#Can't find code files saved by agent – probably sandbox related?

1 messages · Page 1 of 1 (latest)

broken mist
#

Hi everyone,I'm running into a frustrating issue with my agent and hoping someone can help.

What I did:
I asked the agent to complete a programming project for me and save the finished code files locally.
It replied: "Done! Project saved at /path/to/your/project/folder".
But when I check:
That path doesn't exist at all
None of the files it claimed to create are anywhere on the server

Question:
Is this happening because the agent is running in sandbox mode by default?
If that's the case:
What's the safest / recommended way to configure it so the agent can actually write code files to a folder I choose , while still keeping things reasonably secure?

My Setup:
Model: qwen3-coder-plus
Running on Tencent Cloud server
Connected channel: Feishu (Lark)
OpenClaw version:2026.3.7

worn sableBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

proud lanternBOT
#

That “saved to /path/to/your/project/folder” string is a huge red flag: that’s a placeholder path, and usually means the model didn’t actually write any files (either because filesystem tools weren’t available/allowed, or it just hallucinated completion).

A few concrete things to check / fix:

1) Where files should be (when file tools are working)

OpenClaw’s file tools write into the agent workspace (by default on the gateway host):

  • Default workspace: ~/.openclaw/workspace
  • Check what yours is set to:
    openclaw config get agents.defaults.workspace

Docs: https://docs.openclaw.ai/concepts/agent-workspace

If you installed/running the Gateway inside Docker, make sure you’re looking at the host-mounted workspace directory — otherwise you may be inspecting the host FS while the files (if any) are inside the container.

#

2) Tool policy: make sure write/edit are actually enabled

Even with a workspace, the model can only create files if file tools are allowed.

  • Easiest: set a coding-friendly tool profile (or at least allow group:fs):
    • group:fs = read, write, edit, apply_patch

Docs: https://docs.openclaw.ai/tools

3) Sandboxing: it’s not “on by default”, but it can change where writes go

Sandboxing is optional and controlled by agents.defaults.sandbox / per-agent overrides.

Key gotcha from the sandboxing docs:

  • If sandboxing is enabled and workspaceAccess is not "rw", tools operate in a sandbox workspace under ~/.openclaw/sandboxes (not your normal workspace).
  • If you want the sandbox to write into your real workspace, use:
    • workspaceAccess: "rw" (mounts the agent workspace read/write)
#

Docs: https://docs.openclaw.ai/gateway/sandboxing

Quick introspection command:

openclaw sandbox explain

4) Recommended “safe-ish but useful” setup for writing code

If your goal is “write code to a folder I choose, but keep it reasonably secure”, the common pattern is:

  • Put the agent workspace in a dedicated directory (narrow blast radius)
  • Enable sandboxing
  • Allow filesystem tools, but restrict them to the workspace

Example (JSON5):

# 
{
  agents: {
    defaults: {
      workspace: "/srv/openclaw/projects",
      sandbox: {
        mode: "all",
        scope: "session",
        workspaceAccess: "rw",
      },
    },
  },
  tools: {
    profile: "coding",
    fs: { workspaceOnly: true },
  },