cool-workflow 0.1.82 → 0.1.83

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.claude-plugin/plugin.json +2 -2
  2. package/.codex-plugin/plugin.json +4 -4
  3. package/README.md +124 -120
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/capability-core.js +16 -8
  11. package/dist/capability-registry.js +8 -0
  12. package/dist/cli.js +12 -1
  13. package/dist/commit.js +5 -1
  14. package/dist/doctor.js +153 -0
  15. package/dist/mcp-server.js +11 -0
  16. package/dist/orchestrator.js +13 -0
  17. package/dist/reclamation/hash.js +72 -0
  18. package/dist/reclamation.js +25 -78
  19. package/dist/run-registry/queue.js +6 -7
  20. package/dist/run-registry.js +35 -24
  21. package/dist/scheduler.js +78 -53
  22. package/dist/version.js +1 -1
  23. package/dist/worker-isolation.js +22 -2
  24. package/docs/agent-delegation-drive.7.md +90 -86
  25. package/docs/agent-framework.md +33 -32
  26. package/docs/candidate-scoring.7.md +26 -24
  27. package/docs/canonical-workflow-apps.7.md +40 -40
  28. package/docs/capability-topology-registry.7.md +24 -24
  29. package/docs/cli-mcp-parity.7.md +226 -154
  30. package/docs/contract-migration-tooling.7.md +48 -41
  31. package/docs/control-plane-scheduling.7.md +45 -41
  32. package/docs/coordinator-blackboard.7.md +30 -30
  33. package/docs/dogfood-one-real-repo.7.md +44 -44
  34. package/docs/durable-state-and-locking.7.md +34 -30
  35. package/docs/end-to-end-golden-path.7.md +29 -29
  36. package/docs/error-feedback.7.md +27 -27
  37. package/docs/evidence-adoption-reasoning-chain.7.md +62 -58
  38. package/docs/execution-backends.7.md +84 -80
  39. package/docs/getting-started.md +35 -18
  40. package/docs/index.md +3 -3
  41. package/docs/mcp-app-surface.7.md +64 -64
  42. package/docs/multi-agent-cli-mcp-surface.7.md +82 -77
  43. package/docs/multi-agent-eval-replay-harness.7.md +59 -55
  44. package/docs/multi-agent-operator-ux.7.md +69 -65
  45. package/docs/multi-agent-runtime-core.7.md +39 -39
  46. package/docs/multi-agent-topologies.7.md +24 -24
  47. package/docs/multi-agent-trust-policy-audit.7.md +38 -38
  48. package/docs/node-snapshot-diff-replay.7.md +26 -22
  49. package/docs/observability-cost-accounting.7.md +49 -45
  50. package/docs/operator-ux.7.md +30 -30
  51. package/docs/pipeline-runner.7.md +31 -31
  52. package/docs/project-index.md +10 -5
  53. package/docs/real-execution-backends.7.md +47 -43
  54. package/docs/release-and-migration.7.md +42 -38
  55. package/docs/release-tooling.7.md +53 -49
  56. package/docs/routines.md +16 -16
  57. package/docs/run-registry-control-plane.7.md +120 -116
  58. package/docs/run-retention-reclamation.7.md +45 -41
  59. package/docs/sandbox-profiles.7.md +32 -32
  60. package/docs/scheduled-tasks.md +14 -14
  61. package/docs/security-trust-hardening.7.md +29 -29
  62. package/docs/source-context-profiles.7.md +28 -28
  63. package/docs/state-explosion-management.7.md +63 -59
  64. package/docs/state-node.7.md +8 -8
  65. package/docs/team-collaboration.7.md +62 -58
  66. package/docs/trust-model.md +126 -126
  67. package/docs/unix-principles.md +80 -80
  68. package/docs/vendor-manifest-loadability.7.md +20 -20
  69. package/docs/verifier-gated-commit.7.md +16 -16
  70. package/docs/web-desktop-workbench.7.md +69 -65
  71. package/docs/worker-isolation.7.md +34 -37
  72. package/docs/workflow-app-framework.7.md +38 -38
  73. package/manifest/plugin.manifest.json +4 -4
  74. package/package.json +3 -2
  75. package/scripts/canonical-apps.js +4 -4
  76. package/scripts/dogfood-release.js +1 -1
  77. package/scripts/gen-parity-doc.js +106 -0
  78. package/scripts/golden-path.js +4 -4
  79. package/dist/verifier-registry.js +0 -46
@@ -1,26 +1,26 @@
1
1
  # Evidence Adoption Reasoning Chain
2
2
 
3
3
  CW v0.1.26 adds the Evidence Adoption Reasoning Chain. Earlier releases can
4
- already answer *what* was adopted: `multi-agent evidence <run-id>` reports each
4
+ already say *what* was adopted: `multi-agent evidence <run-id>` reports each
5
5
  evidence item as `adopted`, `rejected`, `pending`, `superseded`, `conflicting`,
6
6
  or `missing`, and traces the path worker result -> blackboard -> fanin ->
7
- candidate score -> selection -> verifier-gated commit. This release answers
8
- *why* each adoption happened, as a first-class, inspectable reasoning chain.
7
+ candidate score -> selection -> verifier-gated commit. This release says
8
+ *why* each adoption took place, as a first-class reasoning chain you can look into.
9
9
 
10
- The design keeps the base-system observability philosophy:
10
+ The design keeps the base-system observability way of thinking:
11
11
 
12
- - raw state is the source of truth
13
- - the reasoning chain is a derived userland view, never a replacement for source
14
- records and never authoritative over them
15
- - mechanism is separate from policy: the chain captures, stores, and renders the
12
+ - raw state is the true source
13
+ - the reasoning chain is a derived userland view; it never takes the place of source
14
+ records and never has authority over them
15
+ - mechanism is kept apart from policy: the chain takes in, stores, and renders the
16
16
  recorded "why"; what counts as a *sufficient* reason stays with the verifier
17
17
  and role policy
18
- - fail closed, never infer: a "why" that cannot be traced to a real record
19
- renders as `unexplained`, never a fabricated rationale, and an unexplained
20
- adoption is never silently treated as explained
18
+ - fail closed, never make a guess: a "why" that cannot be traced to a real record
19
+ renders as `unexplained`, never a made-up rationale, and an unexplained
20
+ adoption is never quietly handled as explained
21
21
  - plain files, stable JSON, deterministic output
22
- - backward compatible; pre-v0.1.26 run state loads and renders with derived,
23
- empty-where-absent reasoning records
22
+ - backward compatible; pre-v0.1.26 run state loads and renders with derived
23
+ reasoning records that are empty where absent
24
24
 
25
25
  ## What the chain records
26
26
 
@@ -30,22 +30,22 @@ makes the following traceable and machine-readable, per gate:
30
30
  - DECISION - what was adopted/rejected and at which gate (`fanin`,
31
31
  `candidate-score`, `selection`, `verifier`, or `commit`).
32
32
  - BASIS - the concrete evidence refs, provenance source, parent evidence ids,
33
- and audit event ids that grounded the decision. These link to existing
34
- `EvidenceProvenance` and trust-audit records; they are not duplicated.
33
+ and audit event ids that the decision is grounded on. These link to existing
34
+ `EvidenceProvenance` and trust-audit records; they are not copied.
35
35
  - AUTHORITY - which role / membership / worker / scorer / verifier made the call,
36
- and the role `policyRef` under which it was permitted. Links to existing
36
+ and the role `policyRef` under which it was let through. Links to existing
37
37
  trust / policy / audit records.
38
- - RATIONALE - the explicit recorded reason. The chain reuses existing rationale
38
+ - RATIONALE - the clearly recorded reason. The chain reuses existing rationale
39
39
  fields: selection `reason` and `AcceptanceRationale`, candidate score `notes`,
40
40
  verifier commit-gate result, commit `reason`, `CoordinatorDecision.reason`, and
41
- judge-rationale audit metadata. No new rationale source of truth is created.
42
- - COUNTERFACTUAL - the rejected/losing alternatives (rejected candidates, failed
41
+ judge-rationale audit metadata. No new rationale source of truth is made.
42
+ - COUNTERFACTUAL - the rejected/losing other options (rejected candidates, failed
43
43
  scores, rejected or superseded coordinator decisions) and the recorded reason
44
- each lost, with a normalized score delta when computable, so an adoption is
45
- understood relative to its alternatives.
44
+ each one lost, with a normalized score delta when it can be computed, so an adoption is
45
+ understood next to its other options.
46
46
  - INTEGRITY - a `sourceFingerprint` and `valid|stale|absent` freshness so a
47
- reader knows the explanation still matches the underlying records, plus the
48
- explicit `unexplained` state when a rationale is absent.
47
+ reader knows the reason still matches the records under it, plus the
48
+ clear `unexplained` state when a rationale is absent.
49
49
 
50
50
  ## Derived record model
51
51
 
@@ -61,14 +61,14 @@ rationale types by reference:
61
61
  - `EvidenceReasoningReport` - the run-level report: `freshness`,
62
62
  `sourceFingerprint`, `totals`, `chains`, and a `nextAction`.
63
63
 
64
- Status values mirror the existing evidence vocabulary and add the fail-closed
64
+ Status values follow the existing evidence words and add the fail-closed
65
65
  `unexplained` state. A chain is `explained` only when *every* decision-bearing
66
66
  step is explained; if any adopting step has no traceable rationale the chain
67
67
  rolls up to `unexplained`.
68
68
 
69
69
  ## Durable storage
70
70
 
71
- `multi-agent reasoning <run-id> --refresh` materializes a durable, versioned,
71
+ `multi-agent reasoning <run-id> --refresh` makes a durable, versioned,
72
72
  provenance-backed index under `.cw/runs/<run-id>/reasoning/`:
73
73
 
