Quick Comparison
What nono Adds
nono is strongest when you need:Zero-Latency Startup
Direct Access to Your Working Directory
AI coding agents need to read and modify your actual source files. With nono, this works naturally:Automatic Credential Protection
nono blocks sensitive paths by default, even if you allow a parent directory:Zero Configuration
nono requires no setup - just install and run:- Docker daemon running
- Dockerfile for custom images
- Understanding of volumes, networks, users
- Image pulls and builds
What Containers Add
Containers cover areas that nono does not:Full Environment Isolation
If the agent needs specific system libraries, language runtimes, or tools:Resource Limits
Containers can limit CPU, memory, and I/O:--memory (a cgroup v2 hard ceiling on Linux; see Resource limits), so a runaway agent cannot exhaust host RAM. It does not yet limit CPU or I/O — for those, reach for a container.
Process Isolation
Containers have separate PID namespaces - processes inside can’t see or signal host processes:Reproducible Environments
For CI/CD or sharing exact environments:Using Both Together
Because nono and containers operate at different layers, they combine naturally. The container handles namespace isolation and resource limits; nono handles path-level filesystem control and credential blocking inside the container:- Namespace isolation from the container — processes, network, and mounts are separated from the host
- Resource limits from the container — cap CPU, memory, and I/O
- Path-level control from nono — the agent can only touch
/work, even though the container filesystem is larger - Credential blocking from nono — sensitive paths are denied automatically, even if a home directory is mounted in
Threat Model Comparison
What nono Protects Against
- Reading/writing files outside allowed paths
- Accessing credentials (~/.ssh, ~/.aws, etc.)
- Running blocked commands (rm, dd, etc.)
- Network access (when blocked)
What Containers Protect Against
- All of the above (but with a fair amount of configuration)
- Process visibility and signaling
- Resource exhaustion (with limits)
- Environment contamination
What Neither Protects Against
- Kernel vulnerabilities
- Side-channel attacks
- Prompt Injection (which no one can fully prevent)
- Social engineering (agent convinces you to run dangerous command)
Performance Comparison
Startup Time
Memory Overhead
- nono: ~0 MB (just applies sandbox and execs)
- Docker: ~10-50 MB per container (runtime overhead)
Disk Usage
- nono: ~2 MB binary
- Docker: 100 MB+ per image (varies widely)
Adding nono to an Existing Workflow
If you’re currently using Docker only for sandboxing (not for environment isolation), nono can simplify your setup:Decision Flowchart
Summary
Next Steps
- Security Model - Understanding nono’s guarantees
- Profiles - Pre-configured sandboxes for common agents
- Installation - Get started with nono