Software Supply Chains are Dead: Use-Case-Oriented Regeneration

📅 2026-07-14
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the high maintenance overhead and supply chain attack risks inherent in traditional software dependencies by proposing a use-case-driven dependency regeneration paradigm. It introduces a novel functional slicing mechanism guided by real-world usage patterns observed in code repositories, leveraging generative AI and agent-based workflows to synthesize minimal functional subsets that precisely satisfy specific requirements. By integrating API surface analysis with runtime behavioral observation, the approach generates lean, purpose-built replacements for full dependencies. Evaluation across 180 repository-dependency pairs demonstrates that the regenerated code preserves 99.8% of original behavior while reducing the exported API surface area by 93%, substantially diminishing the trust assumptions and attack surface associated with external dependencies.
📝 Abstract
Modern software development relies on an increasingly doubtful premise: that the up-front implementation savings from adopting a dependency outweighs the maintenance costs. Two changes are reshaping the build-vs.-reuse calculus: software supply chain attacks have raised the cost of external reliance, while generative AI has lowered the cost of local implementation. We envision use-case-oriented regeneration as a new software sourcing paradigm that shifts the supply chain from external trust to local verification. We evaluate an agentic workflow that synthesizes only the specific slice of dependency functionality that a repository exercises. Our measurements across 180 repository-dependency pairs suggest that this approach is feasible: the replacements preserve 99.8% of repository-observed behavior across baseline validation checks and reduce the exported API surface by 93%. Software sourcing may evolve toward verifiable repository-specific code synthesis, especially when the required functionality is narrow, stable, and well tested.
Problem

Research questions and friction points this paper is trying to address.

software supply chain
dependency management
supply chain attacks
code reuse
software maintenance
Innovation

Methods, ideas, or system contributions that make the work stand out.

use-case-oriented regeneration
software supply chain
generative AI
dependency minimization
local code synthesis