74
74
  - `index.json` - the `EvidenceReasoningIndex` (schema version, run id,
@@ -78,27 +78,27 @@ provenance-backed index under `.cw/runs/<run-id>/reasoning/`:
78
78
  - `report.json` - the rendered report at refresh time.
79
79
 
80
80
  Raw results, candidates, scores, selections, commits, blackboard records, and
81
- audit events are never deleted or overwritten. The reasoning view is derived and
82
- re-derivable; the index only persists a snapshot for freshness comparison.
81
+ audit events are never deleted or written over. The reasoning view is derived and
82
+ can be derived again; the index only keeps a snapshot for freshness comparison.
83
83
 
84
84
  ## Freshness
85
85
 
86
- `multi-agent reasoning <run-id>` re-derives the chain from current source state
87
- and compares its `sourceFingerprint` against the persisted index:
86
+ `multi-agent reasoning <run-id>` derives the chain again from current source state
87
+ and compares its `sourceFingerprint` against the kept index:
88
88
 
89
89
  - `absent` - no index has been refreshed yet.
90
- - `valid` - the persisted fingerprint matches current source state.
91
- - `stale` - source records changed since the last refresh; re-run with
90
+ - `valid` - the kept fingerprint matches current source state.
91
+ - `stale` - source records changed since the last refresh; run again with
92
92
  `--refresh`.
93
93
 
94
94
  This follows the v0.1.25 state-explosion summary discipline exactly. Freshness
95
- is a visible state, never an inferred guess.
95
+ is a state you can see, never a guess.
96
96
 
97
97
  ## Commands
98
98
 
99
99
  `multi-agent reasoning <run-id>` (MCP: `cw_evidence_reasoning`) renders the
100
100
  report. Add `--evidence <id>` to explain a single adoption, `--refresh` to
101
- materialize the durable index first, and `--json` / `--format json` for the full
101
+ make the durable index first, and `--json` / `--format json` for the full
102
102
  machine-readable report.
103
103
 
104
104
  `multi-agent reasoning <run-id> --refresh` with no `--evidence` returns the
@@ -109,17 +109,17 @@ additive `rationaleStatus` field (`explained`, `unexplained`, or
109
109
  `not-applicable`), so the existing evidence surface answers both *what* and
110
110
  whether the *why* is recorded.
111
111
 
112
- The console report adds a single new panel, `Adoption Rationale`, alongside the
112
+ The console report adds one new panel, `Adoption Rationale`, next to the
113
113
  existing operator panels. It is the only panel added by this release.
114
114
 
115
115
  ## Composition with graph views and compaction
116
116
 
117
- The reasoning chain composes with the existing graph views, especially
117
+ The reasoning chain works together with the existing graph views, above all
118
118
  `multi-agent graph <run-id> --view evidence`. A reasoning step is on the critical
119
119
  path: every decision-gate node backing an adopted chain (candidate, score,
120
- selection, commit, and fanin nodes) is protected from state-explosion
121
- compaction and is never collapsed into a synthetic summary node. In particular
122
- score nodes, which are otherwise collapsible, stay expanded when they carry a
120
+ selection, commit, and fanin nodes) is kept safe from state-explosion
121
+ compaction and is never folded into a synthetic summary node. In particular
122
+ score nodes, which can be folded otherwise, stay open when they carry a
123
123
  reasoning step.
124
124
 
125
125
  ## Eval / replay regression gates
@@ -132,7 +132,7 @@ the `Evidence Adoption Reasoning Chain` section of the replay report:
132
132
  - `reasoning_chain_parity` - every chain's gates, decisions, rationale statuses,
133
133
  and counterfactual counts match the baseline.
134
134
  - `reasoning_unexplained_parity` - the set of `unexplained` chains is unchanged,
135
- so a regression that hides or fabricates a rationale fails the gate.
135
+ so a regression that hides or makes up a rationale fails the gate.
136
136
 
137
137
  These sections are optional on pre-v0.1.26 snapshots so older fixtures stay
138
138
  loadable.
@@ -151,39 +151,39 @@ worker result / blackboard / coordinator decision
151
151
  ```
152
152
 
153
153
  No daemon, no hidden dashboard, no LLM call. The chain is derived from recorded
154
- state by `src/evidence-reasoning.ts` and rendered on demand.
154
+ state by `src/evidence-reasoning.ts` and rendered when asked for.
155
155
  ## CLI ↔ MCP Parity (v0.1.27)
156
156
 
157
- Every command and tool referenced above is declared in the v0.1.27 capability
158
- registry (`src/capability-registry.ts`) and validated by `npm run parity:check`,
157
+ Every command and tool named above is declared in the v0.1.27 capability
158
+ registry (`src/capability-registry.ts`) and checked by `npm run parity:check`,
159
159
  so `cw <cmd> --json` and the matching `cw_<tool>` result render one data source.
160
160
  See [cli-mcp-parity.7.md](cli-mcp-parity.7.md).
161
161
 
162
162
  ## Run Registry / Control Plane (v0.1.28)
163
163
 
164
- The runs described here are indexed, searchable, resumable, archivable, and
164
+ The runs talked about here are indexed, searchable, resumable, archivable, and
165
165
  rerunnable across repos by the v0.1.28 Run Registry / Control Plane, which derives
166
166
  a fingerprinted, fail-closed index over the same per-run `.cw/runs/<id>/state.json`
167
- source of truth. See [run-registry-control-plane.7.md](run-registry-control-plane.7.md).
167
+ true source. See [run-registry-control-plane.7.md](run-registry-control-plane.7.md).
168
168
 
169
169
  ## Execution Backends (v0.1.29)
170
170
 
171
171
  v0.1.29 lifts execution into a pluggable driver layer: one narrow `ExecutionBackend`
172
172
  contract with interchangeable `node`/`bun`/`shell`/`container`/`remote`/`ci`
173
- drivers, selected by `--backend` (parallel to `--sandbox`) and inspected via
173
+ drivers, picked by `--backend` (parallel to `--sandbox`) and looked at through
174
174
  `backend list|show|probe`. The result/evidence envelope is schema-identical across
175
175
  backends; the backend id + sandbox attestation are recorded as provenance, so this
176
- surface is unchanged regardless of which backend executed a run. See
176
+ surface is unchanged no matter which backend ran a run. See
177
177
  [execution-backends.7.md](execution-backends.7.md).
178
178
  ## Web / Desktop Workbench (v0.1.30)
179
179
 
180
180
  v0.1.30 adds the Web / Desktop Workbench: a read-only, localhost-only human
181
181
  console that renders this surface (and the other four operator panels — run
182
182
  graph, blackboard, worker logs, candidate compare, audit timeline) for any run,
183
- reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR alongside
183
+ reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR next to
184
184
  the CLI and MCP that holds no authoritative state and forks no schema: each panel
185
185
  equals its `cw <cmd> --json` payload byte-for-byte (parity-gated), and refresh
186
- re-derives everything from disk. See
186
+ derives everything again from disk. See
187
187
  [web-desktop-workbench.7.md](web-desktop-workbench.7.md).
188
188
 
189
189
  ## Observability + Cost Accounting (v0.1.31)
@@ -203,20 +203,20 @@ verbs are parity-gated and render read-only in the v0.1.30 Workbench. See
203
203
  v0.1.32 adds Team Collaboration: a host-attested actor and append-only
204
204
  approvals/rejections/comments/handoffs provenance-linked to a durable target,
205
205
  plus a review gate that STACKS ON the verifier gate — required approvals from
206
- authorized roles, enforced inside `resolveCommitGate` AFTER the verifier checks
207
- and never instead of them, failing closed on quorum/authority/self-approval and
206
+ authorized roles, made to hold inside `resolveCommitGate` AFTER the verifier checks
207
+ and never in place of them, failing closed on quorum/authority/self-approval and
208
208
  recording who approved the very artifact that shipped. Policy (required approvals,
209
- authorized roles, self-approval) is data, default off (pre-v0.1.32 behavior
209
+ authorized roles, self-approval) is data, off by default (pre-v0.1.32 behavior
210
210
  unchanged). The verbs are parity-gated and render read-only in the v0.1.30
211
211
  Workbench. See [Team Collaboration](team-collaboration.7.md).
212
212
 
213
213
  ## Release Tooling (v0.1.33)
214
214
 
215
- the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a de-duplicated release gate. See release-tooling(7).
215
+ the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a release gate that has no repeats. See release-tooling(7).
216
216
 
217
217
  ## Real Execution Backend Integrations (v0.1.34)
218
218
 
219
- container/remote/ci backends really execute (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is unavailable. See real-execution-backends(7).
219
+ container/remote/ci backends truly execute (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there to use. See real-execution-backends(7).
220
220
 
221
221
  ## Node Snapshot / Diff / Replay (v0.1.35)
222
222
 
@@ -248,15 +248,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
248
248
 
249
249
  ## Robust Result Ingest (v0.1.42)
250
250
 
251
- capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
251
+ capture findings/evidence from any agent shape that makes sense (alt keys + prose), CW derives grounded evidence itself, give a warning on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
252
252
 
253
253
  ## No-False-Green Gate & Launch Prep (v0.1.43)
254
254
 
255
- Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
255
+ Hard gate stopping empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
256
256
 
257
257
  ## Release-Gate Determinism & Agents Vendor (v0.1.44)
258
258
 
259
- Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
259
+ Release-readiness checks now check the committed blob (`git show HEAD:<path>`) instead of the changeable working tree — taking away false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
260
260
 
261
261
  ## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
262
262
 
@@ -273,7 +273,11 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
273
273
 
274
274
  ## Fast Architecture Review (v0.1.80)
275
275
 
276
- Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
276
+ Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
277
277
 
278
- _No changes to the Evidence Adoption Reasoning Chain surface in v0.1.81. The v0.1.81 trust-audit `computeEventHash` fix hardens the underlying audit records this chain links to by reference, but the derived reasoning view, its commands, and its eval gates are unchanged._
278
+ _No changes to the Evidence Adoption Reasoning Chain surface in v0.1.81. The v0.1.81 trust-audit `computeEventHash` fix makes the audit records under it that this chain links to by reference stronger, but the derived reasoning view, its commands, and its eval gates are unchanged._
279
279
  _No changes in v0.1.82._
280
+
281
+ ## Hardening and Onboarding (v0.1.83)
282
+
283
+ Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
@@ -17,25 +17,25 @@ node dist/cli.js worker manifest <run-id> <worker-id>
17
17
  ## DESCRIPTION
18
18
 
19
19
  An execution backend is a CW driver: a thin adapter that runs a dispatched
20
- task/worker somewhere, under the requested sandbox profile, and records a
21
- canonical result envelope plus a sandbox attestation. v0.1.29 lifts execution
22
- out of the kernel into this driver layer.
20
+ task/worker somewhere, under the requested sandbox profile, and keeps a record of
21
+ a canonical result envelope plus a sandbox attestation. v0.1.29 takes execution
22
+ out of the kernel and puts it into this driver layer.
23
23
 
24
24
  The model is a BSD VFS / device-driver layer. There is ONE narrow
25
- `ExecutionBackend` interface (the mechanism) and many interchangeable drivers
25
+ `ExecutionBackend` interface (the mechanism) and many drivers you can swap in and out
26
26
  (`node`, `bun`, `shell`, `container`, `remote`, `ci`). The kernel —
27
27
  orchestrator, dispatch, and pipeline-runner — never learns which backend ran a
28
- task. WHAT to run and which evidence to record is kernel policy; HOW and WHERE
29
- it runs is the driver's concern.
28
+ task. WHAT to run and which evidence to keep is kernel policy; HOW and WHERE
29
+ it runs is the driver's business.
30
30
 
31
31
  ```text
32
32
  selected backend -> sandbox attestation -> execution/delegation -> canonical envelope
33
33
  ```
34
34
 
35
- The result envelope, evidence refs, and provenance a task produces are
35
+ The result envelope, evidence refs, and provenance a task makes are
36
36
  schema-identical no matter which backend ran it. The backend id and its sandbox
37
- attestation are recorded AS provenance, so eval/replay, the verifier gates, and
38
- the v0.1.28 run registry do not care which backend executed a run.
37
+ attestation are kept AS provenance, so eval/replay, the verifier gates, and
38
+ the v0.1.28 run registry do not care which backend ran a run.
39
39
 
40
40
  ## THE CONTRACT
41
41
 
@@ -49,69 +49,69 @@ run(request) execute (or delegate) under a sandbox profile and return a
49
49
  canonical ExecutionResultEnvelope { status, result, evidence, provenance }
50
50
  ```
51
51
 
52
- `run` takes a dispatch/worker manifest plus a resolved sandbox profile and
53
- returns `{ result, evidence }` (byte-stable across backends) and `provenance`
54
- (backend id + `SandboxAttestation` + optional delegation handle).
52
+ `run` takes a dispatch/worker manifest plus a fixed sandbox profile and
53
+ gives back `{ result, evidence }` (byte-stable across backends) and `provenance`
54
+ (backend id + `SandboxAttestation` + an optional delegation handle).
55
55
 
56
56
  ## THE SANDBOX PROFILE IS THE CONTRACT
57
57
 
58
58
  Every backend MUST honor the five sandbox-profile dimensions: read, write,
59
- command, network, env. For each dimension a driver declares one of:
59
+ command, network, env. For each dimension a driver says it does one of:
60
60
 
61
61
  `enforce`
62
- : the driver actively restricts the dimension at execution time.
62
+ : the driver itself limits the dimension at execution time.
63
63
 
64
64
  `attest`
65
- : the driver records a verifiable claim but relies on the host/runner to
66
- enforce it (mirrors the existing `sandbox.hostRequired` split).
65
+ : the driver keeps a claim you can check, but it is up to the host/runner to
66
+ enforce it (this is the same split as the existing `sandbox.hostRequired`).
67
67
 
68
68
  `unsupported`
69
- : the driver can neither enforce nor attest it.
69
+ : the driver can not enforce it or attest it.
70
70
 
71
- A profile requires a dimension when it restricts it (`command` when
71
+ A profile needs a dimension when it limits it (`command` when
72
72
  `execute.mode != any`, `network` when `network.mode != any`, `env` when
73
- `env.inherit` is false; read/write are always bounded). If a required dimension
74
- is `unsupported`, or the backend is not ready, or the command is denied by the
75
- profile, the backend FAILS CLOSED: `run` returns `status: "refused"` with an
76
- attestation whose `status` is `refused`. It never silently downgrades to an
73
+ `env.inherit` is false; read/write are always bounded). If a needed dimension
74
+ is `unsupported`, or the backend is not ready, or the profile says no to the
75
+ command, the backend FAILS CLOSED: `run` returns `status: "refused"` with an
76
+ attestation whose `status` is `refused`. It never quietly drops down to an
77
77
  unsandboxed execution.
78
78
 
79
79
  ## DRIVERS
80
80
 
81
81
  `node` (default)
82
- : Reproduces pre-v0.1.29 behavior exactly. The host runs the worker in-process
82
+ : Does pre-v0.1.29 behavior exactly. The host runs the worker in-process
83
83
  under CW's worker-output acceptance (a delegate-host execution). When it
84
- executes a command it enforces command + env via the Node child process and
84
+ runs a command it enforces command + env through the Node child process and
85
85
  attests read/write/network to the host.
86
86
 
87
87
  `bun`
88
- : Node-compatible by default, Bun-friendly. Executes via the Node-compatible
89
- runtime so evidence is byte-stable with `node`, and attests Bun availability
88
+ : Node-compatible by default, Bun-friendly. Runs through the Node-compatible
89
+ runtime so evidence is byte-stable with `node`, and attests that Bun is there
90
90
  in provenance. Enforces command + env; attests read/write/network.
91
91
 
92
92
  `shell`
93
- : Runs a command/worker via the system shell (`/bin/sh -c`) under the sandbox
93
+ : Runs a command/worker through the system shell (`/bin/sh -c`) under the sandbox
94
94
  contract. Enforces command + env; attests read/write/network.
95
95
 
96
96
  `container`
97
- : Delegates to a container runtime (docker/podman) and records the
97
+ : Delegates to a container runtime (docker/podman) and keeps the
98
98
  `image@digest` handle + attestation + result. A container can enforce all
99
- five dimensions. Fails closed when no image is supplied.
99
+ five dimensions. Fails closed when you give no image.
100
100
 
101
101
  `remote`
102
- : Delegates to a remote runner and records the endpoint + job handle +
103
- attestation + result. Fails closed when no endpoint is configured
102
+ : Delegates to a remote runner and keeps the endpoint + job handle +
103
+ attestation + result. Fails closed when no endpoint is set
104
104
  (`CW_REMOTE_ENDPOINT` or `--endpoint`).
105
105
 
106
106
  `ci`
107
- : Delegates to a CI runner and records the job handle + attestation + result.
108
- Fails closed when no CI job target is configured (`CW_CI_ENDPOINT` or
107
+ : Delegates to a CI runner and keeps the job handle + attestation + result.
108
+ Fails closed when no CI job target is set (`CW_CI_ENDPOINT` or
109
109
  `--job`).
110
110
 
111
111
  CW DELEGATES; IT DOES NOT BECOME THE EXECUTOR. The local drivers run a thin
112
- child process to capture verifiable evidence (exit code + an output digest). The
113
- container/remote/ci drivers delegate and record a handle + attestation +
114
- result; they never reimplement a container runtime or a CI system.
112
+ child process to take in evidence you can check (exit code + an output digest). The
113
+ container/remote/ci drivers delegate and keep a handle + attestation +
114
+ result; they never build a container runtime or a CI system over again.
115
115
 
116
116
  ## SELECTION
117
117
 
@@ -121,17 +121,17 @@ Backend selection parallels `--sandbox`:
121
121
  --backend <id> (flag) > CW_BACKEND (env) > node (default)
122
122
  ```
123
123
 
124
- Selection is recorded in run state (dispatch manifest, worker scope, worker
125
- manifest, the RunDispatch) and surfaced in the v0.1.28 run registry as the
126
- record's `backends` field. A per-task `backendId` overrides the run default.
127
- `backend list|show|probe` and the `--backend` flag are declared once in
128
- `src/capability-registry.ts`, so `cw <cmd> --json` and `cw_<cmd>` render one
129
- data source and pass the v0.1.27 parity gate.
124
+ Selection is kept in run state (dispatch manifest, worker scope, worker
125
+ manifest, the RunDispatch) and shown in the v0.1.28 run registry as the
126
+ record's `backends` field. A per-task `backendId` takes the place of the run default.
127
+ `backend list|show|probe` and the `--backend` flag are set out once in
128
+ `src/capability-registry.ts`, so `cw <cmd> --json` and `cw_<cmd>` use one
129
+ data source and get past the v0.1.27 parity gate.
130
130
 
131
131
  ## EVIDENCE PARITY
132
132
 
133
- The canonical evidence a local driver records for a command run is
134
- backend-independent:
133
+ The canonical evidence a local driver keeps for a command run does not depend on the
134
+ backend:
135
135
 
136
136
  ```text
137
137
  command:<command + args>
@@ -140,10 +140,10 @@ stdoutSha256:sha256:<hex>
140
140
  ```
141
141
 
142
142
  Running CW's own self-verify (`node dist/cli.js list`) through `node`, `shell`,
143
- and `bun` yields byte-identical `result` and `evidence`; only
144
- `provenance.backendId` (and the attestation detail) differs. The
143
+ and `bun` gives byte-identical `result` and `evidence`; only
144
+ `provenance.backendId` (and the attestation detail) is not the same. The
145
145
  `test/execution-backends-smoke.js` gate proves this, proves the fail-closed
146
- refusals, proves the recorded provenance and delegation handles, and proves the
146
+ refusals, proves the kept provenance and delegation handles, and proves the
147
147
  verifier/registry stay backend-agnostic.
148
148
 
149
149
  ## ATTESTATION SHAPE
@@ -164,7 +164,7 @@ verifier/registry stay backend-agnostic.
164
164
  }
165
165
  ```
166
166
 
167
- A delegating driver additionally records `handle` (e.g.
167
+ A delegating driver also keeps `handle` (for example
168
168
  `{ "kind": "container", "ref": "img@sha256:..." }`).
169
169
 
170
170
  ## FILES
@@ -179,23 +179,23 @@ A delegating driver additionally records `handle` (e.g.
179
179
 
180
180
  ## FAILURE MODES
181
181
 
182
- Unknown backends fail closed with `backend-not-found` (CLI/dispatch/`CW_BACKEND`).
182
+ Backends it does not know fail closed with `backend-not-found` (CLI/dispatch/`CW_BACKEND`).
183
183
 
184
184
  `run` returns `status: "refused"` with `attestation.status: "refused"` when:
185
185
 
186
- - the command is denied by the sandbox profile (`sandbox-command-denied`),
187
- - a required sandbox dimension is `unsupported` (`sandbox-unenforceable`),
186
+ - the sandbox profile says no to the command (`sandbox-command-denied`),
187
+ - a needed sandbox dimension is `unsupported` (`sandbox-unenforceable`),
188
188
  - a local backend is not ready (`backend-not-ready`),
189
189
  - a delegating backend has no delegation target (`delegation-target-missing`).
190
190
 
191
- CW never silently downgrades a requested backend, and never runs a task
192
- unsandboxed when the requested profile cannot be honored.
191
+ CW never quietly drops down a backend you asked for, and never runs a task
192
+ unsandboxed when it can not honor the profile you asked for.
193
193
 
194
194
  ## COMPATIBILITY
195
195
 
196
- Execution Backends are introduced in CW v0.1.29. The default (`node`) backend
197
- reproduces pre-v0.1.29 behavior exactly; runs with no backend selected keep
198
- working and old run state loads unchanged (the backend fields are additive and
196
+ Execution Backends come in with CW v0.1.29. The default (`node`) backend
197
+ does pre-v0.1.29 behavior exactly; runs with no backend picked keep
198
+ working and old run state loads unchanged (the backend fields are added on and
199
199
  optional). The `ResultEnvelope` schema (`summary`, `findings`, `evidence`) is
200
200
  unchanged — the backend id and attestation live in provenance and run state,
201
201
  never in the result envelope.
@@ -208,23 +208,23 @@ run-registry-control-plane(7), security-trust-hardening(7)
208
208
  ## Web / Desktop Workbench (v0.1.30)
209
209
 
210
210
  v0.1.30 adds the Web / Desktop Workbench: a read-only, localhost-only human
211
- console that renders this surface (and the other four operator panels — run
211
+ console that shows this surface (and the other four operator panels — run
212
212
  graph, blackboard, worker logs, candidate compare, audit timeline) for any run,
213
- reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR alongside
214
- the CLI and MCP that holds no authoritative state and forks no schema: each panel
215
- equals its `cw <cmd> --json` payload byte-for-byte (parity-gated), and refresh
216
- re-derives everything from disk. See
213
+ reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR next to
214
+ the CLI and MCP that keeps no authoritative state and forks no schema: each panel
215
+ is the same as its `cw <cmd> --json` payload byte-for-byte (parity-gated), and refresh
216
+ works everything out from disk over again. See
217
217
  [web-desktop-workbench.7.md](web-desktop-workbench.7.md).
218
218
 
219
219
  ## Observability + Cost Accounting (v0.1.31)
220
220
 
221
221
  v0.1.31 adds Observability + Cost Accounting: `metrics show`/`metrics summary`
222
- derive durations, failure/verifier/acceptance rates (with sample counts and
222
+ work out durations, failure/verifier/acceptance rates (with sample counts and
223
223
  fail-closed `n/a`), and host-attested token/cost from existing durable run state
224
- — no metrics database, no collector daemon, no hidden counter. Usage is additive
225
- and optional (absent ⇒ `unreported`, never 0); cost is `attested` (attested usage
226
- × a recorded pricing policy) or clearly `estimated`, with pricing as policy. Both
227
- verbs are parity-gated and render read-only in the v0.1.30 Workbench. See
224
+ — no metrics database, no collector daemon, no hidden counter. Usage is added on
225
+ and optional (when not there ⇒ `unreported`, never 0); cost is `attested` (attested usage
226
+ × a kept pricing policy) or clearly `estimated`, with pricing as policy. Both
227
+ verbs are parity-gated and show read-only in the v0.1.30 Workbench. See
228
228
  [observability-cost-accounting.7.md](observability-cost-accounting.7.md).
229
229
 
230
230
 
@@ -232,25 +232,25 @@ verbs are parity-gated and render read-only in the v0.1.30 Workbench. See
232
232
 
233
233
  v0.1.32 adds Team Collaboration: a host-attested actor and append-only
234
234
  approvals/rejections/comments/handoffs provenance-linked to a durable target,
235
- plus a review gate that STACKS ON the verifier gate — required approvals from
235
+ plus a review gate that STACKS ON the verifier gate — needed approvals from
236
236
  authorized roles, enforced inside `resolveCommitGate` AFTER the verifier checks
237
- and never instead of them, failing closed on quorum/authority/self-approval and
238
- recording who approved the very artifact that shipped. Policy (required approvals,
237
+ and never in place of them, failing closed on quorum/authority/self-approval and
238
+ keeping a record of who approved the very artifact that went out. Policy (required approvals,
239
239
  authorized roles, self-approval) is data, default off (pre-v0.1.32 behavior
240
- unchanged). The verbs are parity-gated and render read-only in the v0.1.30
240
+ unchanged). The verbs are parity-gated and show read-only in the v0.1.30
241
241
  Workbench. See [Team Collaboration](team-collaboration.7.md).
242
242
 
243
243
  ## Release Tooling (v0.1.33)
244
244
 
245
- the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a de-duplicated release gate. See release-tooling(7).
245
+ the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a release gate that has no copies in it. See release-tooling(7).
246
246
 
247
247
  ## Real Execution Backend Integrations (v0.1.34)
248
248
 
249
- container/remote/ci backends really execute (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is unavailable. See real-execution-backends(7).
249
+ container/remote/ci backends truly run (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there to use. See real-execution-backends(7).
250
250
 
251
251
  ## Node Snapshot / Diff / Replay (v0.1.35)
252
252
 
253
- per-node snapshot, structural diff, and isolated deterministic replay over StateNode, reusing the v0.1.23 eval harness; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
253
+ per-node snapshot, structural diff, and isolated deterministic replay over StateNode, using the v0.1.23 eval harness over again; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
254
254
 
255
255
  ## Contract Migration Tooling (v0.1.36)
256
256
 
@@ -262,11 +262,11 @@ priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed pa
262
262
 
263
263
  ## Agent Delegation Drive (v0.1.38)
264
264
 
265
- spawn an external agent process per worker, capture result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
265
+ spawn an outside agent process per worker, take in result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
266
266
 
267
267
  ## Run Retention & Provable Reclamation (v0.1.39)
268
268
 
269
- tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the reconstructable bulk, prove it
269
+ tiered, append-only, cryptographically-verifiable run reclamation: seal the audit skeleton, free the bulk that can be built again, prove it
270
270
 
271
271
  ## Durable State & Locking (v0.1.40)
272
272
 
@@ -278,15 +278,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
278
278
 
279
279
  ## Robust Result Ingest (v0.1.42)
280
280
 
281
- capture findings/evidence from any reasonable agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
281
+ take in findings/evidence from any sensible agent shape (alt keys + prose), CW works out grounded evidence itself, give a warning on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
282
282
 
283
283
  ## No-False-Green Gate & Launch Prep (v0.1.43)
284
284
 
285
- Hard gate blocking empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
285
+ Hard gate stopping empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
286
286
 
287
287
  ## Release-Gate Determinism & Agents Vendor (v0.1.44)
288
288
 
289
- Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) instead of the mutable working tree — eliminating false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
289
+ Release-readiness checks now check the committed blob (`git show HEAD:<path>`) in place of the mutable working tree — doing away with false-red/false-green from working-tree writes at the same time (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one common interface to CW.
290
290
 
291
291
  ## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
292
292
 
@@ -303,7 +303,11 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
303
303
 
304
304
  ## Fast Architecture Review (v0.1.80)
305
305
 
306
- Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, actionable background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
306
+ Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, Map and Assess results you can use again, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
307
307
 
308
308
  _No changes to the execution-backends surface in v0.1.81._
309
- _No behavioral change in v0.1.82 (the delegated child programs moved from inline `node -e` strings to `scripts/children/`; spawn argv and shell:false behavior are byte-identical)._
309
+ _No behavioral change in v0.1.82 (the delegated child programs moved from inline `node -e` strings to `scripts/children/`; spawn argv and shell:false behavior are the same byte for byte)._
310
+
311
+ ## Hardening and Onboarding (v0.1.83)
312
+
313
+ Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.