Control layer for autonomous spend

One governed lane

Control autonomous spend before it becomes real.

NORNR sits between agent intent and real settlement. It returns a policy decision before money moves, binds mandate and counterparty to the same path, and keeps one defended record alive through receipt trail and audit export.

Decision first Approve, queue or block before settlement clears.

Mandate bound Bind owner, threshold and counterparty to the same path.

One record Keep receipt trail and audit export on the same defended spine.

Intent → policy decision → mandate → counterparty → receipt trail → audit export

Start repo-first by default. Switch only when buyer proof or shadow proof gets to one defensible lane faster.

Repo scan result Ready

browser-use/browser-use should start with one browser checkout lane.

Launch preview already names the first consequential seam, the smallest first patch and the next screen worth opening. Full audit confirms the exact files and packet.

First lane Browser checkout governance

First artifact Replay artifact now / proof packet next / audit export after install

Consequential seam browser_use/browser/session.py:1899 (vendor step)

A vendor-side request often becomes consequential at the final request or checkout step.

First patch NORNR would ship Put that path behind one reviewed threshold first.

Exact next screen Open audit, then keep the same record in proof.

Open audit Open packet Apply with this lane

See one real defended packet

Patch-first workbench Ready

Preview source Launch names the likely seam first. Full audit confirms the exact file and artifact.

Paste one repo to rank the first consequential seam.

One calm first patch beats a platform diagram.

NORNR should show one path, one reason, and one narrow review step before you ever widen the lane.

First seam browser_use/browser/session.py:1899

Why this one first Vendor-side requests usually become consequential at the final request or checkout step.

Smallest first move Put that path behind one reviewed threshold first.

Recommended lane Browser checkout governance

Before / exposed path

const response = await vendorRequest(payload);
return response;

After / first NORNR patch

const decision = await nornr.reviewStep("vendor_request", packet);
const response = await reviewedVendorRequest(decision, payload);
return response;

The goal is not a rewrite. It is one narrow patch a maintainer can understand in seconds and merge before widening the lane.

Open full audit See defended records Apply with this lane

Defended record Signed by NORNR

One review step should already create the packet someone else can trust later.

Intent vendor request / browser lane

Decision queued for review

Mandate owner-approved / threshold-bound

Export receipt trail / audit export

Moment of truth

An agent attempts a $240 vendor action. The question is whether it may clear.

This is the real product moment: judge the action before settlement, attach the reason immediately, and keep one defended record alive afterward.

Without NORNR

The action executes. The explanation comes later, if it comes at all.

Intent reaches the vendor path

The agent calls the final provider or checkout step with no lane-scoped decision surface in front of it.

Settlement clears immediately

The cost becomes real before anyone evaluates mandate, counterparty scope or approval need.

Teams reconstruct after the fact

Ops, finance and engineering now have rows and logs, but not one defended record that explains why the action was legitimate.

With NORNR

The same action becomes a judged path before money moves.

Intent enters one governed lane

The action hits a reviewed boundary that knows owner mandate, threshold posture and allowed counterparties.

Policy returns a real verdict

NORNR approves, queues or blocks before settlement, with a plain-language reason and one next owner action.

The record survives into proof

The same defended record carries the decision into replay, packet, receipt trail and audit export without rewriting the story.

One system diagram The whole product in one glance

One clear flow from intent to defended export.

Intent Agent requests a real economic action

Policy decision Approved, queued or blocked before settlement

Mandate + counterparty Owner scope, threshold and allowed destination are checked

Packet + audit export The same defended record survives outside NORNR

No-signup first value

See the first defended path before we ask for an account.

Repo signals only, no blocking yet. But the page should still hand back three useful things now: one shadow read, one install path and one packet path worth keeping.

Shadow mode product No blocking yet

NORNR would stage one decision before the path becomes real.

Show the first consequential step, the likely decision posture and the calmest next move without forcing enforcement first.

Decision Queue the consequential step above one reviewed threshold.

Reason The first boundary becomes consequential at the final vendor or tool step.

Next move Keep this lane in shadow first, then open one real install path.

The first trust step is simple: show what NORNR would have judged.

Open dedicated shadow mode ↗

One-lane install Framework-first

One lane, one framework, one first outcome.

Hand back one installer path that fits the lane, not a broad platform tour.

Framework Browser guard

Lane Browser checkout governance

Outcome One proof packet survives from the same first lane.

Proof packet Proof packet / review bundle / finance packet

Open the one-lane installer ↗

Install this one lane Open shadow mode

Why buyers move

When agents can trigger real spend, the hard part is deciding what may clear.

Without a control layer, teams inherit cost, counterparties and approvals they cannot explain later from one record.

Legitimacy Teams must know why an action cleared, not only that it happened.

Mandate Every agent lane needs limits, approvals and allowed counterparties.

Review Human review must appear exactly where the mandate stops being enough.

Evidence Receipt trail and export history belong in the product, not in a reporting afterthought.

Best fit

Start with one lane. Widen only after the first defended record is live.

