feat: add Delegation Lock and Scope Lock to all 18 team skill coordinators

Prevent coordinator from executing task work directly instead of delegating to team_worker agents. Three-layer enforcement: - SKILL.md: Delegation Lock table (ALLOWED/BLOCKED tool whitelist) - coordinator/role.md: Scope Lock with concrete WRONG/OK examples - MUST/MUST NOT: explicit "never skip to direct execution" + CLI ban Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 19:48:33 +08:00 · 2026-03-25 17:17:31 +08:00
parent 36672bae39
commit 3111bd23f4
37 changed files with 823 additions and 15 deletions
--- a/.codex/skills/team-uidesign/SKILL.md
+++ b/.codex/skills/team-uidesign/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router

+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants

 - **Session prefix**: `UDS`
--- a/.codex/skills/team-uidesign/roles/coordinator/role.md
+++ b/.codex/skills/team-uidesign/roles/coordinator/role.md
@@ -2,6 +2,24 @@

 UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -> monitor -> report. Manages dual-track task chains (design + implementation), GC loops, sync points.

+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Monitor worker progress via wait_agent and process results
 - Handle Generator-Critic loops with max 2 iterations
 - Maintain session state persistence (tasks.json)
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**

 ### MUST NOT
 - Implement domain logic (researching, designing, auditing, building) -- workers handle this
@@ -23,6 +42,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Force-advance pipeline past failed audit
 - Modify source code or design artifacts directly -- delegate to workers
 - Omit `[coordinator]` identifier in any output
+- Call CLI tools (ccw cli) — only workers use CLI

 ## Command Execution Protocol