You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Review mode (v3.19–3.21 work): is_review_mode is an in-workflow mode flag set by a detection step + activation checkpoints, with an interaction posture (headless auto-advance) carried as workflow rule text. Same shape: one graph, a different seeded state plus a different interaction posture.
Both are instances of a profile: a named, curated preset over a base workflow that fixes seeded state (and possibly posture) before execution begins, so that gates hold from step zero and static guards (e.g. check:stealth) can verify reachability against the profile's defaults rather than trusting a runtime selection.
Concept outline
A profile is a first-class, named preset declared by (or registered against) a base workflow:
# workflow.yaml (sketch)profiles:
- id: stealthtitle: Private remediation (no public disclosure)tags: [security, private]seeds:
stealth_mode: truepush_remote: securityis_review_mode: falserules: # optional profile-scoped rule additionsactivity:
- "PRIVATE RESEARCH ONLY: ..."initialActivity: security-start # optional entry-activity override (see open questions)
- id: reviewtitle: PR reviewseeds:
is_review_mode: trueposture: headless # optional interaction posture (auto-advance defaults, no dialogs)
What the engine would provide
Catalog visibility — list_workflows surfaces profile entries (e.g. work-package@stealth) with their own tags/description, so discover-session matches "remediate this advisory privately" to the profile the same way it matches a workflow today.
Seeding at session creation — start_session / dispatch_child accept workflow_id + profile; the session bag is seeded from base defaultValues overlaid with the profile's seeds, recorded in the variables_seeded history event and in session.json (auditable, resume-stable).
Guard integration — corpus guards evaluate reachability per profile (check:stealth --workflow work-package@stealth); check:variable-model validates profile seeds against declared variable types.
Identity as guarantee — selecting the profile is the safety property: no default-open window, no runtime checkbox to get wrong, no step-ordering dependency. This is the property the current wrapper-workflow pattern provides and that an in-workflow "mode selection checkpoint" cannot.
Candidate profiles
Profile
Today
As a profile
work-package@stealth
remediate-vuln wrapper workflow
seeds stealth_mode/push_remote, private tags, isolation rules; potentially deprecates the wrapper
work-package@review
is_review_mode detection step + activation checkpoints + headless-auto-advance rule text
seed is_review_mode: true + posture: headless; the detection/activation machinery becomes the non-profile path only
Open design questions
Entry-activity override. remediate-vuln's start (advisory inputs, security remote, isolation checks) is real content, not a seed. Can a profile override initialActivity and contribute activities, or do content-bearing specializations remain wrapper workflows (profiles covering only the pure seed-set cases)? This decides whether remediate-vuln can be fully deprecated or shrinks to an even thinner shell.
Posture as data. Review mode's headless auto-advance is currently rule prose (review-mode-headless-auto-advance). Is interaction posture (headless vs interactive, auto-advance behavior) a profile attribute the orchestrator honors structurally?
Seeds vs checkpoint effects. Profile seeds must not be overridable by accident mid-run — do gated-out mode checkpoints (e.g. review-mode-detection under @review) get skipped structurally when the profile fixes their variable?
dispatch_child + meta. How discover-session/initialize-session address a profile (workflow_id: work-package, profile: stealth vs a composite id), and how the planning-slug fallback names profile sessions.
Migration. If (1) lands with entry-activity override: deprecation path for remediate-vuln (catalog alias, session resume compatibility). If not: remediate-vuln stays as the documented wrapper pattern and profiles serve the seed-only cases (review mode first).
Profiles must not weaken the stealth guarantee: whatever ships, check:stealth must still verify disclosure-step unreachability against pre-execution seeded state.
Keep the schema minimal (techniques-first principle): prefer the smallest engine surface that removes the wrapper boilerplate.
Motivation
Two recent pieces of work point at the same missing primitive:
remediate-vuln2.0.0 is now a ~200-line thin wrapper overwork-package— its real payload is a seed set (stealth_mode: true,push_remote: security,is_review_mode: false), three isolation rules, one security-specific start activity, and the borrowed-activity list. The wrapper exists only because seededdefaultValues are per-workflow and there is no other pre-execution way to fix a session's variable state.is_review_modeis an in-workflow mode flag set by a detection step + activation checkpoints, with an interaction posture (headless auto-advance) carried as workflow rule text. Same shape: one graph, a different seeded state plus a different interaction posture.Both are instances of a profile: a named, curated preset over a base workflow that fixes seeded state (and possibly posture) before execution begins, so that gates hold from step zero and static guards (e.g.
check:stealth) can verify reachability against the profile's defaults rather than trusting a runtime selection.Concept outline
A profile is a first-class, named preset declared by (or registered against) a base workflow:
What the engine would provide
list_workflowssurfaces profile entries (e.g.work-package@stealth) with their own tags/description, so discover-session matches "remediate this advisory privately" to the profile the same way it matches a workflow today.start_session/dispatch_childacceptworkflow_id + profile; the session bag is seeded from basedefaultValues overlaid with the profile'sseeds, recorded in thevariables_seededhistory event and insession.json(auditable, resume-stable).check:stealth --workflow work-package@stealth);check:variable-modelvalidates profile seeds against declared variable types.Candidate profiles
work-package@stealthremediate-vulnwrapper workflowstealth_mode/push_remote, private tags, isolation rules; potentially deprecates the wrapperwork-package@reviewis_review_modedetection step + activation checkpoints + headless-auto-advance rule textis_review_mode: true+posture: headless; the detection/activation machinery becomes the non-profile path onlyOpen design questions
initialActivityand contribute activities, or do content-bearing specializations remain wrapper workflows (profiles covering only the pure seed-set cases)? This decides whetherremediate-vulncan be fully deprecated or shrinks to an even thinner shell.review-mode-headless-auto-advance). Is interaction posture (headless vs interactive, auto-advance behavior) a profile attribute the orchestrator honors structurally?@review) get skipped structurally when the profile fixes their variable?workflow_id: work-package, profile: stealthvs a composite id), and how the planning-slug fallback names profile sessions.remediate-vuln(catalog alias, session resume compatibility). If not:remediate-vulnstays as the documented wrapper pattern and profiles serve the seed-only cases (review mode first).Non-goals / constraints
check:stealthmust still verify disclosure-step unreachability against pre-execution seeded state.🤖 Generated with Claude Code