nono
Kernel-enforced agent sandbox and security CLI/SDKs with capability-based isolation.
The Lens
Nono provides that. It's a capability-based sandbox where you explicitly grant each permission an agent gets. Basically, it's a bouncer for your operating system: the agent only gets through the doors you open.
Capability-based means instead of blocking bad things (which requires knowing all bad things), you whitelist good things. The agent can only access files, network, and system calls you explicitly allow. Everything else is denied at the kernel level.
Apache 2.0 licensed, Rust.
The catch: kernel-level enforcement means Linux only, no macOS, no Windows. The capability model requires you to think carefully about what permissions each agent needs, which is more work upfront than just running Docker. And the documentation and community support are thin.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Free vs Self-Hosted vs Paid
fully freeFully open source under Apache 2.0. No paid tier, no hosted version. You install the CLI/SDK and run it on your Linux infrastructure.
Free. Linux only.
Similar Tools
About
- Stars
- 2,327
- Forks
- 157
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
370.3k ★claw-code
The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.
190.9k ★n8n
Fair-code workflow automation with native AI capabilities
187.3k ★