Enterprise AI engineering for teams that cannot vibe-code production.
ALESA NOVA turns AI coding into a governed engineering workflow: human command, agent execution, backup discipline, audit evidence, rollback path, and verification before “done”.
ALESA NOVA Basic is the free entry point into disciplined AI coding.
Mechanical safety gates
Secret-leak checks, insecure-default detection, backup-before-edit, and verify-before-done prompts reduce careless agent behavior.
AI assists. Humans decide.
NOVA is built for technical users who can review code, approve risk, and take responsibility for production outcomes.
GitHub + marketplace path
The public repo gives teams a transparent baseline before they move into enterprise/on-prem deployments.
From public plugin to enterprise operating discipline.
Install the basic plugin, run agentic coding through a controlled SOP, then mature into an on-prem governance stack when the environment requires stronger monitoring, approvals, and audit trails.
/plugin marketplace add mdrosli-design/alesa-nova-basicBuilt for regulated teams that need evidence, not promises.
AI Commander
Human technical owner sets objective, risk tier, boundary, and approval level before execution.
Agent execution
Codex, Claude, DeepSeek, and other agents can work with defined roles, not unchecked autonomy.
Evidence ledger
Backups, screenshots, test results, logs, and rollback paths become part of the delivery proof.
WebAdmin-ready
Enterprise posture supports realtime monitoring, guarded approvals, policy updates, and operational visibility.
AI coding is useful only when production power is controlled.
ALESA NOVA Server is the enterprise direction: agent gateway, policy packs, WebAdmin monitoring, signed update readiness, audit vault, local-model routing (zero cross-border by default), and human approval for sensitive actions. Packaged and test-covered; activates on your on-prem hardware.
Business messaging must be consent-led, auditable, and easy to stop.
For WhatsApp Business Platform projects, ALESA positions automation as a governed support layer. It should respect opt-in, approved templates, user opt-out, escalation to humans, and privacy-safe data handling.
The working rules are simple. The discipline is what matters.
Read before write
Agents must inspect code, schema, logs, and behavior before changing files or production state.
Backup before risk
Production and destructive actions require rollback path before edits, not after something breaks.
Verify after change
Done means functional probe, visible result, and reportable evidence. Not just “command succeeded”.
Independently verifiable. Not “bullet-proof” — reproducible.
52 reproducible tests
Enforcement acceptance + an action-based adversarial red-team. Extract, run npm test, watch every gate prove itself. Don’t trust the claim — reproduce it.
Every model obeys the same gate
Claude, Codex, DeepSeek, Qwen, or a local model — enforcement lives outside the model. We don’t rely on the model being well-behaved.
The agent can’t disable its own guardrails
Override needs an out-of-band human action; gate and config files are edit-denied to the agent. The first question every CISO asks.
Adversarial attacks contained · zero false-positives
Exercised with AgentDojo, Garak, Inspect (UK AISI), promptfoo & Nuclei across four defence layers. Server API: no medium-or-higher vulnerabilities (4,730 automated checks). Core results are cryptographically signed and mapped to OWASP LLM Top 10 + MITRE ATLAS.
Designed in alignment with BNM RMiT · NACSA Cyber Security Act 2024 · MAMPU · PDPA (alignment by design, not a certification claim). We publish what is proven and what is in progress — no system is 100%.
Start with NOVA Basic. Scale into enterprise governance when the work becomes critical.
For SIRIM, government, enterprise, education, and regulated workflows, ALESA NOVA is designed to keep AI coding powerful without handing production judgment to AI alone.