vibe-coding-master 0.3.22 → 0.3.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/README.md +2 -2
  2. package/dist/backend/adapters/git-adapter.js +53 -0
  3. package/dist/backend/api/artifact-routes.js +1 -28
  4. package/dist/backend/api/codex-translation-routes.js +24 -0
  5. package/dist/backend/api/harness-routes.js +10 -0
  6. package/dist/backend/api/task-routes.js +2 -6
  7. package/dist/backend/gateway/gateway-service.js +3 -16
  8. package/dist/backend/server.js +5 -2
  9. package/dist/backend/services/artifact-service.js +1 -30
  10. package/dist/backend/services/codex-hook-service.js +30 -9
  11. package/dist/backend/services/codex-translation-service.js +17 -40
  12. package/dist/backend/services/harness-service.js +106 -0
  13. package/dist/backend/services/session-service.js +189 -15
  14. package/dist/backend/services/status-service.js +1 -6
  15. package/dist/backend/services/task-service.js +42 -110
  16. package/dist/backend/services/translation-service.js +15 -4
  17. package/dist/backend/templates/handoff.js +3 -3
  18. package/dist/backend/templates/harness/architect-agent.js +3 -2
  19. package/dist/backend/templates/harness/coder-agent.js +6 -1
  20. package/dist/backend/templates/harness/project-manager-agent.js +10 -1
  21. package/dist/backend/templates/harness/vcm-route-message-skill.js +8 -2
  22. package/dist/shared/types/app-settings.js +3 -2
  23. package/dist-frontend/assets/index-CKWy15WL.js +94 -0
  24. package/dist-frontend/assets/index-Cfum1Prr.css +32 -0
  25. package/dist-frontend/index.html +2 -2
  26. package/docs/cc-best-practices.md +1 -1
  27. package/docs/codex-translation-plan.md +41 -37
  28. package/docs/full-harness-baseline.md +0 -1
  29. package/docs/gateway-design.md +9 -13
  30. package/docs/product-design.md +23 -44
  31. package/docs/v0.4-custom-workflow-plan.md +785 -0
  32. package/docs/vcm-cc-best-practices.md +15 -13
  33. package/package.json +1 -1
  34. package/dist-frontend/assets/index-CEB6Bssn.js +0 -95
  35. package/dist-frontend/assets/index-Dmefx9m7.css +0 -32
@@ -0,0 +1,785 @@
1
+ # VCM 0.4 Custom Workflow Plan
2
+
3
+ Last updated: 2026-06-21
4
+
5
+ This document defines the proposed VCM 0.4 custom workflow architecture.
6
+
7
+ VCM 0.4 should turn the current fixed role chain into a configurable workflow
8
+ system. Users should be able to compose the task process, edit role definitions,
9
+ choose role runtime policies, and decide where gates, checks, and human review
10
+ belong. The product should still feel like VCM: local, visible, recoverable, and
11
+ oriented around explicit AI role sessions.
12
+
13
+ ## 1. Product Goal
14
+
15
+ The current VCM workflow is intentionally opinionated:
16
+
17
+ ```text
18
+ project-manager
19
+ -> architect
20
+ -> coder
21
+ -> reviewer
22
+ -> architect
23
+ -> project-manager
24
+ ```
25
+
26
+ That default is useful, but it cannot fit every team, repository, or task type.
27
+ Some users need heavier architecture review. Some need a fast bug-fix workflow.
28
+ Some need long-lived planning sessions. Some want fresh implementation sessions.
29
+ Some want mandatory final gates only for high-risk tasks.
30
+
31
+ VCM 0.4 should make these choices explicit and configurable without turning the
32
+ app into a fragile scripting environment.
33
+
34
+ The target outcome:
35
+
36
+ - users can define reusable workflow templates
37
+ - users can customize roles and role instructions from the UI
38
+ - users can configure session lifecycle per role
39
+ - users can add review gates and validation nodes at specific points
40
+ - VCM can show exactly where a task is in the workflow
41
+ - VCM can pause, retry, skip, or reroute a node without losing task state
42
+ - existing VCM workflows keep working through a built-in default template
43
+
44
+ ## 2. Core Principle
45
+
46
+ Workflow state must be owned by VCM, not inferred from terminals.
