Zum Hauptinhalt springen

Glossary & Core Concepts

A quick reference for the vocabulary used throughout the azuma nori documentation. These are the nouns you will meet when creating a project, running an analysis, and reading results.

Analysis model

Policy : A compliance or security framework that nori can evaluate a codebase against — for example BSI TR-03161 or the EU Cyber Resilience Act. Each project targets one policy.

Control : A single requirement within a policy (for example, a cryptography requirement identified as O.Cryp_2). A policy is made up of many controls, each evaluated independently.

Sub-agent : A bounded LLM task that evaluates a specific slice of the work. nori deliberately splits an analysis across many sub-agents rather than asking one model to judge an entire standard, so each evaluation stays focused and evidence-backed. See Architecture.

Wiki : A set of compact, local Markdown indices that nori builds from your codebase during the Indexing Phase. The Wiki summarizes your architecture, dependencies, and structure, and is fed to sub-agents as trusted context so they don't have to re-scan the whole repository.

Finding : An individual issue a sub-agent reports for a control, carrying a severity and a concrete file:line reference. Findings are grouped as Critical, Potential, and Informational in the results view.

Verdict / Score : The outcome of evaluating a control, expressed as a 0–100 score and a Pass / Fail status. Control scores are aggregated into an Overall Score for the run.

Run : One execution of an analysis against a project at a point in time. Each run records its status, metrics (duration, tokens, cost), overall score, and per-control results. Runs are listed in the Analysis History.

Project : A target codebase bound to a single policy, plus its workspace configuration (root directory, data directory, and AI-model settings). See Create a Project.

Configuration & execution

Depth : How thorough an analysis run is (for example Light, Medium, or Extreme). Higher depth means more scrutiny per control at the cost of more time and tokens.

Root Directory : The folder containing the source code you want to analyze. nori reads from it but never writes to it.

Data Directory (.nori) : A separate, writable workspace where nori stores its configuration, cache, Wiki, and exports. Keep it outside your source tree. See Standalone Client.

Evidence / Document Indexing : External proof — PDFs, certificates, diagrams, pentest reports — attached to a project or a specific control so that requirements which can't be verified from source code alone can still be evaluated. See External Evidence.

Regulatory Report : A per-control compliance dossier suitable for auditors, assembled deterministically from a run's findings and metadata. See Reporting & Exports.

Platform terms

Workspace : An organization's licensed environment. You select a licensed nori workspace at sign-in, and it determines which policies and settings are available to you.

Freemium : A free tier that exposes a subset of controls, letting you try a policy before a full license is in place.

Policy Stability : A maturity label shown on each policy:

  • Stable — production-ready and fully supported.
  • Beta — usable and reasonably complete, but still being refined.
  • Preview — early access; may be limited in availability and subject to change.