A generalized agentic contract/control-plane language for governed AI software delivery.
Project description
Nornyx
A generalized agentic contract/control-plane language for governed AI software delivery.
pip install nornyx
Your AI-engineering rules live scattered across AGENTS.md, a skills folder, prompt/context packs, a harness script, an eval config, policy docs, evidence templates, and approval checklists — and they drift out of sync. Nornyx makes them one checked source of truth: write a single .nyx file, then generate and validate all those artifacts from it.
one .nyx contract ──► AGENTS.md · skills/ · harness.yaml · policy.yaml
evals.yaml · context.yaml · evidence_contract.md
Nornyx does not replace Codex, Claude Code, Cursor, Copilot, CI/CD, or human review. It compiles, checks, and generates the control artifacts those execution surfaces follow.
Install
pip install nornyx # from PyPI
# or pin from source:
pip install "nornyx @ git+https://github.com/mazinmarji/nornyx@v1.1.1"
Requires Python 3.10+. The only runtime dependency is PyYAML.
Quick start (5 minutes)
# 0. drop the bundled example contracts into ./examples/
nornyx examples
# 1. check a contract
nornyx check examples/governed_delivery_control_plane.nyx
# 2. generate the control artifacts from it
nornyx generate examples/governed_delivery_control_plane.nyx --out generated/cp
# 3. build a provenance-hashed context pack
nornyx context-build examples/governed_delivery_control_plane.nyx --repo . --out generated/context.json
# 4. inspect the schema
nornyx schema --version 1.0
(If you didn't install the console script, use python -m nornyx.cli ....)
nornyx generate writes AGENTS.md, skills/, harness.yaml, policy.yaml, evals.yaml, context.yaml, and evidence_contract.md into the output folder — regenerate any time the .nyx changes, and nornyx check keeps them honest.
Shell/editor completion
nornyx complete emits JSON completion items for .nyx documents. Nornyx does
not install a shell hook by default; this command is the completion data source
to wire into shell functions, editor adapters, or small helper scripts.
Top-level block suggestions:
nornyx complete --prefix con
Reference-aware suggestions:
nornyx complete examples/governed_delivery_control_plane.nyx --path agent.policy --prefix Safe
The command prints LSP-shaped objects with label, kind, detail, and
insertText, so wrappers can parse the labels and present them as candidates.
A contract looks like this
nornyx: "0.1"
project:
name: GovernedDelivery
contexts:
- name: RepoContext
include: ["src/**/*.py", "docs/**/*.md"]
authority: ["docs/SECURITY.md"]
taint: # trust boundaries are first-class
repo: trusted_repo_file
user_prompt: untrusted
external_web: untrusted
policies:
- name: SafeEditPolicy
rules:
- deny secrets_to_llm
- require tests_if_code_changed
- require evidence_if_harness_completed
agents:
- name: Builder
role: "Implement small scoped patches."
skills: [PatchBuilder, TestRepair, EvidencePack]
policy: SafeEditPolicy
harnesses:
- name: DevHarness
context: RepoContext
flow:
- agent: Builder
action: implement
- tool: tests
action: run
- evidence: DevEvidence
action: pack
gate:
- require: tests.pass
- require: human_approval_before_merge
Use it in your repo
Going from the demo to your own project is four steps:
# 1. scaffold a .nyx for your repo (pick a profile, default ai_coding)
nornyx init --name YourRepo --out nornyx.nyx
# 2. edit nornyx.nyx — your contexts, policies, agents, harness — then check it
nornyx check nornyx.nyx
# 3. generate the artifacts and put AGENTS.md where your agent reads it
nornyx generate nornyx.nyx --out .nornyx/
cp .nornyx/AGENTS.md AGENTS.md # the file Claude Code / Cursor / Copilot read
# 4. commit nornyx.nyx (the source) and the artifacts you use
Keep them from drifting. Commit the generated directory and add a check that it still matches the contract — in CI or a pre-commit hook:
nornyx drift nornyx.nyx --out .nornyx # nonzero exit if ANY artifact drifts
nornyx drift compares every generated artifact by hash (not just AGENTS.md),
so a change to policy.yaml is caught too. Across many repos, declare your
org policy once in a workspace manifest and verify each repo matches it:
nornyx workspace-check --manifest nornyx.workspace.yaml
Now the .nyx is the single source of truth: edit it, regenerate, and the check
fails loudly if any artifact drifts. Full walkthrough:
docs/USE_IN_YOUR_REPO.md.
