Nono - Kernel-Enforced Capability Sandbox for AI Agents

Nono is a tool developed to limit the permissions of AI agents, which often have unrestricted shell access. It applies kernel-level restrictions via Landlock (Linux 5.13+) and Seatbelt (macOS), using a deny-by-default model that blocks access to files, destructive commands, and sensitive paths. These rules are irreversible from the user space and apply to child processes. The tool also allows for the cryptographic signing of Git commits generated by agents.