Product Launch
anonymous
1 points
1 comments
Posted14 days agoActive14 days ago
Orbit
github.commvplibrarydevelopers
Key Features
compiles shell scripts to LLVMsystems level programming language
Tech Stack
LLVM
programming languages
Key Features
Tech Stack
I’ve always felt that the gap between "one-off shell scripts" and "robust systems code" is too wide. Bash is ubiquitous but dangerous; Go is safe but can feel heavy for quick automation.
I’m building Spaceship to bridge that gap. It’s a Go-inspired systems language with a C++/Boost-based compiler that JIT-compiles everything—including legacy shell scripts—directly into native machine code via LLVM.
The highlights:
* @jit Directive: You can take an existing .sh file and run @jit("script.sh"). Instead of spawning a subshell, Spaceship parses the shell logic, translates it to POSIX-compliant AST nodes, and JIT-compiles it into the current execution path. * Zero-Trust JIT Sandbox: Security is enforced at the LLVM IR lowering phase. If your script doesn't explicitly allow a capability (like network.tcp or process.fork) in the security manifest, the JIT simply refuses to generate the machine code for those instructions. No runtime interceptor overhead. * Arbitrary Bit-Widths: Since it’s LLVM-native, you aren't stuck with i32 or i64. If you're interfacing with specific hardware or protocols, you can use i1, i23, i25, etc. * The !i32 Contract: All system calls return a success value or an i32 POSIX error code, handled via a check/except flow that mirrors C++ exception speed but keeps the simplicity of Go’s error handling. * Unified Backend: We use Boost (Asio, Process, Filesystem) as the high-performance standard library that the JIT links against, ensuring POSIX compatibility across Linux and macOS.
The parser is implemented in C++ and handles deferred execution pipelines—nothing runs until you call .run(), which allows the JIT to optimize the entire chain of operations.
I'd love to hear your thoughts on the "Security through Omission" model and the feasibility of replacing dash/bash with a JIT-ted environment for high-performance automation.
I think "The parser would hypothetically be implemented in C++" would be more correct as this looks more like an empty skeleton with hypothetical benchmarks.
> "Security through Omission" model
I guess a systems-level programming language that omits the implementation like Orbit is indeed more secure, but also not very useful.
I find shell scripters prefer ubiquity and readability over raw performance. And making it mandatory to give arguments as arrays worsens the readabilty. However having both options would be good, your example doesn't actually require the shell escaping so it could have simpler way.
Here is equivalent in Deno for instance
#!/usr/bin/env -S deno run --allow-all
import $ from "jsr:@david/dax";
const command = $`grep -r keyword .`.pipe($`wc -l`);
const result = await command;
const dirName = "Dir with spaces";
await $`mkdir ${dirName}`; // executes as: mkdir 'Dir with spaces'
These are often ecosystem which always becomes "all or nothing", you see this in all big languages Javascript, Java and even fish. All of them handle integration in their own way. Shell scripting is the only thing that recognises that reality is ugly.
llvm::Value* JitDirectiveNode::CodeGen(Compiler& compiler) {
// TODO: Implement the @jit shell-to-native translation engine.
// 1. Read the content of the shell script at FilePath.
// 2. Parse the shell script into a sequence of POSIX-equivalent commands.
// 3. Translate these commands into LLVM IR, similar to ProcessCallNode.
// 4. Inline the generated IR into the current function.
// This is a major and complex part of the compiler.
return nullptr;
} Process("grep", ["-r", "keyword", "."])
.then(Process("wc", ["-l"]))
Precisely because A|b|c is simple and clear to write. For anything more verbose (and far more saner) we have Python already, and for other stuff Go is there too
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.