v0.9.0-rc1 — the stability candidate. 16 of 20 v1.0 gates closed. 901 tests (706 + 195) at 100%. Generics, async (spawn / await / spawn_thread), Secure<T, State> with EU cloud KMS, native OCI runtime, kern-pkg in Kern, chain-hashed audit log — all shipped.

European. Cloud‑native.
AI‑first.

The backend language for European digital sovereignty. GDPR, DORA, NIS2, and the EU AI Act enforced at compile time and verified at runtime — with article-level mapping (GDPR Art. 5–44, DORA Art. 5/9/10/11, NIS2 Art. 21/23). v0.9.0-rc1 is the stability candidate: every code-side v1.0 gate is closed or has its harness shipped. Generics (selective monomorphization), async on cooperative kern routines with libuv-backed IO (spawn / spawn_thread / await), Secure<T, State> compile-time IO governance with EU-sovereign cloud KMS, native OCI container runtime, chain-hashed AI audit log, and kern-pkg ported to Kern — all shipped. 901 tests at 100% pass. Zero US dependencies.

Get Started See Examples
main.kern 
import std.ai.llm as llm

async fn main():
    model = llm.ollama("mistral")

    prompts = [
        {"role": "Summarize this document"},
        {"role": "Translate to German"},
    ]

    results = await async.all(
        prompts.map(|p| model.complete(prompt: p))
    )

    for r in results:
        print(r)
Why kern?

Three pillars. One language.

Compliance is a type system problem. Infrastructure is a sovereignty problem. AI is a privacy problem. kern solves all three at compile time.

European Sovereignty

No US dependency.
Not today. Not in 2040.

Every byte of kern's supply chain is European. No CLOUD Act exposure. No executive order risk. GDPR is enforced at compile time. std.compliance maps every operation (collect, store, transfer, delete, encrypt) to its specific GDPR Art. 5–44, DORA Art. 5/9/10/11, and NIS2 Art. 21/23 obligation — auditor-readable. net.tls classifies cipher suites against BSI TR-02102-2. PersonalData<T> can't reach analytics, logs, or AI without consent. user.forget() implements Article 17 directly.

  • Compile-time GDPR, DORA, NIS2 & EU CRA enforcement
  • Zero CLOUD Act / US jurisdiction exposure
  • Secure<T> — graduated protection with mlock & zero-on-drop
  • Built for public sector, defense & critical infrastructure
Cloud Native

Easier than Rust.
Faster than Go.

kern sits in the sweet spot: Python's readability, Go's deployment model, Rust's safety guarantees, and more opinionated than all three on security and privacy. gRPC with real protobuf, HTTP/2 via nghttp2, SSH, NATS, S3 — all in the stdlib. Green threads at 100K concurrent routines. Static binaries under a millisecond cold start.

  • gRPC, HTTP/2, SSH, NATS, S3 in stdlib
  • OAuth2, migrations, cron, Prometheus metrics
  • Sub-millisecond cold starts, static binaries
  • TLS via mbedTLS, PostgreSQL, JWT in stdlib
AI Native

Multi-provider LLM.
Privacy enforced by the compiler.

Built-in LLM API proxy for Claude, OpenAI, Mistral, and Ollama — multi-turn chat, token counting, SSE streaming. Qdrant vector DB client for RAG pipelines. PersonalData<T> passed to any LLM call is a compile error, with taint propagation across variable assignments. EU AI Act audit logging is automatic and cannot be disabled. BLAKE2b cryptographic event logs for tamper-proof audit trails.

  • Claude, OpenAI, Mistral, Ollama in the stdlib
  • Qdrant vector DB & RAG pipelines built in
  • PersonalData taint propagation — PII to LLM = compile error
  • BLAKE2b audit logs & EU AI Act compliance
The honest comparison

Designed after the requirements existed.

Go, Rust, Python, and Node are governed by US corporations or foundations. They were designed before GDPR fines exceeded €4 billion, before the EU AI Act, before NIS2 made supply chain sovereignty a legal obligation. They bolt compliance on. kern compiles it in.

Feature Python Go Node.js Rust Kern
Readable syntax Yes Verbose JS baggage Complex Yes
Single binary No Yes No Yes Yes
Native async Bolted on Goroutines Yes Complex Yes
Null safety No No No Yes Yes
GDPR built in No No No No Yes
AI native stdlib No No No No Yes
Container native No No No No Yes
AI agent framework No No No No Yes
WASM target No Limited No Yes Yes
European governed No No No No Yes
Error handling Exceptions Values Exceptions Values Values
Learning curve Low Medium Medium Very high Low
Under the hood

Best of Go, Rust, Python.
None of the baggage.

Type-Safe by Default

Type checker enabled on every build. Traits with Rust-model static vtables and dynamic dispatch. Secure<T> zeroes on drop, mlocks Confidential data, and blocks plaintext logging.

Traits & Algebraic Types

Trait definitions with impl blocks and Rust-model static vtables for dynamic dispatch. 9 standard traits (Display, Debug, Eq, Hash, Ord, Clone, Default, Serialize, Deserialize). Result<T>/Option<T> as first-class unions. Match guards, range patterns, and struct destructuring.

Concurrent Async Runtime

Async codegen lands in v0.8: spawn / await on cooperative kern routines (16 KB guard-paged stack, configurable via KERN_ROUTINE_STACK_SIZE); spawn_thread routes CPU-bound work onto the libuv worker pool. Routine-aware libuv IO (file / DNS / TCP), libpq, and mbedTLS — await parks the calling routine, never an OS thread. Two spawned sleep_ms(80) tasks complete in ≈82 ms. Mark-and-sweep GC, SSE streaming, secure WebSocket (wss://), channels, Mutex, RwLock, semaphores.

Fully Bootstrapped Compiler

All 10 compiler source files self-host. 25,499 lines of Kern via LLVM. Generics shipped: selective monomorphization for stdlib hot paths (List<T>, Map<K,V>, Result<T>, Option<T>, Decimal) emitted as linkonce_odr typed wrappers; @monomorphize opt-in for user code. Module visibility (pub/private), auto-derive (Eq, Hash, Clone, Display, Debug), “Did you mean?” suggestions, DWARF debug info, kern doctor.

Integrated Toolchain

15-feature LSP (go-to-definition, references, rename, semantic tokens, inlay hints). 901 tests at 100% pass rate (706 conformance, 195 negative — both gates CI-blocking). 5 libFuzzer targets plus a structure-aware parser fuzzer harness (tools/fuzz_parser.sh, five mutators) waiting out its 24 h soak. ASAN/UBSAN/TSAN sanitizers in CI. Reproducible builds verified byte-for-byte identical via SOURCE_DATE_EPOCH. 6 cross-compilation targets, CycloneDX 1.5 SBOM, GDPR Art. 30 records.

Pipe-First & String Interpolation

Data flows left to right — readable like Python. "Hello ${name}" string interpolation, int()/float() conversions, and default field values make code concise without sacrificing clarity.

In practice

Expressive by nature.

kern's syntax reads as easily as it's written. See for yourself.

user_service.kern 
# In Python, this compiles and ships:
#   analytics.track(user.email)  -- GDPR violation
#   send_to_ml(user.email)       -- GDPR violation
# In Kern, it's a compile error:

fn send_email(user: User):
    analytics.track(user.email.value)
    # ERROR E0091: PersonalData<str> cannot be
    # passed without a valid ConsentRecord

# The only way to use personal data:
fn send_email_safe(user: User):
    email = user.email.access(
        reason:  "send welcome email",
        consent: user.consent_record
    )
    analytics.track_event("signup")  # OK
    send(email, "Welcome!")         # OK

GDPR enforced by the compiler

No other language enforces GDPR at the type system level. PersonalData<T> cannot be passed to analytics, logging, or AI models without explicit consent and a documented reason. Violations are compile errors, not fines.

  • PersonalData<T> tracks consent at the type level
  • Every access is logged with reason and consent
  • Passing PII to AI models is a compile error
  • user.forget() implements GDPR Article 17
service.kern 
import net.http
import std.cloud.health
import std.cloud.telemetry

# A cloud-native HTTP service in 15 lines

async fn handle_user(req: http.Request) -> http.Response:
    id   = req.params.get("id")?
    user = await db.find_user(id)?
    return http.ok(user)

fn main():
    server = http.Server(port: 8080)
    server.get("/users/:id", handle_user)
    server.with(telemetry.middleware())
    server.with(health.check("/healthz"))
    server.listen()

Cloud-native by default

Health checks, structured logging, and distributed tracing are part of the standard library — not afterthoughts bolted on via third-party packages.

  • Built-in OpenTelemetry tracing
  • Kubernetes-ready health probes
  • Pipe-friendly middleware composition
support_agent.kern 
import std.ai.agent as agent
import std.ai.llm as llm

# AI agent with tools, memory, and privacy
# EU AI Act audit logging is automatic.

async fn main():
    support = agent.Agent(
        name:   "support-bot",
        model:  llm.ollama("mistral"),
        system: "You help users with kern.",
        tools:  [search_docs, create_ticket],
        memory: agent.memory(max_turns: 50)
    )

    result = await support.run("How do I deploy?")?
    print(result.text)
    print(result.audit_log)  # EU AI Act

Multi-provider LLM with audit trail

Built-in LLM API proxy for Claude, OpenAI, Mistral, and Ollama. Qdrant vector DB for RAG. PersonalData passed to any LLM is a compile error — taint propagation tracks it across assignments. BLAKE2b cryptographic event logs for tamper-proof audit trails.

  • Claude, OpenAI, Mistral, Ollama in stdlib
  • Qdrant vector DB & RAG pipelines
  • PersonalData taint propagation
  • BLAKE2b audit logs & EU AI Act compliance
Project status

Production-hardened.
Independently verified.

0 tests — 100% pass 706 conformance + 195 negative. Both gates CI-blocking. 5 libFuzzer targets + parser fuzzer harness.
0 stdlib modules gRPC, HTTP/2, SSH, OAuth2, SSE, wss://, PostgreSQL, Redis, OCI v2, cloud KMS — 350+ functions documented
10/10 compiler files bootstrap 25K-line self-hosted compiler. 31K-line C runtime. GC for strings, lists, maps. Generics + async codegen on the same ABI.
0 US dependencies Zero CLOUD Act exposure. Full European supply chain. EU-sovereign cloud KMS providers.
What's in the box

A real backend toolbox.
Not a language demo.

Backends need TLS, a database, an auth scheme, metrics, and config — not a roadmap. kern's standard library ships with all of them, no third-party packages required. Recently landed:

v0.9.0-rc1 — the stability candidate

Code-side, 16 of 20 v1.0 ROADMAP gates are closed or have their harness shipped. The four left are calendar / governance: foundation incorporation, real-account exercise of cloud KMS providers, the parser-fuzzer 24 h soak, and 6 months of zero breaking changes on top of v0.9.x. Three of those four are not code. 901 tests at 100% pass (706 conformance + 195 negative; both gates CI-blocking). The flagship privacy claim — PersonalData<T> to AI is a compile error — is now load-bearing across list, map, string-interpolation, and trait-dispatch paths. Read the v0.9.0-rc1 release post for the full story.

Generics + async — landed on a stable ABI

Generics (v0.7): selective monomorphization for stdlib hot paths — List<T>, Map<K,V>, Result<T>, Option<T>, Decimal — emitted as linkonce_odr typed wrappers so multiple compilation units share them without link conflicts; @monomorphize opt-in for user code; type-erased fallback. Async (v0.8): real spawn/await codegen, cooperative kern routines (16 KB guard-paged stack, configurable via KERN_ROUTINE_STACK_SIZE), routine-aware libuv IO (file/DNS/TCP), routine-aware libpq + mbedTLS, spawn_thread for CPU-bound work via the libuv worker pool. Two spawned sleep_ms(80) tasks complete in ≈82 ms. ABI-breaking decisions are now behind us, not ahead.

