Description
────────────────────────────────────────────────────────────────────────────────
1) nixosandbox not on PATH
Command
nixosandbox create --with openclaw --profile strict --json
Output
/bin/bash: nixosandbox: command not found
Command exited with code 127
────────────────────────────────────────────────────────────────────────────────
2) Invalid CLI combination (--with + --profile)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --with openclaw --profile strict --json
Output
error: specify only one of --profile, --spec, or --with
Command exited with code 1
────────────────────────────────────────────────────────────────────────────────
3) Strict-like --with attempt fails (platform mismatch)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --with openclaw,bash,cacert,coreutils --network off --name test-openclaw-strictish --json
Output (full error section)
nix build failed: nix build --expr failed: warning: unknown setting 'filter-syscalls'
these 8 derivations will be built:
/nix/store/15s1kk2n6vg180wg04wj2wgnl19f03v7-nodejs-24.14.0.drv
/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv
/nix/store/fb0n30kp0zmhzqaf6gb6drl0jzl6zvgh-version-check-home-hook.drv
/nix/store/rc0xfsbycb4sxcsvd55vx8qzc7kdr0an-source.drv
/nix/store/q4yy8y79gkx8b2mq1b9mmdvkjnh80vrj-openclaw-pnpm-deps.drv
/nix/store/vxgibsy8z2symk2cwl5md46g9h96v1l4-openclaw-2026.4.8.drv
/nix/store/8hw2w07xwwmlbb444ka3wdqpl9ps5s7d-sandbox-env-custom-bc485dc040defd35.drv
/nix/store/4dhvi61pji2p7d8vcy5vd4wssrjv2iq7-sandbox-custom-bc485dc040defd35.drv
these 191 paths will be fetched (215.90 MiB download, 952.04 MiB unpacked):
... [nix store paths elided in this message for brevity] ...
warning: unknown setting 'filter-syscalls'
error: a 'x86_64-linux' with features {} is required to build '/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv', but I am a 'aarch64-darwin' with features {apple-virt,
benchmark, big-parallel, nixos-test}
Command exited with code 1
────────────────────────────────────────────────────────────────────────────────
4) --profile strict attempt on macOS also fails (same platform issue)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --profile strict --json
Output
nix build failed: nix build failed: warning: unknown setting 'filter-syscalls'
warning: ignoring untrusted flake configuration setting 'extra-substituters'.
Pass '--accept-flake-config' to trust it
warning: ignoring untrusted flake configuration setting 'extra-trusted-public-keys'.
Pass '--accept-flake-config' to trust it
these 3 derivations will be built:
/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv
/nix/store/da27vdxgmcq8531y1mn4cayws4mldyns-sandbox-env-strict.drv
/nix/store/4w3gy77qip8hqcp7rd4if0n9b286qmg3-sandbox-strict.drv
warning: unknown setting 'filter-syscalls'
error: a 'x86_64-linux' with features {} is required to build '/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv', but I am a 'aarch64-darwin' with features {apple-virt,
benchmark, big-parallel, nixos-test}
Command exited with code 1
────────────────────────────────────────────────────────────────────────────────
5) Direct nix build of strict profile fails (same root cause)
Command
nix build --accept-flake-config .#sandbox-strict
Output
warning: unknown setting 'filter-syscalls'
warning: ignoring untrusted substituter 'https://cache.numtide.com', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
these 3 derivations will be built:
/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv
/nix/store/da27vdxgmcq8531y1mn4cayws4mldyns-sandbox-env-strict.drv
/nix/store/4w3gy77qip8hqcp7rd4if0n9b286qmg3-sandbox-strict.drv
warning: unknown setting 'filter-syscalls'
error: a 'x86_64-linux' with features {} is required to build '/nix/store/6pi963va0p9888x3yshcf9r9jw7dvias-builder.pl.drv', but I am a 'aarch64-darwin' with features {apple-virt,
benchmark, big-parallel, nixos-test}
Command exited with code 1
────────────────────────────────────────────────────────────────────────────────
Please test this locally and fix this so that the pi extension can deploy a sandbox if the user is running on a MacOS
Description
────────────────────────────────────────────────────────────────────────────────
1) nixosandbox not on PATH
Command
Output
────────────────────────────────────────────────────────────────────────────────
2) Invalid CLI combination (--with + --profile)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --with openclaw --profile strict --jsonOutput
────────────────────────────────────────────────────────────────────────────────
3) Strict-like --with attempt fails (platform mismatch)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --with openclaw,bash,cacert,coreutils --network off --name test-openclaw-strictish --jsonOutput (full error section)
────────────────────────────────────────────────────────────────────────────────
4) --profile strict attempt on macOS also fails (same platform issue)
Command
NIXOSANDBOX_FLAKE_ROOT=$PWD ./crates/nixosandbox/target/release/nixosandbox create --profile strict --jsonOutput
────────────────────────────────────────────────────────────────────────────────
5) Direct nix build of strict profile fails (same root cause)
Command
nix build --accept-flake-config .#sandbox-strictOutput
────────────────────────────────────────────────────────────────────────────────