cool-workflow 0.1.80 → 0.1.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +42 -2
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/agent-config.js +21 -7
  11. package/dist/candidate-scoring.js +62 -48
  12. package/dist/capability-core.js +152 -96
  13. package/dist/capability-registry.js +160 -174
  14. package/dist/cli.js +90 -100
  15. package/dist/collaboration.js +5 -6
  16. package/dist/commit.js +232 -209
  17. package/dist/compare.js +18 -0
  18. package/dist/coordinator/classify.js +45 -0
  19. package/dist/coordinator/paths.js +42 -0
  20. package/dist/coordinator/util.js +126 -0
  21. package/dist/coordinator.js +127 -300
  22. package/dist/dispatch.js +46 -3
  23. package/dist/drive.js +7 -7
  24. package/dist/error-feedback.js +8 -4
  25. package/dist/evidence-reasoning.js +5 -2
  26. package/dist/execution-backend/agent.js +294 -0
  27. package/dist/execution-backend/probes.js +96 -0
  28. package/dist/execution-backend/util.js +47 -0
  29. package/dist/execution-backend.js +77 -450
  30. package/dist/gates.js +48 -0
  31. package/dist/mcp-server.js +34 -173
  32. package/dist/multi-agent/graph.js +84 -0
  33. package/dist/multi-agent/helpers.js +141 -0
  34. package/dist/multi-agent/ids.js +20 -0
  35. package/dist/multi-agent/paths.js +22 -0
  36. package/dist/multi-agent-eval/format.js +194 -0
  37. package/dist/multi-agent-eval/normalize.js +51 -0
  38. package/dist/multi-agent-eval.js +63 -242
  39. package/dist/multi-agent-host.js +53 -40
  40. package/dist/multi-agent-operator-ux.js +2 -1
  41. package/dist/multi-agent-trust.js +5 -5
  42. package/dist/multi-agent.js +125 -314
  43. package/dist/node-projection.js +59 -0
  44. package/dist/node-snapshot.js +11 -21
  45. package/dist/observability/format.js +61 -0
  46. package/dist/observability/intake.js +98 -0
  47. package/dist/observability.js +14 -160
  48. package/dist/operator-ux/format.js +364 -0
  49. package/dist/operator-ux.js +22 -363
  50. package/dist/orchestrator/lifecycle-operations.js +22 -1
  51. package/dist/orchestrator/report.js +8 -0
  52. package/dist/orchestrator.js +41 -10
  53. package/dist/reclamation.js +32 -55
  54. package/dist/run-export.js +138 -14
  55. package/dist/run-registry/derive.js +172 -0
  56. package/dist/run-registry/format.js +124 -0
  57. package/dist/run-registry/gc.js +251 -0
  58. package/dist/run-registry/policy.js +16 -0
  59. package/dist/run-registry/queue.js +116 -0
  60. package/dist/run-registry.js +78 -593
  61. package/dist/run-state-schema.js +1 -0
  62. package/dist/sandbox-profile.js +43 -2
  63. package/dist/scheduler.js +34 -4
  64. package/dist/state-explosion/format.js +159 -0
  65. package/dist/state-explosion/helpers.js +82 -0
  66. package/dist/state-explosion.js +65 -283
  67. package/dist/state-node.js +19 -4
  68. package/dist/telemetry-attestation.js +55 -0
  69. package/dist/telemetry-demo.js +15 -3
  70. package/dist/telemetry-ledger.js +60 -15
  71. package/dist/topology.js +50 -12
  72. package/dist/triggers.js +33 -14
  73. package/dist/trust-audit.js +215 -71
  74. package/dist/validation.js +328 -0
  75. package/dist/version.js +1 -1
  76. package/dist/worker-isolation/helpers.js +51 -0
  77. package/dist/worker-isolation/paths.js +46 -0
  78. package/dist/worker-isolation.js +182 -173
  79. package/docs/agent-delegation-drive.7.md +14 -0
  80. package/docs/cli-mcp-parity.7.md +5 -0
  81. package/docs/contract-migration-tooling.7.md +3 -0
  82. package/docs/control-plane-scheduling.7.md +3 -0
  83. package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +40 -0
  84. package/docs/durable-state-and-locking.7.md +5 -0
  85. package/docs/evidence-adoption-reasoning-chain.7.md +3 -0
  86. package/docs/execution-backends.7.md +3 -0
  87. package/docs/index.md +1 -0
  88. package/docs/launch/launch-kit.md +46 -23
  89. package/docs/launch/pre-launch-checklist.md +14 -14
  90. package/docs/multi-agent-cli-mcp-surface.7.md +5 -0
  91. package/docs/multi-agent-eval-replay-harness.7.md +3 -0
  92. package/docs/multi-agent-operator-ux.7.md +3 -0
  93. package/docs/multi-agent-trust-policy-audit.7.md +27 -0
  94. package/docs/node-snapshot-diff-replay.7.md +3 -0
  95. package/docs/observability-cost-accounting.7.md +3 -0
  96. package/docs/project-index.md +23 -6
  97. package/docs/real-execution-backends.7.md +3 -0
  98. package/docs/release-and-migration.7.md +5 -0
  99. package/docs/release-tooling.7.md +35 -2
  100. package/docs/run-registry-control-plane.7.md +55 -8
  101. package/docs/run-retention-reclamation.7.md +5 -0
  102. package/docs/state-explosion-management.7.md +3 -0
  103. package/docs/team-collaboration.7.md +3 -0
  104. package/docs/trust-model.md +267 -0
  105. package/docs/vendor-manifest-loadability.7.md +43 -0
  106. package/docs/web-desktop-workbench.7.md +3 -0
  107. package/manifest/plugin.manifest.json +1 -1
  108. package/manifest/source-context-profiles.json +1 -1
  109. package/package.json +4 -2
  110. package/scripts/agents/builtin-templates.json +7 -0
  111. package/scripts/bump-version.js +5 -11
  112. package/scripts/canonical-apps-list.js +64 -0
  113. package/scripts/canonical-apps.js +19 -4
  114. package/scripts/children/batch-delegate-child.js +58 -0
  115. package/scripts/children/http-delegate-child.js +39 -0
  116. package/scripts/dogfood-release.js +1 -1
  117. package/scripts/golden-path.js +4 -4
  118. package/scripts/parity-check.js +5 -0
  119. package/scripts/release-check.js +5 -1
  120. package/scripts/release-flow.js +181 -5
  121. package/scripts/version-sync-check.js +5 -8
  122. package/dist/capability-dispatcher.js +0 -86
@@ -114,3 +114,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
114
114
  ## Fast Architecture Review (v0.1.80)
115
115
 
116
116
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
117
+
118
+ _No changes to the control-plane scheduling surface in v0.1.81._
119
+ _No behavioral change in v0.1.82 (schedule/run ids are now deterministic-but-unique via a monotonic counter + pid instead of Math.random; ids stay collision-free)._
@@ -0,0 +1,40 @@
1
+ # Dogfood: real `builtin:claude` agent + `run resume --drive` (2026-06-14)
2
+
3
+ A live dogfood run with a REAL external agent (`CW_AGENT_COMMAND=builtin:claude`, the
4
+ bundled read-only claude wrapper). The model ran in the agent's own process; CW
5
+ spawned it and recorded the attested output — CW holds no API key and imports no
6
+ model SDK. This run had two purposes and delivered both: it confirmed the real-agent
7
+ delegation path works end to end, and — because it exercised the **CLI** rather than
8
+ the unit-test function path — it **caught a real shipped bug** in `run resume --drive`.
9
+
10
+ ## What ran
11
+
12
+ - `cw run architecture-review --drive --once --repo <tmp> --question "…"` with a real
13
+ `builtin:claude` agent: **1 worker completed** end-to-end with zero hand-written
14
+ result.md — the worker's `result.md` was produced by real claude, passed the
15
+ evidence-gated acceptance, and a `report.md` (7.5 KB, "# Architecture Review …")
16
+ + 3 state commits were written. The real-agent path (spawn → attested output →
17
+ evidence gate → commit) works.
18
+ - Run: `architecture-review-20260614T104416Z-upkor2`, status `in-progress` (1/14)
19
+ after the single `--once` step.
20
+
21
+ ## The bug it caught (and the fix)
22
+
23
+ Resuming the partway run with `cw run resume <id> --drive` failed:
24
+ `cw: Workflow app not found: resume`. The `run` command's early `--drive` branch
25
+ (the `cw run <app> --drive` one-command form) intercepted the invocation *before* the
26
+ subcommand switch, so the `resume` keyword was misread as an app name and never
27
+ reached the `runResume` continuation shipped in #155.
28
+
29
+ The A1 unit smoke (`run-resume-drive-smoke`) had tested `runResume()` **directly**, so
30
+ it never exercised the CLI dispatch — only a real CLI run surfaced it. Fixed by
31
+ guarding the early app-drive route so a leading run-registry subcommand keyword
32
+ (resume/show/export/…) falls through to the switch; `run-resume-drive-smoke` now drives
33
+ `cw run resume <id> --drive` through the actual CLI and asserts it routes to the verb,
34
+ plus a regression guard that `run <app> --drive` still routes to the app drive.
35
+
36
+ ## Takeaway
37
+
38
+ Unit tests that call the capability function directly can miss CLI-dispatch bugs.
39
+ Every both-surface verb that adds a flag wants at least one test through the real CLI
40
+ argv path, not just the exported function.
@@ -111,3 +111,8 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
111
111
  ## Fast Architecture Review (v0.1.80)
112
112
 
113
113
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
114
+
115
+ ## Deterministic Tombstone Hash (v0.1.81)
116
+
117
+ The reclamation tombstone's freed-manifest is now path-sorted before it feeds `tombstoneHash`, so the same freed set always yields the same hash regardless of filesystem enumeration order. This removes a non-determinism from the write-ahead chain (v0.1.39/v0.1.40), keeping the per-run tombstone hash-chain replayable and stable across hosts. Atomicity, locking, and the durable re-point seam are unchanged. v0.1.81 also adds import-time refusal (`CW_REQUIRE_ARCHIVE_INTEGRITY=1`) and restore-time trust-audit re-proving — see run-registry-control-plane(7).
118
+ _No changes in v0.1.82._
@@ -274,3 +274,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
274
274
  ## Fast Architecture Review (v0.1.80)
275
275
 
276
276
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
277
+
278
+ _No changes to the Evidence Adoption Reasoning Chain surface in v0.1.81. The v0.1.81 trust-audit `computeEventHash` fix hardens the underlying audit records this chain links to by reference, but the derived reasoning view, its commands, and its eval gates are unchanged._
279
+ _No changes in v0.1.82._
@@ -304,3 +304,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
304
304
  ## Fast Architecture Review (v0.1.80)
305
305
 
306
306
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
307
+
308
+ _No changes to the execution-backends surface in v0.1.81._
309
+ _No behavioral change in v0.1.82 (the delegated child programs moved from inline `node -e` strings to `scripts/children/`; spawn argv and shell:false behavior are byte-identical)._
package/docs/index.md CHANGED
@@ -7,6 +7,7 @@ Read these in order when you are new to CW:
7
7
  3. [Workflow App framework](workflow-app-framework.7.md) - userland app manifests, entrypoints, compatibility, and validation.
8
8
  4. [Sandbox Profiles](sandbox-profiles.7.md) - named worker policy contracts for read/write/execute/network/env handling.
9
9
  5. [Security / Trust Hardening](security-trust-hardening.7.md) - audit records, provenance, sandbox attestations, and acceptance rationale.
10
+ - [Trust Model & Limitations](trust-model.md) - what the ed25519 + hash-chain tamper-evidence proves and, honestly, what it does **not** (the single-keyholder ceiling). Read this before relying on a green verdict.
10
11
  6. [Multi-Agent Runtime Core](multi-agent-runtime-core.7.md) - first-class MultiAgentRun, roles, groups, memberships, fanout, fanin, and lifecycle state.
11
12
  7. [Coordinator / Blackboard](coordinator-blackboard.7.md) - shared topics, messages, context frames, artifact refs, snapshots, decisions, conflicts, and fanin evidence.
12
13
  8. [Multi-Agent Topologies](multi-agent-topologies.7.md) - official map-reduce, debate, and judge-panel recipes built on multi-agent and blackboard records.
@@ -9,7 +9,7 @@ Everything leads with the 30-second `npx cool-workflow demo tamper` proof.
9
9
  ## ✅ FINAL — Show HN (copy-paste ready)
10
10
 
11
11
  **Pre-flight (do these first):**
12
- 1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → swap it into the README hero (replace the fenced output block with the GIF).
12
+ 1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → add it to the README hero (insert the GIF near the badges/intro).
13
13
  2. Confirm on a clean machine: `npx cool-workflow demo tamper` runs and prints `VERDICT: tamper-evidence holds ✓`.
14
14
  3. Post during US morning (HN traffic peak); reply to the first comment with the npm + provenance link.
15
15
 
@@ -34,25 +34,33 @@ agent you configure (claude -p, codex exec, an HTTP endpoint) and never embeds a
34
34
  model SDK or holds an API key. What it owns is the audit trail: each agent hop's
35
35
  reported usage is signed (ed25519) and appended to a hash-chained ledger, so
36
36
  editing any record — or even recomputing its local hash to cover the edit — breaks
37
- the chain downstream. You re-verify a finished run offline, with only the public
38
- key. No telemetry service to trust or breach.
37
+ the chain downstream. You re-verify a finished run offline no telemetry service
38
+ to trust or breach.
39
39
 
40
40
  30-second proof, no install:
41
41
 
42
42
  npx cool-workflow demo tamper
43
43
 
44
44
  It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
45
- hash; inflate reported tokens + reuse the signature), and shows both caught. On a
46
- real run, `cw telemetry verify <run>` does the same against what's on disk.
45
+ hash; inflate reported tokens + reuse the signature), and catches both offline with
46
+ only the public key. On a real run, `cw telemetry verify <run>` re-proves the
47
+ recorded ledger on disk — recomputing the chain so any later edit to a verdict or
48
+ usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
49
+ signature check offline too. I keep an
50
+ honest trust-model doc (what it does and does NOT prove, incl. the single-keyholder
51
+ ceiling): https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md
47
52
 
48
53
  Also: concurrent parallel() phases with declared collapse semantics (collect-all +
49
54
  kill-on-timeout — 16 agents with a forced hang/crash/dirty-return finish without
50
55
  deadlock and replay who-passed-who-failed), per-task output-schema gates, token
51
- budgets enforced against attested usage, and a one-way executor boundary welded
56
+ budgets enforced against the host's recorded usage (opt-in gate fails closed on
57
+ unattested telemetry), and a one-way executor boundary welded
52
58
  into the type system (a callable that could reach a model API fails `npm run
53
- build`). Zero runtime deps, BSD-2, published to npm with provenance.
59
+ build`). Zero runtime deps, BSD-2, published to npm with provenance. Ships generated
60
+ plugin manifests for 5 agent platforms (claude, codex, agents, gemini, opencode);
61
+ `npm run manifest:load-check` boots all five from one source of truth.
54
62
 
55
- It's early (v0.1.79) — I'd genuinely like to hear where the "delegate, prove,
63
+ It's early (v0.1.81) — I'd genuinely like to hear where the "delegate, prove,
56
64
  replay" model breaks down for your workflows.
57
65
 
58
66
  npm: https://www.npmjs.com/package/cool-workflow
@@ -64,8 +72,8 @@ npm: https://www.npmjs.com/package/cool-workflow
64
72
 
65
73
  > Cool Workflow is an auditable control-plane for multi-agent workflows. It
66
74
  > *delegates* model execution — never embeds it — and makes every recorded agent
67
- > telemetry verdict tamper-evident: anyone can re-verify a run offline with only a
68
- > public key.
75
+ > telemetry verdict tamper-evident: anyone can re-verify a run's integrity offline,
76
+ > and check the ed25519 attribution with the public key alone.
69
77
 
70
78
  ## Elevator (2 sentences)
71
79
 
@@ -94,8 +102,8 @@ npm: https://www.npmjs.com/package/cool-workflow
94
102
  > holds an API key. What it *does* own is the audit trail: each agent hop's reported
95
103
  > usage is signed (ed25519) and appended to a hash-chained ledger, so editing any
96
104
  > record — or even recomputing its local hash to cover the edit — breaks the chain
97
- > downstream. You can re-verify a finished run with only the public key, no network,
98
- > no trusted server.
105
+ > downstream. You can re-verify a finished run offline no network, no trusted
106
+ > server.
99
107
  >
100
108
  > The 30-second proof, no install:
101
109
  >
@@ -104,18 +112,23 @@ npm: https://www.npmjs.com/package/cool-workflow
104
112
  > ```
105
113
  >
106
114
  > It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
107
- > hash; inflate reported tokens + reuse the signature), and shows both forgeries
108
- > caught offline. On a real run, `cw telemetry verify <run>` does the same against
109
- > what's on disk.
115
+ > hash; inflate reported tokens + reuse the signature), and catches both offline with
116
+ > only the public key. On a real run, `cw telemetry verify <run>` re-proves the
117
+ > recorded ledger on disk — recomputing the chain so any later edit to a verdict or
118
+ > usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
119
+ > signature check offline too. I keep an
120
+ > honest [trust model & limitations](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)
121
+ > doc, including the single-keyholder ceiling.
110
122
  >
111
123
  > Other things it does: concurrent `parallel()` phases with declared collapse
112
124
  > semantics (collect-all + kill-on-timeout — 16 agents with a forced hang/crash/
113
125
  > dirty-return finish without deadlock and replay "who passed/who failed"), per-task
114
- > output-schema gates, token budgets enforced against attested usage, and a one-way
126
+ > output-schema gates, token budgets enforced against the host's recorded usage
127
+ > (an opt-in gate fails closed on unattested telemetry), and a one-way
115
128
  > executor boundary welded into the type system (a callable that could reach a model
116
129
  > API fails `npm run build`).
117
130
  >
118
- > Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.79) and I'd
131
+ > Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.81) and I'd
119
132
  > genuinely like to hear where the "delegate, prove, replay" model breaks down for
120
133
  > your workflows.
121
134
  >
@@ -134,8 +147,9 @@ catches both offline with only the public key. A control-plane that delegates
134
147
  model execution but can still prove the bill is real.
135
148
 
136
149
  3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
137
- outputs, token budgets vs *attested* usage, and a red line (never call a model
138
- API) enforced at compile time. Zero deps, BSD-2.
150
+ outputs, token budgets vs the host's recorded usage (attested-telemetry gate is
151
+ opt-in), and a red line (never call a model API) enforced at compile time. Zero
152
+ deps, BSD-2.
139
153
  → https://github.com/coo1white/cool-workflow
140
154
 
141
155
  ---
@@ -146,20 +160,29 @@ API) enforced at compile time. Zero deps, BSD-2.
146
160
  reported usage. The thing that *spends the money* is not the thing that *keeps
147
161
  the books* — the property auditors require everywhere except, so far, agent
148
162
  infra.
149
- - **Offline, public-key verification.** No telemetry service to trust or breach.
150
- The record proves its own integrity; the verifier needs only the public key.
163
+ - **Offline verification.** No telemetry service to trust or breach. The record
164
+ proves its own integrity offline — re-proving the chain needs no key at all — and
165
+ the ed25519 attribution checks against the public key alone.
151
166
  - **Replayable, not just logged.** CW breaks at dispatch and writes to disk, so a
152
167
  run replays deterministically — "who passed / who failed" is reconstructable, not
153
- a scrollback of a fused process.
168
+ a scrollback of a fused process. A finished run is portable and self-proving:
169
+ `cw run inspect-archive <archive>` re-proves every file digest, the manifest, and
170
+ the whole-archive hash without importing it; `cw run import` then
171
+ `cw run verify-import <run-id>` restores it and re-proves the restored digests +
172
+ telemetry chain — a tampered archive is caught before it is trusted.
154
173
  - **Fail-closed by default where it counts.** Schema mismatch parks the hop;
155
174
  unverifiable usage can be refused (opt-in); an empty-capture result can't be
156
175
  presented as a clean commit.
176
+ - **Cross-vendor, and it actually boots.** One source manifest
177
+ (`manifest/plugin.manifest.json`) generates Claude / Codex / Gemini / OpenCode /
178
+ agents adapters, and `npm run manifest:load-check` boots all five (184 tools each)
179
+ — the neutrality moat is executable, not aspirational.
157
180
 
158
181
  ## Assets to capture before posting
159
182
 
160
183
  - [ ] **Demo GIF** — reproducible, no manual screen-recording: `vhs
161
184
  plugins/cool-workflow/docs/launch/demo.tape` → `docs/launch/demo-tamper.gif`,
162
- then swap it into the README hero (replace the fenced output block). The
185
+ then add it to the README hero (insert it near the badges/intro). The
163
186
  ✗ DETECTED lines are the hook.
164
187
  - [ ] Confirm `npx cool-workflow demo tamper` works from a clean machine (no clone).
165
188
  - [ ] Pin the npm version badge / release + provenance link in the first comment.
@@ -1,26 +1,20 @@
1
1
  # Pre-Launch Checklist — Cool Workflow Show HN
2
2
 
3
- Tick top to bottom; when it's done, post. The one non-negotiable gate is ③.
3
+ Tick top to bottom; when it's done, post. The one non-negotiable gate is ②.
4
4
  Copy for the post itself lives in [launch-kit.md](launch-kit.md) (the **✅ FINAL**
5
5
  block).
6
6
 
7
- ## ① Fix the machine (prerequisite)
8
-
9
- - [ ] **Reboot the Mac** — clears the leaked ptys (`kern.tty.ptmx_max` was 511 with
10
- 527 allocated), so Terminal / VS Code can spawn shells again. Required before
11
- the verification below.
12
-
13
- ## ② Prepare assets (optional, recommended)
7
+ ## ① Prepare assets (optional, recommended)
14
8
 
15
9
  - [ ] Install [vhs](https://github.com/charmbracelet/vhs) (`brew install vhs`).
16
10
  - [ ] Record the GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` →
17
11
  `docs/launch/demo-tamper.gif`.
18
- - [ ] Swap it into the README hero (replace the fenced demo output block with
19
- `![demo](plugins/cool-workflow/docs/launch/demo-tamper.gif)`), commit + push.
12
+ - [ ] Add it to the README hero (insert
13
+ `![demo](plugins/cool-workflow/docs/launch/demo-tamper.gif)` near the badges/intro), commit + push.
20
14
  > Shippable without the GIF — the README's text `✗ DETECTED` hook already stands;
21
15
  > the GIF is upside, not a blocker.
22
16
 
23
- ## Verify — the make-or-break gate (do not skip)
17
+ ## Verify — the make-or-break gate (do not skip)
24
18
 
25
19
  - [ ] On a **clean machine / fresh terminal**: `npx cool-workflow demo tamper`
26
20
  prints `VERDICT: tamper-evidence holds ✓`.
@@ -28,20 +22,26 @@ block).
28
22
  > non-negotiable check.
29
23
  - [ ] Sanity: `npx cool-workflow quickstart architecture-review --repo . --question "risks?"`
30
24
  → `status: blocked` with no agent configured (fails closed, no crash).
25
+ - [ ] Resumable sanity: `cw quickstart architecture-review --resume` advances one step
26
+ then stops; `cw run resume <run-id> --drive` continues a stopped run — proving
27
+ runs break at dispatch and replay from disk.
31
28
 
32
- ## Post (US morning, ~9–11am ET is peak)
29
+ ## Post (US morning, ~9–11am ET is peak)
33
30
 
34
31
  - [ ] Open the **✅ FINAL** block in [launch-kit.md](launch-kit.md).
35
32
  - [ ] HN title: `Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
36
33
  - [ ] URL field: `https://github.com/coo1white/cool-workflow`
37
34
  - [ ] Immediately after posting, paste the FINAL "first comment" as the first reply.
38
35
 
39
- ## First hour (decides the outcome)
36
+ ## First hour (decides the outcome)
40
37
 
41
38
  - [ ] Watch and reply fast — early engagement weighs most on HN.
42
39
  - [ ] On the "single key holder / no second party" critique (the audit flagged it
43
40
  too): concede it honestly and frame it as exactly why you're looking for early
44
41
  integration partners. **Turn the critique into an invitation; don't argue.**
42
+ > The canned, linkable answer is already written: [docs/trust-model.md](../trust-model.md)
43
+ > states the ceiling plainly (integrity ≠ source honesty; one party holding both
44
+ > roles; full local re-chain) and frames the partner ask. Link it; don't re-argue it.
45
45
  - [ ] No vote-rigging, no asking friends to upvote, no deleting critical comments —
46
46
  HN's anti-abuse will sink the post.
47
47
 
@@ -49,5 +49,5 @@ block).
49
49
 
50
50
  ### Go / no-go
51
51
 
52
- > If **③ — `npx cool-workflow demo tamper` prints `✓` on a clean machine** — passes,
52
+ > If **② — `npx cool-workflow demo tamper` prints `✓` on a clean machine** — passes,
53
53
  > you can post. Everything else is upside.
@@ -269,3 +269,8 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
269
269
  ## Fast Architecture Review (v0.1.80)
270
270
 
271
271
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
272
+
273
+ ## New Both-Surface Verbs (v0.1.81)
274
+
275
+ v0.1.81 adds `audit verify` (`cw_audit_verify`) and `run inspect-archive` (`cw_run_inspect_archive`) — both declared once in the capability registry and exposed identically on the CLI and MCP, fail-closed (non-zero exit / `ok:false` on an unverified chain or a tampered archive).
276
+ _No changes in v0.1.82._
@@ -306,3 +306,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
306
306
  ## Fast Architecture Review (v0.1.80)
307
307
 
308
308
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
309
+
310
+ _No changes to the multi-agent eval/replay harness in v0.1.81 (the multi-agent-eval module was carved into behavior-preserving siblings; replay output is byte-identical)._
311
+ _v0.1.82 — replay now RE-DERIVES the projection from the raw captured state instead of copying the baseline, so a nondeterministic projection is caught instead of silently passing; a new regression smoke (including an intrinsic-nondeterminism case) proves the moat has teeth._
@@ -318,3 +318,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
318
318
  ## Fast Architecture Review (v0.1.80)
319
319
 
320
320
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
321
+
322
+ _No changes to the multi-agent operator UX surface in v0.1.81 (the operator-ux module was carved into behavior-preserving siblings; output is byte-identical)._
323
+ _No changes in v0.1.82._
@@ -115,6 +115,32 @@ Human output includes stable panels:
115
115
  - Policy Violations
116
116
  - Next Action
117
117
 
118
+ ## Verify (fail-closed)
119
+
120
+ `audit summary` embeds an `integrity` field but is a *reader* — it always exits 0,
121
+ so it cannot gate a script. `audit verify` is the gate:
122
+
123
+ ```bash
124
+ node scripts/cw.js audit verify <run-id> # exit 1 if the chain is forged
125
+ node scripts/cw.js audit verify <run-id> --json
126
+ ```
127
+
128
+ It re-proves the run's trust-audit hash chain offline: it recomputes every event
129
+ hash from genesis, checks `prevEventHash` linkage, and catches the unchained-event
130
+ forgery (an `eventHash`-less line slipped into a chained log to be waved through as
131
+ "legacy"). The JSON reports `present`, `verified`, `eventCount`, `chained`,
132
+ `unchained`, `corruptLines`, and `failedChecks[]`.
133
+
134
+ Exit-code contract (the peer of `telemetry verify`):
135
+
136
+ - ANY **unverified** chain exits **1** — forged / edited / truncated / unchained-injected,
137
+ *and* a fully-corrupt log (every line unparseable, which reports `present:false` but
138
+ `verified:false`). The gate keys on `verified`, not `present`, so the most severe
139
+ tamper — garbling the whole log — cannot escape by looking "absent". So
140
+ `cw audit verify <run> && deploy` stops on tampering.
141
+ - Only a truly **absent / empty** chain is `verified:true` / exit **0** — a run with
142
+ no audit log (or a blank one) has nothing to prove (no false-red).
143
+
118
144
  ## MCP
119
145
 
120
146
  MCP parity tools:
@@ -128,6 +154,7 @@ MCP parity tools:
128
154
  The older audit tools remain available:
129
155
 
130
156
  - `cw_audit_summary`
157
+ - `cw_audit_verify` — fail-closed re-prove of the trust-audit hash chain (peer of `cw_telemetry_verify`)
131
158
  - `cw_audit_worker`
132
159
  - `cw_audit_provenance`
133
160
  - `cw_audit_attest`
@@ -139,3 +139,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
139
139
  ## Fast Architecture Review (v0.1.80)
140
140
 
141
141
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
142
+
143
+ _No changes to node-snapshot diff/replay in v0.1.81._
144
+ _No behavioral change in v0.1.82 (the node projection field set was unified into one source of truth; snapshot/replay digests are byte-identical)._
@@ -198,3 +198,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
198
198
  ## Fast Architecture Review (v0.1.80)
199
199
 
200
200
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
201
+
202
+ _No changes to the observability + cost-accounting surface in v0.1.81 (the observability module was carved into behavior-preserving siblings; output is byte-identical)._
203
+ _No changes in v0.1.82._
@@ -1,15 +1,15 @@
1
1
  # Cool Workflow Project Index
2
2
 
3
- Generated from the current repository code on 2026-06-13 by `npm run sync:project-index`.
3
+ Generated from the current repository code on 2026-06-15 by `npm run sync:project-index`.
4
4
 
5
5
  ## Snapshot
6
6
 
7
7
  - Package: `cool-workflow`
8
- - Version: `0.1.80`
9
- - Source modules: `58`
8
+ - Version: `0.1.82`
9
+ - Source modules: `61`
10
10
  - Workflow apps: `7`
11
- - Docs: `47`
12
- - Smoke tests: `75`
11
+ - Docs: `49`
12
+ - Smoke tests: `87`
13
13
  - Repository: https://github.com/coo1white/cool-workflow
14
14
 
15
15
  ## Architecture
@@ -82,17 +82,19 @@ multi-agent host -> topology -> blackboard/coordinator
82
82
 
83
83
  - [agent-config.ts](../src/agent-config.ts)
84
84
  - [capability-core.ts](../src/capability-core.ts)
85
- - [capability-dispatcher.ts](../src/capability-dispatcher.ts)
86
85
  - [capability-registry.ts](../src/capability-registry.ts)
87
86
  - [collaboration.ts](../src/collaboration.ts)
87
+ - [compare.ts](../src/compare.ts)
88
88
  - [contract-migration.ts](../src/contract-migration.ts)
89
89
  - [drive.ts](../src/drive.ts)
90
90
  - [evidence-grounding.ts](../src/evidence-grounding.ts)
91
91
  - [evidence-reasoning.ts](../src/evidence-reasoning.ts)
92
92
  - [execution-backend.ts](../src/execution-backend.ts)
93
+ - [gates.ts](../src/gates.ts)
93
94
  - [multi-agent-eval.ts](../src/multi-agent-eval.ts)
94
95
  - [multi-agent-operator-ux.ts](../src/multi-agent-operator-ux.ts)
95
96
  - [multi-agent-trust.ts](../src/multi-agent-trust.ts)
97
+ - [node-projection.ts](../src/node-projection.ts)
96
98
  - [node-snapshot.ts](../src/node-snapshot.ts)
97
99
  - [observability.ts](../src/observability.ts)
98
100
  - [reclamation.ts](../src/reclamation.ts)
@@ -107,6 +109,7 @@ multi-agent host -> topology -> blackboard/coordinator
107
109
  - [telemetry-attestation.ts](../src/telemetry-attestation.ts)
108
110
  - [telemetry-demo.ts](../src/telemetry-demo.ts)
109
111
  - [telemetry-ledger.ts](../src/telemetry-ledger.ts)
112
+ - [validation.ts](../src/validation.ts)
110
113
  - [verifier-registry.ts](../src/verifier-registry.ts)
111
114
  - [workbench-host.ts](../src/workbench-host.ts)
112
115
  - [workbench.ts](../src/workbench.ts)
@@ -167,7 +170,9 @@ multi-agent host -> topology -> blackboard/coordinator
167
170
  - [State Explosion Management](state-explosion-management.7.md)
168
171
  - [STATE-NODE(7)](state-node.7.md)
169
172
  - [Team Collaboration](team-collaboration.7.md)
173
+ - [Trust Model & Limitations](trust-model.md)
170
174
  - [Unix-Inspired Workflow Principles](unix-principles.md)
175
+ - [Vendor Manifest Loadability](vendor-manifest-loadability.7.md)
171
176
  - [VERIFIER-GATED-COMMIT(7)](verifier-gated-commit.7.md)
172
177
  - [Web / Desktop Workbench](web-desktop-workbench.7.md)
173
178
  - [WORKER-ISOLATION(7)](worker-isolation.7.md)
@@ -181,17 +186,20 @@ Smoke tests mirror the public contracts. The high-signal suites are:
181
186
  - [architecture-review-fast-automation-smoke.js](../test/architecture-review-fast-automation-smoke.js)
182
187
  - [architecture-review-fast-smoke.js](../test/architecture-review-fast-smoke.js)
183
188
  - [artifact-integrity-smoke.js](../test/artifact-integrity-smoke.js)
189
+ - [audit-verify-smoke.js](../test/audit-verify-smoke.js)
184
190
  - [backend-registry-smoke.js](../test/backend-registry-smoke.js)
185
191
  - [block-unapproved-tag-smoke.js](../test/block-unapproved-tag-smoke.js)
186
192
  - [candidate-scoring-smoke.js](../test/candidate-scoring-smoke.js)
187
193
  - [canonical-workflow-apps-smoke.js](../test/canonical-workflow-apps-smoke.js)
188
194
  - [claude-p-agent-wrapper-smoke.js](../test/claude-p-agent-wrapper-smoke.js)
195
+ - [cli-jsonmode-parity-smoke.js](../test/cli-jsonmode-parity-smoke.js)
189
196
  - [cli-mcp-parity-smoke.js](../test/cli-mcp-parity-smoke.js)
190
197
  - [concurrent-failure-semantics-smoke.js](../test/concurrent-failure-semantics-smoke.js)
191
198
  - [concurrent-workflow-dsl-smoke.js](../test/concurrent-workflow-dsl-smoke.js)
192
199
  - [contract-migration-tooling-smoke.js](../test/contract-migration-tooling-smoke.js)
193
200
  - [control-plane-scheduling-smoke.js](../test/control-plane-scheduling-smoke.js)
194
201
  - [coordinator-blackboard-smoke.js](../test/coordinator-blackboard-smoke.js)
202
+ - [det-ids-b-smoke.js](../test/det-ids-b-smoke.js)
195
203
  - [dogfood-release-smoke.js](../test/dogfood-release-smoke.js)
196
204
  - [durable-atomic-write-smoke.js](../test/durable-atomic-write-smoke.js)
197
205
  - [end-to-end-demo-smoke.js](../test/end-to-end-demo-smoke.js)
@@ -201,8 +209,11 @@ Smoke tests mirror the public contracts. The high-signal suites are:
201
209
  - [evidence-adoption-reasoning-smoke.js](../test/evidence-adoption-reasoning-smoke.js)
202
210
  - [evidence-content-extraction-smoke.js](../test/evidence-content-extraction-smoke.js)
203
211
  - [execution-backends-smoke.js](../test/execution-backends-smoke.js)
212
+ - [freebsd-audit-fixes-smoke.js](../test/freebsd-audit-fixes-smoke.js)
213
+ - [h7-custom-profile-persist-smoke.js](../test/h7-custom-profile-persist-smoke.js)
204
214
  - [mcp-app-surface-smoke.js](../test/mcp-app-surface-smoke.js)
205
215
  - [multi-agent-cli-mcp-surface-smoke.js](../test/multi-agent-cli-mcp-surface-smoke.js)
216
+ - [multi-agent-eval-determinism-regression-smoke.js](../test/multi-agent-eval-determinism-regression-smoke.js)
206
217
  - [multi-agent-eval-replay-harness-smoke.js](../test/multi-agent-eval-replay-harness-smoke.js)
207
218
  - [multi-agent-eval-replay-smoke.js](../test/multi-agent-eval-replay-smoke.js)
208
219
  - [multi-agent-operator-ux-smoke.js](../test/multi-agent-operator-ux-smoke.js)
@@ -229,7 +240,10 @@ Smoke tests mirror the public contracts. The high-signal suites are:
229
240
  - [run-export-restore-rerun-smoke.js](../test/run-export-restore-rerun-smoke.js)
230
241
  - [run-export-restore-resume-smoke.js](../test/run-export-restore-resume-smoke.js)
231
242
  - [run-fixture-compat-smoke.js](../test/run-fixture-compat-smoke.js)
243
+ - [run-import-tamper-failclosed-smoke.js](../test/run-import-tamper-failclosed-smoke.js)
244
+ - [run-inspect-archive-smoke.js](../test/run-inspect-archive-smoke.js)
232
245
  - [run-registry-control-plane-smoke.js](../test/run-registry-control-plane-smoke.js)
246
+ - [run-resume-drive-smoke.js](../test/run-resume-drive-smoke.js)
233
247
  - [run-retention-reclamation-smoke.js](../test/run-retention-reclamation-smoke.js)
234
248
  - [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
235
249
  - [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
@@ -246,8 +260,11 @@ Smoke tests mirror the public contracts. The high-signal suites are:
246
260
  - [telemetry-fail-closed-smoke.js](../test/telemetry-fail-closed-smoke.js)
247
261
  - [telemetry-ledger-smoke.js](../test/telemetry-ledger-smoke.js)
248
262
  - [telemetry-metrics-coverage-smoke.js](../test/telemetry-metrics-coverage-smoke.js)
263
+ - [telemetry-verify-signatures-smoke.js](../test/telemetry-verify-signatures-smoke.js)
249
264
  - [token-budget-enforcement-smoke.js](../test/token-budget-enforcement-smoke.js)
265
+ - [vendor-manifest-load-smoke.js](../test/vendor-manifest-load-smoke.js)
250
266
  - [verifier-gated-commit-smoke.js](../test/verifier-gated-commit-smoke.js)
267
+ - [verify-import-audit-chain-smoke.js](../test/verify-import-audit-chain-smoke.js)
251
268
  - [web-desktop-workbench-smoke.js](../test/web-desktop-workbench-smoke.js)
252
269
  - [worker-isolation-smoke.js](../test/worker-isolation-smoke.js)
253
270
  - [worker-retry-count-smoke.js](../test/worker-retry-count-smoke.js)
@@ -146,3 +146,6 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
146
146
  ## Fast Architecture Review (v0.1.80)
147
147
 
148
148
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
149
+
150
+ _No changes to the real execution backends in v0.1.81._
151
+ _No behavioral change in v0.1.82 (delegated child programs extracted to `scripts/children/`; spawn behavior byte-identical)._
@@ -284,3 +284,8 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
284
284
  ## Fast Architecture Review (v0.1.80)
285
285
 
286
286
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
287
+
288
+ ## Migration Compatibility (v0.1.81)
289
+
290
+ v0.1.81 is additive: every change is a new flag/verb/env (`audit verify`, `run inspect-archive`, `verify-import --strict`, `CW_REQUIRE_ARCHIVE_INTEGRITY`, `quickstart --resume`, `run resume --drive`) or an internal behavior-preserving carve. Run-state schema, existing outputs, files, and exit codes are byte-identical, so runs and archives from prior versions load and verify unchanged. No migration action is required.
291
+ _No changes in v0.1.82._
@@ -133,8 +133,10 @@ inherits the agent's own credentials, and imports no model SDK — the red line.
133
133
  ```bash
134
134
  # check only (gate + independent review, no mutation):
135
135
  node plugins/cool-workflow/scripts/release-flow.js --check
136
- # cut a tag once review is green:
137
- node plugins/cool-workflow/scripts/release-flow.js --cut --version 0.1.77 [--push]
136
+ # cut a tag once review is green (when --push, also creates the GitHub Release):
137
+ node plugins/cool-workflow/scripts/release-flow.js --cut --version 0.1.77 [--push] [--no-release]
138
+ # backfill / re-create the GitHub Release for an already-pushed tag (no gate/cut):
139
+ node plugins/cool-workflow/scripts/release-flow.js --release --version 0.1.77 [--soft]
138
140
  ```
139
141
 
140
142
  The per-platform difference is config, not code — set the reviewer agent:
@@ -152,6 +154,34 @@ also get generated MCP manifests (`.gemini-plugin/`, `.opencode-plugin/`) so the
152
154
  `cw_*` tools are available as MCP tools in those hosts. The verdict path
153
155
  (`.cw-release/review-<sha>.verdict`) and the tag-push CI backstop are unchanged.
154
156
 
157
+ ### GitHub Release finishing step
158
+
159
+ A `--cut --push` finishes by creating the **GitHub Release** for the tag, and
160
+ `--release --version x.y.z` creates-or-skips one for an already-pushed tag
161
+ (backfill). The notes body is assembled from the `## x.y.z` CHANGELOG section as
162
+ shipped at the tag, the independent reviewer's one-line capability, and a
163
+ "Provenance & audit" footer linking the reviewed commit, the **committed** reviewer
164
+ verdict, the full diff, and the provenance-attested npm version.
165
+
166
+ This step is **distribution upside, not a correctness gate**: the load-bearing
167
+ artifacts (the tag and the provenance-attested npm publish) already exist when it
168
+ runs. Therefore `gh` is **not** part of the node/git portability floor — it runs
169
+ ONLY in the human `--cut --push` / `--release` paths (never a gate or CI path) and
170
+ is **idempotent** (skips if the Release already exists).
171
+
172
+ Failure semantics differ by mode: in the **`--cut --push` finishing step** an
173
+ absent/unauthenticated/erroring `gh` **skips with a stderr note and never fails the
174
+ cut** (the tag and npm publish stand) — opt out entirely with `--no-release`. In the
175
+ explicit **`--release` backfill** it **fails closed** (exit 1) with guidance, since
176
+ the operator asked for it directly; add `--soft` to downgrade `--release` to the same
177
+ best-effort skip-not-fail behavior.
178
+
179
+ Honesty: the notes claim the gated flow ("independent release-reviewer, verdict
180
+ above") **only when a committed `APPROVED` verdict is found at the tag**; backfilling
181
+ an ungated tag emits a neutral caveat instead and warns on stderr — the notes never
182
+ assert a review that isn't there. Test seam: `CW_RELEASE_FLOW_GH_CMD` swaps the `gh`
183
+ binary for a stub (spawned `shell:false`) so the smoke exercises it offline.
184
+
155
185
  0.1.51
156
186
 
157
187
  0.1.76
@@ -163,3 +193,6 @@ also get generated MCP manifests (`.gemini-plugin/`, `.opencode-plugin/`) so the
163
193
  ## Fast Architecture Review (v0.1.80)
164
194
 
165
195
  Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
196
+
197
+ _No changes to the release-flow tooling in v0.1.81; this release was cut through the existing gate->review->tag flow._
198
+ _No changes to the release-tooling contract in v0.1.82._