Skip to main content

A generalized agentic contract/control-plane language for governed AI software delivery.

Project description

Nornyx

A generalized agentic contract/control-plane language for governed AI software delivery.

Your AI-engineering rules live scattered across AGENTS.md, a skills folder, prompt/context packs, a harness script, an eval config, policy docs, evidence templates, and approval checklists — and they drift out of sync. Nornyx makes them one checked source of truth: write a single .nyx file, then generate and validate all those artifacts from it.

one .nyx contract  ──►  AGENTS.md · skills/ · harness.yaml · policy.yaml
                        evals.yaml · context.yaml · evidence_contract.md

Nornyx does not replace Codex, Claude Code, Cursor, Copilot, CI/CD, or human review. It compiles, checks, and generates the control artifacts those execution surfaces follow.

Install

pip install nornyx          # from PyPI
# or pin from source:
pip install "nornyx @ git+https://github.com/mazinmarji/nornyx@v1.1.1"

Requires Python 3.10+. The only runtime dependency is PyYAML.

Quick start (5 minutes)

# 0. drop the bundled example contracts into ./examples/
nornyx examples

# 1. check a contract
nornyx check examples/governed_delivery_control_plane.nyx

# 2. generate the control artifacts from it
nornyx generate examples/governed_delivery_control_plane.nyx --out generated/cp

# 3. build a provenance-hashed context pack
nornyx context-build examples/governed_delivery_control_plane.nyx --repo . --out generated/context.json

# 4. inspect the schema
nornyx schema --version 1.0

(If you didn't install the console script, use python -m nornyx.cli ....)

nornyx generate writes AGENTS.md, skills/, harness.yaml, policy.yaml, evals.yaml, context.yaml, and evidence_contract.md into the output folder — regenerate any time the .nyx changes, and nornyx check keeps them honest.

A contract looks like this

nornyx: "0.1"
project:
  name: GovernedDelivery

contexts:
  - name: RepoContext
    include: ["src/**/*.py", "docs/**/*.md"]
    authority: ["docs/SECURITY.md"]
    taint:                       # trust boundaries are first-class
      repo: trusted_repo_file
      user_prompt: untrusted
      external_web: untrusted

policies:
  - name: SafeEditPolicy
    rules:
      - deny secrets_to_llm
      - require tests_if_code_changed
      - require evidence_if_harness_completed

agents:
  - name: Builder
    role: "Implement small scoped patches."
    skills: [PatchBuilder, TestRepair, EvidencePack]
    policy: SafeEditPolicy

harnesses:
  - name: DevHarness
    context: RepoContext
    flow:
      - agent: Builder
        action: implement
      - tool: tests
        action: run
      - evidence: DevEvidence
        action: pack
    gate:
      - require: tests.pass
      - require: human_approval_before_merge

Use it in your repo

Going from the demo to your own project is four steps:

# 1. scaffold a .nyx for your repo (pick a profile, default ai_coding)
nornyx init --name YourRepo --out nornyx.nyx

# 2. edit nornyx.nyx — your contexts, policies, agents, harness — then check it
nornyx check nornyx.nyx

# 3. generate the artifacts and put AGENTS.md where your agent reads it
nornyx generate nornyx.nyx --out .nornyx/
cp .nornyx/AGENTS.md AGENTS.md          # the file Claude Code / Cursor / Copilot read

# 4. commit nornyx.nyx (the source) and the artifacts you use

Keep them from drifting. Commit the generated directory and add a check that it still matches the contract — in CI or a pre-commit hook:

nornyx drift nornyx.nyx --out .nornyx   # nonzero exit if ANY artifact drifts

nornyx drift compares every generated artifact by hash (not just AGENTS.md), so a change to policy.yaml is caught too. Across many repos, declare your org policy once in a workspace manifest and verify each repo matches it:

nornyx workspace-check --manifest nornyx.workspace.yaml

Now the .nyx is the single source of truth: edit it, regenerate, and the check fails loudly if any artifact drifts. Full walkthrough: docs/USE_IN_YOUR_REPO.md.

Why Nornyx

  • One source of truth for agent/skill/harness/policy/eval/evidence artifacts — no more drift.
  • Context trust model: mark which context is trusted vs untrusted so untrusted input can't define policy, and deny secrets_to_llm at the contract level.
  • Generators + a checker: turn .nyx into the files your tools read, and verify references and required fields.
  • Generated-artifact drift gate: catch when regenerated output diverges from a committed baseline.
  • YAML-compatible syntax — no new parser to learn for v0.1.

Scope and safety

Nornyx v0.1 is an executable specification layer, not a runtime. It does not implement autonomous system modification, production deployment, destructive tool use, credential handling, or arbitrary command execution. The name Nornyx is a provisional working brand (no formal legal clearance claimed).

Learn more

Development

git clone https://github.com/mazinmarji/nornyx && cd nornyx
pip install -e ".[dev]"
python -m pytest -q

License

MIT — see LICENSE. Copyright (c) 2026 Mazin Marji and Nornyx Contributors.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nornyx-1.1.9.tar.gz (130.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nornyx-1.1.9-py3-none-any.whl (120.8 kB view details)

Uploaded Python 3

File details

Details for the file nornyx-1.1.9.tar.gz.

File metadata

  • Download URL: nornyx-1.1.9.tar.gz
  • Upload date:
  • Size: 130.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nornyx-1.1.9.tar.gz
Algorithm Hash digest
SHA256 507919f8db1ac140dcda529f3b1aa634b9a53364d527fb8e8b85b4e63e25d807
MD5 821627177525e67bab8eb6d15250526f
BLAKE2b-256 531e2f3ccd6aad718d2b0979092a08475482ffd6c3dd7a1a2209eb4b94e2869d

See more details on using hashes here.

Provenance

The following attestation bundles were made for nornyx-1.1.9.tar.gz:

Publisher: release.yml on mazinmarji/nornyx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nornyx-1.1.9-py3-none-any.whl.

File metadata

  • Download URL: nornyx-1.1.9-py3-none-any.whl
  • Upload date:
  • Size: 120.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nornyx-1.1.9-py3-none-any.whl
Algorithm Hash digest
SHA256 32473ff0563a957f2d643bc42cf0bf68c5ae78cf1a0819cf220f52328dcb034b
MD5 c42c2e45cb7bc67e5afbfe9f26b69ecc
BLAKE2b-256 057c4f10965694818b85f255d66432e19452cedb051f984d2e134288728ce741

See more details on using hashes here.

Provenance

The following attestation bundles were made for nornyx-1.1.9-py3-none-any.whl:

Publisher: release.yml on mazinmarji/nornyx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page