Compilation Infrastructure

The Compilation Layer for Deterministic Software

DevMatrix is the deterministic compilation layer between specification and production infrastructure. Same spec in, same code out — byte-for-byte reproducible, cryptographically signed, audit-ready. Every artifact carries an Ed25519-signed Replay Certificate and CycloneDX 1.5 SBOM. Everything beyond the Compiler Wall is zero-randomness.

Deterministic · ReplayableSigned Evidence Pack22 Closed-Taxonomy Concerns131+ Tech Outputs · 55 CapabilitiesBYO Stack
Talk to engineeringRead the Architecture

Technical Preview · Enterprise & regulated industries

crm.dmx
spec Ledger {
  module Accounts {
    entity Account {
      tenant_id: TenantId
      owner: Ref<Customer>
      balance: Money @currency(ISO4217)
      status: Enum<active, frozen, closed>
    }

    api REST {
      endpoints: [CRUD, balance, freeze]
      auth: JWT @multi_domain
      rate_limit: 100/min
    }
  }

  module Payments {
    flow Transfer {
      saga: orchestration
      steps: [debit, credit, settle]
      compensation: reverse
    }
  }

  compile {
    targets: [python_fastapi, java_spring]
    db: postgresql @rls
    secrets: vault
  }
}

The Compilation Pipeline

A multi-phase compilation pipeline — like LLVM for enterprise systems. Six deterministic stages transform a DMX specification into verified, deployable infrastructure.

01

Specification

Define system architecture in DMX — entities, APIs, data flows, security policies, infrastructure topology.

02

Validate

Syntax and correctness verification. Every reference, type, and constraint checked.

03

Compile

100+ cognitive passes across 16 phases. Pure IR transforms — no side effects, fully deterministic.

04

Emission

200+ emitters targeting Python/FastAPI and Java/Spring Boot, SQL, Docker, infrastructure. Next.js/React frontend in progressive rollout.

05

Quality Gates

119 automated gates: BLOCK (fatal), WARN (advisory), INFO (telemetry). OWASP, performance, compliance.

06

Evidence Pack

Multi-tier auto-generated tests, CycloneDX 1.5 SBOM, Source Map IR↔code, Build Fingerprint + Merkle root, Ed25519-signed Replay Certificate.

Read the full pipeline specification →
Compilation Stack

Compiles to 131+ production technologies

One DMX specification, full-stack output across languages, frameworks, and infrastructure.

PythonPython
FastAPIFastAPI
JavaJava
Spring BootSpring Boot
PostgreSQLPostgreSQL
RedisRedis
DockerDocker
KubernetesKubernetes
HelmHelm
KongKong
KafkaKafka
RabbitMQRabbitMQ
NATS
ElasticsearchElasticsearch
ClickHouseClickHouse
MinIOMinIO
PythonPython
FastAPIFastAPI
JavaJava
Spring BootSpring Boot
PostgreSQLPostgreSQL
RedisRedis
DockerDocker
KubernetesKubernetes
HelmHelm
KongKong
KafkaKafka
RabbitMQRabbitMQ
NATS
ElasticsearchElasticsearch
ClickHouseClickHouse
MinIOMinIO
PythonPython
FastAPIFastAPI
JavaJava
Spring BootSpring Boot
PostgreSQLPostgreSQL
RedisRedis
DockerDocker
KubernetesKubernetes
HelmHelm
KongKong
KafkaKafka
RabbitMQRabbitMQ
NATS
ElasticsearchElasticsearch
ClickHouseClickHouse
MinIOMinIO
PythonPython
FastAPIFastAPI
JavaJava
Spring BootSpring Boot
PostgreSQLPostgreSQL
RedisRedis
DockerDocker
KubernetesKubernetes
HelmHelm
KongKong
KafkaKafka
RabbitMQRabbitMQ
NATS
ElasticsearchElasticsearch
ClickHouseClickHouse
MinIOMinIO
SQLAlchemySQLAlchemy
PydanticPydantic
CeleryCelery
VaultVault
PrometheusPrometheus
OpenTelemetryOpenTelemetry
JaegerJaeger
GrafanaGrafana
DatadogDatadog
Alembic
LiquibaseLiquibase
NginxNginx
TraefikTraefik
TerraformTerraform
Argo WorkflowsArgo Workflows
GitHub ActionsGitHub Actions
JUnitJUnit
SQLAlchemySQLAlchemy
PydanticPydantic
CeleryCelery
VaultVault
PrometheusPrometheus
OpenTelemetryOpenTelemetry
JaegerJaeger
GrafanaGrafana
DatadogDatadog
Alembic
LiquibaseLiquibase
NginxNginx
TraefikTraefik
TerraformTerraform
Argo WorkflowsArgo Workflows
GitHub ActionsGitHub Actions
JUnitJUnit
SQLAlchemySQLAlchemy
PydanticPydantic
CeleryCelery
VaultVault
PrometheusPrometheus
OpenTelemetryOpenTelemetry
JaegerJaeger
GrafanaGrafana
DatadogDatadog
Alembic
LiquibaseLiquibase
NginxNginx
TraefikTraefik
TerraformTerraform
Argo WorkflowsArgo Workflows
GitHub ActionsGitHub Actions
JUnitJUnit
SQLAlchemySQLAlchemy
PydanticPydantic
CeleryCelery
VaultVault
PrometheusPrometheus
OpenTelemetryOpenTelemetry
JaegerJaeger
GrafanaGrafana
DatadogDatadog
Alembic
LiquibaseLiquibase
NginxNginx
TraefikTraefik
TerraformTerraform
Argo WorkflowsArgo Workflows
GitHub ActionsGitHub Actions
JUnitJUnit

