> ## Documentation Index > Fetch the complete documentation index at: https://nono.sh/docs/llms.txt > Use this file to discover all available pages before exploring further. # Types > TypeScript type definitions for the nono SDK This page documents all TypeScript types exported by the nono SDK. ## AccessMode Enum representing the level of filesystem access to grant. ```typescript theme={null} enum AccessMode { Read = 0, Write = 1, ReadWrite = 2, } ``` ### Values | Value | Description | | ----------- | ------------------------------------------ | | `Read` | Read-only access to files and directories | | `Write` | Write-only access (create, modify, delete) | | `ReadWrite` | Full read and write access | ### Usage ```typescript theme={null} import { CapabilitySet, AccessMode } from 'nono-ts'; const caps = new CapabilitySet(); // Read-only access caps.allowPath('/etc', AccessMode.Read); // Write-only access caps.allowPath('/var/log', AccessMode.Write); // Full access caps.allowPath('/tmp', AccessMode.ReadWrite); ``` *** ## FsCapabilityInfo Information about a filesystem capability. ```typescript theme={null} interface FsCapabilityInfo { original: string; resolved: string; access: string; isFile: boolean; source: string; } ``` ### Properties The path as originally specified when adding the capability. The canonicalized absolute path after symlink resolution. Access level string: `"read"`, `"write"`, or `"read+write"`. `true` if this is a single-file capability, `false` for directories. How the capability was added (e.g., `"api"`, `"config"`). ### Example ```typescript theme={null} import { CapabilitySet, AccessMode } from 'nono-ts'; const caps = new CapabilitySet(); caps.allowPath('/tmp', AccessMode.ReadWrite); caps.allowFile('/etc/hosts', AccessMode.Read); const capabilities = caps.fsCapabilities(); for (const cap of capabilities) { console.log(`Path: ${cap.original}`); console.log(` Resolved: ${cap.resolved}`); console.log(` Access: ${cap.access}`); console.log(` Is File: ${cap.isFile}`); console.log(` Source: ${cap.source}`); } ``` *** ## SupportInfoResult Information about sandbox support on the current platform. ```typescript theme={null} interface SupportInfoResult { isSupported: boolean; platform: string; details: string; } ``` ### Properties Whether sandboxing is available on this platform. Platform identifier. One of: * `"linux"` — Linux with Landlock support * `"macos"` — macOS with Seatbelt support * `"unsupported"` — Platform not supported Human-readable description of the sandbox backend, version, and any limitations. ### Example ```typescript theme={null} import { supportInfo } from 'nono-ts'; const info = supportInfo(); switch (info.platform) { case 'linux': console.log('Using Landlock sandbox'); break; case 'macos': console.log('Using Seatbelt sandbox'); break; default: console.log('No sandbox available'); } ``` *** ## QueryResultInfo Result of a permission query. ```typescript theme={null} interface QueryResultInfo { status: string; reason: string; grantedPath?: string; access?: string; granted?: string; requested?: string; } ``` ### Properties Result status: `"allowed"` or `"denied"`. Reason for the result: **Allowed reasons:** * `"granted_path"` — A filesystem capability grants access * `"network_allowed"` — Network access is not blocked **Denied reasons:** * `"path_not_granted"` — No capability covers the path * `"insufficient_access"` — Path covered but with lower access level * `"network_blocked"` — Network has been blocked For `granted_path` results, the path of the granting capability. For `granted_path` results, the access level granted. For `insufficient_access` results, the access level that was granted. For `insufficient_access` results, the access level that was requested. ### Example ```typescript theme={null} import { CapabilitySet, QueryContext, AccessMode } from 'nono-ts'; const caps = new CapabilitySet(); caps.allowPath('/data', AccessMode.Read); const query = new QueryContext(caps); const result = query.queryPath('/data/file.txt', AccessMode.Write); if (result.status === 'denied') { if (result.reason === 'insufficient_access') { console.log(`Have ${result.granted}, need ${result.requested}`); } else if (result.reason === 'path_not_granted') { console.log('Path is not covered by any capability'); } } ``` *** ## Complete Type Definitions For reference, here are all the type definitions in a single block: ```typescript theme={null} // Enums export const enum AccessMode { Read = 0, Write = 1, ReadWrite = 2, } // Interfaces export interface FsCapabilityInfo { original: string; resolved: string; access: string; isFile: boolean; source: string; } export interface SupportInfoResult { isSupported: boolean; platform: string; details: string; } export interface QueryResultInfo { status: string; reason: string; grantedPath?: string; access?: string; granted?: string; requested?: string; } // Classes export class CapabilitySet { constructor(); allowPath(path: string, mode: AccessMode): void; allowFile(path: string, mode: AccessMode): void; blockNetwork(): void; allowCommand(cmd: string): void; blockCommand(cmd: string): void; platformRule(rule: string): void; deduplicate(): void; pathCovered(path: string): boolean; fsCapabilities(): FsCapabilityInfo[]; get isNetworkBlocked(): boolean; summary(): string; } export class SandboxState { static fromCaps(caps: CapabilitySet): SandboxState; static fromJson(json: string): SandboxState; toJson(): string; toCaps(): CapabilitySet; get netBlocked(): boolean; } export class QueryContext { constructor(caps: CapabilitySet); queryPath(path: string, mode: AccessMode): QueryResultInfo; queryNetwork(): QueryResultInfo; } // Functions export function apply(caps: CapabilitySet): void; export function isSupported(): boolean; export function supportInfo(): SupportInfoResult; ```