v0.9.0-rc1 highlights — kern-pkg, cloud KMS, native containers, chain-hashed audit

kern-pkg ported to Kern (full surface): init / build / run / test / add / remove / verify / install / publish / search / update with manifest [dependencies] / [dev-dependencies] parsing — the Python shim is gone. EU-sovereign cloud KMS providers: KERN_KMS_PROVIDER routes kms_encrypt / kms_decrypt to Scaleway (EU-native), Azure Key Vault (with AAD bearer cache), or an OVH stub; local AES-256-GCM remains the default. Native OCI container runtime: kern_container_run_native() sandboxes processes via Linux namespaces + cgroup v2 + overlayfs + veth — no daemon, no docker / podman / runc shellout. OCI Distribution Spec v2 client talks to any registry (Docker Hub, GHCR, Quay, GitLab CR), SHA-256 verification on every blob, cache-keyed by digest. Chain-hashed AI audit log: every record carries prev_hash + record_hash (SHA-256 over the previous hash + canonical body); kern_ai_audit_verify() replays the file and refuses appends if any link mismatches — closes the EU AI Act gate.

TLS & HTTPS

End-to-end encryption via mbedTLS. https_serve, https_post, and tls_gen_self_signed live in net.http. No OpenSSL, no Rustls.

PostgreSQL

First-class libpq client in db.postgres. Real connections, parameterised queries, transactions — finally stop bridging through Python.

JWT & libsodium crypto

HS256 JWT, base64url, and production-grade crypto via libsodium — Argon2, ChaCha20-Poly1305, Ed25519, X25519, BLAKE2b. The same primitives Signal uses.

Prometheus metrics

Counters, gauges, and histograms exported in OpenMetrics text format. Scrape-ready from any kern HTTP server with one import. SLOs without third-party agents.

gRPC & HTTP/2

Real gRPC with protobuf wire format, verified against grpcbin Docker. HTTP/2 client via nghttp2. SSH, NATS, and S3 with AWS Sig V4 — all in the standard library.

Ed25519 signed releases

Every release binary is signed with Ed25519 via libsodium. sign_file and verify_file in the stdlib. Verifiable builds from a European supply chain.

Kern routines (green threads)

Assembly context switching with guard pages and stack pools. 100,000 concurrent routines in 133ms. Lighter than goroutines, safer than threads. Production-ready concurrency without a garbage collector.

OAuth2, migrations & cron

OAuth2 authorization flows, database migrations, background job scheduling, and cron in the stdlib. Query builder with pagination. Go-parity ecosystem features without third-party packages.

BLAKE2b audit log & DORA/NIS2

Append-only BLAKE2b chain hash with flock(2) per append, periodic fsync, and full chain re-verification on open — tamper detection plus crash safety. std.compliance maps each runtime operation to GDPR Art. 5–44 / DORA Art. 5/9/10/11 / NIS2 Art. 21/23 with consent validation, classification, and adequacy/SCC checks for cross-border transfers.

CycloneDX SBOM & EU CRA

kern sbom generates CycloneDX 1.5 JSON listing all runtime dependencies — libkern_bridge, libuv, libsodium, mbedTLS. Compliance-scanner ready for the EU Cyber Resilience Act. Stack protector (-fstack-protector-strong) enabled on all binaries.

Decimal — exact base-10

std.decimal ships a real Decimal struct on top of arbitrary-precision integers. Parse, format, add/sub/mul/div, six rounding modes (HALF_EVEN/UP/DOWN, CEILING, FLOOR, DOWN, UP), locale formatting (en_US/de_DE/nl_NL/fr_FR), currency (€/$/£), JSON round-trip. IEEE-754 floats are not acceptable for currency, taxation, or regulatory reporting — this unblocks finance and government deployment.

LLM & Qdrant resilience

Per-provider circuit breaker (opens after 5 consecutive failures, stays open 30 s, then admits a single half-open probe), bounded retry (3 attempts) with exponential backoff + jitter, JSON sanity-check on every response. Thread-safe via C11 atomics. Wraps both kern_llm_api_call and kern_qdrant_request. Production resilience, not best-effort.

Event log durability

kern_eventlog_open verifies the BLAKE2b chain before accepting any new append — refuses to open a tampered log. Each append takes an exclusive flock(2). Default fsync every 16 appends; tune with eventlog_set_fsync_interval or force with eventlog_sync. Multi-process safe, crash-safe.

