← 返回 Skills 市场
richgoodson

Agent Provenance

作者 Rich · GitHub ↗ · v2.1.4 · MIT-0
cross-platform ✓ 安全检测通过
211
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install agent-provenance
功能描述
File provenance tracking, authority levels, commit conventions, and governance policies. Ensures accountability for changes to instruction files, topic files...
使用说明 (SKILL.md)

Agent Provenance v2.1.4

Agents modify their own instruction files, topic files, and memory. Without tracking, human-authored rules become indistinguishable from agent-authored additions. This skill provides lightweight governance to maintain that distinction — provenance headers, authority levels, commit conventions, and review policies to ensure accountability and maintainability.

The Problem

Instruction files evolve over time. Without clear tracking, it's unclear who made changes and when, review responsibilities become ambiguous, agent-written goals can persist indefinitely without validation, security boundaries can be eroded gradually, and audit trails are lost.

Prerequisites

This skill requires git to be initialized in the workspace. The agent needs write access to instruction files and memory files (declared in the metadata above). Diff reports are posted to the conversation channel — no external channel credentials are needed unless the user configures an external destination.

All scheduled tasks (diff reports, heartbeat checks) use OpenClaw's built-in cron tool. They run as isolated agent sessions within the OpenClaw sandbox. No OS-level schedulers (crontab, systemd, launchd) are created or modified.

Architecture

Provenance Headers

All instruction files carry an HTML comment header:

\x3C!--
  provenance: human-authored | agent-authored | mixed
  description: what this file is
  last-reviewed: YYYY-MM-DD
  reviewed-by: Human | Agent
-->

Provenance types:

  • human-authored — files created by the human user and not modified by the agent without explicit direction (SOUL.md, PRINCIPLES.md, USER.md)
  • agent-authored — files created and maintained by the agent (LEARNINGS.md, session files, daily notes, topic files, time-based archives)
  • mixed — files with both human policy and agent procedures (AGENTS.md, IDENTITY.md, TOOLS.md, HEARTBEAT.md, BOOT.md, contact files)
  • transient — one-shot scratch files with no provenance cadence (BOOTSTRAP.md). Not governed by this skill — OpenClaw creates them for a brand-new workspace and removes them after the bootstrap ritual finishes.

Only the user updates last-reviewed and reviewed-by on human-authored files.

Authority Levels

Files have different sensitivity levels that determine who can modify them and how changes are tracked.

Human-authored files (SOUL.md, PRINCIPLES.md, USER.md) define the agent's identity and core rules. The agent does not modify these without explicit direction from the user.

Mixed files (AGENTS.md, IDENTITY.md, TOOLS.md, HEARTBEAT.md, BOOT.md, contact files) have user-set policy with agent-maintained operational procedures. IDENTITY.md is created during the bootstrap ritual and may be updated by the agent, but the user owns the underlying identity assertions. TOOLS.md holds local tool notes and conventions — user-shaped guidance that blends with agent-observed usage patterns. BOOT.md is an optional startup checklist with the same mixed ownership. Contact files are mixed because the agent captures information from conversations but the user may correct details or add private context. All changes are logged in git.

Transient files (BOOTSTRAP.md) are first-run scratch files that OpenClaw creates for a brand-new workspace and deletes after the bootstrap ritual. They carry no provenance header and are not subject to review cadence. If BOOTSTRAP.md persists for more than a few sessions, flag it as an anomaly rather than treating it as a reviewable instruction file.

Agent-authored files (LEARNINGS.md, session files, daily notes, topic files) are written freely by the agent and reviewed periodically by the user. Topic files represent authoritative project state and should be treated with more care than transient session files.

Routing table (MEMORY.md) has mixed authority. The agent maintains pointers, but MEMORY.md is loaded into every session's system prompt, so changes have high impact. Keep it under 3KB with only pointers and active constraints. Log all changes via git with appropriate commit tags.

Commit Message Convention

Workspace commits use a tag prefix to identify who directed the change:

  • [human-directed] — the user explicitly asked for this change
  • [agent-autonomous] — the agent decided to make this change independently
  • [heartbeat] — change made during a heartbeat cycle
  • [cron] — change made by a scheduled job

This makes git log --oneline \x3Cfile> a real audit trail.

Software project commits (any external project) use plain descriptive messages with NO provenance tags. Tags like [human-directed] are AI fingerprints — they leak that an agent is involved in the project.

TTL on Agent-Written Goals

Anything the agent writes to a goals, tasks, or backlog section gets a date stamp. If an agent-written goal is older than 14 days and the user hasn't touched it, the agent does not silently keep following it. Instead, ask the user whether it's still valid.

TTL on Topic Files

Topic files represent active projects and workstreams. If a topic file hasn't been modified in 30 or more days, flag it for the user during the next heartbeat: "The topic file for [project] hasn't been updated in a month. Is this still active, or should it be archived?" If the user confirms it's still active, update the file's timestamp. If the user says archive it, move it to memory/topics/archive/ and remove the pointer from MEMORY.md.

This prevents stale topic files from accumulating and cluttering search results, and keeps MEMORY.md's routing table current.

Instruction Diff Reports

Weekly (or on-demand via "diff report"): the agent diffs all instruction files against their state 7 days ago and posts a summary to the conversation. What changed, who changed it, why. The user reviews, confirms, or reverts.

Schedule the diff report at a fixed local time that works for the user (e.g., Sunday morning). There's nothing special about the exact time — pick one, set a cron using OpenClaw's built-in cron tool, be consistent.

Review Flagging with Graduated Urgency

Instruction files and key memory files should be reviewed periodically. Rather than a single flag, use graduated urgency:

30 days since last review — mention during heartbeat. Example: "AGENTS.md hasn't been reviewed in 30 days. Worth a quick look when you have time."

60 days since last review — warn explicitly. Example: "AGENTS.md is 60 days past its last review. I'm still following its instructions, but they may be outdated. Can you review it this week?"

90 days since last review — escalate. Example: "AGENTS.md hasn't been reviewed in 90 days. At this point it's either stable enough to not need review (in which case, update the review date to acknowledge that) or it's drifted without anyone noticing. Please review and confirm."

This applies to human-authored and mixed files. Agent-authored files don't need the same review cadence but benefit from periodic user spot-checks.

Setup

Initialize git in the workspace if it isn't already a repository, and configure a local git identity for agent commits. Use a name that makes agent-authored commits identifiable in the log. Create a .gitignore if needed to exclude temporary files, secrets, and local state.

Daily Provenance Checks

During heartbeat cycles:

  1. Check last-reviewed dates in provenance headers of all instruction files
  2. Apply graduated urgency: mention at 30 days, warn at 60, escalate at 90
  3. Check for agent-written goals/tasks older than 14 days without user interaction — flag for re-authorization
  4. Check for topic files untouched for 30 or more days — flag for archival or confirmation
  5. Generate weekly diff report if due

Security Implications

Provenance tracking provides defense in depth. It makes unauthorized changes visible in git history, enforces regular review of critical files, provides accountability for agent actions, and creates an audit trail for compliance.

Sensitive data: Provenance headers and commit messages should never contain secrets, API keys, or credentials. Commit messages describe what changed and why — they should reference file names and decisions, not secret values. The same redaction guidance from agent-session-state applies: log the existence of a credential and where it is stored, not the value itself.

Integration with Other Skills

hierarchical-agent-memory provides the memory structure this skill governs. MEMORY.md is a lean routing table with pointers to topic and contact files. Topic files are agent-authored and subject to the 30-day staleness check. Contact files are mixed authority. Daily notes and time-based archival layers are agent-authored and maintained freely. All memory file changes should use appropriate commit tags.

agent-session-state manages per-channel session files. Session state files are agent-authored and transient. They don't need provenance headers or review cadence, but commits that modify them should use the appropriate tag for audit trail purposes.

memory-wiki (bundled OpenClaw plugin, as of 2026.4.x) compiles durable knowledge into a separate vault at ~/.openclaw/wiki/main/ with its own lifecycle: structured claims, evidence linkage, freshness dashboards, wiki_lint, and the reports/ dashboard set. This skill does not govern the wiki vault. Do not retrofit provenance headers, last-reviewed dates, graduated urgency, or commit-tag discipline onto wiki pages — wiki has its own claim-level schema and lint tooling, and the two systems are deliberately orthogonal (file authorship and accountability vs. claim-level evidence lineage). Commits that touch wiki output should still use appropriate tags for audit trail purposes, but the pages themselves are out of scope.

Best Practices

For the agent: Always include provenance headers on new instruction files and new topic/contact files. Update last-reviewed after the user reviews a file. Use appropriate commit tags. Flag old content for review using graduated urgency. Ask the user about stale agent-written goals. Flag untouched topic files for archival.

For the user: Review flagged files promptly — graduated urgency means the agent will keep escalating until you respond. Update last-reviewed and reviewed-by after each review. Provide clear direction for changes explicitly requested. Periodically check git history for anomalies. When archiving a topic, confirm the MEMORY.md pointer is removed.

Related Skills

  • hierarchical-agent-memory — Hybrid topic-based working memory with optional time-based archival layers
  • agent-session-state — Per-channel isolation and WAL protocol
安全使用建议
This skill appears coherent with its stated goal, but it will give an agent permission to edit and git-commit files that influence agent behavior (MEMORY.md, AGENTS.md, topic and contact files). Before enabling: - Ensure you are comfortable letting an agent autonomously update those specific files and create git commits with provenance tags. - Initialize the workspace git repo yourself and review its history/branches before trusting automated commits. - Back up sensitive files (MEMORY.md, contacts, user identity files) or restrict the skill's write scope if possible. - Consider requiring a human review step for high-impact changes (disable autonomous actions or require confirmation) if you want stronger control. - If you plan to post diffs externally, configure the destination carefully and avoid leaking private data. If you want a lower-risk option, run the governance steps manually or test in a sandbox workspace first.
功能分析
Type: OpenClaw Skill Name: agent-provenance Version: 2.1.4 The agent-provenance skill is a governance and auditing framework designed to track changes to an agent's instruction and memory files using git. It implements provenance headers, standardized commit tags (e.g., [agent-autonomous]), and a graduated review system (30/60/90 days) to ensure human oversight of AI-modified files like AGENTS.md and IDENTITY.md. The skill operates within the OpenClaw sandbox, uses built-in scheduling tools, and includes defensive instructions to avoid logging secrets and to flag anomalous files like persistent BOOTSTRAP.md scratchpads.
能力评估
Purpose & Capability
Name/description (provenance, review cadence, TTL, commit conventions) align with the declared requirements: git and openclaw are reasonable, and the listed read/write paths map to the files the skill says it governs.
Instruction Scope
SKILL.md instructs the agent to edit and git-commit a set of instruction/memory/topic/contact files, run scheduled checks via OpenClaw's cron, and post diffs to the conversation channel. All of these are consistent with provenance work, but they grant the agent ongoing authority to change files that affect agent behavior (e.g., MEMORY.md).
Install Mechanism
Instruction-only skill (no install spec, no downloaded code). This minimizes installation risk because nothing is being written to disk by an installer.
Credentials
No environment variables or external credentials are requested (good). However, declaring write access to MEMORY.md, memory/topics/, memory/contacts/, and other instruction files is high privilege: these files may contain sensitive user data or content that alters agent/system prompts. The access is proportional to provenance duties but carries notable impact.
Persistence & Privilege
always:false (not force-included). The skill permits autonomous invocation (platform default) and schedules recurring tasks via OpenClaw's cron; this autonomy is consistent with the skill's goals but increases the blast radius if misused. The skill does not request modifications to other skills' configs or system-level schedulers.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agent-provenance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agent-provenance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.4
v2.1.4 update
v2.1.3
v2.1.3 update
v2.1.2
v2.1.2 update
v2.1.1
Address ClawHub security review: clarify cron/scheduler scope, align with hierarchical-agent-memory v3 security notes
v2.1.0
v2.1: Graduated urgency (30/60/90 day escalation), topic file TTL and archival, enhanced integration with hierarchical-agent-memory v3 topic and contact files
v2.0.1
Remove Finch-branded git config example, drop hardcoded CDT timezone from diff report schedule, fix broken GitHub links, tighten 'human user' phrasing to 'user', remove self-referential integration bullet
v2.0.0
v2.0.0: Replaced all personal references with neutral terms, enhanced TTL enforcement and diff reports, and improved governance documentation. Cleaned all sensitive information for public release.
v1.1.0
Added lead-in question to body for ClawHub listing page
v1.0.0
Initial release: provenance headers, file authority levels, commit conventions, TTL on agent goals, diff reports
元数据
Slug agent-provenance
版本 2.1.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 9
常见问题

Agent Provenance 是什么?

File provenance tracking, authority levels, commit conventions, and governance policies. Ensures accountability for changes to instruction files, topic files... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 211 次。

如何安装 Agent Provenance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-provenance」即可一键安装,无需额外配置。

Agent Provenance 是免费的吗?

是的,Agent Provenance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Agent Provenance 支持哪些平台?

Agent Provenance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Provenance?

由 Rich(@richgoodson)开发并维护,当前版本 v2.1.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论