Automic VaultAutomic Vault

brew

Install nono with Homebrew, Nix

Capability-based sandbox shell for AI agents with OS-enforced isolation. Version 0.67.1 via Homebrew; verified 2026-07-06.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install nono

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#nono

nixpkgs package indexes · pkgs/by-name/no/nono/package.nix · source: api.github.com

overview

Package summary

Capability-based sandbox shell for AI agents with OS-enforced isolation

Commands and aliases

  • nono

history

Project history and usage

nono is a capability-based sandbox CLI and SDK project for AI agents, MCP tools, and LLM workloads. Its docs describe a secure, kernel-enforced sandbox with capability-based isolation, secure key management, rollback, and an immutable audit chain.

Project history

The GitHub repository was created on 2026-01-31. Public launch material posted on 2026-02-02 framed nono as a response to local AI coding agents running with the user's full filesystem and network permissions.

The core design uses kernel primitives instead of a container runtime: Landlock on Linux and Seatbelt on macOS. The project also exposes SDK directions beyond the CLI, with docs for a Rust core library plus Go, TypeScript, and Python integration paths.

Release activity accelerated quickly in 2026. GitHub release metadata shows v0.66.0 published on 2026-06-29, and Homebrew packaged the same stable version in its 2026-07-01 formula data.

Adoption history

nono is young, but it had already become unusually visible for a 2026 security CLI: the GitHub repository had thousands of stars by 2026-07-01, Homebrew reported thousands of installs across 90 and 365 day windows in its 2026-07-01 formula data, and discussion/examples focus on sandboxing AI coding agents rather than generic process confinement.

Because the project is close to the AI-agent security wave, adoption should be treated as early-stage and volatile. The reliable source-backed claim is that it had rapid package-manager and GitHub traction by mid-2026, not that it had become a mature standard.

How it is used

Typical CLI usage wraps an agent or command with explicit filesystem and network capabilities: examples include `nono run --allow . -- claude`, separate `--allow` and `--write` paths, `--net-block`, and `--dry-run`. The docs and launch post also describe default protection for sensitive paths such as SSH keys, AWS credentials, and shell configs.

Package users reach for it when they want OS-enforced guardrails around an AI agent, build step, test run, or data-processing command without building a container image. The important operational model is that child processes inherit restrictions once the sandbox is applied.

Why package nerds care

nono is notable because it packages a security boundary as a normal CLI wrapper for developer workstations. For package nerds, the interesting part is not only the Rust binary but the distribution of OS-specific confinement behavior through one command: Landlock-backed Linux behavior, Seatbelt-backed macOS behavior, and formula variants that differ by platform dependencies.

Timeline

  • 2026-01-31: GitHub repository created.
  • 2026-02-02: introductory post published.
  • 2026-06-29: v0.66.0 release published.
  • 2026-07-01: Homebrew formula data listed stable 0.66.0.

Related projects

  • Related concepts and projects include Linux Landlock, macOS Seatbelt, AI coding agents such as Claude Code and OpenCode, MCP workloads, Docker, and local sandbox wrappers.

security posture

Risk level: yellow

generalized runtime or code generation signal.

Risk classifier

yellow risk · medium confidence · runtime

Why

  • generalized runtime or code generation signal

Signals

  • text:shell

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
nonocliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.67.1
manager updated2026-07-06
local dataok
upstreamcurrent
latest detectedv0.67.1

https://github.com/nolabs-ai/nono

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:nono
Version0.67.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/nono
Homepagehttps://nono.sh
Repositoryhttps://github.com/nolabs-ai/nono
Upstream docshttps://nono.sh/docs/introduction
LicenseApache-2.0
Source archivehttps://github.com/nolabs-ai/nono/archive/refs/tags/v0.67.1.tar.gz
Last updated2026-07-06T16:12:22Z
Pulseupdated
Build dependenciespkgconf, rust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenono
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

nono

nix profile install nixpkgs#nono
  • normalized package name match
  • Matched by: Nono
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/no/nono/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment