cool-workflow 0.1.78 → 0.1.80

package/docs/launch/launch-kit.md

@@ -0,0 +1,172 @@
+# Launch Kit — Cool Workflow
+
+Copy for announcing CW. The through-line is the one thing no other agent-pipeline
+tool ships: **you can prove the telemetry, offline, with only a public key.**
+Everything leads with the 30-second `npx cool-workflow demo tamper` proof.
+
+---
+
+## ✅ FINAL — Show HN (copy-paste ready)
+
+**Pre-flight (do these first):**
+1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → swap it into the README hero (replace the fenced output block with the GIF).
+2. Confirm on a clean machine: `npx cool-workflow demo tamper` runs and prints `VERDICT: tamper-evidence holds ✓`.
+3. Post during US morning (HN traffic peak); reply to the first comment with the npm + provenance link.
+
+**Title** (exactly — HN strips most formatting):
+
+```
+Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)
+```
+
+**URL field:** `https://github.com/coo1white/cool-workflow`
+
+**First comment (paste right after posting):**
+
+```
+I kept seeing agent-orchestration tools treat the model's self-reported token
+usage and results as ground truth. For anything auditable that's backwards — a
+control-plane that trusts unverified self-reports audits claims, not facts, and a
+forged "green" run looks identical to a real one.
+
+Cool Workflow takes the opposite stance. It DELEGATES model execution to whatever
+agent you configure (claude -p, codex exec, an HTTP endpoint) and never embeds a
+model SDK or holds an API key. What it owns is the audit trail: each agent hop's
+reported usage is signed (ed25519) and appended to a hash-chained ledger, so
+editing any record — or even recomputing its local hash to cover the edit — breaks
+the chain downstream. You re-verify a finished run offline, with only the public
+key. No telemetry service to trust or breach.
+
+30-second proof, no install:
+
+  npx cool-workflow demo tamper
+
+It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
+hash; inflate reported tokens + reuse the signature), and shows both caught. On a
+real run, `cw telemetry verify <run>` does the same against what's on disk.
+
+Also: concurrent parallel() phases with declared collapse semantics (collect-all +
+kill-on-timeout — 16 agents with a forced hang/crash/dirty-return finish without
+deadlock and replay who-passed-who-failed), per-task output-schema gates, token
+budgets enforced against attested usage, and a one-way executor boundary welded
+into the type system (a callable that could reach a model API fails `npm run
+build`). Zero runtime deps, BSD-2, published to npm with provenance.
+
+It's early (v0.1.79) — I'd genuinely like to hear where the "delegate, prove,
+replay" model breaks down for your workflows.
+
+npm: https://www.npmjs.com/package/cool-workflow
+```
+
+---
+
+## One-liner
+
+> Cool Workflow is an auditable control-plane for multi-agent workflows. It
+> *delegates* model execution — never embeds it — and makes every recorded agent
+> telemetry verdict tamper-evident: anyone can re-verify a run offline with only a
+> public key.
+
+## Elevator (2 sentences)
+
+> Most agent-pipeline tools log what the model reported and trust it. CW signs and
+> hash-chains every telemetry verdict, so a forged or edited record fails
+> verification — provably, offline — which is what "auditable" has to mean before
+> you let agents touch production work.
+
+---
+
+## Show HN
+
+**Title:**
+`Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
+
+**Body:**
+
+> I kept seeing agent-orchestration tools treat the model's self-reported token
+> usage and results as ground truth. For anything auditable that's backwards — a
+> control-plane that trusts unverified self-reports audits *claims*, not facts, and
+> a forged "green" run looks identical to a real one.
+>
+> Cool Workflow is a small, zero-dependency CLI + MCP runtime that takes the
