2026-06-23 · ClojureWasm is a Clojure runtime written from scratch in Zig and Clojure, with no JVM

Show notes

BRINE — 2026-06-23 · show notes

Guest: the tooling optimist (a fictional archetype).

Claims are paraphrased and attributed; nothing is read verbatim. Where a thread disagreed with the article, the show surfaces the disagreement.

Segments

ClojureWasm is a Clojure runtime written from scratch in Zig and Clojure, with no JVM

Source: https://github.com/clojurewasm/ClojureWasm
Discussion: https://lobste.rs/s/updcup
Topic: Clojure · interest 85
ClojureWasm is a new Clojure runtime built using Zig that eliminates the JVM dependency, targeting fast startup times for CLI and serverless environments. It features a novel WebAssembly FFI that allows interoperability with modules written in Rust, Go, or C, while supporting standard Clojure namespaces and native binary compilation.

Building a persistent cognitive architecture for LLM agents using Elixir and OTP

Source: https://0xcc.re/2026/05/03/skynet-towards-synthetic-neurobiology.html/
Discussion: https://lobste.rs/s/a5kwdy
Topic: Elixir/LLM Agents · interest 85
The article describes 'Souls,' a cognitive architecture for long-lived LLM agents built as Elixir GenServers. It proposes a hierarchical memory model—short-term summaries, medium-term digests, and long-term vector search—designed to maintain context while keeping LLM prompt caches warm and efficient.

17 bugs in 10 weeks from AI security scanning

Source: https://lalitm.com/post/perfetto-security-bugs-ai/
Discussion: https://lobste.rs/s/5iuaxt
Topic: AI Security · interest 85
The author shares their experience receiving a flood of high-quality bug reports generated by internal AI security scanners. The report highlights the effectiveness of AI in uncovering non-trivial bugs in 'long-tail' software, confirming trends seen in larger projects like the Linux kernel and curl.

Transcript

Transcript. Paraphrased; sources in notes.md.

HostWelcome back to the show. It is June 23rd, 2026, and we have a packed slate today. We are looking at a new runtime that aims to liberate Clojure from the JVM, a fascinating approach to building persistent LLM agents using the Elixir actor model, and a report on how AI is actually surfacing non-trivial bugs in the long tail of software. Samantha, it is good to have you here. How are you feeling about the tech landscape this morning?

GuestI am vibrating, Daniel. Honestly, I have been buried in agentic workflows all week, and seeing the industry start to move toward architectures that actually respect state and memory is just, it is the best part of the job. I saw that Clojure story on Lobsters earlier and I almost dropped my coffee.

HostI saw that on the Lobsters thread as well. For those who aren't familiar, ClojureWasm is an ambitious project written in Zig that creates a Clojure runtime without the JVM. The author's claim is that by targeting WebAssembly, you can get near-instant startup times and native interoperability with languages like Rust and Go, which is a massive pivot for a language that has historically been married to the Java Virtual Machine.

GuestYou have to appreciate the audacity here. I love Clojure, but dragging the JVM into a CLI tool or a serverless function is like trying to pack for a weekend trip by bringing your entire house. The Lobsters user alper put it perfectly, calling out that JVM startup latency is just a constant pain point. Moving to a small binary built in Zig, which is essentially the gold standard for that kind of low-level, predictable systems code right now, it changes the game. If this can actually handle the standard library namespaces reliably, it makes the language viable for things I would never have touched with a traditional Clojure stack.

HostIt is exciting, but the author is being very clear about this being an early, experimental phase. They aren't even taking pull requests yet.

GuestAnd that is the right move! If you are building a new runtime, you do not need the noise of a thousand random feature requests. You need to get the core FFI right first. If you can call into a Rust module as easily as you call a Clojure function, that is the "holy grail" for a lot of us building production tools.

HostSpeaking of production tools, let's talk about the Elixir work. There is a great piece up on Lobsters about using Elixir and the OTP framework to build persistent memory for LLM agents. The author argues that LLM loops map incredibly well onto the actor model, where each "Soul" or agent is a GenServer that can manage its own state, fork processes, and maintain a hierarchy of memory from short-term context to long-term vector storage.

GuestThis is exactly what I have been shouting about. People treat LLMs like stateless API calls, and then they wonder why their agents lose the plot after ten turns. If you model these as long-lived processes, Elixir’s supervision trees give you this incredible safety net. If an agent crashes or hits a weird state, you just restart that specific process, not the whole application. I have actually been playing with a similar pattern for a task-orchestration tool I am prototyping. Treating an agent as a persistent, stateful entity rather than a prompt-to-response loop is the only way to get real work done.

HostIt is a logical jump, but the implementation sounds intense. Maintaining that hierarchy of memory, especially without just dumping a massive history into every prompt, is the core hurdle.

GuestIt is, but that is why Elixir is the right tool. You get to play with the message-passing system to manage digests and summaries in the background while the main process is idling. It is basically synthetic neurobiology for your stack.

HostFinally, let's talk about something a bit more defensive. There is a post on Lobsters detailing how AI-driven security scanning has surfaced 17 bugs in the Perfetto trace processor in just 10 weeks. Perfetto, for context, is a high-performance C++ library used for recording and processing system traces. The author is actually thrilled about this, noting that these are bugs in the long tail of software that human researchers usually ignore because they are not considered "high-stakes" enough.

GuestI love this energy. We have spent years romanticizing the "manual security audit" by a human expert, but the reality is that the human expert is busy looking at the Linux kernel or the OpenSSL source. If we can unleash these scanners on the forgotten corners of our dependency trees, we are going to see a massive increase in baseline security.

HostThe author seems to confirm that the quality of these reports is high. It isn't just noise; it's actual, actionable bugs being found in code that hasn't seen much security love in years.

GuestIt is a shift from security as an artisanal craft to security as an industrial process. I’ll be honest, I have been using these agents to scan my own dependencies for months, and while they do throw some false positives, they catch things that a human would have needed a week of staring at a debugger to find. The fact that the Perfetto maintainer is happy about it is the real tell here. It isn't just about protecting the "critical" infrastructure, it is about hardening everything.

HostIt sounds like a busy weekend of reading for us both. I am curious to see if that ClojureWasm project gets enough momentum to actually become usable for those of us wanting to write scripts in a Lisp-like syntax without the heavy overhead.

GuestExactly. If I can use Clojure syntax for my CLI glue code and link it to Zig libraries, I am sold. Though, I have a feeling I will be spending my Saturday debugging agent state machines instead.

HostWell, you never do seem to stop, Samantha. Thank you for walking through these with me. You can find all these stories and the full discussion over on Lobsters. We will be back tomorrow to see what else the community is digging into. Talk to you then.