nono download | SourceForge.net

nono is an open-source, kernel-enforced capability shell designed to safely run AI agents and other untrusted processes under strict operating system controls. The project addresses a growing security concern: modern coding agents typically execute with full user permissions, which means they can potentially read sensitive files, modify system configurations, or exfiltrate credentials if compromised. nono solves this by applying default-deny sandboxing at the kernel level using technologies such as Landlock on Linux and Seatbelt on macOS, making unauthorized actions structurally impossible rather than merely discouraged. Unlike container-based approaches, the tool is intentionally lightweight and can wrap any command-line process without requiring images, VMs, or complex infrastructure. The system emphasizes capability-based security, where processes are granted only the exact filesystem paths and network access they need, and nothing more.

Features

Kernel-enforced sandbox using Landlock and Seatbelt
Default-deny filesystem and network policy model
Agent-agnostic wrapper for any CLI process
Lightweight alternative to containers and VMs
Inherited restrictions across subprocesses
Sensitive path protection and command blocking

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow nono

nono Web Site

Other Useful Business Software

Go from Data Warehouse to Data and AI platform with BigQuery

Build, train, and run ML models with simple SQL. Automate data prep, analysis, and predictions with built-in AI assistance from Gemini.

BigQuery is more than a data warehouse—it's an autonomous data-to-AI platform. Use familiar SQL to train ML models, run time-series forecasts, and generate AI-powered insights with native Gemini integration. Built-in agents handle data engineering and data science workflows automatically. Get $300 in free credit, query 1 TB, and store 10 GB free monthly.

Try BigQuery Free

Rate This Project