+> opposite stance. It **delegates** model execution to whatever agent you configure
+> (`claude -p`, `codex exec`, an HTTP endpoint) and never embeds a model SDK or
+> holds an API key. What it *does* own is the audit trail: each agent hop's reported
+> usage is signed (ed25519) and appended to a hash-chained ledger, so editing any
+> record — or even recomputing its local hash to cover the edit — breaks the chain
+> downstream. You can re-verify a finished run with only the public key, no network,
+> no trusted server.
+>
+> The 30-second proof, no install:
+>
+> ```
+> npx cool-workflow demo tamper
+> ```
+>
+> It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
+> hash; inflate reported tokens + reuse the signature), and shows both forgeries
+> caught offline. On a real run, `cw telemetry verify <run>` does the same against
+> what's on disk.
+>
+> Other things it does: concurrent `parallel()` phases with declared collapse
+> semantics (collect-all + kill-on-timeout — 16 agents with a forced hang/crash/
+> dirty-return finish without deadlock and replay "who passed/who failed"), per-task
+> output-schema gates, token budgets enforced against attested usage, and a one-way
+> executor boundary welded into the type system (a callable that could reach a model
+> API fails `npm run build`).
+>
+> Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.79) and I'd
+> genuinely like to hear where the "delegate, prove, replay" model breaks down for
+> your workflows.
+>
+> Repo: https://github.com/coo1white/cool-workflow
+> npm: https://www.npmjs.com/package/cool-workflow
+
+---
+
+## Short post / tweet thread
+
+1/ Your agent pipeline trusts what the model *says* it did. Cool Workflow proves
+it instead. `npx cool-workflow demo tamper` — 30s, no install:
+
+2/ It builds a real ed25519-signed telemetry ledger, forges it two ways, and
+catches both offline with only the public key. A control-plane that delegates
+model execution but can still prove the bill is real.
+
+3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
+outputs, token budgets vs *attested* usage, and a red line (never call a model
+API) enforced at compile time. Zero deps, BSD-2.
+→ https://github.com/coo1white/cool-workflow
+
+---
+
+## Why this matters (the wedge, for a longer post)
+
+- **Separation of duties.** CW never runs the model, yet can verify the executor's
+  reported usage. The thing that *spends the money* is not the thing that *keeps
+  the books* — the property auditors require everywhere except, so far, agent
+  infra.
+- **Offline, public-key verification.** No telemetry service to trust or breach.
+  The record proves its own integrity; the verifier needs only the public key.
+- **Replayable, not just logged.** CW breaks at dispatch and writes to disk, so a
+  run replays deterministically — "who passed / who failed" is reconstructable, not
+  a scrollback of a fused process.
+- **Fail-closed by default where it counts.** Schema mismatch parks the hop;
+  unverifiable usage can be refused (opt-in); an empty-capture result can't be
+  presented as a clean commit.
+
+## Assets to capture before posting
+
+- [ ] **Demo GIF** — reproducible, no manual screen-recording: `vhs
+      plugins/cool-workflow/docs/launch/demo.tape` → `docs/launch/demo-tamper.gif`,
+      then swap it into the README hero (replace the fenced output block). The
+      ✗ DETECTED lines are the hook.
+- [ ] Confirm `npx cool-workflow demo tamper` works from a clean machine (no clone).
+- [ ] Pin the npm version badge / release + provenance link in the first comment.
+
+## Channels
+
+Hacker News (Show HN), the MCP / agent-tooling communities, r/LocalLLaMA &
+r/MachineLearning (the offline-verification angle), and the npm listing itself
+(keywords already set). Lead every one with the demo command, not the feature
+list.

package/docs/launch/pre-launch-checklist.md

@@ -0,0 +1,53 @@
+# Pre-Launch Checklist — Cool Workflow Show HN
+
+Tick top to bottom; when it's done, post. The one non-negotiable gate is ③.
+Copy for the post itself lives in [launch-kit.md](launch-kit.md) (the **✅ FINAL**
+block).
+
+## ① Fix the machine (prerequisite)
+
+- [ ] **Reboot the Mac** — clears the leaked ptys (`kern.tty.ptmx_max` was 511 with
+      527 allocated), so Terminal / VS Code can spawn shells again. Required before
+      the verification below.
+
+## ② Prepare assets (optional, recommended)
+
+- [ ] Install [vhs](https://github.com/charmbracelet/vhs) (`brew install vhs`).
+- [ ] Record the GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` →
+      `docs/launch/demo-tamper.gif`.
+- [ ] Swap it into the README hero (replace the fenced demo output block with
+      `![demo](plugins/cool-workflow/docs/launch/demo-tamper.gif)`), commit + push.
+  > Shippable without the GIF — the README's text `✗ DETECTED` hook already stands;
+  > the GIF is upside, not a blocker.
+
+## ③ Verify — the make-or-break gate (do not skip)
+
+- [ ] On a **clean machine / fresh terminal**: `npx cool-workflow demo tamper`
+      prints `VERDICT: tamper-evidence holds ✓`.
+  > Every click from HN runs this. One crash wastes that traffic. This is the only
+  > non-negotiable check.
+- [ ] Sanity: `npx cool-workflow quickstart architecture-review --repo . --question "risks?"`
+      → `status: blocked` with no agent configured (fails closed, no crash).
+
+## ④ Post (US morning, ~9–11am ET is peak)
+
+- [ ] Open the **✅ FINAL** block in [launch-kit.md](launch-kit.md).
+- [ ] HN title: `Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
+- [ ] URL field: `https://github.com/coo1white/cool-workflow`
+- [ ] Immediately after posting, paste the FINAL "first comment" as the first reply.
+
+## ⑤ First hour (decides the outcome)
+
+- [ ] Watch and reply fast — early engagement weighs most on HN.
+- [ ] On the "single key holder / no second party" critique (the audit flagged it
+      too): concede it honestly and frame it as exactly why you're looking for early
+      integration partners. **Turn the critique into an invitation; don't argue.**
+- [ ] No vote-rigging, no asking friends to upvote, no deleting critical comments —
+      HN's anti-abuse will sink the post.
+
+---
+
+### Go / no-go
+
+> If **③ — `npx cool-workflow demo tamper` prints `✓` on a clean machine** — passes,
+> you can post. Everything else is upside.

package/docs/multi-agent-cli-mcp-surface.7.md

@@ -263,3 +263,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/multi-agent-eval-replay-harness.7.md

@@ -300,3 +300,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/multi-agent-operator-ux.7.md

@@ -312,3 +312,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/node-snapshot-diff-replay.7.md

@@ -133,3 +133,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/observability-cost-accounting.7.md

@@ -192,3 +192,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/project-index.md

@@ -1,15 +1,15 @@
 # Cool Workflow Project Index
 
-Generated from the current repository code on 2026-06-11 by `npm run sync:project-index`.
+Generated from the current repository code on 2026-06-13 by `npm run sync:project-index`.
 
 ## Snapshot
 
 - Package: `cool-workflow`
-- Version: `0.1.78`
-- Source modules: `57`
-- Workflow apps: `6`
-- Docs: `46`
-- Smoke tests: `68`
+- Version: `0.1.80`
+- Source modules: `58`
+- Workflow apps: `7`
+- Docs: `47`
+- Smoke tests: `75`
 - Repository: https://github.com/coo1white/cool-workflow
 
 ## Architecture
@@ -105,6 +105,7 @@ multi-agent host -> topology -> blackboard/coordinator
 - [state-explosion.ts](../src/state-explosion.ts)
 - [state-migrations.ts](../src/state-migrations.ts)
 - [telemetry-attestation.ts](../src/telemetry-attestation.ts)
+- [telemetry-demo.ts](../src/telemetry-demo.ts)
 - [telemetry-ledger.ts](../src/telemetry-ledger.ts)
 - [verifier-registry.ts](../src/verifier-registry.ts)
 - [workbench-host.ts](../src/workbench-host.ts)
@@ -115,6 +116,7 @@ multi-agent host -> topology -> blackboard/coordinator
 | App | Type | Inputs | Sandbox | Source |
 | --- | --- | --- | --- | --- |
 | `architecture-review` - Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict. | canonical | `repo`, `question`, `invariant`, `focus` | `readonly` | [manifest](../apps/architecture-review/app.json) / [workflow](../apps/architecture-review/workflow.js) |
+| `architecture-review-fast` - Run a shorter architecture review with parallel map and assess phases for faster first results. | canonical | `repo`, `question`, `invariant`, `focus`, `sourceContext`, `sourceContextDigest` | `readonly` | [manifest](../apps/architecture-review-fast/app.json) / [workflow](../apps/architecture-review-fast/workflow.js) |
 | `end-to-end-golden-path` - Deterministic one-worker workflow app for proving the CW integration chain. | userland | `question` | `readonly` | [manifest](../apps/end-to-end-golden-path/app.json) / [workflow](../apps/end-to-end-golden-path/workflow.js) |
 | `pr-review-fix-ci` - Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence. | canonical | `repo`, `pr`, `branch`, `base`, `ci`, `mode` | `readonly`, `workspace-write` | [manifest](../apps/pr-review-fix-ci/app.json) / [workflow](../apps/pr-review-fix-ci/workflow.js) |
 | `release-cut` - Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification. | canonical | `repo`, `version`, `previousVersion`, `releaseBranch`, `dryRun` | `readonly`, `workspace-write` | [manifest](../apps/release-cut/app.json) / [workflow](../apps/release-cut/workflow.js) |
@@ -161,6 +163,7 @@ multi-agent host -> topology -> blackboard/coordinator
 - [SANDBOX-PROFILES(7)](sandbox-profiles.7.md)
 - [Scheduled Tasks](scheduled-tasks.md)
 - [Security / Trust Hardening](security-trust-hardening.7.md)
+- [Source Context Profiles](source-context-profiles.7.md)
 - [State Explosion Management](state-explosion-management.7.md)
 - [STATE-NODE(7)](state-node.7.md)
 - [Team Collaboration](team-collaboration.7.md)
@@ -175,6 +178,8 @@ multi-agent host -> topology -> blackboard/coordinator
 Smoke tests mirror the public contracts. The high-signal suites are:
 
 - [agent-delegation-drive-smoke.js](../test/agent-delegation-drive-smoke.js)
+- [architecture-review-fast-automation-smoke.js](../test/architecture-review-fast-automation-smoke.js)
+- [architecture-review-fast-smoke.js](../test/architecture-review-fast-smoke.js)
 - [artifact-integrity-smoke.js](../test/artifact-integrity-smoke.js)
 - [backend-registry-smoke.js](../test/backend-registry-smoke.js)
 - [block-unapproved-tag-smoke.js](../test/block-unapproved-tag-smoke.js)
@@ -221,15 +226,20 @@ Smoke tests mirror the public contracts. The high-signal suites are:
 - [result-normalize-smoke.js](../test/result-normalize-smoke.js)
 - [robustness-hardening-smoke.js](../test/robustness-hardening-smoke.js)
 - [run-export-import-smoke.js](../test/run-export-import-smoke.js)
+- [run-export-restore-rerun-smoke.js](../test/run-export-restore-rerun-smoke.js)
+- [run-export-restore-resume-smoke.js](../test/run-export-restore-resume-smoke.js)
 - [run-fixture-compat-smoke.js](../test/run-fixture-compat-smoke.js)
 - [run-registry-control-plane-smoke.js](../test/run-registry-control-plane-smoke.js)
 - [run-retention-reclamation-smoke.js](../test/run-retention-reclamation-smoke.js)
 - [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
+- [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
 - [schema-validation-smoke.js](../test/schema-validation-smoke.js)
 - [security-trust-hardening-smoke.js](../test/security-trust-hardening-smoke.js)
 - [self-audit-hardening-smoke.js](../test/self-audit-hardening-smoke.js)
+- [source-context-profile-smoke.js](../test/source-context-profile-smoke.js)
 - [state-explosion-management-smoke.js](../test/state-explosion-management-smoke.js)
 - [state-node-smoke.js](../test/state-node-smoke.js)
+- [tamper-evidence-demo-smoke.js](../test/tamper-evidence-demo-smoke.js)
 - [team-collaboration-smoke.js](../test/team-collaboration-smoke.js)
 - [telemetry-attest-wrap-smoke.js](../test/telemetry-attest-wrap-smoke.js)
 - [telemetry-attestation-smoke.js](../test/telemetry-attestation-smoke.js)

package/docs/real-execution-backends.7.md

@@ -140,3 +140,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/release-and-migration.7.md

@@ -278,3 +278,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/release-tooling.7.md

@@ -157,3 +157,9 @@ also get generated MCP manifests (`.gemini-plugin/`, `.opencode-plugin/`) so the
 0.1.76
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/routines.md

@@ -41,6 +41,29 @@ Inspect events:
 node scripts/cw.js routine events
 ```
 
+## Long Architecture Reviews
+
+Use `architecture-review-fast` for the foreground user path, then schedule the
+full `architecture-review` app as background work when a deep audit should not
+block an interactive session:
+
+```bash
+node scripts/architecture-review-fast.js \
+  --repo /path/to/repo \
+  --question "Is this architecture sound?" \
+  --metrics \
+  --schedule-full
+```
+
+The wrapper creates a one-shot reminder schedule whose `workflowId` is
+`architecture-review`. The schedule prompt is policy. CW stores the schedule and
+records due events; the external agent host decides how to run the long review.
+The prompt includes the foreground fast run id, fast report path, source-context
+digest/profile, and asks the background agent to return the full review report
+path and digest.
+The `--metrics` flag is optional and reports foreground elapsed time plus
+agent-spawn and result-cache-hit counts for the fast run.
+
 ## Boundary
 
 CW v0.1.1 does not provide managed cloud infrastructure. It provides a local

package/docs/run-registry-control-plane.7.md

@@ -49,6 +49,13 @@ own `sourceFingerprint`, the covered `repos`, the `queue`, and lifecycle
 a `nextAction`. Every read re-derives records from source; the persisted index is
 only compared against, never trusted as the live status.
 
+During one index build, repo-level overlays (`archive.json` and
+`provenance.json`) are read once per repo and passed as an in-memory scan
+snapshot to each run record. This is a short-lived mechanism, not a persistent
+cache: the next registry command re-reads source state and overlays from disk, so
+freshness, fail-closed behavior, and output shape stay unchanged while large
+repos avoid repeated identical overlay reads.
+
 ## Lifecycle state machine
 
 Lifecycle is CLASSIFIED from existing state, never invented. `deriveLifecycle`
@@ -136,6 +143,32 @@ in the repo's `registry/provenance.json`. The original failed run is PRESERVED
 for audit — the past is never overwritten. Rerunning a rerun increments
 `generation` and keeps `originRunId` pinned to the chain root.
 
+## Portable export, import, and restore verification
+
+`run export <run-id> --output PATH` writes a portable JSON archive for a run. The
+archive includes the run state plus run-local files, committed artifacts, audit
+overlays, telemetry ledger files, per-file sha256 digests, file sizes, and a
+manifest digest. External repo-local artifact paths referenced by the run are
+copied into the archive under `external-artifacts/` and recorded with their
+original `sourcePath`; the source run is never mutated.
+
+`run import PATH --target DIR` restores the archive under
+`DIR/.cw/runs/<run-id>/`, rebases paths to the target repo, writes an
+`import-manifest.json`, refreshes the target repo registry, and immediately runs
+the same verification used by `run verify-import`. Restored partial runs can be
+resumed from the target repo; restored failed runs remain discoverable from the
+home registry and can be rerun as new linked runs. The import does not alter the
+source repository or the source run.
+
+`run verify-import <run-id> [--cwd DIR]` re-reads the restore manifest, recomputes
+every restored file digest, checks the manifest digest, and verifies the
+telemetry ledger when one was restored. Missing manifests, digest mismatches,
+path escapes, unsupported archive schemas, unreadable files, or telemetry-chain
+failures return explicit failed checks instead of a fabricated success.
+
+MCP exposes the same mechanisms as `cw_run_export`, `cw_run_import`, and
+`cw_run_verify_import`; the CLI and MCP paths share the same runtime functions.
+
 ## Cross-repo history
 
 `history` reads a unified timeline of runs across all registered repos
@@ -155,6 +188,9 @@ node scripts/cw.js run resume <run-id> [--limit N] [--json]
 node scripts/cw.js run archive <run-id> [--reason TEXT] [--unarchive]
 node scripts/cw.js run archive --older-than-days N [--state completed --state failed]
 node scripts/cw.js run rerun <run-id> [--reason TEXT]
+node scripts/cw.js run export <run-id> --output PATH
+node scripts/cw.js run import PATH --target DIR
+node scripts/cw.js run verify-import <run-id> [--cwd DIR]
 node scripts/cw.js queue add [--app ID|--workflow ID|--runId ID] [--repo PATH] [--priority N] [--note TEXT]
 node scripts/cw.js queue list [--status STATE] [--repo PATH] [--json]
 node scripts/cw.js queue show <queue-id>
@@ -174,7 +210,8 @@ passes `npm run parity:check`:
 
 - `cw_registry_refresh`, `cw_registry_show`
 - `cw_run_search`, `cw_run_list`, `cw_run_show`, `cw_run_resume`,
-  `cw_run_archive`, `cw_run_rerun`
+  `cw_run_archive`, `cw_run_rerun`, `cw_run_export`, `cw_run_import`,
+  `cw_run_verify_import`
 - `cw_queue_add`, `cw_queue_list`, `cw_queue_drain`, `cw_queue_show`
 - `cw_history`
 
@@ -310,3 +347,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/run-retention-reclamation.7.md

@@ -189,3 +189,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/source-context-profiles.7.md

@@ -0,0 +1,119 @@
+# Source Context Profiles
+
+CW keeps source-context slimming out of the runtime kernel. The profile is policy
+data in `manifest/source-context-profiles.json`; `scripts/source-context.js` is a
+small mechanism that reads a git ref and writes JSONL to stdout.
+
+## Core Profile
+
+The default `core` profile is the project memory for AI source imports. It keeps
+runtime source and app/userland entrypoints, and leaves generated artifacts,
+tests, docs, release records, and long logs as manifest-only records.
+
+Included:
+
+- `plugins/cool-workflow/src/**`
+- `plugins/cool-workflow/apps/**`
+- `plugins/cool-workflow/package.json`
+- `plugins/cool-workflow/tsconfig.json`
+- `plugins/cool-workflow/scripts/cw.js`
+- `plugins/cool-workflow/scripts/mcp-server.js`
+- `plugins/cool-workflow/scripts/agents/**`
+
+Excluded from exported content:
+
+- `plugins/cool-workflow/dist/**`
+- `plugins/cool-workflow/test/**`
+- `plugins/cool-workflow/docs/**`
+- `docs/assets/**`
+- `.cw-release/**`
+- `CHANGELOG.md`
+- `ITERATION_LOG.md`
+
+Exclusion does not delete files and does not change release behavior. `dist/`
+remains a committed release artifact until the release contract is explicitly
+changed.
+
+## Narrow Profiles
+
+Use a narrower opt-in profile when the question is already scoped:
+
+- `runtime`: the full `src/**` runtime kernel plus package and TypeScript
+  metadata.
+- `mcp`: capability core/registry, CLI routing, MCP server, MCP launcher scripts,
+  and shared types.
+- `workflow-apps`: canonical apps plus the Workflow App framework and app
+  planning/orchestration surface.
+- `release`: release flow, gates, manifest/version tooling, package metadata, and
+  release-tooling docs.
+- `agent-wrappers`: external agent wrappers, agent config, execution backend,
+  drive loop, and agent-delegation docs.
+
+The narrow profiles are policy data only. Selecting one changes only the JSONL
+context pack; it does not change runtime behavior, release contents, or the
+default `core` profile.
+
+## Commands
+
+```bash
+node scripts/source-context.js profiles
+node scripts/source-context.js manifest --profile core --ref HEAD --repo-root /path/to/repo > manifest.jsonl
+node scripts/source-context.js export --profile core --ref HEAD --repo-root /path/to/repo > core-source.jsonl
+node scripts/source-context.js export --profile mcp --ref HEAD --repo-root /path/to/repo > mcp-source.jsonl
