AI is writing a lot of our code now, but here’s what keeps me up at night: AI is great at logic, but terrible at state safety. An LLM can write a perfect-looking function that accidentally nukes your global state or creates a race condition you'll spend a week debugging.
I built Theus because I wanted to stop worrying.
The philosophy is simple: Data is the Asset. Code is the Liability. Theus acts like a "safety container" for your logic (especially code written by AI). It enforces a few strict rules:
Zero-Trust: A process can’t see anything it didn't explicitly ask for in its contract.
Shadow Copies: Code never touches your "real" data directly. It works on copies. If the logic fails or breaks a rule, Theus just throws the changes away.
Audit Gates: You define the "red lines" (like balance can’t be negative) in a simple YAML. The framework blocks any commit that crosses them.
I’ve been using it to build AI agents that I can actually trust with "write" access. It’s not about making code faster; it’s about making it right, and being able to sleep at night.
I'd love to hear what you think about this "Process-Oriented" approach. Thanks!
dohuyhoangvn93•3w ago
Thanks for checking out Theus! I’m currently at a crossroads regarding one specific feature and would love to hear your thoughts.
In Theus, the default behavior is Full Transactional Integrity—every mutation happens on a 'Shadow Copy' so we can rollback instantly if an Audit Rule is violated. This is great for safety but can be expensive for high-frequency loops like Reinforcement Learning or processing large Tensors.
To solve this, I’ve implemented a strict_mode=False toggle. When disabled:
Shadow Copying is bypassed: Reading/Writing happens directly on the real object.
Zero Overhead: No transaction objects or audit logs are created.
Trade-off: You lose all safety—no rollbacks, no contract enforcement, and crashes leave the state 'dirty'.
My dilemma: Is providing a 'Strict Mode Toggle' a pragmatic necessity for performance, or does it defeat the entire purpose of a framework built for safety?
Should I keep this global toggle, or should I force developers to use more granular optimizations (like my heavy_ prefix for specific large assets) to keep the 'Safety-First' philosophy intact?
I'd appreciate any architectural insights from those who have built similar state-heavy systems!