lukehinds

lukehinds / nono

Public

Secure, kernel-enforced sandbox CLI and SDKs for AI agents. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

nono.shdocs agent agentic-ai ai-agent-security ai-agents ai-security
679
53
100% credibility
Found Feb 02, 2026 at 116 stars 6x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

nono creates operating system-enforced protective zones for AI coding assistants and other programs to prevent access to sensitive files and block harmful actions.

How It Works

1
🔍 Hear about safe AI helpers

You learn about nono, a simple way to run AI coding tools without them accidentally messing with your private files or running risky actions.

2
📦 Get it set up quickly

You install nono with one easy command on your Mac or Linux computer, like grabbing a helpful app from the store.

3
⚙️ Pick a ready setup

Choose a pre-made plan for your favorite AI tool, like Claude Code, so it knows exactly what files it can touch.

4
🚀 Start your safe session

Run your AI inside nono's protective bubble with one command – it feels secure yet your work flows smoothly.

5
See why something's blocked

If the AI hits a wall on a private folder, quickly check what needs adjusting without frustration.

Work securely with AI

Now you code faster with AI help, knowing your secrets and system stay safe – peace of mind achieved!

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 116 to 679 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is nono?

nono is a Rust CLI tool that runs AI agents or any POSIX command in a kernel-enforced capability sandbox, using Landlock on Linux (5.13+) and Seatbelt on macOS. You grant explicit read/write access to paths like `--allow . --read ./src`, block network with `--net-block`, and it prevents escapes to sensitive areas like ~/.ssh or ~/.aws while blocking destructive commands like rm or chmod by default. Built for securing github repositories and agents, it injects API keys securely and offers profiles for Claude Code, OpenCode, and OpenClaw.

Why is it gaining traction?

Unlike app-level sandboxes, nono uses OS primitives for hard denials—no policy filtering to bypass—making it ideal for untrusted AI like how to secure github copilot or secure github actions. Prebuilt profiles and commands like `nono why --path ~/.ssh --op read` give instant feedback, plus hooks for agents to explain blocks. With 309 stars, it's hooking devs worried about AI accessing secure github private repositories or files.

Who should use this?

AI agent users running local coding tools like Claude Code or OpenClaw on personal machines, especially those with github secure files or tokens. Devs testing secure github pages or alternatives to YOLO-mode agents in workflows. Teams evaluating nono for nonogramm-style puzzles or nonomo federwiege setups needing agent isolation.

Verdict

Promising for sandboxing agents in secure github repositories, but early alpha (no full audit, 1.0% credibility score, 309 stars) means test thoroughly on non-critical work. Pair with `nono learn` to profile commands before production.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.