Rulix AI
An AI governance product I built from a real adoption-team problem — assess your AI program against NIST AI RMF, EU AI Act, and ISO/IEC 42001.
Stack

I started from a concrete problem adoption teams hit — ship AI fast without skipping governance — and defined a product that maps a company's AI initiatives against NIST AI RMF, the EU AI Act, and ISO/IEC 42001 in a single pass: persona-tailored assessment → maturity profile → gap analysis → framework-grounded roadmap pointing at specific templates to fork.
The problem
Rulix AI closes that gap with a single assessment that produces a maturity profile, gap analysis, and a framework-grounded roadmap pointing at the specific templates to fork on Day 1.
What I built
- Three-framework alignment in one assessment. Maps a company's AI initiatives against NIST AI RMF, the EU AI Act, and ISO/IEC 42001 in a single pass. Same source of truth, three audit-ready views.
- 47 questions, 5 pillars, 6 maturity levels, 5 personas. The full question pool is universal; persona selection (AI Adoption Lead, Executive Sponsor, Department Champion, Security Lead, Compliance Lead) determines which subset renders. Maturity vocabulary adapted from Credo AI's 6-level model.
- Sector overlays. EU AI Act, HIPAA, and SOX overlays for regulated industries — additional questions and obligations surfaced only when the overlay applies.
- Roadmap, not just a score. The output is a prioritized roadmap in 3 urgency buckets (Do now / This quarter / This year), with each item pointing at specific framework sections, workflow steps, and templates to fork. The deliverable no other governance platform produces.
- Free, ungated, open-source-friendly. No lead-capture wall. Framework content (assessment, workflows, templates, overlays) is open and browseable on the web. Users can fork the entire repo and run the framework manually without ever using the platform.
Architecture
Mono-repo built with pnpm + Turborepo. NestJS API on Render, Next.js 16 web on Vercel, Supabase Postgres with row-level security as the data layer. Same engineering discipline as Voltrisks (ADRs, hooks, skills, CI), distinct stack optimized for an enterprise-coded governance product.