cool-workflow 0.1.84 → 0.1.86

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +47 -331
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/architecture-review-fast/workflow.js +2 -0
  7. package/apps/end-to-end-golden-path/app.json +1 -1
  8. package/apps/pr-review-fix-ci/app.json +1 -1
  9. package/apps/release-cut/app.json +1 -1
  10. package/apps/research-synthesis/app.json +1 -1
  11. package/dist/capability-core.js +220 -5
  12. package/dist/capability-registry.js +90 -51
  13. package/dist/cli/command-surface.js +47 -2
  14. package/dist/doctor.js +37 -1
  15. package/dist/mcp/tool-call.js +428 -0
  16. package/dist/mcp/tool-definitions.js +1027 -0
  17. package/dist/mcp-surface.js +5 -1416
  18. package/dist/onramp.js +421 -0
  19. package/dist/orchestrator.js +20 -15
  20. package/dist/run-export.js +139 -1
  21. package/dist/telemetry-demo.js +119 -0
  22. package/dist/types/report-bundle.js +6 -0
  23. package/dist/types.js +1 -0
  24. package/dist/version.js +1 -1
  25. package/dist/workbench-host.js +1 -8
  26. package/docs/agent-delegation-drive.7.md +23 -2
  27. package/docs/cli-mcp-parity.7.md +38 -7
  28. package/docs/contract-migration-tooling.7.md +4 -0
  29. package/docs/control-plane-scheduling.7.md +4 -0
  30. package/docs/dogfood-one-real-repo.7.md +9 -1
  31. package/docs/durable-state-and-locking.7.md +4 -0
  32. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  33. package/docs/execution-backends.7.md +4 -0
  34. package/docs/getting-started.md +40 -2
  35. package/docs/index.md +51 -37
  36. package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
  37. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  38. package/docs/multi-agent-operator-ux.7.md +4 -0
  39. package/docs/node-snapshot-diff-replay.7.md +4 -0
  40. package/docs/observability-cost-accounting.7.md +4 -0
  41. package/docs/project-index.md +23 -7
  42. package/docs/real-execution-backends.7.md +4 -0
  43. package/docs/release-and-migration.7.md +5 -1
  44. package/docs/release-history.md +342 -0
  45. package/docs/release-tooling.7.md +18 -0
  46. package/docs/report-verifiable-bundle.7.md +123 -0
  47. package/docs/run-registry-control-plane.7.md +4 -0
  48. package/docs/run-retention-reclamation.7.md +4 -0
  49. package/docs/state-explosion-management.7.md +4 -0
  50. package/docs/team-collaboration.7.md +4 -0
  51. package/docs/web-desktop-workbench.7.md +4 -0
  52. package/manifest/plugin.manifest.json +1 -1
  53. package/manifest/source-context-profiles.json +1 -1
  54. package/package.json +2 -1
  55. package/scripts/architecture-review-fast.js +44 -2
  56. package/scripts/canonical-apps.js +4 -4
  57. package/scripts/dogfood-release.js +55 -133
  58. package/scripts/golden-path.js +4 -4
  59. package/scripts/onramp-check.js +47 -0
  60. package/scripts/parity-check.js +740 -2
  61. package/scripts/release-check.js +2 -0
  62. package/scripts/source-context.js +31 -5
  63. package/scripts/version-sync-check.js +4 -2
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
3
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
4
- "version": "0.1.84",
4
+ "version": "0.1.86",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
7
7
  },
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.84",
3
+ "version": "0.1.86",
4
4
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
package/README.md CHANGED
@@ -15,7 +15,7 @@
15
15
  ![MCP](https://img.shields.io/badge/MCP-native-8A2BE2?style=flat-square)
16
16
  ![runtime](https://img.shields.io/badge/runtime-TypeScript%20%C2%B7%20Node-3178C6?style=flat-square)
17
17
 
18
- **[Structure](#structure)** · [Commands](#commands) · [Result Envelope](#result-envelope) · [Scheduled Tasks](#scheduled-tasks) · [License](#license)
18
+ **[Start Here](#start-here)** · [Quickstart](#quickstart) · [Developer Loop](#developer-loop) · [Commands](#commands) · [Release History](docs/release-history.md)
19
19
 
20
20
  Cool Workflow, or CW, is a free-standing agent workflow control-plane put up as a
21
21
  TypeScript runtime. It gives a COL-Architecture: Router / Orchestrator,
@@ -43,225 +43,34 @@ CW keeps to a small set of Unix-based workflow rules: small kernel,
43
43
  clear state, pipes that join, workers kept apart, and verifier-gated commits.
44
44
  See [docs/unix-principles.md](docs/unix-principles.md).
45
45
 
46
- CW v0.1.32 adds Team Collaboration: a host-attested actor, append-only
47
- approvals/rejections/comments/handoffs provenance-linked to a durable target
48
- (`run|task|candidate|selection|commit|node`), and a review gate that STACKS ON the
49
- verifier gate. Identity is ATTESTED provenance, never authenticated — a missing
50
- identity is the clear `unattributed` actor, never a made-up one. The review
51
- gate is POLICY put on top of the verifier MECHANISM: it runs inside `resolveCommitGate`
52
- AFTER the verifier checks and can only ADD a required-approvals rule, never
53
- take away the verifier's — so an approval can never turn an unverified result into a
54
- committed one. It FAILS CLOSED on quorum, authority, self-approval, and
55
- unattributed actors, writing down just which approvals are not there, and a
56
- gate-satisfied commit is marked with WHO approved the very artifact that went out.
57
- Required approvals, authorized roles, and the self-approval rule are POLICY as data
58
- (`review policy`), off to start with (pre-v0.1.32 behavior unchanged). Each verb is
59
- declared once in the capability registry so `cw <cmd> --json` is the same as
60
- `cw_<tool>`; the v0.1.30 Workbench shows the review timeline read-only and the
61
- v0.1.31 metrics report adds derived approval-rate/time-to-approval/handoff-count.
62
- See [docs/team-collaboration.7.md](docs/team-collaboration.7.md).
63
-
64
- CW v0.1.29 adds Execution Backends: the execution layer is lifted OUT of the
65
- kernel into drivers you can plug in and swap — `node`, `bun`, `shell`, `container`,
66
- `remote`, and `ci` — behind ONE small `ExecutionBackend` contract
67
- (`src/execution-backend.ts`). Built on the lines of a BSD VFS / device-driver layer, the
68
- kernel (orchestrator/dispatch/pipeline-runner) never learns which backend ran a
69
- task: WHAT to run and which evidence to record is kernel policy; HOW and WHERE it
70
- runs is the driver's business. The sandbox profile is the contract — every backend
71
- makes good or attests each requested read/write/command/network/env dimension, or
72
- FAILS CLOSED instead of quietly running unsandboxed. The result/evidence
73
- envelope is schema-identical across backends (CW's own self-verify makes
74
- byte-stable evidence on `node`, `shell`, and `bun`); the backend id + sandbox
75
- attestation are recorded AS provenance, so eval/replay, the verifier gates, and
76
- the v0.1.28 run registry stay backend-agnostic. The container/remote/ci drivers
77
- DELEGATE and record a handle + attestation + result — CW does not become the
78
- executor. Selection is like `--sandbox` with a parallel `--backend` flag and
79
- `backend list|show|probe`, declared once in the capability registry so
80
- `cw <cmd> --json` is schema-identical to `cw_<tool>`. The default (`node`) backend
81
- gives pre-v0.1.29 behavior just the same. See
82
- [docs/execution-backends.7.md](docs/execution-backends.7.md).
83
-
84
- CW v0.1.31 adds Observability + Cost Accounting: time/duration, failure rate,
85
- verifier pass rate, candidate acceptance rate, and token/cost — all DERIVED from
86
- the run state CW already keeps (timestamps → durations; verifier nodes → pass
87
- rate; candidates → acceptance; failed workers/feedback → failure rate). There is
88
- NO metrics database, NO collector daemon, NO secret counter. A rate over zero
89
- samples is `n/a`, never a made-up 0%/100%. Cost is ATTESTED, never measured:
90
- CW does not call the model, so token usage is recorded as host-attested
91
- provenance on the existing result/worker intake (absent ⇒ `unreported`, never 0),
92
- and a money figure is `attested` only from attested usage × a recorded pricing
93
- policy — guessed pricing is a SEPARATE `estimated` figure, never mixed in.
94
- Pricing is POLICY as data (`--pricing <path>|default`), out of the kernel.
95
- `metrics show`/`metrics summary` are declared once in the capability registry so
96
- `cw <cmd> --json` is byte-identical to `cw_<tool>`, and the v0.1.30 Workbench
97
- shows a read-only metrics panel from the same payload. See
98
- [docs/observability-cost-accounting.7.md](docs/observability-cost-accounting.7.md).
