pi-crew 0.8.13 → 0.9.0

package/src/state/state-store.ts

@@ -227,6 +227,7 @@ export function createRunManifest(params: {
 	goal: string;
 	workspaceMode?: "single" | "worktree";
 	ownerSessionId?: string;
+	runKind?: "team-run" | "goal-loop" | "dynamic-workflow";
 }): { manifest: TeamRunManifest; tasks: TeamTaskState[]; paths: RunPaths } {
 	const paths = createRunPaths(params.cwd);
 	const now = new Date().toISOString();
@@ -249,6 +250,7 @@ export function createRunManifest(params: {
 		eventsPath: paths.eventsPath,
 		artifacts: [],
 		...(params.ownerSessionId ? { ownerSessionId: params.ownerSessionId } : {}),
+		runKind: params.runKind ?? "team-run",
 	};
 	fs.mkdirSync(paths.stateRoot, { recursive: true });
 	fs.mkdirSync(paths.artifactsRoot, { recursive: true });

package/src/state/types.ts

@@ -183,6 +183,8 @@ export interface TeamRunManifest {
 	runtimeResolution?: RuntimeResolutionState;
 	/** Effective run config snapshot used by async background workers. Optional for backward compatibility. */
 	runConfig?: unknown;
+	/** Background dispatch discriminator. Default "team-run" runs executeTeamRun; "goal-loop" / "dynamic-workflow" dispatch to their respective runners. Absent = "team-run" for backward compatibility. */
+	runKind?: "team-run" | "goal-loop" | "dynamic-workflow";
 	summary?: string;
 	policyDecisions?: PolicyDecision[];
 }
@@ -196,6 +198,86 @@ export interface UsageState {
 	turns?: number;
 }
 
+// ───────────────────────────────────────────────────────────────────────────
+// Goal loop types (P0/P1 — autonomous goal loop, Claude-Code-style /goal).
+// Spec: research-findings/goal-workflow/00-SPEC.md §2.3; plan 07-PLAN.md v3 §0b G2 + §0c.
+// ───────────────────────────────────────────────────────────────────────────
+
+/**
+ * Outer-state lifecycle of a goal loop. Inner per-turn state lives on each turn's TeamRunManifest.
+ *
+ * P1b (RFC v0.5 §P1b): `"stuck"` is NON-TERMINAL and RE-HINTABLE. Legal transitions:
+ *   running → stuck     (only by the background loop, after the oscillation detector fires)
+ *   stuck   → running   (only by `goal resume`, atomically via GoalStore.compareAndSetStatus)
+ *   stuck   → cancelled (by the idle-timeout sweeper OR `goal stop`)
+ */
+export type GoalLoopStatus =
+	| "running"
+	| "paused"
+	| "stuck"
+	| "achieved"
+	| "max_turns"
+	| "budget_exceeded"
+	| "blocked"
+	| "cancelled";
+
+/** One evaluation by the goal-judge model after a turn. */
+export interface GoalVerdict {
+	turn: number;
+	achieved: boolean;
+	/** "achieved: all tests pass" | "not-achieved: 2/8 tests failing" | "BLOCKED: <reason>" (BLOCKED: prefix → status='blocked'). */
+	reason: string;
+	evidenceRefs?: string[];
+	evaluatorModel: string;
+	evaluatedAt: string;
+}
+
+/** Persisted at <crewRoot>/state/goals/<goalId>.json by GoalStore. Survives session restart. */
+export interface GoalLoopState {
+	goalId: string;
+	ownerSessionId: string;
+	objective: string;
+	scope?: string;
+	/** Acceptance conditions as shell commands (exit 0 = pass). Reuses VerificationContract semantics. */
+	verification?: { commands: string[]; allowManualEvidence?: boolean };
+	state: GoalLoopStatus;
+	maxTurns: number;
+	turnsUsed: number;
+	budgetTotal?: number;
+	/** P1d (RFC v0.5 §P1d): when true, budget enforcement is skipped (explicit opt-out; audit-logged at start). */
+	budgetUnlimited?: boolean;
+	budgetWarning?: number;
+	budgetAbort?: number;
+	budgetUsed: number;
+	/**
+	 * P1a (RFC v0.5 §P1a): bookend integrity snapshot of project-manifest files
+	 * taken at goal start (only when verification.commands is declared). The
+	 * goal-loop-runner re-hashes before (T_snap) and after (T_verify_done) each
+	 * verification command to detect persistent manifest tampering. The literal
+	 * `"none-text-only"` marks goals started in text-only verification mode
+	 * (no objective oracle → no snapshot taken).
+	 */
+	verificationIntegrity?:
+		| { snapshot: Record<string, string>; takenAt: string }
+		| "none-text-only";
+	evaluatorModel: string;
+	workerModel?: string;
+	/** subagent_type / agent name for worker turns (default "executor"). */
+	workerAgent?: string;
+	team?: string;
+	cwd: string;
+	/** Feedback from turn N's verdict, prepended into turn N+1's manifest.goal (G1). */
+	nextTurnFeedback?: string;
+	/** The team-run of the current in-flight turn (for cancel/steer). */
+	currentRunId?: string;
+	verdicts: GoalVerdict[];
+	history: { runId: string; outcome: string; learnedAt: string; turn: number }[];
+	createdAt: string;
+	updatedAt: string;
+	/** Mirror of manifest.async for PID-liveness checks (cf. AsyncRunState). */
+	async?: { pid: number; logPath: string; spawnedAt: string };
+}
+
 export interface ModelAttemptState {
 	model: string;
 	success: boolean;

