cool-workflow 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/apps/architecture-review/app.json +1 -1
  4. package/apps/architecture-review-fast/app.json +1 -1
  5. package/apps/end-to-end-golden-path/app.json +1 -1
  6. package/apps/pr-review-fix-ci/app.json +1 -1
  7. package/apps/release-cut/app.json +1 -1
  8. package/apps/research-synthesis/app.json +1 -1
  9. package/dist/cli/dispatch.js +11 -5
  10. package/dist/cli/entry.js +41 -1
  11. package/dist/cli/io.js +6 -2
  12. package/dist/cli/parseargv.js +1 -0
  13. package/dist/core/capability-data.js +1 -0
  14. package/dist/core/format/completion.js +68 -0
  15. package/dist/core/format/help.js +25 -6
  16. package/dist/core/format/safe-json.js +73 -0
  17. package/dist/core/format/state-explosion-text.js +1 -1
  18. package/dist/core/multi-agent/candidate-scoring.js +5 -1
  19. package/dist/core/multi-agent/collaboration.js +3 -3
  20. package/dist/core/multi-agent/coordinator.js +5 -5
  21. package/dist/core/multi-agent/runtime.js +4 -4
  22. package/dist/core/multi-agent/topology.js +3 -3
  23. package/dist/core/pipeline/dispatch.js +18 -4
  24. package/dist/core/pipeline/drive-decide.js +2 -1
  25. package/dist/core/state/migrations.js +16 -1
  26. package/dist/core/state/state-explosion/digest.js +13 -13
  27. package/dist/core/state/state-explosion/graph.js +17 -11
  28. package/dist/core/state/state-explosion/report.js +6 -6
  29. package/dist/core/util/numeric-flag.js +40 -0
  30. package/dist/core/version.js +1 -1
  31. package/dist/mcp/server.js +99 -11
  32. package/dist/shell/audit-cli.js +57 -25
  33. package/dist/shell/coordinator-io.js +73 -13
  34. package/dist/shell/dispatch.js +1 -1
  35. package/dist/shell/doctor.js +80 -1
  36. package/dist/shell/drive.js +243 -49
  37. package/dist/shell/eval-text.js +2 -2
  38. package/dist/shell/evidence-reasoning.js +4 -4
  39. package/dist/shell/execution-backend/agent.js +20 -1
  40. package/dist/shell/execution-backend/container.js +4 -1
  41. package/dist/shell/execution-backend/local.js +4 -1
  42. package/dist/shell/feedback-cli.js +6 -6
  43. package/dist/shell/fs-atomic.js +218 -29
  44. package/dist/shell/man-cli.js +6 -0
  45. package/dist/shell/metrics-cli.js +2 -1
  46. package/dist/shell/multi-agent-cli.js +367 -323
  47. package/dist/shell/multi-agent-host.js +9 -9
  48. package/dist/shell/multi-agent-operator-ux.js +80 -38
  49. package/dist/shell/node-store.js +10 -4
  50. package/dist/shell/observability.js +1 -1
  51. package/dist/shell/operator-ux-text.js +22 -22
  52. package/dist/shell/operator-ux.js +15 -14
  53. package/dist/shell/orchestrator.js +49 -38
  54. package/dist/shell/pipeline-cli.js +87 -40
  55. package/dist/shell/reclamation-io.js +14 -4
  56. package/dist/shell/registry-cli.js +19 -17
  57. package/dist/shell/remote-source.js +13 -8
  58. package/dist/shell/report-cli.js +45 -0
  59. package/dist/shell/report.js +2 -1
  60. package/dist/shell/run-registry-io.js +77 -19
  61. package/dist/shell/run-store.js +74 -2
  62. package/dist/shell/scheduling-io.js +12 -13
  63. package/dist/shell/state-cli.js +2 -7
  64. package/dist/shell/state-explosion-cli.js +17 -9
  65. package/dist/shell/topology-io.js +36 -5
  66. package/dist/shell/trust-audit.js +224 -22
  67. package/dist/shell/trust-policy-io.js +1 -1
  68. package/dist/shell/worker-cli.js +35 -31
  69. package/dist/wiring/capability-table/basics.js +33 -8
  70. package/dist/wiring/capability-table/exec-backend.js +20 -11
  71. package/dist/wiring/capability-table/multi-agent.js +172 -165
  72. package/dist/wiring/capability-table/parity.js +1 -0
  73. package/dist/wiring/capability-table/pipeline.js +54 -42
  74. package/dist/wiring/capability-table/registry-core.js +29 -10
  75. package/dist/wiring/capability-table/reporting.js +137 -96
  76. package/dist/wiring/capability-table/scheduling-registry.js +195 -161
  77. package/dist/wiring/capability-table/state.js +36 -28
  78. package/dist/wiring/capability-table/trust-ledger.js +46 -22
  79. package/dist/wiring/capability-table/workflow-apps.js +83 -68
  80. package/docs/agent-delegation-drive.7.md +2 -0
  81. package/docs/candidate-scoring.7.md +1 -1
  82. package/docs/canonical-workflow-apps.7.md +7 -7
  83. package/docs/cli-mcp-parity.7.md +8 -3
  84. package/docs/contract-migration-tooling.7.md +2 -0
  85. package/docs/control-plane-scheduling.7.md +2 -0
  86. package/docs/coordinator-blackboard.7.md +17 -17
  87. package/docs/dogfood-one-real-repo.7.md +11 -11
  88. package/docs/durable-state-and-locking.7.md +2 -0
  89. package/docs/end-to-end-golden-path.7.md +14 -14
  90. package/docs/evidence-adoption-reasoning-chain.7.md +2 -0
  91. package/docs/execution-backends.7.md +2 -0
  92. package/docs/getting-started.md +37 -37
  93. package/docs/multi-agent-cli-mcp-surface.7.md +19 -17
  94. package/docs/multi-agent-eval-replay-harness.7.md +15 -13
  95. package/docs/multi-agent-operator-ux.7.md +21 -19
  96. package/docs/multi-agent-runtime-core.7.md +22 -22
  97. package/docs/multi-agent-topologies.7.md +6 -6
  98. package/docs/multi-agent-trust-policy-audit.7.md +11 -11
  99. package/docs/node-snapshot-diff-replay.7.md +2 -0
  100. package/docs/observability-cost-accounting.7.md +2 -0
  101. package/docs/operator-ux.7.md +34 -34
  102. package/docs/pipeline-runner.7.md +4 -4
  103. package/docs/project-index.md +27 -4
  104. package/docs/real-execution-backends.7.md +2 -0
  105. package/docs/release-and-migration.7.md +3 -1
  106. package/docs/release-tooling.7.md +2 -0
  107. package/docs/routines.md +4 -4
  108. package/docs/run-registry-control-plane.7.md +21 -19
  109. package/docs/run-retention-reclamation.7.md +2 -0
  110. package/docs/scheduled-tasks.md +14 -14
