@vellumai/assistant 0.3.16 → 0.3.19

package/src/config/bundled-skills/notifications/SKILL.md

@@ -12,6 +12,24 @@ Use `send_notification` for user-facing alerts and notifications. This tool rout
 - `preferred_channels` are **routing hints**, not hard channel forcing. The notification router makes the final delivery decision based on user preferences, channel availability, and urgency.
 - Channel selection and delivery are handled entirely by the notification router -- do not attempt to control delivery manually.
 
+## Deduplication (`dedupe_key`)
+
+- `dedupe_key` suppresses duplicate signals. A second notification with the same key is **dropped entirely** within a **1-hour window**. After the window expires, the same key is accepted again.
+- Never reuse a `dedupe_key` across logically distinct notifications, even if they are related. The key means "this exact event already fired," not "these events are in the same category."
+- If you omit `dedupe_key`, the LLM decision engine may generate one automatically based on signal context. This means even keyless signals can be deduplicated if the engine considers them duplicates of a recent event.
+
+## Threading
+
+Thread grouping is handled by the LLM-powered decision engine, not by any parameter you pass. There is no explicit "post to thread X" parameter — thread reuse is inferred, not commanded.
+
+**How it works:** The engine evaluates recent notification thread candidates and decides whether a new signal is a continuation of an existing thread based on `source_event_name`, provenance metadata, and message content. Use natural, descriptive titles and bodies — the engine groups by semantic relatedness, not string matching.
+
+**`source_event_name` is the primary grouping signal.** Use a stable event name for notifications that belong to the same logical stream (e.g. `dog.news.thread.reply` for all replies in a thread). Use a distinct event name when the notification represents a genuinely different kind of event.
+
+**Practical constraints:**
+- Thread candidates are scoped to the **last 24 hours** (max 5 per channel). You cannot reuse an old thread from days ago.
+- The engine will only reuse conversations originally created by the notification system (`source === 'notification'`). It will never append to a user-initiated conversation, even if it looks related.
+
 ## Important
 
 - Do **NOT** use AppleScript `display notification` or other OS-level notification commands for assistant-managed alerts. Always use `send_notification`.

package/src/config/schema.ts

@@ -117,12 +117,18 @@ export {
   SandboxConfigSchema,
 } from './sandbox-schema.js';
 export type {
+  RemotePolicyConfig,
+  RemoteProviderConfig,
+  RemoteProvidersConfig,
   SkillEntryConfig,
   SkillsConfig,
   SkillsInstallConfig,
   SkillsLoadConfig,
 } from './skills-schema.js';
 export {
+  RemotePolicyConfigSchema,
+  RemoteProviderConfigSchema,
+  RemoteProvidersConfigSchema,
   SkillEntryConfigSchema,
   SkillsConfigSchema,
   SkillsInstallConfigSchema,

package/src/config/skills-schema.ts

@@ -19,14 +19,41 @@ export const SkillsInstallConfigSchema = z.object({
   }).default('npm'),
 });
 
+export const RemoteProviderConfigSchema = z.object({
+  enabled: z.boolean({ error: 'skills.remoteProviders.<provider>.enabled must be a boolean' }).default(true),
+});
+
+export const RemoteProvidersConfigSchema = z.object({
+  skillssh: RemoteProviderConfigSchema.default({} as any),
+  clawhub: RemoteProviderConfigSchema.default({} as any),
+});
+
+const VALID_SKILLS_SH_RISK_LEVELS = ['safe', 'low', 'medium', 'high', 'critical', 'unknown'] as const;
+// 'unknown' is valid as a risk label on a skill but not as a threshold — setting the threshold
+// to 'unknown' would silently disable fail-closed behavior since nothing can exceed it.
+const VALID_MAX_RISK_LEVELS = ['safe', 'low', 'medium', 'high', 'critical'] as const;
+
+export const RemotePolicyConfigSchema = z.object({
+  blockSuspicious: z.boolean({ error: 'skills.remotePolicy.blockSuspicious must be a boolean' }).default(true),
+  blockMalware: z.boolean({ error: 'skills.remotePolicy.blockMalware must be a boolean' }).default(true),
+  maxSkillsShRisk: z.enum(VALID_MAX_RISK_LEVELS, {
+    error: `skills.remotePolicy.maxSkillsShRisk must be one of: ${VALID_MAX_RISK_LEVELS.join(', ')}`,
+  }).default('medium'),
+});
+
 export const SkillsConfigSchema = z.object({
   entries: z.record(z.string(), SkillEntryConfigSchema).default({} as any),
   load: SkillsLoadConfigSchema.default({} as any),
   install: SkillsInstallConfigSchema.default({} as any),
   allowBundled: z.array(z.string()).nullable().default(null),
+  remoteProviders: RemoteProvidersConfigSchema.default({} as any),
+  remotePolicy: RemotePolicyConfigSchema.default({} as any),
 });
 
