cool-workflow 0.1.83 → 0.1.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +6 -0
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/capability-core.js +89 -2
  11. package/dist/capability-registry.js +269 -2
  12. package/dist/cli/command-surface.js +1362 -0
  13. package/dist/cli.js +2 -1318
  14. package/dist/mcp-server.js +5 -1452
  15. package/dist/mcp-surface.js +1467 -0
  16. package/dist/run-export.js +139 -1
  17. package/dist/telemetry-demo.js +119 -0
  18. package/dist/types/report-bundle.js +6 -0
  19. package/dist/types.js +1 -0
  20. package/dist/version.js +1 -1
  21. package/dist/worker-accept/acceptance.js +114 -0
  22. package/dist/worker-accept/blackboard-fanout.js +80 -0
  23. package/dist/worker-accept/blackboard-linkage.js +19 -0
  24. package/dist/worker-accept/context.js +2 -0
  25. package/dist/worker-accept/telemetry-ledger.js +116 -0
  26. package/dist/worker-accept/validation.js +77 -0
  27. package/dist/worker-accept/verifier-completion.js +73 -0
  28. package/dist/worker-isolation.js +19 -444
  29. package/docs/agent-delegation-drive.7.md +6 -0
  30. package/docs/cli-mcp-parity.7.md +13 -3
  31. package/docs/contract-migration-tooling.7.md +6 -0
  32. package/docs/control-plane-scheduling.7.md +6 -0
  33. package/docs/durable-state-and-locking.7.md +6 -0
  34. package/docs/evidence-adoption-reasoning-chain.7.md +6 -0
  35. package/docs/execution-backends.7.md +6 -0
  36. package/docs/index.md +1 -0
  37. package/docs/multi-agent-cli-mcp-surface.7.md +6 -0
  38. package/docs/multi-agent-eval-replay-harness.7.md +6 -0
  39. package/docs/multi-agent-operator-ux.7.md +6 -0
  40. package/docs/node-snapshot-diff-replay.7.md +6 -0
  41. package/docs/observability-cost-accounting.7.md +6 -0
  42. package/docs/project-index.md +17 -6
  43. package/docs/real-execution-backends.7.md +6 -0
  44. package/docs/release-and-migration.7.md +6 -0
  45. package/docs/release-tooling.7.md +16 -1
  46. package/docs/report-verifiable-bundle.7.md +123 -0
  47. package/docs/run-registry-control-plane.7.md +6 -0
  48. package/docs/run-retention-reclamation.7.md +6 -0
  49. package/docs/state-explosion-management.7.md +6 -0
  50. package/docs/team-collaboration.7.md +6 -0
  51. package/docs/web-desktop-workbench.7.md +6 -0
  52. package/manifest/plugin.manifest.json +1 -1
  53. package/package.json +1 -1
  54. package/scripts/bump-version.js +9 -1
  55. package/scripts/canonical-apps.js +4 -4
  56. package/scripts/dogfood-release.js +1 -1
  57. package/scripts/golden-path.js +4 -4
  58. package/scripts/parity-check.js +27 -57
  59. package/scripts/release-flow.js +7 -6
  60. package/scripts/sync-project-index.js +1 -1
@@ -21,20 +21,18 @@ const state_1 = require("./state");
21
21
  const pipeline_contract_1 = require("./pipeline-contract");
22
22
  const error_feedback_1 = require("./error-feedback");
23
23
  const state_node_1 = require("./state-node");
24
- const pipeline_runner_1 = require("./pipeline-runner");
25
- const verifier_1 = require("./verifier");
26
- const evidence_grounding_1 = require("./evidence-grounding");
27
- const result_normalize_1 = require("./result-normalize");
28
24
  const sandbox_profile_1 = require("./sandbox-profile");
29
25
  const execution_backend_1 = require("./execution-backend");
30
26
  const trust_audit_1 = require("./trust-audit");
31
- const multi_agent_1 = require("./multi-agent");
32
- const telemetry_attestation_1 = require("./telemetry-attestation");
33
- const telemetry_ledger_1 = require("./telemetry-ledger");
34
- const coordinator_1 = require("./coordinator");
35
27
  const helpers_1 = require("./worker-isolation/helpers");
36
28
  const paths_1 = require("./worker-isolation/paths");
37
29
  const validation_1 = require("./validation");
30
+ const acceptance_1 = require("./worker-accept/acceptance");
31
+ const blackboard_linkage_1 = require("./worker-accept/blackboard-linkage");
32
+ const blackboard_fanout_1 = require("./worker-accept/blackboard-fanout");
33
+ const telemetry_ledger_1 = require("./worker-accept/telemetry-ledger");
34
+ const validation_2 = require("./worker-accept/validation");
35
+ const verifier_completion_1 = require("./worker-accept/verifier-completion");
38
36
  exports.WORKER_ISOLATION_SCHEMA_VERSION = 1;
39
37
  function allocateWorkerScope(run, task, options = {}) {
40
38
  ensureWorkerState(run);
@@ -287,372 +285,22 @@ function recordWorkerOutput(run, workerId, resultPath, options = {}) {
287
285
  // steps are load-bearing (replay determinism + the hash-chained audit/telemetry
288
286
  // ledgers cross-link by parent event ids), so each helper runs exactly where it
289
287
  // did before and mutates the shared `accept` context in place. Do NOT reorder.