Compiler Infrastructure

The compilation layer that transforms declarative specifications into verified, production-grade infrastructure. Every component below operates deterministically.

DMX Specification

A declarative specification language for describing complete system architectures — entities, APIs, data flows, security policies, and infrastructure topology.

The Compiler Wall

The architectural boundary between probabilistic input and deterministic output. LLM involvement terminates at spec authoring. Everything beyond the wall — parsing, passes, emission, verification — is zero-randomness infrastructure.

Verification Gates

119 automated verification gates across three severity tiers. OWASP compliance, performance validation, architectural correctness, and security policy enforcement — applied to every compilation artifact.

Test Infrastructure

38,000+ tests generated per compilation across contract, behavior, security, and validation tiers. Full Merkle-tree provenance ensures traceability from specification to every emitted artifact.

System Primitives

Tenant isolation, row-level security, event-driven architecture, saga orchestration, and cross-module communication — compiled as first-class infrastructure primitives, not bolted-on patterns.

Compilation Observability

Real-time compilation telemetry, quality gate reporting, and artifact tracking. Full observability into every stage of the compilation pipeline.

Audit-Ready

Every Build Ships a Signed Evidence Pack

Eight artifacts that turn a deterministic compile into an auditable supply-chain event. Designed for the controls your CISO, regulator, and procurement team already ask for.

SBOM · CycloneDX 1.5

Component inventory of every emitted dependency, signed and timestamped per build.

Source Map · IR ↔ Code

Every emitted line traced to its DMX spec node. Auditor-grade traceability.

Replay Certificate · Ed25519

Cryptographic proof the build is reproducible from the spec + compiler version.

Build Fingerprint + Merkle Root

Byte-deterministic hash tree over the full artifact tree.

Threat Model

Auto-derived from the IR. Lists assets, trust boundaries, and mitigations.

Capability Manifest

Declared capabilities (auth, RLS, encryption, rate limiting…) wired into the build.

Compliance Report

Per-spec dossier of controls covered, gates passed, and unresolved waivers.

Audit Trail

Append-only event log of every compilation, signed and tamper-evident.

Maps to the controls your auditors cite

SOC 2 Type II
CC7 / CC8 — change management + system operations
PCI-DSS v4
Requirement 6 — secure development + change control
DORA Article 9
Digital operational resilience + ICT change management
EU Cyber Resilience Act
Annex I — component inventory + integrity
NIS2 Directive
Supply-chain controls + incident reporting
SOX § 404
IT general controls — change + access management
Bring Your Own Stack

Closed Taxonomies, Open Plugins

Each concern declares one technology in the spec; the compiler dispatches to the matching plugin. Default plus registered options below — and your own plugin extends any concern without a compiler fork. No vendor lock-in.

