Skip to content

fix(sandbox): allow mkdirp for directories within workspace boundary#31478

Closed
NaturalTensor wants to merge 1 commit intoopenclaw:mainfrom
NaturalTensor:fix/31438-sandbox-mkdirp
Closed

fix(sandbox): allow mkdirp for directories within workspace boundary#31478
NaturalTensor wants to merge 1 commit intoopenclaw:mainfrom
NaturalTensor:fix/31438-sandbox-mkdirp

Conversation

@NaturalTensor
Copy link

@NaturalTensor NaturalTensor commented Mar 2, 2026

Summary

Fix sandbox boundary checks failing on mkdirp operations within the workspace.

Root Cause

assertPathSafety used file-open validation (openBoundaryFile) for all operations including directory creation. This treated directories as files and failed with "cannot create directories: /workspace".

Fix

  • Directory operations (allowedType === "directory") now use resolveBoundaryPath() for boundary validation instead of openBoundaryFile()
  • Still enforces sandbox mount/workspace boundaries
  • Added guard: fails if target exists but is not a directory

Tests

  • Added: mkdirp in-boundary succeeds
  • Added: mkdirp out-of-boundary fails
  • 13/13 tests pass

Closes #31438

@openclaw-barnacle openclaw-barnacle bot added agents Agent runtime and tooling size: S labels Mar 2, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Mar 2, 2026

Greptile Summary

Fixed mkdirp operations failing within workspace boundaries by switching directory validation from openBoundaryFile() to resolveBoundaryPath().

  • Previously assertPathSafety tried to open directories as files using openBoundaryFile(), which failed for non-existent directories
  • Now uses resolveBoundaryPath() for directory operations, which validates boundaries without attempting file operations
  • Added guard to prevent creating directories at paths where files already exist
  • Maintains all boundary and security checks while allowing legitimate mkdirp operations
  • Tests verify in-boundary operations succeed and out-of-boundary operations are properly rejected

Confidence Score: 5/5

  • This PR is safe to merge with no identified risks
  • The fix is well-targeted and correct - it addresses the root cause by using the appropriate validation function for directory operations. The implementation maintains all security boundaries while fixing the legitimate use case. Comprehensive test coverage validates both success and failure paths.
  • No files require special attention

Last reviewed commit: c777f4a

@NaturalTensor
fix(sandbox): allow mkdirp for directories within workspace boundary
a9d41ac 
The boundary check treated directories as files during mkdirp, causing false failures. Now uses resolveBoundaryPath for directory operations while still enforcing workspace boundaries.

Closes openclaw#31438
@steipete
Copy link
Contributor

steipete commented Mar 2, 2026

Thanks for the PR! Multiple PRs address the same sandbox mkdirp safety check (#28863, #30521, #31478). Keeping #30521. Closing this one to reduce noise. This is an AI-assisted triage review. If we got this wrong, feel free to reopen or start a new PR — happy to revisit.

@steipete steipete closed this Mar 2, 2026
@steipete steipete mentioned this pull request Mar 2, 2026
Closed
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agents Agent runtime and tooling size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Sandbox boundary checks fail on mkdirp: "cannot create directories: /workspace"

2 participants

@NaturalTensor @steipete