Skip to main content
nono works with any CLI tool, but these guides walk through setup and best practices for popular AI coding agents.

Supported Clients

ClientProfileNetworkDescription
Claude Codeclaude-codeAllowedAnthropic’s CLI coding agent
OpenCodeopencodeAllowedOpen-source AI coding assistant
OpenClawopenclawAllowedMulti-channel AI agent platform

Quick Start

Every supported client has a built-in profile. Use it with a single flag: 
nono run --profile <name> -- <command>
For example: 
# Claude Code
nono run --profile claude-code -- claude

# OpenCode
nono run --profile opencode -- opencode

# OpenClaw gateway
nono run --profile openclaw -- openclaw gateway

Using a Different Client?

nono is agent-agnostic. If your tool isn’t listed here, you can run it directly with capability flags: 
nono run --allow . -- my-agent
Or create a custom profile. See Security Profiles for the profile format and how to create your own.

What the Sandbox Does

When you run a client through nono:
  1. Only the directories and files you grant are accessible
  2. Sensitive paths (~/.ssh, ~/.aws, etc.) are blocked by default
  3. Network can be allowed or blocked per-profile
  4. All child processes inherit the same restrictions
  5. The sandbox cannot be escaped or expanded at runtime
See Security Model for full details.