cool-workflow 0.1.84 → 0.1.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/README.md +47 -331
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/architecture-review-fast/workflow.js +2 -0
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/capability-core.js +220 -5
- package/dist/capability-registry.js +90 -51
- package/dist/cli/command-surface.js +47 -2
- package/dist/doctor.js +37 -1
- package/dist/mcp/tool-call.js +428 -0
- package/dist/mcp/tool-definitions.js +1027 -0
- package/dist/mcp-surface.js +5 -1416
- package/dist/onramp.js +421 -0
- package/dist/orchestrator.js +20 -15
- package/dist/run-export.js +139 -1
- package/dist/telemetry-demo.js +119 -0
- package/dist/types/report-bundle.js +6 -0
- package/dist/types.js +1 -0
- package/dist/version.js +1 -1
- package/dist/workbench-host.js +1 -8
- package/docs/agent-delegation-drive.7.md +23 -2
- package/docs/cli-mcp-parity.7.md +38 -7
- package/docs/contract-migration-tooling.7.md +4 -0
- package/docs/control-plane-scheduling.7.md +4 -0
- package/docs/dogfood-one-real-repo.7.md +9 -1
- package/docs/durable-state-and-locking.7.md +4 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
- package/docs/execution-backends.7.md +4 -0
- package/docs/getting-started.md +40 -2
- package/docs/index.md +51 -37
- package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
- package/docs/multi-agent-eval-replay-harness.7.md +4 -0
- package/docs/multi-agent-operator-ux.7.md +4 -0
- package/docs/node-snapshot-diff-replay.7.md +4 -0
- package/docs/observability-cost-accounting.7.md +4 -0
- package/docs/project-index.md +23 -7
- package/docs/real-execution-backends.7.md +4 -0
- package/docs/release-and-migration.7.md +5 -1
- package/docs/release-history.md +342 -0
- package/docs/release-tooling.7.md +18 -0
- package/docs/report-verifiable-bundle.7.md +123 -0
- package/docs/run-registry-control-plane.7.md +4 -0
- package/docs/run-retention-reclamation.7.md +4 -0
- package/docs/state-explosion-management.7.md +4 -0
- package/docs/team-collaboration.7.md +4 -0
- package/docs/web-desktop-workbench.7.md +4 -0
- package/manifest/plugin.manifest.json +1 -1
- package/manifest/source-context-profiles.json +1 -1
- package/package.json +2 -1
- package/scripts/architecture-review-fast.js +44 -2
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +55 -133
- package/scripts/golden-path.js +4 -4
- package/scripts/onramp-check.js +47 -0
- package/scripts/parity-check.js +740 -2
- package/scripts/release-check.js +2 -0
- package/scripts/source-context.js +31 -5
- package/scripts/version-sync-check.js +4 -2
|
@@ -0,0 +1,342 @@
|
|
|
1
|
+
# Cool Workflow Release History
|
|
2
|
+
|
|
3
|
+
This page keeps the long capability notes that used to live in the plugin README.
|
|
4
|
+
Keep the README short: first run, code loop, commands, and links.
|
|
5
|
+
|
|
6
|
+
## Capability Notes
|
|
7
|
+
|
|
8
|
+
CW v0.1.32 adds Team Collaboration: a host-attested actor, append-only
|
|
9
|
+
approvals/rejections/comments/handoffs provenance-linked to a durable target
|
|
10
|
+
(`run|task|candidate|selection|commit|node`), and a review gate that STACKS ON the
|
|
11
|
+
verifier gate. Identity is ATTESTED provenance, never authenticated — a missing
|
|
12
|
+
identity is the clear `unattributed` actor, never a made-up one. The review
|
|
13
|
+
gate is POLICY put on top of the verifier MECHANISM: it runs inside `resolveCommitGate`
|
|
14
|
+
AFTER the verifier checks and can only ADD a required-approvals rule, never
|
|
15
|
+
take away the verifier's — so an approval can never turn an unverified result into a
|
|
16
|
+
committed one. It FAILS CLOSED on quorum, authority, self-approval, and
|
|
17
|
+
unattributed actors, writing down just which approvals are not there, and a
|
|
18
|
+
gate-satisfied commit is marked with WHO approved the very artifact that went out.
|
|
19
|
+
Required approvals, authorized roles, and the self-approval rule are POLICY as data
|
|
20
|
+
(`review policy`), off to start with (pre-v0.1.32 behavior unchanged). Each verb is
|
|
21
|
+
declared once in the capability registry so `cw <cmd> --json` is the same as
|
|
22
|
+
`cw_<tool>`; the v0.1.30 Workbench shows the review timeline read-only and the
|
|
23
|
+
v0.1.31 metrics report adds derived approval-rate/time-to-approval/handoff-count.
|
|
24
|
+
See [docs/team-collaboration.7.md](team-collaboration.7.md).
|
|
25
|
+
|
|
26
|
+
CW v0.1.29 adds Execution Backends: the execution layer is lifted OUT of the
|
|
27
|
+
kernel into drivers you can plug in and swap — `node`, `bun`, `shell`, `container`,
|
|
28
|
+
`remote`, and `ci` — behind ONE small `ExecutionBackend` contract
|
|
29
|
+
(`src/execution-backend.ts`). Built on the lines of a BSD VFS / device-driver layer, the
|
|
30
|
+
kernel (orchestrator/dispatch/pipeline-runner) never learns which backend ran a
|
|
31
|
+
task: WHAT to run and which evidence to record is kernel policy; HOW and WHERE it
|
|
32
|
+
runs is the driver's business. The sandbox profile is the contract — every backend
|
|
33
|
+
makes good or attests each requested read/write/command/network/env dimension, or
|
|
34
|
+
FAILS CLOSED instead of quietly running unsandboxed. The result/evidence
|
|
35
|
+
envelope is schema-identical across backends (CW's own self-verify makes
|
|
36
|
+
byte-stable evidence on `node`, `shell`, and `bun`); the backend id + sandbox
|
|
37
|
+
attestation are recorded AS provenance, so eval/replay, the verifier gates, and
|
|
38
|
+
the v0.1.28 run registry stay backend-agnostic. The container/remote/ci drivers
|
|
39
|
+
DELEGATE and record a handle + attestation + result — CW does not become the
|
|
40
|
+
executor. Selection is like `--sandbox` with a parallel `--backend` flag and
|
|
41
|
+
`backend list|show|probe`, declared once in the capability registry so
|
|
42
|
+
`cw <cmd> --json` is schema-identical to `cw_<tool>`. The default (`node`) backend
|
|
43
|
+
gives pre-v0.1.29 behavior just the same. See
|
|
44
|
+
[docs/execution-backends.7.md](execution-backends.7.md).
|
|
45
|
+
|
|
46
|
+
CW v0.1.31 adds Observability + Cost Accounting: time/duration, failure rate,
|
|
47
|
+
verifier pass rate, candidate acceptance rate, and token/cost — all DERIVED from
|
|
48
|
+
the run state CW already keeps (timestamps → durations; verifier nodes → pass
|
|
49
|
+
rate; candidates → acceptance; failed workers/feedback → failure rate). There is
|
|
50
|
+
NO metrics database, NO collector daemon, NO secret counter. A rate over zero
|
|
51
|
+
samples is `n/a`, never a made-up 0%/100%. Cost is ATTESTED, never measured:
|
|
52
|
+
CW does not call the model, so token usage is recorded as host-attested
|
|
53
|
+
provenance on the existing result/worker intake (absent ⇒ `unreported`, never 0),
|
|
54
|
+
and a money figure is `attested` only from attested usage × a recorded pricing
|
|
55
|
+
policy — guessed pricing is a SEPARATE `estimated` figure, never mixed in.
|
|
56
|
+
Pricing is POLICY as data (`--pricing <path>|default`), out of the kernel.
|
|
57
|
+
`metrics show`/`metrics summary` are declared once in the capability registry so
|
|
58
|
+
`cw <cmd> --json` is byte-identical to `cw_<tool>`, and the v0.1.30 Workbench
|
|
59
|
+
shows a read-only metrics panel from the same payload. See
|
|
60
|
+
[docs/observability-cost-accounting.7.md](observability-cost-accounting.7.md).
|
|
61
|
+
|
|
62
|
+
CW v0.1.30 adds the Web / Desktop Workbench: a console for people that shows a
|
|
63
|
+
run's run graph, blackboard, worker logs, candidate compare, and audit timeline,
|
|
64
|
+
plus a cross-run way in over the v0.1.28 Run Registry. It is a THIRD FRONT
|
|
65
|
+
DOOR next to the CLI (human speed) and MCP (machine context) — all three are
|
|
66
|
+
presentation policy over ONE mechanism. Keeping CW's "no hidden dashboard
|
|
67
|
+
database" promise, the Workbench holds ZERO authoritative state: it is a
|
|
68
|
+
stateless, READ-ONLY renderer over the durable `.cw/` files and the existing
|
|
69
|
+
capability payloads, so each panel is the same as its `cw <cmd> --json` payload
|
|
70
|
+
byte-for-byte (parity-gated) and refresh works it all out again from disk — delete
|
|
71
|
+
the host and nothing is lost. The optional localhost host (`cw workbench serve`)
|
|
72
|
+
binds `127.0.0.1` only, is read-only (writes refused `405`), says no to non-localhost
|
|
73
|
+
`Host` headers and path traversal, and fails closed on unreadable state. It is an
|
|
74
|
+
OPTIONAL surface: the committed `dist/` and a plain `node` runtime keep working
|
|
75
|
+
with the Workbench (and its dependency-light static UI) gone. See
|
|
76
|
+
[docs/web-desktop-workbench.7.md](web-desktop-workbench.7.md).
|
|
77
|
+
|
|
78
|
+
CW v0.1.28 adds the Run Registry / Control Plane: a layer that looks after MANY
|
|
79
|
+
workflow runs across repositories — `run search`, `run resume`, `run archive`, a
|
|
80
|
+
durable `queue`, cross-repo `history`, and failed-run `run rerun` — over the
|
|
81
|
+
per-run `.cw/runs/<id>/state.json`, which stays the one true source. The
|
|
82
|
+
registry (`src/run-registry.ts`) is a DERIVED, rebuildable, fingerprinted index:
|
|
83
|
+
it sorts a documented lifecycle (`queued → running → blocked → completed →
|
|
84
|
+
failed → archived`), finds runs cross-repo through a plain-file home registry
|
|
85
|
+
(`CW_HOME`/XDG), and fails closed — tampered or missing source comes up as
|
|
86
|
+
`stale`/`missing` and starts a rebuild, never a made-up status. Resume
|
|
87
|
+
goes on with a run, rerun makes a NEW run tied to the first one by provenance, and
|
|
88
|
+
archive marks it without deleting source. Every verb is declared once in the
|
|
89
|
+
capability registry, so `cw <cmd> --json` is schema-identical to `cw_<tool>`. See
|
|
90
|
+
[docs/run-registry-control-plane.7.md](run-registry-control-plane.7.md).
|
|
91
|
+
|
|
92
|
+
CW v0.1.27 adds CLI ↔ MCP Parity: the command-line surface and the MCP surface
|
|
93
|
+
are now two views of ONE data source, declared in a single capability
|
|
94
|
+
registry (`src/capability-registry.ts`) and kept fail-closed. Each capability
|
|
95
|
+
names one shared core `entry`; `cw <cmd> --json` is payload-identical to the
|
|
96
|
+
matching `cw_<tool>` MCP result, the CLI stays short for people while MCP stays
|
|
97
|
+
full for machines, and `npm run parity:check` (wired into `release:check`)
|
|
98
|
+
stops any drift — a capability on only one surface, an undeclared tool or
|
|
99
|
+
command, or a payload that does not match. See
|
|
100
|
+
[docs/cli-mcp-parity.7.md](cli-mcp-parity.7.md).
|
|
101
|
+
|
|
102
|
+
CW v0.1.26 adds the Evidence Adoption Reasoning Chain: a derived, fingerprinted,
|
|
103
|
+
fail-closed view that makes clear *why* each evidence item was adopted, rejected,
|
|
104
|
+
superseded, or conflicting. For every gate (`fanin`, `candidate-score`,
|
|
105
|
+
`selection`, `verifier`, `commit`) it records the decision, basis (evidence +
|
|
106
|
+
provenance + trust source), authority (role/membership/worker + role policy),
|
|
107
|
+
rationale (using existing reason fields again), and counterfactual (the other choices
|
|
108
|
+
that lost). A "why" that cannot be traced to a real record comes up as
|
|
109
|
+
`unexplained` rather than a made-up rationale. New surfaces: `multi-agent
|
|
110
|
+
reasoning <run-id> [--evidence <id>] [--refresh]`, the MCP tools
|
|
111
|
+
`cw_evidence_reasoning` and `cw_evidence_reasoning_refresh`, and an added
|
|
112
|
+
`rationaleStatus` on `multi-agent evidence`. The chain is derived, never
|
|
113
|
+
the top authority over raw state, and kept under `.cw/runs/<run-id>/reasoning/`.
|
|
114
|
+
See
|
|
115
|
+
[docs/evidence-adoption-reasoning-chain.7.md](evidence-adoption-reasoning-chain.7.md).
|
|
116
|
+
|
|
117
|
+
CW v0.1.25 adds State Explosion Management: durable, versioned,
|
|
118
|
+
provenance-backed summary records (`MultiAgentSummaryIndex`,
|
|
119
|
+
`BlackboardSummaryRecord`, `GraphSummaryRecord`, `OperatorDigest`,
|
|
120
|
+
`StateExplosionReport`), small and pointed graph views with built-up summary
|
|
121
|
+
nodes, blackboard digests, and eval/replay-gated freshness checks. Summaries are
|
|
122
|
+
derived userland indexes that never delete raw blackboard, graph, audit, or
|
|
123
|
+
evidence records and fail closed when stale. New surfaces: `summary refresh`,
|
|
124
|
+
`summary show`, `blackboard summarize`, `multi-agent summarize`, and
|
|
125
|
+
`multi-agent graph --view`. See
|
|
126
|
+
[docs/state-explosion-management.7.md](state-explosion-management.7.md).
|
|
127
|
+
|
|
128
|
+
CW v0.1.24 makes harder state loading, migrations, MCP tool calls, multi-agent and
|
|
129
|
+
blackboard persistence, and eval/replay artifact validation with fail-closed
|
|
130
|
+
operator diagnostics.
|
|
131
|
+
|
|
132
|
+
CW v0.1.23 adds Multi-Agent Eval & Replay Harness: deterministic snapshots,
|
|
133
|
+
isolated replays, normalized comparisons, replay scoring, release gates, human
|
|
134
|
+
reports, and MCP parity for topology-backed multi-agent runs. See
|
|
135
|
+
[docs/multi-agent-eval-replay-harness.7.md](multi-agent-eval-replay-harness.7.md).
|
|
136
|
+
|
|
137
|
+
CW v0.1.22 adds Multi-Agent Trust / Policy / Audit: role policies, permission
|
|
138
|
+
decisions, provenance-rich blackboard messages, blackboard write audit, judge
|
|
139
|
+
rationale, panel decisions, and policy violations in the existing trust-audit
|
|
140
|
+
log. See
|
|
141
|
+
[docs/multi-agent-trust-policy-audit.7.md](multi-agent-trust-policy-audit.7.md).
|
|
142
|
+
|
|
143
|
+
CW v0.1.21 adds Multi-Agent Operator UX: small graph, dependencies,
|
|
144
|
+
failures, and evidence adoption views for topology-backed multi-agent runs.
|
|
145
|
+
Operators can trace agent -> dependency -> evidence -> fanin -> score ->
|
|
146
|
+
selection -> verifier-gated commit with no separate dashboard state. See
|
|
147
|
+
[docs/multi-agent-operator-ux.7.md](multi-agent-operator-ux.7.md).
|
|
148
|
+
|
|
149
|
+
CW v0.1.20 adds Multi-Agent CLI + MCP Surface: the host loop to go for, for
|
|
150
|
+
`multi-agent run`, `multi-agent status`, `multi-agent step`,
|
|
151
|
+
`multi-agent blackboard`, `multi-agent score`, and `multi-agent select`.
|
|
152
|
+
The matching MCP tools are `cw_multi_agent_run`, `cw_multi_agent_status`,
|
|
153
|
+
`cw_multi_agent_step`, `cw_multi_agent_blackboard`, `cw_multi_agent_score`,
|
|
154
|
+
and `cw_multi_agent_select`. See
|
|
155
|
+
[docs/multi-agent-cli-mcp-surface.7.md](multi-agent-cli-mcp-surface.7.md).
|
|
156
|
+
|
|
157
|
+
CW v0.1.19 adds Multi-Agent Topologies: official `map-reduce`, `debate`, and
|
|
158
|
+
`judge-panel` coordination definitions with validation, apply-time
|
|
159
|
+
materialization, topology run state, topology graphs, Operator UX panels, trust
|
|
160
|
+
audit provenance, CLI commands, and MCP parity. Applying a topology makes the
|
|
161
|
+
linked MultiAgentRun, roles, groups, fanout, blackboard topics, coordinator
|
|
162
|
+
decisions, and deterministic next actions that the agent host can do.
|
|
163
|
+
See [docs/multi-agent-topologies.7.md](multi-agent-topologies.7.md).
|
|
164
|
+
|
|
165
|
+
CW v0.1.18 adds Coordinator / Blackboard: first-class shared topics,
|
|
166
|
+
messages, context frames, artifact refs, snapshots, and coordinator decisions.
|
|
167
|
+
The blackboard is the coordination filesystem used by topology runs to index
|
|
168
|
+
evidence, conflicts, fanin readiness, and synthesis decisions. See
|
|
169
|
+
[docs/coordinator-blackboard.7.md](coordinator-blackboard.7.md).
|
|
170
|
+
|
|
171
|
+
CW v0.1.17 added Multi-Agent Runtime Core: first-class `MultiAgentRun`,
|
|
172
|
+
`AgentRole`, `AgentGroup`, `AgentMembership`, `AgentFanout`, and `AgentFanin`
|
|
173
|
+
state with lifecycle validation, dispatch attachment, worker manifest metadata,
|
|
174
|
+
fanin evidence coverage, Operator UX panels, trust audit events, CLI commands,
|
|
175
|
+
and MCP parity. See
|
|
176
|
+
[docs/multi-agent-runtime-core.7.md](multi-agent-runtime-core.7.md).
|
|
177
|
+
|
|
178
|
+
CW v0.1.16 adds Dogfood One Real Repo: a dry-run release proof that runs the
|
|
179
|
+
canonical `release-cut` app against this repository, records real command
|
|
180
|
+
evidence, scores/selects a release candidate, makes a verifier-gated CW state
|
|
181
|
+
commit, and makes trust clear through audit provenance. See
|
|
182
|
+
[docs/dogfood-one-real-repo.7.md](dogfood-one-real-repo.7.md).
|
|
183
|
+
|
|
184
|
+
CW v0.1.15 adds Security / Trust Hardening: durable trust audit records,
|
|
185
|
+
worker sandbox decision history, evidence provenance, acceptance rationale,
|
|
186
|
+
and CLI/MCP audit inspection. See
|
|
187
|
+
[docs/security-trust-hardening.7.md](security-trust-hardening.7.md).
|
|
188
|
+
|
|
189
|
+
CW v0.1.14 added Release & Migration Discipline: clear run-state schema
|
|
190
|
+
migration policy, fixture-based backward compatibility tests, version
|
|
191
|
+
synchronization checks, and a dry-run release gate. See
|
|
192
|
+
[docs/release-and-migration.7.md](release-and-migration.7.md).
|
|
193
|
+
|
|
194
|
+
CW v0.1.13 completes the MCP / App Surface so agent hosts can take CW as a
|
|
195
|
+
runtime in place of a CLI wrapper. MCP now covers app runs, worker inspection and
|
|
196
|
+
output recording, candidate scoring/selection, sandbox profile resolution,
|
|
197
|
+
verifier-gated commits, and structured operator summaries while keeping old
|
|
198
|
+
tool names. See [docs/mcp-app-surface.7.md](mcp-app-surface.7.md).
|
|
199
|
+
|
|
200
|
+
CW v0.1.12 added Operator UX: human-readable status, graph, report summaries,
|
|
201
|
+
resource summaries, commit/feedback/worker/candidate panels, and deterministic
|
|
202
|
+
next-step suggestions. JSON is still there with `--json` or
|
|
203
|
+
`--format json`. See [docs/operator-ux.7.md](operator-ux.7.md).
|
|
204
|
+
|
|
205
|
+
CW v0.1.11 added Canonical Workflow Apps: official app-directory userland for
|
|
206
|
+
`architecture-review`, `pr-review-fix-ci`, `release-cut`, and
|
|
207
|
+
`research-synthesis`. They validate and plan through `npm run canonical-apps`
|
|
208
|
+
and are the app matrix used to judge if the framework is nice to use, steady, and
|
|
209
|
+
able to say much. See
|
|
210
|
+
[docs/canonical-workflow-apps.7.md](canonical-workflow-apps.7.md).
|
|
211
|
+
|
|
212
|
+
CW v0.1.10 added the End-to-End Golden Path: a deterministic regression command
|
|
213
|
+
that validates a first-class app, plans a run, dispatches a readonly isolated
|
|
214
|
+
worker, records a simulated worker result, scores/selects a candidate, makes a
|
|
215
|
+
verifier-gated commit, and renders a report. See
|
|
216
|
+
[docs/end-to-end-golden-path.7.md](end-to-end-golden-path.7.md).
|
|
217
|
+
|
|
218
|
+
CW v0.1.9 added the Workflow App framework: first-class app metadata, validation,
|
|
219
|
+
deterministic app discovery, app CLI/MCP tools, app templates, and run
|
|
220
|
+
state/report metadata. See
|
|
221
|
+
[docs/workflow-app-framework.7.md](workflow-app-framework.7.md).
|
|
222
|
+
|
|
223
|
+
CW v0.1.8 added Sandbox Profiles: named worker policy contracts for read paths,
|
|
224
|
+
write paths, command execution, network access, and environment exposure. CW
|
|
225
|
+
keeps and validates the policy, while the agent host makes good the OS/process
|
|
226
|
+
runtime controls. See [docs/sandbox-profiles.7.md](sandbox-profiles.7.md).
|
|
227
|
+
|
|
228
|
+
## Release Notes
|
|
229
|
+
|
|
230
|
+
## Release Tooling (v0.1.33)
|
|
231
|
+
|
|
232
|
+
the per-tag mechanical surfaces (version bump across 17 surfaces, feature scaffold, and the forward-reference docs) become deterministic scripts, with a release gate that has no copies. See release-tooling(7).
|
|
233
|
+
|
|
234
|
+
## Real Execution Backend Integrations (v0.1.34)
|
|
235
|
+
|
|
236
|
+
container/remote/ci backends really do the work (docker/podman run, remote/CI POST-and-poll) under the sandbox contract, with byte-stable evidence vs node and fail-closed refusal when a runtime/endpoint is not there to use. See real-execution-backends(7).
|
|
237
|
+
|
|
238
|
+
## Node Snapshot / Diff / Replay (v0.1.35)
|
|
239
|
+
|
|
240
|
+
per-node snapshot, structural diff, and isolated deterministic replay over StateNode, using the v0.1.23 eval harness again; fail-closed on source drift (valid|stale|absent). See node-snapshot-diff-replay(7).
|
|
241
|
+
|
|
242
|
+
## Contract Migration Tooling (v0.1.36)
|
|
243
|
+
|
|
244
|
+
first-class declared migration registry (run-state + workflow-app) with per-edge compatibility proofs, fail-closed reachability, and a round-trip/non-destruction prover. See contract-migration-tooling(7).
|
|
245
|
+
|
|
246
|
+
## Control-Plane Scheduling (v0.1.37)
|
|
247
|
+
|
|
248
|
+
priority + concurrency limits + lease lifecycle + retry/backoff + fail-closed park over the v0.1.28 Run Registry queue; policy-as-data, deterministic. See control-plane-scheduling(7).
|
|
249
|
+
|
|
250
|
+
## Agent Delegation Drive (v0.1.38)
|
|
251
|
+
|
|
252
|
+
start up an outside agent process per worker, catch result.md + attestation, auto-drive plan->dispatch->fulfill->accept->commit
|
|
253
|
+
|
|
254
|
+
## Run Retention & Provable Reclamation (v0.1.39)
|
|
255
|
+
|
|
256
|
+
tiered, append-only, cryptographically-verifiable disk reclamation: `gc plan|run|verify` close up the audit skeleton, free the reconstructable/scratch bulk, and prove it by way of a hash-chained tombstone. Write-ahead + fail-closed (skeleton -> tombstone -> fsync -> free); clear capability downgrade (verify-only / re-runnable-by-reconstruction); CW never reclaims to start with.
|
|
257
|
+
|
|
258
|
+
## Durable State & Locking (v0.1.40)
|
|
259
|
+
|
|
260
|
+
every authoritative write is now atomic (temp -> rename, so a crash can never cut short state.json) with fsync-durability for the audit-essential stores; the cross-process read-modify-write stores (home queue, archive overlay, reclamation chain) are serialized by a portable stale-stealing file lock. Closes the architecture self-audit's non-atomic/unlocked P1 and pulls reclamation's result-node re-point inside the write-ahead boundary (durable persist + dangling-ref proof before any free) with a content-validated skeleton.
|
|
261
|
+
|
|
262
|
+
## Self-Audit Hardening & Pure-Router Decomposition (v0.1.41)
|
|
263
|
+
|
|
264
|
+
closes the v0.1.41 architecture self-audit's real findings and pays down its top maintainability debt. Hardening: evidence-gated commits now need GROUNDED locators (path/URL/namespace:value), not just presence, with opt-in `CW_REQUIRE_RESOLVABLE_EVIDENCE` on-disk resolution; the trust-audit event log is appended with fsync (durable like state.json); path containment is symlink-hardened (realpath of the deepest existing ancestor) across sandbox checks and reclamation proofs; worker ids are deterministic; coordinator secret redaction recurses. Maintainability: the `descriptor.id ===` switches in the execution backend are gone — drivers self-describe through a `registerBackend` registry — and the ~2100-line CoolWorkflowRunner god-object is broken up into per-domain operation modules under `src/orchestrator/`, leaving the runner a pure `loadRun -> delegate` router. Behavior-preserving (verified by adversarial review + full release:check).
|
|
265
|
+
|
|
266
|
+
## Robust Result Ingest (v0.1.42)
|
|
267
|
+
|
|
268
|
+
catch findings/evidence from any agent shape that makes sense (alt keys + prose), CW works out grounded evidence itself, warn on empty capture — closes the v0.1.41 live-drive 'accepted with 0 captured' failure
|
|
269
|
+
|
|
270
|
+
## No-False-Green Gate & Launch Prep (v0.1.43)
|
|
271
|
+
|
|
272
|
+
Hard gate stopping empty-capture verifier-gated commits, plus quickstart and launch-prep docs.
|
|
273
|
+
|
|
274
|
+
## Release-Gate Determinism & Agents Vendor (v0.1.44)
|
|
275
|
+
|
|
276
|
+
Release-readiness checks now validate the committed blob (`git show HEAD:<path>`) in place of the mutable working tree — doing away with false-red/false-green from concurrent working-tree writes (iCloud/Spotlight/editor). Adds the `agents` vendor manifest target: a generated `.agents/plugins/cool-workflow/` adapter that gives any non-Claude AI agent one shared way in to CW.
|
|
277
|
+
|
|
278
|
+
## Migration DAG (v0.1.45)
|
|
279
|
+
|
|
280
|
+
Puts in place of the linear migration chain a BFS graph path resolver (`findMigrationPath()`) over directed migration edges. Each `StateMigrationStep` carries an optional `reverse()` function, which makes rollback/downgrade paths possible by way of `reverseRunState()`.
|
|
281
|
+
|
|
282
|
+
## Capability Auto-Discovery (v0.1.46)
|
|
283
|
+
|
|
284
|
+
`registerCapability()` builder pattern takes the place of by-hand registry entries. Capabilities self-register at implementation sites by way of Map-based dedup; no need to touch `capability-registry.ts`. New capabilities call `registerCapability()` next to their entry function.
|
|
285
|
+
|
|
286
|
+
## Vendor-Adapter Registry (v0.1.47)
|
|
287
|
+
|
|
288
|
+
Data-driven manifest generation: vendor JSON shapes taken out of `gen-manifests.js` into declarative templates in `plugin.manifest.json`. A `_resolveTemplate()` engine works out `{{path.to.field}}` markers. Adding a new AI platform is pure data. Cross-vendor is proven by boot, not just by generation: `npm run manifest:load-check` (`node test/vendor-manifest-load-smoke.js`) loads every generated manifest (claude, codex, agents, gemini, opencode) and makes sure each shows the full tool surface (184 tools).
|
|
289
|
+
|
|
290
|
+
## P2 Fixes (v0.1.48)
|
|
291
|
+
|
|
292
|
+
State auto-compaction by way of `setPostSaveCallback()` hook — after every `saveCheckpoint()`, the orchestrator checks `computeStateSize()` and auto-starts compaction. Agent dedup docs, npm `ci` aggregate script.
|
|
293
|
+
|
|
294
|
+
## CI Content-Surface Fix (v0.1.49)
|
|
295
|
+
|
|
296
|
+
CHANGELOG.md and RELEASE.md are content surfaces checked by the dogfood-release gate. The bump-version script covers structured surfaces only; content surface updates are now written down as a release step.
|
|
297
|
+
|
|
298
|
+
## Auto-Compaction Fix (v0.1.50, v0.1.51)
|
|
299
|
+
|
|
300
|
+
Auto-compaction hook moved from `saveCheckpoint()` to clear `maybeCompactRun()` calls after big lifecycle mutations. Fixes test fixture fingerprint instability. Also fixes the dogfood-release version-sync pipeline: always use `npm run bump:version`, never hand-edit version.ts alone.
|
|
301
|
+
|
|
302
|
+
## Control-plane naming (v0.1.76)
|
|
303
|
+
|
|
304
|
+
Positioning consistency: every self-describing surface names CW an auditable workflow control-plane / Workflow App framework, not an "SDK" (which lives on only in the red-line disclaimer "embeds no model SDK").
|
|
305
|
+
|
|
306
|
+
## Workflow orchestration: Tracks 1–3 (v0.1.77)
|
|
307
|
+
|
|
308
|
+
The orchestration vision came in one release, all reviewer-gated:
|
|
309
|
+
|
|
310
|
+
- **Track 1 — telemetry attestation**: each agent's reported token usage is checked against an operator ed25519 trust key (`attested`/`unattested`/`absent`, shown loudly), recorded in a tamper-evident hash-chained ledger; opt-in `require-attested-telemetry` fails closed on usage it cannot check.
|
|
311
|
+
- **Track 2 — concurrent failure semantics**: a `parallel()` phase runs its agents at the same time with declared collapse rules — **collect-all** (a failing hop never stops siblings) and **kill-on-timeout** (a hung agent is killed at its deadline and counted as one failure). 16 agents with a forced hang + crash + dirty-return finish with no deadlock and a replay-complete record.
|
|
312
|
+
- **Track 3 — boundary contract**: per-task output `schema` validation (dependency-free, parks on mismatch), `limits.tokenBudget` made good against recorded usage, and the one-way executor boundary welded into the type layer (a callable crossing it fails `npm run build`).
|
|
313
|
+
|
|
314
|
+
## Working onboarding + npm distribution (v0.1.78)
|
|
315
|
+
|
|
316
|
+
`--agent-command builtin:claude` points to a bundled read-only claude wrapper that finishes workers with a real agent; the cross-directory quickstart crash is fixed; missing optional inputs no longer let `{{name}}` slip into prompts. Published to npm (`cool-workflow`, bins `cw`/`cool-workflow`) with LICENSE and metadata. Live dogfood proof committed under `docs/dogfood/`.
|
|
317
|
+
|
|
318
|
+
## Tamper-evidence demo (v0.1.79)
|
|
319
|
+
|
|
320
|
+
`cw demo tamper` — a hermetic, one-command proof that a recorded telemetry verdict cannot be faked without being caught: it builds a real ed25519-signed ledger, fakes it at the ledger layer (verdict flip + recomputed local hash → the chain still breaks) and the signature layer (inflated tokens, reused signature → ed25519 rejects), all checked offline with only the public key. `cw telemetry verify <run>` (`cw_telemetry_verify` on MCP) is the operator-facing re-proof: by default it recomputes the hash chain on disk so any later edit to a recorded verdict or usage digest is caught; add `--pubkey <pem-or-path>` to re-run each `attested` hop's ed25519 signature check against the stored raw usage too. What this does and does **not** prove — taking in the single-keyholder ceiling — is set down in a true way in [Trust Model & Limitations](trust-model.md); read it before you put trust in a green verdict.
