Built by the team that brought you
Sigstore
The standard for secure software attestation, used by PyPI, npm, brew, and Maven Central
License CI Status Documentation
Join Discord We're hiring agent-sign GitHub Action
Note
In the lead-up to a 1.0 release, APIs are stabilizing. API changes may still occur where necessary, but will be kept to a minimum.
Run AI agents in a zero latency sandbox in seconds and with zero setup — Claude Code, Codex, Pi, CoPilot, Hermes, OpenCode, OpenClaw and more — nono gets you up and running within seconds, with no daemon, no container, no VM, and no disk space usage. Out of the box, nono enforces a least-privilege sandbox and supports macOS, Linux, and Windows (WSL2).
From here fork the config, tweak it, theme it, make it your own, and share it with your team or the community via the nono registry.
Want to operationalise and run at scale or within your team? Engineers at some of the largest tech companies in the world use nono as part of their workflows or to run AI agents in production.
Copied by many — nono pioneered the zero-latency, zero-setup agent sandbox, and continues to innovate and lead the way in agent sandboxing.
brew install nono
Other platforms — Debian/Ubuntu, Fedora, Arch, RHEL, openSUSE, WSL2, and Nix: see install instructions.
Search for an agent in the registry, then run it:
$ nono search opencode always-further/opencode - Official Always Further Opencode Plugin $ nono run --profile always-further/opencode -- opencode
That's it. opencode now runs with read/write access to the current directory and nothing else — your SSH keys, your cloud credentials, the rest of your disk are invisible to it.
Profiles for all the popular agents live at registry.nono.sh, secured and ready to pull. Each one bundles the right filesystem scope, network allowlist, hooks, skills and more.
Outgrow the defaults? Scaffold a profile and tweak it — same command you already know:
nono profile init opencode --extends always-further/opencode nono run --profile opencode -- opencode
Are you an agent developer and want to publish your own agent package? We would love to have you and promote your work! See the docs.
Head over to the docs and discover nono's rich composable policy system, credentials injection, L7 filtering, supply chain security, rollback, multiplexing, audit and more.
nono provides FFI bindings for Rust, Python, TypeScript, and Go.
Also available as Python, TypeScript, and Go bindings.
We encourage using AI tools to contribute. However, you must understand and carefully review any AI-generated code before submitting. Security is paramount. If you don't understand how a change works, ask in Discord first.
If you discover a security vulnerability, please do not open a public issue. Follow the process in our Security Policy.
Apache-2.0