cool-workflow 0.1.92 → 0.1.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +104 -129
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/architecture-review-fast/workflow.js +15 -2
  7. package/apps/end-to-end-golden-path/app.json +1 -1
  8. package/apps/pr-review-fix-ci/app.json +1 -1
  9. package/apps/release-cut/app.json +1 -1
  10. package/apps/research-synthesis/app.json +1 -1
  11. package/dist/capability-core.js +47 -0
  12. package/dist/capability-registry.js +2 -0
  13. package/dist/cli/command-surface.js +165 -1352
  14. package/dist/cli/format.js +56 -0
  15. package/dist/cli/handlers/audit.js +82 -0
  16. package/dist/cli/handlers/blackboard.js +81 -0
  17. package/dist/cli/handlers/candidate.js +40 -0
  18. package/dist/cli/handlers/clones.js +34 -0
  19. package/dist/cli/handlers/collaboration.js +61 -0
  20. package/dist/cli/handlers/eval.js +40 -0
  21. package/dist/cli/handlers/maintenance.js +107 -0
  22. package/dist/cli/handlers/multi-agent.js +165 -0
  23. package/dist/cli/handlers/node.js +41 -0
  24. package/dist/cli/handlers/operational.js +155 -0
  25. package/dist/cli/handlers/operator.js +146 -0
  26. package/dist/cli/handlers/registry.js +68 -0
  27. package/dist/cli/handlers/run.js +153 -0
  28. package/dist/cli/handlers/scheduling.js +126 -0
  29. package/dist/cli/handlers/workbench.js +41 -0
  30. package/dist/cli/handlers/worker.js +45 -0
  31. package/dist/cli/io.js +27 -0
  32. package/dist/cli/run-summary.js +45 -0
  33. package/dist/commit.js +0 -5
  34. package/dist/execution-backend.js +0 -11
  35. package/dist/mcp/tool-call.js +2 -0
  36. package/dist/mcp/tool-definitions.js +8 -0
  37. package/dist/orchestrator/app-operations.js +205 -0
  38. package/dist/orchestrator.js +41 -153
  39. package/dist/state-explosion.js +0 -7
  40. package/dist/term.js +0 -18
  41. package/dist/validation.js +0 -21
  42. package/dist/version.js +1 -1
  43. package/docs/agent-delegation-drive.7.md +13 -7
  44. package/docs/cli-mcp-parity.7.md +19 -2
  45. package/docs/contract-migration-tooling.7.md +3 -1
  46. package/docs/control-plane-scheduling.7.md +3 -1
  47. package/docs/durable-state-and-locking.7.md +3 -1
  48. package/docs/evidence-adoption-reasoning-chain.7.md +3 -1
  49. package/docs/execution-backends.7.md +3 -1
  50. package/docs/mcp-app-surface.7.md +12 -0
  51. package/docs/multi-agent-cli-mcp-surface.7.md +3 -1
  52. package/docs/multi-agent-eval-replay-harness.7.md +3 -1
  53. package/docs/multi-agent-operator-ux.7.md +3 -1
  54. package/docs/node-snapshot-diff-replay.7.md +3 -1
  55. package/docs/observability-cost-accounting.7.md +3 -1
  56. package/docs/project-index.md +16 -3
  57. package/docs/real-execution-backends.7.md +3 -1
  58. package/docs/release-and-migration.7.md +3 -1
  59. package/docs/release-tooling.7.md +3 -1
  60. package/docs/run-registry-control-plane.7.md +27 -3
  61. package/docs/run-retention-reclamation.7.md +3 -1
  62. package/docs/state-explosion-management.7.md +3 -1
  63. package/docs/team-collaboration.7.md +3 -1
  64. package/docs/web-desktop-workbench.7.md +3 -1
  65. package/manifest/plugin.manifest.json +1 -1
  66. package/package.json +1 -1
  67. package/scripts/agents/builtin-templates.json +3 -2
  68. package/scripts/agents/claude-p-agent.js +6 -6
  69. package/scripts/agents/codex-agent.js +17 -3
  70. package/scripts/agents/deepseek-agent.js +23 -0
  71. package/scripts/agents/gemini-opencode-agent.js +25 -0
  72. package/scripts/agents/opencode-agent.js +57 -8
  73. package/scripts/architecture-review-fast.js +19 -5
  74. package/scripts/bump-version.js +16 -0
  75. package/scripts/canonical-apps.js +4 -4
  76. package/scripts/dogfood-release.js +1 -1
  77. package/scripts/golden-path.js +4 -4
  78. package/scripts/parity-check.js +9 -1
  79. package/scripts/release-flow.js +35 -0
  80. package/scripts/vendor-preflight.js +127 -0
  81. package/scripts/version-sync-check.js +5 -0
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
3
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
4
- "version": "0.1.92",
4
+ "version": "0.1.94",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
7
7
  },
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.92",
3
+ "version": "0.1.94",
4
4
  "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents — it never runs the models itself.",
5
5
  "author": {
6
6
  "name": "COOLWHITE LLC"
package/README.md CHANGED
@@ -1,217 +1,192 @@
1
1
  <!-- AUTO-GENERATED from /README.md by scripts/sync-readme.js — edit the root README, then run `npm run sync:readme`. DO NOT edit this file directly. -->
2
2
  <div align="center">
3
3
 
4
- # Cool Workflow
4
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-hero.png" alt="Cool Workflow — your AI report, already proven. Point your agent at any repo or folder and get a saved, cited report you can re-verify offline." width="100%">
5
5
 
6
- **Get a saved, cited report from your AI agent — not a chat message you lose.**
6
+ <br><br>
7
7
 
8
- [![CI](https://img.shields.io/github/actions/workflow/status/coo1white/cool-workflow/ci.yml?branch=main&style=flat-square&label=CI)](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
8
+ [![CI](https://img.shields.io/github/actions/workflow/status/coo1white/cool-workflow/ci.yml?branch=main&style=flat-square&label=CI&color=EC6516)](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
9
9
  [![npm](https://img.shields.io/npm/v/cool-workflow?style=flat-square&label=npm&color=cb3837)](https://www.npmjs.com/package/cool-workflow)
10
- [![downloads](https://img.shields.io/npm/dm/cool-workflow?style=flat-square&label=downloads)](https://www.npmjs.com/package/cool-workflow)
10
+ [![downloads](https://img.shields.io/npm/dm/cool-workflow?style=flat-square&label=downloads&color=EC6516)](https://www.npmjs.com/package/cool-workflow)
11
11
  [![provenance](https://img.shields.io/badge/npm-provenance-3178C6?style=flat-square)](https://www.npmjs.com/package/cool-workflow)
12
12
  [![release](https://img.shields.io/github/v/tag/coo1white/cool-workflow?style=flat-square&label=release&color=brightgreen&sort=semver)](https://github.com/coo1white/cool-workflow/tags)
13
13
  [![license](https://img.shields.io/badge/license-BSD--2--Clause-blue?style=flat-square)](https://github.com/coo1white/cool-workflow/blob/main/LICENSE)
14
14
 
15
- <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-hero.svg" alt="Your AI report, already proven — cw demo tamper forges a signed report three ways (ledger, signature, result) and catches every one offline with only the public key." width="100%">
15
+ ### Get a saved, cited report from your AI agent not a chat message you lose.
16
16
 
17
17
  </div>
18
18
 
19
+ Point an AI coding agent at a repo (or any folder of docs) and Cool Workflow turns the run into a
20
+ **durable, inspectable workflow**: it plans the work, delegates each task to *your* agent, records and
21
+ verifies every result, then writes a report where every claim is cited to a `file.ts:42`.
22
+
23
+ > **The model is fuel. CW is the black-box recorder, the dashboard, and the gearbox — never the engine.**
24
+ > It never calls a model API, never holds your keys, and never uploads your code. Your agent spends the
25
+ > tokens; CW keeps the books — as plain JSON on your own disk.
26
+
27
+ ---
28
+
19
29
  ## Install
20
30
 
21
31
  ```bash
22
32
  npm install -g cool-workflow
23
33
  ```
24
34
 
25
- What you need: **Node.js v18+** (`node --version`) and one AI agent CLI on your machine
26
- (`claude`, `codex`, `gemini`, or `opencode`). No agent? `cw demo` still works — CW never runs a model itself.
35
+ <details>
36
+ <summary>Or install with <b>Homebrew</b></summary>
37
+
38
+ ```bash
39
+ brew tap coo1white/cool-workflow https://github.com/coo1white/cool-workflow
40
+ brew install coo1white/cool-workflow/cool-workflow
41
+ cw version
42
+ ```
27
43
 
