nono
Kernel-enforced agent sandbox and security CLI/SDKs with capability-based isolation.
The Lens
Nono provides that. It's a capability-based sandbox where you explicitly grant each permission an agent gets. Basically, it's a bouncer for your operating system: the agent only gets through the doors you open.
Capability-based means instead of blocking bad things (which requires knowing all bad things), you whitelist good things. The agent can only access files, network, and system calls you explicitly allow. Everything else is denied at the kernel level.
Apache 2.0 licensed, Rust.
The catch: kernel-level enforcement means Linux only, no macOS, no Windows. The capability model requires you to think carefully about what permissions each agent needs, which is more work upfront than just running Docker. And the documentation and community support are thin.
Free vs Self-Hosted vs Paid
fully freeFully open source under Apache 2.0. No paid tier, no hosted version. You install the CLI/SDK and run it on your Linux infrastructure.
Free. Linux only.
Similar Tools
About
- Stars
- 1,659
- Forks
- 112
Explore Further
More tools in the directory
Get tools like this delivered weekly
The Open Source Drop — the best new open source tools, analyzed. Free.