Start with browser checkout or one governed runtime call.
Name one owner, one counterparty scope and one packet path before widening.
Add MCP review, finance close and portfolio control after the first lane works cleanly.

Approved Policy satisfied · intent released immediately

Queued Operator review required before settlement

Blocked Blocked by policy · no settlement occurs

Control plane

Start with one lane. Add the broader control stack later.

Start with browser checkout or one governed runtime path. Add MCP review and finance close only after the first lane is already defensible.

Now One lane with one owner and one reviewed threshold.

Next Add review and export only after the first record already survives.

Never Do not start with a platform diagram before the first consequential seam is clear.

Intent hits one governed lane

An agent submits one consequential vendor or tool action.

NORNR returns a verdict

Approved, queued or blocked before settlement, with the reason attached.

The same record survives later

Decision, approval, receipt trail and export stay attached to the same action.

Governed runtime

Make one consequential tool call or paid action policy-aware before it executes.

policy decision · mandate · receipt trail

Browser checkout governance

Pause risky click-through, vendor checkout and browser-side purchases before the action completes.

checkout review · anomaly posture · counterparty state

MCP control server

Carry the same review model into Claude Desktop, Cursor or Agent Zero once the first lane is already defensible.

local tools · queued review · finance-safe request trail

Finance close packet

Produce the packet finance receives, signs, retains and exports from the governed trail itself.

audit export · finance packet · close bundle

Buyer Proof

One governed action should already produce proof someone else can trust.

The same path should show intent, decision, approval, settlement and export posture without forcing finance or ops to reconstruct the story later.

Defended record / March 15, 2026 Signed by NORNR

Live governed settlement completed

0xf8ff5d333d1bdaf932673314853e02406f1ce3e73e0c782ec5e3c007526fe927

Intent evaluated, released under mandate and locked into a provable receipt trail.

Amount $12.50

Counterparty openai

Mandate Builder / owner-approved

Trail settled · signed · archived

Finance packet ready · exportable

Review record Policy signed

The request crossed threshold and counterparty review before settlement

The same record keeps the threshold breach, anomaly context, approval reason and release state attached instead of splitting them into side systems.

Audit export Close ready

Finance receives signed proof and close artifacts without manual cleanup

Artifacts persist to object storage, resolve through artifacts.nornr.com and stay ready for finance handoff as one defensible packet.

System of record

Decision, review and finance close resolve from the same governed record

The SDK is one entry point. The product value is that the same control plane governs spend, routes review and hands finance a defensible export afterward.

Decision record Intent, threshold, anomaly note and operator decision stay attached.

Finance record Signed manifests, statements, packet exports and close bundles reuse the same trail.

Runtime entry SDK, MCP, browser guard and hosted workflows all enter the same control plane.

Buyer proof Operators, finance and compliance can all defend the same governed action later.

Finance + compliance Open canonical proof Browser checkout lane

Founding Cohort

Best fit for teams already close to real agent spend.

We are looking for near-production workflows in browser checkout, governed runtime spend, or local-tool control where policy, review and finance evidence must hold outside the demo.

01 / See the path Start with one exposed path and one first patch a buyer can understand quickly.

02 / Install the gate Add one reviewed step around the action that can become real first.

03 / Reuse the record Turn the same review, receipt trail and audit export into a forwardable proof record afterward.

Best when One lane is already close enough to money that policy, review and export cannot stay hypothetical.

Reality A browser, runtime or MCP path already exists in something production-like.

Ownership One operator can own the mandate, threshold and counterparty scope first.

Proof The same first record needs to survive into finance, audit or buyer review later.

Apply

Tell us the first lane you need to govern.

Best fit if agents are already close to browser checkout, vendor APIs or runtime spend in production-like workflows. We review asynchronously and only take teams with one concrete lane first.

Company or team Contact name Work email Website Agent stack Expected monthly governed spend Current stage Timeline

Which lane is already closest to money?

Browser checkout governance MCP control server Governed runtime spend

Which defended record matters most first?

Human approvals Audit trail Monthly close exports

What breaks today?

Guided one-lane launcher

Start one real NORNR lane in 5 minutes.

Pick the first lane the team can actually prove. The launcher should hand back one command, one first proof path and one next screen to inspect immediately.

Runtime first

One governed provider call before recurring spend becomes ordinary.

This path should create one clear decision, one queue point and one defended record the operator can inspect immediately.

One path One artifact One next step

First decision Queue provider spend above one reviewed threshold.

First artifact Replay + defended packet + finance-safe export path

Exact next step Proof first, then control room for the live decision and next move.

Copy this starter first

Install the shortest real lane.

bash

npx nornr init openai-agents my-runtime

Open prefilled installer Open quickstart Open packet proof Open control room

What should happen first

Install one provider-aware starter.
Run one governed action.
Open the defended packet and the control room next.

Startpoint

Use the repo that matches the lane.

The launcher should point to the exact NORNR repo or package page that fits this lane, not to a generic docs hub.

Open README-first path Open exact reference file Open package page