28
- ## Quick Start (3 steps)
44
+ Upgrade later with `brew update && brew upgrade cool-workflow`.
45
+ </details>
29
46
 
30
- ### 1. Prove it works (30 seconds, no agent needed)
47
+ **You need:** Node.js v18+ and one agent CLI on your machine — `claude`, `codex`, `gemini`, or
48
+ `opencode` (all auto-detected). No agent yet? `cw demo` still works — **CW never runs a model itself.**
49
+
50
+ ## Quick Start
51
+
52
+ ### 1 · Prove it works — 30 seconds, no agent needed
31
53
 
32
54
  ```bash
33
55
  cw demo tamper
56
+ # → builds a real signed ledger, forges it three ways, catches all three offline
34
57
  # → VERDICT: tamper-evidence holds ✓
35
58
  ```
36
59
 
37
- ### 2. Ask a question your code, or any folder — one command
60
+ ### 2 · Ask a question about your code — one command
38
61
 
39
62
  ```bash
40
63
  cw -q "What are the main risks here?"
41
64
  ```
42
65
 
43
- CW auto-detects the repo (current folder) and your agent (first found on PATH).
44
- Pick a specific agent with a flag:
66
+ CW auto-detects the current repo and the first agent on your `PATH`. Pin a specific one with a flag
67
+ (`-claude`, `-codex`, `-gemini`, `-deepseek`). Point it anywhere — no `cd` required — or review a
68
+ **remote repo by URL** and CW clones, snapshots, and reviews the checkout:
45
69
 
46
70
  ```bash
47
- cw -q "What are the security risks?" -claude
48
- cw -q "What are the security risks?" -codex
49
- cw -q "What are the security risks?" -deepseek
71
+ cw -q "What are the security risks?" -dir /path/to/project
72
+ cw -q "What are the risks?" --link https://github.com/owner/repo
50
73
  ```
51
74
 
52
- `claude`, `codex`, `gemini`, and `opencode` are auto-detected on PATH (no flag needed);
53
- `-deepseek` picks the DeepSeek builtin — no env vars needed.
54
-
55
- **Not just code.** Point CW at a folder of docs, notes, or papers and it reads the files
56
- there as sources, then gives you the same saved, cited report:
75
+ **Not just code.** Aim CW at a folder of docs, notes, or papers and it reads them as sources for the
76
+ same saved, cited report:
57
77
 
58
78
  ```bash
59
79
  cw quickstart research-synthesis --repo /path/to/papers \
60
80
  --question "What do these papers conclude?"
61
81
  ```
62
82
 
63
- As the agent works you get a **calm, Claude-Code-style live view** — a compact rolling window that
64
- updates in place instead of an endless wall:
83
+ ### 3 · Open the report
65
84
 
66
- ```text
67
- ● Read(execution-backend.ts)
68
- ⎿ 910 lines
69
- ● Grep(spawnSync)
70
- ⎿ 17 matches
71
- ✶ Searching worker-isolation.ts… (3s)
72
- ```
73
-
74
- Each tool folds to a `● ToolName(arg)` line with a dim `⎿` result summary; older steps fold away (the
75
- window stays a few rows) and the worker collapses to one line when done. It's compact by default
76
- (reasoning hidden) — add `--verbose` for the full narration, `--full` to also print the report inline,
77
- or `--no-color` to drop ANSI (`NO_COLOR` / `FORCE_COLOR` are honored too). The complete narration +
78
- tool I/O is always saved to a per-worker `transcript.md` next to the result, and the cursor is
79
- restored cleanly on Ctrl-C.
80
-
81
- Review a project **from any directory** — no `cd` needed — by pointing at its folder
82
- (`-d` / `--dir` / `--repo` are equivalent):
83
-
84
- ```bash
85
- cw -q "What are the risks?" -dir /path/to/project
86
- ```
87
-
88
- Or review a **remote repo by URL** — CW clones it, then reviews the checkout (`-l` / `--link`,
89
- or pass the URL straight to `-dir`/`--repo`):
85
+ The command prints the path. Every finding carries a clickable `file.ts:42` pointer:
90
86
 
91
87
  ```bash
92
- cw -q "What are the risks?" --link https://github.com/owner/repo
93
- cw -q "What are the risks?" --link git@gitlab.com:owner/repo.git --ref v1.2.0
88
+ cat .cw/runs/<run-id>/report.md
94
89
  ```
95
90
 
96
- GitHub, GitLab, Bitbucket, self-hosted git, `ssh://`, and `file://` all work as do downloadable
97
- archives (`.tar.gz`/`.tgz`/`.tar`/`.zip`), fetched + extracted + snapshotted before review. The clone is cached
98
- under `~/.local/state/cool-workflow/clones/` and reused next time (`--refresh` re-fetches; `cw clones
99
- list`/`gc` manage it). The report records `Source: <url>@<commit>` plus a tamper-evident
100
- `source.clone` event (`cw audit verify`). A credential-less private repo **fails closed** — it never
101
- hangs on a prompt. Preview without fetching: `cw -q "…" --link <url> --check`.
91
+ While it runs you get a calm, Claude-Code-style live view a compact rolling window of tool calls
92
+ that updates in place instead of an endless wall and a clean findings table when it's done.
102
93
 
103
- CW's own phases tick by as it runs, then it prints a clean summary — a **compact findings table**
104
- (id / severity / classification, not the full prose), the report path, and where the per-worker
105
- transcripts live:
94
+ ---
106
95
 
107
- ```text
108
- ==> Map ✓ (6/6)
109
- ==> Verdict ✓
96
+ ## Why Cool Workflow
110
97
 
111
- Findings: 3 2×P1, 1×P2
98
+ Most agent tooling runs a whole task as one long prompt, then hands you a chat message. When the work
99
+ is long, parallel, or high-stakes, you can't tell what happened or trust the result. CW treats it as a
100
+ **runtime problem** — and rests on four commitments:
112
101
 
113
- Report: /path/to/project/.cw/runs/<run-id>/report.md
114
- ✓ Status: complete — 14/14
115
- Transcript: /path/to/project/.cw/runs/<run-id>/
116
- Next: cw report <run-id> --show
117
- ```
102
+ | Commitment | What it means for you |
103
+ |---|---|
104
+ | **Model as fuel, not engine** | CW never calls a model API. Execution is always delegated to your agent, so the backend is swappable and your credentials and code never leave your machine. |
105
+ | **Evidence-gated decisions** | Every adopted result records its **basis, authority, rationale, and the alternative it beat.** Missing evidence doesn't slip through — it fails closed to a visible `unexplained` state. |
106
+ | **Deterministic, local replay** | Every step is plain JSON under `.cw/runs/<id>/` — read it, diff it, resume it, replay it. No hidden database; the runtime never *guesses* success. |
107
+ | **Vendor-neutral by design** | One source-of-truth manifest generates every vendor adapter (Claude, Codex, …) over a shared CLI + MCP runtime, with a fail-closed drift check. No lock-in, no forked logic. |
118
108
 
119
- If something is off, the error names the next move (e.g. `Try: cw doctor`). With `--json`,
120
- stdout is pure data — all of this chrome goes to stderr (TTY only).
109
+ ## How It Works
121
110
 
122
- ### 3. Open the report
111
+ CW is a small TypeScript tool with **zero runtime dependencies**. It drives your agent over a repo — or
112
+ any folder — in saved, replayable stages, writing everything to disk as inspectable files. It never
113
+ imports a model SDK or stores an API key.
123
114
 
124
- The command prints the report path. For example:
115
+ <div align="center">
116
+ <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/cw-pipeline.png" alt="The CW pipeline: ask, plan, dispatch (delegated to your agent), verify (evidence gate, fails closed), commit verified state, and a saved, cited, signed report — every step recorded as durable .cw/ JSON." width="100%">
117
+ </div>
125
118
 
126
- ```bash
127
- cat .cw/runs/<run-id>/report.md
128
- # → findings with clickable file.ts:42 pointers for every claim
119
+ ```text
120
+ ask simple → run simple → verify simple → resume simple
129
121
  ```
130
122
 
131
- ## What Else Can It Do?
123
+ ## What You Can Run
124
+
125
+ | Workflow | What it produces |
126
+ |---|---|
127
+ | `architecture-review` | Map a repo, rank risks, and back every claim with `file:line` evidence |
128
+ | `pr-review-fix-ci` | Review a PR or branch, diagnose CI, and propose + verify fixes |
129
+ | `research-synthesis` | Answer a question over a local folder of files — your docs, notes, or papers |
130
+ | `release-cut` | Run a gated, reviewed release with dry-run evidence |
132
131
 
133
132
  ```bash
134
- cw version # show version
135
- cw update # update to latest release
136
- cw doctor # check your setup
137
- cw fix # show fix commands for setup issues
133
+ cw app list # see everything installed
134
+ cw doctor # check your setup → cw fix shows the fix commands
138
135
  ```
139
136
 
140
- | Workflow | Does |
141
- |---|---|
142
- | `architecture-review` | Map a repo, rank risks, back every claim with evidence |
143
- | `pr-review-fix-ci` | Review a pull request, suggest fixes, verify CI |
144
- | `research-synthesis` | Answer a question over a local folder of files — your own docs, notes, or papers, not only code |
145
- | `release-cut` | Run a gated, reviewed release |
146
-
147
- **Multi-agent, when you need it.** Fan work out across agents with built-in topologies,
148
- compose flows (a task can run a whole child workflow with `subWorkflow`, or a `loop()` phase
149
- can keep iterating until a predicate or a token budget says stop) — and re-run fast:
150
- `cw run <app> --drive --incremental` reuses every step whose inputs didn't change.
137
+ **Multi-agent, when you need it.** Fan work out across agents with built-in topologies, compose flows
138
+ (a task can run a whole child workflow with `subWorkflow`, or a `loop()` phase can iterate until a
139
+ predicate or token budget says stop), and re-run fast `cw run <app> --drive --incremental` reuses
140
+ every step whose inputs didn't change.
151
141
 
152
142
  <div align="center">
153
143
  <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/topologies.svg" alt="Built-in multi-agent topologies: map-reduce (fan out, fold in), debate (argue then draw a verdict), and judge-panel (N independent judges score one candidate)." width="92%">
154
144
  </div>
155
145
 
156
- CW also has an **MCP** surface — **Claude Desktop, Cursor, and VS Code call CW as a tool**, so
157
- your agent can plan a run, drive it, and verify a report without leaving the editor.
158
- See the [wiki](https://github.com/coo1white/cool-workflow/wiki).
159
-
160
- ## Can I Trust the Report?
146
+ ## Can You Trust the Report?
161
147
 
162
- CW does not run the AI model — it keeps the books. The agent signs its findings (ed25519), and
163
- `cw report verify-bundle` checks — offline, with nothing but the public key — that every signed
164
- finding is in the report **unaltered**: edit a finding, in the report or in the agent's own result,
165
- and the check fails. CW holds no private key the agent signs, CW only verifies.
148
+ CW doesn't run the model — it keeps the books. Your agent signs its findings (**ed25519**), and
149
+ `cw report verify-bundle` checks — **offline, with nothing but the public key** — that every signed
150
+ finding is in the report unaltered. Edit a finding, in the report or in the agent's own result, and the
151
+ check fails. CW holds no private key: the agent signs, CW only verifies.
166
152
 
167
153
  ```bash
168
- cw demo tamper # proves it in 30s — edits a signed result, watch it fail
169
- cw telemetry verify <run-id> # checks a real run
154
+ cw demo tamper # proves it in 30s — edits a signed result, watch it fail
155
+ cw -q "…" --bundle # seal a run into one portable file
156
+ cw report verify-bundle report.cwrun.json # anyone can re-check it offline, with just the file
170
157
  ```
171
158
 
172
- Give the report to another person they need nothing but the file:
159
+ This attests the agent's **signed findings**not that nothing else was added or that nothing was left
160
+ out. For exactly what is and isn't proven, see the **[Trust Model](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)**.
173
161
 
174
- ```bash
175
- cw -q "…" --bundle # seal into one portable file
176
- cw report verify-bundle report.cwrun.json # they check it offline
177
- cw report verify-bundle report.cwrun.json \
178
- --require-signatures # …and insist the findings are signed
179
- ```
162
+ ## Use It From Your Editor
180
163
 
181
- This attests the agent's **signed findings** — not that the report holds nothing else, and not that
182
- none were left out. CW has no key to sign the rendered report, and a determined re-chainer can drop a
183
- signed finding entirely so check the findings you act on against the signed results. For exactly
184
- what is and is not proven, see the [Trust Model](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md).
164
+ CW exposes the same runtime over **MCP****Claude Desktop, Cursor, and VS Code call CW as a tool**, so
165
+ your agent can plan a run, drive it, and verify a report without leaving the editor. CLI and MCP share
166
+ one registry and are parity-checked. See the **[Wiki](https://github.com/coo1white/cool-workflow/wiki)**.
185
167
 
186
168
  ## Troubleshooting
187
169
 
188
170
  | Problem | Fix |
189
171
  |---|---|
190
- | No agent found | Run `cw doctor` — it shows which agents are on your machine |
172
+ | No agent found | `cw doctor` — shows which agents are on your machine |
191
173
  | `status: blocked` | Set `CW_AGENT_COMMAND=builtin:claude` or pass `-claude` |
192
174
  | `claude: command not found` | Install Claude Code and run again |
193
175
  | Where is my report? | `<repo>/.cw/runs/<id>/report.md` |
194
- | Need the old README? | See [docs/readme-v0.1.87-full.md](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/readme-v0.1.87-full.md) |
195
176
 
196
- ## How It Works
197
-
198
- CW is a small TypeScript tool with zero runtime deps. It drives your agent over a repo, or any
199
- folder of files, in saved, replayable stages — it plans the work, dispatches each task to your agent, records and
200
- verifies every result, then commits and renders the report — writing everything to disk as
201
- inspectable files. It never imports a model SDK or stores an API key.
202
-
203
- <div align="center">
204
- <img src="https://raw.githubusercontent.com/coo1white/cool-workflow/main/docs/assets/pipeline.svg" alt="The CW pipeline: ask, plan, dispatch (fanning out to parallel agents), verify, commit, ending in a saved report.md with a clickable file.ts:42 citation. CW keeps the books; it never runs the model itself." width="100%">
205
- </div>
177
+ ## Docs & Wiki
206
178
 
207
- `ask simple run simple verify simple resume simple`
179
+ New here? Start with the **[Wiki](https://github.com/coo1white/cool-workflow/wiki)**
180
+ [Getting Started](https://github.com/coo1white/cool-workflow/wiki/Getting-Started) ·
181
+ [Mental Model](https://github.com/coo1white/cool-workflow/wiki/Mental-Model) ·
182
+ [Glossary](https://github.com/coo1white/cool-workflow/wiki/Glossary) ·
183
+ [Trust & Audit](https://github.com/coo1white/cool-workflow/wiki/Trust-And-Audit)
208
184
 
209
- For the full API, multi-agent topologies, execution backends, and the CLI/MCP surface,
210
- see the [wiki](https://github.com/coo1white/cool-workflow/wiki).
185
+ Building on CW? See the [Getting Started doc](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/getting-started.md),
186
+ [Project Index](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/project-index.md), and
187
+ [CLI ↔ MCP Parity](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/cli-mcp-parity.7.md).
211
188
 
212
- CW dogfoods its own release process — every cut runs the `release-cut` workflow against this
213
- repo. See the [full README](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/readme-v0.1.87-full.md) for the
214
- pre-v0.1.87 reference.
189
+ CW dogfoods its own release process — every cut runs the `release-cut` workflow against this repo.
215
190
 
216
191
  ## License
217
192
 
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review",
4
4
  "title": "Architecture Review",
5
5
  "summary": "Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "architecture-review-fast",
4
4
  "title": "Architecture Review Fast",
5
5
  "summary": "Run a shorter architecture review with parallel map and assess phases for faster first results.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -100,7 +100,14 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
100
100
  "Confirm real risks, downgrade unsupported claims, and list exact file paths, commands, logs, or unknowns.",
101
101
  "The cw:result evidence array must cite durable locators."
102
102
  ].join(" "),
103
- strongOptions("Evidence verifier", { requiresEvidence: true })
103
+ strongOptions("Evidence verifier", {
104
+ requiresEvidence: true,
105
+ // Cache the (expensive, ~146s live) verification by source digest +
106
+ // ALL upstream phase result digests. A hit only when source AND every
107
+ // Map/Assess output are byte-identical; the cached result still passes
108
+ // worker-output validation (requiresEvidence stays enforced).
109
+ resultCache: sourceContextResultCache({ includeCompletedResults: "previous-phases" })
110
+ })
104
111
  )
105
112
  ]),
106
113
  phase("Verdict", [
@@ -113,7 +120,13 @@ module.exports = ({ workflow, phase, parallel, agent, artifact, input }) => {
113
120
  "State when the full architecture-review app should be scheduled as a background routine.",
114
121
  "The cw:result evidence array must support the final verdict."
115
122
  ].join(" "),
116
- strongOptions("Fast verdict synthesizer", { requiresEvidence: true })
123
+ strongOptions("Fast verdict synthesizer", {
124
+ requiresEvidence: true,
125
+ // Cache the (~294s live, largest phase) synthesis by source digest +
126
+ // all upstream (Map/Assess/Verify) result digests. Busts on any
127
+ // upstream change; cached verdict re-passes evidence validation.
128
+ resultCache: sourceContextResultCache({ includeCompletedResults: "previous-phases" })
129
+ })
117
130
  )
118
131
  ])
119
132
  ]
@@ -3,7 +3,7 @@
3
3
  "id": "end-to-end-golden-path",
4
4
  "title": "End-to-End Golden Path",
5
5
  "summary": "Deterministic one-worker workflow app for proving the CW integration chain.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "pr-review-fix-ci",
4
4
  "title": "PR Review Fix CI",
5
5
  "summary": "Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "release-cut",
4
4
  "title": "Release Cut",
5
5
  "summary": "Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -3,7 +3,7 @@
3
3
  "id": "research-synthesis",
4
4
  "title": "Research Synthesis",
5
5
  "summary": "Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer.",
6
- "version": "0.1.92",
6
+ "version": "0.1.94",
7
7
  "author": "COOLWHITE LLC",
8
8
  "inputs": [
9
9
  {
@@ -40,6 +40,7 @@ exports.runExportArchive = runExportArchive;
40
40
  exports.runImportArchive = runImportArchive;
41
41
  exports.runInspectArchive = runInspectArchive;
42
42
  exports.runVerifyImport = runVerifyImport;
43
+ exports.runRestoreArchive = runRestoreArchive;
43
44
  exports.reportBundle = reportBundle;
44
45
  exports.runVerifyReportBundle = runVerifyReportBundle;
45
46
  exports.queueAdd = queueAdd;
@@ -313,6 +314,52 @@ function runInspectArchive(_runner, args) {
313
314
  function runVerifyImport(runner, runId, args) {
314
315
  return (0, run_export_1.verifyImportedRun)(runner.withBaseDir(optionalString(args.cwd)).loadRun(runId));
315
316
  }
317
+ // Fail-closed atomic restore of a portable run archive. `run import` runs a
318
+ // verification (importRun returns it as ImportResult.verification) but does NOT
319
+ // fail on it — it exits 0 even when the telemetry-ledger or trust-audit hash chain
320
+ // does not verify, so a chain-tampered run imports with a fabricated success.
321
+ // `run restore` closes that gap in ONE step: it integrity-INSPECTS the archive
322
+ // FIRST (writing nothing), refuses a bad bundle before any import, then IMPORTS
323
+ // and REUSES importRun's verification verdict — reporting ok:true ONLY when verify
324
+ // passes. Pure composition of the existing functions (inspectArchive + importRun,
325
+ // whose own verification we reuse); no new crypto or IO logic, and no second
326
+ // re-hash. The CLI/MCP surfaces map ok:false to exit 1.
327
+ function runRestoreArchive(runner, args) {
328
+ const base = invocationCwd(args);
329
+ const archive = optionalString(args.archive || args.path || args.file);
330
+ if (!archive)
331
+ throw new Error("run restore requires an archive path (positional, --archive, --path, or --file)");
332
+ const resolvedArchive = node_path_1.default.resolve(base, archive);
333
+ const target = node_path_1.default.resolve(base, optionalString(args.target || args.repo || args.cwd) || base);
334
+ // (1) Integrity-inspect FIRST — read-only, writes nothing. A bad bundle is
335
+ // refused here, before any import touches the target tree (no partial restore).
336
