NORNR mark NORNR LUKSO can prove who holds authority on-chain. NORNR still decides what clears in business context.
Control room

NORNR / LUKSO root of trust

Identity adapter

Use LUKSO as one authority source, not as the whole control plane.

This is the hybrid move: LUKSO proves who can hold authority on-chain through Universal Profiles and scoped controller posture. NORNR still decides whether one vendor action, payout or reviewable off-chain spend clears under mandate, policy decision, counterparty scope, review and audit export.

Open Python SDK Run governance audit

Where the line sits

Authority provenance should arrive before release, not replace it.

The strongest reading is practical: if a LUKSO-native agent can legitimately hold authority on-chain, NORNR should still decide whether this exact off-chain action clears now, for this counterparty, under this mandate.

Lane

A LUKSO-native research agent proposes one consequential vendor action

The agent may hold scoped controller authority through a Universal Profile, then ask to upgrade a model vendor plan, launch paid compute or release a vendor-side action.

Decision

NORNR still evaluates mandate fit, counterparty scope and review threshold

The authority source is real, but the business-context release is still a NORNR decision: approved, queued or blocked before execution clears.

Outcome

One decision path survives into proof, handoff and audit export

The same action should still land in trust manifest, proof packet and finance-readable export instead of disappearing into an on-chain permission check alone.

Decision path

One external authority root should still resolve into the same NORNR control sequence.

The useful outcome is not “identity verified.” The useful outcome is one defended packet that starts from verified authority and still survives business review.

01 / Authority

Resolve Universal Profile, Key Manager and controller scope

Verify who can hold authority on-chain and which controller posture is relevant to the agent lane.

02 / Intent

Bind that identity into one named NORNR intent

Carry mandate, counterparty scope and reason into the same cold decision path NORNR uses elsewhere.

03 / Release

Return approved, queued or blocked before off-chain consequence clears

Authority provenance contributes context, but business release still belongs to the NORNR control layer.

04 / Survival

Leave one binding packet, proof packet and audit export afterward

The result should be defensible to operators, finance and external reviewers after the action settles.

What the adapter does

Bind one LUKSO identity surface into a canonical NORNR packet.

The point is not to replace NORNR identity. The point is to let one external authority source resolve into the same NORNR trust and audit model used everywhere else.

Input

Universal Profile, Key Manager and controller data

The adapter normalizes one LUKSO identity payload into a shape NORNR can bind cleanly without inventing a separate control model.

Binding

NORNR still owns mandate, policy decision and counterparty scope

The adapter does not decide whether an action clears. It only contributes authority context to the governed decision path.

Output

One portable binding packet around the trust manifest

The result is a `nornr.lukso-binding.v1` packet that can travel with the same trust manifest and verification posture as the rest of the NORNR stack.

Code

The adapter should read like identity binding, not a new backend.

It is strongest when it stays thin: authority source in, governed NORNR packet out.

Python SDK
python 
from agentpay import LuksoIdentityAdapter, NornrClient

client = NornrClient(base_url="https://nornr.com", api_key="...")
adapter = LuksoIdentityAdapter(client)

identity = adapter.normalize_identity(
    {
        "universalProfileAddress": "0x1111111111111111111111111111111111111111",
        "keyManagerAddress": "0x2222222222222222222222222222222222222222",
        "chainId": "42",
        "network": "lukso",
        "profileMetadata": {
            "name": "NORNR Research Worker",
        },
        "controllers": [
            {
                "address": "0x3333333333333333333333333333333333333333",
                "permissions": ["CALL", "SUPER_CALL"],
            }
        ],
    }
)

binding = adapter.build_binding(
    identity,
    mandate={"scopeLabel": "research procurement lane"},
    policy_decision={"policyId": "research-safe", "decisionMode": "review_required"},
    counterparty_scope={"allowedCounterparties": ["openai"], "reviewRequiredAboveUsd": 25},
)

print(binding.to_dict())

Why not identity backbone

NORNR should stay cross-ecosystem even when one authority source is strong.

The right reading is not “NORNR now depends on LUKSO.” The right reading is “NORNR can verify one more identity root without giving up its own control model.”

Do

Treat LUKSO as one verifier

Use it when the agent is born in a LUKSO-native environment or when on-chain authority posture genuinely matters to the lane.

Do not

Outsource NORNR identity semantics

Mandate, review, counterparty fit and audit export still belong to NORNR if the product is going to remain useful across Stripe, browser, MCP and off-chain spend surfaces.

Best fit

Use the adapter where authority provenance is a real buyer question

The adapter is strongest when another party asks who can hold authority on-chain and you still need one business-context control path on top.

Next step

Use the adapter only if it makes one governed lane more defensible than either layer alone.

If the team already has code, run a governance audit first. If the team needs a portable authority root for one consequential lane, bind the LUKSO surface into NORNR and keep release, review and audit survival cold and explicit.

Code first Run governance audit

Use the audit when the team already has a repo and the missing step is to name the first NORNR lane cleanly.

 Artifacts Open trust manifest spec

See how the binding packet still resolves into the same public manifest, provenance and validation model.

 SDK Open Python SDK

Use the official SDK surface when you want the adapter as part of NORNR, not as a detached identity experiment.