diff --git a/modules/programs/default.nix b/modules/programs/default.nix
index 56f2e25c..5911b50d 100644
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -43,7 +43,7 @@ let
       in
         makeSandboxed {
           inherit pkgName package;
-          inherit (sandbox) binMap capabilities embedProfile extraConfig method whitelistPwd wrapperType;
+          inherit (sandbox) autodetectCliPaths binMap capabilities embedProfile extraConfig method whitelistPwd wrapperType;
           vpn = if net == "vpn" then vpn else null;
           allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths;
           allowedRootPaths = [
diff --git a/modules/programs/make-sandboxed.nix b/modules/programs/make-sandboxed.nix
index 3cf5e103..6e4d66c2 100644
--- a/modules/programs/make-sandboxed.nix
+++ b/modules/programs/make-sandboxed.nix
@@ -34,7 +34,7 @@ let
     runHook postFixup
   '';
 in
-{ pkgName, package, method, wrapperType, vpn ? null, allowedHomePaths ? [], allowedRootPaths ? [], autodetectCliPaths ? false, binMap ? {}, capabilities ? [], extraConfig ? [], embedProfile ? false, whitelistPwd ? false }:
+{ pkgName, package, method, wrapperType, vpn ? null, allowedHomePaths ? [], allowedRootPaths ? [], autodetectCliPaths ? false, binMap ? {}, capabilities ? [], embedProfile ? false, extraConfig ? [], whitelistPwd ? false }:
 let
   sane-sandboxed' = sane-sandboxed.meta.mainProgram;  #< load by bin name to reduce rebuilds