Skip to main content
Common usage patterns and recipes for nono.

AI Coding Agents

Claude Code

Run Claude Code with access limited to your project: 
nono run --allow . -- claude
Allow Claude to read your global config: 
nono run --allow . --read-file ~/.claude/config.json -- claude
Start an interactive shell inside the sandbox: 
nono shell --allow .

OpenClaw

Run OpenClaw gateway with nono sandbox: 
nono run --profile openclaw -- openclaw gateway
Or manually specify permissions: 
nono run --allow ~/.openclaw -- openclaw gateway

Generic AI Agent

nono run --allow ./workspace -- my-ai-agent

Checking Path Access

Why is a path blocked?

# Check a sensitive path
nono why --path ~/.ssh/id_rsa --op read
# Output: DENIED - sensitive_path (SSH keys and config)

# JSON output for programmatic use
nono why --json --path ~/.aws --op read
# {"status":"denied","reason":"sensitive_path","category":"AWS credentials",...}

Check with capability context

# Would ./src be writable if we use --allow .?
nono why --path ./src --op write --allow .
# Output: ALLOWED - Granted by: --allow .

# Check against a profile
nono why --path ./src --op read --profile claude-code

Query from inside a sandbox

# AI agents can query their own capabilities
nono run --allow-cwd -- nono why --self --path /tmp --op write --json
# {"status":"denied","reason":"not_in_allowed_paths",...}

Check network access

# Network is allowed by default
nono why --host api.openai.com --port 443
# Output: ALLOWED - network allowed by default

# Check with network blocked
nono why --host api.openai.com --block-net
# Output: DENIED - network_blocked

Build Tools

Cargo (Rust)

# Full build with all access
nono run --allow . -- cargo build

# Read source, write only to target
nono run --read ./src --read ./Cargo.toml --read ./Cargo.lock --allow ./target -- cargo build

npm/Node.js

# Install dependencies (requires network, allowed by default)
nono run --allow . -- npm install

# Run build (offline)
nono run --allow . --block-net -- npm run build

# Run tests
nono run --allow . -- npm test

Make

nono run --allow . -- make

Network Operations

curl/wget

# Download a file (network allowed by default)
nono run --write ./downloads -- curl -o ./downloads/file.tar.gz https://example.com/file.tar.gz

# API request
nono run --allow-cwd -- curl -X POST https://api.example.com/data

Git Operations

# Clone (network allowed by default)
nono run --allow ./repos -- git clone https://github.com/user/repo.git

# Local operations
nono run --allow . -- git status
nono run --allow . -- git commit -m "message"

# Push/pull (network allowed by default)
nono run --allow . -- git push

Multi-Directory Access

Separate Source and Output

nono run --read ./src --allow ./dist -- webpack build

Multiple Projects

nono run --allow ./project-a --allow ./project-b -- my-tool

Shared Dependencies

nono run --allow . --read ~/.local/share/my-tool -- my-tool

Debugging and Testing

Dry Run

Preview what access would be granted: 
nono run --allow-cwd --read /etc --dry-run -- my-agent

Verbose Output

# Maximum verbosity
nono run -vvv --allow-cwd -- command

Testing Sandbox Enforcement

# Should succeed - writing to allowed path
nono run --allow . -- sh -c "echo test > ./allowed.txt"

# Should fail - writing outside allowed path
nono run --allow-cwd -- sh -c "echo test > /tmp/blocked.txt"

# Should succeed - network allowed by default
nono run --allow-cwd -- curl https://example.com

# Should fail - network blocked with --block-net
nono run --allow-cwd --block-net -- curl https://example.com

Shell Scripts

Running a Script

nono run --allow . -- ./my-script.sh

Inline Commands

nono run --allow-cwd -- sh -c "echo hello && ls -la"

Configuration Files

Read-Only Config

nono run --allow . --read-file ~/.config/myapp/config.toml -- myapp

Multiple Config Files

nono run --allow . \
  --read-file ~/.gitconfig \
  --read-file ~/.npmrc \
  -- my-tool

Using Profiles

Built-in Profiles

# Claude Code profile
nono run --profile claude-code -- claude

# OpenClaw profile
nono run --profile openclaw -- openclaw gateway

Profile with Extra Permissions

nono run --profile claude-code --read /tmp/extra -- claude

Profile with Custom Workdir

nono run --profile claude-code --workdir ./my-project -- claude

Restrict Profile to Specific Domains

nono run --profile claude-code --allow-domain api.openai.com -- claude

Real-World Scenarios

Code Review Agent

An agent that reads code and writes review comments: 
nono run \
  --read ./src \
  --read ./tests \
  --write ./reviews \
  -- code-review-agent

Documentation Generator

An agent that reads source and generates docs: 
nono run \
  --read ./src \
  --allow ./docs \
  -- doc-generator

Data Processing Pipeline

nono run \
  --read ./input \
  --write ./output \
  --read-file ./config.yaml \
  -- data-processor

Cloud Agent with Credential Access

By default, ~/.aws and ~/.config/gcloud are blocked by the deny_credentials group. Use --override-deny to grant targeted access: 
# AWS agent
nono run \
  --allow-cwd \
  --override-deny ~/.aws \
  --allow ~/.aws \
  -- my-aws-agent

# Multi-cloud agent
nono run \
  --allow-cwd \
  --override-deny ~/.aws \
  --override-deny ~/.config/gcloud \
  --allow ~/.aws \
  --read ~/.config/gcloud \
  -- multi-cloud-agent

Offline Build Environment

nono run \
  --allow-cwd \
  --block-net \
  -- make release

IPC Between Sandboxed Processes

Run an MCP server and a client in separate sandboxes, communicating over localhost: 
# Terminal 1: MCP server on port 3000 (network blocked except IPC port)
nono run --block-net --open-port 3000 --allow ./mcp-server -- node server.js

# Terminal 2: Agent connects to the MCP server on port 3000
nono run --block-net --open-port 3000 --allow ./agent -- my-agent

# With proxy filtering + localhost IPC
nono run --network-profile claude-code --open-port 3000 --allow-cwd -- claude