package/src/state/worker-atomic-writer.ts

@@ -0,0 +1,176 @@
+/**
+ * Phase 1.5 worker-thread atomic writer (RFC: 15-PHASE1.5-WORKER-WRITER-RFC.md).
+ *
+ * Background: multi-step goal-wrapped workflows crash silently and
+ * non-deterministically during batch transitions. The crash point moves to
+ * every `await` yield in the write path (mkdir, open, stat, rename,
+ * appendEvent). Sync replacements regress. Hypothesis: V8/libuv-level race
+ * during event-loop yields. Mitigation: route writes through a dedicated
+ * worker thread that performs SYNC fs operations with no internal yields.
+ *
+ * Opt-in via `PI_CREW_WORKER_ATOMIC_WRITER=1`. When disabled, callers fall
+ * back to the regular async path. Safe to ship behind a flag.
+ *
+ * Protocol (main → worker):
+ *   { kind: "write", id, filePath, content }
+ *   { kind: "mkdir", id, dirPath }
+ *   { kind: "append", id, filePath, content }
+ *
+ * Protocol (worker → main):
+ *   { kind: "done", id }
+ *   { kind: "error", id, message }
+ */
+import { Worker } from "node:worker_threads";
+import * as path from "node:path";
+import * as fs from "node:fs";
+import { createRequire } from "node:module";
+
+const require = createRequire(import.meta.url);
+
+let worker: Worker | undefined;
+let nextRequestId = 1;
+const pending = new Map<number, { resolve: () => void; reject: (e: Error) => void }>();
+
+/** Worker script source — runs SYNC fs ops with no internal yields. */
+const WORKER_SOURCE = `
+const { parentPort, workerData } = require("node:worker_threads");
+const fs = require("node:fs");
+const path = require("node:path");
+const crypto = require("node:crypto");
+
+function isSymlinkSafePath(filePath) {
+  try {
+    let currentPath = filePath;
+    while (currentPath !== path.dirname(currentPath)) {
+      const dir = path.dirname(currentPath);
+      try {
+        const stat = fs.lstatSync(dir);
+        if (stat.isSymbolicLink()) {
+          // Accept symlinks under /tmp (macOS /var/folders) and project dirs;
+          // reject others. Mirrors atomic-write.ts policy for goal-loop paths.
+          const real = fs.realpathSync(dir);
+          if (!real.startsWith("/tmp/") && !real.startsWith(process.cwd())) {
+            return false;
+          }
+        }
+      } catch { /* not found — fine */ }
+      currentPath = dir;
+    }
+    return true;
+  } catch { return true; }
+}
+
+function syncAtomicWriteFile(filePath, content) {
+  if (!isSymlinkSafePath(filePath)) throw new Error("Refusing to write: unsafe path: " + filePath);
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  const tempPath = filePath + "." + crypto.randomUUID() + ".tmp";
+  try {
+    const fd = fs.openSync(tempPath, fs.constants.O_WRONLY | fs.constants.O_CREAT | fs.constants.O_EXCL, 0o600);
+    try {
+      fs.writeFileSync(fd, content, "utf-8");
+    } finally {
+      fs.closeSync(fd);
+    }
+    fs.renameSync(tempPath, filePath);
+  } catch (error) {
+    try { fs.rmSync(tempPath, { force: true }); } catch {}
+    // If rename raced with another writer that produced identical content, swallow.
+    if (error && error.code === "EEXIST") {
+      try {
+        const existing = fs.readFileSync(filePath, "utf-8");
+        if (existing === content) return;
+      } catch {}
+    }
+    throw error;
+  }
+}
+
+function syncAppend(filePath, content) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.appendFileSync(filePath, content, "utf-8");
+}
+
+parentPort.on("message", (msg) => {
+  try {
+    if (msg.kind === "write") syncAtomicWriteFile(msg.filePath, msg.content);
+    else if (msg.kind === "mkdir") fs.mkdirSync(msg.dirPath, { recursive: true });
+    else if (msg.kind === "append") syncAppend(msg.filePath, msg.content);
+    else throw new Error("worker-atomic-writer: unknown message kind: " + msg.kind);
+    parentPort.postMessage({ kind: "done", id: msg.id });
+  } catch (error) {
+    parentPort.postMessage({ kind: "error", id: msg.id, message: error && error.message ? error.message : String(error) });
+  }
+});
+`;
+
+function getWorker(): Worker {
+	if (worker) return worker;
+	// Write worker source to a temp file (so Worker can load it as CJS via
+	// require() inside the worker, which always has CommonJS available).
+	const os = require("node:os");
+	const tmpPath = path.join(fs.mkdtempSync(path.join(os.tmpdir(), "pi-crew-waw-")), "worker.cjs");
+	fs.writeFileSync(tmpPath, WORKER_SOURCE, "utf-8");
+	worker = new Worker(tmpPath);
+	worker.on("message", (msg: { kind: string; id: number; message?: string }) => {
+		const entry = pending.get(msg.id);
+		if (!entry) return;
+		pending.delete(msg.id);
+		if (msg.kind === "done") entry.resolve();
+		else entry.reject(new Error(msg.message ?? "worker-atomic-writer: unknown error"));
+	});
+	worker.on("error", (error: Error) => {
+		// Reject ALL pending requests — worker died.
+		for (const [, entry] of pending) entry.reject(error);
+		pending.clear();
+	});
+	worker.unref(); // don't keep event loop alive (unless tests request it)
+	if (keepRefForTests) worker.ref();
+	return worker;
+}
+
+function dispatch(kind: "write" | "mkdir" | "append", payload: Record<string, unknown>): Promise<void> {
+	return new Promise((resolve, reject) => {
+		const id = nextRequestId++;
+		pending.set(id, { resolve, reject });
+		try {
+			getWorker().postMessage({ kind, id, ...payload });
+		} catch (error) {
+			pending.delete(id);
+			reject(error instanceof Error ? error : new Error(String(error)));
+		}
+	});
+}
+
+/** Whether the worker writer is enabled (env var opt-in). */
+export function isWorkerAtomicWriterEnabled(): boolean {
+	return process.env.PI_CREW_WORKER_ATOMIC_WRITER === "1" || process.env.PI_TEAMS_WORKER_ATOMIC_WRITER === "1";
+}
+
+/** Atomic-write a file via the worker thread. Sync fs ops inside worker. */
+export function atomicWriteFileViaWorker(filePath: string, content: string): Promise<void> {
+	return dispatch("write", { filePath, content });
+}
+
+/** Append to a file via the worker thread (used by event-log). */
+export function appendFileViaWorker(filePath: string, content: string): Promise<void> {
+	return dispatch("append", { filePath, content });
+}
+
+/** Terminate the worker (for tests / cleanup). */
+export function terminateWorkerAtomicWriter(): void {
+	if (worker) {
+		const w = worker;
+		worker = undefined;
+		w.terminate().catch(() => { /* ignore */ });
+	}
+	for (const [, entry] of pending) entry.reject(new Error("worker terminated"));
+	pending.clear();
+}
+
+/** Tests-only knob: keep the worker ref'd so the test runner doesn't exit
+ *  before promises resolve. Production code leaves this false (worker is
+ *  unref'd to avoid blocking process exit). */
+let keepRefForTests = false;
+export function __setKeepWorkerRefForTests(value: boolean): void {
+	keepRefForTests = value;
+}

package/src/utils/redaction.ts

@@ -6,6 +6,36 @@
 // Pattern for PEM private keys (possessive quantifier prevents backtracking)
 export const PEM_PRIVATE_KEY_PATTERN = /-----BEGIN [A-Z ]+PRIVATE KEY-----[\s\S]+?-----END [A-Z ]+PRIVATE KEY-----/g;
 
+// --- P1f (RFC §P1f / §6 STRIDE) — additional anchored, ReDoS-SAFE secret patterns. ---
+// All patterns below are LINEAR-TIME: each uses a single bounded quantifier on a
+// character class (fixed {N} or a plain +) with NO nested quantifiers and NO
+// overlapping alternation. Boundaries are zero-width lookarounds on simple char
+// classes, which are also linear. Do NOT introduce (a+)+-style nesting here.
+//
+// RESIDUAL (documented, Med-High per RFC §6): regex redaction is BEST-EFFORT
+// against an *adversarial* worker that can encode/split/transform secrets
+// (base64, line splits, novel formats, non-pattern env vars). This catches the
+// common/accidental leak; it is NOT a boundary against a determined exfiltrator.
+// Full mitigation ladder: (1) redaction here + at artifact-write; (2) Phase 1.5
+// sanitized-env verification; (3) sandbox (deferred).
+
+// JWT — three base64url segments separated by dots, distinctive "eyJ" headers.
+// Linear: single + on [A-Za-z0-9_-] per segment, no nesting.
+export const JWT_PATTERN = /(?<![A-Za-z0-9_-])eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g;
+
+// GitHub PAT (classic + fine-grained prefixes) — fixed 36-char base62 tail.
+// Linear: fixed {36} count on a char class (constant time per match position).
+export const GITHUB_PAT_PATTERN = /(?<![A-Za-z0-9_])gh[pousr]_[A-Za-z0-9]{36}(?![A-Za-z0-9])/g;
+
+// AWS access key id — fixed 16-char uppercase-alphanumeric tail.
+// Linear: fixed {16} count on a char class.
+export const AWS_ACCESS_KEY_PATTERN = /(?<![A-Za-z0-9])AKIA[0-9A-Z]{16}(?![0-9A-Z])/g;
+
+// Optional extras (RFC OQ13) — same ReDoS-safe shape (fixed counts / single +).
+export const SLACK_TOKEN_PATTERN = /(?<![A-Za-z0-9_-])xox[baprs]-[A-Za-z0-9-]{10,}/g;
+export const GOOGLE_API_KEY_PATTERN = /(?<![A-Za-z0-9_-])AIza[0-9A-Za-z_-]{35}(?![0-9A-Za-z_-])/g;
+export const STRIPE_KEY_PATTERN = /(?<![A-Za-z0-9_])sk_live_[0-9a-zA-Z]{24}(?![0-9a-zA-Z])/g;
+
 // Linear-time secret key detection
 // IMPORTANT: This function must maintain linear-time guarantees.
 // The fast-path regex uses simple string alternatives with anchors only (no quantifiers),
@@ -18,23 +48,52 @@ export function isSecretKey(keyName: string): boolean {
 	if (/^(token|apikey|api_key|password|secret|credential|authorization|privatekey|private_key)$/.test(lower)) {
 		return true;
 	}
-	// Linear scan for prefix characters followed by keywords
+	// Linear scan for prefix characters followed by keywords.
