From navaris-cli
Manages Navaris sandboxes and projects: create, list, start, stop, destroy; publish ports; choose Incus or Firecracker backends for full lifecycle control.
npx claudepluginhub erans/navaris --plugin navaris-cliThis skill uses the workspace's default tool permissions.
Covers projects, sandbox lifecycle, port forwarding, and backend selection.
Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.
Builds production-ready Apache Airflow DAGs with patterns for operators, sensors, testing, and deployment. For data pipelines, workflow orchestration, and batch jobs.
Share bugs, ideas, or general feedback.
Covers projects, sandbox lifecycle, port forwarding, and backend selection.
| Command | Purpose |
|---|---|
navaris project create --name <n> | Create a project |
navaris project list | List projects |
navaris project get <project-id> | Get one |
navaris project update <project-id> --name <n> | Rename |
navaris project delete <project-id> | Delete |
| Command | Key flags |
|---|---|
navaris sandbox create | --name, --image (required), --cpu, --memory, --project (or NAVARIS_PROJECT), --wait, --timeout |
navaris sandbox list | (filters via --project) |
navaris sandbox get <sandbox-id> | — |
navaris sandbox start <sandbox-id> | --wait, --timeout |
navaris sandbox stop <sandbox-id> | --force, --wait, --timeout |
navaris sandbox destroy <sandbox-id> | --wait, --timeout |
Use -q / --quiet on create/start/stop/destroy to print only the resulting ID (good for scripting).
sandbox create and sandbox list both require --project or NAVARIS_PROJECT.
| Command | Purpose |
|---|---|
navaris port create --sandbox <id> --port <target-port> | Publish a sandbox port to the host (published host port is daemon-assigned; see HOST_ADDRESS/PUBLISHED_PORT in the response) |
navaris port list --sandbox <id> | List published ports |
navaris port delete --sandbox <id> <target-port> | Unpublish |
Auto-detected from the image reference:
alpine/3.21, ubuntu/22.04) → Incus containeralpine-3.21, debian-12) → Firecracker microVMOverride with --backend incus or --backend firecracker on sandbox create if you have a reason to pin.
Best when you want quick iteration and don't need hardware-level isolation.
SANDBOX_ID=$(navaris sandbox create \
--name dev-$$ \
--image alpine/3.21 \
--cpu 2 --memory 1024 \
--wait --output json | jq -r '.SandboxID')
navaris sandbox wait-state "$SANDBOX_ID" --state running --timeout 60s
# ... use it ...
navaris sandbox destroy "$SANDBOX_ID" --wait
Best for running user-submitted code, multi-tenant workloads, or anything security-sensitive.
SANDBOX_ID=$(navaris sandbox create \
--name scan-$$ \
--image alpine-3.21 \
--cpu 1 --memory 512 \
--wait --output json | jq -r '.SandboxID')
navaris sandbox wait-state "$SANDBOX_ID" --state running --timeout 120s
navaris sandbox exec "$SANDBOX_ID" -- ./scan.sh
navaris sandbox destroy "$SANDBOX_ID" --wait
Firecracker startup is a bit slower than Incus — allow ~2-3s plus image load time.
navaris sandbox exec "$SANDBOX_ID" -- sh -c 'nc -l -p 8000 &'
navaris port create --sandbox "$SANDBOX_ID" --port 8000 --output json
# response contains HOST_ADDRESS and PUBLISHED_PORT — capture them for curl:
PUBLISHED=$(navaris port list --sandbox "$SANDBOX_ID" --output json | jq -r '.[] | select(.TargetPort==8000) | "\(.HostAddress):\(.PublishedPort)"')
curl -fsS "http://$PUBLISHED/"
To tear down: navaris port delete --sandbox "$SANDBOX_ID" 8000.
navaris sandbox list --project "$NAVARIS_PROJECT" --output json \
| jq -r '.[].SandboxID' \
| xargs -n1 -I{} navaris sandbox destroy {} --quiet
Each line is the destroy operation ID, not the sandbox ID. Add --wait to each invocation if you need the loop to block until every sandbox is actually gone (slower but safer).
| Symptom | Cause | Fix |
|---|---|---|
operation ... failed: firecracker copy rootfs ...: open ...: no such file or directory (Firecracker) or operation ... failed: incus create instance: ... (Incus) | Image ref typo, image not registered for that backend, or image present in a different store | navaris image list --name <partial> to find the right ref; for Incus use slash-style (alpine/3.21), for Firecracker use flat-style (alpine-3.21); register a missing image with navaris image register |
api error 500: internal server error after sandbox create | Daemon doesn't have the requested backend enabled — common causes: Firecracker requested but /dev/kvm unavailable; Incus requested but daemon started without the Incus socket; rootfs/image directory not mounted | Check daemon startup logs (provider "<name>" not available); restart navarisd with the right backend flags (see README.md); pick an image that routes to a supported backend |
operation <id> failed: ... after destroy | Backend rejected the destroy (e.g. provider error, transient I/O) | navaris operation get <op-id> to read the wrapped error text; retry or escalate based on the underlying message |
--project flag or NAVARIS_PROJECT env var is required | sandbox create or sandbox list invoked without a project | Set NAVARIS_PROJECT in the environment, or pass --project <id> |