cool-workflow 0.1.98 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/README.md +11 -2
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/cli/dispatch.js +236 -0
- package/dist/cli/entry.js +120 -0
- package/dist/cli/io.js +21 -4
- package/dist/cli/parseargv.js +157 -0
- package/dist/cli.js +6 -33
- package/dist/core/capability-table.js +3534 -0
- package/dist/core/format/help.js +314 -0
- package/dist/{state-explosion/format.js → core/format/state-explosion-text.js} +10 -1
- package/dist/core/hash.js +137 -0
- package/dist/core/multi-agent/candidate-scoring.js +219 -0
- package/dist/core/multi-agent/collaboration.js +481 -0
- package/dist/core/multi-agent/coordinator.js +515 -0
- package/dist/core/multi-agent/eval-replay.js +306 -0
- package/dist/core/multi-agent/runtime.js +929 -0
- package/dist/core/multi-agent/topology.js +298 -0
- package/dist/core/multi-agent/trust-policy.js +197 -0
- package/dist/core/pipeline/commit-gate.js +320 -0
- package/dist/{pipeline-contract.js → core/pipeline/contract.js} +24 -37
- package/dist/core/pipeline/dispatch.js +103 -0
- package/dist/core/pipeline/drive-decide.js +227 -0
- package/dist/core/pipeline/error-feedback.js +161 -0
- package/dist/core/pipeline/loop-expansion.js +124 -0
- package/dist/{result-normalize.js → core/pipeline/result-normalize.js} +14 -37
- package/dist/core/pipeline/runner.js +230 -0
- package/dist/{contract-migration.js → core/state/contract-migration.js} +68 -92
- package/dist/{state-migrations.js → core/state/migrations.js} +103 -96
- package/dist/core/state/node-projection.js +95 -0
- package/dist/core/state/node-snapshot.js +230 -0
- package/dist/core/state/run-paths.js +93 -0
- package/dist/{schema-validate.js → core/state/schema-validate.js} +35 -28
- package/dist/core/state/schema.js +50 -0
- package/dist/core/state/state-explosion/digest.js +243 -0
- package/dist/core/state/state-explosion/graph.js +527 -0
- package/dist/{state-explosion → core/state/state-explosion}/helpers.js +34 -3
- package/dist/core/state/state-explosion/report.js +187 -0
- package/dist/{state-explosion → core/state/state-explosion}/size.js +25 -7
- package/dist/{state-node.js → core/state/state-node.js} +90 -113
- package/dist/core/state/types.js +19 -0
- package/dist/{validation.js → core/state/validation.js} +64 -131
- package/dist/core/trust/evidence-grounding.js +134 -0
- package/dist/core/trust/ledger.js +199 -0
- package/dist/{telemetry-attestation.js → core/trust/telemetry-attestation.js} +94 -68
- package/dist/core/trust/telemetry-ledger.js +127 -0
- package/dist/core/types.js +20 -0
- package/dist/core/version.js +16 -0
- package/dist/{workflow-app-framework.js → core/workflow-apps/app-schema.js} +337 -426
- package/dist/mcp/dispatch.js +104 -0
- package/dist/mcp/server.js +144 -0
- package/dist/mcp-server.js +6 -84
- package/dist/{agent-config.js → shell/agent-config.js} +118 -71
- package/dist/shell/app-run-cli.js +88 -0
- package/dist/shell/audit-cli.js +259 -0
- package/dist/shell/audit-provenance.js +83 -0
- package/dist/shell/candidate-scoring-io.js +459 -0
- package/dist/shell/collaboration-io.js +264 -0
- package/dist/shell/commit-summary.js +104 -0
- package/dist/shell/commit.js +290 -0
- package/dist/shell/coordinator-io.js +476 -0
- package/dist/shell/demo-cli.js +19 -0
- package/dist/shell/dispatch.js +162 -0
- package/dist/{doctor.js → shell/doctor.js} +123 -56
- package/dist/shell/drive.js +873 -0
- package/dist/shell/error-feedback-io.js +305 -0
- package/dist/shell/eval-io.js +473 -0
- package/dist/{multi-agent-eval/format.js → shell/eval-text.js} +78 -49
- package/dist/{evidence-reasoning.js → shell/evidence-reasoning.js} +124 -255
- package/dist/shell/exec-backend-cli.js +88 -0
- package/dist/shell/execution-backend/agent.js +475 -0
- package/dist/shell/execution-backend/ci.js +15 -0
- package/dist/shell/execution-backend/container.js +69 -0
- package/dist/shell/execution-backend/envelopes.js +55 -0
- package/dist/shell/execution-backend/local.js +113 -0
- package/dist/shell/execution-backend/probes.js +175 -0
- package/dist/shell/execution-backend/registry.js +402 -0
- package/dist/shell/execution-backend/remote.js +128 -0
- package/dist/shell/execution-backend/types.js +11 -0
- package/dist/shell/feedback-cli.js +81 -0
- package/dist/shell/feedback-operations.js +48 -0
- package/dist/shell/fs-atomic.js +276 -0
- package/dist/shell/harness.js +98 -0
- package/dist/shell/ledger-cli.js +212 -0
- package/dist/shell/ledger-io.js +169 -0
- package/dist/shell/man-cli.js +89 -0
- package/dist/shell/metrics-cli.js +98 -0
- package/dist/shell/multi-agent-cli.js +1002 -0
- package/dist/shell/multi-agent-host.js +563 -0
- package/dist/shell/multi-agent-io.js +387 -0
- package/dist/{multi-agent-operator-ux.js → shell/multi-agent-operator-ux.js} +234 -191
- package/dist/shell/node-store.js +124 -0
- package/dist/{observability/format.js → shell/observability-format.js} +7 -1
- package/dist/{observability/intake.js → shell/observability-intake.js} +79 -56
- package/dist/{observability.js → shell/observability.js} +159 -332
- package/dist/{onramp.js → shell/onramp.js} +11 -0
- package/dist/{operator-ux/format.js → shell/operator-ux-text.js} +250 -239
- package/dist/shell/operator-ux.js +431 -0
- package/dist/shell/orchestrator.js +231 -0
- package/dist/shell/pipeline-cli.js +667 -0
- package/dist/shell/pipeline.js +217 -0
- package/dist/shell/reclamation-io.js +1366 -0
- package/dist/shell/registry-cli.js +329 -0
- package/dist/{remote-source.js → shell/remote-source.js} +2 -2
- package/dist/shell/report-cli.js +101 -0
- package/dist/shell/report-view-cli.js +117 -0
- package/dist/{orchestrator → shell}/report.js +289 -282
- package/dist/shell/reporter.js +62 -0
- package/dist/shell/run-export-cli.js +106 -0
- package/dist/shell/run-export.js +680 -0
- package/dist/shell/run-registry-io.js +1014 -0
- package/dist/shell/run-store.js +164 -0
- package/dist/{sandbox-profile.js → shell/sandbox-profile.js} +134 -95
- package/dist/{scheduler.js → shell/scheduler-io.js} +248 -48
- package/dist/shell/scheduling-io.js +311 -0
- package/dist/shell/state-cli.js +181 -0
- package/dist/shell/state-explosion-cli.js +197 -0
- package/dist/shell/telemetry-cli.js +85 -0
- package/dist/{telemetry-demo.js → shell/telemetry-demo.js} +149 -119
- package/dist/shell/telemetry-ledger-io.js +132 -0
- package/dist/{term.js → shell/term.js} +36 -46
- package/dist/shell/topology-io.js +361 -0
- package/dist/shell/trust-audit.js +471 -0
- package/dist/{multi-agent-trust.js → shell/trust-policy-io.js} +67 -205
- package/dist/shell/verifier.js +48 -0
- package/dist/shell/workbench-host.js +250 -0
- package/dist/shell/workbench-text.js +18 -0
- package/dist/shell/workbench.js +175 -0
- package/dist/shell/worker-cli.js +124 -0
- package/dist/shell/worker-isolation.js +852 -0
- package/dist/shell/workflow-app-loader.js +650 -0
- package/docs/agent-delegation-drive.7.md +2 -0
- package/docs/cli-mcp-parity.7.md +280 -219
- package/docs/contract-migration-tooling.7.md +2 -0
- package/docs/control-plane-scheduling.7.md +2 -0
- package/docs/durable-state-and-locking.7.md +2 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +2 -0
- package/docs/execution-backends.7.md +2 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +2 -0
- package/docs/multi-agent-eval-replay-harness.7.md +2 -0
- package/docs/multi-agent-operator-ux.7.md +2 -0
- package/docs/node-snapshot-diff-replay.7.md +2 -0
- package/docs/observability-cost-accounting.7.md +2 -0
- package/docs/project-index.md +132 -71
- package/docs/real-execution-backends.7.md +2 -0
- package/docs/release-and-migration.7.md +2 -0
- package/docs/release-tooling.7.md +2 -0
- package/docs/run-registry-control-plane.7.md +2 -0
- package/docs/run-retention-reclamation.7.md +23 -0
- package/docs/state-explosion-management.7.md +2 -0
- package/docs/team-collaboration.7.md +2 -0
- package/docs/web-desktop-workbench.7.md +2 -0
- package/manifest/plugin.manifest.json +1 -1
- package/manifest/source-context-profiles.json +9 -13
- package/package.json +1 -1
- package/scripts/agents/cw-attest-wrap.js +2 -2
- package/scripts/bump-version.js +4 -3
- package/scripts/canonical-apps.js +4 -4
- package/scripts/dogfood-architecture-review.js +2 -3
- package/scripts/dogfood-release.js +3 -3
- package/scripts/gen-parity-doc.js +15 -2
- package/scripts/golden-path.js +4 -4
- package/scripts/onramp-check.js +1 -1
- package/scripts/parity-check.js +38 -21
- package/scripts/release-flow.js +2 -2
- package/scripts/sync-project-index.js +51 -27
- package/scripts/validate-run-state-schema.js +2 -2
- package/scripts/version-sync-check.js +30 -30
- package/dist/candidate-scoring.js +0 -729
- package/dist/capability-core.js +0 -1189
- package/dist/capability-registry.js +0 -885
- package/dist/cli/command-surface.js +0 -494
- package/dist/cli/format.js +0 -56
- package/dist/cli/handlers/audit.js +0 -82
- package/dist/cli/handlers/blackboard.js +0 -81
- package/dist/cli/handlers/candidate.js +0 -40
- package/dist/cli/handlers/clones.js +0 -34
- package/dist/cli/handlers/collaboration.js +0 -61
- package/dist/cli/handlers/eval.js +0 -40
- package/dist/cli/handlers/ledger.js +0 -169
- package/dist/cli/handlers/maintenance.js +0 -107
- package/dist/cli/handlers/multi-agent.js +0 -165
- package/dist/cli/handlers/node.js +0 -41
- package/dist/cli/handlers/operational.js +0 -155
- package/dist/cli/handlers/operator.js +0 -146
- package/dist/cli/handlers/registry.js +0 -68
- package/dist/cli/handlers/run.js +0 -153
- package/dist/cli/handlers/scheduling.js +0 -132
- package/dist/cli/handlers/workbench.js +0 -41
- package/dist/cli/handlers/worker.js +0 -45
- package/dist/cli/run-summary.js +0 -45
- package/dist/clones.js +0 -162
- package/dist/collaboration.js +0 -726
- package/dist/commit.js +0 -592
- package/dist/compare.js +0 -18
- package/dist/coordinator/classify.js +0 -45
- package/dist/coordinator/paths.js +0 -42
- package/dist/coordinator/util.js +0 -126
- package/dist/coordinator.js +0 -990
- package/dist/daemon.js +0 -44
- package/dist/dispatch.js +0 -250
- package/dist/drive.js +0 -864
- package/dist/error-feedback.js +0 -419
- package/dist/evidence-grounding.js +0 -184
- package/dist/execution-backend/agent.js +0 -354
- package/dist/execution-backend/probes.js +0 -112
- package/dist/execution-backend/util.js +0 -47
- package/dist/execution-backend.js +0 -961
- package/dist/gates.js +0 -48
- package/dist/harness.js +0 -61
- package/dist/ledger.js +0 -313
- package/dist/loop-expansion.js +0 -60
- package/dist/mcp/tool-call.js +0 -470
- package/dist/mcp/tool-definitions.js +0 -1066
- package/dist/mcp-surface.js +0 -30
- package/dist/multi-agent/graph.js +0 -84
- package/dist/multi-agent/helpers.js +0 -141
- package/dist/multi-agent/ids.js +0 -20
- package/dist/multi-agent/paths.js +0 -22
- package/dist/multi-agent-eval/normalize.js +0 -51
- package/dist/multi-agent-eval.js +0 -678
- package/dist/multi-agent-host.js +0 -777
- package/dist/multi-agent.js +0 -984
- package/dist/node-projection.js +0 -59
- package/dist/node-snapshot.js +0 -260
- package/dist/operator-ux.js +0 -631
- package/dist/orchestrator/app-operations.js +0 -211
- package/dist/orchestrator/audit-operations.js +0 -182
- package/dist/orchestrator/candidate-operations.js +0 -117
- package/dist/orchestrator/cli-options.js +0 -294
- package/dist/orchestrator/collaboration-operations.js +0 -86
- package/dist/orchestrator/feedback-operations.js +0 -81
- package/dist/orchestrator/host-operations.js +0 -78
- package/dist/orchestrator/lifecycle-operations.js +0 -650
- package/dist/orchestrator/migration-operations.js +0 -44
- package/dist/orchestrator/multi-agent-operations.js +0 -362
- package/dist/orchestrator/topology-operations.js +0 -84
- package/dist/orchestrator.js +0 -925
- package/dist/pipeline-runner.js +0 -285
- package/dist/reclamation/hash.js +0 -72
- package/dist/reclamation.js +0 -812
- package/dist/reporter.js +0 -67
- package/dist/run-export.js +0 -815
- package/dist/run-registry/derive.js +0 -175
- package/dist/run-registry/format.js +0 -124
- package/dist/run-registry/gc.js +0 -251
- package/dist/run-registry/policy.js +0 -16
- package/dist/run-registry/queue.js +0 -115
- package/dist/run-registry.js +0 -850
- package/dist/run-state-schema.js +0 -68
- package/dist/scheduling.js +0 -184
- package/dist/state-explosion.js +0 -1014
- package/dist/state.js +0 -367
- package/dist/telemetry-ledger.js +0 -196
- package/dist/topology.js +0 -565
- package/dist/triggers.js +0 -184
- package/dist/trust-audit.js +0 -644
- package/dist/types/blackboard.js +0 -2
- package/dist/types/candidate.js +0 -2
- package/dist/types/collaboration.js +0 -2
- package/dist/types/core.js +0 -2
- package/dist/types/drive.js +0 -10
- package/dist/types/error-feedback.js +0 -2
- package/dist/types/evidence-reasoning.js +0 -2
- package/dist/types/execution-backend.js +0 -2
- package/dist/types/multi-agent.js +0 -2
- package/dist/types/observability.js +0 -2
- package/dist/types/pipeline.js +0 -2
- package/dist/types/reclamation.js +0 -8
- package/dist/types/report-bundle.js +0 -6
- package/dist/types/result.js +0 -2
- package/dist/types/run-registry.js +0 -2
- package/dist/types/run.js +0 -2
- package/dist/types/sandbox.js +0 -2
- package/dist/types/schedule.js +0 -2
- package/dist/types/state-node.js +0 -2
- package/dist/types/topology.js +0 -2
- package/dist/types/trust.js +0 -2
- package/dist/types/workbench.js +0 -2
- package/dist/types/worker.js +0 -2
- package/dist/types/workflow-app.js +0 -2
- package/dist/types.js +0 -44
- package/dist/util/fingerprint.js +0 -19
- package/dist/util/fingerprint.test.js +0 -27
- package/dist/verifier.js +0 -78
- package/dist/version.js +0 -8
- package/dist/workbench-host.js +0 -192
- package/dist/workbench.js +0 -192
- package/dist/worker-accept/acceptance.js +0 -114
- package/dist/worker-accept/blackboard-fanout.js +0 -80
- package/dist/worker-accept/blackboard-linkage.js +0 -19
- package/dist/worker-accept/context.js +0 -2
- package/dist/worker-accept/telemetry-ledger.js +0 -126
- package/dist/worker-accept/validation.js +0 -77
- package/dist/worker-accept/verifier-completion.js +0 -73
- package/dist/worker-isolation/helpers.js +0 -51
- package/dist/worker-isolation/paths.js +0 -46
- package/dist/worker-isolation.js +0 -656
- package/dist/workflow-api.js +0 -131
- /package/dist/{types → core/types}/boundary.js +0 -0
|
@@ -0,0 +1,264 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// shell/collaboration-io.ts — the impure wrapper around
|
|
3
|
+
// core/multi-agent/collaboration.ts's pure record builders + review-state
|
|
4
|
+
// projection: recordApproval/recordComment/recordHandoff/setReviewPolicy/
|
|
5
|
+
// deriveReviewState/reviewGateErrors, plus the read-only reports.
|
|
6
|
+
//
|
|
7
|
+
// MILESTONE 9. Byte-exact port of the impure half of the old build's
|
|
8
|
+
// src/collaboration.ts: trust-audit recording + saveCheckpoint.
|
|
9
|
+
//
|
|
10
|
+
// Evidence: SPEC/multi-agent.md section F; plugins/cool-workflow/src/
|
|
11
|
+
// collaboration.ts (byte-exact source for the wiring sequence).
|
|
12
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
13
|
+
if (k2 === undefined) k2 = k;
|
|
14
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
15
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
16
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
17
|
+
}
|
|
18
|
+
Object.defineProperty(o, k2, desc);
|
|
19
|
+
}) : (function(o, m, k, k2) {
|
|
20
|
+
if (k2 === undefined) k2 = k;
|
|
21
|
+
o[k2] = m[k];
|
|
22
|
+
}));
|
|
23
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
24
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
25
|
+
}) : function(o, v) {
|
|
26
|
+
o["default"] = v;
|
|
27
|
+
});
|
|
28
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
29
|
+
var ownKeys = function(o) {
|
|
30
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
31
|
+
var ar = [];
|
|
32
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
33
|
+
return ar;
|
|
34
|
+
};
|
|
35
|
+
return ownKeys(o);
|
|
36
|
+
};
|
|
37
|
+
return function (mod) {
|
|
38
|
+
if (mod && mod.__esModule) return mod;
|
|
39
|
+
var result = {};
|
|
40
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
41
|
+
__setModuleDefault(result, mod);
|
|
42
|
+
return result;
|
|
43
|
+
};
|
|
44
|
+
})();
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.formatReviewStatus = void 0;
|
|
47
|
+
exports.ensureCollaborationState = ensureCollaborationState;
|
|
48
|
+
exports.recordApproval = recordApproval;
|
|
49
|
+
exports.recordComment = recordComment;
|
|
50
|
+
exports.recordHandoff = recordHandoff;
|
|
51
|
+
exports.setReviewPolicy = setReviewPolicy;
|
|
52
|
+
exports.resolveReviewPolicy = resolveReviewPolicy;
|
|
53
|
+
exports.selfActorIdsForCandidate = selfActorIdsForCandidate;
|
|
54
|
+
exports.deriveReviewState = deriveReviewState;
|
|
55
|
+
exports.reviewGateErrors = reviewGateErrors;
|
|
56
|
+
exports.commitReviewProvenance = commitReviewProvenance;
|
|
57
|
+
exports.buildReviewStatusReport = buildReviewStatusReport;
|
|
58
|
+
exports.listComments = listComments;
|
|
59
|
+
exports.deriveOwner = deriveOwner;
|
|
60
|
+
exports.formatCommentList = formatCommentList;
|
|
61
|
+
const trust_audit_1 = require("./trust-audit");
|
|
62
|
+
const run_store_1 = require("./run-store");
|
|
63
|
+
const collab = __importStar(require("../core/multi-agent/collaboration"));
|
|
64
|
+
function now() {
|
|
65
|
+
return new Date().toISOString();
|
|
66
|
+
}
|
|
67
|
+
function auditTargetFields(target) {
|
|
68
|
+
switch (target.kind) {
|
|
69
|
+
case "candidate":
|
|
70
|
+
return { candidateId: target.id };
|
|
71
|
+
case "selection":
|
|
72
|
+
return { selectionId: target.id };
|
|
73
|
+
case "commit":
|
|
74
|
+
return { commitId: target.id };
|
|
75
|
+
case "node":
|
|
76
|
+
return { nodeId: target.id };
|
|
77
|
+
case "task":
|
|
78
|
+
return { taskId: target.id };
|
|
79
|
+
default:
|
|
80
|
+
return {};
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
function compact(value) {
|
|
84
|
+
return Object.fromEntries(Object.entries(value).filter(([, entry]) => entry !== undefined));
|
|
85
|
+
}
|
|
86
|
+
function ensureCollaborationState(run) {
|
|
87
|
+
const existing = run.collaboration;
|
|
88
|
+
const state = existing || collab.emptyCollaborationState();
|
|
89
|
+
if (!Array.isArray(state.approvals))
|
|
90
|
+
state.approvals = [];
|
|
91
|
+
if (!Array.isArray(state.comments))
|
|
92
|
+
state.comments = [];
|
|
93
|
+
if (!Array.isArray(state.handoffs))
|
|
94
|
+
state.handoffs = [];
|
|
95
|
+
run.collaboration = state;
|
|
96
|
+
return state;
|
|
97
|
+
}
|
|
98
|
+
function persist(run, options) {
|
|
99
|
+
if (options.persist === false)
|
|
100
|
+
return;
|
|
101
|
+
(0, run_store_1.saveCheckpoint)(run);
|
|
102
|
+
}
|
|
103
|
+
function recordApproval(run, input, options = {}) {
|
|
104
|
+
const state = ensureCollaborationState(run);
|
|
105
|
+
const actor = collab.normalizeActor(input);
|
|
106
|
+
const target = collab.normalizeTarget(input.target);
|
|
107
|
+
const decision = input.decision === "reject" ? "reject" : "approve";
|
|
108
|
+
const audit = (0, trust_audit_1.recordTrustAuditEvent)(run, {
|
|
109
|
+
kind: decision === "approve" ? "collaboration.approval" : "collaboration.rejection",
|
|
110
|
+
decision: decision === "approve" ? "accepted" : "rejected",
|
|
111
|
+
source: actor.source,
|
|
112
|
+
actor: actor.id,
|
|
113
|
+
...auditTargetFields(target),
|
|
114
|
+
agentRoleId: actor.roleId,
|
|
115
|
+
metadata: compact({ decision, rationale: input.rationale, roleId: actor.roleId, attestation: actor.attestation, targetKind: target.kind, supersedes: input.supersedes }),
|
|
116
|
+
});
|
|
117
|
+
const record = collab.buildApproval(input, state.approvals.length, run.id, now(), audit.id);
|
|
118
|
+
state.approvals.push(record);
|
|
119
|
+
persist(run, options);
|
|
120
|
+
return record;
|
|
121
|
+
}
|
|
122
|
+
function recordComment(run, input, options = {}) {
|
|
123
|
+
const state = ensureCollaborationState(run);
|
|
124
|
+
const actor = collab.normalizeActor(input);
|
|
125
|
+
const target = collab.normalizeTarget(input.target);
|
|
126
|
+
const threadId = input.threadId?.trim() || `${target.kind}:${target.id}`;
|
|
127
|
+
const audit = (0, trust_audit_1.recordTrustAuditEvent)(run, { kind: "collaboration.comment", decision: "recorded", source: actor.source, actor: actor.id, ...auditTargetFields(target), agentRoleId: actor.roleId, metadata: compact({ threadId, parentId: input.parentId, targetKind: target.kind }) });
|
|
128
|
+
const record = collab.buildComment(input, state.comments.length, run.id, now(), audit.id);
|
|
129
|
+
state.comments.push(record);
|
|
130
|
+
persist(run, options);
|
|
131
|
+
return record;
|
|
132
|
+
}
|
|
133
|
+
function recordHandoff(run, input, options = {}) {
|
|
134
|
+
const state = ensureCollaborationState(run);
|
|
135
|
+
const recorder = collab.normalizeActor(input);
|
|
136
|
+
const fromActor = input.fromActor ? collab.normalizeActor({ actor: input.fromActor, actorKind: input.fromActorKind, role: input.fromRole, attested: input.attested }) : recorder;
|
|
137
|
+
const toActor = collab.normalizeActor({ actor: input.toActor, actorKind: input.toActorKind, role: input.toRole, displayName: input.toDisplayName, attested: input.toAttested });
|
|
138
|
+
const target = collab.normalizeTarget(input.target);
|
|
139
|
+
const reason = input.reason?.trim() || "handoff";
|
|
140
|
+
const audit = (0, trust_audit_1.recordTrustAuditEvent)(run, { kind: "collaboration.handoff", decision: "recorded", source: recorder.source, actor: recorder.id, ...auditTargetFields(target), metadata: compact({ from: fromActor.id, to: toActor.id, reason, targetKind: target.kind }) });
|
|
141
|
+
const record = collab.buildHandoff(input, state.handoffs.length, run.id, now(), audit.id);
|
|
142
|
+
state.handoffs.push(record);
|
|
143
|
+
persist(run, options);
|
|
144
|
+
return record;
|
|
145
|
+
}
|
|
146
|
+
/** First defined value among a set of option-name aliases (old wrapper's
|
|
147
|
+
* `firstDefined`) — lets a caller pass any of `requiredApprovals`/`required`,
|
|
148
|
+
* `authorizedRoles`/`roles`, `allowSelfApproval`/`allow-self-approval`, etc. */
|
|
149
|
+
function firstDefined(source, ...keys) {
|
|
150
|
+
for (const key of keys) {
|
|
151
|
+
if (source[key] !== undefined)
|
|
152
|
+
return source[key];
|
|
153
|
+
}
|
|
154
|
+
return undefined;
|
|
155
|
+
}
|
|
156
|
+
function setReviewPolicy(run, input, options = {}) {
|
|
157
|
+
const state = ensureCollaborationState(run);
|
|
158
|
+
// Resolve the old wrapper's option-name aliases before building the policy,
|
|
159
|
+
// so `required`/`roles`/`allow-self-approval`/... reach buildReviewPolicy on
|
|
160
|
+
// the canonical keys. Values are Boolean/number-coerced inside
|
|
161
|
+
// buildReviewPolicy; undefined aliases fall through to existing/defaults.
|
|
162
|
+
const raw = input;
|
|
163
|
+
const resolved = {
|
|
164
|
+
requiredApprovals: firstDefined(raw, "requiredApprovals", "required-approvals", "required", "approvals"),
|
|
165
|
+
authorizedRoles: firstDefined(raw, "authorizedRoles", "authorized-roles", "roles"),
|
|
166
|
+
allowSelfApproval: firstDefined(raw, "allowSelfApproval", "allow-self-approval"),
|
|
167
|
+
requireAttestedActor: firstDefined(raw, "requireAttestedActor", "require-attested-actor"),
|
|
168
|
+
appliesTo: firstDefined(raw, "appliesTo", "applies-to", "targets"),
|
|
169
|
+
};
|
|
170
|
+
const policy = collab.buildReviewPolicy(resolved, state.policy, now());
|
|
171
|
+
state.policy = policy;
|
|
172
|
+
(0, trust_audit_1.recordTrustAuditEvent)(run, { kind: "collaboration.review-policy", decision: "recorded", source: "operator-recorded", metadata: compact({ policyId: policy.id, requiredApprovals: policy.requiredApprovals, authorizedRoles: policy.authorizedRoles, allowSelfApproval: policy.allowSelfApproval, requireAttestedActor: policy.requireAttestedActor, appliesTo: policy.appliesTo }) });
|
|
173
|
+
persist(run, options);
|
|
174
|
+
return { ...policy, surface: "collaboration", runId: run.id, policy };
|
|
175
|
+
}
|
|
176
|
+
function resolveReviewPolicy(run, policy) {
|
|
177
|
+
return policy || ensureCollaborationState(run).policy || undefined;
|
|
178
|
+
}
|
|
179
|
+
function relatedTargetsFor(run, target) {
|
|
180
|
+
if (target.kind !== "commit")
|
|
181
|
+
return [target];
|
|
182
|
+
const commit = (run.commits || []).find((entry) => entry.id === target.id);
|
|
183
|
+
const related = [target];
|
|
184
|
+
if (commit?.selectionId)
|
|
185
|
+
related.push({ kind: "selection", id: commit.selectionId });
|
|
186
|
+
if (commit?.candidateId)
|
|
187
|
+
related.push({ kind: "candidate", id: commit.candidateId });
|
|
188
|
+
return related;
|
|
189
|
+
}
|
|
190
|
+
function candidateWorkerId(run, candidateId) {
|
|
191
|
+
const candidate = candidateId ? (run.candidates || []).find((entry) => entry.id === candidateId) : undefined;
|
|
192
|
+
return candidate?.workerId;
|
|
193
|
+
}
|
|
194
|
+
function selectedByForCandidate(run, candidateId, selectionId) {
|
|
195
|
+
const selections = (run.candidateSelections || []).filter((selection) => (selectionId && selection.id === selectionId) || (candidateId && selection.candidateId === candidateId));
|
|
196
|
+
return selections.map((selection) => selection.selectedBy).filter((id) => Boolean(id));
|
|
197
|
+
}
|
|
198
|
+
function selfActorIdsForCandidate(run, candidateId, selectionId) {
|
|
199
|
+
return collab.selfActorIdsForCandidate(candidateWorkerId(run, candidateId), selectedByForCandidate(run, candidateId, selectionId));
|
|
200
|
+
}
|
|
201
|
+
function selfActorIdsForTarget(run, target) {
|
|
202
|
+
if (target.kind === "candidate")
|
|
203
|
+
return selfActorIdsForCandidate(run, target.id);
|
|
204
|
+
if (target.kind === "selection") {
|
|
205
|
+
const selection = (run.candidateSelections || []).find((entry) => entry.id === target.id);
|
|
206
|
+
return selfActorIdsForCandidate(run, selection?.candidateId, target.id);
|
|
207
|
+
}
|
|
208
|
+
if (target.kind === "commit") {
|
|
209
|
+
const commit = (run.commits || []).find((entry) => entry.id === target.id);
|
|
210
|
+
return selfActorIdsForCandidate(run, commit?.candidateId, commit?.selectionId);
|
|
211
|
+
}
|
|
212
|
+
return [];
|
|
213
|
+
}
|
|
214
|
+
function deriveReviewState(run, target, options = {}) {
|
|
215
|
+
const state = ensureCollaborationState(run);
|
|
216
|
+
const policy = resolveReviewPolicy(run, options.policy);
|
|
217
|
+
return collab.deriveReviewState(run.id, state.approvals, target, { ...options, policy });
|
|
218
|
+
}
|
|
219
|
+
function reviewGateErrors(run, input) {
|
|
220
|
+
const state = ensureCollaborationState(run);
|
|
221
|
+
const policy = resolveReviewPolicy(run, input.policy);
|
|
222
|
+
return collab.reviewGateErrors(run.id, state.approvals, { ...input, policy }, now());
|
|
223
|
+
}
|
|
224
|
+
function commitReviewProvenance(run, input) {
|
|
225
|
+
const state = ensureCollaborationState(run);
|
|
226
|
+
const policy = resolveReviewPolicy(run, input.policy);
|
|
227
|
+
return collab.commitReviewProvenance(run.id, state.approvals, { ...input, policy });
|
|
228
|
+
}
|
|
229
|
+
function buildReviewStatusReport(run, options) {
|
|
230
|
+
const state = ensureCollaborationState(run);
|
|
231
|
+
const targets = options.target ? [collab.normalizeTarget(options.target)] : collab.distinctTargets(state);
|
|
232
|
+
const reviewStates = targets.map((target) => deriveReviewState(run, target, { policy: state.policy, relatedTargets: relatedTargetsFor(run, target), selfActorIds: selfActorIdsForTarget(run, target) }));
|
|
233
|
+
const owner = collab.deriveOwner(state.handoffs);
|
|
234
|
+
const timeline = collab.buildTimeline(state);
|
|
235
|
+
return {
|
|
236
|
+
schemaVersion: 1,
|
|
237
|
+
surface: "collaboration",
|
|
238
|
+
runId: run.id,
|
|
239
|
+
generatedAt: options.now,
|
|
240
|
+
policy: state.policy,
|
|
241
|
+
owner,
|
|
242
|
+
targets: reviewStates,
|
|
243
|
+
counts: { approvals: state.approvals.filter((record) => record.decision === "approve").length, rejections: state.approvals.filter((record) => record.decision === "reject").length, comments: state.comments.length, handoffs: state.handoffs.length },
|
|
244
|
+
timeline,
|
|
245
|
+
nextActions: collab.buildNextActions(run.id, reviewStates, state.policy),
|
|
246
|
+
};
|
|
247
|
+
}
|
|
248
|
+
function listComments(run, target) {
|
|
249
|
+
const normalized = target ? collab.normalizeTarget(target) : undefined;
|
|
250
|
+
const comments = collab.listComments(ensureCollaborationState(run), normalized);
|
|
251
|
+
return { schemaVersion: 1, surface: "collaboration", runId: run.id, ...(normalized ? { target: normalized } : {}), count: comments.length, comments };
|
|
252
|
+
}
|
|
253
|
+
function deriveOwner(run) {
|
|
254
|
+
return collab.deriveOwner(ensureCollaborationState(run).handoffs);
|
|
255
|
+
}
|
|
256
|
+
exports.formatReviewStatus = collab.formatReviewStatus;
|
|
257
|
+
/** Format the comment list for humans. Accepts either the bare record array
|
|
258
|
+
* (the core formatter's shape) or the `CommentListReport` envelope this
|
|
259
|
+
* module now returns, so a caller that passes `listComments(run)` straight
|
|
260
|
+
* through still renders the comments (never the envelope's own keys). */
|
|
261
|
+
function formatCommentList(input) {
|
|
262
|
+
const comments = Array.isArray(input) ? input : input.comments;
|
|
263
|
+
return collab.formatCommentList(comments);
|
|
264
|
+
}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// shell/commit-summary.ts — `cw commit summary` / `cw_commit_summary`.
|
|
3
|
+
//
|
|
4
|
+
// GAP #26 port: v2 dropped the CLI binding + shell body for commit.summary,
|
|
5
|
+
// keeping only the MCP tool row. This restores the old build's
|
|
6
|
+
// `summarizeOperatorCommits` (src/operator-ux.ts:339-349) + `formatCommitRow`
|
|
7
|
+
// (src/operator-ux.ts:683-696) byte-for-byte, plus the `commitSummaryCli`
|
|
8
|
+
// thin adapter both front doors call (mirrors feedbackSummaryCli /
|
|
9
|
+
// candidateSummaryCli shape). Impure: reads run state from disk.
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
+
}) : function(o, v) {
|
|
24
|
+
o["default"] = v;
|
|
25
|
+
});
|
|
26
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
27
|
+
var ownKeys = function(o) {
|
|
28
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
29
|
+
var ar = [];
|
|
30
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
31
|
+
return ar;
|
|
32
|
+
};
|
|
33
|
+
return ownKeys(o);
|
|
34
|
+
};
|
|
35
|
+
return function (mod) {
|
|
36
|
+
if (mod && mod.__esModule) return mod;
|
|
37
|
+
var result = {};
|
|
38
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
39
|
+
__setModuleDefault(result, mod);
|
|
40
|
+
return result;
|
|
41
|
+
};
|
|
42
|
+
})();
|
|
43
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
|
+
exports.summarizeOperatorCommits = summarizeOperatorCommits;
|
|
45
|
+
exports.commitSummaryCli = commitSummaryCli;
|
|
46
|
+
exports.formatCommitSummaryText = formatCommitSummaryText;
|
|
47
|
+
const path = __importStar(require("node:path"));
|
|
48
|
+
const run_store_1 = require("./run-store");
|
|
49
|
+
function formatCommitRow(commit) {
|
|
50
|
+
return {
|
|
51
|
+
id: commit.id,
|
|
52
|
+
kind: commit.verifierGated ? "verifier-gated" : "checkpoint",
|
|
53
|
+
reason: commit.reason,
|
|
54
|
+
createdAt: commit.createdAt,
|
|
55
|
+
snapshotPath: commit.snapshotPath,
|
|
56
|
+
stateNodeId: commit.stateNodeId,
|
|
57
|
+
verifierNodeId: commit.verifierNodeId,
|
|
58
|
+
candidateId: commit.candidateId,
|
|
59
|
+
selectionId: commit.selectionId,
|
|
60
|
+
evidenceCount: commit.evidence?.length || 0,
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
/** Byte-exact port of the old build's `summarizeOperatorCommits`
|
|
64
|
+
* (src/operator-ux.ts:339-349). */
|
|
65
|
+
function summarizeOperatorCommits(run) {
|
|
66
|
+
const commits = [...(run.commits || [])].sort((left, right) => left.createdAt.localeCompare(right.createdAt) || left.id.localeCompare(right.id));
|
|
67
|
+
const rows = commits.map(formatCommitRow);
|
|
68
|
+
return {
|
|
69
|
+
total: rows.length,
|
|
70
|
+
verifierGated: rows.filter((commit) => commit.kind === "verifier-gated").length,
|
|
71
|
+
checkpoints: rows.filter((commit) => commit.kind === "checkpoint").length,
|
|
72
|
+
latest: rows.at(-1),
|
|
73
|
+
commits: rows,
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
function req(value, label) {
|
|
77
|
+
const s = value === undefined || value === null ? "" : String(value);
|
|
78
|
+
if (!s)
|
|
79
|
+
throw new Error(`Missing ${label}`);
|
|
80
|
+
return s;
|
|
81
|
+
}
|
|
82
|
+
function cwdFor(args) {
|
|
83
|
+
return typeof args.cwd === "string" && args.cwd.trim() ? path.resolve(args.cwd) : process.cwd();
|
|
84
|
+
}
|
|
85
|
+
/** Thin adapter both front doors call (mirrors the old build's orchestrator
|
|
86
|
+
* `summarizeCommitRecords(runId)` = `summarizeOperatorCommits(loadRun(runId))`). */
|
|
87
|
+
function commitSummaryCli(args) {
|
|
88
|
+
const run = (0, run_store_1.loadRunFromCwd)(req(args.runId, "run id"), cwdFor(args));
|
|
89
|
+
return summarizeOperatorCommits(run);
|
|
90
|
+
}
|
|
91
|
+
/** `cw commit summary <run>` human text — port of the old build's
|
|
92
|
+
* formatCommitPanel (operator-ux/format.ts): a `Commits` rollup with the
|
|
93
|
+
* verifier-gated / checkpoint counts and the latest commit. */
|
|
94
|
+
function formatCommitSummaryText(summary) {
|
|
95
|
+
const lines = [
|
|
96
|
+
"Commits",
|
|
97
|
+
` total=${summary.total}; verifier-gated=${summary.verifierGated}; checkpoints=${summary.checkpoints}`,
|
|
98
|
+
` latest=${summary.latest ? `${summary.latest.id} (${summary.latest.kind}) ${summary.latest.snapshotPath}` : "none"}`,
|
|
99
|
+
];
|
|
100
|
+
for (const commit of summary.commits.slice(-8)) {
|
|
101
|
+
lines.push(` ${commit.id}: ${commit.kind}, reason=${commit.reason}`);
|
|
102
|
+
}
|
|
103
|
+
return lines.join("\n");
|
|
104
|
+
}
|
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// shell/commit.ts — commitState: the imperative wrapper around
|
|
3
|
+
// core/pipeline/commit-gate.ts's pure gate resolution.
|
|
4
|
+
//
|
|
5
|
+
// MILESTONE 6+7 (combined). Byte-exact port of the old build's
|
|
6
|
+
// src/commit.ts's IO half (snapshot write, git-head read, the commit
|
|
7
|
+
// node's disk write via the pipeline runner).
|
|
8
|
+
//
|
|
9
|
+
// Evidence: SPEC/pipeline-run.md "Commit gate — src/commit.ts".
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
+
}) : function(o, v) {
|
|
24
|
+
o["default"] = v;
|
|
25
|
+
});
|
|
26
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
27
|
+
var ownKeys = function(o) {
|
|
28
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
29
|
+
var ar = [];
|
|
30
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
31
|
+
return ar;
|
|
32
|
+
};
|
|
33
|
+
return ownKeys(o);
|
|
34
|
+
};
|
|
35
|
+
return function (mod) {
|
|
36
|
+
if (mod && mod.__esModule) return mod;
|
|
37
|
+
var result = {};
|
|
38
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
39
|
+
__setModuleDefault(result, mod);
|
|
40
|
+
return result;
|
|
41
|
+
};
|
|
42
|
+
})();
|
|
43
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
|
+
exports.CommitGateError = void 0;
|
|
45
|
+
exports.commitState = commitState;
|
|
46
|
+
const fs = __importStar(require("node:fs"));
|
|
47
|
+
const path = __importStar(require("node:path"));
|
|
48
|
+
const node_child_process_1 = require("node:child_process");
|
|
49
|
+
const fs_atomic_1 = require("./fs-atomic");
|
|
50
|
+
const commit_gate_1 = require("../core/pipeline/commit-gate");
|
|
51
|
+
const contract_1 = require("../core/pipeline/contract");
|
|
52
|
+
const runner_1 = require("../core/pipeline/runner");
|
|
53
|
+
const node_store_1 = require("./node-store");
|
|
54
|
+
const state_node_1 = require("../core/state/state-node");
|
|
55
|
+
const trust_audit_1 = require("./trust-audit");
|
|
56
|
+
const evidence_grounding_1 = require("../core/trust/evidence-grounding");
|
|
57
|
+
const collaboration_io_1 = require("./collaboration-io");
|
|
58
|
+
const error_feedback_io_1 = require("./error-feedback-io");
|
|
59
|
+
class CommitGateError extends Error {
|
|
60
|
+
structured;
|
|
61
|
+
feedbackId;
|
|
62
|
+
stateNodeId;
|
|
63
|
+
constructor(error, options = {}) {
|
|
64
|
+
super(error.message);
|
|
65
|
+
this.name = "CommitGateError";
|
|
66
|
+
this.structured = error;
|
|
67
|
+
this.feedbackId = options.feedbackId;
|
|
68
|
+
this.stateNodeId = options.stateNodeId;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
exports.CommitGateError = CommitGateError;
|
|
72
|
+
function normalizeCommitOptions(input) {
|
|
73
|
+
if (typeof input === "string")
|
|
74
|
+
return { reason: input || "manual", source: "runtime" };
|
|
75
|
+
// Fold facade-style bare nouns (verifier/candidate/selection) into the *Id
|
|
76
|
+
// fields so a host/MCP-shaped payload gates the same as a CLI-shaped one. When
|
|
77
|
+
// any gate option is supplied, the commit is verifier-gated by construction —
|
|
78
|
+
// mirrors commitRun()'s hasGateOption, so calling commitState directly with
|
|
79
|
+
// { selection } gates exactly as `cw commit --selection` does.
|
|
80
|
+
const verifierNodeId = input.verifierNodeId || input.verifier || input.verifierNode;
|
|
81
|
+
const candidateId = input.candidateId || input.candidate;
|
|
82
|
+
const selectionId = input.selectionId || input.selection;
|
|
83
|
+
const hasGateOption = Boolean(verifierNodeId || candidateId || selectionId);
|
|
84
|
+
return {
|
|
85
|
+
...input,
|
|
86
|
+
reason: input.reason || "manual",
|
|
87
|
+
source: input.source || "runtime",
|
|
88
|
+
verifierNodeId,
|
|
89
|
+
candidateId,
|
|
90
|
+
selectionId,
|
|
91
|
+
verifierGated: input.verifierGated || (hasGateOption && !input.allowUnverifiedCheckpoint),
|
|
92
|
+
};
|
|
93
|
+
}
|
|
94
|
+
function readGitHead(cwd) {
|
|
95
|
+
try {
|
|
96
|
+
return (0, node_child_process_1.execFileSync)("git", ["rev-parse", "HEAD"], { cwd, encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 5000 }).trim();
|
|
97
|
+
}
|
|
98
|
+
catch {
|
|
99
|
+
return undefined;
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
function findNode(run, nodeId) {
|
|
103
|
+
return (run.nodes || []).find((n) => n.id === nodeId);
|
|
104
|
+
}
|
|
105
|
+
function backingResultFor(run, verifierNodeId) {
|
|
106
|
+
if (!verifierNodeId)
|
|
107
|
+
return { result: undefined, requiresEvidence: undefined };
|
|
108
|
+
const marker = ":verifier:";
|
|
109
|
+
const idx = verifierNodeId.indexOf(marker);
|
|
110
|
+
const taskId = idx >= 0 ? verifierNodeId.slice(idx + marker.length) : undefined;
|
|
111
|
+
const task = taskId ? run.tasks.find((t) => t.id === taskId) : undefined;
|
|
112
|
+
if (!task)
|
|
113
|
+
return { result: undefined, requiresEvidence: undefined };
|
|
114
|
+
return { result: task.result, requiresEvidence: Boolean(task.requiresEvidence) };
|
|
115
|
+
}
|
|
116
|
+
/** commitState(run, input) — resolves the gate, writes the failure node +
|
|
117
|
+
* throws on any error; on success writes the snapshot + commit node and
|
|
118
|
+
* pushes the commit. */
|
|
119
|
+
function commitState(run, input) {
|
|
120
|
+
const options = normalizeCommitOptions(input);
|
|
121
|
+
const now = new Date().toISOString();
|
|
122
|
+
const { result: backingResult, requiresEvidence } = backingResultFor(run, options.verifierNodeId || (options.reason.startsWith("result:") ? run.tasks.find((t) => t.id === options.reason.slice(7))?.verifierNodeId : undefined));
|
|
123
|
+
const gate = (0, commit_gate_1.resolveCommitGate)(run, options, {
|
|
124
|
+
now,
|
|
125
|
+
backingResult,
|
|
126
|
+
taskRequiresEvidence: requiresEvidence,
|
|
127
|
+
unresolvedFileEvidence: (0, evidence_grounding_1.requireResolvableEvidence)()
|
|
128
|
+
? (evidence) => (0, evidence_grounding_1.unresolvedFileEvidence)(evidence, Array.from(new Set([run.cwd, process.cwd(), run.paths.runDir])), { exists: fs.existsSync, isAbsolute: path.isAbsolute, resolve: (base, rel) => path.resolve(base, rel) })
|
|
129
|
+
: undefined,
|
|
130
|
+
});
|
|
131
|
+
// Stack the review gate ON TOP of the verifier gate. An applicable review
|
|
132
|
+
// policy can only ADD required-approval constraints from authorized roles; it
|
|
133
|
+
// never relaxes verifier acceptance. Fail closed: a verifier-passing but
|
|
134
|
+
// un-approved commit is BLOCKED here. Provenance (who approved the shipped
|
|
135
|
+
// commit) is stamped only when NO errors remain. The old build wired this
|
|
136
|
+
// inside resolveVerifierGate; v2's resolver is pure, so it layers in the
|
|
137
|
+
// shell where the run's approval state lives.
|
|
138
|
+
let reviewProvenance;
|
|
139
|
+
if (gate.verifierGated) {
|
|
140
|
+
const reviewInput = {
|
|
141
|
+
targetKind: "commit",
|
|
142
|
+
candidateId: gate.candidateId,
|
|
143
|
+
selectionId: gate.selectionId,
|
|
144
|
+
selfActorIds: (0, collaboration_io_1.selfActorIdsForCandidate)(run, gate.candidateId, gate.selectionId),
|
|
145
|
+
};
|
|
146
|
+
const reviewErrors = (0, collaboration_io_1.reviewGateErrors)(run, reviewInput);
|
|
147
|
+
if (reviewErrors.length)
|
|
148
|
+
gate.errors.push(...reviewErrors);
|
|
149
|
+
else
|
|
150
|
+
reviewProvenance = (0, collaboration_io_1.commitReviewProvenance)(run, reviewInput);
|
|
151
|
+
}
|
|
152
|
+
if (gate.errors.length) {
|
|
153
|
+
throw recordCommitGateFailure(run, options, gate);
|
|
154
|
+
}
|
|
155
|
+
fs.mkdirSync(run.paths.commitsDir, { recursive: true });
|
|
156
|
+
const id = (0, commit_gate_1.formatCommitId)((run.commits || []).length + 1);
|
|
157
|
+
const snapshotPath = path.join(run.paths.commitsDir, `${id}.json`);
|
|
158
|
+
const rationale = gate.acceptanceRationale;
|
|
159
|
+
const audit = gate.verifierGated
|
|
160
|
+
? (0, trust_audit_1.recordTrustAuditEvent)(run, { kind: "commit.gate", decision: "accepted", source: "cw-validated", workerId: rationale?.workerId, nodeId: gate.verifierNodeId, candidateId: gate.candidateId, selectionId: gate.selectionId, commitId: id, sandboxProfileId: rationale?.sandboxProfileId, evidence: gate.evidence, metadata: rationale })
|
|
161
|
+
: undefined;
|
|
162
|
+
const evidence = (0, trust_audit_1.normalizeEvidence)(run, gate.evidence, { source: gate.verifierGated ? "cw-validated" : "runtime-derived", workerId: rationale?.workerId, verifierNodeId: gate.verifierNodeId, candidateId: gate.candidateId, selectionId: gate.selectionId, commitId: id, auditEventIds: audit ? [audit.id] : [] });
|
|
163
|
+
const commit = {
|
|
164
|
+
id,
|
|
165
|
+
createdAt: now,
|
|
166
|
+
reason: options.reason,
|
|
167
|
+
loopStage: run.loopStage,
|
|
168
|
+
statePath: run.paths.state,
|
|
169
|
+
reportPath: run.paths.report,
|
|
170
|
+
snapshotPath,
|
|
171
|
+
gitHead: readGitHead(run.cwd),
|
|
172
|
+
verifierGated: gate.verifierGated,
|
|
173
|
+
checkpoint: !gate.verifierGated,
|
|
174
|
+
verifierNodeId: gate.verifierNodeId,
|
|
175
|
+
candidateId: gate.candidateId,
|
|
176
|
+
selectionId: gate.selectionId,
|
|
177
|
+
evidence,
|
|
178
|
+
// Acceptance rationale rides on the commit so `report`/`metrics`/audit can
|
|
179
|
+
// explain WHY it was accepted. commitGateResult reflects whether the gate
|
|
180
|
+
// ran (passed) or this was an unverified checkpoint; audit event id is
|
|
181
|
+
// threaded so the rationale points back at its own audit record.
|
|
182
|
+
...(rationale
|
|
183
|
+
? {
|
|
184
|
+
acceptanceRationale: {
|
|
185
|
+
...rationale,
|
|
186
|
+
commitGateResult: gate.verifierGated ? "passed" : "checkpoint",
|
|
187
|
+
auditEventIds: audit ? [...(rationale.auditEventIds || []), audit.id] : rationale.auditEventIds,
|
|
188
|
+
},
|
|
189
|
+
}
|
|
190
|
+
: {}),
|
|
191
|
+
metadata: { ...(options.metadata || {}), ...gate.metadata },
|
|
192
|
+
...(reviewProvenance ? { review: reviewProvenance } : {}),
|
|
193
|
+
};
|
|
194
|
+
const commitNodeId = recordCommitNode(run, commit, options, gate);
|
|
195
|
+
if (commitNodeId)
|
|
196
|
+
commit.stateNodeId = commitNodeId;
|
|
197
|
+
// A verifier-gated commit is the run's checkpoint — advance the run-level loop
|
|
198
|
+
// stage. Guard on verifierGated so the initial plan/unverified checkpoint does
|
|
199
|
+
// NOT prematurely move the run off "interpret".
|
|
200
|
+
if (gate.verifierGated)
|
|
201
|
+
run.loopStage = "checkpoint";
|
|
202
|
+
(0, fs_atomic_1.writeJson)(snapshotPath, { commit, run });
|
|
203
|
+
run.commits.push(commit);
|
|
204
|
+
return commit;
|
|
205
|
+
}
|
|
206
|
+
function recordCommitNode(run, commit, options, gate) {
|
|
207
|
+
const verifierNode = gate.verifierNodeId ? findNode(run, gate.verifierNodeId) : undefined;
|
|
208
|
+
if (commit.verifierGated && verifierNode) {
|
|
209
|
+
const commitResult = (0, runner_1.runPipelineStage)(run, "commit", verifierNode.id, {
|
|
210
|
+
outputNodeId: `${run.id}:commit:${commit.id}`,
|
|
211
|
+
outputStatus: "committed",
|
|
212
|
+
loopStage: "checkpoint",
|
|
213
|
+
outputs: { snapshotPath: commit.snapshotPath, gitHead: commit.gitHead, verifierGated: true, verifierNodeId: verifierNode.id, candidateId: gate.candidateId, selectionId: gate.selectionId },
|
|
214
|
+
artifacts: [{ id: "snapshot", kind: "json", path: commit.snapshotPath }],
|
|
215
|
+
evidence: commit.evidence || verifierNode.evidence,
|
|
216
|
+
metadata: { ...(options.metadata || {}), reason: options.reason, commitId: commit.id, verifierGated: true, checkpoint: false, verifierNodeId: verifierNode.id, candidateId: gate.candidateId, selectionId: gate.selectionId, selectionNodeId: gate.selectionNodeId },
|
|
217
|
+
}, { persist: false, persistNode: node_store_1.writeRunNode });
|
|
218
|
+
if (gate.selectionNodeId && commitResult.outputNodeId)
|
|
219
|
+
linkAdditionalParent(run, gate.selectionNodeId, commitResult.outputNodeId);
|
|
220
|
+
return commitResult.outputNodeId;
|
|
221
|
+
}
|
|
222
|
+
const checkpointNode = (0, state_node_1.createStateNode)({
|
|
223
|
+
id: `${run.id}:checkpoint:${commit.id}`,
|
|
224
|
+
kind: "commit",
|
|
225
|
+
status: "completed",
|
|
226
|
+
loopStage: "checkpoint",
|
|
227
|
+
inputs: { reason: options.reason, commitId: commit.id },
|
|
228
|
+
outputs: { snapshotPath: commit.snapshotPath, gitHead: commit.gitHead, verifierGated: false, checkpoint: true },
|
|
229
|
+
artifacts: [{ id: "snapshot", kind: "json", path: commit.snapshotPath }],
|
|
230
|
+
contractId: contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
|
|
231
|
+
metadata: { ...(options.metadata || {}), verifierGated: false, checkpoint: true },
|
|
232
|
+
});
|
|
233
|
+
(0, node_store_1.appendRunNode)(run, checkpointNode);
|
|
234
|
+
return checkpointNode.id;
|
|
235
|
+
}
|
|
236
|
+
function recordCommitGateFailure(run, options, gate) {
|
|
237
|
+
const first = gate.errors[0] || { code: "commit-gate-blocked", message: "Verifier-gated commit blocked", at: new Date().toISOString(), retryable: false };
|
|
238
|
+
const node = (0, state_node_1.recordNodeError)((0, state_node_1.createStateNode)({
|
|
239
|
+
id: `${run.id}:commit-gate-failed:${(0, commit_gate_1.gateFailureSeq)(run)}`,
|
|
240
|
+
kind: "error",
|
|
241
|
+
status: "pending",
|
|
242
|
+
loopStage: "checkpoint",
|
|
243
|
+
inputs: { reason: options.reason, verifierNodeId: gate.verifierNodeId, candidateId: gate.candidateId, selectionId: gate.selectionId },
|
|
244
|
+
evidence: gate.evidence,
|
|
245
|
+
contractId: contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
|
|
246
|
+
metadata: {
|
|
247
|
+
...(options.metadata || {}),
|
|
248
|
+
verifierGated: true,
|
|
249
|
+
checkpoint: false,
|
|
250
|
+
failureCount: gate.errors.length,
|
|
251
|
+
failures: gate.errors.map((entry) => ({ code: entry.code, message: entry.message, nodeId: entry.nodeId })),
|
|
252
|
+
gate: gate.metadata,
|
|
253
|
+
},
|
|
254
|
+
}), first);
|
|
255
|
+
const persisted = (0, node_store_1.appendRunNode)(run, node);
|
|
256
|
+
for (const parentId of [gate.selectionNodeId, gate.verifierNodeId].filter(Boolean)) {
|
|
257
|
+
linkAdditionalParent(run, parentId, persisted.id);
|
|
258
|
+
}
|
|
259
|
+
// Record the block as append-only operator feedback so the codes
|
|
260
|
+
// (commit-verifier-not-found / missing-evidence / review-gate-missing-
|
|
261
|
+
// approvals / …) are not lost — the old build did this and the commit gate's
|
|
262
|
+
// failure must surface visibly, not silently.
|
|
263
|
+
const feedback = (0, error_feedback_io_1.recordFeedback)(run, {
|
|
264
|
+
source: options.source === "cli" ? "cli" : "verifier",
|
|
265
|
+
error: first,
|
|
266
|
+
nodeId: persisted.id,
|
|
267
|
+
stageId: "commit",
|
|
268
|
+
contractId: contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
|
|
269
|
+
retryable: false,
|
|
270
|
+
evidence: gate.evidence,
|
|
271
|
+
artifacts: [],
|
|
272
|
+
metadata: {
|
|
273
|
+
reason: options.reason,
|
|
274
|
+
verifierNodeId: gate.verifierNodeId,
|
|
275
|
+
candidateId: gate.candidateId,
|
|
276
|
+
selectionId: gate.selectionId,
|
|
277
|
+
failures: gate.errors.map((entry) => ({ code: entry.code, message: entry.message, nodeId: entry.nodeId })),
|
|
278
|
+
},
|
|
279
|
+
});
|
|
280
|
+
return new CommitGateError(first, { feedbackId: feedback.id, stateNodeId: persisted.id });
|
|
281
|
+
}
|
|
282
|
+
function linkAdditionalParent(run, parentId, childId) {
|
|
283
|
+
const parent = findNode(run, parentId);
|
|
284
|
+
const child = findNode(run, childId);
|
|
285
|
+
if (!parent || !child)
|
|
286
|
+
return;
|
|
287
|
+
const [linkedParent, linkedChild] = (0, state_node_1.linkStateNodes)(parent, child);
|
|
288
|
+
(0, node_store_1.appendRunNode)(run, linkedParent);
|
|
289
|
+
(0, node_store_1.appendRunNode)(run, linkedChild);
|
|
290
|
+
}
|