Bug

write tool fails with "Sandbox boundary checks failed; cannot create directories: /workspace/memory/kemik" even though:

1. The directory exists on the host workspace
2. The directory exists inside the container (docker exec ... ls confirms)
3. The container user can write to it (docker exec ... touch succeeds)
4. workspaceAccess is "rw"

Regression

Worked on 2026-02-20, broke after updating to 2026.2.26. Likely caused by the security hardening in 2026.2.26:

• "Security/Sandbox path alias guard: reject broken symlink targets by resolving through existing ancestors and failing closed on out-of-root targets"
• "Security/Workspace FS boundary aliases: harden canonical boundary resolution for non-existent-leaf symlink aliases"

The new boundary checks appear to reject mkdir -p (or equivalent pre-write directory creation) for subdirectories that already exist within the workspace mount.

Config

{
  "sandbox": {
    "mode": "all",
    "workspaceAccess": "rw",
    "scope": "agent",
    "docker": {
      "network": "bridge"
    }
  }
}

Steps to Reproduce

1. Create an agent with sandbox mode: "all", workspaceAccess: "rw"
2. Ensure workspace has a subdirectory structure (e.g. memory/group-name/)
3. Use the write tool to create a file in that subdirectory
4. Observe: "Sandbox boundary checks failed; cannot create directories: /workspace/memory/group-name"

Expected

Write succeeds — the directory is within the workspace boundary and already exists.

Actual

Write rejected by sandbox boundary check before reaching the filesystem.

Environment

• OpenClaw 2026.2.26
• macOS (arm64)
• Docker (Colima)