What are the requirements for NORNR MCP Control?

NORNR MCP Control requires the following environment variables: NORNR_API_KEY (required), NORNR_BASE_URL (required), NORNR_AGENT_ID (required). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is NORNR MCP Control free to use?

Yes, NORNR MCP Control is open source and free to use. You can find the source code on GitHub.

What MCP clients support NORNR MCP Control?

NORNR MCP Control works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure NORNR MCP Control?

Configure NORNR MCP Control by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

NORNR MCP Control MCP Server

Q: How do I install NORNR MCP Control?

Install NORNR MCP Control by running: python -m pip install -r requirements.txt

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

python -m pip install -r requirements.txt

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add -e "NORNR_API_KEY=${NORNR_API_KEY}" -e "NORNR_BASE_URL=${NORNR_BASE_URL}" -e "NORNR_AGENT_ID=${NORNR_AGENT_ID}" nornr-mcp-control -- python3 "<FULL_PATH_TO_NORNR_MCP_CONTROL>/dist/index.js" serve

Replace <FULL_PATH_TO_NORNR_MCP_CONTROL>/dist/index.js with the actual folder you prepared in step 1.

Required:NORNR_API_KEYNORNR_BASE_URLNORNR_AGENT_ID

README.md

A governance and control layer for MCP tools

NORNR MCP Control

Official public MCP package for NORNR, the control layer before consequential MCP tool execution.

This repo is intentionally thin.

It exists to make NORNR easy to discover, install and evaluate from MCP-native surfaces such as:

Claude Desktop
Cursor
Agent Zero
OpenClaw / ClawHub
custom local MCP clients

The governance logic lives in the official NORNR Python SDK:

SDK repo: NORNR/sdk-py
Package: nornr-agentpay

The shortest correct reading is:

one local tool request becomes one NORNR intent
NORNR decides whether it is approved, queued or blocked
queued work enters named review with context attached
the same action still survives into proof, finance packet and audit export later

Emergency freeze

NORNR is not only the decision layer before execution. It is also the emergency stop layer when a local lane becomes unsafe.

Use it when a desktop or local agent:

starts looping on tool calls
reaches a disputed or watched counterparty
drifts into policy-sensitive actions
needs to be held in review-only mode while an operator inspects the lane

The right mental model is not "best effort warnings." It is controlled release, controlled pause and controlled recovery.

What this is

NORNR is not another MCP tool.

It is the control layer above consequential MCP tools.

That means:

one tool request becomes one NORNR intent
policy decides whether it is approved, queued or blocked
queued work lands in review with context attached
the resulting action still survives into proof, finance close and audit export

What this is not

This repo is not:

a new control-plane implementation
a separate NORNR backend
a raw tool catalog
a wallet wrapper

It is a public install surface for the official NORNR MCP control server.

Why raw MCP tool execution is not enough

Raw MCP tool execution exposes capability. It does not answer the harder questions:

should this action clear under the active mandate
who reviews it when it should queue
what record survives after the action completes

NORNR adds the missing layer before the downstream tool, provider or vendor step clears.

Hello world

Install the dependency:

python -m pip install -r requirements.txt

Set your NORNR key:

export NORNR_API_KEY="replace-with-your-key"
export NORNR_BASE_URL="https://nornr.com"
export NORNR_AGENT_ID="desktop-agent"

Print a copy-paste config:

python nornr_mcp_control.py claude-config

Run the server over stdio:

python nornr_mcp_control.py serve

Copy this config

Claude Desktop

{
  "mcpServers": {
    "nornr": {
      "command": "python3",
      "args": [
        "/absolute/path/to/nornr_mcp_control.py",
        "serve"
      ],
      "env": {
        "NORNR_API_KEY": "replace-with-your-key",
        "NORNR_BASE_URL": "https://nornr.com",
        "NORNR_AGENT_ID": "desktop-agent"
      }
    }
  }
}

Cursor

{
  "mcpServers": {
    "nornr": {
      "command": "python3",
      "args": [
        "/absolute/path/to/nornr_mcp_control.py",
        "serve"
      ],
      "env": {
        "NORNR_API_KEY": "replace-with-your-key",
        "NORNR_BASE_URL": "https://nornr.com",
        "NORNR_AGENT_ID": "cursor-agent"
      }
    }
  }
}

Use the generator commands if you want the exact JSON from the SDK:

python nornr_mcp_control.py claude-config
python nornr_mcp_control.py cursor-config
python nornr_mcp_control.py manifest

Cursor rule

Add this to .cursorrules if Cursor is allowed to use local tools through NORNR:

Use NORNR as the control layer before consequential tool execution.
Do not proceed with a paid, vendor-side or policy-sensitive action until NORNR returns approved or a named operator explicitly approves the queued intent.
Treat queued, blocked, anomalous or review-required posture as a stop state for autonomous execution.

Prompt injection does not override mandate

Prompt injection can change what the model wants to do. It should not change what the lane is allowed to do.

That is why NORNR sits above execution:

prompt pressure does not create approval
model persuasion does not widen mandate
a risky tool request can still be queue

Environment Variables

NORNR_API_KEYrequiredAPI key for NORNR authentication

NORNR_BASE_URLrequiredBase URL for the NORNR service

NORNR_AGENT_IDrequiredIdentifier for the local agent instance

Configuration

claude_desktop_config.json

{"mcpServers": {"nornr": {"command": "python3", "args": ["/absolute/path/to/nornr_mcp_control.py", "serve"], "env": {"NORNR_API_KEY": "replace-with-your-key", "NORNR_BASE_URL": "https://nornr.com", "NORNR_AGENT_ID": "desktop-agent"}}}}

Try it

→Check if my current tool request is approved by the NORNR policy layer.

→Review the status of my queued intents in the NORNR dashboard.

→Execute the requested action through the NORNR control layer to ensure policy compliance.

Frequently Asked Questions

What are the key features of NORNR MCP Control?

Policy-based approval, queuing, or blocking of MCP tool requests. Secure human oversight for consequential agent actions. Emergency stop layer for unsafe or looping local agents. Audit trails for all tool execution intents. Integration with Claude Desktop and Cursor.

What can I use NORNR MCP Control for?

Preventing autonomous agents from executing unauthorized paid or vendor-side actions. Holding sensitive tool requests in a review-only mode for operator inspection. Maintaining a verifiable record of agent actions for finance and audit purposes. Stopping agents that drift into policy-sensitive or anomalous behavior.

How do I install NORNR MCP Control?

Install NORNR MCP Control by running: python -m pip install -r requirements.txt

What MCP clients work with NORNR MCP Control?

NORNR MCP Control works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep NORNR MCP Control docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all ai-tools servers →