cool-workflow 0.1.98 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (315) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/README.md +18 -7
  4. package/apps/architecture-review/app.json +2 -2
  5. package/apps/architecture-review/workflow.js +12 -12
  6. package/apps/architecture-review-fast/app.json +1 -1
  7. package/apps/end-to-end-golden-path/app.json +1 -1
  8. package/apps/pr-review-fix-ci/app.json +1 -1
  9. package/apps/release-cut/app.json +1 -1
  10. package/apps/research-synthesis/app.json +1 -1
  11. package/dist/cli/dispatch.js +236 -0
  12. package/dist/cli/entry.js +120 -0
  13. package/dist/cli/io.js +21 -4
  14. package/dist/cli/parseargv.js +157 -0
  15. package/dist/cli.js +6 -33
  16. package/dist/core/capability-table.js +3518 -0
  17. package/dist/core/format/help.js +314 -0
  18. package/dist/{state-explosion/format.js → core/format/state-explosion-text.js} +10 -1
  19. package/dist/core/hash.js +137 -0
  20. package/dist/core/multi-agent/candidate-scoring.js +219 -0
  21. package/dist/core/multi-agent/collaboration.js +481 -0
  22. package/dist/core/multi-agent/coordinator.js +515 -0
  23. package/dist/core/multi-agent/eval-replay.js +306 -0
  24. package/dist/core/multi-agent/runtime.js +929 -0
  25. package/dist/core/multi-agent/topology.js +298 -0
  26. package/dist/core/multi-agent/trust-policy.js +197 -0
  27. package/dist/core/pipeline/commit-gate.js +320 -0
  28. package/dist/{pipeline-contract.js → core/pipeline/contract.js} +24 -37
  29. package/dist/core/pipeline/dispatch.js +103 -0
  30. package/dist/core/pipeline/drive-decide.js +227 -0
  31. package/dist/core/pipeline/error-feedback.js +161 -0
  32. package/dist/core/pipeline/loop-expansion.js +124 -0
  33. package/dist/{result-normalize.js → core/pipeline/result-normalize.js} +14 -37
  34. package/dist/core/pipeline/runner.js +230 -0
  35. package/dist/{contract-migration.js → core/state/contract-migration.js} +68 -92
  36. package/dist/{state-migrations.js → core/state/migrations.js} +103 -96
  37. package/dist/core/state/node-projection.js +95 -0
  38. package/dist/core/state/node-snapshot.js +230 -0
  39. package/dist/core/state/run-paths.js +93 -0
  40. package/dist/{schema-validate.js → core/state/schema-validate.js} +35 -28
  41. package/dist/core/state/schema.js +50 -0
  42. package/dist/core/state/state-explosion/digest.js +243 -0
  43. package/dist/core/state/state-explosion/graph.js +527 -0
  44. package/dist/{state-explosion → core/state/state-explosion}/helpers.js +34 -3
  45. package/dist/core/state/state-explosion/report.js +187 -0
  46. package/dist/{state-explosion → core/state/state-explosion}/size.js +25 -7
  47. package/dist/{state-node.js → core/state/state-node.js} +90 -113
  48. package/dist/core/state/types.js +19 -0
  49. package/dist/{validation.js → core/state/validation.js} +64 -131
  50. package/dist/core/trust/evidence-grounding.js +134 -0
  51. package/dist/core/trust/ledger.js +199 -0
  52. package/dist/{telemetry-attestation.js → core/trust/telemetry-attestation.js} +94 -68
  53. package/dist/core/trust/telemetry-ledger.js +127 -0
  54. package/dist/core/types.js +20 -0
  55. package/dist/core/version.js +16 -0
  56. package/dist/{workflow-app-framework.js → core/workflow-apps/app-schema.js} +337 -426
  57. package/dist/mcp/dispatch.js +104 -0
  58. package/dist/mcp/server.js +144 -0
  59. package/dist/mcp-server.js +6 -84
  60. package/dist/{agent-config.js → shell/agent-config.js} +118 -71
  61. package/dist/shell/app-run-cli.js +88 -0
  62. package/dist/shell/audit-cli.js +259 -0
  63. package/dist/shell/audit-provenance.js +83 -0
  64. package/dist/shell/candidate-scoring-io.js +459 -0
  65. package/dist/shell/collaboration-io.js +264 -0
  66. package/dist/shell/commit-summary.js +104 -0
  67. package/dist/shell/commit.js +290 -0
  68. package/dist/shell/coordinator-io.js +476 -0
  69. package/dist/shell/demo-cli.js +19 -0
  70. package/dist/shell/dispatch.js +162 -0
  71. package/dist/shell/doctor.js +292 -0
  72. package/dist/shell/drive.js +885 -0
  73. package/dist/shell/error-feedback-io.js +305 -0
  74. package/dist/shell/eval-io.js +473 -0
  75. package/dist/{multi-agent-eval/format.js → shell/eval-text.js} +78 -49
  76. package/dist/{evidence-reasoning.js → shell/evidence-reasoning.js} +124 -255
  77. package/dist/shell/exec-backend-cli.js +88 -0
  78. package/dist/shell/execution-backend/agent.js +507 -0
  79. package/dist/shell/execution-backend/ci.js +15 -0
  80. package/dist/shell/execution-backend/container.js +69 -0
  81. package/dist/shell/execution-backend/envelopes.js +55 -0
  82. package/dist/shell/execution-backend/local.js +113 -0
  83. package/dist/shell/execution-backend/probes.js +175 -0
  84. package/dist/shell/execution-backend/registry.js +402 -0
  85. package/dist/shell/execution-backend/remote.js +128 -0
  86. package/dist/shell/execution-backend/types.js +11 -0
  87. package/dist/shell/feedback-cli.js +81 -0
  88. package/dist/shell/feedback-operations.js +48 -0
  89. package/dist/shell/fs-atomic.js +276 -0
  90. package/dist/shell/harness.js +98 -0
  91. package/dist/shell/ledger-cli.js +212 -0
  92. package/dist/shell/ledger-io.js +169 -0
  93. package/dist/shell/man-cli.js +89 -0
  94. package/dist/shell/metrics-cli.js +100 -0
  95. package/dist/shell/multi-agent-cli.js +1002 -0
  96. package/dist/shell/multi-agent-host.js +563 -0
  97. package/dist/shell/multi-agent-io.js +387 -0
  98. package/dist/{multi-agent-operator-ux.js → shell/multi-agent-operator-ux.js} +234 -191
  99. package/dist/shell/node-store.js +124 -0
  100. package/dist/{observability/format.js → shell/observability-format.js} +7 -1
  101. package/dist/{observability/intake.js → shell/observability-intake.js} +79 -56
  102. package/dist/{observability.js → shell/observability.js} +159 -332
  103. package/dist/{onramp.js → shell/onramp.js} +11 -0
  104. package/dist/{operator-ux/format.js → shell/operator-ux-text.js} +250 -239
  105. package/dist/shell/operator-ux.js +431 -0
  106. package/dist/shell/orchestrator.js +231 -0
  107. package/dist/shell/pipeline-cli.js +667 -0
  108. package/dist/shell/pipeline.js +217 -0
  109. package/dist/shell/reclamation-io.js +1366 -0
  110. package/dist/shell/registry-cli.js +344 -0
  111. package/dist/{remote-source.js → shell/remote-source.js} +2 -2
  112. package/dist/shell/report-cli.js +101 -0
  113. package/dist/shell/report-view-cli.js +117 -0
  114. package/dist/{orchestrator → shell}/report.js +289 -282
  115. package/dist/shell/reporter.js +62 -0
  116. package/dist/shell/run-export-cli.js +106 -0
  117. package/dist/shell/run-export.js +680 -0
  118. package/dist/shell/run-registry-io.js +1014 -0
  119. package/dist/shell/run-store.js +164 -0
  120. package/dist/{sandbox-profile.js → shell/sandbox-profile.js} +134 -95
  121. package/dist/{scheduler.js → shell/scheduler-io.js} +257 -48
  122. package/dist/shell/scheduling-io.js +321 -0
  123. package/dist/shell/state-cli.js +181 -0
  124. package/dist/shell/state-explosion-cli.js +197 -0
  125. package/dist/shell/telemetry-cli.js +85 -0
  126. package/dist/{telemetry-demo.js → shell/telemetry-demo.js} +149 -119
  127. package/dist/shell/telemetry-ledger-io.js +132 -0
  128. package/dist/{term.js → shell/term.js} +36 -46
  129. package/dist/shell/topology-io.js +361 -0
  130. package/dist/shell/trust-audit.js +472 -0
  131. package/dist/{multi-agent-trust.js → shell/trust-policy-io.js} +67 -205
  132. package/dist/shell/verifier.js +48 -0
  133. package/dist/shell/workbench-host.js +258 -0
  134. package/dist/shell/workbench-text.js +18 -0
  135. package/dist/shell/workbench.js +170 -0
  136. package/dist/shell/worker-cli.js +124 -0
  137. package/dist/shell/worker-isolation.js +852 -0
  138. package/dist/shell/workflow-app-loader.js +650 -0
  139. package/docs/agent-delegation-drive.7.md +4 -0
  140. package/docs/cli-mcp-parity.7.md +282 -219
  141. package/docs/contract-migration-tooling.7.md +4 -0
  142. package/docs/control-plane-scheduling.7.md +4 -0
  143. package/docs/durable-state-and-locking.7.md +4 -0
  144. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  145. package/docs/execution-backends.7.md +4 -0
  146. package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
  147. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  148. package/docs/multi-agent-operator-ux.7.md +4 -0
  149. package/docs/node-snapshot-diff-replay.7.md +4 -0
  150. package/docs/observability-cost-accounting.7.md +6 -1
  151. package/docs/project-index.md +137 -71
  152. package/docs/real-execution-backends.7.md +4 -0
  153. package/docs/release-and-migration.7.md +4 -0
  154. package/docs/release-tooling.7.md +4 -0
  155. package/docs/remote-source-review.7.md +4 -4
  156. package/docs/report-verifiable-bundle.7.md +1 -1
  157. package/docs/run-registry-control-plane.7.md +4 -0
  158. package/docs/run-retention-reclamation.7.md +25 -0
  159. package/docs/security-trust-hardening.7.md +3 -1
  160. package/docs/state-explosion-management.7.md +4 -0
  161. package/docs/team-collaboration.7.md +4 -0
  162. package/docs/web-desktop-workbench.7.md +15 -1
  163. package/manifest/plugin.manifest.json +1 -1
  164. package/manifest/source-context-profiles.json +9 -13
  165. package/package.json +1 -1
  166. package/scripts/agents/agent-adapter-core.js +22 -2
  167. package/scripts/agents/claude-p-agent.js +8 -3
  168. package/scripts/agents/cw-attest-wrap.js +2 -2
  169. package/scripts/agents/gemini-agent.js +5 -1
  170. package/scripts/agents/opencode-agent.js +5 -1
  171. package/scripts/bump-version.js +4 -3
  172. package/scripts/canonical-apps.js +4 -4
  173. package/scripts/dogfood-architecture-review.js +2 -3
  174. package/scripts/dogfood-release.js +3 -3
  175. package/scripts/gen-parity-doc.js +15 -2
  176. package/scripts/golden-path.js +4 -4
  177. package/scripts/onramp-check.js +1 -1
  178. package/scripts/parity-check.js +38 -21
  179. package/scripts/release-flow.js +2 -2
  180. package/scripts/sync-project-index.js +51 -27
  181. package/scripts/validate-run-state-schema.js +2 -2
  182. package/scripts/version-sync-check.js +30 -30
  183. package/dist/candidate-scoring.js +0 -729
  184. package/dist/capability-core.js +0 -1189
  185. package/dist/capability-registry.js +0 -885
  186. package/dist/cli/command-surface.js +0 -494
  187. package/dist/cli/format.js +0 -56
  188. package/dist/cli/handlers/audit.js +0 -82
  189. package/dist/cli/handlers/blackboard.js +0 -81
  190. package/dist/cli/handlers/candidate.js +0 -40
  191. package/dist/cli/handlers/clones.js +0 -34
  192. package/dist/cli/handlers/collaboration.js +0 -61
  193. package/dist/cli/handlers/eval.js +0 -40
  194. package/dist/cli/handlers/ledger.js +0 -169
  195. package/dist/cli/handlers/maintenance.js +0 -107
  196. package/dist/cli/handlers/multi-agent.js +0 -165
  197. package/dist/cli/handlers/node.js +0 -41
  198. package/dist/cli/handlers/operational.js +0 -155
  199. package/dist/cli/handlers/operator.js +0 -146
  200. package/dist/cli/handlers/registry.js +0 -68
  201. package/dist/cli/handlers/run.js +0 -153
  202. package/dist/cli/handlers/scheduling.js +0 -132
  203. package/dist/cli/handlers/workbench.js +0 -41
  204. package/dist/cli/handlers/worker.js +0 -45
  205. package/dist/cli/run-summary.js +0 -45
  206. package/dist/clones.js +0 -162
  207. package/dist/collaboration.js +0 -726
  208. package/dist/commit.js +0 -592
  209. package/dist/compare.js +0 -18
  210. package/dist/coordinator/classify.js +0 -45
  211. package/dist/coordinator/paths.js +0 -42
  212. package/dist/coordinator/util.js +0 -126
  213. package/dist/coordinator.js +0 -990
  214. package/dist/daemon.js +0 -44
  215. package/dist/dispatch.js +0 -250
  216. package/dist/doctor.js +0 -212
  217. package/dist/drive.js +0 -864
  218. package/dist/error-feedback.js +0 -419
  219. package/dist/evidence-grounding.js +0 -184
  220. package/dist/execution-backend/agent.js +0 -354
  221. package/dist/execution-backend/probes.js +0 -112
  222. package/dist/execution-backend/util.js +0 -47
  223. package/dist/execution-backend.js +0 -961
  224. package/dist/gates.js +0 -48
  225. package/dist/harness.js +0 -61
  226. package/dist/ledger.js +0 -313
  227. package/dist/loop-expansion.js +0 -60
  228. package/dist/mcp/tool-call.js +0 -470
  229. package/dist/mcp/tool-definitions.js +0 -1066
  230. package/dist/mcp-surface.js +0 -30
  231. package/dist/multi-agent/graph.js +0 -84
  232. package/dist/multi-agent/helpers.js +0 -141
  233. package/dist/multi-agent/ids.js +0 -20
  234. package/dist/multi-agent/paths.js +0 -22
  235. package/dist/multi-agent-eval/normalize.js +0 -51
  236. package/dist/multi-agent-eval.js +0 -678
  237. package/dist/multi-agent-host.js +0 -777
  238. package/dist/multi-agent.js +0 -984
  239. package/dist/node-projection.js +0 -59
  240. package/dist/node-snapshot.js +0 -260
  241. package/dist/operator-ux.js +0 -631
  242. package/dist/orchestrator/app-operations.js +0 -211
  243. package/dist/orchestrator/audit-operations.js +0 -182
  244. package/dist/orchestrator/candidate-operations.js +0 -117
  245. package/dist/orchestrator/cli-options.js +0 -294
  246. package/dist/orchestrator/collaboration-operations.js +0 -86
  247. package/dist/orchestrator/feedback-operations.js +0 -81
  248. package/dist/orchestrator/host-operations.js +0 -78
  249. package/dist/orchestrator/lifecycle-operations.js +0 -650
  250. package/dist/orchestrator/migration-operations.js +0 -44
  251. package/dist/orchestrator/multi-agent-operations.js +0 -362
  252. package/dist/orchestrator/topology-operations.js +0 -84
  253. package/dist/orchestrator.js +0 -925
  254. package/dist/pipeline-runner.js +0 -285
  255. package/dist/reclamation/hash.js +0 -72
  256. package/dist/reclamation.js +0 -812
  257. package/dist/reporter.js +0 -67
  258. package/dist/run-export.js +0 -815
  259. package/dist/run-registry/derive.js +0 -175
  260. package/dist/run-registry/format.js +0 -124
  261. package/dist/run-registry/gc.js +0 -251
  262. package/dist/run-registry/policy.js +0 -16
  263. package/dist/run-registry/queue.js +0 -115
  264. package/dist/run-registry.js +0 -850
  265. package/dist/run-state-schema.js +0 -68
  266. package/dist/scheduling.js +0 -184
  267. package/dist/state-explosion.js +0 -1014
  268. package/dist/state.js +0 -367
  269. package/dist/telemetry-ledger.js +0 -196
  270. package/dist/topology.js +0 -565
  271. package/dist/triggers.js +0 -184
  272. package/dist/trust-audit.js +0 -644
  273. package/dist/types/blackboard.js +0 -2
  274. package/dist/types/candidate.js +0 -2
  275. package/dist/types/collaboration.js +0 -2
  276. package/dist/types/core.js +0 -2
  277. package/dist/types/drive.js +0 -10
  278. package/dist/types/error-feedback.js +0 -2
  279. package/dist/types/evidence-reasoning.js +0 -2
  280. package/dist/types/execution-backend.js +0 -2
  281. package/dist/types/multi-agent.js +0 -2
  282. package/dist/types/observability.js +0 -2
  283. package/dist/types/pipeline.js +0 -2
  284. package/dist/types/reclamation.js +0 -8
  285. package/dist/types/report-bundle.js +0 -6
  286. package/dist/types/result.js +0 -2
  287. package/dist/types/run-registry.js +0 -2
  288. package/dist/types/run.js +0 -2
  289. package/dist/types/sandbox.js +0 -2
  290. package/dist/types/schedule.js +0 -2
  291. package/dist/types/state-node.js +0 -2
  292. package/dist/types/topology.js +0 -2
  293. package/dist/types/trust.js +0 -2
  294. package/dist/types/workbench.js +0 -2
  295. package/dist/types/worker.js +0 -2
  296. package/dist/types/workflow-app.js +0 -2
  297. package/dist/types.js +0 -44
  298. package/dist/util/fingerprint.js +0 -19
  299. package/dist/util/fingerprint.test.js +0 -27
  300. package/dist/verifier.js +0 -78
  301. package/dist/version.js +0 -8
  302. package/dist/workbench-host.js +0 -192
  303. package/dist/workbench.js +0 -192
  304. package/dist/worker-accept/acceptance.js +0 -114
  305. package/dist/worker-accept/blackboard-fanout.js +0 -80
  306. package/dist/worker-accept/blackboard-linkage.js +0 -19
  307. package/dist/worker-accept/context.js +0 -2
  308. package/dist/worker-accept/telemetry-ledger.js +0 -126
  309. package/dist/worker-accept/validation.js +0 -77
  310. package/dist/worker-accept/verifier-completion.js +0 -73
  311. package/dist/worker-isolation/helpers.js +0 -51
  312. package/dist/worker-isolation/paths.js +0 -46
  313. package/dist/worker-isolation.js +0 -656
  314. package/dist/workflow-api.js +0 -131
  315. /package/dist/{types → core/types}/boundary.js +0 -0
package/dist/workbench.js DELETED
@@ -1,192 +0,0 @@
1
- "use strict";
2
- // Web / Desktop Workbench core (v0.1.30) — the SINGLE source of the human
3
- // console's view models, and a THIRD FRONT DOOR over ONE mechanism.
4
- //
5
- // BSD discipline:
6
- // - MECHANISM VS POLICY. The kernel + durable `.cw/` state are the mechanism.
7
- // The CLI renders for human speed, MCP for machine context, and the Workbench
8
- // for human inspection at a glance. All three are presentation POLICY over the
9
- // same data. This module computes, decides, and stores NOTHING the CLI/MCP
10
- // cannot already produce — every panel embeds, verbatim, the canonical
11
- // `--json` payload of ONE already-declared capability, assembled by calling
12
- // the SAME runner core entries the CLI and MCP route through.
13
- // - NO HIDDEN DASHBOARD. These are DERIVED, read-only projections. They hold no
14
- // authoritative state; refresh re-derives everything from disk. Delete the
15
- // host process and nothing is lost — the data is the files.
16
- // - EXPLICIT, INSPECTABLE, FAIL CLOSED. When a source capability is unreadable
17
- // (e.g. a run with no blackboard yet, or unresolvable state), the panel is
18
- // rendered `absent` with the honest error; we never fabricate a view.
19
- //
20
- // See docs/web-desktop-workbench.7.md, src/capability-registry.ts, and the
21
- // v0.1.27 parity contract (docs/cli-mcp-parity.7.md).
22
- var __importDefault = (this && this.__importDefault) || function (mod) {
23
- return (mod && mod.__esModule) ? mod : { "default": mod };
24
- };
25
- Object.defineProperty(exports, "__esModule", { value: true });
26
- exports.WORKBENCH_UI_RELATIVE = exports.WORKBENCH_DEFAULT_PORT = void 0;
27
- exports.buildWorkbenchRunView = buildWorkbenchRunView;
28
- exports.buildWorkbenchIndex = buildWorkbenchIndex;
29
- exports.workbenchUiRoot = workbenchUiRoot;
30
- exports.buildWorkbenchServeDescriptor = buildWorkbenchServeDescriptor;
31
- const capability_core_1 = require("./capability-core");
32
- const node_path_1 = __importDefault(require("node:path"));
33
- const node_fs_1 = __importDefault(require("node:fs"));
34
- /** Default loopback port. Local by default, least privilege — never a public
35
- * interface. Overridable with `--port`. */
36
- exports.WORKBENCH_DEFAULT_PORT = 7717;
37
- /** Relative location of the optional, dependency-light static UI assets. Kept
38
- * OUT of the kernel: the host reads them lazily at request time, so the framework
39
- * builds and runs with the Workbench (and these files) absent. */
40
- exports.WORKBENCH_UI_RELATIVE = node_path_1.default.join("ui", "workbench");
41
- // ---------------------------------------------------------------------------
42
- // Panel assembly — each panel IS one capability payload, embedded verbatim.
43
- // ---------------------------------------------------------------------------
44
- /** Render one panel by invoking its single source capability. On success `data`
45
- * equals `cw <cmd> --json` byte-for-byte; on failure the panel is `absent` with
46
- * the honest reason (fail closed) — exactly what the CLI would report. */
47
- function panel(capability, cli, mcp, produce) {
48
- try {
49
- return { capability, cli, mcp, status: "present", data: produce() };
50
- }
51
- catch (error) {
52
- return { capability, cli, mcp, status: "absent", error: error instanceof Error ? error.message : String(error) };
53
- }
54
- }
55
- function buildPanels(runner, runId) {
56
- return {
57
- // Run graph — operator + multi-agent, including the v0.1.25 compact and
58
- // critical-path views. Backend ids/attestations (v0.1.29) ride on the nodes.
59
- graph: {
60
- operator: panel("graph", `cw graph ${runId} --json`, "cw_operator_graph", () => runner.operatorGraph(runId)),
61
- multiAgent: panel("multi-agent.graph", `cw multi-agent graph ${runId} --json`, "cw_multi_agent_graph", () => runner.multiAgentOperatorGraph(runId)),
62
- compact: panel("multi-agent.graph.compact", `cw multi-agent graph ${runId} --view compact --json`, "cw_multi_agent_graph_compact", () => runner.multiAgentGraphView(runId, { view: "compact" })),
63
- criticalPath: panel("multi-agent.graph.compact", `cw multi-agent graph ${runId} --view critical-path --json`, "cw_multi_agent_graph_compact", () => runner.multiAgentGraphView(runId, { view: "critical-path" }))
64
- },
65
- // Blackboard — coordinator topics/messages/contexts/artifacts/snapshots/
66
- // decisions/conflicts/adopted+missing evidence.
67
- blackboard: {
68
- coordinator: panel("coordinator.summary", `cw coordinator summary ${runId}`, "cw_coordinator_summary", () => runner.coordinatorSummary(runId)),
69
- digest: panel("blackboard.summarize", `cw blackboard summarize ${runId} --json`, "cw_blackboard_summarize", () => runner.blackboardSummarize(runId)),
70
- graph: panel("blackboard.graph", `cw blackboard graph ${runId}`, "cw_blackboard_graph", () => runner.blackboardGraph(runId))
71
- },
72
- // Worker logs — manifests, outputs, scoped results, failures, and the
73
- // recorded execution backend + sandbox attestation.
74
- worker: {
75
- summary: panel("worker.summary", `cw worker summary ${runId} --json`, "cw_worker_summary", () => runner.summarizeWorkerRecords(runId))
76
- },
77
- // Candidate compare — scores/selection/rejection, plus the v0.1.26
78
- // evidence-adoption reasoning chain (why adopted).
79
- candidate: {
80
- summary: panel("candidate.summary", `cw candidate summary ${runId} --json`, "cw_candidate_summary", () => runner.summarizeCandidateOperatorRecords(runId)),
81
- reasoning: panel("multi-agent.reasoning", `cw multi-agent reasoning ${runId} --json`, "cw_evidence_reasoning", () => runner.multiAgentReasoning(runId))
82
- },
83
- // Observability + cost (v0.1.31) — durations, failure/verifier/acceptance
84
- // rates with sample counts, attested usage + cost, coverage, `unreported`/
85
- // `n/a` shown honestly. Equals `cw metrics show <run> --json` byte-for-byte.
86
- metrics: {
87
- report: panel("metrics.show", `cw metrics show ${runId} --json`, "cw_metrics_show", () => runner.metricsShow(runId))
88
- },
89
- // Audit timeline — trust-audit events, role policy decisions, provenance,
90
- // judge/chair rationale, and policy violations.
91
- audit: {
92
- summary: panel("audit.summary", `cw audit summary ${runId}`, "cw_audit_summary", () => runner.auditSummary(runId)),
93
- multiAgent: panel("audit.multi-agent", `cw audit multi-agent ${runId} --json`, "cw_audit_multi_agent", () => runner.auditMultiAgent(runId)),
94
- policy: panel("audit.policy", `cw audit policy ${runId} --json`, "cw_audit_policy", () => runner.auditPolicy(runId)),
95
- judge: panel("audit.judge", `cw audit judge ${runId} --json`, "cw_audit_judge", () => runner.auditJudge(runId))
96
- },
97
- // Collaboration (v0.1.32) — derived per-target review state (pending/approved/
98
- // rejected/blocked/unattributed, required vs recorded), the append-only
99
- // approval/comment/handoff timeline, and the run owner. Read-only; equals
100
- // `cw review status <run> --json` and `cw comment list <run> --json`.
101
- collaboration: {
102
- review: panel("review.status", `cw review status ${runId} --json`, "cw_review_status", () => runner.reviewStatus(runId)),
103
- comments: panel("comment.list", `cw comment list ${runId} --json`, "cw_comment_list", () => runner.collaborationCommentList(runId))
104
- }
105
- };
106
- }
107
- /** Assemble the read-only five-panel view of ONE run. The run is first resolved
108
- * from its durable `.cw/runs/<id>/state.json`; when that source is unreadable
109
- * the view is `resolved: false` and every panel is `absent` — fail closed,
110
- * never fabricated. */
111
- function buildWorkbenchRunView(runner, runId) {
112
- const id = String(runId || "");
113
- return runner.loadWithCache((r) => {
114
- let resolved = true;
115
- let error;
116
- try {
117
- r.loadRun(id);
118
- }
119
- catch (caught) {
120
- resolved = false;
121
- error = caught instanceof Error ? caught.message : String(caught);
122
- }
123
- return {
124
- schemaVersion: 1,
125
- surface: "workbench",
126
- runId: id,
127
- resolved,
128
- ...(error ? { error } : {}),
129
- panels: buildPanels(r, id)
130
- };
131
- });
132
- }
133
- // ---------------------------------------------------------------------------
134
- // Cross-run entry (v0.1.28 Run Registry) — composed from already-declared
135
- // capabilities; adds NO new source of truth.
136
- // ---------------------------------------------------------------------------
137
- /** Build the cross-run index: the registry index plus the run list (or a
138
- * filtered search). Each field equals the corresponding `cw <cmd> --json`
139
- * payload; the Workbench can show nothing the CLI/MCP cannot. */
140
- function buildWorkbenchIndex(runner, args = {}) {
141
- const scope = args.scope === "repo" ? "repo" : "home";
142
- const scoped = { ...args, scope };
143
- const registry = (0, capability_core_1.runRegistryShow)((0, capability_core_1.runRegistryFor)(scoped, runner), scoped);
144
- const filtered = Boolean(args.text || args.q || args.query || args.app || args.appId || args.status || args.repo || args.since || args.until);
145
- const runs = filtered ? (0, capability_core_1.runSearch)((0, capability_core_1.runRegistryFor)(scoped, runner), scoped) : (0, capability_core_1.runList)((0, capability_core_1.runRegistryFor)(scoped, runner), scoped);
146
- return { schemaVersion: 1, surface: "workbench", command: "index", scope, registry, runs };
147
- }
148
- // ---------------------------------------------------------------------------
149
- // Serve descriptor — describes the OPTIONAL localhost host (no state).
150
- // ---------------------------------------------------------------------------
151
- /** Absolute path to the optional static UI assets for this plugin install. */
152
- function workbenchUiRoot(runner) {
153
- return node_path_1.default.join(runner.pluginRoot, exports.WORKBENCH_UI_RELATIVE);
154
- }
155
- /** The canonical `cw workbench serve` payload: a description of the localhost
156
- * bind and its read-only routes. Holds zero authoritative state. The CLI emits
157
- * this under `--json`/`--once`; `cw_workbench_serve` returns it directly. */
158
- function buildWorkbenchServeDescriptor(runner, args = {}) {
159
- const scope = args.scope === "repo" ? "repo" : "home";
160
- const root = node_path_1.default.resolve(String(args.cwd || process.cwd()));
161
- const portRaw = Number(args.port);
162
- const port = Number.isFinite(portRaw) && portRaw > 0 ? Math.floor(portRaw) : exports.WORKBENCH_DEFAULT_PORT;
163
- const uiRoot = workbenchUiRoot(runner);
164
- return {
165
- schemaVersion: 1,
166
- surface: "workbench",
167
- command: "serve",
168
- host: "127.0.0.1",
169
- port,
170
- once: Boolean(args.once),
171
- readOnly: true,
172
- scope,
173
- root,
174
- uiAvailable: dirExists(uiRoot),
175
- uiRoot,
176
- routes: [
177
- { method: "GET", path: "/", description: "Workbench UI shell (static, dependency-light)." },
178
- { method: "GET", path: "/ui/*", description: "Static UI assets (read from disk; absent if not installed)." },
179
- { method: "GET", path: "/api/index", description: "Cross-run index: registry show + run list/search (v0.1.28)." },
180
- { method: "GET", path: "/api/serve", description: "This serve descriptor." },
181
- { method: "GET", path: "/api/run/:runId", description: "Five-panel WorkbenchRunView for one run (read-only)." }
182
- ]
183
- };
184
- }
185
- function dirExists(target) {
186
- try {
187
- return node_fs_1.default.statSync(target).isDirectory();
188
- }
189
- catch {
190
- return false;
191
- }
192
- }
@@ -1,114 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.acceptWorkerResult = acceptWorkerResult;
7
- const node_fs_1 = __importDefault(require("node:fs"));
8
- const node_path_1 = __importDefault(require("node:path"));
9
- const state_1 = require("../state");
10
- const pipeline_contract_1 = require("../pipeline-contract");
11
- const state_node_1 = require("../state-node");
12
- const result_normalize_1 = require("../result-normalize");
13
- const trust_audit_1 = require("../trust-audit");
14
- /** Step 3 — recordStateNode/audit: the irreversible accept. Records the allowed
15
- * path decision, copies the result into the run results dir, completes the task,
16
- * builds + appends the result node, emits the accepted audit event, re-normalizes
17
- * node evidence against both audit ids, and surfaces the empty-capture warning.
18
- * Writes destination/pathAuditId/acceptedAuditId/resultNode back into `accept`. */
19
- function acceptWorkerResult(accept, delegation) {
20
- const { run, workerId, scope, task, absoluteResultPath, parsedResult } = accept;
21
- const { agentDelegation } = delegation;
22
- const pathAudit = (0, trust_audit_1.recordSandboxPathDecision)(run, {
23
- workerId,
24
- taskId: task.id,
25
- sandboxProfileId: scope.sandboxProfileId,
26
- policySnapshot: scope.sandboxPolicy,
27
- target: absoluteResultPath,
28
- decision: "allowed",
29
- metadata: { operation: "worker-output-acceptance" }
30
- });
31
- const destination = node_path_1.default.join(run.paths.resultsDir, `${(0, state_1.safeFileName)(task.id)}.md`);
32
- node_fs_1.default.mkdirSync(run.paths.resultsDir, { recursive: true });
33
- node_fs_1.default.copyFileSync(absoluteResultPath, destination);
34
- task.status = "completed";
35
- task.completedAt = new Date().toISOString();
36
- task.resultPath = destination;
37
- task.loopStage = "observe";
38
- task.result = parsedResult;
39
- const evidence = (0, trust_audit_1.normalizeEvidence)(run, parsedResult.evidence.map((entry, index) => ({
40
- id: `result:${index + 1}`,
41
- source: "cw:result",
42
- locator: entry,
43
- summary: entry
44
- })), { source: "cw-validated", workerId, taskId: task.id, auditEventIds: [pathAudit.id] });
45
- const resultNode = (0, state_node_1.appendRunNode)(run, (0, state_node_1.createStateNode)({
46
- id: `${run.id}:result:${task.id}`,
47
- kind: "result",
48
- status: "completed",
49
- loopStage: "observe",
50
- inputs: { taskId: task.id, dispatchId: task.dispatchId, workerId },
51
- outputs: parsedResult,
52
- artifacts: [
53
- { id: "result", kind: "markdown", path: destination },
54
- { id: "worker-result", kind: "markdown", path: absoluteResultPath }
55
- ],
56
- evidence,
57
- parents: task.dispatchId ? [`${run.id}:dispatch:${task.dispatchId}`] : [task.stateNodeId || `${run.id}:task:${task.id}`],
58
- contractId: pipeline_contract_1.DEFAULT_PIPELINE_CONTRACT_ID,
59
- metadata: {
60
- taskId: task.id,
61
- workerId,
62
- workerDir: scope.workerDir,
63
- sandboxProfileId: scope.sandboxProfileId,
64
- auditEventIds: [pathAudit.id],
65
- // Empty-capture warning (v0.1.42): even after robust normalization the result
66
- // yielded NO findings and NO evidence — surfaced, never silently passed.
67
- ...((0, result_normalize_1.isEmptyCapture)(parsedResult) ? { captureWarning: "no findings or evidence captured from result.md" } : {}),
68
- // Folded into the snapshotted node body so v0.1.35 replay re-verifies the
69
- // prompt/result/model digests WITHOUT re-spawning the agent. NOT evidence.
70
- ...(agentDelegation ? { agentDelegation } : {})
71
- }
72
- }));
73
- const acceptedAudit = (0, trust_audit_1.recordTrustAuditEvent)(run, {
74
- kind: "worker.output",
75
- decision: "accepted",
76
- source: "cw-validated",
77
- workerId,
78
- taskId: task.id,
79
- nodeId: resultNode.id,
80
- sandboxProfileId: scope.sandboxProfileId,
81
- policySnapshot: scope.sandboxPolicy,
82
- normalizedPath: absoluteResultPath,
83
- evidence,
84
- parentEventIds: [pathAudit.id],
85
- metadata: { destination }
86
- });
87
- resultNode.evidence = (0, trust_audit_1.normalizeEvidence)(run, resultNode.evidence, {
88
- source: "cw-validated",
89
- workerId,
90
- taskId: task.id,
91
- resultNodeId: resultNode.id,
92
- auditEventIds: [pathAudit.id, acceptedAudit.id]
93
- });
94
- (0, state_node_1.appendRunNode)(run, resultNode);
95
- task.resultNodeId = resultNode.id;
96
- // Warn (don't silently pass) when a worker's result captured no structured signal
97
- // at all — the v0.1.41 self-audit's "accepted with evidenceCount:0" failure mode.
98
- if ((0, result_normalize_1.isEmptyCapture)(parsedResult)) {
99
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
100
- kind: "worker.capture-warning",
101
- decision: "recorded",
102
- source: "cw-validated",
103
- workerId,
104
- taskId: task.id,
105
- nodeId: resultNode.id,
106
- parentEventIds: [acceptedAudit.id],
107
- metadata: { reason: "no findings or evidence captured from result.md", resultPath: destination }
108
- });
109
- }
110
- accept.destination = destination;
111
- accept.pathAuditId = pathAudit.id;
112
- accept.acceptedAuditId = acceptedAudit.id;
113
- accept.resultNode = resultNode;
114
- }
@@ -1,80 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.fanOutWorkerOutput = fanOutWorkerOutput;
4
- const coordinator_1 = require("../coordinator");
5
- const multi_agent_1 = require("../multi-agent");
6
- const blackboard_linkage_1 = require("./blackboard-linkage");
7
- /** Step 7 — fanOut: publish the accepted output to the blackboard and record the
8
- * multi-agent worker output (linking the blackboard message/artifact refs). */
9
- function fanOutWorkerOutput(accept) {
10
- const { run, workerId, scope, task, absoluteResultPath, parsedResult, destination, resultNode, verifierNodeId, acceptedAuditId } = accept;
11
- const blackboardLinks = publishWorkerOutputToBlackboard(run, scope, task, parsedResult.summary, destination, absoluteResultPath, resultNode.evidence, acceptedAuditId);
12
- (0, multi_agent_1.recordMultiAgentWorkerOutput)(run, {
13
- workerId,
14
- taskId: task.id,
15
- resultNodeId: resultNode.id,
16
- verifierNodeId,
17
- evidence: resultNode.evidence,
18
- artifactPaths: [destination, absoluteResultPath],
19
- blackboardMessageIds: blackboardLinks.messageIds,
20
- blackboardArtifactRefIds: blackboardLinks.artifactRefIds
21
- });
22
- }
23
- function publishWorkerOutputToBlackboard(run, scope, task, summary, destination, workerResultPath, evidence, acceptedAuditId) {
24
- const linkage = (0, blackboard_linkage_1.blackboardLinkage)(run, scope);
25
- if (!linkage.blackboardId || !linkage.topicIds.length)
26
- return { messageIds: [], artifactRefIds: [] };
27
- const topicId = linkage.topicIds[0];
28
- const artifactRefs = [
29
- (0, coordinator_1.addBlackboardArtifact)(run, {
30
- topicId,
31
- blackboardId: linkage.blackboardId,
32
- kind: "worker-result",
33
- path: destination,
34
- owner: { kind: "worker", id: scope.id },
35
- author: { kind: "runtime", id: "cw" },
36
- source: "cw-validated-worker-output",
37
- provenance: {
38
- workerId: scope.id,
39
- taskId: task.id,
40
- multiAgentRunId: scope.multiAgent?.runId,
41
- agentGroupId: scope.multiAgent?.groupId,
42
- agentRoleId: scope.multiAgent?.roleId,
43
- agentMembershipId: scope.multiAgent?.membershipId,
44
- auditEventIds: [acceptedAuditId]
45
- },
46
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
47
- auditEventIds: [acceptedAuditId],
48
- metadata: { workerResultPath }
49
- })
50
- ];
51
- const message = (0, coordinator_1.postBlackboardMessage)(run, {
52
- topicId,
53
- blackboardId: linkage.blackboardId,
54
- body: summary,
55
- author: { kind: "worker", id: scope.id },
56
- scope: { kind: "worker", id: scope.id },
57
- artifactRefIds: artifactRefs.map((artifact) => artifact.id),
58
- evidenceRefs: evidence.map((entry) => entry.locator || entry.path || entry.summary || entry.id).filter(Boolean),
59
- auditEventIds: [acceptedAuditId],
60
- links: {
61
- multiAgentRunId: scope.multiAgent?.runId,
62
- agentGroupId: scope.multiAgent?.groupId,
63
- agentRoleId: scope.multiAgent?.roleId,
64
- agentMembershipId: scope.multiAgent?.membershipId,
65
- agentFanoutId: scope.multiAgent?.fanoutId,
66
- taskId: task.id,
67
- workerId: scope.id,
68
- auditEventIds: [acceptedAuditId]
69
- },
70
- metadata: {
71
- taskId: task.id,
72
- resultPath: destination,
73
- multiAgent: scope.multiAgent
74
- }
75
- });
76
- return {
77
- messageIds: [message.id],
78
- artifactRefIds: artifactRefs.map((artifact) => artifact.id)
79
- };
80
- }
@@ -1,19 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.blackboardLinkage = blackboardLinkage;
4
- const helpers_1 = require("../worker-isolation/helpers");
5
- function blackboardLinkage(run, scope) {
6
- const membershipId = scope.multiAgent?.membershipId;
7
- const membership = membershipId ? run.multiAgent?.memberships.find((entry) => entry.id === membershipId) : undefined;
8
- const group = scope.multiAgent?.groupId ? run.multiAgent?.groups.find((entry) => entry.id === scope.multiAgent?.groupId) : undefined;
9
- const role = scope.multiAgent?.roleId ? run.multiAgent?.roles.find((entry) => entry.id === scope.multiAgent?.roleId) : undefined;
10
- const multiAgentRun = scope.multiAgent?.runId ? run.multiAgent?.runs.find((entry) => entry.id === scope.multiAgent?.runId) : undefined;
11
- const blackboardId = membership?.blackboardId || group?.blackboardId || role?.blackboardId || multiAgentRun?.blackboardId;
12
- const topicIds = (0, helpers_1.unique)([
13
- ...(membership?.topicIds || []),
14
- ...(group?.topicIds || []),
15
- ...(role?.topicIds || []),
16
- ...(multiAgentRun?.topicIds || [])
17
- ]);
18
- return { blackboardId, topicIds };
19
- }
@@ -1,2 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
@@ -1,126 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.attestWorkerDelegation = attestWorkerDelegation;
4
- exports.recordWorkerDelegationLedger = recordWorkerDelegationLedger;
5
- const execution_backend_1 = require("../execution-backend");
6
- const telemetry_attestation_1 = require("../telemetry-attestation");
7
- const telemetry_ledger_1 = require("../telemetry-ledger");
8
- const trust_audit_1 = require("../trust-audit");
9
- const helpers_1 = require("../worker-isolation/helpers");
10
- /** Step 2 — attestSandbox/attestDelegation: verify the agent's signed telemetry
11
- * BEFORE recording it, enforce the opt-in require-attested-telemetry gate (still
12
- * fail-closed, pre-mutation), and build the agent-hop provenance. Non-agent hops
13
- * return an empty delegation. */
14
- function attestWorkerDelegation(accept, deps) {
15
- const { run, workerId, options, task, absoluteResultPath, rawResult } = accept;
16
- // Agent Delegation Drive (v0.1.38): if this worker's result.md was produced by an
17
- // EXTERNAL agent, record the agent-hop attestation AS PROVENANCE — the agent
18
- // (kind:process) handle, the agent-REPORTED model (never CW_AGENT_MODEL), the
19
- // prompt digest, the secret-stripped args, and the result digest computed HERE
20
- // from the accepted result.md. These live in the result node's metadata (covered
21
- // by the v0.1.35 snapshot body) + a trust-audit event, NEVER in `evidence`.
22
- // Track 1: verify the agent's signed telemetry BEFORE recording it. CW holds
23
- // only the operator's PUBLIC key — it verifies attribution, never measures
24
- // usage. Absent/invalid signature => `unattested`/`absent`, surfaced loudly,
25
- // NEVER silently recorded as trusted.
26
- const telemetry = options.agentDelegation
27
- ? (0, telemetry_attestation_1.verifyTelemetryAttestation)(options.agentDelegation.reportedUsage, options.agentDelegation.usageSignature, (0, telemetry_attestation_1.resolveTrustPublicKey)(options.agentDelegation.usageTrustPublicKey),
28
- // resultDigest binds the agent's findings into the signature: CW recomputes
29
- // the digest from the accepted result (the SAME raw bytes the executor
30
- // signed) so a result edited after signing fails verification. A signer
31
- // that did not cover the result still verifies (verifier back-compat).
32
- { runId: run.id, taskId: task.id, promptDigest: options.agentDelegation.promptDigest, resultDigest: (0, execution_backend_1.sha256)(rawResult) })
33
- : undefined;
34
- // Track 1 fail-closed (Decision 2 — OPT-IN, off by default). When the operator
35
- // requires attested telemetry, a delegated hop whose verdict is not `attested`
36
- // is REJECTED here — BEFORE any accept-side state mutation — so the drive parks
37
- // it instead of recording unverifiable usage. Default behavior is unchanged
38
- // (flag-and-surface). Non-agent hops carry no verdict and are never blocked.
39
- if (options.requireAttestedTelemetry && telemetry && telemetry.status !== "attested") {
40
- const error = (0, helpers_1.structuredError)("telemetry-unattested-blocked", `Worker ${workerId} telemetry is ${telemetry.status} (${telemetry.reason || "unverified"}) and require-attested-telemetry is enabled — refusing to accept a hop whose usage cannot be cryptographically verified`, { path: absoluteResultPath, retryable: false });
41
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
42
- throw new Error(error.message);
43
- }
44
- const agentDelegation = options.agentDelegation
45
- ? {
46
- schemaVersion: 1,
47
- backendId: "agent",
48
- handle: options.agentDelegation.handle,
49
- model: options.agentDelegation.model,
50
- promptDigest: options.agentDelegation.promptDigest,
51
- resultDigest: (0, execution_backend_1.sha256)(rawResult),
52
- command: options.agentDelegation.command,
53
- args: options.agentDelegation.args,
54
- exitCode: options.agentDelegation.exitCode,
55
- ...(options.agentDelegation.reportedUsage ? { reportedUsage: options.agentDelegation.reportedUsage } : {}),
56
- ...(options.agentDelegation.usageSignature ? { usageSignature: options.agentDelegation.usageSignature } : {}),
57
- ...(telemetry ? { usageAttestation: telemetry.status, usageAttestationReason: telemetry.reason } : {})
58
- }
59
- : undefined;
60
- return { agentDelegation, telemetry };
61
- }
62
- /** Step 4 — recordTelemetryLedger: the agent-hop attestation. Binds the telemetry
63
- * verdict into the append-only hash-chained ledger BEFORE the audit event (so the
64
- * event can cross-link the record hash), then emits the worker.agent-delegation
65
- * audit event. No-op for non-agent hops. */
66
- function recordWorkerDelegationLedger(accept, delegation) {
67
- const { agentDelegation, telemetry } = delegation;
68
- // The agent-hop attestation event — hung off worker.output, alongside
69
- // worker.backend. Recorded in trust-audit/provenance, NEVER in node evidence.
70
- if (!agentDelegation)
71
- return;
72
- const { run, workerId, scope, task, resultNode, acceptedAuditId } = accept;
73
- // Track 1 (tamper-evidence): bind this verdict into the append-only,
74
- // hash-chained telemetry ledger BEFORE the audit event, so the event can
75
- // cross-link the record hash. Editing the recorded verdict/usage later breaks
76
- // the chain (verifyTelemetryLedger). Only when a verdict was computed.
77
- const ledgerRecord = agentDelegation.usageAttestation
78
- ? (0, telemetry_ledger_1.appendTelemetryAttestation)(run, {
79
- workerId,
80
- taskId: task.id,
81
- promptDigest: agentDelegation.promptDigest,
82
- reportedUsage: agentDelegation.reportedUsage,
83
- usageSignature: agentDelegation.usageSignature,
84
- // Store the signed result digest ONLY when the signature actually covered
85
- // it, so the offline re-verifier (telemetry verify --pubkey / report verify)
86
- // can reconstruct the 5-field payload. A usage-only signature stores none
87
- // (its record stays byte-identical to a pre-result-coverage one).
88
- resultDigest: telemetry?.coversResult ? agentDelegation.resultDigest : undefined,
89
- attestation: agentDelegation.usageAttestation,
90
- attestationReason: agentDelegation.usageAttestationReason
91
- })
92
- : undefined;
93
- (0, trust_audit_1.recordTrustAuditEvent)(run, {
94
- kind: "worker.agent-delegation",
95
- decision: "recorded",
96
- source: "host-attested",
97
- workerId,
98
- taskId: task.id,
99
- nodeId: resultNode.id,
100
- sandboxProfileId: scope.sandboxProfileId,
101
- policySnapshot: scope.sandboxPolicy,
102
- parentEventIds: [acceptedAuditId],
103
- metadata: {
104
- backendId: agentDelegation.backendId,
105
- handleKind: agentDelegation.handle.kind,
106
- handleRef: agentDelegation.handle.ref,
107
- model: agentDelegation.model,
108
- promptDigest: agentDelegation.promptDigest,
109
- resultDigest: agentDelegation.resultDigest,
110
- command: agentDelegation.command,
111
- args: agentDelegation.args,
112
- exitCode: agentDelegation.exitCode,
113
- // Track 1: the telemetry verdict travels with the agent-hop event so the
114
- // audit report can surface `unattested` usage loudly. Absent => no usage.
115
- ...(agentDelegation.usageAttestation
116
- ? {
117
- telemetryAttestation: agentDelegation.usageAttestation,
118
- ...(agentDelegation.usageAttestationReason ? { telemetryAttestationReason: agentDelegation.usageAttestationReason } : {}),
119
- ...(agentDelegation.reportedUsage ? { reportedUsage: agentDelegation.reportedUsage } : {}),
120
- // Cross-link to the hash-chained ledger entry (tamper-evidence).
121
- ...(ledgerRecord ? { telemetryRecordId: ledgerRecord.recordId, telemetryRecordHash: ledgerRecord.recordHash, telemetryPrevHash: ledgerRecord.prevHash } : {})
122
- }
123
- : {})
124
- }
125
- });
126
- }
@@ -1,77 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.validateWorkerResult = validateWorkerResult;
7
- const node_fs_1 = __importDefault(require("node:fs"));
8
- const node_path_1 = __importDefault(require("node:path"));
9
- const verifier_1 = require("../verifier");
10
- const evidence_grounding_1 = require("../evidence-grounding");
11
- const trust_audit_1 = require("../trust-audit");
12
- const helpers_1 = require("../worker-isolation/helpers");
13
- /** Step 1 — validateResult: resolve scope/task, enforce the sandbox boundary, the
14
- * result-file existence, the envelope contract, and (opt-in) resolvable evidence.
15
- * Fail-closed: any guard records a worker failure and throws BEFORE accept-side
16
- * state mutation. Returns the partially-filled accept context on success. */
17
- function validateWorkerResult(run, workerId, resultPath, options, deps) {
18
- const scope = deps.requireWorkerScope(run, workerId);
19
- const task = deps.requireWorkerTask(run, scope);
20
- const absoluteResultPath = node_path_1.default.resolve(resultPath);
21
- const violation = deps.validateWorkerBoundary(run, workerId, { ...options, policy: options.policy, path: absoluteResultPath });
22
- if (violation) {
23
- (0, trust_audit_1.recordSandboxPathDecision)(run, {
24
- workerId,
25
- taskId: task.id,
26
- sandboxProfileId: scope.sandboxProfileId,
27
- policySnapshot: scope.sandboxPolicy,
28
- target: absoluteResultPath,
29
- decision: "denied",
30
- metadata: { code: violation.code, allowedPaths: violation.allowedPaths }
31
- });
32
- deps.recordWorkerFailure(run, workerId, violation, { ...options, path: absoluteResultPath, code: violation.code, retryable: false });
33
- throw new Error(violation.message);
34
- }
35
- if (!node_fs_1.default.existsSync(absoluteResultPath)) {
36
- const error = (0, helpers_1.structuredError)("worker-result-missing", `Worker result file does not exist: ${absoluteResultPath}`, {
37
- path: absoluteResultPath,
38
- retryable: true
39
- });
40
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
41
- throw new Error(error.message);
42
- }
43
- const rawResult = node_fs_1.default.readFileSync(absoluteResultPath, "utf8");
44
- const parsedResult = (0, verifier_1.parseResultEnvelope)(rawResult);
45
- (0, verifier_1.validateResultEnvelope)(task, parsedResult);
46
- // Strict evidence resolution (v0.1.40 self-audit P1, opt-in via
47
- // CW_REQUIRE_RESOLVABLE_EVIDENCE): fail closed if the result cites file-style
48
- // evidence that does not resolve on disk, so a worker cannot land a result
49
- // whose evidence locators point nowhere. Off by default — the default gate is
50
- // the deterministic grounding check in validateResultEnvelope.
51
- if ((0, evidence_grounding_1.requireResolvableEvidence)()) {
52
- const baseDirs = Array.from(new Set([run.cwd, process.cwd(), scope.workerDir, run.paths.runDir].filter(Boolean)));
53
- const unresolved = (0, evidence_grounding_1.unresolvedFileEvidence)(parsedResult.evidence, baseDirs);
54
- if (unresolved.length) {
55
- const error = (0, helpers_1.structuredError)("worker-evidence-unresolvable", `Worker ${workerId} result cites file evidence that does not resolve on disk: ${unresolved.join(", ")}`, { path: absoluteResultPath, retryable: false });
56
- deps.recordWorkerFailure(run, workerId, error, { ...options, persist: options.persist });
57
- throw new Error(error.message);
58
- }
59
- }
60
- return {
61
- run,
62
- workerId,
63
- options,
64
- scope,
65
- task,
66
- absoluteResultPath,
67
- rawResult,
68
- parsedResult,
69
- destination: "",
70
- pathAuditId: "",
71
- acceptedAuditId: "",
72
- resultNode: undefined,
73
- verifierNodeId: "",
74
- verifierStatus: "",
75
- output: undefined
76
- };
77
- }