nono
nolabs-ai
Zero-setup, daemonless sandbox that runs coding agents under least-privilege via OS kernel allow-lists.
What is nono?
A zero-setup, no-daemon sandbox for running coding agents (Claude Code, Codex, OpenCode, Copilot) under least-privilege by default, restricting filesystem and network access through OS-level kernel allow-lists rather than a VM or container. It adds proxy-based credential injection, domain and L7 network filtering, tamper-evident audit logging and atomic filesystem snapshots for undo.
Pros & Cons
Pros
- Cross-platform least-privilege (macOS, Linux, Windows via WSL2) with no daemon, container or VM
- Credential injection, L7/domain network filtering, audit log and atomic rollback in one tool
- Apache-2.0 with high release velocity (90+ releases), CI and signed agent profiles
Cons
- Pre-1.0, so the API can still change
- OS allow-list isolation is a lighter boundary than full VM/KVM isolation
- Authorship (Sigstore team) and named-company testimonials on the site are vendor claims we could not independently verify
License
Apache-2.0 (OSI-open)
When it is interesting
Running terminal coding agents locally under least-privilege with credential isolation and rollback, without VMs.
When it is too early
If you need a stable 1.0 API, or hard VM-grade isolation for untrusted code.
This repo featured in the 2026-07 edition of the Open-Source AI Radar.
UI-TARS-desktop
bytedance
Native desktop app for a GUI/computer-use agent powered by the open-weight UI-TARS model.
strix
usestrix
Framework of autonomous AI hacker agents for dynamic application security testing.
Page Agent
alibaba
In-page JavaScript GUI agent - control any webpage with natural language, no headless browser or extension.