Blob / Object Storage

OBJECT_STORAGE

object_storage.client · presigned URLs · multipart · lifecycle rules

  • S3
  • Google Cloud Storage
    Google Cloud Storage
  • Azure Blob
  • MinIO
    MinIO
  • Cloudflare R2
    Cloudflare R2

Event Bus Brokers

MESSAGE_BROKER

shared_kernel.event_bus dispatcher

  • Redis Streams
    Redis Streams
  • Apache Kafka
    Apache Kafka
  • RabbitMQ
    RabbitMQ
  • NATS
  • GCP Pub/Sub
    GCP Pub/Sub
  • AWS SNS/SQS

Secrets Management

SECRET_STORE

shared_kernel.secrets · resolver-scheme · 6 backends

  • env-var
    env-var
  • HashiCorp Vault
    HashiCorp Vault
  • AWS KMS
  • GCP KMS
    GCP KMS
  • Azure Key Vault
  • SOPS
    SOPS

Log Backends

OBSERVABILITY_LOGS

shared_kernel.observability · structured JSON always emitted

  • Loki
    Loki
  • CloudWatch Logs
  • GCP Cloud Logging
    GCP Cloud Logging
  • Datadog Logs
    Datadog Logs

Metrics Backends

OBSERVABILITY_METRICS

metrics_emitter · service_observability binding pass

  • Prometheus
    Prometheus
  • Datadog Metrics
    Datadog Metrics
  • CloudWatch Metrics
  • OpenTelemetry Collector
    OpenTelemetry Collector

Deployment Descriptors

DEPLOY_TOOL

containers.client umbrella · 6 deploy targets

  • Docker Compose
    Docker Compose
  • Helm
    Helm
  • Terraform
    Terraform
  • Pulumi
    Pulumi
  • Nomad
    Nomad
  • AWS ECS CFN
Bring your own
Add a tech kind without forking

Register a plugin for any concern. The compiler dispatches automatically.

Safe defaults
Every concern has one

A build refuses to ship if a declared concern has no matching plugin.

Versioned taxonomy
22 concern categories

The supported surface is a closed, versioned taxonomy — not a moving target.

Deployment Models

Compile Where Your Compliance Boundary Is

DevMatrix is deployable from a hosted SaaS to a fully air-gapped runner — match the model to your regulatory posture.

Cloud SaaS

devmatrix.dev

Author specs and compile through the hosted console. Right for technical preview, pilots, and non-regulated workloads.

Self-hosted

Your Kubernetes / OpenShift

Compiler runs inside your perimeter. Specs and emitted artifacts never leave your network. Right for banks, fintechs, and SOC 2 boundaries.

Air-gapped

Zero external network

Fully offline build pipeline with a signed compiler image. Right for defense, banking core, and classified workloads.

Hybrid

SaaS authoring + on-prem compile

Author specs in the SaaS console; route compilation to a controlled in-perimeter runner. Best of both for distributed engineering orgs.

A Different Category

Code assistants help engineers write. App builders make prototypes. Autonomous agents close tickets. Internal AI factories run black-box. DevMatrix is the only one that emits the same byte-deterministic artifact tree your auditors can replay.

Dimension
DevMatrix
Deterministic compiler
Code Assistants
Copilot · Cursor · Tabnine
AI App Builders
Lovable · Replit · v0
Autonomous Agents
Devin · Cognition
Internal AI Factories
Globant Magnifai · Accenture myWizard
Output determinismByte-identical · same spec → same codeProbabilistic per completionNon-deterministic per promptNon-deterministic per runOpaque · vendor-controlled
Signed evidence packSBOM · Replay Cert · Merkle · Source MapNoneNoneNoneVendor reports · not standardized
Audit traceability (IR ↔ code)Every line traced to spec nodeNoneNoneLogs only · not signedInternal · not externally verifiable
Multi-language emissionPython · Java · Next.js · plugin-registeredAny (probabilistic)Locked to vendor stackAny (probabilistic)Vendor-dependent
Closed-taxonomy / BYO plugins22 concerns · Plugin RegistryN/AVendor stack onlyN/AVendor-bound
Multi-spec orchestrationPlatform / Service / App hierarchy + cross-contract closureFile / function scopeSingle-app scopeTicket scopeVendor-specific
Air-gapped deploySupported · signed imageGHE / Cloud onlyVendor cloudVendor cloudPossible · negotiated
IP ownershipSpec + compiler version + emitted source all yoursGenerated text yours · model notCode yours · platform lock-inGenerated code yours · model notCode yours · platform lock-in
Compliance posture (SOC 2 / PCI / DORA / EU CRA)Evidence pack maps directly to controlsVendor SOC 2 onlyLimitedLimitedVendor attestations
Reproducibility for auditorsIndependent replay from spec + versionNot reproducibleNot reproducibleNot reproducibleVendor-mediated
Read the full architectural comparison →

What is DMX?

DMX is a purpose-built specification language for declaring complete software platforms. One .dmx file describes entities, APIs, business flows, sagas, state machines, security policies, and infrastructure — the compiler handles the rest. Write directly (zero LLM) or use LLM-assisted authoring with critic validation. The spec is the auditable source-of-truth: every regenerated artifact is byte-identical and signed.

At a Glance

accounts.dmx
service "accounts" {
  version     = "1.0.0"
  port        = 8002
  api_prefix = "/v1"
  database    = "ledger_accounts_db"
  compliance ["SOC2", "PCI-DSS", "DORA"]
  depends_on {
    identity imports [Tenant, Customer]
  }
}
entity Account {
  @aggregate_root
  @tenancy(tenant, tenant_id)
  @soft_delete
  id               UUID           @pk @default($computed.uuid)
  tenant_id      UUID           @fk(Tenant.id) @not_null
  owner_id      UUID           @fk(Customer.id) @not_null
  iban             String(34) @unique @sensitive
  currency       String(3)   @iso4217 @not_null
  balance        Money          @not_null @default(0)
  status          Enum(ACTIVE, FROZEN, CLOSED) @default("ACTIVE")
  opened_at    DateTime      @default($computed.now)
}
api {
  POST "/accounts" {
    permissions = ["accounts:open"]
    request {
      owner_id UUID           @required
      currency String(3) @required
    }
    response @entity(Account) @status(201)
  }
  POST "/accounts/{id}/freeze" {
    permissions = ["accounts:freeze"]
    triggers     = Account.status -> FROZEN
    response    @entity(Account)
  }
}

Cross-Service Interactions

Declare how services in a platform talk to each other — synchronous HTTP, asynchronous events through any of the six supported brokers (Kafka, RabbitMQ, NATS, SNS/SQS, Pub/Sub, Redis Streams), or orchestrated sagas with transactional outbox. The compiler emits client, server route, broker wiring, and the compensation paths.

platform.dmx
platform "LedgerPlatform" {
  modules {
    identity  { spec = "identity.dmx"  }
    accounts { spec = "accounts.dmx" }
    payments { spec = "payments.dmx" }
    audit       { spec = "audit.dmx"       }
  }
  // Sync HTTP — accounts resolves customer within its own request
  interactions {
    "I-10: Accounts resolves customer" {
      tier     = 1
      provider = identity
      consumer = accounts
      trigger  = http(method="GET", path="/customers/{id}")
      response_schema = CustomerDTO
      timeout_ms      = 500
      idempotent      = true
    }
    // Saga — atomic money transfer with compensation
    "I-11: Transfer saga" {
      tier           = 1
      orchestrator = payments
      participants = [accounts, accounts]
      trigger       = saga("transfer.requested")
      steps         = [debit_source, credit_target, settle]
      compensation = [reverse_credit, reverse_debit]
      outbox        = true
    }
    // Async event — audit logs every state transition
    "I-12: Transfer audited" {
      tier     = 2
      producer = payments
      consumer = audit
      trigger  = event("payments.transfer.settled")
      broker   = kafka
      payload { transfer_id UUID @required }
    }
  }
}
Read the Language ReferenceExplore the PipelineTalk to engineering

Compilation Targets

One DMX spec, 131 technology outputs across 22 concern categories. DevMatrix compiles your specification into production-ready code across this entire stack.

