How to Recover Files Deleted by an AI Agent

If an AI agent deleted files from your system — whether through rm, git clean, or overwriting files with empty content — your recovery options depend on whether the files were tracked in version control and how recently the deletion occurred. SafeClaw by Authensor prevents file deletion by blocking file.delete and dangerous shell commands like rm -rf through deny-by-default gating, so agents cannot delete any file you have not explicitly permitted. If deletion has already happened, follow the recovery steps below.

Recovery Option 1: Git (Best Case)

If the deleted files were tracked in a git repository:

Restore All Deleted Files

# See what was deleted
git status

Restore all deleted files
git checkout HEAD -- .

Or restore specific files
git checkout HEAD -- path/to/deleted/file.ts

Restore Files Deleted in a Previous Commit

# Find the commit that deleted the files
git log --diff-filter=D --summary

Restore from the commit before deletion
git checkout <commit-before-deletion> -- path/to/file

Restore After a git clean -fd

If the agent ran git clean and removed untracked files:

# Check reflog for stashed changes
git stash list

If files were never committed, git cannot recover them
Move to Option 2 or 3 below

Recovery Option 2: System Backups

macOS Time Machine

# Enter Time Machine for a specific directory
tmutil restore /path/to/deleted/directory

Or open Time Machine from the menu bar and navigate to the directory that contained the deleted files.

Linux Snapshots

If you use btrfs or ZFS with snapshots:

# List snapshots
sudo btrfs subvolume list /
or
zfs list -t snapshot

Restore from snapshot
cp /path/to/.snapshots/latest/deleted-file /path/to/restored-file

Cloud Backups

Check Dropbox version history, Google Drive trash, or your cloud backup provider.

Recovery Option 3: Filesystem Recovery Tools

If files are not in git and no backups exist:

• macOS: Use Disk Drill, PhotoRec, or TestDisk
• Linux: Use extundelete, testdisk, or photorec
• Important: Stop writing to the disk immediately. Every new write reduces the chance of recovery.

Review What the Agent Did

If SafeClaw was installed, check the audit trail:

npx @authensor/safeclaw audit --filter "action:file.delete" --last 30
npx @authensor/safeclaw audit --filter "action:shell.exec" --last 30

The hash-chained audit trail shows exactly which delete commands the agent executed and in what order.

Install SafeClaw and Prevent Future File Deletion

npx @authensor/safeclaw

Block File Deletion by Default

SafeClaw's deny-by-default model already blocks file deletion. Reinforce it with explicit rules in safeclaw.policy.yaml:

rules:
  # Explicitly deny all file deletion
  - action: file.delete
    resource: "**"
    effect: deny
    reason: "File deletion requires human action"

# Block dangerous shell commands
  - action: shell.exec
    resource: "rm *"
    effect: deny
    reason: "rm command blocked for agents"

- action: shell.exec
    resource: "rm -rf *"
    effect: deny
    reason: "rm -rf is never allowed for agents"

- action: shell.exec
    resource: "rmdir *"
    effect: deny
    reason: "Directory removal blocked for agents"

- action: shell.exec
    resource: "git clean *"
    effect: deny
    reason: "git clean blocked for agents"

# If agent needs to clean specific temp files, allow narrowly
  - action: file.delete
    resource: "/tmp/agent-workspace/**"
    effect: allow
    reason: "Agent can clean its own temp files"

Protect Critical Directories

Add extra protection for directories where deletion would be catastrophic:

rules:
  - action: file.delete
    resource: "/src/**"
    effect: deny
    reason: "Source code deletion forbidden"

- action: file.delete
    resource: "/data/**"
    effect: deny
    reason: "Data directory deletion forbidden"

- action: file.write
    resource: "/src/**"
    effect: allow
    reason: "Agent can write source code"

Note that file.write and file.delete are separate actions — allowing writes does not allow deletions.

Troubleshooting Scenarios

Agent ran rm -rf on a project directory: If the directory was in git, restore from git. If not, use filesystem recovery tools immediately and stop all disk writes.

Agent deleted node_modules and reinstalled with different versions: This is recoverable:

git checkout HEAD -- package-lock.json
rm -rf node_modules
npm ci   # clean install from lock file

Agent deleted database files: This is critical. See the related guide on database recovery. Restore from your most recent database backup immediately.

Agent deleted files then committed the deletion: Revert the commit:

git revert <deletion-commit-hash>

Prevention

SafeClaw's 446 tests validate that file deletion is blocked by default across both Claude and OpenAI agents. The deny-by-default model means agents cannot delete, move, or overwrite files without an explicit policy rule. MIT licensed, zero dependencies.

Related Resources

• How to Prevent Agent File Deletion
• Prevent rm -rf from AI Agents
• AI Agent Made Unexpected File Changes: Recovery Guide
• Filesystem Isolation for AI Agents
• How to Recover After an AI Agent Modified Your Database