Next-Generation Agent Security

Runtime safety infrastructure for AI agents. Kernel-enforced isolation, supply-chain security, immutable auditing, atomic rollbacks, credential management, and more.

Get Started Documentation

$brew install nono

From the creator of

Sigstore

The industry standard for software signing, used by PyPi, Homebrew, Maven and Google, GitHub, NVIDIA

Infrastructure

Five layers of runtime safety

Each layer builds on the previous, creating defense in depth for AI agent execution.

Kernel Isolation

Landlock and Seatbelt enforce irrevocable allow-lists at the kernel level on Linux, macOS, and Windows.

Undo & Rollback

Content-addressed snapshots capture filesystem state before every session.

Audit Trail

Merkle-tree-committed session logs with cryptographic integrity verification.

Supply Chain Provenance

Sigstore-backed signing ensures instruction files were authored by trusted identities.

Runtime Supervisor

Dynamic permission expansion with approval workflows.

SDKs

Orchestrate Secure Environments

Enforce kernel-level isolation, network filtering, and atomic rollbacks with native SDKs.

Python

import nono_py as nono

caps = nono.CapabilitySet()
caps.allow_path("/project", nono.AccessMode.READ_WRITE)
caps.block_network()

nono.apply(caps)

TypeScript

import { CapabilitySet, AccessMode, apply } from 'nono-ts';

const caps = new CapabilitySet();
caps.allowPath('/project', AccessMode.ReadWrite);
caps.blockNetwork();

apply(caps);

Rust

use nono::{CapabilitySet, AccessMode, Sandbox};

let caps = CapabilitySet::new()
    .allow_path("/project", AccessMode::ReadWrite)?
    .block_network();

Sandbox::apply(&caps)?;

C FFI bindings for any language with C interop

CC++GoSwiftRubyZig

Community

From the community

“OS-Level Isolation for AI Agents. Really awesome work and resource here”

Chris Hughes -- VP, Security Strategy @ Zenity

“Neat project, thanks for sharing! I like the OS-specific security primitives, useful built-in profiles, and being able to customize what's allowed/blocked.”

Clint Gibler -- Head of Security Research at Semgrep

“I integrated nono into my project this weekend and it was a breeze to work with!”

Terra Tauri -- Senior Engineer II, Bit Complete

“nono hits the real problem: agents shouldn’t inherit full user trust by default. Treating them like untrusted processes, with deny-by-default filesystem, network, and secrets access, feels like the right baseline going forward.”

snapsec -- Centralising Application Security

“Beautiful work! It is encouraging to see kernel security being taken seriously, especially during this current episode of OpenClaw and Moltbot. ”

Cuong Nguyen -- Cloud Architect and System Engineer

Start securing your AI agents

Kernel-level isolation, cryptographic audit trails, and atomic rollbacks. Open source and ready to deploy.

Get Started Read the Docs