cool-workflow 0.2.4 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/.gemini-plugin/mcp.json +10 -0
- package/.gemini-plugin/plugin.json +40 -0
- package/.opencode-plugin/mcp.json +10 -0
- package/.opencode-plugin/plugin.json +40 -0
- package/README.md +204 -48
- package/apps/architecture-review/app.json +1 -1
- package/apps/architecture-review-fast/app.json +1 -1
- package/apps/end-to-end-golden-path/app.json +1 -1
- package/apps/pr-review-fix-ci/app.json +1 -1
- package/apps/release-cut/app.json +1 -1
- package/apps/research-synthesis/app.json +1 -1
- package/dist/cli/dispatch.js +32 -4
- package/dist/cli/entry.js +11 -19
- package/dist/cli/global-flags.js +113 -0
- package/dist/cli/parseargv.js +7 -1
- package/dist/core/capability-data.js +337 -8
- package/dist/core/format/help.js +73 -3
- package/dist/core/format/recovery-hint.js +32 -0
- package/dist/core/multi-agent/collaboration.js +35 -6
- package/dist/core/multi-agent/runtime.js +7 -0
- package/dist/core/multi-agent/trust-policy.js +7 -1
- package/dist/core/pipeline/contract.js +7 -0
- package/dist/core/pipeline/error-feedback.js +2 -2
- package/dist/core/state/run-paths.js +3 -30
- package/dist/core/trust/evidence-grounding.js +13 -1
- package/dist/core/util/cli-args.js +22 -0
- package/dist/core/version.js +1 -1
- package/dist/mcp/dispatch.js +22 -2
- package/dist/mcp/server.js +215 -36
- package/dist/mcp/tool-process.js +181 -0
- package/dist/mcp-server.js +28 -1
- package/dist/shell/agent-config.js +11 -2
- package/dist/shell/audit-cli.js +1 -1
- package/dist/shell/commit.js +8 -2
- package/dist/shell/coordinator-io.js +73 -1
- package/dist/shell/drive.js +195 -128
- package/dist/shell/error-feedback-io.js +6 -0
- package/dist/shell/execution-backend/agent.js +201 -26
- package/dist/shell/execution-backend/container.js +44 -10
- package/dist/shell/execution-backend/local.js +33 -0
- package/dist/shell/fs-atomic.js +96 -12
- package/dist/shell/ledger-cli.js +9 -2
- package/dist/shell/metrics-cli.js +1 -1
- package/dist/shell/multi-agent-cli.js +9 -2
- package/dist/shell/multi-agent-operator-ux.js +1 -1
- package/dist/shell/observability.js +7 -4
- package/dist/shell/onramp.js +48 -5
- package/dist/shell/operator-ux.js +1 -1
- package/dist/shell/perf-trace.js +136 -0
- package/dist/shell/pipeline.js +3 -2
- package/dist/shell/reclamation-io.js +10 -9
- package/dist/shell/report-view-cli.js +2 -0
- package/dist/shell/run-export-cli.js +5 -2
- package/dist/shell/run-export.js +293 -31
- package/dist/shell/run-registry-io.js +8 -0
- package/dist/shell/run-store.js +183 -3
- package/dist/shell/scheduler-io.js +101 -10
- package/dist/shell/state-explosion-cli.js +4 -1
- package/dist/shell/telemetry-demo.js +1 -1
- package/dist/shell/telemetry-ledger-io.js +36 -24
- package/dist/shell/trust-audit.js +178 -36
- package/dist/shell/workbench-host.js +121 -10
- package/dist/shell/workbench.js +83 -6
- package/dist/shell/worker-isolation.js +1 -1
- package/dist/wiring/capability-table/basics.js +5 -0
- package/dist/wiring/capability-table/exec-backend.js +40 -22
- package/dist/wiring/capability-table/parity.js +10 -5
- package/dist/wiring/capability-table/pipeline.js +32 -0
- package/dist/wiring/capability-table/registry-core.js +26 -3
- package/dist/wiring/capability-table/reporting.js +7 -1
- package/dist/wiring/capability-table/scheduling-registry.js +8 -2
- package/dist/wiring/capability-table/trust-ledger.js +54 -12
- package/docs/agent-delegation-drive.7.md +17 -0
- package/docs/cli-mcp-parity.7.md +46 -5
- package/docs/contract-migration-tooling.7.md +4 -0
- package/docs/control-plane-scheduling.7.md +38 -0
- package/docs/cross-agent-ledger.7.md +20 -8
- package/docs/durable-state-and-locking.7.md +4 -0
- package/docs/evidence-adoption-reasoning-chain.7.md +4 -0
- package/docs/execution-backends.7.md +4 -0
- package/docs/fix.7.md +4 -4
- package/docs/getting-started.md +40 -32
- package/docs/index.md +17 -0
- package/docs/launch/demo.tape +4 -3
- package/docs/mcp-app-surface.7.md +27 -0
- package/docs/multi-agent-cli-mcp-surface.7.md +4 -0
- package/docs/multi-agent-eval-replay-harness.7.md +4 -0
- package/docs/multi-agent-operator-ux.7.md +4 -0
- package/docs/node-snapshot-diff-replay.7.md +4 -0
- package/docs/observability-cost-accounting.7.md +4 -0
- package/docs/project-index.md +53 -9
- package/docs/real-execution-backends.7.md +4 -0
- package/docs/release-and-migration.7.md +4 -0
- package/docs/release-tooling.7.md +12 -0
- package/docs/routine.7.md +22 -0
- package/docs/run-registry-control-plane.7.md +37 -9
- package/docs/run-retention-reclamation.7.md +12 -4
- package/docs/state-explosion-management.7.md +4 -0
- package/docs/team-collaboration.7.md +4 -0
- package/docs/trust-audit-anchor.7.md +4 -0
- package/docs/web-desktop-workbench.7.md +72 -2
- package/docs/workflow-app-framework.7.md +31 -0
- package/manifest/plugin.manifest.json +1 -1
- package/manifest/source-context-profiles.json +4 -3
- package/package.json +6 -3
- package/scripts/agents/agent-adapter-core.js +26 -0
- package/scripts/agents/claude-p-agent.js +4 -1
- package/scripts/agents/codex-agent.js +4 -0
- package/scripts/agents/cw-attest-wrap.js +1 -1
- package/scripts/agents/gemini-agent.js +4 -0
- package/scripts/agents/opencode-agent.js +5 -0
- package/scripts/block-unapproved-tag.js +160 -0
- package/scripts/canonical-apps.js +4 -4
- package/scripts/children/batch-delegate-child.js +72 -4
- package/scripts/children/http-batch-delegate-child.js +132 -0
- package/scripts/children/http-delegate-child.js +8 -0
- package/scripts/dogfood-release.js +2 -2
- package/scripts/fake-date-for-reproduction.js +1 -1
- package/scripts/gen-manifests.js +32 -61
- package/scripts/golden-path.js +4 -4
- package/scripts/lang-policy-check.js +82 -0
- package/scripts/parity-check.js +42 -23
- package/scripts/purity-baseline.json +0 -3
- package/scripts/purity-gate.js +16 -3
- package/scripts/release-check.js +2 -1
- package/scripts/release-flow.js +169 -41
- package/scripts/release-gate.js +208 -0
- package/scripts/release-oneclick.js +38 -7
- package/scripts/release-tags.js +47 -0
- package/scripts/schema-version-inventory.json +31 -0
- package/scripts/validate-run-state-schema.js +95 -4
- package/scripts/verdict-keygen.js +2 -2
- package/scripts/verify-bump-reproduction.js +193 -0
- package/scripts/verify-release-verdict.js +139 -0
- package/scripts/verify-verdict-signature.js +1 -1
- package/ui/workbench/app.css +50 -10
- package/ui/workbench/app.js +269 -34
- package/ui/workbench/index.html +4 -2
- package/ui/workbench/inspection.js +51 -0
- package/ui/workbench/navigation.js +44 -0
- package/docs/agent-framework.md +0 -177
- package/docs/designs/handoff-ledger.md +0 -145
- package/docs/dogfood/resume-drive-real-agent-2026-06-14.md +0 -40
- package/docs/launch/launch-kit.md +0 -195
- package/docs/launch/pre-launch-checklist.md +0 -53
- package/docs/readme-v0.1.87-full.md +0 -301
- package/docs/routines.md +0 -101
- package/docs/scheduled-tasks.md +0 -80
- package/scripts/agents/claude-p-agent.sh +0 -9
- package/scripts/block-unapproved-tag.sh +0 -75
- package/scripts/release-gate.sh +0 -94
- package/scripts/verify-bump-reproduction.sh +0 -148
- package/scripts/verify-container-selfref.js +0 -64
|
@@ -1,148 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
# verify-bump-reproduction.sh — closes the HEAD~1 verdict-replay bypass.
|
|
3
|
-
#
|
|
4
|
-
# release-gate.yml / npm-publish.yml tolerate a verdict written for the tag
|
|
5
|
-
# commit's PARENT (release-flow.js's cut() reviews content, then adds a
|
|
6
|
-
# mechanical version-bump + the verdict as a NEW child commit that actually
|
|
7
|
-
# gets tagged). A validly-signed verdict at the parent proves someone once
|
|
8
|
-
# approved THAT commit — it does NOT prove the child (the thing actually being
|
|
9
|
-
# tagged) is the deterministic bump cut() would have produced, rather than an
|
|
10
|
-
# attacker's own commit smuggling in arbitrary changes on top of an old,
|
|
11
|
-
# genuinely-approved parent (a real signature on a REPLAYED verdict).
|
|
12
|
-
#
|
|
13
|
-
# This script independently reproduces the bump: checks out the approved
|
|
14
|
-
# parent into a scratch worktree, runs the SAME bump:version/sync:project-index
|
|
15
|
-
# steps cut() runs, stages the SAME way cut() stages (git add -u + the
|
|
16
|
-
# explicit verdict/.sig paths, never -A), and requires the resulting tree to
|
|
17
|
-
# match the ACTUAL tagged commit's tree byte-for-byte. Any difference —
|
|
18
|
-
# anywhere, including a single added file — fails closed.
|
|
19
|
-
#
|
|
20
|
-
# Usage: verify-bump-reproduction.sh <approved-parent-sha> <tagged-sha> <verdict-repo-relative-path> [sig-repo-relative-path]
|
|
21
|
-
#
|
|
22
|
-
# Exit 0: the tagged commit's tree matches the reproduced bump exactly.
|
|
23
|
-
# Exit 1: mismatch, or any step failed (install, bump, sync, worktree, etc).
|
|
24
|
-
set -uo pipefail
|
|
25
|
-
|
|
26
|
-
# Where THIS SCRIPT ITSELF lives — distinct from REPO_ROOT (the git repo being
|
|
27
|
-
# operated ON, resolved below from the invocation cwd). These coincide in
|
|
28
|
-
# ordinary production use (the script runs from within the same checkout it
|
|
29
|
-
# verifies), but conflating them is wrong: REPO_ROOT could be an ARBITRARY git
|
|
30
|
-
# context (e.g. a test harness's throwaway clone of old history, which never
|
|
31
|
-
# has this script's own sibling files, since they postdate whatever was
|
|
32
|
-
# cloned). Sibling files this script depends on must be found relative to
|
|
33
|
-
# where it is installed, never relative to the repo it happens to be pointed at.
|
|
34
|
-
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
35
|
-
|
|
36
|
-
PARENT="${1:-}"
|
|
37
|
-
TAGGED="${2:-}"
|
|
38
|
-
VERDICT_REL="${3:-}"
|
|
39
|
-
SIG_REL="${4:-}"
|
|
40
|
-
if [[ -z "$PARENT" || -z "$TAGGED" || -z "$VERDICT_REL" ]]; then
|
|
41
|
-
echo "usage: verify-bump-reproduction.sh <parent-sha> <tagged-sha> <verdict-rel-path> [sig-rel-path]" >&2
|
|
42
|
-
exit 1
|
|
43
|
-
fi
|
|
44
|
-
|
|
45
|
-
REPO_ROOT="$(git rev-parse --show-toplevel)" || exit 1
|
|
46
|
-
SCRATCH_PARENT="$(mktemp -d)"
|
|
47
|
-
SCRATCH="$SCRATCH_PARENT/wt"
|
|
48
|
-
cleanup() {
|
|
49
|
-
git -C "$REPO_ROOT" worktree remove --force "$SCRATCH" >/dev/null 2>&1
|
|
50
|
-
rm -rf "$SCRATCH_PARENT"
|
|
51
|
-
}
|
|
52
|
-
trap cleanup EXIT
|
|
53
|
-
|
|
54
|
-
if ! git -C "$REPO_ROOT" worktree add --quiet --detach "$SCRATCH" "$PARENT" 2>/dev/null; then
|
|
55
|
-
echo "verify-bump-reproduction: could not create a scratch worktree at $PARENT" >&2
|
|
56
|
-
exit 1
|
|
57
|
-
fi
|
|
58
|
-
|
|
59
|
-
# The target version comes from the TAGGED commit (not the parent, which may
|
|
60
|
-
# still be pre-bump) — read via git plumbing, no separate checkout needed.
|
|
61
|
-
VERSION="$(git -C "$REPO_ROOT" show "$TAGGED:plugins/cool-workflow/package.json" 2>/dev/null | node -e '
|
|
62
|
-
let s=""; process.stdin.on("data",d=>s+=d).on("end",()=>{ try { process.stdout.write(JSON.parse(s).version||""); } catch { process.stdout.write(""); } });
|
|
63
|
-
')"
|
|
64
|
-
if [[ -z "$VERSION" ]]; then
|
|
65
|
-
echo "verify-bump-reproduction: could not read package.json version from tagged commit $TAGGED" >&2
|
|
66
|
-
exit 1
|
|
67
|
-
fi
|
|
68
|
-
|
|
69
|
-
# sync-project-index.js embeds a wall-clock "Generated on <date>" line. Pin it
|
|
70
|
-
# to the TAGGED commit's own committer date (UTC) via a Node --require preload
|
|
71
|
-
# that overrides the global Date constructor (fake-date-for-reproduction.js),
|
|
72
|
-
# NOT an application-level env var: the scratch worktree runs the APPROVED
|
|
73
|
-
# PARENT's OWN checked-out copy of sync-project-index.js, which for every
|
|
74
|
-
# release cut before this mechanism existed has no idea any such env var is
|
|
75
|
-
# meant to be read — an app-level opt-in is a no-op against code that doesn't
|
|
76
|
-
# know to opt in, so it can only ever "work" for releases cut after the
|
|
77
|
-
# mechanism landed (confirmed empirically: re-running an already-shipped
|
|
78
|
-
# release's real approved-parent/tagged pair on a later calendar day produced
|
|
79
|
-
# a tree mismatch whose ONLY diff was that one date line). A global override
|
|
80
|
-
# of the Date constructor, injected before any application code runs, is
|
|
81
|
-
# transparent to the code being executed regardless of which version it is.
|
|
82
|
-
CUT_DATE="$(TZ=UTC git -C "$REPO_ROOT" show -s --format=%cd --date=format-local:%Y-%m-%d "$TAGGED" 2>/dev/null)"
|
|
83
|
-
if [[ -z "$CUT_DATE" ]]; then
|
|
84
|
-
echo "verify-bump-reproduction: could not read the tagged commit's committer date" >&2
|
|
85
|
-
exit 1
|
|
86
|
-
fi
|
|
87
|
-
FAKE_DATE_PRELOAD="$SCRIPT_DIR/fake-date-for-reproduction.js"
|
|
88
|
-
|
|
89
|
-
# Each step's exit code is checked EXPLICITLY and immediately (not via a
|
|
90
|
-
# `cmd1 && cmd2 && cmd3` chain) — a chain's overall success can silently
|
|
91
|
-
# survive an earlier step's failure if a future edit ever loosens it (e.g.
|
|
92
|
-
# `&&` accidentally becoming `;`), which would flip this fail-closed gate to
|
|
93
|
-
# fail-open without changing its outward shape. stdout/stderr from each step
|
|
94
|
-
# are captured (not discarded to /dev/null) so a real failure — a transient
|
|
95
|
-
# npm registry hiccup vs. an actual reproduction mismatch — is distinguishable
|
|
96
|
-
# in the workflow log instead of both collapsing into the same generic message.
|
|
97
|
-
run_step() {
|
|
98
|
-
local label="$1"
|
|
99
|
-
shift
|
|
100
|
-
local out
|
|
101
|
-
out="$("$@" 2>&1)"
|
|
102
|
-
local code=$?
|
|
103
|
-
if [[ $code -ne 0 ]]; then
|
|
104
|
-
echo "verify-bump-reproduction: $label failed (exit $code):" >&2
|
|
105
|
-
echo "$out" >&2
|
|
106
|
-
return 1
|
|
107
|
-
fi
|
|
108
|
-
return 0
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
(
|
|
112
|
-
cd "$SCRATCH/plugins/cool-workflow" || exit 1
|
|
113
|
-
export NODE_OPTIONS="--require $FAKE_DATE_PRELOAD"
|
|
114
|
-
export CW_FAKE_DATE="$CUT_DATE"
|
|
115
|
-
run_step "npm install" npm install --no-package-lock --ignore-scripts || exit 1
|
|
116
|
-
run_step "bump:version" npm run bump:version -- "$VERSION" || exit 1
|
|
117
|
-
run_step "sync:project-index" npm run sync:project-index -- --repo-only || exit 1
|
|
118
|
-
)
|
|
119
|
-
BUMP_STATUS=$?
|
|
120
|
-
if [[ $BUMP_STATUS -ne 0 ]]; then
|
|
121
|
-
echo "verify-bump-reproduction: reproducing the bump for $PARENT -> v$VERSION failed" >&2
|
|
122
|
-
exit 1
|
|
123
|
-
fi
|
|
124
|
-
|
|
125
|
-
mkdir -p "$SCRATCH/.cw-release"
|
|
126
|
-
cp "$REPO_ROOT/$VERDICT_REL" "$SCRATCH/$VERDICT_REL" || exit 1
|
|
127
|
-
if [[ -n "$SIG_REL" && -f "$REPO_ROOT/$SIG_REL" ]]; then
|
|
128
|
-
cp "$REPO_ROOT/$SIG_REL" "$SCRATCH/$SIG_REL" || exit 1
|
|
129
|
-
fi
|
|
130
|
-
|
|
131
|
-
# Mirror cut()'s OWN staging exactly (git-add -u + the explicit verdict/.sig
|
|
132
|
-
# paths) — never -A, so an untracked stray left by npm/tooling in the scratch
|
|
133
|
-
# worktree can never silently ride into what we compare.
|
|
134
|
-
git -C "$SCRATCH" add -u
|
|
135
|
-
git -C "$SCRATCH" add -- "$VERDICT_REL"
|
|
136
|
-
if [[ -n "$SIG_REL" && -f "$SCRATCH/$SIG_REL" ]]; then
|
|
137
|
-
git -C "$SCRATCH" add -- "$SIG_REL"
|
|
138
|
-
fi
|
|
139
|
-
|
|
140
|
-
EXPECTED_TREE="$(git -C "$SCRATCH" write-tree)"
|
|
141
|
-
ACTUAL_TREE="$(git -C "$REPO_ROOT" rev-parse "$TAGGED^{tree}")"
|
|
142
|
-
|
|
143
|
-
if [[ "$EXPECTED_TREE" != "$ACTUAL_TREE" ]]; then
|
|
144
|
-
echo "verify-bump-reproduction: $TAGGED's tree ($ACTUAL_TREE) does not match the deterministic bump reproduced from approved parent $PARENT ($EXPECTED_TREE) — refusing" >&2
|
|
145
|
-
exit 1
|
|
146
|
-
fi
|
|
147
|
-
|
|
148
|
-
exit 0
|
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
"use strict";
|
|
3
|
-
|
|
4
|
-
// verify-container-selfref — the v0.1.34 self-referential acceptance check.
|
|
5
|
-
//
|
|
6
|
-
// Runs CW's own `node dist/cli.js list` through the `node` backend AND the
|
|
7
|
-
// `container` backend, and asserts result + evidence are byte-IDENTICAL after
|
|
8
|
-
// provenance is excluded (backendId/handle/attestation differ by design). This is
|
|
9
|
-
// the bar that proves a delegated run is backend-agnostic.
