NOMOS
Get started
Open source · roadmap to 1.0

Going open source.
On purpose. In order.

We are publishing Nomos in layers. The crypto, the policy engine, the SDK, and the MCP server are already on npm — anyone can audit how a decision gets made. The control-plane and dashboard source go public with 1.0 under Apache-2.0. Until then, here is exactly what is open, what is coming, and when.

Star on GitHubWatch releasesView on npm
what’s public today

13 packages on npm.

Every cryptographic primitive, the policy evaluator, the capability mint, and the SDK that agents call. If a decision feels wrong, you can run the same engine offline and prove it.

package
role
status
  • @auto-nomos/core
    PDP decide() engine100% cov
    on npm
  • @auto-nomos/cedar
    Cedar policy evaluator100% cov
    on npm
  • @auto-nomos/ucan
    UCAN delegation chains100% cov
    on npm
  • @auto-nomos/crypto
    DID + Ed25519 signing
    on npm
  • @auto-nomos/shared-types
    Zod schemas
    on npm
  • @auto-nomos/sdk
    TypeScript SDK
    on npm
  • @auto-nomos/mcp-server
    MCP-protocol server
    on npm
  • @auto-nomos/adapters
    YAML connector specs
    on npm
  • @auto-nomos/schema-packs
    apiCall validators
    on npm
  • @auto-nomos/policy-builder
    Visual editor (React Flow)
    on npm
  • @auto-nomos/audit-verify
    Chain verify CLI
    on npm
  • @auto-nomos/cli
    nomos CLI
    on npm
  • @auto-nomos/ucan-cli
    nomos-ucan CLI
    on npm
  • @auto-nomos/control-plane
    Hono + tRPC server
    soon
  • @auto-nomos/dashboard
    Next.js operator UI
    soon
roadmap

Three milestones.
One Apache-2.0 flip.

  1. v0.0.x → v0.1.x
    May 2026

    Foundation packages shipped under @auto-nomos/* on npm. PDP, Cedar, UCAN, crypto, SDK, MCP server, adapters, schema-packs all public.

  2. v0.2 (next)
    Targeting Q3 2026

    Self-host helm chart. Bring-your-own Ed25519 root signing key. First-party Docker images for control-plane + PDP.

  3. v1.0
    Targeting Q4 2026

    Control-plane + dashboard source open under Apache-2.0. CONTRIBUTING.md, RFC process, code of conduct, governance doc. Public roadmap on GitHub Projects.

why wait

Why not flip today?

Three reasons. The control-plane still carries a few customer-specific feature flags we’d rather extract before public review. The audit-root signing flow needs the bring-your-own-key path before self-hosters can run it without trusting us. And the first sweep of a public repo’s CONTRIBUTING is something we want to do once, not twice.

We’re moving fast. The npm-published packages are battle-tested in production today — those are the parts most worth reading first. When the rest flips, you’ll already know the engine that drives it.

Org on GitHubRead CONTRIBUTINGTalk to us