← Back to Skills Marketplace
richgoodson

Agent Provenance

by Rich · GitHub ↗ · v2.1.4 · MIT-0
cross-platform ✓ Security Clean
211
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install agent-provenance
Description
File provenance tracking, authority levels, commit conventions, and governance policies. Ensures accountability for changes to instruction files, topic files...
README (SKILL.md)

Agent Provenance v2.1.4

Agents modify their own instruction files, topic files, and memory. Without tracking, human-authored rules become indistinguishable from agent-authored additions. This skill provides lightweight governance to maintain that distinction — provenance headers, authority levels, commit conventions, and review policies to ensure accountability and maintainability.

The Problem

Instruction files evolve over time. Without clear tracking, it's unclear who made changes and when, review responsibilities become ambiguous, agent-written goals can persist indefinitely without validation, security boundaries can be eroded gradually, and audit trails are lost.

Prerequisites

This skill requires git to be initialized in the workspace. The agent needs write access to instruction files and memory files (declared in the metadata above). Diff reports are posted to the conversation channel — no external channel credentials are needed unless the user configures an external destination.

All scheduled tasks (diff reports, heartbeat checks) use OpenClaw's built-in cron tool. They run as isolated agent sessions within the OpenClaw sandbox. No OS-level schedulers (crontab, systemd, launchd) are created or modified.

Architecture

Provenance Headers

All instruction files carry an HTML comment header:

\x3C!--
  provenance: human-authored | agent-authored | mixed
  description: what this file is
  last-reviewed: YYYY-MM-DD
  reviewed-by: Human | Agent
-->

Provenance types:

  • human-authored — files created by the human user and not modified by the agent without explicit direction (SOUL.md, PRINCIPLES.md, USER.md)
  • agent-authored — files created and maintained by the agent (LEARNINGS.md, session files, daily notes, topic files, time-based archives)
  • mixed — files with both human policy and agent procedures (AGENTS.md, IDENTITY.md, TOOLS.md, HEARTBEAT.md, BOOT.md, contact files)
  • transient — one-shot scratch files with no provenance cadence (BOOTSTRAP.md). Not governed by this skill — OpenClaw creates them for a brand-new workspace and removes them after the bootstrap ritual finishes.

Only the user updates last-reviewed and reviewed-by on human-authored files.

Authority Levels

Files have different sensitivity levels that determine who can modify them and how changes are tracked.

Human-authored files (SOUL.md, PRINCIPLES.md, USER.md) define the agent's identity and core rules. The agent does not modify these without explicit direction from the user.

Mixed files (AGENTS.md, IDENTITY.md, TOOLS.md, HEARTBEAT.md, BOOT.md, contact files) have user-set policy with agent-maintained operational procedures. IDENTITY.md is created during the bootstrap ritual and may be updated by the agent, but the user owns the underlying identity assertions. TOOLS.md holds local tool notes and conventions — user-shaped guidance that blends with agent-observed usage patterns. BOOT.md is an optional startup checklist with the same mixed ownership. Contact files are mixed because the agent captures information from conversations but the user may correct details or add private context. All changes are logged in git.

Transient files (BOOTSTRAP.md) are first-run scratch files that OpenClaw creates for a brand-new workspace and deletes after the bootstrap ritual. They carry no provenance header and are not subject to review cadence. If BOOTSTRAP.md persists for more than a few sessions, flag it as an anomaly rather than treating it as a reviewable instruction file.

Agent-authored files (LEARNINGS.md, session files, daily notes, topic files) are written freely by the agent and reviewed periodically by the user. Topic files represent authoritative project state and should be treated with more care than transient session files.

Routing table (MEMORY.md) has mixed authority. The agent maintains pointers, but MEMORY.md is loaded into every session's system prompt, so changes have high impact. Keep it under 3KB with only pointers and active constraints. Log all changes via git with appropriate commit tags.

Commit Message Convention

Workspace commits use a tag prefix to identify who directed the change:

  • [human-directed] — the user explicitly asked for this change
  • [agent-autonomous] — the agent decided to make this change independently
  • [heartbeat] — change made during a heartbeat cycle
  • [cron] — change made by a scheduled job

This makes git log --oneline \x3Cfile> a real audit trail.

Software project commits (any external project) use plain descriptive messages with NO provenance tags. Tags like [human-directed] are AI fingerprints — they leak that an agent is involved in the project.

TTL on Agent-Written Goals

Anything the agent writes to a goals, tasks, or backlog section gets a date stamp. If an agent-written goal is older than 14 days and the user hasn't touched it, the agent does not silently keep following it. Instead, ask the user whether it's still valid.

TTL on Topic Files

Topic files represent active projects and workstreams. If a topic file hasn't been modified in 30 or more days, flag it for the user during the next heartbeat: "The topic file for [project] hasn't been updated in a month. Is this still active, or should it be archived?" If the user confirms it's still active, update the file's timestamp. If the user says archive it, move it to memory/topics/archive/ and remove the pointer from MEMORY.md.

This prevents stale topic files from accumulating and cluttering search results, and keeps MEMORY.md's routing table current.

Instruction Diff Reports

Weekly (or on-demand via "diff report"): the agent diffs all instruction files against their state 7 days ago and posts a summary to the conversation. What changed, who changed it, why. The user reviews, confirms, or reverts.

Schedule the diff report at a fixed local time that works for the user (e.g., Sunday morning). There's nothing special about the exact time — pick one, set a cron using OpenClaw's built-in cron tool, be consistent.

Review Flagging with Graduated Urgency

Instruction files and key memory files should be reviewed periodically. Rather than a single flag, use graduated urgency:

30 days since last review — mention during heartbeat. Example: "AGENTS.md hasn't been reviewed in 30 days. Worth a quick look when you have time."

60 days since last review — warn explicitly. Example: "AGENTS.md is 60 days past its last review. I'm still following its instructions, but they may be outdated. Can you review it this week?"

90 days since last review — escalate. Example: "AGENTS.md hasn't been reviewed in 90 days. At this point it's either stable enough to not need review (in which case, update the review date to acknowledge that) or it's drifted without anyone noticing. Please review and confirm."

This applies to human-authored and mixed files. Agent-authored files don't need the same review cadence but benefit from periodic user spot-checks.

Setup

Initialize git in the workspace if it isn't already a repository, and configure a local git identity for agent commits. Use a name that makes agent-authored commits identifiable in the log. Create a .gitignore if needed to exclude temporary files, secrets, and local state.

Daily Provenance Checks

During heartbeat cycles:

  1. Check last-reviewed dates in provenance headers of all instruction files
  2. Apply graduated urgency: mention at 30 days, warn at 60, escalate at 90
  3. Check for agent-written goals/tasks older than 14 days without user interaction — flag for re-authorization
  4. Check for topic files untouched for 30 or more days — flag for archival or confirmation
  5. Generate weekly diff report if due

Security Implications

Provenance tracking provides defense in depth. It makes unauthorized changes visible in git history, enforces regular review of critical files, provides accountability for agent actions, and creates an audit trail for compliance.

Sensitive data: Provenance headers and commit messages should never contain secrets, API keys, or credentials. Commit messages describe what changed and why — they should reference file names and decisions, not secret values. The same redaction guidance from agent-session-state applies: log the existence of a credential and where it is stored, not the value itself.

Integration with Other Skills

hierarchical-agent-memory provides the memory structure this skill governs. MEMORY.md is a lean routing table with pointers to topic and contact files. Topic files are agent-authored and subject to the 30-day staleness check. Contact files are mixed authority. Daily notes and time-based archival layers are agent-authored and maintained freely. All memory file changes should use appropriate commit tags.

agent-session-state manages per-channel session files. Session state files are agent-authored and transient. They don't need provenance headers or review cadence, but commits that modify them should use the appropriate tag for audit trail purposes.

memory-wiki (bundled OpenClaw plugin, as of 2026.4.x) compiles durable knowledge into a separate vault at ~/.openclaw/wiki/main/ with its own lifecycle: structured claims, evidence linkage, freshness dashboards, wiki_lint, and the reports/ dashboard set. This skill does not govern the wiki vault. Do not retrofit provenance headers, last-reviewed dates, graduated urgency, or commit-tag discipline onto wiki pages — wiki has its own claim-level schema and lint tooling, and the two systems are deliberately orthogonal (file authorship and accountability vs. claim-level evidence lineage). Commits that touch wiki output should still use appropriate tags for audit trail purposes, but the pages themselves are out of scope.

Best Practices

For the agent: Always include provenance headers on new instruction files and new topic/contact files. Update last-reviewed after the user reviews a file. Use appropriate commit tags. Flag old content for review using graduated urgency. Ask the user about stale agent-written goals. Flag untouched topic files for archival.

For the user: Review flagged files promptly — graduated urgency means the agent will keep escalating until you respond. Update last-reviewed and reviewed-by after each review. Provide clear direction for changes explicitly requested. Periodically check git history for anomalies. When archiving a topic, confirm the MEMORY.md pointer is removed.

Related Skills

  • hierarchical-agent-memory — Hybrid topic-based working memory with optional time-based archival layers
  • agent-session-state — Per-channel isolation and WAL protocol
Usage Guidance
This skill appears coherent with its stated goal, but it will give an agent permission to edit and git-commit files that influence agent behavior (MEMORY.md, AGENTS.md, topic and contact files). Before enabling: - Ensure you are comfortable letting an agent autonomously update those specific files and create git commits with provenance tags. - Initialize the workspace git repo yourself and review its history/branches before trusting automated commits. - Back up sensitive files (MEMORY.md, contacts, user identity files) or restrict the skill's write scope if possible. - Consider requiring a human review step for high-impact changes (disable autonomous actions or require confirmation) if you want stronger control. - If you plan to post diffs externally, configure the destination carefully and avoid leaking private data. If you want a lower-risk option, run the governance steps manually or test in a sandbox workspace first.
Capability Analysis
Type: OpenClaw Skill Name: agent-provenance Version: 2.1.4 The agent-provenance skill is a governance and auditing framework designed to track changes to an agent's instruction and memory files using git. It implements provenance headers, standardized commit tags (e.g., [agent-autonomous]), and a graduated review system (30/60/90 days) to ensure human oversight of AI-modified files like AGENTS.md and IDENTITY.md. The skill operates within the OpenClaw sandbox, uses built-in scheduling tools, and includes defensive instructions to avoid logging secrets and to flag anomalous files like persistent BOOTSTRAP.md scratchpads.
Capability Assessment
Purpose & Capability
Name/description (provenance, review cadence, TTL, commit conventions) align with the declared requirements: git and openclaw are reasonable, and the listed read/write paths map to the files the skill says it governs.
Instruction Scope
SKILL.md instructs the agent to edit and git-commit a set of instruction/memory/topic/contact files, run scheduled checks via OpenClaw's cron, and post diffs to the conversation channel. All of these are consistent with provenance work, but they grant the agent ongoing authority to change files that affect agent behavior (e.g., MEMORY.md).
Install Mechanism
Instruction-only skill (no install spec, no downloaded code). This minimizes installation risk because nothing is being written to disk by an installer.
Credentials
No environment variables or external credentials are requested (good). However, declaring write access to MEMORY.md, memory/topics/, memory/contacts/, and other instruction files is high privilege: these files may contain sensitive user data or content that alters agent/system prompts. The access is proportional to provenance duties but carries notable impact.
Persistence & Privilege
always:false (not force-included). The skill permits autonomous invocation (platform default) and schedules recurring tasks via OpenClaw's cron; this autonomy is consistent with the skill's goals but increases the blast radius if misused. The skill does not request modifications to other skills' configs or system-level schedulers.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-provenance
  3. After installation, invoke the skill by name or use /agent-provenance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.4
v2.1.4 update
v2.1.3
v2.1.3 update
v2.1.2
v2.1.2 update
v2.1.1
Address ClawHub security review: clarify cron/scheduler scope, align with hierarchical-agent-memory v3 security notes
v2.1.0
v2.1: Graduated urgency (30/60/90 day escalation), topic file TTL and archival, enhanced integration with hierarchical-agent-memory v3 topic and contact files
v2.0.1
Remove Finch-branded git config example, drop hardcoded CDT timezone from diff report schedule, fix broken GitHub links, tighten 'human user' phrasing to 'user', remove self-referential integration bullet
v2.0.0
v2.0.0: Replaced all personal references with neutral terms, enhanced TTL enforcement and diff reports, and improved governance documentation. Cleaned all sensitive information for public release.
v1.1.0
Added lead-in question to body for ClawHub listing page
v1.0.0
Initial release: provenance headers, file authority levels, commit conventions, TTL on agent goals, diff reports
Metadata
Slug agent-provenance
Version 2.1.4
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 9
Frequently Asked Questions

What is Agent Provenance?

File provenance tracking, authority levels, commit conventions, and governance policies. Ensures accountability for changes to instruction files, topic files... It is an AI Agent Skill for Claude Code / OpenClaw, with 211 downloads so far.

How do I install Agent Provenance?

Run "/install agent-provenance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Provenance free?

Yes, Agent Provenance is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Provenance support?

Agent Provenance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Provenance?

It is built and maintained by Rich (@richgoodson); the current version is v2.1.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments