cool-workflow 0.1.86 → 0.1.88

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +111 -68
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/agent-config.js +42 -1
  11. package/dist/capability-core.js +9 -4
  12. package/dist/capability-registry.js +48 -0
  13. package/dist/cli/command-surface.js +182 -11
  14. package/dist/cli.js +2 -1
  15. package/dist/doctor.js +27 -5
  16. package/dist/drive.js +222 -16
  17. package/dist/execution-backend.js +12 -4
  18. package/dist/loop-expansion.js +60 -0
  19. package/dist/onramp.js +25 -0
  20. package/dist/operator-ux/format.js +21 -15
  21. package/dist/operator-ux.js +2 -1
  22. package/dist/orchestrator/lifecycle-operations.js +134 -3
  23. package/dist/orchestrator.js +122 -76
  24. package/dist/run-export.js +106 -2
  25. package/dist/state-node.js +13 -3
  26. package/dist/state.js +21 -0
  27. package/dist/telemetry-attestation.js +30 -6
  28. package/dist/telemetry-demo.js +29 -1
  29. package/dist/telemetry-ledger.js +6 -0
  30. package/dist/term.js +93 -0
  31. package/dist/version.js +1 -1
  32. package/dist/worker-accept/telemetry-ledger.js +12 -2
  33. package/dist/workflow-api.js +33 -0
  34. package/dist/workflow-app-framework.js +20 -0
  35. package/docs/agent-delegation-drive.7.md +28 -6
  36. package/docs/capability-topology-registry.7.md +69 -46
  37. package/docs/cli-mcp-parity.7.md +22 -2
  38. package/docs/contract-migration-tooling.7.md +8 -0
  39. package/docs/control-plane-scheduling.7.md +8 -0
  40. package/docs/durable-state-and-locking.7.md +8 -0
  41. package/docs/evidence-adoption-reasoning-chain.7.md +8 -0
  42. package/docs/execution-backends.7.md +8 -0
  43. package/docs/launch/launch-kit.md +9 -9
  44. package/docs/multi-agent-cli-mcp-surface.7.md +8 -0
  45. package/docs/multi-agent-eval-replay-harness.7.md +8 -0
  46. package/docs/multi-agent-operator-ux.7.md +8 -0
  47. package/docs/node-snapshot-diff-replay.7.md +8 -0
  48. package/docs/observability-cost-accounting.7.md +8 -0
  49. package/docs/project-index.md +26 -5
  50. package/docs/readme-v0.1.87-full.md +301 -0
  51. package/docs/real-execution-backends.7.md +8 -0
  52. package/docs/release-and-migration.7.md +8 -0
  53. package/docs/release-history.md +10 -0
  54. package/docs/release-tooling.7.md +16 -0
  55. package/docs/report-verifiable-bundle.7.md +34 -2
  56. package/docs/run-registry-control-plane.7.md +18 -0
  57. package/docs/run-retention-reclamation.7.md +8 -0
  58. package/docs/state-explosion-management.7.md +8 -0
  59. package/docs/team-collaboration.7.md +8 -0
  60. package/docs/trust-model.md +6 -4
  61. package/docs/web-desktop-workbench.7.md +8 -0
  62. package/manifest/plugin.manifest.json +1 -1
  63. package/manifest/source-context-profiles.json +1 -1
  64. package/package.json +8 -5
  65. package/scripts/agents/agent-adapter-core.js +180 -0
  66. package/scripts/agents/builtin-templates.json +5 -1
  67. package/scripts/agents/claude-p-agent.js +7 -33
  68. package/scripts/agents/codex-agent.js +134 -0
  69. package/scripts/agents/cw-attest-wrap.js +9 -1
  70. package/scripts/agents/gemini-agent.js +115 -0
  71. package/scripts/agents/opencode-agent.js +119 -0
  72. package/scripts/canonical-apps.js +4 -4
  73. package/scripts/coverage-gate.js +15 -1
  74. package/scripts/cw.js +0 -0
  75. package/scripts/dogfood-release.js +1 -1
  76. package/scripts/golden-path.js +4 -4
  77. package/scripts/parity-check.js +6 -5
  78. package/scripts/release-check.js +3 -3
  79. package/scripts/release-flow.js +49 -2
  80. package/scripts/release-gate.sh +1 -1
  81. package/tsconfig.json +3 -1
@@ -129,3 +129,11 @@ No other change to this page in v0.1.84.
129
129
  0.1.85
130
130
 
131
131
  0.1.86
132
+
133
+ ## 0.1.87 (v0.1.87)
134
+
135
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
136
+
137
+ ## 0.1.88 (v0.1.88)
138
+
139
+ _No behavioral change in v0.1.88 (the `sched` priority/readiness selection, concurrency ceiling, leases, backoff retry, and fail-closed park state are unchanged)._
@@ -128,3 +128,11 @@ No other change to this page in v0.1.84.
128
128
  0.1.85
129
129
 
130
130
  0.1.86
131
+
132
+ ## 0.1.87 (v0.1.87)
133
+
134
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
135
+
136
+ ## 0.1.88 (v0.1.88)
137
+
138
+ _No behavioral change in v0.1.88 (atomic writes, fsync-durability for audit-essential state, and lock-serialized cross-process stores are unchanged; the in-place `appendRunNode` optimization keeps `writeRunNode` and the persisted bytes identical)._
@@ -289,3 +289,11 @@ No other change to this page in v0.1.84.
289
289
  0.1.85
290
290
 
291
291
  0.1.86
292
+
293
+ ## 0.1.87 (v0.1.87)
294
+
295
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
296
+
297
+ ## 0.1.88 (v0.1.88)
298
+
299
+ _No behavioral change in v0.1.88 (the evidence adoption reasoning chain and its fingerprinted, fail-closed derivation are unchanged)._
@@ -319,3 +319,11 @@ No other change to this page in v0.1.84.
319
319
  0.1.85
320
320
 
321
321
  0.1.86
322
+
323
+ ## 0.1.87 (v0.1.87)
324
+
325
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
326
+
327
+ ## 0.1.88 (v0.1.88)
328
+
329
+ Agent stderr live-streaming is now on by default when stderr is a TTY (CW_AGENT_STREAM=0 / CW_NO_STREAM=1 force it off; CI and pipes stay silent); stdout is still always captured as data and the driver model / sandbox contract are unchanged.
@@ -41,9 +41,9 @@ to trust or breach.
41
41
 
42
42
  npx cool-workflow demo tamper
43
43
 
44
- It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
45
- hash; inflate reported tokens + reuse the signature), and catches both offline with
46
- only the public key. On a real run, `cw telemetry verify <run>` re-proves the
44
+ It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
45
+ hash; inflate reported tokens + reuse the signature; edit a signed finding), and
46
+ catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
47
47
  recorded ledger on disk — recomputing the chain so any later edit to a verdict or
48
48
  usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
49
49
  signature check offline too. I keep an
@@ -111,9 +111,9 @@ npm: https://www.npmjs.com/package/cool-workflow
111
111
  > npx cool-workflow demo tamper
112
112
  > ```
113
113
  >
114
- > It builds a real signed ledger, forges it two ways (flip a verdict + re-seal its
115
- > hash; inflate reported tokens + reuse the signature), and catches both offline with
116
- > only the public key. On a real run, `cw telemetry verify <run>` re-proves the
114
+ > It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
115
+ > hash; inflate reported tokens + reuse the signature; edit a signed finding), and
116
+ > catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
117
117
  > recorded ledger on disk — recomputing the chain so any later edit to a verdict or
118
118
  > usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
119
119
  > signature check offline too. I keep an
@@ -142,9 +142,9 @@ npm: https://www.npmjs.com/package/cool-workflow
142
142
  1/ Your agent pipeline trusts what the model *says* it did. Cool Workflow proves
143
143
  it instead. `npx cool-workflow demo tamper` — 30s, no install:
144
144
 
145
- 2/ It builds a real ed25519-signed telemetry ledger, forges it two ways, and
146
- catches both offline with only the public key. A control-plane that delegates
147
- model execution but can still prove the bill is real.
145
+ 2/ It builds a real ed25519-signed telemetry ledger, forges it three ways (incl.
146
+ editing a signed finding), and catches all three offline with only the public key.
147
+ A control-plane that delegates model execution but can still prove the bill is real.
148
148
 
149
149
  3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
150
150
  outputs, token budgets vs the host's recorded usage (attested-telemetry gate is
@@ -287,3 +287,11 @@ No other change to this page in v0.1.84.
287
287
  0.1.85
288
288
 
289
289
  0.1.86
290
+
291
+ ## 0.1.87 (v0.1.87)
292
+
293
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
294
+
295
+ ## 0.1.88 (v0.1.88)
296
+
297
+ The host-facing surface tracks the CLI simplification to 6 commands (streaming on by default, vendor agent flags); the multi-agent control loop verbs and their MCP-tool mirrors are otherwise unchanged.
@@ -321,3 +321,11 @@ No other change to this page in v0.1.84.
321
321
  0.1.85
322
322
 
323
323
  0.1.86
324
+
325
+ ## 0.1.87 (v0.1.87)
326
+
327
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
328
+
329
+ ## 0.1.88 (v0.1.88)
330
+
331
+ _No change in behavior in v0.1.88 (no harness code changed; the new `loop-control` state node and loop result nodes replay byte-identically through the existing normalize/replay machinery, and pre-0.1.88 snapshots load unchanged)._
@@ -333,3 +333,11 @@ No other change to this page in v0.1.84.
333
333
  0.1.85
334
334
 
335
335
  0.1.86
336
+
337
+ ## 0.1.87 (v0.1.87)
338
+
339
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
340
+
341
+ ## 0.1.88 (v0.1.88)
342
+
343
+ _No behavioral change in v0.1.88 (no operator-view code changed; the new sub-workflow `subRunId`/`subRunDir` and `loopRound` run-state fields surface read-only through the existing derived graph/dependency/evidence views, which neither fabricate state nor guess success)._
@@ -154,3 +154,11 @@ No other change to this page in v0.1.84.
154
154
  0.1.85
155
155
 
156
156
  0.1.86
157
+
158
+ ## 0.1.87 (v0.1.87)
159
+
160
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
161
+
162
+ ## 0.1.88 (v0.1.88)
163
+
164
+ A new `loop-control` StateNodeKind now flows through per-node snapshot/diff/replay (loop decisions are recorded as deterministic, replay-stable nodes); `appendRunNode` was optimized to mutate `run.nodes` in place (O(1) per append vs O(N^2) churn) with byte-identical persisted state, so snapshot/replay digests are unchanged.
@@ -213,3 +213,11 @@ No other change to this page in v0.1.84.
213
213
  0.1.85
214
214
 
215
215
  0.1.86
216
+
217
+ ## 0.1.87 (v0.1.87)
218
+
219
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
220
+
221
+ ## 0.1.88 (v0.1.88)
222
+
223
+ Attestation now signs the agent's RESULT, not just its usage: `TelemetryAttestationRecord.resultDigest` hash-binds sha256(result.md) into the ed25519-signed, hash-chained ledger so an offline re-verifier reconstructs the exact signed payload. Budget-aware loop scaling reads the SAME recorded usage total (`deriveUsageTotals`) the fail-closed cost cap reads, so a `until:{kind:"budget-target"}` loop stops on a token target while the cap stays the absolute backstop.
@@ -1,15 +1,15 @@
1
1
  # Cool Workflow Project Index
2
2
 
3
- Generated from the current repository code on 2026-06-19 by `npm run sync:project-index`.
3
+ Generated from the current repository code on 2026-06-20 by `npm run sync:project-index`.
4
4
 
5
5
  ## Snapshot
6
6
 
7
7
  - Package: `cool-workflow`
8
- - Version: `0.1.86`
9
- - Source modules: `63`
8
+ - Version: `0.1.88`
9
+ - Source modules: `65`
10
10
  - Workflow apps: `7`
11
- - Docs: `51`
12
- - Smoke tests: `110`
11
+ - Docs: `52`
12
+ - Smoke tests: `128`
13
13
  - Repository: https://github.com/coo1white/cool-workflow
14
14
 
15
15
  ## Architecture
@@ -92,6 +92,7 @@ multi-agent host -> topology -> blackboard/coordinator
92
92
  - [evidence-reasoning.ts](../src/evidence-reasoning.ts)
93
93
  - [execution-backend.ts](../src/execution-backend.ts)
94
94
  - [gates.ts](../src/gates.ts)
95
+ - [loop-expansion.ts](../src/loop-expansion.ts)
95
96
  - [mcp-surface.ts](../src/mcp-surface.ts)
96
97
  - [multi-agent-eval.ts](../src/multi-agent-eval.ts)
97
98
  - [multi-agent-operator-ux.ts](../src/multi-agent-operator-ux.ts)
@@ -112,6 +113,7 @@ multi-agent host -> topology -> blackboard/coordinator
112
113
  - [telemetry-attestation.ts](../src/telemetry-attestation.ts)
113
114
  - [telemetry-demo.ts](../src/telemetry-demo.ts)
114
115
  - [telemetry-ledger.ts](../src/telemetry-ledger.ts)
116
+ - [term.ts](../src/term.ts)
115
117
  - [validation.ts](../src/validation.ts)
116
118
  - [workbench-host.ts](../src/workbench-host.ts)
117
119
  - [workbench.ts](../src/workbench.ts)
@@ -159,6 +161,7 @@ multi-agent host -> topology -> blackboard/coordinator
159
161
  - [Operator UX](operator-ux.7.md)
160
162
  - [PIPELINE-RUNNER(7)](pipeline-runner.7.md)
161
163
  - [Cool Workflow Project Index](project-index.md)
164
+ - [Cool Workflow](readme-v0.1.87-full.md)
162
165
  - [Real Execution Backend Integrations](real-execution-backends.7.md)
163
166
  - [Release And Migration Discipline](release-and-migration.7.md)
164
167
  - [Cool Workflow Release History](release-history.md)
@@ -187,6 +190,7 @@ multi-agent host -> topology -> blackboard/coordinator
187
190
  Smoke tests mirror the public contracts. The high-signal suites are:
188
191
 
189
192
  - [agent-delegation-drive-smoke.js](../test/agent-delegation-drive-smoke.js)
193
+ - [append-run-node-no-realloc-smoke.js](../test/append-run-node-no-realloc-smoke.js)
190
194
  - [architecture-review-fast-automation-smoke.js](../test/architecture-review-fast-automation-smoke.js)
191
195
  - [architecture-review-fast-smoke.js](../test/architecture-review-fast-smoke.js)
192
196
  - [artifact-integrity-smoke.js](../test/artifact-integrity-smoke.js)
@@ -194,6 +198,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
194
198
  - [backend-registry-smoke.js](../test/backend-registry-smoke.js)
195
199
  - [blackboard-state-explosion-management-smoke.js](../test/blackboard-state-explosion-management-smoke.js)
196
200
  - [block-unapproved-tag-smoke.js](../test/block-unapproved-tag-smoke.js)
201
+ - [budget-scaling-loop-smoke.js](../test/budget-scaling-loop-smoke.js)
197
202
  - [bump-version-idempotent-smoke.js](../test/bump-version-idempotent-smoke.js)
198
203
  - [candidate-scoring-smoke.js](../test/candidate-scoring-smoke.js)
199
204
  - [canonical-workflow-apps-smoke.js](../test/canonical-workflow-apps-smoke.js)
@@ -201,6 +206,8 @@ Smoke tests mirror the public contracts. The high-signal suites are:
201
206
  - [cli-command-surface-smoke.js](../test/cli-command-surface-smoke.js)
202
207
  - [cli-jsonmode-parity-smoke.js](../test/cli-jsonmode-parity-smoke.js)
203
208
  - [cli-mcp-parity-smoke.js](../test/cli-mcp-parity-smoke.js)
209
+ - [codex-agent-wrapper-smoke.js](../test/codex-agent-wrapper-smoke.js)
210
+ - [concurrency-default-smoke.js](../test/concurrency-default-smoke.js)
204
211
  - [concurrent-failure-semantics-smoke.js](../test/concurrent-failure-semantics-smoke.js)
205
212
  - [concurrent-workflow-dsl-smoke.js](../test/concurrent-workflow-dsl-smoke.js)
206
213
  - [contract-migration-tooling-smoke.js](../test/contract-migration-tooling-smoke.js)
@@ -218,9 +225,14 @@ Smoke tests mirror the public contracts. The high-signal suites are:
218
225
  - [error-feedback-smoke.js](../test/error-feedback-smoke.js)
219
226
  - [evidence-adoption-reasoning-smoke.js](../test/evidence-adoption-reasoning-smoke.js)
220
227
  - [evidence-content-extraction-smoke.js](../test/evidence-content-extraction-smoke.js)
228
+ - [execution-backend-agent-smoke.js](../test/execution-backend-agent-smoke.js)
229
+ - [execution-backend-ci-smoke.js](../test/execution-backend-ci-smoke.js)
221
230
  - [execution-backends-smoke.js](../test/execution-backends-smoke.js)
222
231
  - [freebsd-audit-fixes-smoke.js](../test/freebsd-audit-fixes-smoke.js)
232
+ - [gemini-agent-wrapper-smoke.js](../test/gemini-agent-wrapper-smoke.js)
223
233
  - [h7-custom-profile-persist-smoke.js](../test/h7-custom-profile-persist-smoke.js)
234
+ - [incremental-resume-smoke.js](../test/incremental-resume-smoke.js)
235
+ - [loop-bounded-expansion-smoke.js](../test/loop-bounded-expansion-smoke.js)
224
236
  - [mcp-app-surface-smoke.js](../test/mcp-app-surface-smoke.js)
225
237
  - [mcp-surface-registry-smoke.js](../test/mcp-surface-registry-smoke.js)
226
238
  - [multi-agent-cli-mcp-surface-smoke.js](../test/multi-agent-cli-mcp-surface-smoke.js)
@@ -235,9 +247,11 @@ Smoke tests mirror the public contracts. The high-signal suites are:
235
247
  - [multi-agent-trust-policy-audit-smoke.js](../test/multi-agent-trust-policy-audit-smoke.js)
236
248
  - [no-false-green-smoke.js](../test/no-false-green-smoke.js)
237
249
  - [node-snapshot-diff-replay-smoke.js](../test/node-snapshot-diff-replay-smoke.js)
250
+ - [npm-trusted-publish-smoke.js](../test/npm-trusted-publish-smoke.js)
238
251
  - [observability-cost-accounting-smoke.js](../test/observability-cost-accounting-smoke.js)
239
252
  - [one-way-boundary-smoke.js](../test/one-way-boundary-smoke.js)
240
253
  - [onramp-check-smoke.js](../test/onramp-check-smoke.js)
254
+ - [opencode-agent-wrapper-smoke.js](../test/opencode-agent-wrapper-smoke.js)
241
255
  - [operator-ux-smoke.js](../test/operator-ux-smoke.js)
242
256
  - [parallel-onramp-smoke.js](../test/parallel-onramp-smoke.js)
243
257
  - [parity-doc-sync-smoke.js](../test/parity-doc-sync-smoke.js)
@@ -247,8 +261,10 @@ Smoke tests mirror the public contracts. The high-signal suites are:
247
261
  - [project-index-sync-smoke.js](../test/project-index-sync-smoke.js)
248
262
  - [quickstart-bundle-smoke.js](../test/quickstart-bundle-smoke.js)
249
263
  - [quickstart-check-smoke.js](../test/quickstart-check-smoke.js)
264
+ - [quickstart-no-agent-smoke.js](../test/quickstart-no-agent-smoke.js)
250
265
  - [quickstart-readme-path-smoke.js](../test/quickstart-readme-path-smoke.js)
251
266
  - [quickstart-smoke.js](../test/quickstart-smoke.js)
267
+ - [readme-trust-claim-smoke.js](../test/readme-trust-claim-smoke.js)
252
268
  - [real-execution-backends-smoke.js](../test/real-execution-backends-smoke.js)
253
269
  - [registry-corrupt-fail-closed-smoke.js](../test/registry-corrupt-fail-closed-smoke.js)
254
270
  - [release-flow-smoke.js](../test/release-flow-smoke.js)
@@ -259,16 +275,20 @@ Smoke tests mirror the public contracts. The high-signal suites are:
259
275
  - [result-normalize-smoke.js](../test/result-normalize-smoke.js)
260
276
  - [robustness-failclosed-smoke.js](../test/robustness-failclosed-smoke.js)
261
277
  - [robustness-hardening-smoke.js](../test/robustness-hardening-smoke.js)
278
+ - [run-all-agent-env-hermetic-smoke.js](../test/run-all-agent-env-hermetic-smoke.js)
262
279
  - [run-all-json-summary-smoke.js](../test/run-all-json-summary-smoke.js)
280
+ - [run-export-cross-machine-smoke.js](../test/run-export-cross-machine-smoke.js)
263
281
  - [run-export-import-smoke.js](../test/run-export-import-smoke.js)
264
282
  - [run-export-restore-rerun-smoke.js](../test/run-export-restore-rerun-smoke.js)
265
283
  - [run-export-restore-resume-smoke.js](../test/run-export-restore-resume-smoke.js)
266
284
  - [run-fixture-compat-smoke.js](../test/run-fixture-compat-smoke.js)
285
+ - [run-import-path-traversal-smoke.js](../test/run-import-path-traversal-smoke.js)
267
286
  - [run-import-tamper-failclosed-smoke.js](../test/run-import-tamper-failclosed-smoke.js)
268
287
  - [run-inspect-archive-smoke.js](../test/run-inspect-archive-smoke.js)
269
288
  - [run-registry-control-plane-smoke.js](../test/run-registry-control-plane-smoke.js)
270
289
  - [run-resume-drive-smoke.js](../test/run-resume-drive-smoke.js)
271
290
  - [run-retention-reclamation-smoke.js](../test/run-retention-reclamation-smoke.js)
291
+ - [sample-determinism-smoke.js](../test/sample-determinism-smoke.js)
272
292
  - [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
273
293
  - [sched-policy-validation-smoke.js](../test/sched-policy-validation-smoke.js)
274
294
  - [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
@@ -278,6 +298,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
278
298
  - [source-context-batch-smoke.js](../test/source-context-batch-smoke.js)
279
299
  - [source-context-profile-smoke.js](../test/source-context-profile-smoke.js)
280
300
  - [state-node-smoke.js](../test/state-node-smoke.js)
301
+ - [sub-workflow-nesting-smoke.js](../test/sub-workflow-nesting-smoke.js)
281
302
  - [surface-explicit-cwd-smoke.js](../test/surface-explicit-cwd-smoke.js)
282
303
  - [tamper-evidence-demo-smoke.js](../test/tamper-evidence-demo-smoke.js)
283
304
  - [team-collaboration-smoke.js](../test/team-collaboration-smoke.js)
@@ -0,0 +1,301 @@
1
+ <div align="center">
2
+
3
+ # Cool Workflow
4
+
5
+ **Point an AI coding agent at a repo, get a saved report with real citations — not a chat message you lose.**
6
+
7
+ [![CI](https://img.shields.io/github/actions/workflow/status/coo1white/cool-workflow/ci.yml?branch=main&style=flat-square&label=CI)](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
8
+ [![npm](https://img.shields.io/npm/v/cool-workflow?style=flat-square&label=npm&color=cb3837)](https://www.npmjs.com/package/cool-workflow)
9
+ [![downloads](https://img.shields.io/npm/dm/cool-workflow?style=flat-square&label=downloads)](https://www.npmjs.com/package/cool-workflow)
10
+ [![provenance](https://img.shields.io/badge/npm-provenance-3178C6?style=flat-square)](https://www.npmjs.com/package/cool-workflow)
11
+ [![release](https://img.shields.io/github/v/tag/coo1white/cool-workflow?style=flat-square&label=release&color=brightgreen&sort=semver)](https://github.com/coo1white/cool-workflow/tags)
12
+ [![license](https://img.shields.io/badge/license-BSD--2--Clause-blue?style=flat-square)](LICENSE)
13
+
14
+ <img src="docs/assets/cool-workflow-readme-promo.png" alt="Cool Workflow turns AI agent repo questions into saved, cited, tamper-evident reports." width="100%">
15
+
16
+ </div>
17
+
18
+ ## What is this, really?
19
+
20
+ You put a question to an AI coding agent, it gives an answer in the chat, and
21
+ then the answer is gone. Next week you put the same question and have to start
22
+ all over again.
23
+
24
+ **Cool Workflow (CW) makes that lost question into a kept job.** You point it at
25
+ a code store with a question like *"what are the security risks here?"* It runs
26
+ your AI agent over all the code in ordered steps and puts a **report file** on
27
+ disk — every point backed by an exact `file.js:42` pointer to the line. You are
28
+ able to run it again, give it to others, and even give proof that the report was
29
+ not changed by anyone.
30
+
31
+ ```
32
+ you ask once CW gives you
33
+ "what are the risks in my repo?" → a saved report.md with
34
+ cited findings, repeatable
35
+ ```
36
+
37
+ It does **not** run the AI model itself. You give your own agent (for one, the
38
+ `claude` command line) and CW keeps it working, makes a record of what took
39
+ place, and checks the answer. Take CW as the *project manager*, and your agent
40
+ as the *worker*.
41
+
42
+ > New to this? You're in the right place — this README is a step-by-step start.
43
+ > Deeper/advanced docs live in the [wiki](https://github.com/coo1white/cool-workflow/wiki).
44
+
45
+ ---
46
+
47
+ ## Project rule
48
+
49
+ CW should stay a small, trusted tool, not a platform.
50
+
51
+ ```text
52
+ ask simple -> run simple -> verify simple -> resume simple
53
+ ```
54
+
55
+ The engineering base is FreeBSD-like: POLA first, fail closed, no silent
56
+ fallback, stdout as data, stderr as diagnostics, and documented stable
57
+ surfaces. The user-facing spirit is close to Homebrew: a small command
58
+ surface, a strong `doctor` check, and clear next steps when a run is
59
+ blocked or a report does not verify.
60
+
61
+ That means CW should hide orchestration detail behind clear commands,
62
+ keep `.cw/` state open to check, make recovery boring, and prefer a
63
+ small tool that can be trusted over a broad agent platform.
64
+
65
+ ---
66
+
67
+ ## What you need
68
+
69
+ 1. **Node.js** (v18+). Make a check with `node --version`.
70
+ 2. **An AI agent on the command line.** The most simple is **Claude Code** —
71
+ after you put it in you will have a `claude` command. Make a check with
72
+ `claude --version`. (CW also works with `codex`, or any command/HTTP agent —
73
+ but make your start with `claude`.)
74
+
75
+ > No agent yet? You are still able to **see CW work** (next part, step 1)
76
+ > without one. The full report needs an agent, because CW never makes a call to
77
+ > a model itself.
78
+
79
+ ---
80
+
81
+ ## Quick start (3 steps)
82
+
83
+ ### 1. See it run — no install, no agent, no API key
84
+
85
+ ```bash
86
+ npx cool-workflow demo tamper
87
+ ```
88
+
89
+ This gives proof of CW's chief trick in 30 seconds (more on that
90
+ [below](#can-i-trust-the-report)). If you see `VERDICT: tamper-evidence holds ✓`,
91
+ all is working.
92
+
93
+ Not sure what to run next?
94
+
95
+ ```bash
96
+ npx cool-workflow doctor --onramp
97
+ ```
98
+
99
+ This prints the short path for a first run, the fast checks for source work, and
100
+ the full gate to use before a release.
101
+
102
+ From a source checkout, use:
103
+
104
+ ```bash
105
+ cd plugins/cool-workflow
106
+ node scripts/cw.js doctor --onramp --changed-from origin/main
107
+ ```
108
+
109
+ ### 2. Check, then run a real review on your own repo
110
+
111
+ First make a zero-write check. It does not make a run, write `.cw/`, or call
112
+ your agent:
113
+
114
+ ```bash
115
+ npx cool-workflow quickstart architecture-review --check \
116
+ --repo /path/to/your/project \
117
+ --question "What are the main risks in this codebase?" \
118
+ --agent-command builtin:claude
119
+ ```
120
+
121
+ If the check is good, run the review:
122
+
123
+ ```bash
124
+ npx cool-workflow quickstart architecture-review \
125
+ --repo /path/to/your/project \
126
+ --question "What are the main risks in this codebase?" \
127
+ --agent-command builtin:claude
128
+ ```
129
+
130
+ If the report has to go to someone else, make the checked bundle in the same
131
+ run:
132
+
133
+ ```bash
134
+ npx cool-workflow quickstart architecture-review \
135
+ --repo /path/to/your/project \
136
+ --question "What are the main risks in this codebase?" \
137
+ --agent-command builtin:claude \
138
+ --bundle
139
+ ```
140
+
141
+ - `--repo` — the folder you have a wish to get looked at.
142
+ - `--question` — what you have a wish to be certain of.
143
+ - `--agent-command builtin:claude` — make use of the Claude wrapper that comes
144
+ with it (read-only; it never makes changes to your code).
145
+ - `--agent-command builtin:codex` — make use of the Codex wrapper that comes
146
+ with it (read-only; it never makes changes to your code).
147
+
148
+ CW makes a plan of the work, keeps your agent working over your repo in steps,
149
+ and gives out where it kept the report. For a living view in the window while
150
+ every worker is at work, take it up with `CW_AGENT_STREAM=1`; the view goes to
151
+ stderr only and the kept answer is not changed.
152
+
153
+ > **No agent put in place?** CW comes to a safe stop and says so
154
+ > (`status: blocked`) — it never makes up an answer. Put in `claude` and run it
155
+ > again.
156
+
157
+ ### 3. Read the report
158
+
159
+ ```bash
160
+ cat /path/to/your/project/.cw/runs/<run-id>/report.md
161
+ ```
162
+
163
+ You get a short account, ordered points, and **clickable pointers** like
164
+ `src/server.js:18` for every point made — so you are able to make a check of
165
+ each one yourself.
166
+
167
+ ---
168
+
169
+ ## Install it (optional)
170
+
171
+ `npx` is ever working with no need to put it in. To get the short `cw` command
172
+ everywhere:
173
+
174
+ ```bash
175
+ npm install -g cool-workflow # then use: cw … instead of npx cool-workflow …
176
+ ```
177
+
178
+ ---
179
+
180
+ ## What else can it do?
181
+
182
+ CW comes with a number of ready-made "jobs" (run `cw list` to see them all):
183
+
184
+ | Command | What it does |
185
+ |---|---|
186
+ | `architecture-review` | Make a map of a repo's structure and put its true risks in order, with facts. |
187
+ | `pr-review-fix-ci` | Go over a pull request, put forward fixes, make a check of CI. |
188
+ | `research-synthesis` | Get together and make into one a fact-backed answer to a question. |
189
+ | `release-cut` | Keep a gated, gone-over release moving. |
190
+
191
+ It also puts the same acts out over **MCP**, so editors like Claude Desktop /
192
+ Cursor / VS Code are able to make a call to CW as a tool. See the
193
+ [wiki](https://github.com/coo1white/cool-workflow/wiki) for that and for
194
+ multi-agent runs.
195
+
196
+ ---
197
+
198
+ ## Can I trust the report?
199
+
200
+ This is what makes CW not the same as the rest. Because CW only *gives the work
201
+ over* to your agent, it keeps a record of every step that makes any false change
202
+ come to light: every agent's given token use is signed by secret-key science and
203
+ chained by hash, so **changing the record after the fact has the chain broken** —
204
+ and anyone is able to make the check again offline with only a public key.
205
+
206
+ See it for yourself — the `demo tamper` from step 1 makes a false record in two
207
+ ways and gets both:
208
+
209
+ ```text
210
+ ▶ LEDGER tamper
211
+ after: ✗ DETECTED — the hash chain caught it: chain-link[2]: telemetry-chain-broken
212
+ ▶ SIGNATURE tamper
213
+ after: ✗ DETECTED — signature does not match reported usage
214
+ VERDICT: tamper-evidence holds ✓ — every forgery caught offline, with only the public key.
215
+ ```
216
+
217
+ On a true run, make a check of any run's record yourself:
218
+
219
+ ```bash
220
+ cw telemetry verify <run-id>
221
+ ```
222
+
223
+ CW makes use of this on its own code — see the kept living-run proof in
224
+ [`plugins/cool-workflow/docs/dogfood/`](plugins/cool-workflow/docs/dogfood/).
225
+
226
+ The plain point: *the thing that uses up the tokens is not the thing that keeps
227
+ the books.* That keeping-apart is normal in account-keeping — CW gives it to AI
228
+ agents.
229
+
230
+ ---
231
+
232
+ ## Hand the report to someone — they can check it on their own
233
+
234
+ A report you keep on your own machine is one thing. A report you can **give to
235
+ someone** who then makes the check themselves is what you are really after. Add
236
+ `--bundle` to the one command and CW seals the finished run into a single,
237
+ self-checking file:
238
+
239
+ ```bash
240
+ npx cool-workflow quickstart architecture-review \
241
+ --repo /path/to/your/project --question "What are the main risks?" \
242
+ --agent-command builtin:claude --bundle --with-trust-key ./trust-pub.pem
243
+ ```
244
+
245
+ This puts a `report.cwrun.json` file **where you are** (not in the looked-at
246
+ repo). The one file holds the report, the `file.js:42` pointers, the signed and
247
+ hash-chained record, **and the public key**.
248
+
249
+ Give that file to anyone. With no need for your repo, your keys given over on the
250
+ side, or a put-in past `npx`, they make the check on their own — offline, with
251
+ only the file:
252
+
253
+ ```bash
254
+ npx cool-workflow report verify-bundle report.cwrun.json
255
+ ```
256
+
257
+ If the bundle was changed in any way after the fact — the record, a signature, or
258
+ the bytes — the check says so and comes to a stop (it gives back `ok: false` and a
259
+ non-zero code), so a bundle you send on can never be a quiet lie. CW still never
260
+ runs the model itself; it only keeps the books and makes the check.
261
+
262
+ Want to see the whole thing in 30 seconds, with no agent and no key of your own?
263
+
264
+ ```bash
265
+ npx cool-workflow demo bundle
266
+ ```
267
+
268
+ It makes a real sealed bundle, makes two false changes to it, and shows the check
269
+ getting **both** — offline, with only the public key the bundle carries.
270
+
271
+ ---
272
+
273
+ ## Troubleshooting
274
+
275
+ | Problem | Fix |
276
+ |---|---|
277
+ | `status: blocked`, `agentConfigured: false` | No agent is in place. Put in `claude` (or give `--agent-command`). |
278
+ | `claude: command not found` | Put in Claude Code so the `claude` command is there, then run again. |
279
+ | Want to see the plan without running the AI | Put in `--preview` — it gives the steps and starts nothing. |
280
+ | Want a live agent trace | Put `CW_AGENT_STREAM=1`. It is stderr-only, TTY-gated, and `CW_NO_STREAM=1` puts it off. |
281
+ | Where did my report go? | The command gives out `reportPath`; it is under `<your-repo>/.cw/runs/<id>/report.md`. |
282
+
283
+ ---
284
+
285
+ ## How it works (one paragraph)
286
+
287
+ CW is a small TypeScript/Node run-time that needs no other parts. It makes a
288
+ record of the agent loop out in the open — *plan → dispatch → record → verify →
289
+ commit → report* — as long-lasting files on disk, so a run is open to looking-at
290
+ and able to be played again in place of a chat you let go. It never puts a model
291
+ SDK inside and keeps no API key; your put-in-place agent does the thinking, CW
292
+ does the book-keeping and the checking. For the structure, multi-agent
293
+ working-together, execution backends, and the full CLI/MCP face, see the
294
+ **[wiki](https://github.com/coo1white/cool-workflow/wiki)** and
295
+ [`plugins/cool-workflow/docs/`](plugins/cool-workflow/docs/).
296
+
297
+ ---
298
+
299
+ ## License
300
+
301
+ BSD-2-Clause. See [LICENSE](LICENSE). Built by COOLWHITE LLC.
@@ -161,3 +161,11 @@ No other change to this page in v0.1.84.
161
161
  0.1.85
162
162
 
163
163
  0.1.86
164
+
165
+ ## 0.1.87 (v0.1.87)
166
+
167
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
168
+
169
+ ## 0.1.88 (v0.1.88)
170
+
171
+ _No behavioral change in v0.1.88 (the container/remote/ci delegating integrations and their canonical evidence are unchanged; the streaming-default and incremental-resume work this release lives in the agent execution path and the drive, not in these backends)._
@@ -301,3 +301,11 @@ No other change to this page in v0.1.84.
301
301
  0.1.85
302
302
 
303
303
  0.1.86
304
+
305
+ ## 0.1.87 (v0.1.87)
306
+
307
+ npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
308
+
309
+ ## 0.1.88 (v0.1.88)
310
+
311
+ _No behavioral change in v0.1.88 (`release:check` and the durable run-state compatibility/`state check` path are unchanged; this release's release-flow verdict-capture work lives in the Release Tooling scripts, not in the release-check or migration discipline)._
@@ -323,6 +323,16 @@ The orchestration vision came in one release, all reviewer-gated:
323
323
 
324
324
  Set `CW_AGENT_STREAM=1` to see each worker's live agent trace. The bundled claude wrapper (`builtin:claude` / `scripts/agents/claude-p-agent.js`) keeps the legacy `--output-format json` path by default; only the opt-in path runs claude in `--output-format stream-json` and renders a short human trace (tool uses, assistant text, per-turn summaries) to **stderr**. CW core sends that stderr on to the operator's terminal only when `CW_AGENT_STREAM=1`, CW's own stderr is a TTY, and `CW_NO_STREAM` is not set; piped/CI runs stay quiet (Rule of Silence). Core only sends the stream on, never reads it — vendor-specific rendering is the wrapper's business (policy), not the kernel's (mechanism).
325
325
 
326
+ ## Builtin Codex agent wrapper (on main, ships next)
327
+
328
+ `--agent-command builtin:codex` points to a bundled read-only Codex wrapper. It
329
+ runs `codex exec --json --output-last-message`, sends the worker prompt on stdin,
330
+ writes the final answer to `result.md`, and writes one `{model, usage, result}`
331
+ JSON object to stdout for CW provenance. With `CW_AGENT_STREAM=1`, it renders a
332
+ short stderr trace from Codex JSONL events. Gemini, OpenCode, DeepSeek, and GLM
333
+ stay outside CW until their wrapper stream shape is proven by a local smoke; CW
334
+ still imports no model SDK.
335
+
326
336
  v0.1.79
327
337
 
328
338
  ## Fast Architecture Review (v0.1.80)