nono

Active
GitHub Rust Apache-2.0

Description

A capability-based, multiplexing sandbox tool built for developers — run agents securely without needing any additional infra, zero setup, zero latency.

Key Features

  • Capability-based, policy-governed runtime for AI agents
  • Landlock (Linux) + Seatbelt (macOS) kernel-level sandbox isolation
  • Credential proxy injection mode, API keys never enter the sandbox
  • Sigstore signing and verification of instruction file integrity
  • Multiplexing for parallel agent sandboxes
  • Policies are composable, auditable, and versionable

Use Cases

💡 Safely running untrusted AI agent code
💡 Enterprise-level agent policy governance and audit compliance
💡 Isolated agent task execution in CI/CD pipelines
💡 Local secure debugging of agent applications for developers

Tags

rust security agent tools

Categories

🏗️ Sandbox & Execution

Quick Start

brew install nono, then run nono run --profile always-further/claude -- claude to launch a sandboxed agent.
Visit GitHub

Related Projects