AI agents can read your secrets, encode them, and send them to an external API — all in three steps. NAAb blocks the sequence before the network call fires. No prompt engineering. No post-hoc log scanning.
Drop a govern.json in your project. NAAb tracks behavioral sequences across your entire script and blocks the dangerous step before it executes.
{
"version": "5.0",
"mode": "enforce",
"behavioral_sequences": {
"enabled": true,
"patterns": [{
"name": "credential_exfiltration",
"sequence": [
"env.get:*KEY*|*SECRET*|*TOKEN*",
"encode|base64",
"agent.send|http.post"
],
"level": "hard"
}, {
"name": "config_harvest",
"sequence": [
"file.read:*config*|*govern*",
"agent.send"
],
"level": "hard"
}]
}
}
$ naab agent_task.naab [governance] Behavioral sequence 'credential_exfiltration' blocked before execution. Pattern matched: Step 1 env.get("API_SECRET_KEY") ✓ Step 2 crypto.base64_encode(...) ✓ Step 3 agent.send(handle, ...) ✗ BLOCKED Rule: behavioral_sequences .credential_exfiltration [HARD] Execution stopped before API call.
Catches .push() in Python, print() in JS, json.stringify() instead of json.dumps() — with "did you mean?" corrections for 86+ patterns across Python and JavaScript.
Detects stub functions, pass-only bodies, validate() that always returns True, identity functions, NotImplementedError, and fabricated status responses. 35+ patterns.
Catches except:pass, bare raises, vague error messages like "something went wrong", degenerate loops, and always-true/false conditions. 40+ patterns.
SQL injection, path traversal, shell injection, privilege escalation, unsafe deserialization, data exfiltration, and entropy-based secret detection.
Placeholders (TODO/FIXME), dead code, debug artifacts, simulation markers, mock data, apologetic language, hardcoded URLs/IPs, and PII detection.
Export governance results as SARIF for GitHub Code Scanning, JUnit XML for Jenkins/GitLab CI, or JSON for custom tooling. Three enforcement levels: HARD, SOFT, ADVISORY.
Opt-in: governance reads your CLAUDE.md, .editorconfig, .eslintrc, package.json and more. Extracts rules, bans, and style preferences — then supplements govern.json without overriding it. Three layers, each toggleable.
Tracks untrusted data (env variables, polyglot output) through all 15 AST expression types. Blocks tainted data at configured sinks (shell execution, env writes). Prefix-based sanitizer detection clears taint. Works across async boundaries and module imports.
Automatically re-runs polyglot blocks through additional language runtimes and compares results. Catches silent computation errors, floating-point drift, and off-by-one bugs that a single runtime would miss.
Prompts are suggestions. Governance is enforcement. NAAb controls AI output at the runtime level — where it can't be bypassed.
Every AI session starts fresh. No memory of your standards, security rules, or architecture. The result:
AI generates whatever it wants. govern.json decides what actually executes:
Enable cross-language verification in govern.json. NAAb re-runs each polyglot block through independent runtimes and reports consensus — or flags drift.
{
"verification": {
"enabled": true,
"enforcement_level": "soft",
"consensus_languages": ["python", "javascript", "go"],
"tolerance": 1e-10
}
}
$ naab-lang app.naab [VERIFY] Line 12: python block Consensus: 3/3 agree (python, javascript, go) Result: 4950 [VERIFY] Line 28: javascript block DRIFT DETECTED: 2/3 agree javascript → "0.30000000000000004" python → "0.3" go → "0.3"
Governance suggestions are backed by real benchmarks on your machine. Calibrate once, get measured recommendations with confidence labels.
