cool-workflow 0.1.91 → 0.1.92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +78 -376
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/apps/research-synthesis/workflow.js +1 -1
  11. package/dist/doctor.js +1 -0
  12. package/dist/orchestrator/report.js +6 -1
  13. package/dist/version.js +1 -1
  14. package/docs/agent-delegation-drive.7.md +2 -0
  15. package/docs/canonical-workflow-apps.7.md +12 -0
  16. package/docs/cli-mcp-parity.7.md +2 -0
  17. package/docs/contract-migration-tooling.7.md +2 -0
  18. package/docs/control-plane-scheduling.7.md +2 -0
  19. package/docs/durable-state-and-locking.7.md +2 -0
  20. package/docs/evidence-adoption-reasoning-chain.7.md +2 -0
  21. package/docs/execution-backends.7.md +2 -0
  22. package/docs/multi-agent-cli-mcp-surface.7.md +2 -0
  23. package/docs/multi-agent-eval-replay-harness.7.md +2 -0
  24. package/docs/multi-agent-operator-ux.7.md +2 -0
  25. package/docs/node-snapshot-diff-replay.7.md +2 -0
  26. package/docs/observability-cost-accounting.7.md +2 -0
  27. package/docs/project-index.md +4 -2
  28. package/docs/real-execution-backends.7.md +2 -0
  29. package/docs/release-and-migration.7.md +2 -0
  30. package/docs/release-tooling.7.md +11 -0
  31. package/docs/run-registry-control-plane.7.md +2 -0
  32. package/docs/run-retention-reclamation.7.md +2 -0
  33. package/docs/state-explosion-management.7.md +2 -0
  34. package/docs/team-collaboration.7.md +2 -0
  35. package/docs/web-desktop-workbench.7.md +2 -0
  36. package/manifest/plugin.manifest.json +1 -1
  37. package/package.json +3 -1
  38. package/scripts/agents/agent-adapter-core.js +179 -28
  39. package/scripts/agents/claude-p-agent.js +24 -7
  40. package/scripts/agents/codex-agent.js +1 -1
  41. package/scripts/agents/gemini-agent.js +1 -1
  42. package/scripts/agents/opencode-agent.js +1 -1
  43. package/scripts/bump-version.js +4 -1
  44. package/scripts/canonical-apps.js +4 -4
  45. package/scripts/dogfood-release.js +1 -1
  46. package/scripts/golden-path.js +4 -4
  47. package/scripts/release-check.js +5 -1
  48. package/scripts/sync-readme.js +123 -0
  49. package/scripts/version-sync-check.js +5 -1
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
3
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
4
- "version": "0.1.91",
4
+ "version": "0.1.92",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
7
7
  },
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.91",
3
+ "version": "0.1.92",
4
4
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
package/README.md CHANGED
@@ -1,3 +1,4 @@
1
+ <!-- AUTO-GENERATED from /README.md by scripts/sync-readme.js — edit the root README, then run `npm run sync:readme`. DO NOT edit this file directly. -->
1
2
  <div align="center">
2
3
 
3
4
  # Cool Workflow
@@ -10,16 +11,11 @@
10
11
  [![provenance](https://img.shields.io/badge/npm-provenance-3178C6?style=flat-square)](https://www.npmjs.com/package/cool-workflow)
11
12
  [![release](https://img.shields.io/github/v/tag/coo1white/cool-workflow?style=flat-square&label=release&color=brightgreen&sort=semver)](https://github.com/coo1white/cool-workflow/tags)
12
13
  [![license](https://img.shields.io/badge/license-BSD--2--Clause-blue?style=flat-square)](https://github.com/coo1white/cool-workflow/blob/main/LICENSE)
13
- ![MCP](https://img.shields.io/badge/MCP-native-8A2BE2?style=flat-square)
14
- ![runtime](https://img.shields.io/badge/runtime-TypeScript%20%C2%B7%20Node-3178C6?style=flat-square)
15
14
 
16
- <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cool-workflow-readme-promo.png" alt="Cool Workflow turns AI agent repo questions into saved, cited, tamper-evident reports." width="100%">
15
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-hero.svg" alt="Your AI report, already proven cw demo tamper forges a signed report three ways (ledger, signature, result) and catches every one offline with only the public key." width="100%">
17
16
 
18
17
  </div>
19
18
 
20
- > An auditable agent-workflow control-plane — **delegate, don't execute**.
21
- > `plan → dispatch → record → verify → commit → report`
22
-
23
19
  ## Install
24
20
 
25
21
  ```bash
@@ -38,7 +34,7 @@ cw demo tamper
38
34
  # → VERDICT: tamper-evidence holds ✓
39
35
  ```
40
36
 
41
- ### 2. Run a review on your code — one command
37
+ ### 2. Ask a question your code, or any folder — one command
42
38
 
43
39
  ```bash
44
40
  cw -q "What are the main risks here?"
@@ -53,47 +49,80 @@ cw -q "What are the security risks?" -codex
53
49
  cw -q "What are the security risks?" -deepseek
54
50
  ```
55
51
 
56
- Review a project **from any directory** — no `cd` needed by pointing at its folder:
52
+ `claude`, `codex`, `gemini`, and `opencode` are auto-detected on PATH (no flag needed);
53
+ `-deepseek` picks the DeepSeek builtin — no env vars needed.
54
+
55
+ **Not just code.** Point CW at a folder of docs, notes, or papers and it reads the files
56
+ there as sources, then gives you the same saved, cited report:
57
57
 
58
58
  ```bash
59
- cw -q "What are the risks?" -dir /path/to/project # -d / --dir / --repo are equivalent
59
+ cw quickstart research-synthesis --repo /path/to/papers \
60
+ --question "What do these papers conclude?"
61
+ ```
62
+
63
+ As the agent works you get a **calm, Claude-Code-style live view** — a compact rolling window that
64
+ updates in place instead of an endless wall:
65
+
66
+ ```text
67
+ ● Read(execution-backend.ts)
68
+ ⎿ 910 lines
69
+ ● Grep(spawnSync)
70
+ ⎿ 17 matches
71
+ ✶ Searching worker-isolation.ts… (3s)
60
72
  ```
61
73
 
62
- Or review a **remote repo by URL** CW clones it for you, then reviews the checkout
63
- (`-l` / `--link`, or just pass the URL to `-dir`/`--repo`):
74
+ Each tool folds to a `● ToolName(arg)` line with a dim `⎿` result summary; older steps fold away (the
75
+ window stays a few rows) and the worker collapses to one line when done. It's compact by default
76
+ (reasoning hidden) — add `--verbose` for the full narration, `--full` to also print the report inline,
77
+ or `--no-color` to drop ANSI (`NO_COLOR` / `FORCE_COLOR` are honored too). The complete narration +
78
+ tool I/O is always saved to a per-worker `transcript.md` next to the result, and the cursor is
79
+ restored cleanly on Ctrl-C.
80
+
81
+ Review a project **from any directory** — no `cd` needed — by pointing at its folder
82
+ (`-d` / `--dir` / `--repo` are equivalent):
83
+
84
+ ```bash
85
+ cw -q "What are the risks?" -dir /path/to/project
86
+ ```
87
+
88
+ Or review a **remote repo by URL** — CW clones it, then reviews the checkout (`-l` / `--link`,
89
+ or pass the URL straight to `-dir`/`--repo`):
64
90
 
65
91
  ```bash
66
92
  cw -q "What are the risks?" --link https://github.com/owner/repo
67
93
  cw -q "What are the risks?" --link git@gitlab.com:owner/repo.git --ref v1.2.0
68
94
  ```
69
95
 
70
- Works with GitHub, GitLab, Bitbucket, self-hosted git, `ssh://`, and `file://` — **and with
71
- downloadable archives** (`.tar.gz`/`.tgz`/`.tar`/`.zip`, e.g. a GitHub "Download ZIP" link),
72
- which are fetched, extracted, and snapshotted into a local repo before review. The clone is
73
- cached under `~/.local/state/cool-workflow/clones/` and reused on the next question (`--refresh`
74
- re-fetches; manage with `cw clones list` / `cw clones gc`). The report records the exact origin
75
- `Source: <url>@<commit>` and a tamper-evident `source.clone` event you can re-prove with
76
- `cw audit verify`. A private repo with no credentials **fails closed** (it never hangs on a
77
- prompt). Validate without fetching: `cw -q "…" --link <url> --check`.
96
+ GitHub, GitLab, Bitbucket, self-hosted git, `ssh://`, and `file://` all work as do downloadable
97
+ archives (`.tar.gz`/`.tgz`/`.tar`/`.zip`), fetched + extracted + snapshotted before review. The clone is cached
98
+ under `~/.local/state/cool-workflow/clones/` and reused next time (`--refresh` re-fetches; `cw clones
99
+ list`/`gc` manage it). The report records `Source: <url>@<commit>` plus a tamper-evident
100
+ `source.clone` event (`cw audit verify`). A credential-less private repo **fails closed** it never
101
+ hangs on a prompt. Preview without fetching: `cw -q "…" --link <url> --check`.
78
102
 
79
- As it runs you see CW's own phases tick by, then a clean summary — no env vars needed:
103
+ CW's own phases tick by as it runs, then it prints a clean summary — a **compact findings table**
104
+ (id / severity / classification, not the full prose), the report path, and where the per-worker
105
+ transcripts live:
80
106
 
81
107
  ```text
82
108
  ==> Map ✓ (6/6)
83
- ==> Assess ✓ (6/6)
84
109
  ==> Verdict ✓
85
110
 
111
+ Findings: 3 — 2×P1, 1×P2
112
+
86
113
  ✓ Report: /path/to/project/.cw/runs/<run-id>/report.md
87
114
  ✓ Status: complete — 14/14
115
+ Transcript: /path/to/project/.cw/runs/<run-id>/
88
116
  Next: cw report <run-id> --show
89
117
  ```
90
118
 
91
- If something is off, the error hands you the next move e.g. `Try: cw doctor` when no
92
- agent is configured. Pipe-clean: with `--json`, stdout is pure data and all of this chrome
93
- goes to stderr (TTY only).
119
+ If something is off, the error names the next move (e.g. `Try: cw doctor`). With `--json`,
120
+ stdout is pure data all of this chrome goes to stderr (TTY only).
94
121
 
95
122
  ### 3. Open the report
96
123
 
124
+ The command prints the report path. For example:
125
+
97
126
  ```bash
98
127
  cat .cw/runs/<run-id>/report.md
99
128
  # → findings with clickable file.ts:42 pointers for every claim
@@ -112,7 +141,7 @@ cw fix # show fix commands for setup issues
112
141
  |---|---|
113
142
  | `architecture-review` | Map a repo, rank risks, back every claim with evidence |
114
143
  | `pr-review-fix-ci` | Review a pull request, suggest fixes, verify CI |
115
- | `research-synthesis` | Answer a question with fact-backed research |
144
+ | `research-synthesis` | Answer a question over a local folder of files — your own docs, notes, or papers, not only code |
116
145
  | `release-cut` | Run a gated, reviewed release |
117
146
 
118
147
  **Multi-agent, when you need it.** Fan work out across agents with built-in topologies,
@@ -120,8 +149,13 @@ compose flows (a task can run a whole child workflow with `subWorkflow`, or a `l
120
149
  can keep iterating until a predicate or a token budget says stop) — and re-run fast:
121
150
  `cw run <app> --drive --incremental` reuses every step whose inputs didn't change.
122
151
 
152
+ <div align="center">
153
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/topologies.svg" alt="Built-in multi-agent topologies: map-reduce (fan out, fold in), debate (argue then draw a verdict), and judge-panel (N independent judges score one candidate)." width="92%">
154
+ </div>
155
+
123
156
  CW also has an **MCP** surface — **Claude Desktop, Cursor, and VS Code call CW as a tool**, so
124
157
  your agent can plan a run, drive it, and verify a report without leaving the editor.
158
+ See the [wiki](https://github.com/coo1white/cool-workflow/wiki).
125
159
 
126
160
  ## Can I Trust the Report?
127
161
 
@@ -133,7 +167,6 @@ and the check fails. CW holds no private key — the agent signs, CW only verifi
133
167
  ```bash
134
168
  cw demo tamper # proves it in 30s — edits a signed result, watch it fail
135
169
  cw telemetry verify <run-id> # checks a real run
136
- cw audit verify <run-id> # re-proves the trust-audit hash chain
137
170
  ```
138
171
 
139
172
  Give the report to another person — they need nothing but the file:
@@ -148,369 +181,38 @@ cw report verify-bundle report.cwrun.json \
148
181
  This attests the agent's **signed findings** — not that the report holds nothing else, and not that
149
182
  none were left out. CW has no key to sign the rendered report, and a determined re-chainer can drop a
150
183
  signed finding entirely — so check the findings you act on against the signed results. For exactly
151
- what is and is not proven, see the [Trust Model](docs/trust-model.md).
184
+ what is and is not proven, see the [Trust Model](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md).
152
185
 
153
186
  ## Troubleshooting
154
187
 
155
188
  | Problem | Fix |
156
189
  |---|---|
157
190
  | No agent found | Run `cw doctor` — it shows which agents are on your machine |
158
- | `status: blocked` | CW failing closed (it never makes up a result). Set `CW_AGENT_COMMAND=builtin:claude` or pass `-claude`; `cw doctor` names the exact reason |
159
- | `claude: command not found` | Install Claude Code (`npm install -g @anthropic-ai/claude-code`) and run again |
191
+ | `status: blocked` | Set `CW_AGENT_COMMAND=builtin:claude` or pass `-claude` |
192
+ | `claude: command not found` | Install Claude Code and run again |
160
193
  | Where is my report? | `<repo>/.cw/runs/<id>/report.md` |
161
- | Preflight before a spawn | `cw quickstart --check` — a zero-write check |
162
-
163
- ---
164
-
165
- The rest of this README is the **developer / operator reference**: the build loop, repo
166
- structure, the full command surface, scheduling, and the result-envelope contract.
167
-
168
- ## Developer Loop
169
-
170
- Use the shortest check that fits the change (from `plugins/cool-workflow/`):
171
-
172
- ```bash
173
- cd plugins/cool-workflow
174
- npm run build
175
- node test/<nearest-smoke>.js
176
- npm run test:fast
177
- ```
178
-
179
- For a source checkout, `cw doctor --onramp --changed-from origin/main` gives the
180
- nearest smoke tests and release gate commands for the current change. Before a
181
- release, run `npm run release:check`.
182
-
183
- ## Structure
184
-
185
- ```text
186
- cool-workflow
187
- skills/cool-workflow/SKILL.md
188
- src/
189
- dist/
190
- scripts/cw.js
191
- workflows/architecture-review.workflow.js
192
- workflows/research-synthesis.workflow.js
193
- apps/architecture-review/app.json
194
- apps/end-to-end-golden-path/app.json
195
- apps/pr-review-fix-ci/app.json
196
- apps/release-cut/app.json
197
- apps/research-synthesis/app.json
198
- apps/workflow-app-framework-demo/app.json
199
- docs/index.md
200
- docs/getting-started.md
201
- docs/coordinator-blackboard.7.md
202
- docs/multi-agent-runtime-core.7.md
203
- docs/multi-agent-eval-replay-harness.7.md
204
- docs/dogfood-one-real-repo.7.md
205
- docs/release-and-migration.7.md
206
- docs/agent-framework.md
207
- docs/unix-principles.md
208
- docs/mcp-app-surface.7.md
209
- docs/operator-ux.7.md
210
- docs/workflow-app-framework.7.md
211
- docs/sandbox-profiles.7.md
212
- docs/candidate-scoring.7.md
213
- docs/verifier-gated-commit.7.md
214
- docs/run-registry-control-plane.7.md
215
- docs/execution-backends.7.md
216
- ```
217
-
218
- ## Commands
219
-
220
- Installed via npm, the bin is `cw` (alias `cool-workflow`): e.g. `cw list`,
221
- `cw quickstart …`. From a cloned source checkout, before `npm run build`, use the
222
- matching `node scripts/cw.js <cmd>` form shown in the examples below.
194
+ | Need the old README? | See [docs/readme-v0.1.87-full.md](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/readme-v0.1.87-full.md) |
223
195
 
224
- List bundled workflows:
196
+ ## How It Works
225
197
 
226
- ```bash
227
- node scripts/cw.js list
228
- ```
229
-
230
- List, inspect, validate, and create workflow apps:
231
-
232
- ```bash
233
- node scripts/cw.js app list
234
- node scripts/cw.js app show architecture-review
235
- node scripts/cw.js app validate apps/architecture-review/app.json
236
- node scripts/cw.js app show pr-review-fix-ci
237
- node scripts/cw.js app show release-cut
238
- node scripts/cw.js app show research-synthesis
239
- node scripts/cw.js app show workflow-app-framework-demo
240
- node scripts/cw.js app validate apps/workflow-app-framework-demo/app.json
241
- node scripts/cw.js app validate end-to-end-golden-path
242
- node scripts/cw.js app package architecture-review
243
- node scripts/cw.js app init my-app --title "My App"
244
- ```
245
-
246
- Compose flows from smaller verified ones (app-authoring surface, `workflow-api.ts`):
247
-
248
- - **Sub-workflow nesting** — a task can run a whole child app instead of one agent:
249
- `subWorkflow(id, appId, { inputs?, bindResult? })`. The drive plans and drives the
250
- child, then binds its report (or verdict result) back as the task's result, so the
251
- parent's verifier/schema gate consumes it like any other. Leaf work stays external-agent
252
- delegation at every depth; recursion is depth- and cycle-bounded, fail-closed.
253
- - **Bounded dynamic loops** — converge without unbounded recursion:
254
- `loop(name, tasks, { maxRounds, until })` is a per-round template. After each round a
255
- named, registered pure predicate (`until: { kind: "predicate", ref }`) decides whether to
256
- append another round or stop, hard-capped at `maxRounds`; built-ins `no-new-findings` and
257
- `single-round`. Or scale by budget — `until: { kind: "budget-target", target }` keeps
258
- going while recorded (attested-only) usage stays under `target`, with the fail-closed
259
- `limits.tokenBudget` cap as the absolute backstop. Predicates are registry refs (not
260
- closures), so runs replay byte-identically; an unregistered predicate stops fail-closed.
261
-
262
- Create a reusable workflow script:
263
-
264
- ```bash
265
- node scripts/cw.js init my-workflow --title "My Workflow"
266
- ```
267
-
268
- Create a run:
269
-
270
- ```bash
271
- node scripts/cw.js plan architecture-review \
272
- --repo /path/to/repo \
273
- --question "Is this architecture sound?" \
274
- --invariant "single-box self-hosted"
275
- ```
276
-
277
- Inspect a run as an operator:
278
-
279
- ```bash
280
- node scripts/cw.js status <run-id>
281
- node scripts/cw.js status <run-id> --json
282
- node scripts/cw.js graph <run-id>
283
- node scripts/cw.js graph <run-id> --json
284
- node scripts/cw.js report <run-id> --show
285
- node scripts/cw.js topology summary <run-id>
286
- node scripts/cw.js topology graph <run-id>
287
