cool-workflow 0.2.4 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/.gemini-plugin/mcp.json +10 -0
- package/.gemini-plugin/plugin.json +40 -0
- package/.opencode-plugin/mcp.json +10 -0
- package/.opencode-plugin/plugin.json +40 -0
- package/README.md +204 -48
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/cli/dispatch.js +32 -4
- package/dist/cli/entry.js +11 -19
- package/dist/cli/global-flags.js +113 -0
- package/dist/cli/parseargv.js +7 -1
- package/dist/core/capability-data.js +337 -8
- package/dist/core/format/help.js +73 -3
- package/dist/core/format/recovery-hint.js +32 -0
- package/dist/core/multi-agent/collaboration.js +35 -6
- package/dist/core/multi-agent/runtime.js +7 -0
- package/dist/core/multi-agent/trust-policy.js +7 -1
- package/dist/core/pipeline/contract.js +7 -0
- package/dist/core/pipeline/error-feedback.js +2 -2
- package/dist/core/state/run-paths.js +3 -30
- package/dist/core/trust/evidence-grounding.js +13 -1
- package/dist/core/util/cli-args.js +22 -0
- package/dist/core/version.js +1 -1
- package/dist/mcp/dispatch.js +22 -2
- package/dist/mcp/server.js +215 -36
- package/dist/mcp/tool-process.js +181 -0
- package/dist/mcp-server.js +28 -1
- package/dist/shell/agent-config.js +11 -2
- package/dist/shell/audit-cli.js +1 -1
- package/dist/shell/commit.js +8 -2
- package/dist/shell/coordinator-io.js +73 -1
- package/dist/shell/drive.js +195 -128
- package/dist/shell/error-feedback-io.js +6 -0
- package/dist/shell/execution-backend/agent.js +201 -26
- package/dist/shell/execution-backend/container.js +44 -10
- package/dist/shell/execution-backend/local.js +33 -0
- package/dist/shell/fs-atomic.js +96 -12
- package/dist/shell/ledger-cli.js +9 -2
- package/dist/shell/metrics-cli.js +1 -1
- package/dist/shell/multi-agent-cli.js +9 -2
- package/dist/shell/multi-agent-operator-ux.js +1 -1
- package/dist/shell/observability.js +7 -4
- package/dist/shell/onramp.js +48 -5
- package/dist/shell/operator-ux.js +1 -1
- package/dist/shell/perf-trace.js +136 -0
- package/dist/shell/pipeline.js +3 -2
- package/dist/shell/reclamation-io.js +10 -9
- package/dist/shell/report-view-cli.js +2 -0
- package/dist/shell/run-export-cli.js +5 -2
- package/dist/shell/run-export.js +293 -31
- package/dist/shell/run-registry-io.js +8 -0
- package/dist/shell/run-store.js +183 -3
- package/dist/shell/scheduler-io.js +101 -10
- package/dist/shell/state-explosion-cli.js +4 -1
- package/dist/shell/telemetry-demo.js +1 -1
- package/dist/shell/telemetry-ledger-io.js +36 -24
- package/dist/shell/trust-audit.js +178 -36
- package/dist/shell/workbench-host.js +121 -10
- package/dist/shell/workbench.js +83 -6
- package/dist/shell/worker-isolation.js +1 -1
- package/dist/wiring/capability-table/basics.js +5 -0
- package/dist/wiring/capability-table/exec-backend.js +40 -22
- package/dist/wiring/capability-table/parity.js +10 -5
- package/dist/wiring/capability-table/pipeline.js +32 -0
- package/dist/wiring/capability-table/registry-core.js +26 -3
- package/dist/wiring/capability-table/reporting.js +7 -1
- package/dist/wiring/capability-table/scheduling-registry.js +8 -2
- package/dist/wiring/capability-table/trust-ledger.js +54 -12
- package/docs/agent-delegation-drive.7.md +17 -0
- package/docs/cli-mcp-parity.7.md +46 -5
- package/docs/contract-migration-tooling.7.md +4 -0
- package/docs/control-plane-scheduling.7.md +38 -0
- package/docs/cross-agent-ledger.7.md +20 -8
- package/docs/durable-state-and-locking.7.md +4 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
- package/docs/execution-backends.7.md +4 -0
- package/docs/fix.7.md +4 -4
- package/docs/getting-started.md +40 -32
- package/docs/index.md +17 -0
- package/docs/launch/demo.tape +4 -3
- package/docs/mcp-app-surface.7.md +27 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
- package/docs/multi-agent-eval-replay-harness.7.md +4 -0
- package/docs/multi-agent-operator-ux.7.md +4 -0
- package/docs/node-snapshot-diff-replay.7.md +4 -0
- package/docs/observability-cost-accounting.7.md +4 -0
- package/docs/project-index.md +53 -9
- package/docs/real-execution-backends.7.md +4 -0
- package/docs/release-and-migration.7.md +4 -0
- package/docs/release-tooling.7.md +12 -0
- package/docs/routine.7.md +22 -0
- package/docs/run-registry-control-plane.7.md +37 -9
- package/docs/run-retention-reclamation.7.md +12 -4
- package/docs/state-explosion-management.7.md +4 -0
- package/docs/team-collaboration.7.md +4 -0
- package/docs/trust-audit-anchor.7.md +4 -0
- package/docs/web-desktop-workbench.7.md +72 -2
- package/docs/workflow-app-framework.7.md +31 -0
- package/manifest/plugin.manifest.json +1 -1
- package/manifest/source-context-profiles.json +4 -3
- package/package.json +6 -3
- package/scripts/agents/agent-adapter-core.js +26 -0
- package/scripts/agents/claude-p-agent.js +4 -1
- package/scripts/agents/codex-agent.js +4 -0
- package/scripts/agents/cw-attest-wrap.js +1 -1
- package/scripts/agents/gemini-agent.js +4 -0
- package/scripts/agents/opencode-agent.js +5 -0
- package/scripts/block-unapproved-tag.js +160 -0
- package/scripts/canonical-apps.js +4 -4
- package/scripts/children/batch-delegate-child.js +72 -4
- package/scripts/children/http-batch-delegate-child.js +132 -0
- package/scripts/children/http-delegate-child.js +8 -0
- package/scripts/dogfood-release.js +2 -2
- package/scripts/fake-date-for-reproduction.js +1 -1
- package/scripts/gen-manifests.js +32 -61
- package/scripts/golden-path.js +4 -4
- package/scripts/lang-policy-check.js +82 -0
- package/scripts/parity-check.js +42 -23
- package/scripts/purity-baseline.json +0 -3
- package/scripts/purity-gate.js +16 -3
- package/scripts/release-check.js +2 -1
- package/scripts/release-flow.js +169 -41
- package/scripts/release-gate.js +208 -0
- package/scripts/release-oneclick.js +38 -7
- package/scripts/release-tags.js +47 -0
- package/scripts/schema-version-inventory.json +31 -0
- package/scripts/validate-run-state-schema.js +95 -4
- package/scripts/verdict-keygen.js +2 -2
- package/scripts/verify-bump-reproduction.js +193 -0
- package/scripts/verify-release-verdict.js +139 -0
- package/scripts/verify-verdict-signature.js +1 -1
- package/ui/workbench/app.css +50 -10
- package/ui/workbench/app.js +269 -34
- package/ui/workbench/index.html +4 -2
- package/ui/workbench/inspection.js +51 -0
- package/ui/workbench/navigation.js +44 -0
- package/docs/agent-framework.md +0 -177
- package/docs/designs/handoff-ledger.md +0 -145
- package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +0 -40
- package/docs/launch/launch-kit.md +0 -195
- package/docs/launch/pre-launch-checklist.md +0 -53
- package/docs/readme-v0.1.87-full.md +0 -301
- package/docs/routines.md +0 -101
- package/docs/scheduled-tasks.md +0 -80
- package/scripts/agents/claude-p-agent.sh +0 -9
- package/scripts/block-unapproved-tag.sh +0 -75
- package/scripts/release-gate.sh +0 -94
- package/scripts/verify-bump-reproduction.sh +0 -148
- package/scripts/verify-container-selfref.js +0 -64
|
@@ -1,301 +0,0 @@
|
|
|
1
|
-
<div align="center">
|
|
2
|
-
|
|
3
|
-
# Cool Workflow
|
|
4
|
-
|
|
5
|
-
**Point an AI coding agent at a repo, get a saved report with real citations — not a chat message you lose.**
|
|
6
|
-
|
|
7
|
-
[](https://github.com/coo1white/cool-workflow/actions/workflows/ci.yml)
|
|
8
|
-
[](https://www.npmjs.com/package/cool-workflow)
|
|
9
|
-
[](https://www.npmjs.com/package/cool-workflow)
|
|
10
|
-
[](https://www.npmjs.com/package/cool-workflow)
|
|
11
|
-
[](https://github.com/coo1white/cool-workflow/tags)
|
|
12
|
-
[](LICENSE)
|
|
13
|
-
|
|
14
|
-
<img src="docs/assets/cool-workflow-readme-promo.png" alt="Cool Workflow turns AI agent repo questions into saved, cited, tamper-evident reports." width="100%">
|
|
15
|
-
|
|
16
|
-
</div>
|
|
17
|
-
|
|
18
|
-
## What is this, really?
|
|
19
|
-
|
|
20
|
-
You put a question to an AI coding agent, it gives an answer in the chat, and
|
|
21
|
-
then the answer is gone. Next week you put the same question and have to start
|
|
22
|
-
all over again.
|
|
23
|
-
|
|
24
|
-
**Cool Workflow (CW) makes that lost question into a kept job.** You point it at
|
|
25
|
-
a code store with a question like *"what are the security risks here?"* It runs
|
|
26
|
-
your AI agent over all the code in ordered steps and puts a **report file** on
|
|
27
|
-
disk — every point backed by an exact `file.js:42` pointer to the line. You are
|
|
28
|
-
able to run it again, give it to others, and even give proof that the report was
|
|
29
|
-
not changed by anyone.
|
|
30
|
-
|
|
31
|
-
```
|
|
32
|
-
you ask once CW gives you
|
|
33
|
-
"what are the risks in my repo?" → a saved report.md with
|
|
34
|
-
cited findings, repeatable
|
|
35
|
-
```
|
|
36
|
-
|
|
37
|
-
It does **not** run the AI model itself. You give your own agent (for one, the
|
|
38
|
-
`claude` command line) and CW keeps it working, makes a record of what took
|
|
39
|
-
place, and checks the answer. Take CW as the *project manager*, and your agent
|
|
40
|
-
as the *worker*.
|
|
41
|
-
|
|
42
|
-
> New to this? You're in the right place — this README is a step-by-step start.
|
|
43
|
-
> Deeper/advanced docs live in the [wiki](https://github.com/coo1white/cool-workflow/wiki).
|
|
44
|
-
|
|
45
|
-
---
|
|
46
|
-
|
|
47
|
-
## Project rule
|
|
48
|
-
|
|
49
|
-
CW should stay a small, trusted tool, not a platform.
|
|
50
|
-
|
|
51
|
-
```text
|
|
52
|
-
ask simple -> run simple -> verify simple -> resume simple
|
|
53
|
-
```
|
|
54
|
-
|
|
55
|
-
The engineering base is FreeBSD-like: POLA first, fail closed, no silent
|
|
56
|
-
fallback, stdout as data, stderr as diagnostics, and documented stable
|
|
57
|
-
surfaces. The user-facing spirit is close to Homebrew: a small command
|
|
58
|
-
surface, a strong `doctor` check, and clear next steps when a run is
|
|
59
|
-
blocked or a report does not verify.
|
|
60
|
-
|
|
61
|
-
That means CW should hide orchestration detail behind clear commands,
|
|
62
|
-
keep `.cw/` state open to check, make recovery boring, and prefer a
|
|
63
|
-
small tool that can be trusted over a broad agent platform.
|
|
64
|
-
|
|
65
|
-
---
|
|
66
|
-
|
|
67
|
-
## What you need
|
|
68
|
-
|
|
69
|
-
1. **Node.js** (v18+). Make a check with `node --version`.
|
|
70
|
-
2. **An AI agent on the command line.** The most simple is **Claude Code** —
|
|
71
|
-
after you put it in you will have a `claude` command. Make a check with
|
|
72
|
-
`claude --version`. (CW also works with `codex`, or any command/HTTP agent —
|
|
73
|
-
but make your start with `claude`.)
|
|
74
|
-
|
|
75
|
-
> No agent yet? You are still able to **see CW work** (next part, step 1)
|
|
76
|
-
> without one. The full report needs an agent, because CW never makes a call to
|
|
77
|
-
> a model itself.
|
|
78
|
-
|
|
79
|
-
---
|
|
80
|
-
|
|
81
|
-
## Quick start (3 steps)
|
|
82
|
-
|
|
83
|
-
### 1. See it run — no install, no agent, no API key
|
|
84
|
-
|
|
85
|
-
```bash
|
|
86
|
-
npx cool-workflow demo tamper
|
|
87
|
-
```
|
|
88
|
-
|
|
89
|
-
This gives proof of CW's chief trick in 30 seconds (more on that
|
|
90
|
-
[below](#can-i-trust-the-report)). If you see `VERDICT: tamper-evidence holds ✓`,
|
|
91
|
-
all is working.
|
|
92
|
-
|
|
93
|
-
Not sure what to run next?
|
|
94
|
-
|
|
95
|
-
```bash
|
|
96
|
-
npx cool-workflow doctor --onramp
|
|
97
|
-
```
|
|
98
|
-
|
|
99
|
-
This prints the short path for a first run, the fast checks for source work, and
|
|
100
|
-
the full gate to use before a release.
|
|
101
|
-
|
|
102
|
-
From a source checkout, use:
|
|
103
|
-
|
|
104
|
-
```bash
|
|
105
|
-
cd plugins/cool-workflow
|
|
106
|
-
node scripts/cw.js doctor --onramp --changed-from origin/main
|
|
107
|
-
```
|
|
108
|
-
|
|
109
|
-
### 2. Check, then run a real review on your own repo
|
|
110
|
-
|
|
111
|
-
First make a zero-write check. It does not make a run, write `.cw/`, or call
|
|
112
|
-
your agent:
|
|
113
|
-
|
|
114
|
-
```bash
|
|
115
|
-
npx cool-workflow quickstart architecture-review --check \
|
|
116
|
-
--repo /path/to/your/project \
|
|
117
|
-
--question "What are the main risks in this codebase?" \
|
|
118
|
-
--agent-command builtin:claude
|
|
119
|
-
```
|
|
120
|
-
|
|
121
|
-
If the check is good, run the review:
|
|
122
|
-
|
|
123
|
-
```bash
|
|
124
|
-
npx cool-workflow quickstart architecture-review \
|
|
125
|
-
--repo /path/to/your/project \
|
|
126
|
-
--question "What are the main risks in this codebase?" \
|
|
127
|
-
--agent-command builtin:claude
|
|
128
|
-
```
|
|
129
|
-
|
|
130
|
-
If the report has to go to someone else, make the checked bundle in the same
|
|
131
|
-
run:
|
|
132
|
-
|
|
133
|
-
```bash
|
|
134
|
-
npx cool-workflow quickstart architecture-review \
|
|
135
|
-
--repo /path/to/your/project \
|
|
136
|
-
--question "What are the main risks in this codebase?" \
|
|
137
|
-
--agent-command builtin:claude \
|
|
138
|
-
--bundle
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
- `--repo` — the folder you have a wish to get looked at.
|
|
142
|
-
- `--question` — what you have a wish to be certain of.
|
|
143
|
-
- `--agent-command builtin:claude` — make use of the Claude wrapper that comes
|
|
144
|
-
with it (read-only; it never makes changes to your code).
|
|
145
|
-
- `--agent-command builtin:codex` — make use of the Codex wrapper that comes
|
|
146
|
-
with it (read-only; it never makes changes to your code).
|
|
147
|
-
|
|
148
|
-
CW makes a plan of the work, keeps your agent working over your repo in steps,
|
|
149
|
-
and gives out where it kept the report. For a living view in the window while
|
|
150
|
-
every worker is at work, take it up with `CW_AGENT_STREAM=1`; the view goes to
|
|
151
|
-
stderr only and the kept answer is not changed.
|
|
152
|
-
|
|
153
|
-
> **No agent put in place?** CW comes to a safe stop and says so
|
|
154
|
-
> (`status: blocked`) — it never makes up an answer. Put in `claude` and run it
|
|
155
|
-
> again.
|
|
156
|
-
|
|
157
|
-
### 3. Read the report
|
|
158
|
-
|
|
159
|
-
```bash
|
|
160
|
-
cat /path/to/your/project/.cw/runs/<run-id>/report.md
|
|
161
|
-
```
|
|
162
|
-
|
|
163
|
-
You get a short account, ordered points, and **clickable pointers** like
|
|
164
|
-
`src/server.js:18` for every point made — so you are able to make a check of
|
|
165
|
-
each one yourself.
|
|
166
|
-
|
|
167
|
-
---
|
|
168
|
-
|
|
169
|
-
## Install it (optional)
|
|
170
|
-
|
|
171
|
-
`npx` is ever working with no need to put it in. To get the short `cw` command
|
|
172
|
-
everywhere:
|
|
173
|
-
|
|
174
|
-
```bash
|
|
175
|
-
npm install -g cool-workflow # then use: cw … instead of npx cool-workflow …
|
|
176
|
-
```
|
|
177
|
-
|
|
178
|
-
---
|
|
179
|
-
|
|
180
|
-
## What else can it do?
|
|
181
|
-
|
|
182
|
-
CW comes with a number of ready-made "jobs" (run `cw list` to see them all):
|
|
183
|
-
|
|
184
|
-
| Command | What it does |
|
|
185
|
-
|---|---|
|
|
186
|
-
| `architecture-review` | Make a map of a repo's structure and put its true risks in order, with facts. |
|
|
187
|
-
| `pr-review-fix-ci` | Go over a pull request, put forward fixes, make a check of CI. |
|
|
188
|
-
| `research-synthesis` | Get together and make into one a fact-backed answer to a question. |
|
|
189
|
-
| `release-cut` | Keep a gated, gone-over release moving. |
|
|
190
|
-
|
|
191
|
-
It also puts the same acts out over **MCP**, so editors like Claude Desktop /
|
|
192
|
-
Cursor / VS Code are able to make a call to CW as a tool. See the
|
|
193
|
-
[wiki](https://github.com/coo1white/cool-workflow/wiki) for that and for
|
|
194
|
-
multi-agent runs.
|
|
195
|
-
|
|
196
|
-
---
|
|
197
|
-
|
|
198
|
-
## Can I trust the report?
|
|
199
|
-
|
|
200
|
-
This is what makes CW not the same as the rest. Because CW only *gives the work
|
|
201
|
-
over* to your agent, it keeps a record of every step that makes any false change
|
|
202
|
-
come to light: every agent's given token use is signed by secret-key science and
|
|
203
|
-
chained by hash, so **changing the record after the fact has the chain broken** —
|
|
204
|
-
and anyone is able to make the check again offline with only a public key.
|
|
205
|
-
|
|
206
|
-
See it for yourself — the `demo tamper` from step 1 makes a false record in two
|
|
207
|
-
ways and gets both:
|
|
208
|
-
|
|
209
|
-
```text
|
|
210
|
-
▶ LEDGER tamper
|
|
211
|
-
after: ✗ DETECTED — the hash chain caught it: chain-link[2]: telemetry-chain-broken
|
|
212
|
-
▶ SIGNATURE tamper
|
|
213
|
-
after: ✗ DETECTED — signature does not match reported usage
|
|
214
|
-
VERDICT: tamper-evidence holds ✓ — every forgery caught offline, with only the public key.
|
|
215
|
-
```
|
|
216
|
-
|
|
217
|
-
On a true run, make a check of any run's record yourself:
|
|
218
|
-
|
|
219
|
-
```bash
|
|
220
|
-
cw telemetry verify <run-id>
|
|
221
|
-
```
|
|
222
|
-
|
|
223
|
-
CW makes use of this on its own code — see the kept living-run proof in
|
|
224
|
-
[`plugins/cool-workflow/docs/dogfood/`](plugins/cool-workflow/docs/dogfood/).
|
|
225
|
-
|
|
226
|
-
The plain point: *the thing that uses up the tokens is not the thing that keeps
|
|
227
|
-
the books.* That keeping-apart is normal in account-keeping — CW gives it to AI
|
|
228
|
-
agents.
|
|
229
|
-
|
|
230
|
-
---
|
|
231
|
-
|
|
232
|
-
## Hand the report to someone — they can check it on their own
|
|
233
|
-
|
|
234
|
-
A report you keep on your own machine is one thing. A report you can **give to
|
|
235
|
-
someone** who then makes the check themselves is what you are really after. Add
|
|
236
|
-
`--bundle` to the one command and CW seals the finished run into a single,
|
|
237
|
-
self-checking file:
|
|
238
|
-
|
|
239
|
-
```bash
|
|
240
|
-
npx cool-workflow quickstart architecture-review \
|
|
241
|
-
--repo /path/to/your/project --question "What are the main risks?" \
|
|
242
|
-
--agent-command builtin:claude --bundle --with-trust-key ./trust-pub.pem
|
|
243
|
-
```
|
|
244
|
-
|
|
245
|
-
This puts a `report.cwrun.json` file **where you are** (not in the looked-at
|
|
246
|
-
repo). The one file holds the report, the `file.js:42` pointers, the signed and
|
|
247
|
-
hash-chained record, **and the public key**.
|
|
248
|
-
|
|
249
|
-
Give that file to anyone. With no need for your repo, your keys given over on the
|
|
250
|
-
side, or a put-in past `npx`, they make the check on their own — offline, with
|
|
251
|
-
only the file:
|
|
252
|
-
|
|
253
|
-
```bash
|
|
254
|
-
npx cool-workflow report verify-bundle report.cwrun.json
|
|
255
|
-
```
|
|
256
|
-
|
|
257
|
-
If the bundle was changed in any way after the fact — the record, a signature, or
|
|
258
|
-
the bytes — the check says so and comes to a stop (it gives back `ok: false` and a
|
|
259
|
-
non-zero code), so a bundle you send on can never be a quiet lie. CW still never
|
|
260
|
-
runs the model itself; it only keeps the books and makes the check.
|
|
261
|
-
|
|
262
|
-
Want to see the whole thing in 30 seconds, with no agent and no key of your own?
|
|
263
|
-
|
|
264
|
-
```bash
|
|
265
|
-
npx cool-workflow demo bundle
|
|
266
|
-
```
|
|
267
|
-
|
|
268
|
-
It makes a real sealed bundle, makes two false changes to it, and shows the check
|
|
269
|
-
getting **both** — offline, with only the public key the bundle carries.
|
|
270
|
-
|
|
271
|
-
---
|
|
272
|
-
|
|
273
|
-
## Troubleshooting
|
|
274
|
-
|
|
275
|
-
| Problem | Fix |
|
|
276
|
-
|---|---|
|
|
277
|
-
| `status: blocked`, `agentConfigured: false` | No agent is in place. Put in `claude` (or give `--agent-command`). |
|
|
278
|
-
| `claude: command not found` | Put in Claude Code so the `claude` command is there, then run again. |
|
|
279
|
-
| Want to see the plan without running the AI | Put in `--preview` — it gives the steps and starts nothing. |
|
|
280
|
-
| Want a live agent trace | Put `CW_AGENT_STREAM=1`. It is stderr-only, TTY-gated, and `CW_NO_STREAM=1` puts it off. |
|
|
281
|
-
| Where did my report go? | The command gives out `reportPath`; it is under `<your-repo>/.cw/runs/<id>/report.md`. |
|
|
282
|
-
|
|
283
|
-
---
|
|
284
|
-
|
|
285
|
-
## How it works (one paragraph)
|
|
286
|
-
|
|
287
|
-
CW is a small TypeScript/Node run-time that needs no other parts. It makes a
|
|
288
|
-
record of the agent loop out in the open — *plan → dispatch → record → verify →
|
|
289
|
-
commit → report* — as long-lasting files on disk, so a run is open to looking-at
|
|
290
|
-
and able to be played again in place of a chat you let go. It never puts a model
|
|
291
|
-
SDK inside and keeps no API key; your put-in-place agent does the thinking, CW
|
|
292
|
-
does the book-keeping and the checking. For the structure, multi-agent
|
|
293
|
-
working-together, execution backends, and the full CLI/MCP face, see the
|
|
294
|
-
**[wiki](https://github.com/coo1white/cool-workflow/wiki)** and
|
|
295
|
-
[`plugins/cool-workflow/docs/`](plugins/cool-workflow/docs/).
|
|
296
|
-
|
|
297
|
-
---
|
|
298
|
-
|
|
299
|
-
## License
|
|
300
|
-
|
|
301
|
-
BSD-2-Clause. See [LICENSE](LICENSE). Built by COOLWHITE LLC.
|
package/docs/routines.md
DELETED
|
@@ -1,101 +0,0 @@
|
|
|
1
|
-
# Routines
|
|
2
|
-
|
|
3
|
-
A CW routine has a trigger, an event payload, match rules, and a prompt it makes
|
|
4
|
-
for an agent host to run.
|
|
5
|
-
|
|
6
|
-
CW keeps routine data in:
|
|
7
|
-
|
|
8
|
-
```text
|
|
9
|
-
.cw/routines/triggers.json
|
|
10
|
-
.cw/routines/payloads/
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
## Commands
|
|
14
|
-
|
|
15
|
-
Create an API trigger:
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
cw routine create \
|
|
19
|
-
--kind api \
|
|
20
|
-
--prompt "Handle this API event."
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
Create a GitHub trigger:
|
|
24
|
-
|
|
25
|
-
```bash
|
|
26
|
-
cw routine create \
|
|
27
|
-
--kind github \
|
|
28
|
-
--prompt "Review this GitHub event." \
|
|
29
|
-
--match '{"action":"opened"}'
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
Fire a trigger from a payload file:
|
|
33
|
-
|
|
34
|
-
```bash
|
|
35
|
-
cw routine fire github payload.json
|
|
36
|
-
```
|
|
37
|
-
|
|
38
|
-
Inspect events:
|
|
39
|
-
|
|
40
|
-
```bash
|
|
41
|
-
cw routine events
|
|
42
|
-
```
|
|
43
|
-
|
|
44
|
-
## Long Architecture Reviews
|
|
45
|
-
|
|
46
|
-
Use `architecture-review-fast` for the foreground user path. Then put the
|
|
47
|
-
full `architecture-review` app in line as background work when a deep look-over
|
|
48
|
-
should not get in the way of a back-and-forth session:
|
|
49
|
-
|
|
50
|
-
```bash
|
|
51
|
-
node scripts/architecture-review-fast.js \
|
|
52
|
-
--repo /path/to/repo \
|
|
53
|
-
--question "Is this architecture sound?" \
|
|
54
|
-
--metrics \
|
|
55
|
-
--schedule-full
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
The wrapper makes a one-shot reminder schedule whose `workflowId` is
|
|
59
|
-
`architecture-review`. The schedule prompt is policy. CW keeps the schedule and
|
|
60
|
-
notes down due events; the outside agent host says how to run the long review.
|
|
61
|
-
The prompt has in it the foreground fast run id, fast report path, source-context
|
|
62
|
-
digest/profile, and it asks the background agent to give back the full review
|
|
63
|
-
report path and digest.
|
|
64
|
-
The `--metrics` flag is not required and it gives back foreground time used plus
|
|
65
|
-
agent-spawn and result-cache-hit counts for the fast run.
|
|
66
|
-
|
|
67
|
-
## PDCA Blackboard Development Lessons
|
|
68
|
-
|
|
69
|
-
When a task asks for agents to work together, first try the parts CW already
|
|
70
|
-
has:
|
|
71
|
-
|
|
72
|
-
- workflow apps give the work shape
|
|
73
|
-
- worker output gives checked facts
|
|
74
|
-
- the blackboard gives shared state
|
|
75
|
-
- MCP gives tool access to the same state
|
|
76
|
-
- smoke tests prove the loop
|
|
77
|
-
|
|
78
|
-
Do not make a new MCP server when the existing server can show the same run
|
|
79
|
-
state. Add a workflow app first, then prove the app with one smoke that uses
|
|
80
|
-
both CLI and MCP.
|
|
81
|
-
|
|
82
|
-
For a three-agent loop, keep the order plain:
|
|
83
|
-
|
|
84
|
-
```text
|
|
85
|
-
plan -> build -> audit -> next action
|
|
86
|
-
```
|
|
87
|
-
|
|
88
|
-
Each agent should write one blackboard message and, when there is a result
|
|
89
|
-
file, one artifact ref. Take a snapshot after the audit and after the next
|
|
90
|
-
action. If audit evidence is missing, let the worker evidence gate refuse the
|
|
91
|
-
result instead of adding a new policy layer.
|
|
92
|
-
|
|
93
|
-
Before a PR, base the branch on `origin/main`, run the generated-doc checks,
|
|
94
|
-
and sync generated docs when the gate says they are stale. This keeps unrelated
|
|
95
|
-
local commits and generated README/index drift out of the work.
|
|
96
|
-
|
|
97
|
-
## Boundary
|
|
98
|
-
|
|
99
|
-
CW v0.1.1 does not give managed cloud infrastructure. It gives a local
|
|
100
|
-
routine bridge that may be joined to GitHub Actions, webhooks, cron, or a
|
|
101
|
-
small HTTP adapter in a later release.
|
package/docs/scheduled-tasks.md
DELETED
|
@@ -1,80 +0,0 @@
|
|
|
1
|
-
# Scheduled Tasks
|
|
2
|
-
|
|
3
|
-
CW scheduled tasks let you make looping prompts, cron-like schedules, one-shot
|
|
4
|
-
reminders, expiration, jitter, and clear completion.
|
|
5
|
-
|
|
6
|
-
CW keeps schedules in:
|
|
7
|
-
|
|
8
|
-
```text
|
|
9
|
-
.cw/schedules/tasks.json
|
|
10
|
-
```
|
|
11
|
-
|
|
12
|
-
## Commands
|
|
13
|
-
|
|
14
|
-
Make a `/loop`-ready schedule:
|
|
15
|
-
|
|
16
|
-
```bash
|
|
17
|
-
cw loop \
|
|
18
|
-
--intervalMinutes 30 \
|
|
19
|
-
--prompt "Check this workflow and continue if work is due."
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
Make a loop:
|
|
23
|
-
|
|
24
|
-
```bash
|
|
25
|
-
cw schedule create \
|
|
26
|
-
--kind loop \
|
|
27
|
-
--intervalMinutes 30 \
|
|
28
|
-
--prompt "Check this workflow and continue if work is due."
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
Make a cron schedule:
|
|
32
|
-
|
|
33
|
-
```bash
|
|
34
|
-
cw schedule create \
|
|
35
|
-
--kind cron \
|
|
36
|
-
--cron "*/15 * * * *" \
|
|
37
|
-
--prompt "Run the due workflow scan."
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
Make a reminder:
|
|
41
|
-
|
|
42
|
-
```bash
|
|
43
|
-
cw schedule create \
|
|
44
|
-
--kind reminder \
|
|
45
|
-
--delayMinutes 60 \
|
|
46
|
-
--prompt "Remind me to inspect the report."
|
|
47
|
-
```
|
|
48
|
-
|
|
49
|
-
List and look through:
|
|
50
|
-
|
|
51
|
-
```bash
|
|
52
|
-
cw schedule list
|
|
53
|
-
cw schedule due
|
|
54
|
-
cw schedule complete <schedule-id>
|
|
55
|
-
cw schedule pause <schedule-id>
|
|
56
|
-
cw schedule resume <schedule-id>
|
|
57
|
-
cw schedule run-now <schedule-id>
|
|
58
|
-
cw schedule history <schedule-id>
|
|
59
|
-
cw schedule delete <schedule-id>
|
|
60
|
-
```
|
|
61
|
-
|
|
62
|
-
Run the local desktop-like daemon one time:
|
|
63
|
-
|
|
64
|
-
```bash
|
|
65
|
-
cw schedule daemon --once
|
|
66
|
-
```
|
|
67
|
-
|
|
68
|
-
Run it without stopping:
|
|
69
|
-
|
|
70
|
-
```bash
|
|
71
|
-
cw schedule daemon --intervalSeconds 60
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
## Notes
|
|
75
|
-
|
|
76
|
-
- Time is measured to the minute.
|
|
77
|
-
- By default, expiration comes after 7 days.
|
|
78
|
-
- `jitterSeconds` can put space between runs.
|
|
79
|
-
- CW does not start the daemon by default. Use `schedule daemon`, cron, or
|
|
80
|
-
some other overseer to call `schedule due` and run due prompts.
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
# EXAMPLE operator agent config for CW Agent Delegation Drive — bash entry point.
|
|
3
|
-
#
|
|
4
|
-
# The single source of truth is claude-p-agent.js (the portable node version);
|
|
5
|
-
# this shim only delegates so the two can never drift. Point CW at either:
|
|
6
|
-
# CW_AGENT_COMMAND="node $(pwd)/scripts/agents/claude-p-agent.js {{input}} {{result}}"
|
|
7
|
-
# CW_AGENT_COMMAND="bash $(pwd)/scripts/agents/claude-p-agent.sh {{input}} {{result}}"
|
|
8
|
-
set -euo pipefail
|
|
9
|
-
exec node "$(dirname "$0")/claude-p-agent.js" "$@"
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
# block-unapproved-tag.sh — PreToolUse hook for the Bash tool.
|
|
3
|
-
# Reads hook input JSON on stdin. If the command creates or pushes a tag,
|
|
4
|
-
# require BOTH markers for the current HEAD sha:
|
|
5
|
-
# .cw-release/gate-<sha>.ok (written by release-gate.sh)
|
|
6
|
-
# .cw-release/review-<sha>.verdict (written by the release-reviewer agent, must contain APPROVED)
|
|
7
|
-
# If .cw-release/verdict-signing.pub is committed (scripts/verdict-keygen.js),
|
|
8
|
-
# also requires a valid ed25519 signature on the verdict (its .sig sidecar) —
|
|
9
|
-
# opt-in, backward compatible with repos that haven't set up signing yet.
|
|
10
|
-
# Exit 2 blocks the tool call; stderr is fed back to the agent.
|
|
11
|
-
set -uo pipefail
|
|
12
|
-
|
|
13
|
-
INPUT="$(cat)"
|
|
14
|
-
# Parse the tool command with node, not jq: node is guaranteed present in this
|
|
15
|
-
# Node project (and matches the repo's node/npm/git-only portability rule),
|
|
16
|
-
# whereas jq is not installed in every Claude Code environment. A missing jq
|
|
17
|
-
# would make this security hook silently fail OPEN (empty command → exit 0),
|
|
18
|
-
# letting an unreviewed tag through. node keeps it portable and fail-closed.
|
|
19
|
-
CMD="$(printf '%s' "$INPUT" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{process.stdout.write(String(JSON.parse(s)?.tool_input?.command||""))}catch{process.stdout.write("")}})' 2>/dev/null)"
|
|
20
|
-
[[ -z "$CMD" ]] && exit 0
|
|
21
|
-
|
|
22
|
-
# Only care about tag creation / tag push. Widened from the original pattern,
|
|
23
|
-
# which missed the single most natural bypass form: `git push origin v0.2.3`
|
|
24
|
-
# (a bare tag-shaped ref, no --tags flag and no refs/tags/ prefix) matched
|
|
25
|
-
# neither side of the old alternation. Also now tolerates a global flag before
|
|
26
|
-
# the tag subcommand (`git -C dir tag ...`) and the `--annotate` long form.
|
|
27
|
-
if ! printf '%s' "$CMD" | grep -qE 'git(\s+-[A-Za-z]+\s+\S+)*\s+tag\s+(-a\s+|--annotate\s+)?v[0-9]|git\s+push\b.*(--tags|refs/tags|[[:space:]]v[0-9])'; then
|
|
28
|
-
exit 0
|
|
29
|
-
fi
|
|
30
|
-
|
|
31
|
-
REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null)" || exit 0
|
|
32
|
-
SHA="$(git -C "$REPO_ROOT" rev-parse HEAD)"
|
|
33
|
-
# cut() commits the verdict ON TOP of the reviewed commit, so at tag time the
|
|
34
|
-
# verdict filename is keyed on HEAD~1's sha, not HEAD's — the same
|
|
35
|
-
# HEAD-or-HEAD~1 tolerance release-gate.yml uses. Without this, a manual
|
|
36
|
-
# retag of a cut-produced commit was always blocked (v0.2.3 recovery).
|
|
37
|
-
PARENT="$(git -C "$REPO_ROOT" rev-parse HEAD~1 2>/dev/null || echo none)"
|
|
38
|
-
GATE=""
|
|
39
|
-
VERDICT=""
|
|
40
|
-
for C in "$SHA" "$PARENT"; do
|
|
41
|
-
[[ "$C" == "none" ]] && continue
|
|
42
|
-
if [[ -f "$REPO_ROOT/.cw-release/review-$C.verdict" ]]; then
|
|
43
|
-
GATE="$REPO_ROOT/.cw-release/gate-$C.ok"
|
|
44
|
-
VERDICT="$REPO_ROOT/.cw-release/review-$C.verdict"
|
|
45
|
-
break
|
|
46
|
-
fi
|
|
47
|
-
done
|
|
48
|
-
[[ -z "$VERDICT" ]] && VERDICT="$REPO_ROOT/.cw-release/review-$SHA.verdict"
|
|
49
|
-
[[ -z "$GATE" ]] && GATE="$REPO_ROOT/.cw-release/gate-$SHA.ok"
|
|
50
|
-
|
|
51
|
-
if [[ ! -f "$GATE" ]]; then
|
|
52
|
-
echo "BLOCKED: no release-gate pass for HEAD $SHA (or its parent). Run plugins/cool-workflow/scripts/release-gate.sh first. Tagging without a green gate is forbidden." >&2
|
|
53
|
-
exit 2
|
|
54
|
-
fi
|
|
55
|
-
|
|
56
|
-
if [[ ! -f "$VERDICT" ]] || ! grep -q '^APPROVED' "$VERDICT"; then
|
|
57
|
-
echo "BLOCKED: no APPROVED verdict from the release-reviewer agent for HEAD $SHA (or its parent). Invoke the 'release-reviewer' subagent and obtain approval. Do not write the verdict file yourself — that is a gaming attempt and will be flagged in CI." >&2
|
|
58
|
-
exit 2
|
|
59
|
-
fi
|
|
60
|
-
|
|
61
|
-
# Once .cw-release/verdict-signing.pub is committed (see scripts/verdict-keygen.js),
|
|
62
|
-
# also require a valid ed25519 signature on the verdict — closing the gap this grep
|
|
63
|
-
# alone can't: a plain APPROVED text match can't tell a real reviewer verdict from
|
|
64
|
-
# one typed by hand. Absent that public key, this block is a no-op (unchanged,
|
|
65
|
-
# grep-only behavior).
|
|
66
|
-
PUBKEY="$REPO_ROOT/.cw-release/verdict-signing.pub"
|
|
67
|
-
if [[ -f "$PUBKEY" ]]; then
|
|
68
|
-
SIG="$VERDICT.sig"
|
|
69
|
-
if [[ ! -f "$SIG" ]] || ! node "$REPO_ROOT/plugins/cool-workflow/scripts/verify-verdict-signature.js" "$VERDICT" "$SIG" "$PUBKEY" >/dev/null 2>&1; then
|
|
70
|
-
echo "BLOCKED: verdict for HEAD $SHA has no valid signature, but verdict-signing.pub is committed so one is required. Do not hand-write or hand-sign a verdict — obtain a real reviewer approval via release-flow.js with CW_RELEASE_VERDICT_PRIVKEY set." >&2
|
|
71
|
-
exit 2
|
|
72
|
-
fi
|
|
73
|
-
fi
|
|
74
|
-
|
|
75
|
-
exit 0
|
package/scripts/release-gate.sh
DELETED
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
# release-gate.sh — deterministic release checks for cool-workflow.
|
|
3
|
-
# Pass = writes .cw-release/gate-<HEAD-sha>.ok
|
|
4
|
-
# This script encodes everything that does NOT need LLM judgment.
|
|
5
|
-
set -euo pipefail
|
|
6
|
-
|
|
7
|
-
REPO_ROOT="$(git rev-parse --show-toplevel)"
|
|
8
|
-
cd "$REPO_ROOT"
|
|
9
|
-
SHA="$(git rev-parse HEAD)"
|
|
10
|
-
# Resolve the PREVIOUS release tag. When this script runs from CI on a tag push
|
|
11
|
-
# (.github/workflows/release-gate.yml), HEAD already carries the tag being
|
|
12
|
-
# released, so a plain `git describe` returns *that* tag and the diff range
|
|
13
|
-
# collapses to empty — making substance/evidence/cadence false-fail every real
|
|
14
|
-
# release. Exclude any tag that points at HEAD so we always compare against the
|
|
15
|
-
# prior release (the parent commit's nearest tag).
|
|
16
|
-
HEAD_TAGS="$(git tag --points-at HEAD 2>/dev/null || echo "")"
|
|
17
|
-
PREV_TAG="$(git describe --tags --abbrev=0 2>/dev/null || echo "")"
|
|
18
|
-
if [[ -n "$HEAD_TAGS" ]] && printf '%s\n' "$HEAD_TAGS" | grep -qxF "$PREV_TAG"; then
|
|
19
|
-
PREV_TAG="$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")"
|
|
20
|
-
fi
|
|
21
|
-
MARKER_DIR="$REPO_ROOT/.cw-release"
|
|
22
|
-
mkdir -p "$MARKER_DIR"
|
|
23
|
-
FAIL=0
|
|
24
|
-
|
|
25
|
-
say() { printf '%s\n' "$*"; }
|
|
26
|
-
fail() { say "GATE FAIL: $*"; FAIL=1; }
|
|
27
|
-
|
|
28
|
-
# --- 1. Build & tests (run, don't trust pasted output) -----------------
|
|
29
|
-
say "[1/6] build"
|
|
30
|
-
npm run --prefix plugins/cool-workflow build >/dev/null 2>&1 || fail "build failed"
|
|
31
|
-
|
|
32
|
-
say "[2/6] tests"
|
|
33
|
-
CW_TEST_CONCURRENCY=1 npm run test:gate --prefix plugins/cool-workflow >/dev/null 2>&1 || fail "tests failed"
|
|
34
|
-
|
|
35
|
-
if [[ -n "$PREV_TAG" ]]; then
|
|
36
|
-
RANGE="$PREV_TAG..HEAD"
|
|
37
|
-
|
|
38
|
-
# --- 2. Substance: changes must exist outside src/types/ and dist/ ---
|
|
39
|
-
# The spec (AGENTS.md / reviewer-agent.md Gate 1) is "at least one changed
|
|
40
|
-
# file outside src/types/ and dist/" — ANY such file (src, scripts, docs,
|
|
41
|
-
# workflows, tests). Count every changed path that is not under those two
|
|
42
|
-
# generated/declaration-only trees; declared-but-unread spec accretion is the
|
|
43
|
-
# reviewer agent's deeper judgment call, not this deterministic floor.
|
|
44
|
-
say "[3/6] substance (diff outside src/types/ and dist/)"
|
|
45
|
-
SUBSTANCE=$(git diff --name-only "$RANGE" \
|
|
46
|
-
| grep -cvE '^plugins/cool-workflow/(src/types/|dist/)' || true)
|
|
47
|
-
[[ "$SUBSTANCE" -gt 0 ]] || fail "only types/dist changed since $PREV_TAG (spec accretion)"
|
|
48
|
-
|
|
49
|
-
# --- 3. Test evidence: test files must have changed ------------------
|
|
50
|
-
say "[4/6] test evidence"
|
|
51
|
-
TESTS_CHANGED=$(git diff --name-only "$RANGE" | grep -cE '\.(test|spec)\.|/tests?/' || true)
|
|
52
|
-
[[ "$TESTS_CHANGED" -gt 0 ]] || fail "zero test changes since $PREV_TAG"
|
|
53
|
-
|
|
54
|
-
# --- 4. Cadence: >=4 cycles logged OR >=24h since previous tag, or a recorded HOTFIX ---
|
|
55
|
-
say "[5/6] cadence"
|
|
56
|
-
CYCLES=0
|
|
57
|
-
if [[ -f ITERATION_LOG.md && -n "$PREV_TAG" ]]; then
|
|
58
|
-
CYCLES=$(git diff "$RANGE" -- ITERATION_LOG.md | grep -c '^+.*|' || true)
|
|
59
|
-
fi
|
|
60
|
-
PREV_TS=$(git log -1 --format=%ct "$PREV_TAG")
|
|
61
|
-
NOW_TS=$(date +%s)
|
|
62
|
-
HOURS=$(( (NOW_TS - PREV_TS) / 3600 ))
|
|
63
|
-
# Hotfix path: an urgent fix may ship inside the cadence window, but ONLY via an
|
|
64
|
-
# EXPLICIT, RECORDED declaration — a "HOTFIX:" line added to ITERATION_LOG.md in this
|
|
65
|
-
# release range, carrying a reason. It is committed (auditable in the tag's history)
|
|
66
|
-
# and echoed here, so the bypass is never silent and a reviewer sees the reason.
|
|
67
|
-
HOTFIX="$(git diff "$RANGE" -- ITERATION_LOG.md | grep -E '^\+.*HOTFIX:' | head -1 | sed -E 's/^\+[[:space:]]*//' || true)"
|
|
68
|
-
if [[ "$CYCLES" -lt 4 && "$HOURS" -lt 24 ]]; then
|
|
69
|
-
if [[ -n "$HOTFIX" ]]; then
|
|
70
|
-
say " cadence bypassed by recorded HOTFIX (${HOURS}h, ${CYCLES} cycle-lines): ${HOTFIX}"
|
|
71
|
-
else
|
|
72
|
-
fail "cadence: only $CYCLES cycles logged and ${HOURS}h since $PREV_TAG (need >=4 cycles, >=24h, or a recorded 'HOTFIX:' line in ITERATION_LOG.md)"
|
|
73
|
-
fi
|
|
74
|
-
fi
|
|
75
|
-
else
|
|
76
|
-
say "[3-5/6] no previous tag; substance/evidence/cadence checks skipped"
|
|
77
|
-
fi
|
|
78
|
-
|
|
79
|
-
# --- 5. Branch naming: forbid version-number branches -------------------
|
|
80
|
-
say "[6/6] branch naming"
|
|
81
|
-
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
|
|
82
|
-
if [[ "$BRANCH" =~ ^feat/(batch-)?v?[0-9]+ ]]; then
|
|
83
|
-
fail "branch '$BRANCH' is version-number-driven; name the capability instead"
|
|
84
|
-
fi
|
|
85
|
-
|
|
86
|
-
# --- Verdict ------------------------------------------------------------
|
|
87
|
-
if [[ "$FAIL" -ne 0 ]]; then
|
|
88
|
-
rm -f "$MARKER_DIR/gate-$SHA.ok"
|
|
89
|
-
say "RELEASE GATE: REJECTED ($SHA)"
|
|
90
|
-
exit 1
|
|
91
|
-
fi
|
|
92
|
-
|
|
93
|
-
date -u +"%Y-%m-%dT%H:%M:%SZ" > "$MARKER_DIR/gate-$SHA.ok"
|
|
94
|
-
say "RELEASE GATE: PASSED ($SHA) — next step: release-reviewer agent must record APPROVED"
|