Strata — Safe Automation for the AI Era

Status: v0.1.3 — 23 host functions. 844 tests passing. Zero extern boilerplate.

License: MIT

Strata is a programming language designed to solve the Ambient Authority crisis. It provides a logic-vault for safe automation, auditable AI agency, and resilient infrastructure glue.

By combining Hindley-Milner type inference with Affine Effect Rows, Strata ensures that a script's intent is visible, its reach is bounded, and its actions are non-repudiable.

---

Why Strata?

1. The Death of Ambient Authority

In Python or Node.js, a library imported to parse JSON can secretly scan your network or read SSH keys. In Strata, authority is explicitly granted. A function cannot touch the network unless you pass it a NetCap. Intra-process isolation is a language primitive, not a sandbox wrapper.

2. Proof of Intent (strata plan)

Strata turns security auditing into type checking. Before execution, strata plan generates a mathematically sound summary of every side effect a script could perform.

Compliance-as-Code: Run strata plan --deny Net to prove a script is network-isolated before it touches production.

3. AI Agent "Chainsaw" Safety

Giving an LLM a Python REPL is like giving a toddler a chainsaw. Strata provides the guardrails. You can grant an AI agent the ability to "Think" (AiCap) while strictly denying it the ability to "Exfiltrate" (--deny Net).

4. Deterministic Incident Response

When automation fails at 3 AM, Strata's JSONL traces (with SHA-256 content hashing) provide a "Black Box Recorder" of every host call. Use strata replay to reproduce the exact failure path locally with 100% fidelity.

---

Zero-Tax Safety

Strata feels like Python but secures like a High-Assurance Kernel.

// No extern declarations needed — host functions are auto-imported.
// Capabilities make authority explicit and auditable.
fn sync_report(net: NetCap, fs: FsCap, url: String) -> () & {Net, Fs} {
    let data = http_get(&net, url);
    write_file(&fs, "report.json", data)
}

---

Current Status (v0.1.3)

✅ Language Features

• Hindley-Milner Inference: Total type safety with almost zero type annotations.
• Algebraic Data Types (ADTs): Generics, Enums, and Structs with exhaustiveness-checked pattern matching.
• Recursive Affinity: The system automatically detects if a Tuple or Struct contains a capability and enforces move-only semantics.
• 23 Host Functions: File I/O, HTTP, AI, process execution, string manipulation, list operations — all auto-imported.

✅ Security & Effects

• 7 Built-in Effects: Fs, Net, Time, Rand, Ai, Env, Proc.
• Affine Capabilities: Capabilities are "use-at-most-once" resources. Once passed to a function, the caller cannot reuse them (preventing authority leaks).
• Registry-as-Prelude: Host function signatures defined once, auto-imported by the checker. Zero extern fn boilerplate. Writing one anyway acts as a compile-time assertion.
• Nominal Isolation: ai_call reports {Ai}, not {Net}, allowing for "Network-Isolated Thinking" policies.
• Auth Jail: Scripts never see API keys; the runtime injects credentials based on your strata.toml.

✅ Tooling & Runtime

• Hardened Interpreter: Bounded recursion depth, I/O caps (1MB), and execution timeouts (30s).
• Audit Traces: Deterministic JSONL logging with force-hashing for sensitive fields (POST bodies, AI prompts).
• Multi-Provider AI: Built-in support for Anthropic, Ollama (local), and Mock providers.
• Pure Function Fast Path: String/list functions skip trace machinery entirely.

---

Quick Start

1. Installation

git clone https://github.com/strata-core/strata.git
cd strata
cargo build --release

2. The "Proof of Intent" (Dry Run)

See what a script will do before giving it any power:

strata plan examples/deploy.strata

3. Run with a Policy

Deny specific capabilities even if the script requests them:

# Allow AI for thinking, but block all outbound network calls
strata run --allow-mock --deny Net examples/demo_ai_mock.strata

4. Audit & Replay

# Record every host call to a trace file
strata run examples/deploy.strata --trace audit.jsonl

# Replay the execution exactly as it happened
strata replay audit.jsonl examples/deploy.strata

---

The Host Environment

Process Execution (ProcCap)

The exec function provides access to the host shell. Because this can bypass other restrictions (e.g., using curl inside exec to bypass NetCap), it is treated as a Tier 0 Authority. Grant it only to fully audited scripts.

AI Integration (AiCap)

Strata resolves "tasks" from a local strata.toml file.

[ai.tasks.summarizer]
provider = "anthropic"
model = "claude-3-5-sonnet"

The script simply calls ai_call(&ai, "summarizer", prompt). This decouples script logic from infrastructure configuration.

---

Roadmap

• v0.1.x (Current): Plan soundness fixes, error display improvements, first real Strata program (mechanize.strata).
• v0.2.0: Traits (Typeclasses), WASM Compilation, Capability Attenuation (e.g., scoping FsCap to a single directory), Capability-Scoped Imports.
• v0.3.0: Actor Model for supervised, fault-tolerant concurrency.

---

Philosophy

• Explicitness is a Feature: If an engineer has to type &NetCap, they are making an architectural decision. We do not apologize for boilerplate that provides security.
• Failure before Success: Every feature must have a failure story (timeouts, revocation, traces) before it has a "happy path."
• Boring is Better: We use proven techniques (HM, Row Polymorphism, O-Caps) to solve modern problems.

Taglines:

• Liquidating Ambient Authority.
• The secure way is the easy way.
• Logic you can audit.
• It explains itself.