Lothar SchulzClaude Code runs with your full user permissions. nono wraps it in a kernel-level sandbox that makes unauthorised filesystem and network operations structurally impossible — not policy-blocked, not permission-dialogo'd: impossible. Five hands-on scenarios tested on macOS: escaping the working directory, reaching for AWS credentials, deleting directories outside the project and blocking outbound network calls. Plus the honest account of what it actually takes to trigger rollback.
https://www.lotharschulz.info/2026/04/11/sandboxing-claude-code-cli-with-nono/
