[Bug]: Sandbox write/edit tools fail with 'boundary checks failed' despite workspaceAccess: rw #30513
Description
[Bug]: Sandbox write/edit tools fail with "boundary checks failed" despite workspaceAccess: rw
Summary
The write and edit tools fail to create files or directories in the sandbox workspace, reporting "Sandbox boundary checks failed; cannot create directories" even when agents.defaults.sandbox.workspaceAccess is correctly set to rw.
Environment
- OpenClaw Version: 2026.2.26 (bc50708)
- OS: macOS (darwin)
- Node Version: 25.6.0
- Installation Method: Homebrew
Configuration
{
"agents": {
"defaults": {
"sandbox": {
"mode": "all",
"workspaceAccess": "rw"
}
}
}
}Verified with:
$ openclaw sandbox explain
workspaceAccess: rw workspaceRoot: /Users/gordon/.openclaw/sandboxesSteps to Reproduce
- Configure sandbox with
workspaceAccess: rw - Restart gateway:
openclaw gateway restart - Start a conversation with the agent
- Agent attempts to use
writetool to create a file:{ "tool": "write", "file_path": "/workspace/skills/new-skill/SKILL.md", "content": "# New Skill" }
Expected Behavior
The write tool should successfully create the file at the specified path.
Actual Behavior
The tool fails with error:
Sandbox boundary checks failed; cannot create directories: /workspace/skills/new-skill
Error Logs
From ~/.openclaw/logs/gateway.err.log:
2026-03-01T17:15:16.564+08:00 [tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace/skills/gprophet-cli
2026-03-01T17:15:24.329+08:00 [tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace/skills/gprophet-cli
2026-03-01T17:15:29.526+08:00 [tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace/skills/gprophet-cli
2026-03-01T17:15:36.630+08:00 [tools] write failed: Sandbox boundary checks failed; cannot create directories: /workspace
Workaround
The exec tool works correctly:
cat > /workspace/skills/new-skill/SKILL.md << 'EOF'
# New Skill