290
- const accept = validateWorkerResult(run, workerId, resultPath, options);
291
- const delegation = attestWorkerDelegation(accept);
292
- acceptWorkerResult(accept, delegation);
293
- recordWorkerDelegationLedger(accept, delegation);
294
- runWorkerVerify(accept);
295
- recordWorkerCompletion(accept, delegation);
296
- fanOutWorkerOutput(accept);
288
+ const accept = (0, validation_2.validateWorkerResult)(run, workerId, resultPath, options, {
289
+ requireWorkerScope,
290
+ requireWorkerTask,
291
+ validateWorkerBoundary,
292
+ recordWorkerFailure
293
+ });
294
+ const delegation = (0, telemetry_ledger_1.attestWorkerDelegation)(accept, { recordWorkerFailure });
295
+ (0, acceptance_1.acceptWorkerResult)(accept, delegation);
296
+ (0, telemetry_ledger_1.recordWorkerDelegationLedger)(accept, delegation);
297
+ (0, verifier_completion_1.runWorkerVerify)(accept);
298
+ (0, verifier_completion_1.recordWorkerCompletion)(accept, delegation, { updateWorkerScope });
299
+ (0, blackboard_fanout_1.fanOutWorkerOutput)(accept);
297
300
  if (options.persist !== false)
298
301
  (0, state_1.saveCheckpoint)(run);
299
302
  return accept.output;
300
303
  }
301
- /** Step 1 — validateResult: resolve scope/task, enforce the sandbox boundary, the
302
- * result-file existence, the envelope contract, and (opt-in) resolvable evidence.
303
- * Fail-closed: any guard records a worker failure and throws BEFORE accept-side
304
- * state mutation. Returns the partially-filled accept context on success. */
305
- function validateWorkerResult(run, workerId, resultPath, options) {
306
- const scope = requireWorkerScope(run, workerId);
307
- const task = requireWorkerTask(run, scope);
308
- const absoluteResultPath = node_path_1.default.resolve(resultPath);
309
- const violation = validateWorkerBoundary(run, workerId, { ...options, policy: options.policy, path: absoluteResultPath });
310
- if (violation) {
311
- (0, trust_audit_1.recordSandboxPathDecision)(run, {
312
- workerId,
313
- taskId: task.id,
314
- sandboxProfileId: scope.sandboxProfileId,
315
- policySnapshot: scope.sandboxPolicy,
316
- target: absoluteResultPath,
317
- decision: "denied",
318
- metadata: { code: violation.code, allowedPaths: violation.allowedPaths }
319
- });
320
- recordWorkerFailure(run, workerId, violation, { ...options, path: absoluteResultPath, code: violation.code, retryable: false });
321
- throw new Error(violation.message);
322
- }
323
- if (!node_fs_1.default.existsSync(absoluteResultPath)) {
324
- const error = (0, helpers_1.structuredError)("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
325
- path: absoluteResultPath,
326
- retryable: true
327
- });
328
- recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
329
- throw new Error(error.message);
330
- }
331
- const rawResult = node_fs_1.default.readFileSync(absoluteResultPath, "utf8");
332
- const parsedResult = (0, verifier_1.parseResultEnvelope)(rawResult);
333
- (0, verifier_1.validateResultEnvelope)(task, parsedResult);
334
- // Strict evidence resolution (v0.1.40 self-audit P1, opt-in via
335
- // CW_REQUIRE_RESOLVABLE_EVIDENCE): fail closed if the result cites file-style
336
- // evidence that does not resolve on disk, so a worker cannot land a result
337
- // whose evidence locators point nowhere. Off by default — the default gate is
338
- // the deterministic grounding check in validateResultEnvelope.
339
- if ((0, evidence_grounding_1.requireResolvableEvidence)()) {
340
- const baseDirs = Array.from(new Set([run.cwd, process.cwd(), scope.workerDir, run.paths.runDir].filter(Boolean)));
341
- const unresolved = (0, evidence_grounding_1.unresolvedFileEvidence)(parsedResult.evidence, baseDirs);
342
- if (unresolved.length) {
343
- const error = (0, helpers_1.structuredError)("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
344
- recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
345
- throw new Error(error.message);
346
- }
347
- }
348
- return {
349
- run,
350
- workerId,
351
- options,
352
- scope,
353
- task,
354
- absoluteResultPath,
355
- rawResult,
356
- parsedResult,
357
- destination: "",
358
- pathAuditId: "",
359
- acceptedAuditId: "",
360
- resultNode: undefined,
361
- verifierNodeId: "",
362
- verifierStatus: "",
363
- output: undefined
364
- };
365
- }
366
- /** Step 2 — attestSandbox/attestDelegation: verify the agent's signed telemetry
367
- * BEFORE recording it, enforce the opt-in require-attested-telemetry gate (still
368
- * fail-closed, pre-mutation), and build the agent-hop provenance. Non-agent hops
369
- * return an empty delegation. */
370
- function attestWorkerDelegation(accept) {
371
- const { run, workerId, options, task, absoluteResultPath, rawResult } = accept;
372
- // Agent Delegation Drive (v0.1.38): if this worker's result.md was produced by an
373
- // EXTERNAL agent, record the agent-hop attestation AS PROVENANCE — the agent
374
- // (kind:process) handle, the agent-REPORTED model (never CW_AGENT_MODEL), the
375
- // prompt digest, the secret-stripped args, and the result digest computed HERE
376
- // from the accepted result.md. These live in the result node's metadata (covered
377
- // by the v0.1.35 snapshot body) + a trust-audit event, NEVER in `evidence`.
