-
Notifications
You must be signed in to change notification settings - Fork 0
Architecture Principles
CW borrows from classic systems engineering without trying to become a literal Unix clone.
The design mantra:
Small kernel.
Explicit state.
Composable pipes.
Isolated workers.
Verifier-gated commits.
Important workflow events become inspectable state:
- prompt
- task
- dispatch
- worker result
- error
- verifier decision
- candidate score
- candidate selection
- schedule
- routine trigger
- commit
- topology run
- coordinator decision
- trust audit event
State should be inspectable, replayable where possible, comparable, and usable as report evidence.
The runtime owns stable system calls:
plan()
dispatch()
recordResult()
score()
select()
verify()
commit()
report()
schedule()
trigger()
Domain behavior belongs in workflow apps, workers, verifier logic, and topology recipes. It should not leak into host-specific skills or wrappers.
The canonical pipeline is:
workflow definition
-> validated input
-> task files
-> dispatch manifest
-> worker result
-> result envelope
-> candidate scoring
-> verifier gate
-> verifier-gated commit or explicit checkpoint
-> report
Each step should produce an artifact or state record.
Worker failure should not corrupt the kernel.
Isolation appears in:
- task prompt boundaries
- worker output directories
- result envelopes
- sandbox profiles
- candidate scoring
- fanout/fanin evidence
- host-enforced process, network, path, and environment controls
CW validates and records policy. The agent host still enforces OS/process, network, and environment isolation.
The final rule:
only verified state becomes committed state
Unverified outputs remain candidates, results, or explicit checkpoints. They do not become committed state by accident.
The capability registry is a thin Map — mechanism. Which capabilities exist and what they do is declared separately — policy. The dispatcher is a pipe with no knowledge of business logic:
Map<string, CapabilityHandler> ← mechanism
registerCapabilityHandler() ← policy (declared at import time)
dispatchCapability() ← mechanism (routes id -> handler.run())
Same for topologies:
Map<string, TopologyDefinition> ← mechanism
OFFICIAL_TOPOLOGIES ← built-in policy
registerTopology() ← user-registered policy
New capabilities auto-work across all three surfaces (CLI, MCP, Workbench) because the mechanism is uniform. Fail-closed on unknown ids.
Organized from local Obsidian notes and reconciled with the current
coo1white/cool-workflow repository state.
Start here
Go deeper
- Workflow Apps
- Architecture
- Trust And Audit
- Recovery And Restore
- Commands or API
- MCP And Manifests
- Operations
- FAQ
Source docs