+ const inspect = (0, run_export_1.inspectArchive)(resolvedArchive);
337
+ if (!inspect.ok) {
338
+ return { schemaVersion: 1, ok: false, target, inspect, imported: null, verify: null, registry: null };
339
+ }
340
+ // (2) Intact: import + refresh the target registry (mirrors runImportArchive).
341
+ const imported = (0, run_export_1.importRun)(resolvedArchive, target);
342
+ const registry = new run_registry_1.RunRegistry(target, runner.withBaseDir(target));
343
+ const registryReport = registry.refresh({ scope: "repo" });
344
+ // (3) REUSE the verification importRun already ran — it re-proves the same
345
+ // restored files PLUS the telemetry-ledger and trust-audit hash chains, but
346
+ // returns the verdict WITHOUT throwing. We do NOT re-run verifyImportedRun (that
347
+ // would re-hash every file a second time for no new information). The gap restore
348
+ // closes is exactly that `run import` ships this verdict and exits 0 even when it
349
+ // is false — restore fails-closed on it below (CLI maps ok:false → exit 1).
350
+ const verify = imported.verification;
351
+ return {
352
+ schemaVersion: 1,
353
+ // inspect.ok is guaranteed true here — the corrupt-archive case early-returned
354
+ // above — so the verdict is purely verify.ok (the telemetry/trust-audit chain).
355
+ ok: verify.ok,
356
+ target,
357
+ inspect,
358
+ imported: { ...imported, registry: registryReport },
359
+ verify,
360
+ registry: registryReport
361
+ };
362
+ }
316
363
  // Produce-and-prove: export a run to a portable bundle sealed with the operator's
317
364
  // trust key (defaulting to CW_AGENT_ATTEST_PUBKEY, same as `run export`), then
318
365
  // IMMEDIATELY verify the artifact offline the way a recipient will. The producer
@@ -395,6 +395,7 @@ const BUILTIN_CAPABILITIES = [
395
395
  { capability: "run.import", summary: "Restore a portable run archive into a target repo and verify restored file digests.", entry: "runImportArchive", surface: "both", cli: { path: ["run", "import"], jsonMode: "default" }, mcp: { tool: "cw_run_import", requiredArgs: ["archive|path|file"] } },
396
396
  { capability: "run.verify-import", summary: "Verify an imported run against its restore manifest and telemetry chain.", entry: "runVerifyImport", surface: "both", cli: { path: ["run", "verify-import"], jsonMode: "default" }, mcp: { tool: "cw_run_verify_import", requiredArgs: ["runId"] } },
397
397
  { capability: "run.inspect-archive", summary: "Read-only integrity inspection of a portable run archive without importing it.", entry: "runInspectArchive", surface: "both", cli: { path: ["run", "inspect-archive"], jsonMode: "default" }, mcp: { tool: "cw_run_inspect_archive", requiredArgs: ["archive|path|file"] } },
398
+ { capability: "run.restore", summary: "Fail-closed restore of a portable run archive: integrity-inspect, import, and verify in one step; refuses anything that does not verify.", entry: "runRestoreArchive", surface: "both", cli: { path: ["run", "restore"], jsonMode: "default" }, mcp: { tool: "cw_run_restore", requiredArgs: ["archive|path|file"] } },
398
399
  { capability: "report.verify-bundle", summary: "Offline self-contained verify of a portable run bundle: archive bytes + telemetry chain + trust-audit chain + embedded-key signatures.", entry: "runVerifyReportBundle", surface: "both", cli: { path: ["report", "verify-bundle"], caseTokens: ["report"], jsonMode: "default" }, mcp: { tool: "cw_report_verify_bundle", requiredArgs: ["archive|path|file|bundle"] } },
399
400
  { capability: "report.bundle", summary: "Produce-and-prove: export a run to a portable bundle sealed with the trust key, then self-verify it offline (fail-closed) so the producer knows it is verifiable before shipping.", entry: "reportBundle", surface: "both", cli: { path: ["report", "bundle"], caseTokens: ["report"], jsonMode: "default" }, mcp: { tool: "cw_report_bundle", requiredArgs: ["runId"] } },
400
401
  { capability: "run.drive", summary: "Preview the next agent-delegation drive step for a run (read-only, deterministic).", entry: "runDrivePreview", surface: "both", cli: { path: ["run", "drive"], caseTokens: ["run", "drive"], jsonMode: "default" }, mcp: { tool: "cw_run_drive" } },
@@ -655,6 +656,7 @@ const PAYLOAD_PROBE_DEFERRED_GROUPS = [
655
656
  "run.import",
656
657
  "run.verify-import",
657
658
  "run.inspect-archive",
659
+ "run.restore",
658
660
  "report.verify-bundle",
659
661
  "report.bundle",
660
662
  "queue.add",