cool-workflow 0.1.80 → 0.1.81

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "cool-workflow",
   "description": "Auditable workflow control-plane and orchestration runtime: TypeScript dispatch, evidence-gated verification, state commits, scheduling, routines, multi-agent coordination, and MCP. Delegates execution to external agents — never runs models.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": {
     "name": "COOLWHITE LLC"
   },

package/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "cool-workflow",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "description": "Auditable workflow control-plane and orchestration runtime: TypeScript dispatch, evidence-gated verification, state commits, scheduling, routines, multi-agent coordination, and MCP. Delegates execution to external agents — never runs models.",
   "author": {
     "name": "COOLWHITE LLC"

package/README.md

@@ -263,6 +263,40 @@ write paths, command execution, network access, and environment exposure. CW
 stores and validates the policy, while the agent host enforces OS/process
 runtime controls. See [docs/sandbox-profiles.7.md](docs/sandbox-profiles.7.md).
 
+## Quickstart
+
+**30-second proof, no install** — see that a recorded telemetry verdict can't be forged:
+
+```bash
+npx cool-workflow demo tamper
+# builds a signed ed25519 ledger, forges it 2 ways, both caught offline
+# -> VERDICT: tamper-evidence holds ✓
+```
+
+**Try a real run** — no clone needed; drive an architecture review with your own agent:
+
+```bash
+npx cool-workflow quickstart architecture-review --repo /path/to/repo \
+  --question "Is this architecture sound?" --agent-command builtin:claude
+```
+
+CW DELEGATES worker execution to your own agent. With no `--agent-command` (or
+`CW_AGENT_COMMAND`) the drive fails closed (status `blocked`) — it never fabricates a
+result. `--agent-command builtin:claude` resolves to a bundled read-only `claude -p`
+wrapper (needs `claude` on your PATH).
+
+**Re-prove a finished run, offline** (`cw` is the installed bin; or `npx cool-workflow <cmd>`):
+
+```bash
+cw telemetry verify <run-id>                  # re-checks the hash-chained ledger
+cw telemetry verify <run-id> --pubkey pub.pem # also re-runs ed25519 signature checks
+cw audit verify <run-id>                      # re-proves the trust-audit hash chain
+```
+
+More: `cw quickstart <app> --preview` (read-only dry run), `cw run resume <run-id> --drive`
+(continue an interrupted run), `cw run inspect-archive <archive>` (integrity-check a
+portable run archive without importing it).
+
 ## Structure
 
 ```text
@@ -300,6 +334,10 @@ cool-workflow
 
 ## Commands
 
+Installed via npm, the bin is `cw` (alias `cool-workflow`): e.g. `cw list`,
+`cw quickstart …`. From a cloned source checkout, before `npm run build`, use the
+equivalent `node scripts/cw.js <cmd>` form shown in the examples below.
+
 List bundled workflows:
 
 ```bash
@@ -619,7 +657,7 @@ Replaces the linear migration chain with a BFS graph path resolver (`findMigrati
 
 ## Vendor-Adapter Registry (v0.1.47)
 
-Data-driven manifest generation: vendor JSON shapes extracted from `gen-manifests.js` into declarative templates in `plugin.manifest.json`. A `_resolveTemplate()` engine resolves `{{path.to.field}}` markers. Adding a new AI platform is pure data.
+Data-driven manifest generation: vendor JSON shapes extracted from `gen-manifests.js` into declarative templates in `plugin.manifest.json`. A `_resolveTemplate()` engine resolves `{{path.to.field}}` markers. Adding a new AI platform is pure data. Cross-vendor is proven by boot, not just by generation: `npm run manifest:load-check` (`node test/vendor-manifest-load-smoke.js`) loads every generated manifest (claude, codex, agents, gemini, opencode) and asserts each exposes the full tool surface (184 tools).
 
 ## P2 Fixes (v0.1.48)
 
@@ -651,7 +689,7 @@ The orchestration vision landed in one release, all reviewer-gated:
 
 ## Tamper-evidence demo (v0.1.79)
 
-`cw demo tamper` — a hermetic, one-command proof that a recorded telemetry verdict cannot be forged undetected: it builds a real ed25519-signed ledger, forges it at the ledger layer (verdict flip + recomputed local hash → the chain still breaks) and the signature layer (inflated tokens, reused signature → ed25519 rejects), all verified offline with only the public key. `cw telemetry verify <run>` is the operator-facing half (`cw_telemetry_verify` on MCP).
+`cw demo tamper` — a hermetic, one-command proof that a recorded telemetry verdict cannot be forged undetected: it builds a real ed25519-signed ledger, forges it at the ledger layer (verdict flip + recomputed local hash → the chain still breaks) and the signature layer (inflated tokens, reused signature → ed25519 rejects), all verified offline with only the public key. `cw telemetry verify <run>` (`cw_telemetry_verify` on MCP) is the operator-facing re-proof: by default it recomputes the hash chain on disk so any later edit to a recorded verdict or usage digest is caught; add `--pubkey <pem-or-path>` to re-run each `attested` hop's ed25519 signature check against the stored raw usage too. What this does and does **not** prove — including the single-keyholder ceiling — is documented honestly in [Trust Model & Limitations](docs/trust-model.md); read it before relying on a green verdict.
 
 ## Opt-in live agent output during a drive (on main, ships next)
 
@@ -662,3 +700,5 @@ v0.1.79
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+_This documentation tracks Cool Workflow v0.1.81. See [CHANGELOG](../../CHANGELOG.md) for the release notes._

package/apps/architecture-review/app.json

@@ -3,7 +3,7 @@
   "id": "architecture-review",
   "title": "Architecture Review",
   "summary": "Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/apps/architecture-review-fast/app.json

@@ -3,7 +3,7 @@
   "id": "architecture-review-fast",
   "title": "Architecture Review Fast",
   "summary": "Run a shorter architecture review with parallel map and assess phases for faster first results.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/apps/end-to-end-golden-path/app.json

@@ -3,7 +3,7 @@
   "id": "end-to-end-golden-path",
   "title": "End-to-End Golden Path",
   "summary": "Deterministic one-worker workflow app for proving the CW integration chain.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/apps/pr-review-fix-ci/app.json

@@ -3,7 +3,7 @@
   "id": "pr-review-fix-ci",
   "title": "PR Review Fix CI",
   "summary": "Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/apps/release-cut/app.json

@@ -3,7 +3,7 @@
   "id": "release-cut",
   "title": "Release Cut",
   "summary": "Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/apps/research-synthesis/app.json

@@ -3,7 +3,7 @@
   "id": "research-synthesis",
   "title": "Research Synthesis",
   "summary": "Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer.",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "author": "COOLWHITE LLC",
   "inputs": [
     {

package/dist/agent-config.js

@@ -139,18 +139,30 @@ function agentConfigFromArgs(args) {
 // npx/global install, where $(pwd)-relative paths don't exist) can configure a
 // WORKING agent without knowing where the package landed on disk:
 //   --agent-command builtin:claude   (or CW_AGENT_COMMAND=builtin:claude)
-// resolves to the packaged claude wrapper invocation. Still pure config — the
-// template is an out-of-process delegation script; CW never calls a model API.
-const BUILTIN_AGENT_TEMPLATES = {
-    claude: `node ${node_path_1.default.join(__dirname, "..", "scripts", "agents", "claude-p-agent.js")} {{input}} {{result}}`
-};
+// resolves to the packaged wrapper invocation. Still pure config — the template
+// is an out-of-process delegation script; CW never calls a model API.
+//
+// The builtin set is DATA, not a kernel TS literal (FreeBSD-audit L15): it lives
+// in scripts/agents/builtin-templates.json (vendor name -> wrapper script name).
+// Adding a vendor is a content/distribution step (drop a wrapper + a JSON line),
+// not a kernel edit — keeping CW vendor-agnostic at the source level.
+function builtinAgentTemplates() {
+    const agentsDir = node_path_1.default.join(__dirname, "..", "scripts", "agents");
+    const manifest = JSON.parse(node_fs_1.default.readFileSync(node_path_1.default.join(agentsDir, "builtin-templates.json"), "utf8"));
+    const out = {};
+    for (const [name, script] of Object.entries(manifest.templates || {})) {
+        out[name] = `node ${node_path_1.default.join(agentsDir, script)} {{input}} {{result}}`;
+    }
+    return out;
+}
 function expandBuiltinAgentCommand(command) {
     if (!command || !command.startsWith("builtin:"))
         return command;
     const name = command.slice("builtin:".length).trim();
-    const template = BUILTIN_AGENT_TEMPLATES[name];
+    const templates = builtinAgentTemplates();
+    const template = templates[name];
     if (!template) {
-        throw new Error(`Unknown builtin agent template "${name}" — available: ${Object.keys(BUILTIN_AGENT_TEMPLATES).join(", ")}`);
+        throw new Error(`Unknown builtin agent template "${name}" — available: ${Object.keys(templates).join(", ")}`);
     }
     return template;
 }
@@ -200,6 +212,8 @@ function setAgentConfigFile(patch, env = process.env) {
         endpoint: firstDefined(incoming.endpoint, current.endpoint),
         model: firstDefined(incoming.model, current.model),
         timeoutMs: firstDefined(incoming.timeoutMs, current.timeoutMs),
+        attestPublicKey: firstDefined(incoming.attestPublicKey, current.attestPublicKey),
+        requireAttestedTelemetry: firstDefined(incoming.requireAttestedTelemetry, current.requireAttestedTelemetry),
         source: "file"
     };
     const stored = redacted(merged);

package/dist/candidate-scoring.js

@@ -20,7 +20,14 @@ const state_1 = require("./state");
 const state_node_1 = require("./state-node");
 const trust_audit_1 = require("./trust-audit");
 const collaboration_1 = require("./collaboration");
+const compare_1 = require("./compare");
 exports.CANDIDATE_SCHEMA_VERSION = 1;
+/** Verdict thresholds on a score's normalized value [0,1], declared once so the
+ *  numbers carry intent instead of being buried as literals in verdictFor(). A
+ *  normalized score at-or-above PASS is "pass"; at-or-above WARN (but below
+ *  PASS) is "warn"; anything lower is "fail". Same numbers as before. */
+const VERDICT_PASS_THRESHOLD = 0.7;
+const VERDICT_WARN_THRESHOLD = 0.4;
 function createCandidateScoring(options = {}) {
     return {
         registerCandidate: (run, input) => registerCandidate(run, input, options),
@@ -39,7 +46,7 @@ function registerCandidate(run, input, options = {}) {
     if (existing)
         return existing;
     const now = new Date().toISOString();
-    const id = input.id || createCandidateId(input.kind || "manual", input.workerId || input.taskId || input.resultNodeId);
+    const id = input.id || createCandidateId(run, input.kind || "manual", input.workerId || input.taskId || input.resultNodeId);
     const candidate = {
         schemaVersion: exports.CANDIDATE_SCHEMA_VERSION,
         id,
@@ -109,7 +116,7 @@ function getCandidate(run, candidateId) {
 }
 function scoreCandidate(run, candidateId, input, options = {}) {
     const candidate = requireCandidate(run, candidateId);
-    const scoreId = input.id || createScoreId(candidateId);
+    const scoreId = input.id || createScoreId(candidate);
     const evidence = (0, trust_audit_1.normalizeEvidence)(run, input.evidence || [], {
         source: "operator-recorded",
         candidateId,
@@ -279,7 +286,7 @@ function selectCandidate(run, candidateId, options = {}, scoringOptions = {}) {
     const now = new Date().toISOString();
     const selection = {
         schemaVersion: exports.CANDIDATE_SCHEMA_VERSION,
-        id: createSelectionId(candidateId),
+        id: createSelectionId(run, candidateId),
         runId: run.id,
         candidateId,
         selectedAt: now,
@@ -558,16 +565,16 @@ function inferCandidateKind(input) {
     return "manual";
 }
 function bestScore(scores) {
-    return [...scores].sort((left, right) => right.normalized - left.normalized || left.createdAt.localeCompare(right.createdAt))[0];
+    return [...scores].sort((left, right) => right.normalized - left.normalized || (0, compare_1.compareBytes)(left.createdAt, right.createdAt))[0];
 }
 function compareRows(left, right, policy) {
     const byScore = right.normalized - left.normalized;
     if (byScore !== 0)
         return byScore;
     if (policy.tieBreaker === "candidateId")
-        return left.candidate.id.localeCompare(right.candidate.id);
-    const byCreated = left.candidate.createdAt.localeCompare(right.candidate.createdAt);
-    return byCreated || left.candidate.id.localeCompare(right.candidate.id);
+        return (0, compare_1.compareBytes)(left.candidate.id, right.candidate.id);
+    const byCreated = (0, compare_1.compareBytes)(left.candidate.createdAt, right.candidate.createdAt);
+    return byCreated || (0, compare_1.compareBytes)(left.candidate.id, right.candidate.id);
 }
 function detectTies(candidates) {
     const groups = new Map();
@@ -578,10 +585,15 @@ function detectTies(candidates) {
     return Array.from(groups.values()).filter((group) => group.length > 1);
 }
 function mergePolicy(policy = {}) {
+    // NOTE: `policy.criteria` (string[]) is intentionally NOT carried here. A
+    // whole-repo grep shows it has no read points — scoring reads each score's
+    // own `input.criteria` (Record<string, number>), not this list. Emitting a
+    // default `criteria: []` advertised a guarantee the code never honored and
+    // could silently drift, so it is dropped. The field stays OPTIONAL on
+    // CandidateScoringPolicy / CandidateRanking.policy for forward-compat input.
     return {
         id: policy.id || "cw.candidate.default",
         title: policy.title || "Default Candidate Scoring",
-        criteria: policy.criteria || [],
         requireEvidence: policy.requireEvidence ?? true,
         requireVerifierGate: policy.requireVerifierGate ?? true,
         minNormalized: policy.minNormalized,
@@ -591,9 +603,9 @@ function mergePolicy(policy = {}) {
 function verdictFor(normalized, policy) {
     if (policy.minNormalized !== undefined && normalized < policy.minNormalized)
         return "fail";
-    if (normalized >= 0.7)
+    if (normalized >= VERDICT_PASS_THRESHOLD)
         return "pass";
-    if (normalized >= 0.4)
+    if (normalized >= VERDICT_WARN_THRESHOLD)
         return "warn";
     return "fail";
 }
@@ -616,18 +628,26 @@ function indexPath(run) {
 function rankingPath(run) {
     return node_path_1.default.join(candidateRoot(run), "ranking.json");
 }
-function createCandidateId(kind, seed) {
-    const stamp = new Date().toISOString().replace(/[-:]/g, "").replace(/\..+/, "Z");
-    const suffix = Math.random().toString(36).slice(2, 8);
-    return `candidate-${(0, state_1.safeFileName)(kind)}-${seed ? `${(0, state_1.safeFileName)(seed)}-` : ""}${stamp}-${suffix}`;
-}
-function createScoreId(candidateId) {
-    const stamp = new Date().toISOString().replace(/[-:]/g, "").replace(/\..+/, "Z");
-    return `score-${(0, state_1.safeFileName)(candidateId)}-${stamp}-${Math.random().toString(36).slice(2, 8)}`;
-}
-function createSelectionId(candidateId) {
-    const stamp = new Date().toISOString().replace(/[-:]/g, "").replace(/\..+/, "Z");
-    return `selection-${(0, state_1.safeFileName)(candidateId)}-${stamp}-${Math.random().toString(36).slice(2, 8)}`;
+// Deterministic candidate id (FreeBSD-audit L12/L13): the candidate's POSITION in
+// the run's candidate set, qualified by kind + seed (a stable worker/task/result
+// id) for readability. No wall-clock stamp, no PRNG suffix — re-running the same
+// workflow mints byte-identical candidate ids, keeping fingerprints replay-stable.
+function createCandidateId(run, kind, seed) {
+    const seq = (run.candidates || []).length + 1;
+    return `candidate-${(0, state_1.safeFileName)(kind)}-${seed ? `${(0, state_1.safeFileName)(seed)}-` : ""}${String(seq).padStart(4, "0")}`;
+}
+// Deterministic score id (FreeBSD-audit L12/L13): the score's POSITION within its
+// candidate's score list. Scores only ever append, so the sequence is unique per
+// candidate and stable across replays.
+function createScoreId(candidate) {
+    const seq = (candidate.scores || []).length + 1;
+    return `score-${(0, state_1.safeFileName)(candidate.id)}-${String(seq).padStart(4, "0")}`;
+}
+// Deterministic selection id (FreeBSD-audit L12/L13): the selection's POSITION in
+// the run's append-only selection log. No clock, no PRNG.
+function createSelectionId(run, candidateId) {
+    const seq = (run.candidateSelections || []).length + 1;
+    return `selection-${(0, state_1.safeFileName)(candidateId)}-${String(seq).padStart(4, "0")}`;
 }
 function shouldPersist(options) {
     return options.persist !== false;

package/dist/capability-core.js

@@ -9,11 +9,12 @@
 // expressed here and called identically by both surfaces. A composite that lives
 // in only one surface is exactly the cross-surface drift v0.1.27 forbids.
 //
-// From v0.1.46: each exported entry function SHOULD self-register its capability
-// metadata via registerCapability() from capability-registry.ts. This replaces
-// the manual "add an entry to the giant array in capability-registry.ts" workflow
-// with automatic discovery. New capabilities just add a registerCapability() call
-// next to their implementation — no need to touch capability-registry.ts.
+// Capability metadata (which entry is on which surface, tool names, jsonMode) is
+// declared in ONE place — the BUILTIN_CAPABILITIES table in capability-registry.ts,
+// the single source of truth both surfaces and the parity gate read. New
+// capabilities add a row there. (A v0.1.46 "self-register at load time" mechanism
+// was removed: the registry snapshot was taken before those registrations ran, so
+// they were silently dead duplicates of the table — see capability-registry.ts.)
 //
 // See docs/cli-mcp-parity.7.md and src/capability-registry.ts.
 var __importDefault = (this && this.__importDefault) || function (mod) {
@@ -37,6 +38,7 @@ exports.runArchive = runArchive;
 exports.runRerun = runRerun;
 exports.runExportArchive = runExportArchive;
 exports.runImportArchive = runImportArchive;
+exports.runInspectArchive = runInspectArchive;
 exports.runVerifyImport = runVerifyImport;
 exports.queueAdd = queueAdd;
 exports.queueList = queueList;
@@ -65,13 +67,15 @@ exports.withoutRuntimeKeys = withoutRuntimeKeys;
 exports.optionalString = optionalString;
 exports.isRecord = isRecord;
 exports.telemetryVerify = telemetryVerify;
+exports.auditVerify = auditVerify;
 exports.demoTamper = demoTamper;
-const capability_registry_1 = require("./capability-registry");
 const drive_1 = require("./drive");
 const agent_config_1 = require("./agent-config");
 const run_registry_1 = require("./run-registry");
 const observability_1 = require("./observability");
 const telemetry_ledger_1 = require("./telemetry-ledger");
+const telemetry_attestation_1 = require("./telemetry-attestation");
+const trust_audit_1 = require("./trust-audit");
 const telemetry_demo_1 = require("./telemetry-demo");
 const state_1 = require("./state");
 const run_export_1 = require("./run-export");
@@ -90,8 +94,6 @@ function planSummary(runner, workflowId, options) {
         pendingTasks: run.tasks.filter((task) => task.status === "pending").length
     };
 }
-// Auto-register with the capability registry (v0.1.46 — no need to edit capability-registry.ts)
-(0, capability_registry_1.registerCapability)({ capability: "plan", summary: "Plan a workflow run on a repo + app.", entry: "planSummary", surface: "both", cli: { path: ["plan"], jsonMode: "default" }, mcp: { tool: "cw_plan" } });
 // ---- canonical app-run payload --------------------------------------------
 // Both `cw app run` and `cw_app_run` resolve to this exact object. Structured
 // app inputs + optional sandbox resolution, then a compact operator status.
@@ -117,7 +119,6 @@ function appRun(runner, args) {
         sandboxProfile: resolvedSandbox
     };
 }
-(0, capability_registry_1.registerCapability)({ capability: "app.run", summary: "Plan a run on a named app with structured inputs.", entry: "appRun", surface: "both", cli: { path: ["app", "run"], caseTokens: ["app"], jsonMode: "default" }, mcp: { tool: "cw_app_run" } });
 // ---- canonical sandbox choice payload -------------------------------------
 // Both `cw sandbox choose|resolve` and `cw_sandbox_choose|cw_sandbox_resolve`
 // resolve to this exact object.
@@ -154,7 +155,6 @@ function commitEnvelope(runner, runId, args) {
         commit
     };
 }
-(0, capability_registry_1.registerCapability)({ capability: "commit", summary: "Create a verifier-gated state commit with evidence.", entry: "commitEnvelope", surface: "both", cli: { path: ["commit"], jsonMode: "default" }, mcp: { tool: "cw_commit" }, payloadIdentical: false, reason: "CLI renders a human summary with path hints; MCP returns the structured commit payload alone." });
 function compactOperatorStatus(status) {
     return {
         runId: status.runId,
@@ -242,11 +242,19 @@ function runList(reg, args) {
 function runShow(reg, runId, args) {
     return reg.showRun(runId, { scope: scopeOf(args, "home") });
 }
-function runResume(reg, runId, args) {
-    return reg.resume(runId, {
+function runResume(reg, runner, runId, args) {
+    const base = reg.resume(runId, {
         scope: scopeOf(args, "home"),
         limit: args.limit === undefined ? undefined : Number(args.limit)
     });
+    // Default (no --drive/--once): read-only, byte-identical to before.
+    if (!isTrue(args.drive) && !isTrue(args.once))
+        return base;
+    // Opt-in continuation: hand the resolved run to the EXISTING agent-delegation
+    // drive loop (re-plans nothing; picks up pending/running tasks from durable
+    // state). An unconfigured agent surfaces drive.status="blocked" (fail-closed).
+    const drive = runDrive(runner, { ...args, runId: base.runId, repo: base.repo, once: isTrue(args.once) });
+    return { ...base, drive };
 }
 function runArchive(reg, runId, args) {
     if (runId) {
@@ -286,6 +294,17 @@ function runImportArchive(runner, args) {
         return { ...imported, registry: registryReport };
     });
 }
+// Read-only: inspect a portable archive's integrity WITHOUT importing it. Routes
+// both surfaces through one shared core entry. The runner is unused (no registry
+// touch — inspection writes nothing) but kept for dispatch-signature symmetry.
+function runInspectArchive(_runner, args) {
+    return withInvocationCwd(args, () => {
+        const archive = optionalString(args.archive || args.path || args.file);
+        if (!archive)
+            throw new Error("run inspect-archive requires an archive path (positional, --archive, --path, or --file)");
+        return (0, run_export_1.inspectArchive)(node_path_1.default.resolve(archive));
+    });
+}
 function runVerifyImport(runner, runId, args) {
     return withInvocationCwd(args, () => (0, run_export_1.verifyImportedRun)(runner.loadRun(runId)));
 }
@@ -422,7 +441,8 @@ const DRIVE_RUNTIME_KEYS = [
     "agentModel",
     "agent-model",
     "agentTimeoutMs",
-    "agent-timeout-ms"
+    "agent-timeout-ms",
+    "resume"
 ];
 function planInputsFor(args) {
     const copy = withoutRuntimeKeys(args);
@@ -474,6 +494,12 @@ exports.QUICKSTART_DEFAULT_APP = "architecture-review";
 function quickstart(runner, args) {
     const appId = String(args.appId || args.app || args.workflowId || exports.QUICKSTART_DEFAULT_APP);
     const agentConfigured = Boolean((0, agent_config_1.resolveAgentConfig)(args).command || (0, agent_config_1.resolveAgentConfig)(args).endpoint);
+    // `--resume`: a discoverability flag over the existing continuation. With no
+    // `--run`, advance exactly ONE step (reuse the `--once` path) and print a
+    // copy-pasteable continue line; with `--run <id>`, continue that run to
+    // completion (the default drive). It adds no new execution path.
+    const resume = isTrue(args.resume);
+    const resumeRunId = resume ? optionalString(args.runId || args.run) : undefined;
     // `--preview`: read-only, deterministic next-step projection (no spawn, no commit).
     // Plan a fresh run (the read-only first verb) then project the next drive step.
     if (isTrue(args.preview)) {
@@ -498,7 +524,10 @@ function quickstart(runner, args) {
     // Drive end-to-end (or one `--once` step). runDrive plans the run, delegates each
     // worker to the agent backend, and commits — we add only the report write + a
     // single assembled payload. No orchestration is duplicated here.
-    const result = runDrive(runner, { ...args, appId });
+    // `--resume` with no run id advances a single step so a newcomer WITNESSES the
+    // stop-then-resume; with a run id it continues to completion. Non-resume paths
+    // are untouched (byte-identical default).
+    const result = runDrive(runner, { ...args, appId, ...(resume && !resumeRunId ? { once: true } : {}) });
     // Always (re)write the report so the one command yields a report.md on disk, even
     // when the drive blocked/parked (a partial report is still useful triage).
     const cwd0 = process.cwd();
@@ -530,7 +559,9 @@ function quickstart(runner, args) {
         hint = `the drive is blocked — inspect: cw run drive ${result.runId}`;
     }
     else if (result.status === "in-progress") {
-        hint = `one step advanced (--once) — continue: cw quickstart ${appId} --run ${result.runId} --once`;
+        hint = resume
+            ? `one step advanced — continue: cw quickstart ${appId} --run ${result.runId} --resume`
+            : `one step advanced (--once) — continue: cw quickstart ${appId} --run ${result.runId} --once`;
     }
     return {
         schemaVersion: 1,
@@ -546,7 +577,11 @@ function quickstart(runner, args) {
         statePath: result.statePath,
         agentConfigured,
         steps: result.steps,
-        hint
+        hint,
+        // Stamp resumedFrom ONLY when we continued an explicit run. Conditional spread
+        // keeps the key absent on the default/fresh path (own-property absent + omitted
+        // by JSON.stringify), so default output is byte-identical.
+        ...(resumeRunId ? { resumedFrom: resumeRunId } : {})
     };
 }
 /** Read-only, deterministic projection of the effective agent config (secret-stripped). */
@@ -680,15 +715,57 @@ function telemetryVerify(runner, args) {
         throw new Error("telemetry verify requires a run id (cw telemetry verify <run-id>)");
     const run = runner.loadRun(runId);
     const v = (0, telemetry_ledger_1.verifyTelemetryLedger)(run);
+    // Opt-in independent signature re-verification. verifyTelemetryLedger re-proves
+    // the chain (so the stored attestation verdicts were not edited); supplying the
+    // trust public key (--pubkey / CW_AGENT_ATTEST_PUBKEY) additionally RE-RUNS the
+    // ed25519 check over each `attested` record's stored raw usage rather than
+    // trusting that verdict, so a forged signature can no longer ride a green chain.
+    const trustPublicKeyInput = optionalString(args.pubkey || args.pubKey || args.publicKey) || process.env.CW_AGENT_ATTEST_PUBKEY;
+    const trustPublicKey = (0, telemetry_attestation_1.resolveTrustPublicKey)(trustPublicKeyInput);
+    const keyChecks = trustPublicKeyInput && !trustPublicKey
+        ? [{ name: "signature-key", pass: false, code: "telemetry-pubkey-unreadable" }]
+        : [];
+    const sig = (0, telemetry_attestation_1.verifyTelemetrySignatures)(v.records, trustPublicKey);
+    const failedChecks = [...v.checks.filter((c) => !c.pass), ...keyChecks, ...sig.checks.filter((c) => !c.pass)];
     return {
         schemaVersion: 1,
         runId: run.id,
         present: v.present,
-        verified: v.verified,
+        // Chain integrity AND (when a key was supplied) every attested signature must
+        // re-verify. With no key, sig.failed is 0 → unchanged chain-only behavior.
+        verified: v.verified && keyChecks.length === 0 && sig.failed === 0,
         records: v.records.length,
         attested: v.attested,
         unattested: v.unattested,
         absent: v.absent,
+        signatureKeyProvided: sig.keyProvided,
+        signaturesChecked: sig.checked,
+        signaturesReverified: sig.reverified,
+        signaturesFailed: sig.failed,
+        failedChecks: failedChecks.map((c) => ({ name: c.name, code: c.code }))
+    };
+}
+// audit.verify — fail-closed re-prove of a run's trust-audit hash chain. The peer
+// of telemetry.verify for the sandbox/policy/commit-gate decision log: recomputes
+// every event hash from genesis, checks chain linkage, and catches the
+// unchained-event forgery. Exposed as a verb (not just embedded in `audit summary`,
+// which always exits 0) so `cw audit verify <run> && deploy` can gate on the exit
+// code. POLA: a run with no audit log is present:false / verified:true / exit 0.
+function auditVerify(runner, args) {
+    const runId = optionalString(args.runId || args.run);
+    if (!runId)
+        throw new Error("audit verify requires a run id (cw audit verify <run-id>)");
+    const run = runner.loadRun(runId);
+    const v = (0, trust_audit_1.verifyTrustAudit)(run);
+    return {
+        schemaVersion: 1,
+        runId: run.id,
+        present: v.present,
+        verified: v.verified,
+        eventCount: v.eventCount,
+        chained: v.chained,
+        unchained: v.unchained,
+        corruptLines: v.corruptLines,
         failedChecks: v.checks.filter((c) => !c.pass).map((c) => ({ name: c.name, code: c.code }))
     };
 }