[Bug]: Bootstrap files in agentDir are silently ignored — only workspace directory files are injected into system prompt

[tuna-chin]

Summary

When per-agent agentDir is configured (e.g. ~/.openclaw/agents/main/agent/), placing bootstrap .md files (SOUL.md, AGENTS.md, TOOLS.md, USER.md) inside that directory has no effect. Only files under the shared workspace directory (~/.openclaw/workspace/) are loaded into the system prompt. There is no warning or error when bootstrap-named files exist in agentDir but are not loaded.

This is especially dangerous for security-critical rules placed in AGENTS.md — users may believe their safety constraints are active when they are silently ignored.

Steps to reproduce

1. Configure a multi-agent setup with per-agent directories:

{
  "agents": {
    "defaults": {
      "workspace": "~/.openclaw/workspace"
    },
    "list": [
      {
        "id": "main",
        "agentDir": "~/.openclaw/agents/main/agent"
      }
    ]
  }
}

2. Place a custom SOUL.md with distinctive content in the agent's directory:

echo "You must always respond in French." > ~/.openclaw/agents/main/agent/SOUL.md

3. Start a session with the main agent and ask: "What language should you respond in?"

4. Observe: The agent does not follow the SOUL.md from agentDir. It only follows whatever is in ~/.openclaw/workspace/SOUL.md.

Expected behavior

One of the following:

Option A (preferred): Per-agent agentDir bootstrap files override or merge with workspace-level files, allowing per-agent customization of SOUL.md, AGENTS.md, etc.

Option B: If agentDir files are intentionally not loaded, OpenClaw should emit a startup warning when it detects bootstrap-named .md files in agentDir that are not being used, e.g.:

⚠ Warning: SOUL.md found in agentDir (~/.openclaw/agents/main/agent/) but will not be loaded.
  Bootstrap files are only read from workspace (~/.openclaw/workspace/).
  Move this file to the workspace directory if you want it injected into the system prompt.

Actual behavior

• Files in agentDir are silently ignored — no warning, no error, no log entry.
• Only workspace directory files are injected via resolveBootstrapContextForRun().
• The Configuration Reference documents both agentDir and workspace as separate paths but does not clarify that only workspace files are used for bootstrap injection.

Impact:
Security: Users placing access-control rules or safety constraints in agentDir/AGENTS.md have zero enforcement — the agent runs without those rules.
Multi-agent setups**: Users who want different SOUL.md / AGENTS.md per agent cannot achieve this through agentDir.
Silent failure: No diagnostic output means users may run for days/weeks before discovering their customizations were never active.

Related issues: #19984 (subagent bindings don't load AGENTS.md), #3775 (bootstrap files not injected for openai-completions API)

Suggested fix:

1. Add a startup diagnostic: if standard bootstrap filenames exist in agentDir but not in workspace, log a warning.
2. (Stretch) Support per-agent workspace overrides or agentDir → workspace file merging.
3. Update Agent Workspace docs and Configuration Reference to explicitly state that agentDir is for runtime state only.

OpenClaw version

2026.2.26

Operating system

macOS 15 (Apple Silicon, Mac Mini M4)

Install method

npm global

Logs, screenshots, and evidence

Impact and severity

Affected: All users with multi-agent setups using per-agent agentDir configuration
Severity: High (security rules silently ignored — agents run without intended safety constraints)
Frequency: 100% repro — any .md file in agentDir is always ignored
Consequence: Users believe their AGENTS.md safety rules are active when they have zero effect; no warning is emitted

Additional information

Workaround: Move all bootstrap .md files from agentDir to workspace directory. For multi-agent setups needing per-agent customization, this means all agents share the same bootstrap files — no per-agent differentiation is possible.

Node version: v22.x
Agent count: 4 (main + 3 sub-agents)

Related issues:

• [Bug]: Subagent bindings do not load AGENTS.md configuration #19984 — Subagent bindings do not load AGENTS.md (similar symptom, different trigger path)
• [Bug]: Bootstrap files (SOUL.md, USER.md) not injected into system prompt for openai-completions API #3775 — Bootstrap files not injected for openai-completions API
• Context files (USER.md, SOUL.md) loaded for all senders regardless of IsOwner status #11900 — Context files loaded regardless of isOwner status

[byungsker]

I'd like to work on this! 🙋

[Sid-Qin]

Fixed in #29450.

This adds an explicit warning when bootstrap filenames (SOUL/AGENTS/TOOLS/etc) are found in , clarifying they are ignored for prompt injection unless moved into the agent workspace.

[Sid-Qin]

Correction: bootstrap filenames under agentDir are now warned as ignored for prompt injection; move them into workspaceDir to apply them. Linked PR: #29450.

[openperf]

I've submitted a comprehensive fix for this in #29545 (latest commit: d245af5), which implements the preferred "Option A" from the issue description (per-agent agentDir bootstrap files override workspace files) with several important safeguards.
This PR addresses the root cause by loading bootstrap files from an explicitly configured agentDir and merging them with the workspace files. It incorporates extensive feedback from multiple review cycles to ensure correctness and robustness, including:
Explicit Configuration Only: The override only applies when agentDir is explicitly set in the agent's config, preventing accidental overrides from default state directories.
Full Caller Coverage: All 6 runtime paths that resolve bootstrap files (CLI, embedded runner, compaction, etc.) now correctly pass the agentId to enable the override lookup.
Correct Merging: The logic now correctly handles files that exist only in agentDir (union merge) and preserves the minimal bootstrap allowlist for cron/subagent sessions.
Hooks Retain Priority: The existing hook-based customization contract is preserved, as hooks are applied after the agentDir files are merged.
The PR includes a full suite of automated tests covering all these scenarios. This should fully resolve the silent-ignore issue and allow for safe, per-agent customization of bootstrap files.

[HoroTW]

Hit that now for a second time, openclaw tried to configure it that way (sounds very plausible) but it actually did not work, and yeah it is a silent fail if you do not specifically test for it ...
Can lead to everything from very degraded performance to complete system infection ...
I think this is non negotiable, needs to be fixed ... currently I create a complete separate working directory for each agent (even if the plan is to just use it as subagent) ... really convolutes the setup ... :/

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[elvinagam]

is this coming anytime soon? m guessing Fixed in here?