How to Roll Back Changes Made by AI Agents

When an AI agent makes changes that need to be reversed — whether due to a bug, a policy misconfiguration, or an unexpected interaction — you need to know exactly what changed and how to undo it. SafeClaw by Authensor logs every allowed action in a hash-chained audit trail with full request details, giving you a complete record of what the agent did, to which files, in what order. This makes rollback precise rather than guesswork: you revert exactly what the agent changed, nothing more, nothing less.

Quick Start

npx @authensor/safeclaw

Scaffolds a .safeclaw/ directory with audit logging enabled by default.

Step 1: Enable Detailed Action Logging

Configure SafeClaw to capture the information you need for rollback:

# .safeclaw/config.yaml
audit:
  enabled: true
  hashChain: true
  format: "jsonl"
  destination: "logs/audit.jsonl"
  fields:
    - timestamp
    - action
    - effect
    - agentId
    - sessionId
    - matchedRule
    - requestDetails
    - beforeState     # Hash of file/resource before modification
    - afterState      # Hash of file/resource after modification

The beforeState and afterState fields capture cryptographic hashes of resources before and after modification, letting you verify that your rollback restored the correct state.

Step 2: Identify the Agent Session

When you need to roll back, first identify the agent session that caused the issue:

npx @authensor/safeclaw audit list-sessions --since "2026-02-13T10:00:00Z"

Sessions since 2026-02-13T10:00:00Z
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SESSION_ID              AGENT_ID              STARTED                 ACTIONS
sess_abc123             coding-assistant-01   2026-02-13T10:15:23Z   47
sess_def456             devops-agent-01       2026-02-13T11:02:44Z   12
sess_ghi789             coding-assistant-02   2026-02-13T12:30:01Z   83

Step 3: Review the Session's Actions

Inspect every action the agent performed in the problematic session:

npx @authensor/safeclaw audit show --session sess_ghi789 --effect allow

Session: sess_ghi789 (coding-assistant-02)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 TIME                    ACTION        DETAILS
1  2026-02-13T12:30:02Z   file.read     src/index.ts
2  2026-02-13T12:30:05Z   file.write    src/feature.ts (CREATED)
3  2026-02-13T12:30:08Z   file.write    src/index.ts (MODIFIED)
4  2026-02-13T12:30:12Z   file.write    src/utils.ts (MODIFIED)
5  2026-02-13T12:30:15Z   shell.execute npm test
6  2026-02-13T12:30:22Z   file.write    src/types.ts (CREATED)
...

Step 4: Generate a Rollback Plan

SafeClaw can generate a rollback plan from an audit session:

npx @authensor/safeclaw audit rollback-plan --session sess_ghi789

# Generated rollback plan
rollbackPlan:
  session: sess_ghi789
  agent: coding-assistant-02
  actions:
    - type: delete
      path: src/feature.ts
      reason: "File was created by agent"

- type: restore
      path: src/index.ts
      beforeHash: "sha256:abc123..."
      reason: "File was modified by agent"

- type: restore
      path: src/utils.ts
      beforeHash: "sha256:def456..."
      reason: "File was modified by agent"

- type: delete
      path: src/types.ts
      reason: "File was created by agent"

Step 5: Execute the Rollback

If your project uses git (recommended), the rollback is straightforward:

# Option A: Git-based rollback (preferred)
Revert to the commit before the agent's session
git log --oneline --since="2026-02-13T12:30:00Z"
git revert <commit-range>

Option B: SafeClaw-assisted rollback
npx @authensor/safeclaw audit rollback --session sess_ghi789 --dry-run
Review the dry-run output, then execute:
npx @authensor/safeclaw audit rollback --session sess_ghi789 --confirm

Step 6: Verify the Rollback

After rolling back, verify that files match their pre-agent state:

npx @authensor/safeclaw audit verify --session sess_ghi789 --expect-reverted

Rollback Verification
━━━━━━━━━━━━━━━━━━━━━
✓ src/feature.ts — deleted (was created by agent)
✓ src/index.ts — hash matches pre-agent state (sha256:abc123...)
✓ src/utils.ts — hash matches pre-agent state (sha256:def456...)
✓ src/types.ts — deleted (was created by agent)

All 4 changes successfully reverted.

Prevention: Scope Agent Writes with SafeClaw Policies

The best rollback is the one you never need. Use SafeClaw policies to limit what agents can modify in the first place:

rules:
  - id: limit-write-scope
    action: file.write
    effect: allow
    conditions:
      path:
        pattern: "src/features/${TICKET_ID}/**"
    reason: "Agent writes are scoped to the assigned feature directory"

When writes are scoped to a specific directory, rollback is as simple as rm -rf src/features/TICKET-123/.

Why SafeClaw

• 446 tests ensuring audit trail integrity and rollback accuracy
• Deny-by-default — limits what the agent can change, reducing rollback surface
• Sub-millisecond evaluation — no overhead during normal operation
• Hash-chained audit trail — cryptographically verified before/after states make rollback precise
• Works with Claude AND OpenAI — one rollback workflow regardless of LLM provider

Cross-References

• How to Maintain Tamper-Proof Audit Trails for AI Agents
• Immutable Audit Log Pattern
• How to Monitor AI Agent Actions in Production
• Incident Response for AI Agents