cool-workflow 0.1.91 → 0.1.93

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +111 -434
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/architecture-review-fast/workflow.js +15 -2
  7. package/apps/end-to-end-golden-path/app.json +1 -1
  8. package/apps/pr-review-fix-ci/app.json +1 -1
  9. package/apps/release-cut/app.json +1 -1
  10. package/apps/research-synthesis/app.json +1 -1
  11. package/apps/research-synthesis/workflow.js +1 -1
  12. package/dist/capability-core.js +47 -0
  13. package/dist/capability-registry.js +2 -0
  14. package/dist/cli/command-surface.js +165 -1352
  15. package/dist/cli/format.js +56 -0
  16. package/dist/cli/handlers/audit.js +82 -0
  17. package/dist/cli/handlers/blackboard.js +81 -0
  18. package/dist/cli/handlers/candidate.js +40 -0
  19. package/dist/cli/handlers/clones.js +34 -0
  20. package/dist/cli/handlers/collaboration.js +61 -0
  21. package/dist/cli/handlers/eval.js +40 -0
  22. package/dist/cli/handlers/maintenance.js +107 -0
  23. package/dist/cli/handlers/multi-agent.js +165 -0
  24. package/dist/cli/handlers/node.js +41 -0
  25. package/dist/cli/handlers/operational.js +155 -0
  26. package/dist/cli/handlers/operator.js +146 -0
  27. package/dist/cli/handlers/registry.js +68 -0
  28. package/dist/cli/handlers/run.js +153 -0
  29. package/dist/cli/handlers/scheduling.js +126 -0
  30. package/dist/cli/handlers/workbench.js +41 -0
  31. package/dist/cli/handlers/worker.js +45 -0
  32. package/dist/cli/io.js +27 -0
  33. package/dist/cli/run-summary.js +45 -0
  34. package/dist/commit.js +0 -5
  35. package/dist/doctor.js +1 -0
  36. package/dist/execution-backend.js +0 -11
  37. package/dist/mcp/tool-call.js +2 -0
  38. package/dist/mcp/tool-definitions.js +8 -0
  39. package/dist/orchestrator/app-operations.js +205 -0
  40. package/dist/orchestrator/report.js +6 -1
  41. package/dist/orchestrator.js +41 -153
  42. package/dist/state-explosion.js +0 -7
  43. package/dist/term.js +0 -18
  44. package/dist/validation.js +0 -21
  45. package/dist/version.js +1 -1
  46. package/docs/agent-delegation-drive.7.md +2 -0
  47. package/docs/canonical-workflow-apps.7.md +12 -0
  48. package/docs/cli-mcp-parity.7.md +18 -1
  49. package/docs/contract-migration-tooling.7.md +2 -0
  50. package/docs/control-plane-scheduling.7.md +2 -0
  51. package/docs/durable-state-and-locking.7.md +2 -0
  52. package/docs/evidence-adoption-reasoning-chain.7.md +2 -0
  53. package/docs/execution-backends.7.md +2 -0
  54. package/docs/mcp-app-surface.7.md +12 -0
  55. package/docs/multi-agent-cli-mcp-surface.7.md +2 -0
  56. package/docs/multi-agent-eval-replay-harness.7.md +2 -0
  57. package/docs/multi-agent-operator-ux.7.md +2 -0
  58. package/docs/node-snapshot-diff-replay.7.md +2 -0
  59. package/docs/observability-cost-accounting.7.md +2 -0
  60. package/docs/project-index.md +15 -3
  61. package/docs/real-execution-backends.7.md +2 -0
  62. package/docs/release-and-migration.7.md +2 -0
  63. package/docs/release-tooling.7.md +11 -0
  64. package/docs/run-registry-control-plane.7.md +26 -2
  65. package/docs/run-retention-reclamation.7.md +2 -0
  66. package/docs/state-explosion-management.7.md +2 -0
  67. package/docs/team-collaboration.7.md +2 -0
  68. package/docs/web-desktop-workbench.7.md +2 -0
  69. package/manifest/plugin.manifest.json +1 -1
  70. package/package.json +3 -1
  71. package/scripts/agents/agent-adapter-core.js +179 -28
  72. package/scripts/agents/claude-p-agent.js +24 -7
  73. package/scripts/agents/codex-agent.js +1 -1
  74. package/scripts/agents/gemini-agent.js +1 -1
  75. package/scripts/agents/opencode-agent.js +1 -1
  76. package/scripts/architecture-review-fast.js +19 -5
  77. package/scripts/bump-version.js +20 -1
  78. package/scripts/canonical-apps.js +4 -4
  79. package/scripts/dogfood-release.js +1 -1
  80. package/scripts/golden-path.js +4 -4
  81. package/scripts/parity-check.js +9 -1
  82. package/scripts/release-check.js +5 -1
  83. package/scripts/sync-readme.js +123 -0
  84. package/scripts/version-sync-check.js +10 -1
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
3
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
4
- "version": "0.1.91",
4
+ "version": "0.1.93",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
7
7
  },
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.91",
3
+ "version": "0.1.93",
4
4
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
package/README.md CHANGED
@@ -1,24 +1,30 @@
1
+ <!-- AUTO-GENERATED from /README.md by scripts/sync-readme.js — edit the root README, then run `npm run sync:readme`. DO NOT edit this file directly. -->
1
2
  <div align="center">
2
3
 
3
- # Cool Workflow
4
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-hero.png" alt="Cool Workflow — your AI report, already proven. Point your agent at any repo or folder and get a saved, cited report you can re-verify offline." width="100%">
4
5
 
5
- **Get a saved, cited report from your AI agent — not a chat message you lose.**
6
+ <br><br>
6
7
 
7
- [![CI](https://img.shields.io/github/actions/workflow/status/coo1white/cool-workflow/ci.yml?branch=main&style=flat-square&label=CI)](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
8
+ [![CI](https://img.shields.io/github/actions/workflow/status/coo1white/cool-workflow/ci.yml?branch=main&style=flat-square&label=CI&color=EC6516)](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
8
9
  [![npm](https://img.shields.io/npm/v/cool-workflow?style=flat-square&label=npm&color=cb3837)](https://www.npmjs.com/package/cool-workflow)
9
- [![downloads](https://img.shields.io/npm/dm/cool-workflow?style=flat-square&label=downloads)](https://www.npmjs.com/package/cool-workflow)
10
+ [![downloads](https://img.shields.io/npm/dm/cool-workflow?style=flat-square&label=downloads&color=EC6516)](https://www.npmjs.com/package/cool-workflow)
10
11
  [![provenance](https://img.shields.io/badge/npm-provenance-3178C6?style=flat-square)](https://www.npmjs.com/package/cool-workflow)
11
12
  [![release](https://img.shields.io/github/v/tag/coo1white/cool-workflow?style=flat-square&label=release&color=brightgreen&sort=semver)](https://github.com/coo1white/cool-workflow/tags)
12
13
  [![license](https://img.shields.io/badge/license-BSD--2--Clause-blue?style=flat-square)](https://github.com/coo1white/cool-workflow/blob/main/LICENSE)
13
- ![MCP](https://img.shields.io/badge/MCP-native-8A2BE2?style=flat-square)
14
- ![runtime](https://img.shields.io/badge/runtime-TypeScript%20%C2%B7%20Node-3178C6?style=flat-square)
15
14
 
16
- <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cool-workflow-readme-promo.png" alt="Cool Workflow turns AI agent repo questions into saved, cited, tamper-evident reports." width="100%">
15
+ ### Get a saved, cited report from your AI agent not a chat message you lose.
17
16
 
18
17
  </div>
19
18
 
20
- > An auditable agent-workflow control-plane **delegate, don't execute**.
21
- > `plan dispatch record verify commit report`
19
+ Point an AI coding agent at a repo (or any folder of docs) and Cool Workflow turns the run into a
20
+ **durable, inspectable workflow**: it plans the work, delegates each task to *your* agent, records and
21
+ verifies every result, then writes a report where every claim is cited to a `file.ts:42`.
22
+
23
+ > **The model is fuel. CW is the black-box recorder, the dashboard, and the gearbox — never the engine.**
24
+ > It never calls a model API, never holds your keys, and never uploads your code. Your agent spends the
25
+ > tokens; CW keeps the books — as plain JSON on your own disk.
26
+
27
+ ---
22
28
 
23
29
  ## Install
24
30
 
@@ -26,491 +32,162 @@
26
32
  npm install -g cool-workflow
27
33
  ```
28
34
 
29
- What you need: **Node.js v18+** (`node --version`) and one AI agent CLI on your machine
30
- (`claude`, `codex`, `gemini`, or `opencode`). No agent? `cw demo` still works — CW never runs a model itself.
31
-
32
- ## Quick Start (3 steps)
33
-
34
- ### 1. Prove it works (30 seconds, no agent needed)
35
+ <details>
36
+ <summary>Or install with <b>Homebrew</b></summary>
35
37
 
36
38
  ```bash
37
- cw demo tamper
38
- # VERDICT: tamper-evidence holds ✓
39
+ brew tap coo1white/cool-workflow https://github.com/coo1white/cool-workflow
40
+ brew install coo1white/cool-workflow/cool-workflow
41
+ cw version
39
42
  ```
40
43
 
41
- ### 2. Run a review on your code — one command
42
-
43
- ```bash
44
- cw -q "What are the main risks here?"
45
- ```
44
+ Upgrade later with `brew update && brew upgrade cool-workflow`.
45
+ </details>
46
46
 
47
- CW auto-detects the repo (current folder) and your agent (first found on PATH).
