horkos

Crates.io	horkos
lib.rs	horkos
version	0.2.0
created_at	2025-11-25 04:30:20.053598+00
updated_at	2025-12-02 08:50:18.37937+00
description	Cloud infrastructure language where insecure code won't compile
homepage	https://horkos.cloud
repository	https://github.com/aimable100/horkos
max_upload_size
id	1949167
size	420,627

(aimable100)

documentation

https://horkos.cloud/#/docs/guide

README

Horkos

If it's insecure, it won't compile.

A type-safe language for Terraform where insecure code won't compile.

Try it Online · Documentation · Changelog · Twitter

Why Horkos?

Terraform lets you build anything. Including mistakes.

Problem	Terraform	Horkos
Security	Opt-in	Enforced
Errors caught	CI/runtime	Compile time
AI-generated code	Compiles if insecure	Fails until secure
Audit trail	Comments (maybe)	`unsafe` blocks

How It Works

// One line. Secure by default.
val bucket = S3.createBucket("data")

Compiles to 5 Terraform resources: bucket, versioning, encryption, public access block, logging.

// Weakening security? Explain yourself.
val public = unsafe("Static website - ticket #402") {
    S3.createBucket("www", publicAccess: true)
}

If it compiles, it's secure.

Get Started

# Install
cargo install horkos

# Write
echo 'val bucket = S3.createBucket("data")' > main.hk

# Compile
horkos compile

Or try it in your browser at horkos.cloud.

Other install methods

Homebrew

brew install aimable100/tap/horkos

npm

npm install -g horkos

Docker

docker run --rm -v $(pwd):/workspace ghcr.io/aimable100/horkos compile

Binary

Download from GitHub Releases.

Verify Downloads

All releases include checksums and Sigstore signatures:

# Verify checksum
sha256sum -c checksums-v0.2.0.txt

# Verify signature (requires cosign)
cosign verify-blob --signature horkos-linux-x64.tar.gz.sig \
  --certificate horkos-linux-x64.tar.gz.pem \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp 'github.com/aimable100/horkos' \
  horkos-linux-x64.tar.gz

What's Supported

Resources: S3, VPC, Subnets, Security Groups, Internet Gateway, CloudWatch, RDS

Language:

Type-safe resource creation
unsafe blocks with mandatory justification
Taint tracking (Unverified<T>) for imported Terraform
Conditionals, list methods, string methods
Compile-time assert()

Terraform: >= 1.5.0 with AWS Provider >= 5.0, < 6.0

See ROADMAP for planned features.

Documentation

User Guide - Language reference
Architecture - Compiler internals
Contributing - Development setup

Security

Report vulnerabilities to security@horkos.cloud. See SECURITY.md.

License

MIT OR Apache-2.0

In Greek mythology, Horkos punished oath-breakers. Here, your infrastructure declarations are oaths.

Commit count: 0