Software makes commitments all of the time. "I won't transfer more than $500," "I'll only access these three APIs," "I won't modify production data." But there is truly no way to verify it actually kept those commitments after the fact. All you do is just trust the logs and which the software itself wrote.

I built Nobulex to fix this. It is open-source middleware that does three things:

1. Lets you define behavioral rules in a simple DSL (permit, forbid, require)

2. Intercepts all actions at runtime and blocks anything that will violate the rules

3. Logs everything in a hash-chained audit trail that anyone can independently verify, not just the operator.

The key insight: you can't just audit a neural network's reasoning, but what you can do is audit its actions against stated commitments. `verify(rules, actionLog)` is always deterministic.

    npm install @nobulex/identity @nobulex/covenant-lang @nobulex/middleware

Three packages, three lines to integrate. The rule language is Cedar-inspired:

    covenant MyAgent {
      permit read;
      forbid transfer where amount > 500;
      require log_all;
    }

Site: nobulex.com | 6,100+ tests across 61 packages. MIT licensed.

I'd love feedback on the rule language — is the permit/forbid syntax intuitive, or would you design the DSL differently?

I'm 15 and built this solo. Happy to answer anything about the architecture.