#My agent cannot use the write tool outside the workspace. in 2026.2.26

1 messages · Page 1 of 1 (latest)

spark shoreBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

tardy stagBOT
#

agents.defaults.sandbox.mode = off only controls where tools run (Docker vs host). The error you’re getting is the filesystem guardrail still being active (or you’re still effectively sandboxed / using a different config than you think).

A few high-probability causes + the quickest way to confirm:

1) Your Gateway service isn’t using the config you edited

Run on the gateway host and check the “Config (service)” path:

openclaw --version
openclaw gateway status

If Config (cli) and Config (service) differ, your openclaw config set ... may be writing to a different profile/state dir than the running daemon is using. Fix is usually:

openclaw doctor
# 
openclaw gateway restart

(then re-test)

2) The session is still sandboxed (common with Discord threads / “non-main” setups)

Even if you think sandbox is off, verify what OpenClaw thinks for the current session:

openclaw sandbox explain --json

Docs: https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated

If it shows the session is sandboxed, file tools can’t reach arbitrary host paths unless you either:

  • truly turn sandbox off, or
#
  • bind-mount the host folder into the sandbox (agents.defaults.sandbox.docker.binds).

3) tools.fs.workspaceOnly isn’t actually false in the effective config

Double-check the resolved value:

openclaw config get tools.fs.workspaceOnly
openclaw config get agents.defaults.sandbox.mode

tools.fs.workspaceOnly is the knob that gates “Path escapes workspace root” for read/write/edit. (It’s mentioned in the security hardening notes: https://docs.openclaw.ai/gateway/security)

If you paste the output of:

  • openclaw --version
  • openclaw gateway status