Sovereign data gateway and PII protection platform built on the NAAb Language. Ensures secure passage for sensitive data by validating schemas, detecting PII, and enforcing policies before data reaches untrusted systems.
Input: API request with potential PII
Output: Validated, redacted, or blocked request
Result: Zero PII leakage with mathematical certainty
- Sovereign Architecture β NAAb owns all decisions, polyglot workers are "dumb muscle"
- Self-Synthesizing β Compiles binaries at boot, SHA-256 verified
- Hardware Isolation β CPU pinning, network namespaces
- Anti-Smuggling β Strict schema enforcement
- Privacy-First β HIPAA, GDPR, SOC2 compliant
See NAAb Passage in action detecting and blocking PII leakage:
Safe API request with no sensitive data β ALLOWED
Request containing SSN, credit card, and email β BLOCKED
Passage detected:
- β Email:
john.doe@example.com(Score: 20) - β SSN:
123-45-6789(Score: 100) - β Credit Card:
4532-****-****-9010(Score: 80) - Total Risk: 200 (threshold: 90) β BLOCKED
Unauthorized field in request β BLOCKED
Try the demo yourself:
cd demos
./passage-demo.shSee DEMO_GUIDE.md for recording instructions.
# Clone with submodule
git clone --recursive https://github.com/b-macker/naab-passage.git
cd naab-passage
# Build NAAb
bash build.sh
# Start gateway
./naab/build/naab-lang main.naab
# Test request (in another terminal)
curl -X POST http://localhost:8091/ -d '{"model": "gpt-4", "messages": ["Hello"]}'HTTP β Go Gateway β NAAb Brain β Decision
β
Schema β
PII β
Risk β
Components:
- NAAb Brain (Python) - Sovereign decision engine with PII detection
- Go Gateway - HTTP/TLS proxy (forwards to brain via Unix socket)
- Rust Shield - Constant-time pattern scanner (network-isolated)
Security:
- Self-synthesizing workers with SHA-256 verification
- Forensic source shredding (3-pass overwrite)
- Hardware isolation (CPU pinning via
taskset, network namespaces viaunshare -n) - Anti-smuggling schema validation
- Hash-chained audit logging
PII Detection:
- Social Security Numbers (SSN)
- Credit card numbers
- Email addresses
- High-entropy secrets
- Custom patterns via configuration
Edit config/risk_matrix.json to customize PII policies:
{
"policies": [
{"type": "ID_SSN", "score": 100, "action": "BLOCK"},
{"type": "FIN_CREDIT_CARD", "score": 80, "action": "BLOCK"},
{"type": "SEC_HIGH_ENTROPY", "score": 40, "action": "REDACT"},
{"type": "ID_EMAIL", "score": 20, "action": "AUDIT"}
],
"thresholds": {
"block": 90,
"redact": 40
}
}- Privacy-First LLM Gateway - Use ChatGPT/Claude without leaking SSNs, API keys, customer names
- Zero-Trust Edge Security - Protect legacy APIs from injection and malformed data
- Self-Healing Security Appliances - Deploy in hostile clouds, auto-rebuild if tampered
# Run test suite
./naab/build/naab-lang verify_vigilant_v7.naab- NAAb Language β Core polyglot scripting language with governance
- NAAb BOLO β Code governance & AI validation (50+ checks)
- NAAb Pivot β Code evolution & optimization (3-60x speedups)
- NAAb Passage (this project) β Data gateway & PII protection (zero leakage)
MIT License - see LICENSE for details.
Brandon Mackert - @b-macker
NAAb Passage β Secure passage for sensitive data.