48
- Pick a specific agent with a flag:
47
+ **You need:** Node.js v18+ and one agent CLI on your machine `claude`, `codex`, `gemini`, or
48
+ `opencode` (all auto-detected). No agent yet? `cw demo` still works — **CW never runs a model itself.**
49
49
 
50
- ```bash
51
- cw -q "What are the security risks?" -claude
52
- cw -q "What are the security risks?" -codex
53
- cw -q "What are the security risks?" -deepseek
54
- ```
50
+ ## Quick Start
55
51
 
56
- Review a project **from any directory** — no `cd` needed — by pointing at its folder:
52
+ ### 1 · Prove it works30 seconds, no agent needed
57
53
 
58
54
  ```bash
59
- cw -q "What are the risks?" -dir /path/to/project # -d / --dir / --repo are equivalent
55
+ cw demo tamper
56
+ # → builds a real signed ledger, forges it three ways, catches all three offline
57
+ # → VERDICT: tamper-evidence holds ✓
60
58
  ```
61
59
 
62
- Or review a **remote repo by URL**CW clones it for you, then reviews the checkout
63
- (`-l` / `--link`, or just pass the URL to `-dir`/`--repo`):
60
+ ### 2 · Ask a question about your codeone command
64
61
 
65
62
  ```bash
66
- cw -q "What are the risks?" --link https://github.com/owner/repo
67
- cw -q "What are the risks?" --link git@gitlab.com:owner/repo.git --ref v1.2.0
68
- ```
69
-
70
- Works with GitHub, GitLab, Bitbucket, self-hosted git, `ssh://`, and `file://` — **and with
71
- downloadable archives** (`.tar.gz`/`.tgz`/`.tar`/`.zip`, e.g. a GitHub "Download ZIP" link),
72
- which are fetched, extracted, and snapshotted into a local repo before review. The clone is
73
- cached under `~/.local/state/cool-workflow/clones/` and reused on the next question (`--refresh`
74
- re-fetches; manage with `cw clones list` / `cw clones gc`). The report records the exact origin —
75
- `Source: <url>@<commit>` — and a tamper-evident `source.clone` event you can re-prove with
76
- `cw audit verify`. A private repo with no credentials **fails closed** (it never hangs on a
77
- prompt). Validate without fetching: `cw -q "…" --link <url> --check`.
78
-
79
- As it runs you see CW's own phases tick by, then a clean summary — no env vars needed:
80
-
81
- ```text
82
- ==> Map ✓ (6/6)
83
- ==> Assess ✓ (6/6)
84
- ==> Verdict ✓
85
-
86
- ✓ Report: /path/to/project/.cw/runs/<run-id>/report.md
87
- ✓ Status: complete — 14/14
88
- Next: cw report <run-id> --show
63
+ cw -q "What are the main risks here?"
89
64
  ```
90
65
 
91
- If something is off, the error hands you the next move e.g. `Try: cw doctor` when no
92
- agent is configured. Pipe-clean: with `--json`, stdout is pure data and all of this chrome
93
- goes to stderr (TTY only).
94
-
95
- ### 3. Open the report
66
+ CW auto-detects the current repo and the first agent on your `PATH`. Pin a specific one with a flag
67
+ (`-claude`, `-codex`, `-gemini`, `-deepseek`). Point it anywhere no `cd` required or review a
68
+ **remote repo by URL** and CW clones, snapshots, and reviews the checkout:
96
69
 
97
70
  ```bash
98
- cat .cw/runs/<run-id>/report.md
99
- # findings with clickable file.ts:42 pointers for every claim
71
+ cw -q "What are the security risks?" -dir /path/to/project
72
+ cw -q "What are the risks?" --link https://github.com/owner/repo
100
73
  ```
101
74
 
102
- ## What Else Can It Do?
75
+ **Not just code.** Aim CW at a folder of docs, notes, or papers and it reads them as sources for the
76
+ same saved, cited report:
103
77
 
104
78
  ```bash
105
- cw version # show version
106
- cw update # update to latest release
107
- cw doctor # check your setup
108
- cw fix # show fix commands for setup issues
79
+ cw quickstart research-synthesis --repo /path/to/papers \
80
+ --question "What do these papers conclude?"
109
81
  ```
110
82
 
111
- | Workflow | Does |
112
- |---|---|
113
- | `architecture-review` | Map a repo, rank risks, back every claim with evidence |
114
- | `pr-review-fix-ci` | Review a pull request, suggest fixes, verify CI |
115
- | `research-synthesis` | Answer a question with fact-backed research |
116
- | `release-cut` | Run a gated, reviewed release |
117
-
118
- **Multi-agent, when you need it.** Fan work out across agents with built-in topologies,
119
- compose flows (a task can run a whole child workflow with `subWorkflow`, or a `loop()` phase
120
- can keep iterating until a predicate or a token budget says stop) — and re-run fast:
121
- `cw run <app> --drive --incremental` reuses every step whose inputs didn't change.
