fix: make directory relative to base_dir for better UX

When base_dir is set, the directory arg is now treated as a subdirectory of base_dir rather than an absolute path. This means the LLM only needs to specify a filename (and optionally a relative subdirectory) — it does not need to repeat the base_dir path. FileWriterTool(base_dir="./output") → filename="report.txt" writes to ./output/report.txt → filename="f.txt", directory="sub" writes to ./output/sub/f.txt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-11 21:42:36 +00:00 · 2026-03-16 00:03:53 +08:00
parent 6fc0914f26
commit 438dee3783
2 changed files with 27 additions and 25 deletions
--- a/lib/crewai-tools/src/crewai_tools/tools/file_writer_tool/file_writer_tool.py
+++ b/lib/crewai-tools/src/crewai_tools/tools/file_writer_tool/file_writer_tool.py
@@ -47,8 +47,9 @@ class FileWriterTool(BaseTool):
        if base_dir is not None:
            self.description = (
                f"A tool to write files within {base_dir}. "
-                "Accepts filename, content, and optionally a directory path and overwrite flag. "
-                "Paths outside the allowed directory will be rejected."
+                "Accepts filename and content. "
+                "Optionally accepts a subdirectory (relative to the base directory) and overwrite flag. "
+                "Paths outside the base directory will be rejected."
            )
            self._generate_description()

@@ -63,21 +64,21 @@ class FileWriterTool(BaseTool):

    def _run(self, **kwargs: Any) -> str:
        try:
-            directory = kwargs.get("directory") or "./"
+            directory = kwargs.get("directory") or ""
            filename = kwargs["filename"]

-            filepath = os.path.join(directory, filename)
+            # When base_dir is set, directory is relative to it.
+            # When not set, directory is used as-is (absolute or cwd-relative).
+            if self.base_dir is not None:
+                filepath = os.path.join(self.base_dir, directory, filename)
+            else:
+                filepath = os.path.join(directory or "./", filename)

            validated = self._validate_path(filepath)
            if validated is None:
-                return f"Error: Access denied — path resolves outside the allowed directory."
+                return "Error: Access denied — path resolves outside the allowed directory."

-            # Only create directories that are within the validated path
            validated_dir = os.path.dirname(validated)
-            if self.base_dir is not None:
-                # Ensure the directory itself is also within base_dir
-                if not validated_dir.startswith(self.base_dir):
-                    return f"Error: Access denied — directory resolves outside the allowed directory."
            os.makedirs(validated_dir, exist_ok=True)

            kwargs["overwrite"] = strtobool(kwargs["overwrite"])
--- a/lib/crewai-tools/tests/tools/test_file_writer_tool.py
+++ b/lib/crewai-tools/tests/tools/test_file_writer_tool.py
@@ -145,9 +145,9 @@ def scoped_tool(temp_env):


 def test_base_dir_allows_write_inside(scoped_tool, temp_env):
+    """No directory arg — writes directly into base_dir."""
    result = scoped_tool._run(
        filename=temp_env["test_file"],
-        directory=temp_env["temp_dir"],
        content=temp_env["test_content"],
        overwrite=True,
    )
@@ -155,10 +155,21 @@ def test_base_dir_allows_write_inside(scoped_tool, temp_env):
    assert read_file(get_test_path(temp_env["test_file"], temp_env["temp_dir"])) == temp_env["test_content"]


+def test_base_dir_allows_relative_subdir(scoped_tool, temp_env):
+    """directory arg is treated as a subdirectory of base_dir."""
+    result = scoped_tool._run(
+        filename="file.txt",
+        directory="subdir",
+        content="nested content",
+        overwrite=True,
+    )
+    assert "successfully written" in result
+    assert os.path.exists(os.path.join(temp_env["temp_dir"], "subdir", "file.txt"))
+
+
 def test_base_dir_blocks_traversal_in_filename(scoped_tool, temp_env):
    result = scoped_tool._run(
        filename="../outside.txt",
-        directory=temp_env["temp_dir"],
        content="should not be written",
        overwrite=True,
    )
@@ -168,14 +179,14 @@ def test_base_dir_blocks_traversal_in_filename(scoped_tool, temp_env):
 def test_base_dir_blocks_traversal_in_directory(scoped_tool, temp_env):
    result = scoped_tool._run(
        filename="pwned.txt",
-        directory=os.path.join(temp_env["temp_dir"], "../../etc/cron.d"),
+        directory="../../etc/cron.d",
        content="should not be written",
        overwrite=True,
    )
    assert "Access denied" in result


-def test_base_dir_blocks_absolute_path_outside(scoped_tool, temp_env):
+def test_base_dir_blocks_absolute_directory(scoped_tool, temp_env):
    result = scoped_tool._run(
        filename="passwd",
        directory="/etc",
@@ -190,23 +201,13 @@ def test_base_dir_blocks_symlink_escape(scoped_tool, temp_env):
    os.symlink("/etc", link)
    result = scoped_tool._run(
        filename="crontab",
-        directory=link,
+        directory="escape",
        content="should not be written",
        overwrite=True,
    )
    assert "Access denied" in result


-def test_base_dir_allows_nested_subdir(scoped_tool, temp_env):
-    result = scoped_tool._run(
-        filename="file.txt",
-        directory=os.path.join(temp_env["temp_dir"], "subdir"),
-        content="nested content",
-        overwrite=True,
-    )
-    assert "successfully written" in result
-
-
 def test_base_dir_description_mentions_directory(temp_env):
    tool = FileWriterTool(base_dir=temp_env["temp_dir"])
    assert temp_env["temp_dir"] in tool.description