How Do I Stop an AI Agent from Deleting My Files?

Block all file deletions with a single SafeClaw policy rule. SafeClaw by Authensor intercepts every file.delete action before it executes and checks it against your policy. With deny-by-default, every deletion is blocked unless you explicitly permit it — meaning a misconfigured agent, a hallucinated rm -rf, or a prompt injection attack cannot delete a single file.

The One Rule You Need

Quick Start

npx @authensor/safeclaw

Minimal Policy: Block All Deletions

# safeclaw.config.yaml
rules:
  - action: file.delete
    path: "**"
    decision: deny
    reason: "AI agents cannot delete files"

That is it. One rule. Every file deletion by the agent is now blocked, everywhere, always.

Graduated Policies for Real Workflows

A blanket deny on deletions works, but some workflows legitimately need to clean up temporary files. Here are graduated policies from strictest to most permissive:

Level 1: Block Everything (Strictest)

rules:
  - action: file.delete
    path: "**"
    decision: deny
    reason: "All file deletion is blocked"

Best for: agents that only need to read and write code.

Level 2: Allow Temp File Cleanup

rules:
  # Allow deleting files in temp/build directories
  - action: file.delete
    path: "tmp/**"
    decision: allow

- action: file.delete
    path: "dist/**"
    decision: allow

- action: file.delete
    path: "build/**"
    decision: allow

# Block everything else
  - action: file.delete
    path: "**"
    decision: deny
    reason: "Deletion outside build directories is blocked"

Best for: agents involved in build processes.

Level 3: Human Approval for Source Deletion

rules:
  # Auto-allow temp cleanup
  - action: file.delete
    path: "tmp/**"
    decision: allow

# Require human approval for source file deletion
  - action: file.delete
    path: "src/**"
    decision: human_review
    reason: "Source file deletion requires developer approval"

# Block everything else
  - action: file.delete
    path: "**"
    decision: deny
    reason: "Deletion outside approved paths is blocked"

Best for: agents that may need to remove deprecated source files as part of refactoring.

What Gets Blocked

SafeClaw intercepts these deletion actions regardless of how the agent attempts them:

| Agent Action | Intercepted As |
|-------------|---------------|
| fs.unlink('file.js') | file.delete |
| fs.rmdir('dir/') | file.delete |
| rm file.js (shell) | shell.execute with rm pattern |
| rm -rf dir/ (shell) | shell.execute with rm -rf pattern |
| os.remove('file.py') | file.delete |
| shutil.rmtree('dir/') | file.delete |

For shell-based deletions (rm, rm -rf), add shell command rules alongside file deletion rules for defense in depth:

rules:
  - action: shell.execute
    command_pattern: "rm *"
    decision: deny
    reason: "Shell-based file deletion is blocked"

- action: file.delete
    path: "**"
    decision: deny
    reason: "Programmatic file deletion is blocked"

Real Example: Blocked Deletion

Agent attempts to delete a test file:

{
  "action": "file.delete",
  "path": "/home/dev/project/src/components/Header.tsx",
  "decision": "deny",
  "reason": "All file deletion is blocked",
  "timestamp": "2026-02-13T15:30:22Z",
  "audit_hash": "sha256:3af7..."
}

The file is untouched. The agent receives the denial and must find an alternative approach (like commenting out code instead of deleting the file).

Why SafeClaw

• 446 tests validate file deletion blocking across direct API calls, shell commands, recursive deletions, symlink traversals, and path manipulation attempts
• Deny-by-default means deletions are blocked even for paths you did not anticipate the agent accessing
• Sub-millisecond evaluation ensures the protection adds no delay
• Hash-chained audit trail records every deletion attempt — useful for understanding agent behavior and refining your policy

Related Pages

• What Happens When an AI Agent Deletes Production Files
• AI Agent Ran rm -rf
• How to Prevent Agent File Deletion
• Can AI Agents Access My Files?