# Nono Docs

## Docs

- [Claude Code](https://nono.sh/docs/cli/clients/claude-code.md): Sandboxing Anthropic Claude Code with nono
- [Codex](https://nono.sh/docs/cli/clients/codex.md): Sandboxing OpenAI Codex CLI with nono
- [OpenClaw](https://nono.sh/docs/cli/clients/openclaw.md): Sandboxing OpenClaw gateway and agents with nono
- [OpenCode](https://nono.sh/docs/cli/clients/opencode.md): Sandboxing OpenCode AI coding assistant with nono
- [Contributing](https://nono.sh/docs/cli/development/index.md): Contributing to nono - testing, debugging, and development workflows
- [Testing](https://nono.sh/docs/cli/development/testing.md): nono integration test suites, running tests, and CI pipeline
- [Atomic Rollbacks](https://nono.sh/docs/cli/features/atomic-rollbacks.md): Content-addressable filesystem snapshots with integrity verification
- [Audit Trail](https://nono.sh/docs/cli/features/audit.md): Session tracking, filtering, and compliance reporting
- [Credential Injection](https://nono.sh/docs/cli/features/credential-injection.md): Keep API keys out of the sandbox with proxy-based credential injection or environment variable injection from the system keystore, 1Password, or Apple Passwords
- [Environment Variable Filtering](https://nono.sh/docs/cli/features/environment.md): Restrict which environment variables are passed to sandboxed processes with an explicit allow-list, preventing credential leaks and reducing the attack surface
- [Execution Modes](https://nono.sh/docs/cli/features/execution-modes.md): Supervised and Direct execution strategies
- [Learn (Path & Network Discovery)](https://nono.sh/docs/cli/features/learn.md): Trace commands to discover required filesystem paths and network activity
- [Networking](https://nono.sh/docs/cli/features/networking.md): Network access control — blocking, domain filtering, upstream proxies, and localhost IPC
- [Pack Publishing Setup](https://nono.sh/docs/cli/features/package-publishing.md): End-to-end setup for nono packs, trusted publishing, and the GitHub Action
- [Profile Authoring](https://nono.sh/docs/cli/features/profile-authoring.md): Scaffolding, schema validation, and tooling for creating custom profiles
- [Profile Introspection](https://nono.sh/docs/cli/features/profile-introspection.md): Inspect, compare, and validate nono profiles and the policy rules they reference
- [Profiles & Groups](https://nono.sh/docs/cli/features/profiles-groups.md): Pre-configured capability sets and composable security groups
- [Session Lifecycle](https://nono.sh/docs/cli/features/session-lifecycle.md): Manage live sandbox sessions with ps, attach, detach, stop, inspect, and prune
- [Supervisor Mode](https://nono.sh/docs/cli/features/supervisor.md): Runtime services provided by the trusted parent process
- [Trust & Attestation](https://nono.sh/docs/cli/features/trust.md): Cryptographic verification of files
- [Installation](https://nono.sh/docs/cli/getting_started/installation.md): How to install nono on your system
- [Quickstart](https://nono.sh/docs/cli/getting_started/quickstart.md): Learn how to use nono to sandbox commands
- [Why OS-Level Controls](https://nono.sh/docs/cli/internals/application.md): Why kernel enforcement beats application-level controls
- [nono and containers](https://nono.sh/docs/cli/internals/containers.md): How nono and containers complement each other for sandboxing AI agents
- [Platform Internals](https://nono.sh/docs/cli/internals/index.md): How nono enforces sandboxing at the OS level - threat model, guarantees, and limitations
- [Linux Landlock](https://nono.sh/docs/cli/internals/landlock.md): How nono uses Landlock LSM on Linux for kernel-level enforcement
- [macOS Seatbelt](https://nono.sh/docs/cli/internals/seatbelt.md): How nono uses Apple's Seatbelt sandbox on macOS
- [Security Model](https://nono.sh/docs/cli/internals/security-model.md): Trust boundaries, Landlock + seccomp-notify layering, and the rationale behind nono's supervisor architecture
- [Attestation Internals](https://nono.sh/docs/cli/internals/signing.md): Sigstore-based cryptographic attestation format and verification pipeline
- [WSL2 Support](https://nono.sh/docs/cli/internals/wsl2.md): Running nono inside Windows Subsystem for Linux 2 (WSL2) — what works, what's limited, and why
- [WSL2 Feature Matrix](https://nono.sh/docs/cli/internals/wsl2-feature-matrix.md): Complete feature-by-feature compatibility status for nono on WSL2
- [Developer Workflows](https://nono.sh/docs/cli/usage/developer-workflows.md): Recommended operational patterns for running coding agents safely with nono
- [Examples](https://nono.sh/docs/cli/usage/examples.md): Common usage patterns and recipes for nono
- [CLI Reference](https://nono.sh/docs/cli/usage/flags.md): Complete reference for all nono command-line flags
- [Troubleshooting](https://nono.sh/docs/cli/usage/troubleshooting.md): Common issues and solutions when using nono
- [Core Library](https://nono.sh/docs/core/overview.md): The nono Rust library providing capability-based sandboxing primitives
- [Welcome to Nono](https://nono.sh/docs/introduction.md): Secure, kernel-enforced sandbox CLI and SDKs for AI agents, MCP and LLM workloads. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.
- [AccessMode](https://nono.sh/docs/python/api/access-mode.md): File system access mode enum
- [CapabilitySet](https://nono.sh/docs/python/api/capability-set.md): Build and manage sandbox permissions
- [CapabilitySource](https://nono.sh/docs/python/api/capability-source.md): Origin of a capability grant
- [FsCapability](https://nono.sh/docs/python/api/fs-capability.md): Filesystem capability details
- [Module Functions](https://nono.sh/docs/python/api/functions.md): Top-level functions in nono_py
- [ProxyConfig](https://nono.sh/docs/python/api/proxy-config.md): Network proxy configuration
- [QueryContext](https://nono.sh/docs/python/api/query-context.md): Query permissions without applying the sandbox
- [SandboxState](https://nono.sh/docs/python/api/sandbox-state.md): Serialize and restore capability sets
- [SnapshotManager](https://nono.sh/docs/python/api/snapshot-manager.md): Filesystem snapshots and rollback
- [SupportInfo](https://nono.sh/docs/python/api/support-info.md): Platform support information
- [Examples](https://nono.sh/docs/python/examples.md): Real-world usage patterns for nono-py
- [Installation](https://nono.sh/docs/python/installation.md): Install the nono Python SDK
- [Python SDK](https://nono.sh/docs/python/overview.md): Capability-based sandboxing for Python applications
- [Quickstart](https://nono.sh/docs/python/quickstart.md): Build your first sandboxed Python application
- [Quickstart](https://nono.sh/docs/quickstart.md): Get started with nono in 2 minutes
- [CapabilitySet](https://nono.sh/docs/typescript/capability-set.md): Build a set of filesystem and network capabilities for the sandbox
- [Demonstrator](https://nono.sh/docs/typescript/demonstrator.md): End-to-end sandboxed file transformer demo for nono-ts
- [Examples](https://nono.sh/docs/typescript/examples.md): Runnable nono-ts examples in JavaScript and TypeScript
- [Functions](https://nono.sh/docs/typescript/functions.md): Module-level functions for applying sandboxes and checking platform support
- [Node.js SDK](https://nono.sh/docs/typescript/overview.md): Embed OS-enforced sandboxing directly into your Node.js applications
- [QueryContext](https://nono.sh/docs/typescript/query-context.md): Test whether operations would be permitted before applying the sandbox
- [Quickstart](https://nono.sh/docs/typescript/quickstart.md): Get started with nono sandboxing in your Node.js application in 5 minutes
- [SandboxState](https://nono.sh/docs/typescript/sandbox-state.md): Serialize and deserialize sandbox state for process inheritance
- [Types](https://nono.sh/docs/typescript/types.md): TypeScript type definitions for the nono SDK

## OpenAPI Specs

- [openapi](https://nono.sh/docs/api-reference/openapi.json)