SSE production polish

sse_send_heartbeat emits comment frames to keep idle connections alive across reverse proxies. sse_send_event_id writes the id: line so clients can reconnect via Last-Event-ID. Server-Sent Events that survive real network paths.

net.tls passive audit

TLS version validation, cipher suite classification (forward-secrecy / AEAD / BSI TR-02102-2), connection audit reports, strict policy enforcement (TLS 1.3 + AEAD + FS). The German Federal Office for Information Security's cipher-suite recommendations, codified in the standard library.

std.compliance article mapping

Operations (collect / store / process / transfer / delete / access / encrypt) map to specific GDPR Art. 5–44, DORA Art. 5/9/10/11, and NIS2 Art. 21/23. Consent validation, data classification (standard / sensitive / special-category), cross-border transfer checks (adequacy / SCCs), retention recommendations, audit entries — auditor-readable, not lawyer-readable. std.compliance.render_art30_register() emits a GDPR Art. 30 record-of-processing-activities document.

kern-pkg — ported to Kern

The package manager is no longer a Python shim. init / build / run / test / add / remove / verify / install / publish / search / update all run on Kern. Manifest [dependencies] / [dev-dependencies] parse into a typed List<Dependency>. Lockfile read/write with chain-integrity verify. Closes the toolchain self-hosting gate.

EU-sovereign cloud KMS

Secure<T, State> with KERN_KMS_PROVIDER env routing to Scaleway (EU-native, fr-par/nl-ams) or Azure Key Vault (with AAD bearer-token caching). OVH stub awaits real-account exercise. Local AES-256-GCM via mbedTLS remains the default. The compile-time IO-sink check rejects Secure<_, Plain> flowing into db_* / http_* with a clear diagnostic.

Native OCI container runtime

kern_container_run_native() runs sandboxed processes via Linux namespaces + cgroup v2 + overlayfs + veth — no daemon, no docker / podman / runc shellout. kern_oci_pull() talks to any OCI Distribution Spec v2 registry (Docker Hub, GHCR, Quay, GitLab CR) with SHA-256 verification on every blob and cache-keyed-by-digest. oci_run_image() composes pull + config + run. container_stats_native() exposes cgroup v2 metrics by name.

Chain-hashed AI audit log

Every record carries prev_hash + record_hash (SHA-256 over the previous hash + canonical body). On open, kern_ai_audit_verify() replays the file and refuses appends if any link mismatches. The event-log verifier also recomputes each record's hash from seq | ts | type | data | prev_hash and rejects tampered payloads even when the chain link is kept consistent. Tamper-evident by construction — closes the EU AI Act gate.

Generics — selective monomorphization

Stdlib hot paths — List<T>, Map<K,V>, Result<T>, Option<T>, Decimal — emit monomorphized typed accessors as linkonce_odr, so multiple compilation units share them without link conflicts. Generic call sites compile to the monomorphized typed wrappers when available; type-erased path is the fallback. @monomorphize annotation is the opt-in marker for user-level generics.

Async — spawn, await, spawn_thread

Direct spawn f(args...) synthesizes a per-call-site wrapper plus kern_async_coro_spawn. await <task> calls kern_async_coro_await and unboxes the typed return. Bodies run on cooperative kern routines (16 KB guard-paged stack, configurable). await from inside a routine parks it on the awaitee — no OS thread held during suspension. kern_sleep_ms and routine-aware libuv file/DNS/TCP IO yield cooperatively. spawn_thread routes CPU-bound work onto the libuv worker pool. Two spawned 80 ms tasks complete in ≈82 ms.

Parser fuzzer harness

tools/fuzz_parser.sh <seconds> runs a corpus-mutating, structure-aware driver over tests/conformance/*.kern with five mutators (bit flip, insert, delete, truncate, token splice). Smoke run: 521 iterations / 0 crashes / 0 timeouts in 120 s. CI gate command for v1.0: tools/fuzz_parser.sh 86400 — the 24 h soak is the one remaining code-side gate.

