#12231: fix(read): add directory check before reading file
agents
stale
Cluster:
Tool Execution and Error Handling
## Summary
Adds a pre-flight check to detect when a directory path is passed to the Read tool, providing a clear error message instead of the cryptic EISDIR error from Node.js.
## Problem
When a directory path is accidentally passed to the Read tool (e.g., `memory/projects` instead of `memory/projects/file.md`), the user gets a confusing error:
```
EISDIR: illegal operation on a directory, read
```
## Solution
Added a `fs.stat()` check before attempting to read the file. If the path is a directory, throw a user-friendly error:
```
Cannot read 'memory/projects': path is a directory, not a file. Use a specific file path (e.g., memory/projects/filename.md)
```
## Testing
- Existing tests pass
- Manually verified the error message improvement
## Related
Discovered while debugging cron job errors in OpenClaw gateway.
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
This PR adds a pre-flight directory check to the Read tool wrapper so directory paths produce a clearer error message, and it tweaks CDP screenshot capture so `captureBeyondViewport` is tied to `fullPage`.
The directory check is implemented in `src/agents/pi-tools.read.ts` inside `createOpenClawReadTool`, which is used both for sandboxed and non-sandboxed read tool creation.
<h3>Confidence Score: 2/5</h3>
- This PR should not be merged as-is due to a sandbox escape/probing regression in the read tool wrapper.
- The added `fs.stat()` preflight check runs inside `createOpenClawReadTool` and can execute before sandbox path enforcement, enabling host path probing in sandboxed sessions. There is also a new unused import which may break CI depending on lint/tsc settings. The CDP change looks isolated and low risk.
- src/agents/pi-tools.read.ts
<!-- greptile_other_comments_section -->
<sub>(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#12958: fix: block agent read access to sensitive config and credential files
by 000boil · 2026-02-10
76.2%
#10189: fix: resolve file_path param in tool display for read/write tools
by Yida-Dev · 2026-02-06
74.7%
#21285: fix(auto-reply): parse toolCall read paths in post-compaction audit
by Jackten · 2026-02-19
72.9%
#18992: fix: suppress spurious tool error warnings for read-only exec commands
by Phineas1500 · 2026-02-17
72.6%
#7085: test: skip flaky workspace-paths & safe-bins tests on non-Linux/CI ...
by ThinkIbrokeIt · 2026-02-02
72.5%
#23648: fix: detect truncated file paths from partial JSON streaming
by davidemanuelDEV · 2026-02-22
72.4%
#6841: Enhance ensureDir function with catch block comment
by VenkataPagadalaGIT · 2026-02-02
72.1%
#16929: fix(security): block access to sensitive directories from within sa...
by CornBrother0x · 2026-02-15
71.5%
#12939: fix(memory): strip null bytes from workspace paths causing ENOTDIR
by omair445 · 2026-02-09
71.1%
#6257: Fix: Create sensitive directories with mode 0o700
by sloppy-claw · 2026-02-01
71.0%