{"id":20852891,"url":"https://github.com/okturtles/sbp","last_synced_at":"2025-05-12T05:30:59.488Z","repository":{"id":47766112,"uuid":"453581069","full_name":"okTurtles/sbp","owner":"okTurtles","description":"SBP: A Programming Paradigm for Building Secure Software and Operating Systems","archived":false,"fork":false,"pushed_at":"2025-03-10T17:27:04.000Z","size":364,"stargazers_count":29,"open_issues_count":3,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-12T19:18:53.754Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/okTurtles.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-30T03:47:06.000Z","updated_at":"2025-04-05T03:59:51.000Z","dependencies_parsed_at":"2022-08-27T22:40:24.334Z","dependency_job_id":"8b82b721-372e-4419-ab6a-6892226a2c36","html_url":"https://github.com/okTurtles/sbp","commit_stats":{"total_commits":53,"total_committers":2,"mean_commits":26.5,"dds":"0.018867924528301883","last_synced_commit":"6daf33b99e39a1eecaf97840f28d2e9d981a2e85"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okTurtles%2Fsbp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okTurtles%2Fsbp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okTurtles%2Fsbp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okTurtles%2Fsbp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/okTurtles","download_url":"https://codeload.github.com/okTurtles/sbp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253681922,"owners_count":21946834,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T03:19:11.684Z","updated_at":"2025-05-12T05:30:55.990Z","avatar_url":"https://github.com/okTurtles.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SBP: A Programming Paradigm for Building Secure Software and Operating Systems\n\nSBP: Selector-based programming, is a programming paradigm for building secure software.\n\n- SBP makes it easy to secure your code\n- SBP helps you organize code by thinking in terms of namespaces and APIs\n- SBP makes code inter-operable with other languages, more future-proof, and more portable\n- SBP replaces the need for OOP in many situations\n- SBP is inspired by message-passing (ObjC/Smalltalk/etc) and comes with all of the benefits that message-passing architectures afford\n- SBP embraces the LISP idea that `code = data` and gives you all of the benefits and possibilities that affords\n- SBP makes it easier to debug and understand your code\n- SBP makes it possible to create architectures that are remarkably flexible, clean, and safe; this comes from the benefits described above\n\n\u003e \"SBP always makes me excited.\" — Alex Jin\n\n\u003e \"I wish I knew about this when I first started programming.\" — Greg Slepak\n\n### Installing\n\nInstalling and using SBP is easy.\n\n```\n$ npm install -S @sbp/sbp\n```\n\nImport the `sbp` function wherever you want to use it:\n\n```js\nimport sbp from '@sbp/sbp'\n\nsbp('sbp/selectors/register', {\n  'my-domain/my-great-selector': function (name) {\n    console.log(`hello ${name}!`)\n  }\n})\n\n// call your selector from anywhere in the project\nsbp('my-domain/my-great-selector', 'jill') // prints \"hello jill!\"\n```\n\nSBP is **tiny** (about 80 lines, unminified) and has zero dependencies.\n\nThe core `sbp` function is only about 12 lines, and yet the impact of these 12 lines is profound.\n\n### Core Resources\n\n- :book: **[SBP Core API](docs/sbp-api.md)**\n- :book: **[SBP-based libraries](docs/libraries.md)**\n- :book: **[Apps written using SBP](docs/apps.md)**\n- :book: **[SBP Language Support](docs/language-support.md)**\n\nSee also **[SBP Features](#sbp-features)** below.\n\n### Quick Examples\n\nIn SBP everything works based on selectors. A selector is a string composed of two parts: a _domain_ and an _action_. For example, in `'okTurtles.data/set'`, the domain is `okTurtles.data` and the action is `/set`.\nThe first argument of `sbp()` is always a registered selector and the rest of the arguments are parameters to the function assigned to the selector.\n\n```\nsbp(selector, ...args)\n```\n\nYou can think about it as calling a normal function, but with more advantages. One of them is to access any selector from anywhere in the project by just importing `sbp` itself.\n\n```js\n// Using SBP:\nimport sbp from '@sbp/sbp'\n\n// - call any selector registered\nsbp('okTurtles.data/set', { login: true })\nsbp('okTurtles.events/emit', 'CLOSE_MODAL')\n```\n\n```js\n// Using standard functions:\n\n// - import each function individually\nimport okTurtlesDataSet from 'path/to/method/data-set.js'\nimport okTurtlesEventsEmit from 'path/to/method/events-emit.js'\n\nokTurtlesDataSet({ login: true })\nokTurtlesEventsEmit('CLOSE_MODAL')\n```\n\nNow we have a stable and comprehensible representation of a function call. There is much more to SBP than improved organization, readability, and project-wide search. Some of the other possibilities are described below under **[SBP Features](#sbp-features)**.\n\nMore details about SBP can be found in the **[Core Resources](#core-resources)** above.\n\n### Backstory\n\nOne day I was sitting at a table, wondering how I would go about implementing a secure operating system (as one does).