[Bug]: openclaw configure to add Telegram channel destroys workspace, sessions, memory, etc.

[warmonger0]

Summary

Description

Running openclaw configure to add a Telegram bot channel resulted in complete, unrecoverable data loss. The workspace was re-seeded with fresh bootstrap templates, all session history was deleted, memory databases were wiped, and API auth credentials were removed.

There was no warning, no confirmation prompt, and no backup created before the destructive operation.

Steps to reproduce

Steps to Reproduce

1. Install OpenClaw on a fresh Linux machine, configure gateway in local/LAN mode
2. Work extensively over multiple days (sessions, memory files, workspace customizations, git commits, ElevenLabs TTS config, etc.)
3. Run openclaw configure to add a Telegram bot channel
4. All data is gone

Expected behavior

Expected Behavior

• openclaw configure to add/change a messaging channel should be non-destructive
• If a workspace already exists, it should never be overwritten with bootstrap templates
• If a destructive operation is unavoidable, it should:
  • Warn the user explicitly
  • Create an automatic backup before proceeding

Actual behavior

What Happened

At approximately 2026-02-25 21:56 PST, the gateway was reconfigured to change bind from loopback to LAN (0.0.0.0). This involved multiple gateway restarts due to controlUi.allowedOrigins errors.

At 22:26:47 PST, the workspace was re-bootstrapped (fresh BOOTSTRAP.md, blank IDENTITY.md, USER.md, SOUL.md templates written). Simultaneously, the Anthropic API key was wiped from auth-profiles.json, causing agent failures.

Evidence from workspace-state.json:

{"version":1,"bootstrapSeededAt":"2026-02-26T06:26:47.580Z"}

Evidence from config-audit.jsonl — the configure command treated the config as brand new (existsBefore: false):

{"previousBytes":null,"nextBytes":894,"hasMetaBefore":false,"hasMetaAfter":true,"gatewayModeBefore":null,"gatewayModeAfter":"local"}

Gateway journal confirms the auth was wiped at the same moment:

[diagnostic] lane task error: "No API key found for provider "anthropic""

What Was Lost

• All session JSONL files (multiple days of conversation history)
• All memory/*.md daily notes
• MEMORY.md (curated long-term memory)
• Customized IDENTITY.md, USER.md, SOUL.md
• TOOLS.md configuration notes (ElevenLabs TTS, etc.)
• All git history in the workspace repo (0 objects remained)
• API authentication credentials
• Cron job configurations

OpenClaw version

2026.2.23

Operating system

Ubuntu 24.04, Linux 6.14.0-35-generic (x86_64)

Install method

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[jev1495]

I tried to reproduce this by tracing every code path that openclaw configure touches. Here's what I found:

openclaw configure appears to be non-destructive by design:

1. ensureAgentWorkspace() uses writeFileIfMissing() with Node's flag: 'wx' — will not overwrite existing files
2. The configure wizard (configure.wizard.ts) does not call handleReset()
3. Even without workspace-state.json, the legacy migration detects customized IDENTITY.md/USER.md and skips re-seeding

I tested directly: calling ensureAgentWorkspace({ dir, ensureBootstrapFiles: true }) on a workspace with customized files — all files preserved, no overwrites, no BOOTSTRAP.md created.

The destructive handleReset('full') function (which trashes config + creds + sessions + workspace) is only reachable from:

• openclaw onboard --reset
• The onboarding wizard's "Reset → Full" option (wizard/onboarding.ts:171)
• Dev mode (gateway-cli/dev.ts)

It's not reachable from openclaw configure.

Could you share the full config-audit.jsonl entry from around 22:26 PST? The full record includes argv (the exact command that was running when the config was written). That would confirm whether configure or onboard was active at the time of the reset.

The entry would be at: ~/.openclaw/logs/config-audit.jsonl

This would help pinpoint whether the destruction came from openclaw configure (which I can't reproduce) or from the onboarding wizard's Reset flow (which would explain all the symptoms).