+	// FIX (cold-review #1 of Phase 1): use `lower.startsWith(kw, i+1)` + `lower.charAt(...)` to
+	// avoid allocating substring+toLowerCase inside the O(n) loop (was O(n^2) — adversarial
+	// worker emitting `_`×N+`=` stalled 200KB→29s, 500KB→216s). Now O(n).
 	const prefixes = "_.-";
 	const keywords = ["token", "api", "key", "password", "passwd", "secret", "credential", "authorization", "private"];
-	
+
 	for (let i = 0; i < keyName.length; i++) {
 		if (prefixes.includes(keyName[i])) {
-			const remaining = keyName.substring(i + 1).toLowerCase();
 			for (const kw of keywords) {
-				if (remaining.startsWith(kw)) {
-					const afterKw = remaining.substring(kw.length);
-					if (afterKw === "" || prefixes.includes(afterKw[0]) || /[a-zA-Z0-9]/.test(afterKw[0])) {
+				if (lower.startsWith(kw, i + 1)) {
+					const afterCh = lower.charAt(i + 1 + kw.length);
+					if (afterCh === "" || prefixes.includes(afterCh) || /[a-zA-Z0-9]/.test(afterCh)) {
 						return true;
 					}
 				}
 			}
 		}
 	}
+	// FIX (P1f, surfaced by notification-sink test): also match camelCase
+	// boundaries (e.g. `apiToken`, `clientSecret`, `authKey`) — the separator
+	// scan above requires `_-.` between prefix and keyword and MISSES the very
+	// common camelCase pattern. Scan: a keyword matches if it appears with a
+	// word boundary (start of string, end of string, camelCase lowercase->upper
+	// transition, or one of `_-.` separators). Linear: one forward pass.
+	for (const kw of keywords) {
+		let from = 0;
+		while (true) {
+			const idx = lower.indexOf(kw, from);
+			if (idx === -1) break;
+			const before = idx === 0 ? "" : lower.charAt(idx - 1);
+			const afterIdx = idx + kw.length;
+			const afterCh = afterIdx >= lower.length ? "" : lower.charAt(afterIdx);
+			const atStart = idx === 0;
+			const atEnd = afterIdx === lower.length;
+			const camelBoundary = /[A-Z]/.test(keyName.charAt(afterIdx)); // lowercase->uppercase in original
+			const sepBoundary = prefixes.includes(before) || prefixes.includes(afterCh);
+			if (atStart || atEnd || camelBoundary || sepBoundary) {
+				// Require non-empty chars before/after to avoid matching `api` inside `capitalize`
+				const hasBefore = idx > 0;
+				const hasAfter = afterIdx < lower.length;
+				if (hasBefore || hasAfter) return true;
+			}
+			from = idx + 1;
+		}
+	}
 	return false;
 }
 
@@ -124,9 +183,20 @@ export function redactSecretString(value: string): string {
 	// Replace Authorization headers (non-Bearer format)
 	result = redactAuthHeader(result);
 	
-	// Replace Bearer tokens
+	// Replace Bearer tokens (run before structured-token patterns so a
+	// "Bearer <jwt>" pair is collapsed first; bare tokens are caught below).
 	result = redactBearerTokens(result);
 	