122
-
123
- CW also has an **MCP** surface — **Claude Desktop, Cursor, and VS Code call CW as a tool**, so
124
- your agent can plan a run, drive it, and verify a report without leaving the editor.
125
-
126
- ## Can I Trust the Report?
127
-
128
- CW does not run the AI model — it keeps the books. The agent signs its findings (ed25519), and
129
- `cw report verify-bundle` checks — offline, with nothing but the public key — that every signed
130
- finding is in the report **unaltered**: edit a finding, in the report or in the agent's own result,
131
- and the check fails. CW holds no private key — the agent signs, CW only verifies.
132
-
133
- ```bash
134
- cw demo tamper # proves it in 30s — edits a signed result, watch it fail
135
- cw telemetry verify <run-id> # checks a real run
136
- cw audit verify <run-id> # re-proves the trust-audit hash chain
137
- ```
83
+ ### 3 · Open the report
138
84
 
139
- Give the report to another person they need nothing but the file:
85
+ The command prints the path. Every finding carries a clickable `file.ts:42` pointer:
140
86
 
141
87
  ```bash
142
- cw -q "…" --bundle # seal into one portable file
143
- cw report verify-bundle report.cwrun.json # they check it offline
144
- cw report verify-bundle report.cwrun.json \
145
- --require-signatures # …and insist the findings are signed
88
+ cat .cw/runs/<run-id>/report.md
146
89
  ```
147
90
 
148
- This attests the agent's **signed findings** not that the report holds nothing else, and not that
149
- none were left out. CW has no key to sign the rendered report, and a determined re-chainer can drop a
150
- signed finding entirely — so check the findings you act on against the signed results. For exactly
151
- what is and is not proven, see the [Trust Model](docs/trust-model.md).
152
-
153
- ## Troubleshooting
154
-
155
- | Problem | Fix |
156
- |---|---|
157
- | No agent found | Run `cw doctor` — it shows which agents are on your machine |
158
- | `status: blocked` | CW failing closed (it never makes up a result). Set `CW_AGENT_COMMAND=builtin:claude` or pass `-claude`; `cw doctor` names the exact reason |
159
- | `claude: command not found` | Install Claude Code (`npm install -g @anthropic-ai/claude-code`) and run again |
160
- | Where is my report? | `<repo>/.cw/runs/<id>/report.md` |
161
- | Preflight before a spawn | `cw quickstart --check` — a zero-write check |
91
+ While it runs you get a calm, Claude-Code-style live view a compact rolling window of tool calls
92
+ that updates in place instead of an endless wall and a clean findings table when it's done.
162
93
 
163
94
  ---
164
95
 
165
- The rest of this README is the **developer / operator reference**: the build loop, repo
166
- structure, the full command surface, scheduling, and the result-envelope contract.
167
-
168
- ## Developer Loop
169
-
170
- Use the shortest check that fits the change (from `plugins/cool-workflow/`):
171
-
172
- ```bash
173
- cd plugins/cool-workflow
174
- npm run build
175
- node test/<nearest-smoke>.js
176
- npm run test:fast
177
- ```
178
-
179
- For a source checkout, `cw doctor --onramp --changed-from origin/main` gives the
180
- nearest smoke tests and release gate commands for the current change. Before a
181
- release, run `npm run release:check`.
182
-
183
- ## Structure
96
+ ## Why Cool Workflow
184
97
 
185
- ```text
186
- cool-workflow
187
- skills/cool-workflow/SKILL.md
188
- src/
189
- dist/
190
- scripts/cw.js
191
- workflows/architecture-review.workflow.js
192
- workflows/research-synthesis.workflow.js
193
- apps/architecture-review/app.json
194
- apps/end-to-end-golden-path/app.json
195
- apps/pr-review-fix-ci/app.json
196
- apps/release-cut/app.json
197
- apps/research-synthesis/app.json
198
- apps/workflow-app-framework-demo/app.json
199
- docs/index.md
200
- docs/getting-started.md
201
- docs/coordinator-blackboard.7.md
202
- docs/multi-agent-runtime-core.7.md
203
- docs/multi-agent-eval-replay-harness.7.md
204
- docs/dogfood-one-real-repo.7.md
205
- docs/release-and-migration.7.md
206
- docs/agent-framework.md
207
- docs/unix-principles.md
208
- docs/mcp-app-surface.7.md
209
- docs/operator-ux.7.md
210
- docs/workflow-app-framework.7.md
211
- docs/sandbox-profiles.7.md
212
- docs/candidate-scoring.7.md
213
- docs/verifier-gated-commit.7.md
214
- docs/run-registry-control-plane.7.md
215
- docs/execution-backends.7.md
216
- ```
217
-
218
- ## Commands
219
-
220
- Installed via npm, the bin is `cw` (alias `cool-workflow`): e.g. `cw list`,
221
- `cw quickstart …`. From a cloned source checkout, before `npm run build`, use the
222
- matching `node scripts/cw.js <cmd>` form shown in the examples below.
