[Bug]: uninstall documentation nukes cwd

[brandondube]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

Yes

Summary

The stanza

openclaw uninstall --all --yes --non-interactive

deletes all contents in the current working directory. This is a severe bug that results in dataloss. It's not like the default directory for a new shell is $HOME. How on earth is it even possible this is in the code 😡

Steps to reproduce

openclaw uninstall --all --yes --non-interactive

Expected behavior

Do not delete cwd???????????????

Actual behavior

rm -rf was run on cwd?????

OpenClaw version

downloaded yesterday.

Operating system

macOS

Install method

npm global

Model

not relevant

Provider / routing chain

not relevant

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

Severity: Extreme, data risk deletion

Additional information

No response

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 5, 2026, 10:14 PM ET / 02:14 UTC.

Summary
Current main still has the reported destructive path: the documented non-interactive uninstall command selects workspace removal, and the cleanup guard rejects blank/root/home targets but not the caller's current working directory. This should stay open as a data-loss bug.

Reproducibility: yes. at source level: configure the selected workspace to a disposable cwd and the --all uninstall path reaches recursive workspace removal without a cwd guard. I did not execute the destructive command in this read-only review.

Next step
This is a narrow, high-impact repair with clear implementation and test files; avoid destructive live repro and prove it with mocked or disposable temp-dir coverage.

Review details

Best possible solution:

Land a narrow safety fix that refuses to remove process.cwd() as a cleanup target, adds regression coverage for workspace removal, and updates uninstall docs to favor dry-run or scoped removal over automated --all.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: configure the selected workspace to a disposable cwd and the --all uninstall path reaches recursive workspace removal without a cwd guard. I did not execute the destructive command in this read-only review.

Is this the best way to solve the issue?

No close is appropriate; the maintainable fix is a direct removal-target guard plus tests and docs cleanup, not accepting the current --all behavior.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• I did not run the destructive command; the reproduction proof is source-level and should be validated with disposable temp directories only.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3a2f54e6a866.

Label changes

Label changes:

• add P0: The issue reports possible deletion of user files through a documented uninstall command.
• add impact:data-loss: The affected path is destructive filesystem cleanup that can remove user workspace contents.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P0: The issue reports possible deletion of user files through a documented uninstall command.
• impact:data-loss: The affected path is destructive filesystem cleanup that can remove user workspace contents.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/commands/cleanup-utils.test.ts src/commands/uninstall.test.ts
• pnpm docs:list
• git diff --check

What I checked:

• Current CLI exposes the reported command shape: openclaw uninstall registers --all, --yes, and --non-interactive, then forwards those options to uninstallCommand. (src/cli/program/register.maintenance.ts:146, 3a2f54e6a866)
• Current uninstall removes workspace scope under --all: --all includes the workspace scope, and workspace scope calls removeWorkspaceDirs(workspaceDirs, runtime, { dryRun }). (src/commands/uninstall.ts:211, 3a2f54e6a866)
• Removal guard does not reject cwd: removePath refuses blank, filesystem root, and the resolved home directory, but then reaches recursive fs.rm for other resolved paths; there is no cwd guard. (src/commands/cleanup-utils.ts:73, 3a2f54e6a866)
• Public uninstall docs still recommend the exact non-interactive --all stanza: The install uninstall guide shows both openclaw uninstall --all --yes --non-interactive and the npx variant under the easy path. Public docs: docs/install/uninstall.md. (docs/install/uninstall.md:24, 3a2f54e6a866)
• Latest release still contains the same unsafe documentation and guard: Tag v2026.6.1 contains the non-interactive --all docs and the same removal guard that lacks a cwd check, so the report is not main-only noise. Public docs: docs/install/uninstall.md. (docs/install/uninstall.md:24, 2e08f0f4221f)
• Existing tests miss this safety invariant: Cleanup tests cover workspace removal and preservation, but no test asserts that uninstall refuses a workspace path equal to process.cwd(). (src/commands/cleanup-utils.test.ts:104, 3a2f54e6a866)

Likely related people:

• Ayaan Zaidi: Current blame for the uninstall and cleanup files points to commit 61d121f, which carries the present main implementation in this checkout. (role: recent area contributor; confidence: medium; commits: 61d121f1caa2; files: src/commands/uninstall.ts, src/commands/cleanup-utils.ts, docs/install/uninstall.md)
• steipete: History shows commit 11c8db1 introduced the reset/uninstall commands and cleanup utilities, and commit 5d7979c refreshed the uninstall CLI docs. (role: introduced behavior and adjacent docs maintainer; confidence: high; commits: 11c8db14a1e5, 5d7979c5c710; files: src/commands/uninstall.ts, src/commands/cleanup-utils.ts, docs/cli/uninstall.md)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.