Repository-native workflow governance for AI-assisted engineering
AIWF is a lightweight, repository-native workflow governance layer for AI-assisted engineering work. It helps engineering teams determine when AI-assisted work is actually ready to be considered complete.
AIWF records task metadata, validation, review, evidence, and finalize decisions inside the repository. It makes completion claims reviewable, traceable, and reproducible without acting as a workflow engine or replacing human review.
AI can generate code, documentation, tests, and fixes. Engineering teams still need evidence before they can confidently say that work is complete. AIWF records workflow evidence inside the repository, making completion claims reviewable, traceable, and reproducible.
| AIWF provides | AIWF is NOT |
|---|---|
| Workflow evidence governance | Workflow engine |
| Repository-native workflow records | Project management tool |
| Completion readiness checks | CI system |
| Deterministic workflow metadata | Coding agent |
| Evidence-driven finalize gate | Test runner |
AIWF does not guarantee correctness, decide whether product requirements are complete, or replace human review.
Create a workflow task:
./aiwf new-task demo_taskRun readiness checks:
./aiwf check --path <task_dir>
./aiwf check --path <task_dir> --finalize-ready
./aiwf doctor --path <task_dir>Finalize when evidence is ready:
./aiwf finalize --path <task_dir>Use the task directory printed by ./aiwf new-task.
If actual CLI syntax differs in your installed version, follow runtime help from ./aiwf --help.
AIWF uses two independent version identifiers.
| Identifier | Represents |
|---|---|
| AIWF Tool Version | Runtime implementation, CLI behavior, packaging, bug fixes, security hardening, and internal architecture improvements |
| Workflow Protocol Version | Workflow semantics, workflow evidence model, state transitions, event semantics, completion boundary, and protocol compatibility |
Security fixes and implementation improvements normally update only the AIWF Tool Version. The Workflow Protocol Version changes only when workflow semantics evolve.
Current metadata version boundary:
| Field | Value |
|---|---|
| Release version | 1.7.12 |
| AIWF Tool Version | 1.7.12 |
| Workflow Protocol Version | 1.7.8 |
- AIWF core scope and domain boundary: .aiwf/docs/repo_boundary.md
- Canonical protocol semantics: .aiwf/docs/workflow_protocol.md
- AI agent governance entrypoint: .aiwf/docs/agent_rules/00_index.md
- Agent managed block integration: .aiwf/docs/agent_integration.md
- Metadata attribution and profile rules: .aiwf/docs/metadata.md
- Repository source packaging guideline: .aiwf/docs/packaging.md
- v1.7.0 release baseline: .aiwf/docs/releases/v1.7.0.md
- v1.7.1 patch hardening: .aiwf/docs/releases/v1.7.1.md
- v1.7.2 patch hardening: .aiwf/docs/releases/v1.7.2.md
- v1.7.3 adoption foundation consolidation: .aiwf/docs/releases/v1.7.3.md
- v1.7.4 release consistency and metadata artifact hygiene: .aiwf/docs/releases/v1.7.4.md
- v1.7.5 deterministic task metadata hardening: .aiwf/docs/releases/v1.7.5.md
- v1.7.5.post2 metadata attribution hardening: .aiwf/docs/releases/v1.7.5.post2.md
- v1.7.5.post3 metadata visibility and profile runtime option hardening: .aiwf/docs/releases/v1.7.5.post3.md
- v1.7.5.post4 metadata init inline allowed-values help: .aiwf/docs/releases/v1.7.5.post4.md
- v1.7.5.post5 metadata show compact source rendering: .aiwf/docs/releases/v1.7.5.post5.md
- v1.7.7 AIWF Upgrade Mechanism v1: .aiwf/docs/releases/v1.7.7.md
- v1.7.8 shared date validation hardening: .aiwf/docs/releases/v1.7.8.md
- v1.7.8.post1 public release baseline: .aiwf/docs/releases/v1.7.8.post1.md
- v1.7.9 Package Records evidence portability: .aiwf/docs/releases/v1.7.9.md
- v1.7.10 filesystem trust-boundary security hardening: .aiwf/docs/releases/v1.7.10.md
- v1.7.10.post2 upgrade runtime dependency and template copy-scope fix: .aiwf/docs/releases/v1.7.10.post2.md
- v1.7.11 fail-closed task creation identity safety: .aiwf/docs/releases/v1.7.11.md
- v1.7.12 agents path repository-boundary hardening: .aiwf/docs/releases/v1.7.12.md
- Package Records release preparation: .aiwf/docs/releases/package_records_release_preparation.md
Audience: a clean repository that does not yet have the AIWF runtime, docs, templates, or managed AGENTS block.
Minimal flow:
mkdir -p .aiwf/bin .aiwf/docs .aiwf/templates
cp /path/to/new_aiwf_repo/aiwf ./aiwf
chmod +x ./aiwf
cp -R /path/to/new_aiwf_repo/.aiwf/bin ./.aiwf/
cp -R /path/to/new_aiwf_repo/.aiwf/docs ./.aiwf/
cp -R /path/to/new_aiwf_repo/.aiwf/templates ./.aiwf/
cp /path/to/new_aiwf_repo/.aiwf/config.yaml ./.aiwf/config.yaml
./aiwf agents install --path AGENTS.md --yesExpected result:
./aiwfresolves the canonical.aiwf/bin/ai_workflow.pyruntime..aiwf/docs/and.aiwf/templates/come from the same source package.- root
AGENTS.mdhas a managed block. - task records are created under
.aiwf/records/ai_YYYYMMDD/. - project-level
docs/,tools/, andscripts/remain project-owned and are not required by AIWF. - AIWF install does not create, overwrite, or assume ownership of files under root
scripts/unless explicitly requested for a project-specific integration.
Validation:
./aiwf --help
./aiwf upgrade --check --source /path/to/new_aiwf_repo
./aiwf agents check --path AGENTS.md
./aiwf new-task aiwf_install_smoke
./aiwf doctor --path <generated_task_path>For a first install, upgrade --check is only a non-mutating package/layout consistency check.
Run doctor only after creating the first task and substituting its actual generated path.
Detailed guide: .aiwf/docs/adoption_guide.md
Audience: a repository that already has AIWF files and needs a newer source package.
Minimal flow:
cp /path/to/new_aiwf_repo/aiwf ./aiwf
chmod +x ./aiwf
./aiwf upgrade --check --source /path/to/new_aiwf_repo
./aiwf upgrade --dry-run --source /path/to/new_aiwf_repo
./aiwf upgrade --apply --source /path/to/new_aiwf_repoExpected result:
./aiwf,.aiwf/bin/**,.aiwf/docs/**, and.aiwf/templates/**come from the new source package..aiwf/records/,.aiwf/events/,.aiwf/migrations/, and.aiwf/config.yamlare preserved.- project-level
docs/,tools/, andscripts/remain project-owned. - existing project-owned files under root
scripts/remain unchanged. - legacy AIWF root
docs/migration is disabled by default and runs only with explicit opt-in after reviewing ownership.
Validation:
./aiwf --help
./aiwf upgrade --check --source /path/to/new_aiwf_repo
./aiwf upgrade --dry-run --source /path/to/new_aiwf_repo
./aiwf agents check --path AGENTS.md
./aiwf check --path .aiwf/records/ai_YYYYMMDD/NNN_task_name --finalize-readyDetailed guide: .aiwf/docs/upgrading.md
| Repository state | Recommended path |
|---|---|
No aiwf wrapper and no .aiwf/ tree |
First install |
Root aiwf exists and .aiwf/ exists |
Upgrade |
Legacy docs/ai_* layout exists |
Upgrade / migration path |
| Partial or inconsistent layout | Run ./aiwf upgrade --check --source <source_repo> and review blockers before --apply |
Command identity:
./aiwfis the recommended user-facing and agent-facing repository-local command entrypoint..aiwf/bin/ai_workflow.pyis the canonical runtime implementation.- AIWF owns only the root
./aiwfentrypoint and the.aiwf/namespace. - project-level
tools/ai_workflow.py, when present in older repositories, is a project-owned legacy file. AIWF preserves it unchanged and does not use it as the supported public entrypoint. - After confirming no external caller depends on a legacy
tools/ai_workflow.py, users may remove it manually. ./aiwfinterpreter resolution order is:AIWF_PYTHON- repo-local
.venv/bin/python - repo-local
.venv/Scripts/python - repo-local
.venv/Scripts/python.exe pythonfromPATHpython3fromPATH(validated as Python >= 3.10)
- Windows Store alias paths under
Microsoft/WindowsAppsare treated as non-runnable candidates and are skipped during fallback selection.
Records root layout:
- Canonical records root is
.aiwf/records. - Canonical AIWF docs root is
.aiwf/docs. .aiwf/config.yamldeclares the committed layout version:aiwf_layout_version: 2 docs_root: ".aiwf/docs" record_root: ".aiwf/records" event_log: ".aiwf/events/events.jsonl" legacy_enabled: true
- With this config, new task records are created under
.aiwf/records/ai_YYYYMMDD/. - Legacy
layout.records_rootis still accepted for compatibility in older repos.
Dataset export boundary:
./aiwf dataset export --output <path>accepts a repository-local relative or absolute output path outside the active configured records root..aiwf/records/and any configured records root are reserved for workflow evidence; use project-owned paths such asartifacts/dataset.json,reports/aiwf/dataset.json, or an experiment output directory.- Resolved nested paths and symlinks into the records root are rejected with return code
2; absolute paths outside the repository remain rejected.
Run a full lifecycle example:
AGENTS root entrypoint helpers:
./aiwf agents print-block
./aiwf agents check --path AGENTS.md
./aiwf agents install --path AGENTS.md --yesRoot AGENTS.md is a thin managed bootstrap entrypoint. The managed block source of truth is .aiwf/templates/AGENTS.block.md. The canonical rules live under .aiwf/docs/agent_rules/, starting with .aiwf/docs/agent_rules/00_root_entrypoint.md.
For this release, release identity and tool provenance advance to 1.7.12 while workflow protocol semantics remain at 1.7.8.
Current metadata version boundary:
- release version:
1.7.12 - tool version:
1.7.12 - workflow protocol version:
1.7.8
The upgrade mechanism is additive and does not imply a package manager, a database migration framework, or silent overwrites of workflow evidence.
AIWF is licensed under the Apache License, Version 2.0. See LICENSE.
./aiwf metadata show displays effective AI agent attribution metadata.
Effective metadata is resolved in this order:
default -> active profile -> .aiwf/metadata.local.env -> shell env
./aiwf metadata profile use <name> changes .aiwf/metadata.current, but .aiwf/metadata.local.env or shell AIWF_* metadata variables may still override the active profile.
Use:
./aiwf metadata profile show
./aiwf metadata show
./aiwf metadata statusto inspect stored profile values, effective values, and metadata resolution behavior.
When all effective metadata fields resolve from the same source, ./aiwf metadata show prints one shared Source: line. Mixed-source metadata continues to show per-field from: lines.
During ./aiwf metadata init, enter ? to show allowed values for the current field, or :all to print the full metadata allowed-values reference without leaving the prompt flow.
finalizeis the closure point.- Once finalized, new evidence records are rejected (for example
AIWF-FINALIZED-002). - If work is needed after finalize, create a follow-up task.
check --finalize-readyis the recommended pre-finalize gate.- v1.7.0 adds task-level pre-edit governance via
guard --pre-edit --path <task_dir>. - v1.7.0 remains evidence-driven for finalize semantics. Strict phase-gated finalize is still deferred.
New AIWF task records use review_agent.md as the canonical AI/agent review
artifact. Existing records that contain only review_codex.md remain supported
through a legacy alias and should not be bulk-renamed.
- AIWF does not guarantee physical immutability of finalized artifacts.
- AIWF governance guarantee is deterministic drift handling:
- detect drift
- diagnose scope/cause
- repair via follow-up workflow task
- preserve repair evidence
- Silent rewrite of finalized evidence is not allowed.
- If finalized artifact drift is found, use a dedicated repair task that records:
- affected original task path/files
- drift diagnosis
- repair actions
- post-repair consistency checks
guard --pre-edit is a pre-edit governance guard. It does not replace:
check --finalize-ready- validation evidence
- review
finalize
finalize remains the closure authority.
For future task naming, avoid duplicated numeric prefixes where possible.
- Prefer:
005_aiwf_v1_7_0_post_merge_baseline_review - Avoid:
001_005_aiwf_v1_7_0_post_merge_baseline_review
Existing finalized task paths should not be renamed only for cosmetic cleanup.
- Diagnostic code catalog: .aiwf/docs/diagnostics.md
- Report usage and caveats: .aiwf/docs/reporting.md
Report commands:
./aiwf report --path .aiwf/records --format json
./aiwf report --path .aiwf/records --format markdownAIWF v1.7.12 contains the agents repository-boundary hardening, F-02 relocate/upgrade conflict evidence correction, and F-03 task-ID/creation side-effect hardening.
agents check --pathandagents install --pathreject absolute outside paths,..traversal, and symlinks that resolve outside the repository.- Rejected paths return
2withAIWF-AGENTS-PATH-001and do not write files; valid repository-local nested paths remain supported. relocate --apply --legacy-docsandupgrade --apply --migrate-legacy-docsperform a complete conflict preflight before mutation.- Relocation conflicts return
2withAIWF-RELOCATE-CONFLICT-001; no file mutation or success report/evidence is produced. --checkand--dry-runexpose the blocker without changing files; no-conflict and already-relocated paths remain supported.next-idis read-only: a missing date returns001without creating a date directory, index, event, or report; non-directory date paths fail closed withAIWF-TASK-ID-001.new-taskvalidates deterministic metadata before ID/directory allocation, so invalid tags, references, related files, priority/risk values, duplicate names, and--update-existingleave no orphan date directory or partial artifacts.backfillrecords deterministic source provenance inbackfill_source.json; repeated matching runs are idempotent no-ops and do not create duplicate tasks or index entries.backfill --update-existingonly creates missing artifacts for matching provenance and never overwrites historical task, validation, review, index, event, or finalized evidence. Identity conflicts and ambiguous candidates fail closed.finalize --dry-runandcheck --finalize-readyare repository read-only operations: they print projected/readiness results without changing task artifacts, metadata, indexes, reports, or event logs. Readiness output is not closure evidence.- Read-only paths bypass the event writer even when internal
AIWF_EVENT_LOG=1is enabled; the current CLI has no explicit event-logging option. Normal finalize event emission remains after successful mutation. - The workflow protocol remains
1.7.8; no event schema, phase, or finalize semantic change is introduced.
AIWF v1.7.11 makes task creation fail closed around task identity.
new-task --update-existingis rejected without writing files.- Same-date duplicate normalized task names are rejected before ID allocation.
check,doctor, andfinalizereport existing duplicates as blockers.
The workflow protocol remains 1.7.8; no event schema, finalize semantic,
phase state machine, or historical-record migration is introduced.
AIWF v1.7.10.post2 fixes public package upgrade reliability for multi-file runtime installs.
This patch ensures upgrade --apply installs:
aiwf.aiwf/bin/**.aiwf/docs/**.aiwf/templates/**
upgrade --check now validates source package completeness and detects
same-version target repositories that are missing runtime dependencies or the
managed AGENTS template. No workflow protocol semantic change, event schema
change, finalize gate change, phase state machine change, or records migration
is introduced.
AIWF v1.7.10 is a runtime security hardening release for filesystem trust-boundary handling.
This release hardens:
- public export symlink traversal under allowlisted roots
- review bundle symlinked task content
- upgrade source-package symlinked members
- review bundle output destinations under protected workflow evidence paths
- review bundle overwrite behavior, which now requires explicit
--force
Normal public export, review bundle, and upgrade command syntax remains unchanged. No workflow protocol semantic change, event schema change, or phase state machine change is introduced.
AIWF v1.7.9 adds Package Records as an optional workflow evidence portability capability:
./aiwf package records --output records.zipThe package includes a manifest, inventories, copied workflow records, event evidence, optional dataset output, redaction metadata, and integrity metadata. It is intended for workflow evidence analysis and engineering handoff, not as a repository backup or source archive.
This release also introduces review_agent.md as the canonical agent review
artifact for new tasks while retaining review_codex.md as a legacy alias for
existing records.
No workflow protocol, event schema, or finalize behavior change is introduced.
Package Records creates a deterministic workflow evidence package for analysis, review, and engineering handoff:
./aiwf package records --output records.zipAdditional examples:
./aiwf package records --output aiwf_records_package.zip
./aiwf package records --output aiwf-records-package --format directory
./aiwf package records --dry-run --output package_manifest.jsonPackage Records is:
- a workflow evidence package
- an analysis package
- an engineering handoff package
Package Records is not:
- a repository backup
- a source archive
- a tamper-proof audit ledger
The package contains package_manifest.json, summary and inventory files,
copied task records, canonical events, optional dataset output, and integrity
metadata. The default redaction profile is safe; use --redaction-profile internal or --redaction-profile none only when the sharing boundary allows
it. Secret findings fail closed.
Package records output separates package status from source workflow evidence
quality. Package Generation, Manifest Schema, Package Integrity, and
Privacy/Security describe whether the package was produced safely. Workflow Evidence Findings describes findings discovered while inspecting the selected
source workflow records, and may be WARNING or FAIL even when package
generation succeeded.
AIWF task records under .aiwf/records/ai_YYYYMMDD/ are intended to be committed by default.
They are workflow evidence and part of the later reporting dataset.
Deterministic user-input and repository-path validation failures return exit
code 2. This local contract does not redefine exit behavior for repository
configuration errors, internal invariant failures, unexpected runtime
failures, argparse usage errors, or process interruption.
Do not commit:
- secrets or private credentials
- private customer data
- large binary artifacts
Use sanitized summaries and external evidence references when required.
AIWF separates workflow execution evidence from derived knowledge and narrative material:
.aiwf/records/ai_YYYYMMDD/*: workflow execution records, task lifecycle artifacts, validation/review/finalize evidence, and task-local.aiwf/events.jsonl..aiwf/docs/knowledge/*: reusable operational engineering knowledge derived from tasks, such as patterns, repeatable bugs, and decisions. These files are not workflow execution records.knowledge/analysis/*: cross-task analysis, trend analysis, workflow interpretation, and comparative studies. Analysis is interpretation, not raw workflow evidence.knowledge/articles/*: public narrative material, article strategy, README strategy, and external communication drafts. Public narrative material must not be treated as protocol or runtime source of truth.
Source precedence:
runtime code
> protocol/design docs
> release notes
> workflow execution records
> reusable engineering knowledge
> derived analysis
> public narrative material
Only .aiwf/records/ai_YYYYMMDD/* task records and task-local event logs should be used as raw workflow evidence.
Derived analysis, reusable knowledge, and public narrative material may summarize or interpret workflow evidence, but they must not override runtime behavior, protocol semantics, or recorded workflow evidence.
Requirements:
- Python 3.10+ (or the repository-supported version)
pytestfor unit tests- no runtime third-party dependency required for basic AIWF CLI behavior
This repository currently uses requirement.txt (not requirements.txt).
python -m venv .venv
source .venv/bin/activate
python -m pip install -r requirement.txt
python -m pytest -qUse .env.example as the template for local overrides:
cp .env.example .envFor using AIWF in another repository: