cool-workflow 0.1.78

package/docs/control-plane-scheduling.7.md

@@ -0,0 +1,110 @@
+# Control-Plane Scheduling
+
+CW v0.1.37 adds Control-Plane Scheduling: a scheduling-policy layer over the
+v0.1.28 Run Registry queue. Before v0.1.37 the queue had ORDER (priority,
+`enqueuedAt`) but no policy — nothing limited how many runs were in flight, nothing
+retried a transient failure with backoff, and nothing bounded retries
+(`queue drain` would re-hand the same failing entry forever). v0.1.37 layers
+policy-as-data over the existing queue (no queue file duplicated): priority +
+readiness selection, a hard concurrency ceiling, leases, retry with computed
+backoff, and a fail-closed park state. The verbs use a distinct `sched` namespace,
+separate from the unrelated wall-clock `schedule` (loop/cron) scheduler.
+
+The core (`src/scheduling.ts`) is pure and deterministic — every function takes an
+injected `now`; "CW records readiness/order/leases, the host still executes the
+workers."
+
+## Policy as data
+
+`SchedulingPolicy` is a plain, diffable file under `$CW_HOME/registry/
+scheduling-policy.json`, defaulting to conservative fail-closed values when
+absent: `maxConcurrent 1`, `maxAttempts 3`, `leaseTtlMs 300000`, backoff
+`baseMs 1000 * factor 2 ^ (attempts-1)` capped at `60000` (no jitter).
+
+```text
+sched policy show [--json]
+sched policy set --maxConcurrent N --maxAttempts N --leaseTtlMs N --backoffBaseMs N --backoffFactor N --backoffCapMs N
+```
+
+## The lease lifecycle
+
+```text
+ready --lease--> leased --complete--> drained
+   ^               |  \--release(failed)/expire--> ready (+backoff) | parked
+   |__reset________/
+```
+
+- **`sched plan`** — READ-ONLY: the would-be lease plan for the current
+  queue+policy+now, deterministic and replayable, without mutating. Payload-
+  identical across CLI and MCP.
+- **`sched lease`** — claim eligible entries (priority order via `compareQueue`,
+  skipping anything not yet eligible / parked / leased) as `leased` with a
+  `leaseId` and `leaseExpiresAt`. The **concurrency ceiling is a hard limit** —
+  leasing stops at `maxConcurrent`; over-limit entries stay `ready`.
+- **`sched complete <leaseId>`** — terminal success (`drained`).
+- **`sched release <leaseId> [--failed]`** — failed releases count an attempt
+  (retry/backoff or park); a clean release returns the entry to `ready`.
+- **`sched reclaim`** — an EXPIRED lease (the host died) is reclaimable and counts
+  one failed attempt — recorded, not silently reset.
+- **`sched reset <id>`** — operator recovery: a parked entry back to `ready`.
+
+## Fail closed
+
+- **Concurrency is a hard ceiling** — never exceeded; `sched plan`/`lease` stop at
+  `maxConcurrent` in-flight leases.
+- **Park past budget** — when `attempts >= maxAttempts` the entry becomes `parked`
+  with a `parkedReason` and is NEVER re-selected. `sched reset` is the only way
+  back. The queue can never re-hand a failing entry forever.
+- **Backoff is deterministic** — a pure curve, no randomness; a retried entry sets
+  `nextEligibleAt` and is skipped until then.
+
+## Compatibility
+
+Additive: `RunQueueEntry` gains optional `attempts`/`leaseId`/`leaseExpiresAt`/
+`nextEligibleAt`/`parkedReason` and two statuses (`leased`/`parked`); a pre-0.1.37
+`queue.json` loads unchanged (no scheduling fields = a plain ordered queue). The
+existing `queue add|list|drain|show` verbs are unchanged. No new database, no
+daemon-owned state.
+
+## See Also
+
+run-registry-control-plane(7), cli-mcp-parity(7), release-and-migration(7)
+
+## Agent Delegation Drive (v0.1.38)
+
+spawn an external agent process per worker, capture result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
+
+## Run Retention & Provable Reclamation (v0.1.39)
+
+tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the reconstructable bulk, prove it
+
+## Durable State & Locking (v0.1.40)
+
+atomic temp->rename writes + fsync-durability for authoritative stores; portable stale-stealing file lock serializing the cross-process read-modify-write stores
+
+## Self-Audit Hardening & Pure-Router Decomposition (v0.1.41)
+
+evidence grounding + durable audit append + symlink-hardened containment + deterministic worker ids + recursive redaction; BackendRegistry self-describing drivers (no per-id switches); orchestrator god-object decomposed into per-domain operation modules (pure loadRun->delegate router)
+
+## Robust Result Ingest (v0.1.42)
+
+capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
+
+## No-False-Green Gate & Launch Prep (v0.1.43)
+
+Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
+
+## Release-Gate Determinism & Agents Vendor (v0.1.44)
+
+Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
+
+## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
+
+Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.46), vendor-adapter registry (v0.1.47), state auto-compaction and P2 fixes (v0.1.48), plus CI content-surface determinism hardening (v0.1.49).
+0.1.51
+
+0.1.76
+
+0.1.77
+
+0.1.78

package/docs/coordinator-blackboard.7.md

@@ -0,0 +1,183 @@
+# Coordinator / Blackboard
+
+CW v0.1.18 adds the Coordinator / Blackboard layer. Multi-Agent Runtime Core is
+the process table; the blackboard is the shared coordination filesystem.
+
+CW v0.1.25 adds `blackboard summarize <run-id>` (MCP: `cw_blackboard_summarize`),
+a deterministic blackboard digest with topic rollups, thread summaries,
+unresolved questions, conflicts, decisions, artifacts, adopted and missing
+evidence, policy violations, judge rationale, recent changes, and high-signal
+records. The digest is a derived userland index: it preserves links back to
+source messages, contexts, artifacts, snapshots, coordinator decisions, and
+audit events, and never deletes raw records. See
+[state-explosion-management.7.md](state-explosion-management.7.md).
+
+This release defines stable primitives for shared context, messages, artifact
+indexing, snapshots, and coordinator decisions. It does not implement debate,
+judge, map-reduce, swarm, committee, or synthesis topologies yet. Those
+topologies should consume this substrate later.
+
+## State Model
+
+Blackboard state lives in run state:
+
+```text
+.cw/runs/<run-id>/state.json
+  blackboard:
+    schemaVersion: 1
+    boards: []
+    topics: []
+    messages: []
+    contexts: []
+    artifacts: []
+    snapshots: []
+    decisions: []
+```
+
+Runtime objects are:
+
+- `Blackboard`
+- `BlackboardTopic`
+- `BlackboardMessage`
+- `BlackboardContext`
+- `BlackboardArtifactRef`
+- `BlackboardSnapshot`
+- `CoordinatorDecision`
+
+Every record carries schema version, stable id, timestamps, author/source,
+scope, status, parent references, tags, metadata, and links back to workflow,
+multi-agent, worker, task, candidate, verifier, commit, audit, and evidence
+records where applicable.
+
+## Storage Layout
+
+CW mirrors blackboard state to durable local files:
+
+```text
+.cw/runs/<run-id>/blackboard/
+  index.json
+  messages.jsonl
+  topics/<topic-id>.json
+  contexts/<context-id>.json
+  artifacts/<artifact-ref-id>.json
+  snapshots/<snapshot-id>.json
+  decisions/<decision-id>.json
+```
+
+`messages.jsonl` is append-friendly. `index.json` is regenerated
+deterministically from run state. CW does not store secrets or raw environment
+values in blackboard metadata.
+
+## Context Semantics
+
+Shared context supports:
+
+- `fact`
+- `constraint`
+- `assumption`
+- `question`
+- `decision`
+
+Context updates do not silently overwrite older records. If a new update has
+the same topic, kind, and key as an active context record but a different value,
+CW marks the records `conflicting` and records a `CoordinatorDecision`.
+
+Use `--supersedes <context-id>` to intentionally replace older context. The
+older record is marked `superseded`, and the new record links to it.
+
+## Artifact Index
+
+`BlackboardArtifactRef` indexes worker outputs, logs, result files, evidence
+locators, generated artifacts, reports, commit snapshots, and external paths.
+
+Artifact refs include kind, path or locator, owner, source, provenance,
+evidence refs, checksum when the path is a readable file, and trust audit links.
+Existing `StateArtifact` records remain valid; blackboard refs bridge them into
+shared coordination state instead of replacing them.
+
+## Multi-Agent Integration
+
+`MultiAgentRun`, groups, roles, memberships, fanout, and fanin can link to a
+blackboard id and topic ids. Worker manifests for blackboard-enabled work
+include:
+
+```json
+{
+  "blackboard": {
+    "id": "bb-release",
+    "topicIds": ["release-evidence"],
+    "indexPath": ".cw/runs/<run-id>/blackboard/index.json",
+    "messagesPath": ".cw/runs/<run-id>/blackboard/messages.jsonl"
+  }
+}
+```
+
+Accepted worker output can publish result summaries and artifacts into the
+blackboard. Fanin can require indexed blackboard evidence and fails closed when
+required role memberships have no blackboard message or artifact refs.
+
+## CLI
+
+```bash
+node scripts/cw.js blackboard summary <run-id>
+node scripts/cw.js blackboard graph <run-id>
+node scripts/cw.js blackboard resolve <run-id> --id bb --title "Shared state"
+node scripts/cw.js blackboard topic create <run-id> --id topic --title "Synthesis"
+node scripts/cw.js blackboard message post <run-id> --topic topic --body "..."
+node scripts/cw.js blackboard message list <run-id> [--topic topic]
+node scripts/cw.js blackboard context put <run-id> --topic topic --kind fact --key k --value v
+node scripts/cw.js blackboard artifact add <run-id> --topic topic --path result.md --kind worker-result
+node scripts/cw.js blackboard artifact list <run-id>
+node scripts/cw.js blackboard snapshot <run-id>
+node scripts/cw.js coordinator summary <run-id>
+node scripts/cw.js coordinator decision <run-id> --kind conflict-resolution --outcome accepted --reason "..."
+```
+
+The CLI is JSON-friendly by default for focused blackboard and coordinator
+commands.
+
+## MCP Parity
+
+MCP exposes matching tools:
+
+```text
+cw_blackboard_summary
+cw_blackboard_graph
+cw_blackboard_resolve
+cw_blackboard_topic_create
+cw_blackboard_message_post
+cw_blackboard_message_list
+cw_blackboard_context_put
+cw_blackboard_artifact_add
+cw_blackboard_artifact_list
+cw_blackboard_snapshot
+cw_coordinator_summary
+cw_coordinator_decision
+```
+
+There is no intentional CLI-only behavior for core blackboard operations.
+
+## Operator UX
+
+`status`, `report --show`, and graph output include a Blackboard / Coordinator
+panel. It shows topics, message counts, open questions, conflicts, missing
+evidence, artifact counts, snapshot paths, ready-for-fanin state, and next
+recommended action.
+
+Use:
+
+```bash
+node scripts/cw.js status <run-id>
+node scripts/cw.js graph <run-id>
+node scripts/cw.js report <run-id> --show
+node scripts/cw.js audit summary <run-id>
+node scripts/cw.js audit provenance <run-id>
+```
+
+## Migration
+
+Older v0.1.17 and earlier runs normalize with empty blackboard state and a
+`.cw/runs/<run-id>/blackboard/` path. Unknown user data is preserved.
+
+Newer unsupported run-state schemas still fail closed.
+0.1.51

package/docs/dogfood/architecture-review-cool-workflow.md

@@ -0,0 +1,16 @@
+# Dogfood: architecture-review --drive on cool-workflow (CW v0.1.77)
+
+Maintainer-run live proof (OUT of CI): a real external agent drove the whole
+architecture-review workflow end-to-end with zero hand-written result.md. The
+model ran in the agent's process; CW spawned it and recorded the attested
+output. CW holds no API key and imports no model SDK.
+
+- Date: 2026-06-11
+- Run: architecture-review-20260611T014521Z-gfdd5v
+- Status: complete
+- Workers driven: 14/14 (zero hand-written result.md)
+- Agent-reported model(s): claude-opus-4-8[1m] — sourced solely from the agent's own report, never CW_AGENT_MODEL
+- Agent-reported usage: 14/14 workers reported tokens (38069 in / 168789 out)
+- agent-delegation audit events: 14
+- Commit: state-20260611T022527Z-c0mj4v
+- Agent template: scripts/agents/claude-p-agent.js (read-only claude; the wrapper persists result.md and forwards model+usage)

package/docs/dogfood-one-real-repo.7.md

@@ -0,0 +1,168 @@
+# Dogfood One Real Repo
+
+CW v0.1.16 proves the release workflow against the real Cool Workflow
+repository. The proof uses the canonical `release-cut` app, records isolated
+worker outputs, scores a release candidate, selects it only with verifier
+evidence, creates a verifier-gated CW state commit, and renders trust audit
+provenance.
+
+## Dry-Run Command
+
+From the package directory:
+
+```bash
+cd plugins/cool-workflow
+npm run dogfood:release
+```
+
+The command targets the repository two directories above the package, uses
+`release-cut`, sets `version=0.1.18`, `previousVersion=0.1.17`, the current git
+branch, and `dryRun=true`. It writes a machine-readable summary to:
+
+```text
+.cw/runs/<run-id>/dogfood-summary.json
+```
+
+The summary includes the run id, report path, audit summary path, provenance
+counts, worker ids, candidate id, score id, selection id, commit or checkpoint
+id, command log paths, and the release verdict.
+
+## Real Evidence
+
+The full dry-run collects real repository evidence from:
+
+```bash
+git status --short --branch
+node scripts/version-sync-check.js
+npm run build
+npm run check
+npm test
+npm run fixture-compat
+npm run canonical-apps
+npm run golden-path
+npm run release:check
+npm pack --dry-run --json
+```
+
+Each command log is written under the worker `logs/` directory and cited in the
+worker `cw:result` evidence array. The release verdict worker carries the full
+set of command locators into the release candidate, score, selection, and
+commit/checkpoint provenance.
+
+## Inspect The Run
+
+Use the standard operator commands:
+
+```bash
+node scripts/cw.js status <run-id>
+node scripts/cw.js graph <run-id>
+node scripts/cw.js report <run-id> --show
+node scripts/cw.js worker summary <run-id>
+node scripts/cw.js candidate summary <run-id>
+node scripts/cw.js feedback summary <run-id>
+node scripts/cw.js commit summary <run-id>
+```
+
+Inspect trust records:
+
+```bash
+node scripts/cw.js audit summary <run-id>
+node scripts/cw.js audit provenance <run-id>
+node scripts/cw.js audit provenance <run-id> --candidate dogfood-release-0.1.18
+node scripts/cw.js audit provenance <run-id> --commit <commit-id>
+```
+
+The report answers why the candidate is trusted by showing sandbox profiles,
+host attestations, evidence provenance, candidate scoring, acceptance rationale,
+and the verifier-gated commit.
+
+The dogfood command remains a local release-engineering script rather than a new
+MCP tool because it composes existing first-class CW capabilities: `release-cut`
+planning, dispatch, worker manifests/output, candidate scoring/selection,
+commits, reports, and audit/provenance. MCP parity is preserved for the
+inspectable state through the existing worker, candidate, commit, operator
+report, and audit tools.
+
+## Smoke Mode
+
+`npm test` and `npm run release:check` run:
+
+```bash
+node test/dogfood-release-smoke.js
+```
+
+The smoke test executes `scripts/dogfood-release.js --smoke --json`. It still
+uses the real repository, `release-cut`, worker manifests, trust audit records,
+candidate scoring, selection, verifier-gated commit, and a report, but keeps the
+command set smaller to avoid recursive release checking.
+
+## Promote To Real Release Actions
+
+Dry-run mode never creates tags, pushes, publishes packages, or mutates a
+marketplace. Real actions are separate maintainer commands after the dogfood
+run passes:
+
+```bash
+npm run dogfood:release
+npm run release:check
+git status --short --branch
+git tag v0.1.18
+git push origin main --tags
+```
+
+Package publish and plugin marketplace updates should be separate visible
+steps. If future execute flags are used, they must be explicit, for example
+`--execute --tag --confirm-release-actions=0.1.18`. The script refuses tag,
+push, or publish flags in dry-run mode and refuses execute mode without the
+target-version confirmation.
+
+## Safety Gates
+
+The dogfood command holds the candidate and writes an explicit checkpoint if
+any evidence command fails, version sync is incomplete, release docs are
+missing, audit records are unavailable, or verifier evidence is absent. A
+selected candidate requires score evidence and a verified verifier node; a
+verifier-gated commit requires the selected candidate, score, evidence, sandbox
+profile, worker, and acceptance rationale.
+
+This is intentionally boring release engineering: local-first, inspectable,
+scriptable, and fail-closed.
+
+## Architecture-Review Agent-Delegation Dogfood (v0.1.38)
+
+`scripts/dogfood-architecture-review.js` dogfoods the v0.1.38 Agent Delegation
+Drive: the `architecture-review` app driven end-to-end by the `agent` backend,
+with zero hand-written `result.md`.
+
+It splits into two halves, exactly like the release dogfood above:
+
+- **`--smoke` (CI-verifiable).** A hermetic STUB agent (no live binary, no second
+  repo, no network, no model SDK) drives the real app to a committed audited
+  report. `node scripts/dogfood-architecture-review.js --smoke --json` emits
+  `{ ok: true, mode: "smoke" }` with a `reportPath` and `auditSummaryPath` that
+  exist, the Verdict node accepted, and `audit.byKind["worker.agent-delegation"]
+  >= 1`. This is asserted under `npm test` (`test/dogfood-release-smoke.js`).
+
+- **Live full-drive (MAINTAINER-RUN, OUT OF CI).** With a REAL configured agent
+  (`CW_AGENT_COMMAND`, e.g. `claude -p {{input}}` / `codex exec`, or
+  `--agent-command`) against ONE real external repository:
+
+  ```bash
+  CW_AGENT_COMMAND="claude -p {{input}}" \
+    node scripts/dogfood-architecture-review.js --repo /path/to/real/repo \
+    --question "Audit this repo's architecture and rank the real risks."
+  ```
+
+  This drives plan → dispatch → agent-fulfill → accept/verify → commit for every
+  worker the planner emits, produces the committed audited risk report, and writes
+  a `docs/dogfood/architecture-review-<repo>.md` provenance note recording the repo
+  name and the agent-REPORTED model id. It depends on a live external agent binary
+  and a second repository, which CI cannot have (CI is node/npm/git-only and
+  hermetic), so it is **explicitly OUT of CI** — a maintainer bar run out-of-band,
+  exactly like the "Promote To Real Release Actions" above. The CI/release gate is
+  strictly the stub `--smoke` path.
+
+  The model runs in the external agent's process, never inside CW: this script
+  spawns the agent and records its attested output; it imports no model SDK and
+  holds no API key.
+0.1.51

package/docs/durable-state-and-locking.7.md

@@ -0,0 +1,107 @@
+# Durable State & Locking
+
+CW v0.1.40 closes the durability seams its own architecture self-audit found:
+every authoritative write is now **atomic**, the audit-essential ones are
+**fsync-durable**, and the cross-process read-modify-write stores are
+**lock-serialized**. This is the hardening half of Run Retention & Provable
+Reclamation (v0.1.39) — the reclamation transaction was already write-ahead, but
+the kernel persistence primitive underneath it (`state.ts:writeJson`) was a
+non-atomic in-place `fs.writeFileSync`, the prior verdict's #1 P1. That is now
+fixed for the whole control plane, not just the tombstone.
+
+## Atomic writes — order is the safety property
+
+`writeJson(file, value, { durable? })` writes to a unique temp file and then
+`rename(2)`s it over the target. Because rename is atomic on POSIX, a crash,
+`SIGKILL`, or `ENOSPC` mid-write can never leave a truncated `state.json` that
+throws `Invalid JSON` on reload — a reader always sees **EITHER the old bytes OR
+the new bytes**, never a torn file. A failed rename cleans up its temp file, so no
+half-written artifact is ever left behind.
+
+With `{ durable: true }` the file is additionally `fsync`'d (and its directory
+best-effort `fsync`'d) before the write is considered complete, so the bytes
+survive power loss. Durability is reserved for **authoritative** state — `state.json`
+(`saveCheckpoint`), the registry overlays (`archive.json`, `provenance.json`, the
+home queue, `repos.json`), the scheduler store, and the reclamation `reclaimed.json`
+— while high-frequency, rebuildable derived writes (node bodies, worker manifests,
+the registry index) stay atomic-but-not-fsync'd so the cheap torn-write fix applies
+everywhere without the fsync cost on the hot path.
+
+## Locking — serialize the cross-process read-modify-write
+
+The home queue (`queueAdd`/`queueDrain`), the archive overlay, the repos registry,
+and the per-run reclamation chain are read-modify-write stores mutated by more than
+one process (the long-running scheduler daemon and the CLI both touch the queue).
+`withFileLock(targetPath, fn)` runs `fn` while holding a portable advisory lock:
+
+- **Portable** — an `O_EXCL` (`wx`) lockfile beside the target; no native `flock(2)`,
+  so it works identically under CI (node/npm/git only).
+- **Stale-stealing** — a lock older than the steal window (30 s) is reclaimed, so a
+  crashed holder can never wedge a store forever.
+- **Always released** — the lock is removed in a `finally`, even if `fn` throws.
+
+This makes the scheduling kernel's concurrency ceiling hold **across processes**,
+not merely within one: a newly-added queue task can no longer vanish under a
+concurrent drain, and two reclaimers can no longer lose a tombstone
+(freed-without-proof).
+
+## Reclamation durability (the write-ahead seam, v0.1.40)
+
+The v0.1.39 reclamation transaction proved the *tombstone* crash-safe, but the
+result-node re-point that scratch reclamation depends on lived outside that
+boundary. It is now inside it. `runReclamation` runs, in order:
+
+1. extract + seal skeleton — and **refuse** (`skeleton-incomplete`) not only on a
+   missing key but if extraction dropped audit **content** the run actually has
+   (a run with commits/evidence must seal them);
+2. under the per-run lock: build the tombstone (reads `prevTombstoneHash`) and
+   commit it durably — atomic so the chain read-modify-write can never lose a link;
+3. `prepareFree()` — re-point surviving nodes off the scratch, **durably persist**
+   `state.json`, and **prove** no surviving node references a freed path (and each
+   re-pointed node's `loadNodeSnapshot` stays `valid`), failing closed
+   (`repoint-incomplete`) otherwise;
+4. only then free the bulk bytes.
+
+A crash at any point now leaves EITHER the full run OR a complete tombstone with a
+re-pointed, durably-persisted `state.json` — never a node referencing a freed path,
+and never a tombstone whose capability claim diverges from reality.
+
+## Compatibility
+
+Additive and invisible to correct single-writer use. No schema change; pre-v0.1.40
+runs and stores load unchanged. Atomicity and locking change only HOW the same
+bytes are written, never WHAT — no audit, commit, or collaboration record is ever
+rewritten.
+
+## See Also
+
+- `docs/run-retention-reclamation.7.md` — the v0.1.39 reclamation transaction this hardens.
+- `docs/run-registry-control-plane.7.md` — the registry overlays + home queue now locked.
+- `docs/control-plane-scheduling.7.md` — the concurrency ceiling now held across processes.
+
+## Self-Audit Hardening & Pure-Router Decomposition (v0.1.41)
+
+evidence grounding + durable audit append + symlink-hardened containment + deterministic worker ids + recursive redaction; BackendRegistry self-describing drivers (no per-id switches); orchestrator god-object decomposed into per-domain operation modules (pure loadRun->delegate router)
+
+## Robust Result Ingest (v0.1.42)
+
+capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
+
+## No-False-Green Gate & Launch Prep (v0.1.43)
+
+Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
+
+## Release-Gate Determinism & Agents Vendor (v0.1.44)
+
+Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
+
+## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
+
+Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.46), vendor-adapter registry (v0.1.47), state auto-compaction and P2 fixes (v0.1.48), plus CI content-surface determinism hardening (v0.1.49).
+0.1.51
+
+0.1.76
+
+0.1.77
+
+0.1.78