#Sandbox specific path not updated to the current file config

19 messages · Page 1 of 1 (latest)

kind condor
#

after multiple update i think the sandbox i now defaulted to all but now sometimes mcporter.json config file is not updated so when i ask the agent they said mcp is not configured , example in the container
mcporter.json only list 5 mcp but outside of container where openclaw is mcporter.json list 8 mcp. how to fix ?

urban patioBOT
twilit crescentBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

urban patioBOT
honest monolithBOT
#

I'll check the docs and the current source for how MCP config is picked up, because this smells like the sandbox is reading a different file/path than the host copy.

#

This usually means the sandbox/container is reading a different active config, or an old sandbox runtime is still alive.

For OpenClaw, saved MCP servers come from mcp.servers in the active config. If you mean the generated MCP JSON inside the runtime/container, that file is derived from that config, it is not the source of truth.

Try this first:

openclaw --version
openclaw config file
openclaw mcp list --json
openclaw sandbox recreate --all

If your gateway is running in Docker or Podman, run the same checks in the container context too, otherwise you may be changing the host config while the container keeps using its own:

# 
openclaw --container <name> config file
openclaw --container <name> mcp list --json
openclaw --container <name> sandbox recreate --all

If you use Compose, same idea:

docker compose run --rm openclaw-cli config file
docker compose run --rm openclaw-cli mcp list --json
docker compose run --rm openclaw-cli sandbox recreate --all

One more gotcha: if that MCP file lives outside the mounted workspace, the sandbox will not see host changes automatically. In that case, either:

  • move it into the workspace,
  • use workspaceAccess: "rw" if that fits your setup, or
kind condor
#

i use mcporter to managed all MCP, and the config i wnat to be picked up by the main agent is located at workspace/config/mcporter.json

honest monolithBOT
#

Let me check whether workspace/config/mcporter.json is actually a supported OpenClaw source for MCP servers, because that detail matters a lot here.

#

Ah, that explains it.

I checked the docs/source, and workspace/config/mcporter.json is not a path OpenClaw auto-discovers for agent MCP config.

What OpenClaw actually reads for MCP is:

  1. mcp.servers in the active openclaw.json
  2. supported bundle .mcp.json files

So if you update workspace/config/mcporter.json, the main agent will not reliably pick that up by itself.

Recommended fix

Make the OpenClaw config the source of truth, then recreate the sandbox:

# 
openclaw mcp list --json
openclaw config file
openclaw sandbox recreate --all

If your gateway runs in a container, do it in the container context:

openclaw --container <name> mcp list --json
openclaw --container <name> config file
openclaw --container <name> sandbox recreate --all

Important distinction

  • mcporter config file: your external MCP manager’s file
#
  • OpenClaw MCP registry: mcp.servers in openclaw.json

Those are not automatically the same thing.

If you really want file-based MCP config

Use a supported .mcp.json location for the runtime/bundle that needs it, not workspace/config/mcporter.json.

If you need that exact file inside sandbox anyway

Then mount it into the sandbox and recreate:

  • agents.defaults.sandbox.workspaceAccess: "rw" if it is inside the workspace you want mounted
  • or agents.defaults.sandbox.docker.binds if you want to bind a specific host path

Then run:

kind condor
#

If you need that exact file inside sandbox anyway
Then mount it into the sandbox and recreate:

agents.defaults.sandbox.workspaceAccess: "rw" if it is inside the workspace you want mounted
or agents.defaults.sandbox.docker.binds if you want to bind a specific host path

how to do this

honest monolithBOT
#

Yep, for your case the easiest path is workspaceAccess.

Because your file is already under the workspace (workspace/config/mcporter.json), do this first:

Option 1, mount the workspace into the sandbox

If the agent only needs to read that file, use ro (safer):

openclaw config set agents.defaults.sandbox.workspaceAccess "ro"
openclaw sandbox recreate --all

If you also want sandbox writes to go back to the host workspace, use rw:

# 
openclaw config set agents.defaults.sandbox.workspaceAccess "rw"
openclaw sandbox recreate --all

If your gateway is running in a container, do the same in container context:

openclaw --container <name> config set agents.defaults.sandbox.workspaceAccess "ro"
openclaw --container <name> sandbox recreate --all

Option 2, bind just the config directory

If you want only that config folder exposed, use a bind mount:

# 
openclaw config get agents.defaults.sandbox.docker.binds --json
openclaw config set agents.defaults.sandbox.docker.binds '["/absolute/path/to/workspace/config:/config:ro"]' --strict-json
openclaw sandbox recreate --all

Then inside the sandbox the file will be available at:

/config/mcporter.json

If containerized:

openclaw --container <name> config set agents.defaults.sandbox.docker.binds '["/absolute/path/to/workspace/config:/config:ro"]' --strict-json
# 
openclaw --container <name> sandbox recreate --all

Important

config set ...docker.binds replaces that array value, so if you already have binds, include the existing ones too instead of overwriting them.

My recommendation

Since your file is already under the workspace, start with:

openclaw config set agents.defaults.sandbox.workspaceAccess "ro"
openclaw sandbox recreate --all