Why Sailfin?
Most languages let any function do anything — read files, call APIs, access the network — with no way to know until you read the implementation. Sailfin makes capabilities explicit and compiler-checked so you can trust your code at a glance.
In a world where more code is generated by AI agents, the ability to verify what code can do at compile time — not just what it does do — becomes a foundation for trust.
Effect Types: The Core Idea
Every function in Sailfin declares what it can do. A function that reads files declares
![io]. A function that calls an API declares ![net]. A function
that does neither declares nothing.
// Missing ![net] — once effect enforcement ships, this will be a compile error
fn main() ![io] {
let data = http.get("https://api.example.com").body; // needs ![net]
}No other mainstream systems language offers this. Go, Rust, and Zig all rely on convention and documentation to track side effects. Sailfin's effect checker can detect these violations today; wiring it into the compilation gate so violations block the build is the next milestone on the roadmap, followed by transitive call-graph enforcement.
A Verification Layer for AI-Generated Code
AI agents are writing more code every month. The bottleneck is no longer generation — it's verification. How do you know that generated code won't make network calls you didn't ask for, or read files it shouldn't?
In most languages, you can't — not without reading every line. In Sailfin, the effect system
makes the answer visible in the function signature. An agent that generates a Sailfin function
declaring ![io] but calling http.get will have that mismatch
caught by the effect checker — and once enforcement ships as a compilation gate, it becomes
a build error rather than a production incident.
This makes Sailfin a natural target for agentic workflows: generate code, compile to verify capabilities, iterate on errors — all without human review of the implementation. The roadmap includes structured JSON diagnostics and an MCP server to make this compile-check-fix loop first-class for AI tooling.
Use Cases
Capability-Controlled Services
Build backend services where every module's capability surface is visible in the type signature. Code review becomes capability review — a handler that should only read the database can't silently make network calls.
Supply-Chain Security
Every capsule (package) declares what effects it needs. When you add a dependency, you see its capability requirements upfront. No hidden network calls, no surprise file access from your dependency tree.
Systems Programming
Sailfin compiles to native code via LLVM with a self-hosted compiler. Single-binary output, fast startup, and no garbage collector overhead make it suitable for performance-critical infrastructure.
Developer Tooling & CLI
Fast compilation, single-binary output, and a clean standard library make Sailfin a natural fit for CLI tools, build systems, and developer infrastructure.
Security by Design
Sailfin makes security properties visible in function signatures. Effects are explicit and compiler-checked, so code that needs network, file system, or model access must declare those capabilities up front. Dependency-tree capability auditing is on the roadmap.
How It Compares
vs. Go
Sailfin adds compile-time capability enforcement. You can audit your entire dependency tree's security surface — something Go's type system can't express. Both compile to native binaries; Sailfin adds the safety of knowing what each function can do.
vs. Rust
Sailfin trades borrow checking for effect tracking. You don't need lifetime annotations to write safe code — capabilities are the safety mechanism. Rust guarantees memory safety; Sailfin guarantees capability safety.
vs. Zig
Sailfin is more opinionated. Where Zig gives you control over memory layout and allocators, Sailfin gives you control over capabilities. Both target LLVM; Sailfin adds a type-level effect system.
Who's Using Sailfin?
Sailfin is pre-1.0 and actively developed. Early adopters and contributors are shaping the language. Join the community to get involved.