Skip to main content
OpenCode is an open-source AI coding assistant that runs in your terminal. It reads your codebase, writes files, and executes commands. Running it under nono ensures it stays within the boundaries you define.

Why Sandbox OpenCode?

OpenCode has full access to your filesystem and can run arbitrary commands. Without isolation:
  • It could access files outside your project directory
  • A malicious prompt or compromised dependency could exfiltrate credentials
  • Unintended writes could affect configuration or system files
nono prevents all of this at the kernel level.

Quick Start

nono run --profile opencode -- opencode
The built-in profile provides:
  • Read+write access to the current working directory
  • Read+write access to ~/.config/opencode (configuration)
  • Read+write access to ~/.cache/opencode (cache)
  • Read+write access to ~/.local/share/opencode (data)
  • Network access enabled (required for AI provider API calls)

Custom Profile

Create ~/.config/nono/profiles/opencode.toml for different permissions: 
[meta]
name = "opencode"
version = "1.0.0"
description = "OpenCode with restricted access"

[filesystem]
allow = ["$WORKDIR"]
read = [
  "$XDG_CONFIG_HOME/opencode",
  "$XDG_DATA_HOME/opencode"
]

[network]
block = false

[secrets]
openai_api_key = "OPENAI_API_KEY"
Usage: 
nono run --profile opencode --trust-unsigned --secrets -- opencode

Security Tips

Use Secrets Management

Load your AI provider API key from the system keystore instead of environment exports: macOS: 
security add-generic-password -s "nono" -a "openai_api_key" -w
Linux: 
secret-tool store --label="nono: openai_api_key" service nono username openai_api_key
Then run: 
nono run --profile opencode --secrets openai_api_key -- opencode
See Secrets Management for full documentation.

Read-Only Mode

For reviewing code without allowing modifications: 
nono run --read . --read ~/.config/opencode -- opencode

Restrict to a Specific Project

nono run --allow ~/projects/my-app --read ~/.config/opencode -- opencode

Overriding Profile Settings

CLI flags always take precedence: 
# Add extra directory access
nono run --profile opencode --allow ~/shared-libs -- opencode

# Block network
nono run --profile opencode --net-block -- opencode
See Security Profiles for details on profile format and precedence rules.