Zum Hauptinhalt springen

azuma nori

Welcome to the product documentation for azuma nori. Designed for Developers, C-Level Executives, and Product Owners, this documentation hub maps the technical reality and architectural footprint of the platform alongside its compliance capabilities.

The Paradigm: Agentic Security Workstations

Traditional Static Application Security Testing (SAST) and manual auditing fail to provide immediate, context-aware determinations inside highly complex compliance frameworks like BSI TR-03161 or standard ISO domains.

azuma nori bridges this by establishing an "Agentic Security Workstation" directly on developer nodes, bypassing CI/CD upload requirements entirely.

Core Distinctions

  • Not a static rule engine: Verdicts come from bounded reasoning agents, not fixed regex or signature rules. Local orchestrators spawn dynamically bounded LLM sub-agents that gather evidence from your code and reason about it in context.
  • Your code stays local: Because source code is often highly proprietary, azuma nori runs as a self-contained desktop app. Your code is read locally and is never sent to azuma nori's servers.
  • Pre-computed Matrices: The product heavily leverages pre-defined compliance matrices built exclusively to interface between regulatory definitions and Large Language Model interpreters.

High-Level Architecture

azuma nori is built on a hybrid architecture to maximize both centralized management and localized data sovereignty:

CUSTOMER SECURE BOUNDARYMANAGED SAASCustomer ProjectGit RepositorySource Code (Local Disk)Analysis Data (Local Disk)Analysis RunnerLocal EnvironmentAgentic Executionazuma noriRegulatory PoliciesInstrumentation ConfigsTelemetry SinkContextWrite EvidenceFetch PoliciesSend TelemetryLLM ModelLocal Open Weightsor Secure EndpointQueryResponse
  • Nori Backend API: The central control plane that manages organizational policy access, licenses, users, and API keys, and receives high-level run telemetry from clients. It never receives your source code.
  • Standalone Client & CLI: The execution engine running locally. It pulls policy definitions from the backend but performs all analysis on your workstation — and it is where you view your analysis runs, findings, and reports. Your code never leaves your environment.

Standalone Mode

azuma nori runs as a self-contained desktop application on your own workstation. Its defining characteristic is data sovereignty: your source code never leaves your machine and is never sent to azuma nori's servers.

Your code stays on your machine

  • Never uploaded to azuma: azuma nori has no cloud backend that ingests your source code. The analysis is performed locally by the desktop app and its embedded executor — azuma never receives, stores, or processes your code.
  • No CI/CD upload step: there is nothing to push to an external service. You point the app at a local folder, and the code is read directly from disk on your workstation.
  • Local persistence: configuration, artifacts, and analysis results are written to a local Data Directory (the .nori workspace) that you choose and control.

You bring the AI model

nori is not fully offline — the analysis is powered by a Large Language Model, so it needs a model connection to do its work. You decide where that model lives, which also determines where code snippets are evaluated:

  • Direct Cloud API — nori talks directly to the LLM provider you configure (OpenAI, Azure OpenAI, Claude, or Gemini) using your own API key. Snippets are sent only to that provider, under your account — never to azuma.
  • CLI / Local Executable — nori drives a locally installed agent CLI (Claude, Gemini, Cursor, or Codex) as a local process, keeping evaluation on or close to your own infrastructure.

Because your intellectual property never crosses your organization's boundary into azuma, audits can run continuously on internal workstations — and you retain full control over which model provider, if any, ever sees your code.

Getting Started

New to azuma nori? Start with the Getting Started guide, which walks you through everything from installing the desktop app to running your first compliance analysis and reviewing the results.

From there, browse concrete technical use cases.