AI Agent Made Unexpected File Changes: Recovery Guide

When an AI agent modifies files you did not expect it to touch — editing configuration files, overwriting source code, or creating files in the wrong directory — you need to recover the original state and prevent it from happening again. SafeClaw by Authensor prevents this by requiring explicit allow rules for every file write action, so agents can only modify files in directories you have specifically approved. If the damage is already done, this guide walks you through recovery and prevention.

Immediate Recovery Steps

1. Stop the Agent

Terminate the agent immediately to prevent further unauthorized changes.

2. Check Git Status

If your project is under version control, check what changed:

git status
git diff

This shows every file the agent modified, added, or deleted.

3. Revert Unauthorized Changes

For files tracked by git:

git checkout -- path/to/file        # revert a single file
git checkout -- .                    # revert all changes (caution)

For untracked files the agent created:

git clean -fd                        # remove untracked files and directories

4. Review the SafeClaw Audit Log

If SafeClaw was installed, check what actions were recorded:

npx @authensor/safeclaw audit --filter "action:file.write" --last 30

The hash-chained audit trail shows exactly which files were written, when, and by which agent action.

Install SafeClaw to Prevent Future Incidents

npx @authensor/safeclaw

Configure File Write Policies

Create explicit allow rules for file writes in your safeclaw.policy.yaml. The deny-by-default model means any file write not covered by a rule is automatically blocked:

rules:
  # Allow writes only to the output directory
  - action: file.write
    resource: "/output/**"
    effect: allow
    reason: "Agent writes generated files to output"

# Allow writes to test files
  - action: file.write
    resource: "/tests/**"
    effect: allow
    reason: "Agent can create and modify test files"

# Explicitly deny writes to config files
  - action: file.write
    resource: "/config/**"
    effect: deny
    reason: "Config files must not be modified by agents"

# Explicitly deny writes to root directory files
  - action: file.write
    resource: "/*.{json,yaml,yml,toml}"
    effect: deny
    reason: "Root config files are off limits"

Protect Critical Files

Even if you allow broad directory access, protect specific critical files:

rules:
  - action: file.write
    resource: "/src/**"
    effect: allow
    reason: "Agent can write source code"

# Override: protect the main entry point
  - action: file.write
    resource: "/src/index.ts"
    effect: deny
    reason: "Main entry point requires human review"

# Override: protect database migrations
  - action: file.write
    resource: "/src/migrations/**"
    effect: deny
    reason: "Database migrations require human review"

SafeClaw uses first-match-wins rule evaluation, so place more specific deny rules before broader allow rules.

Troubleshooting Common Scenarios

Agent modified package.json unexpectedly: This usually happens when agents try to install dependencies. Block it:

rules:
  - action: file.write
    resource: "/package.json"
    effect: deny
    reason: "Dependency changes need human review"
  - action: file.write
    resource: "/package-lock.json"
    effect: deny
    reason: "Lock file changes need human review"

Agent created files in the wrong directory: The agent likely has an incorrect working directory assumption. Restrict writes to specific paths and the agent will receive a denial that redirects its behavior.

Agent overwrote environment files: This is a serious security concern. SafeClaw blocks .env file access by default in a standard policy. Always include:

rules:
  - action: file.write
    resource: "*/.env"
    effect: deny
    reason: "Environment files must never be agent-writable"
  - action: file.read
    resource: "*/.env"
    effect: deny
    reason: "Environment files must never be agent-readable"

Validate Your Policy

After updating your policy, validate it:

npx @authensor/safeclaw validate

Then test with simulation mode before re-running the agent:

npx @authensor/safeclaw --simulate

SafeClaw's 446 tests validate file gating across Claude and OpenAI integrations. With deny-by-default, unexpected file changes become impossible unless you have explicitly allowed them.

Related Resources

• How to Prevent Agent File Deletion
• How to Limit Agent File Access
• Filesystem Isolation for AI Agents
• How to Recover Files Deleted by an AI Agent
• SafeClaw Policy Rule Syntax Reference