  111. package/docs/security-trust-hardening.7.md +15 -15
  112. package/docs/state-explosion-management.7.md +12 -10
  113. package/docs/team-collaboration.7.md +2 -0
  114. package/docs/trust-audit-anchor.7.md +2 -0
  115. package/docs/unix-principles.md +3 -1
  116. package/docs/verifier-gated-commit.7.md +1 -1
  117. package/docs/web-desktop-workbench.7.md +2 -0
  118. package/docs/workflow-app-framework.7.md +13 -13
  119. package/manifest/plugin.manifest.json +1 -1
  120. package/package.json +2 -2
  121. package/scripts/agents/claude-p-agent.js +2 -2
  122. package/scripts/block-unapproved-tag.sh +23 -2
  123. package/scripts/canonical-apps.js +4 -4
  124. package/scripts/children/batch-delegate-child.js +52 -2
  125. package/scripts/dogfood-release.js +1 -1
  126. package/scripts/fake-date-for-reproduction.js +44 -0
  127. package/scripts/golden-path.js +4 -4
  128. package/scripts/purity-baseline.json +3 -0
  129. package/scripts/release-flow.js +57 -1
  130. package/scripts/verdict-keygen.js +83 -0
  131. package/scripts/verify-bump-reproduction.sh +148 -0
  132. package/scripts/verify-verdict-signature.js +61 -0
  133. package/skills/cool-workflow/SKILL.md +9 -9
  134. package/skills/cool-workflow/references/commands.md +89 -88
  135. package/ui/workbench/app.css +37 -1
  136. package/ui/workbench/app.js +124 -6
@@ -0,0 +1,148 @@
1
+ #!/usr/bin/env bash
2
+ # verify-bump-reproduction.sh — closes the HEAD~1 verdict-replay bypass.
3
+ #
4
+ # release-gate.yml / npm-publish.yml tolerate a verdict written for the tag
5
+ # commit's PARENT (release-flow.js's cut() reviews content, then adds a
6
+ # mechanical version-bump + the verdict as a NEW child commit that actually
7
+ # gets tagged). A validly-signed verdict at the parent proves someone once
8
+ # approved THAT commit — it does NOT prove the child (the thing actually being
9
+ # tagged) is the deterministic bump cut() would have produced, rather than an
10
+ # attacker's own commit smuggling in arbitrary changes on top of an old,
11
+ # genuinely-approved parent (a real signature on a REPLAYED verdict).
12
+ #
13
+ # This script independently reproduces the bump: checks out the approved
14
+ # parent into a scratch worktree, runs the SAME bump:version/sync:project-index
15
+ # steps cut() runs, stages the SAME way cut() stages (git add -u + the
16
+ # explicit verdict/.sig paths, never -A), and requires the resulting tree to
17
+ # match the ACTUAL tagged commit's tree byte-for-byte. Any difference —
18
+ # anywhere, including a single added file — fails closed.
19
+ #
20
+ # Usage: verify-bump-reproduction.sh <approved-parent-sha> <tagged-sha> <verdict-repo-relative-path> [sig-repo-relative-path]
21
+ #
22
+ # Exit 0: the tagged commit's tree matches the reproduced bump exactly.
23
+ # Exit 1: mismatch, or any step failed (install, bump, sync, worktree, etc).
24
+ set -uo pipefail
25
+
26
+ # Where THIS SCRIPT ITSELF lives — distinct from REPO_ROOT (the git repo being
27
+ # operated ON, resolved below from the invocation cwd). These coincide in
28
+ # ordinary production use (the script runs from within the same checkout it
29
+ # verifies), but conflating them is wrong: REPO_ROOT could be an ARBITRARY git
30
+ # context (e.g. a test harness's throwaway clone of old history, which never
31
+ # has this script's own sibling files, since they postdate whatever was
32
+ # cloned). Sibling files this script depends on must be found relative to
33
+ # where it is installed, never relative to the repo it happens to be pointed at.
34
+ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
35
+
36
+ PARENT="${1:-}"
37
+ TAGGED="${2:-}"
38
+ VERDICT_REL="${3:-}"
39
+ SIG_REL="${4:-}"
40
+ if [[ -z "$PARENT" || -z "$TAGGED" || -z "$VERDICT_REL" ]]; then
41
+ echo "usage: verify-bump-reproduction.sh <parent-sha> <tagged-sha> <verdict-rel-path> [sig-rel-path]" >&2
42
+ exit 1
43
+ fi
44
+
45
+ REPO_ROOT="$(git rev-parse --show-toplevel)" || exit 1
46
+ SCRATCH_PARENT="$(mktemp -d)"
47
+ SCRATCH="$SCRATCH_PARENT/wt"
48
+ cleanup() {
49
+ git -C "$REPO_ROOT" worktree remove --force "$SCRATCH" >/dev/null 2>&1
50
+ rm -rf "$SCRATCH_PARENT"
51
+ }
52
+ trap cleanup EXIT
53
+
54
+ if ! git -C "$REPO_ROOT" worktree add --quiet --detach "$SCRATCH" "$PARENT" 2>/dev/null; then
55
+ echo "verify-bump-reproduction: could not create a scratch worktree at $PARENT" >&2
56
+ exit 1
57
+ fi
58
+
59
+ # The target version comes from the TAGGED commit (not the parent, which may
60
+ # still be pre-bump) — read via git plumbing, no separate checkout needed.
61
+ VERSION="$(git -C "$REPO_ROOT" show "$TAGGED:plugins/cool-workflow/package.json" 2>/dev/null | node -e '
62
+ let s=""; process.stdin.on("data",d=>s+=d).on("end",()=>{ try { process.stdout.write(JSON.parse(s).version||""); } catch { process.stdout.write(""); } });
63
+ ')"
64
+ if [[ -z "$VERSION" ]]; then
65
+ echo "verify-bump-reproduction: could not read package.json version from tagged commit $TAGGED" >&2
66
+ exit 1
67
+ fi
68
+
69
+ # sync-project-index.js embeds a wall-clock "Generated on <date>" line. Pin it
70
+ # to the TAGGED commit's own committer date (UTC) via a Node --require preload
71
+ # that overrides the global Date constructor (fake-date-for-reproduction.js),
72
+ # NOT an application-level env var: the scratch worktree runs the APPROVED
73
+ # PARENT's OWN checked-out copy of sync-project-index.js, which for every
74
+ # release cut before this mechanism existed has no idea any such env var is
75
+ # meant to be read — an app-level opt-in is a no-op against code that doesn't
76
+ # know to opt in, so it can only ever "work" for releases cut after the
77
+ # mechanism landed (confirmed empirically: re-running an already-shipped
78
+ # release's real approved-parent/tagged pair on a later calendar day produced
79
+ # a tree mismatch whose ONLY diff was that one date line). A global override
80
+ # of the Date constructor, injected before any application code runs, is
81
+ # transparent to the code being executed regardless of which version it is.
82
+ CUT_DATE="$(TZ=UTC git -C "$REPO_ROOT" show -s --format=%cd --date=format-local:%Y-%m-%d "$TAGGED" 2>/dev/null)"
83
+ if [[ -z "$CUT_DATE" ]]; then
84
+ echo "verify-bump-reproduction: could not read the tagged commit's committer date" >&2
85
+ exit 1
86
+ fi
87
+ FAKE_DATE_PRELOAD="$SCRIPT_DIR/fake-date-for-reproduction.js"
88
+
89
+ # Each step's exit code is checked EXPLICITLY and immediately (not via a
90
+ # `cmd1 && cmd2 && cmd3` chain) — a chain's overall success can silently
91
+ # survive an earlier step's failure if a future edit ever loosens it (e.g.
92
+ # `&&` accidentally becoming `;`), which would flip this fail-closed gate to
93
+ # fail-open without changing its outward shape. stdout/stderr from each step
94
+ # are captured (not discarded to /dev/null) so a real failure — a transient
95
+ # npm registry hiccup vs. an actual reproduction mismatch — is distinguishable
96
+ # in the workflow log instead of both collapsing into the same generic message.
97
+ run_step() {
98
+ local label="$1"
99
+ shift
100
+ local out
101
+ out="$("$@" 2>&1)"
102
+ local code=$?
103
+ if [[ $code -ne 0 ]]; then
104
+ echo "verify-bump-reproduction: $label failed (exit $code):" >&2
105
+ echo "$out" >&2
106
+ return 1
107
+ fi
108
+ return 0
109
+ }
110
+
111
+ (
112
+ cd "$SCRATCH/plugins/cool-workflow" || exit 1
113
+ export NODE_OPTIONS="--require $FAKE_DATE_PRELOAD"
114
+ export CW_FAKE_DATE="$CUT_DATE"
115
+ run_step "npm install" npm install --no-package-lock --ignore-scripts || exit 1
116
+ run_step "bump:version" npm run bump:version -- "$VERSION" || exit 1
117
+ run_step "sync:project-index" npm run sync:project-index -- --repo-only || exit 1
118
+ )
119
+ BUMP_STATUS=$?
120
+ if [[ $BUMP_STATUS -ne 0 ]]; then
121
+ echo "verify-bump-reproduction: reproducing the bump for $PARENT -> v$VERSION failed" >&2
122
+ exit 1
123
+ fi
124
+
125
+ mkdir -p "$SCRATCH/.cw-release"
126
+ cp "$REPO_ROOT/$VERDICT_REL" "$SCRATCH/$VERDICT_REL" || exit 1
127
+ if [[ -n "$SIG_REL" && -f "$REPO_ROOT/$SIG_REL" ]]; then
128
+ cp "$REPO_ROOT/$SIG_REL" "$SCRATCH/$SIG_REL" || exit 1
129
+ fi
130
+
131
+ # Mirror cut()'s OWN staging exactly (git-add -u + the explicit verdict/.sig
132
+ # paths) — never -A, so an untracked stray left by npm/tooling in the scratch
133
+ # worktree can never silently ride into what we compare.
134
+ git -C "$SCRATCH" add -u
135
+ git -C "$SCRATCH" add -- "$VERDICT_REL"
136
+ if [[ -n "$SIG_REL" && -f "$SCRATCH/$SIG_REL" ]]; then
137
+ git -C "$SCRATCH" add -- "$SIG_REL"
138
+ fi
139
+
140
+ EXPECTED_TREE="$(git -C "$SCRATCH" write-tree)"
141
+ ACTUAL_TREE="$(git -C "$REPO_ROOT" rev-parse "$TAGGED^{tree}")"
142
+
143
+ if [[ "$EXPECTED_TREE" != "$ACTUAL_TREE" ]]; then
144
+ echo "verify-bump-reproduction: $TAGGED's tree ($ACTUAL_TREE) does not match the deterministic bump reproduced from approved parent $PARENT ($EXPECTED_TREE) — refusing" >&2
145
+ exit 1
146
+ fi
147
+
148
+ exit 0
@@ -0,0 +1,61 @@
1
+ #!/usr/bin/env node
2
+ "use strict";
3
+
4
+ // verify-verdict-signature.js — verify an ed25519 signature over a committed
5
+ // release verdict file, against the committed public key
6
+ // (.cw-release/verdict-signing.pub). Portable (node + node:crypto only) so
7
+ // CI (release-gate.yml, npm-publish.yml) and the local block-unapproved-tag.sh
8
+ // hook can all shell out to the SAME check instead of three drifting copies.
9
+ //
10
+ // Exit 0: signature verifies. Exit 1: missing file, unreadable key, or a
11
+ // signature that does not match (tampered verdict, wrong key, hand-written
12
+ // verdict with no real signature). Never throws uncaught — callers rely on
13
+ // the exit code alone, not stderr text.
14
+ //
15
+ // Usage: node verify-verdict-signature.js <verdict-file> <sig-file> <pubkey-file>
16
+
17
+ const fs = require("node:fs");
18
+ const crypto = require("node:crypto");
19
+
20
+ function fail(message) {
21
+ process.stderr.write(`verify-verdict-signature: ${message}\n`);
22
+ process.exit(1);
23
+ }
24
+
25
+ const [, , verdictPath, sigPath, pubkeyPath] = process.argv;
26
+ if (!verdictPath || !sigPath || !pubkeyPath) {
27
+ process.stderr.write("usage: verify-verdict-signature.js <verdict-file> <sig-file> <pubkey-file>\n");
28
+ process.exit(2);
29
+ }
30
+
31
+ let message;
32
+ try {
33
+ message = fs.readFileSync(verdictPath);
34
+ } catch (error) {
35
+ fail(`cannot read verdict file ${verdictPath}: ${error.message}`);
36
+ }
37
+
38
+ let signature;
39
+ try {
40
+ signature = Buffer.from(fs.readFileSync(sigPath, "utf8").trim(), "base64");
41
+ if (signature.length === 0) fail(`signature file ${sigPath} is empty`);
42
+ } catch (error) {
43
+ fail(`cannot read signature file ${sigPath}: ${error.message}`);
44
+ }
45
+
46
+ let publicKey;
47
+ try {
48
+ publicKey = crypto.createPublicKey(fs.readFileSync(pubkeyPath, "utf8"));
49
+ } catch (error) {
50
+ fail(`cannot read public key ${pubkeyPath}: ${error.message}`);
51
+ }
52
+
53
+ let ok = false;
54
+ try {
55
+ ok = crypto.verify(null, message, publicKey, signature);
56
+ } catch (error) {
57
+ fail(`verification error: ${error.message}`);
58
+ }
59
+
60
+ if (!ok) fail(`signature does not match ${verdictPath} (tampered, wrong key, or not a real signature)`);
61
+ process.exit(0);
@@ -62,16 +62,16 @@ Use this loop to explain workflow progress when reporting status.
62
62
  ## Operating Loop
63
63
 
64
64
  1. Pick or create a workflow.
65
- 2. `node scripts/cw.js plan <workflow-id> ...` from the plugin root (or the
65
+ 2. `cw plan <workflow-id> ...` from the plugin root (or the
66
66
  absolute plugin script path).
67
- 3. `node scripts/cw.js dispatch <run-id> --limit N` to create a dispatch
67
+ 3. `cw dispatch <run-id> --limit N` to create a dispatch
68
68
  manifest for the current phase. Add `--sandbox <profile-id>` when an explicit
69
69
  worker policy profile is needed.
70
70
  4. If — and only if — the user explicitly asked for agents, spawn one subagent
71
71
  per dispatched task with disjoint scopes.
72
72
  5. Save each subagent summary to `.cw/runs/<run-id>/results/<task-id>.md`.
73
- 6. `node scripts/cw.js result <run-id> <task-id> <result-file>`.
74
- 7. When all required work is complete, `node scripts/cw.js report <run-id>`.
73
+ 6. `cw result <run-id> <task-id> <result-file>`.
74
+ 7. When all required work is complete, `cw report <run-id>`.
75
75
  8. Synthesize the final user-facing answer from the report and verified
76
76
  evidence.
77
77
 
@@ -114,11 +114,11 @@ report chain. See `references/commands.md` for the exact invocations.
114
114
  ## Essential Commands
115
115
 
116
116
  ```bash
117
- node scripts/cw.js list
118
- node scripts/cw.js plan architecture-review --repo /path/to/repo --question "Is this architecture sound?"
119
- node scripts/cw.js dispatch <run-id> --limit 6
120
- node scripts/cw.js result <run-id> <task-id> /path/to/result.md
121
- node scripts/cw.js report <run-id> --show
117
+ cw list
118
+ cw plan architecture-review --repo /path/to/repo --question "Is this architecture sound?"
119
+ cw dispatch <run-id> --limit 6
120
+ cw result <run-id> <task-id> /path/to/result.md
121
+ cw report <run-id> --show
122
122
  ```
123
123
 
124
124
  When working in this repository, the plugin root is `plugins/cool-workflow`.
@@ -26,19 +26,20 @@ absolute plugin script path. Run data is written to `.cw/runs/<run-id>/` under
26
26
  ## Discovery & apps
27
27
 
28
28
  ```bash
29
- node scripts/cw.js list
30
- node scripts/cw.js app list
31
- node scripts/cw.js app show architecture-review
32
- node scripts/cw.js app show pr-review-fix-ci
33
- node scripts/cw.js app show release-cut
34
- node scripts/cw.js app show research-synthesis
35
- node scripts/cw.js app validate apps/architecture-review/app.json
36
- node scripts/cw.js app show workflow-app-framework-demo
37
- node scripts/cw.js app validate apps/workflow-app-framework-demo/app.json
38
- node scripts/cw.js app validate end-to-end-golden-path
39
- node scripts/cw.js app package workflow-app-framework-demo
40
- node scripts/cw.js app init my-app --title "My App"
41
- node scripts/cw.js init my-workflow --title "My Workflow"
29
+ cw list
30
+ cw search architecture
31
+ cw app list
32
+ cw app show architecture-review
33
+ cw app show pr-review-fix-ci
34
+ cw app show release-cut
35
+ cw app show research-synthesis
36
+ cw app validate apps/architecture-review/app.json
37
+ cw app show workflow-app-framework-demo
38
+ cw app validate apps/workflow-app-framework-demo/app.json
39
+ cw app validate end-to-end-golden-path
40
+ cw app package workflow-app-framework-demo
41
+ cw app init my-app --title "My App"
42
+ cw init my-workflow --title "My Workflow"
42
43
  ```
43
44
 
44
45
  The canonical app ids are `architecture-review`, `pr-review-fix-ci`,
@@ -62,16 +63,16 @@ harness; the reviewer is delegated via `CW_AGENT_COMMAND`/`CW_AGENT_ENDPOINT`
62
63
  ## Plan / dispatch / result / report
63
64
 
64
65
  ```bash
65
- node scripts/cw.js plan architecture-review --repo /path/to/repo --question "Is this architecture sound?"
66
- node scripts/cw.js status <run-id>
67
- node scripts/cw.js status <run-id> --json
68
- node scripts/cw.js graph <run-id>
69
- node scripts/cw.js graph <run-id> --json
70
- node scripts/cw.js dispatch <run-id> --limit 6
71
- node scripts/cw.js dispatch <run-id> --sandbox readonly
72
- node scripts/cw.js result <run-id> <task-id> /path/to/result.md
73
- node scripts/cw.js report <run-id>
74
- node scripts/cw.js report <run-id> --show
66
+ cw plan architecture-review --repo /path/to/repo --question "Is this architecture sound?"
67
+ cw status <run-id>
68
+ cw status <run-id> --json
69
+ cw graph <run-id>
70
+ cw graph <run-id> --json
71
+ cw dispatch <run-id> --limit 6
72
+ cw dispatch <run-id> --sandbox readonly
73
+ cw result <run-id> <task-id> /path/to/result.md
74
+ cw report <run-id>
75
+ cw report <run-id> --show
75
76
  ```
76
77
 
77
78
  Operator UX is human-readable by default for `status`, `graph`, report
@@ -87,12 +88,12 @@ role, group, fanout/fanin, blackboard, coordinator, candidate, commit, and audit
87
88
  records — deterministic recipes, not hidden autonomous coordination.
88
89
 
