rivet add creates AI artifacts with no provenance — the sanctioned creation path bypasses the provenance system (only Edit/Write tool edits get stamped)

[avrabe]

Friction (hit while dogfooding the hourly loop)

The AI-provenance system is wired to the editor, not to rivet's own mutation commands, so the recommended way to create an artifact produces an unstamped one.

What I tried (and what finally helped)

Filing REQ-202 in artifacts/requirements.yaml, I appended the YAML block with a heredoc (cat >> artifacts/requirements.yaml). rivet validate passed, but the new artifact had no provenance: block — the .claude/settings.json PostToolUse hook (rivet stamp all --created-by ai-assisted) only matches the Edit/Write tools, and a heredoc is a Bash invocation, so it never fired. What finally helped: manually running rivet stamp REQ-202 --created-by ai-assisted --model claude-opus-4-8 after the fact.

Root cause (verified in code)

cmd_add (rivet-cli/src/main.rs:14337) constructs the Artifact with provenance: None and writes it via mutate::* — it never stamps:

let artifact = Artifact {
    id: id.clone(),
    // ...
    provenance: None,   // <-- always None, even for AI-created artifacts
    source_file: None,
};

So all three creation paths an agent realistically uses leave provenance empty unless it remembers a follow-up rivet stamp:

Path	Triggers provenance hook?	Stamped?
Edit/Write tool on artifacts/**	yes (PostToolUse)	✅
cat >> / heredoc append (a Bash call)	no	❌
rivet add (the sanctioned CLI, also a Bash call; cmd_add sets provenance: None)	no	❌

The backwards part: the sanctioned creation tool (rivet add) is the one that produces no provenance, while ad-hoc raw editing happens to get stamped. For a project whose pitch is AI-artifact auditability, AI-created artifacts silently missing provenance is a correctness gap, not just ergonomics.

Suggested fix (additive, explicit — no env magic)

Give rivet add the same provenance flags as rivet stamp and stamp at creation when present:

rivet add -t requirement --title "..." --created-by ai-assisted --model claude-opus-4-8

• Add --created-by <ROLE> and --model <M> to rivet add; when set, populate the provenance block at creation (reuse the cmd_stamp logic).
• Keeps it explicit (no guessing from env), makes create+stamp atomic (one command, no forgotten follow-up), and gives agents a single sanctioned path that also sidesteps the heredoc-bypasses-hook problem.
• Optionally: rivet add could honor a RIVET_PROVENANCE_CREATED_BY env var so the .claude/settings.json/CI environment can set it once.

Filed as REQ-203 (draft) from the hourly dogfooding loop. Verified against cmd_add at a7dff71.

[avrabe]

Implemented in PR #477 (REQ-203). Both halves fixed: rivet add now takes --created-by/--model (with RIVET_PROVENANCE_CREATED_BY env fallback) and stamps at creation, and the add-path serializer (render_artifact_yaml) now emits the provenance: block — which it previously dropped, so the stamping alone would have been a silent no-op. Verified end-to-end on a fresh rivet init project (block written with flags, omitted without, env fallback works, invalid value errors, rivet validate PASS).