Vibe Clojure 4: trust

I was rewatching Rich’s excellent Spec-Ulation keynote from the 2016 Clojure/Conj (I got to see this talk in person! One of the two Conj’s I was able to attend), and thought, why don’t we just try fixing some of these issues that Rich brings up? We basically have a new language that we are working experimenting with, so we can feel out an idea that might be impossible with an established language and ecosystem.

The thing I’m trying is having versioned symbols in Clojurust sources: you append an “@<commit>” to any symbol or namespace that you “:require,” and that symbol gets pinned to a particular commit from the dependency source. That function might change dozens of times, change its behavior in ways you can’t handle without updating your code, or be removed altogether. You don’t care. The version of that function you wrote against still exists, still works in the exact same way. It’s immutable, systemic changes can’t affect your code.

We can go even deeper here, and require that commits we reference in our code be signed by a key that we trust. Recent security problems have often involved so-called “supply chain” attacks, where popular, public code is replaced by a malicious version. Faking both a commit SHA and a digital signature is downright impossible.

Why would this be important? How could anyone manage commit versions when writing code? Wouldn’t everyone just use “HEAD” since it’s what’s easy? Maybe, but also if what we are talking about is machine-generated code, the commit injection is less of an issue, coding agents can automate all of it. Also coding agents aren’t opinionated on what side of the function name the parenthesis is, so a Lisp is even more a good language for coding automata.

So we aren’t just trying to create a new version of an existing language, what we’re doing is trying to build a substrate for automated agents to write and use code.

Check it out: https://crates.io/crates/cljrs and https://github.com/csm/clojurust