cool-workflow 0.1.91 → 0.1.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/README.md +111 -434
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/architecture-review-fast/workflow.js +15 -2
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/apps/research-synthesis/workflow.js +1 -1
- package/dist/capability-core.js +47 -0
- package/dist/capability-registry.js +2 -0
- package/dist/cli/command-surface.js +165 -1352
- package/dist/cli/format.js +56 -0
- package/dist/cli/handlers/audit.js +82 -0
- package/dist/cli/handlers/blackboard.js +81 -0
- package/dist/cli/handlers/candidate.js +40 -0
- package/dist/cli/handlers/clones.js +34 -0
- package/dist/cli/handlers/collaboration.js +61 -0
- package/dist/cli/handlers/eval.js +40 -0
- package/dist/cli/handlers/maintenance.js +107 -0
- package/dist/cli/handlers/multi-agent.js +165 -0
- package/dist/cli/handlers/node.js +41 -0
- package/dist/cli/handlers/operational.js +155 -0
- package/dist/cli/handlers/operator.js +146 -0
- package/dist/cli/handlers/registry.js +68 -0
- package/dist/cli/handlers/run.js +153 -0
- package/dist/cli/handlers/scheduling.js +126 -0
- package/dist/cli/handlers/workbench.js +41 -0
- package/dist/cli/handlers/worker.js +45 -0
- package/dist/cli/io.js +27 -0
- package/dist/cli/run-summary.js +45 -0
- package/dist/commit.js +0 -5
- package/dist/doctor.js +1 -0
- package/dist/execution-backend.js +0 -11
- package/dist/mcp/tool-call.js +2 -0
- package/dist/mcp/tool-definitions.js +8 -0
- package/dist/orchestrator/app-operations.js +205 -0
- package/dist/orchestrator/report.js +6 -1
- package/dist/orchestrator.js +41 -153
- package/dist/state-explosion.js +0 -7
- package/dist/term.js +0 -18
- package/dist/validation.js +0 -21
- package/dist/version.js +1 -1
- package/docs/agent-delegation-drive.7.md +2 -0
- package/docs/canonical-workflow-apps.7.md +12 -0
- package/docs/cli-mcp-parity.7.md +18 -1
- package/docs/contract-migration-tooling.7.md +2 -0
- package/docs/control-plane-scheduling.7.md +2 -0
- package/docs/durable-state-and-locking.7.md +2 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +2 -0
- package/docs/execution-backends.7.md +2 -0
- package/docs/mcp-app-surface.7.md +12 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +2 -0
- package/docs/multi-agent-eval-replay-harness.7.md +2 -0
- package/docs/multi-agent-operator-ux.7.md +2 -0
- package/docs/node-snapshot-diff-replay.7.md +2 -0
- package/docs/observability-cost-accounting.7.md +2 -0
- package/docs/project-index.md +15 -3
- package/docs/real-execution-backends.7.md +2 -0
- package/docs/release-and-migration.7.md +2 -0
- package/docs/release-tooling.7.md +11 -0
- package/docs/run-registry-control-plane.7.md +26 -2
- package/docs/run-retention-reclamation.7.md +2 -0
- package/docs/state-explosion-management.7.md +2 -0
- package/docs/team-collaboration.7.md +2 -0
- package/docs/web-desktop-workbench.7.md +2 -0
- package/manifest/plugin.manifest.json +1 -1
- package/package.json +3 -1
- package/scripts/agents/agent-adapter-core.js +179 -28
- package/scripts/agents/claude-p-agent.js +24 -7
- package/scripts/agents/codex-agent.js +1 -1
- package/scripts/agents/gemini-agent.js +1 -1
- package/scripts/agents/opencode-agent.js +1 -1
- package/scripts/architecture-review-fast.js +19 -5
- package/scripts/bump-version.js +20 -1
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-release.js +1 -1
- package/scripts/golden-path.js +4 -4
- package/scripts/parity-check.js +9 -1
- package/scripts/release-check.js +5 -1
- package/scripts/sync-readme.js +123 -0
- package/scripts/version-sync-check.js +10 -1
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"id": "architecture-review",
|
|
4
4
|
"title": "Architecture Review",
|
|
5
5
|
"summary": "Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict.",
|
|
6
|
-
"version": "0.1.
|
|
6
|
+
"version": "0.1.93",
|
|
7
7
|
"author": "COOLWHITE LLC",
|
|
8
8
|
"inputs": [
|
|
9
9
|
{
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"id": "architecture-review-fast",
|
|
4
4
|
"title": "Architecture Review Fast",
|
|
5
5
|
"summary": "Run a shorter architecture review with parallel map and assess phases for faster first results.",
|
|
6
|
-
"version": "0.1.
|
|
6
|
+
"version": "0.1.93",
|
|
7
7
|
"author": "COOLWHITE LLC",
|
|
8
8
|
"inputs": [
|
|
9
9
|
{
|
|
@@ -100,7 +100,14 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
|
|
|
100
100
|
"Confirm real risks, downgrade unsupported claims, and list exact file paths, commands, logs, or unknowns.",
|
|
101
101
|
"The cw:result evidence array must cite durable locators."
|
|
102
102
|
].join(" "),
|
|
103
|
-
strongOptions("Evidence verifier", {
|
|
103
|
+
strongOptions("Evidence verifier", {
|
|
104
|
+
requiresEvidence: true,
|
|
105
|
+
// Cache the (expensive, ~146s live) verification by source digest +
|
|
106
|
+
// ALL upstream phase result digests. A hit only when source AND every
|
|
107
|
+
// Map/Assess output are byte-identical; the cached result still passes
|
|
108
|
+
// worker-output validation (requiresEvidence stays enforced).
|
|
109
|
+
resultCache: sourceContextResultCache({ includeCompletedResults: "previous-phases" })
|
|
110
|
+
})
|
|
104
111
|
)
|
|
105
112
|
]),
|
|
106
113
|
phase("Verdict", [
|
|
@@ -113,7 +120,13 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
|
|
|
113
120
|
"State when the full architecture-review app should be scheduled as a background routine.",
|
|
114
121
|
"The cw:result evidence array must support the final verdict."
|
|
115
122
|
].join(" "),
|
|
116
|
-
strongOptions("Fast verdict synthesizer", {
|
|
123
|
+
strongOptions("Fast verdict synthesizer", {
|
|
124
|
+
requiresEvidence: true,
|
|
125
|
+
// Cache the (~294s live, largest phase) synthesis by source digest +
|
|
126
|
+
// all upstream (Map/Assess/Verify) result digests. Busts on any
|
|
127
|
+
// upstream change; cached verdict re-passes evidence validation.
|
|
128
|
+
resultCache: sourceContextResultCache({ includeCompletedResults: "previous-phases" })
|
|
129
|
+
})
|
|
117
130
|
)
|
|
118
131
|
])
|
|
119
132
|
]
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"id": "pr-review-fix-ci",
|
|
4
4
|
"title": "PR Review Fix CI",
|
|
5
5
|
"summary": "Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence.",
|
|
6
|
-
"version": "0.1.
|
|
6
|
+
"version": "0.1.93",
|
|
7
7
|
"author": "COOLWHITE LLC",
|
|
8
8
|
"inputs": [
|
|
9
9
|
{
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"id": "release-cut",
|
|
4
4
|
"title": "Release Cut",
|
|
5
5
|
"summary": "Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification.",
|
|
6
|
-
"version": "0.1.
|
|
6
|
+
"version": "0.1.93",
|
|
7
7
|
"author": "COOLWHITE LLC",
|
|
8
8
|
"inputs": [
|
|
9
9
|
{
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"id": "research-synthesis",
|
|
4
4
|
"title": "Research Synthesis",
|
|
5
5
|
"summary": "Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer.",
|
|
6
|
-
"version": "0.1.
|
|
6
|
+
"version": "0.1.93",
|
|
7
7
|
"author": "COOLWHITE LLC",
|
|
8
8
|
"inputs": [
|
|
9
9
|
{
|
|
@@ -41,7 +41,7 @@ module.exports = ({ workflow, phase, agent, artifact, input }) => {
|
|
|
41
41
|
phase("Investigate", [
|
|
42
42
|
agent(
|
|
43
43
|
"investigate:primary-sources",
|
|
44
|
-
"Investigate primary or official sources first from {{source}} for {{question}}. Return source titles, dates, authors or publishers, durable locators, key claims, and uncertainty. Mark missing retrieval needs explicitly.",
|
|
44
|
+
"Investigate primary or official sources first from {{source}} for {{question}}. The local files in your working directory are also possible primary sources: list them first, then read the ones that help and cite their paths. Return source titles, dates, authors or publishers, durable locators (a local file path with optional :line, or a URL), key claims, and uncertainty. Mark missing retrieval needs explicitly.",
|
|
45
45
|
{ sandboxProfileId: "readonly" }
|
|
46
46
|
),
|
|
47
47
|
agent(
|
package/dist/capability-core.js
CHANGED
|
@@ -40,6 +40,7 @@ exports.runExportArchive = runExportArchive;
|
|
|
40
40
|
exports.runImportArchive = runImportArchive;
|
|
41
41
|
exports.runInspectArchive = runInspectArchive;
|
|
42
42
|
exports.runVerifyImport = runVerifyImport;
|
|
43
|
+
exports.runRestoreArchive = runRestoreArchive;
|
|
43
44
|
exports.reportBundle = reportBundle;
|
|
44
45
|
exports.runVerifyReportBundle = runVerifyReportBundle;
|
|
45
46
|
exports.queueAdd = queueAdd;
|
|
@@ -313,6 +314,52 @@ function runInspectArchive(_runner, args) {
|
|
|
313
314
|
function runVerifyImport(runner, runId, args) {
|
|
314
315
|
return (0, run_export_1.verifyImportedRun)(runner.withBaseDir(optionalString(args.cwd)).loadRun(runId));
|
|
315
316
|
}
|
|
317
|
+
// Fail-closed atomic restore of a portable run archive. `run import` runs a
|
|
318
|
+
// verification (importRun returns it as ImportResult.verification) but does NOT
|
|
319
|
+
// fail on it — it exits 0 even when the telemetry-ledger or trust-audit hash chain
|
|
320
|
+
// does not verify, so a chain-tampered run imports with a fabricated success.
|
|
321
|
+
// `run restore` closes that gap in ONE step: it integrity-INSPECTS the archive
|
|
322
|
+
// FIRST (writing nothing), refuses a bad bundle before any import, then IMPORTS
|
|
323
|
+
// and REUSES importRun's verification verdict — reporting ok:true ONLY when verify
|
|
324
|
+
// passes. Pure composition of the existing functions (inspectArchive + importRun,
|
|
325
|
+
// whose own verification we reuse); no new crypto or IO logic, and no second
|
|
326
|
+
// re-hash. The CLI/MCP surfaces map ok:false to exit 1.
|
|
327
|
+
function runRestoreArchive(runner, args) {
|
|
328
|
+
const base = invocationCwd(args);
|
|
329
|
+
const archive = optionalString(args.archive || args.path || args.file);
|
|
330
|
+
if (!archive)
|
|
331
|
+
throw new Error("run restore requires an archive path (positional, --archive, --path, or --file)");
|
|
332
|
+
const resolvedArchive = node_path_1.default.resolve(base, archive);
|
|
333
|
+
const target = node_path_1.default.resolve(base, optionalString(args.target || args.repo || args.cwd) || base);
|
|
334
|
+
// (1) Integrity-inspect FIRST — read-only, writes nothing. A bad bundle is
|
|
335
|
+
// refused here, before any import touches the target tree (no partial restore).
|
|
336
|
+
const inspect = (0, run_export_1.inspectArchive)(resolvedArchive);
|
|
337
|
+
if (!inspect.ok) {
|
|
338
|
+
return { schemaVersion: 1, ok: false, target, inspect, imported: null, verify: null, registry: null };
|
|
339
|
+
}
|
|
340
|
+
// (2) Intact: import + refresh the target registry (mirrors runImportArchive).
|
|
341
|
+
const imported = (0, run_export_1.importRun)(resolvedArchive, target);
|
|
342
|
+
const registry = new run_registry_1.RunRegistry(target, runner.withBaseDir(target));
|
|
343
|
+
const registryReport = registry.refresh({ scope: "repo" });
|
|
344
|
+
// (3) REUSE the verification importRun already ran — it re-proves the same
|
|
345
|
+
// restored files PLUS the telemetry-ledger and trust-audit hash chains, but
|
|
346
|
+
// returns the verdict WITHOUT throwing. We do NOT re-run verifyImportedRun (that
|
|
347
|
+
// would re-hash every file a second time for no new information). The gap restore
|
|
348
|
+
// closes is exactly that `run import` ships this verdict and exits 0 even when it
|
|
349
|
+
// is false — restore fails-closed on it below (CLI maps ok:false → exit 1).
