cool-workflow 0.1.82 → 0.1.84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +2 -2
- package/.codex-plugin/plugin.json +4 -4
- package/README.md +128 -120
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/capability-core.js +16 -8
- package/dist/capability-registry.js +270 -0
- package/dist/cli/command-surface.js +1320 -0
- package/dist/cli.js +2 -1307
- package/dist/commit.js +5 -1
- package/dist/doctor.js +153 -0
- package/dist/mcp-server.js +15 -1451
- package/dist/mcp-surface.js +1441 -0
- package/dist/orchestrator.js +13 -0
- package/dist/reclamation/hash.js +72 -0
- package/dist/reclamation.js +25 -78
- package/dist/run-registry/queue.js +6 -7
- package/dist/run-registry.js +35 -24
- package/dist/scheduler.js +78 -53
- package/dist/version.js +1 -1
- package/dist/worker-accept/acceptance.js +114 -0
- package/dist/worker-accept/blackboard-fanout.js +80 -0
- package/dist/worker-accept/blackboard-linkage.js +19 -0
- package/dist/worker-accept/context.js +2 -0
- package/dist/worker-accept/telemetry-ledger.js +116 -0
- package/dist/worker-accept/validation.js +77 -0
- package/dist/worker-accept/verifier-completion.js +73 -0
- package/dist/worker-isolation.js +41 -446
- package/docs/agent-delegation-drive.7.md +94 -86
- package/docs/agent-framework.md +33 -32
- package/docs/candidate-scoring.7.md +26 -24
- package/docs/canonical-workflow-apps.7.md +40 -40
- package/docs/capability-topology-registry.7.md +24 -24
- package/docs/cli-mcp-parity.7.md +230 -154
- package/docs/contract-migration-tooling.7.md +52 -41
- package/docs/control-plane-scheduling.7.md +49 -41
- package/docs/coordinator-blackboard.7.md +30 -30
- package/docs/dogfood-one-real-repo.7.md +44 -44
- package/docs/durable-state-and-locking.7.md +38 -30
- package/docs/end-to-end-golden-path.7.md +29 -29
- package/docs/error-feedback.7.md +27 -27
- package/docs/evidence-adoption-reasoning-chain.7.md +66 -58
- package/docs/execution-backends.7.md +88 -80
- package/docs/getting-started.md +35 -18
- package/docs/index.md +3 -3
- package/docs/mcp-app-surface.7.md +64 -64
- package/docs/multi-agent-cli-mcp-surface.7.md +86 -77
- package/docs/multi-agent-eval-replay-harness.7.md +63 -55
- package/docs/multi-agent-operator-ux.7.md +73 -65
- package/docs/multi-agent-runtime-core.7.md +39 -39
- package/docs/multi-agent-topologies.7.md +24 -24
- package/docs/multi-agent-trust-policy-audit.7.md +38 -38
- package/docs/node-snapshot-diff-replay.7.md +30 -22
- package/docs/observability-cost-accounting.7.md +53 -45
- package/docs/operator-ux.7.md +30 -30
- package/docs/pipeline-runner.7.md +31 -31
- package/docs/project-index.md +16 -5
- package/docs/real-execution-backends.7.md +51 -43
- package/docs/release-and-migration.7.md +46 -38
- package/docs/release-tooling.7.md +67 -50
- package/docs/routines.md +16 -16
- package/docs/run-registry-control-plane.7.md +124 -116
- package/docs/run-retention-reclamation.7.md +49 -41
- package/docs/sandbox-profiles.7.md +32 -32
- package/docs/scheduled-tasks.md +14 -14
- package/docs/security-trust-hardening.7.md +29 -29
- package/docs/source-context-profiles.7.md +28 -28
- package/docs/state-explosion-management.7.md +67 -59
- package/docs/state-node.7.md +8 -8
- package/docs/team-collaboration.7.md +66 -58
- package/docs/trust-model.md +126 -126
- package/docs/unix-principles.md +80 -80
- package/docs/vendor-manifest-loadability.7.md +20 -20
- package/docs/verifier-gated-commit.7.md +16 -16
- package/docs/web-desktop-workbench.7.md +73 -65
- package/docs/worker-isolation.7.md +34 -37
- package/docs/workflow-app-framework.7.md +38 -38
- package/manifest/plugin.manifest.json +4 -4
- package/package.json +3 -2
- package/scripts/bump-version.js +9 -1
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +1 -1
- package/scripts/gen-parity-doc.js +106 -0
- package/scripts/golden-path.js +4 -4
- package/scripts/parity-check.js +27 -57
- package/scripts/release-flow.js +7 -6
- package/scripts/sync-project-index.js +1 -1
- package/dist/verifier-registry.js +0 -46
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
CW keeps source-context slimming out of the runtime kernel. The profile is policy
|
|
4
4
|
data in `manifest/source-context-profiles.json`; `scripts/source-context.js` is a
|
|
5
|
-
small
|
|
5
|
+
small part that reads a git ref and writes JSONL to stdout.
|
|
6
6
|
|
|
7
7
|
## Core Profile
|
|
8
8
|
|
|
9
9
|
The default `core` profile is the project memory for AI source imports. It keeps
|
|
10
|
-
runtime source and app/userland entrypoints, and leaves
|
|
10
|
+
runtime source and app/userland entrypoints, and leaves made artifacts,
|
|
11
11
|
tests, docs, release records, and long logs as manifest-only records.
|
|
12
12
|
|
|
13
13
|
Included:
|
|
@@ -30,26 +30,26 @@ Excluded from exported content:
|
|
|
30
30
|
- `CHANGELOG.md`
|
|
31
31
|
- `ITERATION_LOG.md`
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
33
|
+
Leaving a file out does not delete it and does not change release behavior. `dist/`
|
|
34
|
+
stays a committed release artifact till the release contract is clearly
|
|
35
35
|
changed.
|
|
36
36
|
|
|
37
37
|
## Narrow Profiles
|
|
38
38
|
|
|
39
|
-
Use a narrower opt-in profile when the question is already scoped:
|
|
39
|
+
Use a narrower opt-in profile when the question is already scoped down:
|
|
40
40
|
|
|
41
41
|
- `runtime`: the full `src/**` runtime kernel plus package and TypeScript
|
|
42
42
|
metadata.
|
|
43
43
|
- `mcp`: capability core/registry, CLI routing, MCP server, MCP launcher scripts,
|
|
44
44
|
and shared types.
|
|
45
|
-
- `workflow-apps`:
|
|
45
|
+
- `workflow-apps`: the true apps plus the Workflow App framework and app
|
|
46
46
|
planning/orchestration surface.
|
|
47
47
|
- `release`: release flow, gates, manifest/version tooling, package metadata, and
|
|
48
48
|
release-tooling docs.
|
|
49
|
-
- `agent-wrappers`:
|
|
49
|
+
- `agent-wrappers`: outside agent wrappers, agent config, execution backend,
|
|
50
50
|
drive loop, and agent-delegation docs.
|
|
51
51
|
|
|
52
|
-
The narrow profiles are policy data only.
|
|
52
|
+
The narrow profiles are policy data only. Picking one changes only the JSONL
|
|
53
53
|
context pack; it does not change runtime behavior, release contents, or the
|
|
54
54
|
default `core` profile.
|
|
55
55
|
|
|
@@ -73,35 +73,35 @@ node scripts/source-context.js export --profile core --ref HEAD --repo-root /pat
|
|
|
73
73
|
`export` emits only included text files and adds `content`. Both commands use
|
|
74
74
|
stdout for JSONL data only. Diagnostics and refusal messages go to stderr.
|
|
75
75
|
|
|
76
|
-
`--changed-from REF` is opt-in diff-aware mode. It
|
|
77
|
-
`export` to paths changed between the resolved base commit and `--ref`, then
|
|
78
|
-
applies the selected profile include/exclude rules. Deleted files are
|
|
79
|
-
because there is no blob at the target ref. Records
|
|
80
|
-
the resolved base commit. Empty diffs are
|
|
76
|
+
`--changed-from REF` is opt-in diff-aware mode. It cuts `manifest` and
|
|
77
|
+
`export` down to paths changed between the resolved base commit and `--ref`, then
|
|
78
|
+
applies the selected profile include/exclude rules. Deleted files are left out
|
|
79
|
+
because there is no blob at the target ref. Records take in `changedFrom` with
|
|
80
|
+
the resolved base commit. Empty diffs are good and emit empty JSONL.
|
|
81
81
|
|
|
82
82
|
`export --cache-dir DIR` is opt-in. The cache key is the resolved git commit SHA
|
|
83
|
-
plus a digest of the selected source profile, so changing
|
|
84
|
-
include/exclude policy
|
|
85
|
-
same JSONL bytes to stdout and stay
|
|
86
|
-
records fail closed
|
|
83
|
+
plus a digest of the selected source profile, so changing the ref or the
|
|
84
|
+
include/exclude policy makes a different JSONL cache file. Cache hits write the
|
|
85
|
+
same JSONL bytes to stdout and stay quiet on stderr. Broken or wrong cache
|
|
86
|
+
records fail closed in place of falling back without a word. Diff-aware exports take in
|
|
87
87
|
the resolved `--changed-from` commit in the cache key, so full and changed exports
|
|
88
88
|
do not share cache files.
|
|
89
89
|
|
|
90
|
-
`--repo-root DIR` is
|
|
90
|
+
`--repo-root DIR` is opt-in too; when left out, the script keeps its past
|
|
91
91
|
default and reads the Cool Workflow repository root.
|
|
92
92
|
|
|
93
93
|
## Verification
|
|
94
94
|
|
|
95
95
|
The smoke test checks that:
|
|
96
96
|
|
|
97
|
-
- the profile
|
|
97
|
+
- the profile takes in and leaves out the very same remembered paths;
|
|
98
98
|
- `dist/`, tests, docs, release records, and long logs are manifest-only;
|
|
99
|
-
- exported records are
|
|
100
|
-
- narrow profiles are slimmer than `core` and include/exclude
|
|
101
|
-
|
|
102
|
-
- `--changed-from` emits only changed current-ref files, still
|
|
103
|
-
and caches
|
|
104
|
-
- cached exports are byte-identical to uncached exports and
|
|
99
|
+
- exported records are JSONL that parses with content and sha256;
|
|
100
|
+
- narrow profiles are slimmer than `core` and include/exclude the surfaces they
|
|
101
|
+
are meant to;
|
|
102
|
+
- `--changed-from` emits only changed current-ref files, still keeps its excludes,
|
|
103
|
+
and caches apart from full exports;
|
|
104
|
+
- cached exports are byte-identical to uncached exports and broken cache hits
|
|
105
105
|
fail closed;
|
|
106
106
|
- the `core` profile stays under its `maxLines` guard.
|
|
107
107
|
|
|
@@ -113,7 +113,7 @@ node test/source-context-profile-smoke.js
|
|
|
113
113
|
|
|
114
114
|
## FreeBSD Discipline
|
|
115
115
|
|
|
116
|
-
This feature is opt-in and does not
|
|
116
|
+
This feature is opt-in and does not change present CLI output. It is mechanism,
|
|
117
117
|
not policy: profile selection lives in data, and vendor prompt/stream behavior
|
|
118
|
-
stays in wrappers. It fails closed on
|
|
119
|
-
included files, and line-count drift past the
|
|
118
|
+
stays in wrappers. It fails closed on bad profiles, unknown refs, binary
|
|
119
|
+
included files, and line-count drift past the set guard.
|
|
@@ -1,30 +1,30 @@
|
|
|
1
1
|
# State Explosion Management
|
|
2
2
|
|
|
3
|
-
CW v0.1.25 adds State Explosion Management.
|
|
4
|
-
blackboard and graph output can
|
|
5
|
-
first-class summarization and compaction layer that makes
|
|
6
|
-
|
|
3
|
+
CW v0.1.25 adds State Explosion Management. When multi-agent work grows,
|
|
4
|
+
blackboard and graph output can get too big to read. This release adds a
|
|
5
|
+
first-class summarization and compaction layer that makes hard runs
|
|
6
|
+
clear to read without hiding source truth.
|
|
7
7
|
|
|
8
8
|
CW v0.1.26 builds on this layer with the Evidence Adoption Reasoning Chain, which
|
|
9
|
-
reuses the same derived, fingerprinted, fail-closed
|
|
10
|
-
reasoning steps are
|
|
9
|
+
reuses the same derived, fingerprinted, fail-closed way of working and whose
|
|
10
|
+
reasoning steps are free from the compaction talked about here. See
|
|
11
11
|
[evidence-adoption-reasoning-chain.7.md](evidence-adoption-reasoning-chain.7.md).
|
|
12
12
|
|
|
13
|
-
The design
|
|
13
|
+
The design keeps to a base-system observability way of thinking:
|
|
14
14
|
|
|
15
15
|
- raw state is the source of truth
|
|
16
|
-
- summaries are derived userland indexes, never
|
|
16
|
+
- summaries are derived userland indexes, never a substitute for source records
|
|
17
17
|
- plain files, stable JSON, deterministic output
|
|
18
|
-
- small composable commands and readable console views with full
|
|
19
|
-
machine-readable output
|
|
20
|
-
- fail closed when a summary is stale,
|
|
18
|
+
- small composable commands and readable console views, with full
|
|
19
|
+
machine-readable output ready to use
|
|
20
|
+
- fail closed when a summary is stale, not complete, not clear, or loses
|
|
21
21
|
provenance
|
|
22
22
|
- backward compatible; no hidden daemon; no lossy deletion of blackboard,
|
|
23
23
|
graph, audit, or evidence records
|
|
24
24
|
|
|
25
25
|
## Derived summary model
|
|
26
26
|
|
|
27
|
-
Summary records are durable, versioned, and provenance
|
|
27
|
+
Summary records are durable, versioned, and backed by provenance. Each one carries
|
|
28
28
|
`schemaVersion`, `runId`, a summary `id`, a `scope`
|
|
29
29
|
(`run`, `topology`, `multi-agent-run`, `group`, `role`, `membership`, `fanout`,
|
|
30
30
|
`fanin`, `blackboard`, `topic`, `evidence`, `trust`, or `eval`),
|
|
@@ -43,14 +43,14 @@ Record types:
|
|
|
43
43
|
|
|
44
44
|
Summaries are written under `.cw/runs/<run-id>/summaries/` as plain JSON. Raw
|
|
45
45
|
blackboard messages, graph nodes, graph edges, audit events, evidence refs, and
|
|
46
|
-
eval artifacts are never deleted or
|
|
46
|
+
eval artifacts are never deleted or written over.
|
|
47
47
|
|
|
48
48
|
Within a single summary build, CW shares the derived full operator graph,
|
|
49
49
|
operator status, blackboard digest, state-size record, and graph view records
|
|
50
|
-
through a short-lived in-memory context. This
|
|
51
|
-
for `summary refresh`, `summary show`, and the top-level state-explosion report.
|
|
52
|
-
It is not a daemon or persistent cache: the next command
|
|
53
|
-
disk,
|
|
50
|
+
through a short-lived in-memory context. This way it does not build the same graph
|
|
51
|
+
again for `summary refresh`, `summary show`, and the top-level state-explosion report.
|
|
52
|
+
It is not a daemon or persistent cache: the next command reads run state from
|
|
53
|
+
disk again, works out source fingerprints again, and still fails closed on stale summaries.
|
|
54
54
|
|
|
55
55
|
## Blackboard summarization
|
|
56
56
|
|
|
@@ -58,28 +58,28 @@ disk, recomputes source fingerprints, and still fails closed on stale summaries.
|
|
|
58
58
|
deterministic structural digest with topic rollups, message thread summaries,
|
|
59
59
|
unresolved questions, conflicts, decisions, artifacts, adopted evidence,
|
|
60
60
|
missing evidence, policy violations, judge rationale, recent changes, and
|
|
61
|
-
high-signal records. Every entry
|
|
61
|
+
high-signal records. Every entry keeps links back to source messages,
|
|
62
62
|
contexts, artifacts, snapshots, coordinator decisions, and audit events, plus an
|
|
63
63
|
expansion command for the raw records. Structural summaries exist without any
|
|
64
|
-
LLM output; any semantic summary must be
|
|
65
|
-
evidence
|
|
64
|
+
LLM output; any semantic summary must be clear, backed by provenance, and
|
|
65
|
+
linked to evidence.
|
|
66
66
|
|
|
67
67
|
## Graph compaction
|
|
68
68
|
|
|
69
69
|
`multi-agent graph <run-id> --view <view>` produces compact graph views.
|
|
70
70
|
Supported views: `full`, `compact`, `critical-path`, `failures`, `evidence`,
|
|
71
71
|
`trust`, `topology`, `blackboard`, `candidate`, and `commit-gate`. Use
|
|
72
|
-
`--focus <id>` and `--depth <n>` to
|
|
73
|
-
|
|
72
|
+
`--focus <id>` and `--depth <n>` to put the view on a node and the
|
|
73
|
+
nodes near it.
|
|
74
74
|
|
|
75
|
-
Compact views
|
|
75
|
+
Compact views fold high-volume groups, topics, fanouts, fanins, message
|
|
76
76
|
clusters, and evidence chains into synthetic summary nodes. Each synthetic node
|
|
77
|
-
|
|
77
|
+
shows `collapsedNodeCount`, `collapsedEdgeCount`, `sourceIds`,
|
|
78
78
|
`dominantStatus`, an optional `blockedReason`, and an `expansionCommand`.
|
|
79
79
|
|
|
80
|
-
The critical path is always
|
|
80
|
+
The critical path is always kept, and failures, blocked records,
|
|
81
81
|
conflicts, missing evidence, policy violations, and judge rationale are never
|
|
82
|
-
|
|
82
|
+
folded.
|
|
83
83
|
|
|
84
84
|
## CLI
|
|
85
85
|
|
|
@@ -98,11 +98,11 @@ Every command supports deterministic JSON with `--json` or `--format json`.
|
|
|
98
98
|
Human output is organized into stable panels: State Size, Compact Graph,
|
|
99
99
|
Blackboard Digest, Critical Path, Failures / Blockers, Evidence Digest,
|
|
100
100
|
Trust / Policy Digest, Hidden Source Records, Expansion Commands, and Next
|
|
101
|
-
Action. JSON output is never
|
|
102
|
-
human views or when a compact view is
|
|
101
|
+
Action. JSON output is never quietly compacted; compaction is used only on
|
|
102
|
+
human views or when a compact view is clearly asked for.
|
|
103
103
|
|
|
104
|
-
When thresholds are
|
|
105
|
-
summaries and tells the operator how to
|
|
104
|
+
When thresholds are gone past, human output by itself shows compact
|
|
105
|
+
summaries and tells the operator how to look at the full data, for example:
|
|
106
106
|
|
|
107
107
|
```text
|
|
108
108
|
Graph compacted: 420 nodes collapsed into 18 summary nodes
|
|
@@ -122,7 +122,7 @@ MCP responses include source refs and expansion hints.
|
|
|
122
122
|
|
|
123
123
|
## Eval / replay integration
|
|
124
124
|
|
|
125
|
-
Eval snapshots
|
|
125
|
+
Eval snapshots take in summary artifacts, and replay comparison treats them as
|
|
126
126
|
regression-gated. Metrics: `summary_freshness`, `compact_graph_parity`,
|
|
127
127
|
`blackboard_digest_parity`, `critical_path_parity`, `evidence_digest_parity`,
|
|
128
128
|
and `expansion_ref_integrity`. The eval gate fails closed on stale summaries,
|
|
@@ -133,36 +133,36 @@ summary/report mismatch.
|
|
|
133
133
|
## Trust and audit
|
|
134
134
|
|
|
135
135
|
Summary generation is recorded in the trust-audit log. `summary refresh` records
|
|
136
|
-
a `summary.refresh` event noting who or what
|
|
137
|
-
were summarized, how many records were
|
|
136
|
+
a `summary.refresh` event noting who or what made the summary, which scopes
|
|
137
|
+
were summarized, how many records were put in and left out, whether the summary
|
|
138
138
|
is deterministic, the source fingerprint, and whether it is stale. `summary
|
|
139
|
-
show` records a `summary.stale` event when the
|
|
140
|
-
matches current source state. Audit metadata never
|
|
139
|
+
show` records a `summary.stale` event when the kept fingerprint no longer
|
|
140
|
+
matches current source state. Audit metadata never keeps secrets or large raw
|
|
141
141
|
message bodies.
|
|
142
142
|
|
|
143
143
|
## Freshness and fail-closed behavior
|
|
144
144
|
|
|
145
|
-
`summary show`
|
|
146
|
-
|
|
145
|
+
`summary show` works out the current source fingerprint again and compares it to the
|
|
146
|
+
kept record. If they are not the same, the report status is `stale`, stale scopes are
|
|
147
147
|
listed, and the next action is `summary refresh`. This keeps derived indexes
|
|
148
|
-
|
|
148
|
+
true: a summary is never trusted once its source records change.
|
|
149
149
|
|
|
150
150
|
## Migration
|
|
151
151
|
|
|
152
152
|
Pre-0.1.25 runs have no `summaries/` directory; `summary show` reports `absent`
|
|
153
|
-
and
|
|
154
|
-
summary sections, so existing fixtures and replays
|
|
153
|
+
and tells you to use `summary refresh`. Pre-0.1.25 eval snapshots load with empty
|
|
154
|
+
summary sections, so existing fixtures and replays stay backward compatible.
|
|
155
155
|
Newer unsupported run-state schemas still fail closed.
|
|
156
156
|
## CLI ↔ MCP Parity (v0.1.27)
|
|
157
157
|
|
|
158
|
-
Every command and tool
|
|
159
|
-
registry (`src/capability-registry.ts`) and
|
|
160
|
-
so `cw <cmd> --json` and the matching `cw_<tool>` result
|
|
158
|
+
Every command and tool named above is declared in the v0.1.27 capability
|
|
159
|
+
registry (`src/capability-registry.ts`) and checked by `npm run parity:check`,
|
|
160
|
+
so `cw <cmd> --json` and the matching `cw_<tool>` result show one data source.
|
|
161
161
|
See [cli-mcp-parity.7.md](cli-mcp-parity.7.md).
|
|
162
162
|
|
|
163
163
|
## Run Registry / Control Plane (v0.1.28)
|
|
164
164
|
|
|
165
|
-
The runs
|
|
165
|
+
The runs talked about here are indexed, searchable, resumable, archivable, and
|
|
166
166
|
rerunnable across repos by the v0.1.28 Run Registry / Control Plane, which derives
|
|
167
167
|
a fingerprinted, fail-closed index over the same per-run `.cw/runs/<id>/state.json`
|
|
168
168
|
source of truth. See [run-registry-control-plane.7.md](run-registry-control-plane.7.md).
|
|
@@ -170,21 +170,21 @@ source of truth. See [run-registry-control-plane.7.md](run-registry-control-plan
|
|
|
170
170
|
## Execution Backends (v0.1.29)
|
|
171
171
|
|
|
172
172
|
v0.1.29 lifts execution into a pluggable driver layer: one narrow `ExecutionBackend`
|
|
173
|
-
contract with
|
|
174
|
-
drivers,
|
|
173
|
+
contract with swappable `node`/`bun`/`shell`/`container`/`remote`/`ci`
|
|
174
|
+
drivers, picked by `--backend` (parallel to `--sandbox`) and looked at through
|
|
175
175
|
`backend list|show|probe`. The result/evidence envelope is schema-identical across
|
|
176
176
|
backends; the backend id + sandbox attestation are recorded as provenance, so this
|
|
177
|
-
surface
|
|
177
|
+
surface stays the same no matter which backend ran a run. See
|
|
178
178
|
[execution-backends.7.md](execution-backends.7.md).
|
|
179
179
|
## Web / Desktop Workbench (v0.1.30)
|
|
180
180
|
|
|
181
181
|
v0.1.30 adds the Web / Desktop Workbench: a read-only, localhost-only human
|
|
182
|
-
console that
|
|
182
|
+
console that shows this surface (and the other four operator panels — run
|
|
183
183
|
graph, blackboard, worker logs, candidate compare, audit timeline) for any run,
|
|
184
|
-
reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR
|
|
184
|
+
reading the SAME capability `--json` payloads. It is a THIRD FRONT DOOR next to
|
|
185
185
|
the CLI and MCP that holds no authoritative state and forks no schema: each panel
|
|
186
186
|
equals its `cw <cmd> --json` payload byte-for-byte (parity-gated), and refresh
|
|
187
|
-
|
|
187
|
+
derives everything again from disk. See
|
|
188
188
|
[web-desktop-workbench.7.md](web-desktop-workbench.7.md).
|
|
189
189
|
|
|
190
190
|
## Observability + Cost Accounting (v0.1.31)
|
|
@@ -195,7 +195,7 @@ fail-closed `n/a`), and host-attested token/cost from existing durable run state
|
|
|
195
195
|
— no metrics database, no collector daemon, no hidden counter. Usage is additive
|
|
196
196
|
and optional (absent ⇒ `unreported`, never 0); cost is `attested` (attested usage
|
|
197
197
|
× a recorded pricing policy) or clearly `estimated`, with pricing as policy. Both
|
|
198
|
-
verbs are parity-gated and
|
|
198
|
+
verbs are parity-gated and show read-only in the v0.1.30 Workbench. See
|
|
199
199
|
[observability-cost-accounting.7.md](observability-cost-accounting.7.md).
|
|
200
200
|
|
|
201
201
|
|
|
@@ -205,10 +205,10 @@ v0.1.32 adds Team Collaboration: a host-attested actor and append-only
|
|
|
205
205
|
approvals/rejections/comments/handoffs provenance-linked to a durable target,
|
|
206
206
|
plus a review gate that STACKS ON the verifier gate — required approvals from
|
|
207
207
|
authorized roles, enforced inside `resolveCommitGate` AFTER the verifier checks
|
|
208
|
-
and never
|
|
208
|
+
and never in place of them, failing closed on quorum/authority/self-approval and
|
|
209
209
|
recording who approved the very artifact that shipped. Policy (required approvals,
|
|
210
210
|
authorized roles, self-approval) is data, default off (pre-v0.1.32 behavior
|
|
211
|
-
|
|
211
|
+
not changed). The verbs are parity-gated and show read-only in the v0.1.30
|
|
212
212
|
Workbench. See [Team Collaboration](team-collaboration.7.md).
|
|
213
213
|
|
|
214
214
|
## Release Tooling (v0.1.33)
|
|
@@ -217,7 +217,7 @@ the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffo
|
|
|
217
217
|
|
|
218
218
|
## Real Execution Backend Integrations (v0.1.34)
|
|
219
219
|
|
|
220
|
-
container/remote/ci backends really
|
|
220
|
+
container/remote/ci backends really run (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there to use. See real-execution-backends(7).
|
|
221
221
|
|
|
222
222
|
## Node Snapshot / Diff / Replay (v0.1.35)
|
|
223
223
|
|
|
@@ -249,15 +249,15 @@ evidence grounding + durable audit append + symlink-hardened containment + deter
|
|
|
249
249
|
|
|
250
250
|
## Robust Result Ingest (v0.1.42)
|
|
251
251
|
|
|
252
|
-
capture findings/evidence from any
|
|
252
|
+
capture findings/evidence from any sensible agent shape (alt keys + prose), CW derives grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
|
|
253
253
|
|
|
254
254
|
## No-False-Green Gate & Launch Prep (v0.1.43)
|
|
255
255
|
|
|
256
|
-
Hard gate
|
|
256
|
+
Hard gate stopping empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
|
|
257
257
|
|
|
258
258
|
## Release-Gate Determinism & Agents Vendor (v0.1.44)
|
|
259
259
|
|
|
260
|
-
Release-readiness checks now
|
|
260
|
+
Release-readiness checks now check the committed blob (`git show HEAD:<path>`) instead of the changeable working tree — taking away false-red/false-green from working-tree writes at the same time (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter giving any non-Claude AI agent one common interface to CW.
|
|
261
261
|
|
|
262
262
|
## P1-P2 Fixes & CI Content Surfaces (v0.1.49)
|
|
263
263
|
|
|
@@ -274,7 +274,15 @@ Migration DAG with reversible edges (v0.1.45), capability auto-discovery (v0.1.4
|
|
|
274
274
|
|
|
275
275
|
## Fast Architecture Review (v0.1.80)
|
|
276
276
|
|
|
277
|
-
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics,
|
|
277
|
+
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, reusable Map and Assess results, measurable wrapper metrics, useful background full-review handoff, and userland model policy flags for routing fast/strong workers without changing the full review contract.
|
|
278
278
|
|
|
279
|
-
_No changes to the state-explosion management surface in v0.1.81 (the module was
|
|
279
|
+
_No changes to the state-explosion management surface in v0.1.81 (the module was cut into behavior-preserving siblings; output is byte-identical)._
|
|
280
280
|
_No changes in v0.1.82._
|
|
281
|
+
|
|
282
|
+
## Hardening and Onboarding (v0.1.83)
|
|
283
|
+
|
|
284
|
+
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
285
|
+
|
|
286
|
+
## Privacy Release (v0.1.84)
|
|
287
|
+
|
|
288
|
+
No other change to this page in v0.1.84.
|
package/docs/state-node.7.md
CHANGED
|
@@ -29,17 +29,17 @@ const verified = transitionStateNode(result, { status: "verified", loopStage: "a
|
|
|
29
29
|
|
|
30
30
|
## DESCRIPTION
|
|
31
31
|
|
|
32
|
-
`StateNode` is the small runtime object used to
|
|
32
|
+
`StateNode` is the small runtime object used to show important CW transitions as JSON. It is not a workflow app model and it does not hold domain behavior.
|
|
33
33
|
|
|
34
|
-
The kernel owns node creation,
|
|
34
|
+
The kernel owns node creation, clear status transitions, artifact paths, contract checks, and structured errors. Workflow apps own prompts, phase order, and the reading of domain-specific meaning.
|
|
35
35
|
|
|
36
|
-
CW writes node JSON artifacts
|
|
36
|
+
CW writes node JSON artifacts in:
|
|
37
37
|
|
|
38
38
|
```text
|
|
39
39
|
.cw/runs/<run-id>/nodes/
|
|
40
40
|
```
|
|
41
41
|
|
|
42
|
-
The
|
|
42
|
+
The common flow is:
|
|
43
43
|
|
|
44
44
|
```text
|
|
45
45
|
input node -> task node -> dispatch node -> result node -> verifier node -> commit/report node
|
|
@@ -51,11 +51,11 @@ Every `StateNode` includes `schemaVersion`, `id`, `kind`, `status`, `loopStage`,
|
|
|
51
51
|
|
|
52
52
|
Every `PipelineContract` includes `schemaVersion`, `id`, `title`, `stages`, optional input/output schemas, artifact/evidence/failure/commit policies, and compatibility bounds.
|
|
53
53
|
|
|
54
|
-
Each stage
|
|
54
|
+
Each stage names the input node kinds and statuses it takes, the output kind it makes, required artifacts, required evidence, verifier gate, and retry/failure behavior.
|
|
55
55
|
|
|
56
56
|
## FAILURE MODES
|
|
57
57
|
|
|
58
|
-
Contract failures
|
|
58
|
+
Contract failures come up as `PipelineContractError`. Each error carries a structured `StateNodeError` with:
|
|
59
59
|
|
|
60
60
|
- `code`
|
|
61
61
|
- `message`
|
|
@@ -65,7 +65,7 @@ Contract failures are raised as `PipelineContractError`. Each error carries a st
|
|
|
65
65
|
- optional `retryable`
|
|
66
66
|
- optional `details`
|
|
67
67
|
|
|
68
|
-
Illegal status transitions fail before
|
|
68
|
+
Illegal status transitions fail before they change the node. Missing artifacts and missing evidence fail with error records you can locate, ready for saving into a failure node.
|
|
69
69
|
|
|
70
70
|
Commit status is verifier-gated. A node cannot transition into `committed` unless it is already `verified`.
|
|
71
71
|
|
|
@@ -73,7 +73,7 @@ Commit status is verifier-gated. A node cannot transition into `committed` unles
|
|
|
73
73
|
|
|
74
74
|
`schemaVersion` is required on both nodes and contracts. The current schema is `1`.
|
|
75
75
|
|
|
76
|
-
New fields should be optional unless the runtime cannot
|
|
76
|
+
New fields should be optional unless the runtime cannot go on without them. Older run state without `nodes` or `contracts` can still be read; those arrays are set up when loaded.
|
|
77
77
|
|
|
78
78
|
## EXAMPLES
|
|
79
79
|
|