← Back to PRs

#20646: feat: add file-writer extension for shell-safe text passing

by okuyam2y open 2026-02-19 05:31 View on GitHub →
size: S
## Summary - Adds a `write_file` tool extension that writes text content to temporary files using structured JSON parameters, completely bypassing shell escaping - Solves the fundamental problem that the `exec` tool passes commands as shell strings, causing long text with quotes, parentheses, URLs, and non-ASCII characters to break - Security: writes restricted to `/tmp/`, `~/.cache/`, and optionally configured directories ## Motivation When the LLM needs to pass long text to a CLI tool via `exec`, shell quoting is fragile: ``` exec("web-save memo --body 'This has "quotes" and (parens) and https://example.com/page?id=1'") ``` This inevitably breaks. The `write_file` tool lets the LLM write the content to a temp file first: ``` write_file({ file_path: "/tmp/memo.txt", content: "..." }) exec("web-save memo --file /tmp/memo.txt") ``` ## Files | File | Description | |------|-------------| | `extensions/file-writer/index.ts` | Plugin entry point | | `extensions/file-writer/openclaw.plugin.json` | Plugin manifest with `allowedDirs` config | | `extensions/file-writer/package.json` | Package metadata | | `extensions/file-writer/src/file-writer-tool.ts` | Tool implementation | ## Configuration Optional `allowedDirs` config to extend the default allowed directories: ```json { "plugins": { "file-writer": { "allowedDirs": ["/home/user/data"] } } } ``` ## Test plan - [x] `tsgo --noEmit` passes - [ ] Manual test: write a file to `/tmp/test.txt` via the tool, verify content - [ ] Manual test: write to a disallowed path, verify rejection Related #19496 <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds a `write_file` tool extension that enables LLMs to write text content to temporary files using structured JSON parameters, solving shell escaping issues when passing long text with special characters to CLI tools via `exec`. - New plugin at `extensions/file-writer/` with standard structure - Security: restricts writes to `/tmp/`, `/private/tmp/`, `~/.cache/`, and optionally configured directories - Path validation logic resolves paths and checks they're under allowed directories - Follows existing tool patterns from `llm-task` extension <h3>Confidence Score: 3/5</h3> - Safe to merge after fixing the path normalization issue for user-configured directories - The implementation follows existing patterns and has good path validation, but user-configured `allowedDirs` must be normalized to prevent security bypass. The single logic issue is straightforward to fix. - Review `extensions/file-writer/src/file-writer-tool.ts:30` for the path normalization fix <sub>Last reviewed commit: b6695f9</sub> <!-- greptile_other_comments_section --> <sub>(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!</sub> <!-- /greptile_comment -->

Most Similar PRs