223
-
224
- List bundled workflows:
225
-
226
- ```bash
227
- node scripts/cw.js list
228
- ```
98
+ Most agent tooling runs a whole task as one long prompt, then hands you a chat message. When the work
99
+ is long, parallel, or high-stakes, you can't tell what happened or trust the result. CW treats it as a
100
+ **runtime problem** — and rests on four commitments:
229
101
 
230
- List, inspect, validate, and create workflow apps:
231
-
232
- ```bash
233
- node scripts/cw.js app list
234
- node scripts/cw.js app show architecture-review
235
- node scripts/cw.js app validate apps/architecture-review/app.json
236
- node scripts/cw.js app show pr-review-fix-ci
237
- node scripts/cw.js app show release-cut
238
- node scripts/cw.js app show research-synthesis
239
- node scripts/cw.js app show workflow-app-framework-demo
240
- node scripts/cw.js app validate apps/workflow-app-framework-demo/app.json
241
- node scripts/cw.js app validate end-to-end-golden-path
242
- node scripts/cw.js app package architecture-review
243
- node scripts/cw.js app init my-app --title "My App"
244
- ```
245
-
246
- Compose flows from smaller verified ones (app-authoring surface, `workflow-api.ts`):
247
-
248
- - **Sub-workflow nesting** — a task can run a whole child app instead of one agent:
249
- `subWorkflow(id, appId, { inputs?, bindResult? })`. The drive plans and drives the
250
- child, then binds its report (or verdict result) back as the task's result, so the
251
- parent's verifier/schema gate consumes it like any other. Leaf work stays external-agent
252
- delegation at every depth; recursion is depth- and cycle-bounded, fail-closed.
253
- - **Bounded dynamic loops** — converge without unbounded recursion:
254
- `loop(name, tasks, { maxRounds, until })` is a per-round template. After each round a
255
- named, registered pure predicate (`until: { kind: "predicate", ref }`) decides whether to
256
- append another round or stop, hard-capped at `maxRounds`; built-ins `no-new-findings` and
257
- `single-round`. Or scale by budget — `until: { kind: "budget-target", target }` keeps
258
- going while recorded (attested-only) usage stays under `target`, with the fail-closed
259
- `limits.tokenBudget` cap as the absolute backstop. Predicates are registry refs (not
260
- closures), so runs replay byte-identically; an unregistered predicate stops fail-closed.
261
-
262
- Create a reusable workflow script:
263
-
264
- ```bash
265
- node scripts/cw.js init my-workflow --title "My Workflow"
266
- ```
267
-
268
- Create a run:
269
-
270
- ```bash
271
- node scripts/cw.js plan architecture-review \
272
- --repo /path/to/repo \
273
- --question "Is this architecture sound?" \
274
- --invariant "single-box self-hosted"
275
- ```
276
-
277
- Inspect a run as an operator:
278
-
279
- ```bash
280
- node scripts/cw.js status <run-id>
281
- node scripts/cw.js status <run-id> --json
282
- node scripts/cw.js graph <run-id>
283
- node scripts/cw.js graph <run-id> --json
284
- node scripts/cw.js report <run-id> --show
285
- node scripts/cw.js topology summary <run-id>
286
- node scripts/cw.js topology graph <run-id>
287
- node scripts/cw.js worker summary <run-id>
288
- node scripts/cw.js multi-agent summary <run-id>
289
- node scripts/cw.js multi-agent graph <run-id>
290
- node scripts/cw.js candidate summary <run-id>
291
- node scripts/cw.js feedback summary <run-id>
292
- node scripts/cw.js commit summary <run-id>
293
- node scripts/cw.js state check <run-id>
294
- ```
102
+ | Commitment | What it means for you |
103
+ |---|---|
104
+ | **Model as fuel, not engine** | CW never calls a model API. Execution is always delegated to your agent, so the backend is swappable and your credentials and code never leave your machine. |
105
+ | **Evidence-gated decisions** | Every adopted result records its **basis, authority, rationale, and the alternative it beat.** Missing evidence doesn't slip through — it fails closed to a visible `unexplained` state. |
106
+ | **Deterministic, local replay** | Every step is plain JSON under `.cw/runs/<id>/` — read it, diff it, resume it, replay it. No hidden database; the runtime never *guesses* success. |
107
+ | **Vendor-neutral by design** | One source-of-truth manifest generates every vendor adapter (Claude, Codex, …) over a shared CLI + MCP runtime, with a fail-closed drift check. No lock-in, no forked logic. |
295
108
 
296
- MCP hosts can drive the same flow with JSON tools:
109
+ ## How It Works
297
110
 
298
- ```text
299
- cw_app_run -> cw_dispatch -> cw_worker_manifest -> cw_worker_output
300
- -> cw_candidate_register -> cw_candidate_score -> cw_candidate_select
301
- -> cw_commit -> cw_operator_report
302
- ```
111
+ CW is a small TypeScript tool with **zero runtime dependencies**. It drives your agent over a repo — or
112
+ any folder in saved, replayable stages, writing everything to disk as inspectable files. It never
113
+ imports a model SDK or stores an API key.
303
114
 
304
- MCP also exposes topology tools:
115
+ <div align="center">
116
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-pipeline.png" alt="The CW pipeline: ask, plan, dispatch (delegated to your agent), verify (evidence gate, fails closed), commit verified state, and a saved, cited, signed report — every step recorded as durable .cw/ JSON." width="100%">
117
+ </div>
305
118
 
306
119
  ```text
307
- cw_topology_list
308
- cw_topology_show
309
- cw_topology_validate
310
- cw_topology_apply
311
- cw_topology_summary
312
- cw_topology_graph
313
- ```
314
-
315
- List, inspect, validate, and apply official multi-agent topologies:
316
-
317
- ```bash
318
- node scripts/cw.js topology list
319
- node scripts/cw.js topology show map-reduce
320
- node scripts/cw.js topology show debate
321
- node scripts/cw.js topology show judge-panel
322
- node scripts/cw.js topology validate map-reduce
323
- node scripts/cw.js topology apply <run-id> map-reduce --task <task-id> --mappers 2
324
- node scripts/cw.js topology apply <run-id> debate --id debate-round --rounds 2
325
- node scripts/cw.js topology apply <run-id> judge-panel --judgeCount 3
326
- node scripts/cw.js topology summary <run-id>
327
- node scripts/cw.js topology summary <run-id> --json
328
- node scripts/cw.js topology graph <run-id>
329
- node scripts/cw.js topology graph <run-id> --json
330
- node scripts/cw.js topology show <run-id> <topology-run-id>
120
+ ask simple → run simple → verify simple → resume simple
331
121
  ```
332
122
 
333
- Topology runs are kept under `.cw/runs/<run-id>/topologies/`, pointed to from
334
- `state.json`, put into operator status and graph output, and counted in the
335
- trust audit summary.
336
-
337
- Create a dispatch manifest for the current runnable phase:
338
-
339
- ```bash
340
- node scripts/cw.js dispatch <run-id> --limit 6
341
- node scripts/cw.js dispatch <run-id> --sandbox readonly
342
- node scripts/cw.js dispatch <run-id> --multi-agent-run ma --multi-agent-group group --multi-agent-role role
343
- node scripts/cw.js dispatch <run-id> --multi-agent-fanout <fanout-id>
344
- ```
123
+ ## What You Can Run
345
124
 
346
- Inspect sandbox profiles:
125
+ | Workflow | What it produces |
126
+ |---|---|
127
+ | `architecture-review` | Map a repo, rank risks, and back every claim with `file:line` evidence |
128
+ | `pr-review-fix-ci` | Review a PR or branch, diagnose CI, and propose + verify fixes |
129
+ | `research-synthesis` | Answer a question over a local folder of files — your docs, notes, or papers |
130
+ | `release-cut` | Run a gated, reviewed release with dry-run evidence |
347
131
 
348
132
  ```bash
349
- node scripts/cw.js sandbox list
350
- node scripts/cw.js sandbox show readonly
351
- node scripts/cw.js sandbox validate ./site-sandbox.json
133
+ cw app list # see everything installed
134
+ cw doctor # check your setup → cw fix shows the fix commands
352
135
  ```
353
136
 
354
- Record an agent result after a worker finishes:
355
-
356
- ```bash
357
- node scripts/cw.js result <run-id> <task-id> path/to/result.md
358
- ```
137
+ **Multi-agent, when you need it.** Fan work out across agents with built-in topologies, compose flows
138
+ (a task can run a whole child workflow with `subWorkflow`, or a `loop()` phase can iterate until a
139
+ predicate or token budget says stop), and re-run fast — `cw run <app> --drive --incremental` reuses
140
+ every step whose inputs didn't change.
359
141
 
360
- Register, score, rank, and verifier-gate a candidate output:
142
+ <div align="center">
143
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/topologies.svg" alt="Built-in multi-agent topologies: map-reduce (fan out, fold in), debate (argue then draw a verdict), and judge-panel (N independent judges score one candidate)." width="92%">
144
+ </div>
361
145
 
362
- ```bash
363
- node scripts/cw.js candidate register <run-id> --worker <worker-id>
364
- node scripts/cw.js candidate score <run-id> <candidate-id> \
365
- --criterion correctness=4 \
366
- --criterion evidence=4 \
367
- --criterion fit=2 \
368
- --maxTotal 10 \
369
- --evidence /path/to/file.ts:42
370
- node scripts/cw.js candidate rank <run-id>
371
- node scripts/cw.js candidate select <run-id> <candidate-id> --reason "verified winner"
372
- ```
146
+ ## Can You Trust the Report?
373
147
 
374
- Create a deterministic state commit:
148
+ CW doesn't run the model — it keeps the books. Your agent signs its findings (**ed25519**), and
149
+ `cw report verify-bundle` checks — **offline, with nothing but the public key** — that every signed
150
+ finding is in the report unaltered. Edit a finding, in the report or in the agent's own result, and the
151
+ check fails. CW holds no private key: the agent signs, CW only verifies.
375
152
 
376
153
  ```bash
377
- node scripts/cw.js commit <run-id> --verifier <node-id> --reason "verified result"
378
- node scripts/cw.js commit <run-id> --selection <selection-id> --reason "verified winner"
379
- node scripts/cw.js commit <run-id> --allow-unverified-checkpoint --reason "manual checkpoint"
154
+ cw demo tamper # proves it in 30s — edits a signed result, watch it fail
155
+ cw -q "…" --bundle # seal a run into one portable file
156
+ cw report verify-bundle report.cwrun.json # anyone can re-check it offline, with just the file
380
157
  ```
381
158
 
382
- The first two commands make verifier-gated committed state. The last command
383
- makes a clear non-gated checkpoint.
159
+ This attests the agent's **signed findings** not that nothing else was added or that nothing was left
160
+ out. For exactly what is and isn't proven, see the **[Trust Model](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)**.
384
161
 
385
- Render a report:
162
+ ## Use It From Your Editor
386
163
 
387
- ```bash
388
- node scripts/cw.js report <run-id>
389
- ```
164
+ CW exposes the same runtime over **MCP** — **Claude Desktop, Cursor, and VS Code call CW as a tool**, so
165
+ your agent can plan a run, drive it, and verify a report without leaving the editor. CLI and MCP share
166
+ one registry and are parity-checked. See the **[Wiki](https://github.com/coo1white/cool-workflow/wiki)**.
390
167
 
391
- Look after runs across repos with the control plane (derived, fail-closed registry):
392
-
393
- ```bash
394
- node scripts/cw.js registry refresh --scope home
395
- node scripts/cw.js run search --app architecture-review --status failed
396
- node scripts/cw.js run show <run-id>
397
- node scripts/cw.js run resume <run-id>
398
- node scripts/cw.js run resume <run-id> --drive --incremental # re-drive, reusing every step whose inputs are unchanged
399
- node scripts/cw.js run rerun <failed-run-id> --reason "retry"
400
- node scripts/cw.js run archive <run-id> --reason "old"
401
- node scripts/cw.js queue add --app release-cut --priority 10
402
- node scripts/cw.js queue list
403
- node scripts/cw.js queue drain --limit 1
404
- node scripts/cw.js history --scope home --json
405
- ```
406
-
407
- Run the deterministic release golden path:
168
+ ## Troubleshooting
408
169
 
409
- ```bash
410
- npm run dogfood:release
411
- npm run release:check
412
- npm run canonical-apps
413
- npm run golden-path
414
- npm run fixture-compat
415
- npm run version:sync
416
- npm test
417
- ```
170
+ | Problem | Fix |
171
+ |---|---|
172
+ | No agent found | `cw doctor` — shows which agents are on your machine |
173
+ | `status: blocked` | Set `CW_AGENT_COMMAND=builtin:claude` or pass `-claude` |
174
+ | `claude: command not found` | Install Claude Code and run again |
175
+ | Where is my report? | `<repo>/.cw/runs/<id>/report.md` |
418
176
 
419
- Run data lives under `.cw/runs/<run-id>/` in `--cwd`, or in `--repo` when
420
- `--cwd` is left out.
177
+ ## Docs & Wiki
421
178
 
422
- Build the TypeScript runtime:
179
+ New here? Start with the **[Wiki](https://github.com/coo1white/cool-workflow/wiki)**
180
+ [Getting Started](https://github.com/coo1white/cool-workflow/wiki/Getting-Started) ·
181
+ [Mental Model](https://github.com/coo1white/cool-workflow/wiki/Mental-Model) ·
182
+ [Glossary](https://github.com/coo1white/cool-workflow/wiki/Glossary) ·
183
+ [Trust & Audit](https://github.com/coo1white/cool-workflow/wiki/Trust-And-Audit)
423
184
 
424
- ```bash
425
- npm install --no-package-lock
426
- npm run build
427
- ```
185
+ Building on CW? See the [Getting Started doc](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/getting-started.md),
186
+ [Project Index](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/project-index.md), and
187
+ [CLI MCP Parity](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/cli-mcp-parity.7.md).
428
188
 
429
- See [docs/agent-framework.md](docs/agent-framework.md) for the developer contract.
