Horkos

Infrastructure code that won't let you deploy insecure configurations

A type-safe language for cloud infrastructure that compiles to Terraform. Security is enforced at compile time—insecure code literally cannot compile.

The Problem

Infrastructure-as-code has a security gap:

Secure defaults are opt-in — Easy to forget encryption, logging, or access controls
Mistakes compile fine — Public S3 buckets and open security groups are valid Terraform
Reviews happen too late — Security issues caught in CI or production, not at write time
No audit trail — When security is weakened, there's no record of why
AI amplifies the problem — Generated code prioritizes functionality over security, often accepted without scrutiny

The Solution

Horkos flips the model: secure by default, exceptions require justification.

// Secure by default
val bucket = S3.createBucket("my-data")
// ✓ Encrypted, versioned, public access blocked, logging enabled

// Weakening security requires explicit justification
val public = unsafe("Static website - approved in ticket #402") {
    S3.createBucket("website", publicAccess: true)
}

The unsafe block creates an auditable paper trail—every security exception is documented in the code itself.

Quick Start

# Install
cargo install horkos

# Create a new project
horkos init my-infra
cd my-infra

# Compile to Terraform
horkos compile

# Apply with Terraform
cd terraform && terraform apply

Why Horkos?

Problem	Terraform/Pulumi	Horkos
Security	Opt-in (easy to forget)	Enforced (can't forget)
When errors caught	CI/runtime (too late)	Compile time (before commit)
AI-generated code	Compiles if insecure	Fails until secure
Type safety	None or weak	Full type checking
Legacy code	Trust it blindly	Marked as `Unverified<T>`
Audit trail	Hope someone commented	`unsafe` blocks document exceptions

Current Status

v0.1.4 - Alpha

✅ S3, VPC, Subnets, Security Groups, CloudWatch
✅ Taint tracking with Unverified<T>
✅ unsafe blocks with mandatory justifications
✅ Conditionals (if/then/else)
✅ List methods (.map(), .filter(), .length, .any(), .all(), .concat())
✅ String methods (.concat(), .toUpper, .toLower, .trim, etc.)
✅ Compile-time assert() with collected failure reporting
✅ Multi-file projects

See ROADMAP for planned features.

Documentation

User Guide - Language reference and examples
Architecture - Compiler internals
Changelog - What's new

License

MIT OR Apache-2.0

Origin

In Greek mythology, Horkos punished oath-breakers swiftly. Here, your infrastructure declarations are oaths—break them and the compiler stops you.

horkos 0.1.4