Stable85 outputs
WIP46 outputs

Python · FastAPI

Stable

SQLAlchemy 2.0 async · Pydantic v2 · Celery + beat · 17+ feature emitters

Java · Spring Boot

Stable

26 emitters · Spring Data JPA · JUnit + Testcontainers · Maven

Next.js · React 19 · TypeScript

WIP

App Router · Tailwind 4 · shadcn · 13 block categories · M10 enterprise

Relational Database

DB_DIALECT
  • PostgreSQLStable

    default · RLS · Alembic

  • ClickHouseStable

    analytics target

Analytics / OLAP Backend

ANALYTICS_STORE
  • ClickHouseStable

    default · primary OLAP

  • BigQueryWIP

    Google Cloud analytics

  • SnowflakeWIP

    cloud data warehouse

  • RedshiftWIP

    AWS analytics warehouse

  • DuckDBWIP

    embedded analytics

Blob / Object Storage

OBJECT_STORAGE
  • S3Stable

    default · AWS

  • Google Cloud StorageStable

    GCS bucket policies

  • Azure BlobStable

    containers + lifecycle

  • MinIOStable

    self-hosted S3-compatible

  • Cloudflare R2Stable

    egress-free S3-compat

Event Bus Brokers

MESSAGE_BROKER
  • Redis StreamsStable

    default · lightweight

  • Apache KafkaStable

    kafka_emitter.py

  • RabbitMQStable

    rabbitmq_emitter.py

  • NATSWIP

    JetStream support

  • GCP Pub/SubWIP

    Google Cloud broker

  • AWS SNS/SQSWIP

    AWS messaging

Non-REST Transports

TRANSPORT
  • HTTPStable

    default · FastAPI

  • WebSocketStable

    Socket.IO + Redis adapter

  • TCP-MLLPStable

    HL7 healthcare transport

  • SerialStable

    RS-232 / RS-485

  • File-watchStable

    directory monitoring

  • UDPStable

    datagram protocol

  • Named PipeStable

    IPC transport

  • USB-HIDWIP

    human interface devices

  • Modbus-RTUWIP

    industrial fieldbus

Wire-Format Parsers

PROTOCOL_PARSER
  • HL7v2-2.5Stable

    healthcare messaging

  • FHIR-R4Stable

    healthcare interoperability

  • SOAP-1.2Stable

    enterprise XML services

  • CSV (RFC 4180)Stable

    tabular data

  • XML 1.0Stable

    structured documents

  • JSON-APIStable

    spec-compliant REST

  • Webhook HMACStable

    generic signed receiver

  • EDIFACTWIP

    commerce messaging

  • X12WIP

    commerce ANSI ASC

  • SWIFT-MTWIP

    finance interbank

JWT Signing Algorithms

AUTH_ALGORITHM
  • HS256Stable

    default · HMAC SHA-256

  • RS256Stable

    RSA SHA-256

  • ES256Stable

    ECDSA P-256

  • EdDSAStable

    Ed25519 signatures

Secrets Management

SECRET_STORE
  • env-varStable

    default · .env templates

  • HashiCorp VaultStable

    enterprise secret store

  • AWS KMSStable

    AWS key management

  • GCP KMSWIP

    Google key management

  • Azure Key VaultStable

    Microsoft key vault

  • SOPSWIP

    encrypted YAML at rest

Metrics Backends

OBSERVABILITY_METRICS
  • PrometheusStable

    default · scrape model

  • Datadog MetricsWIP

    SaaS metrics platform

  • CloudWatch MetricsWIP

    AWS native metrics

  • OpenTelemetry CollectorWIP

    vendor-neutral ingest

CI/CD Providers

CI_PROVIDER
  • GitHub ActionsStable

    default · workflows

  • GitLab CIStable

    .gitlab-ci.yml stages

  • Argo WorkflowsStable

    Kubernetes-native CI

Deployment Descriptors

DEPLOY_TOOL
  • Docker ComposeStable

    default · multi-service

  • HelmWIP

    Kubernetes charts

  • TerraformWIP

    IaC HCL

  • PulumiWIP

    IaC in TS / Python

  • NomadWIP

    HashiCorp scheduler

  • AWS ECS CFNWIP

    CloudFormation ECS

Hardening

  • RBACStable

    role-based access control

  • ABACStable

    attribute-based policies

  • Row-Level SecurityStable

    tenant isolation

  • CSRF / CORS / CSP / HSTSStable

    headers + protections

  • Rate LimitingStable

    Redis-backed token bucket

  • Service-to-Service AuthStable

    tokens + keys + clients

  • TOTP / 2FAWIP

    MFA inference (WIP)

See all 131 outputs + capabilities →

Infrastructure Access

Access the compiler at every scale. From evaluation to dedicated infrastructure.

Technical Preview
Evaluate the compilation pipeline with a single compilation.
  • 1 Platform
  • 1 compilation
  • 1 module
  • 5 entities
  • Community support
  • Core verification gates
Apply
Startup
Coming Soon
For teams integrating deterministic compilation into their workflow.
  • 1 Platform
  • Unlimited compilations
  • Up to 5 modules
  • 50 entities
  • Engineering support
  • Full verification gates
  • Test infrastructure generation
Enterprise
Coming Soon
Dedicated compilation infrastructure with custom SLAs.
  • Unlimited Platforms
  • Dedicated compilation cluster
  • SLA guarantee
  • Custom emitter integrations
  • SSO / SAML
  • On-premise option
  • Dedicated engineering support

Frequently Asked Questions

Get in Touch

Have a question about DevMatrix? Want to discuss enterprise solutions? We'd love to hear from you.

Location

Marbella, Spain

Serving customers worldwide