[Bug]: sandbox file tools fail with moltbot-sandbox-fs: 2: python3: not found

[macminihal-cyber]

Bug type

Regression (worked before, now fails)

Summary

Summary

In a sandboxed Telegram session, OpenClaw file-tool writes failed with:

moltbot-sandbox-fs: 2: python3: not found

Earlier in the same session, direct shell writes to /workspace also failed with:

cannot create STYLE.md: Read-only file system

Current upstream docs/repo indicate the default sandbox image should already contain python3, so this looks like a sandbox FS bridge / image / stale-container problem, possibly with a separate workspace mount issue.

Environment

• OpenClaw version: 2026.3.13
• Session type: main Telegram direct session
• Runtime: Docker sandbox
• Model: openai/gpt-5.4
• Expected sandbox image: openclaw-sandbox:bookworm-slim
• Host: macOS gateway host, agent running in Docker sandbox

Observed errors

1. File tool write failed with:
   moltbot-sandbox-fs: 2: python3: not found
2. Direct shell write to workspace failed earlier with:
   cannot create STYLE.md: Read-only file system

Why this looks like a bug

Current upstream Dockerfile.sandbox appears to install:

• bash
• ca-certificates
• curl
• git
• jq
• python3
• ripgrep

So python3: not found suggests one of:

• stale or misbuilt sandbox image
• stale sandbox container not recreated after image update
• sandbox FS bridge invoking assumptions that do not hold in the running image
• another regression in sandbox FS bridge setup

Steps to reproduce

Steps to reproduce

1. Run OpenClaw with sandbox enabled for the active session
2. Ensure file tools are available
3. Ask the agent to create a simple file in the workspace, e.g. STYLE.md
4. Observe failure from the file-tool bridge:
   moltbot-sandbox-fs: 2: python3: not found

Expected behavior

• write should succeed
• the sandbox FS bridge should be able to invoke python3 if using the current default sandbox image
• /workspace should be writable when sandbox config allows it

Actual behavior

• file-tool bridge fails before write completes
• in the same environment, /workspace also appeared read-only during shell write attempts

OpenClaw version

2026.3.13 (61d171a)

Operating system

macOS (Apple Silicon, Mac Mini M4 Pro)

Install method

Homebrew (brew install openclaw), running as LaunchAgent

Model

openai/gpt-5.4

Provider / routing chain

OpenAI API (direct, no proxy)

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[Artyomkun]

@steipete

This is a duplicate of #51099 — the sandbox image is missing python3, but moltbot-sandbox-fs requires it. The image needs to be rebuilt with python3 included, or the tool needs to fall back to something else.

[clawsweeper]

Closing this as duplicate or superseded after Codex automated review.

Close #51609 as duplicate/superseded by open #51099. The report is the same 2026.3.13 sandbox file-tool regression with moltbot-sandbox-fs: ... python3: not found; a prior comment on #51609 already identified #51099 as the duplicate target. Current main partially addresses locally built sandbox images by installing python3, but the remaining runtime image/fallback behavior is already tracked more narrowly by the existing sandbox-image issues rather than needing another open copy.

What I checked:

• Direct duplicate called out in issue discussion: The only issue comment states that [Bug]: sandbox file tools fail with moltbot-sandbox-fs: 2: python3: not found #51609 is a duplicate of [Bug]: moltbot-sandbox-fs: python3: not found — file edit/write tools broken in default sandbox image after upgrade to 2026.3.13 #51099 and describes the same missing-python sandbox image/root-cause theory: moltbot-sandbox-fs requires python3, so the image must include it or the tool must fall back.
• Canonical issue tracks same symptom: Open issue [Bug]: moltbot-sandbox-fs: python3: not found — file edit/write tools broken in default sandbox image after upgrade to 2026.3.13 #51099 is titled [Bug]: moltbot-sandbox-fs: python3: not found — file edit/write tools broken in default sandbox image after upgrade to 2026.3.13 and reports the same default openclaw-sandbox:bookworm-slim file edit/write/read failure after upgrading to 2026.3.13.
• Default sandbox Dockerfile now includes python3: Current main's default sandbox build recipe installs python3, so the missing dependency is covered for users who build the repo's openclaw-sandbox:bookworm-slim image. (Dockerfile.sandbox:17, 8e12c24d1721)
• Remaining fallback behavior is still a separate tracked issue: Current main's ensureDockerImage() still pulls and tags plain debian:bookworm-slim as the default sandbox image when openclaw-sandbox:bookworm-slim is missing, matching the narrower runtime-image fallback problem tracked by the related issue context for ensureDockerImage() silently overwrites custom sandbox image with plain debian #51185. (src/agents/sandbox/docker.ts:289, 8e12c24d1721)
• Sandbox mutation helper still requires Python-capable image: The sandbox pinned mutation helper searches for python3/python and exits 127 if neither is available, so the unresolved failure mode belongs with the canonical sandbox image/runtime tracking rather than a second duplicate report. (src/agents/sandbox/fs-bridge-mutation-helper.ts:303, 8e12c24d1721)

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against 8e12c24d1721.