cool-workflow 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/.gemini-plugin/mcp.json +10 -0
  4. package/.gemini-plugin/plugin.json +40 -0
  5. package/.opencode-plugin/mcp.json +10 -0
  6. package/.opencode-plugin/plugin.json +40 -0
  7. package/README.md +202 -48
  8. package/apps/architecture-review/app.json +1 -1
  9. package/apps/architecture-review-fast/app.json +1 -1
  10. package/apps/end-to-end-golden-path/app.json +1 -1
  11. package/apps/pr-review-fix-ci/app.json +1 -1
  12. package/apps/release-cut/app.json +1 -1
  13. package/apps/research-synthesis/app.json +1 -1
  14. package/dist/cli/dispatch.js +33 -4
  15. package/dist/cli/entry.js +11 -19
  16. package/dist/cli/global-flags.js +113 -0
  17. package/dist/cli/io.js +6 -20
  18. package/dist/cli/parseargv.js +7 -1
  19. package/dist/core/capability-data.js +339 -10
  20. package/dist/core/format/help.js +80 -4
  21. package/dist/core/format/recovery-hint.js +32 -0
  22. package/dist/core/multi-agent/collaboration.js +35 -6
  23. package/dist/core/multi-agent/runtime.js +7 -0
  24. package/dist/core/multi-agent/trust-policy.js +7 -1
  25. package/dist/core/pipeline/contract.js +7 -0
  26. package/dist/core/pipeline/error-feedback.js +2 -2
  27. package/dist/core/trust/evidence-grounding.js +13 -1
  28. package/dist/core/util/cli-args.js +55 -0
  29. package/dist/core/version.js +1 -1
  30. package/dist/mcp/dispatch.js +22 -2
  31. package/dist/mcp/server.js +124 -13
  32. package/dist/mcp-server.js +20 -0
  33. package/dist/shell/commit.js +8 -2
  34. package/dist/shell/coordinator-io.js +73 -1
  35. package/dist/shell/drive.js +129 -64
  36. package/dist/shell/error-feedback-io.js +6 -0
  37. package/dist/shell/execution-backend/agent.js +205 -24
  38. package/dist/shell/execution-backend/container.js +44 -10
  39. package/dist/shell/execution-backend/local.js +47 -10
  40. package/dist/shell/fs-atomic.js +93 -12
  41. package/dist/shell/ledger-cli.js +9 -2
  42. package/dist/shell/multi-agent-cli.js +5 -1
  43. package/dist/shell/onramp.js +48 -5
  44. package/dist/shell/pipeline-cli.js +20 -2
  45. package/dist/shell/pipeline.js +2 -1
  46. package/dist/shell/reclamation-io.js +76 -7
  47. package/dist/shell/registry-cli.js +4 -0
  48. package/dist/shell/run-export.js +52 -4
  49. package/dist/shell/run-registry-io.js +1 -0
  50. package/dist/shell/run-store.js +156 -0
  51. package/dist/shell/scheduler-io.js +101 -10
  52. package/dist/shell/telemetry-ledger-io.js +36 -24
  53. package/dist/shell/trust-audit.js +104 -10
  54. package/dist/shell/workbench-host.js +121 -10
  55. package/dist/shell/workbench.js +79 -5
  56. package/dist/shell/worker-isolation.js +1 -1
  57. package/dist/shell/workflow-app-loader.js +67 -1
  58. package/dist/wiring/capability-table/basics.js +7 -2
  59. package/dist/wiring/capability-table/exec-backend.js +42 -24
  60. package/dist/wiring/capability-table/multi-agent.js +69 -69
  61. package/dist/wiring/capability-table/pipeline.js +60 -28
  62. package/dist/wiring/capability-table/registry-core.js +29 -6
  63. package/dist/wiring/capability-table/reporting.js +45 -39
  64. package/dist/wiring/capability-table/scheduling-registry.js +66 -60
  65. package/dist/wiring/capability-table/state.js +34 -34
  66. package/dist/wiring/capability-table/trust-ledger.js +66 -24
  67. package/dist/wiring/capability-table/workflow-apps.js +15 -15
  68. package/docs/agent-delegation-drive.7.md +17 -0
  69. package/docs/cli-mcp-parity.7.md +43 -13
  70. package/docs/contract-migration-tooling.7.md +4 -0
  71. package/docs/control-plane-scheduling.7.md +38 -0
  72. package/docs/cross-agent-ledger.7.md +20 -8
  73. package/docs/durable-state-and-locking.7.md +4 -0
  74. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  75. package/docs/execution-backends.7.md +4 -0
  76. package/docs/fix.7.md +4 -4
  77. package/docs/getting-started.md +40 -32
  78. package/docs/index.md +17 -0
  79. package/docs/launch/demo.tape +4 -3
  80. package/docs/mcp-app-surface.7.md +6 -0
  81. package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
  82. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  83. package/docs/multi-agent-operator-ux.7.md +4 -0
  84. package/docs/node-snapshot-diff-replay.7.md +4 -0
  85. package/docs/observability-cost-accounting.7.md +4 -0
  86. package/docs/project-index.md +43 -9
  87. package/docs/real-execution-backends.7.md +4 -0
  88. package/docs/release-and-migration.7.md +4 -0
  89. package/docs/release-tooling.7.md +22 -0
  90. package/docs/routine.7.md +22 -0
  91. package/docs/run-registry-control-plane.7.md +4 -0
  92. package/docs/run-retention-reclamation.7.md +28 -3
  93. package/docs/state-explosion-management.7.md +4 -0
  94. package/docs/team-collaboration.7.md +4 -0
  95. package/docs/trust-audit-anchor.7.md +4 -0
  96. package/docs/web-desktop-workbench.7.md +26 -2
  97. package/docs/workflow-app-framework.7.md +31 -0
  98. package/manifest/plugin.manifest.json +1 -1
  99. package/manifest/source-context-profiles.json +4 -3
  100. package/package.json +5 -2
  101. package/scripts/agents/agent-adapter-core.js +26 -0
  102. package/scripts/agents/claude-p-agent.js +4 -1
  103. package/scripts/agents/codex-agent.js +4 -0
  104. package/scripts/agents/cw-attest-wrap.js +1 -1
  105. package/scripts/agents/gemini-agent.js +4 -0
  106. package/scripts/agents/opencode-agent.js +5 -0
  107. package/scripts/block-unapproved-tag.js +160 -0
  108. package/scripts/bump-version.js +27 -10
  109. package/scripts/canonical-apps.js +4 -4
  110. package/scripts/children/batch-delegate-child.js +72 -4
  111. package/scripts/children/http-batch-delegate-child.js +132 -0
  112. package/scripts/children/http-delegate-child.js +8 -0
  113. package/scripts/dogfood-release.js +2 -2
  114. package/scripts/fake-date-for-reproduction.js +1 -1
  115. package/scripts/golden-path.js +4 -4
  116. package/scripts/lang-policy-check.js +82 -0
  117. package/scripts/purity-baseline.json +0 -30
  118. package/scripts/purity-gate.js +16 -3
  119. package/scripts/release-check.js +2 -1
  120. package/scripts/release-flow.js +264 -41
  121. package/scripts/release-gate.js +184 -0
  122. package/scripts/release-oneclick.js +438 -0
  123. package/scripts/release-tags.js +47 -0
  124. package/scripts/verdict-keygen.js +2 -2
  125. package/scripts/verify-bump-reproduction.js +193 -0
  126. package/scripts/verify-verdict-signature.js +1 -1
  127. package/scripts/version-sync-check.js +39 -22
  128. package/ui/workbench/app.css +41 -9
  129. package/ui/workbench/app.js +160 -27
  130. package/ui/workbench/index.html +2 -2
  131. package/docs/agent-framework.md +0 -177
  132. package/docs/designs/handoff-ledger.md +0 -145
  133. package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +0 -40
  134. package/docs/launch/launch-kit.md +0 -195
  135. package/docs/launch/pre-launch-checklist.md +0 -53
  136. package/docs/readme-v0.1.87-full.md +0 -301
  137. package/docs/routines.md +0 -101
  138. package/docs/scheduled-tasks.md +0 -80
  139. package/scripts/agents/claude-p-agent.sh +0 -9
  140. package/scripts/block-unapproved-tag.sh +0 -60
  141. package/scripts/release-gate.sh +0 -94
  142. package/scripts/verify-bump-reproduction.sh +0 -148
  143. package/scripts/verify-container-selfref.js +0 -64
@@ -1,14 +1,21 @@
1
1
  # Getting Started
2
2
 
3
+ *This page is for people changing CW itself. To USE `cw`, see the wiki
4
+ [Getting Started](https://github.com/coo1white/cool-workflow/wiki/Getting-Started).*
5
+
3
6
  Start from a new clone:
4
7
 
5
8
  ```bash
6
9
  cd plugins/cool-workflow
7
10
  npm install
8
11
  npm run build
12
+ npm link # puts the `cw` command on your PATH
9
13
  cw app list
10
14
  ```
11
15
 
16
+ No `npm link`? Every `cw <args>` line on this page also works as
17
+ `node scripts/cw.js <args>` from this directory.
18
+
12
19
  ## Check your setup first (`cw doctor`)
13
20
 
14
21
  Like `brew doctor`, this names any setup problem and the fix for it before you
@@ -44,53 +51,54 @@ small:
44
51
  Add `--changed-from origin/main` in a source checkout to get the nearest smoke
45
52
  tests and guard checks for your current change.
46
53
 
47
- Make a run with a canonical workflow app:
54
+ ## One run, end to end
55
+
56
+ Plan a run with a canonical workflow app. `--dryRun true` keeps it safe;
57
+ put real version numbers in place of `X.Y.Z` / `X.Y.W`:
48
58
 
49
59
  ```bash
50
60
  cw plan release-cut \
51
61
  --repo "$PWD" \
52
- --version 0.1.25 \
53
- --previousVersion 0.1.24 \
62
+ --version X.Y.Z \
63
+ --previousVersion X.Y.W \
54
64
  --releaseBranch main \
55
65
  --dryRun true
56
66
  ```
57
67
 
58
- Use the run id you get back:
68
+ The plan prints a run id. See where that run is:
59
69
 
60
70
  ```bash
61
71
  cw status <run-id>
62
- cw graph <run-id>
72
+ ```
73
+
74
+ Give the next ready task to your agent, one step at a time, in a
75
+ read-only sandbox:
76
+
77
+ ```bash
63
78
  cw dispatch <run-id> --limit 1 --sandbox readonly
64
- cw worker summary <run-id>
65
- cw topology list
66
- cw topology apply <run-id> map-reduce --task <task-id>
67
- cw topology summary <run-id>
68
- cw multi-agent run <run-id> --topology judge-panel --task <task-id>
69
- cw multi-agent status <run-id>
70
- cw multi-agent graph <run-id>
71
- cw multi-agent dependencies <run-id>
72
- cw multi-agent failures <run-id>
73
- cw multi-agent evidence <run-id>
74
- cw multi-agent step <run-id> --sandbox readonly
75
- cw multi-agent blackboard <run-id> summary
76
- cw multi-agent score <run-id> <candidate-id> --criterion correctness=1 --evidence <ref>
77
- cw multi-agent select <run-id> <candidate-id> --reason "verified winner"
78
- cw multi-agent summary <run-id>
79
- cw blackboard summary <run-id>
80
- cw audit summary <run-id>
81
- cw audit multi-agent <run-id>
82
- cw audit policy <run-id>
83
- cw audit blackboard <run-id>
84
- cw audit judge <run-id>
85
- cw eval snapshot <run-id> --id <suite-id>
86
- cw eval replay .cw/evals/<suite-id>/snapshot.json
87
- cw eval compare .cw/evals/<suite-id>/snapshot.json .cw/evals/<suite-id>/replay-run.json
88
- cw eval score .cw/evals/<suite-id>/replay-run.json
89
- cw eval gate .cw/evals/<suite-id>
90
- cw eval report .cw/evals/<suite-id>/replay-run.json
79
+ ```
80
+
81
+ When the run is complete, read the report, then prove its record chain
82
+ offline:
83
+
84
+ ```bash
91
85
  cw report <run-id> --show
86
+ cw telemetry verify <run-id>
87
+ ```
88
+
89
+ If a run comes to a stop before the end — an agent error, a Ctrl-C, a
90
+ lost session — take it up again from where it stopped:
91
+
92
+ ```bash
93
+ cw run resume <run-id> --drive
92
94
  ```
93
95
 
96
+ That is the whole loop: plan → status → dispatch → report → verify →
97
+ resume. The common command shapes are on the wiki page
98
+ [Commands or API](https://github.com/coo1white/cool-workflow/wiki/Commands-or-API);
99
+ the complete, generated list of every command — topology, multi-agent,
100
+ audit, eval, and the rest — is in [`cli-mcp-parity.7.md`](cli-mcp-parity.7.md).
101
+
94
102
  Run the smallest check that fits the change:
95
103
 
96
104
  ```bash
package/docs/index.md CHANGED
@@ -52,6 +52,23 @@ advanced pages only when you need those parts.
52
52
  - [Trust Audit Anchor](trust-audit-anchor.7.md) - head anchor that makes a cut-off audit-log tail visible.
53
53
  - [State Explosion Management](state-explosion-management.7.md) - summaries, compact graph views, blackboard digests, and stale-aware compaction.
54
54
  - [Evidence Adoption Reasoning Chain](evidence-adoption-reasoning-chain.7.md) - why evidence was adopted or rejected.
55
+ - [Pipeline Runner](pipeline-runner.7.md) - the plan/dispatch/result/commit state machine at the kernel's center.
56
+ - [Pipeline Verbs](pipeline-verbs.7.md) - `cw plan|dispatch|result` and the worker result contract.
57
+ - [Verifier-Gated Commit](verifier-gated-commit.7.md) - evidence checks that let a commit through or refuse it.
58
+ - [Worker Isolation](worker-isolation.7.md) - worker-local state, write acceptance, and the isolation boundary.
59
+ - [Candidate Scoring](candidate-scoring.7.md) - scoring and selection across worker candidates.
60
+ - [Error Feedback](error-feedback.7.md) - structured error records fed back into the next attempt.
61
+ - [State Node](state-node.7.md) - the durable node record every run is made of.
62
+ - [Capability / Topology Registry](capability-topology-registry.7.md) - the one data source behind CLI, MCP, and help.
63
+ - [Cross-Agent Ledger](cross-agent-ledger.7.md) - digest-sealed proposals and reviews between two agents (`cw ledger`).
64
+ - [Routine Triggers](routine.7.md) - `cw routine` local trigger bridge for API/GitHub events.
65
+ - [Remote Source Review](remote-source-review.7.md) - reviewing a repository the agent cannot clone.
66
+ - [Vendor Manifest Loadability](vendor-manifest-loadability.7.md) - proving generated vendor manifests actually load.
67
+ - [Canonical Workflow Apps](canonical-workflow-apps.7.md) - the official app matrix and its checks.
68
+ - [Doctor](doctor.7.md) - environment and onramp diagnosis (`cw doctor`).
69
+ - [Demo](demo.7.md) - the tamper-evidence demo (`cw demo`).
70
+ - [Fix](fix.7.md) - `cw fix` guided recovery for a blocked run.
71
+ - [Init](init.7.md) - `cw init` repository bootstrap.
55
72
 
56
73
  CW is the base system. Workflow apps are userland. Release and migration rules
57
74
  must keep that line clear: stable contracts, clear compatibility checks, and
@@ -5,9 +5,10 @@
5
5
  #
6
6
  # vhs plugins/cool-workflow/docs/launch/demo.tape
7
7
  #
8
- # Output: docs/launch/demo-tamper.gif. Then in the root README, replace the
9
- # fenced demo output block under "See it in 30 seconds" with:
10
- # ![cw demo tamper](plugins/cool-workflow/docs/launch/demo-tamper.gif)
8
+ # Output: plugins/cool-workflow/docs/launch/demo-tamper.gif. The SHIPPED hero
9
+ # GIF is docs/assets/demo.gif (README.md:18) after a fresh capture, copy it
10
+ # there so the README picks it up:
11
+ # cp plugins/cool-workflow/docs/launch/demo-tamper.gif docs/assets/demo.gif
11
12
 
12
13
  Output plugins/cool-workflow/docs/launch/demo-tamper.gif
13
14
 
@@ -14,6 +14,12 @@ The bridge keeps to CW's base-system rules:
14
14
  `criteria`
15
15
  - errors fail closed through JSON-RPC errors and lasting ErrorFeedback where the
16
16
  runtime already keeps feedback
17
+ - a failed `tools/call` (a bad tool name, a missing needed value, or the
18
+ tool's own code failing) comes back as a normal result shaped
19
+ `{ content: [...], isError: true }`, with a `Try: <hint>` line when one
20
+ applies, not a bare JSON-RPC error — so a host that does not show
21
+ protocol errors to the model still lets it read the message and try
22
+ again
17
23
 
18
24
  ## App Run Flow
19
25
 
@@ -331,3 +331,7 @@ The host-facing surface tracks the CLI golden-path fixes (`cw -q` routing + repo
331
331
  0.2.2
332
332
 
333
333
  0.2.3
334
+
335
+ 0.2.4
336
+
337
+ 0.2.5
@@ -357,3 +357,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
357
357
  0.2.2
358
358
 
359
359
  0.2.3
360
+
361
+ 0.2.4
362
+
363
+ 0.2.5
@@ -369,3 +369,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
369
369
  0.2.2
370
370
 
371
371
  0.2.3
372
+
373
+ 0.2.4
374
+
375
+ 0.2.5
@@ -190,3 +190,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
190
190
  0.2.2
191
191
 
192
192
  0.2.3
193
+
194
+ 0.2.4
195
+
196
+ 0.2.5
@@ -250,3 +250,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
250
250
  0.2.2
251
251
 
252
252
  0.2.3
253
+
254
+ 0.2.4
255
+
256
+ 0.2.5
@@ -1,15 +1,15 @@
1
1
  # Cool Workflow Project Index
2
2
 
3
- Generated from the current repository code on 2026-07-10 by `npm run sync:project-index`.
3
+ Generated from the current repository code on 2026-07-13 by `npm run sync:project-index`.
4
4
 
5
5
  ## Snapshot
6
6
 
7
7
  - Package: `cool-workflow`
8
- - Version: `0.2.3`
9
- - Source modules: `148`
8
+ - Version: `0.2.5`
9
+ - Source modules: `151`
10
10
  - Workflow apps: `8`
11
- - Docs: `62`
12
- - Smoke tests: `201`
11
+ - Docs: `58`
12
+ - Smoke tests: `236`
13
13
  - Repository: https://github.com/coo1white/cool-workflow
14
14
 
15
15
  ## Architecture
@@ -80,12 +80,14 @@ multi-agent host -> topology -> blackboard/coordinator
80
80
 
81
81
  - [cli/dispatch.ts](../src/cli/dispatch.ts)
82
82
  - [cli/entry.ts](../src/cli/entry.ts)
83
+ - [cli/global-flags.ts](../src/cli/global-flags.ts)
83
84
  - [cli/io.ts](../src/cli/io.ts)
84
85
  - [cli/parseargv.ts](../src/cli/parseargv.ts)
85
86
  - [core/capability-data.ts](../src/core/capability-data.ts)
86
87
  - [core/capability-table.ts](../src/core/capability-table.ts)
87
88
  - [core/format/completion.ts](../src/core/format/completion.ts)
88
89
  - [core/format/help.ts](../src/core/format/help.ts)
90
+ - [core/format/recovery-hint.ts](../src/core/format/recovery-hint.ts)
89
91
  - [core/format/safe-json.ts](../src/core/format/safe-json.ts)
90
92
  - [core/format/state-explosion-text.ts](../src/core/format/state-explosion-text.ts)
91
93
  - [core/hash.ts](../src/core/hash.ts)
@@ -118,6 +120,7 @@ multi-agent host -> topology -> blackboard/coordinator
118
120
  - [core/types/boundary.ts](../src/core/types/boundary.ts)
119
121
  - [core/types/execution-backend.ts](../src/core/types/execution-backend.ts)
120
122
  - [core/types/observability.ts](../src/core/types/observability.ts)
123
+ - [core/util/cli-args.ts](../src/core/util/cli-args.ts)
121
124
  - [core/util/collate.ts](../src/core/util/collate.ts)
122
125
  - [core/util/numeric-flag.ts](../src/core/util/numeric-flag.ts)
123
126
  - [mcp/dispatch.ts](../src/mcp/dispatch.ts)
@@ -217,7 +220,6 @@ multi-agent host -> topology -> blackboard/coordinator
217
220
  ## Documentation Map
218
221
 
219
222
  - [Agent Delegation Drive](agent-delegation-drive.7.md)
220
- - [Workflow App framework](agent-framework.md)
221
223
  - [CANDIDATE-SCORING(7)](candidate-scoring.7.md)
222
224
  - [Canonical Workflow Apps](canonical-workflow-apps.7.md)
223
225
  - [CAPABILITY-TOPOLOGY-REGISTRY(7) — Cool Workflow Agent-Driven Self-Evolution](capability-topology-registry.7.md)
@@ -252,7 +254,6 @@ multi-agent host -> topology -> blackboard/coordinator
252
254
  - [PIPELINE-RUNNER(7)](pipeline-runner.7.md)
253
255
  - [PIPELINE-VERBS(7)](pipeline-verbs.7.md)
254
256
  - [Cool Workflow Project Index](project-index.md)
255
- - [Cool Workflow](readme-v0.1.87-full.md)
256
257
  - [Real Execution Backend Integrations](real-execution-backends.7.md)
257
258
  - [Release And Migration Discipline](release-and-migration.7.md)
258
259
  - [Cool Workflow Release History](release-history.md)
@@ -260,11 +261,9 @@ multi-agent host -> topology -> blackboard/coordinator
260
261
  - [Remote-Source Review (`--link`)](remote-source-review.7.md)
261
262
  - [Verifiable Report Bundle](report-verifiable-bundle.7.md)
262
263
  - [ROUTINE(7)](routine.7.md)
263
- - [Routines](routines.md)
264
264
  - [Run Registry / Control Plane](run-registry-control-plane.7.md)
265
265
  - [Run Retention & Provable Reclamation](run-retention-reclamation.7.md)
266
266
  - [SANDBOX-PROFILES(7)](sandbox-profiles.7.md)
267
- - [Scheduled Tasks](scheduled-tasks.md)
268
267
  - [Security / Trust Hardening](security-trust-hardening.7.md)
269
268
  - [Source Context Profiles](source-context-profiles.7.md)
270
269
  - [State Explosion Management](state-explosion-management.7.md)
@@ -284,6 +283,7 @@ multi-agent host -> topology -> blackboard/coordinator
284
283
  Smoke tests mirror the public contracts. The high-signal suites are:
285
284
 
286
285
  - [agent-backend-concurrent-user-env-smoke.js](../test/agent-backend-concurrent-user-env-smoke.js)
286
+ - [agent-backend-sandbox-deny-smoke.js](../test/agent-backend-sandbox-deny-smoke.js)
287
287
  - [agent-backend-user-env-smoke.js](../test/agent-backend-user-env-smoke.js)
288
288
  - [agent-config-atomic-write-smoke.js](../test/agent-config-atomic-write-smoke.js)
289
289
  - [agent-delegation-drive-smoke.js](../test/agent-delegation-drive-smoke.js)
@@ -296,7 +296,9 @@ Smoke tests mirror the public contracts. The high-signal suites are:
296
296
  - [artifact-integrity-smoke.js](../test/artifact-integrity-smoke.js)
297
297
  - [audit-verify-smoke.js](../test/audit-verify-smoke.js)
298
298
  - [backend-registry-smoke.js](../test/backend-registry-smoke.js)
299
+ - [batch-delegate-error-flush-smoke.js](../test/batch-delegate-error-flush-smoke.js)
299
300
  - [batch-output-overflow-smoke.js](../test/batch-output-overflow-smoke.js)
301
+ - [bench-run-smoke.js](../test/bench-run-smoke.js)
300
302
  - [blackboard-state-explosion-management-smoke.js](../test/blackboard-state-explosion-management-smoke.js)
301
303
  - [block-unapproved-tag-smoke.js](../test/block-unapproved-tag-smoke.js)
302
304
  - [budget-scaling-loop-smoke.js](../test/budget-scaling-loop-smoke.js)
@@ -321,13 +323,19 @@ Smoke tests mirror the public contracts. The high-signal suites are:
321
323
  - [clones-gc-smoke.js](../test/clones-gc-smoke.js)
322
324
  - [codex-agent-wrapper-smoke.js](../test/codex-agent-wrapper-smoke.js)
323
325
  - [collaboration-ops-unit-smoke.js](../test/collaboration-ops-unit-smoke.js)
326
+ - [commit-snapshot-slim-smoke.js](../test/commit-snapshot-slim-smoke.js)
324
327
  - [concurrency-default-smoke.js](../test/concurrency-default-smoke.js)
325
328
  - [concurrent-failure-semantics-smoke.js](../test/concurrent-failure-semantics-smoke.js)
326
329
  - [concurrent-subworkflow-cache-nesting-smoke.js](../test/concurrent-subworkflow-cache-nesting-smoke.js)
330
+ - [concurrent-subworkflow-no-wasted-spawn-smoke.js](../test/concurrent-subworkflow-no-wasted-spawn-smoke.js)
331
+ - [concurrent-subworkflow-only-batch-sigkill-smoke.js](../test/concurrent-subworkflow-only-batch-sigkill-smoke.js)
327
332
  - [concurrent-workflow-dsl-smoke.js](../test/concurrent-workflow-dsl-smoke.js)
333
+ - [container-backend-sandbox-deny-smoke.js](../test/container-backend-sandbox-deny-smoke.js)
328
334
  - [contract-migration-tooling-smoke.js](../test/contract-migration-tooling-smoke.js)
329
335
  - [control-plane-scheduling-smoke.js](../test/control-plane-scheduling-smoke.js)
330
336
  - [coordinator-blackboard-smoke.js](../test/coordinator-blackboard-smoke.js)
337
+ - [coordinator-messages-jsonl-atomic-smoke.js](../test/coordinator-messages-jsonl-atomic-smoke.js)
338
+ - [coordinator-messages-jsonl-dirty-append-smoke.js](../test/coordinator-messages-jsonl-dirty-append-smoke.js)
331
339
  - [coordinator-topology-persist-dirty-tracking-smoke.js](../test/coordinator-topology-persist-dirty-tracking-smoke.js)
332
340
  - [cw-help-per-command-smoke.js](../test/cw-help-per-command-smoke.js)
333
341
  - [dead-export-removal-guard-smoke.js](../test/dead-export-removal-guard-smoke.js)
@@ -342,15 +350,20 @@ Smoke tests mirror the public contracts. The high-signal suites are:
342
350
  - [dogfood-release-smoke.js](../test/dogfood-release-smoke.js)
343
351
  - [drive-async-real-signal-smoke.js](../test/drive-async-real-signal-smoke.js)
344
352
  - [drive-concurrency-flag-smoke.js](../test/drive-concurrency-flag-smoke.js)
353
+ - [drive-concurrent-round-sigkill-smoke.js](../test/drive-concurrent-round-sigkill-smoke.js)
345
354
  - [drive-exhaustion-blocked-smoke.js](../test/drive-exhaustion-blocked-smoke.js)
346
355
  - [drive-round-cache-serial-smoke.js](../test/drive-round-cache-serial-smoke.js)
356
+ - [drive-run-mutex-smoke.js](../test/drive-run-mutex-smoke.js)
347
357
  - [durable-atomic-write-smoke.js](../test/durable-atomic-write-smoke.js)
348
358
  - [end-to-end-demo-smoke.js](../test/end-to-end-demo-smoke.js)
349
359
  - [end-to-end-golden-path-smoke.js](../test/end-to-end-golden-path-smoke.js)
360
+ - [endpoint-concurrent-round-smoke.js](../test/endpoint-concurrent-round-smoke.js)
350
361
  - [error-feedback-resolution-smoke.js](../test/error-feedback-resolution-smoke.js)
351
362
  - [error-feedback-smoke.js](../test/error-feedback-smoke.js)
352
363
  - [evidence-adoption-reasoning-smoke.js](../test/evidence-adoption-reasoning-smoke.js)
353
364
  - [evidence-content-extraction-smoke.js](../test/evidence-content-extraction-smoke.js)
365
+ - [exec-child-termination-smoke.js](../test/exec-child-termination-smoke.js)
366
+ - [exec-vendor-reap-smoke.js](../test/exec-vendor-reap-smoke.js)
354
367
  - [execution-backend-agent-smoke.js](../test/execution-backend-agent-smoke.js)
355
368
  - [execution-backend-ci-smoke.js](../test/execution-backend-ci-smoke.js)
356
369
  - [execution-backends-smoke.js](../test/execution-backends-smoke.js)
@@ -361,17 +374,24 @@ Smoke tests mirror the public contracts. The high-signal suites are:
361
374
  - [gemini-opencode-agent-wrapper-smoke.js](../test/gemini-opencode-agent-wrapper-smoke.js)
362
375
  - [h7-custom-profile-persist-smoke.js](../test/h7-custom-profile-persist-smoke.js)
363
376
  - [headline-commands-smoke.js](../test/headline-commands-smoke.js)
377
+ - [http-delegate-child-multibyte-stdin-smoke.js](../test/http-delegate-child-multibyte-stdin-smoke.js)
364
378
  - [incremental-resume-smoke.js](../test/incremental-resume-smoke.js)
379
+ - [lang-policy-check-smoke.js](../test/lang-policy-check-smoke.js)
365
380
  - [ledger-apply-smoke.js](../test/ledger-apply-smoke.js)
366
381
  - [ledger-resolution-smoke.js](../test/ledger-resolution-smoke.js)
367
382
  - [ledger-verify-smoke.js](../test/ledger-verify-smoke.js)
368
383
  - [loop-bounded-expansion-smoke.js](../test/loop-bounded-expansion-smoke.js)
369
384
  - [man-run-registry-traversal-smoke.js](../test/man-run-registry-traversal-smoke.js)
370
385
  - [mcp-app-surface-smoke.js](../test/mcp-app-surface-smoke.js)
386
+ - [mcp-ping-and-arg-coercion-smoke.js](../test/mcp-ping-and-arg-coercion-smoke.js)
387
+ - [mcp-protocol-version-smoke.js](../test/mcp-protocol-version-smoke.js)
388
+ - [mcp-queue-epipe-smoke.js](../test/mcp-queue-epipe-smoke.js)
371
389
  - [mcp-surface-registry-smoke.js](../test/mcp-surface-registry-smoke.js)
372
390
  - [mcp-tool-call-coverage-smoke.js](../test/mcp-tool-call-coverage-smoke.js)
391
+ - [mcp-tool-call-error-isresult-smoke.js](../test/mcp-tool-call-error-isresult-smoke.js)
373
392
  - [mcp-untrusted-content-advisory-smoke.js](../test/mcp-untrusted-content-advisory-smoke.js)
374
393
  - [metrics-summary-limit-smoke.js](../test/metrics-summary-limit-smoke.js)
394
+ - [missing-artifact-gate-live-smoke.js](../test/missing-artifact-gate-live-smoke.js)
375
395