47
+
48
+ Role sessions are execution resources. They can start, stop, restart, fail, or
49
+ survive across several workflow nodes. A workflow run is the source of truth for
50
+ what should happen next.
51
+
52
+ The key separation:
53
+
54
+ ```text
55
+ Workflow Definition
56
+ declarative template selected by the user
57
+
58
+ Workflow Run
59
+ one task's execution state for the selected definition
60
+
61
+ Node Instance
62
+ one concrete execution step inside the run
63
+
64
+ Role Session
65
+ long-lived or short-lived terminal/runtime used by role nodes
66
+ ```
67
+
68
+ This separation prevents the main flow from ending only because one terminal
69
+ stopped, and it prevents a long-lived role session from falsely keeping a task
70
+ running when no workflow node is active.
71
+
72
+ ## 3. Non-Goals
73
+
74
+ VCM 0.4 should not:
75
+
76
+ - become a general BPMN engine
77
+ - allow arbitrary untrusted code inside workflow definitions
78
+ - require users to understand internal hook details
79
+ - force every task to use a visual workflow editor
80
+ - make the current default workflow disappear
81
+ - mix auxiliary tools into the main engineering workflow
82
+ - treat every terminal session as a workflow participant
83
+
84
+ ## 4. Workflow Definition Model
85
+
86
+ A workflow definition is a versioned, declarative template.
87
+
88
+ Recommended top-level shape:
89
+
90
+ ```json
91
+ {
92
+ "schemaVersion": 1,
93
+ "id": "standard-feature-workflow",
94
+ "version": "1.0.0",
95
+ "name": "Standard Feature Workflow",
96
+ "description": "Default PM -> Architect -> Coder -> Reviewer flow.",
97
+ "roles": {},
98
+ "nodes": [],
99
+ "edges": [],
100
+ "variables": {},
101
+ "artifacts": {},
102
+ "policies": {}
103
+ }
104
+ ```
105
+
106
+ Definitions should be data, not executable scripts. VCM can validate them,
107
+ render them in the UI, diff them, migrate them, and safely run them.
108
+
109
+ ### 4.1 Built-In Templates
110
+
111
+ VCM should ship with built-in templates:
112
+
113
+ - `standard-feature-workflow`: current default multi-role flow
114
+ - `small-change-workflow`: PM plus direct implementation and review
115
+ - `docs-workflow`: planning, content update, validation, final acceptance
116
+ - `review-heavy-workflow`: stricter gates around architecture and final diff
117
+ - `hotfix-workflow`: minimal planning, focused fix, mandatory validation
118
+
119
+ The built-in templates should be read-only. Users can duplicate one into a
120
+ custom template and edit the copy.
121
+
122
+ ### 4.2 Storage
123
+
124
+ Workflow definitions and runtime state should not be mixed.
125
+
126
+ Recommended storage:
127
+
128
+ ```text
129
+ ~/.vcm/workflows/
130
+ user-level workflow templates
131
+
132
+ <baseRepoRoot>/.ai/vcm/workflow-runs/<taskSlug>/
133
+ runtime state for a task's workflow run
134
+
135
+ <baseRepoRoot>/.ai/vcm/handoffs/
136
+ existing durable role handoff artifacts
137
+ ```
138
+
139
+ Project-specific workflow selection can live in the existing VCM settings
140
+ system. If a team wants to share templates through Git, VCM should provide
141
+ export/import instead of silently writing runtime files into source-controlled
142
+ paths.
143
+
144
+ ### 4.3 Version Pinning
145
+
146
+ Each task must pin the workflow definition version at task creation time.
147
+
148
+ If a user edits a workflow template later, existing tasks should continue using
149
+ the pinned snapshot. VCM can offer an explicit "migrate task workflow" action,
150
+ but it must never silently change the process for an active task.
151
+
152
+ ## 5. Role Definition Model
153
+
154
+ A role definition describes what the role is, how it runs, and what artifacts it
155
+ is expected to produce or consume.
156
+
157
+ Recommended shape:
158
+
159
+ ```json
160
+ {
161
+ "id": "architect",
162
+ "displayName": "Architect",
163
+ "engine": "claude-code",
164
+ "instructions": {
165
+ "mode": "managed-file",
166
+ "path": ".claude/agents/architect.md"
167
+ },
168
+ "model": {
169
+ "default": "inherit",
170
+ "allowed": ["inherit", "opus", "sonnet"]
171
+ },
172
+ "effort": {
173
+ "default": "inherit",
174
+ "allowed": ["inherit", "low", "medium", "high", "max"]
175
+ },
176
+ "permissions": {
177
+ "default": "inherit"
178
+ },
179
+ "sessionPolicy": {
180
+ "lifecycle": "per-task"
181
+ },
182
+ "artifacts": {
183
+ "reads": [],
184
+ "writes": []
185
+ }
186
+ }
187
+ ```
188
+
189
+ The UI should let users edit the role name, description, instruction body,
190
+ model, effort, permission profile, working directory, session lifecycle, and
191
+ artifact contracts.
192
+
193
+ ### 5.1 Instruction Sources
194
+
195
+ VCM should support several instruction modes:
196
+
197
+ - `managed-file`: VCM installs and updates a role file in the repo harness
198
+ - `inline`: the workflow template stores the role instruction text
199
+ - `external-file`: the workflow references a user-selected local file
200
+ - `built-in`: the role uses a bundled VCM role definition
201
+
202
+ Managed files should still use protected template blocks where needed, so VCM
203
+ can update the stable harness section without deleting user edits.
204
+
205
+ ### 5.2 Session Lifecycle Policies
206
+
207
+ Session lifecycle should be explicit per role:
208
+
209
+ - `per-task`: one session is kept for the whole task
210
+ - `per-node`: a fresh session is started for each node execution
211
+ - `restart-before-node`: the role is restarted before running this node
212
+ - `manual`: VCM prepares the role, but the user starts and drives it manually
213
+ - `disabled`: the role exists in the template but is not active for this run
214
+
215
+ This is one of the main 0.4 features. Different roles need different memory
216
+ and isolation tradeoffs:
217
+
218
+ - PM usually benefits from task continuity.
219
+ - Architect may benefit from continuity across planning and final assessment.
220
+ - Coder may benefit from either continuity or a fresh implementation session.
221
+ - Reviewer often benefits from fresh context and independent judgment.
222
+ - A gate reviewer often benefits from narrow context and strict artifact input.
223
+
224
+ ### 5.3 Runtime Engines
225
+
226
+ The role model should not assume every role uses the same CLI.
227
+
228
+ Recommended initial engines:
229
+
230
+ - `claude-code`
231
+ - `codex-cli`
232
+ - `manual`
233
+ - `command`
234
+
235
+ `manual` nodes let the workflow wait for a human decision. `command` nodes run
236
+ predefined local checks that VCM can supervise.
237
+
238
+ ## 6. Node Types
239
+
240
+ The workflow graph is made of typed nodes. Each node type has a small, stable
241
+ contract that VCM can validate and display.
242
+
243
+ ### 6.1 Role Turn Node
244
+
245
+ Runs one prompt through one role session.
246
+
247
+ Fields:
248
+
249
+ - role id
250
+ - prompt template
251
+ - input artifacts
252
+ - expected output artifacts
253
+ - timeout policy
254
+ - retry policy
255
+ - session lifecycle override
256
+
257
+ Example uses:
258
+
259
+ - ask architect for a plan
260
+ - ask coder to implement a scoped plan
261
+ - ask reviewer to validate a diff
262
+ - ask PM to summarize final status
263
+
264
+ ### 6.2 Review Gate Node
265
+
266
+ Runs an independent review against specific artifacts.
267
+
268
+ Fields:
269
+
270
+ - reviewer role id
271
+ - gate name
272
+ - required inputs
273
+ - report path
274
+ - decision schema
275
+ - pass condition
276
+ - failure handling
277
+
278
+ Recommended decision values:
279
+
280
+ ```text
281
+ approve
282
+ request_changes
283
+ ```
284
+
285
+ The gate should identify issues. Routing after `request_changes` belongs to the
286
+ workflow definition and VCM orchestration, not to the gate role.
287
+
288
+ ### 6.3 Command Check Node
289
+
290
+ Runs a local command with a declared purpose and captures output.
291
+
292
+ Fields:
293
+
294
+ - command template
295
+ - working directory
296
+ - environment policy
297
+ - success exit codes
298
+ - output artifact path
299
+ - timeout
300
+
301
+ Example uses:
302
+
303
+ - unit tests
304
+ - format checks
305
+ - type checks
306
+ - lint checks
307
+ - repository-specific validation scripts
308
+
309
+ ### 6.4 Artifact Check Node
310
+
311
+ Validates that required files exist and match expected shape.
312
+
313
+ Fields:
314
+
315
+ - file path
316
+ - required or optional
317
+ - schema type
318
+ - maximum size
319
+ - validation rules
320
+
321
+ This node should catch missing handoff files, empty reports, invalid gate
322
+ decisions, and stale artifacts before the next role receives bad input.
323
+
324
+ ### 6.5 Human Decision Node
325
+
326
+ Pauses the workflow and asks the user to choose.
327
+
328
+ Fields:
329
+
330
+ - prompt
331
+ - choices
332
+ - default choice
333
+ - required artifact context
334
+ - timeout behavior
335
+
336
+ Example uses:
337
+
338
+ - approve high-risk migration
339
+ - choose between two architecture options
340
+ - skip a failed gate with recorded override
341
+ - retry a failed command
342
+
343
+ ### 6.6 Branch Node
344
+
345
+ Routes based on workflow state or artifact content.
346
+
347
+ Example conditions:
348
+
349
+ - gate decision is `approve`
350
+ - gate decision is `request_changes`
351
+ - command check passed
352
+ - user selected retry
353
+ - task risk level is high
354
+
355
+ Branch logic should use a constrained expression format, not arbitrary code.
356
+
357
+ ### 6.7 Fan-Out / Fan-In Node
358
+
359
+ Runs several independent checks or reviews, then joins results.
360
+
361
+ The first implementation can keep role turns sequential for safety. The data
362
+ model should still support future parallelism where it is safe.
363
+
364
+ ### 6.8 Finalization Node
365
+
366
+ Marks the workflow run complete after required acceptance conditions pass.
367
+
368
+ It should collect:
369
+
370
+ - final user-facing summary
371
+ - changed files
372
+ - validation evidence
373
+ - unresolved risks
374
+ - PR or commit status when applicable
375
+
376
+ ## 7. Edges and Routing
377
+
378
+ Edges connect nodes and define what happens next.
379
+
380
+ Recommended shape:
381
+
382
+ ```json
383
+ {
384
+ "from": "review-plan",
385
+ "to": "implement",
386
+ "when": "decision == 'approve'"
387
+ }
388
+ ```
389
+
390
+ Routing must be visible in the UI. Users should be able to understand why VCM
391
+ picked the next node.
392
+
393
+ VCM should support:
394
+
395
+ - unconditional next step
396
+ - branch by decision
397
+ - retry edge
398
+ - skip edge with recorded reason
399
+ - override edge with recorded user approval
400
+ - loop with maximum iteration count
401
+
402
+ Every loop must have an explicit maximum iteration count or a human decision
403
+ node. This prevents accidental infinite role ping-pong.
404
+
405
+ ## 8. Artifact Contracts
406
+
407
+ Workflow nodes should communicate through explicit artifacts, not implicit
408
+ terminal history.
409
+
410
+ Artifact contracts should define:
411
+
412
+ - path
413
+ - owner node
414
+ - reader nodes
415
+ - required shape
416
+ - freshness rule
417
+ - append or replace behavior
418
+ - maximum expected size
419
+
420
+ Example:
421
+
422
+ ```json
423
+ {
424
+ "id": "architecturePlan",
425
+ "path": ".ai/vcm/handoffs/architecture-plan.md",
426
+ "owner": "architect-plan",
427
+ "readers": ["plan-review-gate", "coder-implementation"],
428
+ "required": true,
429
+ "writeMode": "replace",
430
+ "freshness": "after-node-start"
431
+ }
432
+ ```
433
+
434
+ Artifact contracts solve several current problems:
435
+
436
+ - VCM can reject empty or stale reports.
437
+ - VCM can show exactly what evidence a node used.
438
+ - Gate inputs can stay narrow and repeatable.
439
+ - Role prompts can be shorter because the artifact list is explicit.
440
+ - Replanning can target the right artifact instead of replaying the whole task.
441
+
442
+ ## 9. Prompt Templates
443
+
444
+ Each role turn should use a compact prompt template with variables and artifact
445
+ references.
446
+
447
+ Recommended variable syntax:
448
+
449
+ ```text
450
+ {{task.name}}
451
+ {{task.userRequest}}
452
+ {{artifact.architecturePlan.path}}
453
+ {{workflow.currentNode.name}}
454
+ {{previousNode.summary}}
455
+ ```
456
+
457
+ Prompt templates should avoid duplicating permanent role rules. Stable role
458
+ behavior belongs in role instructions. Node prompts should focus on the current
459
+ job, inputs, expected output, and decision contract.
460
+
461
+ ## 10. Workflow Run State
462
+
463
+ Each task should have one workflow run state file.
464
+
465
+ Recommended shape:
466
+
467
+ ```json
468
+ {
469
+ "taskSlug": "example-task",
470
+ "workflowId": "standard-feature-workflow",
471
+ "workflowVersion": "1.0.0",
472
+ "status": "running",
473
+ "currentNodeId": "coder-implementation",
474
+ "nodeRuns": [],
475
+ "roleSessions": {},
476
+ "artifacts": {},
477
+ "events": []
478
+ }
479
+ ```
480
+
481
+ Workflow run status:
482
+
483
+ ```text
484
+ created
485
+ running
486
+ waiting_for_user
487
+ waiting_for_role
488
+ waiting_for_command
489
+ failed
490
+ completed
491
+ cancelled
492
+ ```
493
+
494
+ Node run status:
495
+
496
+ ```text
497
+ pending
498
+ running
499
+ completed
500
+ failed
501
+ skipped
502
+ overridden
503
+ cancelled
504
+ ```
505
+
506
+ Role session status:
507
+
508
+ ```text
509
+ not_started
510
+ starting
511
+ idle
512
+ running
513
+ stopping
514
+ failed
515
+ exited
516
+ ```
517
+
518
+ The workflow run decides whether the task is active. Role sessions only report
519
+ execution state into the run.
520
+
521
+ ## 11. Hooks and State Updates
522
+
523
+ Hooks should report role runtime events into VCM, but they should not decide
524
+ workflow completion by themselves.
525
+
526
+ Important events:
527
+
528
+ - role session started
529
+ - prompt submitted
530
+ - role output stopped
531
+ - command started
532
+ - command completed
533
+ - artifact written
534
+ - artifact validated
535
+ - gate decision recorded
536
+ - user decision recorded
537
+
538
+ VCM should map hook events to the active node run. If no workflow node is
539
+ waiting for that role, the event is recorded as session activity but must not
540
+ change workflow progress.
541
+
542
+ This rule is critical for long-lived sessions.
543
+
544
+ ## 12. Permissions and Safety
545
+
546
+ Workflow definitions should declare required permissions before execution.
547
+
548
+ Permission layers:
549
+
550
+ - workflow-level defaults
551
+ - role-level defaults
552
+ - node-level overrides
553
+ - user approval policy
554
+
555
+ VCM should show a permission summary before starting a task:
556
+
557
+ - repository roots that may be read
558
+ - paths that may be written
559
+ - commands that may run
560
+ - network policy
561
+ - sandbox profile
562
+ - roles that can edit source files
563
+ - roles that are read-only reviewers
564
+
565
+ Recommended safety defaults:
566
+
567
+ - PM can write VCM metadata and handoff files.
568
+ - Architect can write plans, docs, and approved scaffold files.
569
+ - Coder can edit implementation files within task scope.
570
+ - Reviewer is read-only except for review reports.
571
+ - Gate reviewers are read-only except for gate reports.
572
+ - Command nodes can write only declared output artifacts unless explicitly
573
+ approved.
574
+
575
+ ## 13. UI Design
576
+
577
+ VCM 0.4 needs two UI layers:
578
+
579
+ 1. Running task view
580
+ 2. Workflow builder view
581
+
582
+ ### 13.1 Running Task View
583
+
584
+ The running task view should show:
585
+
586
+ - selected workflow template
587
+ - current node
588
+ - next expected node
589
+ - active role session
590
+ - node status timeline
591
+ - role session status
592
+ - required artifacts
593
+ - gate decisions
594
+ - validation results
595
+ - retry / skip / override actions when allowed
596
+
597
+ The existing terminal workspace remains important, but the workflow graph should
598
+ be the primary explanation for what VCM is doing.
599
+
600
+ ### 13.2 Workflow Builder
601
+
602
+ The workflow builder should support:
603
+
604
+ - duplicate built-in template
605
+ - add role
606
+ - edit role instructions
607
+ - configure model, effort, permissions, and session lifecycle
608
+ - add node
609
+ - connect nodes
610
+ - configure branch conditions
611
+ - define artifact contracts
612
+ - define gate decision schema
613
+ - configure retry and override policies
614
+ - preview generated role prompts
615
+ - validate workflow definition
616
+ - dry-run with mock outputs
617
+
618
+ The first UI version can be form-driven with a compact graph preview. A fully
619
+ free-form visual canvas is useful later, but the first implementation should
620
+ prioritize correctness and validation.
621
+
622
+ ### 13.3 Role Editor
623
+
624
+ The role editor should include:
625
+
626
+ - display name
627
+ - engine
628
+ - instruction source
629
+ - instruction editor
630
+ - default model
631
+ - default effort
632
+ - permission profile
633
+ - working directory
634
+ - session lifecycle
635
+ - owned artifacts
636
+ - read artifacts
637
+
638
+ VCM should warn when a role instruction conflicts with the workflow contract.
639
+ For example, if a node expects a report file but the role instruction says not
640
+ to write files, the workflow should fail validation before running.
641
+
642
+ ## 14. Validation
643
+
644
+ Workflow validation should run before a task starts.
645
+
646
+ Checks:
647
+
648
+ - unique role ids
649
+ - unique node ids
650
+ - all edges reference existing nodes
651
+ - every non-final node has at least one outgoing edge
652
+ - every branch condition references valid fields
653
+ - every required artifact has exactly one owner
654
+ - every required artifact has a validation rule
655
+ - every loop has a max iteration count or human decision node
656
+ - every role node references an active role
657
+ - every gate has a valid decision schema
658
+ - every command node has a timeout
659
+ - selected engines are available
660
+ - required permission profile is valid
661
+
662
+ VCM should block invalid workflows before task creation.
663
+
664
+ ## 15. Migration Plan
665
+
666
+ The current VCM flow becomes a built-in template:
667
+
668
+ ```text
669
+ standard-feature-workflow@1
670
+ ```
671
+
672
+ Migration steps:
673
+
674
+ 1. Introduce workflow definition and run state data structures.
675
+ 2. Express the current hardcoded flow as a built-in workflow definition.
676
+ 3. Route existing orchestration through the workflow engine.
677
+ 4. Preserve existing task behavior by default.
678
+ 5. Add UI for selecting a built-in workflow at task creation.
679
+ 6. Add custom template duplication and editing.
