> ## Documentation Index
> Fetch the complete documentation index at: https://nono.sh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent Setup Guide

> Get started using nono with your preferred AI coding agent

nono works with any CLI tool, but these guides walk through setup and best practices for popular AI coding agents.

## Supported Clients

| Client                                  | Profile       | Network | Description                     |
| --------------------------------------- | ------------- | ------- | ------------------------------- |
| [Claude Code](/cli/clients/claude-code) | `claude-code` | Allowed | Anthropic's CLI coding agent    |
| [Codex](/cli/clients/codex)             | `codex`       | Allowed | OpenAI's CLI coding agent       |
| [OpenCode](/cli/clients/opencode)       | `opencode`    | Allowed | Open-source AI coding assistant |
| [OpenClaw](/cli/clients/openclaw)       | `openclaw`    | Allowed | Multi-channel AI agent platform |

## Quick Start

Every supported client has a profile available via the registry or as a preset. Use it with a single flag:

```bash theme={null}
nono run --profile <name> -- <command>
```

For example:

```bash theme={null}
# Claude Code
nono run --profile always-further/claude -- claude

# Codex
nono run --profile always-further/codex -- codex

# OpenCode
nono run --profile always-further/opencode -- opencode

# OpenClaw gateway
nono run --profile openclaw -- openclaw gateway
```

## Using a Different Client?

nono is agent-agnostic. If your tool isn't listed here, you can run it directly with capability flags:

```bash theme={null}
nono run --allow-cwd -- my-agent
```

Or create a custom profile. See [Security Profiles](/cli/features/profiles-groups) for the profile format and how to create your own.

## What the Sandbox Does

When you run a client through nono:

1. Only the directories and files you grant are accessible
2. Sensitive paths (`~/.ssh`, `~/.aws`, etc.) are blocked by default
3. Network can be allowed or blocked per-profile
4. All child processes inherit the same restrictions
5. The sandbox cannot be escaped at runtime - expansion requires explicit supervisor approval (Linux only)

See [Security Model](/cli/internals/security-model) for full details.