cool-workflow 0.1.83 → 0.1.84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/README.md +4 -0
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/capability-registry.js +262 -0
- package/dist/cli/command-surface.js +1320 -0
- package/dist/cli.js +2 -1318
- package/dist/mcp-server.js +5 -1452
- package/dist/mcp-surface.js +1441 -0
- package/dist/version.js +1 -1
- package/dist/worker-accept/acceptance.js +114 -0
- package/dist/worker-accept/blackboard-fanout.js +80 -0
- package/dist/worker-accept/blackboard-linkage.js +19 -0
- package/dist/worker-accept/context.js +2 -0
- package/dist/worker-accept/telemetry-ledger.js +116 -0
- package/dist/worker-accept/validation.js +77 -0
- package/dist/worker-accept/verifier-completion.js +73 -0
- package/dist/worker-isolation.js +19 -444
- package/docs/agent-delegation-drive.7.md +4 -0
- package/docs/cli-mcp-parity.7.md +4 -0
- package/docs/contract-migration-tooling.7.md +4 -0
- package/docs/control-plane-scheduling.7.md +4 -0
- package/docs/durable-state-and-locking.7.md +4 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
- package/docs/execution-backends.7.md +4 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
- package/docs/multi-agent-eval-replay-harness.7.md +4 -0
- package/docs/multi-agent-operator-ux.7.md +4 -0
- package/docs/node-snapshot-diff-replay.7.md +4 -0
- package/docs/observability-cost-accounting.7.md +4 -0
- package/docs/project-index.md +11 -5
- package/docs/real-execution-backends.7.md +4 -0
- package/docs/release-and-migration.7.md +4 -0
- package/docs/release-tooling.7.md +14 -1
- package/docs/run-registry-control-plane.7.md +4 -0
- package/docs/run-retention-reclamation.7.md +4 -0
- package/docs/state-explosion-management.7.md +4 -0
- package/docs/team-collaboration.7.md +4 -0
- package/docs/web-desktop-workbench.7.md +4 -0
- package/manifest/plugin.manifest.json +1 -1
- package/package.json +1 -1
- package/scripts/bump-version.js +9 -1
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +1 -1
- package/scripts/golden-path.js +4 -4
- package/scripts/parity-check.js +27 -57
- package/scripts/release-flow.js +7 -6
- package/scripts/sync-project-index.js +1 -1
package/dist/worker-isolation.js
CHANGED
|
@@ -21,20 +21,18 @@ const state_1 = require("./state");
|
|
|
21
21
|
const pipeline_contract_1 = require("./pipeline-contract");
|
|
22
22
|
const error_feedback_1 = require("./error-feedback");
|
|
23
23
|
const state_node_1 = require("./state-node");
|
|
24
|
-
const pipeline_runner_1 = require("./pipeline-runner");
|
|
25
|
-
const verifier_1 = require("./verifier");
|
|
26
|
-
const evidence_grounding_1 = require("./evidence-grounding");
|
|
27
|
-
const result_normalize_1 = require("./result-normalize");
|
|
28
24
|
const sandbox_profile_1 = require("./sandbox-profile");
|
|
29
25
|
const execution_backend_1 = require("./execution-backend");
|
|
30
26
|
const trust_audit_1 = require("./trust-audit");
|
|
31
|
-
const multi_agent_1 = require("./multi-agent");
|
|
32
|
-
const telemetry_attestation_1 = require("./telemetry-attestation");
|
|
33
|
-
const telemetry_ledger_1 = require("./telemetry-ledger");
|
|
34
|
-
const coordinator_1 = require("./coordinator");
|
|
35
27
|
const helpers_1 = require("./worker-isolation/helpers");
|
|
36
28
|
const paths_1 = require("./worker-isolation/paths");
|
|
37
29
|
const validation_1 = require("./validation");
|
|
30
|
+
const acceptance_1 = require("./worker-accept/acceptance");
|
|
31
|
+
const blackboard_linkage_1 = require("./worker-accept/blackboard-linkage");
|
|
32
|
+
const blackboard_fanout_1 = require("./worker-accept/blackboard-fanout");
|
|
33
|
+
const telemetry_ledger_1 = require("./worker-accept/telemetry-ledger");
|
|
34
|
+
const validation_2 = require("./worker-accept/validation");
|
|
35
|
+
const verifier_completion_1 = require("./worker-accept/verifier-completion");
|
|
38
36
|
exports.WORKER_ISOLATION_SCHEMA_VERSION = 1;
|
|
39
37
|
function allocateWorkerScope(run, task, options = {}) {
|
|
40
38
|
ensureWorkerState(run);
|
|
@@ -287,372 +285,22 @@ function recordWorkerOutput(run, workerId, resultPath, options = {}) {
|
|
|
287
285
|
// steps are load-bearing (replay determinism + the hash-chained audit/telemetry
|
|
288
286
|
// ledgers cross-link by parent event ids), so each helper runs exactly where it
|
|
289
287
|
// did before and mutates the shared `accept` context in place. Do NOT reorder.
|
|
290
|
-
const accept = validateWorkerResult(run, workerId, resultPath, options
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
288
|
+
const accept = (0, validation_2.validateWorkerResult)(run, workerId, resultPath, options, {
|
|
289
|
+
requireWorkerScope,
|
|
290
|
+
requireWorkerTask,
|
|
291
|
+
validateWorkerBoundary,
|
|
292
|
+
recordWorkerFailure
|
|
293
|
+
});
|
|
294
|
+
const delegation = (0, telemetry_ledger_1.attestWorkerDelegation)(accept, { recordWorkerFailure });
|
|
295
|
+
(0, acceptance_1.acceptWorkerResult)(accept, delegation);
|
|
296
|
+
(0, telemetry_ledger_1.recordWorkerDelegationLedger)(accept, delegation);
|
|
297
|
+
(0, verifier_completion_1.runWorkerVerify)(accept);
|
|
298
|
+
(0, verifier_completion_1.recordWorkerCompletion)(accept, delegation, { updateWorkerScope });
|
|
299
|
+
(0, blackboard_fanout_1.fanOutWorkerOutput)(accept);
|
|
297
300
|
if (options.persist !== false)
|
|
298
301
|
(0, state_1.saveCheckpoint)(run);
|
|
299
302
|
return accept.output;
|
|
300
303
|
}
|
|
301
|
-
/** Step 1 — validateResult: resolve scope/task, enforce the sandbox boundary, the
|
|
302
|
-
* result-file existence, the envelope contract, and (opt-in) resolvable evidence.
|
|
303
|
-
* Fail-closed: any guard records a worker failure and throws BEFORE accept-side
|
|
304
|
-
* state mutation. Returns the partially-filled accept context on success. */
|
|
305
|
-
function validateWorkerResult(run, workerId, resultPath, options) {
|
|
306
|
-
const scope = requireWorkerScope(run, workerId);
|
|
307
|
-
const task = requireWorkerTask(run, scope);
|
|
308
|
-
const absoluteResultPath = node_path_1.default.resolve(resultPath);
|
|
309
|
-
const violation = validateWorkerBoundary(run, workerId, { ...options, policy: options.policy, path: absoluteResultPath });
|
|
310
|
-
if (violation) {
|
|
311
|
-
(0, trust_audit_1.recordSandboxPathDecision)(run, {
|
|
312
|
-
workerId,
|
|
313
|
-
taskId: task.id,
|
|
314
|
-
sandboxProfileId: scope.sandboxProfileId,
|
|
315
|
-
policySnapshot: scope.sandboxPolicy,
|
|
316
|
-
target: absoluteResultPath,
|
|
317
|
-
decision: "denied",
|
|
318
|
-
metadata: { code: violation.code, allowedPaths: violation.allowedPaths }
|
|
319
|
-
});
|
|
320
|
-
recordWorkerFailure(run, workerId, violation, { ...options, path: absoluteResultPath, code: violation.code, retryable: false });
|
|
321
|
-
throw new Error(violation.message);
|
|
322
|
-
}
|
|
323
|
-
if (!node_fs_1.default.existsSync(absoluteResultPath)) {
|
|
324
|
-
const error = (0, helpers_1.structuredError)("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
|
|
325
|
-
path: absoluteResultPath,
|
|
326
|
-
retryable: true
|
|
327
|
-
});
|
|
328
|
-
recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
|
|
329
|
-
throw new Error(error.message);
|
|
330
|
-
}
|
|
331
|
-
const rawResult = node_fs_1.default.readFileSync(absoluteResultPath, "utf8");
|
|
332
|
-
const parsedResult = (0, verifier_1.parseResultEnvelope)(rawResult);
|
|
333
|
-
(0, verifier_1.validateResultEnvelope)(task, parsedResult);
|
|
334
|
-
// Strict evidence resolution (v0.1.40 self-audit P1, opt-in via
|
|
335
|
-
// CW_REQUIRE_RESOLVABLE_EVIDENCE): fail closed if the result cites file-style
|
|
336
|
-
// evidence that does not resolve on disk, so a worker cannot land a result
|
|
337
|
-
// whose evidence locators point nowhere. Off by default — the default gate is
|
|
338
|
-
// the deterministic grounding check in validateResultEnvelope.
|
|
339
|
-
if ((0, evidence_grounding_1.requireResolvableEvidence)()) {
|
|
340
|
-
const baseDirs = Array.from(new Set([run.cwd, process.cwd(), scope.workerDir, run.paths.runDir].filter(Boolean)));
|
|
341
|
-
const unresolved = (0, evidence_grounding_1.unresolvedFileEvidence)(parsedResult.evidence, baseDirs);
|
|
342
|
-
if (unresolved.length) {
|
|
343
|
-
const error = (0, helpers_1.structuredError)("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
|
|
344
|
-
recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
|
|
345
|
-
throw new Error(error.message);
|
|
346
|
-
}
|
|
347
|
-
}
|
|
348
|
-
return {
|
|
349
|
-
run,
|
|
350
|
-
workerId,
|
|
351
|
-
options,
|
|
352
|
-
scope,
|
|
353
|
-
task,
|
|
354
|
-
absoluteResultPath,
|
|
355
|
-
rawResult,
|
|
356
|
-
parsedResult,
|
|
357
|
-
destination: "",
|
|
358
|
-
pathAuditId: "",
|
|
359
|
-
acceptedAuditId: "",
|
|
360
|
-
resultNode: undefined,
|
|
361
|
-
verifierNodeId: "",
|
|
362
|
-
verifierStatus: "",
|
|
363
|
-
output: undefined
|
|
364
|
-
};
|
|
365
|
-
}
|
|
366
|
-
/** Step 2 — attestSandbox/attestDelegation: verify the agent's signed telemetry
|
|
367
|
-
* BEFORE recording it, enforce the opt-in require-attested-telemetry gate (still
|
|
368
|
-
* fail-closed, pre-mutation), and build the agent-hop provenance. Non-agent hops
|
|
369
|
-
* return an empty delegation. */
|
|
370
|
-
function attestWorkerDelegation(accept) {
|
|
371
|
-
const { run, workerId, options, task, absoluteResultPath, rawResult } = accept;
|
|
372
|
-
// Agent Delegation Drive (v0.1.38): if this worker's result.md was produced by an
|
|
373
|
-
// EXTERNAL agent, record the agent-hop attestation AS PROVENANCE — the agent
|
|
374
|
-
// (kind:process) handle, the agent-REPORTED model (never CW_AGENT_MODEL), the
|
|
375
|
-
// prompt digest, the secret-stripped args, and the result digest computed HERE
|
|
376
|
-
// from the accepted result.md. These live in the result node's metadata (covered
|
|
377
|
-
// by the v0.1.35 snapshot body) + a trust-audit event, NEVER in `evidence`.
|
|
378
|
-
// Track 1: verify the agent's signed telemetry BEFORE recording it. CW holds
|
|
379
|
-
// only the operator's PUBLIC key — it verifies attribution, never measures
|
|
380
|
-
// usage. Absent/invalid signature ⇒ `unattested`/`absent`, surfaced loudly,
|
|
381
|
-
// NEVER silently recorded as trusted.
|
|
382
|
-
const telemetry = options.agentDelegation
|
|
383
|
-
? (0, telemetry_attestation_1.verifyTelemetryAttestation)(options.agentDelegation.reportedUsage, options.agentDelegation.usageSignature, (0, telemetry_attestation_1.resolveTrustPublicKey)(options.agentDelegation.usageTrustPublicKey), { runId: run.id, taskId: task.id, promptDigest: options.agentDelegation.promptDigest })
|
|
384
|
-
: undefined;
|
|
385
|
-
// Track 1 fail-closed (Decision 2 — OPT-IN, off by default). When the operator
|
|
386
|
-
// requires attested telemetry, a delegated hop whose verdict is not `attested`
|
|
387
|
-
// is REJECTED here — BEFORE any accept-side state mutation — so the drive parks
|
|
388
|
-
// it instead of recording unverifiable usage. Default behavior is unchanged
|
|
389
|
-
// (flag-and-surface). Non-agent hops carry no verdict and are never blocked.
|
|
390
|
-
if (options.requireAttestedTelemetry && telemetry && telemetry.status !== "attested") {
|
|
391
|
-
const error = (0, helpers_1.structuredError)("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
|
|
392
|
-
recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
|
|
393
|
-
throw new Error(error.message);
|
|
394
|
-
}
|
|
395
|
-
const agentDelegation = options.agentDelegation
|
|
396
|
-
? {
|
|
397
|
-
schemaVersion: 1,
|
|
398
|
-
backendId: "agent",
|
|
399
|
-
handle: options.agentDelegation.handle,
|
|
400
|
-
model: options.agentDelegation.model,
|
|
401
|
-
promptDigest: options.agentDelegation.promptDigest,
|
|
402
|
-
resultDigest: (0, execution_backend_1.sha256)(rawResult),
|
|
403
|
-
command: options.agentDelegation.command,
|
|
404
|
-
args: options.agentDelegation.args,
|
|
405
|
-
exitCode: options.agentDelegation.exitCode,
|
|
406
|
-
...(options.agentDelegation.reportedUsage ? { reportedUsage: options.agentDelegation.reportedUsage } : {}),
|
|
407
|
-
...(options.agentDelegation.usageSignature ? { usageSignature: options.agentDelegation.usageSignature } : {}),
|
|
408
|
-
...(telemetry ? { usageAttestation: telemetry.status, usageAttestationReason: telemetry.reason } : {})
|
|
409
|
-
}
|
|
410
|
-
: undefined;
|
|
411
|
-
return { agentDelegation, telemetry };
|
|
412
|
-
}
|
|
413
|
-
/** Step 3 — recordStateNode/audit: the irreversible accept. Records the allowed
|
|
414
|
-
* path decision, copies the result into the run results dir, completes the task,
|
|
415
|
-
* builds + appends the result node, emits the accepted audit event, re-normalizes
|
|
416
|
-
* node evidence against both audit ids, and surfaces the empty-capture warning.
|
|
417
|
-
* Writes destination/pathAuditId/acceptedAuditId/resultNode back into `accept`. */
|
|
418
|
-
function acceptWorkerResult(accept, delegation) {
|
|
419
|
-
const { run, workerId, scope, task, absoluteResultPath, parsedResult } = accept;
|
|
420
|
-
const { agentDelegation } = delegation;
|
|
421
|
-
const pathAudit = (0, trust_audit_1.recordSandboxPathDecision)(run, {
|
|
422
|
-
workerId,
|
|
423
|
-
taskId: task.id,
|
|
424
|
-
sandboxProfileId: scope.sandboxProfileId,
|
|
425
|
-
policySnapshot: scope.sandboxPolicy,
|
|
426
|
-
target: absoluteResultPath,
|
|
427
|
-
decision: "allowed",
|
|
428
|
-
metadata: { operation: "worker-output-acceptance" }
|
|
429
|
-
});
|
|
430
|
-
const destination = node_path_1.default.join(run.paths.resultsDir, `${(0, state_1.safeFileName)(task.id)}.md`);
|
|
431
|
-
node_fs_1.default.mkdirSync(run.paths.resultsDir, { recursive: true });
|
|
432
|
-
node_fs_1.default.copyFileSync(absoluteResultPath, destination);
|
|
433
|
-
task.status = "completed";
|
|
434
|
-
task.completedAt = new Date().toISOString();
|
|
435
|
-
task.resultPath = destination;
|
|
436
|
-
task.loopStage = "observe";
|
|
437
|
-
task.result = parsedResult;
|
|
438
|
-
const evidence = (0, trust_audit_1.normalizeEvidence)(run, parsedResult.evidence.map((entry, index) => ({
|
|
439
|
-
id: `result:${index + 1}`,
|
|
440
|
-
source: "cw:result",
|
|
441
|
-
locator: entry,
|
|
442
|
-
summary: entry
|
|
443
|
-
})), { source: "cw-validated", workerId, taskId: task.id, auditEventIds: [pathAudit.id] });
|
|
444
|
-
const resultNode = (0, state_node_1.appendRunNode)(run, (0, state_node_1.createStateNode)({
|
|
445
|
-
id: `${run.id}:result:${task.id}`,
|
|
446
|
-
kind: "result",
|
|
447
|
-
status: "completed",
|
|
448
|
-
loopStage: "observe",
|
|
449
|
-
inputs: { taskId: task.id, dispatchId: task.dispatchId, workerId },
|
|
450
|
-
outputs: parsedResult,
|
|
451
|
-
artifacts: [
|
|
452
|
-
{ id: "result", kind: "markdown", path: destination },
|
|
453
|
-
{ id: "worker-result", kind: "markdown", path: absoluteResultPath }
|
|
454
|
-
],
|
|
455
|
-
evidence,
|
|
456
|
-
parents: task.dispatchId ? [`${run.id}:dispatch:${task.dispatchId}`] : [task.stateNodeId || `${run.id}:task:${task.id}`],
|
|
457
|
-
contractId: pipeline_contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
|
|
458
|
-
metadata: {
|
|
459
|
-
taskId: task.id,
|
|
460
|
-
workerId,
|
|
461
|
-
workerDir: scope.workerDir,
|
|
462
|
-
sandboxProfileId: scope.sandboxProfileId,
|
|
463
|
-
auditEventIds: [pathAudit.id],
|
|
464
|
-
// Empty-capture warning (v0.1.42): even after robust normalization the result
|
|
465
|
-
// yielded NO findings and NO evidence — surfaced, never silently passed.
|
|
466
|
-
...((0, result_normalize_1.isEmptyCapture)(parsedResult) ? { captureWarning: "no findings or evidence captured from result.md" } : {}),
|
|
467
|
-
// Folded into the snapshotted node body so v0.1.35 replay re-verifies the
|
|
468
|
-
// prompt/result/model digests WITHOUT re-spawning the agent. NOT evidence.
|
|
469
|
-
...(agentDelegation ? { agentDelegation } : {})
|
|
470
|
-
}
|
|
471
|
-
}));
|
|
472
|
-
const acceptedAudit = (0, trust_audit_1.recordTrustAuditEvent)(run, {
|
|
473
|
-
kind: "worker.output",
|
|
474
|
-
decision: "accepted",
|
|
475
|
-
source: "cw-validated",
|
|
476
|
-
workerId,
|
|
477
|
-
taskId: task.id,
|
|
478
|
-
nodeId: resultNode.id,
|
|
479
|
-
sandboxProfileId: scope.sandboxProfileId,
|
|
480
|
-
policySnapshot: scope.sandboxPolicy,
|
|
481
|
-
normalizedPath: absoluteResultPath,
|
|
482
|
-
evidence,
|
|
483
|
-
parentEventIds: [pathAudit.id],
|
|
484
|
-
metadata: { destination }
|
|
485
|
-
});
|
|
486
|
-
resultNode.evidence = (0, trust_audit_1.normalizeEvidence)(run, resultNode.evidence, {
|
|
487
|
-
source: "cw-validated",
|
|
488
|
-
workerId,
|
|
489
|
-
taskId: task.id,
|
|
490
|
-
resultNodeId: resultNode.id,
|
|
491
|
-
auditEventIds: [pathAudit.id, acceptedAudit.id]
|
|
492
|
-
});
|
|
493
|
-
(0, state_node_1.appendRunNode)(run, resultNode);
|
|
494
|
-
task.resultNodeId = resultNode.id;
|
|
495
|
-
// Warn (don't silently pass) when a worker's result captured no structured signal
|
|
496
|
-
// at all — the v0.1.41 self-audit's "accepted with evidenceCount:0" failure mode.
|
|
497
|
-
if ((0, result_normalize_1.isEmptyCapture)(parsedResult)) {
|
|
498
|
-
(0, trust_audit_1.recordTrustAuditEvent)(run, {
|
|
499
|
-
kind: "worker.capture-warning",
|
|
500
|
-
decision: "recorded",
|
|
501
|
-
source: "cw-validated",
|
|
502
|
-
workerId,
|
|
503
|
-
taskId: task.id,
|
|
504
|
-
nodeId: resultNode.id,
|
|
505
|
-
parentEventIds: [acceptedAudit.id],
|
|
506
|
-
metadata: { reason: "no findings or evidence captured from result.md", resultPath: destination }
|
|
507
|
-
});
|
|
508
|
-
}
|
|
509
|
-
accept.destination = destination;
|
|
510
|
-
accept.pathAuditId = pathAudit.id;
|
|
511
|
-
accept.acceptedAuditId = acceptedAudit.id;
|
|
512
|
-
accept.resultNode = resultNode;
|
|
513
|
-
}
|
|
514
|
-
/** Step 4 — recordTelemetryLedger: the agent-hop attestation. Binds the telemetry
|
|
515
|
-
* verdict into the append-only hash-chained ledger BEFORE the audit event (so the
|
|
516
|
-
* event can cross-link the record hash), then emits the worker.agent-delegation
|
|
517
|
-
* audit event. No-op for non-agent hops. */
|
|
518
|
-
function recordWorkerDelegationLedger(accept, delegation) {
|
|
519
|
-
const { agentDelegation } = delegation;
|
|
520
|
-
// The agent-hop attestation event — hung off worker.output, alongside
|
|
521
|
-
// worker.backend. Recorded in trust-audit/provenance, NEVER in node evidence.