680
+ 7. Add richer node types and branch policies.
681
+
682
+ Existing tasks should continue with their current runtime state. New tasks can
683
+ use workflow definitions once the engine is enabled.
684
+
685
+ ## 16. Implementation Phases
686
+
687
+ ### Phase 1: Workflow Engine Foundation
688
+
689
+ - Define workflow schema.
690
+ - Define run state schema.
691
+ - Add built-in `standard-feature-workflow`.
692
+ - Convert current orchestration to run through workflow nodes.
693
+ - Keep current UI mostly unchanged.
694
+ - Add workflow event log.
695
+
696
+ Success condition: current tasks behave the same, but VCM state knows the active
697
+ workflow node instead of inferring flow from role stops.
698
+
699
+ ### Phase 2: Role and Session Customization
700
+
701
+ - Add role definition editor.
702
+ - Add session lifecycle policies.
703
+ - Add model, effort, permission, and working directory configuration per role.
704
+ - Add role instruction source options.
705
+ - Add role session state visualization.
706
+
707
+ Success condition: users can customize role behavior without editing harness
708
+ files manually.
709
+
710
+ ### Phase 3: Workflow Builder MVP
711
+
712
+ - Add template selection at task creation.
713
+ - Add duplicate built-in template.
714
+ - Add form-based node editor.
715
+ - Add edge editor.
716
+ - Add artifact contract editor.
717
+ - Add validation before save.
718
+ - Add compact graph preview.
719
+
720
+ Success condition: users can create a custom linear or lightly branching
721
+ workflow from the UI.
722
+
723
+ ### Phase 4: Advanced Gates and Branching
724
+
725
+ - Add reusable gate node configuration.
726
+ - Add retry / skip / override policies.
727
+ - Add loop limits.
728
+ - Add human decision nodes.
729
+ - Add fan-out / fan-in data model.
730
+
731
+ Success condition: review-heavy and hotfix workflows can be modeled without
732
+ hardcoded special cases.
733
+
734
+ ### Phase 5: Sharing and Auditability
735
+
736
+ - Add export/import for workflow templates.
737
+ - Add workflow diff view.
738
+ - Add task run replay timeline.
739
+ - Add workflow run diagnostics.
740
+ - Add template migration assistant.
741
+
742
+ Success condition: users can share, inspect, and evolve workflows safely.
743
+
744
+ ## 17. Open Decisions
745
+
746
+ The following details should be decided before implementation:
747
+
748
+ - exact workflow JSON schema
749
+ - whether custom templates should support YAML in addition to JSON
750
+ - how much graph editing belongs in 0.4 versus later versions
751
+ - final expression language for branch conditions
752
+ - whether command nodes should use allowlisted command templates only
753
+ - how workflow templates are imported, exported, and named
754
+ - how to present workflow validation errors in the UI
755
+ - how task creation should choose between default and custom workflow templates
756
+
757
+ ## 18. Recommended 0.4 Scope
758
+
759
+ The strongest 0.4 scope is:
760
+
761
+ - workflow engine foundation
762
+ - built-in default workflow expressed as data
763
+ - workflow run state as source of truth
764
+ - role definition model
765
+ - session lifecycle policies
766
+ - template selection
767
+ - custom template duplication
768
+ - form-based role editor
769
+ - form-based node editor for linear workflows
770
+ - explicit artifact contracts
771
+ - workflow validation
772
+
773
+ Advanced graph editing, complex parallel execution, and template marketplace
774
+ features should wait until the core state model is stable.
775
+
776
+ ## 19. Design Summary
777
+
778
+ Custom workflows are a major VCM capability because they move the product from a
779
+ single hardcoded process to a configurable local AI workbench.
780
+
781
+ The important design choice is not the graph UI. The important design choice is
782
+ making workflow runs the source of truth and treating role sessions as managed
783
+ execution resources. Once that separation is in place, custom roles, long-lived
784
+ sessions, fresh review sessions, reusable gates, artifact validation, and
785
+ auditable task progress all become coherent parts of one system.