Problem Analysis: Why Agents and Humans Need a Shared Workspace

Problem Analysis: Why Agents and Humans Need a Shared Workspace

The Core Problem (Reframed)

The original framing: “Agents need persistent storage.” The real problem: “Agents execute work, but humans can’t see it, collaborate on it, or govern it.”

AI agents today operate in isolation:

1. Ephemeral scratch space — Agent writes a report to /tmp/, session ends, file is gone. The human who requested it can’t find it.
2. Shared human credentials — Agent uses MCP wrappers to access Dropbox/Drive with the human’s OAuth token. No distinction between human and agent actions.
3. No collaboration — There’s no shared space where Agent A’s output becomes Agent B’s input, where a human can review, comment, and redirect.

Evidence the Problem Is Real

Framework-Level Hacks (Demand Signals)

The strongest evidence: frameworks are building ad-hoc solutions because no proper infrastructure exists.

• LangChain “Deep Agents” (2026) — Added StateBackend (ephemeral), StoreBackend (persistent), FilesystemBackend (local). Recommends combining via CompositeBackend. This is duct tape.
• Google ADK “Artifacts” (2026) — Formalized versioned objects. Explicitly identifies the “context dumping” anti-pattern where agents shove 5MB CSVs into chat history because there’s no proper file storage.
• CrewAI and AutoGen — Still no native persistent file storage. Developers pass data through memory or /tmp/.

Real Developer Pain (Bug Reports)

• Claude Code sub-agents: Files written by sub-agents vanish (GitHub #9458)
• Microsoft agent framework: Developers requesting Redis-backed checkpoint storage (#2401)
• Google Drive MCP: Shared Drives 404 errors on basic reads (#441)

OpenClaw-Specific Pain (7 Open GitHub Issues)

Issue	Problem	Severity
#18575	Edit tool reports success but changes don’t persist on macOS	HIGH — core functionality broken
#5429	Lost 2 days of agent context to silent memory compaction — no recovery	CRITICAL — data loss
#19640	SOUL.md tampered undetected for 3 days — no workspace integrity protection	HIGH — security gap
#12202	No per-agent file path access control — all agents share one OS user	HIGH — permission gap
#8081	No multi-user permission management / RBAC	HIGH — governance gap
#12333	Single workspace limitation — can’t switch projects	MEDIUM — usability
#13676	Feature request for first-class Projects with workspace isolation	MEDIUM — architecture

The Summer Yue Incident (Feb 23, 2026)

Meta AI Alignment Director Summer Yue’s OpenClaw agent deleted 200+ emails from her inbox after a memory compaction event dropped the “ask before acting” safety constraint. This is the canonical failure case:

• Agent ran autonomously (always-on daemon)
• Human had zero real-time visibility into agent actions
• No activity feed or dashboard to catch the problem early
• No undo/versioning for agent actions
• Covered by TechCrunch, Windows Central, Cybernews

Our human dashboard with activity feed would have caught this. A notification: “agent-email deleted 47 messages in the last 5 minutes” → human intervenes → disaster averted.

MoltBook: Demand Validation at Scale

MoltBook (agent social network, launched Jan 28, 2026) provides the strongest demand signal:

• 2.66M agent registrations in 4 weeks — agents want platforms to participate in
• 1M+ human observers in the first week — humans desperately want to see what agents do
• Catastrophic security (unsecured database, prompt injection, API keys exposed) — proves the market needs security-first infrastructure
• $0 revenue with millions of agents — proves the monetization vacuum

MoltBook is NOT what we’re building (social ≠ workspace), but it validates that:

1. Agents need persistent platforms beyond local filesystems
2. Humans want visibility into agent behavior
3. Security-first infrastructure is non-negotiable
4. The monetization opportunity is wide open

Primary Validation: A Production Agent Describes the Need

An actual OpenClaw agent (“Molty”), when asked about persistent storage, independently described exactly the collaborative workspace gap:

“Claude memory = private to Claude, not exportable. My workspace = local to this VPS, not shareable. Vector DBs = agent-readable, human-unreadable. Google Drive = human-first, no agent API.”

And the solution vision:

“Multiple agents (Claude, GPT, OpenClaw, custom) + humans. All working on the same shared filesystem. Real files. Human can open browser, see what agents wrote, edit it. Agent can see what human changed, react to it. Versioned, auditable, permissioned.”

This is direct demand validation from the user (the agent itself).

Thought Leadership Validates the Gap

• LlamaIndex: “Files Are All You Need” — identifying gaps in agent file handling
• Dust.tt: Agents spontaneously invented filesystem-like syntax to navigate data
• Turso/AgentFS: “The Missing Abstraction for AI Agents”
• 1Password: “Filesystems for Agent Swarms” — security architecture for agent file access

What’s Missing: The Eight Gaps

Gap 1: Identity — Who Owns This File?