Resilience hardening

LLM proxy: 60 s socket timeout (SO_RCVTIMEO/SO_SNDTIMEO) on the shared HTTPS-with-headers path, layered on the per-provider circuit breaker + 3-attempt retry + jitter. Qdrant client: 30 s socket timeouts + kern_qdrant_health() readiness/liveness probe. WebSocket: stdlib connect_with_backoff() (200 ms base, doubling, capped at 30 s, ±25% jitter) + send_resilient(). Event log: fcntl exclusive lock per append + tunable fsync interval.

Honest benchmarks

Faster than Go.
On every workload we ran.

Five backend workloads. Same algorithm, same data sizes, only the standard library of each language. No JIT pre-warming. No micro-tuning. Methodology and reproducible runner are in the repo.

Workload kern vs Go vs Node.js vs Python
Fibonacci recursive, n=35 55 ms 1.5× faster 1.8× faster 16× faster
JSON encode 100k iterations 30 ms 2.8× faster 1.7× faster 5.8× faster
Hash 1M iterations, BLAKE2b vs SHA-256 261 ms 1.2× faster 1.6× faster 1.4× faster
File I/O 10k write+read cycles 514 ms 1.08× faster 1.21× faster 1.18× faster
HTTP 1k sequential GETs 152 ms 1.08× faster 1.26× faster 1.21× faster
Concurrent HTTP

10,000 requests/second sustained at 100-way concurrency, with zero failures across 50,000 requests. Backed by libuv — the same event loop that powers Node.js.

Single run, single machine, wall-clock milliseconds, release builds, no parallelism. Run-to-run variance on a laptop is ±5–15%. The runner skips any toolchain that isn't installed. Re-run the suite yourself with ./benchmarks/run_all.sh.

Quick start

Up and running in seconds.

1

Install kern

terminal 
$ curl -fsSL https://kern-lang.eu/install.sh | bash
2

Create a project

terminal 
$ kern new my-service
  Created project `my-service` in ./my-service
$ cd my-service
3

Run it

terminal 
$ kern run
   Compiling my-service v0.9.0-rc1
    Finished in 0.08s
    Running `target/release/my-service`
Server listening on :8080
Digital sovereignty

European infrastructure.
No US jurisdiction. Period.

Every component of kern's toolchain is hosted, governed, and operated in Europe. No CLOUD Act. No FISA 702. No executive order can compel access to your supply chain. This is the foundation for sovereign digital infrastructure that outlasts any political cycle.

Component Provider Country
Source codeCodebergGermany
Package registrypkg.kern-lang.eu (OVH/Scaleway)France
CI/CDWoodpeckerGermany
Domain & DNSTransIPNetherlands
Static hostingCodeberg PagesGermany
Default cloud LLMMistralFrance
Default vector DBQdrantGermany
Default local LLMOllamaOpen source
Who it's for

Built for the institutions
that define Europe's future.

Kern is for

  • EU institutions and member state agencies building sovereign digital infrastructure
  • Critical infrastructure operators under NIS2 — energy, transport, health, water
  • Central banks, financial market infrastructure, and DORA-regulated institutions
  • Defense and intelligence services requiring sovereign, auditable tech stacks
  • Enterprise teams deploying AI agents where PII leakage is a regulatory risk

Kern is not for

  • Data scientists who need NumPy and pandas — use Python
  • Systems programmers building operating systems — use Rust
  • Teams with ten years of Go investment — switching has a cost
  • Projects that need Windows support — kern targets Linux and macOS

Sovereign infrastructure
for the next decades.

If your institution needs software that no foreign jurisdiction can compel, surveil, or shut down — kern is the backend language where European sovereignty is compiled in. v0.9.0-rc1 is the stability candidate: 901 tests at 100% pass, generics + async + Secure<T, State> on a stable ABI, EU-sovereign cloud KMS, native OCI container runtime, chain-hashed AI audit log, multi-provider LLM with circuit breakers, Qdrant with health probes, DORA/NIS2 runtime compliance, CycloneDX 1.5 SBOM, GDPR Art. 30 records. Zero US dependencies. Production infrastructure for the institutions that define Europe's future.

Install kern Star on Codeberg