nono

nono is kernel-enforced sandboxing for AI agents — not policy-based filtering, but OS-level restrictions using Landlock (Linux) and Seatbelt (macOS) that are structurally impossible to bypass once applied. It wraps your agent in an irreversible capability sandbox with API key protection, destructive action guardrails, and full snapshot/rollback.

This is real security, not theater. Unlike Docker (container-level, escapable), nono applies restrictions directly to the process with zero infrastructure overhead. Compared to Zeroboot (VM-level, Linux-only), nono is lighter and cross-platform. Compared to Fence (CLI wrapper, simpler), nono goes deeper with cryptographic audit chains and atomic rollback.

Use this when you're running AI agents on machines with real data and want genuine isolation. Skip this if you only run agents in disposable cloud environments.

The catch: the sandbox is irreversible by design — if your policy is too restrictive, you restart the process. Built-in agent profiles help, but custom policies require understanding OS security primitives. Apache 2.0 license, actively maintained.