@dv.nghiem/flowdeck 0.4.8 → 0.4.9

package/dist/agents/default-executor.d.ts

@@ -0,0 +1,3 @@
+import type { AgentDefinition } from './types';
+export declare function createDefaultExecutorAgent(model?: string, customPrompt?: string, customAppendPrompt?: string): AgentDefinition;
+//# sourceMappingURL=default-executor.d.ts.map

package/dist/agents/default-executor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default-executor.d.ts","sourceRoot":"","sources":["../../src/agents/default-executor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAgD/C,wBAAgB,0BAA0B,CACxC,KAAK,CAAC,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,GAC1B,eAAe,CAkBjB"}

package/dist/agents/index.d.ts

@@ -21,6 +21,7 @@ import { createPolicyEnforcerAgent } from './policy-enforcer';
 import { createPerformanceOptimizerAgent, createRefactorGuideAgent } from './performance';
 import { createDesignAgent } from './design';
 import { createSupervisorAgent } from './supervisor';
+import { createDefaultExecutorAgent } from './default-executor';
 /** All agent names registered by FlowDeck. */
 export declare const AGENT_NAMES: readonly string[];
 export type AgentMode = 'primary' | 'subagent' | 'all';
@@ -52,5 +53,5 @@ export declare function getAgentConfigs(agentModels?: Record<string, string | un
  * @param customAppendPrompt - optional prompt suffix
  */
 export declare function createOrchestratorAgentForStage(stage: string, model?: string, customPrompt?: string, customAppendPrompt?: string): AgentDefinition;
-export { createOrchestratorAgent, createPlannerAgent, createBackendCoderAgent, createFrontendCoderAgent, createDevopsAgent, createPlanCheckerAgent, createTesterAgent, createReviewerAgent, createResearcherAgent, createWriterAgent, createSecurityAuditorAgent, createDocUpdaterAgent, createMapperAgent, createCodeExplorerAgent, createDebugSpecialistAgent, createBuildErrorResolverAgent, createTaskSplitterAgent, createDiscusserAgent, createArchitectAgent, createRiskAnalystAgent, createPolicyEnforcerAgent, createPerformanceOptimizerAgent, createRefactorGuideAgent, createDesignAgent, createSupervisorAgent, };
+export { createOrchestratorAgent, createPlannerAgent, createBackendCoderAgent, createFrontendCoderAgent, createDevopsAgent, createPlanCheckerAgent, createTesterAgent, createReviewerAgent, createResearcherAgent, createWriterAgent, createSecurityAuditorAgent, createDocUpdaterAgent, createMapperAgent, createCodeExplorerAgent, createDebugSpecialistAgent, createBuildErrorResolverAgent, createTaskSplitterAgent, createDiscusserAgent, createArchitectAgent, createRiskAnalystAgent, createPolicyEnforcerAgent, createPerformanceOptimizerAgent, createRefactorGuideAgent, createDesignAgent, createSupervisorAgent, createDefaultExecutorAgent, };
 //# sourceMappingURL=index.d.ts.map

package/dist/agents/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,KAAK,EAAE,eAAe,EAAgB,MAAM,SAAS,CAAC;AAE7D,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,0BAA0B,EAAE,6BAA6B,EAAE,MAAM,SAAS,CAAC;AACpF,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EACL,+BAA+B,EAC/B,wBAAwB,EACzB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAGrD,8CAA8C;AAC9C,eAAO,MAAM,WAAW,EAAE,SAAS,MAAM,EA2B/B,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,UAAU,GAAG,KAAK,CAAC;AAmBvD;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,KAAK,CAAC,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,GAC1B,eAAe,GAAG,SAAS,CAiH7B;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,eAAe,EAAE,CAYhG;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAuB7G;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,GAC1B,eAAe,CAIjB;AAGD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,EACrB,iBAAiB,EACjB,0BAA0B,EAC1B,qBAAqB,EACrB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,6BAA6B,EAC7B,uBAAuB,EACvB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,yBAAyB,EACzB,+BAA+B,EAC/B,wBAAwB,EACxB,iBAAiB,EACjB,qBAAqB,GACtB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,KAAK,EAAE,eAAe,EAAgB,MAAM,SAAS,CAAC;AAE7D,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,0BAA0B,EAAE,6BAA6B,EAAE,MAAM,SAAS,CAAC;AACpF,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EACL,+BAA+B,EAC/B,wBAAwB,EACzB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAGhE,8CAA8C;AAC9C,eAAO,MAAM,WAAW,EAAE,SAAS,MAAM,EA4B/B,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,UAAU,GAAG,KAAK,CAAC;AAmBvD;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,KAAK,CAAC,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,GAC1B,eAAe,GAAG,SAAS,CAuH7B;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,eAAe,EAAE,CAYhG;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAuB7G;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,GAC1B,eAAe,CAIjB;AAGD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,EACrB,iBAAiB,EACjB,0BAA0B,EAC1B,qBAAqB,EACrB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,6BAA6B,EAC7B,uBAAuB,EACvB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,yBAAyB,EACzB,+BAA+B,EAC/B,wBAAwB,EACxB,iBAAiB,EACjB,qBAAqB,EACrB,0BAA0B,GAC3B,CAAC"}

package/dist/agents/orchestrator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../../src/agents/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAyQ/C,wBAAgB,uBAAuB,CACrC,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAC5B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,CA4BR;AAED,wBAAgB,uBAAuB,CACrC,KAAK,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,EACjE,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,EAC3B,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAC5B,aAAa,CAAC,EAAE,MAAM,GACrB,eAAe,CAuBjB"}
+{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../../src/agents/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAsV/C,wBAAgB,uBAAuB,CACrC,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAC5B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,CA6BR;AAED,wBAAgB,uBAAuB,CACrC,KAAK,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,EACjE,YAAY,CAAC,EAAE,MAAM,EACrB,kBAAkB,CAAC,EAAE,MAAM,EAC3B,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAC5B,aAAa,CAAC,EAAE,MAAM,GACrB,eAAe,CAuBjB"}

package/dist/hooks/orchestrator-guard-hook.d.ts

@@ -1,13 +1,13 @@
 /**
  * Orchestrator Guard Hook
  *
- * Enforces the "orchestrator as coordinator" rule for the primary session.
- * The orchestrator may inspect files and planning state directly, but it should
- * route file writes and shell-heavy execution to specialist agents instead of
- * using blocked tools in the primary session.
+ * Enforces the "orchestrator as coordinator, not executor" rule for the primary session.
+ * The orchestrator may inspect files and planning state directly, but it CANNOT
+ * use file-write, edit, or shell tools. Those MUST be routed to specialist agents
+ * or the default-executor.
  *
- * To enable: set FLOWDECK_ORCHESTRATOR_GUARD=on in the environment.
- * Default is OFF.
+ * To disable: set FLOWDECK_ORCHESTRATOR_GUARD=off in the environment.
+ * Default is ON.
  */
 export declare class OrchestratorGuard {
     private primarySessionId;
@@ -19,5 +19,11 @@ export declare class OrchestratorGuard {
         sessionId?: string;
     }): void;
     check(sessionId: string, toolName: string): void;
+    /** Exposed for testing. */
+    _isBlockedForTest(name: string): boolean;
+    /** Exposed for testing. */
+    _isAllowedForTest(name: string): boolean;
+    /** Exposed for testing. */
+    _setPrimarySessionIdForTest(id: string | null): void;
 }
 //# sourceMappingURL=orchestrator-guard-hook.d.ts.map

package/dist/hooks/orchestrator-guard-hook.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"orchestrator-guard-hook.d.ts","sourceRoot":"","sources":["../../src/hooks/orchestrator-guard-hook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAuDH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,gBAAgB,CAAsB;IAE9C,OAAO,CAAC,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAkBtH,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;CASjD"}
+{"version":3,"file":"orchestrator-guard-hook.d.ts","sourceRoot":"","sources":["../../src/hooks/orchestrator-guard-hook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsHH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,gBAAgB,CAAsB;IAE9C,OAAO,CAAC,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAkBtH,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAUhD,2BAA2B;IAC3B,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIxC,2BAA2B;IAC3B,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIxC,2BAA2B;IAC3B,2BAA2B,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;CAGrD"}

package/dist/index.js

@@ -3381,7 +3381,7 @@ function createCompactionHook(ctx, tracker) {
 }
 
 // src/hooks/orchestrator-guard-hook.ts
-var DISABLED = process.env.FLOWDECK_ORCHESTRATOR_GUARD !== "on";
+var DISABLED = process.env.FLOWDECK_ORCHESTRATOR_GUARD === "off";
 var BLOCKED_TOOLS = new Set([
   "write_file",
   "write",
@@ -3398,20 +3398,63 @@ var BLOCKED_TOOLS = new Set([
   "execute",
   "run_command",
   "terminal",
-  "shell"
+  "shell",
+  "python",
+  "run_python",
+  "js",
+  "run_js",
+  "npm",
+  "pnpm",
+  "yarn",
+  "bun",
+  "cargo",
+  "go",
+  "make",
+  "cmake",
+  "docker",
+  "kubectl",
+  "terraform",
+  "pulumi"
 ]);
 var ALWAYS_ALLOWED = new Set([
+  "read",
+  "read_file",
+  "view",
+  "search",
+  "grep",
+  "glob",
   "planning-state",
   "codebase-state",
   "repo-memory",
   "decision-trace",
   "policy-engine",
-  "reflect"
+  "reflect",
+  "codegraph",
+  "codegraph-search",
+  "codegraph-node",
+  "codegraph-explore",
+  "load-rules",
+  "list-rules",
+  "council",
+  "rtk-setup",
+  "hash-edit",
+  "failure-replay"
 ]);
+function normalizeToolName(name) {
+  return name.toLowerCase().replace(/[-_]/g, "");
+}
 function isBlocked2(name) {
-  const norm = name.toLowerCase().replace(/[-_]/g, "");
+  const norm = normalizeToolName(name);
   for (const b of BLOCKED_TOOLS) {
-    if (norm === b.replace(/[-_]/g, "") || norm === b.replace(/_/g, ""))
+    if (norm === normalizeToolName(b))
+      return true;
+  }
+  return false;
+}
+function isAlwaysAllowed(name) {
+  const norm = normalizeToolName(name);
+  for (const a of ALWAYS_ALLOWED) {
+    if (norm === normalizeToolName(a))
       return true;
   }
   return false;
@@ -3419,17 +3462,21 @@ function isBlocked2(name) {
 function blockMessage(toolName) {
   return `[Orchestrator Guard] The orchestrator cannot use \`${toolName}\` directly.
 