|
|
350
|
+
const verify = imported.verification;
|
|
351
|
+
return {
|
|
352
|
+
schemaVersion: 1,
|
|
353
|
+
// inspect.ok is guaranteed true here — the corrupt-archive case early-returned
|
|
354
|
+
// above — so the verdict is purely verify.ok (the telemetry/trust-audit chain).
|
|
355
|
+
ok: verify.ok,
|
|
356
|
+
target,
|
|
357
|
+
inspect,
|
|
358
|
+
imported: { ...imported, registry: registryReport },
|
|
359
|
+
verify,
|
|
360
|
+
registry: registryReport
|
|
361
|
+
};
|
|
362
|
+
}
|
|
316
363
|
// Produce-and-prove: export a run to a portable bundle sealed with the operator's
|
|
317
364
|
// trust key (defaulting to CW_AGENT_ATTEST_PUBKEY, same as `run export`), then
|
|
318
365
|
// IMMEDIATELY verify the artifact offline the way a recipient will. The producer
|
|
@@ -395,6 +395,7 @@ const BUILTIN_CAPABILITIES = [
|
|
|
395
395
|
{ capability: "run.import", summary: "Restore a portable run archive into a target repo and verify restored file digests.", entry: "runImportArchive", surface: "both", cli: { path: ["run", "import"], jsonMode: "default" }, mcp: { tool: "cw_run_import", requiredArgs: ["archive|path|file"] } },
|
|
396
396
|
{ capability: "run.verify-import", summary: "Verify an imported run against its restore manifest and telemetry chain.", entry: "runVerifyImport", surface: "both", cli: { path: ["run", "verify-import"], jsonMode: "default" }, mcp: { tool: "cw_run_verify_import", requiredArgs: ["runId"] } },
|
|
397
397
|
{ capability: "run.inspect-archive", summary: "Read-only integrity inspection of a portable run archive without importing it.", entry: "runInspectArchive", surface: "both", cli: { path: ["run", "inspect-archive"], jsonMode: "default" }, mcp: { tool: "cw_run_inspect_archive", requiredArgs: ["archive|path|file"] } },
|
|
398
|
+
{ capability: "run.restore", summary: "Fail-closed restore of a portable run archive: integrity-inspect, import, and verify in one step; refuses anything that does not verify.", entry: "runRestoreArchive", surface: "both", cli: { path: ["run", "restore"], jsonMode: "default" }, mcp: { tool: "cw_run_restore", requiredArgs: ["archive|path|file"] } },
|
|
398
399
|
{ capability: "report.verify-bundle", summary: "Offline self-contained verify of a portable run bundle: archive bytes + telemetry chain + trust-audit chain + embedded-key signatures.", entry: "runVerifyReportBundle", surface: "both", cli: { path: ["report", "verify-bundle"], caseTokens: ["report"], jsonMode: "default" }, mcp: { tool: "cw_report_verify_bundle", requiredArgs: ["archive|path|file|bundle"] } },
|
|
399
400
|
{ capability: "report.bundle", summary: "Produce-and-prove: export a run to a portable bundle sealed with the trust key, then self-verify it offline (fail-closed) so the producer knows it is verifiable before shipping.", entry: "reportBundle", surface: "both", cli: { path: ["report", "bundle"], caseTokens: ["report"], jsonMode: "default" }, mcp: { tool: "cw_report_bundle", requiredArgs: ["runId"] } },
|
|
400
401
|
{ capability: "run.drive", summary: "Preview the next agent-delegation drive step for a run (read-only, deterministic).", entry: "runDrivePreview", surface: "both", cli: { path: ["run", "drive"], caseTokens: ["run", "drive"], jsonMode: "default" }, mcp: { tool: "cw_run_drive" } },
|
|
@@ -655,6 +656,7 @@ const PAYLOAD_PROBE_DEFERRED_GROUPS = [
|
|
|
655
656
|
"run.import",
|
|
656
657
|
"run.verify-import",
|
|
657
658
|
"run.inspect-archive",
|
|
659
|
+
"run.restore",
|
|
658
660
|
"report.verify-bundle",
|
|
659
661
|
"report.bundle",
|
|
660
662
|
"queue.add",
|