- node scripts/cw.js worker summary <run-id>
288
- node scripts/cw.js multi-agent summary <run-id>
289
- node scripts/cw.js multi-agent graph <run-id>
290
- node scripts/cw.js candidate summary <run-id>
291
- node scripts/cw.js feedback summary <run-id>
292
- node scripts/cw.js commit summary <run-id>
293
- node scripts/cw.js state check <run-id>
294
- ```
295
-
296
- MCP hosts can drive the same flow with JSON tools:
198
+ CW is a small TypeScript tool with zero runtime deps. It drives your agent over a repo, or any
199
+ folder of files, in saved, replayable stages — it plans the work, dispatches each task to your agent, records and
200
+ verifies every result, then commits and renders the report — writing everything to disk as
201
+ inspectable files. It never imports a model SDK or stores an API key.
297
202
 
298
- ```text
299
- cw_app_run -> cw_dispatch -> cw_worker_manifest -> cw_worker_output
300
- -> cw_candidate_register -> cw_candidate_score -> cw_candidate_select
301
- -> cw_commit -> cw_operator_report
302
- ```
303
-
304
- MCP also exposes topology tools:
305
-
306
- ```text
307
- cw_topology_list
308
- cw_topology_show
309
- cw_topology_validate
310
- cw_topology_apply
311
- cw_topology_summary
312
- cw_topology_graph
313
- ```
314
-
315
- List, inspect, validate, and apply official multi-agent topologies:
316
-
317
- ```bash
318
- node scripts/cw.js topology list
319
- node scripts/cw.js topology show map-reduce
320
- node scripts/cw.js topology show debate
321
- node scripts/cw.js topology show judge-panel
322
- node scripts/cw.js topology validate map-reduce
323
- node scripts/cw.js topology apply <run-id> map-reduce --task <task-id> --mappers 2
324
- node scripts/cw.js topology apply <run-id> debate --id debate-round --rounds 2
325
- node scripts/cw.js topology apply <run-id> judge-panel --judgeCount 3
326
- node scripts/cw.js topology summary <run-id>
327
- node scripts/cw.js topology summary <run-id> --json
328
- node scripts/cw.js topology graph <run-id>
329
- node scripts/cw.js topology graph <run-id> --json
330
- node scripts/cw.js topology show <run-id> <topology-run-id>
331
- ```
332
-
333
- Topology runs are kept under `.cw/runs/<run-id>/topologies/`, pointed to from
334
- `state.json`, put into operator status and graph output, and counted in the
335
- trust audit summary.
336
-
337
- Create a dispatch manifest for the current runnable phase:
338
-
339
- ```bash
340
- node scripts/cw.js dispatch <run-id> --limit 6
341
- node scripts/cw.js dispatch <run-id> --sandbox readonly
342
- node scripts/cw.js dispatch <run-id> --multi-agent-run ma --multi-agent-group group --multi-agent-role role
343
- node scripts/cw.js dispatch <run-id> --multi-agent-fanout <fanout-id>
344
- ```
345
-
346
- Inspect sandbox profiles:
347
-
348
- ```bash
349
- node scripts/cw.js sandbox list
350
- node scripts/cw.js sandbox show readonly
351
- node scripts/cw.js sandbox validate ./site-sandbox.json
352
- ```
353
-
354
- Record an agent result after a worker finishes:
355
-
356
- ```bash
357
- node scripts/cw.js result <run-id> <task-id> path/to/result.md
358
- ```
359
-
360
- Register, score, rank, and verifier-gate a candidate output:
361
-
362
- ```bash
363
- node scripts/cw.js candidate register <run-id> --worker <worker-id>
364
- node scripts/cw.js candidate score <run-id> <candidate-id> \
365
- --criterion correctness=4 \
366
- --criterion evidence=4 \
367
- --criterion fit=2 \
368
- --maxTotal 10 \
369
- --evidence /path/to/file.ts:42
370
- node scripts/cw.js candidate rank <run-id>
371
- node scripts/cw.js candidate select <run-id> <candidate-id> --reason "verified winner"
372
- ```
373
-
374
- Create a deterministic state commit:
375
-
376
- ```bash
377
- node scripts/cw.js commit <run-id> --verifier <node-id> --reason "verified result"
378
- node scripts/cw.js commit <run-id> --selection <selection-id> --reason "verified winner"
379
- node scripts/cw.js commit <run-id> --allow-unverified-checkpoint --reason "manual checkpoint"
380
- ```
381
-
382
- The first two commands make verifier-gated committed state. The last command
383
- makes a clear non-gated checkpoint.
384
-
385
- Render a report:
386
-
387
- ```bash
388
- node scripts/cw.js report <run-id>
389
- ```
390
-
391
- Look after runs across repos with the control plane (derived, fail-closed registry):
392
-
393
- ```bash
394
- node scripts/cw.js registry refresh --scope home
395
- node scripts/cw.js run search --app architecture-review --status failed
396
- node scripts/cw.js run show <run-id>
397
- node scripts/cw.js run resume <run-id>
398
- node scripts/cw.js run resume <run-id> --drive --incremental # re-drive, reusing every step whose inputs are unchanged
399
- node scripts/cw.js run rerun <failed-run-id> --reason "retry"
400
- node scripts/cw.js run archive <run-id> --reason "old"
401
- node scripts/cw.js queue add --app release-cut --priority 10
402
- node scripts/cw.js queue list
403
- node scripts/cw.js queue drain --limit 1
404
- node scripts/cw.js history --scope home --json
405
- ```
406
-
407
- Run the deterministic release golden path:
203
+ <div align="center">
204
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/pipeline.svg" alt="The CW pipeline: ask, plan, dispatch (fanning out to parallel agents), verify, commit, ending in a saved report.md with a clickable file.ts:42 citation. CW keeps the books; it never runs the model itself." width="100%">
205
+ </div>
408
206
 
409
- ```bash
410
- npm run dogfood:release
411
- npm run release:check
412
- npm run canonical-apps
413
- npm run golden-path
414
- npm run fixture-compat
415
- npm run version:sync
416
- npm test
417
- ```
207
+ `ask simple → run simple → verify simple → resume simple`
418
208
 
419
- Run data lives under `.cw/runs/<run-id>/` in `--cwd`, or in `--repo` when
420
- `--cwd` is left out.
209
+ For the full API, multi-agent topologies, execution backends, and the CLI/MCP surface,
210
+ see the [wiki](https://github.com/coo1white/cool-workflow/wiki).
421
211
 
422
- Build the TypeScript runtime:
423
-
424
- ```bash
425
- npm install --no-package-lock
426
- npm run build
427
- ```
428
-
429
- See [docs/agent-framework.md](docs/agent-framework.md) for the developer contract.
430
- See [docs/index.md](docs/index.md) for a docs map.
431
- See [docs/getting-started.md](docs/getting-started.md) for a clone-to-run path.
432
- See [docs/release-and-migration.7.md](docs/release-and-migration.7.md) for
433
- release and migration discipline.
434
- See [docs/dogfood-one-real-repo.7.md](docs/dogfood-one-real-repo.7.md) for the
435
- real-repository dogfood release proof.
436
- See [docs/operator-ux.7.md](docs/operator-ux.7.md) for the operator command
437
- surface.
438
- See [docs/workflow-app-framework.7.md](docs/workflow-app-framework.7.md) for the app
439
- contract.
440
- See [docs/canonical-workflow-apps.7.md](docs/canonical-workflow-apps.7.md) for
441
- the canonical app matrix.
442
- See [docs/candidate-scoring.7.md](docs/candidate-scoring.7.md) for the
443
- candidate scoring file contract.
444
- See [docs/verifier-gated-commit.7.md](docs/verifier-gated-commit.7.md) for the
445
- commit gate contract.
446
- See [docs/sandbox-profiles.7.md](docs/sandbox-profiles.7.md) for the sandbox
447
- profile contract.
448
- See [docs/end-to-end-golden-path.7.md](docs/end-to-end-golden-path.7.md) for
449
- the release golden path contract.
450
- See [docs/run-registry-control-plane.7.md](docs/run-registry-control-plane.7.md)
451
- for the cross-repo run registry / control plane contract.
212
+ CW dogfoods its own release process — every cut runs the `release-cut` workflow against this
213
+ repo. See the [full README](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/readme-v0.1.87-full.md) for the
214
+ pre-v0.1.87 reference.
452
215
 
453
216
  ## License
454
217
 
455
- CW is released under the BSD-2-Clause License.
456
-
457
- ## Scheduled Tasks
458
-
459
- ```bash
460
- node scripts/cw.js loop --intervalMinutes 30 --prompt "Continue this workflow."
461
- node scripts/cw.js schedule create --kind loop --intervalMinutes 30 --prompt "Continue this workflow."
462
- node scripts/cw.js schedule due
463
- node scripts/cw.js schedule pause <schedule-id>
464
- node scripts/cw.js schedule resume <schedule-id>
465
- node scripts/cw.js schedule run-now <schedule-id>
466
- node scripts/cw.js schedule history <schedule-id>
467
- node scripts/cw.js schedule daemon --once
468
- ```
469
-
470
- See [docs/scheduled-tasks.md](docs/scheduled-tasks.md).
471
-
472
- ## Routine-Style Triggers
473
-
474
- ```bash
475
- node scripts/cw.js routine create --kind api --prompt "Handle this API event."
476
- node scripts/cw.js routine create --kind github --prompt "Handle this GitHub event."
477
- node scripts/cw.js routine fire api payload.json
478
- node scripts/cw.js routine events
479
- ```
480
-
481
- ## Result Envelope
482
-
483
- Verification and synthesis tasks need a structured result block:
484
-
485
- ````text
486
- ```cw:result
487
- {
488
- "summary": "short summary",
489
- "findings": [
490
- {
491
- "id": "risk-1",
492
- "classification": "real",
493
- "severity": "P1",
494
- "evidence": ["/absolute/path/file.ts:42"]
495
- }
496
- ],
497
- "evidence": ["/absolute/path/file.ts:42"]
498
- }
499
- ```
500
- ````
501
-
502
- ## 0.1.89 (v0.1.89)
503
-
504
- Headline golden-path fixes: `cw -q "question"` asks the question (was read as an app id), auto-detects the cwd as the repo (run anywhere, no `--repo`/`cd`), and `cw help` renders a clean wrapped command list with a trailing newline; plus a vendor-agnostic UI/UX prevention gate (a headline-command smoke + a real `npm install -g` run-from-anywhere smoke) so a CLI-surface regression can't ship invisibly again.
505
-
506
- ## 0.1.88 (v0.1.88)
507
-
508
- Orchestration-parity for the agent drive — inline `subWorkflow()` nesting, bounded dynamic `loop()` phases (a `predicate` or a `budget-target` token `until`), and `cw run --drive --incremental` step-level resume; the agent now signs its findings (result-bound ed25519) and `cw report verify-bundle --require-signatures` proves offline that every signed finding is in the report unaltered; CLI simplified to 6 commands with agent streaming on by default; path-traversal run ids refused on archive import.
509
-
510
- ## 0.1.87 (v0.1.87)
511
-
512
- npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
513
-
514
- v0.1.90
515
-
516
- v0.1.91
218
+ BSD-2-Clause. Built by COOLWHITE LLC.
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review",
4
4
  "title": "Architecture Review",
5
5
  "summary": "Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review-fast",
4
4
  "title": "Architecture Review Fast",
5
5
  "summary": "Run a shorter architecture review with parallel map and assess phases for faster first results.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "end-to-end-golden-path",
4
4
  "title": "End-to-End Golden Path",
5
5
  "summary": "Deterministic one-worker workflow app for proving the CW integration chain.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "pr-review-fix-ci",
4
4
  "title": "PR Review Fix CI",
5
5
  "summary": "Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "release-cut",
4
4
  "title": "Release Cut",
5
5
  "summary": "Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "research-synthesis",
4
4
  "title": "Research Synthesis",
5
5
  "summary": "Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer.",
6
- "version": "0.1.91",
6
+ "version": "0.1.92",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -41,7 +41,7 @@ module.exports = ({ workflow, phase, agent, artifact, input }) => {
41
41
  phase("Investigate", [
42
42
  agent(
43
43
  "investigate:primary-sources",
44
- "Investigate primary or official sources first from {{source}} for {{question}}. Return source titles, dates, authors or publishers, durable locators, key claims, and uncertainty. Mark missing retrieval needs explicitly.",
44
+ "Investigate primary or official sources first from {{source}} for {{question}}. The local files in your working directory are also possible primary sources: list them first, then read the ones that help and cite their paths. Return source titles, dates, authors or publishers, durable locators (a local file path with optional :line, or a URL), key claims, and uncertainty. Mark missing retrieval needs explicitly.",
45
45
  { sandboxProfileId: "readonly" }
46
46
  ),
47
47
  agent(
package/dist/doctor.js CHANGED
@@ -174,6 +174,7 @@ function formatDoctorReport(report) {
174
174
  lines.push(" 1. cw demo tamper — prove trust checks work (30s)");
175
175
  lines.push(" 2. cw demo bundle — prove portable bundles (30s)");
176
176
  lines.push(' 3. cw -q "what risks?" — your first real report (needs an agent)');
177
+ lines.push(' cw quickstart research-synthesis --repo <folder> --question "..." — cited report over a docs/papers folder, not only code');
177
178
  lines.push("");
178
179
  lines.push("Onramp");
179
180
  lines.push(` ${report.onramp.summary}`);