# wro.cpp > A curated reference for working C++ developers in 2026. Premium open-source first. Hard OSS made easier. Runnable claims, freshness bar, methodology you can audit. wro.cpp is a Wroclaw-based C++ community hub. The Toolset section is the part most useful to AI coding agents: opinionated, scenario-driven, freshness-stamped reference material, with each page available as a plain-text companion at /toolset//llms.txt. ## Toolset (machine-readable) - [C++26 compiler support](https://wrocpp.github.io/toolset/compiler-support/llms.txt): per-feature, per-compiler matrix derived from godbolt examples we re-verify on every publish. - [AI coding agents for C++](https://wrocpp.github.io/toolset/ai-coding-agents-for-cpp/llms.txt): Eight agents evaluated for C++ work. Premium open-source first. With AGENTS.md template, MCP servers worth wiring, and a decision tree. - [C++26 Contracts -- four enforcement modes, one migration path](https://wrocpp.github.io/toolset/contracts-2026/llms.txt): P2900R14 Contracts shipped in C++26: preconditions, postconditions, and contract_assert with four enforcement modes (ignore, observe, enforce, quick_enforce). GCC 16.1 implements them via -fcontracts. This page covers the syntax, the replaceable violation handler, practical patterns for module boundaries and serialization, contracts as fuzz oracles, and the migration path from observe-in-staging to enforce-in-production. - [Modern C++ Reading List 2026 -- the safety + security canon](https://wrocpp.github.io/toolset/modern-cpp-reading-list-2026/llms.txt): The committee papers, talks, industry deployment reports, blog posts, and regulatory references that define the modern + secure + safe-by-default C++ conversation in 2026. Quarterly-refreshed. Companion piece to the May 2026 'C++ Safety State of the Union' essay. - [Testing for safety in 2026 -- the four coverage levels and the reflection-driven shortcut](https://wrocpp.github.io/toolset/testing-for-safety-2026/llms.txt): Catch2 / doctest / GoogleTest / boost-ext.UT for the floor, RapidCheck for properties, libFuzzer + AFL++ for the ceiling, differential testing for the corners. Plus the C++26 reflection pattern that auto-generates per-field tests so the test suite grows with the schema. Plus the C++26 contracts + C++29 injection direction that turns specs into tests. - [C++ supply chain in 2026 -- vcpkg / Conan / SBOM / CVE feeds, plus reflection-driven SBOMs that cannot drift](https://wrocpp.github.io/toolset/cpp-supply-chain-2026/llms.txt): C++ shipping in 2026 means a real package manager (vcpkg or Conan), a CycloneDX or SPDX SBOM emitted on every build, and CVE feeds (NIST NVD + GitHub Advisory) wired into CI. Plus the reflection-driven pattern that closes the gap conventional SBOM workflows leak: components encoded as P3394 annotations on the vendoring types, with a consteval lint that refuses to compile a vendored type missing its component metadata. The SBOM cannot drift from the source because there is no source for it to drift from. - [C++ coding standards in 2026 -- MISRA, SEI CERT, JSF AV side by side, plus reflection-driven composable rule bundles](https://wrocpp.github.io/toolset/cpp-coding-standards/llms.txt): MISRA C++:2023, SEI CERT C++, JSF AV C++. Three coding standards, three regulated industries, three analyzers in your CI. The pages compares scope and overlap, then shows the reflection-driven pattern that lets a single header opt into multiple standards at once: encode each rule as a consteval predicate over T's reflection, compose them with operator&&, fail at compile time. No analyzer-config matrix; rule violations become compile errors with the failing rule's name in the diagnostic. - [SIMD in C++ 2026 -- std::simd, Highway, ISPC, and reflection-derived SoA](https://wrocpp.github.io/toolset/simd-in-cpp-2026/llms.txt): Picking a SIMD path in C++26: portable std::simd (P1928) for 80% of vectorisable kernels, Google Highway for cross-architecture dispatch, ISPC when you want shader-style SPMD, raw intrinsics when you absolutely need the last cycle. Plus the reflection-derived Structure-of-Arrays layout that turns any aggregate into auto-vectorisable storage without hand-writing the transform. - [Lifetime safety in C++ 2026 -- lifetimebound, dangling-detection, and the schema-level borrow lint](https://wrocpp.github.io/toolset/lifetime-safety-2026/llms.txt): Bounds and null are easy to talk about; lifetime is the hard one. C++ in 2026 ships [[clang::lifetimebound]], `-Wdangling-gsl`, the C++ Core Guidelines lifetime profile (P1179), `gsl::not_null`, and scope guards via `std::scope_exit`. Plus a reflection-driven schema lint that forces every non-owning view member to declare its borrow intent at the type level -- catching the structural dangle that escapes the per-call analyzer. - [Qualified C++ compilers in 2026 -- which toolchain ships in regulated industries](https://wrocpp.github.io/toolset/qualified-compilers/llms.txt): ISO 26262 (automotive), IEC 