cool-workflow 0.1.82 → 0.1.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +2 -2
- package/.codex-plugin/plugin.json +4 -4
- package/README.md +124 -120
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/capability-core.js +16 -8
- package/dist/capability-registry.js +8 -0
- package/dist/cli.js +12 -1
- package/dist/commit.js +5 -1
- package/dist/doctor.js +153 -0
- package/dist/mcp-server.js +11 -0
- package/dist/orchestrator.js +13 -0
- package/dist/reclamation/hash.js +72 -0
- package/dist/reclamation.js +25 -78
- package/dist/run-registry/queue.js +6 -7
- package/dist/run-registry.js +35 -24
- package/dist/scheduler.js +78 -53
- package/dist/version.js +1 -1
- package/dist/worker-isolation.js +22 -2
- package/docs/agent-delegation-drive.7.md +90 -86
- package/docs/agent-framework.md +33 -32
- package/docs/candidate-scoring.7.md +26 -24
- package/docs/canonical-workflow-apps.7.md +40 -40
- package/docs/capability-topology-registry.7.md +24 -24
- package/docs/cli-mcp-parity.7.md +226 -154
- package/docs/contract-migration-tooling.7.md +48 -41
- package/docs/control-plane-scheduling.7.md +45 -41
- package/docs/coordinator-blackboard.7.md +30 -30
- package/docs/dogfood-one-real-repo.7.md +44 -44
- package/docs/durable-state-and-locking.7.md +34 -30
- package/docs/end-to-end-golden-path.7.md +29 -29
- package/docs/error-feedback.7.md +27 -27
- package/docs/evidence-adoption-reasoning-chain.7.md +62 -58
- package/docs/execution-backends.7.md +84 -80
- package/docs/getting-started.md +35 -18
- package/docs/index.md +3 -3
- package/docs/mcp-app-surface.7.md +64 -64
- package/docs/multi-agent-cli-mcp-surface.7.md +82 -77
- package/docs/multi-agent-eval-replay-harness.7.md +59 -55
- package/docs/multi-agent-operator-ux.7.md +69 -65
- package/docs/multi-agent-runtime-core.7.md +39 -39
- package/docs/multi-agent-topologies.7.md +24 -24
- package/docs/multi-agent-trust-policy-audit.7.md +38 -38
- package/docs/node-snapshot-diff-replay.7.md +26 -22
- package/docs/observability-cost-accounting.7.md +49 -45
- package/docs/operator-ux.7.md +30 -30
- package/docs/pipeline-runner.7.md +31 -31
- package/docs/project-index.md +10 -5
- package/docs/real-execution-backends.7.md +47 -43
- package/docs/release-and-migration.7.md +42 -38
- package/docs/release-tooling.7.md +53 -49
- package/docs/routines.md +16 -16
- package/docs/run-registry-control-plane.7.md +120 -116
- package/docs/run-retention-reclamation.7.md +45 -41
- package/docs/sandbox-profiles.7.md +32 -32
- package/docs/scheduled-tasks.md +14 -14
- package/docs/security-trust-hardening.7.md +29 -29
- package/docs/source-context-profiles.7.md +28 -28
- package/docs/state-explosion-management.7.md +63 -59
- package/docs/state-node.7.md +8 -8
- package/docs/team-collaboration.7.md +62 -58
- package/docs/trust-model.md +126 -126
- package/docs/unix-principles.md +80 -80
- package/docs/vendor-manifest-loadability.7.md +20 -20
- package/docs/verifier-gated-commit.7.md +16 -16
- package/docs/web-desktop-workbench.7.md +69 -65
- package/docs/worker-isolation.7.md +34 -37
- package/docs/workflow-app-framework.7.md +38 -38
- package/manifest/plugin.manifest.json +4 -4
- package/package.json +3 -2
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +1 -1
- package/scripts/gen-parity-doc.js +106 -0
- package/scripts/golden-path.js +4 -4
- package/dist/verifier-registry.js +0 -46
package/docs/operator-ux.7.md
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
# Operator UX
|
|
2
2
|
|
|
3
|
-
Cool Workflow v0.1.12 added a read-only Operator UX layer
|
|
3
|
+
Cool Workflow v0.1.12 added a read-only Operator UX layer to help you see a
|
|
4
4
|
run from the console. It does not change workflow state, dispatch workers, score
|
|
5
|
-
candidates, or commit snapshots. It reads `WorkflowRun` state and
|
|
6
|
-
deterministic summaries for
|
|
5
|
+
candidates, or commit snapshots. It reads `WorkflowRun` state and makes
|
|
6
|
+
deterministic summaries for people, while it keeps JSON for scripts and MCP.
|
|
7
7
|
|
|
8
8
|
## Inspect A Run
|
|
9
9
|
|
|
@@ -13,30 +13,30 @@ Human status is the default:
|
|
|
13
13
|
node scripts/cw.js status <run-id>
|
|
14
14
|
```
|
|
15
15
|
|
|
16
|
-
The status view
|
|
16
|
+
The status view gives you run id, workflow/app id and version, loop stage, active
|
|
17
17
|
phase, blocked reasons, phase/task counts, workers, candidates, feedback,
|
|
18
18
|
commits, multi-agent runtime health, Multi-Agent Operator UX counts, report
|
|
19
|
-
path, and the next
|
|
19
|
+
path, and the next command it puts forward.
|
|
20
20
|
|
|
21
|
-
Machine-readable status
|
|
21
|
+
Machine-readable status is still there for you:
|
|
22
22
|
|
|
23
23
|
```bash
|
|
24
24
|
node scripts/cw.js status <run-id> --json
|
|
25
25
|
node scripts/cw.js status <run-id> --format json
|
|
26
26
|
```
|
|
27
27
|
|
|
28
|
-
`CoolWorkflowRunner.status()` and MCP `cw_status`
|
|
28
|
+
`CoolWorkflowRunner.status()` and MCP `cw_status` still give back structured
|
|
29
29
|
status data for integrations.
|
|
30
30
|
|
|
31
|
-
In v0.1.13, MCP also
|
|
31
|
+
In v0.1.13, MCP also gives JSON-native operator tools:
|
|
32
32
|
`cw_operator_status`, `cw_operator_graph`, `cw_operator_report`,
|
|
33
33
|
`cw_worker_summary`, `cw_candidate_summary`, `cw_feedback_summary`, and
|
|
34
34
|
`cw_commit_summary`.
|
|
35
35
|
|
|
36
36
|
## Next Actions
|
|
37
37
|
|
|
38
|
-
|
|
39
|
-
CLI. Examples:
|
|
38
|
+
The things it puts forward are deterministic and use only commands that are in
|
|
39
|
+
the CW CLI. Examples:
|
|
40
40
|
|
|
41
41
|
```text
|
|
42
42
|
node scripts/cw.js dispatch <run-id> --limit 4
|
|
@@ -55,39 +55,39 @@ node scripts/cw.js commit <run-id> --selection <selection-id>
|
|
|
55
55
|
reason: a verified selected candidate is ready for a verifier-gated commit
|
|
56
56
|
```
|
|
57
57
|
|
|
58
|
-
Open feedback
|
|
59
|
-
work is
|
|
58
|
+
Open feedback comes first, before dispatch or candidate work. If all tracked
|
|
59
|
+
work is done, the advisor points to `cw report <run-id> --show`.
|
|
60
60
|
|
|
61
61
|
## Graph
|
|
62
62
|
|
|
63
|
-
Use the top-level graph command for a
|
|
63
|
+
Use the top-level graph command for a small console map:
|
|
64
64
|
|
|
65
65
|
```bash
|
|
66
66
|
node scripts/cw.js graph <run-id>
|
|
67
67
|
node scripts/cw.js graph <run-id> --json
|
|
68
68
|
```
|
|
69
69
|
|
|
70
|
-
The legacy node command
|
|
70
|
+
The legacy node command still works:
|
|
71
71
|
|
|
72
72
|
```bash
|
|
73
73
|
node scripts/cw.js node graph <run-id>
|
|
74
74
|
node scripts/cw.js node graph <run-id> --json
|
|
75
75
|
```
|
|
76
76
|
|
|
77
|
-
The human graph
|
|
78
|
-
verifier nodes, candidates, selections, commits, and feedback, then prints the
|
|
77
|
+
The human graph puts phases, tasks, dispatches, workers, result nodes,
|
|
78
|
+
verifier nodes, candidates, selections, commits, and feedback into groups, then prints the
|
|
79
79
|
edges between them. v0.1.17 also adds `multi-agent-run`, `agent-role`,
|
|
80
80
|
`agent-group`, `agent-membership`, `agent-fanout`, and `agent-fanin` nodes when
|
|
81
81
|
the run has first-class multi-agent state. v0.1.18 adds `blackboard`,
|
|
82
82
|
`blackboard-topic`, `blackboard-message`, `blackboard-context`,
|
|
83
83
|
`blackboard-artifact`, `blackboard-snapshot`, and `coordinator-decision` nodes
|
|
84
|
-
when shared coordination state
|
|
84
|
+
when shared coordination state is there. JSON output gives back deterministic `nodes`
|
|
85
85
|
and `edges`.
|
|
86
86
|
|
|
87
87
|
## Multi-Agent Operator UX
|
|
88
88
|
|
|
89
|
-
v0.1.21 adds
|
|
90
|
-
whom, who is blocked, and which evidence
|
|
89
|
+
v0.1.21 adds clear multi-agent operator views that answer who is dependent on
|
|
90
|
+
whom, who is blocked, and which evidence went into the accepted result:
|
|
91
91
|
|
|
92
92
|
```bash
|
|
93
93
|
node scripts/cw.js multi-agent graph <run-id>
|
|
@@ -96,7 +96,7 @@ node scripts/cw.js multi-agent failures <run-id>
|
|
|
96
96
|
node scripts/cw.js multi-agent evidence <run-id>
|
|
97
97
|
```
|
|
98
98
|
|
|
99
|
-
The same derived model
|
|
99
|
+
The same derived model is in `status`, `report --show`, and
|
|
100
100
|
`cw_multi_agent_status` under `summaries.multiAgentOperator`. See
|
|
101
101
|
[multi-agent-operator-ux.7.md](multi-agent-operator-ux.7.md) for the full
|
|
102
102
|
trace from agent membership to verifier-gated commit.
|
|
@@ -109,19 +109,19 @@ trace from agent membership to verifier-gated commit.
|
|
|
109
109
|
node scripts/cw.js report <run-id>
|
|
110
110
|
```
|
|
111
111
|
|
|
112
|
-
Use `--show` or `--summary` when the operator needs a
|
|
112
|
+
Use `--show` or `--summary` when the operator needs a console report that is easy to read:
|
|
113
113
|
|
|
114
114
|
```bash
|
|
115
115
|
node scripts/cw.js report <run-id> --show
|
|
116
116
|
node scripts/cw.js report <run-id> --summary
|
|
117
117
|
```
|
|
118
118
|
|
|
119
|
-
The console report
|
|
119
|
+
The console report gives the same high-value status panels plus active and
|
|
120
120
|
pending tasks, evidence paths and locators, and resource inspection commands.
|
|
121
121
|
|
|
122
122
|
## Resource Summaries
|
|
123
123
|
|
|
124
|
-
|
|
124
|
+
The chief run resources have human summaries by default and JSON when you ask for it:
|
|
125
125
|
|
|
126
126
|
```bash
|
|
127
127
|
node scripts/cw.js worker summary <run-id>
|
|
@@ -150,23 +150,23 @@ sandbox profile ids, manifest paths, result paths, and linked feedback for
|
|
|
150
150
|
failed or rejected workers.
|
|
151
151
|
|
|
152
152
|
Candidate summaries show registered/scored/selected/verified/rejected/failed
|
|
153
|
-
counts,
|
|
154
|
-
and
|
|
153
|
+
counts, the newest ranking path, selected candidates, candidates ready for commit,
|
|
154
|
+
and clear missing scoring/evidence/gate problems.
|
|
155
155
|
|
|
156
|
-
Feedback summaries
|
|
156
|
+
Feedback summaries put records into groups by open/tasked/resolved/rejected status,
|
|
157
157
|
severity, classification, and retryability.
|
|
158
158
|
|
|
159
|
-
Commit summaries
|
|
159
|
+
Commit summaries make a clear line between verifier-gated commits and non-gated checkpoints
|
|
160
160
|
and show snapshot paths, evidence counts, and linked verifier/candidate/selection
|
|
161
161
|
ids.
|
|
162
162
|
|
|
163
163
|
Multi-agent summaries show run and group status, role coverage, membership
|
|
164
164
|
health, fanout/fanin progress, missing evidence, blocked reasons, and the next
|
|
165
|
-
|
|
165
|
+
action it puts forward.
|
|
166
166
|
|
|
167
167
|
## File Discipline
|
|
168
168
|
|
|
169
|
-
Operator UX
|
|
169
|
+
Operator UX keeps the same FreeBSD-flavored rule as the rest of CW:
|
|
170
170
|
|
|
171
171
|
```text
|
|
172
172
|
clear console output for humans
|
|
@@ -175,6 +175,6 @@ plain files for evidence
|
|
|
175
175
|
no hidden daemon assumption
|
|
176
176
|
```
|
|
177
177
|
|
|
178
|
-
|
|
178
|
+
If you are not certain, inspect `.cw/runs/<run-id>/state.json`, the resource directories,
|
|
179
179
|
and the command-specific `--json` output.