|
|
321
|
+
|
|
322
|
+
## Opt-in live agent output during a drive (on main, ships next)
|
|
323
|
+
|
|
324
|
+
Set `CW_AGENT_STREAM=1` to see each worker's live agent trace. The bundled claude wrapper (`builtin:claude` / `scripts/agents/claude-p-agent.js`) keeps the legacy `--output-format json` path by default; only the opt-in path runs claude in `--output-format stream-json` and renders a short human trace (tool uses, assistant text, per-turn summaries) to **stderr**. CW core sends that stderr on to the operator's terminal only when `CW_AGENT_STREAM=1`, CW's own stderr is a TTY, and `CW_NO_STREAM` is not set; piped/CI runs stay quiet (Rule of Silence). Core only sends the stream on, never reads it — vendor-specific rendering is the wrapper's business (policy), not the kernel's (mechanism).
|
|
325
|
+
|
|
326
|
+
v0.1.79
|
|
327
|
+
|
|
328
|
+
## Fast Architecture Review (v0.1.80)
|
|
329
|
+
|
|
330
|
+
Adds the opt-in fast architecture-review lane: scoped JSONL source contexts, diff-aware exports, Map and Assess results you can use again, wrapper metrics you can measure, a background full-review handoff you can act on, and userland model policy flags for routing fast/strong workers without changing the full review contract.
|
|
331
|
+
|
|
332
|
+
_This documentation tracks Cool Workflow v0.1.85. See [CHANGELOG](../../CHANGELOG.md) for the release notes._
|
|
333
|
+
|
|
334
|
+
## Hardening and Onboarding (v0.1.83)
|
|
335
|
+
|
|
336
|
+
Loaders fail closed on corrupt state; store writes are made safe under more than one writer; a new cw doctor checks your setup; help lists every command; and the docs are put into Basic English.
|
|
337
|
+
|
|
338
|
+
## Privacy Release (v0.1.84)
|
|
339
|
+
|
|
340
|
+
This release removes local user path text from saved release review input and adds a scan that keeps those words out of tracked files.
|
|
341
|
+
|
|
342
|
+
v0.1.85
|
|
@@ -62,6 +62,20 @@ keeps full coverage while cutting the doubled wall time. The steps that stay
|
|
|
62
62
|
are the ones NOT covered by `npm test`: build, type check, `npm test`,
|
|
63
63
|
canonical-apps, golden-path, parity, vendor-manifest drift, and `version:sync`.
|
|
64
64
|
|
|
65
|
+
For timing work, the smoke runner can write a JSON timing report without changing
|
|
66
|
+
the normal output:
|
|
67
|
+
|
|
68
|
+
```text
|
|
69
|
+
npm run test:ci -- --json-summary /tmp/cw-test-summary.json
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
The file lists wall time, total child time, and the slowest smokes. Use it to
|
|
73
|
+
pick one speed cycle at a time; it is diagnostic, not a hard release threshold.
|
|
74
|
+
|
|
75
|
+
The dogfood release smoke and the architecture-review dogfood smoke are separate
|
|
76
|
+
test files. The split keeps the same release and agent-drive proof, but lets
|
|
77
|
+
`test:ci` schedule the two long checks in parallel.
|
|
78
|
+
|
|
65
79
|
## Boundary
|
|
66
80
|
|
|
67
81
|
Release Tooling touches only the build/release surfaces. It adds no runtime
|
|
@@ -213,3 +227,7 @@ Loaders fail closed on corrupt state; store writes are made safe under more than
|
|
|
213
227
|
## Privacy Release (v0.1.84)
|
|
214
228
|
|
|
215
229
|
`release-flow` now writes reviewer input with repo-local paths, so local user home names do not enter the saved review prompt.
|
|
230
|
+
|
|
231
|
+
0.1.85
|
|
232
|
+
|
|
233
|
+
0.1.86
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
# Verifiable Report Bundle
|
|
2
|
+
|
|
3
|
+
CW v0.1.85 adds the Verifiable Report Bundle: a way to hand someone a run's report
|
|
4
|
+
that they can check themselves, OFFLINE, with one command — no source repo, no
|
|
5
|
+
pre-existing `.cw` tree, and no key passed on the side.
|
|
6
|
+
|
|
7
|
+
Before this, a run could be exported to a portable `<id>.cwrun.json` archive
|
|
8
|
+
([Run Registry / Control Plane](run-registry-control-plane.7.md)) and its bytes
|
|
9
|
+
re-proven with `cw run inspect-archive`. But two things stopped a stranger from
|
|
10
|
+
fully verifying it:
|
|
11
|
+
|
|
12
|
+
- The ed25519 PUBLIC key that re-checks the signed telemetry came only from
|
|
13
|
+
`--pubkey` or the `CW_AGENT_ATTEST_PUBKEY` environment variable — it did not
|
|
14
|
+
travel with the archive.
|
|
15
|
+
- `inspect-archive` proves the archive's own file digests, not the telemetry hash
|
|
16
|
+
chain or the signatures. Re-proving those meant `cw run import` into a real
|
|
17
|
+
`.cw` tree and then `cw run verify-import` — too much to ask of a recipient.
|
|
18
|
+
|
|
19
|
+
The Verifiable Report Bundle closes both gaps without a new archive format.
|
|
20
|
+
|
|
21
|
+
## Mechanism vs Policy
|
|
22
|
+
|
|
23
|
+
The MECHANISM is three small additions to the existing export/verify path:
|
|
24
|
+
|
|
25
|
+
1. `cw run export <run> --with-trust-key <pem-or-path>` embeds the operator's
|
|
26
|
+
ed25519 PUBLIC key into the archive under a new optional `trust` block
|
|
27
|
+
(`{ publicKeyPem, algorithm: "ed25519" }`). Only a public key is ever embedded;
|
|
28
|
+
CW never exports a private key. The flag defaults to `CW_AGENT_ATTEST_PUBKEY`,
|
|
29
|
+
so one configured key both attests at record-time and travels with the export.
|
|
30
|
+
A raw inline PEM begins with `-----`, which the CLI parses as a flag — so the
|
|
31
|
+
CLI form takes a key FILE PATH; an inline PEM is accepted programmatically and
|
|
32
|
+
via the environment variable.
|
|
33
|
+
|
|
34
|
+
2. `cw report verify-bundle <bundle>` verifies the bundle SELF-CONTAINED and
|
|
35
|
+
OFFLINE. It reuses the existing verifiers end to end: `inspectArchive` for the
|
|
36
|
+
archive bytes, then a restore into a throwaway temp dir (auto-removed) so
|
|
37
|
+
`verifyImportedRun` re-proves the telemetry hash chain and the trust-audit
|
|
38
|
+
chain, then `verifyTelemetrySignatures` re-runs ed25519 over each attested hop
|
|
39
|
+
using the key the bundle carries. It writes nothing to any registry.
|
|
40
|
+
|
|
41
|
+
3. `cw report bundle <run>` is the PRODUCER counterpart: it exports a sealed
|
|
42
|
+
bundle (step 1) and then immediately self-verifies it (step 2), returning the
|
|
43
|
+
archive path and the verification verdict together. It fails closed — a solo
|
|
44
|
+
operator never hands off a report whose bundle does not verify (for example, no
|
|
45
|
+
trust key configured under `--strict-signatures`). `--extract-report` also
|
|
46
|
+
writes the human-readable `report.md` next to the bundle so the shippable pair
|
|
47
|
+
is produced in one command. It is pure composition; it spawns nothing.
|
|
48
|
+
|
|
49
|
+
`cw quickstart <app> --bundle [--with-trust-key K]` folds step 3 into the
|
|
50
|
+
one-command entry: after the drive reaches `status: complete`, it seals the run
|
|
51
|
+
with `reportBundle` (anchored to the run's own repo) and returns the verdict as
|
|
52
|
+
`result.bundle`. It is gated on completion — a blocked/partial run is **never**
|
|
53
|
+
sealed (the operator gets a `hint`, not a half-shipped artifact) — and the CLI
|
|
54
|
+
exits non-zero when `result.bundle.ok` is false. `quickstart` stays `cli-only`;
|
|
55
|
+
MCP hosts compose `cw_run_drive_step` + `cw_report_bundle` for the same outcome.
|
|
56
|
+
|
|
57
|
+
Because the README headline runs quickstart cross-directory (your shell cwd is not
|
|
58
|
+
the `--repo`), the run is resolved from its own repo, but the bundle's OUTPUT —
|
|
59
|
+
the `.cwrun.json` and any `--extract-report` — lands in **your cwd**, not the
|
|
60
|
+
analyzed repo (so `cw quickstart … --bundle --extract-report out.md && send out.md`
|
|
61
|
+
works and the repo's working tree is never polluted). `result.bundle.archivePath`
|
|
62
|
+
and `result.bundle.reportExtractedTo` report the absolute paths.
|
|
63
|
+
|
|
64
|
+
The POLICY is fail-closed and self-describing:
|
|
65
|
+
|
|
66
|
+
- Key precedence is **bundle > `--pubkey` > `CW_AGENT_ATTEST_PUBKEY`**, so a bundle
|
|
67
|
+
with an embedded key verifies the same on any machine; the override/env only
|
|
68
|
+
apply when the bundle omits a key.
|
|
69
|
+
- `ok` is true only when the archive bytes, the telemetry chain, and the
|
|
70
|
+
trust-audit chain all verify AND no attested signature failed re-verification.
|
|
71
|
+
- A bundle with attested telemetry but no available key DEGRADES by default
|
|
72
|
+
(`signatureKeyProvided: false`, the intact chain still decides `ok`).
|
|
73
|
+
`--strict-signatures` refuses such a bundle instead.
|
|
74
|
+
- `--extract-report <path>` writes the bundle's `report.md` out for a human to
|
|
75
|
+
read alongside the machine verdict. If extraction is requested but the bundle
|
|
76
|
+
has no `report.md` (or the write fails), that is a failure, not a silent no-op:
|
|
77
|
+
a `extract-report` / `report-md-unavailable` check is recorded and `ok` is
|
|
78
|
+
false — so a producer never ships a green verdict with no report attached.
|
|
79
|
+
|
|
80
|
+
## Fail closed
|
|
81
|
+
|
|
82
|
+
`cw report verify-bundle` exits non-zero whenever `ok` is false, so
|
|
83
|
+
`cw report verify-bundle <file> && ship` cannot pass on a forgery. This holds even
|
|
84
|
+
for a telemetry chain forged so that every archive file digest still matches: the
|
|
85
|
+
file-digest layer (`inspect-archive`) would wave it through, but the embedded hash
|
|
86
|
+
chain breaks at the next record and the signature re-verification rejects inflated
|
|
87
|
+
usage. A missing, unreadable, or schema-unsupported bundle is also `ok: false`.
|
|
88
|
+
|
|
89
|
+
## Usage
|
|
90
|
+
|
|
91
|
+
```
|
|
92
|
+
# See it in 30 seconds, hermetic — no agent, no API key, no repo:
|
|
93
|
+
npx cool-workflow demo bundle
|
|
94
|
+
# -> builds a sealed bundle, forges it two ways, and shows verify-bundle
|
|
95
|
+
# catching both offline with only the embedded public key.
|
|
96
|
+
|
|
97
|
+
# Run the review AND get a shippable, client-verifiable bundle from ONE command:
|
|
98
|
+
cw quickstart architecture-review --repo . --question "What are the risks?" \
|
|
99
|
+
--agent-command "claude -p" --bundle --with-trust-key ./trust-pub.pem
|
|
100
|
+
# -> after the drive COMPLETES, the run is sealed into a self-verified bundle and
|
|
101
|
+
# the verdict is folded into the quickstart JSON (result.bundle). Exits non-zero
|
|
102
|
+
# if that bundle would not verify. A run that did not complete is never sealed.
|
|
103
|
+
|
|
104
|
+
# Produce-and-prove from an existing run: export sealed + self-verify + emit the report.
|
|
105
|
+
cw report bundle <run-id> --with-trust-key ./trust-pub.pem \
|
|
106
|
+
--output report.cwrun.json --extract-report report.md
|
|
107
|
+
# -> exits non-zero if the produced bundle would not verify (don't ship it).
|
|
108
|
+
|
|
109
|
+
# Or the two steps separately:
|
|
110
|
+
cw run export <run-id> --with-trust-key ./trust-pub.pem --output report.cwrun.json
|
|
111
|
+
|
|
112
|
+
# Anyone, anywhere, offline — no repo, no key handed over, no install beyond npx:
|
|
113
|
+
npx cool-workflow report verify-bundle report.cwrun.json
|
|
114
|
+
npx cool-workflow report verify-bundle report.cwrun.json --extract-report report.md
|
|
115
|
+
npx cool-workflow report verify-bundle report.cwrun.json --strict-signatures --json
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
The same capability is on the MCP surface as `cw_report_verify_bundle`, so an agent
|
|
119
|
+
host re-verifies a bundle through the identical core entry.
|
|
120
|
+
|
|
121
|
+
See also [Security / Trust Hardening](security-trust-hardening.7.md) and the trust
|
|
122
|
+
model's honest ceiling: a signature proves non-repudiable attribution to the key
|
|
123
|
+
holder, not ground-truth measurement.
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"_comment": "SINGLE SOURCE OF TRUTH for every vendor manifest. Edit THIS file, then run `npm run gen:manifests`. Do NOT hand-edit the generated vendor manifests (.claude-plugin/, .codex-plugin/, .agents/, .mcp.json) — `npm run gen:manifests -- --check` (run by release:check) will fail if they drift from this source.",
|
|
3
3
|
"identity": {
|
|
4
4
|
"name": "cool-workflow",
|
|
5
|
-
"version": "0.1.
|
|
5
|
+
"version": "0.1.86",
|
|
6
6
|
"license": "BSD-2-Clause",
|
|
7
7
|
"homepage": "https://github.com/coo1white/cool-workflow",
|
|
8
8
|
"author": {
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
},
|
|
26
26
|
"runtime": {
|
|
27
27
|
"description": "Runtime-kernel source context for state, orchestration, scheduling, execution, and shared types.",
|
|
28
|
-
"maxLines":
|
|
28
|
+
"maxLines": 43000,
|
|
29
29
|
"include": [
|
|
30
30
|
"plugins/cool-workflow/src/**",
|
|
31
31
|
"plugins/cool-workflow/package.json",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cool-workflow",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.86",
|
|
4
4
|
"bin": {
|
|
5
5
|
"cool-workflow": "scripts/cw.js",
|
|
6
6
|
"cw": "scripts/cw.js"
|
|
@@ -54,6 +54,7 @@
|
|
|
54
54
|
"gen:parity": "node scripts/gen-parity-doc.js",
|
|
55
55
|
"manifest:load-check": "node test/vendor-manifest-load-smoke.js",
|
|
56
56
|
"parity:check": "node scripts/parity-check.js --check",
|
|
57
|
+
"onramp:check": "node scripts/onramp-check.js --check",
|
|
57
58
|
"version:sync": "node scripts/version-sync-check.js",
|
|
58
59
|
"release:check": "node scripts/release-check.js",
|
|
59
60
|
"test": "node dist/cli.js list && node test/run-all.js",
|
|
@@ -308,11 +308,13 @@ function buildMetrics(started, contextText, sourceContextElapsedMs, fastReview,
|
|
|
308
308
|
const steps = Array.isArray(fastReview?.steps) ? fastReview.steps : [];
|
|
309
309
|
const handleKinds = countBy(steps.map((step) => step && step.handleKind).filter(Boolean));
|
|
310
310
|
const actions = countBy(steps.map((step) => step && step.action).filter(Boolean));
|
|
311
|
+
const taskMetrics = buildTaskMetrics(fastReview, steps);
|
|
311
312
|
return {
|
|
312
313
|
totalElapsedMs: elapsedMs(started),
|
|
313
314
|
sourceContext: {
|
|
314
315
|
elapsedMs: sourceContextElapsedMs,
|
|
315
|
-
bytes: Buffer.byteLength(contextText, "utf8")
|
|
316
|
+
bytes: Buffer.byteLength(contextText, "utf8"),
|
|
317
|
+
digest: `sha256:${crypto.createHash("sha256").update(contextText, "utf8").digest("hex")}`
|
|
316
318
|
},
|
|
317
319
|
fastReview: {
|
|
318
320
|
elapsedMs: fastReviewElapsedMs,
|
|
@@ -323,12 +325,52 @@ function buildMetrics(started, contextText, sourceContextElapsedMs, fastReview,
|
|
|
323
325
|
actions,
|
|
324
326
|
handleKinds,
|
|
325
327
|
resultCacheHits: Number(handleKinds["result-cache"] || 0),
|
|
326
|
-
agentSpawns: steps.filter((step) => step && step.backendId === "agent" && step.handleKind && step.handleKind !== "result-cache").length
|
|
328
|
+
agentSpawns: steps.filter((step) => step && step.backendId === "agent" && step.handleKind && step.handleKind !== "result-cache").length,
|
|
329
|
+
taskMetrics
|
|
327
330
|
},
|
|
328
331
|
...(fullReviewScheduleElapsedMs === undefined ? {} : { fullReviewSchedule: { elapsedMs: fullReviewScheduleElapsedMs } })
|
|
329
332
|
};
|
|
330
333
|
}
|
|
331
334
|
|
|
335
|
+
function buildTaskMetrics(fastReview, steps) {
|
|
336
|
+
const statePath = stringArg(fastReview?.statePath);
|
|
337
|
+
const run = readRunState(statePath);
|
|
338
|
+
const tasks = Array.isArray(run?.tasks) ? run.tasks : [];
|
|
339
|
+
const byTask = new Map(tasks.map((task) => [task.id, task]));
|
|
340
|
+
return steps
|
|
341
|
+
.filter((step) => step && step.taskId)
|
|
342
|
+
.map((step) => {
|
|
343
|
+
const task = byTask.get(step.taskId) || {};
|
|
344
|
+
return {
|
|
345
|
+
phase: step.phase || task.phase || "",
|
|
346
|
+
taskId: step.taskId,
|
|
347
|
+
action: step.action,
|
|
348
|
+
status: step.status,
|
|
349
|
+
elapsedMs: taskElapsedMs(task),
|
|
350
|
+
handleKind: step.handleKind || "",
|
|
351
|
+
agentSpawned: Boolean(step.backendId === "agent" && step.handleKind && step.handleKind !== "result-cache"),
|
|
352
|
+
resultCacheHit: step.handleKind === "result-cache",
|
|
353
|
+
reportedModel: step.reportedModel || ""
|
|
354
|
+
};
|
|
355
|
+
});
|
|
356
|
+
}
|
|
357
|
+
|
|
358
|
+
function readRunState(statePath) {
|
|
359
|
+
if (!statePath) return null;
|
|
360
|
+
try {
|
|
361
|
+
return JSON.parse(fs.readFileSync(statePath, "utf8"));
|
|
362
|
+
} catch {
|
|
363
|
+
return null;
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
|
|
367
|
+
function taskElapsedMs(task) {
|
|
368
|
+
const started = Date.parse(task?.startedAt || task?.dispatchedAt || "");
|
|
369
|
+
const completed = Date.parse(task?.completedAt || "");
|
|
370
|
+
if (!Number.isFinite(started) || !Number.isFinite(completed)) return null;
|
|
371
|
+
return Math.max(0, completed - started);
|
|
372
|
+
}
|
|
373
|
+
|
|
332
374
|
function countBy(values) {
|
|
333
375
|
const counts = {};
|
|
334
376
|
for (const value of values) counts[String(value)] = (counts[String(value)] || 0) + 1;
|