 export type SkillEntryConfig = z.infer<typeof SkillEntryConfigSchema>;
 export type SkillsLoadConfig = z.infer<typeof SkillsLoadConfigSchema>;
 export type SkillsInstallConfig = z.infer<typeof SkillsInstallConfigSchema>;
+export type RemoteProviderConfig = z.infer<typeof RemoteProviderConfigSchema>;
+export type RemoteProvidersConfig = z.infer<typeof RemoteProvidersConfigSchema>;
+export type RemotePolicyConfig = z.infer<typeof RemotePolicyConfigSchema>;
 export type SkillsConfig = z.infer<typeof SkillsConfigSchema>;

package/src/config/templates/UPDATES.md

@@ -1,7 +1,5 @@
 _ Lines starting with _ are comments — they won't appear in the system prompt
-
-# UPDATES.md
-
+_
 _ This file contains release update notes for the assistant.
 _ Each release block is wrapped with HTML comment markers:
 _   <!-- vellum-update-release:<version> -->
@@ -11,6 +9,7 @@ _
 _ Format is freeform markdown. Write notes that help the assistant
 _ understand what changed and how it affects behavior, capabilities,
 _ or available tools. Focus on what matters to the user experience.
-
-## What's New
-
+_
+_ To add release notes, replace this content with real markdown
+_ describing what changed. The sync will only materialize a bulletin
+_ when non-comment content is present.

package/src/config/update-bulletin-format.ts

@@ -44,7 +44,9 @@ export function appendReleaseBlock(
 /** Extracts all version strings from release markers found in `content`. */
 export function extractReleaseIds(content: string): string[] {
   const ids: string[] = [];
+  MARKER_REGEX.lastIndex = 0;
   let match: RegExpExecArray | null;
+  // eslint-disable-next-line no-restricted-syntax -- RegExp.exec returns null
   while ((match = MARKER_REGEX.exec(content)) !== null) {
     ids.push(match[1]);
   }

package/src/config/update-bulletin-state.ts

@@ -4,7 +4,7 @@ const ACTIVE_RELEASES_KEY = 'updates:active_releases';
 const COMPLETED_RELEASES_KEY = 'updates:completed_releases';
 
 function parseReleaseArray(raw: string | null): string[] {
-  if (raw === null) return [];
+  if (!raw) return [];
   try {
     const parsed = JSON.parse(raw);
     if (!Array.isArray(parsed)) return [];

package/src/config/update-bulletin-template-path.ts

@@ -0,0 +1,6 @@
+import { join } from 'node:path';
+
+/** Returns the path to the bundled UPDATES.md template. Extracted for testability. */
+export function getTemplatePath(): string {
+  return join(import.meta.dirname ?? __dirname, 'templates', 'UPDATES.md');
+}

package/src/config/update-bulletin.ts

@@ -1,6 +1,7 @@
-import { existsSync, readFileSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
+import { existsSync, lstatSync, readFileSync, realpathSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
 
+import { getWorkspacePromptPath } from '../util/platform.js';
+import { APP_VERSION } from '../version.js';
 import { stripCommentLines } from './system-prompt.js';
 import { appendReleaseBlock, hasReleaseBlock } from './update-bulletin-format.js';
 import {
@@ -10,8 +11,7 @@ import {
   markReleasesCompleted,
   setActiveReleases,
 } from './update-bulletin-state.js';
-import { APP_VERSION } from '../version.js';
-import { getWorkspacePromptPath } from '../util/platform.js';
+import { getTemplatePath } from './update-bulletin-template-path.js';
 
 /**
  * Writes content to a file via a temp-file + rename to prevent partial/truncated
@@ -21,7 +21,22 @@ function atomicWriteFileSync(filePath: string, content: string): void {
   const tmpPath = `${filePath}.tmp.${process.pid}`;
   try {
     writeFileSync(tmpPath, content, 'utf-8');
-    renameSync(tmpPath, filePath);
+    // Resolve symlinks so we rename to the real target, preserving the link.
+    // If the symlink is dangling (target doesn't exist), fall back to writing
+    // through the symlink path directly — realpathSync throws ENOENT for dangling links.
+    let targetPath = filePath;
+    try {
+      if (lstatSync(filePath, { throwIfNoEntry: false })?.isSymbolicLink()) {
+        targetPath = realpathSync(filePath);
+      }
+    } catch (err: unknown) {
+      // Dangling symlink — fall back to writing through the symlink path.
+      // Only swallow ENOENT (dangling target); re-throw ELOOP, EACCES, I/O faults, etc.
+      if (err instanceof Error && 'code' in err && (err as NodeJS.ErrnoException).code !== 'ENOENT') {
+        throw err;
+      }
+    }
+    renameSync(tmpPath, targetPath);
   } catch (err) {
     try {
       unlinkSync(tmpPath);
@@ -57,7 +72,7 @@ export function syncUpdateBulletinOnStartup(): void {
   }
 
   // --- Template materialization ---
-  const templatePath = join(import.meta.dirname ?? __dirname, 'templates', 'UPDATES.md');
+  const templatePath = getTemplatePath();
   if (!existsSync(templatePath)) return;
 
   const rawTemplate = readFileSync(templatePath, 'utf-8');

package/src/daemon/config-watcher.ts

@@ -90,8 +90,9 @@ export class ConfigWatcher {
   /**
    * Start all file watchers. `onSessionEvict` is called when watched
    * files change and sessions need to be evicted for reload.
+   * `onIdentityChanged` is called when IDENTITY.md changes on disk.
    */
-  start(onSessionEvict: () => void): void {
+  start(onSessionEvict: () => void, onIdentityChanged?: () => void): void {
     const workspaceDir = getWorkspaceDir();
     const protectedDir = join(getRootDir(), 'protected');
 
@@ -106,7 +107,7 @@ export class ConfigWatcher {
         }
       },
       'SOUL.md': () => onSessionEvict(),
-      'IDENTITY.md': () => onSessionEvict(),
+      'IDENTITY.md': () => { onSessionEvict(); onIdentityChanged?.(); },
       'USER.md': () => onSessionEvict(),
       'LOOKS.md': () => onSessionEvict(),
       'UPDATES.md': () => onSessionEvict(),

package/src/daemon/daemon-control.ts

@@ -1,4 +1,4 @@
-import { spawn } from 'node:child_process';
+import { execSync, spawn } from 'node:child_process';
 import { closeSync,existsSync, mkdirSync, openSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
 import { createConnection } from 'node:net';
 import { join, resolve } from 'node:path';
@@ -70,9 +70,17 @@ function killStaleDaemon(): void {
     return;
   }
 
-  // The PID file references a live process, but getDaemonStatus() (called
-  // earlier in startDaemon) already returns early when the daemon is healthy.
-  // If we reach here, the recorded process is alive but non-responsive.
+  // Guard against stale PID reuse: if the PID has been recycled by the OS
+  // and now belongs to an unrelated process, we must not signal it.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up PID file only');
+    cleanupPidFile();
+    return;
+  }
+
+  // The PID file references a live vellum daemon process, but getDaemonStatus()
+  // (called earlier in startDaemon) already returns early when the daemon is
+  // healthy. If we reach here, the recorded process is alive but non-responsive.
   try {
     log.info({ pid }, 'Killing stale daemon process from PID file');
     process.kill(pid, 'SIGKILL');
@@ -91,6 +99,27 @@ function isProcessRunning(pid: number): boolean {
   }
 }
 
+/**
+ * Check whether a PID belongs to a vellum daemon process (a bun process
+ * running the daemon's main.ts). Prevents signaling an unrelated process
+ * that reused a stale PID.
+ */
+function isVellumDaemonProcess(pid: number): boolean {
+  try {
+    const cmd = execSync(`ps -p ${pid} -o command=`, {
+      encoding: 'utf-8',
+      timeout: 3000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim();
+    // The daemon is spawned as `bun run <path>/main.ts` — look for bun
+    // running our daemon entry point.
+    return cmd.includes('bun') && cmd.includes('daemon/main.ts');
+  } catch {
+    // Process exited or ps failed — treat as not ours.
+    return false;
+  }
+}
+
 /** Try a TCP connect to the Unix socket. Returns true if the connection
  *  handshake completes within the timeout — false on connection refused,
  *  timeout, or missing socket file. */
@@ -166,10 +195,17 @@ export async function getDaemonStatus(): Promise<{ running: boolean; pid?: numbe
     cleanupPidFile();
     return { running: false };
   }
-  // Process is alive — verify the socket is responsive. A deadlocked or
-  // wedged daemon will pass the PID liveness check but fail to accept
-  // connections, and should be treated as not running so killStaleDaemon()
-  // can clean it up.
+  // Guard against stale PID reuse: if the OS recycled the PID and it now
+  // belongs to an unrelated process, discard the stale PID file.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up');
+    cleanupPidFile();
+    return { running: false };
+  }
+  // Process is alive and is ours — verify the socket is responsive. A
+  // deadlocked or wedged daemon will pass the PID liveness check but fail
+  // to accept connections, and should be treated as not running so
+  // killStaleDaemon() can clean it up.
   const responsive = await isSocketResponsive();
   if (!responsive) {
     log.warn({ pid }, 'Daemon process alive but socket unresponsive');
@@ -188,6 +224,11 @@ function getStartupLockPath(): string {
 function acquireStartupLock(): boolean {
   const lockPath = getStartupLockPath();
   try {
+    // Ensure the root directory exists before attempting the lock file write.
+    // On a first-time run, getRootDir() may not exist yet, and writeFileSync
+    // with 'wx' would throw ENOENT — which the catch block misinterprets as
+    // "lock already held."
+    mkdirSync(getRootDir(), { recursive: true });
     // O_CREAT | O_EXCL — fails atomically if the file already exists.
     writeFileSync(lockPath, String(Date.now()), { flag: 'wx' });
     return true;
@@ -226,12 +267,16 @@ export async function startDaemon(): Promise<{
     const lockWaitMs = 10_000;
     const lockInterval = 200;
     let lockWaited = 0;
+    let lockAcquired = false;
     while (lockWaited < lockWaitMs) {
       await new Promise((r) => setTimeout(r, lockInterval));
       lockWaited += lockInterval;
-      if (acquireStartupLock()) break;
+      if (acquireStartupLock()) {
+        lockAcquired = true;
+        break;
+      }
     }
-    if (lockWaited >= lockWaitMs) {
+    if (!lockAcquired) {
       // Timed out waiting for the lock — re-check status in case the
       // other caller succeeded.
       const recheck = await getDaemonStatus();
@@ -358,6 +403,15 @@ export async function stopDaemon(): Promise<StopResult> {
     return { stopped: false, reason: 'not_running' };
   }
 
+  // Guard against stale PID reuse: if the PID has been recycled by the OS
+  // and now belongs to an unrelated process, clean up the PID file but
+  // never signal it.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up PID file only');
+    cleanupPidFile();
+    return { stopped: false, reason: 'not_running' };
+  }
+
   process.kill(pid, 'SIGTERM');
 
   const timeouts = readDaemonTimeouts();

package/src/daemon/handlers/config-channels.ts

@@ -2,6 +2,7 @@ import * as net from 'node:net';
 
