[toniantunovi]

This is a fascinating approach, solving the problem at the language level. The capability-based permission model is elegant.

A complementary angle we've been exploring with LucidShark (lucidshark.com) is attacking the same problem from the workflow layer rather than the language layer: instead of constraining what the LLM can write, you run SAST, SCA, and linting automatically after every generation step, before anything touches CI or production.

The nice thing about that approach is it works with existing languages today — Python, TypeScript, Go, etc. and plugs directly into Claude Code or Cursor as a pre-commit gate. The downside is it's catching issues after generation vs. preventing them structurally like Mog aims to.

I suspect the long-term solution is both layers: safer languages for greenfield AI-native projects + robust static analysis for the 99% of existing codebases where you can't change the language.