From 026f82e697c9486ec33f0c90df46e980dfd4e811 Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 9 Jan 2026 23:33:19 -0800 Subject: [PATCH] Document AI agent sandbox conflicts in server-AGENTS.md Codex CLI seccomp filters block nix daemon access. Workaround: disable redundant sandbox since server provides isolation. Co-Authored-By: Claude Opus 4.5 --- docs/server-AGENTS.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/server-AGENTS.md b/docs/server-AGENTS.md index ea0e7f5..496dfaf 100644 --- a/docs/server-AGENTS.md +++ b/docs/server-AGENTS.md @@ -88,6 +88,26 @@ Simple Unix isolation - no containers, VMs, or complex sandboxing: This is a learning environment, not a hostile multi-tenant system. +## AI Agent Sandbox Conflicts + +Some AI coding agents (Codex, etc.) run commands in their own sandbox with seccomp +filters. This can block nix daemon access even though the server allows it. + +**Symptom**: `nix store ping` or `nix develop` fails with "Operation not permitted" +from within the agent, but works from your regular SSH session. + +**Fix for Codex CLI**: Disable redundant sandboxing (server already provides isolation): + +```bash +# One-off +codex -s danger-full-access + +# Permanent (~/.codex/config.toml) +sandbox_mode = "danger-full-access" +``` + +Other agents may have similar sandbox settings - check their docs if nix commands fail. + ## Do NOT - Run `sudo` (you don't have access)