+	// P1f: structured secret tokens (JWT / GitHub PAT / AWS keys + optional
+	// Slack/Google/Stripe). Best-effort vs adversarial workers (see note above).
+	result = result
+		.replace(JWT_PATTERN, "***")
+		.replace(GITHUB_PAT_PATTERN, "***")
+		.replace(AWS_ACCESS_KEY_PATTERN, "***")
+		.replace(SLACK_TOKEN_PATTERN, "***")
+		.replace(GOOGLE_API_KEY_PATTERN, "***")
+		.replace(STRIPE_KEY_PATTERN, "***");
+	
 	// Replace inline secrets: key=value or key:value patterns
 	result = redactInlineSecrets(result);
 	
@@ -134,51 +204,61 @@ export function redactSecretString(value: string): string {
 }
 
 // Linear-time inline secret redaction: token=xxx, api_key=xxx, etc.
+// FIX (P1f): previously O(n^2) — after a non-secret alphanumeric run, the loop did
+// i++ (advance 1 char) and re-scanned from i+1, so a long run was rescanned O(n)
+// times = O(n^2). The P1f ReDoS test (300KB no-dot input) surfaced this pre-existing
+// bug. Now advances past the whole run when it isn't a redactable secret -> O(n).
 function redactInlineSecrets(value: string): string {
 	const result: string[] = [];
 	let i = 0;
-	
+
 	while (i < value.length) {
-		// Look for pattern: word_chars + = or : + non-whitespace_value
-		// Check for secret key followed by = or :
+		// Collect a run of key characters (alphanumeric, underscore, hyphen).
 		let j = i;
-		let keyLen = 0;
-		
-		// Collect key characters (alphanumeric, underscore, hyphen)
 		while (j < value.length && /[a-zA-Z0-9_-]/.test(value[j])) {
 			j++;
-			keyLen++;
 		}
-		
+		const keyLen = j - i;
+
+		let redacted = false;
 		if (keyLen > 0 && j < value.length && (value[j] === '=' || value[j] === ':')) {
-			const key = value.substring(i, i + keyLen);
-			
+			const key = value.substring(i, j);
+
 			// Check if this is a secret key
 			if (isSecretKey(key)) {
 				// Find the value (everything after = or : until space, comma, or end)
 				const sep = value[j];
 				let k = j + 1;
 				let valLen = 0;
-				while (k < value.length && valLen < 500 && value[k] !== ' ' && value[k] !== ',' && value[k] !== ';' && value[k] !== '"' && value[k] !== '"' && value[k] !== '\r' && value[k] !== '\n') {
+				while (k < value.length && valLen < 500 && value[k] !== ' ' && value[k] !== ',' && value[k] !== ';' && value[k] !== '"' && value[k] !== '\r' && value[k] !== '\n') {
 					k++;
 					valLen++;
 				}
-				
+
 				// Only redact if there's actual content
 				if (valLen > 0) {
 					result.push(key);
 					result.push(sep);
 					result.push("***");
 					i = k;
-					continue;
+					redacted = true;
 				}
 			}
 		}
-		
-		result.push(value[i]);
-		i++;
+
+		if (!redacted) {
+			if (keyLen > 0) {
+				// Not a redactable secret — push the WHOLE run and advance past it (O(n)).
+				result.push(value.substring(i, j));
+				i = j;
+			} else {
+				// Single non-key character (space, punctuation, etc.)
+				result.push(value[i]);
+				i++;
+			}
+		}
 	}
-	
+
 	return result.join("");
 }
 

package/src/workflows/discover-workflows.ts

@@ -120,11 +120,35 @@ function parseWorkflowFile(filePath: string, source: ResourceSource): WorkflowCo
 
 function readWorkflowDir(dir: string, source: ResourceSource): WorkflowConfig[] {
 	if (!fs.existsSync(dir)) return [];
-	return fs.readdirSync(dir)
+	const staticWorkflows = fs.readdirSync(dir)
 		.filter((entry) => entry.endsWith(".workflow.md"))
 		.map((entry) => parseWorkflowFile(path.join(dir, entry), source))
 		.filter((workflow): workflow is WorkflowConfig => workflow !== undefined)
 		.sort((a, b) => a.name.localeCompare(b.name));
+	// P2: also discover dynamic workflows (*.dwf.ts). A .dwf.ts's default export is a JS orchestrator.
+	const dynamicWorkflows = fs.readdirSync(dir)
+		.filter((entry) => entry.endsWith(".dwf.ts"))
+		.map((entry) => parseDynamicWorkflowFile(path.join(dir, entry), source))
+		.filter((workflow): workflow is WorkflowConfig => workflow !== undefined);
+	return [...staticWorkflows, ...dynamicWorkflows].sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/** P2: a .dwf.ts is a dynamic workflow. Name = filename stem; script = the file itself. */
+function parseDynamicWorkflowFile(filePath: string, source: ResourceSource): WorkflowConfig | undefined {
+	try {
+		const basename = path.basename(filePath, ".dwf.ts");
+		return {
+			name: basename,
+			description: `Dynamic workflow script (${basename}.dwf.ts).`,
+			source,
+			filePath,
+			steps: [],
+			runtime: "dynamic",
+			dynamicScript: filePath,
+		};
+	} catch {
+		return undefined;
+	}
 }
 
 export function discoverWorkflows(cwd: string): WorkflowDiscoveryResult {

package/src/workflows/workflow-config.ts

@@ -39,4 +39,17 @@ export interface WorkflowConfig {
 	filePath: string;
 	steps: WorkflowStep[];
 	maxConcurrency?: number;
+	/** P2 dynamic-workflow discriminator. Default "static" (the .workflow.md step-list model).
+	 *  "dynamic" = the workflow is a JS/TS script (.dwf.ts) run via dynamic-workflow-runner.
+	 *  Backward-compatible: absent = "static". */
+	runtime?: "static" | "dynamic";
+	/** For runtime:"dynamic" — relative/absolute path to the .dwf.ts script. Unused for static. */
+	dynamicScript?: string;
+}
+
+/** A dynamic workflow (runtime === "dynamic"). steps is empty — the script is the source of truth. */
+export interface DynamicWorkflowConfig extends WorkflowConfig {
+	runtime: "dynamic";
+	dynamicScript: string;
+	steps: [];
 }

package/teams/parallel-research.team.md

@@ -4,7 +4,7 @@ description: Parallel research team for multi-project/source audits
 workspaceMode: single
 defaultWorkflow: parallel-research
 maxConcurrency: 4
-triggers: đọc sâu, deep read, deep research, source audit, multiple projects, parallel research, pi-*
+triggers: deep reading, deep read, deep research, source audit, multiple projects, parallel research, pi-*
 category: research
 cost: cheap
 ---

package/workflows/examples/hello.dwf.ts

@@ -0,0 +1,24 @@
+/**
+ * hello.dwf.ts — Minimal reference dynamic-workflow script (P2).
+ *
+ * Usage: place under `.crew/workflows/hello.dwf.ts`, then
+ *   team action='run' workflow='hello' goal='Greet the user warmly.'
+ *
+ * Demonstrates the WorkflowCtx surface: one ctx.agent() call + ctx.setResult().
+ * See 07-PLAN.md v3 §3.1 and 00-SPEC.md §3.2.
+ */
+import type { WorkflowCtx } from "../src/runtime/dynamic-workflow-context.ts";
+
+export default async function (ctx: WorkflowCtx): Promise<void> {
+	const greeting = await ctx.agent({
+		role: "executor",
+		prompt: `Compose a single-line warm greeting. Context: ${ctx.goal ?? "(no goal)"}`,
+		maxTurns: 2,
+	});
+	// Only ctx.setResult() reaches the main context.
+	ctx.setResult("results/greeting.txt", { ok: greeting.ok, model: "executor" });
+	// Note: in this trivial example the artifact path is illustrative; production scripts
+	// would use ctx.agent()'s returned artifactPath. Here we just surface the agent's text
+	// via the summary (runDynamicWorkflow reads the final artifact or falls back).
+	void greeting;
+}