|
|
180
180
|
0.1.51
|
|
@@ -22,15 +22,16 @@ const result = runner.runPipelineStage(run, "verify", resultNode.id, {
|
|
|
22
22
|
|
|
23
23
|
## DESCRIPTION
|
|
24
24
|
|
|
25
|
-
`Pipeline Runner` is the small execution kernel between workflow
|
|
26
|
-
pipeline contracts, state nodes, and CW operations such as
|
|
27
|
-
verifier, commit, and report.
|
|
25
|
+
`Pipeline Runner` is the small execution kernel that sits between workflow
|
|
26
|
+
definitions, pipeline contracts, state nodes, and CW operations such as
|
|
27
|
+
dispatch, result, verifier, commit, and report.
|
|
28
28
|
|
|
29
|
-
The runner does not
|
|
30
|
-
selection, contract validation, state-node transition, parent/child
|
|
31
|
-
artifact and evidence attachment, and
|
|
29
|
+
The runner does not do business workflow behavior. It does only these things:
|
|
30
|
+
stage selection, contract validation, state-node transition, parent/child
|
|
31
|
+
linking, artifact and evidence attachment, and the keeping of structured
|
|
32
|
+
failures.
|
|
32
33
|
|
|
33
|
-
The runner uses
|
|
34
|
+
The runner uses CW helpers that are already there:
|
|
34
35
|
|
|
35
36
|
- `validatePipelineContract`
|
|
36
37
|
- `assertNodeSatisfiesContract`
|
|
@@ -48,35 +49,34 @@ The default CW pipeline is:
|
|
|
48
49
|
input -> plan -> dispatch -> result -> verify -> commit -> report
|
|
49
50
|
```
|
|
50
51
|
|
|
51
|
-
A stage run
|
|
52
|
-
It
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
A stage run takes a `WorkflowRun`, a `stageId`, and an input `StateNode` id.
|
|
53
|
+
It finds the active `PipelineContract`, checks the stage, makes the output node
|
|
54
|
+
named by the contract, links input and output nodes, writes node JSON under
|
|
55
|
+
`nodes/`, and gives back a structured result.
|
|
55
56
|
|
|
56
|
-
The runner
|
|
57
|
-
pipeline cursor.
|
|
57
|
+
The runner keeps a record of progress in files. There is no hidden
|
|
58
|
+
in-memory-only pipeline cursor.
|
|
58
59
|
|
|
59
60
|
## CONTRACTS
|
|
60
61
|
|
|
61
|
-
Stages come from `PipelineContract.stages`. A stage
|
|
62
|
-
kinds and statuses,
|
|
63
|
-
|
|
62
|
+
Stages come from `PipelineContract.stages`. A stage says which input node
|
|
63
|
+
kinds and statuses it takes, which artifacts and evidence it needs, what the
|
|
64
|
+
verifier gate needs, and the output node kind it makes.
|
|
64
65
|
|
|
65
|
-
The runner does not
|
|
66
|
-
PipelineContract helpers as the ABI boundary.
|
|
66
|
+
The runner does not do contract validation a second time. It uses the StateNode
|
|
67
|
+
and PipelineContract helpers as the ABI boundary.
|
|
67
68
|
|
|
68
69
|
## FAILURE MODES
|
|
69
70
|
|
|
70
|
-
Contract failures
|
|
71
|
-
failure policy
|
|
72
|
-
|
|
73
|
-
`nodes/`.
|
|
71
|
+
Contract failures turn into `StateNodeError` records. When the stage or contract
|
|
72
|
+
failure policy keeps failure nodes, the runner makes an `error` node, records
|
|
73
|
+
the structured error, links it to the input node, and keeps it under `nodes/`.
|
|
74
74
|
|
|
75
75
|
Unknown run ids, unknown contract ids, unknown node ids, unknown stage ids, and
|
|
76
|
-
|
|
76
|
+
broken state stay hard errors because the caller is not able to go on safely.
|
|
77
77
|
|
|
78
|
-
Commit stages are verifier-gated. The default contract
|
|
79
|
-
verifier node with evidence before a `committed` commit node can be
|
|
78
|
+
Commit stages are verifier-gated. The default contract needs a verified
|
|
79
|
+
verifier node with evidence before a `committed` commit node can be made.
|
|
80
80
|
Non-gated snapshots are written as `completed` checkpoint nodes outside the
|
|
81
81
|
commit stage.
|
|
82
82
|
|
|
@@ -90,7 +90,7 @@ commit stage.
