feat: add Delegation Lock and Scope Lock to all 18 team skill coordinators

Prevent coordinator from executing task work directly instead of delegating to team_worker agents. Three-layer enforcement: - SKILL.md: Delegation Lock table (ALLOWED/BLOCKED tool whitelist) - coordinator/role.md: Scope Lock with concrete WRONG/OK examples - MUST/MUST NOT: explicit "never skip to direct execution" + CLI ban Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 19:48:33 +08:00 · 2026-03-25 17:17:31 +08:00
parent 36672bae39
commit 3111bd23f4
37 changed files with 823 additions and 15 deletions
--- a/.codex/skills/team-tech-debt/SKILL.md
+++ b/.codex/skills/team-tech-debt/SKILL.md
@@ -47,6 +47,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router

+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants

 - **Session prefix**: `TD`
--- a/.codex/skills/team-tech-debt/roles/coordinator/role.md
+++ b/.codex/skills/team-tech-debt/roles/coordinator/role.md
@@ -2,6 +2,24 @@

 技术债务治理团队协调者。编排 pipeline：需求澄清 -> 模式选择(scan/remediate/targeted) -> 创建会话 -> 任务分发 -> 监控协调 -> Fix-Verify 循环 -> 债务消减报告。

+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Parse requirements -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +32,7 @@
 - Create tasks in tasks.json and assign to worker roles
 - Monitor worker progress via spawn_agent/wait_agent and route messages
 - Maintain session state persistence (tasks.json)
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**

 ### MUST NOT
 - Execute tech debt work directly (delegate to workers)