{
  "report_info": {
    "version": "9.0.1",
    "generated_at": "2026-06-28T11:16:31Z",
    "binary_name": "workflow-manager"
  },
  "binary": {
    "name": "workflow-manager",
    "path": "/opt/kodachi/dashboard/hooks/workflow-manager",
    "timestamp": "2026-06-28T11:16:31Z",
    "file_info": {
      "size": 4452160,
      "sha256": "377df37778f2902c0d4f8fa64d2926aa429001f4d816774f6f0c393c4e57aff6"
    },
    "flag_n": {
      "command": "info",
      "data": {
        "author": "Warith Al Maawali",
        "copyright": "© 2026 Linux Kodachi",
        "description": "Workflow manager for batch command execution with conditional logic",
        "features": [
          "Template-based workflow management",
          "Conditional command execution",
          "Batch processing with retry logic",
          "State tracking and logging",
          "Concurrent execution support",
          "Pause steps with user confirmation",
          "Pattern matching and regex conditions",
          "JSON path subset support (dot fields + array indexes)",
          "Prerequisites validation before execution",
          "System state checking and probes",
          "Reusable probe functions for conditions"
        ],
        "license": "Proprietary",
        "name": "workflow-manager",
        "securityFeatures": {
          "authentication": "Not provided by cli-core (see online-auth)",
          "encryption": "Not provided by cli-core",
          "inputValidation": "Argument parsing via clap; per-command validation is the consumer's responsibility",
          "rateLimiting": "Not provided by cli-core"
        },
        "systemRequirements": {
          "dependencies": [
            "OpenSSL",
            "libcurl"
          ],
          "os": "Linux (Debian-based)",
          "privileges": "root/sudo for system operations"
        },
        "version": "9.8.4 (build 319)",
        "website": "https://www.digi77.com"
      },
      "errors": [],
      "metadata": {
        "executionTime": 1,
        "hostname": "REDACTED-BUILD-HOST",
        "user": "REDACTED-BUILD-USER"
      },
      "status": "success",
      "timestamp": "2026-06-28T11:16:31.525409365Z",
      "version": "9.8.4 (build 319)",
      "warnings": []
    },
    "flag_v": {
      "command": "version",
      "data": {
        "buildDate": "REDACTED-BUILD-TIME",
        "gitCommit": "unknown",
        "name": "workflow-manager",
        "rustVersion": "1.82.0",
        "version": "9.8.4 (build 319)"
      },
      "errors": [],
      "metadata": {
        "executionTime": 1,
        "hostname": "REDACTED-BUILD-HOST",
        "user": "REDACTED-BUILD-USER"
      },
      "status": "success",
      "timestamp": "2026-06-28T11:16:31.658316391Z",
      "version": "9.8.4 (build 319)",
      "warnings": []
    },
    "flag_h": {
      "command": "help",
      "data": {
        "commandCategories": [
          {
            "category": "Commands",
            "commands": [
              {
                "description": "Create a new workflow template",
                "name": "create",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager create [OPTIONS]"
              },
              {
                "description": "Add a step to a workflow template",
                "name": "add",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager add [OPTIONS]"
              },
              {
                "description": "Add a pause step to a workflow template",
                "name": "pause",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager pause [OPTIONS]"
              },
              {
                "description": "Add an include step to a workflow template (includes another profile)",
                "name": "include",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager include [OPTIONS]"
              },
              {
                "description": "List all workflow templates",
                "name": "list",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager list [OPTIONS]"
              },
              {
                "description": "Show details of a workflow template",
                "name": "show",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager show [OPTIONS]"
              },
              {
                "description": "Run a workflow template",
                "name": "run",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager run [OPTIONS]"
              },
              {
                "description": "Update a step in a workflow template",
                "name": "update",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager update [OPTIONS]"
              },
              {
                "description": "Delete a step from a workflow template",
                "name": "delete-step",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager delete-step [OPTIONS]"
              },
              {
                "description": "Delete an entire workflow template",
                "name": "delete",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager delete [OPTIONS]"
              },
              {
                "description": "Query system state",
                "name": "state",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager state [OPTIONS]"
              },
              {
                "description": "Validate workflow prerequisites",
                "name": "prereq",
                "options": [],
                "requires_sudo": false,
                "usage": "workflow-manager prereq [OPTIONS]"
              }
            ]
          }
        ],
        "description": "Workflow manager for batch command execution with conditional logic",
        "environmentVariables": [
          {
            "default": "info",
            "description": "Set logging level",
            "name": "RUST_LOG",
            "values": "error|warn|info|debug|trace"
          },
          {
            "default": "unset",
            "description": "Disable all colored output when set",
            "name": "NO_COLOR",
            "values": "1|true|yes (any value disables color)"
          }
        ],
        "exitCodes": {
          "0": "Success",
          "1": "General error",
          "2": "Invalid arguments",
          "3": "Permission denied",
          "4": "Network error",
          "5": "File not found"
        },
        "globalOptions": [
          {
            "description": "Print help information",
            "flag": "-h, --help"
          },
          {
            "description": "Print version information",
            "flag": "-v, --version"
          },
          {
            "description": "Display detailed information",
            "flag": "-n, --info"
          },
          {
            "description": "Show usage examples",
            "flag": "-e, --examples"
          },
          {
            "description": "Output in JSON format",
            "flag": "--json"
          },
          {
            "description": "Force output format (text|json)",
            "flag": "-o, --output-format <FORMAT>"
          },
          {
            "description": "Pretty-print JSON output with indentation",
            "flag": "--json-pretty"
          },
          {
            "description": "Enhanced JSON output with improved formatting (like jq)",
            "flag": "--json-human"
          },
          {
            "description": "Select specific fields to include in output (comma-separated)",
            "flag": "--fields <FIELD_LIST>"
          },
          {
            "description": "Limit number of results returned",
            "flag": "--limit <NUMBER>"
          },
          {
            "description": "Skip first N results (for pagination)",
            "flag": "--offset <NUMBER>"
          },
          {
            "description": "Working directory (defaults to auto-detected base directory)",
            "flag": "-d, --work-dir <PATH>"
          },
          {
            "description": "Set custom port number (1024-65535)",
            "flag": "--port <PORT>"
          },
          {
            "description": "Set log level (error|warn|info|debug)",
            "flag": "--log-level <LEVEL>"
          },
          {
            "description": "Enable verbose output",
            "flag": "--verbose"
          },
          {
            "description": "Suppress non-essential output",
            "flag": "--quiet"
          },
          {
            "description": "Disable colored output",
            "flag": "--no-color"
          },
          {
            "description": "Use custom configuration file",
            "flag": "--config <FILE>"
          },
          {
            "description": "Set operation timeout in seconds (optional; no default applied)",
            "flag": "--timeout <SECS>"
          },
          {
            "description": "Retry attempts (optional; no default applied)",
            "flag": "--retry <COUNT>"
          }
        ],
        "name": "workflow-manager",
        "usage": "workflow-manager [OPTIONS] [COMMAND] [ARGS]"
      },
      "errors": [],
      "metadata": {
        "executionTime": 1,
        "hostname": "REDACTED-BUILD-HOST",
        "user": "REDACTED-BUILD-USER"
      },
      "status": "success",
      "timestamp": "2026-06-28T11:16:31.777660038Z",
      "version": "9.8.4 (build 319)",
      "warnings": []
    },
    "flag_e": {
      "command": "examples",
      "data": {
        "categories": [
          {
            "description": "Create, list, view, and delete workflow templates",
            "examples": [
              {
                "command": "workflow-manager create my-workflow",
                "description": "Creates a new empty workflow template named 'my-workflow'",
                "expectedOutput": "Template 'my-workflow' created successfully"
              },
              {
                "command": "workflow-manager create backup-workflow --description 'Daily backup routine'",
                "description": "Creates a workflow with a descriptive label",
                "expectedOutput": "Template 'backup-workflow' created successfully"
              },
              {
                "command": "workflow-manager list",
                "description": "Shows all available workflow templates",
                "expectedOutput": "Workflow Templates (2 total)"
              },
              {
                "command": "workflow-manager show my-workflow",
                "description": "Displays the full structure of a workflow template",
                "expectedOutput": "Workflow Template: my-workflow"
              },
              {
                "command": "workflow-manager delete my-workflow",
                "description": "Permanently removes a workflow template",
                "expectedOutput": "Template 'my-workflow' deleted successfully"
              }
            ],
            "id": "template-management",
            "title": "Template Management"
          },
          {
            "description": "Add steps to workflows. Use comma-separated commands for multiple steps in one call, or add individually.",
            "examples": [
              {
                "command": "workflow-manager add my-workflow 'echo Hello World'",
                "description": "Adds a single command as step 1",
                "expectedOutput": "Step 1 added to template 'my-workflow'",
                "notes": "Single command creates one step"
              },
              {
                "command": "workflow-manager create w1 && workflow-manager add w1 \"sudo ip-fetch\",\"sudo online-auth check-login\",\"ip addr show\"",
                "description": "Create workflow then add multiple steps in one command using comma separation",
                "expectedOutput": "Template 'w1' created, 3 steps added to template 'w1'",
                "notes": "`add` requires the workflow to already exist, so chain `create` first. Comma-separated commands create multiple steps automatically."
              },
              {
                "command": "workflow-manager create diagnostics && workflow-manager add diagnostics \"./health-control net-check\",\"./tor-switch tor-status\",\"./dns-leak test\"",
                "description": "Create a diagnostic workflow with 3 steps at once",
                "expectedOutput": "Template 'diagnostics' created, 3 steps added",
                "notes": "All steps share the same timeout and condition settings"
              },
              {
                "command": "workflow-manager add my-workflow 'tar czf backup.tar.gz /data' --timeout 600",
                "description": "Adds a command with a 10-minute timeout",
                "expectedOutput": "Step added with 600 second timeout"
              },
              {
                "command": "workflow-manager add my-workflow 'cleanup.sh' --condition if_success",
                "description": "Runs only if the previous command succeeded",
                "expectedOutput": "Step added with conditional execution"
              },
              {
                "command": "workflow-manager add my-workflow 'notify-admin.sh' --if-contains 'ERROR'",
                "description": "Runs only if previous output contains 'ERROR'",
                "expectedOutput": "Step added with pattern matching condition"
              }
            ],
            "id": "adding-commands",
            "title": "Adding Commands to Workflows"
          },
          {
            "description": "Run workflows and control execution behavior",
            "examples": [
              {
                "command": "sudo workflow-manager run my-workflow",
                "description": "Executes all commands in the workflow sequentially",
                "expectedOutput": "✅ Workflow completed: Success",
                "notes": "Conditions are evaluated before each step"
              },
              {
                "command": "sudo workflow-manager run my-workflow --dry-run",
                "description": "Shows what would be executed without running commands",
                "expectedOutput": "Dry run: 5 steps would be executed",
                "notes": "Use for testing workflows before execution"
              }
            ],
            "id": "workflow-execution",
            "title": "Workflow Execution"
          },
          {
            "description": "Update, delete, and inspect individual workflow steps",
            "examples": [
              {
                "command": "workflow-manager show my-workflow",
                "description": "View all steps with their IDs and details",
                "expectedOutput": "Step 1: echo Hello\nStep 2: ./backup.sh\nStep 3: ./cleanup.sh",
                "notes": "Use this to identify step IDs before updating or deleting"
              },
              {
                "command": "workflow-manager delete-step my-workflow 2",
                "description": "Remove step #2 from the workflow",
                "expectedOutput": "Step 2 deleted from 'my-workflow'",
                "notes": "Step IDs are renumbered after deletion"
              },
              {
                "command": "workflow-manager update my-workflow 1 'echo Updated Command' --timeout 300",
                "description": "Change step #1 command and timeout",
                "expectedOutput": "Step 1 updated successfully",
                "notes": "All step properties can be updated"
              }
            ],
            "id": "step-management",
            "title": "Managing Individual Steps"
          },
          {
            "description": "Build complete workflows quickly by chaining multiple 'add' commands with &&",
            "examples": [
              {
                "command": "workflow-manager create tor-recovery && workflow-manager add tor-recovery './routing-switch recover internet' --timeout 60 && workflow-manager add tor-recovery './health-control net-check' -c if_success && workflow-manager add tor-recovery './tor-switch start' -c if_success --timeout 120",
                "description": "Create workflow and add 3 steps in one command chain",
                "expectedOutput": "Template created, 3 steps added successfully",
                "notes": "Use && to chain commands efficiently"
              },
              {
                "command": "workflow-manager create diagnostics && workflow-manager add diagnostics './health-control net-check' --timeout 30 && workflow-manager add diagnostics './tor-switch tor-status' -c if_success && workflow-manager add diagnostics './dns-leak test' -c if_success && workflow-manager add diagnostics './integrity-check check-all' -c if_success",
                "description": "Create and populate a diagnostics workflow with 4 conditional steps",
                "expectedOutput": "diagnostics created, 4 steps added",
                "notes": "Chain `create` before `add` so the workflow exists before steps are appended."
              },
              {
                "command": "workflow-manager create backup && workflow-manager add backup 'tar czf backup.tar.gz /data' && workflow-manager pause backup --message 'Check backup size' -c if_success && workflow-manager add backup 'rsync backup.tar.gz remote:/backups' -c if_success && workflow-manager add backup 'rm backup.tar.gz' -c if_success",
                "description": "Build complete backup workflow with pause and cleanup",
                "expectedOutput": "Backup workflow with 4 steps created",
                "notes": "Mix commands and pauses for interactive workflows. `create` precedes all `add`/`pause` calls."
              }
            ],
            "id": "batch-building",
            "title": "Efficient Batch Building"
          },
          {
            "description": "All available condition types with practical examples",
            "examples": [
              {
                "command": "workflow-manager add my-workflow './check-status.sh' -c always",
                "description": "Always execute (default behavior, runs regardless)",
                "expectedOutput": "Step added with 'always' condition"
              },
              {
                "command": "workflow-manager add my-workflow './deploy.sh' -c if_success",
                "description": "Execute only if previous step succeeded (exit code 0)",
                "expectedOutput": "Step added with if_success condition",
                "notes": "Most common condition for sequential workflows"
              },
              {
                "command": "workflow-manager add my-workflow './rollback.sh' -c if_fail",
                "description": "Execute only if previous step failed (exit code ≠ 0)",
                "expectedOutput": "Step added with if_fail condition",
                "notes": "Useful for error recovery and rollback scenarios"
              },
              {
                "command": "workflow-manager add my-workflow './alert-success.sh' --if-contains \"success\"",
                "description": "Execute if previous output contains pattern \"success\"",
                "expectedOutput": "Step added with pattern matching condition",
                "notes": "Case-sensitive - matches JSON like \\\"status\\\":\\\"success\\\""
              },
              {
                "command": "workflow-manager add my-workflow './continue.sh' --if-not-contains \"errors\"",
                "description": "Execute if previous output does NOT contain \"errors\"",
                "expectedOutput": "Step added with negative pattern condition",
                "notes": "Case-sensitive - checks for absence of \\\"errors\\\" in JSON output"
              },
              {
                "command": "workflow-manager add my-workflow './handle-done.sh' --if-equals \"ready\"",
                "description": "Execute if previous output exactly equals \"ready\"",
                "expectedOutput": "Step added with exact match condition",
                "notes": "Exact match (case-sensitive) - output is trimmed before comparison"
              },
              {
                "command": "workflow-manager add my-workflow './process-result.sh' --if-regex '^status: (ok|success)$'",
                "description": "Execute if previous output matches regex pattern",
                "expectedOutput": "Step added with regex condition",
                "notes": "Supports full regex syntax for complex matching"
              },
              {
                "command": "workflow-manager add my-workflow './skip-if-hardened.sh' --if-not-regex 'HARDENED.*HARDENED.*HARDENED.*HARDENED'",
                "description": "Execute if output does NOT match regex (counting: skip if 4+ HARDENED found)",
                "expectedOutput": "Step added with if_not_regex condition",
                "notes": "Inverse regex match - useful for counting occurrences. Pattern matches 4+ 'HARDENED' words."
              },
              {
                "command": "workflow-manager add my-workflow './alert-few-services.sh' --if-not-regex '(service.*active.*){5,}'",
                "description": "Execute if fewer than 5 services are active (counting with regex quantifiers)",
                "expectedOutput": "Step added with if_not_regex condition",
                "notes": "Uses regex quantifiers {5,} to count occurrences. Step runs if pattern does NOT match (< 5 services)."
              },
              {
                "command": "workflow-manager add my-workflow './handle-connected.sh' --if-json-path '$.status=\"connected\"'",
                "description": "Execute if JSON field $.status equals 'connected'",
                "expectedOutput": "Step added with JSON path condition",
                "notes": "Previous output must be valid JSON"
              },
              {
                "command": "workflow-manager add my-workflow './finland-detected.sh' --if-json-path '$.data.records[0].country_name=\"Finland\"'",
                "description": "Execute if JSON array element matches value",
                "expectedOutput": "Step added with JSON path array condition",
                "notes": "Supports array indexing [0], [1], etc. for nested JSON arrays"
              },
              {
                "command": "workflow-manager add my-workflow './proxy-active.sh' --if-json-path '$.data.records[0].connection_status.connection_type=\"Proxy\"'",
                "description": "Execute if nested JSON path with array matches",
                "expectedOutput": "Step added with complex nested JSON path condition",
                "notes": "Can navigate through objects and arrays: $.path.to.array[index].field"
              },
              {
                "command": "workflow-manager add my-workflow './ip-online.sh' --if-json-path '$.ip_connectivity=true'",
                "description": "Execute if JSON boolean field is true",
                "expectedOutput": "Step added with JSON boolean condition",
                "notes": "Supports true/false without quotes"
              },
              {
                "command": "workflow-manager add my-workflow './status-check.sh' --if-json-path '$.status_code=2'",
                "description": "Execute if JSON number field matches",
                "expectedOutput": "Step added with JSON number condition",
                "notes": "Numbers don't need quotes: =2 not =\"2\""
              }
            ],
            "id": "conditional-logic",
            "title": "Conditional Logic"
          },
          {
            "description": "Pause steps and advanced workflow management",
            "examples": [
              {
                "command": "workflow-manager pause my-workflow --message 'Review results before continuing'",
                "description": "Adds an interactive pause point in the workflow",
                "expectedOutput": "Pause step added to workflow",
                "notes": "User must press Enter to continue workflow execution"
              },
              {
                "command": "workflow-manager pause backup --message 'Verify backup integrity' -c if_success",
                "description": "Conditional pause only if previous step succeeded",
                "expectedOutput": "Conditional pause step added",
                "notes": "Combine pauses with conditions for smart workflows"
              },
              {
                "command": "workflow-manager include my-workflow shared-prereqs --description 'Reusable setup steps'",
                "description": "Adds an include step that composes another workflow profile into this template",
                "expectedOutput": "Include step 3 added to template 'my-workflow'",
                "notes": "The profile is expanded into its steps when the workflow runs. Requires <TEMPLATE> and <PROFILE> positionals; accepts -c/--condition like other steps."
              }
            ],
            "id": "advanced-features",
            "title": "Advanced Features"
          },
          {
            "description": "Practical workflows using actual Kodachi commands",
            "examples": [
              {
                "command": "workflow-manager create ip-verify && workflow-manager add ip-verify 'sudo ip-fetch --json' --timeout 60 && workflow-manager add ip-verify 'echo Finland detected' --if-json-path '$.data.records[0].country_name=\"Finland\"' && workflow-manager run ip-verify",
                "description": "Check IP geolocation and verify country",
                "expectedOutput": "Finland detected",
                "notes": "Uses JSON path with array indexing to check nested geolocation data"
              },
              {
                "command": "workflow-manager create auth-check && workflow-manager add auth-check 'sudo online-auth check-login --json' --timeout 30 && workflow-manager add auth-check 'echo Session valid' --if-contains 'valid' && workflow-manager run auth-check",
                "description": "Verify authentication and session status",
                "expectedOutput": "Session valid",
                "notes": "Pattern matching on authentication response to confirm valid login"
              },
              {
                "command": "workflow-manager create health-audit && workflow-manager add health-audit 'sudo health-control net-check --json' --timeout 60 && workflow-manager add health-audit 'echo Network online' --if-json-path '$.ip_connectivity=true' && workflow-manager add health-audit 'sudo routing-switch status --json' -c if_success --timeout 30 && workflow-manager run health-audit",
                "description": "Complete system health and network connectivity check",
                "expectedOutput": "Network online",
                "notes": "Combines network check with JSON boolean evaluation and cascading conditions"
              },
              {
                "command": "workflow-manager create tor-verify && workflow-manager add tor-verify 'sudo tor-switch get-tor-status --json' --timeout 30 && workflow-manager add tor-verify 'echo Tor responding' --if-json-path '$.data.is_responding=true' && workflow-manager run tor-verify",
                "description": "Verify Tor service health and responsiveness",
                "expectedOutput": "Tor responding",
                "notes": "Checks Tor daemon status using JSON path boolean evaluation"
              }
            ],
            "id": "kodachi-workflows",
            "title": "Real-World Kodachi Workflows"
          },
          {
            "description": "Define system state requirements that must be met before workflow execution",
            "examples": [
              {
                "command": "# Example profile with prerequisites (edit JSON manually):\n{\n  \"prerequisites\": {\n    \"required\": [\n      {\"check\": \"state.online\", \"expect\": true, \"error\": \"Internet connection required\"},\n      {\"check\": \"state.torrify\", \"expect\": false, \"error\": \"System must not be torrified\"},\n      {\"check\": \"state.tor_running\", \"expect\": true, \"error\": \"Tor must be running\"}\n    ],\n    \"on_failure\": \"abort\"\n  }\n}",
                "description": "Prerequisites block in profile JSON - validates state before execution",
                "expectedOutput": "✅ Prerequisites validated or ❌ Prerequisites not met - aborting",
                "notes": "If prerequisites is null or not present, no prerequisite checks are performed"
              },
              {
                "command": "workflow-manager prereq check initial_terminal_setup_wireguard_torrify",
                "description": "Validate prerequisites without running the workflow",
                "expectedOutput": "✅ All prerequisites met or ❌ Prerequisite failures listed",
                "notes": "Use this to test prerequisites before execution"
              }
            ],
            "id": "prerequisites",
            "title": "Prerequisites"
          },
          {
            "description": "Query current system state for debugging and validation",
            "examples": [
              {
                "command": "workflow-manager state",
                "description": "Show all system states as JSON",
                "expectedOutput": "{\"online\": true, \"torrify\": false, \"dnscrypt\": true, \"routing_mode\": \"wireguard\", \"tor_running\": true}"
              },
              {
                "command": "workflow-manager state online",
                "description": "Check specific state (online connectivity)",
                "expectedOutput": "{\"state\": \"online\", \"value\": true}",
                "notes": "20 states available: online, routing_mode, vpn_connected, dnscrypt, ipv6_disabled, dns_kodachi_managed, firewall_active, kill_switch_armed, network_hardened, disk_encrypted, security_score, torrify, tor_running, tor_dns_active, tor_verified, mac_spoofing, bluetooth_enabled, wifi_enabled, authenticated, tor_instances_count"
              }
            ],
            "id": "state-checking",
            "title": "System State Checking"
          },
          {
            "description": "Define reusable probe functions in profiles for complex conditions",
            "examples": [
              {
                "command": "# Example profile with probes (edit JSON manually):\n{\n  \"probes\": {\n    \"harden_count\": {\n      \"probe_type\": \"count\",\n      \"expression\": \"count('harden', previous_output)\",\n      \"description\": \"Count 'harden' occurrences\"\n    },\n    \"is_hardened\": {\n      \"probe_type\": \"expression\",\n      \"expression\": \"probe('harden_count') >= 4\"\n    }\n  },\n  \"steps\": [\n    {\n      \"id\": 2,\n      \"cmd\": \"echo 'Already hardened, skipping'\",\n      \"condition\": {\n        \"type\": \"if_probe\",\n        \"probe\": \"is_hardened\",\n        \"expect\": true\n      }\n    }\n  ]\n}",
                "description": "Define probes at profile level and use in step conditions",
                "expectedOutput": "Step executes based on probe evaluation",
                "notes": "Probe types: builtin, expression, count"
              }
            ],
            "id": "probe-functions",
            "title": "Probe Functions"
          },
          {
            "description": "Complete reference for workflow-level configuration options and their interactions",
            "examples": [
              {
                "command": "# Global Settings in profile JSON:\n{\n  \"global_settings\": {\n    \"kill_policy\": \"stop\",\n    \"continue_policy\": true,\n    \"max_log_size\": 10485760,\n    \"default_timeout\": 300,\n    \"working_dir\": \".\"\n  }\n}",
                "description": "All available global settings with default values",
                "expectedOutput": "kill_policy: \"stop\" (how to handle step failures)\ncontinue_policy: true (whether to continue after failures)\nmax_log_size: 10485760 bytes (max log file size)\ndefault_timeout: 300 seconds (default step timeout)\nworking_dir: \".\" (base directory for commands)",
                "notes": "Global settings apply to entire workflow unless overridden at step level"
              },
              {
                "command": "workflow-manager show policy-demo --json",
                "description": "kill_policy determines workflow behavior when steps fail",
                "expectedOutput": "Profile JSON showing global_settings.kill_policy and continue_policy values",
                "notes": "kill_policy options: stop (default/safest), continue (best-effort), skip_remaining (skip rest without fail). continue_policy=true overrides kill_policy and always continues."
              },
              {
                "command": "# Interaction between kill_policy and continue_policy:\nIf continue_policy = true:\n  → Always continue (kill_policy ignored)\nIf continue_policy = false:\n  → Check kill_policy:\n     - \"stop\" → stop workflow\n     - \"continue\" → continue workflow\n     - \"skip_remaining\" → skip remaining steps",
                "description": "Priority logic: continue_policy overrides kill_policy",
                "expectedOutput": "continue_policy acts as master override switch\nkill_policy provides granular control when continue_policy=false",
                "notes": "For security-critical workflows: kill_policy='stop', continue_policy=false. For recovery workflows: kill_policy='continue', continue_policy=true"
              },
              {
                "command": "# Timeout and working directory:\n{\n  \"global_settings\": {\n    \"default_timeout\": 180,\n    \"working_dir\": \".\"\n  },\n  \"steps\": [\n    {\n      \"cmd\": \"./health-control net-check\",\n      \"timeout\": 60\n    }\n  ]\n}",
                "description": "default_timeout applies to all steps, working_dir sets base path for relative commands",
                "expectedOutput": "Steps without explicit timeout use default_timeout (180s)\nCommands execute from working_dir path\nStep-level timeout (60s) overrides default",
                "notes": "max_log_size prevents runaway log growth. Logs are truncated when limit reached. Default 10MB is suitable for most workflows"
              }
            ],
            "id": "global-settings-reference",
            "title": "Global Settings Reference"
          },
          {
            "description": "Complete guide to workflow prerequisites - requirements that must be met before workflow runs",
            "examples": [
              {
                "command": "# Prerequisites in profile JSON:\n{\n  \"prerequisites\": {\n    \"authenticated\": true,\n    \"online\": true,\n    \"torrify\": false,\n    \"on_failure\": \"abort\"\n  }\n}",
                "description": "Prerequisites define conditions that must be true before workflow executes",
                "expectedOutput": "authenticated: User must be logged in with valid session\nonline: Internet connectivity required\ntorrify: Tor routing must be active (true) or inactive (false)\non_failure: Action when prerequisites not met",
                "notes": "Prerequisites are checked BEFORE any steps execute. All must pass (AND logic)"
              },
              {
                "command": "workflow-manager show prereq-demo --json",
                "description": "on_failure controls behavior when prerequisites fail",
                "expectedOutput": "Profile JSON showing prerequisites.on_failure policy",
                "notes": "on_failure options: abort (default/safest), skip (optional workflows), warn (informational checks). Use abort for auth/security-critical flows."
              },
              {
                "command": "# Common prerequisite patterns:\n# Security-critical workflow:\n\"prerequisites\": {\n  \"authenticated\": true,\n  \"on_failure\": \"abort\"\n}\n\n# Tor setup workflow:\n\"prerequisites\": {\n  \"online\": true,\n  \"torrify\": false,\n  \"on_failure\": \"abort\"\n}\n\n# Recovery workflow (run anytime):\n\"prerequisites\": {}  # Empty - no requirements",
                "description": "Real-world prerequisite patterns for different workflow types",
                "expectedOutput": "Security workflows: Require authentication\nSetup workflows: Require specific system state\nRecovery workflows: No prerequisites (always available)",
                "notes": "Combine prerequisites with AND logic - all must pass. For OR logic, create separate workflows"
              },
              {
                "command": "# How prerequisites are checked:\nauthenticated: Check ~/.kodachi/auth/session file exists and valid\nonline: Ping check or DNS resolution test\ntorrify: Check routing-switch status for active Tor routing",
                "description": "Backend implementation of prerequisite checks",
                "expectedOutput": "Each prerequisite type has specific system check\nFailed checks trigger on_failure behavior\nPrerequisite status shown in workflow output",
                "notes": "Use 'workflow-manager prereq check <profile>' to test prerequisites without running workflow"
              }
            ],
            "id": "prerequisites-explained",
            "title": "Prerequisites Explained"
          },
          {
            "description": "Comprehensive reference for all condition types and evaluation logic",
            "examples": [
              {
                "command": "# All supported condition types:\n1. \"always\" - Always execute (unconditional)\n2. \"never\" - Never execute (placeholder/disabled)\n3. \"if_success\" - Execute if previous step succeeded (exit code 0)\n4. \"if_fail\" - Execute if previous step failed (exit code != 0)\n5. \"if_pattern\" - Execute if previous output matches pattern (glob)\n6. \"if_not_pattern\" - Execute if previous output does NOT match pattern\n7. \"if_json_path\" - Execute if JSON path query (dot fields + [index]) returns true\n8. \"if_expression\" - Execute if complex boolean expression evaluates true\n9. \"if_probe\" - Execute based on probe function result",
                "description": "Complete list of condition types with brief descriptions",
                "expectedOutput": "Each condition type evaluates differently\nConditions determine whether step executes or skips\nMultiple steps can have same condition type",
                "notes": "Conditions are evaluated sequentially - each step checks its condition before executing"
              },
              {
                "command": "# Pattern matching (if_pattern, if_not_pattern):\n{\n  \"condition\": {\n    \"type\": \"if_pattern\",\n    \"pattern\": \"*SUCCESS*\"\n  }\n}\n\nPattern syntax (glob-style):\n- \"*\" matches any characters (wildcard)\n- \"?\" matches single character\n- \"[abc]\" matches any char in brackets\n- \"[!abc]\" matches any char NOT in brackets\n- \"**\" recursive directory match\n\nCase-sensitive by default!",
                "description": "Pattern matching uses glob syntax for flexible text matching",
                "expectedOutput": "Patterns match against previous step's output\nWildcards allow partial matching\nCase matters: 'SUCCESS' != 'success'",
                "notes": "Use if_not_pattern for exclusion logic (e.g., skip if output contains ERROR)"
              },
              {
                "command": "# JSON path evaluation (if_json_path):\n{\n  \"condition\": {\n    \"type\": \"if_json_path\",\n    \"path\": \"$.status.connected\",\n    \"expect\": true\n  }\n}\n\nJSON path syntax:\n- \"$\" root object\n- \".field\" object field access\n- \"[index]\" array index access\n\nUnsupported in this matcher:\n- \"..\" recursive descent\n- \"*\" wildcard (all elements)",
                "description": "if_json_path evaluates JSON output from previous command",
                "expectedOutput": "Extracts value at path and compares to 'expect'\nUseful for structured command output (health-control, tor-switch)\nPath evaluation uses a strict JSONPath subset (dot fields + array indexes)",
                "notes": "Example: health-control --json returns JSON, use if_json_path to check specific fields like $.security.score"
              },
              {
                "command": "workflow-manager add my-workflow './health-control security-status --json' --if-expression \"probe('hardened_count') >= 4\"",
                "description": "if_expression allows complex boolean logic combining multiple checks",
                "expectedOutput": "Step added with if_expression condition for runtime evaluation",
                "notes": "Supported operators: comparison (== != < > <= >=), logical (&& || !), functions (contains(), count(), probe()), and variables (previous_output, step_id, workflow_status)."
