claude-code-workflow 7.2.20 → 7.2.21

package/.claude/commands/workflow/analyze-with-file.md

@@ -230,23 +230,37 @@ Do NOT write files.
 }
 ```
 
-**Phase B — Perspective Deep-Dive** (parallel, only for multi-perspective, max 4):
+**Phase B — Perspective Deep-Dive** (PARALLEL, only for multi-perspective, max 4):
 Each perspective agent receives shared Layer 1 results, performs only Layer 2-3 on its relevant subset.
 Skip if single-perspective (single mode proceeds directly to Step 2 CLI analysis with Layer 1 results).
 
+**CRITICAL — Parallel Execution**: Launch ALL perspective Agent() calls in the SAME response block so Claude Code executes them concurrently. Do NOT use a loop that waits for each agent before starting the next.
+
 ```javascript
 // Per-perspective Layer 2-3 — receives shared discovery, avoids re-scanning
 // Only runs in multi-perspective mode
+// PARALLEL: All Agent() calls MUST appear in ONE response — Claude Code runs them concurrently
 const sharedDiscovery = readJSON(`${sessionFolder}/exploration-codebase.json`)
-const perspectiveFiles = sharedDiscovery.relevant_files
-  .filter(f => f.dimensions.includes(perspective.dimension))
 
-selectedPerspectives.forEach(perspective => {
-  Agent({
-    subagent_type: "cli-explore-agent",
-    run_in_background: false,
-    description: `Deep-dive: ${perspective.name}`,
-    prompt: `
+// Prepare per-perspective file lists
+const perspectiveFileLists = Object.fromEntries(
+  selectedPerspectives.map(p => [
+    p.name,
+    sharedDiscovery.relevant_files.filter(f => f.dimensions.includes(p.dimension))
+  ])
+)
+
+// Launch ALL agents in a SINGLE response block (not sequentially):
+// Agent({ ..perspective1.. })  ← call 1
+// Agent({ ..perspective2.. })  ← call 2 (same response)
+// Agent({ ..perspective3.. })  ← call 3 (same response)
+
+// Each agent call follows this template:
+Agent({
+  subagent_type: "cli-explore-agent",
+  run_in_background: false,
+  description: `Deep-dive: ${perspective.name}`,
+  prompt: `
 ## Analysis Context
 Topic: ${topic_or_question}
 Perspective: ${perspective.name} - ${perspective.focus}
@@ -254,7 +268,7 @@ Session: ${sessionFolder}
 
 ## SHARED DISCOVERY (Layer 1 already completed — DO NOT re-scan)
 Relevant files for this perspective:
-${perspectiveFiles.map(f => `- ${f.path}: ${f.annotation}`).join('\n')}
+${perspectiveFileLists[perspective.name].map(f => `- ${f.path}: ${f.annotation}`).join('\n')}
 Patterns found: ${sharedDiscovery.patterns.join(', ')}
 
 ## Layer 2 — Structure Tracing (Depth)
@@ -270,7 +284,6 @@ Patterns found: ${sharedDiscovery.patterns.join(', ')}
 Write to: ${sessionFolder}/explorations/${perspective.name}.json
 Schema: {perspective, relevant_files, key_findings, code_anchors: [{file, lines, snippet, significance}], call_chains: [{entry, chain, files}], questions_for_user, _metadata}
 `
-  })
 })
 ```
 
@@ -731,7 +744,7 @@ ${implScope.map((item, i) => `${i+1}. **${item.objective}** [${item.priority}]
 | **Business** | Codex | Value, ROI, stakeholder impact | Business implications |
 | **Domain Expert** | Gemini | Domain patterns, best practices, standards | Industry knowledge |
 
-User multi-selects up to 4 in Phase 1, default: single comprehensive view.
+User multi-selects up to 4 in Phase 1. Default: if dimensions >= 2, pre-select Technical + Architectural; if dimensions == 1, single comprehensive view.
 
 ### Dimension-Direction Mapping
 

package/.codex/skills/team-arch-opt/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TAO`

package/.codex/skills/team-arch-opt/roles/coordinator/role.md

@@ -2,6 +2,25 @@
 
 Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+WRONG: Bash running build/test/lint commands          — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +33,7 @@ Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 - Respect pipeline stage dependencies (deps)
 - Handle review-fix cycles with max 3 iterations
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (analyzing, refactoring, reviewing) -- workers handle this
@@ -21,6 +41,8 @@ Orchestrate team-arch-opt: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip checkpoints when configured
 - Force-advance pipeline past failed review/validation
 - Modify source code directly -- delegate to refactorer worker
+- Call CLI tools (ccw cli) — only workers use CLI
+- Read project source code — delegate to workers
 
 ## Command Execution Protocol
 

package/.codex/skills/team-brainstorm/SKILL.md

@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `BRS`

package/.codex/skills/team-brainstorm/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Topic clarification -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Stop after spawning workers -- wait for results via wait_agent
 - Manage Generator-Critic loop count (max 2 rounds)
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Generate ideas, challenge assumptions, synthesize, or evaluate -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Force-advance pipeline past GC loop decisions
 - Modify artifact files (ideas/*.md, critiques/*.md, etc.) -- delegate to workers
 - Skip GC severity check when critique arrives
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-coordinate/SKILL.md

@@ -32,6 +32,30 @@ Universal team coordination skill: analyze task -> generate role-specs -> dispat
     ccw cli --mode write     - code generation and modification
 ```
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent. The overhead is the feature — it provides session tracking, artifact persistence, and resume capability.
+
+---
+
 ## Shared Constants
 
 | Constant | Value |

package/.codex/skills/team-coordinate/roles/coordinator/role.md

@@ -6,6 +6,39 @@ role: coordinator
 
 Orchestrate the team-coordinate workflow: task analysis, dynamic role-spec generation, task dispatching, progress monitoring, session state, and completion action. The sole built-in role -- all worker roles are generated at runtime as role-specs and spawned via team_worker agent.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` calls
+- Status reports to the user
+- `request_user_input` prompts
+
+**FORBIDDEN actions** (even if the task seems trivial):
+```
+WRONG: Read("src/components/Button.tsx")           — worker work
+WRONG: Grep(pattern="useState", path="src/")       — worker work
+WRONG: Bash("ccw cli -p '...' --tool gemini")      — worker work
+WRONG: Edit("src/utils/helper.ts", ...)             — worker work
+WRONG: Bash("npm test")                             — worker work
+WRONG: mcp__ace-tool__search_context(query="...")   — worker work
+```
+
+**CORRECT actions**:
+```
+OK: Read(".workflow/.team/TC-xxx/team-session.json")  — session state
+OK: Write(".workflow/.team/TC-xxx/tasks.json", ...)   — task management
+OK: Read("roles/coordinator/commands/analyze-task.md") — own instructions
+OK: Read("specs/role-spec-template.md")               — generating role-specs
+OK: spawn_agent({ agent_type: "team_worker", ... })   — delegation
+OK: wait_agent({ ids: [...] })                        — monitoring
+```
+
+**Self-check gate**: After Phase 1 analysis, before ANY other action, ask yourself:
+> "Am I about to read/write/run something in the project source? If yes → STOP → spawn worker."
+
+---
+
 ## Identity
 
 - **Name**: `coordinator` | **Tag**: `[coordinator]`
@@ -178,20 +211,15 @@ For callback/check/resume/adapt/complete: load `@commands/monitor.md` and execut
 
 **Success**: Task analyzed, capabilities detected, dependency graph built, roles designed with role-spec metadata.
 
-**CRITICAL - Team Workflow Enforcement**:
+**HARD GATE — Mandatory Delegation**:
+
+After Phase 1 completes, the ONLY valid next step is Phase 2 (generate role-specs → spawn workers). There is NO path from Phase 1 to "just do the work directly."
 
-Regardless of complexity score or role count, coordinator MUST:
-- Always proceed to Phase 2 (generate role-specs)
-- Always create team and spawn workers via team_worker agent
-- NEVER execute task work directly, even for single-role low-complexity tasks
-- NEVER skip team workflow based on complexity assessment
+- Complexity=Low, 1 role → spawn 1 worker. NOT "I'll just do it myself."
+- Task seems trivial → spawn 1 worker. NOT "This is simple enough."
+- Only one file involved → spawn 1 worker. NOT "Let me just read it quickly."
 
-**Single-role execution is still team-based** - just with one worker. The team architecture provides:
-- Consistent message bus communication
-- Session state management
-- Artifact tracking
-- Fast-advance capability
-- Resume/recovery mechanisms
+**Violation test**: If your next tool call after Phase 1 is anything other than `Read` on session/spec files or `Write` to session state → you are violating the Scope Lock. STOP and reconsider.
 
 ---
 

package/.codex/skills/team-frontend/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `FE`

package/.codex/skills/team-frontend/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Stop after spawning workers -- wait for callbacks
 - Handle GC loops (developer <-> qa) with max 2 iterations
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (analyzing, designing, coding, reviewing) -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip architecture review gate when configured (feature/system modes)
 - Force-advance pipeline past failed QA review
 - Modify source code directly -- delegate to developer worker
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-frontend-debug/SKILL.md

@@ -56,6 +56,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TFD`

package/.codex/skills/team-frontend-debug/roles/coordinator/role.md

@@ -2,6 +2,25 @@
 
 Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+WRONG: mcp__chrome-devtools__* calls                 — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze bug report -> Create team -> Dispatch debug tasks -> Monitor progress -> Report results
@@ -16,6 +35,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Maintain session state (team-session.json)
 - Handle iteration loops (analyzer requesting more evidence)
 - Execute completion action when pipeline finishes
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
@@ -23,6 +43,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Modify task output artifacts
 - Spawn workers with general-purpose agent (MUST use team-worker)
 - Generate more than 5 worker roles
+- Call CLI tools or Chrome DevTools — only workers use these
 
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:

package/.codex/skills/team-issue/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TISL`

package/.codex/skills/team-issue/roles/coordinator/role.md

@@ -6,6 +6,24 @@ role: coordinator
 
 Orchestrate the issue resolution pipeline: clarify requirements -> create team -> dispatch tasks -> monitor pipeline -> report results. Supports quick, full, and batch modes.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Issue clarification -> Mode detection -> Create team -> Dispatch tasks -> Monitor pipeline -> Report results
@@ -19,6 +37,7 @@ Orchestrate the issue resolution pipeline: clarify requirements -> create team -
 - Stop after spawning workers -- wait for results via wait_agent
 - Handle review-fix cycles with max 2 iterations
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (exploring, planning, reviewing, implementing) -- workers handle this

package/.codex/skills/team-iterdev/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `IDS`

package/.codex/skills/team-iterdev/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +34,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Handle developer<->reviewer GC loop (max 3 rounds)
 - Maintain tasks.json for real-time progress
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (designing, coding, testing, reviewing) -- workers handle this
@@ -23,6 +42,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Write source code directly
 - Force-advance pipeline past failed review/validation
 - Modify task outputs (workers own their deliverables)
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-lifecycle-v4/SKILL.md

@@ -55,6 +55,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/`, `templates/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TLV4`