 import type { ChannelId } from '../../channels/types.js';
 import * as externalConversationStore from '../../memory/external-conversation-store.js';
+import { findMember, revokeMember } from '../../memory/ingress-member-store.js';
 import {
   createVerificationChallenge,
   findActiveSession,
@@ -173,8 +174,25 @@ export function handleGuardianVerification(
       const result = getGuardianStatus(channel, assistantId);
       ctx.send(socket, { type: 'guardian_verification_response', ...result });
     } else if (msg.action === 'revoke') {
+      // Capture binding before revoking so we can revoke the guardian's
+      // ingress member record — without this, the guardian would still pass
+      // the ACL check after unbinding.
+      const bindingBeforeRevoke = getGuardianBinding(assistantId, channel);
       revokeGuardianBinding(assistantId, channel);
       revokePendingChallenges(assistantId, channel);
+
+      if (bindingBeforeRevoke) {
+        const member = findMember({
+          assistantId,
+          sourceChannel: channel,
+          externalUserId: bindingBeforeRevoke.guardianExternalUserId,
+          externalChatId: bindingBeforeRevoke.guardianDeliveryChatId,
+        });
+        if (member) {
+          revokeMember(member.id, 'guardian_binding_revoked');
+        }
+      }
+
       ctx.send(socket, {
         type: 'guardian_verification_response',
         success: true,

package/src/daemon/handlers/config-slack-channel.ts

@@ -1,6 +1,6 @@
 import { deleteSecureKey, getSecureKey, setSecureKey } from '../../security/secure-keys.js';
 import { deleteCredentialMetadata, getCredentialMetadata, upsertCredentialMetadata } from '../../tools/credentials/metadata-store.js';
-import { log } from './shared.js';
+import { log as _log } from './shared.js';
 
 // -- Result type --
 

package/src/daemon/handlers/identity.ts

@@ -6,6 +6,45 @@ import { fileURLToPath } from 'node:url';
 import { getWorkspacePromptPath, readLockfile } from '../../util/platform.js';
 import { defineHandlers, type HandlerContext,log } from './shared.js';
 
+export interface IdentityFields {
+  name: string;
+  role: string;
+  personality: string;
+  emoji: string;
+  home: string;
+}
+
+/** Parse the core identity fields from IDENTITY.md content. */
+export function parseIdentityFields(content: string): IdentityFields {
+  const fields: Record<string, string> = {};
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    const lower = trimmed.toLowerCase();
+    const extract = (prefix: string): string | null => {
+      if (!lower.startsWith(prefix)) return null;
+      return trimmed.split(':**').pop()?.trim() ?? null;
+    };
+
+    const name = extract('- **name:**');
+    if (name) { fields.name = name; continue; }
+    const role = extract('- **role:**');
+    if (role) { fields.role = role; continue; }
+    const personality = extract('- **personality:**') ?? extract('- **vibe:**');
+    if (personality) { fields.personality = personality; continue; }
+    const emoji = extract('- **emoji:**');
+    if (emoji) { fields.emoji = emoji; continue; }
+    const home = extract('- **home:**');
+    if (home) { fields.home = home; continue; }
+  }
+  return {
+    name: fields.name ?? '',
+    role: fields.role ?? '',
+    personality: fields.personality ?? '',
+    emoji: fields.emoji ?? '',
+    home: fields.home ?? '',
+  };
+}
+
 function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
   const identityPath = getWorkspacePromptPath('IDENTITY.md');
 
@@ -24,26 +63,7 @@ function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
 
   try {
     const content = readFileSync(identityPath, 'utf-8');
-    const fields: Record<string, string> = {};
-    for (const line of content.split('\n')) {
-      const trimmed = line.trim();
-      const lower = trimmed.toLowerCase();
-      const extract = (prefix: string): string | null => {
-        if (!lower.startsWith(prefix)) return null;
-        return trimmed.split(':**').pop()?.trim() ?? null;
-      };
-
-      const name = extract('- **name:**');
-      if (name) { fields.name = name; continue; }
-      const role = extract('- **role:**');
-      if (role) { fields.role = role; continue; }
-      const personality = extract('- **personality:**') ?? extract('- **vibe:**');
-      if (personality) { fields.personality = personality; continue; }
-      const emoji = extract('- **emoji:**');
-      if (emoji) { fields.emoji = emoji; continue; }
-      const home = extract('- **home:**');
-      if (home) { fields.home = home; continue; }
-    }
+    const fields = parseIdentityFields(content);
 
     // Read version from package.json
     let version: string | undefined;
@@ -90,11 +110,11 @@ function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
     ctx.send(socket, {
       type: 'identity_get_response',
       found: true,
-      name: fields.name ?? '',
-      role: fields.role ?? '',
-      personality: fields.personality ?? '',
-      emoji: fields.emoji ?? '',
-      home: fields.home ?? '',
+      name: fields.name,
+      role: fields.role,
+      personality: fields.personality,
+      emoji: fields.emoji,
+      home: fields.home,
       version,
       assistantId,
       createdAt,

package/src/daemon/handlers/sessions.ts

@@ -38,8 +38,8 @@ import { normalizeThreadType } from '../ipc-protocol.js';
 import { executeRecordingIntent } from '../recording-executor.js';
 import { resolveRecordingIntent } from '../recording-intent.js';
 import { classifyRecordingIntentFallback, containsRecordingKeywords } from '../recording-intent-fallback.js';
-import { resolveChannelCapabilities } from '../session-runtime-assembly.js';
 import { buildSessionErrorMessage,classifySessionError } from '../session-error.js';
+import { resolveChannelCapabilities } from '../session-runtime-assembly.js';
 import { generateVideoThumbnail } from '../video-thumbnail.js';
 import { handleRecordingPause, handleRecordingRestart, handleRecordingResume, handleRecordingStart, handleRecordingStop } from './recording.js';
 import {

package/src/daemon/handlers/skills.ts

@@ -4,7 +4,7 @@ import { join } from 'node:path';
 
 import { getConfig, invalidateConfigCache,loadRawConfig, saveRawConfig } from '../../config/loader.js';
 import { resolveSkillStates } from '../../config/skill-state.js';
-import { ensureSkillIcon,loadSkillBySelector, loadSkillCatalog } from '../../config/skills.js';
+import { ensureSkillIcon,loadSkillBySelector, loadSkillCatalog, type SkillSummary } from '../../config/skills.js';
 import { createTimeout,extractText, getConfiguredProvider, userMessage } from '../../providers/provider-send-message.js';
 import { clawhubCheckUpdates, clawhubInspect, clawhubInstall, clawhubSearch, type ClawhubSearchResultItem,clawhubUpdate } from '../../skills/clawhub.js';
 import { createManagedSkill,deleteManagedSkill, removeSkillsIndexEntry, validateManagedSkillId } from '../../skills/managed-store.js';
@@ -26,6 +26,48 @@ import type {
 } from '../ipc-protocol.js';
 import { CONFIG_RELOAD_DEBOUNCE_MS, defineHandlers, ensureSkillEntry, type HandlerContext,log } from './shared.js';
 
+// ─── Provenance resolution ──────────────────────────────────────────────────
+
+interface SkillProvenance {
+  kind: 'first-party' | 'third-party' | 'local';
+  provider?: string;
+  originId?: string;
+  sourceUrl?: string;
+}
+
+const CLAWHUB_BASE_URL = 'https://skills.sh';
+
+function resolveProvenance(summary: SkillSummary): SkillProvenance {
+  // Bundled skills are always first-party (shipped with Vellum)
+  if (summary.source === 'bundled') {
+    return { kind: 'first-party', provider: 'Vellum' };
+  }
+
+  // Managed skills could be either first-party (installed from Vellum catalog)
+  // or third-party (installed from clawhub). The homepage field serves as a
+  // heuristic: Vellum catalog skills don't typically have a clawhub homepage.
+  if (summary.source === 'managed') {
+    if (summary.homepage?.includes('skills.sh') || summary.homepage?.includes('clawhub')) {
+      return {
+        kind: 'third-party',
+        provider: 'skills.sh',
+        originId: summary.id,
+        sourceUrl: summary.homepage ?? `${CLAWHUB_BASE_URL}/skills/${encodeURIComponent(summary.id)}`,
+      };
+    }
+    // No positive evidence of origin -- could be user-authored or from Vellum catalog.
+    // Default to "local" to avoid mislabeling user-created skills as first-party.
+    return { kind: 'local' };
+  }
+
+  // Workspace and extra skills are user-provided
+  if (summary.source === 'workspace' || summary.source === 'extra') {
+    return { kind: 'local' };
+  }
+
+  return { kind: 'local' };
+}
+
 export function handleSkillsList(socket: net.Socket, ctx: HandlerContext): void {
   const config = getConfig();
   const catalog = loadSkillCatalog();
@@ -37,12 +79,13 @@ export function handleSkillsList(socket: net.Socket, ctx: HandlerContext): void
     description: r.summary.description,
     emoji: r.summary.emoji,
     homepage: r.summary.homepage,
-    source: r.summary.source as 'bundled' | 'managed' | 'workspace' | 'clawhub' | 'extra',
+    source: r.summary.source,
     state: (r.state === 'degraded' ? 'enabled' : r.state) as 'enabled' | 'disabled' | 'available',
     degraded: r.degraded,
     missingRequirements: r.missingRequirements,
     updateAvailable: false,
     userInvocable: r.summary.userInvocable,
+    provenance: resolveProvenance(r.summary),
   }));
 
