Skip to content

Roadmap

Nick edited this page Jun 20, 2026 · 6 revisions

Roadmap

Reconciled with the current v0.1.78 code surface (published to npm) on 2026-06-11.

Workflow Orchestration — Tracks 1–3 (v0.1.77, all reviewer-gated) 🆕

  • Track 1 — Telemetry Attestation and Tamper-Evidence: ed25519-attested usage + tamper-evident hash-chained ledger + opt-in fail-closed mode. The moat.
  • Track 2 — Concurrent Failure Semantics: concurrent parallel() batches with collect-all + kill-on-timeout; 16-agent hang/crash/dirty acceptance proof.
  • Track 3 — Boundary Contracts: per-task schema validation, tokenBudget enforcement, one-way boundary welded into the type layer. (Data-dependent scheduling interpreter remains deferred.)

Working onboarding + distribution (v0.1.78) 🆕

  • --agent-command builtin:claude completes real-agent workers read-only; the cross-directory quickstart crash fixed; declared input defaults stop {{name}} leaks. Live dogfood proof committed.
  • Published to npm as cool-workflow (bins cw / cool-workflow, MCP server bundled). npx cool-workflow demo tamper is the headline differentiator demo.

Completed Foundation

  • StateNode and pipeline contract
  • Pipeline runner foundations
  • Error feedback loop
  • Worker isolation
  • Candidate scoring
  • Verifier-gated commits
  • Sandbox Profiles
  • Workflow App framework

End-to-End Runtime Layer

  • End-to-End Golden Path
  • Canonical Workflow Apps
  • Operator UX
  • MCP / App Surface completion
  • Release and migration discipline
  • Security / Trust Hardening
  • Dogfood One Real Repo release proof

First-Class Multi-Agent Runtime

  • Multi-Agent Runtime Core (v0.1.17)
  • Coordinator / Blackboard (v0.1.18)
  • Multi-Agent Topologies (v0.1.19)
  • Multi-Agent CLI + MCP Surface (v0.1.20)
  • Multi-Agent Operator UX (v0.1.21)
  • Multi-Agent Trust / Policy / Audit (v0.1.22)
  • Multi-Agent Eval & Replay Harness (v0.1.23)

Hardening, Scale & Explainability

  • Robustness Hardening (v0.1.24)
  • State Explosion Management — derived summaries, compact graph views (v0.1.25)
  • Evidence Adoption Reasoning Chain — why adopted, fail-closed (v0.1.26)

Platform & Control Plane

  • CLI ↔ MCP Parity — one capability registry, both surfaces, fail-closed (v0.1.27)
  • Run Registry / Control Plane — cross-repo search, resume, queue, archive, history, failed-run rerun (v0.1.28)
  • Execution Backends — pluggable node/bun/shell/container/remote/ci driver layer, identical evidence envelopes, fail-closed attestation (v0.1.29)
  • Cross-vendor distribution: single source-of-truth manifest generator with a fail-closed drift gate (Claude/Codex/…)

Agent-Driven Self-Evolution (v0.1.53) 🆕

  • Capability Registry: one declarative table — BUILTIN_CAPABILITIES: CapabilityDescriptor[] — that both front doors read, so each row reaches the CLI and MCP at once. 199 capabilities / 186 MCP tools, declared once and held in lockstep by the fail-closed parity:check gate.
  • Topology Registry: registerTopology(definition) — custom topologies with open string ids and data-driven role.count expansion. materializedRoles() no longer hardcodes mapper/judge switch logic.
  • BSD discipline: mechanism (Map / pipe) separate from policy (entries). Fail-closed on unknown ids.

Open Follow-Ups

  • Data-dependent scheduling interpreter (Track 3, deferred): Layer 2 reading a

    Partly addressed since: a bounded loop(name, tasks, {maxRounds, until}) phase now lets a named PURE predicate read RECORDED round results (and attested-only usage) to decide whether to run another round, hard-capped at maxRounds — a bounded, replay-deterministic step toward data-dependent control. The full Layer-2 form (reading a previous agent's raw output to pick the NEXT dispatch) is still open.

    previous agent's output to decide the next dispatch, behind the one-way boundary.

  • Distribution / GTM: the code is now npm-installable with a working onboarding and a headline demo — the current bottleneck is reach (users), not features.

  • Real container/remote/ci backend integrations beyond the contract-conformant delegating drivers.

  • Deeper persisted failure-node payloads.

Known Boundary

Sandbox policy enforcement remains split by design, now made explicit per execution backend:

  • CW validates, records, and reports policy; each backend declares per-dimension enforce / attest / unsupported and fails closed when a required dimension cannot be honored.
  • The agent host (or the delegated container/remote/ci runner) enforces OS/process/network/environment controls.

This boundary should stay explicit in docs, manifests, worker prompts, operator summaries, and backend attestations.

Clone this wiki locally