61508 (industrial), DO-178C (avionics), IEC 62304 (medical) all require a Software Tool Confidence Level (TCL) argument for the compiler. This page maps the 2026 vendor landscape -- GHS MULTI, IAR EWARM, LLVM Embedded Toolchain for Arm, Arm Compiler 6, GCC + GHS qualification kits, and the new TCL kits for the LLVM-based vendors -- across the four big standards. Plus a reflection-driven MISRA C++:2023 lint that shrinks your tool-qualification surface. - [Hardened stdlib in 2026 -- one CMake line, ~1000 production bugs caught](https://wrocpp.github.io/toolset/hardened-stdlib/llms.txt): C++26 ratified the Hardened standard library (P3471) on top of Contracts (P2900). Flip one macro per implementation and vector::operator[], unique_ptr deref, and string overruns abort with a contract violation instead of silently corrupting memory. Google reports 0.3% perf cost across hundreds of millions of LOC, 1000+ bugs found. Plus the reflection-driven schema lint that catches the cases hardened-stdlib can't reach. - [Profiling C++ in 2026 -- perf / Tracy / Perfetto, plus reflection-driven auto-tracing](https://wrocpp.github.io/toolset/profiling-cpp-2026/llms.txt): When to reach for perf / Tracy / Perfetto / callgrind / VTune. The instrumentation tax each one costs. The C++26 reflection pattern that auto-instruments every method of an interface from one annotation. And the C++29 token-injection direction where the profiler IS the schema. - [Memory safety in C++26 and beyond -- what shipped, what's deferred to C++29, what to flip on today](https://wrocpp.github.io/toolset/memory-safety-cpp26-and-beyond/llms.txt): C++26 shipped Hardened standard library + Contracts + Reflection. The [[profiles::enforce]] attribute (P3081 / P3589 / P3984) was deferred to C++29. This page covers what you can turn on TODAY for memory safety -- across libc++, libstdc++, MSVC, clang-tidy, the lifetime attributes, and a reflection-driven user-library check -- plus the C++29 profile direction the standard is now heading toward. - [Sanitizers in 2026 -- safety today, reflection tomorrow](https://wrocpp.github.io/toolset/sanitizers-2026/llms.txt): ASan / UBSan / TSan / MSan / HWASan: when to use each, the CI pattern, the reflection-driven safe-by-construction alternative C++26 already enables, and the C++29-direction profile + injection that makes most sanitizer-found bugs uncompilable. - [Local LLM for C++ developers](https://wrocpp.github.io/toolset/local-llm-for-cpp/llms.txt): Open-weight coding models, runtime stack, and a working reference deployment (Jetson AGX Thor) wired to Continue.dev for a fully-private C++ workflow. Premium-OSS first; cloud only when you need the last 10%. ## Toolset (human-readable) - [Toolset hub](https://wrocpp.github.io/toolset/): index of all sections, editorial principles, and "how we test" methodology. - [AI coding agents for C++](https://wrocpp.github.io/toolset/ai-coding-agents-for-cpp/): Eight agents evaluated for C++ work. Premium open-source first. With AGENTS.md template, MCP servers worth wiring, and a decision tree. - [C++26 Contracts -- four enforcement modes, one migration path](https://wrocpp.github.io/toolset/contracts-2026/): P2900R14 Contracts shipped in C++26: preconditions, postconditions, and contract_assert with four enforcement modes (ignore, observe, enforce, quick_enforce). GCC 16.1 implements them via -fcontracts. This page covers the syntax, the replaceable violation handler, practical patterns for module boundaries and serialization, contracts as fuzz oracles, and the migration path from observe-in-staging to enforce-in-production. - [Modern C++ Reading List 2026 -- the safety + security canon](https://wrocpp.github.io/toolset/modern-cpp-reading-list-2026/): The committee papers, talks, industry deployment reports, blog posts, and regulatory references that define the modern + secure + safe-by-default C++ conversation in 2026. Quarterly-refreshed. Companion piece to the May 2026 'C++ Safety State of the Union' essay. - [Testing for safety in 2026 -- the four coverage levels and the reflection-driven shortcut](https://wrocpp.github.io/toolset/testing-for-safety-2026/): Catch2 / doctest / GoogleTest / boost-ext.UT for the floor, RapidCheck for properties, libFuzzer + AFL++ for the ceiling, differential testing for the corners. Plus the C++26 reflection pattern that auto-generates per-field tests so the test suite grows with the schema. Plus the C++26 contracts + C++29 injection direction that turns specs into tests. - [C++ supply chain in 2026 -- vcpkg / Conan / SBOM / CVE feeds, plus reflection-driven SBOMs that cannot drift](https://wrocpp.github.io/toolset/cpp-supply-chain-2026/): C++ shipping in 2026 means a real package manager (vcpkg or Conan), a CycloneDX or SPDX SBOM emitted on every build, and CVE feeds (NIST NVD + GitHub Advisory) wired into CI. Plus the reflection-driven pattern that closes the gap conventional SBOM workflows leak: components encoded as P3394 annotations on the vendoring types, with a consteval lint that refuses to compile a vendored type missing its component metadata. The SBOM cannot drift from the source because there is no source for it to drift from. - [C++ coding standards in 2026 -- MISRA, SEI CERT, JSF AV side by side, plus reflection-driven composable rule bundles](https://wrocpp.github.io/toolset/cpp-coding-standards/): MISRA C++:2023, SEI CERT C++, JSF AV C++. Three coding standards, three regulated industries, three analyzers in your CI. The pages compares scope and overlap, then shows the reflection-driven pattern that lets a single header opt into multiple standards at once: encode each rule as a consteval predicate over T's reflection, compose them with operator&&, fail at compile time. No analyzer-config matrix; rule violations become compile errors with the failing rule's name in the diagnostic. - [SIMD in C++ 2026 -- std::simd, Highway, ISPC, and reflection-derived SoA](https://wrocpp.github.io/toolset/simd-in-cpp-2026/): Picking a SIMD path in C++26: portable std::simd (P1928) for 80% of vectorisable kernels, Google Highway for cross-architecture dispatch, ISPC when you want shader-style SPMD, raw intrinsics when you absolutely need the last cycle. Plus the reflection-derived Structure-of-Arrays layout that turns any aggregate into auto-vectorisable storage without hand-writing the transform. - [Lifetime safety in C++ 2026 -- lifetimebound, dangling-detection, and the schema-level borrow lint](https://wrocpp.github.io/toolset/lifetime-safety-2026/): Bounds and null are easy to talk about; lifetime is the hard one. C++ in 2026 ships [[clang::lifetimebound]], `-Wdangling-gsl`, the C++ Core Guidelines lifetime profile (P1179), `gsl::not_null`, and scope guards via `std::scope_exit`. Plus a reflection-driven schema lint that forces every non-owning view member to declare its borrow intent at the type level -- catching the structural dangle that escapes the per-call analyzer. - [Qualified C++ compilers in 2026 -- which toolchain ships in regulated industries](https://wrocpp.github.io/toolset/qualified-compilers/): ISO 26262 (automotive), IEC 61508 (industrial), DO-178C (avionics), IEC 62304 (medical) all require a Software Tool Confidence Level (TCL) argument for the compiler. This page maps the 2026 vendor landscape -- GHS MULTI, IAR EWARM, LLVM Embedded Toolchain for Arm, Arm Compiler 6, GCC + GHS qualification kits, and the new TCL kits for the LLVM-based vendors -- across the four big standards. Plus a reflection-driven MISRA C++:2023 lint that shrinks your tool-qualification surface. - [Hardened stdlib in 2026 -- one CMake line, ~1000 production bugs caught](https://wrocpp.github.io/toolset/hardened-stdlib/): C++26 ratified the Hardened standard library (P3471) on top of Contracts (P2900). Flip one macro per implementation and vector::operator[], unique_ptr deref, and string overruns abort with a contract violation instead of silently corrupting memory. Google reports 0.3% perf cost across hundreds of millions of LOC, 1000+ bugs found. Plus the reflection-driven schema lint that catches the cases hardened-stdlib can't reach. - [Profiling C++ in 2026 -- perf / Tracy / Perfetto, plus reflection-driven auto-tracing](https://wrocpp.github.io/toolset/profiling-cpp-2026/): When to reach for perf / Tracy / Perfetto / callgrind / VTune. The instrumentation tax each one costs. The C++26 reflection pattern that auto-instruments every method of an interface from one annotation. And the C++29 token-injection direction where the profiler IS the schema. - [Memory safety in C++26 and beyond -- what shipped, what's deferred to C++29, what to flip on today](https://wrocpp.github.io/toolset/memory-safety-cpp26-and-beyond/): C++26 shipped Hardened standard library + Contracts + Reflection. The [[profiles::enforce]] attribute (P3081 / P3589 / P3984) was deferred to C++29. This page covers what you can turn on TODAY for memory safety -- across libc++, libstdc++, MSVC, clang-tidy, the lifetime attributes, and a reflection-driven user-library check -- plus the C++29 profile direction the standard is now heading toward. - [Sanitizers in 2026 -- safety today, reflection tomorrow](https://wrocpp.github.io/toolset/sanitizers-2026/): ASan / UBSan / TSan / MSan / HWASan: when to use each, the CI pattern, the reflection-driven safe-by-construction alternative C++26 already enables, and the C++29-direction profile + injection that makes most sanitizer-found bugs uncompilable. - [Local LLM for C++ developers](https://wrocpp.github.io/toolset/local-llm-for-cpp/): Open-weight coding models, runtime stack, and a working reference deployment (Jetson AGX Thor) wired to Continue.dev for a fully-private C++ workflow. Premium-OSS first; cloud only when you need the last 10%. ## Optional - [Posts](https://wrocpp.github.io/posts/): the wro.cpp blog timeline (long-form C++ articles). - [Events](https://wrocpp.github.io/events/): meetup history and upcoming sessions.