              },
              {
                "command": "# Probe-based conditions (if_probe):\n{\n  \"probes\": {\n    \"is_connected\": {\n      \"probe_type\": \"builtin\",\n      \"check\": \"network_status\"\n    }\n  },\n  \"steps\": [\n    {\n      \"condition\": {\n        \"type\": \"if_probe\",\n        \"probe\": \"is_connected\",\n        \"expect\": true\n      }\n    }\n  ]\n}",
                "description": "if_probe evaluates reusable probe functions defined in profile",
                "expectedOutput": "Define probe once, use in multiple steps\nProbe types: builtin (system checks), expression (custom logic), count (occurrence counting)\nCleaner than repeating same condition",
                "notes": "See Category 11 'Probe Functions' for detailed probe documentation"
              }
            ],
            "id": "condition-types-deep-dive",
            "title": "Condition Types Deep Dive"
          },
          {
            "description": "Complete reference for all step-level configuration options",
            "examples": [
              {
                "command": "# Complete step structure:\n{\n  \"id\": 1,\n  \"type\": \"command\",\n  \"cmd\": \"sudo health-control net-check\",\n  \"description\": \"Check network connectivity\",\n  \"condition\": {\n    \"type\": \"always\"\n  },\n  \"timeout\": 60,\n  \"confirm\": false,\n  \"nice_level\": 0\n}",
                "description": "All available step configuration fields with example values",
                "expectedOutput": "id: Unique step number (required, integer)\ntype: Step type (required: 'command', 'pause', 'include')\ncmd: Command to execute (required for command type)\ndescription: Human-readable label (required)\ncondition: Execution condition (required object)\ntimeout: Max execution seconds (optional, uses default_timeout if omitted)\nconfirm: Require user confirmation (optional, default false)\nnice_level: Process priority -20 to 19 (optional, default 0)",
                "notes": "Required fields: id, type, cmd (if command type), description, condition. All others optional with sensible defaults"
              },
              {
                "command": "# Step types explained:\n1. \"command\" - Execute shell command\n   Requires: cmd field\n   Example: \"cmd\": \"sudo tor-switch tor-status\"\n\n2. \"pause\" - Wait for user input or delay\n   Requires: message field (shown to user)\n   Example: \"message\": \"Press Enter to continue...\"\n\n3. \"include\" - Include another workflow profile\n   Requires: profile field\n   Example: \"profile\": \"base-recovery-sequence\"",
                "description": "Three step types with different requirements and behaviors",
                "expectedOutput": "command: Most common type for executing system operations\npause: Interactive workflows requiring user decisions\ninclude: Compose complex workflows from smaller reusable pieces",
                "notes": "Include type allows workflow composition - build libraries of reusable profiles and chain them together"
              },
              {
                "command": "# Timeout behavior:\n{\n  \"global_settings\": {\n    \"default_timeout\": 300\n  },\n  \"steps\": [\n    {\n      \"cmd\": \"quick-command\",\n      \"timeout\": 10\n    },\n    {\n      \"cmd\": \"slow-command\"\n      # Uses default_timeout (300s)\n    }\n  ]\n}",
                "description": "Step-level timeout overrides global default_timeout",
                "expectedOutput": "Omit timeout to use default (300s from global_settings)\nSpecify timeout for time-sensitive commands\nTimeout prevents hanging on stuck commands",
                "notes": "Set timeout=0 for no limit (use carefully). Commands killed with SIGTERM after timeout, then SIGKILL if unresponsive"
              },
              {
                "command": "# Confirm and nice_level:\n{\n  \"cmd\": \"sudo health-control panic hard\",\n  \"confirm\": true,\n  \"nice_level\": -10\n}\n\nconfirm: true prompts user before executing\nnice_level: -20 (highest priority) to 19 (lowest priority)\n  - Negative values require root (higher CPU priority)\n  - Positive values lower priority (background tasks)\n  - 0 is default (normal priority)",
                "description": "confirm adds safety for destructive operations, nice_level controls CPU priority",
                "expectedOutput": "Use confirm=true for dangerous commands (panic, wipe, reset)\nUse negative nice_level for critical real-time operations\nUse positive nice_level for background tasks",
                "notes": "Example: Recovery workflows use nice_level=-5 for priority, diagnostic scripts use nice_level=10 for background execution"
              }
            ],
            "id": "step-configuration-reference",
            "title": "Step Configuration Reference"
          }
        ],
        "description": "Usage examples for workflow-manager",
        "name": "workflow-manager",
        "quickReference": [
          "sudo workflow-manager --help",
          "sudo workflow-manager --version",
          "sudo workflow-manager --info --json",
          "sudo workflow-manager --examples --json"
        ]
      },
      "errors": [],
      "metadata": {
        "executionTime": 1,
        "hostname": "REDACTED-BUILD-HOST",
        "user": "REDACTED-BUILD-USER"
      },
      "status": "success",
      "timestamp": "2026-06-28T11:16:32.001807528Z",
      "version": "9.8.4 (build 319)",
      "warnings": []
    }
  }
}
