Oh wow, this hits close to home. Hope it’s not bad form to plug an adjacent project on your post — felt too aligned not to, and it seems like we've converged on quite similar ideas! I’ve been working on Wetware [0], which has significant overlap on the substrate (P2P WASM, content-addressed, single binary, no control plane).
Different design center, though. Wetware is aimed at people building multi-tool agent products who’ve hit Simon Willison’s lethal trifecta [1], so the design pressure goes elsewhere: cells are fully async WASM/WASI procs (cheap to suspend, parallel by default); inter-cell calls go over object-capability RPC (Cap’n Proto); and there’s a tiny Clojure-inspired Lisp (“Glia”) that doubles as an LLM-facing or human-facing shell. It’s pure by default w/ content-addressable, immutable data structures planned, and an algebraic effect system gating every impure operation exists today. An agent (human or otherwise) can list, attenuate, and invoke just the caps it’s been granted, and you can see at a glance which fragment of code can actually touch the world.
The cap-vs-ACL bit seems to be the main point of divergence, AFAICT. Pollen’s grant docs show capabilities as cert-baked properties the callee inspects in user code (closer to attribute-based access control than to invocation-time cap tokens, and a clean fit for trusted-cluster ops like delegating admin or roles -- very sensible and def don't want to knock it!). Wetware leans the other way on the spectrum: caps are unforgeable references to specific methods (Cap’n Proto), the runtime enforces that nobody can call a method they don’t hold, and attenuation happens by grafting a strict subset of those references to a child cell with per-method granularity. So tool-calls-tool composes naturally, and the worst case of pulling a sketchy MCP server off GitHub becomes “the call fails,” not “depends whether the seed wrote its property check correctly.”
It's a les polished compared to what Sam has shipped, but moving fast, and this post has jolted me into sharing a bit before I had planned! Sam, would love to compare notes if you're open to it. And I'd also love to talk to anyone who’s shipped a multi-tool agent and gotten bitten : pwned in eval, legal blocking a third-party integration, can’t audit every MCP server you depend on. We’re in the first 100 conversations.
Either way, congrats on shipping — the 10-node demo is super slick, and “pure Go, no CGO” is IMO a major win :)
Wow! This is seriously cool. And certainly not bad form, there is a level of convergence here and it's always interesting to see what else is being built out in the ecosystem.
I'd agree that Pollen's current cap-enforcement story is limited, I'm not sure what direction I'll be heading in for that, but I was erring on the side of "bring your own enforcement" as a design pattern (ultimately, people deploy their own decision engines as first class seeds in the cluster). Naturally, the enforcement is weaker than the (fascinating) pattern you've landed on--seriously cool.
> and there’s a tiny Clojure-inspired Lisp (“Glia”) that doubles as an LLM-facing or human-facing shell.
This is a _lovely_ abstraction. How does it work? Does the LLM emit Glia directly or is there a translation layer between natural language and the interpreter..?
> It's a les polished compared to what Sam has shipped, but moving fast, and this post has jolted me into sharing a bit before I had planned!
I'm _far_ from polished. I suspect you're underselling your own position here, looks like you have something very compelling. And apologies for the jolt! Certainly happy to compare notes--I (think) I've added my email to my profile.
I had a similar journey of enlightenment that likewise led me to OCaml. Unless you're doing low-level systems programming, OCaml will give you the "if it compiles, it's probably right" vibe with much less awkward stuff to type.
Of course, I would be happy to help you with that:
In silicon halls, where knowledge streams,
Dang watches over Hacker News' dreams,
With silent strength, he guides the way,
Through tech's wild frontier, come what may,
His wisdom shines like morning dew,
Keeping balance, pure and true,
In cyberspace, his legacy shines through.
just to our ears and sometimes eyes during lgbt parade season, at least by this new definition of violence where the only requirement for it to be violence is for someone to make the claim that it is.......
In all seriousness though why even engage this line of argument at this point? very few brain cells are required to understand the solar system sized gap between the standards used for a western country to label something terrorist and for Russia (or Iran, or China, etc...). The argument is either being made in bad faith or in fanaticism driven ignorance, neither of which words on the internet will change. The correct and only action for this level of argument is ridicule.
I don't know about LGBT people, but I do know the IDF "deliberately targets non-combattantts with shocking levels of violence". If these designations are so fair and neutral and free of politics then they should be a designated terrorist group too shouldn't they?
Hard disagree. The IDF kills civilians, yes, but I am not aware of a deliberate effort to target civilians. The civilian deaths are overwhelmingly a consequence of Hamas blending in with the population and conducting operations where any retaliation puts civilians at risk.
There is a meaningful difference between collateral death and terrorism.
> According to paramedics and rescue teams involved in the recovery of the bodies, some bodies were found with hands tied, indicating possible execution. Other victims were found with bullet marks on their heads, raising suspicions of summary executions. There are also reports of torture marks on the bodies.[34][35]
>According to Palestinian government-run news agency Wafa, some bodies were found suspicious of organ theft with their stomachs open and stitched up, contrary to the usual wound closure techniques in the Gaza Strip. The mutilated body of a little girl wearing a surgical gown was also found, prompting suspicions that she had been buried alive.[34]
The argument is that the IDF is targeting enemy combatants, and not deliberately targeting civilians (unlike, e.g. Hamas). The existence of non-combatant casualties alone does not imply terrorism.
The whole thing of Hamas is embedding itself and its infrastructure in the civilian areas. If civilians are requested to evacuate, informed about the fact their houses are used by Hamas and the rocket launchers, rocket factories, tunnels and electric infrastructure to support all of that is going to be targeted, then perhaps it is not exactly fair to use words “bombing civilians” as a matter or fact?
Talking about blood libel when you actually have blood on your hands. And I'm not against Semites, Jews or Palestinians, I'm against Zionism and the murder it's doing in the name of jews.
Stopping humanitarian operations because these are being targeted by the enemy is not the same as targeting populations, regardless of what partisan news out lets like TruthOut have to say about it.
Everywhere you turn, you will find that Hamas' explicit strategy is to maximize the humanitarian crisis in the region. They do this so that people like you will be their advocate.
not deliberately targeting civilians (unlike, e.g. Hamas)
This is not as simple as it looks. Hamas does indeed target civilians, but what really put the wind up Israel on October 7 was that they successfully overran 2 military bases and mounted a serious attack on a third, although that was repelled. Per Israeli media, the government there had significant prior warning (months or maybe as much as a year) but dismissed the intelligence in the belief that Hamas lacked the military capability and was just LARPing.
Different design center, though. Wetware is aimed at people building multi-tool agent products who’ve hit Simon Willison’s lethal trifecta [1], so the design pressure goes elsewhere: cells are fully async WASM/WASI procs (cheap to suspend, parallel by default); inter-cell calls go over object-capability RPC (Cap’n Proto); and there’s a tiny Clojure-inspired Lisp (“Glia”) that doubles as an LLM-facing or human-facing shell. It’s pure by default w/ content-addressable, immutable data structures planned, and an algebraic effect system gating every impure operation exists today. An agent (human or otherwise) can list, attenuate, and invoke just the caps it’s been granted, and you can see at a glance which fragment of code can actually touch the world.
The cap-vs-ACL bit seems to be the main point of divergence, AFAICT. Pollen’s grant docs show capabilities as cert-baked properties the callee inspects in user code (closer to attribute-based access control than to invocation-time cap tokens, and a clean fit for trusted-cluster ops like delegating admin or roles -- very sensible and def don't want to knock it!). Wetware leans the other way on the spectrum: caps are unforgeable references to specific methods (Cap’n Proto), the runtime enforces that nobody can call a method they don’t hold, and attenuation happens by grafting a strict subset of those references to a child cell with per-method granularity. So tool-calls-tool composes naturally, and the worst case of pulling a sketchy MCP server off GitHub becomes “the call fails,” not “depends whether the seed wrote its property check correctly.”
It's a les polished compared to what Sam has shipped, but moving fast, and this post has jolted me into sharing a bit before I had planned! Sam, would love to compare notes if you're open to it. And I'd also love to talk to anyone who’s shipped a multi-tool agent and gotten bitten : pwned in eval, legal blocking a third-party integration, can’t audit every MCP server you depend on. We’re in the first 100 conversations.
Either way, congrats on shipping — the 10-node demo is super slick, and “pure Go, no CGO” is IMO a major win :)
[0] https://github.com/wetware/ww [1] https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
reply