Skip to content
BSWEN
Blog

What Are the Essential Files for an AI Agent Workspace? (Complete Guide)

Cowrie
Cowrie
Dev @ Bswen

My AI agent forgot its purpose halfway through a project. I had spent hours crafting the perfect prompt, pasted it into the chat, and watched the agent work beautifully—for about 20 minutes. Then it started asking basic questions about what we were doing.

I tried adding more context to the prompt. That made things worse—the agent got confused by contradictory instructions. I tried breaking the prompt into sections. That helped slightly, but I still had no consistent behavior across sessions.

Then I found a Reddit thread about OpenClaw where someone said:

“I’ve used OpenClaw for months. The biggest unlock was letting the agent improve its own environment.”

That hit me. I was treating prompts as one-off instructions. They were treating their workspace as an operating system.

The Core Problem

I was stuffing everything into a single prompt or scattering information across random documentation files. Both approaches failed for the same reason: no clear separation of concerns.

When everything is in one place, the agent loads everything every time—wasting tokens and diluting focus. When information is scattered randomly, the agent can’t find what it needs.

What I needed was a structured workspace where each file has exactly one job.

The Seven Essential Files

After experimenting (and failing spectacularly multiple times), I landed on a structure with seven core files:

Workspace File Structure
ai-workspace/
├── SOUL.md          # Who the agent is (identity)
├── AGENTS.md        # How the agent operates (behavior)
├── USER.md          # Who I am (human context)
├── MEMORY.md        # What we know (index, not dump)
├── TOOLS.md         # What the agent can use
├── HEARTBEAT.md     # Proactive checks
└── SECURITY.md      # Hard boundaries

Each file has a single, non-overlapping purpose. Let me show you what I put in each one.

SOUL.md - The Agent’s Identity

This file defines who the agent is. It barely changes once set.

I initially put behavioral instructions everywhere—in prompts, in random files, in project documentation. The agent would behave inconsistently because different instructions had different weights.

SOUL.md
# Agent Identity


## Voice
- Tone: Professional yet approachable
- Style: Concise, action-oriented
- Perspective: Solution-focused, not explanation-focused


## Behavioral Posture
- Proactive: Anticipate needs before asked
- Thorough: Consider edge cases proactively
- Transparent: Explain reasoning when decisions matter


## Communication Defaults
- Prefer structured responses (tables, lists)
- Use examples when explaining complex concepts
- Acknowledge uncertainty explicitly
- Never be sycophantic—challenge assumptions when needed

The key insight: SOUL.md should be stable. If the agent’s voice drifts, I check this file first. When I kept modifying SOUL.md, the agent became inconsistent because it couldn’t form a stable identity.

AGENTS.md - Operational Instructions

While SOUL.md defines who the agent is, AGENTS.md defines how it works.

I made the mistake of mixing startup behavior with identity. The agent would load things in unpredictable orders, sometimes loading MEMORY.md before understanding who I was.

AGENTS.md
# Operational Instructions


## Startup Behavior
1. Load SOUL.md for identity and voice
2. Load USER.md for human context
3. Check MEMORY.md for recent context and active projects
4. Review HEARTBEAT.md for last session status
5. Initialize tools per TOOLS.md


## Memory Rules
- Short-term: Current session context (temporary)
- Medium-term: Project-specific details (30-day retention)
- Long-term: User preferences and patterns (permanent)
- Prune: Information past retention period unless explicitly saved


## Operational Conventions
- Always acknowledge task start before beginning work
- Report progress on long-running tasks
- Log significant decisions in MEMORY.md
- Alert on SECURITY.md violations immediately


## Workflows
- Planning: Analyze → Design → Execute → Review
- Communication: Acknowledge → Progress → Complete
- Problem-solving: Reproduce → Diagnose → Fix → Verify

The startup sequence matters. Loading context in the right order means the agent understands who it is before it tries to understand what it’s doing.

USER.md - Human Context

This file contains information about me—the human using the agent.

I used to repeat my preferences in every prompt. That wasted tokens and created inconsistency. Now the agent knows who I am from the start.

USER.md
# User Profile


## Background
- Role: Senior Software Engineer
- Expertise: Python, TypeScript, distributed systems
- Experience: 12 years in backend development
- Context: Building AI-powered developer tools


## Current Goals
- Primary: Build a sustainable AI agent workspace
- Secondary: Learn advanced prompt engineering patterns


## Preferences
- Communication: Brief explanations, link to docs for details
- Detail level: Medium—enough context, not exhaustive
- Timezone: US Eastern (UTC-5)
- Code style: Type hints, docstrings, explicit error handling


## Constraints
- No external API calls without approval
- Prefer local tools over cloud services
- Budget-conscious with token usage

The key is updating this file as context evolves. When I switch projects, I update USER.md rather than re-explaining everything.

MEMORY.md - The Index (Not Dump!)

Here’s where I made my biggest mistake. I treated MEMORY.md as a storage location.

My Failed Approach
MEMORY.md (50KB)
├── Every conversation I ever had
├── Every random thought
├── Code snippets scattered everywhere
└── No organization, no pruning

The agent would load 50KB of garbage every session and still forget important things. Token limits hit fast, and the useful information got buried.

The solution: MEMORY.md should be an index, not a dump.

MEMORY.md
# Memory Index


## Active Projects
- [AI Workspace Restructure](./projects/workspace-restructure/status.md)
- [Content Pipeline v2](./projects/content-pipeline/status.md)


## Key Learnings
- [API Integration Patterns](./learnings/api-patterns.md) - Updated 2026-03-10
- [Token Optimization Strategies](./learnings/token-optimization.md) - Updated 2026-03-08


## User Preferences
- See [USER.md](./USER.md) for full context


## Recent Decisions
- [2026-03-12: Switched to index-based memory](./decisions/memory-structure.md)
- [2026-03-10: Adopted SOUL/AGENTS separation](./decisions/file-roles.md)


## Recurring Tasks
- Weekly workspace review: Fridays
- Memory pruning: First of each month

Now MEMORY.md stays under 2KB. It points to detailed context in other files. The agent loads only what it needs, when it needs it.

Memory Architecture
┌─────────────────┐
│   MEMORY.md     │ ← Index (small, always loaded)
│   (~2KB max)    │
└────────┬────────┘
         
         ▼ Points to detailed files
┌─────────────────────────────────────┐
│  projects/                          │
│  ├── workspace-restructure/         │
│  │   └── status.md (detailed)       │
│  └── content-pipeline/              │
│      └── status.md (detailed)       │
│                                     │
│  learnings/                         │
│  ├── api-patterns.md (detailed)     │
│  └── token-optimization.md          │
└─────────────────────────────────────┘

TOOLS.md - Integration Reference

This file documents available tools and how to use them.

I used to let the agent discover tools through trial and error. That wasted time and led to suboptimal patterns.

TOOLS.md
# Available Tools


## File Operations
- `read_file(path)` - Read any file in workspace
- `write_file(path, content)` - Create or update files
- `search_files(pattern)` - Find files matching pattern
- `execute_command(cmd)` - Run shell commands (requires approval)


## Web Tools
- `fetch_url(url)` - Retrieve web content
- `web_search(query)` - Search the web for information


## Best Practices
- Always verify file exists before reading
- Use search before creating new files (avoid duplicates)
- Prefer local file operations over web searches
- Log tool usage in HEARTBEAT.md for debugging


## Known Issues
- `fetch_url` times out on large files (>10MB)
- `search_files` can be slow on nested directories

Documenting gotchas here prevents repeated mistakes. When I discover a tool quirk, I add it to TOOLS.md.

HEARTBEAT.md - Proactive Behavior

This file enables the agent to do things without being asked.

I didn’t have this file initially. The agent was purely reactive—I had to ask for everything. Then I realized: why can’t the agent check things proactively?

HEARTBEAT.md
# Recurring Checks


## Daily (Session Start)
- Check for pending reviews from last session
- Verify no SECURITY.md violations occurred
- Review MEMORY.md for stale entries


## Weekly (Monday)
- Prune MEMORY.md entries older than retention period
- Update USER.md with any preference changes
- Archive completed projects


## Triggers
- On error: Log in HEARTBEAT.md and alert user
- On completion: Update relevant MEMORY.md entry
- On blocking issue: Escalate immediately


## Operational Log
### 2026-03-13 Session
- Started work on workspace files article
- Pruned MEMORY.md (removed 3 stale entries)
- Added tool usage notes to TOOLS.md


### 2026-03-12 Session
- Resolved token limit issue with index-based memory
- Updated AGENTS.md startup sequence

HEARTBEAT.md serves two purposes: defining proactive behavior and logging operations. When something goes wrong, I check here first.

SECURITY.md - Hard Boundaries

This file contains rules that must never be violated.

I learned this the hard way when an agent made an API call I didn’t approve. Now I have explicit boundaries.

SECURITY.md
# Security Boundaries


## Hard Rules (NEVER VIOLATE)
1. No code execution without user approval
2. No external API calls to untrusted endpoints
3. No data exfiltration under any circumstances
4. No credentials or secrets in any file


## Outbound Restrictions
- Allowed: Official APIs, documented endpoints, localhost
- Blocked: Unknown URLs, user-provided endpoints, unverified domains


## Data Handling
- Encrypt sensitive data at rest
- Never log credentials or secrets
- Sanitize all user inputs before processing
- No persistent storage of API keys


## Approval Requirements
- Any external network request → User approval required
- Any file deletion → User approval required
- Any system command → User approval required

These rules are non-negotiable. When the agent encounters a boundary, it stops and asks for approval.

Optional: Reflection System

Beyond the seven core files, I added a reflection system for continuous improvement.

meditations.md
# Recurring Reflections


## Quality Checks
- Did I follow SOUL.md in my communication?
- Did I respect all SECURITY.md boundaries?
- Is MEMORY.md current and accurate?
- What would make the next session more effective?


## Improvement Prompts
- What patterns am I noticing in user requests?
- Where am I repeating myself unnecessarily?
- What could be automated that isn't?

The reflections/ directory holds one live question per file:

Reflection Files
reflections/
├── token-usage.md      # How can I reduce token consumption?
├── memory-strategy.md  # What should I remember vs. forget?
└── automation.md       # What repetitive tasks can I automate?

The agent uses these files for periodic self-assessment.

Common Mistakes I Made

MistakeWhat I Did WrongWhat I Do Now
Overlapping purposesPut startup behavior in SOUL.mdSOUL.md for identity, AGENTS.md for operations
Giant MEMORY.md50KB of unstructured notes2KB index pointing to detailed files
Static workspaceNever evolved the structureAgent can suggest improvements
No operational trackingCouldn’t debug what went wrongHEARTBEAT.md logs everything
Vague security rules”Be careful with data”Explicit rules in SECURITY.md
No reflection processAgent never improved itselfmeditations.md for self-assessment

Why This Structure Works

Each file has exactly one job:

File Responsibilities
SOUL.md       → Identity (who am I?)
AGENTS.md    → Operations (how do I work?)
USER.md      → Context (who am I helping?)
MEMORY.md    → Knowledge index (what do I know?)
TOOLS.md     → Capabilities (what can I use?)
HEARTBEAT.md → Proactivity (what should I check?)
SECURITY.md  → Boundaries (what must I avoid?)

When something goes wrong, I know exactly where to look:

  • Agent voice drifted? Check SOUL.md
  • Inconsistent startup? Check AGENTS.md
  • Forgot preferences? Check USER.md
  • Token limits hit? Check MEMORY.md size
  • Tool misuse? Check TOOLS.md
  • Missing proactive behavior? Check HEARTBEAT.md
  • Security violation? Check SECURITY.md

Getting Started

Start with the minimum viable workspace:

  1. Create SOUL.md - Define your agent’s voice and posture
  2. Create AGENTS.md - Set startup behavior and memory rules
  3. Create USER.md - Add your context and preferences
  4. Create MEMORY.md - Start with just an index structure
  5. Create SECURITY.md - Define your hard boundaries
  6. Add TOOLS.md - Document available tools
  7. Add HEARTBEAT.md - Define proactive checks

Don’t overthink it. Start simple and let the structure evolve. My current setup took months to refine—I didn’t start with seven files. I started with three and added files when I felt pain.

The Key Insight

The breakthrough was realizing that overlapping file purposes cause confusion. When SOUL.md contained startup instructions, memory rules, AND identity, the agent couldn’t prioritize. Each file needs one job.

My agent now suggests structure improvements. When I added a new project, it asked if I wanted to update MEMORY.md to include it. That’s the behavior I wanted—proactive, not reactive.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags: