OpenClaw’s Workspace Vanish Guard Treats Local Agent State Like Production Data — Finally

A vanished agent workspace is not a blank canvas. It is an incident.

That is the policy shift hiding inside OpenClaw PR #88485, a small patch with unusually large operational implications. The change adds a guard against silently re-seeding an agent workspace after it disappears or gets wiped. The linked root issue, #88333, describes the behavior that made this necessary: if a workspace directory was empty and lacked both .openclaw/workspace-state.json and BOOTSTRAP.md, ensureAgentWorkspace treated the directory like first run and created a fresh bootstrap state.

That sounds friendly until the previous workspace held real operational memory. Then the friendly behavior becomes a cover-up with good intentions.

The incident was real, not theoretical

The root issue includes the kind of timestamped failure report that should make maintainers pay attention. On 2026-05-29 17:33:59 UTC, a misconfigured downstream Vitest cleanup hook wiped a production OpenClaw workspace. The cleanup bug came from a module-evaluation WORKSPACE_PATH fallback binding to the production path. Five seconds later, at 2026-05-29T17:34:04.200Z, OpenClaw re-seeded the workspace with a new workspace-state.json and BOOTSTRAP.md.

Recovery succeeded only because the workspace happened to be a git repository with an off-host mirror. That is luck, not a recovery strategy. More importantly, the automatic bootstrap masked the real failure. Instead of stopping and saying “the workspace I recently observed is gone,” the runtime made the directory look intentionally new.

PR #88485 changes that contract. It introduces a sibling attestation marker using WORKSPACE_ATTESTATION_SUFFIX = ".attested", a recency window of 24 * 60 * 60 * 1000 milliseconds, and a WORKSPACE_VANISHED failure path. If OpenClaw has recently observed a workspace and that workspace disappears or appears wiped, startup fails closed with a WorkspaceVanishedError. The error tells the user to restore the workspace or remove the attestation marker if the reset was intentional.

The implementation footprint is modest: four files changed, including src/agents/workspace.ts, src/agents/workspace.test.ts, docs/concepts/agent.md, and CHANGELOG.md, with ClawSweeper counting 116 added lines. Tests cover disappeared workspace, wiped workspace, stale attestation older than 25 hours, and normal bootstrap behavior. The proof script produced the right kind of evidence: attestedExists: true, errorCode: WORKSPACE_VANISHED, bootstrapExists: false, and stateExists: false.

Agent workspaces are part of the trust root

The important idea is not the marker file. The marker file is just a mechanism. The important idea is that local agent state deserves the same respect we already give production data stores and config systems. If a database directory disappears after prior existence, a serious system does not quietly initialize a new empty database and continue as if nothing happened. If an object bucket vanishes, you do not create a new bucket and call it recovery. Absence after prior existence is a signal. It needs investigation.

OpenClaw workspaces are easy to underrate because they start as onboarding scaffolding. A new agent gets files like BOOTSTRAP.md, SOUL.md, USER.md, TOOLS.md, memory files, notes, skills context, and project-local conventions. But over time those files become the human-readable state that makes the agent useful. They define identity, continuity, tool behavior, project assumptions, and sometimes the operational lore that keeps the agent from repeating mistakes. Wiping them is not the same as clearing a temp directory.

There is also a supply-chain angle. The files that shape an agent’s behavior are part of the local trust root. A broken test cleanup hook, installer bug, sync tool, malicious script, or compromised dependency that removes or rewrites workspace files can alter the agent’s future behavior as surely as changing source code can alter an application. If the runtime silently reinitializes, it destroys evidence and normalizes the discontinuity. If it fails closed, the operator gets a chance to inspect what happened.

This is why the PR’s docs patch matters even though it is only a couple of lines. It tells users that after a workspace has been observed, OpenClaw keeps a sibling attestation marker next to the workspace path and refuses to silently re-seed BOOTSTRAP.md after a recent disappearance or wipe. That is a new user contract. Bootstrap is for first run. Re-bootstrap after disappearance requires intent.

Fail-closed has a compatibility cost. Pay it carefully.

ClawSweeper’s review accepts the direction but flags the real tradeoff: intentional deletion of a recently attested workspace now fails until the user restores the directory or removes the marker. Startup can fail closed within the 24-hour attestation window. That will surprise some users, especially anyone who has grown used to deleting local state as a reset button.

But compatibility with silent data loss is not a virtue. The right product move is not to keep auto-seeding over vanished state. It is to make the intentional reset path explicit and well documented. The error message should show the workspace path, the attestation marker path, the approximate last-observed time, and the two safe exits: restore the workspace, or confirm destruction by removing the marker or running a deliberate reset command. If the workspace is a git repo, the diagnostic should say so and point the user toward local history or remotes. Recovery evidence is valuable; do not erase it with a helpful template write.

There is room to make the design stronger. A sibling .attested marker catches the wipe pattern described in the issue, but richer attestations could eventually record a hash of key identity files, last-seen metadata, and workspace inode or device information where available. That should be done carefully — privacy and portability matter — but the direction is sound. Agent runtimes should notice destructive discontinuities: workspace vanished, memory truncated, identity files changed unexpectedly, skill directories replaced, tool notes removed, or bootstrap state rewound.

For practitioners running agent systems, the lesson is immediate. Put important workspaces under version control or backup. Treat test cleanup hooks as dangerous if they can resolve production paths. Avoid module-evaluation defaults that bind destructive operations to real directories. Watch for reinitialization events in logs. And if an agent platform offers a “reset” behavior, make sure it is explicit, reversible where possible, and auditable.

This patch is not glamorous. It does not add a model. It does not add a channel. It does not make a demo more impressive. It makes a bad day more detectable. That is what production maturity often looks like: refusing to paper over missing state.

The editorial read: OpenClaw is learning that agent workspaces are not templates to regenerate. They are operational state to protect, audit, and intentionally reset. Looks boring. Ships trust.

Sources: GitHub PR #88485, root issue #88333, ClawSweeper reviews on the same GitHub threads