Exo is a novel programming language aiming to provide a secure-by-default environment for building robust and reliable software, particularly focusing on smart contracts and systems programming. Developed by Exo-Lang, the project centers around a core principle: eliminating entire classes of vulnerabilities through a combination of static analysis, a capability-based security model, and a formally verified compiler. Unlike languages that attempt to patch vulnerabilities after they're discovered, Exo proactively prevents them from arising in the first place.

At its heart, Exo is a statically typed language with a syntax inspired by Rust and ML-family languages. However, its key differentiator lies in its capability-based security model. Instead of relying on traditional access control mechanisms like inheritance or object-oriented permissions, Exo uses *capabilities* – unforgeable tokens that grant specific rights to access resources. A function or module must explicitly be given a capability to interact with a resource; without it, access is denied, even for the owner. This drastically reduces the attack surface and eliminates common vulnerabilities like dangling pointers and unauthorized memory access. Capabilities are not inheritable, further strengthening security.

The Exo compiler, a significant component of the project, is designed with formal verification in mind. The goal is to mathematically prove the correctness of the compiler itself, ensuring that the compiled code behaves exactly as the source code intends. This is achieved through a combination of techniques including dependent types and a formally verified intermediate representation. While full formal verification is a long-term goal, the project is making significant progress towards it, with key components already undergoing rigorous verification processes. This focus on verification extends beyond the compiler to include the core language libraries.

Exo’s standard library is intentionally minimal, providing only essential functionalities. This deliberate design choice reduces the potential for bugs and vulnerabilities within the library itself. The language features a powerful module system that allows for code organization and encapsulation, and supports both functional and imperative programming paradigms. It also includes features like algebraic data types, pattern matching, and a sophisticated type system that aids in writing correct and maintainable code. The project provides tooling for package management and building applications.

Currently, the repository contains the compiler, standard library, examples, and documentation. The compiler is written in OCaml and targets a WebAssembly backend, making Exo programs portable and capable of running in various environments, including web browsers and server-side runtimes. The examples demonstrate the language's capabilities and provide a starting point for developers. The documentation, while still evolving, provides an overview of the language's features and concepts. The project is actively developed, with ongoing efforts focused on improving the compiler, expanding the standard library, and enhancing the tooling. Exo represents a promising approach to building secure and reliable software, particularly in domains where security is paramount.