99
-
100
- CW v0.1.30 adds the Web / Desktop Workbench: a console for people that shows a
101
- run's run graph, blackboard, worker logs, candidate compare, and audit timeline,
102
- plus a cross-run way in over the v0.1.28 Run Registry. It is a THIRD FRONT
103
- DOOR next to the CLI (human speed) and MCP (machine context) — all three are
104
- presentation policy over ONE mechanism. Keeping CW's "no hidden dashboard
105
- database" promise, the Workbench holds ZERO authoritative state: it is a
106
- stateless, READ-ONLY renderer over the durable `.cw/` files and the existing
107
- capability payloads, so each panel is the same as its `cw <cmd> --json` payload
108
- byte-for-byte (parity-gated) and refresh works it all out again from disk — delete
109
- the host and nothing is lost. The optional localhost host (`cw workbench serve`)
110
- binds `127.0.0.1` only, is read-only (writes refused `405`), says no to non-localhost
111
- `Host` headers and path traversal, and fails closed on unreadable state. It is an
112
- OPTIONAL surface: the committed `dist/` and a plain `node` runtime keep working
113
- with the Workbench (and its dependency-light static UI) gone. See
114
- [docs/web-desktop-workbench.7.md](docs/web-desktop-workbench.7.md).
115
-
116
- CW v0.1.28 adds the Run Registry / Control Plane: a layer that looks after MANY
117
- workflow runs across repositories — `run search`, `run resume`, `run archive`, a
118
- durable `queue`, cross-repo `history`, and failed-run `run rerun` — over the
119
- per-run `.cw/runs/<id>/state.json`, which stays the one true source. The
120
- registry (`src/run-registry.ts`) is a DERIVED, rebuildable, fingerprinted index:
121
- it sorts a documented lifecycle (`queued → running → blocked → completed →
122
- failed → archived`), finds runs cross-repo through a plain-file home registry
123
- (`CW_HOME`/XDG), and fails closed — tampered or missing source comes up as
124
- `stale`/`missing` and starts a rebuild, never a made-up status. Resume
125
- goes on with a run, rerun makes a NEW run tied to the first one by provenance, and
126
- archive marks it without deleting source. Every verb is declared once in the
127
- capability registry, so `cw <cmd> --json` is schema-identical to `cw_<tool>`. See
128
- [docs/run-registry-control-plane.7.md](docs/run-registry-control-plane.7.md).
129
-
130
- CW v0.1.27 adds CLI ↔ MCP Parity: the command-line surface and the MCP surface
131
- are now two views of ONE data source, declared in a single capability
132
- registry (`src/capability-registry.ts`) and kept fail-closed. Each capability
133
- names one shared core `entry`; `cw <cmd> --json` is payload-identical to the
134
- matching `cw_<tool>` MCP result, the CLI stays short for people while MCP stays
135
- full for machines, and `npm run parity:check` (wired into `release:check`)
136
- stops any drift — a capability on only one surface, an undeclared tool or
137
- command, or a payload that does not match. See
138
- [docs/cli-mcp-parity.7.md](docs/cli-mcp-parity.7.md).
139
-
140
- CW v0.1.26 adds the Evidence Adoption Reasoning Chain: a derived, fingerprinted,
141
- fail-closed view that makes clear *why* each evidence item was adopted, rejected,
142
- superseded, or conflicting. For every gate (`fanin`, `candidate-score`,
143
- `selection`, `verifier`, `commit`) it records the decision, basis (evidence +
144
- provenance + trust source), authority (role/membership/worker + role policy),
145
- rationale (using existing reason fields again), and counterfactual (the other choices
146
- that lost). A "why" that cannot be traced to a real record comes up as
147
- `unexplained` rather than a made-up rationale. New surfaces: `multi-agent
148
- reasoning <run-id> [--evidence <id>] [--refresh]`, the MCP tools
149
- `cw_evidence_reasoning` and `cw_evidence_reasoning_refresh`, and an added
150
- `rationaleStatus` on `multi-agent evidence`. The chain is derived, never
151
- the top authority over raw state, and kept under `.cw/runs/<run-id>/reasoning/`.
152
- See
153
- [docs/evidence-adoption-reasoning-chain.7.md](docs/evidence-adoption-reasoning-chain.7.md).
154
-
155
- CW v0.1.25 adds State Explosion Management: durable, versioned,
156
- provenance-backed summary records (`MultiAgentSummaryIndex`,
157
- `BlackboardSummaryRecord`, `GraphSummaryRecord`, `OperatorDigest`,
158
- `StateExplosionReport`), small and pointed graph views with built-up summary
159
- nodes, blackboard digests, and eval/replay-gated freshness checks. Summaries are
160
- derived userland indexes that never delete raw blackboard, graph, audit, or
161
- evidence records and fail closed when stale. New surfaces: `summary refresh`,
162
- `summary show`, `blackboard summarize`, `multi-agent summarize`, and
163
- `multi-agent graph --view`. See
164
- [docs/state-explosion-management.7.md](docs/state-explosion-management.7.md).
165
-
166
- CW v0.1.24 makes harder state loading, migrations, MCP tool calls, multi-agent and
167
- blackboard persistence, and eval/replay artifact validation with fail-closed
168
- operator diagnostics.
169
-
170
- CW v0.1.23 adds Multi-Agent Eval & Replay Harness: deterministic snapshots,
171
- isolated replays, normalized comparisons, replay scoring, release gates, human
172
- reports, and MCP parity for topology-backed multi-agent runs. See
173
- [docs/multi-agent-eval-replay-harness.7.md](docs/multi-agent-eval-replay-harness.7.md).
174
-
175
- CW v0.1.22 adds Multi-Agent Trust / Policy / Audit: role policies, permission
176
- decisions, provenance-rich blackboard messages, blackboard write audit, judge
177
- rationale, panel decisions, and policy violations in the existing trust-audit
178
- log. See
179
- [docs/multi-agent-trust-policy-audit.7.md](docs/multi-agent-trust-policy-audit.7.md).
180
-
181
- CW v0.1.21 adds Multi-Agent Operator UX: small graph, dependencies,
182
- failures, and evidence adoption views for topology-backed multi-agent runs.
183
- Operators can trace agent -> dependency -> evidence -> fanin -> score ->
184
- selection -> verifier-gated commit with no separate dashboard state. See
185
- [docs/multi-agent-operator-ux.7.md](docs/multi-agent-operator-ux.7.md).
186
-
187
- CW v0.1.20 adds Multi-Agent CLI + MCP Surface: the host loop to go for, for
188
- `multi-agent run`, `multi-agent status`, `multi-agent step`,
189
- `multi-agent blackboard`, `multi-agent score`, and `multi-agent select`.
190
- The matching MCP tools are `cw_multi_agent_run`, `cw_multi_agent_status`,
191
- `cw_multi_agent_step`, `cw_multi_agent_blackboard`, `cw_multi_agent_score`,
192
- and `cw_multi_agent_select`. See
193
- [docs/multi-agent-cli-mcp-surface.7.md](docs/multi-agent-cli-mcp-surface.7.md).
194
-
195
- CW v0.1.19 adds Multi-Agent Topologies: official `map-reduce`, `debate`, and
196
- `judge-panel` coordination definitions with validation, apply-time
197
- materialization, topology run state, topology graphs, Operator UX panels, trust
198
- audit provenance, CLI commands, and MCP parity. Applying a topology makes the
199
- linked MultiAgentRun, roles, groups, fanout, blackboard topics, coordinator
200
- decisions, and deterministic next actions that the agent host can do.
201
- See [docs/multi-agent-topologies.7.md](docs/multi-agent-topologies.7.md).
202
-
203
- CW v0.1.18 adds Coordinator / Blackboard: first-class shared topics,
204
- messages, context frames, artifact refs, snapshots, and coordinator decisions.
205
- The blackboard is the coordination filesystem used by topology runs to index
206
- evidence, conflicts, fanin readiness, and synthesis decisions. See
207
- [docs/coordinator-blackboard.7.md](docs/coordinator-blackboard.7.md).
208
-
209
- CW v0.1.17 added Multi-Agent Runtime Core: first-class `MultiAgentRun`,
210
- `AgentRole`, `AgentGroup`, `AgentMembership`, `AgentFanout`, and `AgentFanin`
211
- state with lifecycle validation, dispatch attachment, worker manifest metadata,
212
- fanin evidence coverage, Operator UX panels, trust audit events, CLI commands,
213
- and MCP parity. See
214
- [docs/multi-agent-runtime-core.7.md](docs/multi-agent-runtime-core.7.md).
215
-
216
- CW v0.1.16 adds Dogfood One Real Repo: a dry-run release proof that runs the
217
- canonical `release-cut` app against this repository, records real command
218
- evidence, scores/selects a release candidate, makes a verifier-gated CW state
219
- commit, and makes trust clear through audit provenance. See
220
- [docs/dogfood-one-real-repo.7.md](docs/dogfood-one-real-repo.7.md).
221
-
222
- CW v0.1.15 adds Security / Trust Hardening: durable trust audit records,
223
- worker sandbox decision history, evidence provenance, acceptance rationale,
224
- and CLI/MCP audit inspection. See
225
- [docs/security-trust-hardening.7.md](docs/security-trust-hardening.7.md).
226
-
227
- CW v0.1.14 added Release & Migration Discipline: clear run-state schema
228
- migration policy, fixture-based backward compatibility tests, version
229
- synchronization checks, and a dry-run release gate. See
230
- [docs/release-and-migration.7.md](docs/release-and-migration.7.md).
231
-
232
- CW v0.1.13 completes the MCP / App Surface so agent hosts can take CW as a
233
- runtime in place of a CLI wrapper. MCP now covers app runs, worker inspection and
234
- output recording, candidate scoring/selection, sandbox profile resolution,
235
- verifier-gated commits, and structured operator summaries while keeping old
236
- tool names. See [docs/mcp-app-surface.7.md](docs/mcp-app-surface.7.md).
237
-
238
- CW v0.1.12 added Operator UX: human-readable status, graph, report summaries,
239
- resource summaries, commit/feedback/worker/candidate panels, and deterministic
240
- next-step suggestions. JSON is still there with `--json` or
241
- `--format json`. See [docs/operator-ux.7.md](docs/operator-ux.7.md).
242
-
243
- CW v0.1.11 added Canonical Workflow Apps: official app-directory userland for
244
- `architecture-review`, `pr-review-fix-ci`, `release-cut`, and
245
- `research-synthesis`. They validate and plan through `npm run canonical-apps`
246
- and are the app matrix used to judge if the framework is nice to use, steady, and
247
- able to say much. See
248
- [docs/canonical-workflow-apps.7.md](docs/canonical-workflow-apps.7.md).
249
-
250
- CW v0.1.10 added the End-to-End Golden Path: a deterministic regression command
251
- that validates a first-class app, plans a run, dispatches a readonly isolated
252
- worker, records a simulated worker result, scores/selects a candidate, makes a
253
- verifier-gated commit, and renders a report. See
254
- [docs/end-to-end-golden-path.7.md](docs/end-to-end-golden-path.7.md).
255
-
256
- CW v0.1.9 added the Workflow App framework: first-class app metadata, validation,
257
- deterministic app discovery, app CLI/MCP tools, app templates, and run
258
- state/report metadata. See
259
- [docs/workflow-app-framework.7.md](docs/workflow-app-framework.7.md).
260
-
261
- CW v0.1.8 added Sandbox Profiles: named worker policy contracts for read paths,
262
- write paths, command execution, network access, and environment exposure. CW
263
- keeps and validates the policy, while the agent host makes good the OS/process
264
- runtime controls. See [docs/sandbox-profiles.7.md](docs/sandbox-profiles.7.md).
46
+ ## Start Here
47
+
48
+ Use the short path first. The long notes below are history and deep reference,
49
+ not the first run.
50
+
51
+ ```bash
52
+ cw demo tamper
53
+ cw doctor --onramp
54
+ cw quickstart architecture-review --check --repo /path/to/repo \
55
+ --question "What are the main risks?" --agent-command builtin:claude
56
+ cw quickstart architecture-review --repo /path/to/repo \
57
+ --question "What are the main risks?" --agent-command builtin:claude --bundle
58
+ cw report verify-bundle report.cwrun.json
59
+ ```
60
+
61
+ For source work, keep the loop small:
62
+
63
+ ```bash
64
+ npm run build
65
+ node test/<nearest-smoke>.js
66
+ npm run test:fast
67
+ ```
68
+
69
+ Run `npm run release:check` only when the batch is ready for the full gate. Start
70
+ with `quickstart` and `report` before the multi-agent pages.
71
+
72
+ For the full capability and release history, see [docs/release-history.md](docs/release-history.md).
73
+ This README tracks CW v0.1.85.
265
74
 
266
75
  ## Quickstart
267
76
 
@@ -280,6 +89,9 @@ npx cool-workflow quickstart architecture-review --repo /path/to/repo \
280
89
  --question "Is this architecture sound?" --agent-command builtin:claude
281
90
  ```
282
91
 
92
+ Add `--bundle` when the report has to go to someone else; then check the file
93
+ offline with `cw report verify-bundle report.cwrun.json`.
94
+
283
95
  CW DELEGATES worker execution to your own agent. With no `--agent-command` (or
284
96
  `CW_AGENT_COMMAND`) the drive fails closed (status `blocked`) — it never makes up a
285
97
  result. `--agent-command builtin:claude` points to a bundled read-only `claude -p`
@@ -297,6 +109,20 @@ More: `cw quickstart <app> --preview` (read-only dry run), `cw run resume <run-i
297
109
  (go on with a run that was stopped), `cw run inspect-archive <archive>` (integrity-check a
298
110
  portable run archive without bringing it in).
299
111
 
112
+ ## Developer Loop
113
+
114
+ Use the shortest check that fits the change:
115
+
116
+ ```bash
117
+ npm run build
118
+ node test/<nearest-smoke>.js
119
+ npm run test:fast
120
+ ```
121
+
122
+ For a source checkout, `cw doctor --onramp --changed-from origin/main` gives the
123
+ nearest smoke tests and release gate commands for the current change. Before a
124
+ release, run `npm run release:check`.
125
+
300
126
  ## Structure
301
127
 
302
128
  ```text
@@ -599,114 +425,4 @@ Verification and synthesis tasks need a structured result block:
599
425
  ```
600
426
  ````
601
427
 
602
- ## Release Tooling (v0.1.33)
603
-
604
- the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a release gate that has no copies. See release-tooling(7).
605
-
606
- ## Real Execution Backend Integrations (v0.1.34)
607
-
608
- container/remote/ci backends really do the work (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there to use. See real-execution-backends(7).
609
-
610
- ## Node Snapshot / Diff / Replay (v0.1.35)
611
-
612
- per-node snapshot, structural diff, and isolated deterministic replay over StateNode, using the v0.1.23 eval harness again; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
613
-
614
- ## Contract Migration Tooling (v0.1.36)
615
-
616
- first-class declared migration registry (run-state + workflow-app) with per-edge compatibility proofs, fail-closed reachability, and a round-trip/non-destruction prover. See contract-migration-tooling(7).
617
-
618
- ## Control-Plane Scheduling (v0.1.37)
619
-
620
- priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed park over the v0.1.28 Run Registry queue; policy-as-data, deterministic. See control-plane-scheduling(7).
621
-
622
- ## Agent Delegation Drive (v0.1.38)
623
-
624
- start up an outside agent process per worker, catch result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
625
-
626
- ## Run Retention & Provable Reclamation (v0.1.39)
627
-
628
- tiered, append-only, cryptographically-verifiable disk reclamation: `gc plan|run|verify` close up the audit skeleton, free the reconstructable/scratch bulk, and prove it by way of a hash-chained tombstone. Write-ahead + fail-closed (skeleton -> tombstone -> fsync -> free); clear capability downgrade (verify-only / re-runnable-by-reconstruction); CW never reclaims to start with.
629
-
630
- ## Durable State & Locking (v0.1.40)
631
-
632
- every authoritative write is now atomic (temp -> rename, so a crash can never cut short state.json) with fsync-durability for the audit-essential stores; the cross-process read-modify-write stores (home queue, archive overlay, reclamation chain) are serialized by a portable stale-stealing file lock. Closes the architecture self-audit's non-atomic/unlocked P1 and pulls reclamation's result-node re-point inside the write-ahead boundary (durable persist + dangling-ref proof before any free) with a content-validated skeleton.
633
-
634
- ## Self-Audit Hardening & Pure-Router Decomposition (v0.1.41)
635
-
636
- closes the v0.1.41 architecture self-audit's real findings and pays down its top maintainability debt. Hardening: evidence-gated commits now need GROUNDED locators (path/URL/namespace:value), not just presence, with opt-in `CW_REQUIRE_RESOLVABLE_EVIDENCE` on-disk resolution; the trust-audit event log is appended with fsync (durable like state.json); path containment is symlink-hardened (realpath of the deepest existing ancestor) across sandbox checks and reclamation proofs; worker ids are deterministic; coordinator secret redaction recurses. Maintainability: the `descriptor.id ===` switches in the execution backend are gone — drivers self-describe through a `registerBackend` registry — and the ~2100-line CoolWorkflowRunner god-object is broken up into per-domain operation modules under `src/orchestrator/`, leaving the runner a pure `loadRun -> delegate` router. Behavior-preserving (verified by adversarial review + full release:check).
637
-
638
- ## Robust Result Ingest (v0.1.42)
639
-
640
- catch findings/evidence from any agent shape that makes sense (alt keys + prose), CW works out grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
641
-
642
- ## No-False-Green Gate & Launch Prep (v0.1.43)
643
-
644
- Hard gate stopping empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
645
-
646
- ## Release-Gate Determinism & Agents Vendor (v0.1.44)
647
-
648
- Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) in place of the mutable working tree — doing away with false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one shared way in to CW.
649
-
650
- ## Migration DAG (v0.1.45)
651
-
652
- Puts in place of the linear migration chain a BFS graph path resolver (`findMigrationPath()`) over directed migration edges. Each `StateMigrationStep` carries an optional `reverse()` function, which makes rollback/downgrade paths possible by way of `reverseRunState()`.
653
-
654
- ## Capability Auto-Discovery (v0.1.46)
655
-
656
- `registerCapability()` builder pattern takes the place of by-hand registry entries. Capabilities self-register at implementation sites by way of Map-based dedup; no need to touch `capability-registry.ts`. New capabilities call `registerCapability()` next to their entry function.
657
-
658
- ## Vendor-Adapter Registry (v0.1.47)
659
-
660
- Data-driven manifest generation: vendor JSON shapes taken out of `gen-manifests.js` into declarative templates in `plugin.manifest.json`. A `_resolveTemplate()` engine works out `{{path.to.field}}` markers. Adding a new AI platform is pure data. Cross-vendor is proven by boot, not just by generation: `npm run manifest:load-check` (`node test/vendor-manifest-load-smoke.js`) loads every generated manifest (claude, codex, agents, gemini, opencode) and makes sure each shows the full tool surface (184 tools).
661
-
662
- ## P2 Fixes (v0.1.48)
663
-
664
- State auto-compaction by way of `setPostSaveCallback()` hook — after every `saveCheckpoint()`, the orchestrator checks `computeStateSize()` and auto-starts compaction. Agent dedup docs, npm `ci` aggregate script.
665
-
666
- ## CI Content-Surface Fix (v0.1.49)
667
-
668
- CHANGELOG.md and RELEASE.md are content surfaces checked by the dogfood-release gate. The bump-version script covers structured surfaces only; content surface updates are now written down as a release step.
669
-
670
- ## Auto-Compaction Fix (v0.1.50, v0.1.51)
671
-
672
- Auto-compaction hook moved from `saveCheckpoint()` to clear `maybeCompactRun()` calls after big lifecycle mutations. Fixes test fixture fingerprint instability. Also fixes the dogfood-release version-sync pipeline: always use `npm run bump:version`, never hand-edit version.ts alone.
673
-
674
- ## Control-plane naming (v0.1.76)
675
-
676
- Positioning consistency: every self-describing surface names CW an auditable workflow control-plane / Workflow App framework, not an "SDK" (which lives on only in the red-line disclaimer "embeds no model SDK").
677
-
678
- ## Workflow orchestration: Tracks 1–3 (v0.1.77)
679
-
680
- The orchestration vision came in one release, all reviewer-gated:
681
-
682
- - **Track 1 — telemetry attestation**: each agent's reported token usage is checked against an operator ed25519 trust key (`attested`/`unattested`/`absent`, shown loudly), recorded in a tamper-evident hash-chained ledger; opt-in `require-attested-telemetry` fails closed on usage it cannot check.
683
- - **Track 2 — concurrent failure semantics**: a `parallel()` phase runs its agents at the same time with declared collapse rules — **collect-all** (a failing hop never stops siblings) and **kill-on-timeout** (a hung agent is killed at its deadline and counted as one failure). 16 agents with a forced hang + crash + dirty-return finish with no deadlock and a replay-complete record.
684
- - **Track 3 — boundary contract**: per-task output `schema` validation (dependency-free, parks on mismatch), `limits.tokenBudget` made good against recorded usage, and the one-way executor boundary welded into the type layer (a callable crossing it fails `npm run build`).
685
-
686
- ## Working onboarding + npm distribution (v0.1.78)
687
-
688
- `--agent-command builtin:claude` points to a bundled read-only claude wrapper that finishes workers with a real agent; the cross-directory quickstart crash is fixed; missing optional inputs no longer let `{{name}}` slip into prompts. Published to npm (`cool-workflow`, bins `cw`/`cool-workflow`) with LICENSE and metadata. Live dogfood proof committed under `docs/dogfood/`.
689
-
690
- ## Tamper-evidence demo (v0.1.79)
691
-
692
- `cw demo tamper` — a hermetic, one-command proof that a recorded telemetry verdict cannot be faked without being caught: it builds a real ed25519-signed ledger, fakes it at the ledger layer (verdict flip + recomputed local hash → the chain still breaks) and the signature layer (inflated tokens, reused signature → ed25519 rejects), all checked offline with only the public key. `cw telemetry verify <run>` (`cw_telemetry_verify` on MCP) is the operator-facing re-proof: by default it recomputes the hash chain on disk so any later edit to a recorded verdict or usage digest is caught; add `--pubkey <pem-or-path>` to re-run each `attested` hop's ed25519 signature check against the stored raw usage too. What this does and does **not** prove — taking in the single-keyholder ceiling — is set down in a true way in [Trust Model & Limitations](docs/trust-model.md); read it before you put trust in a green verdict.
693
-
694
- ## Opt-in live agent output during a drive (on main, ships next)
695
-
696
- Set `CW_AGENT_STREAM=1` to see each worker's live agent trace. The bundled claude wrapper (`builtin:claude` / `scripts/agents/claude-p-agent.js`) keeps the legacy `--output-format json` path by default; only the opt-in path runs claude in `--output-format stream-json` and renders a short human trace (tool uses, assistant text, per-turn summaries) to **stderr**. CW core sends that stderr on to the operator's terminal only when `CW_AGENT_STREAM=1`, CW's own stderr is a TTY, and `CW_NO_STREAM` is not set; piped/CI runs stay quiet (Rule of Silence). Core only sends the stream on, never reads it — vendor-specific rendering is the wrapper's business (policy), not the kernel's (mechanism).
697
-
698
- v0.1.79
699
-
700
- ## Fast Architecture Review (v0.1.80)
701
-
702
- Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, Map and Assess results you can use again, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
703
-
704
- _This documentation tracks Cool Workflow v0.1.82. See [CHANGELOG](../../CHANGELOG.md) for the release notes._
705
-
706
- ## Hardening and Onboarding (v0.1.83)
707
-
708
- Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
709
-
710
- ## Privacy Release (v0.1.84)
711
-
712
- This release removes local user path text from saved release review input and adds a scan that keeps those words out of tracked files.
428
+ v0.1.86
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review",
4
4
  "title": "Architecture Review",
5
5
  "summary": "Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review-fast",
4
4
  "title": "Architecture Review Fast",
5
5
  "summary": "Run a shorter architecture review with parallel map and assess phases for faster first results.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -96,6 +96,7 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
96
96
  "verify:p0-p2-risks",
97
97
  [
98
98
  "Re-open evidence for every candidate P0/P1/P2 risk from the fast assessment.",
99
+ contextInstruction(),
99
100
  "Confirm real risks, downgrade unsupported claims, and list exact file paths, commands, logs, or unknowns.",
100
101
  "The cw:result evidence array must cite durable locators."
101
102
  ].join(" "),
@@ -107,6 +108,7 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
107
108
  "verdict:fast-synthesis",
108
109
  [
109
110
  "Synthesize a fast architecture verdict for {{question}}.",
111
+ contextInstruction(),
110
112
  "Include a short answer, compact architecture map, ranked risks, speed recommendations, non-issues, and evidence links.",
111
113
  "State when the full architecture-review app should be scheduled as a background routine.",
112
114
  "The cw:result evidence array must support the final verdict."
@@ -3,7 +3,7 @@
3
3
  "id": "end-to-end-golden-path",
4
4
  "title": "End-to-End Golden Path",
5
5
  "summary": "Deterministic one-worker workflow app for proving the CW integration chain.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "pr-review-fix-ci",
4
4
  "title": "PR Review Fix CI",
5
5
  "summary": "Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "release-cut",
4
4
  "title": "Release Cut",
5
5
  "summary": "Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "research-synthesis",
4
4
  "title": "Research Synthesis",
5
5
  "summary": "Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer.",
6
- "version": "0.1.84",
6
+ "version": "0.1.86",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {