npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nornr-sentry

v1.0.0

Published

NORNR Sentry — stop one dangerous agent action before it becomes real

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nornrnornr

Keywords

ai-safetyai-agentsmcpcursorclaude-desktoplocal-proxypolicy-gatetui

Readme

NORNR Sentry

NORNR Sentry is the local airbag for one dangerous agent action.

It is also the local decision layer for consequential agent actions.

NORNR Sentry blocked stop-screen

This public repo is the open wedge:

  • one dangerous action
  • one stop-screen
  • one mandate conflict
  • one human choice
  • one defended record afterward

It is not the hosted NORNR control plane.

Operator station

NORNR Sentry operator station

After install, Sentry opens into a local operator station for patch / wiring, verify, replay, records, proof hub and serve flows. Use the blocked stop-screen as the first proof image, and this screen as the second image that shows the product is a real navigable tool after the first stop.

Proof

Install

Fastest path to the first stop:

npx nornr-sentry --first-stop

Diagnose the real local path from install to proof:

npx nornr-sentry --doctor

Resume the latest local review context:

npx nornr-sentry --resume

Compare clean-room trust modes across the built-in scenario corpus:

npx nornr-sentry --eval-harness

Recommend the best trust mode from local record history:

npx nornr-sentry --trust-advisor

Lint the latest proof artifact for handoff quality:

npx nornr-sentry --proof-lint

Render the shorter review handoff surface:

npx nornr-sentry --review-handoff --handoff-audience buyer

See the local operator scorecard:

npx nornr-sentry --operator-scorecard

Apply doctor-safe automatic fixes:

npx nornr-sentry --doctor-fix

Open the chooser only when you need a different desktop patch or provider wiring target:

npx nornr-sentry --patch-client

Open the defended record browser after the first stop:

npx nornr-sentry --records

Or install globally:

npm install -g nornr-sentry

Update an older global install in one command:

npm install -g nornr-sentry@latest

Run the latest version once without updating the global install:

npx nornr-sentry@latest --first-stop

Public proof flow

  1. Run npx nornr-sentry --first-stop.
  2. Patch / wire and verify the real target.
  3. Run one obvious stop.
  4. Open the proof queue and export the defended record.
  5. Open the records browser after the first stop so the proof step is visible too.
  6. Observe first in shadow mode.
  7. Serve for real.

Or clone and run locally:

npm install
npm run demo:cursor

Experiment matrix

See FIRST_STOP_EXPERIMENT_MATRIX.md for the live public first-stop CTA/copy variants and the proof-step readout.

See CLEAN_ROOM_FEATURE_HARVEST.md for the longer clean-room product and systems harvest behind the current Sentry roadmap.

See SENTRY_1_0_SPEC.md for the formal 1.0 boundary, canonical proof set, canonical commands, and release criteria.

NPM release

npm run qa:public-package
cd ../../dist/nornr-sentry-public
npm publish

What is in this public repo

  • local proxy runtime
  • local TUI review
  • patch flow for Cursor and Claude Desktop
  • local mandate init and tighten loop
  • policy replay demo
  • shadow mode and shadow conversion
  • defended records proof queue
  • defended record export
  • local proof summary

What is not in this public repo

Hosted NORNR control-plane features stay private for now:

  • team governance
  • hosted review and sync
  • baseline registry and fleet rollout
  • signer governance
  • fleet compliance and remediation
  • recovery control plane

Golden path install

Start with the chooser if you want the product to tell you which path is real:

node bin/nornr-sentry.js --patch-client
node bin/nornr-sentry.js --verify-patch

Cursor direct path:

node bin/nornr-sentry.js --client cursor --patch-client
node bin/nornr-sentry.js --client cursor --verify-patch
node bin/nornr-sentry.js --client cursor --demo destructive_shell
node bin/nornr-sentry.js --client cursor --serve --shadow-mode --no-upstream
node bin/nornr-sentry.js --client cursor --serve

Claude Desktop direct path:

node bin/nornr-sentry.js --client claude-desktop --patch-client
node bin/nornr-sentry.js --client claude-desktop --verify-patch
node bin/nornr-sentry.js --client claude-desktop --demo credential_exfiltration
node bin/nornr-sentry.js --client claude-desktop --serve --shadow-mode --no-upstream
node bin/nornr-sentry.js --client claude-desktop --serve

