NPL Quickstart

Test agent governance policies locally with the open standard

NPL Quickstart

NPL (Nexus Policy Language) is the open, Apache 2.0 standard for deterministic agent governance. Test it yourself in under two minutes with npm.

WhatAccess
NPL spec + reference evaluatorgithub.com/hardalion/npl-spec
npm packages@hardalion/npl-policy-engine, @hardalion/npl-audit-verify
Nexus platform (hosted enforcement, audit DB, console)Sandbox or api.hardalion.com

1. CLI (zero install)

npx @hardalion/npl-policy-engine --tool drop_table --json

Expected: action: "BLOCK" (reference policy nato-prou-strict-financial).

Allow example:

npx @hardalion/npl-policy-engine --tool summarize_portfolio --json

Policy URI pin:

npx @hardalion/npl-policy-engine \
  --policy-uri hardalion://nato-prou-strict-financial@1.0.0 \
  --tool drop_table --json

Exit codes: 0 = ALLOW or REQUIRE_HUMAN · 1 = BLOCK (CI-friendly).

2. Your own policy file

curl -sO https://raw.githubusercontent.com/hardalion/npl-spec/main/examples/nato-prou-strict-financial.yaml

npx @hardalion/npl-policy-engine \
  --policy-file ./nato-prou-strict-financial.yaml \
  --tool wire_transfer \
  --args '{"amount":50000}' \
  --json

3. Programmatic (Node 22+)

npm install @hardalion/npl-policy-engine
import { evaluateToolCall } from '@hardalion/npl-policy-engine'

const decision = evaluateToolCall({
  policy: 'nato-prou-strict-financial',
  toolName: 'drop_table',
  toolArgs: { table: 'users' },
})

console.log(decision.action) // BLOCK
console.log(decision.ruleId)

4. Verify an audit export (offline)

npx @hardalion/npl-audit-verify \
  https://raw.githubusercontent.com/hardalion/npl-spec/main/examples/audit-export.sample.json

5. Clone the spec repo (optional)

For contributors, examples, and integration patterns:

git clone https://github.com/hardalion/npl-spec.git
cd npl-spec
pnpm install && pnpm test && pnpm demo

What NPL does not include

NPL is the portable policy contract. It does not ship:

  • Hosted kill switches or multi-node enforcement
  • Immutable audit storage or compliance dashboards
  • Full MiFID / DORA workflow engines

Those capabilities are provided by the Nexus platform. You can evaluate every policy locally without a Nexus subscription.

Next steps