-` + `Use built-in read/search tools for lightweight inspection, then route execution with OpenCode's native @agent invocation.
+` + `The orchestrator is a coordinator, not an executor.
+
+` + `Routing options:
+` + `  @default-executor  — simple direct tasks (rename, typo fix, quick edit)
+` + `  @backend-coder     — backend code writing and editing
+` + `  @frontend-coder    — frontend code writing and editing
+` + `  @devops            — CI/CD, deploy, and infrastructure changes
+` + `  @mapper            — codebase mapping
+` + `  @researcher        — focused research and file analysis
+` + `  @tester            — tests, builds, and shell-heavy verification
+` + `  @writer            — documentation writing
 
-` + `Recommended handoffs:
-` + `  @backend-coder   — backend code writing and editing
-` + `  @frontend-coder  — frontend code writing and editing
-` + `  @devops          — CI/CD, deploy, and infrastructure changes
-` + `  @mapper          — codebase mapping
-` + `  @researcher      — focused research and file analysis
-` + `  @tester          — tests, builds, and shell-heavy verification
+` + `Allowed tools for orchestrator: read, search, planning-state, codebase-state, repo-memory, decision-trace, policy-engine, reflect, codegraph, load-rules, council, rtk-setup, hash-edit, failure-replay.
 
-` + `To enable this guard: set FLOWDECK_ORCHESTRATOR_GUARD=on`;
+` + `To disable this guard: set FLOWDECK_ORCHESTRATOR_GUARD=off`;
 }
 
 class OrchestratorGuard {
@@ -3461,12 +3508,21 @@ class OrchestratorGuard {
       return;
     if (sessionId !== this.primarySessionId)
       return;
-    if (ALWAYS_ALLOWED.has(toolName))
+    if (isAlwaysAllowed(toolName))
       return;
     if (isBlocked2(toolName)) {
       throw new Error(blockMessage(toolName));
     }
   }
+  _isBlockedForTest(name) {
+    return isBlocked2(name);
+  }
+  _isAllowedForTest(name) {
+    return isAlwaysAllowed(name);
+  }
+  _setPrimarySessionIdForTest(id) {
+    this.primarySessionId = id;
+  }
 }
 function extractSessionId(event) {
   const props = event.properties;
@@ -3597,14 +3653,143 @@ ${customAppendPrompt}`;
   return base;
 }
 // src/agents/orchestrator.ts
-var ORCHESTRATOR_PROMPT = `You coordinate multi-agent execution. Read planning state, inspect the codebase with built-in tools when needed, and route specialized work to the right agent using OpenCode's native agent invocation.
+var ORCHESTRATOR_PROMPT = `You are the FlowDeck Orchestrator. You coordinate multi-agent execution. You do NOT execute tasks yourself.
+
+## Core Rule: You Are a Router, Not a Worker
+
+**NEVER** perform the following directly:
+- Write or edit files
+- Run shell commands, bash scripts, or terminal operations
+- Run tests or builds
+- Implement code
+- Do full investigations
+- Run the entire coding workflow yourself
+
+Your ONLY job is to:
+1. **Analyze** the request
+2. **Classify** the task type and estimate complexity/risk/ambiguity
+3. **Choose** the appropriate workflow and execution path
+4. **Route** work to the correct agent or execution path
+5. **Supervise** progress
+6. **Collect** results
+7. **Return** the final coordinated outcome
+
+## Routing-First Protocol
+
+For EVERY user request, you MUST follow this exact sequence BEFORE any execution begins:
+
+### Step 1: Analyze
+- Read STATE.md if it exists
+- Identify current phase and workflow class
+- Understand what the user is asking for
+
+### Step 2: Classify
+Estimate:
+- Simplicity: Is this a rename, typo fix, config update, or simple question?
+- Confidence: How well does the request match known patterns?
+- Risk: Blast radius (files touched) and sensitivity (auth, security, data)
+- Codebase familiarity: Is the codebase mapping fresh?
+- Complexity: Cheap (classify, validate, summarize) vs expensive (architect, refactor)
+
+### Step 3: Choose Workflow
+Select ONE of these workflow classes:
+
+| Workflow Class | Execution Path | When to Select |
+|----------------|---------------|----------------|
+| \`quick\` | Route to @default-executor with \`direct-stock-tools\` mode | Simple, low-risk tasks (< 5 files, no ambiguity) |
+| \`standard\` | Plan with @planner → Execute with specialists → Verify with @reviewer | Normal implementation tasks |
+| \`explore\` | Discuss with @discusser → Plan with @planner → Execute with specialists | Ambiguous or unfamiliar tasks |
+| \`ui-heavy\` | Discuss with @discusser → Design with @design → Plan with @planner → Execute with specialists | UI/UX-heavy tasks |
+| \`bugfix\` | Discuss with @discusser → Fix with @debug-specialist / @backend-coder → Verify with @tester | Bug fixes |
+| \`docs-only\` | Route to @default-executor with \`inspect-only\` or \`simple-edit\` mode, or @writer for large docs | Documentation-only changes |
+| \`verify-heavy\` | Plan with @planner (enhanced checks) → Execute with specialists → Verify with @reviewer + @security-auditor | High blast radius or sensitive paths |
+
+### Step 4: Log the Decision
+Before routing, you MUST emit a routing decision in this exact format:
 
-## Operating Model
+\`\`\`
+## Routing Decision
+
+**Request:** <brief summary of user request>
+**Classification:** <task type> | Confidence: <0.0-1.0>
+**Workflow Selected:** <workflow class>
+**Reason:** <why this workflow was chosen>
+**Execution Path:** <which agent(s) will execute>
+**Estimated Blast Radius:** <number of files or "unknown">
+\`\`\`
 
-- Start by reading STATE.md and the active PLAN.md.
-- Use built-in read/search tools directly for lightweight inspection and progress tracking.
-- Use native agent routing for implementation, testing, deep research, reviews, and other specialist work.
-- Do not rely on the removed FlowDeck-specific delegation tools.
+### Step 5: Route and Supervise
+- Invoke the selected agent(s) using OpenCode's native @agent invocation
+- Provide clear, focused context
+- Wait for completion
+- Collect results
+- If escalation is needed, log the escalation and re-route
+
+## What You MAY Do Directly
+
+You may ONLY use these tools directly:
+- **read** — Read files for lightweight inspection
+- **search/grep** — Search codebase for patterns
+- **planning-state** — Read/update planning state
+- **codebase-state** — Read codebase documentation
+- **repo-memory** — Query architecture graph
+- **decision-trace** — Record decisions
+- **policy-engine** — Check policies
+- **reflect** — Gather session artifacts
+
+You may NEVER use:
+- write, write_file, create, create_file
+- edit, edit_file, patch, apply_patch, str_replace_editor, str_replace
+- bash, run_bash, execute, run_command, terminal, shell
+- Any tool that modifies the filesystem or executes commands
+
+## Execution Paths After Routing
+
+### Direct Execution Path (via @default-executor)
+When workflow class is \`quick\` or \`docs-only\` (simple):
+- Route to @default-executor with an explicit mode:
+  - \`direct-stock-tools\` — for simple file changes
+  - \`quick-answer\` — for questions
+  - \`inspect-only\` — for analysis/reporting
+  - \`simple-edit\` — for surgical changes
+- The @default-executor is the worker; you are the coordinator
+
+### Specialist Execution Path
+When workflow class is \`standard\`, \`explore\`, \`ui-heavy\`, \`bugfix\`, or \`verify-heavy\`:
+- Route implementation to role-specific specialists:
+  - @backend-coder — server, API, business logic, database
+  - @frontend-coder — UI components, client state, styling
+  - @devops — CI/CD, deployment, infrastructure
+  - @tester — tests, builds, verification
+  - @researcher — API docs, library research
+  - @reviewer — code quality review
+  - @security-auditor — security review
+  - @debug-specialist — root cause analysis
+
+### Parallel Execution Patterns
+
+Wave 1 (parallel):
+  @researcher       — research the library API
+  @backend-coder    — implement the model and types
+  @tester           — write test cases
+
+Wave 2 (after Wave 1):
+  @backend-coder    — implement service using Wave 1 research
+  @reviewer         — review Wave 1 implementation
+
+## Adaptive Routing and Escalation
+
+If you discover during supervision that the initial workflow class is insufficient:
+1. Log the escalation with reason
+2. Select the richer workflow class
+3. Re-route the remaining work to appropriate agents
+4. You STILL do not execute the work yourself
+
+Escalation paths:
+- quick → standard: when blast radius exceeds 3 files
+- standard → verify-heavy: when sensitive paths are touched
+- standard → ui-heavy: when design requirements emerge
+- explore → standard: when confidence improves after discussion
 
 ## Startup Behavior
 
@@ -3620,18 +3805,14 @@ If STATE.md does not exist, tell the user: No STATE.md found. Run /fd-map-codeba
 Read STATE.md to determine the current phase and workflow class.
 
 The orchestrator may run in any phase, but should respect the workflow class:
-- For \`quick\` workflows: run directly in execute phase, skip discuss/plan.
+- For \`quick\` workflows: route to @default-executor, skip discuss/plan.
 - For \`standard\` workflows: plan → execute → verify.
 - For \`explore\` workflows: discuss → plan → execute → verify.
 - For \`ui-heavy\` workflows: discuss → design → plan → execute → verify.
 - For \`bugfix\` workflows: discuss → fix-bug → verify.
-- For \`docs-only\` workflows: write-docs → verify.
+- For \`docs-only\` workflows: route to @default-executor or @writer.
 - For \`verify-heavy\` workflows: plan → execute → verify (with enhanced checks).
 
-If the project is in a different phase than expected:
-- Suggest the correct next command but allow override for adaptive workflows.
-- Log any phase skips with reasons.
-
 ## State-First Read Strategy
 
 Before invoking an agent that needs codebase context:
@@ -3649,60 +3830,6 @@ For each incomplete step in PLAN.md:
 4. Wait for completion, then update and re-read STATE.md.
 5. Move to the next incomplete step.
 
-## Implementation Routing
-
-When a plan step requires implementation, route to a role-specific agent:
-- Use @backend-coder for server, API, business logic, database, and non-UI application code.
-- Use @frontend-coder for UI components, client state, styling, and interaction behavior.
-- Use @devops for CI/CD workflows, deployment, infrastructure, runtime config, and operations scripts.
-- Split mixed-domain steps into smaller specialist handoffs when that reduces risk.
-
-## Agent Team
-
-- @design: discovery, UX planning, wireframes, visual system, implementation handoff, design fidelity review
-- @backend-coder: backend code implementation
-- @frontend-coder: frontend code implementation
-- @devops: CI/CD and infrastructure implementation
-- @researcher: API docs and library usage
-- @tester: writing and running tests
-- @reviewer: code quality review
-- @writer: documentation
-- @mapper: codebase mapping to .codebase/
-- @architect: system design and ADRs
-- @security-auditor: security review
-- @code-explorer: reading unfamiliar code
-- @debug-specialist: root cause analysis
-- @build-error-resolver: build and compile failures
-- @doc-updater: updating existing docs
-- @task-splitter: decomposing complex tasks
-- @discusser: requirements extraction
-- @plan-checker: plan quality review
-- @planner: feature planning
-- @performance-optimizer: performance analysis
-- @refactor-guide: safe refactoring
-
-## Adaptive Workflow Routing
-
-The orchestrator reads the workflow class from STATE.md and adapts its behavior:
-
-| Workflow Class | Stages | When Used |
-|----------------|--------|-----------|
-| \`quick\` | execute → verify | Simple, low-risk tasks (< 5 files, no ambiguity) |
-| \`standard\` | plan → execute → verify | Normal implementation tasks |
-| \`explore\` | discuss → plan → execute → verify | Ambiguous or unfamiliar tasks |
-| \`ui-heavy\` | discuss → design → plan → execute → verify | UI/UX-heavy tasks |
-| \`bugfix\` | discuss → fix-bug → verify | Bug fixes |
-| \`docs-only\` | write-docs → verify | Documentation-only changes |
-| \`verify-heavy\` | plan → execute → verify | High blast radius or sensitive paths |
-
-- discuss: requirements extraction with @discusser (only for explore/bugfix/ui-heavy)
-- plan: plan creation with @planner, review with @plan-checker (skip for quick/docs-only)
-- design: UX structure with @design (only for ui-heavy)
-- execute: implementation with appropriate specialists
-- verify: review with @reviewer and @security-auditor (always run for edited code)
-
-The workflow class is chosen by scoring task complexity, confidence, risk, and codebase familiarity. Prefer the lightest workflow that is sufficient. Escalate to a richer workflow only when evidence shows the current path is insufficient.
-
 ## Tracking
 
 After each step completes:
@@ -3730,6 +3857,11 @@ When a task required unusual human guidance, a novel solution strategy, or expos
 
 Do NOT create a skill for routine tasks. Only capture genuinely novel or reusable patterns.`;
 var AGENT_DESCRIPTIONS = {
+  "default-executor": `@default-executor
+- Role: Default execution worker for simple, direct tasks
+- Permissions: Read/write files, shell execution
+- Best for: Quick answers, simple edits, inspect-only analysis, direct stock-tool usage
+- Use when: Workflow class is \`quick\` or \`docs-only\`, or a single focused task needs direct execution`,
   design: `@design
 - Role: Runs design-first workflow for user-facing tasks
 - Permissions: Read/write files
@@ -3858,8 +3990,9 @@ ${enabledAgents}
 - Review available agents before acting
 - Reference paths and line numbers instead of pasting full files
 - Provide context summaries, then let specialists inspect what they need
-- Use direct built-in tools yourself for lightweight reading and status tracking
-- Use native agent routing when specialist work or deeper execution is the better fit
+- Use direct built-in tools ONLY for lightweight reading and status tracking
+- NEVER use write/edit/bash tools yourself — always route execution to agents
+- Log every routing decision before handing off work
 
 </Delegation>`;
 }
@@ -3868,7 +4001,7 @@ function createOrchestratorAgent(model, customPrompt, customAppendPrompt, disabl
   const prompt = resolvePrompt(basePrompt, customPrompt, customAppendPrompt);
   const definition = {
     name: "orchestrator",
-    description: "AI coding orchestrator that coordinates specialist agents and built-in tools for execution",
+    description: "AI coding orchestrator that coordinates specialist agents. Routes all work to appropriate agents and workflows. Does not execute tasks directly.",
     config: {
       temperature: 0.1,
       prompt
@@ -6553,9 +6686,71 @@ function createSupervisorAgent(model, customPrompt, customAppendPrompt) {
   return definition;
 }
 
+// src/agents/default-executor.ts
+var DEFAULT_EXECUTOR_PROMPT = `You are the Default Execution Agent — the worker that handles simple, direct tasks when the orchestrator has explicitly routed work to you through a chosen direct workflow.
+
+## Your Role
+
+You execute. You do NOT route, plan, or orchestrate.
+You receive a specific task from the orchestrator with a chosen execution mode, and you carry it out using the full set of available tools.
+
+## Execution Modes
+
+The orchestrator selects one of these modes when routing to you:
+
+- **direct-stock-tools** — Use OpenCode's built-in read/search/write/edit/bash tools directly to complete a focused task that fits in < 5 files and has no ambiguity.
+- **quick-answer** — Answer a question or provide information using read/search tools only. No file modifications.
+- **inspect-only** — Read and analyze code to answer questions or produce reports. No modifications.
+- **simple-edit** — Make a small, surgical change (rename, typo fix, constant update, config change). Must be reversible and low-risk.
+
+## Rules
+
+1. **Execute exactly what was routed to you.** Do not expand scope.
+2. **Do not invent new workflows.** If the task is bigger than expected, report back to the orchestrator — do not silently absorb it.
+3. **Use the simplest tool for the job.** Prefer read/search for investigation, write/edit for changes, bash for verification.
+4. **Report completion clearly.** Summarize what was done and any issues encountered.
+5. **Escalate if complexity emerges.** If you discover the task touches > 5 files, requires architectural decisions, or involves security-sensitive paths, stop and report to the orchestrator for re-routing.
+
+## Anti-Patterns
+
+- Do NOT act as an orchestrator yourself.
+- Do NOT route work to other agents.
+- Do NOT silently expand a "simple edit" into a full refactor.
+- Do NOT bypass the orchestrator's routing decision.
+
+## Completion Format
+
+When done, respond with:
+
+\`\`\`
+## Execution Complete
+
+**Mode:** <the mode you were given>
+**Files touched:** <list or "none">
+**Summary:** <what was done>
+**Verification:** <how you confirmed it works>
+**Issues:** <any problems found, or "none">
+\`\`\``;
+function createDefaultExecutorAgent(model, customPrompt, customAppendPrompt) {
+  const prompt = resolvePrompt(DEFAULT_EXECUTOR_PROMPT, customPrompt, customAppendPrompt);
+  const definition = {
+    name: "default-executor",
+    description: "Default execution worker for direct, simple tasks routed by the orchestrator. Handles quick-answer, inspect-only, simple-edit, and direct-stock-tools workflows.",
+    config: {
+      temperature: 0.1,
+      prompt
+    }
+  };
+  if (typeof model === "string" && model) {
+    definition.config.model = model;
+  }
+  return definition;
+}
+
 // src/agents/index.ts
 var AGENT_NAMES = [
   "orchestrator",
+  "default-executor",
   "planner",
   "backend-coder",
   "frontend-coder",
@@ -6598,6 +6793,8 @@ function createAgent(name, model, customPrompt, customAppendPrompt) {
   switch (name) {
     case "orchestrator":
       return createOrchestratorAgent(model, customPrompt, customAppendPrompt);
+    case "default-executor":
+      return createDefaultExecutorAgent(model, customPrompt, customAppendPrompt);
     case "planner":
       return createPlannerAgent(model, customPrompt, customAppendPrompt);
     case "backend-coder":

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dv.nghiem/flowdeck",
-  "version": "0.4.8",
+  "version": "0.4.9",
   "description": "FlowDeck — structured planning and execution workflows for OpenCode",
   "type": "module",
   "main": "./dist/index.js",

package/src/rules/common/agent-orchestration.md

@@ -7,23 +7,40 @@ languages: []
 
 # Agent Orchestration
 
-FlowDeck provides 23 specialist agents. Each has a specific role. Using the right agent gets better results faster.
+FlowDeck provides specialist agents. The orchestrator routes work to them. The orchestrator does NOT execute work itself.
+
+## Core Principle: Orchestrator = Router, Not Worker
+
+The orchestrator's ONLY responsibilities:
+1. **Analyze** the request
+2. **Classify** the task type
+3. **Choose** the appropriate workflow
+4. **Route** work to the correct agent
+5. **Supervise** progress
+6. **Collect** results
+7. **Return** the final coordinated outcome
+
+The orchestrator NEVER:
+- Writes or edits files directly
+- Runs shell commands or builds
+- Implements code itself
+- Runs the full coding workflow itself
 
 ## Available FlowDeck Agents
 
 | Agent | Purpose | When to Use |
 |-------|---------|------------|
+| `@orchestrator` | **Coordinate multi-agent execution** | Managing a full feature delivery — analyzes, classifies, routes, supervises |
+| `@default-executor` | **Execute simple direct tasks** | Quick answers, simple edits, inspect-only analysis, direct stock-tool usage |
 | `@architect` | System design, ADRs, API contracts | Planning new modules, API changes, schema changes |
 | `@build-error-resolver` | Fix build failures and type errors | Immediately when build fails |
-| `@build-resolver` | Diagnose and fix build/compile failures | When build breaks and cause is unclear |
 | `@code-explorer` | Map unfamiliar codebase structure | Before modifying unfamiliar code |
-| `@backend-coder` | Implement features and fixes | All code implementation |
+| `@backend-coder` | Implement features and fixes | All backend code implementation |
 | `@debug-specialist` | Root cause analysis for bugs | When a bug needs deep investigation |
 | `@discusser` | Extract requirements via Q&A | Starting a new feature or phase |
 | `@doc-updater` | Update docs after code changes | After implementation completes |
 | `@plan-checker` | Review PLAN.md before execution | Before executing any plan |
 | `@mapper` | Map codebase to .codebase/ docs | Running /fd-map-codebase |
-| `@orchestrator` | Coordinate multi-agent execution | Managing a full feature delivery |
 | `@task-splitter` | Decompose parallel workstreams | When tasks can run simultaneously |
 | `@performance-optimizer` | Profile and fix performance issues | When app is slow or before release |
 | `@planner` | Create detailed implementation plans | Any multi-file feature |
@@ -31,16 +48,52 @@ FlowDeck provides 23 specialist agents. Each has a specific role. Using the righ
 | `@researcher` | Research APIs, docs, best practices | Using an unfamiliar library or API |
 | `@reviewer` | Code quality and convention review | After writing code, before PRs |
 | `@security-auditor` | Deep security audit | Before merging security-sensitive code |
-| `@task-splitter` | Decompose tasks into parallel tracks | Complex features with parallel work |
 | `@tester` | Write and run tests (TDD) | Implementing features or fixing bugs |
 | `@writer` | Draft project documentation | Writing or updating docs |
 
-## When to Use Agents Immediately (No Prompting Needed)
+## Execution Paths
+
+After the orchestrator analyzes and classifies a request, it selects ONE execution path:
+
+### Direct Execution Path (via @default-executor)
+
+For simple, low-risk tasks (< 5 files, no ambiguity):
+- **Mode:** `direct-stock-tools` — use built-in tools directly for focused changes
+- **Mode:** `quick-answer` — answer questions, no file modifications
+- **Mode:** `inspect-only` — read and analyze, produce reports
+- **Mode:** `simple-edit` — surgical changes (rename, typo fix, constant update)
+
+The orchestrator routes to `@default-executor` with the chosen mode. The orchestrator does NOT do the work itself.
+
+### Specialist Execution Path
+
+For normal or complex tasks:
+- Implementation → `@backend-coder`, `@frontend-coder`, `@devops`
+- Testing → `@tester`
+- Research → `@researcher`
+- Review → `@reviewer`, `@security-auditor`
+- Debug → `@debug-specialist`
+- Docs → `@writer`, `@doc-updater`
+
+### Workflow Classes
+
+| Class | Stages | Executor | When Selected |
+|-------|--------|----------|---------------|
+| `quick` | execute → verify | `@default-executor` | Simple, low-risk tasks (< 5 files, no ambiguity) |
+| `standard` | plan → execute → verify | Specialists | Normal implementation tasks |
+| `explore` | discuss → plan → execute → verify | Specialists | Ambiguous or unfamiliar tasks |
+| `ui-heavy` | discuss → design → plan → execute → verify | Specialists | UI/UX-heavy tasks |
+| `bugfix` | discuss → fix-bug → verify | Specialists | Bug fixes |
+| `docs-only` | write-docs → verify | `@default-executor` or `@writer` | Documentation-only changes |
+| `verify-heavy` | plan → execute → verify | Specialists | High blast radius or sensitive paths |
+
+## When to Use Agents Immediately
 
 These situations should trigger agent use automatically:
 
 | Situation | Agent |
 |-----------|-------|
+| Simple task (< 5 files, no ambiguity) | `@default-executor` |
 | Complex feature spanning 3+ files | `@planner` first, then `@backend-coder` |
 | Code was just written | `@reviewer` |
 | Build fails | `@build-error-resolver` |
@@ -75,47 +128,34 @@ Parallel:
 
 ## Adaptive Workflow Routing
 
-FlowDeck uses adaptive workflow routing. The orchestrator selects the most appropriate workflow class at runtime based on task context, complexity, risk, and codebase familiarity.
-
-### Workflow Classes
-
-| Class | Stages | When Selected |
-|-------|--------|---------------|
-| `quick` | execute → verify | Simple, low-risk tasks (< 5 files, no ambiguity) |
-| `standard` | plan → execute → verify | Normal implementation tasks |
-| `explore` | discuss → plan → execute → verify | Ambiguous or unfamiliar tasks |
-| `ui-heavy` | discuss → design → plan → execute → verify | UI/UX-heavy tasks |
-| `bugfix` | discuss → fix-bug → verify | Bug fixes |
-| `docs-only` | write-docs → verify | Documentation-only changes |
-| `verify-heavy` | plan → execute → verify | High blast radius or sensitive paths |
+The orchestrator selects the most appropriate workflow class at runtime based on task context, complexity, risk, and codebase familiarity.
 
 ### Routing Criteria
 
-The orchestrator scores tasks across these dimensions:
 - **Simplicity**: Is the task a simple rename, typo fix, or config update?
 - **Confidence**: How well does the task description match known patterns?
 - **Risk**: Is the blast radius small (< 3 files) and are no sensitive paths touched?
 - **Codebase familiarity**: Is the codebase mapping fresh (< 24h)?
 - **Complexity**: Is the task cheap (classify, validate, summarize) vs expensive (architect, refactor entire system)?
 
-The workflow class with the highest score is selected. The orchestrator prefers the lightest workflow that is sufficient.
-
-### Phase Behavior
-
-- **quick / docs-only**: Skip discuss and plan phases. Run execute directly.
-- **standard / verify-heavy**: Skip discuss. Start with plan.
-- **explore / bugfix / ui-heavy**: Include discuss phase for requirements gathering.
-- **ui-heavy**: Always include design phase before execute.
+The orchestrator prefers the lightest workflow that is sufficient. Escalate to a richer workflow only when evidence shows the current path is insufficient.
 
 ### Escalation
 
-If the orchestrator discovers during execution that the initial workflow class is insufficient, it escalates to a richer workflow:
+If the orchestrator discovers during supervision that the initial workflow class is insufficient, it escalates and re-routes:
 - quick → standard: when blast radius exceeds 3 files
 - standard → verify-heavy: when sensitive paths are touched
 - standard → ui-heavy: when design requirements emerge
 - explore → standard: when confidence improves after discussion
 
-Escalation is logged with reasons and triggers replanning.
+Escalation is logged with reasons and triggers re-routing to appropriate agents. The orchestrator STILL does not execute the work itself.
+
+### Phase Behavior
+
+- **quick / docs-only**: Skip discuss and plan phases. Route to `@default-executor`.
+- **standard / verify-heavy**: Skip discuss. Start with plan.
+- **explore / bugfix / ui-heavy**: Include discuss phase for requirements gathering.
+- **ui-heavy**: Always include design phase before execute.
 
 ### Phase Gating (Relaxed)
 
@@ -123,3 +163,21 @@ Phase gating is advisory, not absolute:
 - For `quick` and `docs-only` workflows: phases may be skipped without override.
 - For other workflows: follow the phase order for the selected workflow class.
 - The orchestrator may override phase gating when the workflow class permits it.
+
+## Tool Access Enforcement
+
+The orchestrator is restricted from using execution tools directly:
+
+**Blocked for orchestrator:**
+- File writes: `write`, `create`, `edit`, `patch`, `str_replace_editor`
+- Shell execution: `bash`, `execute`, `terminal`, `shell`
+- Build/test runners: `npm`, `bun`, `cargo`, `make`
+- Container/deployment: `docker`, `kubectl`, `terraform`
+
+**Allowed for orchestrator:**
+- Read/search: `read`, `search`, `grep`, `glob`
+- Planning: `planning-state`, `codebase-state`, `repo-memory`
+- Governance: `decision-trace`, `policy-engine`, `reflect`
+- Analysis: `codegraph`, `load-rules`, `council`
+
+All file modifications and command execution MUST be routed to `@default-executor` or specialist agents.