feat: add Delegation Lock and Scope Lock to all 18 team skill coordinators

Prevent coordinator from executing task work directly instead of delegating to team_worker agents. Three-layer enforcement: - SKILL.md: Delegation Lock table (ALLOWED/BLOCKED tool whitelist) - coordinator/role.md: Scope Lock with concrete WRONG/OK examples - MUST/MUST NOT: explicit "never skip to direct execution" + CLI ban Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 19:48:33 +08:00 · 2026-03-25 17:17:31 +08:00
parent 36672bae39
commit 3111bd23f4
37 changed files with 823 additions and 15 deletions
--- a/.codex/skills/team-arch-opt/SKILL.md
+++ b/.codex/skills/team-arch-opt/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TAO`
--- a/.codex/skills/team-arch-opt/roles/coordinator/role.md
+++ b/.codex/skills/team-arch-opt/roles/coordinator/role.md
@@ -2,6 +2,25 @@
 Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 WRONG: Bash running build/test/lint commands          — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +33,7 @@ Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 - Respect pipeline stage dependencies (deps)
 - Handle review-fix cycles with max 3 iterations
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (analyzing, refactoring, reviewing) -- workers handle this
@@ -21,6 +41,8 @@ Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip checkpoints when configured
 - Force-advance pipeline past failed review/validation
 - Modify source code directly -- delegate to refactorer worker
 - Call CLI tools (ccw cli) — only workers use CLI
 - Read project source code — delegate to workers
 ## Command Execution Protocol
--- a/.codex/skills/team-brainstorm/SKILL.md
+++ b/.codex/skills/team-brainstorm/SKILL.md
@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `BRS`
--- a/.codex/skills/team-brainstorm/roles/coordinator/role.md
+++ b/.codex/skills/team-brainstorm/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Topic clarification -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Stop after spawning workers -- wait for results via wait_agent
 - Manage Generator-Critic loop count (max 2 rounds)
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Generate ideas, challenge assumptions, synthesize, or evaluate -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Force-advance pipeline past GC loop decisions
 - Modify artifact files (ideas/*.md, critiques/*.md, etc.) -- delegate to workers
 - Skip GC severity check when critique arrives
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
--- a/.codex/skills/team-coordinate/SKILL.md
+++ b/.codex/skills/team-coordinate/SKILL.md
@@ -32,6 +32,30 @@ Universal team coordination skill: analyze task -> generate role-specs -> dispat
    ccw cli --mode write     - code generation and modification
 ```
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent. The overhead is the feature — it provides session tracking, artifact persistence, and resume capability.
 ---
 ## Shared Constants
 | Constant | Value |
--- a/.codex/skills/team-coordinate/roles/coordinator/role.md
+++ b/.codex/skills/team-coordinate/roles/coordinator/role.md
@@ -6,6 +6,39 @@ role: coordinator
 Orchestrate the team-coordinate workflow: task analysis, dynamic role-spec generation, task dispatching, progress monitoring, session state, and completion action. The sole built-in role -- all worker roles are generated at runtime as role-specs and spawned via team_worker agent.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` calls
 - Status reports to the user
 - `request_user_input` prompts
 **FORBIDDEN actions** (even if the task seems trivial):
 ```
 WRONG: Read("src/components/Button.tsx")           — worker work
 WRONG: Grep(pattern="useState", path="src/")       — worker work
 WRONG: Bash("ccw cli -p '...' --tool gemini")      — worker work
 WRONG: Edit("src/utils/helper.ts", ...)             — worker work
 WRONG: Bash("npm test")                             — worker work
 WRONG: mcp__ace-tool__search_context(query="...")   — worker work
 ```
 **CORRECT actions**:
 ```
 OK: Read(".workflow/.team/TC-xxx/team-session.json")  — session state
 OK: Write(".workflow/.team/TC-xxx/tasks.json", ...)   — task management
 OK: Read("roles/coordinator/commands/analyze-task.md") — own instructions
 OK: Read("specs/role-spec-template.md")               — generating role-specs
 OK: spawn_agent({ agent_type: "team_worker", ... })   — delegation
 OK: wait_agent({ ids: [...] })                        — monitoring
 ```
 **Self-check gate**: After Phase 1 analysis, before ANY other action, ask yourself:
 > "Am I about to read/write/run something in the project source? If yes → STOP → spawn worker."
 ---
 ## Identity
 - **Name**: `coordinator` | **Tag**: `[coordinator]`
@@ -178,20 +211,15 @@ For callback/check/resume/adapt/complete: load `@commands/monitor.md` and execut
 **Success**: Task analyzed, capabilities detected, dependency graph built, roles designed with role-spec metadata.
-**CRITICAL - Team Workflow Enforcement**:
+**HARD GATE — Mandatory Delegation**:
-Regardless of complexity score or role count, coordinator MUST:
+After Phase 1 completes, the ONLY valid next step is Phase 2 (generate role-specs → spawn workers). There is NO path from Phase 1 to "just do the work directly."
 - Always proceed to Phase 2 (generate role-specs)
 - Always create team and spawn workers via team_worker agent
 - NEVER execute task work directly, even for single-role low-complexity tasks
 - NEVER skip team workflow based on complexity assessment
-**Single-role execution is still team-based** - just with one worker. The team architecture provides:
+- Complexity=Low, 1 role → spawn 1 worker. NOT "I'll just do it myself."
- Consistent message bus communication
+- Task seems trivial → spawn 1 worker. NOT "This is simple enough."
- Session state management
+- Only one file involved → spawn 1 worker. NOT "Let me just read it quickly."
- Artifact tracking
+
- Fast-advance capability
+**Violation test**: If your next tool call after Phase 1 is anything other than `Read` on session/spec files or `Write` to session state → you are violating the Scope Lock. STOP and reconsider.
 - Resume/recovery mechanisms
 ---
--- a/.codex/skills/team-frontend-debug/SKILL.md
+++ b/.codex/skills/team-frontend-debug/SKILL.md
@@ -56,6 +56,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TFD`
--- a/.codex/skills/team-frontend-debug/roles/coordinator/role.md
+++ b/.codex/skills/team-frontend-debug/roles/coordinator/role.md
@@ -2,6 +2,25 @@
 Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 WRONG: mcp__chrome-devtools__* calls                 — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze bug report -> Create team -> Dispatch debug tasks -> Monitor progress -> Report results
@@ -16,6 +35,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Maintain session state (team-session.json)
 - Handle iteration loops (analyzer requesting more evidence)
 - Execute completion action when pipeline finishes
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
@@ -23,6 +43,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Modify task output artifacts
 - Spawn workers with general-purpose agent (MUST use team-worker)
 - Generate more than 5 worker roles
 - Call CLI tools or Chrome DevTools — only workers use these
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
--- a/.codex/skills/team-frontend/SKILL.md
+++ b/.codex/skills/team-frontend/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `FE`
--- a/.codex/skills/team-frontend/roles/coordinator/role.md
+++ b/.codex/skills/team-frontend/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Stop after spawning workers -- wait for callbacks
 - Handle GC loops (developer <-> qa) with max 2 iterations
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (analyzing, designing, coding, reviewing) -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip architecture review gate when configured (feature/system modes)
 - Force-advance pipeline past failed QA review
 - Modify source code directly -- delegate to developer worker
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
--- a/.codex/skills/team-issue/SKILL.md
+++ b/.codex/skills/team-issue/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TISL`
--- a/.codex/skills/team-issue/roles/coordinator/role.md
+++ b/.codex/skills/team-issue/roles/coordinator/role.md
@@ -6,6 +6,24 @@ role: coordinator
 Orchestrate the issue resolution pipeline: clarify requirements -> create team -> dispatch tasks -> monitor pipeline -> report results. Supports quick, full, and batch modes.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Issue clarification -> Mode detection -> Create team -> Dispatch tasks -> Monitor pipeline -> Report results
@@ -19,6 +37,7 @@ Orchestrate the issue resolution pipeline: clarify requirements -> create team -
 - Stop after spawning workers -- wait for results via wait_agent
 - Handle review-fix cycles with max 2 iterations
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (exploring, planning, reviewing, implementing) -- workers handle this
--- a/.codex/skills/team-iterdev/SKILL.md
+++ b/.codex/skills/team-iterdev/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `IDS`
--- a/.codex/skills/team-iterdev/roles/coordinator/role.md
+++ b/.codex/skills/team-iterdev/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +34,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Handle developer<->reviewer GC loop (max 3 rounds)
 - Maintain tasks.json for real-time progress
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (designing, coding, testing, reviewing) -- workers handle this
@@ -23,6 +42,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Write source code directly
 - Force-advance pipeline past failed review/validation
 - Modify task outputs (workers own their deliverables)
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
--- a/.codex/skills/team-lifecycle-v4/SKILL.md
+++ b/.codex/skills/team-lifecycle-v4/SKILL.md
@@ -55,6 +55,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/`, `templates/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TLV4`
--- a/.codex/skills/team-lifecycle-v4/roles/coordinator/role.md
+++ b/.codex/skills/team-lifecycle-v4/roles/coordinator/role.md
@@ -2,6 +2,28 @@
 Orchestrate team-lifecycle-v4: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user
 - `request_user_input` prompts
 **FORBIDDEN actions** (even if the task seems trivial):
 ```
 WRONG: Read("src/...")                              — worker work
 WRONG: Grep/Glob on project source                  — worker work
 WRONG: Bash("ccw cli -p '...' --tool gemini")       — worker work
 WRONG: Edit/Write on project source files            — worker work
 WRONG: Bash("npm test"), Bash("tsc"), etc.           — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask:
 > "Is this orchestration (session state, spawn, wait) or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -19,10 +41,11 @@ Orchestrate team-lifecycle-v4: analyze -> dispatch -> spawn -> monitor -> report
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
- Execute task work directly
+- Execute task work directly (even for single-role low-complexity tasks)
 - Modify task output artifacts
 - Spawn workers with general-purpose agent (MUST use tlv4_worker)
 - Generate more than 5 worker roles
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
@@ -65,7 +88,10 @@ TEXT-LEVEL ONLY. No source code reading.
 2. Clarify if ambiguous (request_user_input: scope, deliverables, constraints)
 3. Delegate to @commands/analyze.md
 4. Output: task-analysis.json
-5. CRITICAL: Always proceed to Phase 2, never skip team workflow
+5. **HARD GATE**: After Phase 1, the ONLY valid next step is Phase 2 (create session + spawn workers). There is NO path to "just do it directly."
   - Complexity=Low → still spawn worker
   - Single file task → still spawn worker
   - "Seems trivial" → still spawn worker
 ## Phase 2: Create Session + Initialize
--- a/.codex/skills/team-perf-opt/SKILL.md
+++ b/.codex/skills/team-perf-opt/SKILL.md
@@ -57,6 +57,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `PERF-OPT`
--- a/.codex/skills/team-perf-opt/roles/coordinator/role.md
+++ b/.codex/skills/team-perf-opt/roles/coordinator/role.md
@@ -6,6 +6,24 @@
 Orchestrates the performance optimization pipeline: manages task chains, spawns team-worker agents, handles review-fix cycles, and drives the pipeline to completion.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Boundaries
 ### MUST
@@ -16,6 +34,7 @@ Orchestrates the performance optimization pipeline: manages task chains, spawns
 - Stop after spawning workers -- wait for callbacks
 - Handle review-fix cycles with max 3 iterations per branch
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
@@ -24,6 +43,7 @@ Orchestrates the performance optimization pipeline: manages task chains, spawns
 - Skip checkpoints when configured
 - Force-advance pipeline past failed review/benchmark
 - Modify source code directly -- delegate to optimizer worker
 - Call CLI tools (ccw cli) — only workers use CLI
 ---
--- a/.codex/skills/team-planex/SKILL.md
+++ b/.codex/skills/team-planex/SKILL.md
@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `PEX`
--- a/.codex/skills/team-planex/roles/coordinator/role.md
+++ b/.codex/skills/team-planex/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 Orchestrate team-planex: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Parse input -> Create team -> Dispatch PLAN-001 -> Spawn planner -> Monitor results -> Spawn executors -> Report
@@ -14,6 +32,7 @@ Orchestrate team-planex: analyze -> dispatch -> spawn -> monitor -> report.
