2026-01-29 · Authensor

How to Prevent AI Agents from Overwriting Files

SafeClaw by Authensor blocks file write and overwrite operations by default, preventing AI agents from modifying critical files like configuration, environment variables, or source code without authorization. Install SafeClaw with npx @authensor/safeclaw and every file write is gated through your policy, denied if unauthorized, and logged to a hash-chained audit trail.

Why File Overwriting Is Dangerous When AI Agents Do It

An AI agent that can overwrite files has the power to corrupt configuration, inject malicious code into source files, replace .env files with versions containing attacker-controlled values, or modify build scripts to include backdoors. Unlike file deletion — which is obvious — file overwriting can be subtle. An agent might modify a single line in nginx.conf that opens a port, change a database connection string to point to an external server, or alter a Dockerfile to install additional packages. These modifications can go unnoticed in code review if the diff is small. Shell redirections (>, >>) and programmatic write APIs both pose this risk.

The Exact SafeClaw Policy to Block File Overwrites

Add these rules to .safeclaw/policy.yaml:

rules:
  - id: deny-overwrite-env
    action: file.write
    match:
      path: ".env"
    effect: deny
    audit: true
    message: "Writing to .env files is permanently denied for AI agents."


- id: deny-overwrite-config
    action: file.write
    match:
      path: "/config/"
    effect: deny
    audit: true
    message: "Writing to config directory is blocked."



- id: deny-overwrite-dockerfile
    action: file.write
    match:
      path: "Dockerfile"
    effect: deny
    audit: true
    message: "Writing to Dockerfiles is blocked."



- id: deny-shell-redirect-overwrite
    action: shell.exec
    match:
      command: " > /"
    effect: deny
    audit: true
    message: "Shell output redirection to absolute paths is blocked."



- id: gate-file-write-all
    action: file.write
    match:
      path: "*"
    effect: approval
    audit: true
    approvers:
      - role: developer
    timeout: 180
    message: "File write requires developer approval."

This policy creates three tiers: hard-deny for the most sensitive files (.env, config, Dockerfiles), shell redirect blocking for > overwrite operators, and approval-gated writes for everything else. The file.write action type catches both programmatic SDK-based writes and tool-calling framework write operations.

What Happens When the Agent Tries

When an agent attempts to write to .env:

  1. SafeClaw intercepts the file.write action with the target path.
  2. The deny-overwrite-env rule matches .env.
  3. The write is blocked. The file remains unchanged.
  4. Audit entry:
{
  "timestamp": "2026-02-13T14:55:29Z",
  "action": "file.write",
  "path": "/app/.env",
  "effect": "deny",
  "rule": "deny-overwrite-env",
  "agent": "setup-agent-02",
  "hash": "b8f4e2...chain"
}

When the agent tries to write to a source file like src/index.ts, the gate-file-write-all rule matches and the write enters the approval queue — the developer sees the target path and can approve or reject.

How to Allow Writes to Specific Directories

For coding agents that need to write to a project's source directory:

rules:
  - id: deny-overwrite-env
    action: file.write
    match:
      path: ".env"
    effect: deny
    audit: true
    message: "Writing to .env files is permanently denied."


- id: deny-overwrite-secrets
    action: file.write
    match:
      path: "secret"
    effect: deny
    audit: true
    message: "Writing to files containing 'secret' in path is denied."



- id: allow-write-src
    action: file.write
    match:
      path: "/src/"
    effect: allow
    audit: true



- id: allow-write-tests
    action: file.write
    match:
      path: "/tests/"
    effect: allow
    audit: true



- id: deny-write-all
    action: file.write
    match:
      path: "*"
    effect: deny
    audit: true
    message: "File writes are only allowed to src/ and tests/ directories."

This lets the agent modify source and test files freely while protecting everything else. All writes — allowed and denied — are audit-logged for traceability.

Verification

npx @authensor/safeclaw simulate --action 'file.write' --path '/app/.env'

Expected: deny, rule: deny-overwrite-env



npx @authensor/safeclaw simulate --action 'file.write' --path '/app/src/utils.ts'
Expected: allow, rule: allow-write-src

Related Pages

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw