cool-workflow 0.1.80 → 0.1.81

package/dist/worker-isolation.js

@@ -4,7 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WORKER_ISOLATION_SCHEMA_VERSION = void 0;
-exports.createWorkerIsolation = createWorkerIsolation;
 exports.allocateWorkerScope = allocateWorkerScope;
 exports.writeWorkerManifest = writeWorkerManifest;
 exports.syncWorkerScopeFromTask = syncWorkerScopeFromTask;
@@ -33,21 +32,9 @@ const multi_agent_1 = require("./multi-agent");
 const telemetry_attestation_1 = require("./telemetry-attestation");
 const telemetry_ledger_1 = require("./telemetry-ledger");
 const coordinator_1 = require("./coordinator");
+const helpers_1 = require("./worker-isolation/helpers");
+const paths_1 = require("./worker-isolation/paths");
 exports.WORKER_ISOLATION_SCHEMA_VERSION = 1;
-const WORKER_SCOPE_FILE = "worker.json";
-const WORKER_MANIFEST_FILE = "manifest.json";
-function createWorkerIsolation(options = {}) {
-    return {
-        allocateWorkerScope: (run, task, allocateOptions) => allocateWorkerScope(run, task, { ...options, ...allocateOptions }),
-        writeWorkerManifest,
-        listWorkerScopes: (run, listOptions) => listWorkerScopes(run, listOptions),
-        getWorkerScope,
-        recordWorkerOutput,
-        recordWorkerFailure,
-        validateWorkerBoundary,
-        summarizeWorkers
-    };
-}
 function allocateWorkerScope(run, task, options = {}) {
     ensureWorkerState(run);
     const existing = task.workerId ? getWorkerScope(run, task.workerId) : undefined;
@@ -64,7 +51,7 @@ function allocateWorkerScope(run, task, options = {}) {
         return existing;
     }
     const now = new Date().toISOString();
-    const workerId = options.workerId || createWorkerId(run, task.id);
+    const workerId = options.workerId || (0, paths_1.createWorkerId)(run, task.id);
     const workerDir = node_path_1.default.join(workerRoot(run), (0, state_1.safeFileName)(workerId));
     const inputPath = node_path_1.default.join(workerDir, "input.md");
     const resultPath = node_path_1.default.join(workerDir, "result.md");
@@ -82,7 +69,10 @@ function allocateWorkerScope(run, task, options = {}) {
         extraReadPaths: options.policy?.readPaths || [],
         extraWritePaths: [...(options.policy?.writePaths || []), ...(options.policy?.allowedPaths || [])],
         allowArtifacts: options.policy?.allowArtifacts,
-        allowLogs: options.policy?.allowLogs
+        allowLogs: options.policy?.allowLogs,
+        // H7: persisted custom profile definitions so a custom logical id resolves
+        // against THIS worker's context (worker-specific path tokens bind correctly).
+        customProfiles: run.customSandboxProfiles
     });
     const allowedPaths = (0, sandbox_profile_1.effectiveSandboxWritePaths)(sandboxPolicy);
     (0, sandbox_profile_1.upsertRunSandboxPolicy)(run, sandboxPolicy);
@@ -123,7 +113,7 @@ function allocateWorkerScope(run, task, options = {}) {
         feedbackIds: [],
         errors: [],
         multiAgent: options.multiAgent,
-        metadata: compactMetadata({
+        metadata: (0, helpers_1.compactMetadata)({
             ...options.metadata,
             multiAgent: options.multiAgent,
             phase: task.phase,
@@ -165,7 +155,7 @@ function allocateWorkerScope(run, task, options = {}) {
         });
     }
     task.workerId = scope.id;
-    task.workerManifestPath = manifestPath(scope);
+    task.workerManifestPath = (0, paths_1.manifestPath)(scope);
     task.sandboxProfileId = sandboxPolicy.id;
     task.sandboxPolicy = sandboxPolicy;
     task.backendId = backendId;
@@ -180,8 +170,8 @@ function writeWorkerManifest(run, scope) {
     const task = run.tasks.find((candidate) => candidate.id === scope.taskId);
     const sandboxPolicy = scope.sandboxPolicy || sandboxPolicyForBoundary(run, scope);
     const sandboxProfileId = scope.sandboxProfileId || sandboxPolicy.id;
-    const scopePath = workerScopePath(scope);
-    const workerManifestPath = manifestPath(scope);
+    const scopePath = (0, paths_1.workerScopePath)(scope);
+    const workerManifestPath = (0, paths_1.manifestPath)(scope);
     const manifest = {
         schemaVersion: exports.WORKER_ISOLATION_SCHEMA_VERSION,
         id: scope.id,
@@ -257,7 +247,7 @@ function syncWorkerScopeFromTask(run, workerId) {
         ...scope,
         updatedAt: new Date().toISOString(),
         multiAgent: task.multiAgent,
-        metadata: compactMetadata({
+        metadata: (0, helpers_1.compactMetadata)({
             ...(scope.metadata || {}),
             multiAgent: task.multiAgent
         })
@@ -267,7 +257,7 @@ function syncWorkerScopeFromTask(run, workerId) {
 function listWorkerScopes(run, options = {}) {
     ensureWorkerState(run);
     const scopes = loadWorkerScopesFromDisk(run);
-    run.workers = mergeScopes(run.workers || [], scopes);
+    run.workers = (0, helpers_1.mergeScopes)(run.workers || [], scopes);
     const listed = run.workers || [];
     return options.status ? listed.filter((scope) => scope.status === options.status) : listed;
 }
@@ -276,7 +266,7 @@ function getWorkerScope(run, workerId) {
     const existing = (run.workers || []).find((scope) => scope.id === workerId);
     if (existing)
         return existing;
-    const file = node_path_1.default.join(workerRoot(run), (0, state_1.safeFileName)(workerId), WORKER_SCOPE_FILE);
+    const file = node_path_1.default.join(workerRoot(run), (0, state_1.safeFileName)(workerId), paths_1.WORKER_SCOPE_FILE);
     if (!node_fs_1.default.existsSync(file))
         return undefined;
     const scope = JSON.parse(node_fs_1.default.readFileSync(file, "utf8"));
@@ -302,7 +292,7 @@ function recordWorkerOutput(run, workerId, resultPath, options = {}) {
         throw new Error(violation.message);
     }
     if (!node_fs_1.default.existsSync(absoluteResultPath)) {
-        const error = structuredError("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
+        const error = (0, helpers_1.structuredError)("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
             path: absoluteResultPath,
             retryable: true
         });
@@ -321,7 +311,7 @@ function recordWorkerOutput(run, workerId, resultPath, options = {}) {
         const baseDirs = Array.from(new Set([run.cwd, process.cwd(), scope.workerDir, run.paths.runDir].filter(Boolean)));
         const unresolved = (0, evidence_grounding_1.unresolvedFileEvidence)(parsedResult.evidence, baseDirs);
         if (unresolved.length) {
-            const error = structuredError("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
+            const error = (0, helpers_1.structuredError)("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
             recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
             throw new Error(error.message);
         }
@@ -345,7 +335,7 @@ function recordWorkerOutput(run, workerId, resultPath, options = {}) {
     // it instead of recording unverifiable usage. Default behavior is unchanged
     // (flag-and-surface). Non-agent hops carry no verdict and are never blocked.
     if (options.requireAttestedTelemetry && telemetry && telemetry.status !== "attested") {
-        const error = structuredError("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
+        const error = (0, helpers_1.structuredError)("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
         recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
         throw new Error(error.message);
     }
@@ -581,7 +571,7 @@ function recordWorkerFailure(run, workerId, error, options = {}) {
         status: "pending",
         loopStage: "adjust",
         inputs: { workerId, taskId: task.id, dispatchId: scope.dispatchId },
-        artifacts: workerArtifacts(scope),
+        artifacts: (0, paths_1.workerArtifacts)(scope),
         parents: task.stateNodeId ? [task.stateNodeId] : [],
         contractId: pipeline_contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
         metadata: { workerId, taskId: task.id, dispatchId: scope.dispatchId, workerDir: scope.workerDir, sandboxProfileId: scope.sandboxProfileId }
@@ -636,7 +626,7 @@ function recordWorkerFailure(run, workerId, error, options = {}) {
         updatedAt: new Date().toISOString(),
         status: structured.code === "worker-boundary-violation" || structured.code.startsWith("sandbox-") ? "rejected" : "failed",
         retryCount: typeof options.retryCount === "number" ? options.retryCount : scope.retryCount,
-        feedbackIds: unique([...(scope.feedbackIds || []), feedback.id]),
+        feedbackIds: (0, helpers_1.unique)([...(scope.feedbackIds || []), feedback.id]),
         errors: [...(scope.errors || []), structured]
     });
     if (options.persist !== false)
@@ -649,7 +639,7 @@ function recordWorkerRetryAttempt(run, workerId, attempts, reason, options = {})
         ...scope,
         updatedAt: new Date().toISOString(),
         retryCount: attempts,
-        metadata: compactMetadata({
+        metadata: (0, helpers_1.compactMetadata)({
             ...scope.metadata,
             agentDelegationAttempts: attempts,
             agentDelegationLastFailure: reason
@@ -668,8 +658,8 @@ function summarizeWorkers(run) {
     const workers = listWorkerScopes(run);
     return {
         total: workers.length,
-        byStatus: countBy(workers, (scope) => scope.status),
-        manifestPaths: workers.map(manifestPath),
+        byStatus: (0, helpers_1.countBy)(workers, (scope) => scope.status),
+        manifestPaths: workers.map(paths_1.manifestPath),
         failed: workers
             .filter((scope) => scope.status === "failed" || scope.status === "rejected")
             .map((scope) => ({ id: scope.id, status: scope.status, feedbackIds: scope.feedbackIds || [] }))
@@ -705,15 +695,9 @@ function reclaimOrphans(run, now) {
     }
     if (orphans.length) {
         writeWorkerIndex(run);
-        saveWorkerCheckpoint(run);
     }
     return { runId: run.id, reclaimed: orphans.length, orphans };
 }
-function saveWorkerCheckpoint(run) {
-    // Durable write via atomic temp+rename (same contract as saveCheckpoint)
-    // For worker index, the atomic write in writeWorkerIndex already handles it.
-    // This is a no-op wrapper that signals the checkpoint boundary.
-}
 function ensureWorkerState(run) {
     run.paths.workersDir = run.paths.workersDir || node_path_1.default.join(run.paths.runDir, "workers");
     node_fs_1.default.mkdirSync(run.paths.workersDir, { recursive: true });
@@ -771,7 +755,7 @@ function updateWorkerScope(run, scope) {
     return updated;
 }
 function writeWorkerScope(scope) {
-    (0, state_1.writeJson)(workerScopePath(scope), scope);
+    (0, state_1.writeJson)((0, paths_1.workerScopePath)(scope), scope);
 }
 function writeWorkerIndex(run) {
     ensureWorkerState(run);
@@ -784,7 +768,7 @@ function writeWorkerIndex(run) {
             dispatchId: scope.dispatchId,
             status: scope.status,
             workerDir: scope.workerDir,
-            manifestPath: manifestPath(scope),
+            manifestPath: (0, paths_1.manifestPath)(scope),
             resultPath: scope.resultPath,
             sandboxProfileId: scope.sandboxProfileId,
             backendId: scope.backendId,
@@ -800,7 +784,7 @@ function loadWorkerScopesFromDisk(run) {
     return node_fs_1.default
         .readdirSync(workerRoot(run), { withFileTypes: true })
         .filter((entry) => entry.isDirectory())
-        .map((entry) => node_path_1.default.join(workerRoot(run), entry.name, WORKER_SCOPE_FILE))
+        .map((entry) => node_path_1.default.join(workerRoot(run), entry.name, paths_1.WORKER_SCOPE_FILE))
         .filter((file) => node_fs_1.default.existsSync(file))
         .map((file) => JSON.parse(node_fs_1.default.readFileSync(file, "utf8")));
 }
@@ -823,6 +807,12 @@ function sandboxPolicyForBoundary(run, scope, options = {}) {
     if (scope.sandboxPolicy && !options.policy && !options.sandboxProfileId)
         return scope.sandboxPolicy;
     const profileId = options.sandboxProfileId || options.policy?.sandboxProfileId || scope.sandboxProfileId || sandbox_profile_1.DEFAULT_SANDBOX_PROFILE_ID;
+    // H7: when the scope.sandboxPolicy snapshot is LOST, this re-resolves the policy
+    // by its logical profileId against the WORKER's paths (scope.workerDir etc.). For
+    // a CUSTOM profile the bundled lookup would throw not-found; threading
+    // run.customSandboxProfiles lets resolveSandboxProfileById re-resolve the persisted
+    // DEFINITION here — re-enforcing the same policy with worker-correct path tokens
+    // (NOT the dispatch-time paths), so a legitimate worker write is not falsely denied.
     return (0, sandbox_profile_1.sandboxPolicyForWorker)(profileId, {
         cwd: run.cwd,
         runDir: run.paths.runDir,
@@ -838,7 +828,8 @@ function sandboxPolicyForBoundary(run, scope, options = {}) {
             ...(!scope.sandboxPolicy ? scope.allowedPaths || [] : [])
         ],
         allowArtifacts: options.policy?.allowArtifacts,
-        allowLogs: options.policy?.allowLogs
+        allowLogs: options.policy?.allowLogs,
+        customProfiles: run.customSandboxProfiles
     });
 }
 function blackboardManifest(run, scope) {
@@ -927,7 +918,7 @@ function blackboardLinkage(run, scope) {
     const role = scope.multiAgent?.roleId ? run.multiAgent?.roles.find((entry) => entry.id === scope.multiAgent?.roleId) : undefined;
     const multiAgentRun = scope.multiAgent?.runId ? run.multiAgent?.runs.find((entry) => entry.id === scope.multiAgent?.runId) : undefined;
     const blackboardId = membership?.blackboardId || group?.blackboardId || role?.blackboardId || multiAgentRun?.blackboardId;
-    const topicIds = unique([
+    const topicIds = (0, helpers_1.unique)([
         ...(membership?.topicIds || []),
         ...(group?.topicIds || []),
         ...(role?.topicIds || []),
@@ -935,94 +926,27 @@ function blackboardLinkage(run, scope) {
     ]);
     return { blackboardId, topicIds };
 }
-function manifestPath(scope) {
-    return node_path_1.default.join(scope.workerDir, WORKER_MANIFEST_FILE);
-}
-function workerScopePath(scope) {
-    return node_path_1.default.join(scope.workerDir, WORKER_SCOPE_FILE);
-}
-// Deterministic worker id (v0.1.40 self-audit P2): a wall-clock stamp + Math.random()
-// made every dispatch mint a different id, so audit references were not reproducible
-// across re-runs of the same inputs. The id is now derived from the task plus a
-// per-task sequence (count of worker scopes already allocated for that task + 1),
-// so re-running the same workflow yields byte-identical worker ids while retries of
-// the SAME task still get a fresh, unique id. (workerId is excluded from the
-// snapshot source fingerprint, so this does not change replay digests.)
-function createWorkerId(run, taskId) {
-    const prefix = `worker-${(0, state_1.safeFileName)(taskId)}-`;
-    const seq = (run.workers || []).filter((scope) => scope.id.startsWith(prefix)).length + 1;
-    return `${prefix}${String(seq).padStart(4, "0")}`;
-}
-function workerArtifacts(scope) {
-    return [
-        { id: "worker", kind: "json", path: workerScopePath(scope) },
-        { id: "worker-manifest", kind: "json", path: manifestPath(scope) },
-        { id: "worker-input", kind: "markdown", path: scope.inputPath }
-    ];
-}
 function normalizeWorkerError(error, scope, options) {
-    if (isBoundaryViolation(error)) {
-        return structuredError(error.code, error.message, {
+    if ((0, helpers_1.isBoundaryViolation)(error)) {
+        return (0, helpers_1.structuredError)(error.code, error.message, {
             path: error.path,
             retryable: false,
             details: { allowedPaths: error.allowedPaths, workerId: scope.id, taskId: scope.taskId, sandboxProfileId: scope.sandboxProfileId }
         });
     }
-    if (isStateNodeError(error)) {
+    if ((0, helpers_1.isStateNodeError)(error)) {
         return {
             ...error,
             at: error.at || new Date().toISOString(),
             path: options.path || error.path,
             retryable: options.retryable ?? error.retryable ?? false,
-            details: compactMetadata({ ...(error.details || {}), workerId: scope.id, taskId: scope.taskId })
+            details: (0, helpers_1.compactMetadata)({ ...(error.details || {}), workerId: scope.id, taskId: scope.taskId })
         };
     }
     const message = error instanceof Error ? error.message : String(error);
-    return structuredError(options.code || "worker-runtime-error", message, {
+    return (0, helpers_1.structuredError)(options.code || "worker-runtime-error", message, {
         path: options.path,
         retryable: options.retryable ?? false,
         details: { workerId: scope.id, taskId: scope.taskId }
     });
 }
-function structuredError(code, message, options = {}) {
-    return {
-        code,
-        message,
-        at: new Date().toISOString(),
-        path: options.path,
-        retryable: options.retryable,
-        details: options.details
-    };
-}
-function isBoundaryViolation(value) {
-    return Boolean(value && typeof value === "object" && "allowedPaths" in value && "message" in value);
-}
-function isStateNodeError(value) {
-    return Boolean(value && typeof value === "object" && "code" in value && "message" in value);
-}
-function mergeScopes(left, right) {
-    const merged = [...left];
-    for (const scope of right) {
-        const index = merged.findIndex((candidate) => candidate.id === scope.id);
-        if (index >= 0)
-            merged[index] = scope;
-        else
-            merged.push(scope);
-    }
-    return merged;
-}
-function unique(values) {
-    return Array.from(new Set(values.filter(Boolean)));
-}
-function compactMetadata(value) {
-    const entries = Object.entries(value).filter(([, entry]) => entry !== undefined);
-    return entries.length ? Object.fromEntries(entries) : undefined;
-}
-function countBy(items, key) {
-    const counts = {};
-    for (const item of items) {
-        const value = key(item);
-        counts[value] = (counts[value] || 0) + 1;
-    }
-    return counts;
-}

package/docs/agent-delegation-drive.7.md

@@ -131,8 +131,17 @@ node dist/cli.js backend probe agent --json      # ready iff configured, else un
 node dist/cli.js run architecture-review --drive --repo /path/to/repo --question "Is the design sound?"
 node dist/cli.js run architecture-review --drive --once --repo /path/to/repo --question "..."   # one step
 node dist/cli.js run drive <run-id> --json       # read-only preview of the next step
+
+# quickstart --resume: a guided stop-then-resume a newcomer can WITNESS in <5 min
+node dist/cli.js quickstart --resume --repo /path/to/repo --question "..."   # advances ONE step, prints a continue line
+node dist/cli.js quickstart --run <run-id> --resume                          # continues that run to completion
 ```
 
+`quickstart --resume` with no `--run` drives a single step and prints a
+copy-pasteable `cw quickstart --run <id> --resume` continue line; rerun it with the
+`--run <id>` to finish. The continuing invocation echoes `resumedFrom: <id>`. Bare
+`quickstart` (no `--resume`) is unchanged — it drives straight to completion.
+
 For faster first results, use the opt-in fast app instead of changing the full
 review contract:
 
@@ -248,3 +257,7 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+## Resumable Drive & Resume Routing (v0.1.81)
+
+Adds `run resume <id> --drive/--once` alongside `quickstart --resume`: a stopped pipeline resumes in-place, advancing to completion (`--drive`) or one deterministic step (`--once`) over the same plan->dispatch->agent-fulfill->accept->commit lifecycle, echoing `resumedFrom: <id>`. Fixes the `run resume --drive` CLI routing so the drive flag reaches the resumed run instead of being read as an app name. Replay determinism and the agent evidence triple are unchanged.

package/docs/cli-mcp-parity.7.md

@@ -385,3 +385,7 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+## Re-Prove Verbs on Both Surfaces (v0.1.81)
+
+v0.1.81 grows the parity surface with two new both-surface, fail-closed verbs declared once in the capability registry: `cw audit verify` / `cw_audit_verify` re-proves the trust-audit chain and exits non-zero on any unverified or corrupt chain, and `cw run inspect-archive` / `cw_run_inspect_archive` is a read-only archive integrity check. Each `cw <cmd> --json` is schema-identical to its `cw_<tool>` and validated by the same parity gate.

package/docs/contract-migration-tooling.7.md

@@ -127,3 +127,5 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+_No changes to the contract-migration subsystem in v0.1.81._

package/docs/control-plane-scheduling.7.md

@@ -114,3 +114,5 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+_No changes to the control-plane scheduling surface in v0.1.81._

package/docs/dogfood/resume-drive-real-agent-2026-06-14.md

@@ -0,0 +1,40 @@
+# Dogfood: real `builtin:claude` agent + `run resume --drive` (2026-06-14)
+
+A live dogfood run with a REAL external agent (`CW_AGENT_COMMAND=builtin:claude`, the
+bundled read-only claude wrapper). The model ran in the agent's own process; CW
+spawned it and recorded the attested output — CW holds no API key and imports no
+model SDK. This run had two purposes and delivered both: it confirmed the real-agent
+delegation path works end to end, and — because it exercised the **CLI** rather than
+the unit-test function path — it **caught a real shipped bug** in `run resume --drive`.
+
+## What ran
+
+- `cw run architecture-review --drive --once --repo <tmp> --question "…"` with a real
+  `builtin:claude` agent: **1 worker completed** end-to-end with zero hand-written
+  result.md — the worker's `result.md` was produced by real claude, passed the
+  evidence-gated acceptance, and a `report.md` (7.5 KB, "# Architecture Review …")
+  + 3 state commits were written. The real-agent path (spawn → attested output →
+  evidence gate → commit) works.
+- Run: `architecture-review-20260614T104416Z-upkor2`, status `in-progress` (1/14)
+  after the single `--once` step.
+
+## The bug it caught (and the fix)
+
+Resuming the partway run with `cw run resume <id> --drive` failed:
+`cw: Workflow app not found: resume`. The `run` command's early `--drive` branch
+(the `cw run <app> --drive` one-command form) intercepted the invocation *before* the
+subcommand switch, so the `resume` keyword was misread as an app name and never
+reached the `runResume` continuation shipped in #155.
+
+The A1 unit smoke (`run-resume-drive-smoke`) had tested `runResume()` **directly**, so
+it never exercised the CLI dispatch — only a real CLI run surfaced it. Fixed by
+guarding the early app-drive route so a leading run-registry subcommand keyword
+(resume/show/export/…) falls through to the switch; `run-resume-drive-smoke` now drives
+`cw run resume <id> --drive` through the actual CLI and asserts it routes to the verb,
+plus a regression guard that `run <app> --drive` still routes to the app drive.
+
+## Takeaway
+
+Unit tests that call the capability function directly can miss CLI-dispatch bugs.
+Every both-surface verb that adds a flag wants at least one test through the real CLI
+argv path, not just the exported function.

package/docs/durable-state-and-locking.7.md

@@ -111,3 +111,7 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+## Deterministic Tombstone Hash (v0.1.81)
+
+The reclamation tombstone's freed-manifest is now path-sorted before it feeds `tombstoneHash`, so the same freed set always yields the same hash regardless of filesystem enumeration order. This removes a non-determinism from the write-ahead chain (v0.1.39/v0.1.40), keeping the per-run tombstone hash-chain replayable and stable across hosts. Atomicity, locking, and the durable re-point seam are unchanged. v0.1.81 also adds import-time refusal (`CW_REQUIRE_ARCHIVE_INTEGRITY=1`) and restore-time trust-audit re-proving — see run-registry-control-plane(7).

package/docs/evidence-adoption-reasoning-chain.7.md

@@ -274,3 +274,5 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+_No changes to the Evidence Adoption Reasoning Chain surface in v0.1.81. The v0.1.81 trust-audit `computeEventHash` fix hardens the underlying audit records this chain links to by reference, but the derived reasoning view, its commands, and its eval gates are unchanged._

package/docs/execution-backends.7.md

@@ -304,3 +304,5 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
 ## Fast Architecture Review (v0.1.80)
 
 Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
+
+_No changes to the execution-backends surface in v0.1.81._

package/docs/index.md

@@ -7,6 +7,7 @@ Read these in order when you are new to CW:
 3. [Workflow App framework](workflow-app-framework.7.md) - userland app manifests, entrypoints, compatibility, and validation.
 4. [Sandbox Profiles](sandbox-profiles.7.md) - named worker policy contracts for read/write/execute/network/env handling.
 5. [Security / Trust Hardening](security-trust-hardening.7.md) - audit records, provenance, sandbox attestations, and acceptance rationale.
+   - [Trust Model & Limitations](trust-model.md) - what the ed25519 + hash-chain tamper-evidence proves and, honestly, what it does **not** (the single-keyholder ceiling). Read this before relying on a green verdict.
 6. [Multi-Agent Runtime Core](multi-agent-runtime-core.7.md) - first-class MultiAgentRun, roles, groups, memberships, fanout, fanin, and lifecycle state.
 7. [Coordinator / Blackboard](coordinator-blackboard.7.md) - shared topics, messages, context frames, artifact refs, snapshots, decisions, conflicts, and fanin evidence.
 8. [Multi-Agent Topologies](multi-agent-topologies.7.md) - official map-reduce, debate, and judge-panel recipes built on multi-agent and blackboard records.

package/docs/launch/launch-kit.md

@@ -9,7 +9,7 @@ Everything leads with the 30-second `npx cool-workflow demo tamper` proof.
 ## ✅ FINAL — Show HN (copy-paste ready)
 
 **Pre-flight (do these first):**
-1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → swap it into the README hero (replace the fenced output block with the GIF).
+1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → add it to the README hero (insert the GIF near the badges/intro).
 2. Confirm on a clean machine: `npx cool-workflow demo tamper` runs and prints `VERDICT: tamper-evidence holds ✓`.
 3. Post during US morning (HN traffic peak); reply to the first comment with the npm + provenance link.
 
@@ -34,25 +34,33 @@ agent you configure (claude -p, codex exec, an HTTP endpoint) and never embeds a
 model SDK or holds an API key. What it owns is the audit trail: each agent hop's
 reported usage is signed (ed25519) and appended to a hash-chained ledger, so
 editing any record — or even recomputing its local hash to cover the edit — breaks
-the chain downstream. You re-verify a finished run offline, with only the public
-key. No telemetry service to trust or breach.
+the chain downstream. You re-verify a finished run offline — no telemetry service
+to trust or breach.
 
 30-second proof, no install:
 
   npx cool-workflow demo tamper
 
 It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
-hash; inflate reported tokens + reuse the signature), and shows both caught. On a
-real run, `cw telemetry verify <run>` does the same against what's on disk.
+hash; inflate reported tokens + reuse the signature), and catches both offline with
+only the public key. On a real run, `cw telemetry verify <run>` re-proves the
+recorded ledger on disk — recomputing the chain so any later edit to a verdict or
+usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
+signature check offline too. I keep an
+honest trust-model doc (what it does and does NOT prove, incl. the single-keyholder
+ceiling): https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md
 
 Also: concurrent parallel() phases with declared collapse semantics (collect-all +
 kill-on-timeout — 16 agents with a forced hang/crash/dirty-return finish without
 deadlock and replay who-passed-who-failed), per-task output-schema gates, token
-budgets enforced against attested usage, and a one-way executor boundary welded
+budgets enforced against the host's recorded usage (opt-in gate fails closed on
+unattested telemetry), and a one-way executor boundary welded
 into the type system (a callable that could reach a model API fails `npm run
-build`). Zero runtime deps, BSD-2, published to npm with provenance.
+build`). Zero runtime deps, BSD-2, published to npm with provenance. Ships generated
+plugin manifests for 5 agent platforms (claude, codex, agents, gemini, opencode);
+`npm run manifest:load-check` boots all five from one source of truth.
 
-It's early (v0.1.79) — I'd genuinely like to hear where the "delegate, prove,
+It's early (v0.1.81) — I'd genuinely like to hear where the "delegate, prove,
 replay" model breaks down for your workflows.
 
 npm: https://www.npmjs.com/package/cool-workflow
@@ -64,8 +72,8 @@ npm: https://www.npmjs.com/package/cool-workflow
 
 > Cool Workflow is an auditable control-plane for multi-agent workflows. It
 > *delegates* model execution — never embeds it — and makes every recorded agent
-> telemetry verdict tamper-evident: anyone can re-verify a run offline with only a
-> public key.
+> telemetry verdict tamper-evident: anyone can re-verify a run's integrity offline,
+> and check the ed25519 attribution with the public key alone.
 
 ## Elevator (2 sentences)
 
@@ -94,8 +102,8 @@ npm: https://www.npmjs.com/package/cool-workflow
 > holds an API key. What it *does* own is the audit trail: each agent hop's reported
 > usage is signed (ed25519) and appended to a hash-chained ledger, so editing any
 > record — or even recomputing its local hash to cover the edit — breaks the chain
-> downstream. You can re-verify a finished run with only the public key, no network,
-> no trusted server.
+> downstream. You can re-verify a finished run offline — no network, no trusted
+> server.
 >
 > The 30-second proof, no install:
 >
@@ -104,18 +112,23 @@ npm: https://www.npmjs.com/package/cool-workflow
 > ```
 >
 > It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
-> hash; inflate reported tokens + reuse the signature), and shows both forgeries
-> caught offline. On a real run, `cw telemetry verify <run>` does the same against
-> what's on disk.
+> hash; inflate reported tokens + reuse the signature), and catches both offline with
+> only the public key. On a real run, `cw telemetry verify <run>` re-proves the
+> recorded ledger on disk — recomputing the chain so any later edit to a verdict or
+> usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
+> signature check offline too. I keep an
+> honest [trust model & limitations](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)
+> doc, including the single-keyholder ceiling.
 >
 > Other things it does: concurrent `parallel()` phases with declared collapse
 > semantics (collect-all + kill-on-timeout — 16 agents with a forced hang/crash/
 > dirty-return finish without deadlock and replay "who passed/who failed"), per-task
-> output-schema gates, token budgets enforced against attested usage, and a one-way
+> output-schema gates, token budgets enforced against the host's recorded usage
+> (an opt-in gate fails closed on unattested telemetry), and a one-way
 > executor boundary welded into the type system (a callable that could reach a model
 > API fails `npm run build`).
 >
-> Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.79) and I'd
+> Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.81) and I'd
 > genuinely like to hear where the "delegate, prove, replay" model breaks down for
 > your workflows.
 >
@@ -134,8 +147,9 @@ catches both offline with only the public key. A control-plane that delegates
 model execution but can still prove the bill is real.
 
 3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
-outputs, token budgets vs *attested* usage, and a red line (never call a model
-API) enforced at compile time. Zero deps, BSD-2.
+outputs, token budgets vs the host's recorded usage (attested-telemetry gate is
+opt-in), and a red line (never call a model API) enforced at compile time. Zero
+deps, BSD-2.
 → https://github.com/coo1white/cool-workflow
 
 ---
@@ -146,20 +160,29 @@ API) enforced at compile time. Zero deps, BSD-2.
   reported usage. The thing that *spends the money* is not the thing that *keeps
   the books* — the property auditors require everywhere except, so far, agent
   infra.
-- **Offline, public-key verification.** No telemetry service to trust or breach.
-  The record proves its own integrity; the verifier needs only the public key.
+- **Offline verification.** No telemetry service to trust or breach. The record
+  proves its own integrity offline — re-proving the chain needs no key at all — and
+  the ed25519 attribution checks against the public key alone.
 - **Replayable, not just logged.** CW breaks at dispatch and writes to disk, so a
   run replays deterministically — "who passed / who failed" is reconstructable, not
-  a scrollback of a fused process.
+  a scrollback of a fused process. A finished run is portable and self-proving:
+  `cw run inspect-archive <archive>` re-proves every file digest, the manifest, and
+  the whole-archive hash without importing it; `cw run import` then
+  `cw run verify-import <run-id>` restores it and re-proves the restored digests +
+  telemetry chain — a tampered archive is caught before it is trusted.
 - **Fail-closed by default where it counts.** Schema mismatch parks the hop;
   unverifiable usage can be refused (opt-in); an empty-capture result can't be
   presented as a clean commit.
+- **Cross-vendor, and it actually boots.** One source manifest
+  (`manifest/plugin.manifest.json`) generates Claude / Codex / Gemini / OpenCode /
+  agents adapters, and `npm run manifest:load-check` boots all five (184 tools each)
+  — the neutrality moat is executable, not aspirational.
 
 ## Assets to capture before posting
 
 - [ ] **Demo GIF** — reproducible, no manual screen-recording: `vhs
       plugins/cool-workflow/docs/launch/demo.tape` → `docs/launch/demo-tamper.gif`,
-      then swap it into the README hero (replace the fenced output block). The
+      then add it to the README hero (insert it near the badges/intro). The
       ✗ DETECTED lines are the hook.
 - [ ] Confirm `npx cool-workflow demo tamper` works from a clean machine (no clone).
 - [ ] Pin the npm version badge / release + provenance link in the first comment.