430
- See [docs/index.md](docs/index.md) for a docs map.
431
- See [docs/getting-started.md](docs/getting-started.md) for a clone-to-run path.
432
- See [docs/release-and-migration.7.md](docs/release-and-migration.7.md) for
433
- release and migration discipline.
434
- See [docs/dogfood-one-real-repo.7.md](docs/dogfood-one-real-repo.7.md) for the
435
- real-repository dogfood release proof.
436
- See [docs/operator-ux.7.md](docs/operator-ux.7.md) for the operator command
437
- surface.
438
- See [docs/workflow-app-framework.7.md](docs/workflow-app-framework.7.md) for the app
439
- contract.
440
- See [docs/canonical-workflow-apps.7.md](docs/canonical-workflow-apps.7.md) for
441
- the canonical app matrix.
442
- See [docs/candidate-scoring.7.md](docs/candidate-scoring.7.md) for the
443
- candidate scoring file contract.
444
- See [docs/verifier-gated-commit.7.md](docs/verifier-gated-commit.7.md) for the
445
- commit gate contract.
446
- See [docs/sandbox-profiles.7.md](docs/sandbox-profiles.7.md) for the sandbox
447
- profile contract.
448
- See [docs/end-to-end-golden-path.7.md](docs/end-to-end-golden-path.7.md) for
449
- the release golden path contract.
450
- See [docs/run-registry-control-plane.7.md](docs/run-registry-control-plane.7.md)
451
- for the cross-repo run registry / control plane contract.
189
+ CW dogfoods its own release process — every cut runs the `release-cut` workflow against this repo.
452
190
 
453
191
  ## License
454
192
 
455
- CW is released under the BSD-2-Clause License.
456
-
457
- ## Scheduled Tasks
458
-
459
- ```bash
460
- node scripts/cw.js loop --intervalMinutes 30 --prompt "Continue this workflow."
461
- node scripts/cw.js schedule create --kind loop --intervalMinutes 30 --prompt "Continue this workflow."
462
- node scripts/cw.js schedule due
463
- node scripts/cw.js schedule pause <schedule-id>
464
- node scripts/cw.js schedule resume <schedule-id>
465
- node scripts/cw.js schedule run-now <schedule-id>
466
- node scripts/cw.js schedule history <schedule-id>
467
- node scripts/cw.js schedule daemon --once
468
- ```
469
-
470
- See [docs/scheduled-tasks.md](docs/scheduled-tasks.md).
471
-
472
- ## Routine-Style Triggers
473
-
474
- ```bash
475
- node scripts/cw.js routine create --kind api --prompt "Handle this API event."
476
- node scripts/cw.js routine create --kind github --prompt "Handle this GitHub event."
477
- node scripts/cw.js routine fire api payload.json
478
- node scripts/cw.js routine events
479
- ```
480
-
481
- ## Result Envelope
482
-
483
- Verification and synthesis tasks need a structured result block:
484
-
485
- ````text
486
- ```cw:result
487
- {
488
- "summary": "short summary",
489
- "findings": [
490
- {
491
- "id": "risk-1",
492
- "classification": "real",
493
- "severity": "P1",
494
- "evidence": ["/absolute/path/file.ts:42"]
495
- }
496
- ],
497
- "evidence": ["/absolute/path/file.ts:42"]
498
- }
499
- ```
500
- ````
501
-
502
- ## 0.1.89 (v0.1.89)
503
-
504
- Headline golden-path fixes: `cw -q "question"` asks the question (was read as an app id), auto-detects the cwd as the repo (run anywhere, no `--repo`/`cd`), and `cw help` renders a clean wrapped command list with a trailing newline; plus a vendor-agnostic UI/UX prevention gate (a headline-command smoke + a real `npm install -g` run-from-anywhere smoke) so a CLI-surface regression can't ship invisibly again.
505
-
506
- ## 0.1.88 (v0.1.88)
507
-
508
- Orchestration-parity for the agent drive — inline `subWorkflow()` nesting, bounded dynamic `loop()` phases (a `predicate` or a `budget-target` token `until`), and `cw run --drive --incremental` step-level resume; the agent now signs its findings (result-bound ed25519) and `cw report verify-bundle --require-signatures` proves offline that every signed finding is in the report unaltered; CLI simplified to 6 commands with agent streaming on by default; path-traversal run ids refused on archive import.
509
-
510
- ## 0.1.87 (v0.1.87)
511
-
512
- npm test parallel, 4-vendor wrappers (Claude/Codex/Gemini/OpenCode), Homebrew-style CLI UX (colors/did-you-mean/categorized help/error tips/cw info/cw search/cw man/doctor --fix), post-success summaries, agent execution timing
513
-
514
- v0.1.90
515
-
516
- v0.1.91
193
+ BSD-2-Clause. Built by COOLWHITE LLC.