NanoAgent
Health Warn
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in .github/nanoai-issue-handler.sh
Permissions Pass
- Permissions — No dangerous permissions requested
This tool is an AI-powered coding assistant that helps developers automate feature work, bug fixes, and code reviews directly from a desktop application, terminal, or CI/CD pipeline.
Security Assessment
The application acts as an AI agent with broad system access. It is explicitly designed to inspect code, modify files, and execute shell commands to run tests or builds. It also makes external network requests to interact with various large language model providers (OpenAI, Anthropic, Google, etc.). While no hardcoded secrets or dangerous permission scopes were found, the overall risk is rated as Medium. A critical flag was raised during the audit: a recursive force deletion command (`rm -rf`) was identified in a bundled GitHub actions script (`.github/nanoai-issue-handler.sh`). Developers must carefully review and restrict this script before integrating the tool into any automated workflows to prevent accidental data loss.
Quality Assessment
The project is relatively new and currently suffers from low community visibility, having only accumulated 5 GitHub stars. However, the repository is under active development, with the most recent code push occurring today. It benefits from a standard, well-known open-source license (Apache-2.0). The included README is comprehensive, offering clear instructions and outlining the tool's permission boundary features, which indicates good initial documentation.
Verdict
Use with caution due to low community trust and a potentially destructive shell script, though the project itself is actively maintained and properly licensed.
AI Coding Agent
NanoAgent
An AI coding agent for desktop and terminal workflows.
NanoAgent brings an AI teammate into your everyday engineering flow. Open a project, ask for help, and let the agent inspect code, explain behavior, make focused changes, run validation commands, and review work with clear permission boundaries.
It is designed for developers who want useful automation without giving up control. NanoAgent can move through real tasks, but sensitive actions such as edits, command execution, network access, memory writes, MCP tools, and elevated operations remain governed by profiles, permissions, and approval prompts.
Why NanoAgent
- Work from a desktop app or the
nanoaiterminal command. - Ask for feature work, bug fixes, planning, code review, and build/test loops.
- Run NanoAI review automation from GitHub, GitLab, or Bitbucket PR/MR workflows.
- Choose OpenAI, OpenAI ChatGPT Plus/Pro sign-in, OpenRouter, Anthropic, Google AI Studio, or an OpenAI-compatible provider.
- Switch between hands-on build mode, read-only planning, and read-only review.
- Delegate focused work to built-in or project-defined subagents.
- Add project instructions, skills, custom agents, process-based custom tools, MCP tools, and reusable lessons.
- Keep risky actions visible with permission prompts, policy rules, and undo/redo for tracked file edits.
Product Experience
Desktop
Use the desktop app when you want a visual workspace with sections, model controls, slash-command suggestions, permission prompts, activity output, and undo/redo close at hand.
Terminal
Use nanoai when you want a keyboard-first workflow, one-shot prompts, piped input, or quick review and automation from the command line.
nanoai
nanoai "Summarize this repository"
echo "Review the latest changes for regressions" | nanoai --profile review
CI Review Automation
The included GitHub Actions, GitLab CI, and Bitbucket Pipelines examples install NanoAI from the latest release, run the workspace pr-reviewer profile against the PR/MR diff, and post a review comment.
Copy .nanoagent/agents/pr-reviewer.md plus the matching CI files for your platform: .github/workflows/nanoai-review.yml and .github/nanoai-github-review.sh, .gitlab-ci.yml and .gitlab/nanoai-gitlab-review.sh, or bitbucket-pipelines.yml and .bitbucket/nanoai-bitbucket-review.sh.
Configure NANOAGENT_API_KEY. GitLab posting needs GITLAB_TOKEN or NANOAI_GITLAB_TOKEN; Bitbucket posting needs BITBUCKET_ACCESS_TOKEN or BITBUCKET_USERNAME plus BITBUCKET_APP_PASSWORD. Optional variables are NANOAGENT_PROVIDER, NANOAGENT_MODEL, NANOAGENT_BASE_URL, and NANOAGENT_THINKING.
Profiles
| Profile | Best for |
|---|---|
build |
Implementation, fixes, tests, and validation. |
plan |
Read-only investigation and implementation plans. |
review |
Read-only code review focused on bugs, regressions, and missing tests. |
general |
Bounded delegated implementation work. |
explore |
Fast read-only project investigation. |
Providers
| Provider | Setup |
|---|---|
| OpenAI | API key |
| OpenAI ChatGPT Plus/Pro | Browser sign-in |
| OpenRouter | API key |
| Google AI Studio | API key |
| Anthropic | API key |
| OpenAI-compatible provider | Base URL and API key |
Install
Desktop Downloads
| Platform | Download |
|---|---|
| Windows x64 | Installer |
| Linux x64 | Zip |
| Linux arm64 | Zip |
| macOS x64 | Zip |
| macOS arm64 | Zip |
CLI
macOS / Linux:
curl -fsSL https://raw.githubusercontent.com/rizwan3d/NanoAgent/master/scripts/install.sh | bash
Windows PowerShell:
irm https://raw.githubusercontent.com/rizwan3d/NanoAgent/master/scripts/install.ps1 | iex
Restart your shell if nanoai is not immediately available.
First Run
Start NanoAgent:
nanoai
NanoAgent will guide you through provider setup, model discovery, and the first section. After setup, you can switch models with the terminal F2 or /models picker, or switch profiles and thinking mode from the desktop controls or terminal commands.
For terminal onboarding, you can pass an API key up front:
nanoai --provider-auth-key <key>
Common Commands
| Command | Purpose |
|---|---|
/help |
Show available commands. |
/config |
Show provider, model, section, profile, thinking mode, and config path. |
/models |
Choose the active model with the arrow-key picker. |
/use <model> |
Switch directly to a model id. |
/onboard |
Re-run provider onboarding and switch the active session to the new provider. |
/profile <name> |
Switch profile. |
/thinking [on|off] |
Show or set thinking mode. |
/permissions |
Show permission policy summary. |
/rules |
Show effective rules. |
/allow <tool-or-tag> [pattern] |
Add a session allow override. |
/deny <tool-or-tag> [pattern] |
Add a session deny override. |
/mcp |
Show MCP servers, custom tool providers, and dynamic tools. |
/init |
Create .nanoagent starter files for a project. |
/update [now] |
Check for updates, or install immediately with /update now. |
/undo |
Roll back the most recent tracked file edit transaction. |
/redo |
Re-apply the most recently undone edit transaction. |
/exit |
Exit the terminal UI. |
Press F2 in the terminal UI to choose the active model with the same arrow-key picker.
Type / in the terminal input to open command suggestions, then use Up/Down and Enter to choose a command.
Safety and Control
NanoAgent is built around explicit control:
build,plan, andreviewprofiles shape what the agent is allowed to do.- Permission rules decide whether actions are allowed, denied, or require approval.
- Sensitive actions can prompt before they run.
- Session overrides let you allow or deny a tool pattern temporarily.
- Tracked file edits can be undone and redone.
- Secret-looking values are redacted before logs, memory, audit records, and displayed tool output.
Your code stays on your machine. Prompts, relevant snippets, tool output, and conversation context are sent to the model provider you choose when they are needed for a request.
Learn More
The detailed user guide lives in docs/documentation.md. It covers onboarding, desktop and terminal workflows, providers, models, permissions, MCP, memory, hooks, custom agents, troubleshooting, and source builds.
License
Apache License 2.0. See LICENSE.
Sponsored by
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found