Comment on the code review the moment a new tool, payment or vendor surface appears without a control story.

This is the right kind of developer distribution: inside the pull request, before merge, while the team can still decide whether the new surface needs NORNR.

Open MCP package Open framework kits

What it scans

New tool, MCP, payment and vendor-action patterns in added code

The workflow looks for the kinds of changes that often introduce consequential execution without an explicit control surface.

What it does

Leaves one advisory comment on the pull request

The comment is meant to be calm and useful: what changed, why it looks consequential and which NORNR lane probably fits.

Why it matters

NORNR appears where teams decide what code is safe to merge

That is a much better distribution surface than waiting until the runtime is already in production.