cool-workflow 0.1.82 → 0.1.83

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.claude-plugin/plugin.json +2 -2
  2. package/.codex-plugin/plugin.json +4 -4
  3. package/README.md +124 -120
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/capability-core.js +16 -8
  11. package/dist/capability-registry.js +8 -0
  12. package/dist/cli.js +12 -1
  13. package/dist/commit.js +5 -1
  14. package/dist/doctor.js +153 -0
  15. package/dist/mcp-server.js +11 -0
  16. package/dist/orchestrator.js +13 -0
  17. package/dist/reclamation/hash.js +72 -0
  18. package/dist/reclamation.js +25 -78
  19. package/dist/run-registry/queue.js +6 -7
  20. package/dist/run-registry.js +35 -24
  21. package/dist/scheduler.js +78 -53
  22. package/dist/version.js +1 -1
  23. package/dist/worker-isolation.js +22 -2
  24. package/docs/agent-delegation-drive.7.md +90 -86
  25. package/docs/agent-framework.md +33 -32
  26. package/docs/candidate-scoring.7.md +26 -24
  27. package/docs/canonical-workflow-apps.7.md +40 -40
  28. package/docs/capability-topology-registry.7.md +24 -24
  29. package/docs/cli-mcp-parity.7.md +226 -154
  30. package/docs/contract-migration-tooling.7.md +48 -41
  31. package/docs/control-plane-scheduling.7.md +45 -41
  32. package/docs/coordinator-blackboard.7.md +30 -30
  33. package/docs/dogfood-one-real-repo.7.md +44 -44
  34. package/docs/durable-state-and-locking.7.md +34 -30
  35. package/docs/end-to-end-golden-path.7.md +29 -29
  36. package/docs/error-feedback.7.md +27 -27
  37. package/docs/evidence-adoption-reasoning-chain.7.md +62 -58
  38. package/docs/execution-backends.7.md +84 -80
  39. package/docs/getting-started.md +35 -18
  40. package/docs/index.md +3 -3
  41. package/docs/mcp-app-surface.7.md +64 -64
  42. package/docs/multi-agent-cli-mcp-surface.7.md +82 -77
  43. package/docs/multi-agent-eval-replay-harness.7.md +59 -55
  44. package/docs/multi-agent-operator-ux.7.md +69 -65
  45. package/docs/multi-agent-runtime-core.7.md +39 -39
  46. package/docs/multi-agent-topologies.7.md +24 -24
  47. package/docs/multi-agent-trust-policy-audit.7.md +38 -38
  48. package/docs/node-snapshot-diff-replay.7.md +26 -22
  49. package/docs/observability-cost-accounting.7.md +49 -45
  50. package/docs/operator-ux.7.md +30 -30
  51. package/docs/pipeline-runner.7.md +31 -31
  52. package/docs/project-index.md +10 -5
  53. package/docs/real-execution-backends.7.md +47 -43
  54. package/docs/release-and-migration.7.md +42 -38
  55. package/docs/release-tooling.7.md +53 -49
  56. package/docs/routines.md +16 -16
  57. package/docs/run-registry-control-plane.7.md +120 -116
  58. package/docs/run-retention-reclamation.7.md +45 -41
  59. package/docs/sandbox-profiles.7.md +32 -32
  60. package/docs/scheduled-tasks.md +14 -14
  61. package/docs/security-trust-hardening.7.md +29 -29
  62. package/docs/source-context-profiles.7.md +28 -28
  63. package/docs/state-explosion-management.7.md +63 -59
  64. package/docs/state-node.7.md +8 -8
  65. package/docs/team-collaboration.7.md +62 -58
  66. package/docs/trust-model.md +126 -126
  67. package/docs/unix-principles.md +80 -80
  68. package/docs/vendor-manifest-loadability.7.md +20 -20
  69. package/docs/verifier-gated-commit.7.md +16 -16
  70. package/docs/web-desktop-workbench.7.md +69 -65
  71. package/docs/worker-isolation.7.md +34 -37
  72. package/docs/workflow-app-framework.7.md +38 -38
  73. package/manifest/plugin.manifest.json +4 -4
  74. package/package.json +3 -2
  75. package/scripts/canonical-apps.js +4 -4
  76. package/scripts/dogfood-release.js +1 -1
  77. package/scripts/gen-parity-doc.js +106 -0
  78. package/scripts/golden-path.js +4 -4
  79. package/dist/verifier-registry.js +0 -46
@@ -1,99 +1,99 @@
1
1
  # Web / Desktop Workbench
2
2
 
3
- CW v0.1.30 adds the Web / Desktop Workbench: a human-facing console that renders
3
+ CW v0.1.30 adds the Web / Desktop Workbench: a console for people that shows
4
4
  a run's five operator surfaces — run graph, blackboard, worker logs, candidate
5
- compare, and audit timeline — plus a cross-run entry point over the v0.1.28 Run
5
+ compare, and audit timeline — plus a way in across runs over the v0.1.28 Run
6
6
  Registry. It is a THIRD FRONT DOOR, not a new brain.
7
7
 
8
- Before v0.1.30 CW had no web/HTTP/UI surface at all: the CLI rendered for human
9
- speed and the MCP server (JSON-RPC over stdio) rendered for machine context. The
10
- Workbench adds human inspection at a glance — and adds NOTHING else. It computes,
11
- decides, and stores nothing the CLI/MCP cannot already produce.
8
+ Before v0.1.30 CW had no web/HTTP/UI surface at all: the CLI showed things at human
9
+ speed and the MCP server (JSON-RPC over stdio) showed things for machine context. The
10
+ Workbench lets a person look at a run quickly — and adds NOTHING else. It works out,
11
+ decides, and keeps nothing that the CLI/MCP cannot already make.
12
12
 
13
13
  ## The third front door (mechanism vs policy)
14
14
 
15
15
  The kernel and the durable `.cw/` state are the MECHANISM. The CLI, the MCP
16
- surface, and the Workbench are three renderings — three policies — over that one
16
+ surface, and the Workbench are three ways to show it — three policies — over that one
17
17
  mechanism:
18
18
 
19
19
  - the per-run `.cw/runs/<id>/state.json` is the SINGLE source of truth
20
- - the v0.1.28 Run Registry is a DERIVED, rebuildable index over runs across repos
20
+ - the v0.1.28 Run Registry is a DERIVED index over runs across repos that you can build again
21
21
  - the Workbench is a STATELESS, READ-ONLY RENDERER over both
22
22
 
23
- Every Workbench panel embeds, VERBATIM, the canonical `--json` payload of ONE
24
- already-declared capability, assembled by calling the SAME capability core
25
- entries the CLI and MCP route through (the v0.1.27 parity contract, see
23
+ Every Workbench panel holds, VERBATIM, the true `--json` payload of ONE
24
+ capability already named, put together by calling the SAME capability core
25
+ entries the CLI and MCP go through (the v0.1.27 parity contract, see
26
26
  [CLI ↔ MCP Parity](cli-mcp-parity.7.md)). The Workbench can show nothing the CLI
27
- or MCP cannot; a `workbench.view` panel is byte-for-byte equal to its underlying
28
- `cw <cmd> --json` payload, and that equality is parity-gated.
27
+ or MCP cannot; a `workbench.view` panel is byte-for-byte equal to the
28
+ `cw <cmd> --json` payload under it, and that sameness is parity-gated.
29
29
 
30
30
  ## No hidden dashboard database
31
31
 
32
- CW's README promises there is "no hidden dashboard database." The Workbench
33
- upholds that promise by holding ZERO authoritative state:
32
+ CW's README gives its word that there is "no hidden dashboard database." The Workbench
33
+ keeps that word by holding ZERO authoritative state:
34
34
 
35
- - it persists nothing — there is no Workbench store, cache, or schema
36
- - every response is re-derived on demand from disk; refresh re-reads `.cw/`
35
+ - it keeps nothing — there is no Workbench store, cache, or schema
36
+ - every response is made again, when asked, from disk; refresh re-reads `.cw/`
37
37
  - delete the host process and nothing is lost — the data IS the files
38
38
  - it forks no run/state schema; the view models in `src/types.ts`
39
39
  (`WorkbenchRunView`, `WorkbenchPanel`, `WorkbenchServeDescriptor`) are DERIVED
40
- projections that embed existing payloads, never copies of them
40
+ projections that hold payloads that already exist, never copies of them
41
41
 
42
- The Workbench is OPTIONAL, like Bun is an optional execution backend: the
43
- committed `dist/` and a plain `node` runtime keep working with the Workbench (and
44
- its static UI assets under `ui/workbench/`) absent. The kernel imports the
42
+ The Workbench is OPTIONAL, the way Bun is an optional execution backend: the
43
+ committed `dist/` and a plain `node` runtime keep working when the Workbench (and
44
+ its static UI assets under `ui/workbench/`) is not there. The kernel imports the
45
45
  Workbench never; the Workbench imports the kernel.
46
46
 
47
47
  ## The five panels
48
48
 
49
- Each panel renders existing operator vocabulary, with the same names and
50
- semantics as the CLI (least astonishment). For run `<id>`:
49
+ Each panel shows operator words that already exist, with the same names and
50
+ meaning as the CLI (least surprise). For run `<id>`:
51
51
 
52
52
  1. RUN GRAPH — `cw graph <id> --json` (operator graph) plus
53
53
  `cw multi-agent graph <id> [--view compact|critical-path] --json`. Backend
54
- ids/attestations (v0.1.29) ride on the nodes; the critical path, failures,
55
- missing evidence, and policy violations are never collapsed.
54
+ ids/attestations (v0.1.29) sit on the nodes; the critical path, failures,
55
+ missing evidence, and policy violations are never folded away.
56
56
  2. BLACKBOARD — `cw coordinator summary <id>`, `cw blackboard summarize <id>
57
57
  --json`, and `cw blackboard graph <id>`: topics, messages, contexts,
58
58
  artifacts, snapshots, decisions, conflicts, and adopted/missing evidence.
59
59
  3. WORKER LOGS — `cw worker summary <id> --json`: manifests, outputs, scoped
60
60
  results, failures, and the recorded execution backend + sandbox attestation.
61
61
  4. CANDIDATE COMPARE — `cw candidate summary <id> --json` plus
62
- `cw multi-agent reasoning <id> --json`: scores, selection, rejection reasons,
62
+ `cw multi-agent reasoning <id> --json`: scores, selection, reasons for turning down,
63
63
  and the v0.1.26 evidence-adoption reasoning chain (why adopted).
64
64
  5. AUDIT TIMELINE — `cw audit summary <id>`, `cw audit multi-agent <id> --json`,
65
65
  `cw audit policy <id> --json`, and `cw audit judge <id> --json`: trust-audit
66
66
  events, role policy decisions, provenance, judge/chair rationale, and policy
67
67
  violations.
68
68
 
69
- Cross-run entry lists/searches runs via the Run Registry (`cw registry show
70
- --json` + `cw run list|search --json`); drilling into a run opens its five panels.
69
+ The way in across runs lists/searches runs through the Run Registry (`cw registry show
70
+ --json` + `cw run list|search --json`); going into a run opens its five panels.
71
71
 
72
72
  ## Explicit, inspectable, fail closed
73
73
 
74
- The Workbench surfaces freshness honestly. When a source capability is unreadable
75
- (a run with no blackboard yet, or unresolvable state), the panel is rendered
76
- `absent` with the honest error — exactly what the CLI would report — and the view
77
- is `resolved: false`. It never fabricates a view when source state is unreadable.
74
+ The Workbench shows freshness in a true way. When a source capability cannot be read
75
+ (a run with no blackboard yet, or state that cannot be worked out), the panel is shown
76
+ `absent` with the true error — just what the CLI would report — and the view
77
+ is `resolved: false`. It never makes up a view when source state cannot be read.
78
78
  The same `valid`/`stale`/`absent`/`missing` freshness the runtime already records
79
- (Run Registry, Evidence Adoption Reasoning Chain, state-explosion summaries) flows
79
+ (Run Registry, Evidence Adoption Reasoning Chain, state-explosion summaries) goes
80
80
  through verbatim.
81
81
 
82
82
  ## Trust boundary
83
83
 
84
- The host is least-privilege and local by default:
84
+ The host has least privilege and is local by default:
85
85
 
86
86
  - it binds the loopback interface `127.0.0.1` ONLY — never a public address
87
- - it is READ-ONLY: every route is `GET`; any write verb is refused `405`
88
- - it rejects non-localhost `Host` headers (a DNS-rebinding defense) with `403`
89
- - it refuses path traversal out of `ui/workbench/` with `403`
90
- - it serves nothing beyond the current user's `.cw/` scope and the Run Registry's
87
+ - it is READ-ONLY: every route is `GET`; any write verb is turned away with `405`
88
+ - it turns away non-localhost `Host` headers (a DNS-rebinding defense) with `403`
89
+ - it turns away path traversal out of `ui/workbench/` with `403`
90
+ - it serves nothing past the current user's `.cw/` scope and the Run Registry's
91
91
  registered repos
92
92
  - it fails closed on anything it cannot read
93
93
 
94
- The console is read-only. It offers no actions. If a future release adds an action
95
- (resume, rerun, dispatch), that action MUST route through an existing declared
96
- capability core entry — never a parallel code path — so it cannot drift from the
94
+ The console is read-only. It offers no actions. If a later release adds an action
95
+ (resume, rerun, dispatch), that action MUST go through a declared
96
+ capability core entry that already exists — never a side code path — so it cannot drift from the
97
97
  CLI/MCP and is covered by the parity gate.
98
98
 
99
99
  ## Surfaces
@@ -104,13 +104,13 @@ cw workbench serve [--port N] [--scope repo|home] [--once|--json]
104
104
  ```
105
105
 
106
106
  `cw workbench serve` with `--once`/`--json` prints the serve descriptor (bind
107
- host/port, scope, routes) and exits without starting a server; the default starts
107
+ host/port, scope, routes) and stops without starting a server; the default starts
108
108
  the localhost host (like `schedule daemon`). The MCP tools `cw_workbench_view` and
109
- `cw_workbench_serve` mirror these: `cw_workbench_view` returns the same view as the
110
- CLI `--json`, and `cw_workbench_serve` returns the descriptor only — an MCP stdio
111
- host cannot start a blocking server. That single side-effect difference is the
112
- declared, documented payload divergence recorded in `src/capability-registry.ts`;
113
- the descriptor payload itself is identical across surfaces.
109
+ `cw_workbench_serve` match these: `cw_workbench_view` gives back the same view as the
110
+ CLI `--json`, and `cw_workbench_serve` gives back the descriptor only — an MCP stdio
111
+ host cannot start a server that blocks. That one side-effect difference is the
112
+ declared, documented payload divergence written down in `src/capability-registry.ts`;
113
+ the descriptor payload itself is the same across surfaces.
114
114
 
115
115
  The read-only HTTP routes the host serves:
116
116
 
@@ -124,9 +124,9 @@ GET /api/run/:runId # the five-panel WorkbenchRunView
124
124
 
125
125
  ## Version
126
126
 
127
- This is CW v0.1.30. The Workbench changes no run-state schema and requires no
128
- migration: it is a pure read-only projection over existing durable state and
129
- existing capability payloads. Removing it leaves the framework fully functional.
127
+ This is CW v0.1.30. The Workbench changes no run-state schema and needs no
128
+ migration: it is a pure read-only projection over durable state that already exists and
129
+ capability payloads that already exist. Taking it away leaves the framework fully working.
130
130
 
131
131
  See also [Operator UX](operator-ux.7.md), [CLI ↔ MCP Parity](cli-mcp-parity.7.md),
132
132
  and [Run Registry / Control Plane](run-registry-control-plane.7.md).
@@ -134,12 +134,12 @@ and [Run Registry / Control Plane](run-registry-control-plane.7.md).
134
134
  ## Observability + Cost Accounting (v0.1.31)
135
135
 
136
136
  v0.1.31 adds Observability + Cost Accounting: `metrics show`/`metrics summary`
137
- derive durations, failure/verifier/acceptance rates (with sample counts and
138
- fail-closed `n/a`), and host-attested token/cost from existing durable run state
137
+ work out durations, failure/verifier/acceptance rates (with sample counts and
138
+ fail-closed `n/a`), and host-attested token/cost from durable run state that already exists
139
139
  — no metrics database, no collector daemon, no hidden counter. Usage is additive
140
140
  and optional (absent ⇒ `unreported`, never 0); cost is `attested` (attested usage
141
141
  × a recorded pricing policy) or clearly `estimated`, with pricing as policy. Both
142
- verbs are parity-gated and render read-only in the v0.1.30 Workbench. See
142
+ verbs are parity-gated and show read-only in the v0.1.30 Workbench. See
143
143
  [observability-cost-accounting.7.md](observability-cost-accounting.7.md).
144
144
 
145
145
 
@@ -149,19 +149,19 @@ v0.1.32 adds Team Collaboration: a host-attested actor and append-only
149
149
  approvals/rejections/comments/handoffs provenance-linked to a durable target,
150
150
  plus a review gate that STACKS ON the verifier gate — required approvals from
151
151
  authorized roles, enforced inside `resolveCommitGate` AFTER the verifier checks
152
- and never instead of them, failing closed on quorum/authority/self-approval and
152
+ and never in place of them, failing closed on quorum/authority/self-approval and
153
153
  recording who approved the very artifact that shipped. Policy (required approvals,
154
- authorized roles, self-approval) is data, default off (pre-v0.1.32 behavior
155
- unchanged). The verbs are parity-gated and render read-only in the v0.1.30
154
+ authorized roles, self-approval) is data, off by default (pre-v0.1.32 behavior
155
+ unchanged). The verbs are parity-gated and show read-only in the v0.1.30
156
156
  Workbench. See [Team Collaboration](team-collaboration.7.md).
157
157
 
158
158
  ## Release Tooling (v0.1.33)
159
159
 
160
- the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a de-duplicated release gate. See release-tooling(7).
160
+ the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a release gate that has no doubled steps. See release-tooling(7).
161
161
 
162
162
  ## Real Execution Backend Integrations (v0.1.34)
163
163
 
164
- container/remote/ci backends really execute (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is unavailable. See real-execution-backends(7).
164
+ container/remote/ci backends really run (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there. See real-execution-backends(7).
165
165
 
166
166
  ## Node Snapshot / Diff / Replay (v0.1.35)
167
167
 
@@ -169,7 +169,7 @@ per-node snapshot, structural diff, and isolated deterministic replay over State
169
169
 
170
170
  ## Contract Migration Tooling (v0.1.36)
171
171
 
172
- first-class declared migration registry (run-state + workflow-app) with per-edge compatibility proofs, fail-closed reachability, and a round-trip/non-destruction prover. See contract-migration-tooling(7).
172
+ first-class declared migration registry (run-state + workflow-app) with per-edge compatibility proofs, fail-closed reachability, and a round-trip/non-destruction prover that checks it. See contract-migration-tooling(7).
173
173
 
174
174
  ## Control-Plane Scheduling (v0.1.37)
175
175
 
@@ -177,11 +177,11 @@ priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed pa
177
177
 
178
178
  ## Agent Delegation Drive (v0.1.38)
179
179
 
180
- spawn an external agent process per worker, capture result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
180
+ start an outside agent process for each worker, take result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
181
181
 
182
182
  ## Run Retention & Provable Reclamation (v0.1.39)
183
183
 
184
- tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the reconstructable bulk, prove it
184
+ tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the bulk that can be built again, prove it
185
185
 
186
186
  ## Durable State & Locking (v0.1.40)
187
187
 
@@ -193,15 +193,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
193
193
 
194
194
  ## Robust Result Ingest (v0.1.42)
195
195
 
196
- capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
196
+ take findings/evidence from any reasonable agent shape (alt keys + prose), CW works out grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
197
197
 
198
198
  ## No-False-Green Gate & Launch Prep (v0.1.43)
199
199
 
200
- Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
200
+ Hard gate that blocks empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
201
201
 
202
202
  ## Release-Gate Determinism & Agents Vendor (v0.1.44)
203
203
 
204
- Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
204
+ Release-readiness checks now check the committed blob (`git show HEAD:<path>`) in place of the mutable working tree — taking away false-red/false-green from working-tree writes at the same time (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one common interface to CW.
205
205
 
206
206
  ## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
207
207
 
@@ -218,7 +218,11 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
218
218
 
219
219
  ## Fast Architecture Review (v0.1.80)
220
220
 
221
- Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
221
+ Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, Map and Assess results you can use again, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
222
222
 
223
223
  _No changes to the Web / Desktop Workbench in v0.1.81._
224
224
  _No changes in v0.1.82._
225
+
226
+ ## Hardening and Onboarding (v0.1.83)
227
+
228
+ Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
@@ -28,15 +28,15 @@ node dist/cli.js dispatch <run-id> --sandbox readonly
28
28
 
29
29
  ## DESCRIPTION
30
30
 
31
- Worker Isolation is the small boundary layer between dispatch manifests, worker
32
- task prompts, worker-local files, result envelopes, StateNode records,
33
- PipelineRunner verifier gates, ErrorFeedback, and reports.
31
+ Worker Isolation is the small boundary layer that sits between dispatch
32
+ manifests, worker task prompts, worker-local files, result envelopes, StateNode
33
+ records, PipelineRunner verifier gates, ErrorFeedback, and reports.
34
34
 
35
35
  It is not a process sandbox, container runtime, lease manager, or autonomous
36
36
  agent spawner. CW still writes task artifacts. Operators or the agent host run
37
- workers explicitly and return results through declared files.
37
+ workers themselves and send results back through named files.
38
38
 
39
- The kernel owns only:
39
+ The kernel keeps only these jobs:
40
40
 
41
41
  - worker scope allocation
42
42
  - stable worker manifests
@@ -48,8 +48,8 @@ The kernel owns only:
48
48
 
49
49
  ## WORKER MODEL
50
50
 
51
- Dispatch moves runnable tasks to `running` and allocates one worker scope per
52
- dispatched task. Each worker receives a plain input file and a result path.
51
+ Dispatch moves runnable tasks to `running` and gives one worker scope to each
52
+ dispatched task. Each worker gets a plain input file and a result path.
53
53
 
54
54
  The normal flow is:
55
55
 
@@ -58,14 +58,14 @@ dispatch task -> worker scope -> worker.json + manifest.json/input.md -> result.
58
58
  -> result node -> verifier node -> commit/report
59
59
  ```
60
60
 
61
- Worker output does not mutate shared run state directly. CW records accepted
62
- output as result and verifier nodes after boundary checks pass.
61
+ Worker output does not change shared run state on its own. CW records accepted
62
+ output as result and verifier nodes after the boundary checks are passed.
63
63
 
64
64
  ## ISOLATION BOUNDARIES
65
65
 
66
- Isolation is path and contract based.
66
+ Isolation is based on path and contract.
67
67
 
68
- In CW v0.1.8, named Sandbox Profiles define the worker read paths, write paths,
68
+ In CW v0.1.8, named Sandbox Profiles set the worker read paths, write paths,
69
69
  command policy, network policy, environment policy, worker output allowances,
70
70
  and host enforcement instructions. See `sandbox-profiles.7.md`.
71
71
 
@@ -75,11 +75,11 @@ inside `artifacts/` when `workerOutput.artifacts` is allowed, inside `logs/`
75
75
  when `workerOutput.logs` is allowed, or inside an explicitly allowed path
76
76
  passed by the legacy runtime policy.
77
77
 
78
- Reads and writes are represented separately. CW validates accepted output writes
79
- it records. The agent host must enforce actual OS-level read/write restrictions
80
- while the worker is running.
78
+ Reads and writes are shown apart from each other. CW checks the accepted output
79
+ writes that it records. The agent host must enforce the real OS-level read and
80
+ write limits while the worker is running.
81
81
 
82
- Out-of-scope output is rejected and preserved as:
82
+ Out-of-scope output is rejected and kept as:
83
83
 
84
84
  - a failed or rejected worker scope
85
85
  - an `error` StateNode
@@ -101,27 +101,25 @@ Out-of-scope output is rejected and preserved as:
101
101
  ```
102
102
 
103
103
  `worker.json` is the durable worker-scope state record. `manifest.json` is the
104
- worker-facing projection that hosts and agents read before writing `result.md`.
105
- Keeping them separate prevents a regenerated manifest from overwriting
106
- scope-only runtime state such as retry counters, lifecycle metadata, or future
107
- operator annotations. New v0.1.8 worker records include `sandboxProfileId`,
108
- `sandboxPolicy`, and a `sandbox` host contract with `enforcedByCW` and
109
- `hostRequired`.
104
+ worker-facing view that hosts and agents read before they write `result.md`.
105
+ Keeping them apart stops a rebuilt manifest from writing over scope-only runtime
106
+ state such as retry counters, lifecycle metadata, or later operator notes. New
107
+ v0.1.8 worker records hold `sandboxProfileId`, `sandboxPolicy`, and a `sandbox`
108
+ host contract with `enforcedByCW` and `hostRequired`.
110
109
 
111
110
  ## FAILURE MODES
112
111
 
113
- Missing result files are retryable worker failures.
112
+ Missing result files are worker failures that can be retried.
114
113
 
115
- Boundary violations are rejected worker outputs. They are not accepted into
116
- result state. Sandbox write denials use `sandbox-write-denied`; unknown and
117
- invalid profiles use `sandbox-profile-not-found` and `sandbox-profile-invalid`.
114
+ Boundary violations are rejected worker outputs. They are not taken into result
115
+ state. Sandbox write denials use `sandbox-write-denied`; unknown and invalid
116
+ profiles use `sandbox-profile-not-found` and `sandbox-profile-invalid`.
118
117
 
119
- Verifier failures remain verifier failures. Worker Isolation preserves the
120
- worker directory and records feedback so the operator can inspect or correct the
121
- result.
118
+ Verifier failures stay verifier failures. Worker Isolation keeps the worker
119
+ directory and records feedback so the operator can look at or fix the result.
122
120
 
123
121
  Corrupt run state, unknown workers, and unknown tasks are hard errors because
124
- the runtime cannot proceed safely.
122
+ the runtime cannot go on safely.
125
123
 
126
124
  ## EXAMPLES
127
125
 
@@ -151,17 +149,16 @@ node dist/cli.js worker fail <run-id> <worker-id> --message "worker could not in
151
149
 
152
150
  ## COMPATIBILITY
153
151
 
154
- Worker Isolation is introduced in CW v0.1.5. It adds optional worker fields to
152
+ Worker Isolation is first added in CW v0.1.5. It adds optional worker fields to
155
153
  run paths, tasks, dispatch tasks, dispatch records, summaries, and run state.
156
154
 
157
- Sandbox Profiles are introduced in CW v0.1.8. The legacy `allowedPaths` field
158
- remains available and now mirrors effective write acceptance paths for older
159
- hosts. New hosts should prefer `sandboxPolicy.readPaths`,
155
+ Sandbox Profiles are first added in CW v0.1.8. The legacy `allowedPaths` field
156
+ is still there and now matches the effective write acceptance paths for older
157
+ hosts. New hosts should use `sandboxPolicy.readPaths`,
160
158
  `sandboxPolicy.writePaths`, `sandboxPolicy.workerOutput`, and
161
159
  `sandbox.hostRequired`.
162
160
 
163
- Existing `plan`, `dispatch`, `result`, `node`, `contract`, and `feedback`
164
- commands remain compatible. The legacy `result` command still accepts a task id
165
- and result file. The stricter boundary-aware path is the `worker output`
166
- command.
161
+ The existing `plan`, `dispatch`, `result`, `node`, `contract`, and `feedback`
162
+ commands still work. The legacy `result` command still takes a task id and
163
+ result file. The stricter boundary-aware path is the `worker output` command.
167
164
  0.1.51
@@ -27,12 +27,12 @@ node scripts/cw.js plan my-app --question "What should happen?"
27
27
 
28
28
  ## Description
29
29
 
30
- CW treats the runner as the base system and workflow apps as userland. The
30
+ CW uses the runner as the base system and workflow apps as userland. The
31
31
  runner owns state transitions, dispatch, result recording, verifier gates,
32
- commits, and reports. A workflow app owns domain-specific inputs, phases, task
33
- prompts, evidence requirements, and sandbox profile hints.
32
+ commits, and reports. A workflow app owns its own inputs, phases, task
33
+ prompts, evidence needs, and sandbox profile hints.
34
34
 
35
- The framework is intentionally small. The public app helpers are:
35
+ The framework is kept small on purpose. The public app helpers are:
36
36
 
37
37
  - `defineWorkflowApp(definition)`
38
38
  - `workflow(definition)`
@@ -41,9 +41,9 @@ The framework is intentionally small. The public app helpers are:
41
41
  - `artifact(id, prompt, options)`
42
42
  - `input(name, options)`
43
43
 
44
- Legacy workflow factories remain valid. If a canonical app owns the public id,
45
- the legacy wrapper should use an explicit compatibility id such as
46
- `legacy-research-synthesis` to avoid duplicate discovery:
44
+ Legacy workflow factories are still good to use. If a canonical app owns the public id,
45
+ the legacy wrapper should use a clear compatibility id such as
46
+ `legacy-research-synthesis` so the same app is not found twice:
47
47
 
48
48
  ```js
49
49
  module.exports = ({ workflow, phase, agent, artifact }) =>
@@ -61,7 +61,7 @@ module.exports = ({ workflow, phase, agent, artifact }) =>
61
61
 
62
62
  ## App Contract
63
63
 
64
- A first-class app contract is a plain object:
64
+ A first-class app contract is a simple object:
65
65
 
66
66
  ```js
67
67
  module.exports = defineWorkflowApp({
@@ -101,30 +101,30 @@ module.exports = defineWorkflowApp({
101
101
  });
102
102
  ```
103
103
 
104
- The durable fields are:
104
+ The lasting fields are:
105
105
 
106
- - `schemaVersion`: currently `1`
106
+ - `schemaVersion`: now `1`
107
107
  - `id`: stable app id, lowercase letters, digits, dots, and hyphens
108
- - `title`: human-readable name
109
- - `summary`: short description
108
+ - `title`: name people can read
109
+ - `summary`: short note
110
110
  - `version`: semver app version
111
111
  - `author`: string or `{ name, url, email }`
112
112
  - `workflow`: workflow definition or manifest entrypoint
113
- - `inputs`: declared input definitions
114
- - `sandboxProfiles`: named bundled sandbox profiles used by the app
115
- - `compatibility`: optional CW version constraints
113
+ - `inputs`: the input definitions you set
114
+ - `sandboxProfiles`: named bundled sandbox profiles the app uses
115
+ - `compatibility`: optional CW version limits
116
116
  - `metadata`: app-owned JSON metadata
117
117
 
118
118
  ## App Directory
119
119
 
120
- CW also discovers app directories:
120
+ CW also finds app directories:
121
121
 
122
122
  ```text
123
123
  apps/<app-id>/app.json
124
124
  apps/<app-id>/workflow.js
125
125
  ```
126
126
 
127
- `app.json` stores the app metadata and points at a relative workflow entrypoint:
127
+ `app.json` keeps the app metadata and points at a relative workflow entrypoint:
128
128
 
129
129
  ```json
130
130
  {
@@ -139,7 +139,7 @@ apps/<app-id>/workflow.js
139
139
  }
140
140
  ```
141
141
 
142
- The entrypoint may export a workflow object or a factory:
142
+ The entrypoint may give out a workflow object or a factory:
143
143
 
144
144
  ```js
145
145
  module.exports = ({ workflow, phase, agent, input }) => {
@@ -159,18 +159,18 @@ module.exports = ({ workflow, phase, agent, input }) => {
159
159
 
160
160
  ## Validation
161
161
 
162
- App loading fails closed. CW validates:
162
+ App loading fails closed. CW checks:
163
163
 
164
164
  - app `schemaVersion`, `id`, `title`, and semver `version`
165
- - input names, types, duplicate inputs, and boolean flags
166
- - workflow id/title matching the app id/title
167
- - positive limits and `maxConcurrentAgents <= maxAgents`
168
- - phase ids and duplicate phase ids
169
- - task ids, duplicate task ids, task kind, prompt, and evidence flags
165
+ - input names, types, the same input given twice, and boolean flags
166
+ - workflow id/title that match the app id/title
167
+ - limits above zero and `maxConcurrentAgents <= maxAgents`
168
+ - phase ids and the same phase id given twice
169
+ - task ids, the same task id given twice, task kind, prompt, and evidence flags
170
170
  - sandbox profile references on the app, workflow, and tasks
171
- - compatibility constraints against the current CW runtime
171
+ - compatibility limits against the current CW runtime
172
172
 
173
- `cw.js app validate` prints a structured result. Invalid apps return nonzero:
173
+ `cw.js app validate` prints a structured result. Apps that are not valid return nonzero:
174
174
 
175
175
  ```json
176
176
  {
@@ -185,7 +185,7 @@ App loading fails closed. CW validates:
185
185
  }
186
186
  ```
187
187
 
188
- CW does not silently rewrite malformed apps into runnable workflows.
188
+ CW does not quietly change broken apps into workflows that can run.
189
189
 
190
190
  ## CLI
191
191
 
@@ -197,20 +197,20 @@ node scripts/cw.js app init <app-id> --title "Title"
197
197
  node scripts/cw.js app package <app-id> --output app.cwapp.json
198
198
  ```
199
199
 
200
- `cw.js list`, `cw.js init`, and `cw.js plan` remain compatible. `list` includes
201
- legacy workflow files and first-class app directories. `plan` accepts either
200
+ `cw.js list`, `cw.js init`, and `cw.js plan` still work the same way. `list` shows
201
+ legacy workflow files and first-class app directories. `plan` takes either
202
202
  kind by id.
203
203
 
204
204
  ## Canonical Apps
205
205
 
206
- CW v0.1.13 includes four maintained canonical app directories:
206
+ CW v0.1.13 comes with four kept-up canonical app directories:
207
207
 
208
208
  - `architecture-review`
209
209
  - `pr-review-fix-ci`
210
210
  - `release-cut`
211
211
  - `research-synthesis`
212
212
 
213
- These apps are official userland pressure tests for the framework. They use declared
213
+ These apps are the official userland hard tests for the framework. They use set
214
214
  inputs, compatibility metadata, sandbox profile hints, and evidence-required
215
215
  verification or synthesis/verdict tasks. Validate and plan the full matrix with:
216
216
 
@@ -222,7 +222,7 @@ See [canonical-workflow-apps.7.md](canonical-workflow-apps.7.md).
222
222
 
223
223
  ## MCP
224
224
 
225
- The MCP bridge exposes matching tools:
225
+ The MCP bridge gives matching tools:
226
226
 
227
227
  - `cw_app_list`
228
228
  - `cw_app_show`
@@ -232,16 +232,16 @@ The MCP bridge exposes matching tools:
232
232
  - `cw_app_run`
233
233
 
234
234
  Tool results are JSON and use the same app summaries and validation issue
235
- records as the CLI. `cw_app_run` creates a run from an app id and structured
236
- `inputs`, then returns the run id, app id/version, state/report paths, pending
237
- task count, compact operator status, and next actions.
235
+ records as the CLI. `cw_app_run` makes a run from an app id and structured
236
+ `inputs`, then gives back the run id, app id/version, state/report paths, the count of
237
+ tasks still waiting, short operator status, and next actions.
238
238
 
239
- The full agent-host runtime surface is documented in
239
+ The full agent-host runtime surface is written up in
240
240
  [mcp-app-surface.7.md](mcp-app-surface.7.md).
241
241
 
242
242
  ## State And Reports
243
243
 
244
- Run state records compact app metadata at:
244
+ Run state keeps short app metadata at:
245
245
 
246
246
  ```text
247
247
  state.json.workflow.app
@@ -254,7 +254,7 @@ Workflow App: <id>@<version>
254
254
  Workflow App Source: <manifest-or-entrypoint-path>
255
255
  ```
256
256
 
257
- CW stores app identity, version, compatibility, source path, sandbox profile
257
+ CW keeps app identity, version, compatibility, source path, sandbox profile
258
258
  references, and metadata. It does not copy workflow source into run state.
259
259
 
260
260
  ## Files
@@ -2,7 +2,7 @@
2
2
  "_comment": "SINGLE SOURCE OF TRUTH for every vendor manifest. Edit THIS file, then run `npm run gen:manifests`. Do NOT hand-edit the generated vendor manifests (.claude-plugin/, .codex-plugin/, .agents/, .mcp.json) — `npm run gen:manifests -- --check` (run by release:check) will fail if they drift from this source.",
3
3
  "identity": {
4
4
  "name": "cool-workflow",
5
- "version": "0.1.82",
5
+ "version": "0.1.83",
6
6
  "license": "BSD-2-Clause",
7
7
  "homepage": "https://github.com/coo1white/cool-workflow",
8
8
  "author": {
@@ -20,9 +20,9 @@
20
20
  ]
21
21
  },
22
22
  "descriptions": {
23
- "short": "Auditable workflow control-plane.",
24
- "standard": "Auditable workflow control-plane and orchestration runtime: TypeScript dispatch, evidence-gated verification, state commits, scheduling, routines, multi-agent coordination, and MCP. Delegates execution to external agents — never runs models.",
25
- "long": "Cool Workflow (CW) is an auditable workflow control-plane and orchestration runtime. It provides a TypeScript COL runtime, Workflow App framework contracts, Router/Orchestrator, Subagent Dispatch, Deterministic Harness, Adversarial Verifier, Git/State Commit, Sandbox Profiles, scheduled tasks, routine triggers, a high-level Multi-Agent CLI/MCP host surface, and an MCP JSON-RPC 2.0 bridge. Developers write reusable workflow apps; CW delegates execution to an external agent host and records verified, replayable state — it never embeds a model API."
23
+ "short": "A workflow control plane you are able to check.",
24
+ "standard": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
25
+ "long": "Cool Workflow (CW) is a workflow control plane and run-time you are able to check. It gives you: a TypeScript COL run-time, Workflow App framework agreements, a Router and Orchestrator, Subagent Dispatch, a same-every-time Harness, a hard-questioning Verifier, Git and State Commit, Sandbox Profiles, time-ordered jobs, jobs that come round again, a high-level Multi-Agent CLI and MCP host face, and an MCP JSON-RPC 2.0 bridge. Builders make workflow apps they are able to use again; CW gives the doing of the work to an outside agent host and keeps a checked, play-again record of state — it never puts a model API inside itself."
26
26
  },
27
27
  "interface": {
28
28
  "displayName": "Cool Workflow",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.82",
3
+ "version": "0.1.83",
4
4
  "bin": {
5
5
  "cool-workflow": "scripts/cw.js",
6
6
  "cw": "scripts/cw.js"
@@ -14,7 +14,7 @@
14
14
  "bugs": {
15
15
  "url": "https://github.com/coo1white/cool-workflow/issues"
16
16
  },
17
- "description": "Auditable workflow control-plane and orchestration runtime: TypeScript dispatch, evidence-gated verification, state commits, scheduling, routines, multi-agent coordination, and MCP. Delegates execution to external agents — never runs models.",
17
+ "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
18
18
  "type": "commonjs",
19
19
  "license": "BSD-2-Clause",
20
20
  "author": {
@@ -51,6 +51,7 @@
51
51
  "forward-ref": "node scripts/forward-ref-docs.js",
52
52
  "verify:container": "node scripts/verify-container-selfref.js",
53
53
  "gen:manifests": "node scripts/gen-manifests.js",
54
+ "gen:parity": "node scripts/gen-parity-doc.js",
54
55
  "manifest:load-check": "node test/vendor-manifest-load-smoke.js",
55
56
  "parity:check": "node scripts/parity-check.js --check",
56
57
  "version:sync": "node scripts/version-sync-check.js",