\n\nI sat, and sat, and sat some more, trying to peer into the *essence* of what security *means*.\n\nAnd then it hit me: the reason why computers are so insecure - is because *we do not understand them.*\n\nWe do not understand what they're doing, and specifically, what they're supposed to be doing.\n\n**The activity that takes place within a computer is decoupled from the _description_ of that activity, and this can lead to unexpected behavior.**\n\nSecurity is all about the computer doing what you expect it to do, and not something else.\n\nTo know what to expect from a computer, we need to know what they're being told to do. When something happens inside of a computer, the *low-level* developer-facing description of what is happening comes in the form of unreadable, incomprehensible symbols and numbers. To make matters worse these symbols and numbers often change. That is how it's written, and is how it's compiled, that is what appears in system log messages, that is what developer tools show to us, and in some cases, even to users.\n\n![](assets/error.png)\n\nWhat happens inside of any of today's operating systems is a *complete mystery* that has to be unraveled using special tools and special insider knowledge. When something goes wrong, we often don't even notice it. And when we do, something has usually gone wrong multiple times, in multiple areas, and it requires the skills of a professional computer detective to figure out what exactly happened.\n\nMost of the time we don't bother. That's how complicated it is. Most of the time, the official advice is to \"reinstall\". \"Format\". Turn it off and on again and hope for the best.\n\nThis is not how computers should work.\n\nWhat has been missing from computers is a *direct link* between human thought, intention, and activity.\n\nThis is where the idea of SBP sprang from, and with it, an entirely new way of writing computer software.\n\n### Problems With Modern Software Programming Paradigms\n\nWriting software today is like building a home where the walls and rooms and floors are constantly shifting.\n\nWe can have, for example, an object:\n\n```js\nconst obj = {}\n```\n\nAnd we can do whatever we want with it.\n\n```js\n// we can pass it to another function\nfoo(obj)\n\n// and inside that function, we can give it another name\nfunction foo (bar) {\n  // and give it a new property\n  bar.baz = 5\n}\n\n// and then finally, we can \"compile\" it, and it is no longer \"obj\" or \"bar\"\n$ npm run dist\n\n// it is now a$09weuf0fjf, and our function \"foo\" is f$2083ujsf0j in one file,\n// and f$j098f0esfhj in another file\n```\n\nIf we want to know what happens in our system when code like this gets run, we have no idea. There's some process, doing something, and we can't be sure what it is that it's doing. The process could have loaded a dynamically linked library that modified its behavior. Even if it didn't, the code itself is written in a way that allows anything to happen. There's surprisingly little structure, even when we add type checking systems. In the end, the code that is produced calls low-level system calls.\n\nWe can place restrictions on the allowed system calls. Indeed, that's what things like SELinux try to do. But SELinux doesn't tell us what the program is doing. SELinux doesn't tell us what the kernel is doing. And when implemented correctly, SELinux often breaks software, causing system administrators to disable it entirely or barely use its potential.\n\nWe humans do not think in terms of programming languages as we go about our day. We think in terms of spoken and written languages like English.\n\nThese languages are surprisingly vague, and it is often the case that misunderstandings occur with them. However, they are how *we* think. We find it much easier to describe in English what we want from our programs, *because* of how vague and non-specific these languages are. We can describe in general terms what we expect our code to do.\n\nWouldn't it be great if these *English intensions* were somehow represented at the very lowest level of our operating systems?\n\nIf we could peer into an operating system and see, instead of hexidecimals and symbols like `rs_stired`, `_0x`, `1 ???  (in logd)  load address 0x1006c8000 + 0xef40  [0x1006d6f40]`, we could see exactly what it _intended to do_ at any given moment, in something resembling English? It would become trivial to monitor a program, and restrict its behavior at a granular level.\n\n### SBP: Selector-based Programming\n\nSelector-based Programming is about writing all of our software this way.\n\nWe take a human intention and convert it into a human-readable string that contains the following information:\n\n- The context that we're dealing with, often containing information about the who is doing something and what they are doing. We call this the **domain** of the selector.\n- The very specific intention that is being executed. We call this the **action** of the selector. In most cases, we don't talk about the selector's action, as the selector itself - the entire thing, containing both the domain and the action, can be thought of as the action being performed. So really, the action is the selector.\n\nYou've probably seen SBP before, but just didn't realize you were dealing with it.\n\n[RESTful APIs](https://en.wikipedia.org/wiki/Representational_state_transfer) are a kind of a SBP.\n\nIn JavaScript, strings are usually represented with single quotes, so an SBP selector in JavaScript would look like this: `'\u003cdomain\u003e/\u003caction\u003e'`\n\n#### Core SBP Selectors\n\nSBP comes with the following predefined core selectors:\n\n- `'sbp/selectors/register'`\n- `'sbp/selectors/unregister'`\n- `'sbp/selectors/overwrite'`\n- `'sbp/selectors/fn'`\n- `'sbp/selectors/unsafe'`\n- `'sbp/selectors/lock'`\n- `'sbp/domains/lock'`\n- `'sbp/filters/global/add'`\n- `'sbp/filters/domain/add'`\n- `'sbp/filters/selector/add'`\n\nSince most languages use either single or double-quotes to define strings, most SBP selectors look the same no matter what programming language they're written in. English is assumed to be the language the selectors are written in, as most software is written in English, but it doesn't have to be. It's recommended though, because this makes it possible to understand computers no matter where in the world you live, as long as you understand English.\n\n- :book: **[SBP Core API](docs/sbp-api.md)**\n\n### SBP Features\n\nSBP is very simple, and because of that, it is extraordinarily powerful.\n\nHere are things you can do with SBP:\n\n- Anything\n\nBut seriously, you can do stuff with SBP that you couldn't really do in the language you were using. Specifically, it is uncommon to be able to trivially:\n\n- Serialize computation for later use. Usually this requires a special programming language (like LISP), or a cumbersome library. With SBP, you get it for free.\n\n- Create a firewall for networking, and low-level (or high-level) sandboxing.\n\n- Use the [star selector (`\u003cdomain\u003e/*`)](docs/sbp-api.md#sbpselectorsregister) to intercept and dynamically interpet undefined selectors to do things like implementing transparent APIs that can be either [RPC](https://en.wikipedia.org/wiki/Remote_procedure_call) or non-RPC (depending on where you use them).\n\n- You can create a programming language using SBP since everything imaginable can be represented as a string. For example, here we define the primitive JavaScript operator `if` using SBP in JavaScript:\n\n  ```js\n  sbp('sbp/selectors/register', {\n    'if': function (condition, aBlock, bBlock) {\n      condition ? aBlock() : bBlock()\n    }\n  })\n  ```\n\n  We can now perform conditional function calls using SBP:\n\n  ```js\n  sbp('if', 4 \u003e 5, doThis, doThat) // calls doThat()\n  ```\n\n  We can instead make it use selectors entirely, so that we can save a series of computations to disk or send them over the network using JSON:\n\n  ```js\n  sbp('sbp/selectors/register', {\n    'if': function (selCond, selA, selB) {\n      return sbp(selCond) ? sbp(selA) : sbp(selB)\n    },\n    // similar selectors registered for 'for', 'printOK', etc..\n  })\n  \n  const computations = [\n    ['if', 'serivce/running', 'printOK', 'handleServiceDown']\n  ]\n  \n  sbp('computations/run', computations)\n  ```\n\n  In SBP, just like in LISP, \"code = data\", and \"data = code\".\n\n- We can monitor everything our server is doing in real time, with 3 lines of code:\n\n  ```js\n  sbp('sbp/filters/global/add', (domain, selector, data) =\u003e {\n    console.debug(`[sbp] ${selector}`, data)\n  })\n  ```\n\n  Now, everything our server does gets logged to the console, without our having to add any debug logging ourselves.\n\n- We can create sophisticated APIs that represent anything in reality, even a remote machine on an Internet located on a different planet:\n\n  ```js\n  sbp('sbp/selectors/register', {\n    'planets/vorgon/internet/ipv4': function (ipAddress) { ... },\n    'planets/earth/internet/ipv4': function (ipAddress) { ... },\n  })\n  ```\n\n  Now, we can differentiate between two different Internets, and monitor our application using these selectors whenever it connects to IP address `1.2.3.4` on Earth or planet Vorgon.\n\n- We can do something much more down-to-Earth, like design our entire app in terms of human-readable APIs that call each other, and won't change on us in the future. Once these strings are defined, that's it, they're usually defined for life, and even if they change, because the strings are so long, the semantic intention behind them is preserved across time, without name conflicts. Once the APIs have been defined, it becomes a much easier task to fill in the implementation. Instead of thinking about types, or classes, or objects, we think about what we want the program to do — in English — write that, and then worry about the details.\n\n## History\n\nSee [HISTORY.md](HISTORY.md).\n\n## License\n\n[MIT](LICENSE.txt).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokturtles%2Fsbp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fokturtles%2Fsbp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokturtles%2Fsbp/lists"}