|
|
10
|
-
//
|
|
11
|
-
// Requires a RUNNING container daemon and a pullable node image. Not part of
|
|
12
|
-
// release:check (CI has no daemon); run it manually before tagging v0.1.34.
|
|
13
|
-
//
|
|
14
|
-
// node scripts/verify-container-selfref.js
|
|
15
|
-
// CW_CONTAINER_IMAGE=node:22-slim node scripts/verify-container-selfref.js
|
|
16
|
-
//
|
|
17
|
-
// Exit: 0 PASS · 1 FAIL (evidence differs) · 2 node backend did not complete ·
|
|
18
|
-
// 3 SKIP (container refused — daemon down / image not pullable).
|
|
19
|
-
|
|
20
|
-
const path = require("node:path");
|
|
21
|
-
|
|
22
|
-
const pluginRoot = path.resolve(__dirname, "..");
|
|
23
|
-
const { runBackend } = require(path.join(pluginRoot, "dist/execution-backend.js"));
|
|
24
|
-
const { showBundledSandboxProfile, sandboxContextForValidation } = require(path.join(pluginRoot, "dist/sandbox-profile.js"));
|
|
25
|
-
|
|
26
|
-
const image = (process.env.CW_CONTAINER_IMAGE || "node:lts-slim").trim();
|
|
27
|
-
const cli = path.join(pluginRoot, "dist", "cli.js");
|
|
28
|
-
const ctx = sandboxContextForValidation(pluginRoot);
|
|
29
|
-
const policy = showBundledSandboxProfile("default", ctx);
|
|
30
|
-
|
|
31
|
-
const common = { schemaVersion: 1, command: "node", args: [cli, "list"], cwd: pluginRoot, sandboxPolicy: policy, label: "cw-self-verify" };
|
|
32
|
-
const nodeEnv = runBackend({ ...common, backendId: "node" });
|
|
33
|
-
const containerEnv = runBackend({ ...common, backendId: "container", delegation: { image } });
|
|
34
|
-
|
|
35
|
-
const line = (label, e) => ` ${label.padEnd(9)} status=${e.status} backend=${e.provenance.backendId} evidence=${JSON.stringify(e.evidence)}`;
|
|
36
|
-
process.stdout.write(`verify-container-selfref (image: ${image})\n${line("node", nodeEnv)}\n${line("container", containerEnv)}\n`);
|
|
37
|
-
|
|
38
|
-
if (nodeEnv.status !== "completed") {
|
|
39
|
-
process.stderr.write(`\n✗ node backend did not complete (${nodeEnv.status}) — cannot compare.\n`);
|
|
40
|
-
process.exit(2);
|
|
41
|
-
}
|
|
42
|
-
if (containerEnv.status === "refused") {
|
|
43
|
-
process.stderr.write(
|
|
44
|
-
`\n⚠ SKIP — container refused (${containerEnv.evidence[0]}).\n` +
|
|
45
|
-
` ${containerEnv.result.summary}\n` +
|
|
46
|
-
` Start the container daemon and ensure the image is pullable (e.g. \`docker pull ${image}\`), then re-run.\n`
|
|
47
|
-
);
|
|
48
|
-
process.exit(3);
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
const sameResult = JSON.stringify(nodeEnv.result) === JSON.stringify(containerEnv.result);
|
|
52
|
-
const sameEvidence = JSON.stringify(nodeEnv.evidence) === JSON.stringify(containerEnv.evidence);
|
|
53
|
-
if (containerEnv.status === "completed" && sameResult && sameEvidence) {
|
|
54
|
-
process.stdout.write("\n✓ PASS — container result + evidence are byte-identical to node (provenance differs, as designed).\n");
|
|
55
|
-
process.exit(0);
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
process.stderr.write(
|
|
59
|
-
`\n✗ FAIL — container output differs from node (status=${containerEnv.status}):\n` +
|
|
60
|
-
` node evidence: ${JSON.stringify(nodeEnv.evidence)}\n` +
|
|
61
|
-
` container evidence: ${JSON.stringify(containerEnv.evidence)}\n` +
|
|
62
|
-
` (a node-version difference in the image can change stdout; pin CW_CONTAINER_IMAGE to a matching node.)\n`
|
|
63
|
-
);
|
|
64
|
-
process.exit(1);
|