-
Notifications
You must be signed in to change notification settings - Fork 0
FAQ
No. CW delegates worker execution to an external agent command or endpoint. It records and verifies the resulting files and metadata, but it does not import a model SDK, hold an API key, or call a model API.
Not for the demo:
npx cool-workflow demo tamperYou need an agent for live review workflows such as architecture-review.
CW returns a blocked result. It writes state and a triage report, but it does not pretend the work completed.
Reports live under the reviewed repository:
<repo>/.cw/runs/<run-id>/report.md
The same directory contains state.json, audit logs, telemetry, worker scopes,
results, nodes, candidates, and commits.
It proves record integrity and signed attribution for reported usage when a public key is supplied. It does not prove the original reported number was true. A dishonest signer can still sign a lie; CW can prove who signed it and whether the recorded ledger changed afterward.
Read the full limit statement in
plugins/cool-workflow/docs/trust-model.md before relying on a green verdict.
The Wiki summary is Trust And Audit.
The trust model documents that limitation. Local hash chains detect partial edits, corruption, removal, and unchained changes. A writer who controls the whole local log can rewrite and re-chain it unless there is an external anchor or second party. CW treats that as an honest ceiling, not a marketing detail to hide.
The documented architecture-review quickstart uses readonly worker profiles.
Other workflow apps can request other sandbox profiles, such as
workspace-write, and those requests are recorded in manifests and run state.
Use architecture-review for the documented full review, or
architecture-review-fast when you want a shorter foreground pass. See
Workflow Apps.
Use --json or --format json on CLI commands where available. MCP tools expose
the same runtime through cw_* JSON-RPC tools.
See Commands or API and MCP And Manifests.
Yes. Use cw run export, cw run inspect-archive, cw run import, and
cw run verify-import. See Recovery And Restore.
CW treats man-page-style docs as part of the contract. Runtime features should
ship with matching docs and smoke tests, so advanced material lives in
plugins/cool-workflow/docs/ instead of making the README do everything.
BSD-2-Clause.
Organized from local Obsidian notes and reconciled with the current
coo1white/cool-workflow repository state.
Start here
Go deeper
- Workflow Apps
- Architecture
- Trust And Audit
- Recovery And Restore
- Commands or API
- MCP And Manifests
- Operations
- FAQ
Source docs