cool-workflow 0.1.81 → 0.1.83

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/.claude-plugin/plugin.json +2 -2
  2. package/.codex-plugin/plugin.json +4 -4
  3. package/README.md +125 -121
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/candidate-scoring.js +20 -26
  11. package/dist/capability-core.js +80 -93
  12. package/dist/capability-registry.js +30 -3
  13. package/dist/cli.js +12 -1
  14. package/dist/commit.js +217 -204
  15. package/dist/coordinator/util.js +6 -9
  16. package/dist/dispatch.js +11 -3
  17. package/dist/doctor.js +153 -0
  18. package/dist/evidence-reasoning.js +4 -1
  19. package/dist/execution-backend/agent.js +11 -48
  20. package/dist/execution-backend.js +11 -31
  21. package/dist/gates.js +48 -0
  22. package/dist/mcp-server.js +11 -0
  23. package/dist/multi-agent/helpers.js +6 -10
  24. package/dist/multi-agent/ids.js +20 -0
  25. package/dist/multi-agent-eval.js +27 -1
  26. package/dist/multi-agent-host.js +53 -21
  27. package/dist/multi-agent-operator-ux.js +2 -1
  28. package/dist/multi-agent-trust.js +5 -5
  29. package/dist/node-projection.js +59 -0
  30. package/dist/node-snapshot.js +8 -18
  31. package/dist/orchestrator/lifecycle-operations.js +22 -1
  32. package/dist/orchestrator.js +29 -2
  33. package/dist/reclamation/hash.js +72 -0
  34. package/dist/reclamation.js +31 -112
  35. package/dist/run-registry/queue.js +6 -7
  36. package/dist/run-registry.js +35 -24
  37. package/dist/scheduler.js +112 -57
  38. package/dist/topology.js +25 -4
  39. package/dist/trust-audit.js +70 -38
  40. package/dist/validation.js +328 -0
  41. package/dist/version.js +1 -1
  42. package/dist/worker-isolation.js +163 -58
  43. package/docs/agent-delegation-drive.7.md +90 -85
  44. package/docs/agent-framework.md +33 -32
  45. package/docs/candidate-scoring.7.md +26 -24
  46. package/docs/canonical-workflow-apps.7.md +40 -40
  47. package/docs/capability-topology-registry.7.md +24 -24
  48. package/docs/cli-mcp-parity.7.md +227 -154
  49. package/docs/contract-migration-tooling.7.md +49 -41
  50. package/docs/control-plane-scheduling.7.md +45 -40
  51. package/docs/coordinator-blackboard.7.md +30 -30
  52. package/docs/dogfood-one-real-repo.7.md +44 -44
  53. package/docs/durable-state-and-locking.7.md +35 -30
  54. package/docs/end-to-end-golden-path.7.md +29 -29
  55. package/docs/error-feedback.7.md +27 -27
  56. package/docs/evidence-adoption-reasoning-chain.7.md +63 -58
  57. package/docs/execution-backends.7.md +84 -79
  58. package/docs/getting-started.md +35 -18
  59. package/docs/index.md +3 -3
  60. package/docs/mcp-app-surface.7.md +64 -64
  61. package/docs/multi-agent-cli-mcp-surface.7.md +83 -77
  62. package/docs/multi-agent-eval-replay-harness.7.md +59 -54
  63. package/docs/multi-agent-operator-ux.7.md +70 -65
  64. package/docs/multi-agent-runtime-core.7.md +39 -39
  65. package/docs/multi-agent-topologies.7.md +24 -24
  66. package/docs/multi-agent-trust-policy-audit.7.md +38 -38
  67. package/docs/node-snapshot-diff-replay.7.md +26 -21
  68. package/docs/observability-cost-accounting.7.md +50 -45
  69. package/docs/operator-ux.7.md +30 -30
  70. package/docs/pipeline-runner.7.md +31 -31
  71. package/docs/project-index.md +15 -6
  72. package/docs/real-execution-backends.7.md +47 -42
  73. package/docs/release-and-migration.7.md +43 -38
  74. package/docs/release-tooling.7.md +74 -39
  75. package/docs/routines.md +16 -16
  76. package/docs/run-registry-control-plane.7.md +120 -115
  77. package/docs/run-retention-reclamation.7.md +46 -41
  78. package/docs/sandbox-profiles.7.md +32 -32
  79. package/docs/scheduled-tasks.md +14 -14
  80. package/docs/security-trust-hardening.7.md +29 -29
  81. package/docs/source-context-profiles.7.md +28 -28
  82. package/docs/state-explosion-management.7.md +64 -59
  83. package/docs/state-node.7.md +8 -8
  84. package/docs/team-collaboration.7.md +63 -58
  85. package/docs/trust-model.md +126 -126
  86. package/docs/unix-principles.md +80 -80
  87. package/docs/vendor-manifest-loadability.7.md +20 -20
  88. package/docs/verifier-gated-commit.7.md +16 -16
  89. package/docs/web-desktop-workbench.7.md +70 -65
  90. package/docs/worker-isolation.7.md +34 -37
  91. package/docs/workflow-app-framework.7.md +38 -38
  92. package/manifest/plugin.manifest.json +4 -4
  93. package/manifest/source-context-profiles.json +1 -1
  94. package/package.json +3 -2
  95. package/scripts/canonical-apps.js +4 -4
  96. package/scripts/children/batch-delegate-child.js +58 -0
  97. package/scripts/children/http-delegate-child.js +39 -0
  98. package/scripts/dogfood-release.js +1 -1
  99. package/scripts/gen-parity-doc.js +106 -0
  100. package/scripts/golden-path.js +4 -4
  101. package/scripts/release-flow.js +181 -5
  102. package/dist/verifier-registry.js +0 -46
@@ -1,9 +1,9 @@
1
1
  # Operator UX
2
2
 
3
- Cool Workflow v0.1.12 added a read-only Operator UX layer for understanding a
3
+ Cool Workflow v0.1.12 added a read-only Operator UX layer to help you see a
4
4
  run from the console. It does not change workflow state, dispatch workers, score
5
- candidates, or commit snapshots. It reads `WorkflowRun` state and renders
6
- deterministic summaries for humans while preserving JSON for scripts and MCP.
5
+ candidates, or commit snapshots. It reads `WorkflowRun` state and makes
6
+ deterministic summaries for people, while it keeps JSON for scripts and MCP.
7
7
 
8
8
  ## Inspect A Run
9
9
 
@@ -13,30 +13,30 @@ Human status is the default:
13
13
  node scripts/cw.js status <run-id>
14
14
  ```
15
15
 
16
- The status view includes run id, workflow/app id and version, loop stage, active
16
+ The status view gives you run id, workflow/app id and version, loop stage, active
17
17
  phase, blocked reasons, phase/task counts, workers, candidates, feedback,
18
18
  commits, multi-agent runtime health, Multi-Agent Operator UX counts, report
19
- path, and the next recommended command.
19
+ path, and the next command it puts forward.
20
20
 
21
- Machine-readable status stays available:
21
+ Machine-readable status is still there for you:
22
22
 
23
23
  ```bash
24
24
  node scripts/cw.js status <run-id> --json
25
25
  node scripts/cw.js status <run-id> --format json
26
26
  ```
27
27
 
28
- `CoolWorkflowRunner.status()` and MCP `cw_status` continue to return structured
28
+ `CoolWorkflowRunner.status()` and MCP `cw_status` still give back structured
29
29
  status data for integrations.
30
30
 
31
- In v0.1.13, MCP also exposes JSON-native operator tools:
31
+ In v0.1.13, MCP also gives JSON-native operator tools:
32
32
  `cw_operator_status`, `cw_operator_graph`, `cw_operator_report`,
33
33
  `cw_worker_summary`, `cw_candidate_summary`, `cw_feedback_summary`, and
34
34
  `cw_commit_summary`.
35
35
 
36
36
  ## Next Actions
37
37
 
38
- Recommendations are deterministic and only use commands that exist in the CW
39
- CLI. Examples:
38
+ The things it puts forward are deterministic and use only commands that are in
39
+ the CW CLI. Examples:
40
40
 
41
41
  ```text
42
42
  node scripts/cw.js dispatch <run-id> --limit 4
@@ -55,39 +55,39 @@ node scripts/cw.js commit <run-id> --selection <selection-id>
55
55
  reason: a verified selected candidate is ready for a verifier-gated commit
56
56
  ```
57
57
 
58
- Open feedback is prioritized before dispatch or candidate work. If all tracked
59
- work is complete, the advisor points to `cw report <run-id> --show`.
58
+ Open feedback comes first, before dispatch or candidate work. If all tracked
59
+ work is done, the advisor points to `cw report <run-id> --show`.
60
60
 
61
61
  ## Graph
62
62
 
63
- Use the top-level graph command for a compact console map:
63
+ Use the top-level graph command for a small console map:
64
64
 
65
65
  ```bash
66
66
  node scripts/cw.js graph <run-id>
67
67
  node scripts/cw.js graph <run-id> --json
68
68
  ```
69
69
 
70
- The legacy node command remains compatible:
70
+ The legacy node command still works:
71
71
 
72
72
  ```bash
73
73
  node scripts/cw.js node graph <run-id>
74
74
  node scripts/cw.js node graph <run-id> --json
75
75
  ```
76
76
 
77
- The human graph groups phases, tasks, dispatches, workers, result nodes,
78
- verifier nodes, candidates, selections, commits, and feedback, then prints the
77
+ The human graph puts phases, tasks, dispatches, workers, result nodes,
78
+ verifier nodes, candidates, selections, commits, and feedback into groups, then prints the
79
79
  edges between them. v0.1.17 also adds `multi-agent-run`, `agent-role`,
80
80
  `agent-group`, `agent-membership`, `agent-fanout`, and `agent-fanin` nodes when
81
81
  the run has first-class multi-agent state. v0.1.18 adds `blackboard`,
82
82
  `blackboard-topic`, `blackboard-message`, `blackboard-context`,
83
83
  `blackboard-artifact`, `blackboard-snapshot`, and `coordinator-decision` nodes
84
- when shared coordination state exists. JSON output returns deterministic `nodes`
84
+ when shared coordination state is there. JSON output gives back deterministic `nodes`
85
85
  and `edges`.
86
86
 
87
87
  ## Multi-Agent Operator UX
88
88
 
89
- v0.1.21 adds focused multi-agent operator views that answer who depends on
90
- whom, who is blocked, and which evidence was adopted into the accepted result:
89
+ v0.1.21 adds clear multi-agent operator views that answer who is dependent on
90
+ whom, who is blocked, and which evidence went into the accepted result:
91
91
 
92
92
  ```bash
93
93
  node scripts/cw.js multi-agent graph <run-id>
@@ -96,7 +96,7 @@ node scripts/cw.js multi-agent failures <run-id>
96
96
  node scripts/cw.js multi-agent evidence <run-id>
97
97
  ```
98
98
 
99
- The same derived model appears in `status`, `report --show`, and
99
+ The same derived model is in `status`, `report --show`, and
100
100
  `cw_multi_agent_status` under `summaries.multiAgentOperator`. See
101
101
  [multi-agent-operator-ux.7.md](multi-agent-operator-ux.7.md) for the full
102
102
  trace from agent membership to verifier-gated commit.
@@ -109,19 +109,19 @@ trace from agent membership to verifier-gated commit.
109
109
  node scripts/cw.js report <run-id>
110
110
  ```
111
111
 
112
- Use `--show` or `--summary` when the operator needs a readable console report:
112
+ Use `--show` or `--summary` when the operator needs a console report that is easy to read:
113
113
 
114
114
  ```bash
115
115
  node scripts/cw.js report <run-id> --show
116
116
  node scripts/cw.js report <run-id> --summary
117
117
  ```
118
118
 
119
- The console report includes the same high-value status panels plus active and
119
+ The console report gives the same high-value status panels plus active and
120
120
  pending tasks, evidence paths and locators, and resource inspection commands.
121
121
 
122
122
  ## Resource Summaries
123
123
 
124
- Major run resources have human summaries by default and JSON when requested:
124
+ The chief run resources have human summaries by default and JSON when you ask for it:
125
125
 
126
126
  ```bash
127
127
  node scripts/cw.js worker summary <run-id>
@@ -150,23 +150,23 @@ sandbox profile ids, manifest paths, result paths, and linked feedback for
150
150
  failed or rejected workers.
151
151
 
152
152
  Candidate summaries show registered/scored/selected/verified/rejected/failed
153
- counts, latest ranking path, selected candidates, candidates ready for commit,
154
- and obvious missing scoring/evidence/gate problems.
153
+ counts, the newest ranking path, selected candidates, candidates ready for commit,
154
+ and clear missing scoring/evidence/gate problems.
155
155
 
156
- Feedback summaries group records by open/tasked/resolved/rejected status,
156
+ Feedback summaries put records into groups by open/tasked/resolved/rejected status,
157
157
  severity, classification, and retryability.
158
158
 
159
- Commit summaries distinguish verifier-gated commits from non-gated checkpoints
159
+ Commit summaries make a clear line between verifier-gated commits and non-gated checkpoints
160
160
  and show snapshot paths, evidence counts, and linked verifier/candidate/selection
161
161
  ids.
162
162
 
163
163
  Multi-agent summaries show run and group status, role coverage, membership
164
164
  health, fanout/fanin progress, missing evidence, blocked reasons, and the next
165
- recommended action.
165
+ action it puts forward.
166
166
 
167
167
  ## File Discipline
168
168
 
169
- Operator UX follows the same FreeBSD-flavored rule as the rest of CW:
169
+ Operator UX keeps the same FreeBSD-flavored rule as the rest of CW:
170
170
 
171
171
  ```text
172
172
  clear console output for humans
@@ -175,6 +175,6 @@ plain files for evidence
175
175
  no hidden daemon assumption
176
176
  ```
177
177
 
178
- When in doubt, inspect `.cw/runs/<run-id>/state.json`, the resource directories,
178
+ If you are not certain, inspect `.cw/runs/<run-id>/state.json`, the resource directories,
179
179
  and the command-specific `--json` output.
180
180
  0.1.51
@@ -22,15 +22,16 @@ const result = runner.runPipelineStage(run, "verify", resultNode.id, {
22
22
 
23
23
  ## DESCRIPTION
24
24
 
25
- `Pipeline Runner` is the small execution kernel between workflow definitions,
26
- pipeline contracts, state nodes, and CW operations such as dispatch, result,
27
- verifier, commit, and report.
25
+ `Pipeline Runner` is the small execution kernel that sits between workflow
26
+ definitions, pipeline contracts, state nodes, and CW operations such as
27
+ dispatch, result, verifier, commit, and report.
28
28
 
29
- The runner does not implement business workflow behavior. It owns only stage
30
- selection, contract validation, state-node transition, parent/child linking,
31
- artifact and evidence attachment, and structured failure preservation.
29
+ The runner does not do business workflow behavior. It does only these things:
30
+ stage selection, contract validation, state-node transition, parent/child
31
+ linking, artifact and evidence attachment, and the keeping of structured
32
+ failures.
32
33
 
33
- The runner uses existing CW helpers:
34
+ The runner uses CW helpers that are already there:
34
35
 
35
36
  - `validatePipelineContract`
36
37
  - `assertNodeSatisfiesContract`
@@ -48,35 +49,34 @@ The default CW pipeline is:
48
49
  input -> plan -> dispatch -> result -> verify -> commit -> report
49
50
  ```
50
51
 
51
- A stage run receives a `WorkflowRun`, a `stageId`, and an input `StateNode` id.
52
- It resolves the active `PipelineContract`, validates the stage, creates the
53
- output node declared by the contract, links input and output nodes, writes node
54
- JSON under `nodes/`, and returns a structured result.
52
+ A stage run takes a `WorkflowRun`, a `stageId`, and an input `StateNode` id.
53
+ It finds the active `PipelineContract`, checks the stage, makes the output node
54
+ named by the contract, links input and output nodes, writes node JSON under
55
+ `nodes/`, and gives back a structured result.
55
56
 
56
- The runner records progress in files. There is no hidden in-memory-only
57
- pipeline cursor.
57
+ The runner keeps a record of progress in files. There is no hidden
58
+ in-memory-only pipeline cursor.
58
59
 
59
60
  ## CONTRACTS
60
61
 
61
- Stages come from `PipelineContract.stages`. A stage declares accepted input node
62
- kinds and statuses, required artifacts, required evidence, verifier gate
63
- requirements, and the produced output node kind.
62
+ Stages come from `PipelineContract.stages`. A stage says which input node
63
+ kinds and statuses it takes, which artifacts and evidence it needs, what the
64
+ verifier gate needs, and the output node kind it makes.
64
65
 
65
- The runner does not duplicate contract validation. It uses the StateNode and
66
- PipelineContract helpers as the ABI boundary.
66
+ The runner does not do contract validation a second time. It uses the StateNode
67
+ and PipelineContract helpers as the ABI boundary.
67
68
 
68
69
  ## FAILURE MODES
69
70
 
70
- Contract failures become `StateNodeError` records. When the stage or contract
71
- failure policy preserves failure nodes, the runner creates an `error` node,
72
- records the structured error, links it to the input node, and persists it under
73
- `nodes/`.
71
+ Contract failures turn into `StateNodeError` records. When the stage or contract
72
+ failure policy keeps failure nodes, the runner makes an `error` node, records
73
+ the structured error, links it to the input node, and keeps it under `nodes/`.
74
74
 
75
75
  Unknown run ids, unknown contract ids, unknown node ids, unknown stage ids, and
76
- corrupt state remain hard errors because the caller cannot proceed safely.
76
+ broken state stay hard errors because the caller is not able to go on safely.
77
77
 
78
- Commit stages are verifier-gated. The default contract requires a verified
79
- verifier node with evidence before a `committed` commit node can be created.
78
+ Commit stages are verifier-gated. The default contract needs a verified
79
+ verifier node with evidence before a `committed` commit node can be made.
80
80
  Non-gated snapshots are written as `completed` checkpoint nodes outside the
81
81
  commit stage.
82
82
 
@@ -90,7 +90,7 @@ commit stage.
90
90
  .cw/runs/<run-id>/commits/*.json
91
91
  ```
92
92
 
93
- Inspection commands print stable JSON:
93
+ Commands that look at runs print stable JSON:
94
94
 
95
95
  ```text
96
96
  cw.js contract show <run-id> [contract-id]
@@ -117,7 +117,7 @@ runPipelineStage(run, "plan", `${run.id}:input`, {
117
117
  });
118
118
  ```
119
119
 
120
- Preserve a failed stage:
120
+ Keep a failed stage:
121
121
 
122
122
  ```ts
123
123
  const failed = runPipelineStage(run, "commit", taskNode.id, {
@@ -127,10 +127,10 @@ const failed = runPipelineStage(run, "commit", taskNode.id, {
127
127
 
128
128
  ## COMPATIBILITY
129
129
 
130
- Pipeline Runner is introduced in CW v0.1.3. It preserves v0.1.2 run state and
130
+ Pipeline Runner is first added in CW v0.1.3. It keeps v0.1.2 run state and
131
131
  CLI behavior. New public types are plain TypeScript interfaces with optional
132
- fields where practical.
132
+ fields where it makes sense.
133
133
 
134
- Older runs without `nodes` or `contracts` remain readable through the existing
135
- state loader, which initializes those arrays.
134
+ Older runs with no `nodes` or `contracts` stay readable through the existing
135
+ state loader, which sets up those arrays.
136
136
  0.1.51
@@ -1,16 +1,16 @@
1
1
  # Cool Workflow Project Index
2
2
 
3
- Generated from the current repository code on 2026-06-14 by `npm run sync:project-index`.
3
+ Generated from the current repository code on 2026-06-16 by `npm run sync:project-index`.
4
4
 
5
5
  ## Snapshot
6
6
 
7
7
  - Package: `cool-workflow`
8
- - Version: `0.1.81`
9
- - Source modules: `58`
8
+ - Version: `0.1.83`
9
+ - Source modules: `61`
10
10
  - Workflow apps: `7`
11
11
  - Docs: `49`
12
- - Smoke tests: `86`
13
- - Repository: https://github.com/coo1white/cool-workflow
12
+ - Smoke tests: `92`
13
+ - Repository: http://local_proxy@127.0.0.1:33273/git/coo1white/cool-workflow
14
14
 
15
15
  ## Architecture
16
16
 
@@ -86,13 +86,16 @@ multi-agent host -> topology -> blackboard/coordinator
86
86
  - [collaboration.ts](../src/collaboration.ts)
87
87
  - [compare.ts](../src/compare.ts)
88
88
  - [contract-migration.ts](../src/contract-migration.ts)
89
+ - [doctor.ts](../src/doctor.ts)
89
90
  - [drive.ts](../src/drive.ts)
90
91
  - [evidence-grounding.ts](../src/evidence-grounding.ts)
91
92
  - [evidence-reasoning.ts](../src/evidence-reasoning.ts)
92
93
  - [execution-backend.ts](../src/execution-backend.ts)
94
+ - [gates.ts](../src/gates.ts)
93
95
  - [multi-agent-eval.ts](../src/multi-agent-eval.ts)
94
96
  - [multi-agent-operator-ux.ts](../src/multi-agent-operator-ux.ts)
95
97
  - [multi-agent-trust.ts](../src/multi-agent-trust.ts)
98
+ - [node-projection.ts](../src/node-projection.ts)
96
99
  - [node-snapshot.ts](../src/node-snapshot.ts)
97
100
  - [observability.ts](../src/observability.ts)
98
101
  - [reclamation.ts](../src/reclamation.ts)
@@ -107,7 +110,7 @@ multi-agent host -> topology -> blackboard/coordinator
107
110
  - [telemetry-attestation.ts](../src/telemetry-attestation.ts)
108
111
  - [telemetry-demo.ts](../src/telemetry-demo.ts)
109
112
  - [telemetry-ledger.ts](../src/telemetry-ledger.ts)
110
- - [verifier-registry.ts](../src/verifier-registry.ts)
113
+ - [validation.ts](../src/validation.ts)
111
114
  - [workbench-host.ts](../src/workbench-host.ts)
112
115
  - [workbench.ts](../src/workbench.ts)
113
116
 
@@ -197,6 +200,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
197
200
  - [control-plane-scheduling-smoke.js](../test/control-plane-scheduling-smoke.js)
198
201
  - [coordinator-blackboard-smoke.js](../test/coordinator-blackboard-smoke.js)
199
202
  - [det-ids-b-smoke.js](../test/det-ids-b-smoke.js)
203
+ - [doctor-smoke.js](../test/doctor-smoke.js)
200
204
  - [dogfood-release-smoke.js](../test/dogfood-release-smoke.js)
201
205
  - [durable-atomic-write-smoke.js](../test/durable-atomic-write-smoke.js)
202
206
  - [end-to-end-demo-smoke.js](../test/end-to-end-demo-smoke.js)
@@ -210,6 +214,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
210
214
  - [h7-custom-profile-persist-smoke.js](../test/h7-custom-profile-persist-smoke.js)
211
215
  - [mcp-app-surface-smoke.js](../test/mcp-app-surface-smoke.js)
212
216
  - [multi-agent-cli-mcp-surface-smoke.js](../test/multi-agent-cli-mcp-surface-smoke.js)
217
+ - [multi-agent-eval-determinism-regression-smoke.js](../test/multi-agent-eval-determinism-regression-smoke.js)
213
218
  - [multi-agent-eval-replay-harness-smoke.js](../test/multi-agent-eval-replay-harness-smoke.js)
214
219
  - [multi-agent-eval-replay-smoke.js](../test/multi-agent-eval-replay-smoke.js)
215
220
  - [multi-agent-operator-ux-smoke.js](../test/multi-agent-operator-ux-smoke.js)
@@ -222,15 +227,18 @@ Smoke tests mirror the public contracts. The high-signal suites are:
222
227
  - [one-way-boundary-smoke.js](../test/one-way-boundary-smoke.js)
223
228
  - [operator-ux-smoke.js](../test/operator-ux-smoke.js)
224
229
  - [parallel-onramp-smoke.js](../test/parallel-onramp-smoke.js)
230
+ - [parity-doc-sync-smoke.js](../test/parity-doc-sync-smoke.js)
225
231
  - [pipeline-auto-advance-smoke.js](../test/pipeline-auto-advance-smoke.js)
226
232
  - [pipeline-runner-smoke.js](../test/pipeline-runner-smoke.js)
227
233
  - [project-index-sync-smoke.js](../test/project-index-sync-smoke.js)
228
234
  - [quickstart-smoke.js](../test/quickstart-smoke.js)
229
235
  - [real-execution-backends-smoke.js](../test/real-execution-backends-smoke.js)
236
+ - [registry-corrupt-fail-closed-smoke.js](../test/registry-corrupt-fail-closed-smoke.js)
230
237
  - [release-flow-smoke.js](../test/release-flow-smoke.js)
231
238
  - [release-gate-smoke.js](../test/release-gate-smoke.js)
232
239
  - [release-tooling-smoke.js](../test/release-tooling-smoke.js)
233
240
  - [result-normalize-smoke.js](../test/result-normalize-smoke.js)
241
+ - [robustness-failclosed-smoke.js](../test/robustness-failclosed-smoke.js)
234
242
  - [robustness-hardening-smoke.js](../test/robustness-hardening-smoke.js)
235
243
  - [run-export-import-smoke.js](../test/run-export-import-smoke.js)
236
244
  - [run-export-restore-rerun-smoke.js](../test/run-export-restore-rerun-smoke.js)
@@ -242,6 +250,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
242
250
  - [run-resume-drive-smoke.js](../test/run-resume-drive-smoke.js)
243
251
  - [run-retention-reclamation-smoke.js](../test/run-retention-reclamation-smoke.js)
244
252
  - [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
253
+ - [sched-policy-validation-smoke.js](../test/sched-policy-validation-smoke.js)
245
254
  - [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
246
255
  - [schema-validation-smoke.js](../test/schema-validation-smoke.js)
247
256
  - [security-trust-hardening-smoke.js](../test/security-trust-hardening-smoke.js)
@@ -1,19 +1,19 @@
1
1
  # Real Execution Backend Integrations
2
2
 
3
- CW v0.1.34 makes the delegating execution backends REAL. v0.1.29 shipped the
4
- driver layer (`src/execution-backend.ts`) with `node`/`bun`/`shell` really
3
+ CW v0.1.34 makes the delegating execution backends REAL. v0.1.29 gave us the
4
+ driver layer (`src/execution-backend.ts`), with `node`/`bun`/`shell` really
5
5
  executing and `container`/`remote`/`ci` as contract-conformant stubs: `delegate()`
6
- built a handle and returned `status: "completed"` with `delegated:`/`handle:`
7
- evidence without running anything. v0.1.34 replaces that no-op so the three
8
- delegating drivers actually drive a container runtime, a remote runner, and a CI
9
- job — opt-in, fail-closed, and recording the SAME canonical evidence as `node`.
6
+ made a handle and gave back `status: "completed"` with `delegated:`/`handle:`
7
+ evidence, but ran nothing. v0.1.34 takes the place of that no-op, so the three
8
+ delegating drivers truly drive a container runtime, a remote runner, and a CI
9
+ job — opt-in, fail-closed, and keeping the SAME canonical evidence as `node`.
10
10
 
11
- The driver model and the sandbox contract are unchanged; only HOW/WHERE a
11
+ The driver model and the sandbox contract do not change; only HOW/WHERE a
12
12
  delegated task runs becomes real.
13
13
 
14
14
  ## Identical Evidence, Any Backend
15
15
 
16
- A real delegated run records the SAME canonical evidence `executeLocal` produces:
16
+ A real delegated run keeps the SAME canonical evidence `executeLocal` makes:
17
17
 
18
18
  ```text
19
19
  command:<command + args>
@@ -24,35 +24,35 @@ stdoutSha256:sha256:<hex>
24
24
  The execution handle (`image@digest`, `endpoint#jobId`) lives in
25
25
  `provenance.handle` and the sandbox attestation in `provenance.attestation` —
26
26
  NEVER in `evidence`. So a `container` run of the same task is byte-stable against
27
- `node` after stripping provenance: only `provenance.backendId`/`handle`/
28
- `attestation` and ISO timestamps differ. Eval/replay, the verifier gates, the
29
- v0.1.28 registry, and the v0.1.30 Workbench stay backend-agnostic.
27
+ `node` once you take provenance away: only `provenance.backendId`/`handle`/
28
+ `attestation` and ISO timestamps are not the same. Eval/replay, the verifier gates, the
29
+ v0.1.28 registry, and the v0.1.30 Workbench all stay backend-agnostic.
30
30
 
31
31
  ## container
32
32
 
33
- Runs `docker` (or `podman`) really, under the sandbox contract:
33
+ Runs `docker` (or `podman`) for real, under the sandbox contract:
34
34
 
35
35
  ```text
36
36
  <runtime> run --rm [--network none] -v <cwd>:<cwd>:ro -w <cwd> [-e NAME=VALUE ...] <image[@digest]> <command> <args>
37
37
  ```
38
38
 
39
- - **network** — `--network none` when the profile restricts it (`network.mode !=
40
- any`); a container network namespace genuinely enforces this (the dimension is
41
- declared `enforce`).
39
+ - **network** — `--network none` when the profile holds it back (`network.mode !=
40
+ any`); a container network namespace truly puts this in force (the dimension is
41
+ marked `enforce`).
42
42
  - **read/write** — the workspace is mounted read-only at the same path; CW's
43
- worker-output acceptance still bounds writes. (Write-through mounts are a later
44
- refinement.)
45
- - **env** — only the profile's explicitly exposed names cross into the container;
46
- the image supplies its own `PATH`/`HOME`, so host-specific base env is never
47
- injected.
43
+ worker-output acceptance still keeps writes inside limits. (Write-through mounts
44
+ will come later.)
45
+ - **env** — only the names the profile makes open cross into the container;
46
+ the image gives its own `PATH`/`HOME`, so host-specific base env is never
47
+ put in.
48
48
 
49
- Selection supplies the image via `--image` / `CW_CONTAINER_IMAGE` (+ optional
49
+ Selection gives the image through `--image` / `CW_CONTAINER_IMAGE` (+ optional
50
50
  `CW_CONTAINER_DIGEST`).
51
51
 
52
52
  ## remote / ci
53
53
 
54
54
  Real HTTP delegation. The job `{ command, args, env, sandboxProfileId, jobId? }`
55
- is POSTed to the configured endpoint by a self-contained Node child (global
55
+ is POSTed to the set endpoint by a self-contained Node child (global
56
56
  `fetch`, so the driver stays portable and synchronous from CW's view); a returned
57
57
  `jobId` is polled until `done`. The runner's `{ exitCode, stdout }` becomes the
58
58
  canonical evidence. Endpoints come from `--endpoint`/`--job` or
@@ -60,30 +60,30 @@ canonical evidence. Endpoints come from `--endpoint`/`--job` or
60
60
 
61
61
  ## Fail Closed
62
62
 
63
- A delegated run NEVER fabricates a completion. It returns `status: "refused"`
63
+ A delegated run NEVER makes up a completion. It returns `status: "refused"`
64
64
  (`attestation.status: "refused"`, a `refused:<code>` evidence line, no
65
65
  `stdoutSha256:`) when:
66
66
 
67
67
  - `delegation-target-missing` — no image (container) or no endpoint (remote/ci).
68
68
  - `no-command` — a delegating backend was asked to run with no command.
69
- - `runtime-unavailable` — no `docker`/`podman` on PATH, or the daemon is
70
- **unreachable**. A present CLI with a dead daemon is detected by a pre-flight
71
- `<runtime> version --format {{.Server.Version}}` (which returns the server
72
- version only when reachable) — the container run's own exit code is NOT a
73
- reliable daemon-down signal across runtimes, so it is not relied upon.
74
- - `delegation-failed` — the runtime errored (e.g. `docker` exit 125 for a bad
75
- image), the HTTP POST/poll failed or was unreachable, or the runner returned an
69
+ - `runtime-unavailable` — no `docker`/`podman` on PATH, or the daemon cannot
70
+ be **reached**. A CLI that is there but with a dead daemon is found by a pre-flight
71
+ `<runtime> version --format {{.Server.Version}}` (which gives back the server
72
+ version only when it can be reached) — the container run's own exit code is NOT a
73
+ sure daemon-down sign across runtimes, so it is not used for this.
74
+ - `delegation-failed` — the runtime gave an error (e.g. `docker` exit 125 for a bad
75
+ image), the HTTP POST/poll did not work or could not be reached, or the runner gave back an
76
76
  unparseable response or no `exitCode`.
77
77
 
78
- A container command that genuinely runs and exits non-zero is `failed` (a real
79
- result), distinct from `refused` (never ran).
78
+ A container command that truly runs and exits non-zero is `failed` (a real
79
+ result), not the same as `refused` (never ran).
80
80
 
81
81
  ## Compatibility
82
82
 
83
83
  The default backend stays `node`; the dispatch path stays a `delegate-host`
84
- execution reproducing pre-v0.1.29 behavior exactly. With no container runtime, no
85
- endpoint, and no credentials, every existing probe and test output is unchanged
86
- real execution is strictly opt-in. The `ResultEnvelope` schema is unchanged.
84
+ execution that copies pre-v0.1.29 behavior exactly. With no container runtime, no
85
+ endpoint, and no credentials, every probe and test output that is there now does not
86
+ change — real execution is strictly opt-in. The `ResultEnvelope` schema does not change.
87
87
 
88
88
  ## See Also
89
89
 
@@ -92,7 +92,7 @@ run-registry-control-plane(7)
92
92
 
93
93
  ## Node Snapshot / Diff / Replay (v0.1.35)
94
94
 
95
- per-node snapshot, structural diff, and isolated deterministic replay over StateNode, reusing the v0.1.23 eval harness; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
95
+ per-node snapshot, structural diff, and isolated deterministic replay over StateNode, again using the v0.1.23 eval harness; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
96
96
 
97
97
  ## Contract Migration Tooling (v0.1.36)
98
98
 
@@ -104,11 +104,11 @@ priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed pa
104
104
 
105
105
  ## Agent Delegation Drive (v0.1.38)
106
106
 
107
- spawn an external agent process per worker, capture result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
107
+ start an outside agent process for each worker, take in result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
108
108
 
109
109
  ## Run Retention & Provable Reclamation (v0.1.39)
110
110
 
111
- tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the reconstructable bulk, prove it
111
+ tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the bulk that can be built again, prove it
112
112
 
113
113
  ## Durable State & Locking (v0.1.40)
114
114
 
@@ -120,15 +120,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
120
120
 
121
121
  ## Robust Result Ingest (v0.1.42)
122
122
 
123
- capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
123
+ take in findings/evidence from any sensible agent shape (alt keys + prose), CW works out grounded evidence itself, give a warning on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
124
124
 
125
125
  ## No-False-Green Gate & Launch Prep (v0.1.43)
126
126
 
127
- Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
127
+ Hard gate that stops empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
128
128
 
129
129
  ## Release-Gate Determinism & Agents Vendor (v0.1.44)
130
130
 
131
- Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
131
+ Release-readiness checks now check the committed blob (`git show HEAD:<path>`) and not the changeable working tree — taking away false-red/false-green that came from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one common interface to CW.
132
132
 
133
133
  ## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
134
134
 
@@ -145,6 +145,11 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
145
145
 
146
146
  ## Fast Architecture Review (v0.1.80)
147
147
 
148
- Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
148
+ Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
149
149
 
150
150
  _No changes to the real execution backends in v0.1.81._
151
+ _No behavioral change in v0.1.82 (delegated child programs moved out to `scripts/children/`; spawn behavior byte-identical)._
152
+
153
+ ## Hardening and Onboarding (v0.1.83)
154
+
155
+ Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.