|
|
|
90
90
|
.cw/runs/<run-id>/commits/*.json
|
|
91
91
|
```
|
|
92
92
|
|
|
93
|
-
|
|
93
|
+
Commands that look at runs print stable JSON:
|
|
94
94
|
|
|
95
95
|
```text
|
|
96
96
|
cw.js contract show <run-id> [contract-id]
|
|
@@ -117,7 +117,7 @@ runPipelineStage(run, "plan", `${run.id}:input`, {
|
|
|
117
117
|
});
|
|
118
118
|
```
|
|
119
119
|
|
|
120
|
-
|
|
120
|
+
Keep a failed stage:
|
|
121
121
|
|
|
122
122
|
```ts
|
|
123
123
|
const failed = runPipelineStage(run, "commit", taskNode.id, {
|
|
@@ -127,10 +127,10 @@ const failed = runPipelineStage(run, "commit", taskNode.id, {
|
|
|
127
127
|
|
|
128
128
|
## COMPATIBILITY
|
|
129
129
|
|
|
130
|
-
Pipeline Runner is
|
|
130
|
+
Pipeline Runner is first added in CW v0.1.3. It keeps v0.1.2 run state and
|
|
131
131
|
CLI behavior. New public types are plain TypeScript interfaces with optional
|
|
132
|
-
fields where
|
|
132
|
+
fields where it makes sense.
|
|
133
133
|
|
|
134
|
-
Older runs
|
|
135
|
-
state loader, which
|
|
134
|
+
Older runs with no `nodes` or `contracts` stay readable through the existing
|
|
135
|
+
state loader, which sets up those arrays.
|
|
136
136
|
0.1.51
|
package/docs/project-index.md
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
# Cool Workflow Project Index
|
|
2
2
|
|
|
3
|
-
Generated from the current repository code on 2026-06-
|
|
3
|
+
Generated from the current repository code on 2026-06-16 by `npm run sync:project-index`.
|
|
4
4
|
|
|
5
5
|
## Snapshot
|
|
6
6
|
|
|
7
7
|
- Package: `cool-workflow`
|
|
8
|
-
- Version: `0.1.
|
|
8
|
+
- Version: `0.1.83`
|
|
9
9
|
- Source modules: `61`
|
|
10
10
|
- Workflow apps: `7`
|
|
11
11
|
- Docs: `49`
|
|
12
|
-
- Smoke tests: `
|
|
13
|
-
- Repository:
|
|
12
|
+
- Smoke tests: `92`
|
|
13
|
+
- Repository: http://local_proxy@127.0.0.1:33273/git/coo1white/cool-workflow
|
|
14
14
|
|
|
15
15
|
## Architecture
|
|
16
16
|
|
|
@@ -86,6 +86,7 @@ multi-agent host -> topology -> blackboard/coordinator
|
|
|
86
86
|
- [collaboration.ts](../src/collaboration.ts)
|
|
87
87
|
- [compare.ts](../src/compare.ts)
|
|
88
88
|
- [contract-migration.ts](../src/contract-migration.ts)
|
|
89
|
+
- [doctor.ts](../src/doctor.ts)
|
|
89
90
|
- [drive.ts](../src/drive.ts)
|
|
90
91
|
- [evidence-grounding.ts](../src/evidence-grounding.ts)
|
|
91
92
|
- [evidence-reasoning.ts](../src/evidence-reasoning.ts)
|
|
@@ -110,7 +111,6 @@ multi-agent host -> topology -> blackboard/coordinator
|
|
|
110
111
|
- [telemetry-demo.ts](../src/telemetry-demo.ts)
|
|
111
112
|
- [telemetry-ledger.ts](../src/telemetry-ledger.ts)
|
|
112
113
|
- [validation.ts](../src/validation.ts)
|
|
113
|
-
- [verifier-registry.ts](../src/verifier-registry.ts)
|
|
114
114
|
- [workbench-host.ts](../src/workbench-host.ts)
|
|
115
115
|
- [workbench.ts](../src/workbench.ts)
|
|
116
116
|
|
|
@@ -200,6 +200,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
|
|
|
200
200
|
- [control-plane-scheduling-smoke.js](../test/control-plane-scheduling-smoke.js)
|
|
201
201
|
- [coordinator-blackboard-smoke.js](../test/coordinator-blackboard-smoke.js)
|
|
202
202
|
- [det-ids-b-smoke.js](../test/det-ids-b-smoke.js)
|
|
203
|
+
- [doctor-smoke.js](../test/doctor-smoke.js)
|
|
203
204
|
- [dogfood-release-smoke.js](../test/dogfood-release-smoke.js)
|
|
204
205
|
- [durable-atomic-write-smoke.js](../test/durable-atomic-write-smoke.js)
|
|
205
206
|
- [end-to-end-demo-smoke.js](../test/end-to-end-demo-smoke.js)
|
|
@@ -226,15 +227,18 @@ Smoke tests mirror the public contracts. The high-signal suites are:
|
|
|
226
227
|
- [one-way-boundary-smoke.js](../test/one-way-boundary-smoke.js)
|
|
227
228
|
- [operator-ux-smoke.js](../test/operator-ux-smoke.js)
|
|
228
229
|
- [parallel-onramp-smoke.js](../test/parallel-onramp-smoke.js)
|
|
230
|
+
- [parity-doc-sync-smoke.js](../test/parity-doc-sync-smoke.js)
|
|
229
231
|
- [pipeline-auto-advance-smoke.js](../test/pipeline-auto-advance-smoke.js)
|
|
230
232
|
- [pipeline-runner-smoke.js](../test/pipeline-runner-smoke.js)
|
|
231
233
|
- [project-index-sync-smoke.js](../test/project-index-sync-smoke.js)
|
|
232
234
|
- [quickstart-smoke.js](../test/quickstart-smoke.js)
|
|
233
235
|
- [real-execution-backends-smoke.js](../test/real-execution-backends-smoke.js)
|
|
236
|
+
- [registry-corrupt-fail-closed-smoke.js](../test/registry-corrupt-fail-closed-smoke.js)
|
|
234
237
|
- [release-flow-smoke.js](../test/release-flow-smoke.js)
|
|
235
238
|
- [release-gate-smoke.js](../test/release-gate-smoke.js)
|
|
236
239
|
- [release-tooling-smoke.js](../test/release-tooling-smoke.js)
|
|
237
240
|
- [result-normalize-smoke.js](../test/result-normalize-smoke.js)
|
|
241
|
+
- [robustness-failclosed-smoke.js](../test/robustness-failclosed-smoke.js)
|
|
238
242
|
- [robustness-hardening-smoke.js](../test/robustness-hardening-smoke.js)
|
|
239
243
|
- [run-export-import-smoke.js](../test/run-export-import-smoke.js)
|
|
240
244
|
- [run-export-restore-rerun-smoke.js](../test/run-export-restore-rerun-smoke.js)
|
|
@@ -246,6 +250,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
|
|
|
246
250
|
- [run-resume-drive-smoke.js](../test/run-resume-drive-smoke.js)
|
|
247
251
|
- [run-retention-reclamation-smoke.js](../test/run-retention-reclamation-smoke.js)
|
|
248
252
|
- [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
|
|
253
|
+
- [sched-policy-validation-smoke.js](../test/sched-policy-validation-smoke.js)
|
|
249
254
|
- [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
|
|
250
255
|
- [schema-validation-smoke.js](../test/schema-validation-smoke.js)
|
|
251
256
|
- [security-trust-hardening-smoke.js](../test/security-trust-hardening-smoke.js)
|
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
# Real Execution Backend Integrations
|
|
2
2
|
|
|
3
|
-
CW v0.1.34 makes the delegating execution backends REAL. v0.1.29
|
|
4
|
-
driver layer (`src/execution-backend.ts`) with `node`/`bun`/`shell` really
|
|
3
|
+
CW v0.1.34 makes the delegating execution backends REAL. v0.1.29 gave us the
|
|
4
|
+
driver layer (`src/execution-backend.ts`), with `node`/`bun`/`shell` really
|
|
5
5
|
executing and `container`/`remote`/`ci` as contract-conformant stubs: `delegate()`
|
|
6
|
-
|
|
7
|
-
evidence
|
|
8
|
-
delegating drivers
|
|
9
|
-
job — opt-in, fail-closed, and
|
|
6
|
+
made a handle and gave back `status: "completed"` with `delegated:`/`handle:`
|
|
7
|
+
evidence, but ran nothing. v0.1.34 takes the place of that no-op, so the three
|
|
8
|
+
delegating drivers truly drive a container runtime, a remote runner, and a CI
|
|
9
|
+
job — opt-in, fail-closed, and keeping the SAME canonical evidence as `node`.
|
|
10
10
|
|
|
11
|
-
The driver model and the sandbox contract
|
|
11
|
+
The driver model and the sandbox contract do not change; only HOW/WHERE a
|
|
12
12
|
delegated task runs becomes real.
|
|
13
13
|
|
|
14
14
|
## Identical Evidence, Any Backend
|
|
15
15
|
|
|
16
|
-
A real delegated run
|
|
16
|
+
A real delegated run keeps the SAME canonical evidence `executeLocal` makes:
|
|
17
17
|
|
|
18
18
|
```text
|
|
19
19
|
command:<command + args>
|
|
@@ -24,35 +24,35 @@ stdoutSha256:sha256:<hex>
|
|
|
24
24
|
The execution handle (`image@digest`, `endpoint#jobId`) lives in
|
|
25
25
|
`provenance.handle` and the sandbox attestation in `provenance.attestation` —
|
|
26
26
|
NEVER in `evidence`. So a `container` run of the same task is byte-stable against
|
|
27
|
-
`node`
|
|
28
|
-
`attestation` and ISO timestamps
|
|
29
|
-
v0.1.28 registry, and the v0.1.30 Workbench stay backend-agnostic.
|
|
27
|
+
`node` once you take provenance away: only `provenance.backendId`/`handle`/
|
|
28
|
+
`attestation` and ISO timestamps are not the same. Eval/replay, the verifier gates, the
|
|
29
|
+
v0.1.28 registry, and the v0.1.30 Workbench all stay backend-agnostic.
|
|
30
30
|
|
|
31
31
|
## container
|
|
32
32
|
|
|
33
|
-
Runs `docker` (or `podman`)
|
|
33
|
+
Runs `docker` (or `podman`) for real, under the sandbox contract:
|
|
34
34
|
|
|
35
35
|
```text
|
|
36
36
|
<runtime> run --rm [--network none] -v <cwd>:<cwd>:ro -w <cwd> [-e NAME=VALUE ...] <image[@digest]> <command> <args>
|
|
37
37
|
```
|
|
38
38
|
|
|
39
|
-
- **network** — `--network none` when the profile
|
|
40
|
-
any`); a container network namespace
|
|
41
|
-
|
|
39
|
+
- **network** — `--network none` when the profile holds it back (`network.mode !=
|
|
40
|
+
any`); a container network namespace truly puts this in force (the dimension is
|
|
41
|
+
marked `enforce`).
|
|
42
42
|
- **read/write** — the workspace is mounted read-only at the same path; CW's
|
|
43
|
-
worker-output acceptance still
|
|
44
|
-
|
|
45
|
-
- **env** — only the profile
|
|
46
|
-
the image
|
|
47
|
-
|
|
43
|
+
worker-output acceptance still keeps writes inside limits. (Write-through mounts
|
|
44
|
+
will come later.)
|
|
45
|
+
- **env** — only the names the profile makes open cross into the container;
|
|
46
|
+
the image gives its own `PATH`/`HOME`, so host-specific base env is never
|
|
47
|
+
put in.
|
|
48
48
|
|
|
49
|
-
Selection
|
|
49
|
+
Selection gives the image through `--image` / `CW_CONTAINER_IMAGE` (+ optional
|
|
50
50
|
`CW_CONTAINER_DIGEST`).
|
|
51
51
|
|
|
52
52
|
## remote / ci
|
|
53
53
|
|
|
54
54
|
Real HTTP delegation. The job `{ command, args, env, sandboxProfileId, jobId? }`
|
|
55
|
-
is POSTed to the
|
|
55
|
+
is POSTed to the set endpoint by a self-contained Node child (global
|
|
56
56
|
`fetch`, so the driver stays portable and synchronous from CW's view); a returned
|
|
57
57
|
`jobId` is polled until `done`. The runner's `{ exitCode, stdout }` becomes the
|
|
58
58
|
canonical evidence. Endpoints come from `--endpoint`/`--job` or
|
|
@@ -60,30 +60,30 @@ canonical evidence. Endpoints come from `--endpoint`/`--job` or
|
|
|
60
60
|
|
|
61
61
|
## Fail Closed
|
|
62
62
|
|
|
63
|
-
A delegated run NEVER
|
|
63
|
+
A delegated run NEVER makes up a completion. It returns `status: "refused"`
|
|
64
64
|
(`attestation.status: "refused"`, a `refused:<code>` evidence line, no
|
|
65
65
|
`stdoutSha256:`) when:
|
|
66
66
|
|
|
67
67
|
- `delegation-target-missing` — no image (container) or no endpoint (remote/ci).
|
|
68
68
|
- `no-command` — a delegating backend was asked to run with no command.
|
|
69
|
-
- `runtime-unavailable` — no `docker`/`podman` on PATH, or the daemon
|
|
70
|
-
**
|
|
71
|
-
`<runtime> version --format {{.Server.Version}}` (which
|
|
72
|
-
version only when
|
|
73
|
-
|
|
74
|
-
- `delegation-failed` — the runtime
|
|
75
|
-
image), the HTTP POST/poll
|
|
69
|
+
- `runtime-unavailable` — no `docker`/`podman` on PATH, or the daemon cannot
|
|
70
|
+
be **reached**. A CLI that is there but with a dead daemon is found by a pre-flight
|
|
71
|
+
`<runtime> version --format {{.Server.Version}}` (which gives back the server
|
|
72
|
+
version only when it can be reached) — the container run's own exit code is NOT a
|
|
73
|
+
sure daemon-down sign across runtimes, so it is not used for this.
|
|
74
|
+
- `delegation-failed` — the runtime gave an error (e.g. `docker` exit 125 for a bad
|
|
75
|
+
image), the HTTP POST/poll did not work or could not be reached, or the runner gave back an
|
|
76
76
|
unparseable response or no `exitCode`.
|
|
77
77
|
|
|
78
|
-
A container command that
|
|
79
|
-
result),
|
|
78
|
+
A container command that truly runs and exits non-zero is `failed` (a real
|
|
79
|
+
result), not the same as `refused` (never ran).
|
|
80
80
|
|
|
81
81
|
## Compatibility
|
|
82
82
|
|
|
83
83
|
The default backend stays `node`; the dispatch path stays a `delegate-host`
|
|
84
|
-
execution
|
|
85
|
-
endpoint, and no credentials, every
|
|
86
|
-
real execution is strictly opt-in. The `ResultEnvelope` schema
|
|
84
|
+
execution that copies pre-v0.1.29 behavior exactly. With no container runtime, no
|
|
85
|
+
endpoint, and no credentials, every probe and test output that is there now does not
|
|
86
|
+
change — real execution is strictly opt-in. The `ResultEnvelope` schema does not change.
|
|
87
87
|
|
|
88
88
|
## See Also
|
|
89
89
|
|
|
@@ -92,7 +92,7 @@ run-registry-control-plane(7)
|
|
|
92
92
|
|
|
93
93
|
## Node Snapshot / Diff / Replay (v0.1.35)
|
|
94
94
|
|
|
95
|
-
per-node snapshot, structural diff, and isolated deterministic replay over StateNode,
|
|
95
|
+
per-node snapshot, structural diff, and isolated deterministic replay over StateNode, again using the v0.1.23 eval harness; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
|
|
96
96
|
|
|
97
97
|
## Contract Migration Tooling (v0.1.36)
|
|
98
98
|
|
|
@@ -104,11 +104,11 @@ priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed pa
|
|
|
104
104
|
|
|
105
105
|
## Agent Delegation Drive (v0.1.38)
|
|
106
106
|
|
|
107
|
-
|
|
107
|
+
start an outside agent process for each worker, take in result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
|
|
108
108
|
|
|
109
109
|
## Run Retention & Provable Reclamation (v0.1.39)
|
|
110
110
|
|
|
111
|
-
tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the
|
|
111
|
+
tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the bulk that can be built again, prove it
|
|
112
112
|
|
|
113
113
|
## Durable State & Locking (v0.1.40)
|
|
114
114
|
|
|
@@ -120,15 +120,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
|
|
|
120
120
|
|
|
121
121
|
## Robust Result Ingest (v0.1.42)
|
|
122
122
|
|
|
123
|
-
|
|
123
|
+
take in findings/evidence from any sensible agent shape (alt keys + prose), CW works out grounded evidence itself, give a warning on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
|
|
124
124
|
|
|
125
125
|
## No-False-Green Gate & Launch Prep (v0.1.43)
|
|
126
126
|
|
|
127
|
-
Hard gate
|
|
127
|
+
Hard gate that stops empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
|
|
128
128
|
|
|
129
129
|
## Release-Gate Determinism & Agents Vendor (v0.1.44)
|
|
130
130
|
|
|
131
|
-
Release-readiness checks now
|
|
131
|
+
Release-readiness checks now check the committed blob (`git show HEAD:<path>`) and not the changeable working tree — taking away false-red/false-green that came from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one common interface to CW.
|
|
132
132
|
|
|
133
133
|
## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
|
|
134
134
|
|
|
@@ -145,7 +145,11 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
|
|
|
145
145
|
|
|
146
146
|
## Fast Architecture Review (v0.1.80)
|
|
147
147
|
|
|
148
|
-
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results,
|
|
148
|
+
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
|
|
149
149
|
|
|
150
150
|
_No changes to the real execution backends in v0.1.81._
|
|
151
|
-
_No behavioral change in v0.1.82 (delegated child programs
|
|
151
|
+
_No behavioral change in v0.1.82 (delegated child programs moved out to `scripts/children/`; spawn behavior byte-identical)._
|
|
152
|
+
|
|
153
|
+
## Hardening and Onboarding (v0.1.83)
|
|
154
|
+
|
|
155
|
+
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|