Nono

v1.0.0Securitystable

Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency

agent-sandboxagent-securityai-agent-sandboxai-agent-securityai-agents
Share:
2,445
Stars
0
Downloads
0
Weekly
0/5

What is Nono?

Nono is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to capability-based agent runtime with fine-grained policies . brokering access directly within the agent's operating context, with zero setup and zero latency

Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Capability-based agent runtime with fine-grained policies .

Use Cases

Capability-based agent runtime with fine-grained policies
Zero-setup agent sandboxing
always-further

Maintainer

LicenseApache-2.0
Languagerust
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx nono

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Nono

Nono is a capability-based agent runtime sandbox for AI coding agents that enforces fine-grained security policies — restricting filesystem scope, network access, and credential exposure — without requiring containers, VMs, daemons, or any disk space beyond the binary itself. It wraps existing agents (Claude Code, OpenCode, Aider, and others) with a least-privilege enforcement layer drawn from community-maintained profiles, and provides L7 network filtering, credential injection, and audit logging. Security-conscious developers use it to run AI agents on sensitive codebases while ensuring the agent cannot exfiltrate data, access cloud credentials, or make unauthorized network requests.

Prerequisites

  • macOS or Linux (including WSL2 on Windows); native Windows is not supported
  • Homebrew on macOS, or the appropriate package manager on Linux (apt, dnf, pacman, etc.)
  • At least one supported AI coding agent installed (e.g., Claude Code, OpenCode, Aider)
  • An MCP-compatible client if using nono to wrap an MCP server
1

Install nono

Install nono via Homebrew on macOS. Linux users can install via apt, dnf, pacman, or other platform-specific methods documented in the repository.

brew install nono
2

Search for a profile for your agent

Nono uses community profiles that define the right policy set for a specific agent. Search the registry to find a profile for the agent you want to sandbox.

nono search opencode
3

Run your agent inside the nono sandbox

Launch your agent through nono using the found profile. The agent gets read/write access to the current directory only; SSH keys, cloud credentials, and the rest of the disk are blocked.

nono run --profile always-further/opencode -- opencode
4

Create a custom profile

Extend an existing profile to add custom filesystem paths, network allowlist entries, or credential injection rules for your specific workflow.

nono profile init my-opencode --extends always-further/opencode
5

Run Claude Code with a nono sandbox profile

Use nono to wrap Claude Code so it operates under enforced filesystem and network policies.

nono search claude-code
nono run --profile always-further/claude-code -- claude

Nono Examples

Client configuration

MCP client configuration that runs nono as a wrapper around another MCP server for sandboxed access.

{
  "mcpServers": {
    "nono-sandboxed-agent": {
      "command": "nono",
      "args": [
        "run",
        "--profile", "always-further/opencode",
        "--",
        "opencode"
      ]
    }
  }
}

Prompts to try

Example nono CLI commands for sandboxing AI agents.

- nono search claude-code (find available sandbox profiles for Claude)
- nono run --profile always-further/opencode -- opencode (run OpenCode sandboxed)
- nono profile init my-profile --extends always-further/opencode (create a custom policy)
- "Run my agent on this repository but block all outbound network access except api.anthropic.com."
- "Enforce that the agent can only write to the /tmp/agent-workspace directory."

Troubleshooting Nono

Agent fails to access required files or directories outside the project root

Create a custom profile extending the base one and add the required paths to the filesystem allowlist: 'nono profile init my-profile --extends always-further/opencode', then edit the profile to add allowed paths.

Network requests fail when the agent tries to call external APIs

The default profile blocks all outbound network traffic except explicitly allowed hosts. Edit your profile's network allowlist to add the required API endpoints (e.g., api.anthropic.com, api.openai.com).

nono: command not found after Homebrew install

Run 'brew link nono' to ensure the binary is symlinked into /usr/local/bin or /opt/homebrew/bin. Then open a new terminal session so the PATH update takes effect.

Frequently Asked Questions about Nono

What is Nono?

Nono is a Model Context Protocol (MCP) server that capability-based agent runtime with fine-grained policies . brokering access directly within the agent's operating context, with zero setup and zero latency It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Nono?

Follow the installation instructions on the Nono GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Nono?

Nono works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Nono free to use?

Yes, Nono is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Nono Alternatives — Similar Security Servers

Looking for alternatives to Nono? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "nono": { "command": "npx", "args": ["-y", "nono"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Nono?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides