cool-workflow 0.1.94 → 0.1.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +4 -0
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review/workflow.js +3 -3
  6. package/apps/architecture-review-fast/app.json +1 -1
  7. package/apps/end-to-end-golden-path/app.json +1 -1
  8. package/apps/pdca-blackboard-loop/app.json +45 -0
  9. package/apps/pdca-blackboard-loop/workflow.js +59 -0
  10. package/apps/pr-review-fix-ci/app.json +1 -1
  11. package/apps/release-cut/app.json +1 -1
  12. package/apps/research-synthesis/app.json +1 -1
  13. package/dist/agent-config.js +2 -1
  14. package/dist/cli/command-surface.js +3 -1
  15. package/dist/dispatch.js +12 -6
  16. package/dist/evidence-grounding.js +18 -13
  17. package/dist/execution-backend/probes.js +22 -6
  18. package/dist/execution-backend.js +37 -4
  19. package/dist/node-snapshot.js +3 -3
  20. package/dist/orchestrator/lifecycle-operations.js +13 -5
  21. package/dist/orchestrator.js +28 -2
  22. package/dist/reclamation.js +8 -2
  23. package/dist/run-registry/derive.js +4 -1
  24. package/dist/scheduler.js +14 -14
  25. package/dist/schema-validate.js +8 -2
  26. package/dist/state-explosion/helpers.js +4 -21
  27. package/dist/state-explosion/size.js +63 -0
  28. package/dist/state-explosion.js +18 -71
  29. package/dist/state.js +47 -9
  30. package/dist/trust-audit.js +27 -2
  31. package/dist/util/fingerprint.js +19 -0
  32. package/dist/util/fingerprint.test.js +27 -0
  33. package/dist/version.js +1 -1
  34. package/dist/workbench-host.js +11 -0
  35. package/dist/workbench.js +19 -17
  36. package/dist/worker-isolation.js +25 -1
  37. package/docs/agent-delegation-drive.7.md +66 -1
  38. package/docs/cli-mcp-parity.7.md +4 -0
  39. package/docs/contract-migration-tooling.7.md +4 -0
  40. package/docs/control-plane-scheduling.7.md +4 -0
  41. package/docs/durable-state-and-locking.7.md +4 -0
  42. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  43. package/docs/execution-backends.7.md +4 -0
  44. package/docs/multi-agent-cli-mcp-surface.7.md +12 -0
  45. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  46. package/docs/multi-agent-operator-ux.7.md +4 -0
  47. package/docs/node-snapshot-diff-replay.7.md +4 -0
  48. package/docs/observability-cost-accounting.7.md +4 -0
  49. package/docs/project-index.md +11 -4
  50. package/docs/real-execution-backends.7.md +4 -0
  51. package/docs/release-and-migration.7.md +4 -0
  52. package/docs/release-tooling.7.md +20 -0
  53. package/docs/routines.md +30 -0
  54. package/docs/run-registry-control-plane.7.md +4 -0
  55. package/docs/run-retention-reclamation.7.md +4 -0
  56. package/docs/sandbox-profiles.7.md +15 -0
  57. package/docs/state-explosion-management.7.md +4 -0
  58. package/docs/team-collaboration.7.md +4 -0
  59. package/docs/web-desktop-workbench.7.md +4 -0
  60. package/manifest/plugin.manifest.json +1 -1
  61. package/package.json +8 -5
  62. package/scripts/agents/agent-adapter-core.js +22 -1
  63. package/scripts/agents/claude-p-agent.js +10 -2
  64. package/scripts/agents/codex-agent.js +22 -2
  65. package/scripts/agents/gemini-agent.js +10 -2
  66. package/scripts/agents/opencode-agent.js +10 -2
  67. package/scripts/bump-version.js +10 -0
  68. package/scripts/canonical-apps.js +4 -4
  69. package/scripts/dogfood-release.js +1 -1
  70. package/scripts/golden-path.js +4 -4
  71. package/scripts/release-check.js +7 -1
  72. package/scripts/release-flow.js +44 -3
  73. package/scripts/release-gate.sh +1 -1
  74. package/scripts/version-sync-check.js +2 -0
package/dist/workbench.js CHANGED
@@ -110,23 +110,25 @@ function buildPanels(runner, runId) {
110
110
  * never fabricated. */
111
111
  function buildWorkbenchRunView(runner, runId) {
112
112
  const id = String(runId || "");
113
- let resolved = true;
114
- let error;
115
- try {
116
- runner.loadRun(id);
117
- }
118
- catch (caught) {
119
- resolved = false;
120
- error = caught instanceof Error ? caught.message : String(caught);
121
- }
122
- return {
123
- schemaVersion: 1,
124
- surface: "workbench",
125
- runId: id,
126
- resolved,
127
- ...(error ? { error } : {}),
128
- panels: buildPanels(runner, id)
129
- };
113
+ return runner.loadWithCache((r) => {
114
+ let resolved = true;
115
+ let error;
116
+ try {
117
+ r.loadRun(id);
118
+ }
119
+ catch (caught) {
120
+ resolved = false;
121
+ error = caught instanceof Error ? caught.message : String(caught);
122
+ }
123
+ return {
124
+ schemaVersion: 1,
125
+ surface: "workbench",
126
+ runId: id,
127
+ resolved,
128
+ ...(error ? { error } : {}),
129
+ panels: buildPanels(r, id)
130
+ };
131
+ });
130
132
  }
131
133
  // ---------------------------------------------------------------------------
132
134
  // Cross-run entry (v0.1.28 Run Registry) — composed from already-declared
@@ -393,7 +393,31 @@ function recordWorkerRetryAttempt(run, workerId, attempts, reason, options = {})
393
393
  function validateWorkerBoundary(run, workerId, options = {}) {
394
394
  const scope = requireWorkerScope(run, workerId);
395
395
  const rawPath = String(options.path || scope.resultPath);
396
- return (0, sandbox_profile_1.validateSandboxWrite)(sandboxPolicyForBoundary(run, scope, options), rawPath, workerId);
396
+ const policy = sandboxPolicyForBoundary(run, scope, options);
397
+ const violation = (0, sandbox_profile_1.validateSandboxWrite)(policy, rawPath, workerId);
398
+ if (!violation) {
399
+ // Write paths are enforced by CW at this boundary. Command and network limits
400
+ // are declared in the sandbox policy but enforced by the execution backend
401
+ // (the host/container runtime). Record the policy split transparently so the
402
+ // audit trail shows what CW checked vs what was delegated to the host.
403
+ (0, trust_audit_1.recordTrustAuditEvent)(run, {
404
+ kind: "worker.sandbox-boundary",
405
+ decision: "allowed",
406
+ source: "cw-validated",
407
+ workerId,
408
+ taskId: scope.taskId,
409
+ sandboxProfileId: policy.id,
410
+ policyRef: `execute=${policy.execute.mode} network=${policy.network.mode} env.inherit=${policy.env.inherit}`,
411
+ command: policy.execute.mode,
412
+ networkTarget: policy.network.mode,
413
+ metadata: {
414
+ enforced_by_cw: ["write-paths"],
415
+ delegated_to_host: ["execute", "network", "env"],
416
+ env_inherit: policy.env.inherit
417
+ }
418
+ });
419
+ }
420
+ return violation;
397
421
  }
398
422
  function summarizeWorkers(run) {
399
423
  const workers = listWorkerScopes(run);
@@ -27,6 +27,52 @@ HTTP API. Any API key comes from the agent's *own* inherited env; CW never reads
27
27
  or keeps a record of it. Adding a provider SDK to `package.json` would lose the
28
28
  neutral-audit moat and is the red line.
29
29
 
30
+ ## Architecture — the boundary (core ↔ agent backend ↔ wrappers)
31
+
32
+ The core gives only an INTERFACE: the `agent` execution backend plus a small
33
+ text/process contract. The four vendors (claude / codex / gemini / deepseek)
34
+ live OUTSIDE the core as out-of-process wrapper scripts in `scripts/agents/` —
35
+ pure config, never imported by `src/`, behind the same seam.
36
+
37
+ ```text
38
+ user
39
+ │ cw -q "…" -codex (headline shortcut; also -claude/-gemini/-deepseek)
40
+
41
+ ┌──────────── CW core (src/ — zero runtime deps, imports NO model SDK, holds NO key) ───────────┐
42
+ │ │
43
+ │ command-surface.ts agent-config.ts execution-backend ("agent" driver) │
44
+ │ -codex → builtin:codex ─► builtin:<name> ─► runAgentProcess: │
45
+ │ node <dir>/<name>-agent.js spawnSync(binary, args, shell:false)│
46
+ │ {{input}} {{result}} · inherits env · captures stdout │
47
+ │ (builtin-templates.json: DATA) · records handle{process}+attestation│
48
+ └───────────────────────────────────────┬───────────────────────────────────────────────────────┘
49
+ THE SEAM (text / process contract) │
50
+ in : argv {{input}}=worker input.md {{result}}=worker result.md
51
+ out: wrapper writes result.md + ONE stdout JSON line {model,usage,result} → parseAgentReport
52
+
53
+ ── red line ── core never reads a key; each wrapper resolves its OWN key from inherited env
54
+
55
+ ┌──────── external wrappers (scripts/agents/*.js — "CONFIG, not a CW runtime dependency") ───────┐
56
+ │ claude-p-agent.js codex-agent.js gemini-opencode-agent.js deepseek-agent.js │
57
+ │ │ │ └──────────┬──────────────┘ │
58
+ │ ▼ ▼ ▼ (3-line shims) │
59
+ │ claude -p codex exec opencode-agent.js │
60
+ │ (Anthropic CLI) (-c effort, sandbox) opencode run --model … │
61
+ │ (deepseek + gemini keys live here) │
62
+ └─────────────────────────────────────────────────────────────────────────────────────────────────┘
63
+ Add a vendor = drop a wrapper script + one line in builtin-templates.json — NO core edit.
64
+ ```
65
+
66
+ Each box maps to one source seam: the flag map lives in `command-surface.ts`
67
+ (`-codex` → `builtin:codex`); `agent-config.ts` expands `builtin:<name>` into
68
+ `node <dir>/<name>-agent.js {{input}} {{result}}` by reading
69
+ `builtin-templates.json` (the registry is DATA, not a kernel literal); the
70
+ `agent` driver's `runAgentProcess` does the `spawnSync` and reads back the one
71
+ stdout JSON line via `parseAgentReport`. So the four vendors are **delegated
72
+ agent wrappers, not an event-"hook" system**. The seam is generic: any
73
+ `CW_AGENT_COMMAND="node my-agent.js {{input}} {{result}}"` or a configured HTTP
74
+ endpoint plugs in the same way — the four builtins are just bundled examples.
75
+
30
76
  ## Operator-chosen model is policy; agent-reported model is the attestation
31
77
 
32
78
  Any model id CW passes **into** the agent invocation (`CW_AGENT_MODEL`
@@ -250,7 +296,22 @@ The built-in templates are:
250
296
  claude and codex run their own CLIs; gemini and deepseek route through opencode
251
297
  (where their keys live), each proven by a local, deterministic wrapper smoke
252
298
  (override the model with CW_GEMINI_MODEL / CW_DEEPSEEK_MODEL). GLM stays an
253
- external agent command or HTTP endpoint. CW still imports no model SDK.
299
+ external agent command or HTTP endpoint. CW still imports no model SDK. The same
300
+ headline shortcuts pick these builtins on the top-level CLI: `cw -q "..."
301
+ -claude` / `-codex` / `-gemini` / `-deepseek`.
302
+
303
+ The codex wrapper caps codex's reasoning effort for CW runs so a heavy
304
+ `model_reasoning_effort = "high"` in the user's `~/.codex/config.toml` does not
305
+ make every read/grep turn slow. It passes `codex exec -c
306
+ model_reasoning_effort=<effort>` (default `low`) for THAT run only — the user's
307
+ interactive codex is untouched. Raise it with `CW_CODEX_REASONING_EFFORT`
308
+ (`low` | `medium` | `high`).
309
+
310
+ When an agent hop fails, CW core keeps only the child's stdout + exit code, so a
311
+ bare `failed (exit 1)` hid the real cause (a relay 5xx, an auth error, a killed
312
+ run). Each wrapper now also drops the failed child's stderr to
313
+ `<run>/workers/<worker>/logs/agent-stderr.log`, so the reason is readable after
314
+ the fact without changing the recorded, byte-stable evidence.
254
315
 
255
316
  ## Compatibility
256
317
 
@@ -344,3 +405,7 @@ The one-command `cw -q` headline now routes the question and defaults the repo t
344
405
  0.1.93
345
406
 
346
407
  0.1.94
408
+
409
+ 0.1.95
410
+
411
+ 0.1.96
@@ -547,3 +547,7 @@ CLI golden-path fixes: `cw -q "…"` routes the question (was read as an app id
547
547
  0.1.93
548
548
 
549
549
  0.1.94
550
+
551
+ 0.1.95
552
+
553
+ 0.1.96
@@ -165,3 +165,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
165
165
  0.1.93
166
166
 
167
167
  0.1.94
168
+
169
+ 0.1.95
170
+
171
+ 0.1.96
@@ -149,3 +149,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
149
149
  0.1.93
150
150
 
151
151
  0.1.94
152
+
153
+ 0.1.95
154
+
155
+ 0.1.96
@@ -148,3 +148,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
148
148
  0.1.93
149
149
 
150
150
  0.1.94
151
+
152
+ 0.1.95
153
+
154
+ 0.1.96
@@ -309,3 +309,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
309
309
  0.1.93
310
310
 
311
311
  0.1.94
312
+
313
+ 0.1.95
314
+
315
+ 0.1.96
@@ -339,3 +339,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
339
339
  0.1.93
340
340
 
341
341
  0.1.94
342
+
343
+ 0.1.95
344
+
345
+ 0.1.96
@@ -129,6 +129,14 @@ The host surface fails closed when:
129
129
  - selection is missing a score or verifier readiness
130
130
  - a verifier-gated commit is not ready
131
131
 
132
+ ## PDCA Blackboard Loop
133
+
134
+ `pdca-blackboard-loop` is a small workflow app for three-role work over one
135
+ blackboard: planner, builder, and auditor. The host can plan the app, post each
136
+ role result to one board topic through MCP, snapshot after the check step, and
137
+ snapshot again after the next action. Builder, auditor, and next-action tasks
138
+ require grounded evidence, so a verdict with no builder evidence is refused.
139
+
132
140
  ## Smoke Coverage
133
141
 
134
142
  `test/multi-agent-cli-mcp-surface-smoke.js` covers the full host loop over the
@@ -307,3 +315,7 @@ The host-facing surface tracks the CLI golden-path fixes (`cw -q` routing + repo
307
315
  0.1.93
308
316
 
309
317
  0.1.94
318
+
319
+ 0.1.95
320
+
321
+ 0.1.96
@@ -341,3 +341,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
341
341
  0.1.93
342
342
 
343
343
  0.1.94
344
+
345
+ 0.1.95
346
+
347
+ 0.1.96
@@ -353,3 +353,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
353
353
  0.1.93
354
354
 
355
355
  0.1.94
356
+
357
+ 0.1.95
358
+
359
+ 0.1.96
@@ -174,3 +174,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
174
174
  0.1.93
175
175
 
176
176
  0.1.94
177
+
178
+ 0.1.95
179
+
180
+ 0.1.96
@@ -233,3 +233,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
233
233
  0.1.93
234
234
 
235
235
  0.1.94
236
+
237
+ 0.1.95
238
+
239
+ 0.1.96
@@ -1,15 +1,15 @@
1
1
  # Cool Workflow Project Index
2
2
 
3
- Generated from the current repository code on 2026-06-26 by `npm run sync:project-index`.
3
+ Generated from the current repository code on 2026-06-28 by `npm run sync:project-index`.
4
4
 
5
5
  ## Snapshot
6
6
 
7
7
  - Package: `cool-workflow`
8
- - Version: `0.1.94`
8
+ - Version: `0.1.96`
9
9
  - Source modules: `68`
10
- - Workflow apps: `7`
10
+ - Workflow apps: `8`
11
11
  - Docs: `53`
12
- - Smoke tests: `152`
12
+ - Smoke tests: `158`
13
13
  - Repository: https://github.com/coo1white/cool-workflow
14
14
 
15
15
  ## Architecture
@@ -128,6 +128,7 @@ multi-agent host -> topology -> blackboard/coordinator
128
128
  | `architecture-review` - Map a repository architecture, assess risks, verify important findings, and synthesize an evidence-backed verdict. | canonical | `repo`, `question`, `invariant`, `focus` | `readonly` | [manifest](../apps/architecture-review/app.json) / [workflow](../apps/architecture-review/workflow.js) |
129
129
  | `architecture-review-fast` - Run a shorter architecture review with parallel map and assess phases for faster first results. | canonical | `repo`, `question`, `invariant`, `focus`, `sourceContext`, `sourceContextDigest` | `readonly` | [manifest](../apps/architecture-review-fast/app.json) / [workflow](../apps/architecture-review-fast/workflow.js) |
130
130
  | `end-to-end-golden-path` - Deterministic one-worker workflow app for proving the CW integration chain. | userland | `question` | `readonly` | [manifest](../apps/end-to-end-golden-path/app.json) / [workflow](../apps/end-to-end-golden-path/workflow.js) |
131
+ | `pdca-blackboard-loop` - Three agents use one blackboard to plan, build, check, and choose the next step. | example | `goal`, `repo`, `acceptance` | `readonly`, `workspace-write` | [manifest](../apps/pdca-blackboard-loop/app.json) / [workflow](../apps/pdca-blackboard-loop/workflow.js) |
131
132
  | `pr-review-fix-ci` - Review a pull request or branch, inspect CI failures, diagnose actionable issues, optionally patch, verify, and summarize with evidence. | canonical | `repo`, `pr`, `branch`, `base`, `ci`, `mode` | `readonly`, `workspace-write` | [manifest](../apps/pr-review-fix-ci/app.json) / [workflow](../apps/pr-review-fix-ci/workflow.js) |
132
133
  | `release-cut` - Prepare a release with checklist discipline: version checks, changelog, tests, packaging, release notes, and final verification. | canonical | `repo`, `version`, `previousVersion`, `releaseBranch`, `dryRun` | `readonly`, `workspace-write` | [manifest](../apps/release-cut/app.json) / [workflow](../apps/release-cut/workflow.js) |
133
134
  | `research-synthesis` - Split a research question into claims, investigate sources, cross-check evidence, verify claims, and synthesize a concise answer. | canonical | `question`, `source`, `scope`, `freshness` | `readonly`, `locked-down` | [manifest](../apps/research-synthesis/app.json) / [workflow](../apps/research-synthesis/workflow.js) |
@@ -193,6 +194,7 @@ multi-agent host -> topology -> blackboard/coordinator
193
194
 
194
195
  Smoke tests mirror the public contracts. The high-signal suites are:
195
196
 
197
+ - [agent-config-atomic-write-smoke.js](../test/agent-config-atomic-write-smoke.js)
196
198
  - [agent-delegation-drive-smoke.js](../test/agent-delegation-drive-smoke.js)
197
199
  - [append-run-node-no-realloc-smoke.js](../test/append-run-node-no-realloc-smoke.js)
198
200
  - [architecture-review-fast-automation-smoke.js](../test/architecture-review-fast-automation-smoke.js)
@@ -223,6 +225,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
223
225
  - [cli-render-smoke.js](../test/cli-render-smoke.js)
224
226
  - [clones-gc-smoke.js](../test/clones-gc-smoke.js)
225
227
  - [codex-agent-wrapper-smoke.js](../test/codex-agent-wrapper-smoke.js)
228
+ - [collaboration-ops-unit-smoke.js](../test/collaboration-ops-unit-smoke.js)
226
229
  - [concurrency-default-smoke.js](../test/concurrency-default-smoke.js)
227
230
  - [concurrent-failure-semantics-smoke.js](../test/concurrent-failure-semantics-smoke.js)
228
231
  - [concurrent-workflow-dsl-smoke.js](../test/concurrent-workflow-dsl-smoke.js)
@@ -247,6 +250,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
247
250
  - [execution-backend-agent-smoke.js](../test/execution-backend-agent-smoke.js)
248
251
  - [execution-backend-ci-smoke.js](../test/execution-backend-ci-smoke.js)
249
252
  - [execution-backends-smoke.js](../test/execution-backends-smoke.js)
253
+ - [feedback-ops-unit-smoke.js](../test/feedback-ops-unit-smoke.js)
250
254
  - [freebsd-audit-fixes-smoke.js](../test/freebsd-audit-fixes-smoke.js)
251
255
  - [gemini-agent-wrapper-smoke.js](../test/gemini-agent-wrapper-smoke.js)
252
256
  - [gemini-opencode-agent-wrapper-smoke.js](../test/gemini-opencode-agent-wrapper-smoke.js)
@@ -256,6 +260,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
256
260
  - [loop-bounded-expansion-smoke.js](../test/loop-bounded-expansion-smoke.js)
257
261
  - [mcp-app-surface-smoke.js](../test/mcp-app-surface-smoke.js)
258
262
  - [mcp-surface-registry-smoke.js](../test/mcp-surface-registry-smoke.js)
263
+ - [mcp-tool-call-coverage-smoke.js](../test/mcp-tool-call-coverage-smoke.js)
259
264
  - [multi-agent-cli-mcp-surface-smoke.js](../test/multi-agent-cli-mcp-surface-smoke.js)
260
265
  - [multi-agent-eval-determinism-regression-smoke.js](../test/multi-agent-eval-determinism-regression-smoke.js)
261
266
  - [multi-agent-eval-replay-harness-smoke.js](../test/multi-agent-eval-replay-harness-smoke.js)
@@ -277,6 +282,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
277
282
  - [operator-ux-smoke.js](../test/operator-ux-smoke.js)
278
283
  - [parallel-onramp-smoke.js](../test/parallel-onramp-smoke.js)
279
284
  - [parity-doc-sync-smoke.js](../test/parity-doc-sync-smoke.js)
285
+ - [pdca-blackboard-loop-smoke.js](../test/pdca-blackboard-loop-smoke.js)
280
286
  - [pii-redaction-smoke.js](../test/pii-redaction-smoke.js)
281
287
  - [pipeline-auto-advance-smoke.js](../test/pipeline-auto-advance-smoke.js)
282
288
  - [pipeline-runner-smoke.js](../test/pipeline-runner-smoke.js)
@@ -291,6 +297,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
291
297
  - [readme-trust-claim-smoke.js](../test/readme-trust-claim-smoke.js)
292
298
  - [real-execution-backends-smoke.js](../test/real-execution-backends-smoke.js)
293
299
  - [registry-corrupt-fail-closed-smoke.js](../test/registry-corrupt-fail-closed-smoke.js)
300
+ - [release-check-skip-smoke.js](../test/release-check-skip-smoke.js)
294
301
  - [release-flow-smoke.js](../test/release-flow-smoke.js)
295
302
  - [release-gate-smoke.js](../test/release-gate-smoke.js)
296
303
  - [release-tooling-smoke.js](../test/release-tooling-smoke.js)
@@ -181,3 +181,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
181
181
  0.1.93
182
182
 
183
183
  0.1.94
184
+
185
+ 0.1.95
186
+
187
+ 0.1.96
@@ -321,3 +321,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
321
321
  0.1.93
322
322
 
323
323
  0.1.94
324
+
325
+ 0.1.95
326
+
327
+ 0.1.96
@@ -85,6 +85,22 @@ The dogfood release smoke and the architecture-review dogfood smoke are separate
85
85
  test files. The split keeps the same release and agent-drive proof, but lets
86
86
  `test:ci` schedule the two long checks in parallel.
87
87
 
88
+ ## PR CI Merge Notes
89
+
90
+ When a PR is ready, list open PRs by creation time and merge the oldest ready
91
+ one first. After each merge, check the next PR again; a new main commit may make
92
+ it need a rebase.
93
+
94
+ If main moved after the PR branch was made, replay the PR commits on top of the
95
+ new main in a clean worktree. Keep local unrelated changes out of the rebase and
96
+ out of the PR.
97
+
98
+ Treat CI as the source of truth for what blocks the merge. Read the failed step
99
+ first, fix only that drift, then push again. A common drift is the npm README:
100
+ when `readme-sync-smoke.js` says the package README is stale, run
101
+ `npm run sync:readme`, add only `plugins/cool-workflow/README.md`, and let CI run
102
+ again.
103
+
88
104
  ## Boundary
89
105
 
90
106
  Release Tooling touches only the build/release surfaces. It adds no runtime
@@ -268,3 +284,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
268
284
  0.1.93
269
285
 
270
286
  0.1.94
287
+
288
+ 0.1.95
289
+
290
+ 0.1.96
package/docs/routines.md CHANGED
@@ -64,6 +64,36 @@ report path and digest.
64
64
  The `--metrics` flag is not required and it gives back foreground time used plus
65
65
  agent-spawn and result-cache-hit counts for the fast run.
66
66
 
67
+ ## PDCA Blackboard Development Lessons
68
+
69
+ When a task asks for agents to work together, first try the parts CW already
70
+ has:
71
+
72
+ - workflow apps give the work shape
73
+ - worker output gives checked facts
74
+ - the blackboard gives shared state
75
+ - MCP gives tool access to the same state
76
+ - smoke tests prove the loop
77
+
78
+ Do not make a new MCP server when the existing server can show the same run
79
+ state. Add a workflow app first, then prove the app with one smoke that uses
80
+ both CLI and MCP.
81
+
82
+ For a three-agent loop, keep the order plain:
83
+
84
+ ```text
85
+ plan -> build -> audit -> next action
86
+ ```
87
+
88
+ Each agent should write one blackboard message and, when there is a result
89
+ file, one artifact ref. Take a snapshot after the audit and after the next
90
+ action. If audit evidence is missing, let the worker evidence gate refuse the
91
+ result instead of adding a new policy layer.
92
+
93
+ Before a PR, base the branch on `origin/main`, run the generated-doc checks,
94
+ and sync generated docs when the gate says they are stale. This keeps unrelated
95
+ local commits and generated README/index drift out of the work.
96
+
67
97
  ## Boundary
68
98
 
69
99
  CW v0.1.1 does not give managed cloud infrastructure. It gives a local
@@ -464,3 +464,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
464
464
  0.1.93
465
465
 
466
466
  0.1.94
467
+
468
+ 0.1.95
469
+
470
+ 0.1.96
@@ -232,3 +232,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
232
232
  0.1.93
233
233
 
234
234
  0.1.94
235
+
236
+ 0.1.95
237
+
238
+ 0.1.96
@@ -26,6 +26,21 @@ normalization, worker result acceptance, and durable feedback for denied worker
26
26
  output. The agent host has to do OS-level file access, process execution,
27
27
  network access, and environment filtering.
28
28
 
29
+ **IMPORTANT**: Under the default `node` backend, a sandbox profile's
30
+ `execute`, `network`, and `env` policy is **attested, not enforced**. CW
31
+ validates the policy, records it in the worker manifest, and attests that
32
+ these limits were declared — but the actual enforcement of command execution
33
+ restrictions, network isolation, and environment variable filtering is
34
+ DELEGATED to the host runtime. For full enforcement, use the `container`
35
+ backend (`--backend container`) with Docker/Podman, or apply OS-level
36
+ sandboxing to the agent process. Without OS enforcement, a worker under a
37
+ `locked-down` profile can still run arbitrary commands and access the network.
38
+
39
+ CW also now (v0.1.95) applies `buildChildEnv(policy)` as a baseline for agent
40
+ spawns — only `PATH`, `HOME`, explicit `expose` entries, and well-known
41
+ `CW_*` + LLM provider API key environment variables pass through. The
42
+ operator's other process environment is not inherited by default.
43
+
29
44
  The design goal is simple:
30
45
 
