Skip to content

Workflow profiles: named seed-set presets over a base workflow (stealth mode, review mode) #213

Description

@m2ux

Motivation

Two recent pieces of work point at the same missing primitive:

  • Stealth mode (feat: remediate-vuln 2.0.0 borrows work-package under stealth_mode (wp 3.28.0) #211/feat(server): source-scoped borrowed-technique resolution + check:stealth leakage guard #212): remediate-vuln 2.0.0 is now a ~200-line thin wrapper over work-package — its real payload is a seed set (stealth_mode: true, push_remote: security, is_review_mode: false), three isolation rules, one security-specific start activity, and the borrowed-activity list. The wrapper exists only because seeded defaultValues are per-workflow and there is no other pre-execution way to fix a session's variable state.
  • Review mode (v3.19–3.21 work): is_review_mode is an in-workflow mode flag set by a detection step + activation checkpoints, with an interaction posture (headless auto-advance) carried as workflow rule text. Same shape: one graph, a different seeded state plus a different interaction posture.

Both are instances of a profile: a named, curated preset over a base workflow that fixes seeded state (and possibly posture) before execution begins, so that gates hold from step zero and static guards (e.g. check:stealth) can verify reachability against the profile's defaults rather than trusting a runtime selection.

Concept outline

A profile is a first-class, named preset declared by (or registered against) a base workflow:

# workflow.yaml (sketch)
profiles:
  - id: stealth
    title: Private remediation (no public disclosure)
    tags: [security, private]
    seeds:
      stealth_mode: true
      push_remote: security
      is_review_mode: false
    rules:            # optional profile-scoped rule additions
      activity:
        - "PRIVATE RESEARCH ONLY: ..."
    initialActivity: security-start   # optional entry-activity override (see open questions)
  - id: review
    title: PR review
    seeds:
      is_review_mode: true
    posture: headless   # optional interaction posture (auto-advance defaults, no dialogs)

What the engine would provide

  1. Catalog visibilitylist_workflows surfaces profile entries (e.g. work-package@stealth) with their own tags/description, so discover-session matches "remediate this advisory privately" to the profile the same way it matches a workflow today.
  2. Seeding at session creationstart_session / dispatch_child accept workflow_id + profile; the session bag is seeded from base defaultValues overlaid with the profile's seeds, recorded in the variables_seeded history event and in session.json (auditable, resume-stable).
  3. Guard integration — corpus guards evaluate reachability per profile (check:stealth --workflow work-package@stealth); check:variable-model validates profile seeds against declared variable types.
  4. Identity as guarantee — selecting the profile is the safety property: no default-open window, no runtime checkbox to get wrong, no step-ordering dependency. This is the property the current wrapper-workflow pattern provides and that an in-workflow "mode selection checkpoint" cannot.

Candidate profiles

Profile Today As a profile
work-package@stealth remediate-vuln wrapper workflow seeds stealth_mode/push_remote, private tags, isolation rules; potentially deprecates the wrapper
work-package@review is_review_mode detection step + activation checkpoints + headless-auto-advance rule text seed is_review_mode: true + posture: headless; the detection/activation machinery becomes the non-profile path only

Open design questions

  1. Entry-activity override. remediate-vuln's start (advisory inputs, security remote, isolation checks) is real content, not a seed. Can a profile override initialActivity and contribute activities, or do content-bearing specializations remain wrapper workflows (profiles covering only the pure seed-set cases)? This decides whether remediate-vuln can be fully deprecated or shrinks to an even thinner shell.
  2. Posture as data. Review mode's headless auto-advance is currently rule prose (review-mode-headless-auto-advance). Is interaction posture (headless vs interactive, auto-advance behavior) a profile attribute the orchestrator honors structurally?
  3. Seeds vs checkpoint effects. Profile seeds must not be overridable by accident mid-run — do gated-out mode checkpoints (e.g. review-mode-detection under @review) get skipped structurally when the profile fixes their variable?
  4. Fragment/technique scoping. Profiles are same-workflow, so Epic: schema/technique/disclosure review backlog (2026-07-03) #166 B10 / source-scoped technique resolution (feat(server): source-scoped borrowed-technique resolution + check:stealth leakage guard #212) are unaffected — confirm no interaction.
  5. dispatch_child + meta. How discover-session/initialize-session address a profile (workflow_id: work-package, profile: stealth vs a composite id), and how the planning-slug fallback names profile sessions.
  6. Migration. If (1) lands with entry-activity override: deprecation path for remediate-vuln (catalog alias, session resume compatibility). If not: remediate-vuln stays as the documented wrapper pattern and profiles serve the seed-only cases (review mode first).

Non-goals / constraints

🤖 Generated with Claude Code

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions