cool-workflow 0.1.82 → 0.1.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +2 -2
- package/.codex-plugin/plugin.json +4 -4
- package/README.md +124 -120
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/capability-core.js +16 -8
- package/dist/capability-registry.js +8 -0
- package/dist/cli.js +12 -1
- package/dist/commit.js +5 -1
- package/dist/doctor.js +153 -0
- package/dist/mcp-server.js +11 -0
- package/dist/orchestrator.js +13 -0
- package/dist/reclamation/hash.js +72 -0
- package/dist/reclamation.js +25 -78
- package/dist/run-registry/queue.js +6 -7
- package/dist/run-registry.js +35 -24
- package/dist/scheduler.js +78 -53
- package/dist/version.js +1 -1
- package/dist/worker-isolation.js +22 -2
- package/docs/agent-delegation-drive.7.md +90 -86
- package/docs/agent-framework.md +33 -32
- package/docs/candidate-scoring.7.md +26 -24
- package/docs/canonical-workflow-apps.7.md +40 -40
- package/docs/capability-topology-registry.7.md +24 -24
- package/docs/cli-mcp-parity.7.md +226 -154
- package/docs/contract-migration-tooling.7.md +48 -41
- package/docs/control-plane-scheduling.7.md +45 -41
- package/docs/coordinator-blackboard.7.md +30 -30
- package/docs/dogfood-one-real-repo.7.md +44 -44
- package/docs/durable-state-and-locking.7.md +34 -30
- package/docs/end-to-end-golden-path.7.md +29 -29
- package/docs/error-feedback.7.md +27 -27
- package/docs/evidence-adoption-reasoning-chain.7.md +62 -58
- package/docs/execution-backends.7.md +84 -80
- package/docs/getting-started.md +35 -18
- package/docs/index.md +3 -3
- package/docs/mcp-app-surface.7.md +64 -64
- package/docs/multi-agent-cli-mcp-surface.7.md +82 -77
- package/docs/multi-agent-eval-replay-harness.7.md +59 -55
- package/docs/multi-agent-operator-ux.7.md +69 -65
- package/docs/multi-agent-runtime-core.7.md +39 -39
- package/docs/multi-agent-topologies.7.md +24 -24
- package/docs/multi-agent-trust-policy-audit.7.md +38 -38
- package/docs/node-snapshot-diff-replay.7.md +26 -22
- package/docs/observability-cost-accounting.7.md +49 -45
- package/docs/operator-ux.7.md +30 -30
- package/docs/pipeline-runner.7.md +31 -31
- package/docs/project-index.md +10 -5
- package/docs/real-execution-backends.7.md +47 -43
- package/docs/release-and-migration.7.md +42 -38
- package/docs/release-tooling.7.md +53 -49
- package/docs/routines.md +16 -16
- package/docs/run-registry-control-plane.7.md +120 -116
- package/docs/run-retention-reclamation.7.md +45 -41
- package/docs/sandbox-profiles.7.md +32 -32
- package/docs/scheduled-tasks.md +14 -14
- package/docs/security-trust-hardening.7.md +29 -29
- package/docs/source-context-profiles.7.md +28 -28
- package/docs/state-explosion-management.7.md +63 -59
- package/docs/state-node.7.md +8 -8
- package/docs/team-collaboration.7.md +62 -58
- package/docs/trust-model.md +126 -126
- package/docs/unix-principles.md +80 -80
- package/docs/vendor-manifest-loadability.7.md +20 -20
- package/docs/verifier-gated-commit.7.md +16 -16
- package/docs/web-desktop-workbench.7.md +69 -65
- package/docs/worker-isolation.7.md +34 -37
- package/docs/workflow-app-framework.7.md +38 -38
- package/manifest/plugin.manifest.json +4 -4
- package/package.json +3 -2
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +1 -1
- package/scripts/gen-parity-doc.js +106 -0
- package/scripts/golden-path.js +4 -4
- package/dist/verifier-registry.js +0 -46
|
@@ -2,52 +2,52 @@
|
|
|
2
2
|
|
|
3
3
|
CW v0.1.38 adds Agent Delegation Drive: a way to run a natural-language-prompt
|
|
4
4
|
workflow **end-to-end by DELEGATING each worker to an EXTERNAL agent process**
|
|
5
|
-
(`claude -p` headless, `codex exec`, or a configured HTTP agent endpoint)
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
(`claude -p` headless, `codex exec`, or a configured HTTP agent endpoint). It
|
|
6
|
+
keeps each worker's `result.md` plus a record of which agent/model made it. It
|
|
7
|
+
turns the `architecture-review` app into CW's first ready-to-use,
|
|
8
8
|
evidence-audited product: point CW at a repo, get an audited risk report — with
|
|
9
|
-
no
|
|
9
|
+
no person hand-writing any `result.md`.
|
|
10
10
|
|
|
11
|
-
Before v0.1.38, CW could `plan` a workflow,
|
|
12
|
-
output, but **nothing spawned the agent that wrote each `result.md`**.
|
|
13
|
-
`architecture-review` end-to-end
|
|
14
|
-
result files
|
|
15
|
-
|
|
11
|
+
Before v0.1.38, CW could `plan` a workflow, keep workers apart, and take in their
|
|
12
|
+
output, but **nothing spawned the agent that wrote each `result.md`**. To run
|
|
13
|
+
`architecture-review` end-to-end, an operator had to hand-write all 14 worker
|
|
14
|
+
result files outside the loop, with no kept record of which agent/model made
|
|
15
|
+
each. The new `agent` backend + `run --drive` loop close that last gap.
|
|
16
16
|
|
|
17
17
|
## The red line — delegate, do not internalize
|
|
18
18
|
|
|
19
19
|
CW **DELEGATES, IT DOES NOT BECOME THE EXECUTOR.** The `agent` backend does the
|
|
20
20
|
same thing the `container`/`remote`/`ci` backends do: it `spawnSync`s an
|
|
21
21
|
out-of-process child (the agent CLI, argv-style, `shell:false`) or POSTs to a
|
|
22
|
-
configured endpoint, then
|
|
23
|
-
+ a `SandboxAttestation` + the canonical result envelope.
|
|
24
|
-
agent's process, never inside CW.** CW
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
provider SDK to `package.json` would lose the
|
|
28
|
-
line.
|
|
22
|
+
configured endpoint, then keeps a record of a `BackendExecutionHandle`
|
|
23
|
+
(`kind: "process"`) + a `SandboxAttestation` + the canonical result envelope.
|
|
24
|
+
**The model runs in the agent's process, never inside CW.** CW brings in no model
|
|
25
|
+
SDK, holds no API key, builds no chat/completions request, and calls no model
|
|
26
|
+
HTTP API. Any API key comes from the agent's *own* inherited env; CW never reads
|
|
27
|
+
or keeps a record of it. Adding a provider SDK to `package.json` would lose the
|
|
28
|
+
neutral-audit moat and is the red line.
|
|
29
29
|
|
|
30
30
|
## Operator-chosen model is policy; agent-reported model is the attestation
|
|
31
31
|
|
|
32
32
|
Any model id CW passes **into** the agent invocation (`CW_AGENT_MODEL`
|
|
33
33
|
interpolated into `{{model}}`) is **policy-as-data the operator chose**. It is
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
model id comes
|
|
37
|
-
the agent reports no model, CW
|
|
38
|
-
`CW_AGENT_MODEL`. A configured `CW_AGENT_MODEL` that
|
|
39
|
-
reported model does not overwrite the host-reported model id.
|
|
34
|
+
kept only as part of the secret-stripped command-template/args provenance and is
|
|
35
|
+
**never** the source of the attested `UsageRecord.model`. The recorded/attested
|
|
36
|
+
model id comes only from what the external agent reports back in its output. If
|
|
37
|
+
the agent reports no model, CW writes down `unreported` — it never fills in from
|
|
38
|
+
`CW_AGENT_MODEL`. A configured `CW_AGENT_MODEL` that is not the same as the
|
|
39
|
+
agent's reported model does not overwrite the host-reported model id.
|
|
40
40
|
|
|
41
41
|
## Two layers, never conflated
|
|
42
42
|
|
|
43
|
-
1. **Backend evidence triple.** `runAgentProcess`
|
|
44
|
-
`command` + `exitCode` + `sha256(stdout)` — the
|
|
45
|
-
`runContainer`/`runHttpDelegation` use. This triple
|
|
46
|
-
across `node`/`container`/`remote`/`ci`/`agent`. It NEVER reads, parses,
|
|
47
|
-
hashes a `result.md`.
|
|
43
|
+
1. **Backend evidence triple.** `runAgentProcess` keeps a record of the agent
|
|
44
|
+
CHILD's `command` + `exitCode` + `sha256(stdout)` — the same mechanism
|
|
45
|
+
`runContainer`/`runHttpDelegation` use. This triple has the same byte-stable
|
|
46
|
+
SHAPE across `node`/`container`/`remote`/`ci`/`agent`. It NEVER reads, parses,
|
|
47
|
+
or hashes a `result.md`.
|
|
48
48
|
2. **`result.md` acceptance.** The worker's `result.md` `cw:result` envelope is
|
|
49
|
-
|
|
50
|
-
|
|
49
|
+
taken in a SEPARATE layer (`recordWorkerOutput`), which checks it, copies it
|
|
50
|
+
into `resultsDir`, runs the verifier gate, and keeps a record of trust-audit +
|
|
51
51
|
provenance — unchanged by this feature.
|
|
52
52
|
|
|
53
53
|
The agent handle (`kind: "process"`), the agent-reported model id, the prompt
|
|
@@ -57,58 +57,58 @@ the `worker.agent-delegation` trust-audit event — **never in `evidence`**.
|
|
|
57
57
|
## The drive lifecycle
|
|
58
58
|
|
|
59
59
|
`run --drive` is a thin orchestrator over the EXISTING verbs + the v0.1.37
|
|
60
|
-
scheduler. For each worker the planner
|
|
60
|
+
scheduler. For each worker the planner sends out, in fixed phase/dispatch
|
|
61
61
|
order:
|
|
62
62
|
|
|
63
63
|
```
|
|
64
64
|
plan -> dispatch -> agent-fulfill (agent backend) -> recordWorkerOutput/verify -> commit
|
|
65
65
|
```
|
|
66
66
|
|
|
67
|
-
- **dispatch**
|
|
67
|
+
- **dispatch** sets up the worker scope (`input.md` + manifest; the worker's own
|
|
68
68
|
sandbox profile, e.g. `readonly`).
|
|
69
|
-
- **agent-fulfill**
|
|
70
|
-
agent reads the input/manifest and writes `result.md`; CW
|
|
69
|
+
- **agent-fulfill** hands the worker to the `agent` backend out-of-process; the
|
|
70
|
+
agent reads the input/manifest and writes `result.md`; CW takes in the child's
|
|
71
71
|
evidence triple + reported model.
|
|
72
|
-
- **accept**
|
|
73
|
-
|
|
74
|
-
- **commit** is verifier-gated on the Verdict node once every worker
|
|
72
|
+
- **accept** keeps + checks `result.md`; the agent-hop attestation is folded into
|
|
73
|
+
the result node's metadata (so the v0.1.35 replay engine covers it).
|
|
74
|
+
- **commit** is verifier-gated on the Verdict node once every worker is done.
|
|
75
75
|
|
|
76
76
|
The Verdict `artifact` node is fulfilled through the SAME agent backend — it is a
|
|
77
|
-
worker scope with a `result.md` like any other. `--drive --once`
|
|
78
|
-
one
|
|
79
|
-
parked/blocked stop. `run drive <run-id>` (no `--step`) is the read-only,
|
|
80
|
-
|
|
77
|
+
worker scope with a `result.md` like any other. `--drive --once` moves on by
|
|
78
|
+
exactly one fixed step (injected `now`); bare `--drive` runs to the end or to a
|
|
79
|
+
parked/blocked stop. `run drive <run-id>` (no `--step`) is the read-only, fixed
|
|
80
|
+
preview of the next step.
|
|
81
81
|
|
|
82
82
|
## Fail closed — probe vs refusal vs park
|
|
83
83
|
|
|
84
84
|
- **Probe.** `backend probe agent` reports `readiness: "ready"` iff a
|
|
85
|
-
command-template/endpoint is configured;
|
|
86
|
-
`ready: false`, with a
|
|
85
|
+
command-template/endpoint is configured; if not, `readiness: "unverified"`,
|
|
86
|
+
`ready: false`, with a reason that is not empty — byte-identical in shape to
|
|
87
87
|
`backend probe remote` unconfigured. It is NEVER a hard `refused`/`unavailable`.
|
|
88
88
|
- **runBackend.** Unconfigured execution (no command-template AND no endpoint)
|
|
89
|
-
returns a `delegation-target-missing` refusal — never a
|
|
89
|
+
returns a `delegation-target-missing` refusal — never a made-up `completed`.
|
|
90
90
|
- **Failed hop.** A spawned agent that exits non-zero, returns no exit code,
|
|
91
|
-
|
|
92
|
-
`refused`/`failed` envelope (or a
|
|
91
|
+
makes no `result.md`, or makes a `result.md` that fails the check gives back a
|
|
92
|
+
`refused`/`failed` envelope (or a turned-down accept) — never a made-up
|
|
93
93
|
completion.
|
|
94
|
-
- **Park.** In the drive loop, a worker whose agent hop keeps failing
|
|
94
|
+
- **Park.** In the drive loop, a worker whose agent hop keeps failing uses up its
|
|
95
95
|
scheduling retry budget and lands **parked** (reuse v0.1.37 `retryOrPark`) — the
|
|
96
|
-
drive stops; it is never
|
|
96
|
+
drive stops; it is never quietly re-driven forever.
|
|
97
97
|
|
|
98
98
|
## Replay determinism (bound to node-snapshot)
|
|
99
99
|
|
|
100
100
|
The attested record (model id, prompt digest, args, result digest, exit) is plain
|
|
101
101
|
data folded into the snapshotted node body. Replaying a recorded drive run via
|
|
102
|
-
`snapshotNode`/`replayNodeSnapshot`/`verifyNodeReplay`
|
|
103
|
-
audit/provenance graph and the same recorded digests, **without re-spawning
|
|
104
|
-
agent or re-reading the live `result.md`** — even with the agent binary
|
|
105
|
-
|
|
102
|
+
`snapshotNode`/`replayNodeSnapshot`/`verifyNodeReplay` makes the SAME
|
|
103
|
+
audit/provenance graph again and the same recorded digests, **without re-spawning
|
|
104
|
+
the agent or re-reading the live `result.md`** — even with the agent binary not
|
|
105
|
+
on hand. Two replays with different injected `now` are byte-identical in body
|
|
106
106
|
+ `sourceFingerprint`/`outputFingerprint`.
|
|
107
107
|
|
|
108
108
|
## Vendor neutrality + durable config
|
|
109
109
|
|
|
110
|
-
WHICH agent (claude / codex / ollama / an HTTP endpoint) is **policy
|
|
111
|
-
DATA** — a command-template and/or endpoint
|
|
110
|
+
WHICH agent (claude / codex / ollama / an HTTP endpoint) is **policy put as
|
|
111
|
+
DATA** — a command-template and/or endpoint worked out from flags > env
|
|
112
112
|
(`CW_AGENT_COMMAND` / `CW_AGENT_ENDPOINT` / `CW_AGENT_MODEL`) > a durable
|
|
113
113
|
`$CW_HOME/agent-config.json`. claude / codex / ollama are CONFIGS, never CW
|
|
114
114
|
dependencies. No secrets are written into the config or `.cw/`: it holds a
|
|
@@ -138,45 +138,45 @@ node dist/cli.js quickstart --run <run-id> --resume # c
|
|
|
138
138
|
```
|
|
139
139
|
|
|
140
140
|
`quickstart --resume` with no `--run` drives a single step and prints a
|
|
141
|
-
copy-pasteable `cw quickstart --run <id> --resume` continue line;
|
|
142
|
-
`--run <id>` to finish. The continuing invocation echoes `resumedFrom: <id>`.
|
|
143
|
-
`quickstart` (no `--resume`) is unchanged — it drives straight to
|
|
141
|
+
copy-pasteable `cw quickstart --run <id> --resume` continue line; run it again with
|
|
142
|
+
the `--run <id>` to finish. The continuing invocation echoes `resumedFrom: <id>`.
|
|
143
|
+
Bare `quickstart` (no `--resume`) is unchanged — it drives straight to the end.
|
|
144
144
|
|
|
145
|
-
For faster first results, use the opt-in fast app
|
|
145
|
+
For faster first results, use the opt-in fast app in place of changing the full
|
|
146
146
|
review contract:
|
|
147
147
|
|
|
148
148
|
```text
|
|
149
149
|
node scripts/architecture-review-fast.js --repo /path/to/repo --question "Is the design sound?" --fast-model gpt-5.5-high --strong-model gpt-5.5-extra-high --metrics --schedule-full
|
|
150
150
|
```
|
|
151
151
|
|
|
152
|
-
`architecture-review-fast` has six workers: two Map and two Assess workers
|
|
153
|
-
|
|
154
|
-
`architecture-review` app
|
|
155
|
-
|
|
152
|
+
`architecture-review-fast` has six workers: two Map and two Assess workers at the
|
|
153
|
+
same time, then Verify and Verdict workers one after the other. The original
|
|
154
|
+
`architecture-review` app stays the full 14-worker review and is the right target
|
|
155
|
+
for background routines when a deep audit can finish outside the user's
|
|
156
156
|
foreground wait.
|
|
157
157
|
|
|
158
158
|
The model flags are policy, not attestation: they set task-level `{{model}}`
|
|
159
159
|
hints for the delegated agent process. The recorded model still comes only from
|
|
160
160
|
the agent-reported output.
|
|
161
161
|
|
|
162
|
-
The wrapper
|
|
163
|
-
|
|
164
|
-
default `repo` profile over common tracked text surfaces. If the
|
|
162
|
+
The wrapper works out the source-context digest and gives it to the fast app. For
|
|
163
|
+
external repositories, the documented no-profile command makes a repo-local
|
|
164
|
+
default `repo` profile over common tracked text surfaces. If the chosen profile
|
|
165
165
|
exports zero records, the wrapper refuses rather than handing the app an empty
|
|
166
166
|
context digest.
|
|
167
167
|
The two Map workers opt in to result caching keyed by source-context digest plus
|
|
168
|
-
prompt digest. The two Assess workers also opt in, but their cache key
|
|
169
|
-
the completed previous-phase result digests so stale Map outputs do not
|
|
170
|
-
an Assess cache hit. A cache hit still
|
|
168
|
+
prompt digest. The two Assess workers also opt in, but their cache key takes in
|
|
169
|
+
the completed previous-phase result digests so stale Map outputs do not count as
|
|
170
|
+
an Assess cache hit. A cache hit still goes through `recordWorkerOutput`
|
|
171
171
|
validation; a corrupt cached result parks/fails closed rather than spawning a
|
|
172
|
-
|
|
172
|
+
quiet fallback.
|
|
173
173
|
|
|
174
174
|
`--metrics` is diagnostic and opt-in. It adds elapsed milliseconds, step counts,
|
|
175
175
|
agent-spawn counts, and `result-cache` hit counts to the wrapper JSON payload;
|
|
176
176
|
without it, the wrapper's default output shape stays unchanged.
|
|
177
177
|
|
|
178
178
|
`{{manifest}}`, `{{input}}`, `{{result}}`, `{{workerDir}}`, `{{model}}`, and
|
|
179
|
-
`{{prompt}}` are
|
|
179
|
+
`{{prompt}}` are put into DISCRETE argv elements (never a shell-interpreted
|
|
180
180
|
string). Each verb is declared once in `capability-registry.ts`, so `cw <cmd>
|
|
181
181
|
--json` is byte-identical to the matching `cw_<tool>` MCP tool for the read-only
|
|
182
182
|
preview/config-show verbs.
|
|
@@ -187,29 +187,29 @@ A drive can show the agent's activity live, without touching the evidence
|
|
|
187
187
|
contract, when the operator opts in with `CW_AGENT_STREAM=1`:
|
|
188
188
|
|
|
189
189
|
- **Default stays buffered.** Without `CW_AGENT_STREAM=1`, the bundled wrapper
|
|
190
|
-
|
|
191
|
-
|
|
190
|
+
keeps the legacy `--output-format json` path and forwards claude's JSON stdout
|
|
191
|
+
word for word after writing `result.md`.
|
|
192
192
|
- **The opt-in wrapper renders; stderr only.** With `CW_AGENT_STREAM=1`, the
|
|
193
|
-
bundled wrapper runs claude in `--output-format stream-json` and renders a
|
|
194
|
-
|
|
195
|
-
**stderr** — diagnostics, never data. It
|
|
196
|
-
`{model, usage, result}` object for stdout only on that opt-in path.
|
|
193
|
+
bundled wrapper runs claude in `--output-format stream-json` and renders a short
|
|
194
|
+
human trace (tool uses, assistant text, per-turn summaries) to its
|
|
195
|
+
**stderr** — diagnostics, never data. It builds the single
|
|
196
|
+
`{model, usage, result}` object for stdout again only on that opt-in path.
|
|
197
197
|
- **Core forwards, never parses.** `runAgentProcess` passes the agent child's
|
|
198
198
|
stderr straight through to the operator's terminal (`stdio` inherit) only when
|
|
199
199
|
`CW_AGENT_STREAM=1`, CW's own stderr is a TTY, and `CW_NO_STREAM` is not set.
|
|
200
|
-
Piped / CI runs stay
|
|
200
|
+
Piped / CI runs stay quiet (the Rule of Silence). Vendor-specific rendering
|
|
201
201
|
lives in the wrapper (policy), not the kernel (mechanism).
|
|
202
202
|
- **Determinism intact.** The backend evidence triple hashes stdout only, so
|
|
203
|
-
the live stderr stream never
|
|
203
|
+
the live stderr stream never changes recorded evidence or replay.
|
|
204
204
|
|
|
205
205
|
## Compatibility
|
|
206
206
|
|
|
207
|
-
Agent Delegation Drive
|
|
207
|
+
Agent Delegation Drive comes in first in CW v0.1.38. Adding the `agent` row leaves
|
|
208
208
|
`node`/`bun`/`shell`/`container`/`remote`/`ci` byte-identical; `backendIds()`
|
|
209
|
-
|
|
210
|
-
`["agent","bun","ci","container","node","remote","shell"]`. A run driven
|
|
209
|
+
just grows by one to the sorted 7-row set
|
|
210
|
+
`["agent","bun","ci","container","node","remote","shell"]`. A run driven by hand
|
|
211
211
|
(plan → dispatch → `worker output` → commit) still works unchanged. Fields are
|
|
212
|
-
|
|
212
|
+
added on and optional; older run state loads unchanged. No `.cw/` layout change.
|
|
213
213
|
|
|
214
214
|
## See Also
|
|
215
215
|
|
|
@@ -219,7 +219,7 @@ observability-cost-accounting(7)
|
|
|
219
219
|
|
|
220
220
|
## Run Retention & Provable Reclamation (v0.1.39)
|
|
221
221
|
|
|
222
|
-
tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the
|
|
222
|
+
tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the bulk that can be built again, prove it
|
|
223
223
|
|
|
224
224
|
## Durable State & Locking (v0.1.40)
|
|
225
225
|
|
|
@@ -239,7 +239,7 @@ Hard gate blocking empty-capture verifier-gated commits, plus quickstart and lau
|
|
|
239
239
|
|
|
240
240
|
## Release-Gate Determinism & Agents Vendor (v0.1.44)
|
|
241
241
|
|
|
242
|
-
Release-readiness checks now
|
|
242
|
+
Release-readiness checks now check the committed blob (`git show HEAD:<path>`) in place of the changeable working tree — getting rid of false-red/false-green from working-tree writes at the same time (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
|
|
243
243
|
|
|
244
244
|
## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
|
|
245
245
|
|
|
@@ -256,9 +256,13 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
|
|
|
256
256
|
|
|
257
257
|
## Fast Architecture Review (v0.1.80)
|
|
258
258
|
|
|
259
|
-
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports,
|
|
259
|
+
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, Map and Assess results you can use again, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
|
|
260
260
|
|
|
261
261
|
## Resumable Drive & Resume Routing (v0.1.81)
|
|
262
262
|
|
|
263
|
-
Adds `run resume <id> --drive/--once`
|
|
264
|
-
_No behavioral change in v0.1.82 (drive/quickstart
|
|
263
|
+
Adds `run resume <id> --drive/--once` next to `quickstart --resume`: a stopped pipeline starts up again in place, moving on to the end (`--drive`) or one fixed step (`--once`) over the same plan->dispatch->agent-fulfill->accept->commit lifecycle, echoing `resumedFrom: <id>`. Fixes the `run resume --drive` CLI routing so the drive flag reaches the resumed run in place of being read as an app name. Replay determinism and the agent evidence triple are unchanged.
|
|
264
|
+
_No behavioral change in v0.1.82 (drive/quickstart work out the run repo via an explicit base directory rather than process.chdir; delegation behavior is unchanged)._
|
|
265
|
+
|
|
266
|
+
## Hardening and Onboarding (v0.1.83)
|
|
267
|
+
|
|
268
|
+
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
package/docs/agent-framework.md
CHANGED
|
@@ -1,59 +1,60 @@
|
|
|
1
1
|
# Workflow App framework
|
|
2
2
|
|
|
3
|
-
CW is
|
|
3
|
+
CW is made as an independent agent workflow control-plane.
|
|
4
4
|
|
|
5
|
-
The
|
|
6
|
-
ecosystem. CW
|
|
7
|
-
package structure. Developers
|
|
5
|
+
The aim is to make agent development feel like building inside a platform
|
|
6
|
+
ecosystem. CW gives the runtime, contracts, storage, CLI, MCP bridge, and
|
|
7
|
+
package structure. Developers make workflow apps that keep to those contracts.
|
|
8
8
|
|
|
9
|
-
The framework is guided by five
|
|
10
|
-
state,
|
|
9
|
+
The framework is guided by five useful systems rules: small kernel, explicit
|
|
10
|
+
state, pipes you can put together, separate workers, and commits that a verifier
|
|
11
|
+
lets through. See
|
|
11
12
|
[unix-principles.md](unix-principles.md).
|
|
12
13
|
|
|
13
14
|
## Platform Contract
|
|
14
15
|
|
|
15
|
-
Every CW workflow
|
|
16
|
+
Every CW workflow keeps to this loop:
|
|
16
17
|
|
|
17
18
|
```text
|
|
18
19
|
interpret -> act -> observe -> adjust -> checkpoint
|
|
19
20
|
```
|
|
20
21
|
|
|
21
|
-
The loop maps to
|
|
22
|
+
The loop maps to real framework operations:
|
|
22
23
|
|
|
23
24
|
| Loop stage | framework operation | Responsibility |
|
|
24
25
|
| --- | --- | --- |
|
|
25
|
-
| Interpret | `plan()` | Load workflow,
|
|
26
|
-
| Act | `dispatch()` | Move
|
|
26
|
+
| Interpret | `plan()` | Load workflow, check inputs, make tasks |
|
|
27
|
+
| Act | `dispatch()` | Move tasks that can run from pending to running |
|
|
27
28
|
| Observe | `recordResult()` | Read Markdown/JSON-RPC result evidence |
|
|
28
|
-
| Adjust | verifier gates |
|
|
29
|
-
| Checkpoint | `commitState()` |
|
|
29
|
+
| Adjust | verifier gates | Check evidence and pick the next phase |
|
|
30
|
+
| Checkpoint | `commitState()` | Take a snapshot of state after important changes |
|
|
30
31
|
|
|
31
|
-
The v0.1.12 operator UX layer
|
|
32
|
+
The v0.1.12 operator UX layer makes read-only summaries over run state:
|
|
32
33
|
human `status`, graph maps, report summaries, resource summaries, and
|
|
33
|
-
|
|
34
|
+
fixed next-step suggestions. Scripts can go on using `--json` or
|
|
34
35
|
`--format json`.
|
|
35
36
|
|
|
36
|
-
The v0.1.13 MCP app surface
|
|
37
|
+
The v0.1.13 MCP app surface gives the same runtime operations to agent hosts
|
|
37
38
|
with stable JSON tools: app run, dispatch, worker inspection/output, candidate
|
|
38
39
|
scoring/selection, sandbox profile resolution, verifier-gated commit, and
|
|
39
40
|
operator status/graph/report summaries.
|
|
40
41
|
|
|
41
|
-
The v0.1.13 canonical app matrix
|
|
42
|
+
The v0.1.13 canonical app matrix checks and plans the kept userland
|
|
42
43
|
apps with public CLI commands:
|
|
43
44
|
|
|
44
45
|
```bash
|
|
45
46
|
npm run canonical-apps
|
|
46
47
|
```
|
|
47
48
|
|
|
48
|
-
The golden path runs the full integration chain
|
|
49
|
+
The golden path runs the full integration chain from start to end:
|
|
49
50
|
|
|
50
51
|
```bash
|
|
51
52
|
npm run golden-path
|
|
52
53
|
```
|
|
53
54
|
|
|
54
|
-
It
|
|
55
|
-
worker-local `cw:result`, scores and
|
|
56
|
-
verifier-gated commit, and
|
|
55
|
+
It checks an app, plans a run, dispatches a readonly worker, takes a
|
|
56
|
+
worker-local `cw:result`, scores and picks a candidate, makes a
|
|
57
|
+
verifier-gated commit, and makes a report. See
|
|
57
58
|
[end-to-end-golden-path.7.md](end-to-end-golden-path.7.md).
|
|
58
59
|
|
|
59
60
|
## Developer Contract
|
|
@@ -63,7 +64,7 @@ A workflow app defines:
|
|
|
63
64
|
- `id`, `title`, and `summary`
|
|
64
65
|
- `schemaVersion`, app `version`, compatibility, and metadata when using the
|
|
65
66
|
first-class Workflow App framework contract
|
|
66
|
-
-
|
|
67
|
+
- needed and repeated inputs
|
|
67
68
|
- phase order
|
|
68
69
|
- agent tasks
|
|
69
70
|
- artifact tasks
|
|
@@ -119,7 +120,7 @@ module.exports = defineWorkflowApp({
|
|
|
119
120
|
```
|
|
120
121
|
|
|
121
122
|
Legacy `module.exports = ({ workflow, phase, agent, artifact }) => workflow(...)`
|
|
122
|
-
files
|
|
123
|
+
files can still be loaded. CW wraps them as compatibility apps with version `0.0.0`
|
|
123
124
|
so workflow files still plan and dispatch. When a canonical app owns the public
|
|
124
125
|
id, compatibility wrappers use explicit ids such as `legacy-research-synthesis`.
|
|
125
126
|
|
|
@@ -139,22 +140,22 @@ apps/<app-id>/app.json
|
|
|
139
140
|
apps/<app-id>/workflow.js
|
|
140
141
|
```
|
|
141
142
|
|
|
142
|
-
This is
|
|
143
|
-
workflow scripts can run without `ts-node`.
|
|
143
|
+
This is done on purpose. The runtime is strongly typed so it is simple to keep
|
|
144
|
+
up, while workflow scripts can run without `ts-node`.
|
|
144
145
|
|
|
145
146
|
See [workflow-app-framework.7.md](workflow-app-framework.7.md) for the full app contract,
|
|
146
|
-
|
|
147
|
+
the rules for checking, CLI commands, MCP tools, and state/report fields.
|
|
147
148
|
See [mcp-app-surface.7.md](mcp-app-surface.7.md) for the agent-host runtime
|
|
148
149
|
surface over MCP.
|
|
149
150
|
See [operator-ux.7.md](operator-ux.7.md) for the operator inspection surface.
|
|
150
151
|
See [canonical-workflow-apps.7.md](canonical-workflow-apps.7.md) for the
|
|
151
152
|
official app matrix.
|
|
152
153
|
See [end-to-end-golden-path.7.md](end-to-end-golden-path.7.md) for the
|
|
153
|
-
|
|
154
|
+
fixed release proof that those parts connect.
|
|
154
155
|
|
|
155
156
|
## Evidence Contract
|
|
156
157
|
|
|
157
|
-
Verification and verdict tasks should
|
|
158
|
+
Verification and verdict tasks should give back:
|
|
158
159
|
|
|
159
160
|
````text
|
|
160
161
|
```cw:result
|
|
@@ -166,11 +167,11 @@ Verification and verdict tasks should return:
|
|
|
166
167
|
```
|
|
167
168
|
````
|
|
168
169
|
|
|
169
|
-
CW
|
|
170
|
-
to
|
|
170
|
+
CW says no to high-priority findings without evidence. This keeps agent work
|
|
171
|
+
nearer to engineering output you can look into than to free talk.
|
|
171
172
|
|
|
172
173
|
## Boundary
|
|
173
174
|
|
|
174
|
-
CW is an independent workflow control-plane by COOLWHITE LLC. It
|
|
175
|
-
scheduled tasks, local scheduling, routine triggers, state
|
|
176
|
-
multi-agent verification.
|
|
175
|
+
CW is an independent workflow control-plane by COOLWHITE LLC. It puts into effect
|
|
176
|
+
workflows that change, scheduled tasks, local scheduling, routine triggers, state
|
|
177
|
+
checkpoints, and multi-agent verification.
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
## NAME
|
|
4
4
|
|
|
5
|
-
Candidate Scoring -
|
|
5
|
+
Candidate Scoring - decision support you can look into for competing CW outputs
|
|
6
6
|
|
|
7
7
|
## SYNOPSIS
|
|
8
8
|
|
|
@@ -34,12 +34,13 @@ node dist/cli.js candidate select <run-id> <candidate-id>
|
|
|
34
34
|
|
|
35
35
|
## DESCRIPTION
|
|
36
36
|
|
|
37
|
-
Candidate Scoring is the small decision-support layer between isolated
|
|
38
|
-
outputs, result nodes, verifier evidence, candidate scores, selected
|
|
39
|
-
ErrorFeedback, and commit/report.
|
|
37
|
+
Candidate Scoring is the small decision-support layer that sits between isolated
|
|
38
|
+
worker outputs, result nodes, verifier evidence, candidate scores, selected
|
|
39
|
+
winners, ErrorFeedback, and commit/report.
|
|
40
40
|
|
|
41
|
-
It does not
|
|
42
|
-
domain-specific
|
|
41
|
+
It does not put code together, take the place of verifier judgment, start
|
|
42
|
+
workers, or give a domain-specific way to rank. A score is evidence, not power
|
|
43
|
+
to decide.
|
|
43
44
|
|
|
44
45
|
The normal flow is:
|
|
45
46
|
|
|
@@ -48,7 +49,7 @@ worker output -> candidate record -> score record -> ranking
|
|
|
48
49
|
-> verifier-gated selection -> checkpoint/report
|
|
49
50
|
```
|
|
50
51
|
|
|
51
|
-
Each step writes plain JSON. Rejected and failed candidates
|
|
52
|
+
Each step writes plain JSON. Rejected and failed candidates are still open to view.
|
|
52
53
|
|
|
53
54
|
## FILES
|
|
54
55
|
|
|
@@ -63,44 +64,45 @@ Each step writes plain JSON. Rejected and failed candidates remain inspectable.
|
|
|
63
64
|
.cw/runs/<run-id>/report.md
|
|
64
65
|
```
|
|
65
66
|
|
|
66
|
-
Candidate records point at
|
|
67
|
-
|
|
67
|
+
Candidate records point at worker, result, verifier, and artifact paths that
|
|
68
|
+
are already there. They do not make a copy of large worker outputs by default.
|
|
68
69
|
|
|
69
70
|
## SELECTION GATE
|
|
70
71
|
|
|
71
|
-
Selection is
|
|
72
|
+
Selection is careful by default:
|
|
72
73
|
|
|
73
|
-
- score records
|
|
74
|
-
- selection
|
|
74
|
+
- score records need evidence
|
|
75
|
+
- selection needs a linked verifier node with `verified` status
|
|
75
76
|
- selection failures become ErrorFeedback records
|
|
76
|
-
- rejected candidates
|
|
77
|
+
- rejected candidates stay on disk
|
|
77
78
|
|
|
78
|
-
Operators can record an unverified selection only with
|
|
79
|
-
records selection state but does not
|
|
79
|
+
Operators can record an unverified selection only with a clear option. That
|
|
80
|
+
records selection state but does not make the candidate into committed state.
|
|
80
81
|
|
|
81
|
-
Committed state has a
|
|
82
|
+
Committed state has a harder rule. A candidate can be moved up by
|
|
82
83
|
`cw.js commit --candidate` or `cw.js commit --selection` only when it has score
|
|
83
84
|
evidence, a verified selection, and a linked verifier node with evidence.
|
|
84
|
-
Rejected, failed, unscored, unselected, and unverified candidates are
|
|
85
|
+
Rejected, failed, unscored, unselected, and unverified candidates are stopped
|
|
85
86
|
and produce ErrorFeedback.
|
|
86
87
|
|
|
87
88
|
## FAILURE MODES
|
|
88
89
|
|
|
89
|
-
Missing score evidence
|
|
90
|
+
Missing score evidence makes scoring fail and records feedback.
|
|
90
91
|
|
|
91
92
|
Selecting a failed or rejected candidate fails and records feedback.
|
|
92
93
|
|
|
93
|
-
Selecting without a verified verifier node fails unless
|
|
94
|
+
Selecting without a verified verifier node fails unless it is clearly allowed.
|
|
94
95
|
|
|
95
|
-
Tie-breaking
|
|
96
|
-
configured tie breaker,
|
|
96
|
+
Tie-breaking works in a way you can be certain of: the higher normalized score
|
|
97
|
+
wins; equal scores use the configured tie breaker, which goes by default to the
|
|
98
|
+
earlier candidate creation time.
|
|
97
99
|
|
|
98
100
|
## COMPATIBILITY
|
|
99
101
|
|
|
100
|
-
Candidate Scoring
|
|
101
|
-
and arrays to run state. Older runs
|
|
102
|
+
Candidate Scoring comes in with CW v0.1.6. It adds optional candidate paths
|
|
103
|
+
and arrays to run state. Older runs are still readable because missing candidate
|
|
102
104
|
fields are initialized when state loads.
|
|
103
105
|
|
|
104
106
|
Existing workflow, worker, feedback, node, contract, result, commit, and report
|
|
105
|
-
commands
|
|
107
|
+
commands go on working as before.
|
|
106
108
|
0.1.51
|