$ naab-lang calibrate Languages: python, go, rust, nim, shell Iterations: 3 numerical: #1 go 879 us #################### 100 #2 rust 8,963 us ## 9 #3 python 51,800 us 1 string: #1 javascript 63,000 us #################### 100 #2 rust 80,270 us ################ 78 #3 python 105,816 us ############ 59 Calibration saved to ~/.naab/calibration.json
$ naab-lang race app.naab --block 2 Racing block [2]: <<python>> at line 38 Code: sum(range(100)) Detected task: numerical RACE RESULTS (calibrated) #1 go 879 us #################### 100 #2 rust 8,963 us ## 9 #7 python 51,800 us 1 <-- YOU Your block: python (score: 1/100) Fastest: go (58.9x faster) Confidence: CALIBRATED
Use each language where it shines. Variables flow between languages automatically — no FFI, no serialization, no microservices.
main { let numbers = [10, 20, 30, 40, 50] // Python: statistical analysis let stats = <<python[numbers] import statistics mean = statistics.mean(numbers) stdev = statistics.stdev(numbers) f"mean={mean}, stdev={stdev:.1f}" >> // Rust: high-performance hashing let hash = <<rust fn main() { let input = std::env::args().last() .unwrap(); println!("{:x}", md5::compute( input.as_bytes() )); } >> print(stats) print(hash) }
$ naab-lang app.naab mean=30, stdev=15.8 a7b9f3e2d1c4... ─────────────────────── 2 polyglot blocks executed python ............ 42ms rust ............ 18ms
Modern language features, a rich standard library, and developer tools that make polyglot programming productive.
FSM-based runtime detection of multi-step attack patterns. User-defined sequences in govern.json. Pre-execution blocking before the final dangerous step runs.
Monitors LLM agent coherence across turns. Detects repeated failures, circular actions, scope creep, and contradictions with configurable thresholds.
Trust-anchored governance signing. --keygen, --sign-governance, --trust-key. One-way ratchet — mid-run reloads can only tighten, never loosen.
Expressive match with guard clauses, array destructuring, binding patterns, and wildcard matching.
Non-blocking concurrent execution with async functions and await for I/O-bound operations.
First-class functions with closure capture. Pass functions as values, return them, store them in data structures.
Chain operations with |> for readable data transformation pipelines. Left-to-right composition.
Import/export with named imports, wildcard imports, and aliasing. Organize code across multiple files.
try/catch/throw with polyglot error propagation. Errors from Python or JavaScript blocks flow into NAAb's catch.
Pass variables into polyglot blocks with <<python[x, y]. Automatic serialization across language boundaries.
Independent polyglot blocks run in parallel automatically. Dependency analysis ensures correct ordering.
"Did you mean?" suggestions for typos, detailed error messages with examples, and common mistake detection.
Lazy iteration with yield. Auto-detected generator functions work with for-in loops.
Declare contracts with interface, validate with implements. Duck-typed method dispatch via free functions.
Run naab-lang with no args for an interactive session. Persistent state, multi-line input, auto-printing.
Stack-based bytecode compiler and VM. ~8x faster than tree-walking. Computed goto dispatch, NaN-boxing fast paths.
Multi-agent role enforcement via --agent-id. Per-agent path/language restrictions, telemetry JSONL, dashboard output.
A comprehensive standard library with 204 error messages, "Did you mean?" suggestions, and detailed documentation.
95,000+ lines of modern C++17. Bytecode VM (default, ~8x faster) with computed goto dispatch, recursive descent parser, and isolated polyglot executors.
Default: Bytecode VM (~8x faster) — --tree-walk for legacy AST interpreter
Embedded via C API. In-process execution with variable injection.
Embedded QuickJS engine. Isolated runtime with fast startup.
Rust, C++, Go, C#, Nim, Zig compile to native binaries. Julia JIT-compiled. Thread-safe temp files.
50+ static analysis checks for AI-generated code. Hardcoded secrets, hallucinated APIs, stub functions, SQL injection — caught before they reach production.
AI defaults to Python. Pivot analyzes your slow Python/Ruby/JS, rewrites it to Go/Rust/C++, and proves the output is statistically identical. 3–60x speedups.
Intercepts SSNs, credit cards, API keys, and health records before they leave your system. Sovereign architecture — all decisions made locally. HIPAA · GDPR · SOC2.
NAAb is open source, MIT licensed, and ready for your next project.