horkos 0.1.4

Cloud infrastructure language where insecure code won't compile
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

# Horkos

> Infrastructure code that won't let you deploy insecure configurations

[![License](https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg)](#license)

A type-safe language for cloud infrastructure that compiles to Terraform. **Security is enforced at compile time—insecure code literally cannot compile.**

---

## The Problem

Infrastructure-as-code has a security gap:

- **Secure defaults are opt-in** — Easy to forget encryption, logging, or access controls
- **Mistakes compile fine** — Public S3 buckets and open security groups are valid Terraform
- **Reviews happen too late** — Security issues caught in CI or production, not at write time
- **No audit trail** — When security is weakened, there's no record of why
- **AI amplifies the problem** — Generated code prioritizes functionality over security, often accepted without scrutiny

---

## The Solution

Horkos flips the model: **secure by default, exceptions require justification.**

```horkos
// Secure by default
val bucket = S3.createBucket("my-data")
// ✓ Encrypted, versioned, public access blocked, logging enabled

// Weakening security requires explicit justification
val public = unsafe("Static website - approved in ticket #402") {
    S3.createBucket("website", publicAccess: true)
}
```

The `unsafe` block creates an **auditable paper trail**—every security exception is documented in the code itself.

---

## Quick Start

```bash
# Install
cargo install horkos

# Create a new project
horkos init my-infra
cd my-infra

# Compile to Terraform
horkos compile

# Apply with Terraform
cd terraform && terraform apply
```

---

## Why Horkos?

| Problem | Terraform/Pulumi | Horkos |
|---------|------------------|--------|
| Security | Opt-in (easy to forget) | **Enforced** (can't forget) |
| When errors caught | CI/runtime (too late) | **Compile time** (before commit) |
| AI-generated code | Compiles if insecure | **Fails until secure** |
| Type safety | None or weak | **Full type checking** |
| Legacy code | Trust it blindly | **Marked as `Unverified<T>`** |
| Audit trail | Hope someone commented | **`unsafe` blocks document exceptions** |

---

## Current Status

**v0.1.4** - Alpha

✅ S3, VPC, Subnets, Security Groups, CloudWatch  
✅ Taint tracking with `Unverified<T>`  
✅ `unsafe` blocks with mandatory justifications  
✅ Conditionals (`if/then/else`)  
✅ List methods (`.map()`, `.filter()`, `.length`, `.any()`, `.all()`, `.concat()`)  
✅ String methods (`.concat()`, `.toUpper`, `.toLower`, `.trim`, etc.)  
✅ Compile-time `assert()` with collected failure reporting  
✅ Multi-file projects  

See [ROADMAP](docs/ROADMAP.md) for planned features.

---

## Documentation

- **[User Guide](docs/GUIDE.md)** - Language reference and examples
- **[Architecture](docs/ARCHITECTURE.md)** - Compiler internals  
- **[Changelog](docs/CHANGELOG.md)** - What's new

---

## License

MIT OR Apache-2.0

---

## Origin

In Greek mythology, **Horkos** punished oath-breakers swiftly. Here, your infrastructure declarations are oaths—break them and the compiler stops you.