Signed packs. Verifiable installs.
A central registry for nono policies, agent hooks, skills, and any custom artifacts for your agents. Every pack is signed, scanned, and verified before it reaches your machine — software supply-chain security built in.
intentionally-left-nil/npm
Run npm commands in an isolated sandbox, preventing untrusted package code from executing on your host machine
darron/dbrain-mcp
Use when the user asks to query, search, browse, research with, inspect, or ask questions of their local dbrain/second-brain memory via MCP, including phrases like "use my brain", "ask my brain", "search dbrain", or "what does my brain know about ...".
always-further/hermes
Official Hermes Agent Pack
Publish from your own repo
You own the source. Tag a release and the pack lands on the registry — signed, scanned, and ready to install.
Your repo
Push the pack to your own GitHub repo and tag a release.
Sign & scan
CI signs the artifact and emits a verifiable manifest.
Publish
The pack is indexed on registry.nono.sh.
Install anywhere
Anyone runs nono pull yourname/pack.
Find a pack. Or publish your own.
Signed, scanned, and verified packs for sandboxing AI agents — install with one command, or publish from your own GitHub repo.