fix: remove --test_tmpdir that conflicts with --sandbox_tmpfs_path

.bazelrc

@@ -44,10 +44,15 @@ build --jobs=20
 build --local_resources=cpu=16
 build --local_resources=memory=57344
 
-# Linux Sandbox Hardening: Fixes "File exists" and "/dev/null" errors
+# Linux Sandbox Hardening
+#   --sandbox_tmpfs_path=/tmp   : clean /tmp per action (isolation)
+#   --sandbox_add_mount_pair    : ensures /dev/null is available
+#   NOTE: Do NOT use --sandbox_base=/dev/shm — Docker containers default
+#   to 64MB /dev/shm which is too small for linking large binaries.
+#   Stale sandbox state ("File exists" errors) is handled by cleaning
+#   .bazel/output_base/sandbox before builds (see dcodex-setup.sh).
 build:linux --sandbox_tmpfs_path=/tmp
 build:linux --sandbox_add_mount_pair=/dev/null
-build:linux --test_tmpdir=/tmp/bazel-test-logs
 build:linux --dynamic_mode=off
 build:linux --linkopt=-Wl,--threads=16
 

dcodex-setup.sh

@@ -309,6 +309,17 @@ else
   ok "Skipping bazel clean (incremental build — disk cache preserved)"
 fi
 
+# Always purge stale sandbox directories. If a previous build was interrupted
+# (Ctrl+C, OOM kill, crash), leftover files cause "File exists" errors on the
+# next run. This is cheap (~instant) and only removes sandbox working dirs —
+# the disk cache and repo cache are untouched.
+if [[ -d "${REPO_DIR}/.bazel/output_base/sandbox" ]]; then
+  rm -rf "${REPO_DIR}/.bazel/output_base/sandbox"
+  ok "Purged stale sandbox directories"
+else
+  ok "No stale sandbox directories to clean"
+fi
+
 timer
 
 # ─────────────────────────────────────────────────────────────────────────────
@@ -350,9 +361,11 @@ timer
 step "6/7  Tests"
 
 # Common Bazel test flags for diagnostics — always verbose.
+# NOTE: --sandbox_debug is intentionally omitted; it dumps per-action
+# traces for every compile/link step, drowning test output. Pass it
+# manually if debugging sandbox issues: bazel test --sandbox_debug ...
 BAZEL_TEST_COMMON=(
   --verbose_failures
-  --sandbox_debug
   --test_output=all
   --test_env=HOME=/tmp
 )