+node scripts/source-context.js export --profile mcp --changed-from origin/main --ref HEAD --repo-root /path/to/repo > mcp-changed.jsonl
+node scripts/source-context.js export --profile core --ref HEAD --repo-root /path/to/repo --cache-dir .cw/cache/source-context > core-source.jsonl
+```
+
+`manifest` emits one JSON object per tracked file at the selected ref:
+
+```json
+{"path":"plugins/cool-workflow/src/state.ts","included":true,"reason":"included:plugins/cool-workflow/src/**","sha256":"..."}
+```
+
+`export` emits only included text files and adds `content`. Both commands use
+stdout for JSONL data only. Diagnostics and refusal messages go to stderr.
+
+`--changed-from REF` is opt-in diff-aware mode. It filters `manifest` and
+`export` to paths changed between the resolved base commit and `--ref`, then
+applies the selected profile include/exclude rules. Deleted files are omitted
+because there is no blob at the target ref. Records include `changedFrom` with
+the resolved base commit. Empty diffs are valid and emit empty JSONL.
+
+`export --cache-dir DIR` is opt-in. The cache key is the resolved git commit SHA
+plus a digest of the selected source profile, so changing either the ref or the
+include/exclude policy produces a different JSONL cache file. Cache hits write the
+same JSONL bytes to stdout and stay silent on stderr. Corrupt or mismatched cache
+records fail closed instead of falling back silently. Diff-aware exports include
+the resolved `--changed-from` commit in the cache key, so full and changed exports
+do not share cache files.
+
+`--repo-root DIR` is also opt-in; when omitted, the script keeps its historical
+default and reads the Cool Workflow repository root.
+
+## Verification
+
+The smoke test checks that:
+
+- the profile includes and excludes exactly the remembered paths;
+- `dist/`, tests, docs, release records, and long logs are manifest-only;
+- exported records are parseable JSONL with content and sha256;
+- narrow profiles are slimmer than `core` and include/exclude their intended
+  surfaces;
+- `--changed-from` emits only changed current-ref files, still honors excludes,
+  and caches separately from full exports;
+- cached exports are byte-identical to uncached exports and corrupt cache hits
+  fail closed;
+- the `core` profile stays under its `maxLines` guard.
+
+Run:
+
+```bash
+node test/source-context-profile-smoke.js
+```
+
+## FreeBSD Discipline
+
+This feature is opt-in and does not alter existing CLI output. It is mechanism,
+not policy: profile selection lives in data, and vendor prompt/stream behavior
+stays in wrappers. It fails closed on invalid profiles, unknown refs, binary
+included files, and line-count drift past the configured guard.

package/docs/state-explosion-management.7.md

@@ -45,6 +45,13 @@ Summaries are written under `.cw/runs/<run-id>/summaries/` as plain JSON. Raw
 blackboard messages, graph nodes, graph edges, audit events, evidence refs, and
 eval artifacts are never deleted or overwritten.
 
+Within a single summary build, CW shares the derived full operator graph,
+operator status, blackboard digest, state-size record, and graph view records
+through a short-lived in-memory context. This avoids rebuilding the same graph
+for `summary refresh`, `summary show`, and the top-level state-explosion report.
+It is not a daemon or persistent cache: the next command re-reads run state from
+disk, recomputes source fingerprints, and still fails closed on stale summaries.
+
 ## Blackboard summarization
 
 `blackboard summarize <run-id>` (MCP: `cw_blackboard_summarize`) returns a
@@ -262,3 +269,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.

package/docs/team-collaboration.7.md

@@ -205,3 +205,9 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 0.1.77
 
 0.1.78
+
+0.1.79
+
+## Fast Architecture Review (v0.1.80)
+
+Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.