TypeScript SDK

Runtime Safety for TypeScript AI Agents

Enforce kernel-level isolation, network filtering, and atomic rollbacks from TypeScript with nono-ts.

npm install nono-ts
npm

Secure execution model

The TypeScript SDK provides native N-API bindings to nono's core Rust library. When you call apply(caps), the SDK applies kernel-level Landlock rules (Linux) or Seatbelt profiles (macOS) to the Node.js process. The sandbox is irrevocable and inherited by all child processes.

This works with any Node.js runtime — standard Node, Bun, or Deno. The native bindings load the correct platform-specific library automatically. Use QueryContext to dry-run permission checks before applying the sandbox, and SandboxState to serialize and restore capability sets.

Type-Safe API

Full TypeScript type definitions with strict mode support. The CapabilitySet builder pattern catches policy errors at compile time. All async operations return properly typed Promises.

Runtime Compatibility

Works with Node.js 18+, Bun, and Deno. The native N-API bindings load platform-specific libraries automatically. ESM and CJS module formats are both supported.

sandbox.ts
import { CapabilitySet, AccessMode, apply } from 'nono-ts';


// Define capabilities
const caps = new CapabilitySet();
caps.allowPath('/project', AccessMode.ReadWrite);
caps.allowFile('/home/user/.gitconfig', AccessMode.Read);
caps.blockNetwork(); // deny all outbound connections


// Apply sandbox (irrevocable)
apply(caps);


// Your agent code runs here, fully sandboxed
await agent.run();
query.ts
import {
  CapabilitySet, AccessMode, QueryContext,
  isSupported, supportInfo
} from 'nono-ts';


// Check platform support
const info = supportInfo();
console.log(info.platform, info.details);


// Build capabilities and dry-run check
const caps = new CapabilitySet();
caps.allowPath('/project', AccessMode.ReadWrite);


const ctx = new QueryContext(caps);
const result = ctx.queryPath('/etc/passwd', AccessMode.Read);
console.log(result.status); // "denied"
console.log(result.reason); // explains why

SDK Capabilities

CapabilitySet

Builder pattern for defining filesystem access, network blocking, and command rules. Irrevocable after apply().

QueryContext

Dry-run permission checks against a capability set. Test whether a path or network access would be allowed before applying.

SandboxState

Serialize and deserialize capability sets to JSON. Persist sandbox configurations or transfer them between processes.

Related

Linux Sandbox

How kernel isolation works under the hood

Learn more

API Reference

Full SDK documentation

Learn more

Getting Started Guide

End-to-end walkthrough

Learn more

Ship safer agents today

Read the DocsView on GitHub