 - Dispatch tasks via `commands/dispatch.md`
 - Monitor progress via `commands/monitor.md` with Spawn-and-Stop pattern
 - Maintain session state (.msg/meta.json)
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Execute planning or implementation work directly (delegate to workers)
--- a/.codex/skills/team-quality-assurance/SKILL.md
+++ b/.codex/skills/team-quality-assurance/SKILL.md
@@ -47,6 +47,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `QA`
--- a/.codex/skills/team-quality-assurance/roles/coordinator/role.md
+++ b/.codex/skills/team-quality-assurance/roles/coordinator/role.md
@@ -2,6 +2,25 @@
 Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 WRONG: Bash("npm test"), Bash("tsc"), etc.           — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Parse requirements -> Mode selection -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +35,7 @@ Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> r
 - Maintain session state
 - Handle GC loop (generator-executor coverage cycles)
 - Execute completion action when pipeline finishes
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
@@ -23,6 +43,7 @@ Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> r
 - Modify test files or source code
 - Spawn workers with general-purpose agent (MUST use team-worker)
 - Generate more than 6 worker roles
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
--- a/.codex/skills/team-review/SKILL.md
+++ b/.codex/skills/team-review/SKILL.md
@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `RV`
--- a/.codex/skills/team-review/roles/coordinator/role.md
+++ b/.codex/skills/team-review/roles/coordinator/role.md
@@ -2,6 +2,25 @@
 Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Bash("semgrep/eslint/tsc ...")                — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Target parsing, mode detection, task creation/dispatch, stage monitoring, result aggregation
@@ -16,6 +35,7 @@ Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> m
 - Monitor progress via wait_agent and process results
 - Maintain session state (tasks.json)
 - Execute completion action when pipeline finishes
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Run analysis tools directly (semgrep, eslint, tsc, etc.)
@@ -23,6 +43,7 @@ Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> m
 - Perform code review or scanning directly
 - Bypass worker roles
 - Spawn workers with general-purpose agent (MUST use team_worker)
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
--- a/.codex/skills/team-roadmap-dev/SKILL.md
+++ b/.codex/skills/team-roadmap-dev/SKILL.md
@@ -51,6 +51,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `RD`
--- a/.codex/skills/team-roadmap-dev/roles/coordinator/role.md
+++ b/.codex/skills/team-roadmap-dev/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 Orchestrate the roadmap-driven development workflow: init prerequisites -> roadmap discussion with user -> phase dispatch -> monitoring -> transitions -> completion. Coordinator is the ONLY role that interacts with humans.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - **Name**: `coordinator` | **Tag**: `[coordinator]`
@@ -22,6 +40,7 @@ Orchestrate the roadmap-driven development workflow: init prerequisites -> roadm
 - Dispatch tasks with proper dependency chains
 - Monitor progress via worker callbacks and route messages
 - Maintain session state persistence
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
--- a/.codex/skills/team-tech-debt/SKILL.md
+++ b/.codex/skills/team-tech-debt/SKILL.md
@@ -47,6 +47,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TD`
--- a/.codex/skills/team-tech-debt/roles/coordinator/role.md
+++ b/.codex/skills/team-tech-debt/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 技术债务治理团队协调者。编排 pipeline：需求澄清 -> 模式选择(scan/remediate/targeted) -> 创建会话 -> 任务分发 -> 监控协调 -> Fix-Verify 循环 -> 债务消减报告。
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Parse requirements -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +32,7 @@
 - Create tasks in tasks.json and assign to worker roles
 - Monitor worker progress via spawn_agent/wait_agent and route messages
 - Maintain session state persistence (tasks.json)
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Execute tech debt work directly (delegate to workers)
--- a/.codex/skills/team-testing/SKILL.md
+++ b/.codex/skills/team-testing/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `TST`
--- a/.codex/skills/team-testing/roles/coordinator/role.md
+++ b/.codex/skills/team-testing/roles/coordinator/role.md
@@ -2,6 +2,25 @@
 Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Bash("npm test"), Bash("jest"), etc.          — worker work
 WRONG: Edit/Write on test or source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Change scope analysis -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +33,7 @@ Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
 - Respect pipeline stage dependencies (deps)
 - Handle Generator-Critic cycles with max 3 iterations per layer
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (test generation, execution, analysis) -- workers handle this
@@ -21,6 +41,7 @@ Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip quality gates when coverage is below target
 - Modify test files or source code directly -- delegate to workers
 - Force-advance pipeline past failed GC loops
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
--- a/.codex/skills/team-uidesign/SKILL.md
+++ b/.codex/skills/team-uidesign/SKILL.md
@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `UDS`
--- a/.codex/skills/team-uidesign/roles/coordinator/role.md
+++ b/.codex/skills/team-uidesign/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -> monitor -> report. Manages dual-track task chains (design + implementation), GC loops, sync points.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Monitor worker progress via wait_agent and process results
 - Handle Generator-Critic loops with max 2 iterations
 - Maintain session state persistence (tasks.json)
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (researching, designing, auditing, building) -- workers handle this
@@ -23,6 +42,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Force-advance pipeline past failed audit
 - Modify source code or design artifacts directly -- delegate to workers
 - Omit `[coordinator]` identifier in any output
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
--- a/.codex/skills/team-ultra-analyze/SKILL.md
+++ b/.codex/skills/team-ultra-analyze/SKILL.md
@@ -54,6 +54,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `UAN`
--- a/.codex/skills/team-ultra-analyze/roles/coordinator/role.md
+++ b/.codex/skills/team-ultra-analyze/roles/coordinator/role.md
@@ -6,6 +6,24 @@
 Orchestrates the analysis pipeline: topic clarification, pipeline mode selection, task dispatch, discussion loop management, and final synthesis. Spawns team_worker agents for all worker roles.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Boundaries
 ### MUST
@@ -16,6 +34,7 @@ Orchestrates the analysis pipeline: topic clarification, pipeline mode selection
 - Stop after spawning workers -- wait for results via wait_agent
 - Handle discussion loop with max 5 rounds (Deep mode)
 - Execute completion action in Phase 5
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
@@ -23,6 +42,7 @@ Orchestrates the analysis pipeline: topic clarification, pipeline mode selection
 - Spawn workers without creating tasks first
 - Skip checkpoints when configured
 - Force-advance pipeline past failed stages
 - Call CLI tools (ccw cli) — only workers use CLI
 - Directly call cli-explore-agent, CLI analysis tools, or execute codebase exploration
 ---
--- a/.codex/skills/team-ux-improve/SKILL.md
+++ b/.codex/skills/team-ux-improve/SKILL.md
@@ -55,6 +55,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 ## Delegation Lock
 **Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
 Before calling ANY tool, apply this check:
 | Tool Call | Verdict | Reason |
 |-----------|---------|--------|
 | `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
 | `request_user_input` | ALLOWED | User interaction |
 | `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
 | `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
 | `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
 | `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
 | `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
 | `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
 | `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
 **If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
 **No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
 ---
 ## Shared Constants
 - **Session prefix**: `ux-improve`
--- a/.codex/skills/team-ux-improve/roles/coordinator/role.md
+++ b/.codex/skills/team-ux-improve/roles/coordinator/role.md
@@ -2,6 +2,24 @@
 UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -> monitor -> report. Systematically discovers and fixes UI/UX interaction issues.
 ## Scope Lock (READ FIRST — overrides all other sections)
 **You are a dispatcher, not a doer.** Your ONLY outputs are:
 - Session state files (`.workflow/.team/` directory)
 - `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
 - Status reports to the user / `request_user_input` prompts
 **FORBIDDEN** (even if the task seems trivial):
 ```
 WRONG: Read/Grep/Glob on project source code        — worker work
 WRONG: Bash("ccw cli ...")                           — worker work
 WRONG: Edit/Write on project source files            — worker work
 ```
 **Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
 ---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Analyze task -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +34,7 @@ UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> sp
 - Monitor worker progress via message bus and route messages
 - Handle wisdom initialization and consolidation
 - Maintain session state persistence
 - **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Execute worker domain logic directly (scanning, diagnosing, designing, implementing, testing)
@@ -23,6 +42,7 @@ UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> sp
 - Skip completion action
 - Modify source code directly -- delegate to implementer
 - Omit `[coordinator]` identifier in any output
 - Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "claude-code-workflow",
-  "version": "7.2.20",
+  "version": "7.2.21",
  "description": "JSON-driven multi-agent development framework with intelligent CLI orchestration (Gemini/Qwen/Codex), context-first architecture, and automated workflow execution",
  "type": "module",
  "main": "ccw/dist/index.js",