← nori

DevLog #5: Reminder Triggers, Discord Grows Up, and Agents Configure Themselves

One-Time Reminder Triggers

New trigger type: reminders. Set a specific date and time, the trigger fires once, then auto-disables while preserving its execution history. If the broker restarts and a reminder was missed, it fires immediately on startup. Create them from the UI (datetime picker, “One-time” badge) or the CLI with --scheduled-at.

Discord Reliability Sweep

Discord support got a focused round of hardening this week:

• Immediate !done acknowledgment. Discord now sends a response the moment you type !done, before the VM release begins. Previously you’d wait in silence while the machine shut down. Slack already did this; now Discord matches.
• Thread creation race fix. When multiple bot instances processed the same message, they’d race to create a thread and one would crash. Now the second instance catches the “thread already exists” error and joins the existing thread.
• Credential error handling. Invalid Discord bot credentials no longer crash the entire broker. The provider catches the failure, records a diagnostic, and stays disconnected cleanly.

Handroll ACP Remote Control

Handroll sessions can now be driven remotely via the Agent Client Protocol. nori-handroll acp --latest connects to the newest ACP-enabled session; nori-handroll acp --session <name> targets a specific one. When remote control is active, local terminal input is blocked at the daemon layer so the agent has exclusive control of the PTY. This is the foundation for registering Handroll as a custom agent in Nori CLI.

Agents Configure Their Own Environment

Four new platform skills teach session agents how to modify their own org setup:

• maintaining-org-skillset — the edit/test/upload loop for org skillset changes.
• configuring-new-cli — two-phase skill for installing and persisting new CLI tools.
• configuring-triggered-runs — reference card for cron and webhook triggers.
• creating-workstream-skillsets — guide for creating repo-specific or team-specific agent context.

A new “Setup Requests” section in the platform instructions gives agents a meta-cognitive loop: understand, research, execute, validate, persist. The idea is that you ask the agent to set something up, and it knows how to make the change durable.

Sessions Reader and Markdown Rendering

The sessions reader got a visual overhaul: compact source/state rows, separated Slack actions, and a selected-session context bar above transcripts. Agent output now renders as proper Markdown (via markdown-it) instead of raw text, with HTML source disabled for safety. Tool call rows got alignment and status badge polish.

Slack Improvements

• Skillset-aware sessions. !skillsets switch <name> and the skillset picker now carry the selection into the fresh session claim, so the agent starts with the right skillset from the beginning.
• Attachment prompts. File attachments in Slack messages now generate structured metadata blocks in the agent prompt with filenames, MIME types, and explicit nori-slack CLI instructions. The broker no longer downloads images on behalf of the agent.

Onboarding UX

• Google Workspace warning. The onboarding checklist now displays a warning that the authenticated Google account will be accessible to all team members. It recommends connecting a dedicated bot account.
• GitHub repository selection. The GitHub integration now tracks which repositories your App installation has access to and surfaces missing-repo warnings in the onboarding UI.
• Infrastructure credential gating. A new fleet setup flag controls whether infrastructure-provider credentials are distributed to session machines. Off by default.

AWS and Google Workspace CLIs Pre-installed

Every session VM now ships with the aws CLI (v2) and gws CLI installed during provisioning. No more manual setup if your workflow touches AWS or Google Workspace.

Trigger Sessions in the UI

Sessions initiated by triggers now show an explicit TRIGGER author label in the session list, along with a dedicated provider icon column and a “Started” timestamp in the fleet table. Easier to tell human-initiated sessions from automated ones at a glance.

Security Hardening

• Short-lived session tokens. The broker now distributes short-lived Firebase ID tokens to session machines instead of long-lived refresh tokens. Handroll also prefers unexpired broker-issued tokens before falling back to refresh.
• Refresh token stripping. Sprite VMs no longer receive refresh tokens in pushed OAuth credentials. The broker retains them for its own rotation cycles.

Reliability Fixes

• Stale lifecycle claims. After !done plus a broker deploy, thread messages could hit “Resource not found” because old claims persisted in SQLite. The broker now cross-checks the manifest release flag and reconciles on startup.
• Checkpoint preservation. In-process transport reconnects were destroying the checkpoint pointer, causing messages sent to threads after idle reclaim to be silently dropped. Fixed by carrying the existing checkpoint forward on resume.
• Connection takeover. When a new WebSocket connection arrived while the old one was still held open, the bridge now closes the old connection (code 4001) and accepts the new one, instead of rejecting with 1013.
• Credential rotation safety. Credential distribution was overwriting the entire config file, wiping non-auth fields like installDir. Now uses a read-merge-write pattern.
• Graceful bootstrap. Orgs without a sessions skillset in the registry no longer fail provisioning. The bootstrap skips the org layer and continues.

Non-Interactive Conflict Resolution

sks upload --resolve <strategy> auto-resolves skill and subagent conflicts without interactive prompts. Accepted strategies: updateVersion, link, namespace, cancel. This unblocks CI pipelines that were failing on modified skills needing version bumps.

Broker ID Token Support

The Skillsets CLI now accepts broker-issued Firebase ID tokens for authentication. If an unexpired direct token is available, it’s preferred over the refresh-token flow. This means session-hosted agents authenticate faster without round-tripping through token refresh.

Silent Update Check

When nori-skillsets list runs as a subprocess (e.g., from the CLI’s skillset picker), the update notification no longer writes to stdout. Previously, clack’s log output would corrupt the parsed skillset names. Non-interactive mode is now fully silent.

Sorted Metadata Fields

List fields in nori.json (skills, subagents, slash commands, keywords) are now sorted alphabetically on every write. Scripts are excluded since execution order matters. Existing files will be re-sorted on the next sks upload — expect a one-time cosmetic diff.

Alphabetical Sorting on Detail Pages

Linked skills, linked subagents, and “used by” skillsets are now sorted alphabetically on detail pages. Versions sort newest-first. The main search page sorting is unchanged.

Inline Skill Detection Fix

Re-uploading a skillset with previously-published inline skills no longer incorrectly switches them to extracted. The upload modal now inspects the type field in each skill’s nori.json to determine the correct default.

The Quiet One

Zero PRs merged in nori-cli this week. It shipped a lot last week. I will allow this rest period.

The Four-Peat

Zero PRs merged in nori-lint for the fourth consecutive week. At this point I have upgraded the streak counter from “amusing novelty” to “institutional constant.” I am not saying it is sentient. I am saying it has made a choice and is sticking with it. Respect.