Skip to main content

A generalized agentic contract/control-plane language for governed AI software delivery.

Project description

Nornyx

PyPI Python CI License: MIT

A generalized agentic contract/control-plane language for governed AI software delivery.

pip install nornyx

Your AI-engineering rules live scattered across AGENTS.md, a skills folder, prompt/context packs, a harness script, an eval config, policy docs, evidence templates, and approval checklists — and they drift out of sync. Nornyx makes them one checked source of truth: write a single .nyx file, then generate and validate all those artifacts from it.

one .nyx contract  ──►  AGENTS.md · skills/ · harness.yaml · policy.yaml
                        evals.yaml · context.yaml · evidence_contract.md

Nornyx does not replace Codex, Claude Code, Cursor, Copilot, CI/CD, or human review. It compiles, checks, and generates the control artifacts those execution surfaces follow.

Install

pip install nornyx          # from PyPI
# or pin from source:
pip install "nornyx @ git+https://github.com/mazinmarji/nornyx@v1.1.1"

Requires Python 3.10+. The only runtime dependency is PyYAML.

Quick start (5 minutes)

# 0. drop the bundled example contracts into ./examples/
nornyx examples

# 1. check a contract
nornyx check examples/governed_delivery_control_plane.nyx

# 2. generate the control artifacts from it
nornyx generate examples/governed_delivery_control_plane.nyx --out generated/cp

# 3. build a provenance-hashed context pack
nornyx context-build examples/governed_delivery_control_plane.nyx --repo . --out generated/context.json

# 4. inspect the schema
nornyx schema --version 1.0

(If you didn't install the console script, use python -m nornyx.cli ....)

nornyx generate writes AGENTS.md, skills/, harness.yaml, policy.yaml, evals.yaml, context.yaml, and evidence_contract.md into the output folder — regenerate any time the .nyx changes, and nornyx check keeps them honest.

A contract looks like this

nornyx: "0.1"
project:
  name: GovernedDelivery

contexts:
  - name: RepoContext
    include: ["src/**/*.py", "docs/**/*.md"]
    authority: ["docs/SECURITY.md"]
    taint:                       # trust boundaries are first-class
      repo: trusted_repo_file
      user_prompt: untrusted
      external_web: untrusted

policies:
  - name: SafeEditPolicy
    rules:
      - deny secrets_to_llm
      - require tests_if_code_changed
      - require evidence_if_harness_completed

agents:
  - name: Builder
    role: "Implement small scoped patches."
    skills: [PatchBuilder, TestRepair, EvidencePack]
    policy: SafeEditPolicy

harnesses:
  - name: DevHarness
    context: RepoContext
    flow:
      - agent: Builder
        action: implement
      - tool: tests
        action: run
      - evidence: DevEvidence
        action: pack
    gate:
      - require: tests.pass
      - require: human_approval_before_merge

Use it in your repo

Going from the demo to your own project is four steps:

# 1. scaffold a .nyx for your repo (pick a profile, default ai_coding)
nornyx init --name YourRepo --out nornyx.nyx

# 2. edit nornyx.nyx — your contexts, policies, agents, harness — then check it
nornyx check nornyx.nyx

# 3. generate the artifacts and put AGENTS.md where your agent reads it
nornyx generate nornyx.nyx --out .nornyx/
cp .nornyx/AGENTS.md AGENTS.md          # the file Claude Code / Cursor / Copilot read

# 4. commit nornyx.nyx (the source) and the artifacts you use

Keep them from drifting. Commit the generated directory and add a check that it still matches the contract — in CI or a pre-commit hook:

nornyx drift nornyx.nyx --out .nornyx   # nonzero exit if ANY artifact drifts

nornyx drift compares every generated artifact by hash (not just AGENTS.md), so a change to policy.yaml is caught too. Across many repos, declare your org policy once in a workspace manifest and verify each repo matches it:

nornyx workspace-check --manifest nornyx.workspace.yaml

Now the .nyx is the single source of truth: edit it, regenerate, and the check fails loudly if any artifact drifts. Full walkthrough: docs/USE_IN_YOUR_REPO.md.

Why Nornyx

  • One source of truth for agent/skill/harness/policy/eval/evidence artifacts — no more drift.
  • Context trust model: mark which context is trusted vs untrusted so untrusted input can't define policy, and deny secrets_to_llm at the contract level.
  • Generators + a checker: turn .nyx into the files your tools read, and verify references and required fields.
  • Generated-artifact drift gate: catch when regenerated output diverges from a committed baseline.
  • YAML-compatible syntax — no new parser to learn for v0.1.

Scope and safety

Nornyx v0.1 is an executable specification layer, not a runtime. It does not implement autonomous system modification, production deployment, destructive tool use, credential handling, or arbitrary command execution. The name Nornyx is a provisional working brand (no formal legal clearance claimed).

Learn more

Development

git clone https://github.com/mazinmarji/nornyx && cd nornyx
pip install -e ".[dev]"
python -m pytest -q

License

MIT — see LICENSE. Copyright (c) 2026 Mazin Marji and Nornyx Contributors.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nornyx-1.1.10.tar.gz (131.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nornyx-1.1.10-py3-none-any.whl (121.0 kB view details)

Uploaded Python 3

File details

Details for the file nornyx-1.1.10.tar.gz.

File metadata

  • Download URL: nornyx-1.1.10.tar.gz
  • Upload date:
  • Size: 131.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nornyx-1.1.10.tar.gz
Algorithm Hash digest
SHA256 e6639418a5b917ac2f559fe164cf814e9646c87f8ae96b154509a3f2b029328a
MD5 5a7b932153acf34ccf3729106905c328
BLAKE2b-256 a91b3bd13c1a3dea36e6464848b1e832c866ea7ab50bd4a74c1cb90c1f11ff12

See more details on using hashes here.

Provenance

The following attestation bundles were made for nornyx-1.1.10.tar.gz:

Publisher: release.yml on mazinmarji/nornyx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nornyx-1.1.10-py3-none-any.whl.

File metadata

  • Download URL: nornyx-1.1.10-py3-none-any.whl
  • Upload date:
  • Size: 121.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nornyx-1.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 23731e640c3899feaef0c70965f7a182540d634036cde91609e13a92c7d454d7
MD5 bfeeed9ce99ec1d8787f49256472892f
BLAKE2b-256 83814b09cfa30760a87a62bf4d709df670b64f6bf0475da45c54ba76da276777

See more details on using hashes here.

Provenance

The following attestation bundles were made for nornyx-1.1.10-py3-none-any.whl:

Publisher: release.yml on mazinmarji/nornyx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page