Intent
- Action name
- Counterparty
- Amount and purpose
- Business context
NORNR
One packet shape that survives outside the control room.
NORNR / Proof packet
Standard outputEvery governed lane should collapse into the same proof packet.
This packet is the canonical answer to what happened, why it happened, who approved it and what can be defended later. Browser, runtime and MCP lanes should all end here.
The proof packet is how NORNR becomes the default proof layer, not just a dashboard that must be re-explained every time.
Packet schema
Six fields should always survive.
If a governed action cannot render these six fields cleanly, the lane is still too bespoke.
Policy decision
- Approved, queued or blocked
- Threshold posture
- Counterparty posture
- Policy version
Approval state
- Reviewer or owner
- Approval reason
- Escalation path
- Review timestamp
Settlement state
- Cleared or blocked outcome
- Provider or merchant result
- Failure posture if unresolved
- Execution timestamp
Receipt trail
- Receipt completeness
- Supporting evidence
- Anomaly context
- Counterparty evidence
Audit export
- Export packet id
- Retention posture
- Signed bundle reference
- Finance handoff state
Public contract
The packet should be inspectable and verifiable outside NORNR.
A canonical packet only becomes category-grade when another team can inspect the public schema and verify the packet without trusting the UI blindly.
Public proof packet schema
The public contract defines the packet kind, the required fields and the provenance posture every packet should carry outside NORNR.
Versioning and provenance rules
Proof packet stays reusable when kind, schema version, packet id and policy provenance travel together with the export.