Windsurf also uses a manual MCP/wiring path today instead of a built-in desktop patch:

node bin/nornr-sentry.js --patch-guide windsurf

OpenAI / Codex-style traffic does not use a desktop patch. Start with the wiring guide instead:

node bin/nornr-sentry.js --patch-guide openai-codex

Generic MCP also uses a manual wiring path instead of a built-in patch:

node bin/nornr-sentry.js --patch-guide generic-mcp

Choose patch / wiring path

Open the chooser:

node bin/nornr-sentry.js --patch-client

Or jump straight to a known desktop client:

node bin/nornr-sentry.js --client cursor --patch-client
node bin/nornr-sentry.js --client claude-desktop --patch-client

Run the demo

node bin/nornr-sentry.js --client cursor --demo destructive_shell

Replay attacks

Synthetic replay path:

node bin/nornr-sentry.js --client cursor --policy-replay

Shortcut:

node bin/nornr-sentry.js --client cursor --policy-replay-demo --demo destructive_shell

Serve locally

node bin/nornr-sentry.js --client cursor --serve

Then point a provider-style client at:

export OPENAI_BASE_URL=http://127.0.0.1:4317/v1

Quiet live trace:

node bin/nornr-sentry.js --client cursor --serve --verbose

Ambient trust mode:

node bin/nornr-sentry.js --client cursor --serve --ambient-trust

Shadow mode

node bin/nornr-sentry.js --client cursor --serve --shadow-mode

Preview the enforce-now pack:

node bin/nornr-sentry.js --client cursor --shadow-conversion

Local mandate loop

Preview one project-scoped mandate:

node bin/nornr-sentry.js --client cursor --mandate-init

Apply it:

node bin/nornr-sentry.js --client cursor --mandate-init --apply

Learn a tighter mandate from cleared usage:

node bin/nornr-sentry.js --client cursor --learned-mandate

Apply the learned diff:

node bin/nornr-sentry.js --client cursor --learned-mandate --apply

Read tighten history:

node bin/nornr-sentry.js --client cursor --tighten-history

Local proof

Summary:

node bin/nornr-sentry.js --summary

Browse real defended records:

node bin/nornr-sentry.js --client cursor --records

Open the proof hub:

node bin/nornr-sentry.js --client cursor --proof-hub

Replay recent real records:

node bin/nornr-sentry.js --client cursor --record-replay

Export the latest defended record:

node bin/nornr-sentry.js --client cursor --export-record latest

Copy a public-safe share variant directly:

node bin/nornr-sentry.js --client cursor --export-record latest --copy-share summary
node bin/nornr-sentry.js --client cursor --export-record latest --copy-share x
node bin/nornr-sentry.js --client cursor --export-record latest --copy-share issue

Or export one specific defended record:

node bin/nornr-sentry.js --client cursor --export-record /absolute/path/to/record.json

You can also filter the browser:

node bin/nornr-sentry.js --client cursor --records --records-filter blocked --records-sort latest

Golden path wizard

node bin/nornr-sentry.js --client cursor --golden-path
node bin/nornr-sentry.js --client claude-desktop --golden-path

Choose verify target

Open the chooser:

node bin/nornr-sentry.js --verify-patch

Or verify a known desktop client directly:

node bin/nornr-sentry.js --client cursor --verify-patch
node bin/nornr-sentry.js --client claude-desktop --verify-patch

For Windsurf, OpenAI / Codex-style traffic, or Generic MCP, use the wiring guide instead of desktop patch verification:

node bin/nornr-sentry.js --patch-guide windsurf
node bin/nornr-sentry.js --patch-guide openai-codex
node bin/nornr-sentry.js --patch-guide generic-mcp

Print snippets

Client config:

node bin/nornr-sentry.js --client cursor --print-config

Provider snippets:

node bin/nornr-sentry.js --client cursor --print-provider openai
node bin/nornr-sentry.js --client cursor --print-provider anthropic

Recording flow:

node bin/nornr-sentry.js --client cursor --print-demo-flow openai