morteza.moradi
All projects
Live in production2026–present

Rulix AI

An AI governance product I built from a real adoption-team problem — assess your AI program against NIST AI RMF, EU AI Act, and ISO/IEC 42001.

Stack

Next.jsNestJSTypeScriptTurborepopnpmSupabaseTailwindVercelRenderNIST AI RMFEU AI ActISO/IEC 42001
Rulix AI — product screenshot

I started from a concrete problem adoption teams hit — ship AI fast without skipping governance — and defined a product that maps a company's AI initiatives against NIST AI RMF, the EU AI Act, and ISO/IEC 42001 in a single pass: persona-tailored assessment → maturity profile → gap analysis → framework-grounded roadmap pointing at specific templates to fork.

The problem

Companies want to ship AI fast. Legal, compliance, and risk teams want to know what they're shipping is defensible against NIST AI RMF, the EU AI Act, and ISO/IEC 42001. Right now those two conversations live in separate Notion pages, and the gap between them is where AI projects die — or worse, ship without the governance they need.

Rulix AI closes that gap with a single assessment that produces a maturity profile, gap analysis, and a framework-grounded roadmap pointing at the specific templates to fork on Day 1.

What I built

  • Three-framework alignment in one assessment. Maps a company's AI initiatives against NIST AI RMF, the EU AI Act, and ISO/IEC 42001 in a single pass. Same source of truth, three audit-ready views.
  • 47 questions, 5 pillars, 6 maturity levels, 5 personas. The full question pool is universal; persona selection (AI Adoption Lead, Executive Sponsor, Department Champion, Security Lead, Compliance Lead) determines which subset renders. Maturity vocabulary adapted from Credo AI's 6-level model.
  • Sector overlays. EU AI Act, HIPAA, and SOX overlays for regulated industries — additional questions and obligations surfaced only when the overlay applies.
  • Roadmap, not just a score. The output is a prioritized roadmap in 3 urgency buckets (Do now / This quarter / This year), with each item pointing at specific framework sections, workflow steps, and templates to fork. The deliverable no other governance platform produces.
  • Free, ungated, open-source-friendly. No lead-capture wall. Framework content (assessment, workflows, templates, overlays) is open and browseable on the web. Users can fork the entire repo and run the framework manually without ever using the platform.

Architecture

Mono-repo built with pnpm + Turborepo. NestJS API on Render, Next.js 16 web on Vercel, Supabase Postgres with row-level security as the data layer. Same engineering discipline as Voltrisks (ADRs, hooks, skills, CI), distinct stack optimized for an enterprise-coded governance product.

apps/
├── web/ — Next.js 16 App Router, Tailwind, Recharts (Vercel)
└── api/ — NestJS 10 (Render)
packages/
├── @ai-gov/config — shared tsconfig, ESLint, Prettier
├── @ai-gov/types — domain model, scoring + roadmap engines
├── @ai-gov/content-loader — parses framework + templates + overlays into typed objects
└── @ai-gov/db — Supabase client, Zod schemas, migrations
Data (Supabase)
└── PostgreSQL + RLS-on default-deny + 90-day retention via pg_cron
Ops
└── GitHub Actions CI (lint + typecheck + build on every PR)

Why this is the kind of problem I want to work on

Most AI Adoption / Enablement teams I've seen are caught between "move fast" and "govern well" — and the tooling to do both at once doesn't exist off-the-shelf. Rulix AI started from that ambiguity: assess on Monday, get a framework-grounded roadmap by Tuesday, start forking the right templates by Wednesday. Figuring out what the deliverable should be — a prioritized roadmap, not just a score — was the part that mattered most; the architecture and content followed from getting that right.