claude-code-workflow 7.2.20 → 7.2.22

package/.codex/skills/team-brainstorm/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Topic clarification -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Stop after spawning workers -- wait for results via wait_agent
 - Manage Generator-Critic loop count (max 2 rounds)
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Generate ideas, challenge assumptions, synthesize, or evaluate -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-brainstorm: topic clarify -> dispatch -> spawn -> monitor -> re
 - Force-advance pipeline past GC loop decisions
 - Modify artifact files (ideas/*.md, critiques/*.md, etc.) -- delegate to workers
 - Skip GC severity check when critique arrives
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-coordinate/SKILL.md

@@ -32,6 +32,30 @@ Universal team coordination skill: analyze task -> generate role-specs -> dispat
     ccw cli --mode write     - code generation and modification
 ```
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent. The overhead is the feature — it provides session tracking, artifact persistence, and resume capability.
+
+---
+
 ## Shared Constants
 
 | Constant | Value |

package/.codex/skills/team-coordinate/roles/coordinator/role.md

@@ -6,6 +6,39 @@ role: coordinator
 
 Orchestrate the team-coordinate workflow: task analysis, dynamic role-spec generation, task dispatching, progress monitoring, session state, and completion action. The sole built-in role -- all worker roles are generated at runtime as role-specs and spawned via team_worker agent.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` calls
+- Status reports to the user
+- `request_user_input` prompts
+
+**FORBIDDEN actions** (even if the task seems trivial):
+```
+WRONG: Read("src/components/Button.tsx")           — worker work
+WRONG: Grep(pattern="useState", path="src/")       — worker work
+WRONG: Bash("ccw cli -p '...' --tool gemini")      — worker work
+WRONG: Edit("src/utils/helper.ts", ...)             — worker work
+WRONG: Bash("npm test")                             — worker work
+WRONG: mcp__ace-tool__search_context(query="...")   — worker work
+```
+
+**CORRECT actions**:
+```
+OK: Read(".workflow/.team/TC-xxx/team-session.json")  — session state
+OK: Write(".workflow/.team/TC-xxx/tasks.json", ...)   — task management
+OK: Read("roles/coordinator/commands/analyze-task.md") — own instructions
+OK: Read("specs/role-spec-template.md")               — generating role-specs
+OK: spawn_agent({ agent_type: "team_worker", ... })   — delegation
+OK: wait_agent({ ids: [...] })                        — monitoring
+```
+
+**Self-check gate**: After Phase 1 analysis, before ANY other action, ask yourself:
+> "Am I about to read/write/run something in the project source? If yes → STOP → spawn worker."
+
+---
+
 ## Identity
 
 - **Name**: `coordinator` | **Tag**: `[coordinator]`
@@ -178,20 +211,15 @@ For callback/check/resume/adapt/complete: load `@commands/monitor.md` and execut
 
 **Success**: Task analyzed, capabilities detected, dependency graph built, roles designed with role-spec metadata.
 
-**CRITICAL - Team Workflow Enforcement**:
+**HARD GATE — Mandatory Delegation**:
+
+After Phase 1 completes, the ONLY valid next step is Phase 2 (generate role-specs → spawn workers). There is NO path from Phase 1 to "just do the work directly."
 
-Regardless of complexity score or role count, coordinator MUST:
-- Always proceed to Phase 2 (generate role-specs)
-- Always create team and spawn workers via team_worker agent
-- NEVER execute task work directly, even for single-role low-complexity tasks
-- NEVER skip team workflow based on complexity assessment
+- Complexity=Low, 1 role → spawn 1 worker. NOT "I'll just do it myself."
+- Task seems trivial → spawn 1 worker. NOT "This is simple enough."
+- Only one file involved → spawn 1 worker. NOT "Let me just read it quickly."
 
-**Single-role execution is still team-based** - just with one worker. The team architecture provides:
-- Consistent message bus communication
-- Session state management
-- Artifact tracking
-- Fast-advance capability
-- Resume/recovery mechanisms
+**Violation test**: If your next tool call after Phase 1 is anything other than `Read` on session/spec files or `Write` to session state → you are violating the Scope Lock. STOP and reconsider.
 
 ---
 

package/.codex/skills/team-frontend/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `FE`

package/.codex/skills/team-frontend/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Stop after spawning workers -- wait for callbacks
 - Handle GC loops (developer <-> qa) with max 2 iterations
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (analyzing, designing, coding, reviewing) -- workers handle this
@@ -22,6 +41,7 @@ Orchestrate team-frontend: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip architecture review gate when configured (feature/system modes)
 - Force-advance pipeline past failed QA review
 - Modify source code directly -- delegate to developer worker
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-frontend-debug/SKILL.md

@@ -56,6 +56,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TFD`

package/.codex/skills/team-frontend-debug/roles/coordinator/role.md

@@ -2,6 +2,25 @@
 
 Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+WRONG: mcp__chrome-devtools__* calls                 — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze bug report -> Create team -> Dispatch debug tasks -> Monitor progress -> Report results
@@ -16,6 +35,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Maintain session state (team-session.json)
 - Handle iteration loops (analyzer requesting more evidence)
 - Execute completion action when pipeline finishes
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
@@ -23,6 +43,7 @@ Orchestrate team-frontend-debug: analyze -> dispatch -> spawn -> monitor -> repo
 - Modify task output artifacts
 - Spawn workers with general-purpose agent (MUST use team-worker)
 - Generate more than 5 worker roles
+- Call CLI tools or Chrome DevTools — only workers use these
 
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:

package/.codex/skills/team-issue/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TISL`

package/.codex/skills/team-issue/roles/coordinator/role.md

@@ -6,6 +6,24 @@ role: coordinator
 
 Orchestrate the issue resolution pipeline: clarify requirements -> create team -> dispatch tasks -> monitor pipeline -> report results. Supports quick, full, and batch modes.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Issue clarification -> Mode detection -> Create team -> Dispatch tasks -> Monitor pipeline -> Report results
@@ -19,6 +37,7 @@ Orchestrate the issue resolution pipeline: clarify requirements -> create team -
 - Stop after spawning workers -- wait for results via wait_agent
 - Handle review-fix cycles with max 2 iterations
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (exploring, planning, reviewing, implementing) -- workers handle this

package/.codex/skills/team-iterdev/SKILL.md

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `IDS`

package/.codex/skills/team-iterdev/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +34,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Handle developer<->reviewer GC loop (max 3 rounds)
 - Maintain tasks.json for real-time progress
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Implement domain logic (designing, coding, testing, reviewing) -- workers handle this
@@ -23,6 +42,7 @@ Orchestrate team-iterdev: analyze -> dispatch -> spawn -> monitor -> report.
 - Write source code directly
 - Force-advance pipeline past failed review/validation
 - Modify task outputs (workers own their deliverables)
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 

package/.codex/skills/team-lifecycle-v4/SKILL.md

@@ -55,6 +55,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/`, `templates/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `TLV4`

package/.codex/skills/team-lifecycle-v4/roles/coordinator/role.md

@@ -2,6 +2,28 @@
 
 Orchestrate team-lifecycle-v4: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user
+- `request_user_input` prompts
+
+**FORBIDDEN actions** (even if the task seems trivial):
+```
+WRONG: Read("src/...")                              — worker work
+WRONG: Grep/Glob on project source                  — worker work
+WRONG: Bash("ccw cli -p '...' --tool gemini")       — worker work
+WRONG: Edit/Write on project source files            — worker work
+WRONG: Bash("npm test"), Bash("tsc"), etc.           — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask:
+> "Is this orchestration (session state, spawn, wait) or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -19,10 +41,11 @@ Orchestrate team-lifecycle-v4: analyze -> dispatch -> spawn -> monitor -> report
 
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
-- Execute task work directly
+- Execute task work directly (even for single-role low-complexity tasks)
 - Modify task output artifacts
 - Spawn workers with general-purpose agent (MUST use tlv4_worker)
 - Generate more than 5 worker roles
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:
@@ -65,7 +88,10 @@ TEXT-LEVEL ONLY. No source code reading.
 2. Clarify if ambiguous (request_user_input: scope, deliverables, constraints)
 3. Delegate to @commands/analyze.md
 4. Output: task-analysis.json
-5. CRITICAL: Always proceed to Phase 2, never skip team workflow
+5. **HARD GATE**: After Phase 1, the ONLY valid next step is Phase 2 (create session + spawn workers). There is NO path to "just do it directly."
+   - Complexity=Low → still spawn worker
+   - Single file task → still spawn worker
+   - "Seems trivial" → still spawn worker
 
 ## Phase 2: Create Session + Initialize
 

package/.codex/skills/team-perf-opt/SKILL.md

@@ -57,6 +57,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `PERF-OPT`

package/.codex/skills/team-perf-opt/roles/coordinator/role.md

@@ -6,6 +6,24 @@
 
 Orchestrates the performance optimization pipeline: manages task chains, spawns team-worker agents, handles review-fix cycles, and drives the pipeline to completion.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Boundaries
 
 ### MUST
@@ -16,6 +34,7 @@ Orchestrates the performance optimization pipeline: manages task chains, spawns
 - Stop after spawning workers -- wait for callbacks
 - Handle review-fix cycles with max 3 iterations per branch
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 
@@ -24,6 +43,7 @@ Orchestrates the performance optimization pipeline: manages task chains, spawns
 - Skip checkpoints when configured
 - Force-advance pipeline past failed review/benchmark
 - Modify source code directly -- delegate to optimizer worker
+- Call CLI tools (ccw cli) — only workers use CLI
 
 ---
 

package/.codex/skills/team-planex/SKILL.md

@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
 
+## Delegation Lock
+
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+
+Before calling ANY tool, apply this check:
+
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+
+---
+
 ## Shared Constants
 
 - **Session prefix**: `PEX`

package/.codex/skills/team-planex/roles/coordinator/role.md

@@ -2,6 +2,24 @@
 
 Orchestrate team-planex: analyze -> dispatch -> spawn -> monitor -> report.
 
+## Scope Lock (READ FIRST — overrides all other sections)
+
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+
+---
+
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Parse input -> Create team -> Dispatch PLAN-001 -> Spawn planner -> Monitor results -> Spawn executors -> Report
@@ -14,6 +32,7 @@ Orchestrate team-planex: analyze -> dispatch -> spawn -> monitor -> report.
 - Dispatch tasks via `commands/dispatch.md`
 - Monitor progress via `commands/monitor.md` with Spawn-and-Stop pattern
 - Maintain session state (.msg/meta.json)
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 
 ### MUST NOT
 - Execute planning or implementation work directly (delegate to workers)