Signed packs. Verifiable installs.
A central registry for nono policies, agent hooks, skills, and any custom artifacts for your agents. Every pack is signed, scanned, and verified before it reaches your machine — software supply-chain security built in.
always-further/antigravity
Antigravity nono package
intentionally-left-nil/npm
Run npm commands in an isolated sandbox, preventing untrusted package code from executing on your host machine
darron/dbrain-mcp
Use when the user asks to query, search, browse, research with, inspect, or ask questions of their local dbrain/second-brain memory via MCP, including phrases like "use my brain", "ask my brain", "search dbrain", or "what does my brain know about ...".
Publish from your own repo
You own the source. Tag a release and the pack lands on the registry — signed, scanned, and ready to install.
Your repo
Push the pack to your own GitHub repo and tag a release.
Sign & scan
CI signs the artifact and emits a verifiable manifest.
Publish
The pack is indexed on registry.nono.sh.
Install anywhere
Anyone runs nono pull yourname/pack.
Find a pack. Or publish your own.
Signed, scanned, and verified packs for sandboxing AI agents — install with one command, or publish from your own GitHub repo.