RepoRadar
Leave a Tip
Item detail

always-further/nono

nono is an Apache-2.0 zero-latency, zero-setup sandbox for running AI agents in production — built by the team that built Sigstore. 2,719 stars, runs on macOS, Linux, and Windows (WSL2), enforces least-privilege by default, and supports Claude Code, Codex, Pi, CoPilot, Hermes, OpenCode, OpenClaw out of the box. No daemon, no container, no VM, no disk space required.

Open source Back to radar
Score8.0
Popularity75.0
Risknone
TierSilver
Score breakdown
Usefulness8.0
Novelty8.0
Momentum8.0
Maturity7.4
Open-source/build8.4
Evidence7.2
Workflow potential9.5
Setup ease8.8

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for engineering teams that want to run coding agents on real developer machines (or in CI) with the same least-privilege story that Sigstore gave to software supply chains. Install via the registry at registry.nono.sh, fork a config, and let nono enforce the sandbox before the agent touches your filesystem or network.

Who should use it

engineering teams that want to run coding agents on developer machines with a least-privilege story they can explain to securityDevSecOps leads standardizing on agent isolation across CI and local dev environmentsplatform teams that want one binary to sandbox Claude Code, Codex, CoPilot, Hermes, and OpenCode without separate Docker configsopen-source maintainers who want to ship a reproducible sandbox alongside their project's coding-agent workflowanyone tired of running coding agents as root or with full filesystem access

Who should skip it

Skip if the source link, docs, or setup requirements do not match your workflow.

Risk explanation

No inherent user-impacting risk is flagged from the captured evidence.

Evidence links

Closest alternatives / related signals

agent-infrastructuresandboxisolationleast-privilegesigstoreclaude-codecodexcopilot