Cross-company Workflow Runner v0 Cross-company workflow runner v0 Last verified: 2026-05-25 What it is ~/system/tools/cross-company-workflow.js is a deterministic wrapper around Mission Control and Company Mesh. Use it when a task needs a bounded multi-company loop such as: CodeCraft builds or reviews an implementation plan. Securion reviews security/privacy risk. Proveo validates acceptance or QA evidence. It is not a replacement for Mission Control ownership, Mehanik/Prompt-Forge gates, or Proveo verification. It only makes the cross-company handoff repeatable and evidence-producing. Source files Runner: ~/system/tools/cross-company-workflow.js Deterministic smoke workflow: ~/system/workflows/company-mesh-tool-smoke.json Strong-model workflow smoke: ~/system/workflows/company-mesh-strong-review-smoke.json Smoke test wrapper: ~/system/tools/tests/cross-company-workflow-smoke.sh Evidence output default: /tmp/alai/cross-company-workflows/ Commands Validate a workflow: node ~/system/tools/cross-company-workflow.js validate ~/system/workflows/company-mesh-tool-smoke.json --json Run a workflow: node ~/system/tools/cross-company-workflow.js run ~/system/workflows/company-mesh-tool-smoke.json --json Inspect state: node ~/system/tools/cross-company-workflow.js status /tmp/alai/cross-company-workflows/.json --json Finalize MC tasks after a PASS workflow: node ~/system/tools/cross-company-workflow.js finalize /tmp/alai/cross-company-workflows/.json \ --bookstack https://docs.alai.no/link/184 \ --json For static plumbing-only responder runs, finalization is intentionally blocked unless explicitly marked: node ~/system/tools/cross-company-workflow.js finalize /tmp/alai/cross-company-workflows/.json \ --bookstack https://docs.alai.no/link/184 \ --allow-plumbing-finalize \ --json Workflow JSON shape Minimum example: { "name": "example-review-loop", "description": "Bounded build/security/QA review loop.", "priority": "M", "actor": "john", "responderMode": "gemini-review", "steps": [ { "id": "codecraft", "company": "CodeCraft", "title": "CodeCraft review", "purpose": "Review implementation approach.", "prompt": "Review the pasted evidence. Return PASS/PARTIAL/BLOCKED first.", "endState": "ANSWERED" }, { "id": "securion", "company": "Securion", "title": "Security review", "purpose": "Review security/privacy risks.", "dependsOn": ["codecraft"], "prompt": "Review security implications of the pasted evidence.", "endState": "ANSWERED" } ] } Required per step: id company or agent purpose prompt or promptFile Optional per step: dependsOn title priority endState ( PASS , PARTIAL , BLOCKED , ANSWERED , DECLINED ) responderMode ( answer , blocked , decline , agent-runner , gemini-review ) ttlSeconds , maxTurns , costCapUsd , timeoutSeconds Safety defaults The runner is intentionally conservative: Uses JSON workflows only. Uses spawnSync argv arrays, not shell interpolation. promptFile must remain under the workflow file directory. MC child tasks use route=general so pi-orchestrator does not compete with the workflow. Responder execution is explicit per run/step; no daemon is started. State records the workflow SHA-256 and refuses status/finalize if the workflow file changed. Finalize refuses non-PASS workflows. Finalize refuses static responder evidence unless --allow-plumbing-finalize is provided. Responder modes Mode Meaning Use answer Static deterministic response Plumbing-only smoke tests blocked Static blocked response Negative-path plumbing tests decline Static decline response Policy/eligibility tests agent-runner Local persona via agent-runner.js Cheap local advisory, subject to claim gate gemini-review Cloud strong-model advisory via Gemini CLI Bounded strong review; keep prompts evidence-based and cost-limited Claim-gate override --claim-gate-off passes COMPANY_MESH_CLAIM_GATE=off to responder execution. Treat this as a break-glass/debug option only. Use it only when all are true: the workflow is plumbing-only or local debugging; no production, deploy, legal, financial, security, or customer-facing completion claim will be made from the output; the final evidence explicitly says claim gate was disabled; MC finalization is either skipped or marked as plumbing-only. Do not use --claim-gate-off to make blocked agent-runner responses look valid. If claim gate blocks a response, prefer adding concrete evidence paths/pasted evidence or returning PARTIAL / BLOCKED honestly. Evidence model A run writes: state JSON ( 0600 ) containing parent task, child tasks, message ids, responses, and end states. markdown evidence summary next to the state JSON. responder evidence JSON under the chosen evidence directory. Evidence should be treated precisely: Company Mesh delivery proves delivery only. Static answer proves plumbing only. agent-runner / gemini-review output is advisory unless it cites concrete evidence paths or pasted evidence. Mission Control done still requires normal validator/verdict gates. Known gotchas mc.js ready requires task status in_progress or ready_for_review , validation notes, and --bookstack . Claim gate can block agent-runner outputs if the response makes factual completion claims without evidence paths. gemini-review uses the local gemini CLI and may fail if credentials/model access are unavailable. Public demo/product workflows must still obey product guardrails: no destructive public mutation, no fake deploy/integration claims. Current verified status Completed evidence exists for the initial Company Mesh workflow runner smoke: /tmp/alai/company-mesh-handoff-20260523/mc-101896-cross-company-workflow-final-pass.md /tmp/alai/company-mesh-p2p-six-artifacts-consolidated-20260525T0210Z.md The next maturity step is a bounded non-smoke workflow using gemini-review or agent-runner against a real evidence artifact, with cost capped and no production mutation.