &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webassembly</category>
      <category>compiler</category>
      <category>ailang</category>
      <category>opensource</category>
    </item>
    <item>
      <title>I don't write my language by hand — an organism grows it (Day 5)</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Fri, 26 Jun 2026 14:29:06 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/i-dont-write-my-language-by-hand-an-organism-grows-it-day-5published-true-4lmi</link>
      <guid>https://dev.to/umbraaeternaa/i-dont-write-my-language-by-hand-an-organism-grows-it-day-5published-true-4lmi</guid>
      <description>&lt;p&gt;▶ Try it live: &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://dev.tourl"&gt;&lt;/a&gt;I'm building a programming language. But here's the strange part: I barely write it by hand anymore. &lt;strong&gt;An organism I built grows it for me&lt;/strong&gt; — day and night, on my own machine. This is Day 5, and it did something worth stopping for.&lt;/p&gt;

&lt;p&gt;Let me be literal about what "an organism grows it" means in practice — and about the one line I deliberately won't cross.&lt;/p&gt;

&lt;h2&gt;
  
  
  What the organism actually does
&lt;/h2&gt;

&lt;p&gt;Every cycle, on its own, it:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;watches&lt;/strong&gt; the frontier of languages and security,&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;proposes&lt;/strong&gt; a concrete change to the language's kernel,&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;proves&lt;/strong&gt; that change in a sandbox — does the whole suite stay green or not,&lt;/li&gt;
&lt;li&gt;and then — the part I've never seen an "assistant" do — it &lt;strong&gt;adversarially attacks its own proposal&lt;/strong&gt;, writing programs designed to break the very feature it just suggested.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Only what survives &lt;em&gt;both&lt;/em&gt; the proof and the attack lands on my desk. I'm not the author of every line; I'm the final, human gate that says "yes."&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How it works inside — its architecture, its "mind" — I keep to myself.&lt;/strong&gt; That's the edge, and I'm not handing it out. What I publish is results, each one backed by a proof you can re-run.&lt;/p&gt;

&lt;h2&gt;
  
  
  Today's result (D26): trust that doesn't survive a foreign boundary
&lt;/h2&gt;

&lt;p&gt;LOOM is a machine-checked &lt;strong&gt;trust layer&lt;/strong&gt; for AI-written code. It tracks two things at a gate: what code is &lt;em&gt;allowed to do&lt;/em&gt; (its effects, granted through a capability seam) and where a value's authority &lt;em&gt;came from&lt;/em&gt; (provenance).&lt;/p&gt;

&lt;p&gt;But trust had only ever flowed &lt;em&gt;inside&lt;/em&gt; host code. The moment your program calls something &lt;strong&gt;foreign and opaque&lt;/strong&gt; — a third-party library, a plugin, anything across a boundary you don't control — there was a quiet hole:&lt;/p&gt;

&lt;p&gt;(trust (seam (Pure) (ffi "x" (prov human 5))))   ; used to type-check — it shouldn't&lt;/p&gt;

&lt;p&gt;You can grant foreign code exactly the powers it needs (its effects). But you can &lt;strong&gt;never vouch for what it returns.&lt;/strong&gt; The host vouched for what went &lt;em&gt;in&lt;/em&gt;, never for what came &lt;em&gt;out&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;The organism noticed this, proposed the fix, proved it (275/275) and attacked it (13/13). Now a value that crosses the foreign boundary loses all of its anchors and is untrusted-by-default:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;prov_of((ffi ..)) → {ai}&lt;/code&gt; — every inner anchor dropped.&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;roles_of((ffi ..)) → ∅&lt;/code&gt; — no role vouch survives.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Re-earning trust requires a &lt;strong&gt;live host re-vouch placed &lt;em&gt;outside&lt;/em&gt; the foreign call&lt;/strong&gt;, or an explicit, attributable &lt;code&gt;declassify&lt;/code&gt;. It's the exact dual of crossing a &lt;em&gt;persistence&lt;/em&gt; boundary (&lt;code&gt;recall&lt;/code&gt;) — now on the &lt;em&gt;interop&lt;/em&gt; axis. The same seam now bounds &lt;strong&gt;both&lt;/strong&gt; axes at the foreign edge: what foreign code may &lt;strong&gt;do&lt;/strong&gt;, and what its output may &lt;strong&gt;claim&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  The part that makes it real, not a toy
&lt;/h2&gt;

&lt;p&gt;This week I pointed the organism's &lt;strong&gt;auditor&lt;/strong&gt; at a real, running security system — not a textbook example. It found genuine lies about what the code actually does (functions claiming to be pure while quietly reaching into the environment and the filesystem; an advisory AI signal that could be forged into a privileged action). It machine-proved each one against the live checker. &lt;strong&gt;We fixed them.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A machine that checks other code for honesty, catching real defects in a live product. That's the whole thesis, demonstrated on production code instead of a slide.&lt;/p&gt;

&lt;h2&gt;
  
  
  By the numbers
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;275 checks, all green.&lt;/strong&gt; Across every day of this project, the language has only ever gotten &lt;em&gt;greener&lt;/em&gt; — not a single step back. And the headline feature today was proposed, proven and red-teamed by the organism before I looked at it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where this goes next
&lt;/h2&gt;

&lt;p&gt;A browser playground — so you can try LOOM live, in a tab. Then C / WASM backends, and a deeper information-flow lattice.&lt;/p&gt;




&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦. No company, no funds — just this idea.&lt;/p&gt;

&lt;p&gt;⭐ Code (MIT): &lt;a href="https://github.com/umbraaeternaa/loom" rel="noopener noreferrer"&gt;https://github.com/umbraaeternaa/loom&lt;/a&gt;&lt;br&gt;
🌐 Site: &lt;a href="https://umbraaeternaa.github.io/loom" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom&lt;/a&gt;&lt;br&gt;
☕ Support: &lt;a href="https://send.monobank.ua/jar/AHaziFXjYX" rel="noopener noreferrer"&gt;https://send.monobank.ua/jar/AHaziFXjYX&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ailang</category>
      <category>compiler</category>
      <category>security</category>
      <category>opensource</category>
    </item>
    <item>
      <title>I'm building a programming language — but I'm not growing it alone</title>
      <dc:creator>umbra</dc:creator>
      <pubDate>Thu, 25 Jun 2026 18:31:10 +0000</pubDate>
      <link>https://dev.to/umbraaeternaa/im-building-a-programming-language-but-im-not-growing-it-alone-40ke</link>
      <guid>https://dev.to/umbraaeternaa/im-building-a-programming-language-but-im-not-growing-it-alone-40ke</guid>
      <description>&lt;p&gt;▶ Try it live: &lt;a href="https://umbraaeternaa.github.io/loom/play.html" rel="noopener noreferrer"&gt;https://umbraaeternaa.github.io/loom/play.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The world increasingly trusts AI to write code. But if the author is a machine you can't trust on its word, how do you know what the code actually does? Today's answer is "read it and hope." I wanted better.&lt;/p&gt;

&lt;p&gt;LOOM is a tiny language that makes what code is allowed to do machine-checkable, and refuses to run anything that lies about it. "AI proposes, the compiler disposes."&lt;/p&gt;

&lt;p&gt;In a few days it grew into a trust layer for AI-written code: it checks not just what code does, but who vouches for it — demanding independent, non-AI corroboration. Open (MIT), self-verified by 221 checks that can only grow greener, and now cross-platform — one verified program runs identically on Python and JavaScript.&lt;/p&gt;

&lt;p&gt;The unusual part: I didn't grow it alone. An autonomous research organism develops it daily — and this week it learned to pre-check its own proposals in a sandbox and adversarially attack them before I even look. It proves its work; it doesn't ask me to trust it. How the engine works, I'm keeping to myself.&lt;/p&gt;

&lt;p&gt;Built solo, in the open, from Ukraine 🇺🇦 — ⭐ github.com/umbraaeternaa/loom&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>programming</category>
      <category>productivity</category>
    </item>
  </channel>
</rss>