378
- // Track 1: verify the agent's signed telemetry BEFORE recording it. CW holds
379
- // only the operator's PUBLIC key — it verifies attribution, never measures
380
- // usage. Absent/invalid signature ⇒ `unattested`/`absent`, surfaced loudly,
381
- // NEVER silently recorded as trusted.
382
- const telemetry = options.agentDelegation
383
- ? (0, telemetry_attestation_1.verifyTelemetryAttestation)(options.agentDelegation.reportedUsage, options.agentDelegation.usageSignature, (0, telemetry_attestation_1.resolveTrustPublicKey)(options.agentDelegation.usageTrustPublicKey), { runId: run.id, taskId: task.id, promptDigest: options.agentDelegation.promptDigest })
384
- : undefined;
385
- // Track 1 fail-closed (Decision 2 — OPT-IN, off by default). When the operator
386
- // requires attested telemetry, a delegated hop whose verdict is not `attested`
387
- // is REJECTED here — BEFORE any accept-side state mutation — so the drive parks
388
- // it instead of recording unverifiable usage. Default behavior is unchanged
389
- // (flag-and-surface). Non-agent hops carry no verdict and are never blocked.
390
- if (options.requireAttestedTelemetry && telemetry && telemetry.status !== "attested") {
391
- const error = (0, helpers_1.structuredError)("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
392
- recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
393
- throw new Error(error.message);
394
- }
395
- const agentDelegation = options.agentDelegation
396
- ? {
397
- schemaVersion: 1,
398
- backendId: "agent",
399
- handle: options.agentDelegation.handle,
400
- model: options.agentDelegation.model,
401
- promptDigest: options.agentDelegation.promptDigest,
402
- resultDigest: (0, execution_backend_1.sha256)(rawResult),
403
- command: options.agentDelegation.command,
404
- args: options.agentDelegation.args,
405
- exitCode: options.agentDelegation.exitCode,
406
- ...(options.agentDelegation.reportedUsage ? { reportedUsage: options.agentDelegation.reportedUsage } : {}),
407
- ...(options.agentDelegation.usageSignature ? { usageSignature: options.agentDelegation.usageSignature } : {}),
408
- ...(telemetry ? { usageAttestation: telemetry.status, usageAttestationReason: telemetry.reason } : {})
409
- }
410
- : undefined;
411
- return { agentDelegation, telemetry };
412
- }
413
- /** Step 3 — recordStateNode/audit: the irreversible accept. Records the allowed
414
- * path decision, copies the result into the run results dir, completes the task,
415
- * builds + appends the result node, emits the accepted audit event, re-normalizes
416
- * node evidence against both audit ids, and surfaces the empty-capture warning.
417
- * Writes destination/pathAuditId/acceptedAuditId/resultNode back into `accept`. */
418
- function acceptWorkerResult(accept, delegation) {
419
- const { run, workerId, scope, task, absoluteResultPath, parsedResult } = accept;
420
- const { agentDelegation } = delegation;
421
- const pathAudit = (0, trust_audit_1.recordSandboxPathDecision)(run, {
422
- workerId,
423
- taskId: task.id,
424
- sandboxProfileId: scope.sandboxProfileId,
425
- policySnapshot: scope.sandboxPolicy,
426
- target: absoluteResultPath,
427
- decision: "allowed",
428
- metadata: { operation: "worker-output-acceptance" }
429
- });
430
- const destination = node_path_1.default.join(run.paths.resultsDir, `${(0, state_1.safeFileName)(task.id)}.md`);
431
- node_fs_1.default.mkdirSync(run.paths.resultsDir, { recursive: true });
432
- node_fs_1.default.copyFileSync(absoluteResultPath, destination);
433
- task.status = "completed";
434
- task.completedAt = new Date().toISOString();
435
- task.resultPath = destination;
436
- task.loopStage = "observe";
437
- task.result = parsedResult;
438
- const evidence = (0, trust_audit_1.normalizeEvidence)(run, parsedResult.evidence.map((entry, index) => ({
439
- id: `result:${index + 1}`,
440
- source: "cw:result",
441
- locator: entry,
442
- summary: entry
443
- })), { source: "cw-validated", workerId, taskId: task.id, auditEventIds: [pathAudit.id] });
444
- const resultNode = (0, state_node_1.appendRunNode)(run, (0, state_node_1.createStateNode)({
445
- id: `${run.id}:result:${task.id}`,
446
- kind: "result",
447
- status: "completed",
448
- loopStage: "observe",
449
- inputs: { taskId: task.id, dispatchId: task.dispatchId, workerId },
450
- outputs: parsedResult,
451
- artifacts: [
452
- { id: "result", kind: "markdown", path: destination },
453
- { id: "worker-result", kind: "markdown", path: absoluteResultPath }
454
- ],
455
- evidence,
456
- parents: task.dispatchId ? [`${run.id}:dispatch:${task.dispatchId}`] : [task.stateNodeId || `${run.id}:task:${task.id}`],
457
- contractId: pipeline_contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
458
- metadata: {
459
- taskId: task.id,
460
- workerId,
461
- workerDir: scope.workerDir,
462
- sandboxProfileId: scope.sandboxProfileId,
463
- auditEventIds: [pathAudit.id],
464
- // Empty-capture warning (v0.1.42): even after robust normalization the result
465
- // yielded NO findings and NO evidence — surfaced, never silently passed.
466
- ...((0, result_normalize_1.isEmptyCapture)(parsedResult) ? { captureWarning: "no findings or evidence captured from result.md" } : {}),
467
- // Folded into the snapshotted node body so v0.1.35 replay re-verifies the
468
- // prompt/result/model digests WITHOUT re-spawning the agent. NOT evidence.
469
- ...(agentDelegation ? { agentDelegation } : {})
470
- }
471
- }));
472
- const acceptedAudit = (0, trust_audit_1.recordTrustAuditEvent)(run, {
473
- kind: "worker.output",
474
- decision: "accepted",
475
- source: "cw-validated",
476
- workerId,
477
- taskId: task.id,
478
- nodeId: resultNode.id,
479
- sandboxProfileId: scope.sandboxProfileId,
480
- policySnapshot: scope.sandboxPolicy,
481
- normalizedPath: absoluteResultPath,
482
- evidence,
483
- parentEventIds: [pathAudit.id],
484
- metadata: { destination }
485
- });
486
- resultNode.evidence = (0, trust_audit_1.normalizeEvidence)(run, resultNode.evidence, {
487
- source: "cw-validated",
488
- workerId,
489
- taskId: task.id,
490
- resultNodeId: resultNode.id,
491
- auditEventIds: [pathAudit.id, acceptedAudit.id]
492
- });
493
- (0, state_node_1.appendRunNode)(run, resultNode);
494
- task.resultNodeId = resultNode.id;
495
- // Warn (don't silently pass) when a worker's result captured no structured signal
496
- // at all — the v0.1.41 self-audit's "accepted with evidenceCount:0" failure mode.
497
- if ((0, result_normalize_1.isEmptyCapture)(parsedResult)) {
498
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
499
- kind: "worker.capture-warning",
500
- decision: "recorded",
501
- source: "cw-validated",
502
- workerId,
503
- taskId: task.id,
504
- nodeId: resultNode.id,
505
- parentEventIds: [acceptedAudit.id],
506
- metadata: { reason: "no findings or evidence captured from result.md", resultPath: destination }
507
- });
508
- }
509
- accept.destination = destination;
510
- accept.pathAuditId = pathAudit.id;
511
- accept.acceptedAuditId = acceptedAudit.id;
512
- accept.resultNode = resultNode;
513
- }
514
- /** Step 4 — recordTelemetryLedger: the agent-hop attestation. Binds the telemetry
515
- * verdict into the append-only hash-chained ledger BEFORE the audit event (so the
516
- * event can cross-link the record hash), then emits the worker.agent-delegation
517
- * audit event. No-op for non-agent hops. */
518
- function recordWorkerDelegationLedger(accept, delegation) {
519
- const { agentDelegation } = delegation;
520
- // The agent-hop attestation event — hung off worker.output, alongside
521
- // worker.backend. Recorded in trust-audit/provenance, NEVER in node evidence.
522
- if (!agentDelegation)
523
- return;
524
- const { run, workerId, scope, task, resultNode, acceptedAuditId } = accept;
525
- // Track 1 (tamper-evidence): bind this verdict into the append-only,
526
- // hash-chained telemetry ledger BEFORE the audit event, so the event can
527
- // cross-link the record hash. Editing the recorded verdict/usage later breaks
528
- // the chain (verifyTelemetryLedger). Only when a verdict was computed.
529
- const ledgerRecord = agentDelegation.usageAttestation
530
- ? (0, telemetry_ledger_1.appendTelemetryAttestation)(run, {
531
- workerId,
532
- taskId: task.id,
533
- promptDigest: agentDelegation.promptDigest,
534
- reportedUsage: agentDelegation.reportedUsage,
535
- usageSignature: agentDelegation.usageSignature,
536
- attestation: agentDelegation.usageAttestation,
537
- attestationReason: agentDelegation.usageAttestationReason
538
- })
539
- : undefined;
540
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
541
- kind: "worker.agent-delegation",
542
- decision: "recorded",
543
- source: "host-attested",
544
- workerId,
545
- taskId: task.id,
546
- nodeId: resultNode.id,
547
- sandboxProfileId: scope.sandboxProfileId,
548
- policySnapshot: scope.sandboxPolicy,
549
- parentEventIds: [acceptedAuditId],
550
- metadata: {
551
- backendId: agentDelegation.backendId,
552
- handleKind: agentDelegation.handle.kind,
553
- handleRef: agentDelegation.handle.ref,
554
- model: agentDelegation.model,
555
- promptDigest: agentDelegation.promptDigest,
556
- resultDigest: agentDelegation.resultDigest,
557
- command: agentDelegation.command,
558
- args: agentDelegation.args,
559
- exitCode: agentDelegation.exitCode,
560
- // Track 1: the telemetry verdict travels with the agent-hop event so the
561
- // audit report can surface `unattested` usage loudly. Absent ⇒ no usage.
562
- ...(agentDelegation.usageAttestation
563
- ? {
564
- telemetryAttestation: agentDelegation.usageAttestation,
565
- ...(agentDelegation.usageAttestationReason ? { telemetryAttestationReason: agentDelegation.usageAttestationReason } : {}),
566
- ...(agentDelegation.reportedUsage ? { reportedUsage: agentDelegation.reportedUsage } : {}),
567
- // Cross-link to the hash-chained ledger entry (tamper-evidence).
568
- ...(ledgerRecord ? { telemetryRecordId: ledgerRecord.recordId, telemetryRecordHash: ledgerRecord.recordHash, telemetryPrevHash: ledgerRecord.prevHash } : {})
569
- }
570
- : {})
571
- }
572
- });
573
- }
574
- /** Step 5 — runVerify: drive the verify pipeline stage off the accepted result node
575
- * and record the verifier node id on the task + accept context. */
576
- function runWorkerVerify(accept) {
577
- const { run, workerId, scope, task, parsedResult, destination, resultNode } = accept;
578
- const verifierResult = (0, pipeline_runner_1.createPipelineRunner)({ persist: false }).runPipelineStage(run, "verify", resultNode.id, {
579
- outputNodeId: `${run.id}:verifier:${task.id}`,
580
- outputStatus: "verified",
581
- loopStage: "adjust",
582
- outputs: { accepted: true, workerId },
583
- artifacts: [{ id: "result", kind: "markdown", path: destination }],
584
- evidence: resultNode.evidence.length
585
- ? resultNode.evidence
586
- : [{ id: "result:summary", source: "summary", summary: parsedResult.summary }],
587
- metadata: { taskId: task.id, workerId, resultNodeId: resultNode.id, sandboxProfileId: scope.sandboxProfileId }
588
- });
589
- task.verifierNodeId = verifierResult.outputNodeId;
590
- accept.verifierNodeId = verifierResult.outputNodeId;
591
- // Carry the verify verdict for the scope-status transition in recordWorkerCompletion.
592
- accept.verifierStatus = verifierResult.status;
593
- }
594
- /** Step 6 — recordStateNode (worker record): assemble the worker output record +
595
- * host-attested usage record, then persist the worker scope with the verify-derived
596
- * status, output digest/size, and (when present) usage. */
597
- function recordWorkerCompletion(accept, delegation) {
598
- const { run, workerId, scope, task, absoluteResultPath, rawResult, resultNode, verifierNodeId, verifierStatus, pathAuditId, acceptedAuditId } = accept;
599
- const { agentDelegation, telemetry } = delegation;
600
- const output = {
601
- workerId,
602
- taskId: task.id,
603
- resultPath: absoluteResultPath,
604
- recordedAt: new Date().toISOString(),
605
- stateNodeId: resultNode.id,
606
- verifierNodeId,
607
- auditEventIds: [pathAuditId, acceptedAuditId]
608
- };
609
- // Host-attested usage rides on the worker record. Recorded when the agent
610
- // REPORTED a model OR token usage — `unreported`/absent stays ABSENT (never
611
- // backfilled from the operator-chosen CW_AGENT_MODEL, never synthesized).
612
- // Track 1: the attestation verdict (`attested`/`unattested`/`absent`) and its
613
- // reason ride along, and the token buckets come from the (verified-or-not)
614
- // reported usage — CW still never measures them, it records + labels them.
