safescript — a programming language for AI era | by Uri Valevski | May, 2026 | MediumSitemapOpen in appSign up<br>Sign in

Medium Logo

Get app<br>Write

Search

Sign up<br>Sign in

safescript — a programming language for AI era

Uri Valevski

3 min read·<br>Just now

Listen

Share

Press enter or click to view image in full size

Securing services from supply chain attacks cannot be achieved using existing programming languages.<br>The rate in which AI can write code and hide logic inside it makes it impossible to rely on human code review.<br>Automated analysis is limited in Turing complete languages and is far from fail safe.<br>The only way is a new language. this language must not be Turing complete in order to allow proving statements about passage of information through it.<br>safescript is such a language (safescript.cc)<br>Based on composition of DAG structures, it is immutable, has TS like syntax, but there is really no mainstream language like it.<br>It enables you to formally prove things on your code that you can’t do in any other language. Things like:<br>is this token arriving to a undesired host<br>is any output of host x going to host y<br>is a certain parameter local only, or contaminates data that reaches host z<br>or any other formally stated statement of passage of information between sources and sinks. Sources and sinks can be parameters, env vars, API inputs and outputs, file system etc’.<br>Policies become superpowered, and supply chain attacks become impossible, so you can safely always stay on the last version of a library.<br>For example — a statistics library should have no access to internet. An API library should not leak any data to any other host but the desired one. A library doing work on two APIs should mix the responses, but never should the mixed data ever return to the hosts.<br>But safescript is not just safe, it’s also token efficient and complexity reducing by design. it solves refactoring in a way that no language has done before — by making it possible to edit deeply nested logic without O(n) operations on the code. it does so by composing DAGs flatly, and bubbling up missing dependencies implicitly. This means you can add a parameter on a deeply nested function and not change calling code. It doesn’t have dependency injection or mocking libraries, instead it is built with dependency injection and mocking as the basic way to work. These concepts are implicitly primitives in the language and aren’t just used for testing — `override` let’s you manipulate a node in the DAG from outside.<br>This means radically simplified code bases, which are easy to reason about and the ability to refactor as much as you want in small diffs. it is type safe to protect you from bugs, and policy safe to protect you from undesired effects.<br>safescript also allows knowing when a test should be rerun or not, because the dag structure can be hashed and therefore cached, this means you can write millions of tests and not increase your cloud bill.<br>safescript can’t be used for everything. It won’t replace C, but it can be used to write >90% of library code people write. And because of it’s full effect control, you don’t need to run it in vm. you can run it in memory.<br>I don’t know when/if safescript be adopted.<br>At prompt2bot.com we started using safescript as our AI skill scripting language<br>But now with AI you can translate many libraries to safescript pretty fast, and there are builtin tools to translate from safescript to mainstream languages.<br>So internet, help me broadcast this idea — I think it’s good.

Programming Languages

Typescript

Supply Chain Security

Ai Coding

Artificalintelligence

Written by Uri Valevski<br>103 followers<br>·23 following

uriv.me currently: prompt2bot.com formerly: Co-founder/CTO of hyro.ai, Googler

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech