NORNR Sentry is the local airbag for one dangerous agent action.
It is also the local decision layer for consequential agent actions.
This public repo is the open wedge:
- one dangerous action
- one stop-screen
- one mandate conflict
- one human choice
- one defended record afterward
It is not the hosted NORNR control plane.
After install, Sentry opens into a local operator station for patch / wiring, verify, replay, records, proof hub and serve flows. Use the blocked stop-screen as the first proof image, and this screen as the second image that shows the product is a real navigable tool after the first stop.
- Hero stop-screen: nornr-sentry-blocked-stop-screen.png
- Operator station: nornr-sentry-operator-station.png
- Proof clip: nornr-sentry-proof-clip-final.mp4
- X-optimized clip: nornr-sentry-proof-clip-x.mp4
Fastest path to the first stop:
npx nornr-sentry --first-stopDiagnose the real local path from install to proof:
npx nornr-sentry --doctorResume the latest local review context:
npx nornr-sentry --resumeCompare clean-room trust modes across the built-in scenario corpus:
npx nornr-sentry --eval-harnessRecommend the best trust mode from local record history:
npx nornr-sentry --trust-advisorLint the latest proof artifact for handoff quality:
npx nornr-sentry --proof-lintRender the shorter review handoff surface:
npx nornr-sentry --review-handoff --handoff-audience buyerSee the local operator scorecard:
npx nornr-sentry --operator-scorecardApply doctor-safe automatic fixes:
npx nornr-sentry --doctor-fixOpen the chooser only when you need a different desktop patch or provider wiring target:
npx nornr-sentry --patch-clientOpen the defended record browser after the first stop:
npx nornr-sentry --recordsOr install globally:
npm install -g nornr-sentryUpdate an older global install in one command:
npm install -g nornr-sentry@latestRun the latest version once without updating the global install:
npx nornr-sentry@latest --first-stop- Run
npx nornr-sentry --first-stop. - Patch / wire and verify the real target.
- Run one obvious stop.
- Open the proof queue and export the defended record.
- Open the records browser after the first stop so the proof step is visible too.
- Observe first in shadow mode.
- Serve for real.
Or clone and run locally:
npm install
npm run demo:cursorSee FIRST_STOP_EXPERIMENT_MATRIX.md for the live public first-stop CTA/copy variants and the proof-step readout.
See CLEAN_ROOM_FEATURE_HARVEST.md for the longer clean-room product and systems harvest behind the current Sentry roadmap.
See SENTRY_1_0_SPEC.md for the formal 1.0 boundary, canonical proof set, canonical commands, and release criteria.
npm run qa:public-package
cd ../../dist/nornr-sentry-public
npm publish- local proxy runtime
- local TUI review
- patch flow for Cursor and Claude Desktop
- local mandate init and tighten loop
- policy replay demo
- shadow mode and shadow conversion
- defended records proof queue
- defended record export
- local proof summary
Hosted NORNR control-plane features stay private for now:
- team governance
- hosted review and sync
- baseline registry and fleet rollout
- signer governance
- fleet compliance and remediation
- recovery control plane
Start with the chooser if you want the product to tell you which path is real:
node bin/nornr-sentry.js --patch-client
node bin/nornr-sentry.js --verify-patchCursor direct path:
node bin/nornr-sentry.js --client cursor --patch-client
node bin/nornr-sentry.js --client cursor --verify-patch
node bin/nornr-sentry.js --client cursor --demo destructive_shell
node bin/nornr-sentry.js --client cursor --serve --shadow-mode --no-upstream
node bin/nornr-sentry.js --client cursor --serveClaude Desktop direct path:
node bin/nornr-sentry.js --client claude-desktop --patch-client
node bin/nornr-sentry.js --client claude-desktop --verify-patch
node bin/nornr-sentry.js --client claude-desktop --demo credential_exfiltration
node bin/nornr-sentry.js --client claude-desktop --serve --shadow-mode --no-upstream
node bin/nornr-sentry.js --client claude-desktop --serveWindsurf also uses a manual MCP/wiring path today instead of a built-in desktop patch:
node bin/nornr-sentry.js --patch-guide windsurfOpenAI / Codex-style traffic does not use a desktop patch. Start with the wiring guide instead:
node bin/nornr-sentry.js --patch-guide openai-codexGeneric MCP also uses a manual wiring path instead of a built-in patch:
node bin/nornr-sentry.js --patch-guide generic-mcpOpen the chooser:
node bin/nornr-sentry.js --patch-clientOr jump straight to a known desktop client:
node bin/nornr-sentry.js --client cursor --patch-client
node bin/nornr-sentry.js --client claude-desktop --patch-clientnode bin/nornr-sentry.js --client cursor --demo destructive_shellSynthetic replay path:
node bin/nornr-sentry.js --client cursor --policy-replayShortcut:
node bin/nornr-sentry.js --client cursor --policy-replay-demo --demo destructive_shellnode bin/nornr-sentry.js --client cursor --serveThen point a provider-style client at:
export OPENAI_BASE_URL=http://127.0.0.1:4317/v1Quiet live trace:
node bin/nornr-sentry.js --client cursor --serve --verboseAmbient trust mode:
node bin/nornr-sentry.js --client cursor --serve --ambient-trustnode bin/nornr-sentry.js --client cursor --serve --shadow-modePreview the enforce-now pack:
node bin/nornr-sentry.js --client cursor --shadow-conversionPreview one project-scoped mandate:
node bin/nornr-sentry.js --client cursor --mandate-initApply it:
node bin/nornr-sentry.js --client cursor --mandate-init --applyLearn a tighter mandate from cleared usage:
node bin/nornr-sentry.js --client cursor --learned-mandateApply the learned diff:
node bin/nornr-sentry.js --client cursor --learned-mandate --applyRead tighten history:
node bin/nornr-sentry.js --client cursor --tighten-historySummary:
node bin/nornr-sentry.js --summaryBrowse real defended records:
node bin/nornr-sentry.js --client cursor --recordsOpen the proof hub:
node bin/nornr-sentry.js --client cursor --proof-hubReplay recent real records:
node bin/nornr-sentry.js --client cursor --record-replayExport the latest defended record:
node bin/nornr-sentry.js --client cursor --export-record latestCopy a public-safe share variant directly:
node bin/nornr-sentry.js --client cursor --export-record latest --copy-share summary
node bin/nornr-sentry.js --client cursor --export-record latest --copy-share x
node bin/nornr-sentry.js --client cursor --export-record latest --copy-share issueOr export one specific defended record:
node bin/nornr-sentry.js --client cursor --export-record /absolute/path/to/record.jsonYou can also filter the browser:
node bin/nornr-sentry.js --client cursor --records --records-filter blocked --records-sort latestnode bin/nornr-sentry.js --client cursor --golden-path
node bin/nornr-sentry.js --client claude-desktop --golden-pathOpen the chooser:
node bin/nornr-sentry.js --verify-patchOr verify a known desktop client directly:
node bin/nornr-sentry.js --client cursor --verify-patch
node bin/nornr-sentry.js --client claude-desktop --verify-patchFor Windsurf, OpenAI / Codex-style traffic, or Generic MCP, use the wiring guide instead of desktop patch verification:
node bin/nornr-sentry.js --patch-guide windsurf
node bin/nornr-sentry.js --patch-guide openai-codex
node bin/nornr-sentry.js --patch-guide generic-mcpClient config:
node bin/nornr-sentry.js --client cursor --print-configProvider snippets:
node bin/nornr-sentry.js --client cursor --print-provider openai
node bin/nornr-sentry.js --client cursor --print-provider anthropicRecording flow:
node bin/nornr-sentry.js --client cursor --print-demo-flow openai