89
90
  ```bash
90
- node scripts/cw.js topology list
91
- node scripts/cw.js topology show map-reduce
92
- node scripts/cw.js topology validate map-reduce
93
- node scripts/cw.js topology apply <run-id> map-reduce --task task-id --mapper-count 2
94
- node scripts/cw.js topology summary <run-id>
95
- node scripts/cw.js topology graph <run-id>
91
+ cw topology list
92
+ cw topology show map-reduce
93
+ cw topology validate map-reduce
94
+ cw topology apply <run-id> map-reduce --task task-id --mapper-count 2
95
+ cw topology summary <run-id>
96
+ cw topology graph <run-id>
96
97
  ```
97
98
 
98
99
  ## Multi-agent host surface
@@ -103,22 +104,22 @@ plumbing. It wraps the topology, multi-agent, blackboard, candidate, commit, and
103
104
  audit primitives; it does not replace them.
104
105
 
105
106
  ```bash
106
- node scripts/cw.js multi-agent run <run-id> --topology judge-panel --task task-id
107
- node scripts/cw.js multi-agent status <run-id>
108
- node scripts/cw.js multi-agent step <run-id> --sandbox readonly
109
- node scripts/cw.js multi-agent blackboard <run-id> summary
110
- node scripts/cw.js multi-agent score <run-id> candidate-id --criterion correctness=1 --evidence ref
111
- node scripts/cw.js multi-agent select <run-id> candidate-id --reason "verified winner"
107
+ cw multi-agent run <run-id> --topology judge-panel --task task-id
108
+ cw multi-agent status <run-id>
109
+ cw multi-agent step <run-id> --sandbox readonly
110
+ cw multi-agent blackboard <run-id> summary
111
+ cw multi-agent score <run-id> candidate-id --criterion correctness=1 --evidence ref
112
+ cw multi-agent select <run-id> candidate-id --reason "verified winner"
112
113
  ```
113
114
 
114
115
  Operator views (who depends on whom, who is blocked, which evidence was adopted):
115
116
 
116
117
  ```bash
117
- node scripts/cw.js multi-agent summary <run-id>
118
- node scripts/cw.js multi-agent graph <run-id>
119
- node scripts/cw.js multi-agent dependencies <run-id>
120
- node scripts/cw.js multi-agent failures <run-id>
121
- node scripts/cw.js multi-agent evidence <run-id>
118
+ cw multi-agent summary <run-id>
119
+ cw multi-agent graph <run-id>
120
+ cw multi-agent dependencies <run-id>
121
+ cw multi-agent failures <run-id>
122
+ cw multi-agent evidence <run-id>
122
123
  ```
123
124
 
124
125
  State Explosion Management — when a run grows too large to read, use derived,
@@ -126,11 +127,11 @@ provenance-backed digests (they never delete raw records and fail closed when
126
127
  stale; every synthetic node carries source ids and an expansion command):
127
128
 
128
129
  ```bash
129
- node scripts/cw.js summary refresh <run-id>
130
- node scripts/cw.js summary show <run-id>
131
- node scripts/cw.js blackboard summarize <run-id>
132
- node scripts/cw.js multi-agent summarize <run-id>
133
- node scripts/cw.js multi-agent graph <run-id> --view compact|critical-path|failures|... [--focus <id>] [--depth <n>]
130
+ cw summary refresh <run-id>
131
+ cw summary show <run-id>
132
+ cw blackboard summarize <run-id>
133
+ cw multi-agent summarize <run-id>
134
+ cw multi-agent graph <run-id> --view compact|critical-path|failures|... [--focus <id>] [--depth <n>]
134
135
  ```
135
136
 
136
137
  Trust / Policy / Audit — inspect role authority, message provenance, blackboard
@@ -138,11 +139,11 @@ write decisions, judge rationale, panel decisions, and why a result is trusted
138
139
  (missing policy/evidence/provenance/rationale fail closed):
139
140
 
140
141
  ```bash
141
- node scripts/cw.js audit multi-agent <run-id>
142
- node scripts/cw.js audit policy <run-id>
143
- node scripts/cw.js audit role <run-id>
144
- node scripts/cw.js audit blackboard <run-id>
145
- node scripts/cw.js audit judge <run-id>
142
+ cw audit multi-agent <run-id>
143
+ cw audit policy <run-id>
144
+ cw audit role <run-id>
145
+ cw audit blackboard <run-id>
146
+ cw audit judge <run-id>
146
147
  ```
147
148
 
148
149
  ## Multi-agent low-level state
@@ -154,12 +155,12 @@ transitions, duplicate memberships, ambiguous dispatch attachment, and missing
154
155
  fanin evidence fail closed.
155
156
 
156
157
  ```bash
157
- node scripts/cw.js multi-agent run <run-id> --id ma --objective "coordinated work"
158
- node scripts/cw.js multi-agent role <run-id> role --multi-agent-run ma --responsibility "do work" --required-evidence "result evidence"
159
- node scripts/cw.js multi-agent group <run-id> group --multi-agent-run ma --task task-id
160
- node scripts/cw.js multi-agent fanout <run-id> fanout --group group --reason "split work" --role role --task task-id
161
- node scripts/cw.js dispatch <run-id> --multi-agent-run ma --multi-agent-group group --multi-agent-role role --multi-agent-fanout fanout
162
- node scripts/cw.js multi-agent fanin <run-id> fanin --group group --fanout fanout --required-role role
158
+ cw multi-agent run <run-id> --id ma --objective "coordinated work"
159
+ cw multi-agent role <run-id> role --multi-agent-run ma --responsibility "do work" --required-evidence "result evidence"
160
+ cw multi-agent group <run-id> group --multi-agent-run ma --task task-id
161
+ cw multi-agent fanout <run-id> fanout --group group --reason "split work" --role role --task task-id
162
+ cw dispatch <run-id> --multi-agent-run ma --multi-agent-group group --multi-agent-role role --multi-agent-fanout fanout
163
+ cw multi-agent fanin <run-id> fanin --group group --fanout fanout --required-role role
163
164
  ```
164
165
 
165
166
  ## Eval & replay
@@ -168,12 +169,12 @@ Use when a topology-backed multi-agent run needs release-gate evidence.
168
169
  Artifacts live under `.cw/evals/<suite-id>/` as plain JSON plus `report.md`.
169
170
 
170
171
  ```bash
171
- node scripts/cw.js eval snapshot <run-id> --id suite-id
172
- node scripts/cw.js eval replay .cw/evals/suite-id/snapshot.json
173
- node scripts/cw.js eval compare .cw/evals/suite-id/snapshot.json .cw/evals/suite-id/replay-run.json
174
- node scripts/cw.js eval score .cw/evals/suite-id/replay-run.json
175
- node scripts/cw.js eval gate .cw/evals/suite-id
176
- node scripts/cw.js eval report .cw/evals/suite-id/replay-run.json
172
+ cw eval snapshot <run-id> --id suite-id
173
+ cw eval replay .cw/evals/suite-id/snapshot.json
174
+ cw eval compare .cw/evals/suite-id/snapshot.json .cw/evals/suite-id/replay-run.json
175
+ cw eval score .cw/evals/suite-id/replay-run.json
176
+ cw eval gate .cw/evals/suite-id
177
+ cw eval report .cw/evals/suite-id/replay-run.json
177
178
  ```
178
179
 
179
180
  ## Blackboard & coordinator
@@ -183,14 +184,14 @@ context frames, artifact refs, snapshots, and coordinator decisions under
183
184
  `.cw/runs/<run-id>/blackboard/`.
184
185
 
185
186
  ```bash
186
- node scripts/cw.js blackboard summary <run-id>
187
- node scripts/cw.js blackboard topic create <run-id> --id topic --title "Shared context"
188
- node scripts/cw.js blackboard message post <run-id> --topic topic --body "message"
189
- node scripts/cw.js blackboard context put <run-id> --topic topic --kind fact --key finding --value "evidence-backed fact"
190
- node scripts/cw.js blackboard artifact add <run-id> --topic topic --path /path/to/result.md --kind worker-result
191
- node scripts/cw.js blackboard snapshot <run-id>
192
- node scripts/cw.js coordinator summary <run-id>
193
- node scripts/cw.js coordinator decision <run-id> --kind conflict-resolution --outcome accepted --reason "evidence supports this"
187
+ cw blackboard summary <run-id>
188
+ cw blackboard topic create <run-id> --id topic --title "Shared context"
189
+ cw blackboard message post <run-id> --topic topic --body "message"
190
+ cw blackboard context put <run-id> --topic topic --kind fact --key finding --value "evidence-backed fact"
191
+ cw blackboard artifact add <run-id> --topic topic --path /path/to/result.md --kind worker-result
192
+ cw blackboard snapshot <run-id>
193
+ cw coordinator summary <run-id>
194
+ cw coordinator decision <run-id> --kind conflict-resolution --outcome accepted --reason "evidence supports this"
194
195
  ```
195
196
 
196
197
  ## Sandbox profiles
@@ -201,10 +202,10 @@ CW enforces profile validation and worker result acceptance; the agent host
201
202
  enforces OS/process/network/environment controls.
202
203
 
203
204
  ```bash
204
- node scripts/cw.js sandbox list
205
- node scripts/cw.js sandbox show readonly
206
- node scripts/cw.js sandbox validate ./site-sandbox.json
207
- node scripts/cw.js worker manifest <run-id> <worker-id>
205
+ cw sandbox list
206
+ cw sandbox show readonly
207
+ cw sandbox validate ./site-sandbox.json
208
+ cw worker manifest <run-id> <worker-id>
208
209
  ```
209
210
 
210
211
  ## Commit, state & summaries
@@ -214,14 +215,14 @@ dry-runs migration and normalization; newer unsupported schemas fail closed and
214
215
  unknown user data is preserved.
215
216
 
216
217
  ```bash
217
- node scripts/cw.js commit <run-id> --verifier <node-id> --reason "verified result"
218
- node scripts/cw.js commit <run-id> --selection <selection-id> --reason "verified winner"
219
- node scripts/cw.js commit <run-id> --allow-unverified-checkpoint --reason "manual checkpoint"
220
- node scripts/cw.js worker summary <run-id>
221
- node scripts/cw.js candidate summary <run-id>
222
- node scripts/cw.js feedback summary <run-id>
223
- node scripts/cw.js commit summary <run-id>
224
- node scripts/cw.js state check <run-id>
218
+ cw commit <run-id> --verifier <node-id> --reason "verified result"
219
+ cw commit <run-id> --selection <selection-id> --reason "verified winner"
220
+ cw commit <run-id> --allow-unverified-checkpoint --reason "manual checkpoint"
221
+ cw worker summary <run-id>
222
+ cw candidate summary <run-id>
223
+ cw feedback summary <run-id>
224
+ cw commit summary <run-id>
225
+ cw state check <run-id>
225
226
  ```
226
227
 
227
228
  ## Scheduling & routines
@@ -232,12 +233,12 @@ prompt is handled. `routine create`/`routine fire` handle API/GitHub trigger
232
233
  events.
233
234
 
234
235
  ```bash
235
- node scripts/cw.js loop --intervalMinutes 30 --prompt "Continue this workflow."
236
- node scripts/cw.js schedule create --kind loop --intervalMinutes 30 --prompt "Continue this workflow."
237
- node scripts/cw.js schedule due
238
- node scripts/cw.js schedule daemon --once
239
- node scripts/cw.js routine create --kind github --prompt "Handle this GitHub event."
240
- node scripts/cw.js routine fire github payload.json
236
+ cw loop --intervalMinutes 30 --prompt "Continue this workflow."
237
+ cw schedule create --kind loop --intervalMinutes 30 --prompt "Continue this workflow."
238
+ cw schedule due
239
+ cw schedule daemon --once
240
+ cw routine create --kind github --prompt "Handle this GitHub event."
241
+ cw routine fire github payload.json
241
242
  ```
242
243
 
243
244
  ## Release & maintenance npm scripts
@@ -12,6 +12,20 @@
12
12
  --absent: #d29922;
13
13
  --bad: #f85149;
14
14
  }
15
+ @media (prefers-color-scheme: light) {
16
+ :root {
17
+ --bg: #f6f7f9;
18
+ --panel: #ffffff;
19
+ --panel-2: #eef0f4;
20
+ --ink: #1b1f27;
21
+ --muted: #5b6472;
22
+ --line: #d7dce4;
23
+ --accent: #1a6fd6;
24
+ --present: #1a7f37;
25
+ --absent: #9a6700;
26
+ --bad: #cf222e;
27
+ }
28
+ }
15
29
  * { box-sizing: border-box; }
16
30
  body {
17
31
  margin: 0;
@@ -45,8 +59,17 @@ input[type="search"] {
45
59
  }
46
60
  .run-list li:hover { border-color: var(--accent); }
47
61
  .run-list li.active { border-color: var(--accent); background: var(--panel-2); }
48
- .run-list .rid { font-family: ui-monospace, monospace; font-size: 12px; }
62
+ .run-list .rid { font-family: ui-monospace, monospace; font-size: 12px; display: flex; align-items: center; gap: 6px; }
49
63
  .run-list .meta { color: var(--muted); font-size: 11px; margin-top: 2px; }
64
+ .status-dot {
65
+ display: inline-block; width: 8px; height: 8px; border-radius: 50%; flex: none;
66
+ background: var(--muted);
67
+ }
68
+ .status-dot.running { background: var(--accent); }
69
+ .status-dot.completed { background: var(--present); }
70
+ .status-dot.queued, .status-dot.archived, .status-dot.reclaimed { background: var(--muted); }
71
+ .status-dot.blocked { background: var(--absent); }
72
+ .status-dot.failed { background: var(--bad); }
50
73
  .detail { overflow-y: auto; padding: 16px 20px; }
51
74
  .detail .empty { color: var(--muted); }
52
75
  .tabs { display: flex; gap: 6px; flex-wrap: wrap; border-bottom: 1px solid var(--line); padding-bottom: 8px; margin-bottom: 12px; }
@@ -74,3 +97,16 @@ pre.json {
74
97
  .kv { display: flex; gap: 16px; flex-wrap: wrap; padding: 8px 12px; font-size: 12px; color: var(--muted); }
75
98
  .kv b { color: var(--ink); font-weight: 600; }
76
99
  .err { color: var(--bad); }
100
+ .struct-block { padding: 10px 12px; border-top: 1px solid var(--line); }
101
+ .struct-block:first-child { border-top: none; }
102
+ .struct-block .struct-title { font-size: 11px; text-transform: uppercase; letter-spacing: 0.04em; color: var(--muted); margin-bottom: 6px; }
103
+ .struct-table { width: 100%; border-collapse: collapse; font-size: 12px; }
104
+ .struct-table th, .struct-table td {
105
+ text-align: left; padding: 4px 8px; border-bottom: 1px solid var(--line);
106
+ font-family: ui-monospace, SFMono-Regular, Menlo, monospace; vertical-align: top;
107
+ }
108
+ .struct-table th { color: var(--muted); font-weight: 400; }
109
+ .struct-edges { list-style: none; margin: 0; padding: 0; font-size: 12px; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; }
110
+ .struct-edges li { padding: 3px 0; }
111
+ .struct-edges .arrow { color: var(--muted); padding: 0 6px; }
112
+ .struct-empty { color: var(--muted); font-size: 12px; }