615
- const reportedModel = agentDelegation && agentDelegation.model && agentDelegation.model !== "unreported" ? agentDelegation.model : undefined;
616
- const usageRecord = agentDelegation && (reportedModel || agentDelegation.reportedUsage)
617
- ? {
618
- schemaVersion: 1,
619
- source: "host-attested",
620
- ...(reportedModel ? { model: reportedModel } : {}),
621
- ...(0, telemetry_attestation_1.normalizeReportedUsage)(agentDelegation.reportedUsage),
622
- attestedAt: new Date().toISOString(),
623
- ...(telemetry ? { attestation: telemetry.status, ...(telemetry.reason ? { attestationReason: telemetry.reason } : {}) } : {}),
624
- note: "agent-delegation host-attested usage"
625
- }
626
- : undefined;
627
- updateWorkerScope(run, {
628
- ...scope,
629
- updatedAt: new Date().toISOString(),
630
- status: verifierStatus === "advanced" ? "verified" : "completed",
631
- resultNodeId: resultNode.id,
632
- output,
633
- // Output integrity (v0.1.63): SHA256 digest + file size
634
- outputDigest: (0, execution_backend_1.sha256)(rawResult),
635
- outputSizeBytes: Buffer.byteLength(rawResult, "utf8"),
636
- ...(usageRecord ? { usage: usageRecord } : {})
637
- });
638
- accept.output = output;
639
- }
640
- /** Step 7 — fanOut: publish the accepted output to the blackboard and record the
641
- * multi-agent worker output (linking the blackboard message/artifact refs). */
642
- function fanOutWorkerOutput(accept) {
643
- const { run, workerId, scope, task, absoluteResultPath, parsedResult, destination, resultNode, verifierNodeId, acceptedAuditId } = accept;
644
- const blackboardLinks = publishWorkerOutputToBlackboard(run, scope, task, parsedResult.summary, destination, absoluteResultPath, resultNode.evidence, acceptedAuditId);
645
- (0, multi_agent_1.recordMultiAgentWorkerOutput)(run, {
646
- workerId,
647
- taskId: task.id,
648
- resultNodeId: resultNode.id,
649
- verifierNodeId,
650
- evidence: resultNode.evidence,
651
- artifactPaths: [destination, absoluteResultPath],
652
- blackboardMessageIds: blackboardLinks.messageIds,
653
- blackboardArtifactRefIds: blackboardLinks.artifactRefIds
654
- });
655
- }
656
304
  function recordWorkerFailure(run, workerId, error, options = {}) {
657
305
  const scope = requireWorkerScope(run, workerId);
658
306
  const task = requireWorkerTask(run, scope);
@@ -938,7 +586,7 @@ function sandboxPolicyForBoundary(run, scope, options = {}) {
938
586
  });
939
587
  }
940
588
  function blackboardManifest(run, scope) {
941
- const linkage = blackboardLinkage(run, scope);
589
+ const linkage = (0, blackboard_linkage_1.blackboardLinkage)(run, scope);
942
590
  if (!linkage.blackboardId)
943
591
  return undefined;
944
592
  const root = run.paths.blackboardDir || node_path_1.default.join(run.paths.runDir, "blackboard");
@@ -958,79 +606,6 @@ function blackboardManifest(run, scope) {
958
606
  ]
959
607
  };
960
608
  }
961
- function publishWorkerOutputToBlackboard(run, scope, task, summary, destination, workerResultPath, evidence, acceptedAuditId) {
962
- const linkage = blackboardLinkage(run, scope);
963
- if (!linkage.blackboardId || !linkage.topicIds.length)
964
- return { messageIds: [], artifactRefIds: [] };
965
- const topicId = linkage.topicIds[0];
966
- const artifactRefs = [
967
- (0, coordinator_1.addBlackboardArtifact)(run, {
968
- topicId,
969
- blackboardId: linkage.blackboardId,
970
- kind: "worker-result",
971
- path: destination,
972
- owner: { kind: "worker", id: scope.id },
973
- author: { kind: "runtime", id: "cw" },
974
- source: "cw-validated-worker-output",
975
- provenance: {
976
- workerId: scope.id,
977
- taskId: task.id,
978
- multiAgentRunId: scope.multiAgent?.runId,
979
- agentGroupId: scope.multiAgent?.groupId,
980
- agentRoleId: scope.multiAgent?.roleId,
981
- agentMembershipId: scope.multiAgent?.membershipId,
982
- auditEventIds: [acceptedAuditId]
983
- },
984
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
985
- auditEventIds: [acceptedAuditId],
986
- metadata: { workerResultPath }
987
- })
988
- ];
989
- const message = (0, coordinator_1.postBlackboardMessage)(run, {
990
- topicId,
991
- blackboardId: linkage.blackboardId,
992
- body: summary,
993
- author: { kind: "worker", id: scope.id },
994
- scope: { kind: "worker", id: scope.id },
995
- artifactRefIds: artifactRefs.map((artifact) => artifact.id),
996
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
997
- auditEventIds: [acceptedAuditId],
998
- links: {
999
- multiAgentRunId: scope.multiAgent?.runId,
1000
- agentGroupId: scope.multiAgent?.groupId,
1001
- agentRoleId: scope.multiAgent?.roleId,
1002
- agentMembershipId: scope.multiAgent?.membershipId,
1003
- agentFanoutId: scope.multiAgent?.fanoutId,
1004
- taskId: task.id,
1005
- workerId: scope.id,
1006
- auditEventIds: [acceptedAuditId]
1007
- },
1008
- metadata: {
1009
- taskId: task.id,
1010
- resultPath: destination,
1011
- multiAgent: scope.multiAgent
1012
- }
1013
- });
1014
- return {
1015
- messageIds: [message.id],
1016
- artifactRefIds: artifactRefs.map((artifact) => artifact.id)
1017
- };
1018
- }
1019
- function blackboardLinkage(run, scope) {
1020
- const membershipId = scope.multiAgent?.membershipId;
1021
- const membership = membershipId ? run.multiAgent?.memberships.find((entry) => entry.id === membershipId) : undefined;
1022
- const group = scope.multiAgent?.groupId ? run.multiAgent?.groups.find((entry) => entry.id === scope.multiAgent?.groupId) : undefined;
1023
- const role = scope.multiAgent?.roleId ? run.multiAgent?.roles.find((entry) => entry.id === scope.multiAgent?.roleId) : undefined;
1024
- const multiAgentRun = scope.multiAgent?.runId ? run.multiAgent?.runs.find((entry) => entry.id === scope.multiAgent?.runId) : undefined;
1025
- const blackboardId = membership?.blackboardId || group?.blackboardId || role?.blackboardId || multiAgentRun?.blackboardId;
1026
- const topicIds = (0, helpers_1.unique)([
1027
- ...(membership?.topicIds || []),
1028
- ...(group?.topicIds || []),
1029
- ...(role?.topicIds || []),
1030
- ...(multiAgentRun?.topicIds || [])
1031
- ]);
1032
- return { blackboardId, topicIds };
1033
- }
1034
609
  function normalizeWorkerError(error, scope, options) {
1035
610
  if ((0, helpers_1.isBoundaryViolation)(error)) {
1036
611
  return (0, helpers_1.structuredError)(error.code, error.message, {
@@ -266,3 +266,9 @@ _No behavioral change in v0.1.82 (drive/quickstart work out the run repo via an
266
266
  ## Hardening and Onboarding (v0.1.83)
267
267
 
268
268
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
269
+
270
+ ## Privacy Release (v0.1.84)
271
+
272
+ No other change to this page in v0.1.84.
273
+
274
+ 0.1.85
@@ -72,7 +72,7 @@ relationship. `identical` means `cw <cmd> --json` is equal to the `cw_<tool>`
72
72
  payload; `projected` means a declared divergence with a reason; `cli-only` marks
73
73
  a surface-specific capability with a recorded reason. The matrix is
74
74
  <!-- gen:parity:count -->
75
- machine-complete by design: 190 capabilities, 184 MCP tools.
75
+ machine-complete by design: 193 capabilities, 186 MCP tools.
76
76
  <!-- /gen:parity:count -->
77
77
 
78
78
  <!-- gen:parity:table -->
@@ -236,6 +236,8 @@ machine-complete by design: 190 capabilities, 184 MCP tools.
236
236
  | `run.import` | `cw run import` | `cw_run_import` | `runImportArchive` | both | identical |
237
237
  | `run.verify-import` | `cw run verify-import` | `cw_run_verify_import` | `runVerifyImport` | both | identical |
238
238
  | `run.inspect-archive` | `cw run inspect-archive` | `cw_run_inspect_archive` | `runInspectArchive` | both | identical |
239
+ | `report.verify-bundle` | `cw report verify-bundle` | `cw_report_verify_bundle` | `runVerifyReportBundle` | both | identical |
240
+ | `report.bundle` | `cw report bundle` | `cw_report_bundle` | `reportBundle` | both | identical |
239
241
  | `run.drive` | `cw run drive` | `cw_run_drive` | `runDrivePreview` | both | identical |
240
242
  | `run.drive.step` | `cw run drive` | `cw_run_drive_step` | `runDrive` | both | projected |
241
243
  | `quickstart` | `cw quickstart` | `—` | `quickstart` | cli-only | cli-only |
@@ -256,6 +258,7 @@ machine-complete by design: 190 capabilities, 184 MCP tools.
256
258
  | `gc.verify` | `cw gc verify` | `cw_gc_verify` | `gcVerify` | both | identical |
257
259
  | `telemetry.verify` | `cw telemetry verify` | `cw_telemetry_verify` | `telemetryVerify` | both | identical |
258
260
  | `demo.tamper` | `cw demo tamper` | `—` | `demoTamper` | cli-only | cli-only |
261
+ | `demo.bundle` | `cw demo bundle` | `—` | `demoBundle` | cli-only | cli-only |
259
262
  | `history` | `cw history` | `cw_history` | `runRegistry.history` | both | identical |
260
263
  | `workbench.view` | `cw workbench view` | `cw_workbench_view` | `buildWorkbenchRunView` | both | identical |
261
264
  | `workbench.serve` | `cw workbench serve` | `cw_workbench_serve` | `buildWorkbenchServeDescriptor` | both | projected |
@@ -282,14 +285,15 @@ A capability may be on one surface only, but never without word of it — it mus
282
285
  carry a recorded reason in the registry.
283
286
 
284
287
  <!-- gen:parity:cliOnly -->
285
- Six capabilities are CLI-only:
288
+ Seven capabilities are CLI-only:
286
289
 
287
290
  - `help` — Human help text. MCP hosts enumerate capabilities via tools/list, not a help command.
288
291
  - `doctor` — Environment diagnostics are inherently local to the CLI host — Node version, $PATH, $CW_HOME/cwd writability. An MCP client diagnosing the server process's environment is not meaningful; agents already receive the same readiness facts in their typed results (e.g. status: blocked, agentConfigured). Inspired by `brew doctor`.
289
292
  - `loop` — Convenience alias of `schedule create` with kind=loop. MCP hosts use cw_schedule_create with kind=loop.
290
293
  - `schedule daemon` — Long-running desktop daemon process, not a request/response tool. MCP hosts drive ticks via cw_schedule_due + cw_schedule_run_now.
291
- - `quickstart` — CLI UX convenience layer (newcomer first value in one command) over the existing run.drive.step + report verbs; it spawns nothing new and delegates worker execution to the operator's agent backend. MCP hosts compose the same outcome from cw_run_drive_step + cw_report. `audit-run` is a CLI-only alias of the same wrapper.
294
+ - `quickstart` — CLI UX convenience layer (newcomer first value in one command) over the existing run.drive.step + report verbs; it spawns nothing new and delegates worker execution to the operator's agent backend. MCP hosts compose the same outcome from cw_run_drive_step + cw_report (+ cw_report_bundle for --bundle). `audit-run` is a CLI-only alias of the same wrapper.
292
295
  - `demo tamper` — Human-facing demonstration (operator/newcomer onboarding); the underlying integrity check is exposed programmatically as the both-surface telemetry.verify. No agent or MCP client needs to invoke a demo.
296
+ - `demo bundle` — Human-facing demonstration (operator/newcomer onboarding); the underlying integrity check is exposed programmatically as the both-surface report.verify-bundle. No agent or MCP client needs to invoke a demo.
293
297
  <!-- /gen:parity:cliOnly -->
294
298
 
295
299
  <!-- gen:parity:projected -->
@@ -462,3 +466,9 @@ _No changes in v0.1.82._
462
466
  ## Hardening and Onboarding (v0.1.83)
463
467
 
464
468
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
469
+
470
+ ## Privacy Release (v0.1.84)
471
+
472
+ No other change to this page in v0.1.84.
473
+
474
+ 0.1.85
@@ -137,3 +137,9 @@ _No changes in v0.1.82._
137
137
  ## Hardening and Onboarding (v0.1.83)
138
138
 
139
139
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
140
+
141
+ ## Privacy Release (v0.1.84)
142
+
143
+ No other change to this page in v0.1.84.
144
+
145
+ 0.1.85
@@ -121,3 +121,9 @@ _No change in behavior in v0.1.82 (schedule/run ids are now deterministic-but-un
121
121
  ## Hardening and Onboarding (v0.1.83)
122
122
 
123
123
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
124
+
125
+ ## Privacy Release (v0.1.84)
126
+
127
+ No other change to this page in v0.1.84.
128
+
129
+ 0.1.85
@@ -120,3 +120,9 @@ _No changes in v0.1.82._
120
120
  ## Hardening and Onboarding (v0.1.83)
121
121
 
122
122
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
123
+
124
+ ## Privacy Release (v0.1.84)
125
+
126
+ No other change to this page in v0.1.84.
127
+
128
+ 0.1.85
@@ -281,3 +281,9 @@ _No changes in v0.1.82._
281
281
  ## Hardening and Onboarding (v0.1.83)
282
282
 
283
283
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
284
+
285
+ ## Privacy Release (v0.1.84)
286
+
287
+ No other change to this page in v0.1.84.
288
+
289
+ 0.1.85
@@ -311,3 +311,9 @@ _No behavioral change in v0.1.82 (the delegated child programs moved from inline
311
311
  ## Hardening and Onboarding (v0.1.83)
312
312
 
313
313
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
314
+
315
+ ## Privacy Release (v0.1.84)
316
+
317
+ No other change to this page in v0.1.84.
318
+
319
+ 0.1.85
package/docs/index.md CHANGED
@@ -37,6 +37,7 @@ Read these in order when you are new to CW:
37
37
  32. [Run Retention & Provable Reclamation](run-retention-reclamation.7.md) - tiered, append-only, cryptographically-verifiable disk reclamation over the v0.1.28 archive overlay: seal the audit skeleton, free the reconstructable/scratch bulk, and prove it via a hash-chained tombstone; `gc plan|run|verify`, write-ahead + fail-closed, explicit capability downgrade.
38
38
  33. [Durable State & Locking](durable-state-and-locking.7.md) - atomic (temp→rename) writes for every authoritative store with fsync-durability for the audit-essential ones, plus a portable stale-stealing file lock serializing the cross-process read-modify-write stores (home queue, archive overlay, reclamation chain); closes the prior verdict's non-atomic/unlocked P1.
39
39
  34. [Source Context Profiles](source-context-profiles.7.md) - opt-in JSONL source exports for AI context slimming, with profile policy in manifest data and manifest records proving every included or omitted tracked file.
40
+ 35. [Verifiable Report Bundle](report-verifiable-bundle.7.md) - embed the operator's ed25519 public key into a portable run archive so anyone can `report verify-bundle` it OFFLINE and self-contained (archive bytes + telemetry chain + trust-audit chain + signatures); `report bundle` produces-and-proves in one command. Fail-closed, no repo/key/install beyond npx.
40
41
 
41
42
  CW is the base system. Workflow apps are userland. Release and migration rules
42
43
  must keep that line clear: stable contracts, clear compatibility checks, and
@@ -279,3 +279,9 @@ _No changes in v0.1.82._
279
279
  ## Hardening and Onboarding (v0.1.83)
280
280
 
281
281
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
282
+
283
+ ## Privacy Release (v0.1.84)
284
+
285
+ No other change to this page in v0.1.84.
286
+
287
+ 0.1.85
@@ -313,3 +313,9 @@ _v0.1.82 — replay now RE-DERIVES the projection from the raw captured state in
313
313
  ## Hardening and Onboarding (v0.1.83)
314
314
 
315
315
  Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
316
+
317
+ ## Privacy Release (v0.1.84)
318
+
319
+ No other change to this page in v0.1.84.
320
+
321
+ 0.1.85