   ctx.send(socket, { type: 'skills_list_response', skills });

package/src/daemon/ipc-contract/sessions.ts

@@ -213,7 +213,7 @@ export interface AssistantAttention {
 
 export interface SessionListResponse {
   type: 'session_list_response';
-  sessions: Array<{ id: string; title: string; createdAt: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention }>;
+  sessions: Array<{ id: string; title: string; createdAt?: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention }>;
   /** Whether more sessions exist beyond the returned page. */
   hasMore?: boolean;
 }

package/src/daemon/ipc-contract/skills.ts

@@ -95,6 +95,7 @@ export interface SkillsListResponse {
     updateAvailable: boolean;
     userInvocable: boolean;
     clawhub?: { author: string; stars: number; installs: number; reports: number; publishedAt: string };
+    provenance?: { kind: 'first-party' | 'third-party' | 'local'; provider?: string; originId?: string; sourceUrl?: string };
   }>;
 }
 

package/src/daemon/ipc-contract/workspace.ts

@@ -112,6 +112,16 @@ export interface ToolNamesListResponse {
   schemas?: Record<string, ToolInputSchema>;
 }
 
+/** Server push — broadcast when IDENTITY.md changes on disk. */
+export interface IdentityChanged {
+  type: 'identity_changed';
+  name: string;
+  role: string;
+  personality: string;
+  emoji: string;
+  home: string;
+}
+
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
 export type _WorkspaceClientMessages =
@@ -126,4 +136,5 @@ export type _WorkspaceServerMessages =
   | WorkspaceFileReadResponse
   | IdentityGetResponse
   | ToolPermissionSimulateResponse
-  | ToolNamesListResponse;
+  | ToolNamesListResponse
+  | IdentityChanged;

package/src/daemon/ipc-contract-inventory.json

@@ -248,6 +248,7 @@
     "heartbeat_runs_list_response",
     "history_response",
     "home_base_get_response",
+    "identity_changed",
     "identity_get_response",
     "ingress_config_response",
     "ingress_invite_response",

package/src/daemon/lifecycle.ts

@@ -17,6 +17,7 @@ import {
 } from '../config/env.js';
 import { loadConfig } from '../config/loader.js';
 import { ensurePromptFiles } from '../config/system-prompt.js';
+import { syncUpdateBulletinOnStartup } from '../config/update-bulletin.js';
 import { HeartbeatService } from '../heartbeat/heartbeat-service.js';
 import { getHookManager } from '../hooks/manager.js';
 import { installTemplates } from '../hooks/templates.js';
@@ -63,6 +64,7 @@ import { installShutdownHandlers } from './shutdown-handlers.js';
 // Re-export public API so existing consumers don't need to change imports
 export type { StopResult } from './daemon-control.js';
 export {
+  cleanupPidFile,
   ensureDaemonRunning,
   getDaemonStatus,
   isDaemonRunning,
@@ -139,6 +141,12 @@ export async function runDaemon(): Promise<void> {
     initializeDb();
     log.info('Daemon startup: DB initialized');
 
+    try {
+      syncUpdateBulletinOnStartup();
+    } catch (err) {
+      log.warn({ err }, 'Bulletin sync failed — continuing startup');
+    }
+
     // Recover orphaned work items that were left in 'running' state when the
     // daemon previously crashed or was killed mid-task.
     const orphanedRunning = listWorkItems({ status: 'running' });