orno
The agent loop can't step outside the box.
A runtime contract for LLM agents in CI. You declare the ceiling in YAML — iterations, tools, effects, resources — and orno stops the agent the moment it tries to cross it.
An unbounded agent loop in CI is a liability.
One bad prompt and the loop burns a weekend of tokens, reaches endpoints it had no business touching, and leaves you nothing to audit afterwards. orno wraps the loop in a contract and enforces it at runtime — nothing to wire up in code, no place to quietly disable the limits.
Five axes. All enforced at runtime.
Scroll — the field highlights each axis in turn.
Bounded iteration
Caps the agent-loop turns so it can never spin forever.
Bounded tool surface
Declares exactly which tools, MCP calls, and subagents the model may reach.
Bounded effects
Gates mutating operations, network access, and which domains are in reach.
Bounded resources
Hard ceilings on total tokens, total tool calls, and subagent depth.
Bounded non-determinism
Every LLM call is recorded — replay is exact, byte for byte.
Declare it once. orno holds the line.
Declare in YAML
Set the contract — iterations, tool surface, effects, resources — in one file.
Enforce at runtime
Every agent node checks all five axes live. No policy library to keep in sync.
Breach → stop
Cross a limit and the node terminates with the matching event on the log.
One binary, one file
No server, no database, no scheduler to babysit. Drop it on a runner and call it.
Two streams, no parser
NDJSON events on stdout, tracing on stderr. Pipe straight into jq, Splunk, or Datadog.
A pinned GitHub Action
Pin DoctorMozg/orno@v0 in the workflow and the run stays reproducible.
Guardrails you can read.
Open source under AGPL-3.0. The contract is right there in the YAML — no hidden policy, no place to switch the limits off.
View on GitHub