cool-workflow 0.2.4 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/.gemini-plugin/mcp.json +10 -0
- package/.gemini-plugin/plugin.json +40 -0
- package/.opencode-plugin/mcp.json +10 -0
- package/.opencode-plugin/plugin.json +40 -0
- package/README.md +204 -48
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/cli/dispatch.js +32 -4
- package/dist/cli/entry.js +11 -19
- package/dist/cli/global-flags.js +113 -0
- package/dist/cli/parseargv.js +7 -1
- package/dist/core/capability-data.js +337 -8
- package/dist/core/format/help.js +73 -3
- package/dist/core/format/recovery-hint.js +32 -0
- package/dist/core/multi-agent/collaboration.js +35 -6
- package/dist/core/multi-agent/runtime.js +7 -0
- package/dist/core/multi-agent/trust-policy.js +7 -1
- package/dist/core/pipeline/contract.js +7 -0
- package/dist/core/pipeline/error-feedback.js +2 -2
- package/dist/core/state/run-paths.js +3 -30
- package/dist/core/trust/evidence-grounding.js +13 -1
- package/dist/core/util/cli-args.js +22 -0
- package/dist/core/version.js +1 -1
- package/dist/mcp/dispatch.js +22 -2
- package/dist/mcp/server.js +215 -36
- package/dist/mcp/tool-process.js +181 -0
- package/dist/mcp-server.js +28 -1
- package/dist/shell/agent-config.js +11 -2
- package/dist/shell/audit-cli.js +1 -1
- package/dist/shell/commit.js +8 -2
- package/dist/shell/coordinator-io.js +73 -1
- package/dist/shell/drive.js +195 -128
- package/dist/shell/error-feedback-io.js +6 -0
- package/dist/shell/execution-backend/agent.js +201 -26
- package/dist/shell/execution-backend/container.js +44 -10
- package/dist/shell/execution-backend/local.js +33 -0
- package/dist/shell/fs-atomic.js +96 -12
- package/dist/shell/ledger-cli.js +9 -2
- package/dist/shell/metrics-cli.js +1 -1
- package/dist/shell/multi-agent-cli.js +9 -2
- package/dist/shell/multi-agent-operator-ux.js +1 -1
- package/dist/shell/observability.js +7 -4
- package/dist/shell/onramp.js +48 -5
- package/dist/shell/operator-ux.js +1 -1
- package/dist/shell/perf-trace.js +136 -0
- package/dist/shell/pipeline.js +3 -2
- package/dist/shell/reclamation-io.js +10 -9
- package/dist/shell/report-view-cli.js +2 -0
- package/dist/shell/run-export-cli.js +5 -2
- package/dist/shell/run-export.js +293 -31
- package/dist/shell/run-registry-io.js +8 -0
- package/dist/shell/run-store.js +183 -3
- package/dist/shell/scheduler-io.js +101 -10
- package/dist/shell/state-explosion-cli.js +4 -1
- package/dist/shell/telemetry-demo.js +1 -1
- package/dist/shell/telemetry-ledger-io.js +36 -24
- package/dist/shell/trust-audit.js +178 -36
- package/dist/shell/workbench-host.js +121 -10
- package/dist/shell/workbench.js +83 -6
- package/dist/shell/worker-isolation.js +1 -1
- package/dist/wiring/capability-table/basics.js +5 -0
- package/dist/wiring/capability-table/exec-backend.js +40 -22
- package/dist/wiring/capability-table/parity.js +10 -5
- package/dist/wiring/capability-table/pipeline.js +32 -0
- package/dist/wiring/capability-table/registry-core.js +26 -3
- package/dist/wiring/capability-table/reporting.js +7 -1
- package/dist/wiring/capability-table/scheduling-registry.js +8 -2
- package/dist/wiring/capability-table/trust-ledger.js +54 -12
- package/docs/agent-delegation-drive.7.md +17 -0
- package/docs/cli-mcp-parity.7.md +46 -5
- package/docs/contract-migration-tooling.7.md +4 -0
- package/docs/control-plane-scheduling.7.md +38 -0
- package/docs/cross-agent-ledger.7.md +20 -8
- package/docs/durable-state-and-locking.7.md +4 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
- package/docs/execution-backends.7.md +4 -0
- package/docs/fix.7.md +4 -4
- package/docs/getting-started.md +40 -32
- package/docs/index.md +17 -0
- package/docs/launch/demo.tape +4 -3
- package/docs/mcp-app-surface.7.md +27 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
- package/docs/multi-agent-eval-replay-harness.7.md +4 -0
- package/docs/multi-agent-operator-ux.7.md +4 -0
- package/docs/node-snapshot-diff-replay.7.md +4 -0
- package/docs/observability-cost-accounting.7.md +4 -0
- package/docs/project-index.md +53 -9
- package/docs/real-execution-backends.7.md +4 -0
- package/docs/release-and-migration.7.md +4 -0
- package/docs/release-tooling.7.md +12 -0
- package/docs/routine.7.md +22 -0
- package/docs/run-registry-control-plane.7.md +37 -9
- package/docs/run-retention-reclamation.7.md +12 -4
- package/docs/state-explosion-management.7.md +4 -0
- package/docs/team-collaboration.7.md +4 -0
- package/docs/trust-audit-anchor.7.md +4 -0
- package/docs/web-desktop-workbench.7.md +72 -2
- package/docs/workflow-app-framework.7.md +31 -0
- package/manifest/plugin.manifest.json +1 -1
- package/manifest/source-context-profiles.json +4 -3
- package/package.json +6 -3
- package/scripts/agents/agent-adapter-core.js +26 -0
- package/scripts/agents/claude-p-agent.js +4 -1
- package/scripts/agents/codex-agent.js +4 -0
- package/scripts/agents/cw-attest-wrap.js +1 -1
- package/scripts/agents/gemini-agent.js +4 -0
- package/scripts/agents/opencode-agent.js +5 -0
- package/scripts/block-unapproved-tag.js +160 -0
- package/scripts/canonical-apps.js +4 -4
- package/scripts/children/batch-delegate-child.js +72 -4
- package/scripts/children/http-batch-delegate-child.js +132 -0
- package/scripts/children/http-delegate-child.js +8 -0
- package/scripts/dogfood-release.js +2 -2
- package/scripts/fake-date-for-reproduction.js +1 -1
- package/scripts/gen-manifests.js +32 -61
- package/scripts/golden-path.js +4 -4
- package/scripts/lang-policy-check.js +82 -0
- package/scripts/parity-check.js +42 -23
- package/scripts/purity-baseline.json +0 -3
- package/scripts/purity-gate.js +16 -3
- package/scripts/release-check.js +2 -1
- package/scripts/release-flow.js +169 -41
- package/scripts/release-gate.js +208 -0
- package/scripts/release-oneclick.js +38 -7
- package/scripts/release-tags.js +47 -0
- package/scripts/schema-version-inventory.json +31 -0
- package/scripts/validate-run-state-schema.js +95 -4
- package/scripts/verdict-keygen.js +2 -2
- package/scripts/verify-bump-reproduction.js +193 -0
- package/scripts/verify-release-verdict.js +139 -0
- package/scripts/verify-verdict-signature.js +1 -1
- package/ui/workbench/app.css +50 -10
- package/ui/workbench/app.js +269 -34
- package/ui/workbench/index.html +4 -2
- package/ui/workbench/inspection.js +51 -0
- package/ui/workbench/navigation.js +44 -0
- package/docs/agent-framework.md +0 -177
- package/docs/designs/handoff-ledger.md +0 -145
- package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +0 -40
- package/docs/launch/launch-kit.md +0 -195
- package/docs/launch/pre-launch-checklist.md +0 -53
- package/docs/readme-v0.1.87-full.md +0 -301
- package/docs/routines.md +0 -101
- package/docs/scheduled-tasks.md +0 -80
- package/scripts/agents/claude-p-agent.sh +0 -9
- package/scripts/block-unapproved-tag.sh +0 -75
- package/scripts/release-gate.sh +0 -94
- package/scripts/verify-bump-reproduction.sh +0 -148
- package/scripts/verify-container-selfref.js +0 -64
package/docs/agent-framework.md
DELETED
|
@@ -1,177 +0,0 @@
|
|
|
1
|
-
# Workflow App framework
|
|
2
|
-
|
|
3
|
-
CW is made as an independent agent workflow control-plane.
|
|
4
|
-
|
|
5
|
-
The aim is to make agent development feel like building inside a platform
|
|
6
|
-
ecosystem. CW gives the runtime, contracts, storage, CLI, MCP bridge, and
|
|
7
|
-
package structure. Developers make workflow apps that keep to those contracts.
|
|
8
|
-
|
|
9
|
-
The framework is guided by five useful systems rules: small kernel, explicit
|
|
10
|
-
state, pipes you can put together, separate workers, and commits that a verifier
|
|
11
|
-
lets through. See
|
|
12
|
-
[unix-principles.md](unix-principles.md).
|
|
13
|
-
|
|
14
|
-
## Platform Contract
|
|
15
|
-
|
|
16
|
-
Every CW workflow keeps to this loop:
|
|
17
|
-
|
|
18
|
-
```text
|
|
19
|
-
interpret -> act -> observe -> adjust -> checkpoint
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
The loop maps to real framework operations:
|
|
23
|
-
|
|
24
|
-
| Loop stage | framework operation | Responsibility |
|
|
25
|
-
| --- | --- | --- |
|
|
26
|
-
| Interpret | `plan()` | Load workflow, check inputs, make tasks |
|
|
27
|
-
| Act | `dispatch()` | Move tasks that can run from pending to running |
|
|
28
|
-
| Observe | `recordResult()` | Read Markdown/JSON-RPC result evidence |
|
|
29
|
-
| Adjust | verifier gates | Check evidence and pick the next phase |
|
|
30
|
-
| Checkpoint | `commitState()` | Take a snapshot of state after important changes |
|
|
31
|
-
|
|
32
|
-
The v0.1.12 operator UX layer makes read-only summaries over run state:
|
|
33
|
-
human `status`, graph maps, report summaries, resource summaries, and
|
|
34
|
-
fixed next-step suggestions. Scripts can go on using `--json` or
|
|
35
|
-
`--format json`.
|
|
36
|
-
|
|
37
|
-
The v0.1.13 MCP app surface gives the same runtime operations to agent hosts
|
|
38
|
-
with stable JSON tools: app run, dispatch, worker inspection/output, candidate
|
|
39
|
-
scoring/selection, sandbox profile resolution, verifier-gated commit, and
|
|
40
|
-
operator status/graph/report summaries.
|
|
41
|
-
|
|
42
|
-
The v0.1.13 canonical app matrix checks and plans the kept userland
|
|
43
|
-
apps with public CLI commands:
|
|
44
|
-
|
|
45
|
-
```bash
|
|
46
|
-
npm run canonical-apps
|
|
47
|
-
```
|
|
48
|
-
|
|
49
|
-
The golden path runs the full integration chain from start to end:
|
|
50
|
-
|
|
51
|
-
```bash
|
|
52
|
-
npm run golden-path
|
|
53
|
-
```
|
|
54
|
-
|
|
55
|
-
It checks an app, plans a run, dispatches a readonly worker, takes a
|
|
56
|
-
worker-local `cw:result`, scores and picks a candidate, makes a
|
|
57
|
-
verifier-gated commit, and makes a report. See
|
|
58
|
-
[end-to-end-golden-path.7.md](end-to-end-golden-path.7.md).
|
|
59
|
-
|
|
60
|
-
## Developer Contract
|
|
61
|
-
|
|
62
|
-
A workflow app defines:
|
|
63
|
-
|
|
64
|
-
- `id`, `title`, and `summary`
|
|
65
|
-
- `schemaVersion`, app `version`, compatibility, and metadata when using the
|
|
66
|
-
first-class Workflow App framework contract
|
|
67
|
-
- needed and repeated inputs
|
|
68
|
-
- phase order
|
|
69
|
-
- agent tasks
|
|
70
|
-
- artifact tasks
|
|
71
|
-
- concurrency limits
|
|
72
|
-
- evidence requirements
|
|
73
|
-
- sandbox profile hints
|
|
74
|
-
|
|
75
|
-
Example:
|
|
76
|
-
|
|
77
|
-
```js
|
|
78
|
-
const {
|
|
79
|
-
defineWorkflowApp,
|
|
80
|
-
workflow,
|
|
81
|
-
phase,
|
|
82
|
-
agent,
|
|
83
|
-
artifact,
|
|
84
|
-
input
|
|
85
|
-
} = require("../dist/workflow-app-framework");
|
|
86
|
-
|
|
87
|
-
const inputs = [input("repo", { type: "path", required: true })];
|
|
88
|
-
|
|
89
|
-
module.exports = defineWorkflowApp({
|
|
90
|
-
schemaVersion: 1,
|
|
91
|
-
id: "example-review",
|
|
92
|
-
title: "Example Review",
|
|
93
|
-
summary: "Review a repository with evidence.",
|
|
94
|
-
version: "0.1.0",
|
|
95
|
-
inputs,
|
|
96
|
-
sandboxProfiles: ["readonly"],
|
|
97
|
-
compatibility: {
|
|
98
|
-
minVersion: "0.1.9"
|
|
99
|
-
},
|
|
100
|
-
workflow: workflow({
|
|
101
|
-
id: "example-review",
|
|
102
|
-
title: "Example Review",
|
|
103
|
-
inputs,
|
|
104
|
-
sandboxProfiles: ["readonly"],
|
|
105
|
-
phases: [
|
|
106
|
-
phase("Map", [
|
|
107
|
-
agent("map:system", "Map the system boundaries.", {
|
|
108
|
-
sandboxProfileId: "readonly"
|
|
109
|
-
})
|
|
110
|
-
]),
|
|
111
|
-
phase("Verdict", [
|
|
112
|
-
artifact("verdict", "Write the final evidence-backed verdict.", {
|
|
113
|
-
requiresEvidence: true,
|
|
114
|
-
sandboxProfileId: "readonly"
|
|
115
|
-
})
|
|
116
|
-
])
|
|
117
|
-
]
|
|
118
|
-
})
|
|
119
|
-
});
|
|
120
|
-
```
|
|
121
|
-
|
|
122
|
-
Legacy `module.exports = ({ workflow, phase, agent, artifact }) => workflow(...)`
|
|
123
|
-
files can still be loaded. CW wraps them as compatibility apps with version `0.0.0`
|
|
124
|
-
so workflow files still plan and dispatch. When a canonical app owns the public
|
|
125
|
-
id, compatibility wrappers use explicit ids such as `legacy-research-synthesis`.
|
|
126
|
-
|
|
127
|
-
## Language Contract
|
|
128
|
-
|
|
129
|
-
The CW platform is TypeScript:
|
|
130
|
-
|
|
131
|
-
```text
|
|
132
|
-
src/*.ts -> dist/*.js
|
|
133
|
-
```
|
|
134
|
-
|
|
135
|
-
Workflow apps are JavaScript modules:
|
|
136
|
-
|
|
137
|
-
```text
|
|
138
|
-
workflows/*.workflow.js
|
|
139
|
-
apps/<app-id>/app.json
|
|
140
|
-
apps/<app-id>/workflow.js
|
|
141
|
-
```
|
|
142
|
-
|
|
143
|
-
This is done on purpose. The runtime is strongly typed so it is simple to keep
|
|
144
|
-
up, while workflow scripts can run without `ts-node`.
|
|
145
|
-
|
|
146
|
-
See [workflow-app-framework.7.md](workflow-app-framework.7.md) for the full app contract,
|
|
147
|
-
the rules for checking, CLI commands, MCP tools, and state/report fields.
|
|
148
|
-
See [mcp-app-surface.7.md](mcp-app-surface.7.md) for the agent-host runtime
|
|
149
|
-
surface over MCP.
|
|
150
|
-
See [operator-ux.7.md](operator-ux.7.md) for the operator inspection surface.
|
|
151
|
-
See [canonical-workflow-apps.7.md](canonical-workflow-apps.7.md) for the
|
|
152
|
-
official app matrix.
|
|
153
|
-
See [end-to-end-golden-path.7.md](end-to-end-golden-path.7.md) for the
|
|
154
|
-
fixed release proof that those parts connect.
|
|
155
|
-
|
|
156
|
-
## Evidence Contract
|
|
157
|
-
|
|
158
|
-
Verification and verdict tasks should give back:
|
|
159
|
-
|
|
160
|
-
````text
|
|
161
|
-
```cw:result
|
|
162
|
-
{
|
|
163
|
-
"summary": "short summary",
|
|
164
|
-
"findings": [],
|
|
165
|
-
"evidence": ["/absolute/path/file.ts:42"]
|
|
166
|
-
}
|
|
167
|
-
```
|
|
168
|
-
````
|
|
169
|
-
|
|
170
|
-
CW says no to high-priority findings without evidence. This keeps agent work
|
|
171
|
-
nearer to engineering output you can look into than to free talk.
|
|
172
|
-
|
|
173
|
-
## Boundary
|
|
174
|
-
|
|
175
|
-
CW is an independent workflow control-plane by COOLWHITE LLC. It puts into effect
|
|
176
|
-
workflows that change, scheduled tasks, local scheduling, routine triggers, state
|
|
177
|
-
checkpoints, and multi-agent verification.
|
|
@@ -1,145 +0,0 @@
|
|
|
1
|
-
# Design — Cross-agent handoff ledger
|
|
2
|
-
|
|
3
|
-
Status: DRAFT / proposal. Nothing here is built yet. This file ships no
|
|
4
|
-
behavior, no new command, no man-page contract, and changes no existing
|
|
5
|
-
output. It exists so two people (the operator and the reviewer agent) can
|
|
6
|
-
agree on the shape before any code is written.
|
|
7
|
-
|
|
8
|
-
North Star track: **Track B** (portable, verifiable state — the same
|
|
9
|
-
`run export` → `run restore` recovery story, now used as the channel
|
|
10
|
-
between two agents).
|
|
11
|
-
|
|
12
|
-
## Goal
|
|
13
|
-
|
|
14
|
-
Two agents work on two repositories:
|
|
15
|
-
|
|
16
|
-
- one agent scoped to repo **A** (for example `cool-workflow`),
|
|
17
|
-
- one agent scoped to repo **B** (for example `chime`).
|
|
18
|
-
|
|
19
|
-
The operator wants them to "share data, review each other, and each be
|
|
20
|
-
able to raise a pull request to the other". In plain terms:
|
|
21
|
-
|
|
22
|
-
- each side can hand the other a **change proposal**, and
|
|
23
|
-
- each side can hand the other a **review verdict** on a diff or PR,
|
|
24
|
-
- with saved, inspectable, fail-closed state — never a fabricated hand-off.
|
|
25
|
-
|
|
26
|
-
## The hard constraint (why the obvious design does not work)
|
|
27
|
-
|
|
28
|
-
The first idea is a shared local folder (for example `~/.chime/handoff/`)
|
|
29
|
-
that both agents read and append to. That only works when both agents run
|
|
30
|
-
on **one machine** with **one filesystem**.
|
|
31
|
-
|
|
32
|
-
In the operator's setup the two agents run as **two separate cloud
|
|
33
|
-
sessions**. Each session is a fresh, throwaway VM. Two facts follow, and
|
|
34
|
-
the design must respect both:
|
|
35
|
-
|
|
36
|
-
1. **No shared filesystem.** A file the B-agent writes to `~/.chime/handoff/`
|
|
37
|
-
in its VM is invisible to the A-agent's VM, and is gone when the session
|
|
38
|
-
ends. A local folder cannot be the channel.
|
|
39
|
-
2. **Single-repo scope.** Each session's GitHub reach is scoped to one repo
|
|
40
|
-
at launch (A-agent → repo A, B-agent → repo B). The A-agent cannot read
|
|
41
|
-
repo B through its GitHub tools, and the reverse is also true. Scope is
|
|
42
|
-
fixed at launch and cannot be widened mid-session.
|
|
43
|
-
|
|
44
|
-
The only medium both sessions can durably reach is **git / GitHub**. So the
|
|
45
|
-
ledger is a set of committed files, not a local folder — and the scope wall
|
|
46
|
-
means the hand-off still needs either a shared repo or a human relay for the
|
|
47
|
-
cross-repo step. This document is honest about that; it does not pretend the
|
|
48
|
-
wall is not there.
|
|
49
|
-
|
|
50
|
-
## What we reuse (no new trust machinery)
|
|
51
|
-
|
|
52
|
-
CW already has the parts this needs. The design adds a thin verb layer over
|
|
53
|
-
them; it invents no new crypto and no new state format.
|
|
54
|
-
|
|
55
|
-
- `run export` produces a **verifiable bundle** (file digests, telemetry
|
|
56
|
-
ledger, trust-audit hash chains).
|
|
57
|
-
- `run restore` **imports fail-closed**: it inspects first, refuses a corrupt
|
|
58
|
-
or tampered bundle without writing anything, and exits non-zero when the
|
|
59
|
-
chain does not verify. (`run import` is the exit-0 sibling; the hand-off
|
|
60
|
-
path must use the fail-closed `restore` contract.)
|
|
61
|
-
- `report verify` checks a run's evidence and citations.
|
|
62
|
-
|
|
63
|
-
A hand-off entry is therefore just a CW bundle. The receiving side trusts it
|
|
64
|
-
the same way it trusts any restored run: by verification, not by good faith.
|
|
65
|
-
|
|
66
|
-
## Two verbs
|
|
67
|
-
|
|
68
|
-
Both live under a single new `cw ledger` verb, so the existing surface is
|
|
69
|
-
untouched and the new behavior is opt-in (POLA). (The name `handoff` was already
|
|
70
|
-
taken by an unrelated collaboration primitive — ownership transfer of a run/task
|
|
71
|
-
— so the cross-agent verb is `ledger`, not `handoff`.) Stage 1 ships as
|
|
72
|
-
`cw ledger propose|review|verify`; see
|
|
73
|
-
[cross-agent-ledger](../cross-agent-ledger.7.md) for the contract.
|
|
74
|
-
|
|
75
|
-
- **`propose`** — the read-only side writes a structured *change proposal*
|
|
76
|
-
(title, rationale, target files, suggested diff) as a ledger entry. It does
|
|
77
|
-
**not** mutate the other repo. The write-capable side picks the entry up,
|
|
78
|
-
verifies it, and turns it into a **real GitHub pull request**.
|
|
79
|
-
- **`review`** — the reviewing side writes a structured *review verdict*
|
|
80
|
-
(`APPROVED` / `REJECTED`, findings, the diff or PR it judged) as a ledger
|
|
81
|
-
entry. The other side surfaces it and can act on it.
|
|
82
|
-
|
|
83
|
-
This keeps a read-only agent honest: it emits proposals and verdicts as
|
|
84
|
-
**data**, and the write-capable side is the only one that opens PRs. Neither
|
|
85
|
-
side has to be trusted to have mutated the other's code.
|
|
86
|
-
|
|
87
|
-
## Transports (how an entry actually crosses)
|
|
88
|
-
|
|
89
|
-
The verbs above produce and consume entries; the transport is how an entry
|
|
90
|
-
moves from one VM to the other. Two are in scope, smallest first.
|
|
91
|
-
|
|
92
|
-
- **T1 — Human relay (MVP, works today, zero infra).** The producing side
|
|
93
|
-
prints the entry (a verifiable bundle, or its safe text form) to stdout;
|
|
94
|
-
the operator carries it to the other session; the consuming side verifies
|
|
95
|
-
it fail-closed and acts (opens the PR, or records the verdict). This is
|
|
96
|
-
exactly the loop the operator is already running by hand. It needs no new
|
|
97
|
-
code beyond a stable print/parse shape.
|
|
98
|
-
- **T2 — Git-as-ledger.** Each entry is committed to a repo under a known
|
|
99
|
-
path (for example `handoff/<from>-<to>/<id>.bundle`). Because scope is
|
|
100
|
-
single-repo, this needs one of:
|
|
101
|
-
- **T2a — a shared handoff repo** both agents are scoped to (cleanest, but
|
|
102
|
-
the operator must create it and launch both sessions against it), or
|
|
103
|
-
- **T2b — each side writes to its own repo** and a bridge (the operator, or
|
|
104
|
-
a scheduled job that *is* scoped to both) moves entries across. The
|
|
105
|
-
cross-repo read cannot be automatic inside a single scoped session — this
|
|
106
|
-
is the scope wall, stated plainly, not a gap to be quietly filled.
|
|
107
|
-
|
|
108
|
-
## Fail-closed rules (non-negotiable)
|
|
109
|
-
|
|
110
|
-
- An entry that does not verify is **refused**, never acted on. No PR is
|
|
111
|
-
opened, no verdict is recorded, and the refusal is explicit on stderr with
|
|
112
|
-
a non-zero exit — the same contract as `run restore`.
|
|
113
|
-
- A proposal is a **suggestion only**. It never edits the target repo by
|
|
114
|
-
itself; a human-or-agent on the write side always makes the real PR, so the
|
|
115
|
-
read-only vow of the proposing side holds.
|
|
116
|
-
- stdout stays data (the entry / the machine result); stderr stays
|
|
117
|
-
diagnostics; a piped run is silent on success. `--json` is stable and
|
|
118
|
-
decoration-free.
|
|
119
|
-
|
|
120
|
-
## Non-goals / POLA
|
|
121
|
-
|
|
122
|
-
- No existing command, output byte, exit code, or file layout changes.
|
|
123
|
-
- No new runtime dependency (zero-dependency red line holds).
|
|
124
|
-
- No vendor-specific logic in core; the verbs move opaque bundles.
|
|
125
|
-
- Nothing ships until its own cycle lands with a test that fails before and
|
|
126
|
-
passes after, and a `docs/*.7.md` contract page — this design file is not
|
|
127
|
-
that contract and claims no shipped behavior.
|
|
128
|
-
|
|
129
|
-
## Suggested rollout (each stage its own reviewed cycle)
|
|
130
|
-
|
|
131
|
-
0. **This design doc** (no behavior). ← you are here.
|
|
132
|
-
1. **T1 human-relay shape** — a stable, documented print/parse form for a
|
|
133
|
-
proposal and a verdict, plus a smoke that round-trips one of each and
|
|
134
|
-
proves a tampered entry is refused.
|
|
135
|
-
2. **`cw ledger propose` / `review`** over `run export` / `restore`, with the
|
|
136
|
-
fail-closed refusal test.
|
|
137
|
-
3. **T2 git-ledger** (shared-repo first), then optionally a scoped bridge job
|
|
138
|
-
for T2b.
|
|
139
|
-
|
|
140
|
-
## Open decisions for the operator
|
|
141
|
-
|
|
142
|
-
- T2a (shared handoff repo) or T2b (own repos + bridge)? T2a is simpler and
|
|
143
|
-
should be the default unless a shared repo is not acceptable.
|
|
144
|
-
- Should a verdict be able to **block** a PR merge on the other side, or only
|
|
145
|
-
advise? Advise-only is the safer default and matches "review as data".
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
# Dogfood: real `builtin:claude` agent + `run resume --drive` (2026-06-14)
|
|
2
|
-
|
|
3
|
-
A live dogfood run with a REAL external agent (`CW_AGENT_COMMAND=builtin:claude`, the
|
|
4
|
-
bundled read-only claude wrapper). The model ran in the agent's own process; CW
|
|
5
|
-
spawned it and recorded the attested output — CW holds no API key and imports no
|
|
6
|
-
model SDK. This run had two purposes and delivered both: it confirmed the real-agent
|
|
7
|
-
delegation path works end to end, and — because it exercised the **CLI** rather than
|
|
8
|
-
the unit-test function path — it **caught a real shipped bug** in `run resume --drive`.
|
|
9
|
-
|
|
10
|
-
## What ran
|
|
11
|
-
|
|
12
|
-
- `cw run architecture-review --drive --once --repo <tmp> --question "…"` with a real
|
|
13
|
-
`builtin:claude` agent: **1 worker completed** end-to-end with zero hand-written
|
|
14
|
-
result.md — the worker's `result.md` was produced by real claude, passed the
|
|
15
|
-
evidence-gated acceptance, and a `report.md` (7.5 KB, "# Architecture Review …")
|
|
16
|
-
+ 3 state commits were written. The real-agent path (spawn → attested output →
|
|
17
|
-
evidence gate → commit) works.
|
|
18
|
-
- Run: `architecture-review-20260614T104416Z-upkor2`, status `in-progress` (1/14)
|
|
19
|
-
after the single `--once` step.
|
|
20
|
-
|
|
21
|
-
## The bug it caught (and the fix)
|
|
22
|
-
|
|
23
|
-
Resuming the partway run with `cw run resume <id> --drive` failed:
|
|
24
|
-
`cw: Workflow app not found: resume`. The `run` command's early `--drive` branch
|
|
25
|
-
(the `cw run <app> --drive` one-command form) intercepted the invocation *before* the
|
|
26
|
-
subcommand switch, so the `resume` keyword was misread as an app name and never
|
|
27
|
-
reached the `runResume` continuation shipped in #155.
|
|
28
|
-
|
|
29
|
-
The A1 unit smoke (`run-resume-drive-smoke`) had tested `runResume()` **directly**, so
|
|
30
|
-
it never exercised the CLI dispatch — only a real CLI run surfaced it. Fixed by
|
|
31
|
-
guarding the early app-drive route so a leading run-registry subcommand keyword
|
|
32
|
-
(resume/show/export/…) falls through to the switch; `run-resume-drive-smoke` now drives
|
|
33
|
-
`cw run resume <id> --drive` through the actual CLI and asserts it routes to the verb,
|
|
34
|
-
plus a regression guard that `run <app> --drive` still routes to the app drive.
|
|
35
|
-
|
|
36
|
-
## Takeaway
|
|
37
|
-
|
|
38
|
-
Unit tests that call the capability function directly can miss CLI-dispatch bugs.
|
|
39
|
-
Every both-surface verb that adds a flag wants at least one test through the real CLI
|
|
40
|
-
argv path, not just the exported function.
|
|
@@ -1,195 +0,0 @@
|
|
|
1
|
-
# Launch Kit — Cool Workflow
|
|
2
|
-
|
|
3
|
-
Copy for announcing CW. The through-line is the one thing no other agent-pipeline
|
|
4
|
-
tool ships: **you can prove the telemetry, offline, with only a public key.**
|
|
5
|
-
Everything leads with the 30-second `npx cool-workflow demo tamper` proof.
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## ✅ FINAL — Show HN (copy-paste ready)
|
|
10
|
-
|
|
11
|
-
**Pre-flight (do these first):**
|
|
12
|
-
1. Record the demo GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` → add it to the README hero (insert the GIF near the badges/intro).
|
|
13
|
-
2. Confirm on a clean machine: `npx cool-workflow demo tamper` runs and prints `VERDICT: tamper-evidence holds ✓`.
|
|
14
|
-
3. Post during US morning (HN traffic peak); reply to the first comment with the npm + provenance link.
|
|
15
|
-
|
|
16
|
-
**Title** (exactly — HN strips most formatting):
|
|
17
|
-
|
|
18
|
-
```
|
|
19
|
-
Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
**URL field:** `https://github.com/coo1white/cool-workflow`
|
|
23
|
-
|
|
24
|
-
**First comment (paste right after posting):**
|
|
25
|
-
|
|
26
|
-
```
|
|
27
|
-
I kept seeing agent-orchestration tools treat the model's self-reported token
|
|
28
|
-
usage and results as ground truth. For anything auditable that's backwards — a
|
|
29
|
-
control-plane that trusts unverified self-reports audits claims, not facts, and a
|
|
30
|
-
forged "green" run looks identical to a real one.
|
|
31
|
-
|
|
32
|
-
Cool Workflow takes the opposite stance. It DELEGATES model execution to whatever
|
|
33
|
-
agent you configure (claude -p, codex exec, an HTTP endpoint) and never embeds a
|
|
34
|
-
model SDK or holds an API key. What it owns is the audit trail: each agent hop's
|
|
35
|
-
reported usage is signed (ed25519) and appended to a hash-chained ledger, so
|
|
36
|
-
editing any record — or even recomputing its local hash to cover the edit — breaks
|
|
37
|
-
the chain downstream. You re-verify a finished run offline — no telemetry service
|
|
38
|
-
to trust or breach.
|
|
39
|
-
|
|
40
|
-
30-second proof, no install:
|
|
41
|
-
|
|
42
|
-
npx cool-workflow demo tamper
|
|
43
|
-
|
|
44
|
-
It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
|
|
45
|
-
hash; inflate reported tokens + reuse the signature; edit a signed finding), and
|
|
46
|
-
catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
|
|
47
|
-
recorded ledger on disk — recomputing the chain so any later edit to a verdict or
|
|
48
|
-
usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
|
|
49
|
-
signature check offline too. I keep an
|
|
50
|
-
honest trust-model doc (what it does and does NOT prove, incl. the single-keyholder
|
|
51
|
-
ceiling): https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md
|
|
52
|
-
|
|
53
|
-
Also: concurrent parallel() phases with declared collapse semantics (collect-all +
|
|
54
|
-
kill-on-timeout — 16 agents with a forced hang/crash/dirty-return finish without
|
|
55
|
-
deadlock and replay who-passed-who-failed), per-task output-schema gates, token
|
|
56
|
-
budgets enforced against the host's recorded usage (opt-in gate fails closed on
|
|
57
|
-
unattested telemetry), and a one-way executor boundary welded
|
|
58
|
-
into the type system (a callable that could reach a model API fails `npm run
|
|
59
|
-
build`). Zero runtime deps, BSD-2, published to npm with provenance. Ships generated
|
|
60
|
-
plugin manifests for 5 agent platforms (claude, codex, agents, gemini, opencode);
|
|
61
|
-
`npm run manifest:load-check` boots all five from one source of truth.
|
|
62
|
-
|
|
63
|
-
It's early (v0.1.81) — I'd genuinely like to hear where the "delegate, prove,
|
|
64
|
-
replay" model breaks down for your workflows.
|
|
65
|
-
|
|
66
|
-
npm: https://www.npmjs.com/package/cool-workflow
|
|
67
|
-
```
|
|
68
|
-
|
|
69
|
-
---
|
|
70
|
-
|
|
71
|
-
## One-liner
|
|
72
|
-
|
|
73
|
-
> Cool Workflow is an auditable control-plane for multi-agent workflows. It
|
|
74
|
-
> *delegates* model execution — never embeds it — and makes every recorded agent
|
|
75
|
-
> telemetry verdict tamper-evident: anyone can re-verify a run's integrity offline,
|
|
76
|
-
> and check the ed25519 attribution with the public key alone.
|
|
77
|
-
|
|
78
|
-
## Elevator (2 sentences)
|
|
79
|
-
|
|
80
|
-
> Most agent-pipeline tools log what the model reported and trust it. CW signs and
|
|
81
|
-
> hash-chains every telemetry verdict, so a forged or edited record fails
|
|
82
|
-
> verification — provably, offline — which is what "auditable" has to mean before
|
|
83
|
-
> you let agents touch production work.
|
|
84
|
-
|
|
85
|
-
---
|
|
86
|
-
|
|
87
|
-
## Show HN
|
|
88
|
-
|
|
89
|
-
**Title:**
|
|
90
|
-
`Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
|
|
91
|
-
|
|
92
|
-
**Body:**
|
|
93
|
-
|
|
94
|
-
> I kept seeing agent-orchestration tools treat the model's self-reported token
|
|
95
|
-
> usage and results as ground truth. For anything auditable that's backwards — a
|
|
96
|
-
> control-plane that trusts unverified self-reports audits *claims*, not facts, and
|
|
97
|
-
> a forged "green" run looks identical to a real one.
|
|
98
|
-
>
|
|
99
|
-
> Cool Workflow is a small, zero-dependency CLI + MCP runtime that takes the
|
|
100
|
-
> opposite stance. It **delegates** model execution to whatever agent you configure
|
|
101
|
-
> (`claude -p`, `codex exec`, an HTTP endpoint) and never embeds a model SDK or
|
|
102
|
-
> holds an API key. What it *does* own is the audit trail: each agent hop's reported
|
|
103
|
-
> usage is signed (ed25519) and appended to a hash-chained ledger, so editing any
|
|
104
|
-
> record — or even recomputing its local hash to cover the edit — breaks the chain
|
|
105
|
-
> downstream. You can re-verify a finished run offline — no network, no trusted
|
|
106
|
-
> server.
|
|
107
|
-
>
|
|
108
|
-
> The 30-second proof, no install:
|
|
109
|
-
>
|
|
110
|
-
> ```
|
|
111
|
-
> npx cool-workflow demo tamper
|
|
112
|
-
> ```
|
|
113
|
-
>
|
|
114
|
-
> It builds a real signed ledger, forges it three ways (flip a verdict + re-seal its
|
|
115
|
-
> hash; inflate reported tokens + reuse the signature; edit a signed finding), and
|
|
116
|
-
> catches all three offline with only the public key. On a real run, `cw telemetry verify <run>` re-proves the
|
|
117
|
-
> recorded ledger on disk — recomputing the chain so any later edit to a verdict or
|
|
118
|
-
> usage digest is caught; add `--pubkey <public.pem>` to re-run each attested hop's
|
|
119
|
-
> signature check offline too. I keep an
|
|
120
|
-
> honest [trust model & limitations](https://github.com/coo1white/cool-workflow/blob/main/plugins/cool-workflow/docs/trust-model.md)
|
|
121
|
-
> doc, including the single-keyholder ceiling.
|
|
122
|
-
>
|
|
123
|
-
> Other things it does: concurrent `parallel()` phases with declared collapse
|
|
124
|
-
> semantics (collect-all + kill-on-timeout — 16 agents with a forced hang/crash/
|
|
125
|
-
> dirty-return finish without deadlock and replay "who passed/who failed"), per-task
|
|
126
|
-
> output-schema gates, token budgets enforced against the host's recorded usage
|
|
127
|
-
> (an opt-in gate fails closed on unattested telemetry), and a one-way
|
|
128
|
-
> executor boundary welded into the type system (a callable that could reach a model
|
|
129
|
-
> API fails `npm run build`).
|
|
130
|
-
>
|
|
131
|
-
> Runs anywhere Node runs; `dist/` is committed; BSD-2. It's early (v0.1.81) and I'd
|
|
132
|
-
> genuinely like to hear where the "delegate, prove, replay" model breaks down for
|
|
133
|
-
> your workflows.
|
|
134
|
-
>
|
|
135
|
-
> Repo: https://github.com/coo1white/cool-workflow
|
|
136
|
-
> npm: https://www.npmjs.com/package/cool-workflow
|
|
137
|
-
|
|
138
|
-
---
|
|
139
|
-
|
|
140
|
-
## Short post / tweet thread
|
|
141
|
-
|
|
142
|
-
1/ Your agent pipeline trusts what the model *says* it did. Cool Workflow proves
|
|
143
|
-
it instead. `npx cool-workflow demo tamper` — 30s, no install:
|
|
144
|
-
|
|
145
|
-
2/ It builds a real ed25519-signed telemetry ledger, forges it three ways (incl.
|
|
146
|
-
editing a signed finding), and catches all three offline with only the public key.
|
|
147
|
-
A control-plane that delegates model execution but can still prove the bill is real.
|
|
148
|
-
|
|
149
|
-
3/ Also: concurrent batches that don't deadlock when an agent hangs, schema-gated
|
|
150
|
-
outputs, token budgets vs the host's recorded usage (attested-telemetry gate is
|
|
151
|
-
opt-in), and a red line (never call a model API) enforced at compile time. Zero
|
|
152
|
-
deps, BSD-2.
|
|
153
|
-
→ https://github.com/coo1white/cool-workflow
|
|
154
|
-
|
|
155
|
-
---
|
|
156
|
-
|
|
157
|
-
## Why this matters (the wedge, for a longer post)
|
|
158
|
-
|
|
159
|
-
- **Separation of duties.** CW never runs the model, yet can verify the executor's
|
|
160
|
-
reported usage. The thing that *spends the money* is not the thing that *keeps
|
|
161
|
-
the books* — the property auditors require everywhere except, so far, agent
|
|
162
|
-
infra.
|
|
163
|
-
- **Offline verification.** No telemetry service to trust or breach. The record
|
|
164
|
-
proves its own integrity offline — re-proving the chain needs no key at all — and
|
|
165
|
-
the ed25519 attribution checks against the public key alone.
|
|
166
|
-
- **Replayable, not just logged.** CW breaks at dispatch and writes to disk, so a
|
|
167
|
-
run replays deterministically — "who passed / who failed" is reconstructable, not
|
|
168
|
-
a scrollback of a fused process. A finished run is portable and self-proving:
|
|
169
|
-
`cw run inspect-archive <archive>` re-proves every file digest, the manifest, and
|
|
170
|
-
the whole-archive hash without importing it; `cw run import` then
|
|
171
|
-
`cw run verify-import <run-id>` restores it and re-proves the restored digests +
|
|
172
|
-
telemetry chain — a tampered archive is caught before it is trusted.
|
|
173
|
-
- **Fail-closed by default where it counts.** Schema mismatch parks the hop;
|
|
174
|
-
unverifiable usage can be refused (opt-in); an empty-capture result can't be
|
|
175
|
-
presented as a clean commit.
|
|
176
|
-
- **Cross-vendor, and it actually boots.** One source manifest
|
|
177
|
-
(`manifest/plugin.manifest.json`) generates Claude / Codex / Gemini / OpenCode /
|
|
178
|
-
agents adapters, and `npm run manifest:load-check` boots all five (184 tools each)
|
|
179
|
-
— the neutrality moat is executable, not aspirational.
|
|
180
|
-
|
|
181
|
-
## Assets to capture before posting
|
|
182
|
-
|
|
183
|
-
- [ ] **Demo GIF** — reproducible, no manual screen-recording: `vhs
|
|
184
|
-
plugins/cool-workflow/docs/launch/demo.tape` → `docs/launch/demo-tamper.gif`,
|
|
185
|
-
then add it to the README hero (insert it near the badges/intro). The
|
|
186
|
-
✗ DETECTED lines are the hook.
|
|
187
|
-
- [ ] Confirm `npx cool-workflow demo tamper` works from a clean machine (no clone).
|
|
188
|
-
- [ ] Pin the npm version badge / release + provenance link in the first comment.
|
|
189
|
-
|
|
190
|
-
## Channels
|
|
191
|
-
|
|
192
|
-
Hacker News (Show HN), the MCP / agent-tooling communities, r/LocalLLaMA &
|
|
193
|
-
r/MachineLearning (the offline-verification angle), and the npm listing itself
|
|
194
|
-
(keywords already set). Lead every one with the demo command, not the feature
|
|
195
|
-
list.
|
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
# Pre-Launch Checklist — Cool Workflow Show HN
|
|
2
|
-
|
|
3
|
-
Tick top to bottom; when it's done, post. The one non-negotiable gate is ②.
|
|
4
|
-
Copy for the post itself lives in [launch-kit.md](launch-kit.md) (the **✅ FINAL**
|
|
5
|
-
block).
|
|
6
|
-
|
|
7
|
-
## ① Prepare assets (optional, recommended)
|
|
8
|
-
|
|
9
|
-
- [ ] Install [vhs](https://github.com/charmbracelet/vhs) (`brew install vhs`).
|
|
10
|
-
- [ ] Record the GIF: `vhs plugins/cool-workflow/docs/launch/demo.tape` →
|
|
11
|
-
`docs/launch/demo-tamper.gif`.
|
|
12
|
-
- [ ] Add it to the README hero (insert
|
|
13
|
-
`` near the badges/intro), commit + push.
|
|
14
|
-
> Shippable without the GIF — the README's text `✗ DETECTED` hook already stands;
|
|
15
|
-
> the GIF is upside, not a blocker.
|
|
16
|
-
|
|
17
|
-
## ② Verify — the make-or-break gate (do not skip)
|
|
18
|
-
|
|
19
|
-
- [ ] On a **clean machine / fresh terminal**: `npx cool-workflow demo tamper`
|
|
20
|
-
prints `VERDICT: tamper-evidence holds ✓`.
|
|
21
|
-
> Every click from HN runs this. One crash wastes that traffic. This is the only
|
|
22
|
-
> non-negotiable check.
|
|
23
|
-
- [ ] Sanity: `npx cool-workflow quickstart architecture-review --repo . --question "risks?"`
|
|
24
|
-
→ `status: blocked` with no agent configured (fails closed, no crash).
|
|
25
|
-
- [ ] Resumable sanity: `cw quickstart architecture-review --resume` advances one step
|
|
26
|
-
then stops; `cw run resume <run-id> --drive` continues a stopped run — proving
|
|
27
|
-
runs break at dispatch and replay from disk.
|
|
28
|
-
|
|
29
|
-
## ③ Post (US morning, ~9–11am ET is peak)
|
|
30
|
-
|
|
31
|
-
- [ ] Open the **✅ FINAL** block in [launch-kit.md](launch-kit.md).
|
|
32
|
-
- [ ] HN title: `Show HN: Cool Workflow – tamper-evident telemetry for agent pipelines (npx demo)`
|
|
33
|
-
- [ ] URL field: `https://github.com/coo1white/cool-workflow`
|
|
34
|
-
- [ ] Immediately after posting, paste the FINAL "first comment" as the first reply.
|
|
35
|
-
|
|
36
|
-
## ④ First hour (decides the outcome)
|
|
37
|
-
|
|
38
|
-
- [ ] Watch and reply fast — early engagement weighs most on HN.
|
|
39
|
-
- [ ] On the "single key holder / no second party" critique (the audit flagged it
|
|
40
|
-
too): concede it honestly and frame it as exactly why you're looking for early
|
|
41
|
-
integration partners. **Turn the critique into an invitation; don't argue.**
|
|
42
|
-
> The canned, linkable answer is already written: [docs/trust-model.md](../trust-model.md)
|
|
43
|
-
> states the ceiling plainly (integrity ≠ source honesty; one party holding both
|
|
44
|
-
> roles; full local re-chain) and frames the partner ask. Link it; don't re-argue it.
|
|
45
|
-
- [ ] No vote-rigging, no asking friends to upvote, no deleting critical comments —
|
|
46
|
-
HN's anti-abuse will sink the post.
|
|
47
|
-
|
|
48
|
-
---
|
|
49
|
-
|
|
50
|
-
### Go / no-go
|
|
51
|
-
|
|
52
|
-
> If **② — `npx cool-workflow demo tamper` prints `✓` on a clean machine** — passes,
|
|
53
|
-
> you can post. Everything else is upside.
|