Problem
Workflow steps are still too trusting of agent output. In practice, step output can be treated as "good enough" even when the contract is loose, STATUS is missing, JSON payloads are malformed, or verifier output is not machine-safe enough.
The most concrete deep-research failure mode is that verifier output can be incomplete or malformed without the runtime reliably stopping the writer step.
This makes workflows fragile and allows bad output to propagate as if it were valid.
Goal
Make workflow step output fail-closed in the runtime, with particular focus on deep-research.
Scope
Update the workflow runtime so that:
STATUS is required- only known statuses are accepted:
- all
*_JSON fields are validated as real JSON
- verifier output that is missing or contains a malformed packet cannot proceed to writer
expects is actually enforced before the pipeline advancesblocked becomes a real runtime state, not just a word in output
Primary files
src/installer/step-ops.tsworkflows/deep-research/workflow.yml
Secondary files if needed
src/installer/types.tssrc/installer/status.tssrc/cli/cli.ts
Implementation notes
- Start in
src/installer/step-ops.ts, not with a broad schema redesign
- Keep existing string-based
expects initially if that keeps the change smaller
- Make validation strict inside
completeStep()
- Do not allow malformed
RESEARCH_PACKET_JSON or VERIFIED_PACKET_JSON to pass as best-effort output
STATUS: blocked should set step/run to blocked and stop the pipeline
Acceptance criteria
- step output without
STATUS cannot mark a step as done
- unknown
STATUS cannot mark a step as done
- malformed
*_JSON cannot advance the pipeline
- a verifier step without valid
VERIFIED_PACKET_JSON cannot allow writer to proceed
expects mismatch is not treated as successSTATUS: blocked sets step/run to blocked and stops forward progress
Test plan
Add tests for:
- missing
STATUS
- unknown
STATUS
- malformed
RESEARCH_PACKET_JSON
- malformed
VERIFIED_PACKET_JSON
STATUS: blocked- verifier output that looks plausible but does not satisfy the contract
- valid verifier output that correctly allows writer to proceed
Non-goals
- full workflow schema redesign
- generic taint/trust engine
- prompt polishing
- larger branching engine work
Problem
Workflow steps are still too trusting of agent output. In practice, step output can be treated as "good enough" even when the contract is loose,
STATUSis missing, JSON payloads are malformed, or verifier output is not machine-safe enough.The most concrete deep-research failure mode is that verifier output can be incomplete or malformed without the runtime reliably stopping the writer step.
This makes workflows fragile and allows bad output to propagate as if it were valid.
Goal
Make workflow step output fail-closed in the runtime, with particular focus on deep-research.
Scope
Update the workflow runtime so that:
STATUSis requireddoneretryblocked*_JSONfields are validated as real JSONexpectsis actually enforced before the pipeline advancesblockedbecomes a real runtime state, not just a word in outputPrimary files
src/installer/step-ops.tsworkflows/deep-research/workflow.ymlSecondary files if needed
src/installer/types.tssrc/installer/status.tssrc/cli/cli.tsImplementation notes
src/installer/step-ops.ts, not with a broad schema redesignexpectsinitially if that keeps the change smallercompleteStep()RESEARCH_PACKET_JSONorVERIFIED_PACKET_JSONto pass as best-effort outputSTATUS: blockedshould set step/run to blocked and stop the pipelineAcceptance criteria
STATUScannot mark a step as doneSTATUScannot mark a step as done*_JSONcannot advance the pipelineVERIFIED_PACKET_JSONcannot allow writer to proceedexpectsmismatch is not treated as successSTATUS: blockedsets step/run to blocked and stops forward progressTest plan
Add tests for:
STATUSSTATUSRESEARCH_PACKET_JSONVERIFIED_PACKET_JSONSTATUS: blockedNon-goals