|
|
522
|
-
if (!agentDelegation)
|
|
523
|
-
return;
|
|
524
|
-
const { run, workerId, scope, task, resultNode, acceptedAuditId } = accept;
|
|
525
|
-
// Track 1 (tamper-evidence): bind this verdict into the append-only,
|
|
526
|
-
// hash-chained telemetry ledger BEFORE the audit event, so the event can
|
|
527
|
-
// cross-link the record hash. Editing the recorded verdict/usage later breaks
|
|
528
|
-
// the chain (verifyTelemetryLedger). Only when a verdict was computed.
|
|
529
|
-
const ledgerRecord = agentDelegation.usageAttestation
|
|
530
|
-
? (0, telemetry_ledger_1.appendTelemetryAttestation)(run, {
|
|
531
|
-
workerId,
|
|
532
|
-
taskId: task.id,
|
|
533
|
-
promptDigest: agentDelegation.promptDigest,
|
|
534
|
-
reportedUsage: agentDelegation.reportedUsage,
|
|
535
|
-
usageSignature: agentDelegation.usageSignature,
|
|
536
|
-
attestation: agentDelegation.usageAttestation,
|
|
537
|
-
attestationReason: agentDelegation.usageAttestationReason
|
|
538
|
-
})
|
|
539
|
-
: undefined;
|
|
540
|
-
(0, trust_audit_1.recordTrustAuditEvent)(run, {
|
|
541
|
-
kind: "worker.agent-delegation",
|
|
542
|
-
decision: "recorded",
|
|
543
|
-
source: "host-attested",
|
|
544
|
-
workerId,
|
|
545
|
-
taskId: task.id,
|
|
546
|
-
nodeId: resultNode.id,
|
|
547
|
-
sandboxProfileId: scope.sandboxProfileId,
|
|
548
|
-
policySnapshot: scope.sandboxPolicy,
|
|
549
|
-
parentEventIds: [acceptedAuditId],
|
|
550
|
-
metadata: {
|
|
551
|
-
backendId: agentDelegation.backendId,
|
|
552
|
-
handleKind: agentDelegation.handle.kind,
|
|
553
|
-
handleRef: agentDelegation.handle.ref,
|
|
554
|
-
model: agentDelegation.model,
|
|
555
|
-
promptDigest: agentDelegation.promptDigest,
|
|
556
|
-
resultDigest: agentDelegation.resultDigest,
|
|
557
|
-
command: agentDelegation.command,
|
|
558
|
-
args: agentDelegation.args,
|
|
559
|
-
exitCode: agentDelegation.exitCode,
|
|
560
|
-
// Track 1: the telemetry verdict travels with the agent-hop event so the
|
|
561
|
-
// audit report can surface `unattested` usage loudly. Absent ⇒ no usage.
|
|
562
|
-
...(agentDelegation.usageAttestation
|
|
563
|
-
? {
|
|
564
|
-
telemetryAttestation: agentDelegation.usageAttestation,
|
|
565
|
-
...(agentDelegation.usageAttestationReason ? { telemetryAttestationReason: agentDelegation.usageAttestationReason } : {}),
|
|
566
|
-
...(agentDelegation.reportedUsage ? { reportedUsage: agentDelegation.reportedUsage } : {}),
|
|
567
|
-
// Cross-link to the hash-chained ledger entry (tamper-evidence).
|
|
568
|
-
...(ledgerRecord ? { telemetryRecordId: ledgerRecord.recordId, telemetryRecordHash: ledgerRecord.recordHash, telemetryPrevHash: ledgerRecord.prevHash } : {})
|
|
569
|
-
}
|
|
570
|
-
: {})
|
|
571
|
-
}
|
|
572
|
-
});
|
|
573
|
-
}
|
|
574
|
-
/** Step 5 — runVerify: drive the verify pipeline stage off the accepted result node
|
|
575
|
-
* and record the verifier node id on the task + accept context. */
|
|
576
|
-
function runWorkerVerify(accept) {
|
|
577
|
-
const { run, workerId, scope, task, parsedResult, destination, resultNode } = accept;
|
|
578
|
-
const verifierResult = (0, pipeline_runner_1.createPipelineRunner)({ persist: false }).runPipelineStage(run, "verify", resultNode.id, {
|
|
579
|
-
outputNodeId: `${run.id}:verifier:${task.id}`,
|
|
580
|
-
outputStatus: "verified",
|
|
581
|
-
loopStage: "adjust",
|
|
582
|
-
outputs: { accepted: true, workerId },
|
|
583
|
-
artifacts: [{ id: "result", kind: "markdown", path: destination }],
|
|
584
|
-
evidence: resultNode.evidence.length
|
|
585
|
-
? resultNode.evidence
|
|
586
|
-
: [{ id: "result:summary", source: "summary", summary: parsedResult.summary }],
|
|
587
|
-
metadata: { taskId: task.id, workerId, resultNodeId: resultNode.id, sandboxProfileId: scope.sandboxProfileId }
|
|
588
|
-
});
|
|
589
|
-
task.verifierNodeId = verifierResult.outputNodeId;
|
|
590
|
-
accept.verifierNodeId = verifierResult.outputNodeId;
|
|
591
|
-
// Carry the verify verdict for the scope-status transition in recordWorkerCompletion.
