Rust gives you mathematical rigor at the cost of cognitive load. Ruby gives you conversational beauty at the cost of runtime surprise. Garnet gives you both — within a single coherent language whose mode boundary is the reconciliation.
Mathematical correctness. Memory discipline. Zero-cost abstractions. Performance to the metal.
But — cognitive load, lifetimes-as-mental-stack, ceremony.
Managed mode (def + ARC + exceptions) feels Ruby-like. Safe mode (@safe + fn + ownership + Result) feels Rust-like.
The mode boundary auto-bridges errors and ARC ↔ affine.
Conversational beauty. High velocity. Joyful to read, fast to write. DSLs flow.
But — ambient authority, runtime surprise, no compile-time net.
Every team eventually picks: Rust for the hot path, Ruby for the orchestration, and writes a painful FFI between them. Or picks one language and swallows its weakness.— The Reconciliation, Paper III §1
Garnet's dual-mode design makes the same source file velocity-first at the top level and rigor-first in the safe modules — with no FFI in between.
Switch between examples to see how Garnet inherits Rust's shape and Ruby's brevity. The keyword chooses the register: def = managed, fn = safe.
fn greet(name: &str) -> String { format!( "Hello, {}!", name) }
def greet(name) "Hello, #{name}!" end
# Managed — Ruby feel def greet(name) { "Hello, #{name}!" } # Safe — Rust rigor @safe fn greet( borrow name: String) -> String { "Hello, #{name}!" }
fn read_config( path: &Path) -> Result<Config, io::Error> { let content = fs::read_to_string(path)?; toml::from_str(&content) .map_err(convert_err) }
def read_config(path) content = File.read(path) TOML.parse(content) rescue Errno::ENOENT nil end
@caps(fs) def read_config(path) { try { TOML.parse( fs::read_file(path)) } rescue e: FileNotFound { nil } }
let names: Vec<String> = users.iter() .filter(|u| u.active) .map(|u| u.name.clone()) .collect();
names = users .select(&:active) .map(&:name)
# Pipeline style let names = users |> filter(|u| u.active) |> map(|u| u.name) # Ruby block style let names = users .filter do |u| u.active end .map do |u| u.name end
use some_vector_db::*; use some_episodic_log::*; struct Agent { events: EventLog<Event>, facts: VectorStore<Fact>, } impl Agent { // ...setup ceremony... }
class Agent def initialize @events = [] @facts = {} end def remember(e) @events << e end end
actor Agent { memory episodic events : EpisodeStore<Event> memory semantic facts : VectorIndex<Fact> protocol remember(e: Event) -> Bool protocol recall(q: String) -> Array<Fact> on remember(e) { events.append(e); true } }
These are not libraries. They are first-class language constructs — checked at compile time, integrated through the whole toolchain, designed to compose.
Same grammar, two registers. Managed mode (def) reads like Ruby. Safe mode (@safe fn) reads like Rust. The boundary auto-bridges errors + ownership.
Every managed↔safe call is logged via ModeAuditLog. Reviewers read one file to enumerate every trust crossing in the program.
Every function declares its OS-authority budget. CapCaps propagator verifies transitively at compile time — no ambient authority, ever.
First-class memory working|episodic|semantic|procedural keywords. The runtime picks the allocator. Paper VI Contribution 4.
actor.reload_signed(&sig, ...) with BLAKE3 schema fingerprint catches type mismatches. Zero message loss at 1000 cycles.
garnet build --deterministic --sign emits a byte-identical manifest plus Ed25519 signature. Verify any binary you downloaded.
@caps(fs) is a semantic beacon: a single annotation that front-loads the function's OS-authority budget. Both humans and language models can scan a file and reason about what it can — and cannot — do.
@caps(fs) def get_user_summary(path, id) { let data = JSON.parse( fs::read_file(path)) let user = data["users"][id] "#{user.name}: #{user.email}" } # compile-time error: caps coverage: # function `bad` does not declare # `fs` but transitively calls # `read_file` which requires it @caps() def bad() { fs::read_file("/etc/passwd") }
fs::* primitive.The garnet convert tool reads four source languages and emits Garnet — every output starts @sandbox + @caps(). Human audit lifts the sandbox. A lineage JSON maps every emitted node back to its source span.
def parse_config(text) text.split("\n").map do |line| k, v = line.split("=", 2) [k.strip, v.strip] end.to_h end
@sandbox @caps() module Config { def parse_config(text) { let out = {} for line in text.split("\n") { let parts = line.split("=", 2) out.insert( parts[0].trim(), parts[1].trim()) } out } }
Native packages for every major platform plus a universal shell installer. Every release is signed with the project's Ed25519 key; SHA256SUMS verifies asset integrity.
curl --proto '=https' --tlsv1.2 -sSf https://sh.garnet-lang.org | sh
# Universal installer (recommended): curl --proto '=https' --tlsv1.2 -sSf https://sh.garnet-lang.org | sh # Or download the signed .pkg directly: # From CDN: https://releases.garnet-lang.org/0.4.2/garnet-0.4.2-universal.pkg # From GitHub: https://github.com/IslandDevCrew/garnet/releases/latest # (Apple Developer ID signed + notarized + stapled)
# Universal (auto-detects .deb / .rpm / tar): curl --proto '=https' --tlsv1.2 -sSf https://sh.garnet-lang.org | sh # Or grab the .deb / .rpm from GitHub Releases: # https://github.com/IslandDevCrew/garnet/releases/latest # Debian/Ubuntu (direct): sudo apt install ./garnet_0.4.2-1_amd64.deb # Fedora/RHEL (direct): sudo dnf install ./garnet-0.4.2-1.x86_64.rpm
# Winget (when published): winget install IslandDevCrew.Garnet # Or download the signed .msi directly: # From CDN: https://releases.garnet-lang.org/0.4.2/garnet-0.4.2-x86_64.msi # From GitHub: https://github.com/IslandDevCrew/garnet/releases/latest # (Authenticode-signed + timestamped)
After install, scaffold a project:
garnet new --template cli my_app cd my_app garnet test # 2 starter tests pass green garnet run src/main.garnet
Garnet ships seven research papers plus four addenda. Every claim is traceable to a reproducer; every empirical experiment was pre-registered before measurement; partial outcomes were honestly downgraded in the v4.0 revisions.
The canonical language specification. Grammar, type system, mode boundary, capability inventory, deterministic build manifest.
Rust + Ruby → Garnet. The dual-mode design rationale, the mode boundary as a first-class construct, the capability model.
Seven novel contributions, pre-registered Phase 1C, executed Phase 4A. Honest scorecard: 4 supported, 2 partial, 0 refuted, 1 pending-infra.
Side-by-side Rust / Ruby / Garnet across 10 patterns. The §20 chapter explicitly separates measured claims from argued claims.