cool-workflow 0.1.97 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (309) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +11 -2
  4. package/apps/architecture-review/app.json +1 -1
  5. package/apps/architecture-review-fast/app.json +1 -1
  6. package/apps/end-to-end-golden-path/app.json +1 -1
  7. package/apps/pr-review-fix-ci/app.json +1 -1
  8. package/apps/release-cut/app.json +1 -1
  9. package/apps/research-synthesis/app.json +1 -1
  10. package/dist/cli/dispatch.js +236 -0
  11. package/dist/cli/entry.js +120 -0
  12. package/dist/cli/io.js +21 -4
  13. package/dist/cli/parseargv.js +157 -0
  14. package/dist/cli.js +6 -33
  15. package/dist/core/capability-table.js +3534 -0
  16. package/dist/core/format/help.js +314 -0
  17. package/dist/{state-explosion/format.js → core/format/state-explosion-text.js} +10 -1
  18. package/dist/core/hash.js +137 -0
  19. package/dist/core/multi-agent/candidate-scoring.js +219 -0
  20. package/dist/core/multi-agent/collaboration.js +481 -0
  21. package/dist/core/multi-agent/coordinator.js +515 -0
  22. package/dist/core/multi-agent/eval-replay.js +306 -0
  23. package/dist/core/multi-agent/runtime.js +929 -0
  24. package/dist/core/multi-agent/topology.js +298 -0
  25. package/dist/core/multi-agent/trust-policy.js +197 -0
  26. package/dist/core/pipeline/commit-gate.js +320 -0
  27. package/dist/{pipeline-contract.js → core/pipeline/contract.js} +24 -37
  28. package/dist/core/pipeline/dispatch.js +103 -0
  29. package/dist/core/pipeline/drive-decide.js +227 -0
  30. package/dist/core/pipeline/error-feedback.js +161 -0
  31. package/dist/core/pipeline/loop-expansion.js +124 -0
  32. package/dist/{result-normalize.js → core/pipeline/result-normalize.js} +14 -37
  33. package/dist/core/pipeline/runner.js +230 -0
  34. package/dist/{contract-migration.js → core/state/contract-migration.js} +68 -92
  35. package/dist/{state-migrations.js → core/state/migrations.js} +103 -96
  36. package/dist/core/state/node-projection.js +95 -0
  37. package/dist/core/state/node-snapshot.js +230 -0
  38. package/dist/core/state/run-paths.js +93 -0
  39. package/dist/{schema-validate.js → core/state/schema-validate.js} +35 -28
  40. package/dist/core/state/schema.js +50 -0
  41. package/dist/core/state/state-explosion/digest.js +243 -0
  42. package/dist/core/state/state-explosion/graph.js +527 -0
  43. package/dist/{state-explosion → core/state/state-explosion}/helpers.js +34 -3
  44. package/dist/core/state/state-explosion/report.js +187 -0
  45. package/dist/{state-explosion → core/state/state-explosion}/size.js +25 -7
  46. package/dist/{state-node.js → core/state/state-node.js} +90 -113
  47. package/dist/core/state/types.js +19 -0
  48. package/dist/{validation.js → core/state/validation.js} +64 -131
  49. package/dist/core/trust/evidence-grounding.js +134 -0
  50. package/dist/core/trust/ledger.js +199 -0
  51. package/dist/{telemetry-attestation.js → core/trust/telemetry-attestation.js} +94 -68
  52. package/dist/core/trust/telemetry-ledger.js +127 -0
  53. package/dist/core/types.js +20 -0
  54. package/dist/core/version.js +16 -0
  55. package/dist/{workflow-app-framework.js → core/workflow-apps/app-schema.js} +337 -426
  56. package/dist/mcp/dispatch.js +104 -0
  57. package/dist/mcp/server.js +144 -0
  58. package/dist/mcp-server.js +6 -84
  59. package/dist/{agent-config.js → shell/agent-config.js} +118 -71
  60. package/dist/shell/app-run-cli.js +88 -0
  61. package/dist/shell/audit-cli.js +259 -0
  62. package/dist/shell/audit-provenance.js +83 -0
  63. package/dist/shell/candidate-scoring-io.js +459 -0
  64. package/dist/shell/collaboration-io.js +264 -0
  65. package/dist/shell/commit-summary.js +104 -0
  66. package/dist/shell/commit.js +290 -0
  67. package/dist/shell/coordinator-io.js +476 -0
  68. package/dist/shell/demo-cli.js +19 -0
  69. package/dist/shell/dispatch.js +162 -0
  70. package/dist/{doctor.js → shell/doctor.js} +123 -56
  71. package/dist/shell/drive.js +873 -0
  72. package/dist/shell/error-feedback-io.js +305 -0
  73. package/dist/shell/eval-io.js +473 -0
  74. package/dist/{multi-agent-eval/format.js → shell/eval-text.js} +78 -49
  75. package/dist/{evidence-reasoning.js → shell/evidence-reasoning.js} +124 -255
  76. package/dist/shell/exec-backend-cli.js +88 -0
  77. package/dist/shell/execution-backend/agent.js +475 -0
  78. package/dist/shell/execution-backend/ci.js +15 -0
  79. package/dist/shell/execution-backend/container.js +69 -0
  80. package/dist/shell/execution-backend/envelopes.js +55 -0
  81. package/dist/shell/execution-backend/local.js +113 -0
  82. package/dist/shell/execution-backend/probes.js +175 -0
  83. package/dist/shell/execution-backend/registry.js +402 -0
  84. package/dist/shell/execution-backend/remote.js +128 -0
  85. package/dist/shell/execution-backend/types.js +11 -0
  86. package/dist/shell/feedback-cli.js +81 -0
  87. package/dist/shell/feedback-operations.js +48 -0
  88. package/dist/shell/fs-atomic.js +276 -0
  89. package/dist/shell/harness.js +98 -0
  90. package/dist/shell/ledger-cli.js +212 -0
  91. package/dist/shell/ledger-io.js +169 -0
  92. package/dist/shell/man-cli.js +89 -0
  93. package/dist/shell/metrics-cli.js +98 -0
  94. package/dist/shell/multi-agent-cli.js +1002 -0
  95. package/dist/shell/multi-agent-host.js +563 -0
  96. package/dist/shell/multi-agent-io.js +387 -0
  97. package/dist/{multi-agent-operator-ux.js → shell/multi-agent-operator-ux.js} +234 -191
  98. package/dist/shell/node-store.js +124 -0
  99. package/dist/{observability/format.js → shell/observability-format.js} +7 -1
  100. package/dist/{observability/intake.js → shell/observability-intake.js} +79 -56
  101. package/dist/{observability.js → shell/observability.js} +159 -332
  102. package/dist/{onramp.js → shell/onramp.js} +11 -0
  103. package/dist/{operator-ux/format.js → shell/operator-ux-text.js} +250 -239
  104. package/dist/shell/operator-ux.js +431 -0
  105. package/dist/shell/orchestrator.js +231 -0
  106. package/dist/shell/pipeline-cli.js +667 -0
  107. package/dist/shell/pipeline.js +217 -0
  108. package/dist/shell/reclamation-io.js +1366 -0
  109. package/dist/shell/registry-cli.js +329 -0
  110. package/dist/{remote-source.js → shell/remote-source.js} +12 -5
  111. package/dist/shell/report-cli.js +101 -0
  112. package/dist/shell/report-view-cli.js +117 -0
  113. package/dist/{orchestrator → shell}/report.js +289 -282
  114. package/dist/shell/reporter.js +62 -0
  115. package/dist/shell/run-export-cli.js +106 -0
  116. package/dist/shell/run-export.js +680 -0
  117. package/dist/shell/run-registry-io.js +1014 -0
  118. package/dist/shell/run-store.js +164 -0
  119. package/dist/{sandbox-profile.js → shell/sandbox-profile.js} +134 -95
  120. package/dist/{scheduler.js → shell/scheduler-io.js} +248 -48
  121. package/dist/shell/scheduling-io.js +311 -0
  122. package/dist/shell/state-cli.js +181 -0
  123. package/dist/shell/state-explosion-cli.js +197 -0
  124. package/dist/shell/telemetry-cli.js +85 -0
  125. package/dist/{telemetry-demo.js → shell/telemetry-demo.js} +149 -119
  126. package/dist/shell/telemetry-ledger-io.js +132 -0
  127. package/dist/{term.js → shell/term.js} +36 -46
  128. package/dist/shell/topology-io.js +361 -0
  129. package/dist/shell/trust-audit.js +471 -0
  130. package/dist/{multi-agent-trust.js → shell/trust-policy-io.js} +67 -205
  131. package/dist/shell/verifier.js +48 -0
  132. package/dist/shell/workbench-host.js +250 -0
  133. package/dist/shell/workbench-text.js +18 -0
  134. package/dist/shell/workbench.js +175 -0
  135. package/dist/shell/worker-cli.js +124 -0
  136. package/dist/shell/worker-isolation.js +852 -0
  137. package/dist/shell/workflow-app-loader.js +650 -0
  138. package/docs/agent-delegation-drive.7.md +4 -0
  139. package/docs/cli-mcp-parity.7.md +284 -211
  140. package/docs/contract-migration-tooling.7.md +4 -0
  141. package/docs/control-plane-scheduling.7.md +4 -0
  142. package/docs/cross-agent-ledger.7.md +217 -0
  143. package/docs/designs/handoff-ledger.md +145 -0
  144. package/docs/durable-state-and-locking.7.md +4 -0
  145. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  146. package/docs/execution-backends.7.md +4 -0
  147. package/docs/handoff-setup.md +120 -0
  148. package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
  149. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  150. package/docs/multi-agent-operator-ux.7.md +4 -0
  151. package/docs/node-snapshot-diff-replay.7.md +4 -0
  152. package/docs/observability-cost-accounting.7.md +4 -0
  153. package/docs/project-index.md +143 -71
  154. package/docs/real-execution-backends.7.md +4 -0
  155. package/docs/release-and-migration.7.md +4 -0
  156. package/docs/release-tooling.7.md +4 -0
  157. package/docs/run-registry-control-plane.7.md +4 -0
  158. package/docs/run-retention-reclamation.7.md +25 -0
  159. package/docs/state-explosion-management.7.md +4 -0
  160. package/docs/team-collaboration.7.md +4 -0
  161. package/docs/web-desktop-workbench.7.md +4 -0
  162. package/manifest/plugin.manifest.json +1 -1
  163. package/manifest/source-context-profiles.json +9 -13
  164. package/package.json +1 -1
  165. package/scripts/agents/codex-agent.js +34 -4
  166. package/scripts/agents/cw-attest-wrap.js +2 -2
  167. package/scripts/bump-version.js +4 -3
  168. package/scripts/canonical-apps.js +4 -4
  169. package/scripts/children/batch-delegate-child.js +30 -10
  170. package/scripts/dogfood-architecture-review.js +2 -3
  171. package/scripts/dogfood-release.js +3 -3
  172. package/scripts/gen-parity-doc.js +15 -2
  173. package/scripts/golden-path.js +4 -4
  174. package/scripts/onramp-check.js +1 -1
  175. package/scripts/parity-check.js +38 -21
  176. package/scripts/release-flow.js +9 -3
  177. package/scripts/sync-project-index.js +51 -27
  178. package/scripts/validate-run-state-schema.js +2 -2
  179. package/scripts/version-sync-check.js +30 -30
  180. package/dist/candidate-scoring.js +0 -729
  181. package/dist/capability-core.js +0 -1186
  182. package/dist/capability-registry.js +0 -879
  183. package/dist/cli/command-surface.js +0 -490
  184. package/dist/cli/format.js +0 -56
  185. package/dist/cli/handlers/audit.js +0 -82
  186. package/dist/cli/handlers/blackboard.js +0 -81
  187. package/dist/cli/handlers/candidate.js +0 -40
  188. package/dist/cli/handlers/clones.js +0 -34
  189. package/dist/cli/handlers/collaboration.js +0 -61
  190. package/dist/cli/handlers/eval.js +0 -40
  191. package/dist/cli/handlers/maintenance.js +0 -107
  192. package/dist/cli/handlers/multi-agent.js +0 -165
  193. package/dist/cli/handlers/node.js +0 -41
  194. package/dist/cli/handlers/operational.js +0 -155
  195. package/dist/cli/handlers/operator.js +0 -146
  196. package/dist/cli/handlers/registry.js +0 -68
  197. package/dist/cli/handlers/run.js +0 -153
  198. package/dist/cli/handlers/scheduling.js +0 -132
  199. package/dist/cli/handlers/workbench.js +0 -41
  200. package/dist/cli/handlers/worker.js +0 -45
  201. package/dist/cli/run-summary.js +0 -45
  202. package/dist/clones.js +0 -162
  203. package/dist/collaboration.js +0 -726
  204. package/dist/commit.js +0 -592
  205. package/dist/compare.js +0 -18
  206. package/dist/coordinator/classify.js +0 -45
  207. package/dist/coordinator/paths.js +0 -42
  208. package/dist/coordinator/util.js +0 -126
  209. package/dist/coordinator.js +0 -990
  210. package/dist/daemon.js +0 -44
  211. package/dist/dispatch.js +0 -250
  212. package/dist/drive.js +0 -827
  213. package/dist/error-feedback.js +0 -419
  214. package/dist/evidence-grounding.js +0 -184
  215. package/dist/execution-backend/agent.js +0 -294
  216. package/dist/execution-backend/probes.js +0 -112
  217. package/dist/execution-backend/util.js +0 -47
  218. package/dist/execution-backend.js +0 -961
  219. package/dist/gates.js +0 -48
  220. package/dist/harness.js +0 -61
  221. package/dist/loop-expansion.js +0 -60
  222. package/dist/mcp/tool-call.js +0 -434
  223. package/dist/mcp/tool-definitions.js +0 -1040
  224. package/dist/mcp-surface.js +0 -30
  225. package/dist/multi-agent/graph.js +0 -84
  226. package/dist/multi-agent/helpers.js +0 -141
  227. package/dist/multi-agent/ids.js +0 -20
  228. package/dist/multi-agent/paths.js +0 -22
  229. package/dist/multi-agent-eval/normalize.js +0 -51
  230. package/dist/multi-agent-eval.js +0 -678
  231. package/dist/multi-agent-host.js +0 -777
  232. package/dist/multi-agent.js +0 -984
  233. package/dist/node-projection.js +0 -59
  234. package/dist/node-snapshot.js +0 -260
  235. package/dist/operator-ux.js +0 -631
  236. package/dist/orchestrator/app-operations.js +0 -211
  237. package/dist/orchestrator/audit-operations.js +0 -182
  238. package/dist/orchestrator/candidate-operations.js +0 -117
  239. package/dist/orchestrator/cli-options.js +0 -294
  240. package/dist/orchestrator/collaboration-operations.js +0 -86
  241. package/dist/orchestrator/feedback-operations.js +0 -81
  242. package/dist/orchestrator/host-operations.js +0 -78
  243. package/dist/orchestrator/lifecycle-operations.js +0 -626
  244. package/dist/orchestrator/migration-operations.js +0 -44
  245. package/dist/orchestrator/multi-agent-operations.js +0 -362
  246. package/dist/orchestrator/topology-operations.js +0 -84
  247. package/dist/orchestrator.js +0 -917
  248. package/dist/pipeline-runner.js +0 -285
  249. package/dist/reclamation/hash.js +0 -72
  250. package/dist/reclamation.js +0 -812
  251. package/dist/reporter.js +0 -67
  252. package/dist/run-export.js +0 -784
  253. package/dist/run-registry/derive.js +0 -175
  254. package/dist/run-registry/format.js +0 -124
  255. package/dist/run-registry/gc.js +0 -251
  256. package/dist/run-registry/policy.js +0 -16
  257. package/dist/run-registry/queue.js +0 -115
  258. package/dist/run-registry.js +0 -850
  259. package/dist/run-state-schema.js +0 -68
  260. package/dist/scheduling.js +0 -184
  261. package/dist/state-explosion.js +0 -1014
  262. package/dist/state.js +0 -367
  263. package/dist/telemetry-ledger.js +0 -196
  264. package/dist/topology.js +0 -565
  265. package/dist/triggers.js +0 -184
  266. package/dist/trust-audit.js +0 -644
  267. package/dist/types/blackboard.js +0 -2
  268. package/dist/types/candidate.js +0 -2
  269. package/dist/types/collaboration.js +0 -2
  270. package/dist/types/core.js +0 -2
  271. package/dist/types/drive.js +0 -10
  272. package/dist/types/error-feedback.js +0 -2
  273. package/dist/types/evidence-reasoning.js +0 -2
  274. package/dist/types/execution-backend.js +0 -2
  275. package/dist/types/multi-agent.js +0 -2
  276. package/dist/types/observability.js +0 -2
  277. package/dist/types/pipeline.js +0 -2
  278. package/dist/types/reclamation.js +0 -8
  279. package/dist/types/report-bundle.js +0 -6
  280. package/dist/types/result.js +0 -2
  281. package/dist/types/run-registry.js +0 -2
  282. package/dist/types/run.js +0 -2
  283. package/dist/types/sandbox.js +0 -2
  284. package/dist/types/schedule.js +0 -2
  285. package/dist/types/state-node.js +0 -2
  286. package/dist/types/topology.js +0 -2
  287. package/dist/types/trust.js +0 -2
  288. package/dist/types/workbench.js +0 -2
  289. package/dist/types/worker.js +0 -2
  290. package/dist/types/workflow-app.js +0 -2
  291. package/dist/types.js +0 -44
  292. package/dist/util/fingerprint.js +0 -19
  293. package/dist/util/fingerprint.test.js +0 -27
  294. package/dist/verifier.js +0 -78
  295. package/dist/version.js +0 -8
  296. package/dist/workbench-host.js +0 -182
  297. package/dist/workbench.js +0 -192
  298. package/dist/worker-accept/acceptance.js +0 -114
  299. package/dist/worker-accept/blackboard-fanout.js +0 -80
  300. package/dist/worker-accept/blackboard-linkage.js +0 -19
  301. package/dist/worker-accept/context.js +0 -2
  302. package/dist/worker-accept/telemetry-ledger.js +0 -126
  303. package/dist/worker-accept/validation.js +0 -77
  304. package/dist/worker-accept/verifier-completion.js +0 -73
  305. package/dist/worker-isolation/helpers.js +0 -51
  306. package/dist/worker-isolation/paths.js +0 -46
  307. package/dist/worker-isolation.js +0 -656
  308. package/dist/workflow-api.js +0 -131
  309. /package/dist/{types → core/types}/boundary.js +0 -0
@@ -1,114 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.acceptWorkerResult = acceptWorkerResult;
7
- const node_fs_1 = __importDefault(require("node:fs"));
8
- const node_path_1 = __importDefault(require("node:path"));
9
- const state_1 = require("../state");
10
- const pipeline_contract_1 = require("../pipeline-contract");
11
- const state_node_1 = require("../state-node");
12
- const result_normalize_1 = require("../result-normalize");
13
- const trust_audit_1 = require("../trust-audit");
14
- /** Step 3 — recordStateNode/audit: the irreversible accept. Records the allowed
15
- * path decision, copies the result into the run results dir, completes the task,
16
- * builds + appends the result node, emits the accepted audit event, re-normalizes
17
- * node evidence against both audit ids, and surfaces the empty-capture warning.
18
- * Writes destination/pathAuditId/acceptedAuditId/resultNode back into `accept`. */
19
- function acceptWorkerResult(accept, delegation) {
20
- const { run, workerId, scope, task, absoluteResultPath, parsedResult } = accept;
21
- const { agentDelegation } = delegation;
22
- const pathAudit = (0, trust_audit_1.recordSandboxPathDecision)(run, {
23
- workerId,
24
- taskId: task.id,
25
- sandboxProfileId: scope.sandboxProfileId,
26
- policySnapshot: scope.sandboxPolicy,
27
- target: absoluteResultPath,
28
- decision: "allowed",
29
- metadata: { operation: "worker-output-acceptance" }
30
- });
31
- const destination = node_path_1.default.join(run.paths.resultsDir, `${(0, state_1.safeFileName)(task.id)}.md`);
32
- node_fs_1.default.mkdirSync(run.paths.resultsDir, { recursive: true });
33
- node_fs_1.default.copyFileSync(absoluteResultPath, destination);
34
- task.status = "completed";
35
- task.completedAt = new Date().toISOString();
36
- task.resultPath = destination;
37
- task.loopStage = "observe";
38
- task.result = parsedResult;
39
- const evidence = (0, trust_audit_1.normalizeEvidence)(run, parsedResult.evidence.map((entry, index) => ({
40
- id: `result:${index + 1}`,
41
- source: "cw:result",
42
- locator: entry,
43
- summary: entry
44
- })), { source: "cw-validated", workerId, taskId: task.id, auditEventIds: [pathAudit.id] });
45
- const resultNode = (0, state_node_1.appendRunNode)(run, (0, state_node_1.createStateNode)({
46
- id: `${run.id}:result:${task.id}`,
47
- kind: "result",
48
- status: "completed",
49
- loopStage: "observe",
50
- inputs: { taskId: task.id, dispatchId: task.dispatchId, workerId },
51
- outputs: parsedResult,
52
- artifacts: [
53
- { id: "result", kind: "markdown", path: destination },
54
- { id: "worker-result", kind: "markdown", path: absoluteResultPath }
55
- ],
56
- evidence,
57
- parents: task.dispatchId ? [`${run.id}:dispatch:${task.dispatchId}`] : [task.stateNodeId || `${run.id}:task:${task.id}`],
58
- contractId: pipeline_contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
59
- metadata: {
60
- taskId: task.id,
61
- workerId,
62
- workerDir: scope.workerDir,
63
- sandboxProfileId: scope.sandboxProfileId,
64
- auditEventIds: [pathAudit.id],
65
- // Empty-capture warning (v0.1.42): even after robust normalization the result
66
- // yielded NO findings and NO evidence — surfaced, never silently passed.
67
- ...((0, result_normalize_1.isEmptyCapture)(parsedResult) ? { captureWarning: "no findings or evidence captured from result.md" } : {}),
68
- // Folded into the snapshotted node body so v0.1.35 replay re-verifies the
69
- // prompt/result/model digests WITHOUT re-spawning the agent. NOT evidence.
70
- ...(agentDelegation ? { agentDelegation } : {})
71
- }
72
- }));
73
- const acceptedAudit = (0, trust_audit_1.recordTrustAuditEvent)(run, {
74
- kind: "worker.output",
75
- decision: "accepted",
76
- source: "cw-validated",
77
- workerId,
78
- taskId: task.id,
79
- nodeId: resultNode.id,
80
- sandboxProfileId: scope.sandboxProfileId,
81
- policySnapshot: scope.sandboxPolicy,
82
- normalizedPath: absoluteResultPath,
83
- evidence,
84
- parentEventIds: [pathAudit.id],
85
- metadata: { destination }
86
- });
87
- resultNode.evidence = (0, trust_audit_1.normalizeEvidence)(run, resultNode.evidence, {
88
- source: "cw-validated",
89
- workerId,
90
- taskId: task.id,
91
- resultNodeId: resultNode.id,
92
- auditEventIds: [pathAudit.id, acceptedAudit.id]
93
- });
94
- (0, state_node_1.appendRunNode)(run, resultNode);
95
- task.resultNodeId = resultNode.id;
96
- // Warn (don't silently pass) when a worker's result captured no structured signal
97
- // at all — the v0.1.41 self-audit's "accepted with evidenceCount:0" failure mode.
98
- if ((0, result_normalize_1.isEmptyCapture)(parsedResult)) {
99
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
100
- kind: "worker.capture-warning",
101
- decision: "recorded",
102
- source: "cw-validated",
103
- workerId,
104
- taskId: task.id,
105
- nodeId: resultNode.id,
106
- parentEventIds: [acceptedAudit.id],
107
- metadata: { reason: "no findings or evidence captured from result.md", resultPath: destination }
108
- });
109
- }
110
- accept.destination = destination;
111
- accept.pathAuditId = pathAudit.id;
112
- accept.acceptedAuditId = acceptedAudit.id;
113
- accept.resultNode = resultNode;
114
- }
@@ -1,80 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.fanOutWorkerOutput = fanOutWorkerOutput;
4
- const coordinator_1 = require("../coordinator");
5
- const multi_agent_1 = require("../multi-agent");
6
- const blackboard_linkage_1 = require("./blackboard-linkage");
7
- /** Step 7 — fanOut: publish the accepted output to the blackboard and record the
8
- * multi-agent worker output (linking the blackboard message/artifact refs). */
9
- function fanOutWorkerOutput(accept) {
10
- const { run, workerId, scope, task, absoluteResultPath, parsedResult, destination, resultNode, verifierNodeId, acceptedAuditId } = accept;
11
- const blackboardLinks = publishWorkerOutputToBlackboard(run, scope, task, parsedResult.summary, destination, absoluteResultPath, resultNode.evidence, acceptedAuditId);
12
- (0, multi_agent_1.recordMultiAgentWorkerOutput)(run, {
13
- workerId,
14
- taskId: task.id,
15
- resultNodeId: resultNode.id,
16
- verifierNodeId,
17
- evidence: resultNode.evidence,
18
- artifactPaths: [destination, absoluteResultPath],
19
- blackboardMessageIds: blackboardLinks.messageIds,
20
- blackboardArtifactRefIds: blackboardLinks.artifactRefIds
21
- });
22
- }
23
- function publishWorkerOutputToBlackboard(run, scope, task, summary, destination, workerResultPath, evidence, acceptedAuditId) {
24
- const linkage = (0, blackboard_linkage_1.blackboardLinkage)(run, scope);
25
- if (!linkage.blackboardId || !linkage.topicIds.length)
26
- return { messageIds: [], artifactRefIds: [] };
27
- const topicId = linkage.topicIds[0];
28
- const artifactRefs = [
29
- (0, coordinator_1.addBlackboardArtifact)(run, {
30
- topicId,
31
- blackboardId: linkage.blackboardId,
32
- kind: "worker-result",
33
- path: destination,
34
- owner: { kind: "worker", id: scope.id },
35
- author: { kind: "runtime", id: "cw" },
36
- source: "cw-validated-worker-output",
37
- provenance: {
38
- workerId: scope.id,
39
- taskId: task.id,
40
- multiAgentRunId: scope.multiAgent?.runId,
41
- agentGroupId: scope.multiAgent?.groupId,
42
- agentRoleId: scope.multiAgent?.roleId,
43
- agentMembershipId: scope.multiAgent?.membershipId,
44
- auditEventIds: [acceptedAuditId]
45
- },
46
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
47
- auditEventIds: [acceptedAuditId],
48
- metadata: { workerResultPath }
49
- })
50
- ];
51
- const message = (0, coordinator_1.postBlackboardMessage)(run, {
52
- topicId,
53
- blackboardId: linkage.blackboardId,
54
- body: summary,
55
- author: { kind: "worker", id: scope.id },
56
- scope: { kind: "worker", id: scope.id },
57
- artifactRefIds: artifactRefs.map((artifact) => artifact.id),
58
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
59
- auditEventIds: [acceptedAuditId],
60
- links: {
61
- multiAgentRunId: scope.multiAgent?.runId,
62
- agentGroupId: scope.multiAgent?.groupId,
63
- agentRoleId: scope.multiAgent?.roleId,
64
- agentMembershipId: scope.multiAgent?.membershipId,
65
- agentFanoutId: scope.multiAgent?.fanoutId,
66
- taskId: task.id,
67
- workerId: scope.id,
68
- auditEventIds: [acceptedAuditId]
69
- },
70
- metadata: {
71
- taskId: task.id,
72
- resultPath: destination,
73
- multiAgent: scope.multiAgent
74
- }
75
- });
76
- return {
77
- messageIds: [message.id],
78
- artifactRefIds: artifactRefs.map((artifact) => artifact.id)
79
- };
80
- }
@@ -1,19 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.blackboardLinkage = blackboardLinkage;
4
- const helpers_1 = require("../worker-isolation/helpers");
5
- function blackboardLinkage(run, scope) {
6
- const membershipId = scope.multiAgent?.membershipId;
7
- const membership = membershipId ? run.multiAgent?.memberships.find((entry) => entry.id === membershipId) : undefined;
8
- const group = scope.multiAgent?.groupId ? run.multiAgent?.groups.find((entry) => entry.id === scope.multiAgent?.groupId) : undefined;
9
- const role = scope.multiAgent?.roleId ? run.multiAgent?.roles.find((entry) => entry.id === scope.multiAgent?.roleId) : undefined;
10
- const multiAgentRun = scope.multiAgent?.runId ? run.multiAgent?.runs.find((entry) => entry.id === scope.multiAgent?.runId) : undefined;
11
- const blackboardId = membership?.blackboardId || group?.blackboardId || role?.blackboardId || multiAgentRun?.blackboardId;
12
- const topicIds = (0, helpers_1.unique)([
13
- ...(membership?.topicIds || []),
14
- ...(group?.topicIds || []),
15
- ...(role?.topicIds || []),
16
- ...(multiAgentRun?.topicIds || [])
17
- ]);
18
- return { blackboardId, topicIds };
19
- }
@@ -1,2 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
@@ -1,126 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.attestWorkerDelegation = attestWorkerDelegation;
4
- exports.recordWorkerDelegationLedger = recordWorkerDelegationLedger;
5
- const execution_backend_1 = require("../execution-backend");
6
- const telemetry_attestation_1 = require("../telemetry-attestation");
7
- const telemetry_ledger_1 = require("../telemetry-ledger");
8
- const trust_audit_1 = require("../trust-audit");
9
- const helpers_1 = require("../worker-isolation/helpers");
10
- /** Step 2 — attestSandbox/attestDelegation: verify the agent's signed telemetry
11
- * BEFORE recording it, enforce the opt-in require-attested-telemetry gate (still
12
- * fail-closed, pre-mutation), and build the agent-hop provenance. Non-agent hops
13
- * return an empty delegation. */
14
- function attestWorkerDelegation(accept, deps) {
15
- const { run, workerId, options, task, absoluteResultPath, rawResult } = accept;
16
- // Agent Delegation Drive (v0.1.38): if this worker's result.md was produced by an
17
- // EXTERNAL agent, record the agent-hop attestation AS PROVENANCE — the agent
18
- // (kind:process) handle, the agent-REPORTED model (never CW_AGENT_MODEL), the
19
- // prompt digest, the secret-stripped args, and the result digest computed HERE
20
- // from the accepted result.md. These live in the result node's metadata (covered
21
- // by the v0.1.35 snapshot body) + a trust-audit event, NEVER in `evidence`.
22
- // Track 1: verify the agent's signed telemetry BEFORE recording it. CW holds
23
- // only the operator's PUBLIC key — it verifies attribution, never measures
24
- // usage. Absent/invalid signature => `unattested`/`absent`, surfaced loudly,
25
- // NEVER silently recorded as trusted.
26
- const telemetry = options.agentDelegation
27
- ? (0, telemetry_attestation_1.verifyTelemetryAttestation)(options.agentDelegation.reportedUsage, options.agentDelegation.usageSignature, (0, telemetry_attestation_1.resolveTrustPublicKey)(options.agentDelegation.usageTrustPublicKey),
28
- // resultDigest binds the agent's findings into the signature: CW recomputes
29
- // the digest from the accepted result (the SAME raw bytes the executor
30
- // signed) so a result edited after signing fails verification. A signer
31
- // that did not cover the result still verifies (verifier back-compat).
32
- { runId: run.id, taskId: task.id, promptDigest: options.agentDelegation.promptDigest, resultDigest: (0, execution_backend_1.sha256)(rawResult) })
33
- : undefined;
34
- // Track 1 fail-closed (Decision 2 — OPT-IN, off by default). When the operator
35
- // requires attested telemetry, a delegated hop whose verdict is not `attested`
36
- // is REJECTED here — BEFORE any accept-side state mutation — so the drive parks
37
- // it instead of recording unverifiable usage. Default behavior is unchanged
38
- // (flag-and-surface). Non-agent hops carry no verdict and are never blocked.
39
- if (options.requireAttestedTelemetry && telemetry && telemetry.status !== "attested") {
40
- const error = (0, helpers_1.structuredError)("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
41
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
42
- throw new Error(error.message);
43
- }
44
- const agentDelegation = options.agentDelegation
45
- ? {
46
- schemaVersion: 1,
47
- backendId: "agent",
48
- handle: options.agentDelegation.handle,
49
- model: options.agentDelegation.model,
50
- promptDigest: options.agentDelegation.promptDigest,
51
- resultDigest: (0, execution_backend_1.sha256)(rawResult),
52
- command: options.agentDelegation.command,
53
- args: options.agentDelegation.args,
54
- exitCode: options.agentDelegation.exitCode,
55
- ...(options.agentDelegation.reportedUsage ? { reportedUsage: options.agentDelegation.reportedUsage } : {}),
56
- ...(options.agentDelegation.usageSignature ? { usageSignature: options.agentDelegation.usageSignature } : {}),
57
- ...(telemetry ? { usageAttestation: telemetry.status, usageAttestationReason: telemetry.reason } : {})
58
- }
59
- : undefined;
60
- return { agentDelegation, telemetry };
61
- }
62
- /** Step 4 — recordTelemetryLedger: the agent-hop attestation. Binds the telemetry
63
- * verdict into the append-only hash-chained ledger BEFORE the audit event (so the
64
- * event can cross-link the record hash), then emits the worker.agent-delegation
65
- * audit event. No-op for non-agent hops. */
66
- function recordWorkerDelegationLedger(accept, delegation) {
67
- const { agentDelegation, telemetry } = delegation;
68
- // The agent-hop attestation event — hung off worker.output, alongside
69
- // worker.backend. Recorded in trust-audit/provenance, NEVER in node evidence.
70
- if (!agentDelegation)
71
- return;
72
- const { run, workerId, scope, task, resultNode, acceptedAuditId } = accept;
73
- // Track 1 (tamper-evidence): bind this verdict into the append-only,
74
- // hash-chained telemetry ledger BEFORE the audit event, so the event can
75
- // cross-link the record hash. Editing the recorded verdict/usage later breaks
76
- // the chain (verifyTelemetryLedger). Only when a verdict was computed.
77
- const ledgerRecord = agentDelegation.usageAttestation
78
- ? (0, telemetry_ledger_1.appendTelemetryAttestation)(run, {
79
- workerId,
80
- taskId: task.id,
81
- promptDigest: agentDelegation.promptDigest,
82
- reportedUsage: agentDelegation.reportedUsage,
83
- usageSignature: agentDelegation.usageSignature,
84
- // Store the signed result digest ONLY when the signature actually covered
85
- // it, so the offline re-verifier (telemetry verify --pubkey / report verify)
86
- // can reconstruct the 5-field payload. A usage-only signature stores none
87
- // (its record stays byte-identical to a pre-result-coverage one).
88
- resultDigest: telemetry?.coversResult ? agentDelegation.resultDigest : undefined,
89
- attestation: agentDelegation.usageAttestation,
90
- attestationReason: agentDelegation.usageAttestationReason
91
- })
92
- : undefined;
93
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
94
- kind: "worker.agent-delegation",
95
- decision: "recorded",
96
- source: "host-attested",
97
- workerId,
98
- taskId: task.id,
99
- nodeId: resultNode.id,
100
- sandboxProfileId: scope.sandboxProfileId,
101
- policySnapshot: scope.sandboxPolicy,
102
- parentEventIds: [acceptedAuditId],
103
- metadata: {
104
- backendId: agentDelegation.backendId,
105
- handleKind: agentDelegation.handle.kind,
106
- handleRef: agentDelegation.handle.ref,
107
- model: agentDelegation.model,
108
- promptDigest: agentDelegation.promptDigest,
109
- resultDigest: agentDelegation.resultDigest,
110
- command: agentDelegation.command,
111
- args: agentDelegation.args,
112
- exitCode: agentDelegation.exitCode,
113
- // Track 1: the telemetry verdict travels with the agent-hop event so the
114
- // audit report can surface `unattested` usage loudly. Absent => no usage.
115
- ...(agentDelegation.usageAttestation
116
- ? {
117
- telemetryAttestation: agentDelegation.usageAttestation,
118
- ...(agentDelegation.usageAttestationReason ? { telemetryAttestationReason: agentDelegation.usageAttestationReason } : {}),
119
- ...(agentDelegation.reportedUsage ? { reportedUsage: agentDelegation.reportedUsage } : {}),
120
- // Cross-link to the hash-chained ledger entry (tamper-evidence).
121
- ...(ledgerRecord ? { telemetryRecordId: ledgerRecord.recordId, telemetryRecordHash: ledgerRecord.recordHash, telemetryPrevHash: ledgerRecord.prevHash } : {})
122
- }
123
- : {})
124
- }
125
- });
126
- }
@@ -1,77 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.validateWorkerResult = validateWorkerResult;
7
- const node_fs_1 = __importDefault(require("node:fs"));
8
- const node_path_1 = __importDefault(require("node:path"));
9
- const verifier_1 = require("../verifier");
10
- const evidence_grounding_1 = require("../evidence-grounding");
11
- const trust_audit_1 = require("../trust-audit");
12
- const helpers_1 = require("../worker-isolation/helpers");
13
- /** Step 1 — validateResult: resolve scope/task, enforce the sandbox boundary, the
14
- * result-file existence, the envelope contract, and (opt-in) resolvable evidence.
15
- * Fail-closed: any guard records a worker failure and throws BEFORE accept-side
16
- * state mutation. Returns the partially-filled accept context on success. */
17
- function validateWorkerResult(run, workerId, resultPath, options, deps) {
18
- const scope = deps.requireWorkerScope(run, workerId);
19
- const task = deps.requireWorkerTask(run, scope);
20
- const absoluteResultPath = node_path_1.default.resolve(resultPath);
21
- const violation = deps.validateWorkerBoundary(run, workerId, { ...options, policy: options.policy, path: absoluteResultPath });
22
- if (violation) {
23
- (0, trust_audit_1.recordSandboxPathDecision)(run, {
24
- workerId,
25
- taskId: task.id,
26
- sandboxProfileId: scope.sandboxProfileId,
27
- policySnapshot: scope.sandboxPolicy,
28
- target: absoluteResultPath,
29
- decision: "denied",
30
- metadata: { code: violation.code, allowedPaths: violation.allowedPaths }
31
- });
32
- deps.recordWorkerFailure(run, workerId, violation, { ...options, path: absoluteResultPath, code: violation.code, retryable: false });
33
- throw new Error(violation.message);
34
- }
35
- if (!node_fs_1.default.existsSync(absoluteResultPath)) {
36
- const error = (0, helpers_1.structuredError)("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
37
- path: absoluteResultPath,
38
- retryable: true
39
- });
40
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
41
- throw new Error(error.message);
42
- }
43
- const rawResult = node_fs_1.default.readFileSync(absoluteResultPath, "utf8");
44
- const parsedResult = (0, verifier_1.parseResultEnvelope)(rawResult);
45
- (0, verifier_1.validateResultEnvelope)(task, parsedResult);
46
- // Strict evidence resolution (v0.1.40 self-audit P1, opt-in via
47
- // CW_REQUIRE_RESOLVABLE_EVIDENCE): fail closed if the result cites file-style
48
- // evidence that does not resolve on disk, so a worker cannot land a result
49
- // whose evidence locators point nowhere. Off by default — the default gate is
50
- // the deterministic grounding check in validateResultEnvelope.
51
- if ((0, evidence_grounding_1.requireResolvableEvidence)()) {
52
- const baseDirs = Array.from(new Set([run.cwd, process.cwd(), scope.workerDir, run.paths.runDir].filter(Boolean)));
53
- const unresolved = (0, evidence_grounding_1.unresolvedFileEvidence)(parsedResult.evidence, baseDirs);
54
- if (unresolved.length) {
55
- const error = (0, helpers_1.structuredError)("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
56
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
57
- throw new Error(error.message);
58
- }
59
- }
60
- return {
61
- run,
62
- workerId,
63
- options,
64
- scope,
65
- task,
66
- absoluteResultPath,
67
- rawResult,
68
- parsedResult,
69
- destination: "",
70
- pathAuditId: "",
71
- acceptedAuditId: "",
72
- resultNode: undefined,
73
- verifierNodeId: "",
74
- verifierStatus: "",
75
- output: undefined
76
- };
77
- }
@@ -1,73 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.runWorkerVerify = runWorkerVerify;
4
- exports.recordWorkerCompletion = recordWorkerCompletion;
5
- const pipeline_runner_1 = require("../pipeline-runner");
6
- const telemetry_attestation_1 = require("../telemetry-attestation");
7
- const execution_backend_1 = require("../execution-backend");
8
- /** Step 5 — runVerify: drive the verify pipeline stage off the accepted result node
9
- * and record the verifier node id on the task + accept context. */
10
- function runWorkerVerify(accept) {
11
- const { run, workerId, scope, task, parsedResult, destination, resultNode } = accept;
12
- const verifierResult = (0, pipeline_runner_1.createPipelineRunner)({ persist: false }).runPipelineStage(run, "verify", resultNode.id, {
13
- outputNodeId: `${run.id}:verifier:${task.id}`,
14
- outputStatus: "verified",
15
- loopStage: "adjust",
16
- outputs: { accepted: true, workerId },
17
- artifacts: [{ id: "result", kind: "markdown", path: destination }],
18
- evidence: resultNode.evidence.length
19
- ? resultNode.evidence
20
- : [{ id: "result:summary", source: "summary", summary: parsedResult.summary }],
21
- metadata: { taskId: task.id, workerId, resultNodeId: resultNode.id, sandboxProfileId: scope.sandboxProfileId }
22
- });
23
- task.verifierNodeId = verifierResult.outputNodeId;
24
- accept.verifierNodeId = verifierResult.outputNodeId;
25
- // Carry the verify verdict for the scope-status transition in recordWorkerCompletion.
26
- accept.verifierStatus = verifierResult.status;
27
- }
28
- /** Step 6 — recordStateNode (worker record): assemble the worker output record +
29
- * host-attested usage record, then persist the worker scope with the verify-derived
30
- * status, output digest/size, and (when present) usage. */
31
- function recordWorkerCompletion(accept, delegation, deps) {
32
- const { run, workerId, scope, task, absoluteResultPath, rawResult, resultNode, verifierNodeId, verifierStatus, pathAuditId, acceptedAuditId } = accept;
33
- const { agentDelegation, telemetry } = delegation;
34
- const output = {
35
- workerId,
36
- taskId: task.id,
37
- resultPath: absoluteResultPath,
38
- recordedAt: new Date().toISOString(),
39
- stateNodeId: resultNode.id,
40
- verifierNodeId,
41
- auditEventIds: [pathAuditId, acceptedAuditId]
42
- };
43
- // Host-attested usage rides on the worker record. Recorded when the agent
44
- // REPORTED a model OR token usage — `unreported`/absent stays ABSENT (never
45
- // backfilled from the operator-chosen CW_AGENT_MODEL, never synthesized).