Reference a shared policy instead of copying it
A policy can reference a canonical definition rather than copy its rules, so there is nothing to drift in the first place:
policies:
- name: SafeDeliveryPolicy
ref: ../governance/nornyx.workspace.yaml#SafeDeliveryPolicy # single source
ref is <path>#<PolicyName>, resolved from a local .nyx contract or a
workspace manifest. The canonical rules live in one place; edit them there and
every referencing contract is updated. nornyx check and nornyx generate
resolve the reference and inline the real rules into policy.yaml. See the
bundled org_policies.nyx and
governed_service.nyx examples.
Why Nornyx
- One source of truth for agent/skill/harness/policy/eval/evidence artifacts — no more drift.
- Context trust model: mark which context is
trustedvsuntrustedso untrusted input can't define policy, and denysecrets_to_llmat the contract level. - Generators + a checker: turn
.nyxinto the files your tools read, and verify references and required fields. - Generated-artifact drift gate: catch when regenerated output diverges from a committed baseline.
- YAML-compatible syntax — no new parser to learn for v0.1.
Scope and safety
Nornyx v0.1 is an executable specification layer, not a runtime. It does not implement autonomous system modification, production deployment, destructive tool use, credential handling, or arbitrary command execution. The name Nornyx is a provisional working brand (no formal legal clearance claimed).
Learn more
- Positioning
- 5-minute adoption
- Nornyx Graph demo · expanded
- Schema targets and examples
- Roadmap toward a stable generalized contract language: see
docs/03_ROADMAP_TO_v1_AND_BEYOND.md.
Development
git clone https://github.com/mazinmarji/nornyx && cd nornyx
pip install -e ".[dev]"
python -m pytest -q
License
MIT — see LICENSE. Copyright (c) 2026 Mazin Marji and Nornyx Contributors.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nornyx-1.3.0.tar.gz.
File metadata
- Download URL: nornyx-1.3.0.tar.gz
- Upload date:
- Size: 136.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e182f346ca9b036a522ea4e289459a75c6b67c2693ff7610d34d7252e7a55cd
|
|
| MD5 |
89dfd604a695189b893c0a44901ee4d0
|
|
| BLAKE2b-256 |
23645903e3c7c6c858f6d7f323e6f500eb71d27ecf6883217cb217dc39511fb2
|
Provenance
The following attestation bundles were made for nornyx-1.3.0.tar.gz:
Publisher:
release.yml on mazinmarji/nornyx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nornyx-1.3.0.tar.gz -
Subject digest:
7e182f346ca9b036a522ea4e289459a75c6b67c2693ff7610d34d7252e7a55cd - Sigstore transparency entry: 2035005670
- Sigstore integration time:
-
Permalink:
mazinmarji/nornyx@7f2376ef841d60da6fa07757676933e0e7369a52 -
Branch / Tag:
refs/tags/v1.3.0 - Owner: https://github.com/mazinmarji
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7f2376ef841d60da6fa07757676933e0e7369a52 -
Trigger Event:
release
-
Statement type:
File details
Details for the file nornyx-1.3.0-py3-none-any.whl.
File metadata
- Download URL: nornyx-1.3.0-py3-none-any.whl
- Upload date:
- Size: 125.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9bd7ca617ee0c977c0d8a038ec854e275534fe2a5521a6fe8a105e02351847cc
|
|
| MD5 |
68dc0d7f615b8c1f16d4f53987c1c8ff
|
|
| BLAKE2b-256 |
0e71df922f2c997d1001ce0e659247f1f7db5f47e293aff2fe493860a5dd257a
|
Provenance
The following attestation bundles were made for nornyx-1.3.0-py3-none-any.whl:
Publisher:
release.yml on mazinmarji/nornyx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nornyx-1.3.0-py3-none-any.whl -
Subject digest:
9bd7ca617ee0c977c0d8a038ec854e275534fe2a5521a6fe8a105e02351847cc - Sigstore transparency entry: 2035005891
- Sigstore integration time:
-
Permalink:
mazinmarji/nornyx@7f2376ef841d60da6fa07757676933e0e7369a52 -
Branch / Tag:
refs/tags/v1.3.0 - Owner: https://github.com/mazinmarji
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7f2376ef841d60da6fa07757676933e0e7369a52 -
Trigger Event:
release
-
Statement type: