cool-workflow 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.codex-plugin/plugin.json +1 -1
  3. package/.gemini-plugin/mcp.json +10 -0
  4. package/.gemini-plugin/plugin.json +40 -0
  5. package/.opencode-plugin/mcp.json +10 -0
  6. package/.opencode-plugin/plugin.json +40 -0
  7. package/README.md +204 -48
  8. package/apps/architecture-review/app.json +1 -1
  9. package/apps/architecture-review-fast/app.json +1 -1
  10. package/apps/end-to-end-golden-path/app.json +1 -1
  11. package/apps/pr-review-fix-ci/app.json +1 -1
  12. package/apps/release-cut/app.json +1 -1
  13. package/apps/research-synthesis/app.json +1 -1
  14. package/dist/cli/dispatch.js +32 -4
  15. package/dist/cli/entry.js +11 -19
  16. package/dist/cli/global-flags.js +113 -0
  17. package/dist/cli/parseargv.js +7 -1
  18. package/dist/core/capability-data.js +337 -8
  19. package/dist/core/format/help.js +73 -3
  20. package/dist/core/format/recovery-hint.js +32 -0
  21. package/dist/core/multi-agent/collaboration.js +35 -6
  22. package/dist/core/multi-agent/runtime.js +7 -0
  23. package/dist/core/multi-agent/trust-policy.js +7 -1
  24. package/dist/core/pipeline/contract.js +7 -0
  25. package/dist/core/pipeline/error-feedback.js +2 -2
  26. package/dist/core/state/run-paths.js +3 -30
  27. package/dist/core/trust/evidence-grounding.js +13 -1
  28. package/dist/core/util/cli-args.js +22 -0
  29. package/dist/core/version.js +1 -1
  30. package/dist/mcp/dispatch.js +22 -2
  31. package/dist/mcp/server.js +215 -36
  32. package/dist/mcp/tool-process.js +181 -0
  33. package/dist/mcp-server.js +28 -1
  34. package/dist/shell/agent-config.js +11 -2
  35. package/dist/shell/audit-cli.js +1 -1
  36. package/dist/shell/commit.js +8 -2
  37. package/dist/shell/coordinator-io.js +73 -1
  38. package/dist/shell/drive.js +195 -128
  39. package/dist/shell/error-feedback-io.js +6 -0
  40. package/dist/shell/execution-backend/agent.js +201 -26
  41. package/dist/shell/execution-backend/container.js +44 -10
  42. package/dist/shell/execution-backend/local.js +33 -0
  43. package/dist/shell/fs-atomic.js +96 -12
  44. package/dist/shell/ledger-cli.js +9 -2
  45. package/dist/shell/metrics-cli.js +1 -1
  46. package/dist/shell/multi-agent-cli.js +9 -2
  47. package/dist/shell/multi-agent-operator-ux.js +1 -1
  48. package/dist/shell/observability.js +7 -4
  49. package/dist/shell/onramp.js +48 -5
  50. package/dist/shell/operator-ux.js +1 -1
  51. package/dist/shell/perf-trace.js +136 -0
  52. package/dist/shell/pipeline.js +3 -2
  53. package/dist/shell/reclamation-io.js +10 -9
  54. package/dist/shell/report-view-cli.js +2 -0
  55. package/dist/shell/run-export-cli.js +5 -2
  56. package/dist/shell/run-export.js +293 -31
  57. package/dist/shell/run-registry-io.js +8 -0
  58. package/dist/shell/run-store.js +183 -3
  59. package/dist/shell/scheduler-io.js +101 -10
  60. package/dist/shell/state-explosion-cli.js +4 -1
  61. package/dist/shell/telemetry-demo.js +1 -1
  62. package/dist/shell/telemetry-ledger-io.js +36 -24
  63. package/dist/shell/trust-audit.js +178 -36
  64. package/dist/shell/workbench-host.js +121 -10
  65. package/dist/shell/workbench.js +83 -6
  66. package/dist/shell/worker-isolation.js +1 -1
  67. package/dist/wiring/capability-table/basics.js +5 -0
  68. package/dist/wiring/capability-table/exec-backend.js +40 -22
  69. package/dist/wiring/capability-table/parity.js +10 -5
  70. package/dist/wiring/capability-table/pipeline.js +32 -0
  71. package/dist/wiring/capability-table/registry-core.js +26 -3
  72. package/dist/wiring/capability-table/reporting.js +7 -1
  73. package/dist/wiring/capability-table/scheduling-registry.js +8 -2
  74. package/dist/wiring/capability-table/trust-ledger.js +54 -12
  75. package/docs/agent-delegation-drive.7.md +17 -0
  76. package/docs/cli-mcp-parity.7.md +46 -5
  77. package/docs/contract-migration-tooling.7.md +4 -0
  78. package/docs/control-plane-scheduling.7.md +38 -0
  79. package/docs/cross-agent-ledger.7.md +20 -8
  80. package/docs/durable-state-and-locking.7.md +4 -0
  81. package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
  82. package/docs/execution-backends.7.md +4 -0
  83. package/docs/fix.7.md +4 -4
  84. package/docs/getting-started.md +40 -32
  85. package/docs/index.md +17 -0
  86. package/docs/launch/demo.tape +4 -3
  87. package/docs/mcp-app-surface.7.md +27 -0
  88. package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
  89. package/docs/multi-agent-eval-replay-harness.7.md +4 -0
  90. package/docs/multi-agent-operator-ux.7.md +4 -0
  91. package/docs/node-snapshot-diff-replay.7.md +4 -0
  92. package/docs/observability-cost-accounting.7.md +4 -0
  93. package/docs/project-index.md +53 -9
  94. package/docs/real-execution-backends.7.md +4 -0
  95. package/docs/release-and-migration.7.md +4 -0
  96. package/docs/release-tooling.7.md +12 -0
  97. package/docs/routine.7.md +22 -0
  98. package/docs/run-registry-control-plane.7.md +37 -9
  99. package/docs/run-retention-reclamation.7.md +12 -4
  100. package/docs/state-explosion-management.7.md +4 -0
  101. package/docs/team-collaboration.7.md +4 -0
  102. package/docs/trust-audit-anchor.7.md +4 -0
  103. package/docs/web-desktop-workbench.7.md +72 -2
  104. package/docs/workflow-app-framework.7.md +31 -0
  105. package/manifest/plugin.manifest.json +1 -1
  106. package/manifest/source-context-profiles.json +4 -3
  107. package/package.json +6 -3
  108. package/scripts/agents/agent-adapter-core.js +26 -0
  109. package/scripts/agents/claude-p-agent.js +4 -1
  110. package/scripts/agents/codex-agent.js +4 -0
  111. package/scripts/agents/cw-attest-wrap.js +1 -1
  112. package/scripts/agents/gemini-agent.js +4 -0
  113. package/scripts/agents/opencode-agent.js +5 -0
  114. package/scripts/block-unapproved-tag.js +160 -0
  115. package/scripts/canonical-apps.js +4 -4
  116. package/scripts/children/batch-delegate-child.js +72 -4
  117. package/scripts/children/http-batch-delegate-child.js +132 -0
  118. package/scripts/children/http-delegate-child.js +8 -0
  119. package/scripts/dogfood-release.js +2 -2
  120. package/scripts/fake-date-for-reproduction.js +1 -1
  121. package/scripts/gen-manifests.js +32 -61
  122. package/scripts/golden-path.js +4 -4
  123. package/scripts/lang-policy-check.js +82 -0
  124. package/scripts/parity-check.js +42 -23
  125. package/scripts/purity-baseline.json +0 -3
  126. package/scripts/purity-gate.js +16 -3
  127. package/scripts/release-check.js +2 -1
  128. package/scripts/release-flow.js +169 -41
  129. package/scripts/release-gate.js +208 -0
  130. package/scripts/release-oneclick.js +38 -7
  131. package/scripts/release-tags.js +47 -0
  132. package/scripts/schema-version-inventory.json +31 -0
  133. package/scripts/validate-run-state-schema.js +95 -4
  134. package/scripts/verdict-keygen.js +2 -2
  135. package/scripts/verify-bump-reproduction.js +193 -0
  136. package/scripts/verify-release-verdict.js +139 -0
  137. package/scripts/verify-verdict-signature.js +1 -1
  138. package/ui/workbench/app.css +50 -10
  139. package/ui/workbench/app.js +269 -34
  140. package/ui/workbench/index.html +4 -2
  141. package/ui/workbench/inspection.js +51 -0
  142. package/ui/workbench/navigation.js +44 -0
  143. package/docs/agent-framework.md +0 -177
  144. package/docs/designs/handoff-ledger.md +0 -145
  145. package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +0 -40
  146. package/docs/launch/launch-kit.md +0 -195
  147. package/docs/launch/pre-launch-checklist.md +0 -53
  148. package/docs/readme-v0.1.87-full.md +0 -301
  149. package/docs/routines.md +0 -101
  150. package/docs/scheduled-tasks.md +0 -80
  151. package/scripts/agents/claude-p-agent.sh +0 -9
  152. package/scripts/block-unapproved-tag.sh +0 -75
  153. package/scripts/release-gate.sh +0 -94
  154. package/scripts/verify-bump-reproduction.sh +0 -148
  155. package/scripts/verify-container-selfref.js +0 -64
@@ -1,177 +0,0 @@
1
- # Workflow App framework
2
-
3
- CW is made as an independent agent workflow control-plane.
4
-
5
- The aim is to make agent development feel like building inside a platform
6
- ecosystem. CW gives the runtime, contracts, storage, CLI, MCP bridge, and
7
- package structure. Developers make workflow apps that keep to those contracts.
8
-
9
- The framework is guided by five useful systems rules: small kernel, explicit
10
- state, pipes you can put together, separate workers, and commits that a verifier
11
- lets through. See
12
- [unix-principles.md](unix-principles.md).
13
-
14
- ## Platform Contract
15
-
16
- Every CW workflow keeps to this loop:
17
-
18
- ```text
19
- interpret -> act -> observe -> adjust -> checkpoint
20
- ```
21
-
22
- The loop maps to real framework operations:
23
-
24
- | Loop stage | framework operation | Responsibility |
25
- | --- | --- | --- |
26
- | Interpret | `plan()` | Load workflow, check inputs, make tasks |
27
- | Act | `dispatch()` | Move tasks that can run from pending to running |
28
- | Observe | `recordResult()` | Read Markdown/JSON-RPC result evidence |
29
- | Adjust | verifier gates | Check evidence and pick the next phase |
30
- | Checkpoint | `commitState()` | Take a snapshot of state after important changes |
31
-
32
- The v0.1.12 operator UX layer makes read-only summaries over run state:
33
- human `status`, graph maps, report summaries, resource summaries, and
34
- fixed next-step suggestions. Scripts can go on using `--json` or
35
- `--format json`.
36
-
37
- The v0.1.13 MCP app surface gives the same runtime operations to agent hosts
38
- with stable JSON tools: app run, dispatch, worker inspection/output, candidate
39
- scoring/selection, sandbox profile resolution, verifier-gated commit, and
40
- operator status/graph/report summaries.
41
-
42
- The v0.1.13 canonical app matrix checks and plans the kept userland
43
- apps with public CLI commands:
44
-
45
- ```bash
46
- npm run canonical-apps
47
- ```
48
-
49
- The golden path runs the full integration chain from start to end:
50
-
51
- ```bash
52
- npm run golden-path
53
- ```
54
-
55
- It checks an app, plans a run, dispatches a readonly worker, takes a
56
- worker-local `cw:result`, scores and picks a candidate, makes a
57
- verifier-gated commit, and makes a report. See
58
- [end-to-end-golden-path.7.md](end-to-end-golden-path.7.md).
59
-
60
- ## Developer Contract
61
-
62
- A workflow app defines:
63
-
64
- - `id`, `title`, and `summary`
65
- - `schemaVersion`, app `version`, compatibility, and metadata when using the
66
- first-class Workflow App framework contract
67
- - needed and repeated inputs
68
- - phase order
69
- - agent tasks
70
- - artifact tasks
71
- - concurrency limits
72
- - evidence requirements
73
- - sandbox profile hints
74
-
75
- Example:
76
-
77
- ```js
78
- const {
79
- defineWorkflowApp,
80
- workflow,
81
- phase,
82
- agent,
83
- artifact,
84
- input
85
- } = require("../dist/workflow-app-framework");
86
-
87
- const inputs = [input("repo", { type: "path", required: true })];
88
-
89
- module.exports = defineWorkflowApp({
90
- schemaVersion: 1,
91
- id: "example-review",
92
- title: "Example Review",
93
- summary: "Review a repository with evidence.",
94
- version: "0.1.0",
95
- inputs,
96
- sandboxProfiles: ["readonly"],
97
- compatibility: {
98
- minVersion: "0.1.9"
99
- },
100
- workflow: workflow({
101
- id: "example-review",
102
- title: "Example Review",
103
- inputs,
104
- sandboxProfiles: ["readonly"],
105
- phases: [
106
- phase("Map", [
107
- agent("map:system", "Map the system boundaries.", {
108
- sandboxProfileId: "readonly"
109
- })
110
- ]),
111
- phase("Verdict", [
112
- artifact("verdict", "Write the final evidence-backed verdict.", {
113
- requiresEvidence: true,
114
- sandboxProfileId: "readonly"
115
- })
116
- ])
117
- ]
118
- })
119
- });
120
- ```
121
-
122
- Legacy `module.exports = ({ workflow, phase, agent, artifact }) => workflow(...)`
123
- files can still be loaded. CW wraps them as compatibility apps with version `0.0.0`
124
- so workflow files still plan and dispatch. When a canonical app owns the public
125
- id, compatibility wrappers use explicit ids such as `legacy-research-synthesis`.
126
-
127
- ## Language Contract
128
-
129
- The CW platform is TypeScript:
130
-
131
- ```text
132
- src/*.ts -> dist/*.js
133
- ```
134
-
135
- Workflow apps are JavaScript modules:
136
-
137
- ```text
138
- workflows/*.workflow.js
139
- apps/<app-id>/app.json
140
- apps/<app-id>/workflow.js
141
- ```
142
-
143
- This is done on purpose. The runtime is strongly typed so it is simple to keep
144
- up, while workflow scripts can run without `ts-node`.
145
-
146
- See [workflow-app-framework.7.md](workflow-app-framework.7.md) for the full app contract,
147
- the rules for checking, CLI commands, MCP tools, and state/report fields.
148
- See [mcp-app-surface.7.md](mcp-app-surface.7.md) for the agent-host runtime
149
- surface over MCP.
150
- See [operator-ux.7.md](operator-ux.7.md) for the operator inspection surface.
151
- See [canonical-workflow-apps.7.md](canonical-workflow-apps.7.md) for the
152
- official app matrix.
153
- See [end-to-end-golden-path.7.md](end-to-end-golden-path.7.md) for the
154
- fixed release proof that those parts connect.
155
-
156
- ## Evidence Contract
157
-
158
- Verification and verdict tasks should give back:
159
-
160
- ````text
161
- ```cw:result
162
- {
163
- "summary": "short summary",
164
- "findings": [],
165
- "evidence": ["/absolute/path/file.ts:42"]
166
- }
167
- ```
168
- ````
169
-
170
- CW says no to high-priority findings without evidence. This keeps agent work
171
- nearer to engineering output you can look into than to free talk.
172
-
173
- ## Boundary
174
-
175
- CW is an independent workflow control-plane by COOLWHITE LLC. It puts into effect
176
- workflows that change, scheduled tasks, local scheduling, routine triggers, state
177
- checkpoints, and multi-agent verification.
@@ -1,145 +0,0 @@
1
- # Design — Cross-agent handoff ledger
2
-
3
- Status: DRAFT / proposal. Nothing here is built yet. This file ships no
4
- behavior, no new command, no man-page contract, and changes no existing
5
- output. It exists so two people (the operator and the reviewer agent) can
6
- agree on the shape before any code is written.
7
-
8
- North Star track: **Track B** (portable, verifiable state — the same
9
- `run export` → `run restore` recovery story, now used as the channel
10
- between two agents).
11
-
12
- ## Goal
13
-
14
- Two agents work on two repositories:
15
-
16
- - one agent scoped to repo **A** (for example `cool-workflow`),
17
- - one agent scoped to repo **B** (for example `chime`).
18
-
19
- The operator wants them to "share data, review each other, and each be
20
- able to raise a pull request to the other". In plain terms:
21
-
22
- - each side can hand the other a **change proposal**, and
23
- - each side can hand the other a **review verdict** on a diff or PR,
24
- - with saved, inspectable, fail-closed state — never a fabricated hand-off.
25
-
26
- ## The hard constraint (why the obvious design does not work)
27
-
28
- The first idea is a shared local folder (for example `~/.chime/handoff/`)
29
- that both agents read and append to. That only works when both agents run
30
- on **one machine** with **one filesystem**.
31
-
32
- In the operator's setup the two agents run as **two separate cloud
33
- sessions**. Each session is a fresh, throwaway VM. Two facts follow, and
34
- the design must respect both:
35
-
36
- 1. **No shared filesystem.** A file the B-agent writes to `~/.chime/handoff/`
37
- in its VM is invisible to the A-agent's VM, and is gone when the session
38
- ends. A local folder cannot be the channel.
39
- 2. **Single-repo scope.** Each session's GitHub reach is scoped to one repo
40
- at launch (A-agent → repo A, B-agent → repo B). The A-agent cannot read
41
- repo B through its GitHub tools, and the reverse is also true. Scope is
42
- fixed at launch and cannot be widened mid-session.
43
-
44
- The only medium both sessions can durably reach is **git / GitHub**. So the
45
- ledger is a set of committed files, not a local folder — and the scope wall
46
- means the hand-off still needs either a shared repo or a human relay for the
47
- cross-repo step. This document is honest about that; it does not pretend the
48
- wall is not there.
49
-
50
- ## What we reuse (no new trust machinery)
51
-
52
- CW already has the parts this needs. The design adds a thin verb layer over
53
- them; it invents no new crypto and no new state format.
54
-
55
- - `run export` produces a **verifiable bundle** (file digests, telemetry
56
- ledger, trust-audit hash chains).
57
- - `run restore` **imports fail-closed**: it inspects first, refuses a corrupt
58
- or tampered bundle without writing anything, and exits non-zero when the
59
- chain does not verify. (`run import` is the exit-0 sibling; the hand-off
60
- path must use the fail-closed `restore` contract.)
61
- - `report verify` checks a run's evidence and citations.
62
-
63
- A hand-off entry is therefore just a CW bundle. The receiving side trusts it
64
- the same way it trusts any restored run: by verification, not by good faith.
65
-
66
- ## Two verbs
67
-
68
- Both live under a single new `cw ledger` verb, so the existing surface is
69
- untouched and the new behavior is opt-in (POLA). (The name `handoff` was already
70
- taken by an unrelated collaboration primitive — ownership transfer of a run/task
71
- — so the cross-agent verb is `ledger`, not `handoff`.) Stage 1 ships as
72
- `cw ledger propose|review|verify`; see
73
- [cross-agent-ledger](../cross-agent-ledger.7.md) for the contract.
74
-
75
- - **`propose`** — the read-only side writes a structured *change proposal*
76
- (title, rationale, target files, suggested diff) as a ledger entry. It does
77
- **not** mutate the other repo. The write-capable side picks the entry up,
78
- verifies it, and turns it into a **real GitHub pull request**.
79
- - **`review`** — the reviewing side writes a structured *review verdict*
80
- (`APPROVED` / `REJECTED`, findings, the diff or PR it judged) as a ledger
81
- entry. The other side surfaces it and can act on it.
82
-
83
- This keeps a read-only agent honest: it emits proposals and verdicts as
84
- **data**, and the write-capable side is the only one that opens PRs. Neither
85
- side has to be trusted to have mutated the other's code.
86
-
87
- ## Transports (how an entry actually crosses)
88
-
89
- The verbs above produce and consume entries; the transport is how an entry
90
- moves from one VM to the other. Two are in scope, smallest first.
91
-
92
- - **T1 — Human relay (MVP, works today, zero infra).** The producing side
93
- prints the entry (a verifiable bundle, or its safe text form) to stdout;
94
- the operator carries it to the other session; the consuming side verifies
95
- it fail-closed and acts (opens the PR, or records the verdict). This is
96
- exactly the loop the operator is already running by hand. It needs no new
97
- code beyond a stable print/parse shape.
98
- - **T2 — Git-as-ledger.** Each entry is committed to a repo under a known
99
- path (for example `handoff/<from>-<to>/<id>.bundle`). Because scope is
100
- single-repo, this needs one of:
101
- - **T2a — a shared handoff repo** both agents are scoped to (cleanest, but
102
- the operator must create it and launch both sessions against it), or
103
- - **T2b — each side writes to its own repo** and a bridge (the operator, or
104
- a scheduled job that *is* scoped to both) moves entries across. The
105
- cross-repo read cannot be automatic inside a single scoped session — this
106
- is the scope wall, stated plainly, not a gap to be quietly filled.
107
-
108
- ## Fail-closed rules (non-negotiable)
109
-
110
- - An entry that does not verify is **refused**, never acted on. No PR is
111
- opened, no verdict is recorded, and the refusal is explicit on stderr with
112
- a non-zero exit — the same contract as `run restore`.
113
- - A proposal is a **suggestion only**. It never edits the target repo by
114
- itself; a human-or-agent on the write side always makes the real PR, so the
115
- read-only vow of the proposing side holds.
116
- - stdout stays data (the entry / the machine result); stderr stays
117
- diagnostics; a piped run is silent on success. `--json` is stable and
118
- decoration-free.
119
-
120
- ## Non-goals / POLA
121
-
122
- - No existing command, output byte, exit code, or file layout changes.
123
- - No new runtime dependency (zero-dependency red line holds).
124
- - No vendor-specific logic in core; the verbs move opaque bundles.
125
- - Nothing ships until its own cycle lands with a test that fails before and
126
- passes after, and a `docs/*.7.md` contract page — this design file is not
127
- that contract and claims no shipped behavior.
128
-
129
- ## Suggested rollout (each stage its own reviewed cycle)
130
-
131
- 0. **This design doc** (no behavior). ← you are here.
132
- 1. **T1 human-relay shape** — a stable, documented print/parse form for a
133
- proposal and a verdict, plus a smoke that round-trips one of each and
134
- proves a tampered entry is refused.
135
- 2. **`cw ledger propose` / `review`** over `run export` / `restore`, with the
136
- fail-closed refusal test.
137
- 3. **T2 git-ledger** (shared-repo first), then optionally a scoped bridge job
138
- for T2b.
139
-
140
- ## Open decisions for the operator
141
-
142
- - T2a (shared handoff repo) or T2b (own repos + bridge)? T2a is simpler and
143
- should be the default unless a shared repo is not acceptable.
144
- - Should a verdict be able to **block** a PR merge on the other side, or only
145
- advise? Advise-only is the safer default and matches "review as data".
@@ -1,40 +0,0 @@
1
- # Dogfood: real `builtin:claude` agent + `run resume --drive` (2026-06-14)
2
-
3
- A live dogfood run with a REAL external agent (`CW_AGENT_COMMAND=builtin:claude`, the
4
- bundled read-only claude wrapper). The model ran in the agent's own process; CW
5
- spawned it and recorded the attested output — CW holds no API key and imports no
6
- model SDK. This run had two purposes and delivered both: it confirmed the real-agent
7
- delegation path works end to end, and — because it exercised the **CLI** rather than
8
- the unit-test function path — it **caught a real shipped bug** in `run resume --drive`.
9
-
10
- ## What ran
11
-
12
- - `cw run architecture-review --drive --once --repo <tmp> --question "…"` with a real
13
- `builtin:claude` agent: **1 worker completed** end-to-end with zero hand-written
14
- result.md — the worker's `result.md` was produced by real claude, passed the
15
- evidence-gated acceptance, and a `report.md` (7.5 KB, "# Architecture Review …")
16
- + 3 state commits were written. The real-agent path (spawn → attested output →
17
- evidence gate → commit) works.
18
- - Run: `architecture-review-20260614T104416Z-upkor2`, status `in-progress` (1/14)
19
- after the single `--once` step.
20
-
21
- ## The bug it caught (and the fix)
22
-
23
- Resuming the partway run with `cw run resume <id> --drive` failed:
24
- `cw: Workflow app not found: resume`. The `run` command's early `--drive` branch
25
- (the `cw run <app> --drive` one-command form) intercepted the invocation *before* the
26
- subcommand switch, so the `resume` keyword was misread as an app name and never
27
- reached the `runResume` continuation shipped in #155.
28
-
29
- The A1 unit smoke (`run-resume-drive-smoke`) had tested `runResume()` **directly**, so
30
- it never exercised the CLI dispatch — only a real CLI run surfaced it. Fixed by
31
- guarding the early app-drive route so a leading run-registry subcommand keyword
32
- (resume/show/export/…) falls through to the switch; `run-resume-drive-smoke` now drives
33
- `cw run resume <id> --drive` through the actual CLI and asserts it routes to the verb,
34
- plus a regression guard that `run <app> --drive` still routes to the app drive.
35
-
36
- ## Takeaway
37
-
38
- Unit tests that call the capability function directly can miss CLI-dispatch bugs.
39
- Every both-surface verb that adds a flag wants at least one test through the real CLI
40
- argv path, not just the exported function.
@@ -1,195 +0,0 @@
1
- # Launch Kit — Cool Workflow
2
-
3
- Copy for announcing CW. The through-line is the one thing no other agent-pipeline
4
- tool ships: **you can prove the telemetry, offline, with only a public key.**
5
- Everything leads with the 30-second `npx cool-workflow demo tamper` proof.
6
-
7
- ---
8
-
9
- ## ✅ FINAL — Show HN (copy-paste ready)
10
-
11
- **Pre-flight (do these first):**
12
- 1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → add it to the README hero (insert the GIF near the badges/intro).
13
- 2. Confirm on a clean machine: `npx cool-workflow demo tamper` runs and prints `VERDICT: tamper-evidence holds ✓`.
14
- 3. Post during US morning (HN traffic peak); reply to the first comment with the npm + provenance link.
15
-
16
- **Title** (exactly — HN strips most formatting):
17
-
18
- ```
19
- Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)
20
- ```
21
-
22
- **URL field:** `https://github.com/coo1white/cool-workflow`
23
-
24
- **First comment (paste right after posting):**
25
-
26
- ```
27
- I kept seeing agent-orchestration tools treat the model's self-reported token
28
- usage and results as ground truth. For anything auditable that's backwards — a
29
- control-plane that trusts unverified self-reports audits claims, not facts, and a
30
- forged "green" run looks identical to a real one.
31
-
32
- Cool Workflow takes the opposite stance. It DELEGATES model execution to whatever
33
- agent you configure (claude -p, codex exec, an HTTP endpoint) and never embeds a
34
- model SDK or holds an API key. What it owns is the audit trail: each agent hop's
35
- reported usage is signed (ed25519) and appended to a hash-chained ledger, so
36
- editing any record — or even recomputing its local hash to cover the edit — breaks
37
- the chain downstream. You re-verify a finished run offline — no telemetry service
38
- to trust or breach.
39
-
40
- 30-second proof, no install:
41
-
42
- npx cool-workflow demo tamper
43
-
44
- It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
45
- hash; inflate reported tokens + reuse the signature; edit a signed finding), and
46
- catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
47
- recorded ledger on disk — recomputing the chain so any later edit to a verdict or
48
- usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
49
- signature check offline too. I keep an
50
- honest trust-model doc (what it does and does NOT prove, incl. the single-keyholder
51
- ceiling): https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md
52
-
53
- Also: concurrent parallel() phases with declared collapse semantics (collect-all +
54
- kill-on-timeout — 16 agents with a forced hang/crash/dirty-return finish without
55
- deadlock and replay who-passed-who-failed), per-task output-schema gates, token
56
- budgets enforced against the host's recorded usage (opt-in gate fails closed on
57
- unattested telemetry), and a one-way executor boundary welded
58
- into the type system (a callable that could reach a model API fails `npm run
59
- build`). Zero runtime deps, BSD-2, published to npm with provenance. Ships generated
60
- plugin manifests for 5 agent platforms (claude, codex, agents, gemini, opencode);
61
- `npm run manifest:load-check` boots all five from one source of truth.
62
-
63
- It's early (v0.1.81) — I'd genuinely like to hear where the "delegate, prove,
64
- replay" model breaks down for your workflows.
65
-
66
- npm: https://www.npmjs.com/package/cool-workflow
67
- ```
68
-
69
- ---
70
-
71
- ## One-liner
72
-
73
- > Cool Workflow is an auditable control-plane for multi-agent workflows. It
74
- > *delegates* model execution — never embeds it — and makes every recorded agent
75
- > telemetry verdict tamper-evident: anyone can re-verify a run's integrity offline,
76
- > and check the ed25519 attribution with the public key alone.
77
-
78
- ## Elevator (2 sentences)
79
-
80
- > Most agent-pipeline tools log what the model reported and trust it. CW signs and
81
- > hash-chains every telemetry verdict, so a forged or edited record fails
82
- > verification — provably, offline — which is what "auditable" has to mean before
83
- > you let agents touch production work.
84
-
85
- ---
86
-
87
- ## Show HN
88
-
89
- **Title:**
90
- `Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
91
-
92
- **Body:**
93
-
94
- > I kept seeing agent-orchestration tools treat the model's self-reported token
95
- > usage and results as ground truth. For anything auditable that's backwards — a
96
- > control-plane that trusts unverified self-reports audits *claims*, not facts, and
97
- > a forged "green" run looks identical to a real one.
98
- >
99
- > Cool Workflow is a small, zero-dependency CLI + MCP runtime that takes the
100
- > opposite stance. It **delegates** model execution to whatever agent you configure
101
- > (`claude -p`, `codex exec`, an HTTP endpoint) and never embeds a model SDK or
102
- > holds an API key. What it *does* own is the audit trail: each agent hop's reported
103
- > usage is signed (ed25519) and appended to a hash-chained ledger, so editing any
104
- > record — or even recomputing its local hash to cover the edit — breaks the chain
105
- > downstream. You can re-verify a finished run offline — no network, no trusted
106
- > server.
107
- >
108
- > The 30-second proof, no install:
109
- >
110
- > ```
111
- > npx cool-workflow demo tamper
112
- > ```
113
- >
114
- > It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
115
- > hash; inflate reported tokens + reuse the signature; edit a signed finding), and
116
- > catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
117
- > recorded ledger on disk — recomputing the chain so any later edit to a verdict or
118
- > usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
119
- > signature check offline too. I keep an
120
- > honest [trust model & limitations](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)
121
- > doc, including the single-keyholder ceiling.
122
- >
123
- > Other things it does: concurrent `parallel()` phases with declared collapse
124
- > semantics (collect-all + kill-on-timeout — 16 agents with a forced hang/crash/
125
- > dirty-return finish without deadlock and replay "who passed/who failed"), per-task
126
- > output-schema gates, token budgets enforced against the host's recorded usage
127
- > (an opt-in gate fails closed on unattested telemetry), and a one-way
128
- > executor boundary welded into the type system (a callable that could reach a model
129
- > API fails `npm run build`).
130
- >
131
- > Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.81) and I'd
132
- > genuinely like to hear where the "delegate, prove, replay" model breaks down for
133
- > your workflows.
134
- >
135
- > Repo: https://github.com/coo1white/cool-workflow
136
- > npm: https://www.npmjs.com/package/cool-workflow
137
-
138
- ---
139
-
140
- ## Short post / tweet thread
141
-
142
- 1/ Your agent pipeline trusts what the model *says* it did. Cool Workflow proves
143
- it instead. `npx cool-workflow demo tamper` — 30s, no install:
144
-
145
- 2/ It builds a real ed25519-signed telemetry ledger, forges it three ways (incl.
146
- editing a signed finding), and catches all three offline with only the public key.
147
- A control-plane that delegates model execution but can still prove the bill is real.
148
-
149
- 3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
150
- outputs, token budgets vs the host's recorded usage (attested-telemetry gate is
151
- opt-in), and a red line (never call a model API) enforced at compile time. Zero
152
- deps, BSD-2.
153
- → https://github.com/coo1white/cool-workflow
154
-
155
- ---
156
-
157
- ## Why this matters (the wedge, for a longer post)
158
-
159
- - **Separation of duties.** CW never runs the model, yet can verify the executor's
160
- reported usage. The thing that *spends the money* is not the thing that *keeps
161
- the books* — the property auditors require everywhere except, so far, agent
162
- infra.
163
- - **Offline verification.** No telemetry service to trust or breach. The record
164
- proves its own integrity offline — re-proving the chain needs no key at all — and
165
- the ed25519 attribution checks against the public key alone.
166
- - **Replayable, not just logged.** CW breaks at dispatch and writes to disk, so a
167
- run replays deterministically — "who passed / who failed" is reconstructable, not
168
- a scrollback of a fused process. A finished run is portable and self-proving:
169
- `cw run inspect-archive <archive>` re-proves every file digest, the manifest, and
170
- the whole-archive hash without importing it; `cw run import` then
171
- `cw run verify-import <run-id>` restores it and re-proves the restored digests +
172
- telemetry chain — a tampered archive is caught before it is trusted.
173
- - **Fail-closed by default where it counts.** Schema mismatch parks the hop;
174
- unverifiable usage can be refused (opt-in); an empty-capture result can't be
175
- presented as a clean commit.
176
- - **Cross-vendor, and it actually boots.** One source manifest
177
- (`manifest/plugin.manifest.json`) generates Claude / Codex / Gemini / OpenCode /
178
- agents adapters, and `npm run manifest:load-check` boots all five (184 tools each)
179
- — the neutrality moat is executable, not aspirational.
180
-
181
- ## Assets to capture before posting
182
-
183
- - [ ] **Demo GIF** — reproducible, no manual screen-recording: `vhs
184
- plugins/cool-workflow/docs/launch/demo.tape` → `docs/launch/demo-tamper.gif`,
185
- then add it to the README hero (insert it near the badges/intro). The
186
- ✗ DETECTED lines are the hook.
187
- - [ ] Confirm `npx cool-workflow demo tamper` works from a clean machine (no clone).
188
- - [ ] Pin the npm version badge / release + provenance link in the first comment.
189
-
190
- ## Channels
191
-
192
- Hacker News (Show HN), the MCP / agent-tooling communities, r/LocalLLaMA &
193
- r/MachineLearning (the offline-verification angle), and the npm listing itself
194
- (keywords already set). Lead every one with the demo command, not the feature
195
- list.
@@ -1,53 +0,0 @@
1
- # Pre-Launch Checklist — Cool Workflow Show HN
2
-
3
- Tick top to bottom; when it's done, post. The one non-negotiable gate is ②.
4
- Copy for the post itself lives in [launch-kit.md](launch-kit.md) (the **✅ FINAL**
5
- block).
6
-
7
- ## ① Prepare assets (optional, recommended)
8
-
9
- - [ ] Install [vhs](https://github.com/charmbracelet/vhs) (`brew install vhs`).
10
- - [ ] Record the GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` →
11
- `docs/launch/demo-tamper.gif`.
12
- - [ ] Add it to the README hero (insert
13
- `![demo](plugins/cool-workflow/docs/launch/demo-tamper.gif)` near the badges/intro), commit + push.
14
- > Shippable without the GIF — the README's text `✗ DETECTED` hook already stands;
15
- > the GIF is upside, not a blocker.
16
-
17
- ## ② Verify — the make-or-break gate (do not skip)
18
-
19
- - [ ] On a **clean machine / fresh terminal**: `npx cool-workflow demo tamper`
20
- prints `VERDICT: tamper-evidence holds ✓`.
21
- > Every click from HN runs this. One crash wastes that traffic. This is the only
22
- > non-negotiable check.
23
- - [ ] Sanity: `npx cool-workflow quickstart architecture-review --repo . --question "risks?"`
24
- → `status: blocked` with no agent configured (fails closed, no crash).
25
- - [ ] Resumable sanity: `cw quickstart architecture-review --resume` advances one step
26
- then stops; `cw run resume <run-id> --drive` continues a stopped run — proving
27
- runs break at dispatch and replay from disk.
28
-
29
- ## ③ Post (US morning, ~9–11am ET is peak)
30
-
31
- - [ ] Open the **✅ FINAL** block in [launch-kit.md](launch-kit.md).
32
- - [ ] HN title: `Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
33
- - [ ] URL field: `https://github.com/coo1white/cool-workflow`
34
- - [ ] Immediately after posting, paste the FINAL "first comment" as the first reply.
35
-
36
- ## ④ First hour (decides the outcome)
37
-
38
- - [ ] Watch and reply fast — early engagement weighs most on HN.
39
- - [ ] On the "single key holder / no second party" critique (the audit flagged it
40
- too): concede it honestly and frame it as exactly why you're looking for early
41
- integration partners. **Turn the critique into an invitation; don't argue.**
42
- > The canned, linkable answer is already written: [docs/trust-model.md](../trust-model.md)
43
- > states the ceiling plainly (integrity ≠ source honesty; one party holding both
44
- > roles; full local re-chain) and frames the partner ask. Link it; don't re-argue it.
45
- - [ ] No vote-rigging, no asking friends to upvote, no deleting critical comments —
46
- HN's anti-abuse will sink the post.
47
-
48
- ---
49
-
50
- ### Go / no-go
51
-
52
- > If **② — `npx cool-workflow demo tamper` prints `✓` on a clean machine** — passes,
53
- > you can post. Everything else is upside.