Nono
Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency
What is Nono?
Nono is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to capability-based agent runtime with fine-grained policies . brokering access directly within the agent's operating context, with zero setup and zero latency
Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Capability-based agent runtime with fine-grained policies .
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx nonoConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Nono
Nono is a capability-based agent runtime sandbox for AI coding agents that enforces fine-grained security policies — restricting filesystem scope, network access, and credential exposure — without requiring containers, VMs, daemons, or any disk space beyond the binary itself. It wraps existing agents (Claude Code, OpenCode, Aider, and others) with a least-privilege enforcement layer drawn from community-maintained profiles, and provides L7 network filtering, credential injection, and audit logging. Security-conscious developers use it to run AI agents on sensitive codebases while ensuring the agent cannot exfiltrate data, access cloud credentials, or make unauthorized network requests.
Prerequisites
- macOS or Linux (including WSL2 on Windows); native Windows is not supported
- Homebrew on macOS, or the appropriate package manager on Linux (apt, dnf, pacman, etc.)
- At least one supported AI coding agent installed (e.g., Claude Code, OpenCode, Aider)
- An MCP-compatible client if using nono to wrap an MCP server
Install nono
Install nono via Homebrew on macOS. Linux users can install via apt, dnf, pacman, or other platform-specific methods documented in the repository.
brew install nonoSearch for a profile for your agent
Nono uses community profiles that define the right policy set for a specific agent. Search the registry to find a profile for the agent you want to sandbox.
nono search opencodeRun your agent inside the nono sandbox
Launch your agent through nono using the found profile. The agent gets read/write access to the current directory only; SSH keys, cloud credentials, and the rest of the disk are blocked.
nono run --profile always-further/opencode -- opencodeCreate a custom profile
Extend an existing profile to add custom filesystem paths, network allowlist entries, or credential injection rules for your specific workflow.
nono profile init my-opencode --extends always-further/opencodeRun Claude Code with a nono sandbox profile
Use nono to wrap Claude Code so it operates under enforced filesystem and network policies.
nono search claude-code
nono run --profile always-further/claude-code -- claudeNono Examples
Client configuration
MCP client configuration that runs nono as a wrapper around another MCP server for sandboxed access.
{
"mcpServers": {
"nono-sandboxed-agent": {
"command": "nono",
"args": [
"run",
"--profile", "always-further/opencode",
"--",
"opencode"
]
}
}
}Prompts to try
Example nono CLI commands for sandboxing AI agents.
- nono search claude-code (find available sandbox profiles for Claude)
- nono run --profile always-further/opencode -- opencode (run OpenCode sandboxed)
- nono profile init my-profile --extends always-further/opencode (create a custom policy)
- "Run my agent on this repository but block all outbound network access except api.anthropic.com."
- "Enforce that the agent can only write to the /tmp/agent-workspace directory."Troubleshooting Nono
Agent fails to access required files or directories outside the project root
Create a custom profile extending the base one and add the required paths to the filesystem allowlist: 'nono profile init my-profile --extends always-further/opencode', then edit the profile to add allowed paths.
Network requests fail when the agent tries to call external APIs
The default profile blocks all outbound network traffic except explicitly allowed hosts. Edit your profile's network allowlist to add the required API endpoints (e.g., api.anthropic.com, api.openai.com).
nono: command not found after Homebrew install
Run 'brew link nono' to ensure the binary is symlinked into /usr/local/bin or /opt/homebrew/bin. Then open a new terminal session so the PATH update takes effect.
Frequently Asked Questions about Nono
What is Nono?
Nono is a Model Context Protocol (MCP) server that capability-based agent runtime with fine-grained policies . brokering access directly within the agent's operating context, with zero setup and zero latency It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Nono?
Follow the installation instructions on the Nono GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Nono?
Nono works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Nono free to use?
Yes, Nono is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Nono Alternatives — Similar Security Servers
Looking for alternatives to Nono? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Nono in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Nono?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.