|
|
592
|
-
accept.verifierStatus = verifierResult.status;
|
|
593
|
-
}
|
|
594
|
-
/** Step 6 — recordStateNode (worker record): assemble the worker output record +
|
|
595
|
-
* host-attested usage record, then persist the worker scope with the verify-derived
|
|
596
|
-
* status, output digest/size, and (when present) usage. */
|
|
597
|
-
function recordWorkerCompletion(accept, delegation) {
|
|
598
|
-
const { run, workerId, scope, task, absoluteResultPath, rawResult, resultNode, verifierNodeId, verifierStatus, pathAuditId, acceptedAuditId } = accept;
|
|
599
|
-
const { agentDelegation, telemetry } = delegation;
|
|
600
|
-
const output = {
|
|
601
|
-
workerId,
|
|
602
|
-
taskId: task.id,
|
|
603
|
-
resultPath: absoluteResultPath,
|
|
604
|
-
recordedAt: new Date().toISOString(),
|
|
605
|
-
stateNodeId: resultNode.id,
|
|
606
|
-
verifierNodeId,
|
|
607
|
-
auditEventIds: [pathAuditId, acceptedAuditId]
|
|
608
|
-
};
|
|
609
|
-
// Host-attested usage rides on the worker record. Recorded when the agent
|
|
610
|
-
// REPORTED a model OR token usage — `unreported`/absent stays ABSENT (never
|
|
611
|
-
// backfilled from the operator-chosen CW_AGENT_MODEL, never synthesized).
|
|
612
|
-
// Track 1: the attestation verdict (`attested`/`unattested`/`absent`) and its
|
|
613
|
-
// reason ride along, and the token buckets come from the (verified-or-not)
|
|
614
|
-
// reported usage — CW still never measures them, it records + labels them.
|
|
615
|
-
const reportedModel = agentDelegation && agentDelegation.model && agentDelegation.model !== "unreported" ? agentDelegation.model : undefined;
|
|
616
|
-
const usageRecord = agentDelegation && (reportedModel || agentDelegation.reportedUsage)
|
|
617
|
-
? {
|
|
618
|
-
schemaVersion: 1,
|
|
619
|
-
source: "host-attested",
|
|
620
|
-
...(reportedModel ? { model: reportedModel } : {}),
|
|
621
|
-
...(0, telemetry_attestation_1.normalizeReportedUsage)(agentDelegation.reportedUsage),
|
|
622
|
-
attestedAt: new Date().toISOString(),
|
|
623
|
-
...(telemetry ? { attestation: telemetry.status, ...(telemetry.reason ? { attestationReason: telemetry.reason } : {}) } : {}),
|
|
624
|
-
note: "agent-delegation host-attested usage"
|
|
625
|
-
}
|
|
626
|
-
: undefined;
|
|
627
|
-
updateWorkerScope(run, {
|
|
628
|
-
...scope,
|
|
629
|
-
updatedAt: new Date().toISOString(),
|
|
630
|
-
status: verifierStatus === "advanced" ? "verified" : "completed",
|
|
631
|
-
resultNodeId: resultNode.id,
|
|
632
|
-
output,
|
|
633
|
-
// Output integrity (v0.1.63): SHA256 digest + file size
|
|
634
|
-
outputDigest: (0, execution_backend_1.sha256)(rawResult),
|
|
635
|
-
outputSizeBytes: Buffer.byteLength(rawResult, "utf8"),
|
|
636
|
-
...(usageRecord ? { usage: usageRecord } : {})
|
|
637
|
-
});
|
|
638
|
-
accept.output = output;
|
|
639
|
-
}
|
|
640
|
-
/** Step 7 — fanOut: publish the accepted output to the blackboard and record the
|
|
641
|
-
* multi-agent worker output (linking the blackboard message/artifact refs). */
|
|
642
|
-
function fanOutWorkerOutput(accept) {
|
|
643
|
-
const { run, workerId, scope, task, absoluteResultPath, parsedResult, destination, resultNode, verifierNodeId, acceptedAuditId } = accept;
|
|
644
|
-
const blackboardLinks = publishWorkerOutputToBlackboard(run, scope, task, parsedResult.summary, destination, absoluteResultPath, resultNode.evidence, acceptedAuditId);
|
|
645
|
-
(0, multi_agent_1.recordMultiAgentWorkerOutput)(run, {
|
|
646
|
-
workerId,
|
|
647
|
-
taskId: task.id,
|
|
648
|
-
resultNodeId: resultNode.id,
|
|
649
|
-
verifierNodeId,
|
|
650
|
-
evidence: resultNode.evidence,
|
|
651
|
-
artifactPaths: [destination, absoluteResultPath],
|
|
652
|
-
blackboardMessageIds: blackboardLinks.messageIds,
|
|
653
|
-
blackboardArtifactRefIds: blackboardLinks.artifactRefIds
|
|
654
|
-
});
|
|
655
|
-
}
|
|
656
304
|
function recordWorkerFailure(run, workerId, error, options = {}) {
|
|
657
305
|
const scope = requireWorkerScope(run, workerId);
|
|
658
306
|
const task = requireWorkerTask(run, scope);
|
|
@@ -938,7 +586,7 @@ function sandboxPolicyForBoundary(run, scope, options = {}) {
|
|
|
938
586
|
});
|
|
939
587
|
}
|
|
940
588
|
function blackboardManifest(run, scope) {
|
|
941
|
-
const linkage = blackboardLinkage(run, scope);
|
|
589
|
+
const linkage = (0, blackboard_linkage_1.blackboardLinkage)(run, scope);
|
|
942
590
|
if (!linkage.blackboardId)
|
|
943
591
|
return undefined;
|
|
944
592
|
const root = run.paths.blackboardDir || node_path_1.default.join(run.paths.runDir, "blackboard");
|
|
@@ -958,79 +606,6 @@ function blackboardManifest(run, scope) {
|
|
|
958
606
|
]
|
|
959
607
|
};
|
|
960
608
|
}
|
|
961
|
-
function publishWorkerOutputToBlackboard(run, scope, task, summary, destination, workerResultPath, evidence, acceptedAuditId) {
|
|
962
|
-
const linkage = blackboardLinkage(run, scope);
|
|
963
|
-
if (!linkage.blackboardId || !linkage.topicIds.length)
|
|
964
|
-
return { messageIds: [], artifactRefIds: [] };
|
|
965
|
-
const topicId = linkage.topicIds[0];
|
|
966
|
-
const artifactRefs = [
|
|
967
|
-
(0, coordinator_1.addBlackboardArtifact)(run, {
|
|
968
|
-
topicId,
|
|
969
|
-
blackboardId: linkage.blackboardId,
|
|
970
|
-
kind: "worker-result",
|
|
971
|
-
path: destination,
|
|
972
|
-
owner: { kind: "worker", id: scope.id },
|
|
973
|
-
author: { kind: "runtime", id: "cw" },
|
|
974
|
-
source: "cw-validated-worker-output",
|
|
975
|
-
provenance: {
|
|
976
|
-
workerId: scope.id,
|
|
977
|
-
taskId: task.id,
|
|
978
|
-
multiAgentRunId: scope.multiAgent?.runId,
|
|
979
|
-
agentGroupId: scope.multiAgent?.groupId,
|
|
980
|
-
agentRoleId: scope.multiAgent?.roleId,
|
|
981
|
-
agentMembershipId: scope.multiAgent?.membershipId,
|
|
982
|
-
auditEventIds: [acceptedAuditId]
|
|
983
|
-
},
|
|
984
|
-
evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
|
|
985
|
-
auditEventIds: [acceptedAuditId],
|
|
986
|
-
metadata: { workerResultPath }
|
|
987
|
-
})
|
|
988
|
-
];
|
|
989
|
-
const message = (0, coordinator_1.postBlackboardMessage)(run, {
|
|
990
|
-
topicId,
|
|
991
|
-
blackboardId: linkage.blackboardId,
|
|
992
|
-
body: summary,
|
|
993
|
-
author: { kind: "worker", id: scope.id },
|
|
994
|
-
scope: { kind: "worker", id: scope.id },
|
|
995
|
-
artifactRefIds: artifactRefs.map((artifact) => artifact.id),
|
|
996
|
-
evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
|
|
997
|
-
auditEventIds: [acceptedAuditId],
|
|
998
|
-
links: {
|
|
999
|
-
multiAgentRunId: scope.multiAgent?.runId,
|
|
1000
|
-
agentGroupId: scope.multiAgent?.groupId,
|
|
1001
|
-
agentRoleId: scope.multiAgent?.roleId,
|
|
1002
|
-
agentMembershipId: scope.multiAgent?.membershipId,
|
|
1003
|
-
agentFanoutId: scope.multiAgent?.fanoutId,
|
|
1004
|
-
taskId: task.id,
|
|
1005
|
-
workerId: scope.id,
|
|
1006
|
-
auditEventIds: [acceptedAuditId]
|
|
1007
|
-
},
|
|
1008
|
-
metadata: {
|
|
1009
|
-
taskId: task.id,
|
|
1010
|
-
resultPath: destination,
|
|
1011
|
-
multiAgent: scope.multiAgent
|
|
1012
|
-
}
|
|
1013
|
-
});
|
|
1014
|
-
return {
|
|
1015
|
-
messageIds: [message.id],
|
|
1016
|
-
artifactRefIds: artifactRefs.map((artifact) => artifact.id)
|
|
1017
|
-
};
|
|
1018
|
-
}
|
|
1019
|
-
function blackboardLinkage(run, scope) {
|
|
1020
|
-
const membershipId = scope.multiAgent?.membershipId;
|
|
1021
|
-
const membership = membershipId ? run.multiAgent?.memberships.find((entry) => entry.id === membershipId) : undefined;
|
|
1022
|
-
const group = scope.multiAgent?.groupId ? run.multiAgent?.groups.find((entry) => entry.id === scope.multiAgent?.groupId) : undefined;
|
|
1023
|
-
const role = scope.multiAgent?.roleId ? run.multiAgent?.roles.find((entry) => entry.id === scope.multiAgent?.roleId) : undefined;
|
|
1024
|
-
const multiAgentRun = scope.multiAgent?.runId ? run.multiAgent?.runs.find((entry) => entry.id === scope.multiAgent?.runId) : undefined;
|
|
1025
|
-
const blackboardId = membership?.blackboardId || group?.blackboardId || role?.blackboardId || multiAgentRun?.blackboardId;
|
|
1026
|
-
const topicIds = (0, helpers_1.unique)([
|
|
1027
|
-
...(membership?.topicIds || []),
|
|
1028
|
-
...(group?.topicIds || []),
|
|
1029
|
-
...(role?.topicIds || []),
|
|
1030
|
-
...(multiAgentRun?.topicIds || [])
|
|
1031
|
-
]);
|
|
1032
|
-
return { blackboardId, topicIds };
|
|
1033
|
-
}
|
|
1034
609
|
function normalizeWorkerError(error, scope, options) {
|
|
1035
610
|
if ((0, helpers_1.isBoundaryViolation)(error)) {
|
|
1036
611
|
return (0, helpers_1.structuredError)(error.code, error.message, {
|
|
@@ -266,3 +266,7 @@ _No behavioral change in v0.1.82 (drive/quickstart work out the run repo via an
|
|
|
266
266
|
## Hardening and Onboarding (v0.1.83)
|
|
267
267
|
|
|
268
268
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
269
|
+
|
|
270
|
+
## Privacy Release (v0.1.84)
|
|
271
|
+
|
|
272
|
+
No other change to this page in v0.1.84.
|
package/docs/cli-mcp-parity.7.md
CHANGED
|
@@ -462,3 +462,7 @@ _No changes in v0.1.82._
|
|
|
462
462
|
## Hardening and Onboarding (v0.1.83)
|
|
463
463
|
|
|
464
464
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
465
|
+
|
|
466
|
+
## Privacy Release (v0.1.84)
|
|
467
|
+
|
|
468
|
+
No other change to this page in v0.1.84.
|
|
@@ -137,3 +137,7 @@ _No changes in v0.1.82._
|
|
|
137
137
|
## Hardening and Onboarding (v0.1.83)
|
|
138
138
|
|
|
139
139
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
140
|
+
|
|
141
|
+
## Privacy Release (v0.1.84)
|
|
142
|
+
|
|
143
|
+
No other change to this page in v0.1.84.
|
|
@@ -121,3 +121,7 @@ _No change in behavior in v0.1.82 (schedule/run ids are now deterministic-but-un
|
|
|
121
121
|
## Hardening and Onboarding (v0.1.83)
|
|
122
122
|
|
|
123
123
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
124
|
+
|
|
125
|
+
## Privacy Release (v0.1.84)
|
|
126
|
+
|
|
127
|
+
No other change to this page in v0.1.84.
|
|
@@ -120,3 +120,7 @@ _No changes in v0.1.82._
|
|
|
120
120
|
## Hardening and Onboarding (v0.1.83)
|
|
121
121
|
|
|
122
122
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
123
|
+
|
|
124
|
+
## Privacy Release (v0.1.84)
|
|
125
|
+
|
|
126
|
+
No other change to this page in v0.1.84.
|
|
@@ -281,3 +281,7 @@ _No changes in v0.1.82._
|
|
|
281
281
|
## Hardening and Onboarding (v0.1.83)
|
|
282
282
|
|
|
283
283
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
284
|
+
|
|
285
|
+
## Privacy Release (v0.1.84)
|
|
286
|
+
|
|
287
|
+
No other change to this page in v0.1.84.
|
|
@@ -311,3 +311,7 @@ _No behavioral change in v0.1.82 (the delegated child programs moved from inline
|
|
|
311
311
|
## Hardening and Onboarding (v0.1.83)
|
|
312
312
|
|
|
313
313
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
314
|
+
|
|
315
|
+
## Privacy Release (v0.1.84)
|
|
316
|
+
|
|
317
|
+
No other change to this page in v0.1.84.
|
|
@@ -279,3 +279,7 @@ _No changes in v0.1.82._
|
|
|
279
279
|
## Hardening and Onboarding (v0.1.83)
|
|
280
280
|
|
|
281
281
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
282
|
+
|
|
283
|
+
## Privacy Release (v0.1.84)
|
|
284
|
+
|
|
285
|
+
No other change to this page in v0.1.84.
|
|
@@ -313,3 +313,7 @@ _v0.1.82 — replay now RE-DERIVES the projection from the raw captured state in
|
|
|
313
313
|
## Hardening and Onboarding (v0.1.83)
|
|
314
314
|
|
|
315
315
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
316
|
+
|
|
317
|
+
## Privacy Release (v0.1.84)
|
|
318
|
+
|
|
319
|
+
No other change to this page in v0.1.84.
|
|
@@ -325,3 +325,7 @@ _No changes in v0.1.82._
|
|
|
325
325
|
## Hardening and Onboarding (v0.1.83)
|
|
326
326
|
|
|
327
327
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
328
|
+
|
|
329
|
+
## Privacy Release (v0.1.84)
|
|
330
|
+
|
|
331
|
+
No other change to this page in v0.1.84.
|
|
@@ -146,3 +146,7 @@ _No change in behavior in v0.1.82 (the node projection field set was brought tog
|
|
|
146
146
|
## Hardening and Onboarding (v0.1.83)
|
|
147
147
|
|
|
148
148
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
149
|
+
|
|
150
|
+
## Privacy Release (v0.1.84)
|
|
151
|
+
|
|
152
|
+
No other change to this page in v0.1.84.
|
|
@@ -205,3 +205,7 @@ _No changes in v0.1.82._
|
|
|
205
205
|
## Hardening and Onboarding (v0.1.83)
|
|
206
206
|
|
|
207
207
|
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
208
|
+
|
|
209
|
+
## Privacy Release (v0.1.84)
|
|
210
|
+
|
|
211
|
+
No other change to this page in v0.1.84.
|