🤖 AI Summary
This work addresses the high maintenance overhead and supply chain attack risks inherent in traditional software dependencies by proposing a use-case-driven dependency regeneration paradigm. It introduces a novel functional slicing mechanism guided by real-world usage patterns observed in code repositories, leveraging generative AI and agent-based workflows to synthesize minimal functional subsets that precisely satisfy specific requirements. By integrating API surface analysis with runtime behavioral observation, the approach generates lean, purpose-built replacements for full dependencies. Evaluation across 180 repository-dependency pairs demonstrates that the regenerated code preserves 99.8% of original behavior while reducing the exported API surface area by 93%, substantially diminishing the trust assumptions and attack surface associated with external dependencies.
📝 Abstract
Modern software development relies on an increasingly doubtful premise: that the up-front implementation savings from adopting a dependency outweighs the maintenance costs. Two changes are reshaping the build-vs.-reuse calculus: software supply chain attacks have raised the cost of external reliance, while generative AI has lowered the cost of local implementation. We envision use-case-oriented regeneration as a new software sourcing paradigm that shifts the supply chain from external trust to local verification. We evaluate an agentic workflow that synthesizes only the specific slice of dependency functionality that a repository exercises. Our measurements across 180 repository-dependency pairs suggest that this approach is feasible: the replacements preserve 99.8% of repository-observed behavior across baseline validation checks and reduce the exported API surface by 93%. Software sourcing may evolve toward verifiable repository-specific code synthesis, especially when the required functionality is narrow, stable, and well tested.