Today in AI psychosis:

Honest response after half an hour: the author AI-DDoS'd themself.

Starting at README.md: It's nigh unreadable and says genuinely odd things on repeat. "22 pure-Rail TLS tests, all green" is not a brag for a stack that ships its own ASN.1, X.509, two elliptic curves, RSA-PSS, RSA-PKCS1, AEAD, and a TLS 1.3 state machine. The "Production surface is narrow and honest" paragraph then lists everything except a kitchen sink.

"v3.0.0 is self-improving": what? It's a DSL and its compiler. The repo's claim decompresses to "I prompt an LLM to emit Rail and used `does it compile?` as the reward." Compiles != correct; "three independent training lineages" is doing the work of "I ran the loop three times."

The worst part is that the AI should have been pointed at the codebase, not at the marketing. The TLS client never walks the cert chain: tls13_client.rail parses the leaf, verifies the leaf's signature against the leaf's own public key, and calls it a day. cc_walk_chain exists in cert_chain.rail but is reachable only from test files. Any self-signed cert with the right SAN trivially MITMs every HTTPS call the README advertises. The TLS ephemeral private key is generated by shelling dd if=/dev/urandom into a fixed /tmp/rail_https_rand.bin path, so any local user wins it with a symlink race and passively decrypts every session. And http_server.rail's serve_static is literally dir + path with no .. rejection: GET /../../etc/passwd works.

but why?..

What does it even mean?