ok: nix run . -- . -- broken NIX_UNSTABLE=1 m .

[blaggacao]

error: access to path '/nix/store/6h5ps0y3zy7cl9rrmdnwv35fq71j71z0-cli' is forbidden in restricted mode

I don't really know what's causing this issue.

[blaggacao]

I have to freeze for 2-3 days. @kamadorueda I hope you can figure it out. That might be the last missing bit for flakes support.

[kamadorueda]

builtins.readDir is what's causing the problem

This for instance solves the error you mention by making project-path-ls-dirs an import-from-derivation instead of the builtin:

diff --git a/src/args/project-path-ls-dirs/builder.sh b/src/args/project-path-ls-dirs/builder.sh
new file mode 100644
index 0000000..a278cc5
--- /dev/null
+++ b/src/args/project-path-ls-dirs/builder.sh
@@ -0,0 +1,10 @@
+# shellcheck shell=bash
+
+function main {
+  find "${envRel}" -mindepth 1 -maxdepth 1 -type d \
+    | jq --raw-input . \
+    | jq --slurp . \
+      > "${out}"
+}
+
+main "${@}"
diff --git a/src/args/project-path-ls-dirs/default.nix b/src/args/project-path-ls-dirs/default.nix
index 0106d14..68021b6 100644
--- a/src/args/project-path-ls-dirs/default.nix
+++ b/src/args/project-path-ls-dirs/default.nix
@@ -1,13 +1,16 @@
 { __nixpkgs__
-, filterAttrs
+, makeDerivation
+, fromJsonFile
 , projectPath
 , ...
 }:
 rel:
-let
...skipping...
-let
-  isDir = _: value: value == "directory";
-  ls = builtins.readDir (projectPath rel);
-  dirs = filterAttrs isDir ls;
-  dirNames = builtins.attrNames dirs;
-in
-builtins.map builtins.unsafeDiscardStringContext dirNames
+fromJsonFile (makeDerivation {
+  builder = ./builder.sh;
+  name = "ls-dirs-${rel}";
+  env.envRel = projectPath rel;
+  searchPaths.bin = [
+    __nixpkgs__.findutils
+    __nixpkgs__.jq
+  ];
+})

but anyway after fixing this one, there is another builtins.readDir when "magically" loading the makes/ folder, as we need to list it recursively for loading each main.nix there

should be easier to pass --impure to nix >= 2.4 ? I feel it too restrictive not being able to use nix the "natural" way (what you find in nix-pills/tutorials).
We can avoid the use of builtins.readDir here in the framework, but it may be horrible for other people to hunt these errors

[kamadorueda]

I confirm with --impure all builtins.readDir work well and NIX_UNSTABLE=1 nix3 run . -- . becomes possible

diff --git a/src/cli/main/__main__.py b/src/cli/main/__main__.py
index 340a0fc..d1ea014 100644
--- a/src/cli/main/__main__.py
+++ b/src/cli/main/__main__.py
@@ -153,6 +153,7 @@ def _nix_build(
         *_if(NIX_STABLE and is_src_local(src), "--argstr"),
         *_if(NIX_STABLE and is_src_local(src), "projectSrcMutable", src),
         *_if(NIX_STABLE, "--attr", attr),
+        *_if(not NIX_STABLE, "--impure"),
         *["--option", "cores", "0"],
         *["--option", "narinfo-cache-negative-ttl", "1"],
         *["--option", "narinfo-cache-positive-ttl", "1"],

[blaggacao]

This is closed via 068a36c

Let's continue broader discussion on #652