Edit/Write tools restricted to workspace root even with tools.fs.workspaceOnly=false #29612
Description
Description
After updating to 2026.2.26, the edit and write tools reject paths outside the workspace directory even when tools.fs.workspaceOnly is set to false in the config.
Expected behavior
Per the type definition in types.tools.d.ts:
export type FsToolsConfig = {
/**
* Restrict filesystem tools (read/write/edit/apply_patch) to the agent workspace directory.
* Default: false (unrestricted, matches legacy behavior).
*/
workspaceOnly?: boolean;
};With workspaceOnly: false, edit/write should allow paths outside the workspace. The read tool works correctly outside the workspace.
Actual behavior
editreturns"File not found: /home/claw/obsidian/file.md"(file exists,readworks fine on it)writereturns"Path escapes workspace root: /home/claw"
Root cause (traced in source)
The workspaceOnly flag correctly controls the outer wrapToolWorkspaceRootGuard wrapper, but the inner operations (createHostEditOperations(root) and createHostWriteOperations(root)) unconditionally call toRelativePathInRoot(root, absolutePath) which rejects any path outside the workspace root.
Relevant code in reply-Duq0R59W.js:
// Outer guard is conditionally applied (correct):
return [workspaceOnly ? wrapToolWorkspaceRootGuard(wrapped, workspaceRoot) : wrapped];
// But inner operations always restrict (bug):
function createHostEditOperations(root) {
return {
readFile: async (absolutePath) => {
const opened = await openFileWithinRoot({
rootDir: root,
relativePath: toRelativePathInRoot(root, absolutePath) // <-- always enforces root
});Use case
Agent workspace is at ~/.openclaw/workspace, but an Obsidian vault at /home/claw/obsidian/ (separate git repo) needs to be edited via the edit tool. This worked in previous versions.
Config
{
"tools": {
"fs": {
"workspaceOnly": false
}
},
"agents": {
"defaults": {
"workspace": "/home/claw/.openclaw/workspace"
}
}
}Environment
- OpenClaw version: 2026.2.26
- OS: Linux (Ubuntu)
- Install method: npm