  - [multi-agent-cli-mcp-surface-smoke.js](../test/multi-agent-cli-mcp-surface-smoke.js)
376
396
  - [multi-agent-eval-determinism-regression-smoke.js](../test/multi-agent-eval-determinism-regression-smoke.js)
377
397
  - [multi-agent-eval-replay-harness-smoke.js](../test/multi-agent-eval-replay-harness-smoke.js)
@@ -390,6 +410,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
390
410
  - [numeric-flag-parsing-smoke.js](../test/numeric-flag-parsing-smoke.js)
391
411
  - [observability-cost-accounting-smoke.js](../test/observability-cost-accounting-smoke.js)
392
412
  - [one-way-boundary-smoke.js](../test/one-way-boundary-smoke.js)
413
+ - [onramp-baseref-failclosed-smoke.js](../test/onramp-baseref-failclosed-smoke.js)
393
414
  - [onramp-check-smoke.js](../test/onramp-check-smoke.js)
394
415
  - [opencode-agent-wrapper-smoke.js](../test/opencode-agent-wrapper-smoke.js)
395
416
  - [operator-ux-smoke.js](../test/operator-ux-smoke.js)
@@ -404,6 +425,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
404
425
  - [pipeline-auto-advance-smoke.js](../test/pipeline-auto-advance-smoke.js)
405
426
  - [pipeline-runner-smoke.js](../test/pipeline-runner-smoke.js)
406
427
  - [project-index-sync-smoke.js](../test/project-index-sync-smoke.js)
428
+ - [purity-gate-dynamic-import-smoke.js](../test/purity-gate-dynamic-import-smoke.js)
407
429
  - [quickstart-bundle-smoke.js](../test/quickstart-bundle-smoke.js)
408
430
  - [quickstart-check-smoke.js](../test/quickstart-check-smoke.js)
409
431
  - [quickstart-corpus-smoke.js](../test/quickstart-corpus-smoke.js)
@@ -416,13 +438,18 @@ Smoke tests mirror the public contracts. The high-signal suites are:
416
438
  - [registry-corrupt-fail-closed-smoke.js](../test/registry-corrupt-fail-closed-smoke.js)
417
439
  - [registry-corrupt-state-distinct-error-smoke.js](../test/registry-corrupt-state-distinct-error-smoke.js)
418
440
  - [release-check-skip-smoke.js](../test/release-check-skip-smoke.js)
441
+ - [release-flow-cut-hardening-smoke.js](../test/release-flow-cut-hardening-smoke.js)
419
442
  - [release-flow-smoke.js](../test/release-flow-smoke.js)
443
+ - [release-gate-detached-head-smoke.js](../test/release-gate-detached-head-smoke.js)
420
444
  - [release-gate-smoke.js](../test/release-gate-smoke.js)
445
+ - [release-oneclick-resume-repush-smoke.js](../test/release-oneclick-resume-repush-smoke.js)
446
+ - [release-oneclick-smoke.js](../test/release-oneclick-smoke.js)
421
447
  - [release-pipeline-hygiene-smoke.js](../test/release-pipeline-hygiene-smoke.js)
422
448
  - [release-tooling-smoke.js](../test/release-tooling-smoke.js)
423
449
  - [remote-link-archive-smoke.js](../test/remote-link-archive-smoke.js)
424
450
  - [remote-link-git-smoke.js](../test/remote-link-git-smoke.js)
425
451
  - [report-bundle-smoke.js](../test/report-bundle-smoke.js)
452
+ - [report-pubkey-pin-smoke.js](../test/report-pubkey-pin-smoke.js)
426
453
  - [report-verify-bundle-smoke.js](../test/report-verify-bundle-smoke.js)
427
454
  - [result-normalize-smoke.js](../test/result-normalize-smoke.js)
428
455
  - [robustness-failclosed-smoke.js](../test/robustness-failclosed-smoke.js)
@@ -445,6 +472,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
445
472
  - [sample-determinism-smoke.js](../test/sample-determinism-smoke.js)
446
473
  - [sandbox-env-batch-hardening-smoke.js](../test/sandbox-env-batch-hardening-smoke.js)
447
474
  - [sandbox-profile-smoke.js](../test/sandbox-profile-smoke.js)
475
+ - [sched-input-bounds-smoke.js](../test/sched-input-bounds-smoke.js)
448
476
  - [sched-policy-validation-smoke.js](../test/sched-policy-validation-smoke.js)
449
477
  - [schedule-routine-daemon-smoke.js](../test/schedule-routine-daemon-smoke.js)
450
478
  - [scheduling-routine-lock-concurrency-smoke.js](../test/scheduling-routine-lock-concurrency-smoke.js)
@@ -465,6 +493,7 @@ Smoke tests mirror the public contracts. The high-signal suites are:
465
493
  - [telemetry-attest-wrap-smoke.js](../test/telemetry-attest-wrap-smoke.js)
466
494
  - [telemetry-attestation-smoke.js](../test/telemetry-attestation-smoke.js)
467
495
  - [telemetry-fail-closed-smoke.js](../test/telemetry-fail-closed-smoke.js)
496
+ - [telemetry-ledger-append-lock-concurrency-smoke.js](../test/telemetry-ledger-append-lock-concurrency-smoke.js)
468
497
  - [telemetry-ledger-smoke.js](../test/telemetry-ledger-smoke.js)
469
498
  - [telemetry-metrics-coverage-smoke.js](../test/telemetry-metrics-coverage-smoke.js)
470
499
  - [telemetry-verify-signatures-smoke.js](../test/telemetry-verify-signatures-smoke.js)
@@ -472,14 +501,19 @@ Smoke tests mirror the public contracts. The high-signal suites are:
472
501
  - [trust-audit-anchor-smoke.js](../test/trust-audit-anchor-smoke.js)
473
502
  - [trust-audit-append-lock-concurrency-smoke.js](../test/trust-audit-append-lock-concurrency-smoke.js)
474
503
  - [trust-audit-append-tail-cache-smoke.js](../test/trust-audit-append-tail-cache-smoke.js)
504
+ - [trust-audit-ensure-create-no-truncate-smoke.js](../test/trust-audit-ensure-create-no-truncate-smoke.js)
505
+ - [trust-audit-summary-durable-write-skip-smoke.js](../test/trust-audit-summary-durable-write-skip-smoke.js)
506
+ - [trust-audit-torn-tail-append-smoke.js](../test/trust-audit-torn-tail-append-smoke.js)
475
507
  - [vendor-manifest-load-smoke.js](../test/vendor-manifest-load-smoke.js)
476
508
  - [vendor-preflight-smoke.js](../test/vendor-preflight-smoke.js)
477
509
  - [verdict-signing-workflow-smoke.js](../test/verdict-signing-workflow-smoke.js)
478
510
  - [verifier-gated-commit-smoke.js](../test/verifier-gated-commit-smoke.js)
511
+ - [verify-audit-cites-smoke.js](../test/verify-audit-cites-smoke.js)
479
512
  - [verify-bump-reproduction-smoke.js](../test/verify-bump-reproduction-smoke.js)
480
513
  - [verify-import-audit-chain-smoke.js](../test/verify-import-audit-chain-smoke.js)
481
514
  - [web-desktop-workbench-smoke.js](../test/web-desktop-workbench-smoke.js)
482
515
  - [wiring-lazy-shell-imports-smoke.js](../test/wiring-lazy-shell-imports-smoke.js)
516
+ - [workbench-port-range-smoke.js](../test/workbench-port-range-smoke.js)
483
517
  - [worker-accept-path-architecture-smoke.js](../test/worker-accept-path-architecture-smoke.js)
484
518
  - [worker-isolation-smoke.js](../test/worker-isolation-smoke.js)
485
519
  - [worker-retry-count-smoke.js](../test/worker-retry-count-smoke.js)
@@ -197,3 +197,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
197
197
  0.2.2
198
198
 
199
199
  0.2.3
200
+
201
+ 0.2.4
202
+
203
+ 0.2.5
@@ -337,3 +337,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
337
337
  0.2.2
338
338
 
339
339
  0.2.3
340
+
341
+ 0.2.4
342
+
343
+ 0.2.5
@@ -170,14 +170,32 @@ model you set up does the review. CW starts the agent argv-style (`shell:false`)
170
170
  takes on the agent's own credentials, and pulls in no model SDK — the red line.
171
171
 
172
172
  ```bash
173
+ # the operator's one-command release (scripts/release-oneclick.js — preflight,
174
+ # gated cut, tag-only push, CI wait, npm confirmation, verdict-record PR):
175
+ npm run release -- 0.2.4
173
176
  # check only (gate + independent review, no mutation):
174
177
  node plugins/cool-workflow/scripts/release-flow.js --check
175
178
  # cut a tag once review is green (when --push, also creates the GitHub Release):
176
179
  node plugins/cool-workflow/scripts/release-flow.js --cut --version 0.1.77 [--push] [--no-release]
180
+ # run ONLY the cut's fail-fast preflight (seconds; used by release-oneclick.js):
181
+ node plugins/cool-workflow/scripts/release-flow.js --cut --version 0.1.77 --push --preflight-only
177
182
  # backfill / re-create the GitHub Release for an already-pushed tag (no gate/cut):
178
183
  node plugins/cool-workflow/scripts/release-flow.js --release --version 0.1.77 [--soft]
179
184
  ```
180
185
 
186
+ A `--cut` starts with a fail-fast **preflight** (added after the v0.2.3 cut,
187
+ where each of these fired only AFTER the gate/vendor/reviewer had already
188
+ spent real time and tokens): the version flag, the signing key (present AND
189
+ matching the committed `verdict-signing.pub` — once that pubkey is in the
190
+ repo, an unsigned cut is refused up front instead of failing later in CI),
191
+ no pre-existing `vX.Y.Z` tag (local or on origin), a `## X.Y.Z` CHANGELOG
192
+ section, a clean tracked tree, and — for `--push` — HEAD equal to the
193
+ `origin/main` tip (`--allow-stale-head` skips that one check for a
194
+ deliberate re-cut). The push at the end moves ONLY `refs/tags/vX.Y.Z`: the
195
+ verdict commit is a one-hop leaf on the reviewed commit, reachable through
196
+ the tag alone, so main's branch protection is never in the path and no
197
+ stray remote branch is created.
198
+
181
199
  The per-platform difference is config, not code — set the reviewer agent here:
182
200
 
183
201
  | Platform | Reviewer config |
@@ -300,3 +318,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
300
318
  0.2.2
301
319
 
302
320
  0.2.3
321
+
322
+ 0.2.4
323
+
324
+ 0.2.5
package/docs/routine.7.md CHANGED
@@ -67,6 +67,28 @@ and fills out the prompt.
67
67
  | 0 | Command done |
68
68
  | 1 | Error (bad arguments, missing trigger, etc.) |
69
69
 
70
+ ## EXAMPLES
71
+
72
+ Long architecture reviews as background routines: use
73
+ `architecture-review-fast` for the foreground user path, then put the full
74
+ `architecture-review` app in line as background work so a deep look-over does
75
+ not get in the way of a back-and-forth session:
76
+
77
+ ```bash
78
+ node scripts/architecture-review-fast.js \
79
+ --repo /path/to/repo \
80
+ --question "Is this architecture sound?" \
81
+ --metrics \
82
+ --schedule-full
83
+ ```
84
+
85
+ The wrapper makes a one-shot reminder schedule whose `workflowId` is
86
+ `architecture-review`. The schedule prompt carries the foreground fast run id,
87
+ fast report path, and source-context digest/profile, and asks the background
88
+ agent to give back the full review report path and digest. `--metrics` is
89
+ optional and reports foreground time plus agent-spawn and result-cache-hit
90
+ counts for the fast run.
91
+
70
92
  ## SEE ALSO
71
93
 
72
94
  cw sched — durable run-queue scheduling for workflow runs
@@ -480,3 +480,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
480
480
  0.2.2
481
481
 
482
482
  0.2.3
483
+
484
+ 0.2.4
485
+
486
+ 0.2.5
@@ -107,6 +107,26 @@ scratch dir) is **re-pointed** to the retained `results/<task-id>.md` copy, and
107
107
  result-node snapshot is shown to stay `valid` (not `absent`) — so no surviving
108
108
  node points to a freed path. Opt out with `--keep-scratch`.
109
109
 
110
+ ## Commit snapshots — never reconstructable, always downgrades to verify-only
111
+
112
+ `commitState` writes only the commit's own (small, bounded) record into
113
+ `commits/<id>.json` on every commit — it no longer embeds the whole run, so
114
+ these files stay small and do not grow with the run's size. Reclaiming them
115
+ frees the run's superseded, non-`verifierGated` "checkpoint" commit snapshots —
116
+ the run's LATEST commit and every `verifierGated` commit (the actual
117
+ audit-significant milestones) are always kept. `run.commits`' own lightweight
118
+ metadata (id, `verifierGated`, evidence digests, acceptance rationale — everything
119
+ `extractSkeleton` seals) lives in `state.json`, not the snapshot file, so it stays
120
+ fully intact and queryable regardless. A commit snapshot is treated as never
121
+ reconstructable — there is no `ReconstructionRecipe` for it — so reclaiming even
122
+ one downgrades capability to `verify-only`, never `re-runnable-by-reconstruction`.
123
+ This is left conservative on purpose: even though the snapshot file's content is
124
+ now a strict subset of what `state.json` already keeps durably, the reclaim
125
+ classification does not (yet) treat that as a basis for reconstruction.
126
+ Each reclaimed commit's own `StateNode` had its `snapshot` artifact stripped (not
127
+ re-pointed — there is no retained alternative) before the free, so `prepareFree`'s
128
+ dangling-reference proof covers this kind too. Opt out with `--keep-commits`.
129
+
110
130
  ## Orphan runs — a second pure-scratch case, OUTSIDE this transaction
111
131
 
112
132
  A run directory can also be pure scratch a different way: a process killed or
@@ -131,8 +151,8 @@ class of run; it is left `retained` indefinitely rather than guessed at.
131
151
  ## CLI
132
152
 
133
153
  ```
134
- cw gc plan [run-id] [--reclaimAfterArchiveDays N] [--keep-scratch] [--keep-snapshots] [--scope repo|home] [--json]
135
- cw gc run [run-id] [--reclaimAfterArchiveDays N] [--keep-scratch] [--keep-snapshots] [--limit N] [--actor NAME] [--json]
154
+ cw gc plan [run-id] [--reclaimAfterArchiveDays N] [--keep-scratch] [--keep-snapshots] [--keep-commits] [--scope repo|home] [--json]
155
+ cw gc run [run-id] [--reclaimAfterArchiveDays N] [--keep-scratch] [--keep-snapshots] [--keep-commits] [--limit N] [--actor NAME] [--json]
136
156
  cw gc verify <run-id> [--scope repo|home] [--json]
137
157
  ```
138
158
 
@@ -163,7 +183,8 @@ rule: only ISO timestamps may be now-derived.
163
183
 
164
184
  Retention/reclamation thresholds extend `RunRegistryPolicy` (alongside
165
185
  `archiveOlderThanDays`), never a new policy file: `reclaimAfterArchiveDays`,
166
- `keepSnapshots`, `keepScratch`, `reclaimStates`, `maxReclaimRuns`, `maxReclaimBytes`.
186
+ `keepSnapshots`, `keepScratch`, `keepCommits`, `reclaimStates`, `maxReclaimRuns`,
187
+ `maxReclaimBytes`.
167
188
  Back-compatible defaults reclaim nothing; pre-v0.1.39 runs load unchanged.
168
189
 
169
190
  ## Compatibility
@@ -269,3 +290,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
269
290
  0.2.2
270
291
 
271
292
  0.2.3
293
+
294
+ 0.2.4
295
+
296
+ 0.2.5
@@ -326,3 +326,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
326
326
  0.2.2
327
327
 
328
328
  0.2.3
329
+
330
+ 0.2.4
331
+
332
+ 0.2.5
@@ -262,3 +262,7 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
262
262
  0.2.2
263
263
 
264
264
  0.2.3
265
+
266
+ 0.2.4
267
+
268
+ 0.2.5
@@ -69,3 +69,7 @@ security-trust-hardening(7), cli-mcp-parity(7), report-verifiable-bundle(7)
69
69
  0.2.2
70
70
 
71
71
  0.2.3
72
+
73
+ 0.2.4
74
+
75
+ 0.2.5
@@ -97,9 +97,16 @@ capability core entry that already exists — never a side code path — so it c
97
97
  CLI/MCP and is covered by the parity gate.
98
98
 
99
99
  Authentication is opt-in, not on by default: set `CW_WORKBENCH_TOKEN` and every
100
- request must carry it as `Authorization: Bearer <token>` or `?token=<token>`
100
+ `/api/*` request must carry it as `Authorization: Bearer <token>` or `?token=<token>`
101
101
  (timing-safe compare); left unset, the loopback/read-only/GET-only controls
102
- above are the only defense and any local process can read. Pass
102
+ above are the only defense and any local process can read. The static UI files
103
+ (`/ui/*`, and `/` when the UI is installed) are served without the token: they
104
+ are fixed code with no run data, and the browser needs them before the page can
105
+ say anything at all. The fallback `/` page (used when the UI is not installed)
106
+ stays behind the token, because it holds the serve descriptor with the repo
107
+ root path. Open the page as `/?token=<token>`: the UI reads the token from the
108
+ page address and adds it to every `/api/*` request; without it the page still
109
+ loads and tells you to reopen it with the token. Pass
103
110
  `--require-token` to `cw workbench serve` to fail closed instead: the server
104
111
  refuses to start at all unless `CW_WORKBENCH_TOKEN` is already set. This is a
105
112
  strict opt-in — leaving it off keeps today's default behavior unchanged.
@@ -280,3 +287,20 @@ _No behavioral change in v0.1.89 (CLI-surface golden-path + help-output fixes on
280
287
  0.2.2
281
288
 
282
289
  0.2.3
290
+
291
+ 0.2.4
292
+
293
+ ## Workbench UI/host round 2 (Unreleased)
294
+
295
+ - With `CW_WORKBENCH_TOKEN` set, the page now works: the static UI files are
296
+ open, and every `/api/*` request stays behind the token (see "Trust
297
+ boundary" above). The UI reads `?token=` from the page address, and a 401
298
+ answer tells you to reopen the page with the token.
299
+ - `cw workbench view --json` (and `/api/run/:runId`) gains a `lifecycle` key:
300
+ the run registry's own state for the run
301
+ (queued|running|blocked|completed|failed|archived|reclaimed). The key is
302
+ left out when the run cannot be classified, so those payloads keep their
303
+ old bytes. The UI shows it as a badge in the run header, with one
304
+ next-step line when a run is blocked or failed.
305
+
306
+ 0.2.5