I've been working on NPL at Noumena, and we took a controversial stance: your first program should have the same security guarantees as your production system. Most languages teach you to write insecure code first, then bolt on security later. We built NPL to make that impossible.

In NPL, authorization isn't middleware - it's syntax. Every function declares who can call it. The runtime enforces it. PostgreSQL persistence happens automatically. Audit trails are generated without asking. This isn't about adding more abstractions. It's about making the right things automatic at the language level.

The tradeoff? You lose some flexibility. The benefit? You can't accidentally ship an insecure endpoint. Is building security into language syntax going too far? Or is this what we should've been doing all along?

Get started with NPL