Feature·Standalone Executables·Cross-Compilation

One file out the other end.

sema build traces your imports, bundles assets, and emits a self-contained binary. No venv on the server, no dependency pinning, no container just to run a script. The part Python never solved.

Read the docsTry the playground
$sema build agent.sema -o agent

12 MB binary · no runtime needed · cross-compile for 5 platforms

The build pipeline

From source to binary, in one command.

(s)
.sema source
Your script + imports
compile
Lower to bytecode (.semac)
trace imports
Recursive dependency walk
VFS archive
Bundle files + checksum
inject
Embed into runtime binary
executable
Self-contained, ship it

The problem it solves

Deploy without the ritual.

Python deploymentthe ritual
def deploy():
    # 1. SSH in
    ssh prod

    # 2. Create virtualenv
    python3 -m venv venv
    source venv/bin/activate

    # 3. Install dependencies
    pip install -r requirements.txt
    # hope versions haven't drifted…

    # 4. Copy source
    scp -r src/ prod:~/app/

    # 5. Run it
    python agent.py

    # 6. Pray the runtime matches
    # 7. Containerize if it doesn't
A venv, a requirements.txt, a container, a CI pipeline to build the container — just to run a script.
Sema deploymentone file
# Build locally
sema build agent.sema -o agent
→ traced 3 imports, bundled 1 asset
→ agent (self-contained, 12 MB)

# Ship it
scp agent prod: && ssh prod ./agent
→ runs. that's it.
One binary. No venv, no pip, no container. The runtime, bytecode, and assets are all inside.

Cross-compilation

Build from anywhere, for everywhere.

--target linux on macOS. --target windows on Linux. --target all produces five binaries in one command. Runtime binaries are downloaded, SHA256-verified, and cached — injection is format-aware, not host-specific.

  • Five targets. macOS ARM + Intel, Linux x86_64 + ARM, Windows. Cover every mainstream deployment target.
  • Any host → any target. Mach-O section injection works in pure Rust — build macOS ARM64 binaries from Linux.
  • Cached runtimes. Downloaded once, SHA256-verified, stored in ~/.sema/cache/. --no-cache re-downloads.
  • Air-gapped support. SEMA_RUNTIME_BASE_URL overrides the download location for mirrors or offline builds.
macOS ARM
aarch64-apple-darwin
Mach-O section
macOS Intel
x86_64-apple-darwin
Mach-O section
Linux x86_64
x86_64-unknown-linux-gnu
ELF append
Linux ARM
aarch64-unknown-linux-gnu
ELF append
Windows
x86_64-pc-windows-msvc
PE resource
cross-compile — all targets
$ sema build agent.sema --target all
→ agent-aarch64-apple-darwin (12.1 MB)
→ agent-x86_64-apple-darwin (12.4 MB)
→ agent-x86_64-unknown-linux-gnu (11.8 MB)
→ agent-aarch64-unknown-linux-gnu (11.6 MB)
→ agent-x86_64-pc-windows-msvc.exe (11.9 MB)
✓ 5 binaries built

Binary layout

How the archive gets injected.

The injection strategy varies by binary format — detected from the runtime binary's magic bytes, not the build host. Each method preserves binary integrity and OS loader compatibility.

Linux (ELF)Raw append + trailer
Original Sema Binary (ELF)
VFS Archive
archive_size: u64 LEmagic: SEMAEXEC
ELF loaders ignore appended data — the binary stays valid.
macOS (Mach-O)Section injection
Mach-O Header
Load Commands
Segments
semaexec section ← VFS archive
Injected via libsui, ad-hoc re-signed for ARM64.
Windows (PE)Resource injection
PE Header
.text, .data
.rsrc
semaexec resource ← VFS archive
Injected via libsui. Authenticode signatures stripped.

VFS — bundled files

Your files travel with the binary.

--include data.json or --include assets/ bundles files into a virtual filesystem inside the executable. At runtime, file/read, import, and load check the VFS first, then the real filesystem. Your code doesn't change between dev and production.

  • Transparent interception. file/read, file/exists?, import, load — all check VFS first.
  • Recursive directories. --include assets/ bundles everything underneath.
  • Integrity checked. CRC32-IEEE checksum on the archive — corruption is detected at load.
  • Writes go to real FS. file/write, file/append, file/delete always target the real filesystem, never the VFS.
VFS Archivev1 · CRC32 · 4 entries
__main__.semac4.2 KBbytecode
lib/utils.sema890 Btraced import
data.json12.1 KB--include
prompts/system.txt340 B--include
Total: 17.5 KBchecksum: verified

Capability sandbox

Fence off what's dangerous.

--sandbox restricts shell access, filesystem writes, network calls, and LLM access — per group. --allowed-paths whitelists specific directories. Run untrusted code without exposing the host.

  • Strict mode. --sandbox strict blocks shell, network, and filesystem writes. Only --allowed-paths are readable.
  • Allowed paths. --sandbox strict --allowed-paths ./data,./output — granular filesystem access.
  • Per-capability. --sandbox shell,network — block only specific capabilities, allow the rest.
strictdefaultall
Shell
File write
Network
LLM
File readwhitelist

Build your first binary.

One command. Trace, compile, bundle, inject.

build$sema build agent.sema -o agent
cross$sema build agent.sema --target all
bundle$sema build agent.sema --include assets/ -o agent
Executable format docsOpen the playground