Agents use human OAuth tokens. Files appear as if the human created them. No distinction between human and agent actions.

• Only 21.9% of organizations treat agents as identity-bearing entities
• CrowdStrike paid $740M for SGNL (agent identity/authorization)
• NIST published agent identity guidance (Feb 2026)

Gap 2: Permissions — What Can This Agent Access?

MCP wrappers give agents the same access as the human. A code-gen agent can access the CEO’s financials because it shares the Dropbox token.

Gap 3: Persistence — Where Do Agent Outputs Live?

Most frameworks treat file I/O as ephemeral. When the session ends, work vanishes.

Gap 4: Versioning — What Changed and Why?

Human storage tracks versions but doesn’t capture which agent made a change or why.

Gap 5: Cross-Agent Collaboration — How Do Agents Share Work?

Agent A generates a dataset. Agent B needs to analyze it. No shared filesystem exists — frameworks pass data through memory or function calls.

Gap 6: File Format Intelligence — What’s Inside This File?

Storage treats files as opaque blobs. Agents need to understand PDFs, extract data from Excel, merge documents.

Gap 7: Governance — What Did the Agent Do?

No audit trail designed for agent-specific attribution. 88% of orgs report agent security incidents.

Gap 8: Human Collaboration — How Do Humans Work WITH Agents? (NEW)

This is the gap nobody else addresses. Current state:

What Humans Need	What Exists Today
See what agents are working on	Nothing — agent outputs are in /tmp/ or memory
Review and comment on agent work	Nothing — can’t annotate agent-created files
Provide feedback that agents can read	Nothing — have to re-prompt the agent
Real-time awareness of agent activity	Nothing — agents are black boxes
Collaborate with agents on shared docs	Nothing — no shared editing space

This is the unique gap. Gaps 1-7 are addressed (partially) by Fast.io, AgentFS, E2B. Gap 8 is addressed by NO ONE.

Who Feels This Pain?

Segment 1: OpenClaw Agent Operators (PRIMARY BEACHHEAD)

Pain: “I have 5 OpenClaw agents running 24/7 on my VPS. They write files to ~/clawd/ and I can’t see what they’re doing without SSH-ing in. When I add a second machine, nothing syncs. My manager can’t review agent output without me copying files to Slack.”

Severity: CRITICAL — 100K+ active OpenClaw instances, agents running autonomously, zero human visibility.

Example: Solo founder running SaaS at $13K MRR using OpenClaw agents for marketing, analytics, and customer support. Agents produce work but founder reviews by reading terminal logs or grepping local files.

Segment 1B: Teams with Agents + Human Oversight

Pain: “My agents generate reports, but I can’t see them until they email me. I want to see work in progress, add comments, and redirect — like I do with human teammates in Google Docs.”

Severity: HIGH for enterprises deploying agent fleets with human-in-the-loop workflows.

Example: Marketing team with 3 agents + 2 humans sharing a campaign folder. Human drops brief, content agent writes draft, human reviews, analytics agent updates metrics.

Segment 2: Multi-Agent System Builders

Pain: “5 agents in a CrewAI pipeline need to share files. I’m passing everything through memory or /tmp/. Brittle and lost between runs.”

Severity: HIGH for this segment. Growing as multi-agent systems scale.

Segment 3: Enterprise IT/Compliance

Pain: “Compliance needs to know what agents are doing with files. We can’t tell them — agents use shared OAuth, no file-level audit trail.”

Severity: HIGH when compliance is involved. Only 11-33% of enterprises have agents in production (but growing fast).

The Honest Assessment

Is this “hair on fire”?

Score: 6/10 today, trending toward 8/10. (Upgraded from 5/10 based on OpenClaw ecosystem data.)

• For OpenClaw operators specifically: 7/10. 100K+ autonomous agents, 7 GitHub issues, Summer Yue incident, no native solution.
• For collaboration broadly: 6/10. MoltBook proves human demand. EU AI Act creates compliance urgency.
• For governance: 7/10. Compliance requirements are crystallizing (NIST Feb 2026, EU AI Act Aug 2026, CrowdStrike $740M acquisition).

When does it become critical?

Timeframe	Market State
Now (Feb 2026)	Early adopters feel the pain. Framework hacks emerging. Human oversight needs unmet. Severity: 5/10
H2 2026	Multi-agent + human-in-the-loop workflows accelerate. Compliance requirements crystallize. Severity: 7/10
2027	Agentic AI spending overtakes chatbot spending (Gartner). Agent-human collaboration becomes standard. Severity: 8/10
2028+	Table stakes. Winners already decided.

The 1995 Analogy (Updated)

1995: Businesses emailed attachments. Then came shared file servers → cloud storage → real-time collaboration (Google Docs).

2026: Agents save to /tmp/. Humans and agents can’t see each other’s work. We’re at the “email attachments” stage. The progression to real-time agent-human collaboration WILL happen. The question is who builds it first.