31
46
  ```text
@@ -310,3 +310,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
310
310
  0.1.93
311
311
 
312
312
  0.1.94
313
+
314
+ 0.1.95
315
+
316
+ 0.1.96
@@ -246,3 +246,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
246
246
  0.1.93
247
247
 
248
248
  0.1.94
249
+
250
+ 0.1.95
251
+
252
+ 0.1.96
@@ -254,3 +254,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
254
254
  0.1.93
255
255
 
256
256
  0.1.94
257
+
258
+ 0.1.95
259
+
260
+ 0.1.96
@@ -2,7 +2,7 @@
2
2
  "_comment": "SINGLE SOURCE OF TRUTH for every vendor manifest. Edit THIS file, then run `npm run gen:manifests`. Do NOT hand-edit the generated vendor manifests (.claude-plugin/, .codex-plugin/, .agents/, .mcp.json) — `npm run gen:manifests -- --check` (run by release:check) will fail if they drift from this source.",
3
3
  "identity": {
4
4
  "name": "cool-workflow",
5
- "version": "0.1.94",
5
+ "version": "0.1.96",
6
6
  "license": "BSD-2-Clause",
7
7
  "homepage": "https://github.com/coo1white/cool-workflow",
8
8
  "author": {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cool-workflow",
3
- "version": "0.1.94",
3
+ "version": "0.1.96",
4
4
  "bin": {
5
5
  "cool-workflow": "scripts/cw.js",
6
6
  "cw": "scripts/cw.js"
@@ -14,7 +14,7 @@
14
14
  "bugs": {
15
15
  "url": "https://github.com/coo1white/cool-workflow/issues"
16
16
  },
17
- "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents it never runs the models itself.",
17
+ "description": "A workflow control plane and run-time you are able to check: it sends out jobs in TypeScript, makes certain of work against facts before it goes through, puts state into fixed records, orders jobs by time, runs jobs again and again, gets a group of agents to do their parts together, and talks MCP. It gives the doing of the work to outside agents \u2014 it never runs the models itself.",
18
18
  "type": "commonjs",
19
19
  "engines": {
20
20
  "node": ">=18"
@@ -62,9 +62,11 @@
62
62
  "onramp:check": "node scripts/onramp-check.js --check",
63
63
  "version:sync": "node scripts/version-sync-check.js",
64
64
  "release:check": "node scripts/release-check.js",
65
- "test": "node dist/cli.js version > /dev/null && node test/run-all.js",
65
+ "test": "node dist/cli.js version > /dev/null && node test/run-all.js --fast --sample 35",
66
+ "test:full": "node dist/cli.js version > /dev/null && node test/run-all.js --sample 55",
67
+ "test:gate": "node dist/cli.js version > /dev/null && node test/run-all.js",
66
68
  "test:fast": "npm run build --if-present && node dist/cli.js version > /dev/null && node test/run-all.js --concurrency auto",
67
- "test:ci": "node dist/cli.js version > /dev/null && node test/run-all.js --concurrency auto",
69
+ "test:ci": "npm run build && node dist/cli.js version > /dev/null && node test/run-all.js --sample 55",
68
70
  "test:coverage": "node dist/cli.js version > /dev/null && node scripts/coverage-gate.js --concurrency auto",
69
71
  "eval:replay": "tsc -p tsconfig.json && node test/multi-agent-eval-replay-harness-smoke.js",
70
72
  "ci": "npm run build && npm run check && npm run test && npm run release:check",
@@ -85,5 +87,6 @@
85
87
  "llm-pipeline",
86
88
  "claude",
87
89
  "delegation"
88
- ]
90
+ ],
91
+ "mcpName": "io.github.coo1white/cool-workflow"
89
92
  }
@@ -2,6 +2,7 @@
2
2
  "use strict";
3
3
 
4
4
  const fs = require("node:fs");
5
+ const path = require("node:path");
5
6
 
6
7
  const RESULT_CONTRACT = `
7
8
  === HOW TO RETURN YOUR ANSWER (overrides any 'write to result.md' instruction above) ===
@@ -448,6 +449,25 @@ function emitReport(model, usage, resultText) {
448
449
  process.stdout.write(JSON.stringify({ model, usage, result: resultText }));
449
450
  }
450
451
 
452
+ // Drop the failed agent's stderr beside the worker's result.md so a `failed (exit
453
+ // 1)` is readable AFTER the fact. CW core keeps only the child's stdout + exit
454
+ // code (byte-stable evidence), so without this the real reason — a relay 5xx, an
455
+ // auth error, a killed run — is lost. The worker dir already has a `logs/` folder
456
+ // (src/worker-isolation.ts); resultPath is `<workerDir>/result.md`, so its
457
+ // `logs/agent-stderr.log` sibling is the natural home. Advisory only: never throws,
458
+ // never changes the exit code or the recorded evidence.
459
+ function persistStderr(resultPath, text) {
460
+ const t = String(text || "").trim();
461
+ if (!t || !resultPath) return;
462
+ try {
463
+ const dir = path.join(path.dirname(resultPath), "logs");
464
+ fs.mkdirSync(dir, { recursive: true });
465
+ fs.writeFileSync(path.join(dir, "agent-stderr.log"), `${t}\n`, "utf8");
466
+ } catch {
467
+ /* advisory only — diagnostics must never break the run */
468
+ }
469
+ }
470
+
451
471
  module.exports = {
452
472
  RESULT_CONTRACT,
453
473
  buildPrompt,
@@ -461,5 +481,6 @@ module.exports = {
461
481
  parseJsonLines,
462
482
  flushJsonLines,
463
483
  writeResult,
464
- emitReport
484
+ emitReport,
485
+ persistStderr // save a failed agent's stderr to <workerDir>/logs/agent-stderr.log (shared by all wrappers)
465
486
  };