[Bug]: Sandbox write tool fails creating new memory files on 2026.2.26: Sandbox boundary checks failed; cannot create directories: /workspace/memory (regression from 2026.2.24)

[AbbyRH]

Summary

After upgrading OpenClaw from 2026.2.24 to 2026.2.26, my agent running in a Docker sandbox with rw workspace access can no longer create new memory files via the write tool.

It fails with:

[tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace/memory

The memory/ folder already exists in the container, and the agent can edit existing files in that folder successfully. This appears to be a regression specific to the write tool / directory creation step.

Environment

OpenClaw version:
openclaw --version → 2026.2.26
Sandboxing:
agents.defaults.sandbox.mode: "all"
agents.defaults.sandbox.scope: "session"
agents.defaults.sandbox.workspaceAccess: "rw"

Steps to reproduce

1. Run OpenClaw 2026.2.26 with sandboxing enabled and workspaceAccess: "rw" (see sandbox explain output below).
2. In a sandboxed session, call the write tool to create a new daily memory file, e.g.:

path: "memory/2026-02-27.md"
content: "test"

Expected behavior

write should create (or overwrite) memory/2026-02-27.md under the workspace mount (e.g. /workspace/memory/2026-02-27.md).

Actual behavior

Tool fails with:

[tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace/memory

OpenClaw version

2026.2.26

Operating system

Ubuntu 24.04

Install method

npm global

Logs, screenshots, and evidence

Impact and severity

Affected: users
Severity: blocks workflows that rely on creating files
Frequency: 100%
Consequence: Assistant is unable to create new memory files

Additional information

• The memory/ directory already exists in the sandbox container.
• The agent can write to files that already exist in /workspace/memory.
• Creating an empty file with touch did not make the write tool succeed.
• However, if I manually add content to the file, the edit tool is able to modify it successfully.
• This suggests a flaw in the sandboxed write path (likely during the “ensure parent directory exists” / mkdirp step) rather than general write permissions.

[AbbyRH]

Claude suggested the following fix, although I have not had time to validate it:

Summary of the bug:

In assertPathSafety (line 256-272), openBoundaryFile internally calls openVerifiedFileSync which checks preOpenStat.isFile() (safe-open-sync.ts:48). When the target path is a directory (like /workspace/memory), this returns { ok: false, reason: "validation" } with no error object. The old condition only tolerated reason: "path" (ENOENT), so it threw the "Sandbox boundary checks failed" error for directories — even though resolveBoundaryPath had already confirmed the path is inside the sandbox boundary.

The fix:

Also tolerate reason: "validation" when there's no associated error object. This specifically covers the case where the async resolveBoundaryPath validated the path is within bounds, but openVerifiedFileSync rejected it for a file-specific reason (target is a directory, not a regular file). The canonical container path check (lines 274-288) still runs afterward as an additional safety layer.

      const isTolerable =
        (guarded.reason === "path" && options.allowMissingTarget !== false) ||
        (guarded.reason === "validation" && !(guarded.error instanceof Error));
      if (!isTolerable) {

[leiMizzou]

Likely same root cause as #29700 — the fs-bridge boundary checker can't handle directory paths. See root cause analysis with Docker inspect evidence and code path trace.