46
- // Track 1: the attestation verdict (`attested`/`unattested`/`absent`) and its
47
- // reason ride along, and the token buckets come from the (verified-or-not)
48
- // reported usage — CW still never measures them, it records + labels them.
49
- const reportedModel = agentDelegation && agentDelegation.model && agentDelegation.model !== "unreported" ? agentDelegation.model : undefined;
50
- const usageRecord = agentDelegation && (reportedModel || agentDelegation.reportedUsage)
51
- ? {
52
- schemaVersion: 1,
53
- source: "host-attested",
54
- ...(reportedModel ? { model: reportedModel } : {}),
55
- ...(0, telemetry_attestation_1.normalizeReportedUsage)(agentDelegation.reportedUsage),
56
- attestedAt: new Date().toISOString(),
57
- ...(telemetry ? { attestation: telemetry.status, ...(telemetry.reason ? { attestationReason: telemetry.reason } : {}) } : {}),
58
- note: "agent-delegation host-attested usage"
59
- }
60
- : undefined;
61
- deps.updateWorkerScope(run, {
62
- ...scope,
63
- updatedAt: new Date().toISOString(),
64
- status: verifierStatus === "advanced" ? "verified" : "completed",
65
- resultNodeId: resultNode.id,
66
- output,
67
- // Output integrity (v0.1.63): SHA256 digest + file size
68
- outputDigest: (0, execution_backend_1.sha256)(rawResult),
69
- outputSizeBytes: Buffer.byteLength(rawResult, "utf8"),
70
- ...(usageRecord ? { usage: usageRecord } : {})
71
- });
72
- accept.output = output;
73
- }
@@ -1,51 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.structuredError = structuredError;
4
- exports.isBoundaryViolation = isBoundaryViolation;
5
- exports.isStateNodeError = isStateNodeError;
6
- exports.mergeScopes = mergeScopes;
7
- exports.unique = unique;
8
- exports.compactMetadata = compactMetadata;
9
- exports.countBy = countBy;
10
- function structuredError(code, message, options = {}) {
11
- return {
12
- code,
13
- message,
14
- at: new Date().toISOString(),
15
- path: options.path,
16
- retryable: options.retryable,
17
- details: options.details
18
- };
19
- }
20
- function isBoundaryViolation(value) {
21
- return Boolean(value && typeof value === "object" && "allowedPaths" in value && "message" in value);
22
- }
23
- function isStateNodeError(value) {
24
- return Boolean(value && typeof value === "object" && "code" in value && "message" in value);
25
- }
26
- function mergeScopes(left, right) {
27
- const merged = [...left];
28
- for (const scope of right) {
29
- const index = merged.findIndex((candidate) => candidate.id === scope.id);
30
- if (index >= 0)
31
- merged[index] = scope;
32
- else
33
- merged.push(scope);
34
- }
35
- return merged;
36
- }
37
- function unique(values) {
38
- return Array.from(new Set(values.filter(Boolean)));
39
- }
40
- function compactMetadata(value) {
41
- const entries = Object.entries(value).filter(([, entry]) => entry !== undefined);
42
- return entries.length ? Object.fromEntries(entries) : undefined;
43
- }
44
- function countBy(items, key) {
45
- const counts = {};
46
- for (const item of items) {
47
- const value = key(item);
48
- counts[value] = (counts[value] || 0) + 1;
49
- }
50
- return counts;
51
- }
@@ -1,46 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.WORKER_MANIFEST_FILE = exports.WORKER_SCOPE_FILE = void 0;
7
- exports.manifestPath = manifestPath;
8
- exports.workerScopePath = workerScopePath;
9
- exports.workerArtifacts = workerArtifacts;
10
- exports.createWorkerId = createWorkerId;
11
- // Path, artifact, and id derivation for worker isolation. Pure functions of a
12
- // WorkerScope (or run + taskId) — no run-state mutation, no disk I/O. Carved out
13
- // of worker-isolation.ts following the established router pattern
14
- // (run-registry/{format,policy}.ts, orchestrator/*-operations.ts).
15
- //
16
- // BEHAVIOR-PRESERVING — pure code movement, zero logic change. Re-exported from
17
- // worker-isolation.ts so the public surface is byte-unchanged.
18
- const node_path_1 = __importDefault(require("node:path"));
19
- const state_1 = require("../state");
20
- exports.WORKER_SCOPE_FILE = "worker.json";
21
- exports.WORKER_MANIFEST_FILE = "manifest.json";
22
- function manifestPath(scope) {
23
- return node_path_1.default.join(scope.workerDir, exports.WORKER_MANIFEST_FILE);
24
- }
25
- function workerScopePath(scope) {
26
- return node_path_1.default.join(scope.workerDir, exports.WORKER_SCOPE_FILE);
27
- }
28
- function workerArtifacts(scope) {
29
- return [
30
- { id: "worker", kind: "json", path: workerScopePath(scope) },
31
- { id: "worker-manifest", kind: "json", path: manifestPath(scope) },
32
- { id: "worker-input", kind: "markdown", path: scope.inputPath }
33
- ];
34
- }
35
- // Deterministic worker id (v0.1.40 self-audit P2): a wall-clock stamp + Math.random()
36
- // made every dispatch mint a different id, so audit references were not reproducible
37
- // across re-runs of the same inputs. The id is now derived from the task plus a
38
- // per-task sequence (count of worker scopes already allocated for that task + 1),
39
- // so re-running the same workflow yields byte-identical worker ids while retries of
40
- // the SAME task still get a fresh, unique id. (workerId is excluded from the
41
- // snapshot source fingerprint, so this does not change replay digests.)
42
- function createWorkerId(run, taskId) {
43
- const prefix = `worker-${(0, state_1.safeFileName)(taskId)}-`;
44
- const seq = (run.workers || []).filter((scope) => scope.id.startsWith(prefix)).length + 1;
45
- return `${prefix}${String(seq).padStart(4, "0")}`;
46
- }